* [Windows Logons](/learn/windows-logons)
In this module we'll take a look at CVE-2022-47966 and discuss how to hunt similar attacks. You will learn:
* how to identify CVE-2022-47966 exploitation
* hunt techniques and considerations for Windows servers with exposed web services
* investigative techniques and considerations for the initial stages of compromise
The events in your SIEM can be found in the following timespan: 24 Jan 2023 - 25 Jan 2023.
There are two index patterns for this module:
* `filebeat-*`
* `winlogbeat-*`](https://assets.aceresponder.com/meta/77979d32-2e2f-497e-a6fc-aa40f51c6ad1.png)
ManageEngine SAML RCE
Prerequisites:
In this module we'll take a look at CVE-2022-47966 and discuss how to hunt similar attacks. You will learn:
- how to identify CVE-2022-47966 exploitation
- hunt techniques and considerations for Windows servers with exposed web services
- investigative techniques and considerations for the initial stages of compromise
The events in your SIEM can be found in the following timespan: 24 Jan 2023 - 25 Jan 2023.
There are two index patterns for this module:
filebeat-*winlogbeat-*
Analyst
$17.49
/mo
Explore realistic pre-recorded attacks
Master full-featured defensive platforms
Browser-based challenges and modules
Extended attack videos
Grants access to Analyst content. You can cancel any time by returning to this page and following the cancellation steps.
Defender
$44.49
/mo
Instant fully interactive labs
Hands-on prevention and detection
Master offensive techniques
Security engineering exercises
Highly realistic and dynamic scenarios
Access to all Analyst-level content
Grants access to all Defender content, Analyst content and interactive lab environments. You can cancel any time by returning to this page and following the cancellation steps.