adding intune dataset

splunk · Jan 7, 2025 · 04f6017 · 04f6017
1 parent 5912f8e
commit 04f6017
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 0 deletions.
diff --git a/datasets/attack_techniques/T1072/intune/intune.log b/datasets/attack_techniques/T1072/intune/intune.log
diff --git a/datasets/attack_techniques/T1072/intune/intune.yml b/datasets/attack_techniques/T1072/intune/intune.yml
@@ -0,0 +1,11 @@
+author: Dean Luxton
+id: 75a7e34c-73e2-4084-8c59-530cc763e941
+date: '2025-01-07'
+description: Performing the Death from Above attack moving laterally from Intune management console to an Intune managed device. 
+environment: Frothly Dev Azure Tenant
+dataset:
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1072/intune/intune.log
+sourcetypes:
+- azure:monitor:activity
+references:
+- https://posts.specterops.io/death-from-above-lateral-movement-from-azure-to-on-prem-ad-d18cb3959d4d