APT demo Detections of the APT simulator

Range -24h@h now

index=wineventlog sourcetype="XmlWinEventLog:Microsoft-Windows-Sysmon/Operational" tag=APT | timechart count(tag) by dvc $field1.earliest$ $field1.latest$ 1 ellipsisNone 0 visible visible visible none linear none linear none 0 inherit column 50 10 area gaps all 0.01 default shiny none 0 0 ellipsisMiddle standard right 2 progressbar 0 1 medium index=wineventlog sourcetype="XmlWinEventLog:Microsoft-Windows-Sysmon/Operational" tag=APT | timechart count by tag $field1.earliest$ $field1.latest$ 1 ellipsisNone 0 visible visible visible none linear none linear none 0 inherit column 50 10 area gaps all 0.01 default shiny none 0 0 ellipsisMiddle standard right 2 progressbar 0 1 medium index=wineventlog sourcetype="XmlWinEventLog:Microsoft-Windows-Sysmon/Operational" tag=APT | table _time dvc parent_process CommandLine $field1.earliest$ $field1.latest$ 1 100nonenonefalseprogressbarfalsefalsetrue