Regular expressions and life hacks for monitoring and monitoring the Telegram service in the DLP and SIEM system.
- Elastic Query
((destination.domain:("api.telegram.org") OR url.domain:("api.telegram.org")) AND (NOT (user_agent.original.keyword:(*Telegram* OR *Bot*))))
- QRadar AQL
SELECT 'sourceip', 'URL', 'user_agent' from events where (("FQDN" = 'api.telegram.org') and not (("user_agent" ilike '%Telegram%' or "user_agent" ilike '%Bot%')))
- Splunk
((r-dns="api.telegram.org") NOT ((c-useragent="*Telegram*" OR c-useragent="*Bot*"))) | table ClientIP,c-uri,c-useragent
- EDR Carbon Black
(r-dns:api.telegram.org AND ( -(c-useragent:Telegram* OR c-useragent:Bot*)))
- Windows PowerShell
Get-WinEvent | where {(($_.message -match "api.telegram.org") -and -not (($_.message -match "c-useragent.*.*Telegram.*" -or $_.message -match "c-useragent.*.*Bot.*"))) } | select TimeCreated,Id,RecordId,ProcessId,MachineName,Message
- RegEx
^(?:.*(?=.*(?:.*api\.telegram\.org))(?=.*(?!.*(?:.*(?=.*(?:.*.*Telegram.*|.*.*Bot.*))))))
Hello! I know this is kind of off topic
but I was wondering which blog platform are you using for this site?
I’m getting fed up of WordPress because I’ve had issues with hackers and I’m looking at options for another
platform. I would be great if you could point me in the direction of a good platform.
Thanks for another magnificent post. Where else may just anybody
get that kind of information in such a perfect approach of writing?
I have a presentation next week, and I am on the look for
such info.
I every time used to study paragraph in news papers but
now as I am a user of web thus from now I am using net for content, thanks to
web.
Whoa! This blog looks exactly like my old one! It’s on a completely
different topic but it has pretty much the same page layout and design. Superb choice of colors!
I am genuinely thankful to the owner of this
web site who has shared this wonderful article at at
this place.