a02403e37d
Merge pull request #5165 from BlackB0lt/patch-6
...
New Hunting - Spawning MSDT process
2022-06-13 18:15:09 -07:00
7fcd6623ad
Merge pull request #5004 from BlackB0lt/patch-4
...
New Campaign - BPFDoor
2022-06-13 17:58:03 -07:00
02dc3a90be
Update CVE-2022-26134-Confluence.yaml
2022-06-10 15:48:38 -07:00
1df1e4f31e
Create CVE-2022-26134-Confluence.yaml
2022-06-10 15:25:09 -07:00
35364def51
Merge pull request #4883 from BlackB0lt/patch-2
...
New Detection - KrbRelayUp Tool
2022-06-10 13:13:12 -07:00
c71e501f69
Merge pull request #5009 from BlackB0lt/patch-5
...
New Hunting - VMWare-LPE-2022-22960 Exploit
2022-06-10 13:06:17 -07:00
476f923f40
Merge pull request #5273 from ep3p/patch-6
...
Fix mistake in CrossServiceADXQueries.yaml
2022-06-10 12:58:40 -07:00
cf04dcf6a9
Merge pull request #4780 from bracherp/patch-2
...
Create Endpoint Linux Agent Health Status Report
2022-06-10 01:36:22 -07:00
c2fa1a8c11
Merge pull request #4915 from bracherp/patch-3
...
Create Endpoint Linux AV Signature and Platform Versions
2022-06-10 01:34:11 -07:00
98e8e0846f
Update CrossServiceADXQueries.yaml
2022-06-10 09:55:36 +02:00
56cdb31e2b
Update Endpoint Linux Agent Health Status Report
...
Update Changes
2022-06-08 13:07:13 -04:00
e63320ef9a
Update Endpoint Linux AV Signature and Platform Versions
2022-06-08 12:56:42 -04:00
da5a0a74b9
Update Endpoint Linux AV Signature and Platform Versions
...
I add the changes recommended
2022-06-08 12:55:35 -04:00
6577e2c4d2
Merge pull request #5198 from thmcelro/tom-new-queries
...
POLONIUM Queries
2022-06-02 08:03:58 -07:00
7ff901179b
Adding outputs
2022-06-02 15:40:00 +01:00
369e23bf0b
Fixing indentation error
2022-06-02 15:14:44 +01:00
5dc8a6741c
New Queries
...
Comitting new queries to branch
2022-05-31 15:31:27 +01:00
321f95a111
Revert "Package Creation for Syslog-- DO NOT MERGE AS 1P" ( #5140 )
...
* Revert "Package Creation for Syslog-- DO NOT MERGE AS 1P"
* Updated the workbook
Co-authored-by: v-spadarthi <101796244+v-spadarthi@users.noreply.github.com>
2022-05-31 12:36:05 +05:30
ed3c49de99
Update and rename detect-office-apps-spawn-msdt-CVE-2022-30190,yaml to detect-office-apps-spawn-msdt-CVE-2022-30190.yaml
2022-05-31 12:34:12 +07:00
6565a6f230
New Hunting - Spawning MSDT process
2022-05-31 12:29:33 +07:00
6744a2eed2
Merge pull request #5059 from Azure/v-spadarthi-PackagingCreation-Syslog
...
Package Creation for Syslog-- DO NOT MERGE AS 1P
2022-05-26 01:01:40 +05:30
0033d0ab0d
Fixing Account entity map for AADUserId
2022-05-23 10:36:07 -07:00
7960248dc9
Package Creation done for Syslog
2022-05-23 16:44:18 +05:30
69b076e40e
typo fix on UserPrincipalName
2022-05-21 08:03:39 -07:00
8ab766f151
Fixing typos
2022-05-20 17:34:53 -07:00
2229646bff
Adding additional entity outputs as needed by other tooling and to support future automap of entities similar to Detections
2022-05-20 15:23:48 -07:00
957f04ac88
Create VMWare-LPE-2022-22960.yaml
2022-05-19 19:16:30 +07:00
6a6285f3e0
Update redmenshen-bpfdoor-backdoor.yaml
2022-05-19 19:14:55 +07:00
c9e7755ad0
New Campaign - BPFDoor
2022-05-19 16:28:51 +07:00
3442ac3da7
Create Endpoint Linux AV Signature and Platform Versions
...
This query will identify the Microsoft Defender Antivirus Engine version and Microsoft Defender Antivirus Security Intelligence version for Linux Servers.
2022-05-12 16:45:46 -04:00
34db95c11b
Update Endpoint Linux Agent Health Status Report
2022-05-12 13:05:06 -04:00
f18bd1bbdd
Update Endpoint Linux Agent Health Status Report
2022-05-12 13:01:27 -04:00
57faeee943
Update KrbRelayUpServiceCreation
...
Edit MaliciousService
2022-05-11 20:21:18 +07:00
f1ee09c879
New Detection - KrbRelayUp Tool
...
Required items, please complete
Change(s):
Create New rule to detect service creation from KrbRelayUp tool
Reason for Change(s):
New rule to detect service creation from KrbRelayUp tool
Version Updated: 1.0
Required only for Detections/Analytic Rule templates
Testing Completed:
Tested on event with sigma rule
Checked that the validations are passing and have addressed any issues that are present:
See guidance below
References: https://github.com/Dec0ne/KrbRelayUp
2022-05-11 19:03:04 +07:00
bc3a62616f
Merge pull request #4783 from iotmaker1/patch-1
...
Update OperationNameValue comparison operator
2022-05-11 04:56:19 -07:00
a2e89da3c5
Fixing missing day due to midtime usage
2022-05-09 16:02:13 -07:00
e90585c7e6
changes and fixes
2022-05-09 13:12:50 -07:00
bd790567bd
fixes
2022-05-09 09:00:49 -07:00
c1be3d6096
adding new query
2022-05-09 08:52:24 -07:00
fd750efdda
Merge pull request #4712 from Azure/4R9UN--Private-Ip-Address-exclusion
...
Update GitLab_MaliciousIP.yaml
2022-05-04 14:53:12 -07:00
f0540ea901
Update OperationNameValue comparison operator
...
The OperationNameValue is sometimes mixed lower and uppercase. The lower case value drastically limits the number of results and overlooks the mixed case values of "Microsoft.Storage/storageAccounts/listKeys/action". Using the =~ operator accommodates the mixed case values.
2022-05-04 09:39:20 -04:00
67dabda02c
Create Endpoint Linux Agent Health Status Report
2022-05-03 17:32:18 -04:00
ff70b34d80
Update CrossServiceADXQueries.yaml
2022-04-27 16:30:34 +02:00
fcbe6dd4db
Create CrossServiceADXQueries.yaml
2022-04-27 15:37:07 +02:00
f978258005
Update SuspectedProxyTokenExploitation.yaml
...
Exclude local addresses, using the ipv4_is_private operator
2022-04-26 14:38:49 +05:30
bca4d5f234
Update ExchangeServerProxyLogonURI.yaml
...
Exclude local addresses, using the ipv4_is_private operator
2022-04-26 14:37:54 +05:30
e8b79a46b7
Update SuspectedMailBoxExportHostonOWA.yaml
...
Exclude local addresses, using the ipv4_is_private operator
2022-04-26 14:36:50 +05:30
d1c6d1506b
Update WebShellActivity.yaml
...
Exclude local addresses, using the ipv4_is_private operator
2022-04-26 14:22:02 +05:30
c91a3881e5
Update ClientIPwithManyUserAgents.yaml
...
Exclude local addresses, using the ipv4_is_private operator
2022-04-26 12:46:40 +05:30
6374cd17e4
Update RareUserAgentStrings.yaml
...
//Exclude local addresses, using the ipv4_is_private operator
2022-04-26 12:43:16 +05:30
aprakash13
Justin C
Jose Sebastián Canós
Phillip Bracher
Shain
Thomas McElroy
Anki Narravula
Sittikorn S
v-spadarthi
Ashwin Patil
iotmaker1
Arjun Trivedi