Chiheb Chebbi
|
cec7f2fdc8
|
Update SignedBinaryProxyExecutionRundll32.yaml
|
2021-05-18 05:28:37 +01:00 |
Lodewyk-Git
|
4ea4c2c8e9
|
Update NewBotAddedToTeams.yaml
Typo
|
2021-05-14 01:32:47 +02:00 |
Shahar Aviv
|
1bfc7a1c43
|
Merge branch 'master' into shaharBranch2
|
2021-05-13 11:10:21 +03:00 |
|
t-shaviv
|
9062599424
|
fixed AzureesourceCreationWithNetwork
|
2021-05-12 14:13:46 +03:00 |
|
t-shaviv
|
43fc6b89cc
|
fixed AzureResourceAssugned
|
2021-05-12 14:12:49 +03:00 |
|
t-shaviv
|
4646f4f917
|
fixed CriticalPortsOpened
|
2021-05-12 14:12:09 +03:00 |
|
t-shaviv
|
b5c26dca2f
|
fixed PortOpened
|
2021-05-12 14:11:31 +03:00 |
|
t-shaviv
|
7b795eb981
|
fixed Granting_Permissions
|
2021-05-12 14:10:58 +03:00 |
|
t-shaviv
|
9edeeef5a1
|
fixed Creating_Anomalus
|
2021-05-12 14:10:26 +03:00 |
|
t-shaviv
|
297f606ee1
|
fixed Common_Deployes
|
2021-05-12 14:09:50 +03:00 |
|
t-shaviv
|
058224969c
|
fixed AzureVirtualNetworkSubnets
|
2021-05-12 14:09:20 +03:00 |
|
t-shaviv
|
7e8b2483bc
|
fixed AzureSentinelConnectors_Admin
|
2021-05-12 14:08:38 +03:00 |
|
t-shaviv
|
d87febd45b
|
fixed anomalous
|
2021-05-12 14:07:55 +03:00 |
|
t-shaviv
|
7ae3296072
|
fixed AnalyticsRulesAdministrativeOperations
|
2021-05-12 12:33:59 +03:00 |
Pete Bryan
|
0e584d46c7
|
Merge pull request #2240 from Azure/shainw-updDeployRes
Update Common_Deployed_Resources.yaml
|
2021-05-06 11:13:15 -07:00 |
Shain
|
c518f51f03
|
Merge pull request #2180 from mmaitre314/highriskports
Add Palo Alto High Risk Port hunting query
|
2021-05-06 10:54:21 -07:00 |
Matthieu Maitre
|
a6ac7c65a6
|
Swap join legs to improve perf
|
2021-05-06 10:46:33 -07:00 |
|
Chiheb Chebbi
|
63a1382475
|
Update SignedBinaryProxyExecutionRundll32.yaml
|
2021-05-03 18:43:13 +01:00 |
|
Shain
|
28720e4122
|
Update Common_Deployed_Resources.yaml
|
2021-05-03 08:27:34 -07:00 |
|
Shain
|
158019e9f6
|
Merge pull request #2195 from Azure/pebryan/2021-4-8_HuntingTimeFrameFix
Pebryan/2021 4 8 hunting time frame fix
|
2021-05-03 07:21:35 -07:00 |
|
Matthieu Maitre
|
6476e8dff4
|
Add Palo Alto High Risk Port hunting query
|
2021-04-21 08:46:16 -07:00 |
Ashwin Patil
|
cbb6dbc081
|
fix for syntax error
|
2021-04-20 01:32:58 -07:00 |
|
Pete Bryan
|
a10c26d96c
|
Hunting Query TimeFrame Updates
|
2021-04-15 17:52:25 -07:00 |
|
Pete Bryan
|
7ce022612a
|
Hunting query timeframe updates
|
2021-04-12 14:15:43 -07:00 |
|
Pete Bryan
|
9381aa3b0c
|
Hunting query lookback updates
|
2021-04-12 14:13:20 -07:00 |
|
Chiheb Chebbi
|
0f80dcb6c0
|
Create SignedBinaryProxyExecutionRundll32.yaml
|
2021-04-12 10:09:50 +01:00 |
|
Shain
|
7c23fdf0db
|
Merge pull request #2076 from Azure/shainw-TIUpd
Add in filtering to make sure the TI match is active for when the log…
|
2021-04-07 18:04:40 -07:00 |
|
Shain
|
70c96f1ae5
|
Merge pull request #1975 from chihebchebbi/master
Create Certutil-LOLBins.yaml
|
2021-04-07 17:59:11 -07:00 |
|
Shain Wray (MSTIC)
|
c49613c626
|
Add in filtering to make sure the TI match is active for when the log event occurred
|
2021-04-04 21:46:37 -07:00 |
v-jayakal
|
b77d104d70
|
Merge pull request #2044 from Azure/feature/v-ampami/Move_Corelight_to_Solution
Move Corelight Detections, Hunting queries to Solution
|
2021-03-31 00:54:55 -07:00 |
v-ampami
|
759340769d
|
Move Detections, Hunting queries to Solution
|
2021-03-31 12:21:05 +05:30 |
|
v-jayakal
|
46ae0bea23
|
Merge pull request #2043 from Azure/v-maudan/CloudflareDetection_To_Solution
Moving cloudflare detection and hunting queries to solution folder
|
2021-03-30 23:45:14 -07:00 |
v-maudan
|
8df535b776
|
Moving cloudflare detection and hunting queries to solution folder
|
2021-03-31 12:00:29 +05:30 |
|
v-jayakal
|
853aa28d06
|
Merge pull request #2004 from socprime/corelight_rules_and_queries
Corelight Rules and Queries
|
2021-03-30 23:14:45 -07:00 |
|
v-jayakal
|
c49e8b61f6
|
Merge pull request #2019 from socprime/cloudflare_rules_and_queries
Cloudflare rules and queries
|
2021-03-30 22:42:11 -07:00 |
|
v-ampami
|
b1e7baf692
|
Move Ubiquiti to Solution folder
|
2021-03-30 13:36:28 +05:30 |
v-ampami
|
f76b6ed5bd
|
Merge branch 'master' into ubiquiti_data_conn
|
2021-03-30 13:02:25 +05:30 |
|
Chiheb Chebbi
|
b3737fe48e
|
Update Certutil-LOLBins.yaml
|
2021-03-29 22:23:32 +01:00 |
Vitalii Uslystyi
|
25cd96bd8d
|
cloudflare - updated rules and queries
|
2021-03-29 13:30:10 +03:00 |
|
Vitalii Uslystyi
|
f2bf82c2f7
|
corelight - update rules and queries
|
2021-03-29 12:57:59 +03:00 |
|
Vitalii Uslystyi
|
15cc6c89d6
|
ubiquiti - updated rules and queries
|
2021-03-29 12:27:14 +03:00 |
|
Pete Bryan
|
9c2c61084d
|
Merge pull request #2022 from thmcelro/Tom-Exchange-Queries
GUID Updates
|
2021-03-25 11:38:27 -07:00 |
Thomas McElroy
|
208965f900
|
GUID Updates
GUID's were not unique
|
2021-03-25 18:31:46 +00:00 |
|
Shain
|
f1f7773c90
|
Merge pull request #1991 from thmcelro/Tom-Exchange-Queries
Tom exchange queries
|
2021-03-25 09:53:43 -07:00 |
|
Thomas McElroy
|
23a552b3c7
|
Updates
- Move query to correct folder
- Adding required connectors
|
2021-03-25 16:42:44 +00:00 |
Sergiy Prystaiko
|
653bd79dcd
|
cloudflare - add rules and queries
|
2021-03-25 12:48:04 +02:00 |
|
v-ampami
|
ab93f51c34
|
Moving Parser, Hunting queries, Analytic rules to solution
|
2021-03-25 12:29:28 +05:30 |
|
Shain
|
eb4792cb5a
|
Merge pull request #1956 from Azure/PersistViaIFEO
Submit Persist via IFEO query
|
2021-03-24 21:53:07 -07:00 |
|
Shain
|
b84090e0fb
|
Merge pull request #1900 from socprime/box_rules_and_queries
Box workbook and rules
|
2021-03-24 21:51:38 -07:00 |
|
v-maudan
|
b55cb5b4ce
|
Merge branch 'master' into v-maudan/SlackAudit_To_Solution
|
2021-03-24 18:23:49 +05:30 |
|
Vitalii Uslystyi
|
93ee4622f1
|
Merge branch 'master' into box_rules_and_queries
|
2021-03-24 11:37:41 +02:00 |
|
Vitalii Uslystyi
|
54ac3d60b1
|
box - updated rules and queries
|
2021-03-24 11:06:09 +02:00 |
|
v-maudan
|
fd46d31984
|
Move SlackAudit to solution folder
|
2021-03-24 13:46:54 +05:30 |
|
v-ampami
|
11042d5df8
|
Moved Hunting queries, Parsers, Analytic rules to solution
|
2021-03-24 13:22:08 +05:30 |
|
Shain
|
b9aa367752
|
Merge pull request #1986 from Azure/shainw-huntformatUpd3
adding entities and fixing up some mappings
|
2021-03-23 20:48:58 -07:00 |
|
Shain
|
d0202b7a52
|
Merge pull request #1985 from Azure/shainw-huntformatUpd2
adding in entities and fixing up some queries.
|
2021-03-23 20:48:48 -07:00 |
|
Shain
|
d43e0a60da
|
Merge pull request #1984 from Azure/shainw-huntFormatUpd
updating entity mappings and descriptions to fix some characters that…
|
2021-03-23 20:47:20 -07:00 |
|
Shain
|
227614b88f
|
Merge pull request #1796 from socprime/SlackAuditConnector
SlackAudit: dataconnector+workbook
|
2021-03-23 20:40:58 -07:00 |
|
Shain
|
6741ab7e8a
|
Merge pull request #1801 from socprime/oracle_db_audit_rules_and_queries
Add Oracle DB Audit Parser and Rules
|
2021-03-23 20:33:23 -07:00 |
|
Sergiy Prystaiko
|
9d206d0d91
|
corelight - add hunting queries
|
2021-03-23 17:01:20 +02:00 |
|
Vitalii Uslystyi
|
b8f5ab7509
|
oracle db audit - fixed hunting queries
|
2021-03-23 16:39:13 +02:00 |
|
v-maudan
|
bb38955d92
|
moving McAfeeePO parser,detection, hunting queries to solution folder
|
2021-03-23 11:18:30 +05:30 |
|
v-jayakal
|
66b39e221e
|
Merge pull request #1799 from socprime/mcafeeepo_parser_and_rules
McAfeeePO Parser and Rules
|
2021-03-22 22:19:03 -07:00 |
Alex Verbniak
|
749f8bfe2a
|
Merge branch 'SlackAuditConnector' of github.com:socprime/Azure-Sentinel into SlackAuditConnector
|
2021-03-22 16:37:38 +02:00 |
|
Alex Verbniak
|
716230bfc3
|
SlackAudit:rules and queries updates
|
2021-03-22 16:36:58 +02:00 |
|
Thomas McElroy
|
65ddf104c5
|
Typo and bugfix
|
2021-03-22 12:42:17 +00:00 |
|
Thomas McElroy
|
729bdc58fb
|
Hunting queries for Exchange activity
Hunting queries to detect ProxyLogon and other web exploitation activity.
|
2021-03-22 12:36:26 +00:00 |
|
Shain Wray (MSTIC)
|
605d3f044e
|
Adding in timeframe to support other features
|
2021-03-21 20:27:29 -07:00 |
|
Shain Wray (MSTIC)
|
7e233ecc7c
|
adding in timegenerated and using has
|
2021-03-21 19:53:36 -07:00 |
|
Shain Wray (MSTIC)
|
d46434afcf
|
fixing broken time check
|
2021-03-21 13:08:33 -07:00 |
|
Shain Wray (MSTIC)
|
48e705181e
|
adding entities and fixing up some mappings
|
2021-03-21 12:36:33 -07:00 |
|
Shain Wray (MSTIC)
|
bffde1fcb0
|
adding in entities and fixing up some queries.
|
2021-03-21 12:11:46 -07:00 |
|
Shain Wray (MSTIC)
|
68662f4613
|
updating entity mappings and descriptions to fix some characters that may cause issue on import to other tooling.
|
2021-03-21 11:42:36 -07:00 |
|
Vitalii Uslystyi
|
339ade8a63
|
ubiquity - update rules and queries
|
2021-03-19 13:19:08 +02:00 |
|
Vitalii Uslystyi
|
7583277838
|
ubiquiti - update queries
|
2021-03-19 12:27:09 +02:00 |
Jannie Li
|
a19589113c
|
remove timeframe
|
2021-03-18 15:27:39 -04:00 |
|
Vitalii Uslystyi
|
b708b6f4d7
|
oracle db audit - updated queries
|
2021-03-18 15:43:37 +02:00 |
|
Vitalii Uslystyi
|
86ada1af49
|
box - updated rules and queries
|
2021-03-18 15:38:41 +02:00 |
|
Vitalii Uslystyi
|
d932b33adb
|
Merge branch 'box_rules_and_queries' of github.com:socprime/Azure-Sentinel into box_rules_and_queries
|
2021-03-18 15:11:22 +02:00 |
|
Vitalii Uslystyi
|
bfb237225d
|
box - updated queries
|
2021-03-18 15:03:24 +02:00 |
|
Vitalii Uslystyi
|
77fab9538d
|
McAfeeEPO - updated queries
|
2021-03-18 14:45:55 +02:00 |
|
Chiheb Chebbi
|
32683ac9bc
|
Create Certutil-LOLBins.yaml
|
2021-03-18 12:39:52 +01:00 |
|
v-maudan
|
26e7efa928
|
Moving cisco umbrella to solution folder
|
2021-03-17 23:05:39 -07:00 |
|
Shain
|
f681d42dfb
|
Merge pull request #1803 from Azure/cisccoumbrella-missingconnectors
update missing connectors and missing techniques for CiscoUmbrella
|
2021-03-17 19:53:39 -07:00 |
|
Jannie Li
|
f5933d9035
|
fix yaml file error
|
2021-03-17 02:03:09 -04:00 |
|
Jannie Li
|
5cf4c942a8
|
fix query error
|
2021-03-17 01:59:43 -04:00 |
|
Jannie Li
|
e1472eed59
|
submit initial draft
|
2021-03-17 01:54:59 -04:00 |
v-rucdu
|
ee02cae67b
|
Merge branch 'master' into SlackAuditConnector
|
2021-03-16 10:27:24 +05:30 |
|
Sergiy Prystaiko
|
b7018d160d
|
ubiquiti - added rules and queries
|
2021-03-12 16:00:34 +02:00 |
vu-socprime
|
9bf2d185de
|
Merge branch 'master' into box_rules_and_queries
|
2021-03-11 17:29:10 +02:00 |
|
Shain
|
83ae7d405f
|
Merge pull request #1802 from Azure/shainw-fixuphunt
Moving Teams queries out of folder and removing duplicates, plus mapp…
|
2021-03-09 10:25:34 -08:00 |
|
Alex Verbniak
|
25dc3f9166
|
SlackAudit:rules and parser changes
|
2021-03-09 17:55:51 +02:00 |
|
Sergiy Prystaiko
|
be31971129
|
Box - add rules and queries
|
2021-03-09 17:22:09 +02:00 |
|
Sergiy Prystaiko
|
2b0ae495e1
|
McAfeeEPO - updated rules and queries
|
2021-03-09 16:38:10 +02:00 |
|
Sergiy Prystaiko
|
4e6f1cea17
|
oracle db audit - updated rules and queries
|
2021-03-09 15:14:52 +02:00 |
|
Shain
|
90dd26f479
|
Merge pull request #1881 from Azure/pebryan/2021-3-5_HAFNIUM2
MTPQueries&IOCPlaceholder
|
2021-03-05 15:50:58 -08:00 |
|
Pete Bryan
|
d33fe20fcf
|
formatting
|
2021-03-05 15:34:10 -08:00 |
|
Pete Bryan
|
ab5b9808d3
|
MTPQueries&IOCPlaceholder
|
2021-03-05 15:00:41 -08:00 |
|
Sergiy Prystaiko
|
10ad5ac0bc
|
oracle db audit - update hunting queries
|
2021-03-05 10:44:37 +02:00 |
|
Pete Bryan
|
f76588b34f
|
Merge pull request #1865 from Azure/pebryan/2021-3-3_W3WPHunting
w3wp hunting query
|
2021-03-04 16:25:25 -08:00 |