Pete Bryan
|
f2c58f181f
|
New NRT Rules Created
|
2022-02-07 15:31:00 -08:00 |
Ofer Shezaf
|
ee97399b42
|
Revert "Revert "Merge branch 'master' of https://github.com/Azure/Azure-Sentinel""
This reverts commit ff69f85224.
|
2022-01-03 16:21:46 +02:00 |
|
Ofer Shezaf
|
ff69f85224
|
Revert "Merge branch 'master' of https://github.com/Azure/Azure-Sentinel"
This reverts commit c929df845a, reversing
changes made to 53e6c92e3e.
|
2022-01-03 16:04:13 +02:00 |
Amit Bergman
|
47c2db8956
|
change to correct data type
|
2021-12-20 15:50:02 +02:00 |
Shain
|
eb74d6e54f
|
Update AzureWAFmatching_log4j_vuln.yaml
version
|
2021-12-16 13:44:17 -08:00 |
Ajeet Prakash (MSTIC)
|
472e8df44d
|
Updating the Regex for the log4j matching to capture more obfuscation scenarios.
|
2021-12-16 13:29:55 -08:00 |
aprakash13
|
37d4a23c17
|
Update AzureWAFmatching_log4j_vuln.yaml
Updating query to make changes to DecodedCmdLine field so that it is not empty.
|
2021-12-13 10:39:05 -08:00 |
|
aprakash13
|
9298a215fc
|
Update AzureWAFmatching_log4j_vuln.yaml
Adding details_message_s, details_file_s to showcase on what Pattern matching ruleset the WAF is triggering on.
|
2021-12-13 09:07:15 -08:00 |
|
aprakash13
|
20fc5bb552
|
Update AzureWAFmatching_log4j_vuln.yaml
|
2021-12-13 02:41:58 -08:00 |
|
Ajeet Prakash (MSTIC)
|
21674ae4b5
|
Detection query for a positive pattern match by Azure WAF for CVE-2021-44228 log4j vulnerability exploitation attempt.
|
2021-12-13 02:35:42 -08:00 |
Shain Wray (MSTIC)
|
06ab04eab6
|
forgot to update version.
|
2021-11-21 21:38:06 -08:00 |
|
Shain Wray (MSTIC)
|
2ca1945406
|
updating the connector values
|
2021-11-21 21:33:13 -08:00 |
ShaniFelig
|
afe1ba6969
|
add Scheduled kind to all exisitng templates (solutions + detections)
|
2021-10-19 16:51:50 +03:00 |
|
Shain
|
9e6ea56028
|
Merge pull request #3172 from Azure/shainw-ARG1
Update KeyvaultMassSecretRetrieval.yaml
|
2021-10-05 06:39:05 -07:00 |
|
Shain
|
ddfb3c9fd6
|
Update TimeSeriesKeyvaultAccessAnomaly.yaml
|
2021-10-05 06:23:37 -07:00 |
|
Shain
|
e730386a90
|
Update KeyvaultMassSecretRetrieval.yaml
Fixing name
|
2021-10-05 06:22:49 -07:00 |
|
aprakash13
|
7d45b74982
|
Update TimeSeriesKeyvaultAccessAnomaly.yaml
|
2021-10-04 16:25:32 -07:00 |
|
aprakash13
|
6b98c045e0
|
Update KeyvaultMassSecretRetrieval.yaml
changing whitelist to AllowedAppid and adding comments related to it.
|
2021-10-04 16:23:50 -07:00 |
|
aprakash13
|
4673e5ed5e
|
Update TimeSeriesKeyvaultAccessAnomaly.yaml
|
2021-10-04 11:38:26 -07:00 |
|
aprakash13
|
1795275188
|
Update KeyvaultMassSecretRetrieval.yaml
Updating Version
|
2021-10-04 11:38:08 -07:00 |
|
Ajeet Prakash (MSTIC)
|
f37c4fec51
|
Updating Whitelistedappid filter
|
2021-10-04 11:30:49 -07:00 |
|
ShaniFelig
|
236af239c5
|
adding kind property to exisitng templates
|
2021-09-29 15:22:39 +03:00 |
|
Amit Bergman
|
f63fc0ed91
|
changes
|
2021-05-11 08:52:54 +03:00 |
|
Amit Bergman
|
4eb9ad07b1
|
changes
|
2021-05-10 15:54:50 +03:00 |
Amit Bergman
|
97bea7f798
|
fix the tune generated issue
|
2021-02-22 15:08:44 +02:00 |
|
Shain
|
39d5a95883
|
Merge pull request #1590 from Azure/shainw-connectorFix
updating connector value in template
|
2021-01-19 21:37:02 -08:00 |
|
Shain Wray (MSTIC)
|
df4b8c04d9
|
updating PR with additional change
|
2021-01-19 21:30:46 -08:00 |
|
Shain
|
84beb77a00
|
Update TimeSeriesKeyvaultAccessAnomaly.yaml
|
2021-01-15 16:44:26 -08:00 |
|
Shain Wray (MSTIC)
|
504cc966fb
|
updating connector value in template
|
2021-01-15 16:29:02 -08:00 |
pemontto
|
c4fbf0750a
|
🐛 Remove NBSPs where they break API interaction
|
2020-12-11 12:57:34 +00:00 |
|
Shain
|
a75f2aca0b
|
Merge pull request #1418 from Azure/timeseries-fixes
Timeseries Performance fixes
|
2020-12-09 12:06:01 -08:00 |
|
Shain
|
48c5a50f70
|
Merge pull request #1339 from pemontto/remove-BOM
Remove inconsistent BOMs from detections
|
2020-12-07 09:07:51 -08:00 |
Ashwin Patil
|
0747252b2d
|
perf fix to run at scale
|
2020-12-07 07:11:21 -08:00 |
|
Ashwin Patil
|
e77f0e931f
|
added timecheck to trigger only recent alerts
|
2020-12-03 16:34:57 -08:00 |
|
Ashwin Patil
|
4e40b106db
|
doclink and unusued KQL fixes
|
2020-12-02 18:52:36 -08:00 |
|
Ashwin Patil
|
0d8ab7fca3
|
fix for Keyvault
|
2020-12-02 18:46:40 -08:00 |
|
Shain
|
7f267d4132
|
Merge pull request #1341 from Azure/shainw-removeKeyDecrypt
Update KeyVaultSensitiveOperations.yaml
|
2020-12-01 18:23:54 -08:00 |
|
Shain
|
30d61e126d
|
Merge pull request #1318 from vaniMSTIC/vaasawa-mstic
Create MaliciousWAFSessions.yaml
|
2020-11-23 07:48:17 -08:00 |
vaniMSTIC
|
d47acc4e96
|
Update MaliciousWAFSessions.yaml
Shain's feedback #2
|
2020-11-23 11:09:51 +00:00 |
|
vaniMSTIC
|
eed743d86a
|
Update MaliciousWAFSessions.yaml
- Change timeStamp_t to TimeGenerated
- Send email to Shain regarding creation of customer schema template
|
2020-11-20 10:34:08 +00:00 |
|
Shain
|
d74233ae34
|
Update KeyVaultSensitiveOperations.yaml
Removing KeyDecrypt, this replaces only this portion from PR #1262 which we are closing as other changes are not required.
|
2020-11-19 12:47:33 -08:00 |
|
pemontto
|
fa85e7f722
|
Remove inconsistent BOMs from detections
|
2020-11-19 16:57:39 +00:00 |
laithhisham
|
9f0fa91b90
|
Feature/lahisham/migrate scheduled templates to new entity mapping (#1319)
* migrate scheduled templates to new entity mapping model
* add validation for missing new entity mappings
|
2020-11-17 17:27:25 +02:00 |
|
vaniMSTIC
|
64123da594
|
Update MaliciousWAFSessions.yaml
Shain's feedback
|
2020-11-17 12:30:43 +00:00 |
|
vaniMSTIC
|
52a8be5ab5
|
Update MaliciousWAFSessions.yaml
Changing severity
|
2020-11-16 16:57:22 +00:00 |
|
vaniMSTIC
|
80d79a7631
|
Create MaliciousWAFSessions.yaml
|
2020-11-16 13:56:15 +00:00 |
|
Ashwin Patil
|
578920a191
|
corrected connnector for Keyvault
|
2020-09-09 11:25:14 -07:00 |
|
Ashwin Patil
|
c380f16aab
|
fixing typos
|
2020-07-14 19:08:37 -07:00 |
|
Ashwin Patil
|
deabc28a01
|
detection for AAD Privileged groups
|
2020-07-14 18:14:57 -07:00 |
|
Ashwin Patil
|
3a170d5b77
|
updated description on tuning notes
|
2020-07-10 15:09:47 -07:00 |