Event ID 9004000 — Network activity (any)
Description
Network activity (any)
Fields #
| Name | Description |
|---|---|
DeviceId | — |
Timestamp | — |
ActionType | — |
RemoteIP | — |
RemotePort | — |
RemoteUrl | — |
LocalIP | — |
LocalPort | — |
Protocol | — |
InitiatingProcessFileName | — |
InitiatingProcessCommandLine | — |
Detection Rules #
View all rules referencing this event →
Kusto Query Language # view in reference
- Zinc Actor IOCs files - October 2022 source high: 'Identifies a match across filename and commandline IOC's related to an actor tracked by Microsoft as Zinc. Reference: https://www.microsoft.com/security/blog/2022/09/29/zinc-weaponizing-open-source-software/'
References #
- Microsoft Defender XDR — advanced hunting reference https://learn.microsoft.com/en-us/defender-xdr/advanced-hunting-devicenetworkevents-table