Azure-Sentinel

Граф коммитов

Автор	SHA1	Сообщение	Дата
aprakash13	bc3a62616f	Merge pull request #4783 from iotmaker1/patch-1 Update OperationNameValue comparison operator	2022-05-11 04:56:19 -07:00
Shain	a2e89da3c5	Fixing missing day due to midtime usage	2022-05-09 16:02:13 -07:00
Ashwin Patil	e90585c7e6	changes and fixes	2022-05-09 13:12:50 -07:00
Ashwin Patil	bd790567bd	fixes	2022-05-09 09:00:49 -07:00
Ashwin Patil	c1be3d6096	adding new query	2022-05-09 08:52:24 -07:00
aprakash13	fd750efdda	Merge pull request #4712 from Azure/4R9UN--Private-Ip-Address-exclusion Update GitLab_MaliciousIP.yaml	2022-05-04 14:53:12 -07:00
iotmaker1	f0540ea901	Update OperationNameValue comparison operator The OperationNameValue is sometimes mixed lower and uppercase. The lower case value drastically limits the number of results and overlooks the mixed case values of "Microsoft.Storage/storageAccounts/listKeys/action". Using the =~ operator accommodates the mixed case values.	2022-05-04 09:39:20 -04:00
Jose Sebastián Canós	ff70b34d80	Update CrossServiceADXQueries.yaml	2022-04-27 16:30:34 +02:00
Jose Sebastián Canós	fcbe6dd4db	Create CrossServiceADXQueries.yaml	2022-04-27 15:37:07 +02:00
Arjun Trivedi	f978258005	Update SuspectedProxyTokenExploitation.yaml Exclude local addresses, using the ipv4_is_private operator	2022-04-26 14:38:49 +05:30
Arjun Trivedi	bca4d5f234	Update ExchangeServerProxyLogonURI.yaml Exclude local addresses, using the ipv4_is_private operator	2022-04-26 14:37:54 +05:30
Arjun Trivedi	e8b79a46b7	Update SuspectedMailBoxExportHostonOWA.yaml Exclude local addresses, using the ipv4_is_private operator	2022-04-26 14:36:50 +05:30
Arjun Trivedi	d1c6d1506b	Update WebShellActivity.yaml Exclude local addresses, using the ipv4_is_private operator	2022-04-26 14:22:02 +05:30
Arjun Trivedi	c91a3881e5	Update ClientIPwithManyUserAgents.yaml Exclude local addresses, using the ipv4_is_private operator	2022-04-26 12:46:40 +05:30
Arjun Trivedi	6374cd17e4	Update RareUserAgentStrings.yaml //Exclude local addresses, using the ipv4_is_private operator	2022-04-26 12:43:16 +05:30
Arjun Trivedi	a4576d2a26	Update WebShellActivity.yaml Excluded local addresses using ipv4_is_private operator	2022-04-26 12:39:42 +05:30
Pete Bryan	e0ab43423b	Merge pull request #4409 from ep3p/patch-11 Fix RuleName field in Mail_redirect_via_ExO_transport_rule_hunting.yaml	2022-04-22 14:11:46 -07:00
aprakash13	78f45f5f8f	Merge pull request #4190 from BlackB0lt/patch-1 Create print-pooler-service-suspicious-file-creation.yaml	2022-04-22 06:47:25 -07:00
Sittikorn S	22a7e61076	Update print-pooler-service-suspicious-file-creation.yaml Add relevantTechniques	2022-04-22 20:39:44 +07:00
Sittikorn S	634bce2b37	Update print-pooler-service-suspicious-file-creation.yaml Change Connectors to MicrosoftThreatProtection	2022-04-22 20:33:53 +07:00
aprakash13	4f2ae77344	Merge pull request #4635 from Kyle-Yuasa/kyle-yuasa/officeactivity-query-tuning Kyle yuasa/officeactivity query tuning	2022-04-22 05:54:12 -07:00
aprakash13	f816142728	Merge pull request #4637 from mjmelone/patch-2 Created detect-uac-elevation query	2022-04-21 23:10:25 -07:00
v-sabiraj	78c6b16dc0	Update AzureVirtualNetworkSubnets_AdministrativeOperationset.yaml	2022-04-19 16:36:10 +05:30
Jose Sebastián Canós	12cd252783	Project Original Parameters	2022-04-18 16:00:57 +02:00
Jose Sebastián Canós	a3c3543abe	Simplify	2022-04-18 15:59:05 +02:00
Jose Sebastián Canós	82558cc22d	Formatting	2022-04-16 00:54:52 +02:00
Michael Melone	bb05bdc65f	Created detect-uac-elevation query	2022-04-13 16:28:12 -04:00
Kyle Yuasa	1a2de8f6b8	Updating data connectors	2022-04-13 10:08:35 -07:00
Kyle Yuasa	80c138f243	Revert to original names and 14d lookback	2022-04-13 09:49:38 -07:00
Kyle Yuasa	985169fd0c	Merge branch 'master' into kyle-yuasa/officeactivity-query-tuning	2022-04-13 09:35:39 -07:00
aprakash13	2a4a2828d3	Merge pull request #4196 from mjmelone/patch-1 Created web content filtering events query	2022-04-12 05:54:31 -07:00
Ashwin Patil	2c02ec95b3	Merge branch 'master' into ashwin/nwbeacon	2022-04-06 13:43:25 -07:00
Michael Melone	ec8dd79a08	Updated per comments	2022-04-06 14:04:25 -04:00
Kyle Yuasa	e18118be75	Enrich sharepoint queries using blocked ip history	2022-04-05 13:50:57 -07:00
Ajeet Prakash (MSTIC)	7683f1f965	Updated queries as per suggestions from Shain.	2022-04-05 11:02:20 -07:00
aprakash13	65a66d758d	Update SpringshellWebshellUsage.yaml Adding .jsp?cmd= to the query logic.	2022-04-05 08:36:14 -07:00
Ajeet Prakash (MSTIC)	2f4ed304cb	Queries related to CVE-2022-22965 SpringShell	2022-04-05 06:55:57 -07:00
gitj121	eae3c184f0	Adding with changes	2022-03-31 16:38:02 -07:00
gitj121	3917c01be5	Adding for review	2022-03-31 13:41:22 -07:00
Ashwin Patil	d99c47da6c	Merge pull request #4529 from Azure/shainw-MultiDS_Fixes Fixing rename of count operation	2022-03-29 18:14:36 -07:00
Shain	38c259f3af	Fixing rename of count operation	2022-03-29 18:07:18 -07:00
Shain	3936691170	Changing _SubscriptionId to SubscriptionId as schema was updated awhile back. These still run, but we need to be using the update field name.	2022-03-29 16:24:50 -07:00
aprakash13	067195bd89	Merge pull request #4506 from thmcelro/advanced-hunting-tom AAD Sentinel Hunting Queries	2022-03-25 10:15:20 -07:00
Thomas McElroy	1e477d0045	Update riskSignInWithDeviceRegistration.yaml Removing stray quotation marks that carry from JSON object.	2022-03-25 16:34:37 +00:00
Thomas McElroy	e7e45a4e99	Initial commit - Creating new hunting queries	2022-03-25 14:31:42 +00:00
Shain	46bc50d331	Merge pull request #4497 from Azure/ashwin/msrc-blog Ashwin/msrc blog	2022-03-24 11:25:25 -07:00
Ashwin Patil	398b824fb8	yaml indentation and kql fixes	2022-03-24 11:05:02 -07:00
Ashwin Patil	4b16a7c3fc	moved to detection	2022-03-24 10:37:54 -07:00
Ashwin Patil	a708dfc169	fixing timestamp	2022-03-24 10:21:34 -07:00
Ashwin Patil	1a4b23cfce	changes in query	2022-03-24 10:19:25 -07:00

1 2 3 4 5 ...

1494 Коммитов