Roberto Rodriguez
|
66339faa1a
|
added new hunting query to cover updates of the permissions scopes and app roles of an OAuth application
|
2021-07-28 04:57:01 -04:00 |
Shain
|
cefb70efa0
|
Update Common_Deployed_Resources.yaml
removing hanging comment
|
2021-07-13 13:12:23 -07:00 |
|
Shain
|
d646cdbae9
|
Update Common_Deployed_Resources.yaml
This was rolled back, need to change back to something closer to May 3rd PR. This is updated to use new Value fields.
|
2021-07-13 11:00:30 -07:00 |
|
Roberto Rodriguez
|
34af7566cc
|
added version, severity and requiredDataConnectors
|
2021-07-08 23:06:49 -04:00 |
|
Roberto Rodriguez
|
7a1e50daeb
|
moved ADFSDBLocalSqlStatements detection rule to hunting query
|
2021-07-08 20:21:32 -04:00 |
Ofer Shezaf
|
954b11d2e4
|
Merge pull request #2623 from Azure/dev/normalization/process
Fix DvcHostName -> DvcHostname
|
2021-07-05 14:02:06 +03:00 |
Ofer Shezaf
|
a79d10cc8b
|
Fix DvcHostName -> DvcHostName
|
2021-07-05 13:57:52 +03:00 |
Jannie Li
|
4148286513
|
add endswith condition
|
2021-07-01 18:10:53 -04:00 |
|
Jannie Li
|
d48386bd3c
|
add quotation
|
2021-07-01 16:41:38 -04:00 |
|
Jannie Li
|
ef02c23080
|
correct slashes
|
2021-07-01 16:34:10 -04:00 |
|
Jannie Li
|
1567a5a5cf
|
requested changes to fix merge and adjust query
|
2021-07-01 16:28:58 -04:00 |
|
Jannie Li
|
d2cdaba0da
|
fix merge
|
2021-07-01 14:02:05 -04:00 |
|
Jannie Li
|
d4575d14bc
|
summarize by ObjectName
|
2021-07-01 13:44:36 -04:00 |
|
Jannie Li
|
a7e3115cf6
|
remove another usage of cmdline
|
2021-07-01 13:25:21 -04:00 |
|
Jannie Li
|
31f54eff25
|
fix commandline issue
|
2021-07-01 12:31:28 -04:00 |
|
Ofer Shezaf
|
ff8f2aa467
|
Merge pull request #2598 from Azure/dev/normalization/registry_events
Normalization package for registry events
|
2021-07-01 11:08:08 +03:00 |
Igal Shapira
|
79269ec6e7
|
Merge branch 'master' into origin/dev/process_events
|
2021-07-01 10:32:26 +03:00 |
|
Ofer Shezaf
|
1c7e554ae6
|
Delete ASim_Registry_PersistViaIFEORegistryKey.yaml
|
2021-06-30 17:56:23 +03:00 |
|
Ofer Shezaf
|
36c9680fe1
|
Fix function names in templates
|
2021-06-30 12:44:02 +03:00 |
Pete Bryan
|
1a5cbe3d20
|
Removed errant (
|
2021-06-24 08:25:25 -07:00 |
|
Pete Bryan
|
3ae5e01c88
|
Updated lsass dump hunt query
|
2021-06-24 07:57:20 -07:00 |
|
Ofer Shezaf
|
0d7756c646
|
Replaced "match regex" with "contains" as it can be used and more performante
|
2021-06-24 14:07:49 +03:00 |
|
Ofer Shezaf
|
96d14e3986
|
Update detection and hunting queries description to reflect Normalized Process Events
|
2021-06-24 14:06:28 +03:00 |
|
Ofer Shezaf
|
b47029e6b9
|
Assign new GUIDs
|
2021-06-23 15:23:59 +03:00 |
|
Ofer Shezaf
|
5a4bf19bf2
|
Fix case for ActorUsername
|
2021-06-23 12:34:01 +03:00 |
|
Ofer Shezaf
|
9156406cf9
|
Fix ProcessCreation -> ProcessCreate
|
2021-06-23 11:26:55 +03:00 |
|
Ofer Shezaf
|
af6c90b8eb
|
Update imProcess_PowerCatDownload.yaml
YAML issue
|
2021-06-23 11:22:13 +03:00 |
|
Ofer Shezaf
|
6fc267bb64
|
Fix YAML format
|
2021-06-23 11:02:27 +03:00 |
|
Ofer Shezaf
|
f93dcaf121
|
reverts
|
2021-06-22 18:41:21 +03:00 |
|
Ofer Shezaf
|
2de90525d2
|
Updates
|
2021-06-21 09:36:00 +03:00 |
|
Ofer Shezaf
|
ba197ef2f3
|
Update
|
2021-06-18 01:09:12 +03:00 |
YuvalNaor
|
7f655251df
|
finished fixing content
|
2021-06-16 10:54:33 +03:00 |
|
YuvalNaor
|
00ee252c93
|
fixing queries
|
2021-06-16 10:45:09 +03:00 |
|
Shain
|
2cad1a602c
|
Merge pull request #2281 from t-shaviv/shaharBranch2
Azure Activity columns alignments
|
2021-06-13 09:57:18 -07:00 |
|
Shain
|
00086a75b4
|
Merge pull request #2134 from chihebchebbi/master
Create SignedBinaryProxyExecutionRundll32.yaml
|
2021-06-13 09:12:15 -07:00 |
|
YuvalNaor
|
1939ab3986
|
adding extra process content
|
2021-06-13 17:34:26 +03:00 |
|
YuvalNaor
|
441afc781a
|
splitting process creation and termination parsers
|
2021-06-13 10:47:48 +03:00 |
|
YuvalNaor
|
db19d82e8a
|
more files
|
2021-06-09 18:14:05 +03:00 |
|
YuvalNaor
|
3db7a350ff
|
converting more process content
|
2021-06-09 18:13:53 +03:00 |
|
Pete Bryan
|
bcf2dd4143
|
Merge pull request #2341 from vaniMSTIC/vaasawa_webshell_hunting
Webshell hunting query
|
2021-06-08 09:47:11 -07:00 |
vaniMSTIC
|
c822596e17
|
updates
|
2021-06-08 00:05:13 +01:00 |
t-shaviv
|
dcec38723c
|
fixed content
|
2021-06-02 13:46:36 +03:00 |
|
Pete Bryan
|
448499566b
|
Fixed queries that had leftover variables
|
2021-05-25 13:10:40 -07:00 |
|
vaniMSTIC
|
265359f811
|
edits
|
2021-05-24 17:44:49 +01:00 |
|
vaniMSTIC
|
0f0eeba852
|
webshell_hunting
|
2021-05-24 17:28:43 +01:00 |
|
vaniMSTIC
|
e05526492e
|
Merge branch 'Azure:master' into master
|
2021-05-24 17:03:08 +01:00 |
|
vaniMSTIC
|
b3cd12f155
|
webshell hunting query
|
2021-05-24 17:01:47 +01:00 |
|
t-shaviv
|
dead5aee92
|
fix Azure Activity query
|
2021-05-24 12:24:34 +03:00 |
Chiheb Chebbi
|
82576ec2ac
|
Update SignedBinaryProxyExecutionRundll32.yaml
|
2021-05-19 08:18:25 +01:00 |
|
t-shaviv
|
0c6c4fecb2
|
Merge branch 'master' into shaharBranch2
|
2021-05-19 10:12:21 +03:00 |