* [Windows Logons](/learn/windows-logons)
In this module we'll take a look at CVE-2022-47966 and discuss how to hunt similar attacks. You will learn:
* how to identify CVE-2022-47966 exploitation
* hunt techniques and considerations for Windows servers with exposed web services
* investigative techniques and considerations for the initial stages of compromise
The events in your SIEM can be found in the following timespan: 24 Jan 2023 - 25 Jan 2023.
There are two index patterns for this module:
* `filebeat-*`
* `winlogbeat-*`](https://assets.aceresponder.com/meta/77979d32-2e2f-497e-a6fc-aa40f51c6ad1.png)
ManageEngine SAML RCE
Prerequisites:
In this module we'll take a look at CVE-2022-47966 and discuss how to hunt similar attacks. You will learn:
- how to identify CVE-2022-47966 exploitation
- hunt techniques and considerations for Windows servers with exposed web services
- investigative techniques and considerations for the initial stages of compromise
The events in your SIEM can be found in the following timespan: 24 Jan 2023 - 25 Jan 2023.
There are two index patterns for this module:
filebeat-*winlogbeat-*
Analyst
$17.49
/mo
Explore realistic pre-recorded attacks
Master full-featured defensive platforms
Browser-based challenges and modules
Extended attack videos
8 AI credits per month
Grants access to Analyst content. You can cancel any time by returning to this page and following the cancellation steps.
Defender
$44.49
/mo
Instant fully interactive labs
Hands-on prevention and detection
Master offensive techniques
Security engineering exercises
Highly realistic and dynamic scenarios
Access to all Analyst-level content
20 AI credits per month
Grants access to all Defender content, Analyst content and interactive lab environments. You can cancel any time by returning to this page and following the cancellation steps.