I have been on the skill assessment for Introduction to Threat Hunting & Hunting With Elastic )Mini-Module. I cannot seem to get past the first Hunt.
Hunt 1: Create a KQL query to hunt for ["Lateral Tool Transfer"](https://attack.mitre.org/techniques/T1570/) to C:\Users\Public
. Enter the content of the user.name
field in the document that is related to a transferred tool that starts with "r" as your answer.
I cannot seem to figure out the query to even search for the tools. I have tried to look for transfers and shares, not an option. I then did a file destination, but it cannot find Public. Has anyone done this yet? I would appreciate any assistance anyone can offer.