Mailsniper Invoke Functions

Mailsniper Invoke Functions

Description

This search is to detect known mailsniper.ps1 functions executed in a machine. This technique was seen in some attacker to harvest some sensitive e-mail in a compromised exchange server.

   Help

Mailsniper Invoke Functions Help

To successfully implement this search, you need to be ingesting logs with the powershell logs from your endpoints. make sure you enable needed registry to monitor this event.

   Search

Open in Search