kqlElastic-2.0from elastic/detection-rules
Cobalt Strike Command and Control Beacon
Quality
92
FP risk
—
Forks
0
Views
0
Rule sourcerules/network/command_and_control_cobalt_strike_beacon.toml
((event.category: (network OR network_traffic) AND type: (tls OR http))
OR data_stream.dataset: (network_traffic.tls OR network_traffic.http)
) AND destination.domain:/[a-z]{3}.stage.[0-9]{8}\..*/