eb818b4448
Merge pull request #1661 from Cyb3rWard0g/master
...
Update MailPermissionsAddedToApplication.yaml
2021-02-01 16:00:03 -08:00
3d0da41011
Couple additional fixes
2021-02-01 08:22:36 -08:00
e56e19d4bf
Removing unicod chars
2021-01-31 12:59:07 -08:00
3ea7e0e4c1
Add identifier-level validation for new entity mappings in templates ( #1680 )
...
* Add identifier-level validation for new entity mappings in templates
* cr fix
2021-01-31 16:35:50 +02:00
031db52299
edit techniques
2021-01-28 11:58:59 -05:00
7553a8920f
add technique for command and control
2021-01-28 11:52:36 -05:00
97979016dc
fix SecurityEvents error
2021-01-27 19:45:36 -05:00
c603aa29f0
ioc queries
2021-01-27 19:38:43 -05:00
db7cc20f5c
Update MailPermissionsAddedToApplication.yaml
...
Adding coverage for App/Role permissions added to an OAuth Application.
2021-01-27 16:06:00 -05:00
c44d250ce9
Update SolarWinds_SUNBURST_Process-IOCs.yaml
...
adding tag
2021-01-22 10:57:17 -08:00
e2773f9281
Merge pull request #1619 from Azure/timeseries-jan2021
...
adding materialise in time series queries
2021-01-21 09:03:48 -08:00
ec81a162a4
Removing validation skip
2021-01-21 07:50:03 -08:00
154a6626ac
Update UserSearchingForVIPUserActivity.yaml
...
Fixing connector
2021-01-21 07:46:03 -08:00
270859954c
fix yaml
2021-01-20 18:03:02 -08:00
0f2692e9cf
adding materialise in time series queries
2021-01-20 17:58:08 -08:00
368628902b
Merge pull request #1618 from andedevsecops/master
...
Fix for Brute Force Attack Against GitHub Account
2021-01-20 13:13:51 -08:00
a315a95729
Merge pull request #1607 from Azure/RegistryACL
...
Query to identify attempts to modify registry ACL to evade security s…
2021-01-20 13:03:57 -08:00
bab4edd403
Update SecurityServiceRegistryACLModification.yaml
2021-01-20 13:00:18 -08:00
8c8b2c9753
Updated Brute Force Attack against GitHub Account detection query
2021-01-20 12:59:23 -08:00
a1a20c1bc3
Update SecurityServiceRegistryACLModification.yaml
...
Updating a few things as per suggestion from Shain
2021-01-20 10:49:06 -08:00
326b46c43d
Merge pull request #1601 from Ronmarsiano/master
...
rebranding of detections
2021-01-19 23:00:46 -08:00
ee12d6d308
Merge pull request #1582 from Azure/Fix-a-template
...
Fix time period of a template
2021-01-19 23:00:10 -08:00
8813910cb7
Merge pull request #1541 from KustoKing/patch-5
...
Update FirstAppOrServicePrincipalCredential.yaml
2021-01-19 21:52:40 -08:00
39d5a95883
Merge pull request #1590 from Azure/shainw-connectorFix
...
updating connector value in template
2021-01-19 21:37:02 -08:00
db3965541c
Merge pull request #1591 from Azure/shainw-entityMapFix
...
fixing entity identifiers
2021-01-19 21:36:33 -08:00
da58304c4f
Update ExternalUserAddedRemovedInTeams.yaml
2021-01-19 21:34:15 -08:00
df4b8c04d9
updating PR with additional change
2021-01-19 21:30:46 -08:00
8c280eb363
Merge pull request #1524 from KustoKing/patch-4
...
Update MFADisable.yaml
2021-01-19 21:22:03 -08:00
54e7371804
Merge pull request #1499 from chicduong/acn_cd_sepanalytics01
...
ACN_CD_SymantectEndpointProtection_AnalyticsRules_01
2021-01-19 20:31:59 -08:00
14aaf0020b
Query to identify attempts to modify registry ACL to evade security solutions
2021-01-19 18:16:58 -08:00
1ff3674612
rebranding of detections
2021-01-19 09:53:57 +02:00
8a30e89cbc
adding tags
2021-01-15 17:26:22 -08:00
b6c8ff0097
fixing entity identifiers
2021-01-15 17:01:07 -08:00
84beb77a00
Update TimeSeriesKeyvaultAccessAnomaly.yaml
2021-01-15 16:44:26 -08:00
504cc966fb
updating connector value in template
2021-01-15 16:29:02 -08:00
de21006f5c
Update GitHub Activities from Infrequent Country.yaml
2021-01-15 09:06:44 +02:00
815812e9c6
Merge pull request #1558 from Azure/Supernova_Webshell
...
SUPERNOVA webshell detection query
2021-01-11 13:00:12 -08:00
d1cdba18cd
Merge pull request #1562 from Cyb3rWard0g/master
...
ADFS DKM Master Key Export - Improved
2021-01-11 11:32:15 -08:00
9f6e7818ab
Update ADFS-DKM-MasterKey-Export.yaml
2021-01-11 10:18:33 -08:00
16abf727ee
Merge pull request #1564 from Azure/stfsrefreshtoken-update
...
moving to hunting query and updated description
2021-01-08 15:53:25 -08:00
a44b74afd7
moving to hunting query and updated description
2021-01-08 08:28:51 -08:00
6708b75151
Update ADFS-DKM-MasterKey-Export.yaml
2021-01-08 01:38:19 -05:00
302dfc22fd
Update ADFS-DKM-MasterKey-Export.yaml
...
+ Improving description of SecurityEvent logic to know how to get the ADFS Policy Store DKM Group ad object
+ Improving LDAP search to filter on ADFS AD containers reducing the number of false positives
2021-01-08 01:29:15 -05:00
4a8da8c6fa
Update Supernovawebshell.yaml
2021-01-07 10:09:53 -08:00
38e6c83679
SUPERNOVA webshell detection query
2021-01-07 08:14:07 -08:00
ebf574250c
removing mc-expand for null AdditionalDetails
2021-01-06 16:29:17 -08:00
ff5cba73ff
fixing kql syntax error
2021-01-06 16:23:45 -08:00
e5f397095f
correcting operationName
2021-01-06 15:54:51 -08:00
43ffc1ec51
updated description
2021-01-06 15:51:20 -08:00
4d287ee378
added condition to add/update federated domain
2021-01-06 15:48:41 -08:00
Shain
Shain Wray (MSTIC)
laithhisham
Jannie Li
Roberto Rodriguez
Ashwin Patil
Sreedhar Ande
aprakash13
Ajeet Prakash (MSTIC)
Ron Marsiano
Amit Bergman