ee86b1cb3b
Merge pull request #608 from Azure/malowe101-patch-1
...
Add files via upload
2020-04-21 19:44:53 +03:00
8e3c274b6b
Add files via upload
2020-04-21 11:43:49 -05:00
185064f93c
Update td-agent.conf
2020-04-21 10:08:47 -04:00
beeb032430
Create Wazuh-Large Number of Web errors from an IP
...
The following detection uses the ComonSecurityLog for users that have Wazuh as a Data Connection source. The analytic 'dentifies instances where Wazuh logged over 400 '403' Web Errors from one IP Address.
2020-04-20 17:54:40 -07:00
59794f09f4
Update Comment-MCASAlertURL
...
Removing reference to the required MCAS connection. The required connection is for Sentinel and Azure Monitor Logs. MCAS will be needed as a data source to feed the right logs into Azure Monitor to get value from the logic app but does not impact the logic app from running successfully.
2020-04-20 17:46:41 -07:00
c5eefc83f2
Create Comment-MCASAlertURL
...
This playbook will look through the Security Alerts table in the Sentinel enabled workspace. For every event that contains an MCAS Alert, the logic app will post the MCAS Alert URL as a comment in the relevant Sentinel Incident.
2020-04-20 17:31:27 -07:00
64068be052
zoom connector
2020-04-20 15:32:30 -07:00
1bfdaba3aa
Merge pull request #598 from Azure/kesheldr-SyslogAUOMS
...
Added functions for extracting data from Syslog AUOMS
2020-04-20 18:20:59 +01:00
50c3b83af7
Merge pull request #602 from robeving/feature/HoneyBuckets
...
Azure Storage Diagnostic logs to Sentinel workspace adapter
2020-04-20 17:35:26 +01:00
df3a1ebe10
added alcide svg logo ( #604 )
2020-04-20 08:37:01 -07:00
6d38a94675
Merge pull request #600 from bridewellconsulting/bridewell-2020-04
...
New playbook created to export incidents and comments
2020-04-20 10:18:24 -04:00
fda944fcc5
adding ARM to O365 Function
2020-04-18 16:51:30 -04:00
07b45d91fd
New playbook created to export incidents and comments
...
on-behalf-of: @bridewellconsulting <bc@bridewellconsulting.com>
2020-04-17 16:17:25 +01:00
9570b779b3
Small bug fix for when auditd is installed
2020-04-17 14:05:36 +00:00
2bdc91501f
Moved parsers to Parsers directory, and reworked crypto currency miners hunting query into yaml and placed in Hunting Queries directory
2020-04-17 09:55:41 +00:00
008866d378
Moved location
2020-04-17 09:57:46 +01:00
0f74948d7e
Added functions for extracting data from Syslog AUOMS
2020-04-16 16:27:04 +00:00
58df8fc3c4
Wordsmithing
2020-04-15 17:39:56 +01:00
ab28dc7fdd
Initial version of sample Azure Storage log to Sentinel adapter
2020-04-15 17:34:58 +01:00
f792abeb7b
Merge pull request #595 from mcpjanmarek/create-devopstask-playbook
...
sentinel playbook to create azure devops task
2020-04-15 07:59:33 -04:00
d732a1212b
readme for the Create-AzureDevOpsTask playbook
2020-04-15 13:55:04 +02:00
5af2ac79ae
commit okta playbook
...
folder + 2 files ( readme + deploy.json)
2020-04-15 14:53:34 +03:00
bd3d92b821
Merge pull request #594 from Azure/yanivsh-14042020-palybookTVM
...
deploy new playook enrichIncident with TVM data
2020-04-15 07:48:46 -04:00
58c3cfdf13
sentinel playbook to create azure devops task
2020-04-15 13:44:11 +02:00
83276fb8df
Merge pull request #592 from Azure/FixingDupeGUIDs
...
Changing GUIDs of hunting queries that had duplicates from Detection …
2020-04-14 15:25:09 -07:00
e5e210525e
Update azuredeploy.json
2020-04-14 22:57:47 +03:00
7eb0fe117e
Update readme.md
2020-04-14 22:47:35 +03:00
a0a7f7a552
deploy new playook enrichIncident with TVM data
...
deploy new playook enrichIncident with TVM data
2020-04-14 22:29:47 +03:00
bccf4e41c2
Changing GUIDs of hunting queries that had duplicates from Detection queries
2020-04-13 10:52:12 -07:00
2bb2191ae3
Merge pull request #591 from Azure/Rare_CSE
...
Rare Custom Script Extension
2020-04-13 10:32:27 -07:00
28fe87c28b
Update EventAnalyzer.json
...
change Json to include time brush
2020-04-12 09:42:43 +03:00
15f55aacb3
Rare Custom Script Extension
2020-04-11 18:44:28 -07:00
c3ad10de2f
Merge pull request #590 from baselsalam/patch-4
...
ExcessiveLogonFailures - change Computer/IpAddress from maklist to ma…
2020-04-11 10:49:06 -07:00
ef0fdd3860
ExcessiveLogonFailures - change Computer/IpAddress from maklist to make_set, so only unique values are logged
...
makelist provides upto 128 values, but its not deduped.
make_set provides deduped values, and I set the limit to 128 to match makelist. If desired this number can be lowered but I kept it to match makelist. In general, make_set with a limit of 128 will provide many more unique values.
2020-04-10 00:41:36 -07:00
3153da8f8b
Merge pull request #565 from baselsalam/patch-1
...
Update ExcessiveLogonFailures - detect new patterns that haven't had …
2020-04-09 13:12:21 -07:00
a2111f46ba
Merge pull request #564 from robMSFT/robMSFT-RareOfficeUserAgent
...
Create Office_RareUserAgent.yaml
2020-04-09 08:05:50 -07:00
9173d2b982
Merge pull request #568 from robMSFT/robMSFT-MultiFailThenSuccess
...
Create MultipleFailedFollowedBySuccess.yaml
2020-04-09 07:52:30 -07:00
caa3ec1abf
Update NewUserAgentLast24h.yaml
2020-04-09 08:14:14 +01:00
356a8d25f4
Update NewUserAgentLast24h.yaml
2020-04-09 08:13:37 +01:00
016aea332d
Update MultipleFailedFollowedBySuccess.yaml
2020-04-09 08:01:36 +01:00
1d0f8bbe2a
Merge pull request #588 from Azure/ashwin-functions-apr2020
...
Functions to check if daylight savings in US/EU
2020-04-08 14:18:41 -07:00
dde61216c5
Functions to check if daylight savings in US/EU
2020-04-08 11:36:45 -07:00
174f43b1c3
Merge pull request #583 from Cyb3rWard0g/master
...
Update NetworkEndpointCorrelation.yaml
2020-04-08 08:34:19 -07:00
50974c5af0
Update NewUserAgentLast24h.yaml
2020-04-08 16:29:55 +01:00
594a20317f
Update NewUserAgentLast24h.yaml
2020-04-08 16:29:01 +01:00
d4e5b4632d
Move logic to existing detection
2020-04-08 16:28:05 +01:00
b6e66be9cf
Update MultipleFailedFollowedBySuccess.yaml
2020-04-08 14:59:30 +01:00
e75666c3dc
add event analyzer preview files
2020-04-08 12:06:33 +03:00
055520bc10
remove file
2020-04-08 12:05:42 +03:00
f6456f2c26
remove file
2020-04-08 12:05:22 +03:00
morshabi
Matt Lowe
dicolanl
jross1012
Pete Bryan
Kevin Sheldrake
robeving
alonalcide
Robert Kitching
Kevin Sheldrake
Ross Bevington
Jan Marek
Yaniv Shasha
shainw
Shain Wray (MSTIC)
Ajeet Prakash (MSTIC)
baselsalam
robMSFT
Ashwin Patil