Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
33 247 коммитов 3 464 Ветки 0 Теги 12 GiB
Граф коммитов

36 Коммитов

Автор SHA1 Сообщение Дата
DixitVedanshi 4ead45aed9 Updating versions 2023-05-03 11:40:31 +05:30
DixitVedanshi 758d70b09e KQL Validations for Multiple data sources hunting queries 2023-02-08 11:25:45 +05:30
v-atulyadav 36276802fc Remaining tagging 2022-11-01 18:42:28 +05:30
Tong Zhang 4499b1a92c discard source.name field in contents 2022-10-18 12:48:41 -07:00
Tong Zhang b4ced61c74 update source kind to community with name standalone 2022-10-18 12:13:33 -07:00
Eran Toledano a13f8712bb
Standalone metadata samples (#6149) 
* standalone metadata samples

* fixes

* update metadata schema

* fix ascii character

* fix categories

* update version

Co-authored-by: ertoleda <ertolead@microsoft.com>
 2022-10-12 10:24:24 +05:30
Ashwin Patil f1956267ef replacing deprecated parsejson with parse_json 2021-08-17 12:26:48 -07:00
Pete Bryan b1faf7dc83 DNS to Syslog changes 2021-08-04 15:49:57 -07:00
Pete Bryan a10c26d96c Hunting Query TimeFrame Updates 2021-04-15 17:52:25 -07:00
Pete Bryan caeb9b887b Fixes for IP, User, Process 2020-10-20 17:48:45 -07:00
Ashwin Patil 37c828a345 removed whitespace from Privilege Escalation 2020-07-28 11:32:12 -07:00
Tom Mc 1581bf07ea Changing selection criteria for compatability with Defender alerts 2020-05-20 13:48:51 +01:00
Tom Mc 11edd6b6f8 Remove APSX specific code, replace with extension list 2020-05-20 10:15:20 +01:00
Tom Mc 893dcb2be4 makeset -> make_set 2020-05-20 09:40:00 +01:00
Tom Mc 9b78e0a574 Updated connector ID 
Updated connector ID to MDATP.
 2020-05-19 10:11:08 +01:00
Tom Mc e521524efd Revision to remove ID and Title 
Revised code to remove alert title and ID's, using w3wp as more realible selection creiteria.
 2020-05-18 15:49:41 +01:00
Tom Mc 104d3d3b05 Changes based on feedback from Shain 2020-05-15 14:41:37 +01:00
Tom Mc a143e02314 Switch AlertType over to DisplayName 2020-05-14 10:09:52 +01:00
Tom Mc a2aa03446a MDATP web shell hunting enrichments 
Two queries that enrich MDATP web shell alerts. Covering MDATP alerts for a suspicious file on disk and MDATP alerts for a suspicious command line execution.
 2020-05-12 15:52:33 +01:00
Shain Wray (MSTIC) 014f0e0954 adding in some other entities 2019-09-04 09:10:05 -07:00
Shain Wray (MSTIC) 21356dca56 Changing to yaml and adding entities if available 2019-09-03 13:13:24 -07:00
juliango2100 fbb16d9ef9
Update AlertsWithProcess.txt 2019-08-21 17:41:10 -07:00
juliango2100 577b258a72
Update AlertsWithFile.txt 2019-08-21 17:40:35 -07:00
juliango2100 40fd8456da
Update AlertsOnHost.txt 2019-08-21 17:39:57 -07:00
juliango2100 13ba1cdf02
Update AlertsForUser.txt 2019-08-21 17:39:27 -07:00
juliango2100 b35d9edf45
Update AlertsForIP.txt 2019-08-21 17:38:55 -07:00
juliango2100 26b8164681
Update AlertsWithProcess.txt 2019-08-21 17:33:37 -07:00
juliango2100 65fbb7cccb
Update AlertsWithFile.txt 2019-08-21 17:33:21 -07:00
juliango2100 bc0447e389
Update AlertsOnHost.txt 2019-08-21 17:33:05 -07:00
juliango2100 849b84ce82
Update AlertsForUser.txt 2019-08-21 17:32:52 -07:00
juliango2100 dbb050c2ac
Update AlertsForIP.txt 2019-08-21 17:32:33 -07:00
juliango2100 140a2dc732
Create AlertsWithProcess.txt 2019-08-21 17:28:25 -07:00
juliango2100 0989b2df5b
Create AlertsWithFile.txt 2019-08-21 17:28:06 -07:00
juliango2100 e46fa4fd13
Create AlertsOnHost.txt 2019-08-21 17:27:46 -07:00
juliango2100 2dc2aac24d
Create AlertsForUser.txt 2019-08-21 17:27:28 -07:00
juliango2100 6b8bd8b35d
Create AlertsForIP.txt 2019-08-21 17:27:06 -07:00