Created
March 19, 2021 14:01
-
-
Save defensivedepth/fd33cc6e7bbd8826ce7e4b27c4841aec to your computer and use it in GitHub Desktop.
Security Onion 2 - Hunt query for HTTP over non-HTTP ports
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Security Onion 2 - Hunt query for HTTP over non-HTTP ports grouped by port, http method, virtual host, uri & user agent | |
| event.dataset:http AND NOT destination.port: "80" AND NOT destination.port: "8080" | groupby destination.port http.method http.virtual_host http.uri http.useragent |
np! Defenders have to stick together! :)
Also, had help from the team to find that zscaler link, wasn't just me.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Thanks for looking helping me figure it out!