yaelrbergman
|
ececfc6148
|
Added connectorId: WindowsForwardedEvents
|
2022-03-16 10:00:01 +02:00 |
|
yaelrbergman
|
955d1650f7
|
Account and where changes
|
2022-03-01 15:04:38 +02:00 |
|
yaelrbergman
|
c90fba6a83
|
PotentialMicrosoftSecurityServicesTampering
|
2022-02-22 14:11:33 +02:00 |
Pete Bryan
|
a10c26d96c
|
Hunting Query TimeFrame Updates
|
2021-04-15 17:52:25 -07:00 |
Shain Wray (MSTIC)
|
a7194fafad
|
capitalize for consistency
|
2021-03-04 10:54:36 -08:00 |
|
Shain Wray (MSTIC)
|
9c4c4d4566
|
adding updated tag
|
2021-03-04 10:49:23 -08:00 |
Ajeet Prakash (MSTIC)
|
3ce9f3333f
|
Updated Security Event section of the query which had CreatedProcessCommandLine to CommandLine.
|
2021-01-20 11:13:23 -08:00 |
|
Shain Wray (MSTIC)
|
8638af13e5
|
Merge branch 'master' into Updating_Tampering
|
2021-01-19 22:47:39 -08:00 |
|
Ajeet Prakash (MSTIC)
|
11be96471c
|
Updating the Microsoft Defender tampering query to also include AATP as well as disabling services by modification of registry entry by changing the service start type to 4
|
2021-01-11 14:27:01 -08:00 |