adding tags for queries

Detections/MultipleDataSources/PrivilegedAccountsSigninFailureSpikes.yaml

@@ -23,6 +23,8 @@ tactics:
   - InitialAccess
 relevantTechniques:
   - T1078.004
+tags:
+  - AADSecOpsGuide
 query: |
   let starttime = 14d;
   let timeframe = 1d;

Detections/SigninLogs/UserAccounts-CABlockedSigninSpikes.yaml

@@ -20,6 +20,8 @@ tactics:
   - InitialAccess
 relevantTechniques:
   - T1078.004
+tags:
+  - AADSecOpsGuide
 query: |
   let starttime = 14d;
   let timeframe = 1d;

Hunting Queries/MultipleDataSources/AADPrivilegedAccountsFailedMFA.yaml

@@ -17,6 +17,8 @@ tactics:
   - InitialAccess
 relevantTechniques:
   - T1078.004
+tags:
+  - AADSecOpsGuide
 query: |
   let starttime = todatetime('{{StartTimeISO}}');
   let endtime = todatetime('{{EndTimeISO}}');

Hunting Queries/MultipleDataSources/AnomolousSignInsBasedonTime.yaml

@@ -14,6 +14,8 @@ tactics:
   - InitialAccess
 relevantTechniques:
   - T1078.004
+tags:
+  - AADSecOpsGuide
 query: |
   let admins = (IdentityInfo
   | where AssignedRoles contains "Admin"

Hunting Queries/SigninLogs/UserAccounts-BlockedAccounts.yaml

@@ -14,6 +14,8 @@ tactics:
   - InitialAccess
 relevantTechniques:
   - T1078
+tags:
+  - AADSecOpsGuide
 query: |
 
   let starttime = todatetime('{{StartTimeISO}}');

Hunting Queries/SigninLogs/UserAccounts-NewSingleFactorAuth.yaml

@@ -14,6 +14,8 @@ tactics:
   - InitialAccess
 relevantTechniques:
   - T1078
+tags:
+  - AADSecOpsGuide
 query: |
 
   let starttime = todatetime('{{StartTimeISO}}');

Hunting Queries/SigninLogs/UserAccounts-UnusualLogonTimes.yaml

@@ -11,6 +11,8 @@ tactics:
   - InitialAccess
 relevantTechniques:
   - T1078
+tags:
+  - AADSecOpsGuide
 query: |
 
   let starttime = todatetime('{{StartTimeISO}}');

Hunting Queries/SigninLogs/UserAccountsMeasurableincreaseofsuccessfulsignins.yaml

@@ -15,6 +15,8 @@ tactics:
   - InitialAccess
 relevantTechniques:
   - T1078.004
+tags:
+  - AADSecOpsGuide
 query: |
   let starttime = 14d;
   let timeframe = 1d;