57
5

Telegram API Access

57

Regular expressions and life hacks for monitoring and monitoring the Telegram service in the DLP and SIEM system.

  • Elastic Query
((destination.domain:("api.telegram.org") OR url.domain:("api.telegram.org")) AND (NOT (user_agent.original.keyword:(*Telegram* OR *Bot*))))
  • QRadar AQL
SELECT 'sourceip', 'URL', 'user_agent' from events where (("FQDN" = 'api.telegram.org') and not (("user_agent" ilike '%Telegram%' or "user_agent" ilike '%Bot%')))
  • Splunk
((r-dns="api.telegram.org") NOT ((c-useragent="*Telegram*" OR c-useragent="*Bot*"))) | table ClientIP,c-uri,c-useragent
  • EDR Carbon Black
(r-dns:api.telegram.org AND ( -(c-useragent:Telegram* OR c-useragent:Bot*)))
  • Windows PowerShell
Get-WinEvent | where {(($_.message -match "api.telegram.org") -and -not (($_.message -match "c-useragent.*.*Telegram.*" -or $_.message -match "c-useragent.*.*Bot.*"))) } | select TimeCreated,Id,RecordId,ProcessId,MachineName,Message
  • RegEx
^(?:.*(?=.*(?:.*api\.telegram\.org))(?=.*(?!.*(?:.*(?=.*(?:.*.*Telegram.*|.*.*Bot.*))))))

Leave a Reply

Your email address will not be published.

5 thoughts on “Telegram API Access

  1. Hello! I know this is kind of off topic
    but I was wondering which blog platform are you using for this site?
    I’m getting fed up of WordPress because I’ve had issues with hackers and I’m looking at options for another
    platform. I would be great if you could point me in the direction of a good platform.

  2. · 31.03.2022 at 05:50

    Thanks for another magnificent post. Where else may just anybody
    get that kind of information in such a perfect approach of writing?
    I have a presentation next week, and I am on the look for
    such info.

  3. I every time used to study paragraph in news papers but
    now as I am a user of web thus from now I am using net for content, thanks to
    web.

  4. Whoa! This blog looks exactly like my old one! It’s on a completely
    different topic but it has pretty much the same page layout and design. Superb choice of colors!

  5. I am genuinely thankful to the owner of this
    web site who has shared this wonderful article at at
    this place.