8c781873ff
Deleted Prerequisites
2022-03-09 22:13:09 -08:00
80fc70c66b
Merge pull request #4370 from sreedharande/master
...
Archival Tool Bug fix
2022-03-09 22:11:21 -08:00
6e57d773f0
Updated downloadable package
2022-03-09 21:53:30 -08:00
aa33d3ec2f
Fixed error in Write-Log method
2022-03-09 21:50:12 -08:00
01de214d20
Merge pull request #3677 from ep3p/patch-8
...
Use different time periods in PrivilegedAccountsSigninFailureSpikes.yaml
2022-03-09 15:46:04 -08:00
13a07f2282
Merge pull request #3978 from ep3p/patch-18
...
Fix conditions in UnusualGuestActivity.yaml
2022-03-09 07:36:05 -08:00
21ce344c92
Merge branch 'master' into patch-18
2022-03-09 07:27:28 -08:00
5c91cbd775
Update ASimTester.csv
2022-03-09 16:27:18 +02:00
96245e4d59
Merge pull request #4151 from KustoKing/patch-12
...
Update FirstAppOrServicePrincipalCredential.yaml
2022-03-09 06:04:32 -08:00
c398f38360
Merge pull request #4338 from ThijsLecomte/master
...
Update Table Names
2022-03-09 19:33:43 +05:30
7fce2d9a10
Merge pull request #4345 from thmcelro/tom-bugfix
...
Update AzurePortalSigninfromanotherAzureTenant.yaml
2022-03-09 06:03:21 -08:00
471c3ae542
Merge pull request #4312 from ep3p/patch-5
...
Add PnP Management Shell to UnusualGuestActivity.yaml
2022-03-09 05:58:45 -08:00
b763d4dff3
Update AzurePortalSigninfromanotherAzureTenant.yaml
2022-03-09 05:58:05 -08:00
3710727857
Merge branch 'master' into tom-bugfix
2022-03-09 05:55:54 -08:00
fcc3b530aa
Update SkipValidationsTemplates.json
2022-03-09 19:25:06 +05:30
c7829cf508
Merge pull request #4331 from orshe4/master
...
Fix url on DetectTorRelayConnectivity query
2022-03-09 05:43:03 -08:00
8ad93179c2
Fix windows security events data type ( #4358 )
...
* Update UserAccountEnabledDisabled_10m.yaml
* Update UserCreatedAddedToBuiltinAdmins_1d.yaml
* Update UserCreatedAddedToBuiltinAdmins_1d.yaml
* Update UserAccountEnabledDisabled_10m.yaml
2022-03-09 15:38:46 +02:00
2e486eab6a
Merge pull request #4179 from ep3p/patch-19
...
Update table name in DomainEntity_DnsEvents.yaml
2022-03-09 05:37:26 -08:00
4eee8134ab
Merge pull request #4357 from vpaschalidis/patch-46
...
Create PotentialProcessDoppelganging.yaml
2022-03-09 05:32:08 -08:00
02c08da939
Merge pull request #4359 from vpaschalidis/patch-47
...
Create FileExecutionWithOneCharacterInTheName.yaml
2022-03-09 05:31:23 -08:00
fd29526b97
Create FileExecutionWithOneCharacterInTheName.yaml
2022-03-09 15:24:39 +02:00
f7d287c874
Create PotentialProcessDoppelganging.yaml
...
This query detects Process Doppelganging, a technique that calls several APIs related to NTFS transactions which allow to substitute the PE content before the process is even created.
2022-03-09 15:23:09 +02:00
5e43bca600
Merge pull request #4356 from vpaschalidis/patch-45
...
Delete PotentialProcessDoppelganging.yaml
2022-03-09 05:22:35 -08:00
b55ef04468
Merge pull request #4355 from vpaschalidis/patch-44
...
Delete FileExecutionWithOneCharacterInTheName.yaml
2022-03-09 05:22:10 -08:00
c5dba88b2f
Delete PotentialProcessDoppelganging.yaml
...
This was created accidentally outside of the hunting queries folder.
2022-03-09 15:16:15 +02:00
f3074b4fc4
Delete FileExecutionWithOneCharacterInTheName.yaml
...
This was created accidentally outside of the hunting queries folder.
2022-03-09 15:16:04 +02:00
2364683592
Merge pull request #4217 from vpaschalidis/patch-37
...
Create ScheduledTaskCreationUpdateFromUserWritableDrectory.yaml
2022-03-09 04:47:23 -08:00
a57fb95392
Merge pull request #4160 from vpaschalidis/patch-25
...
Create PotentialProcessDoppelganging.yaml
2022-03-09 04:43:37 -08:00
2e34f2ee7c
Merge pull request #4216 from vpaschalidis/patch-36
...
Create ServiceInstallationFromUsersWritableDirectory.yaml
2022-03-09 04:42:58 -08:00
2b92a27eab
Update ScheduledTaskCreationUpdateFromUserWritableDrectory.yaml
2022-03-09 14:42:02 +02:00
0b2b8944b4
Merge pull request #4106 from vpaschalidis/patch-22
...
Create CredentialDumpingServiceInstallation.yaml
2022-03-09 04:40:42 -08:00
cba779356e
Update PotentialProcessDoppelganging.yaml
2022-03-09 14:37:56 +02:00
cb94315e3b
Merge pull request #4195 from vpaschalidis/patch-31
...
Create DecoyUserAccountAuthenticationAttempt.yaml
2022-03-09 04:34:47 -08:00
265dbf5396
Merge pull request #4192 from vpaschalidis/patch-29
...
Create RemoteScheduledTaskCreationUpdateUsingATSVCNamedPipe.yaml
2022-03-09 04:30:05 -08:00
930242993f
Update DecoyUserAccountAuthenticationAttempt.yaml
2022-03-09 14:28:14 +02:00
952a57b6ba
Merge pull request #4205 from vpaschalidis/patch-32
...
Create FileExecutionWithOneCharacterInTheName.yaml
2022-03-09 04:26:12 -08:00
9c8ec3ba89
Merge pull request #4317 from vpaschalidis/patch-40
...
Update FakeComputerAccountAuthenticationAttempt.yaml
2022-03-09 04:21:48 -08:00
f92b4e871a
Merge pull request #4316 from vpaschalidis/patch-41
...
Update LargeScaleMalwareDeploymentGPOScheduledTask.yaml
2022-03-09 04:21:13 -08:00
1769081638
Merge pull request #4315 from vpaschalidis/patch-42
...
Update MSRPRN_Printer_Bug_Exploitation.yaml
2022-03-09 04:20:37 -08:00
9ec844898e
Merge pull request #4314 from vpaschalidis/patch-43
...
Update RIDHijacking.yaml
2022-03-09 04:19:59 -08:00
fcd2e2d320
Merge pull request #3873 from ep3p/patch-1
...
Add operations in RareOfficeOperations.yaml
2022-03-09 04:14:57 -08:00
79ad1f4506
Merge pull request #4247 from elforb/v-eliforbes/jsonWorkspaceFunctionsAutomation
...
Solution Automation: Enable SavedSearch Inputs
2022-03-09 17:31:44 +05:30
6be769be29
Merge pull request #3607 from ep3p/patch-20
...
Update timeframe & details in SuspiciousServicePrincipalcreationactivity.yaml
2022-03-09 03:59:55 -08:00
5ca82a6103
Merge pull request #4266 from samikroy/patch-4
...
Update AzurePortalSigninfromanotherAzureTenant.yaml to fix #4262
2022-03-09 16:52:12 +05:30
7ad4f1e454
Merge pull request #4267 from samikroy/patch-7
...
Updated SharePointAndOneDrive.json to fix #4245
2022-03-09 16:49:15 +05:30
c7d03fd070
Merge pull request #4353 from Azure/asim/update-deletefunc-texts
...
asim/update-deletefunc-texts
2022-03-09 10:43:54 +02:00
e1be1f9e8f
asim/update-deletefunc-texts
2022-03-09 10:22:47 +02:00
aeaedd6ee7
Merge pull request #4290 from tatecksi/CostWorkbook
...
fixed date order issue in Sentinel benefit chart
2022-03-09 18:55:36 +11:00
8f064cc38f
Merge pull request #4305 from Azure/yf/Tools/FuncDeleteInitial
...
Delete LA saved functions
2022-03-09 09:54:01 +02:00
618701d957
Merge pull request #4351 from Azure/asim/yaml2armV2
...
asim/yaml2armV2
2022-03-09 09:45:43 +02:00
Sreedhar Ande
Sreedhar Ande
Ashwin Patil
aprakash13
Ofer Shezaf
v-rucdu
v-sabiraj
Laith Hisham
Vasileios Paschalidis
Ofer Shezaf
Jeremy Tan