1
Perform threat hunting
medium
Refer to the exhibit. This JSON defines a scheduled analytics rule in Microsoft Sentinel. Which type of threat is the rule primarily designed to detect?
Exhibit
Refer to the exhibit.
```json
{
"properties": {
"query": "(union isfuzzy=true\n (DeviceProcessEvents\n | where FileName == \"rundll32.exe\"\n | where ProcessCommandLine contains \"javascript\"\n ),\n (DeviceNetworkEvents\n | where RemoteIPType == \"Public\"\n | where Protocol == \"HTTP\"\n )\n)",
"queryFrequency": "1h",
"queryPeriod": "1h",
"triggerOperator": "gt",
"triggerThreshold": 1
}
}