Shain
eb818b4448
Merge pull request #1661 from Cyb3rWard0g/master
...
Update MailPermissionsAddedToApplication.yaml
2021-02-01 16:00:03 -08:00
Shain Wray (MSTIC)
3d0da41011
Couple additional fixes
2021-02-01 08:22:36 -08:00
Shain Wray (MSTIC)
e56e19d4bf
Removing unicod chars
2021-01-31 12:59:07 -08:00
laithhisham
3ea7e0e4c1
Add identifier-level validation for new entity mappings in templates ( #1680 )
...
* Add identifier-level validation for new entity mappings in templates
* cr fix
2021-01-31 16:35:50 +02:00
Jannie Li
031db52299
edit techniques
2021-01-28 11:58:59 -05:00
Jannie Li
7553a8920f
add technique for command and control
2021-01-28 11:52:36 -05:00
Jannie Li
97979016dc
fix SecurityEvents error
2021-01-27 19:45:36 -05:00
Jannie Li
c603aa29f0
ioc queries
2021-01-27 19:38:43 -05:00
Roberto Rodriguez
db7cc20f5c
Update MailPermissionsAddedToApplication.yaml
...
Adding coverage for App/Role permissions added to an OAuth Application.
2021-01-27 16:06:00 -05:00
Shain
c44d250ce9
Update SolarWinds_SUNBURST_Process-IOCs.yaml
...
adding tag
2021-01-22 10:57:17 -08:00
Shain
e2773f9281
Merge pull request #1619 from Azure/timeseries-jan2021
...
adding materialise in time series queries
2021-01-21 09:03:48 -08:00
Shain Wray (MSTIC)
ec81a162a4
Removing validation skip
2021-01-21 07:50:03 -08:00
Shain
154a6626ac
Update UserSearchingForVIPUserActivity.yaml
...
Fixing connector
2021-01-21 07:46:03 -08:00
Ashwin Patil
270859954c
fix yaml
2021-01-20 18:03:02 -08:00
Ashwin Patil
0f2692e9cf
adding materialise in time series queries
2021-01-20 17:58:08 -08:00
Shain
368628902b
Merge pull request #1618 from andedevsecops/master
...
Fix for Brute Force Attack Against GitHub Account
2021-01-20 13:13:51 -08:00
Shain
a315a95729
Merge pull request #1607 from Azure/RegistryACL
...
Query to identify attempts to modify registry ACL to evade security s…
2021-01-20 13:03:57 -08:00
Shain
bab4edd403
Update SecurityServiceRegistryACLModification.yaml
2021-01-20 13:00:18 -08:00
Sreedhar Ande
8c8b2c9753
Updated Brute Force Attack against GitHub Account detection query
2021-01-20 12:59:23 -08:00
aprakash13
a1a20c1bc3
Update SecurityServiceRegistryACLModification.yaml
...
Updating a few things as per suggestion from Shain
2021-01-20 10:49:06 -08:00
Shain
326b46c43d
Merge pull request #1601 from Ronmarsiano/master
...
rebranding of detections
2021-01-19 23:00:46 -08:00
Shain
ee12d6d308
Merge pull request #1582 from Azure/Fix-a-template
...
Fix time period of a template
2021-01-19 23:00:10 -08:00
Shain
8813910cb7
Merge pull request #1541 from KustoKing/patch-5
...
Update FirstAppOrServicePrincipalCredential.yaml
2021-01-19 21:52:40 -08:00
Shain
39d5a95883
Merge pull request #1590 from Azure/shainw-connectorFix
...
updating connector value in template
2021-01-19 21:37:02 -08:00
Shain
db3965541c
Merge pull request #1591 from Azure/shainw-entityMapFix
...
fixing entity identifiers
2021-01-19 21:36:33 -08:00
Shain
da58304c4f
Update ExternalUserAddedRemovedInTeams.yaml
2021-01-19 21:34:15 -08:00
Shain Wray (MSTIC)
df4b8c04d9
updating PR with additional change
2021-01-19 21:30:46 -08:00
Shain
8c280eb363
Merge pull request #1524 from KustoKing/patch-4
...
Update MFADisable.yaml
2021-01-19 21:22:03 -08:00
Shain
54e7371804
Merge pull request #1499 from chicduong/acn_cd_sepanalytics01
...
ACN_CD_SymantectEndpointProtection_AnalyticsRules_01
2021-01-19 20:31:59 -08:00
Ajeet Prakash (MSTIC)
14aaf0020b
Query to identify attempts to modify registry ACL to evade security solutions
2021-01-19 18:16:58 -08:00
Ron Marsiano
1ff3674612
rebranding of detections
2021-01-19 09:53:57 +02:00
Shain Wray (MSTIC)
8a30e89cbc
adding tags
2021-01-15 17:26:22 -08:00
Shain Wray (MSTIC)
b6c8ff0097
fixing entity identifiers
2021-01-15 17:01:07 -08:00
Shain
84beb77a00
Update TimeSeriesKeyvaultAccessAnomaly.yaml
2021-01-15 16:44:26 -08:00
Shain Wray (MSTIC)
504cc966fb
updating connector value in template
2021-01-15 16:29:02 -08:00
Amit Bergman
de21006f5c
Update GitHub Activities from Infrequent Country.yaml
2021-01-15 09:06:44 +02:00
Shain
815812e9c6
Merge pull request #1558 from Azure/Supernova_Webshell
...
SUPERNOVA webshell detection query
2021-01-11 13:00:12 -08:00
Shain
d1cdba18cd
Merge pull request #1562 from Cyb3rWard0g/master
...
ADFS DKM Master Key Export - Improved
2021-01-11 11:32:15 -08:00
Shain
9f6e7818ab
Update ADFS-DKM-MasterKey-Export.yaml
2021-01-11 10:18:33 -08:00
Shain
16abf727ee
Merge pull request #1564 from Azure/stfsrefreshtoken-update
...
moving to hunting query and updated description
2021-01-08 15:53:25 -08:00
Ashwin Patil
a44b74afd7
moving to hunting query and updated description
2021-01-08 08:28:51 -08:00
Roberto Rodriguez
6708b75151
Update ADFS-DKM-MasterKey-Export.yaml
2021-01-08 01:38:19 -05:00
Roberto Rodriguez
302dfc22fd
Update ADFS-DKM-MasterKey-Export.yaml
...
+ Improving description of SecurityEvent logic to know how to get the ADFS Policy Store DKM Group ad object
+ Improving LDAP search to filter on ADFS AD containers reducing the number of false positives
2021-01-08 01:29:15 -05:00
Shain
4a8da8c6fa
Update Supernovawebshell.yaml
2021-01-07 10:09:53 -08:00
Ajeet Prakash (MSTIC)
38e6c83679
SUPERNOVA webshell detection query
2021-01-07 08:14:07 -08:00
Ashwin Patil
ebf574250c
removing mc-expand for null AdditionalDetails
2021-01-06 16:29:17 -08:00
Ashwin Patil
ff5cba73ff
fixing kql syntax error
2021-01-06 16:23:45 -08:00
Ashwin Patil
e5f397095f
correcting operationName
2021-01-06 15:54:51 -08:00
Ashwin Patil
43ffc1ec51
updated description
2021-01-06 15:51:20 -08:00
Ashwin Patil
4d287ee378
added condition to add/update federated domain
2021-01-06 15:48:41 -08:00