Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
8 936 коммитов 3 214 Ветки 0 Теги 7,8 GiB
Граф коммитов

157 Коммитов

Автор SHA1 Сообщение Дата
Roberto Rodriguez 34af7566cc added version, severity and requiredDataConnectors 2021-07-08 23:06:49 -04:00
Roberto Rodriguez 7a1e50daeb moved ADFSDBLocalSqlStatements detection rule to hunting query 2021-07-08 20:21:32 -04:00
Pete Bryan 1a5cbe3d20 Removed errant ( 2021-06-24 08:25:25 -07:00
Pete Bryan 3ae5e01c88 Updated lsass dump hunt query 2021-06-24 07:57:20 -07:00
Shain 00086a75b4
Merge pull request #2134 from chihebchebbi/master 
Create SignedBinaryProxyExecutionRundll32.yaml
 2021-06-13 09:12:15 -07:00
Chiheb Chebbi 82576ec2ac
Update SignedBinaryProxyExecutionRundll32.yaml 2021-05-19 08:18:25 +01:00
Chiheb Chebbi cec7f2fdc8
Update SignedBinaryProxyExecutionRundll32.yaml 2021-05-18 05:28:37 +01:00
Chiheb Chebbi 63a1382475
Update SignedBinaryProxyExecutionRundll32.yaml 2021-05-03 18:43:13 +01:00
Shain 158019e9f6
Merge pull request #2195 from Azure/pebryan/2021-4-8_HuntingTimeFrameFix 
Pebryan/2021 4 8 hunting time frame fix
 2021-05-03 07:21:35 -07:00
Ashwin Patil cbb6dbc081 fix for syntax error 2021-04-20 01:32:58 -07:00
Pete Bryan a10c26d96c Hunting Query TimeFrame Updates 2021-04-15 17:52:25 -07:00
Chiheb Chebbi 0f80dcb6c0
Create SignedBinaryProxyExecutionRundll32.yaml 2021-04-12 10:09:50 +01:00
Shain 70c96f1ae5
Merge pull request #1975 from chihebchebbi/master 
Create Certutil-LOLBins.yaml
 2021-04-07 17:59:11 -07:00
Chiheb Chebbi b3737fe48e
Update Certutil-LOLBins.yaml 2021-03-29 22:23:32 +01:00
Chiheb Chebbi 32683ac9bc
Create Certutil-LOLBins.yaml 2021-03-18 12:39:52 +01:00
Shain 90dd26f479
Merge pull request #1881 from Azure/pebryan/2021-3-5_HAFNIUM2 
MTPQueries&IOCPlaceholder
 2021-03-05 15:50:58 -08:00
Pete Bryan d33fe20fcf formatting 2021-03-05 15:34:10 -08:00
Pete Bryan ab5b9808d3 MTPQueries&IOCPlaceholder 2021-03-05 15:00:41 -08:00
Pete Bryan f76588b34f
Merge pull request #1865 from Azure/pebryan/2021-3-3_W3WPHunting 
w3wp hunting query
 2021-03-04 16:25:25 -08:00
Shain Wray (MSTIC) a7194fafad capitalize for consistency 2021-03-04 10:54:36 -08:00
Shain Wray (MSTIC) 9c4c4d4566 adding updated tag 2021-03-04 10:49:23 -08:00
Pete Bryan c31d1cdd79 removed unecessary extend 2021-03-03 15:57:36 -08:00
Pete Bryan 6f267e49f8 w3wp hunting query 2021-03-03 15:50:09 -08:00
duzvik bd8a8484ec
Update ExchangePowerShellSnapin.yaml 
Fix correct name of pssnapin module
 2021-03-03 13:40:12 +02:00
Shain 3bb69d3b51
Merge pull request #1691 from chihebchebbi/master 
Create Windows System Shutdown-Reboot(T1529)
 2021-03-02 21:41:13 -08:00
Shain 7eda7debcb
Update Windows System Shutdown-Reboot(T1529) 
Moving timeframe and event id match higher up for better matching performance
 2021-03-02 21:39:12 -08:00
Pete Bryan fe18733f55 HAFNIUM Queries 2021-03-02 13:09:15 -08:00
Chiheb Chebbi c06df21d65
Update Windows System Shutdown-Reboot(T1529) 2021-03-02 11:49:36 +01:00
Chiheb Chebbi 9d6913220e
Update Windows System Shutdown-Reboot(T1529) 2021-02-19 10:30:03 +01:00
Chiheb Chebbi 83e39b8a99
Update Windows System Shutdown-Reboot(T1529) 2021-02-04 10:16:28 +01:00
Shain Wray (MSTIC) e56e19d4bf Removing unicod chars 2021-01-31 12:59:07 -08:00
Chiheb Chebbi 9030b5dfa7
Create Windows System Shutdown-Reboot(T1529) 2021-01-31 18:00:00 +01:00
Shain 0bab07aed0
Update HostExportingMailboxAndRemovingExport.yaml 
Adding Event filter in that was missing
 2021-01-21 10:39:58 -08:00
Shain Wray (MSTIC) 8a30e89cbc adding tags 2021-01-15 17:26:22 -08:00
Shain 9b6d406732
Update and rename Connectiontomultiplemachinesusingexplicitcredentials.yaml to MultipleExplicitCredentialUsage4648Events.yaml 
Updating YAML name and Name to be more succinct
 2020-12-26 10:28:09 -08:00
Shain 9651c32b16
Merge pull request #1525 from Azure/MultiplemachineMultipleAccount_Solorigate 
New Proposed Hunting Query related to Solorigate
 2020-12-24 17:40:35 -08:00
Shain 062eed9418
Update Connectiontomultiplemachinesusingexplicitcredentials.yaml 
Some minor fixes and additional comments
 2020-12-24 17:38:13 -08:00
Ajeet Prakash (MSTIC) 313b516097 Changes to original PR and Hunting Query 2020-12-24 15:33:29 -08:00
Shain 7ce8db8bdb
Update Suspicious_enumeration_using_adfind.yaml 
Adding some comments and fixing some typos.
 2020-12-23 19:52:36 -08:00
Ashwin Patil 6fa3d57819 fixes suggested by Shain 2020-12-23 17:54:31 -08:00
Ashwin Patil af7d0a412a removing some to reduce FPS 2020-12-23 11:50:27 -08:00
Ashwin Patil 6492e63a4b fixed typo 2020-12-23 11:33:03 -08:00
Ashwin Patil fd821d64a1 adfind huting query 2020-12-23 10:58:50 -08:00
Ajeet Prakash (MSTIC) 5e63360e48 New Hunting Query related to Solorigate 2020-12-23 02:54:32 -08:00
Shain Wray (MSTIC) 257f1f4f2f Fixing up syntax and change from contains to has, along with in~ 2020-12-19 10:43:47 -08:00
Pete Bryan 6070df1d52 New queries and some fixes 2020-12-19 17:31:36 +00:00
Shain 4984b862af
Update ProcessEntropy.yaml 2020-11-30 08:43:21 -08:00
Shain cca66ba911
Update ProcessEntropy.yaml 
Improving Process Entropy performance, removing additional common processes to speed execution, improving ratio's to reduce common processes further and handling Weight calculation slightly differently.  Lower Weight is still indicative of High Entropy or Rarity.
 2020-11-22 20:00:12 -08:00
Shain d6ca732e3f
Update WindowsSystemTimeChange.yaml 2020-10-27 10:33:23 -07:00
Shain 70e49edf6e
Create WindowsSystemTimeChange.yaml 
Adding in Time Change event check for Hunting.
 2020-10-25 21:59:51 -07:00