Граф коммитов

30 Коммитов

Автор SHA1 Сообщение Дата
Ashwin Patil f1956267ef replacing deprecated parsejson with parse_json 2021-08-17 12:26:48 -07:00
Pete Bryan b1faf7dc83 DNS to Syslog changes 2021-08-04 15:49:57 -07:00
Pete Bryan a10c26d96c Hunting Query TimeFrame Updates 2021-04-15 17:52:25 -07:00
Pete Bryan caeb9b887b Fixes for IP, User, Process 2020-10-20 17:48:45 -07:00
Ashwin Patil 37c828a345 removed whitespace from Privilege Escalation 2020-07-28 11:32:12 -07:00
Tom Mc 1581bf07ea Changing selection criteria for compatability with Defender alerts 2020-05-20 13:48:51 +01:00
Tom Mc 11edd6b6f8 Remove APSX specific code, replace with extension list 2020-05-20 10:15:20 +01:00
Tom Mc 893dcb2be4 makeset -> make_set 2020-05-20 09:40:00 +01:00
Tom Mc 9b78e0a574 Updated connector ID
Updated connector ID to MDATP.
2020-05-19 10:11:08 +01:00
Tom Mc e521524efd Revision to remove ID and Title
Revised code to remove alert title and ID's, using w3wp as more realible selection creiteria.
2020-05-18 15:49:41 +01:00
Tom Mc 104d3d3b05 Changes based on feedback from Shain 2020-05-15 14:41:37 +01:00
Tom Mc a143e02314 Switch AlertType over to DisplayName 2020-05-14 10:09:52 +01:00
Tom Mc a2aa03446a MDATP web shell hunting enrichments
Two queries that enrich MDATP web shell alerts. Covering MDATP alerts for a suspicious file on disk and MDATP alerts for a suspicious command line execution.
2020-05-12 15:52:33 +01:00
Shain Wray (MSTIC) 014f0e0954 adding in some other entities 2019-09-04 09:10:05 -07:00
Shain Wray (MSTIC) 21356dca56 Changing to yaml and adding entities if available 2019-09-03 13:13:24 -07:00
juliango2100 fbb16d9ef9
Update AlertsWithProcess.txt 2019-08-21 17:41:10 -07:00
juliango2100 577b258a72
Update AlertsWithFile.txt 2019-08-21 17:40:35 -07:00
juliango2100 40fd8456da
Update AlertsOnHost.txt 2019-08-21 17:39:57 -07:00
juliango2100 13ba1cdf02
Update AlertsForUser.txt 2019-08-21 17:39:27 -07:00
juliango2100 b35d9edf45
Update AlertsForIP.txt 2019-08-21 17:38:55 -07:00
juliango2100 26b8164681
Update AlertsWithProcess.txt 2019-08-21 17:33:37 -07:00
juliango2100 65fbb7cccb
Update AlertsWithFile.txt 2019-08-21 17:33:21 -07:00
juliango2100 bc0447e389
Update AlertsOnHost.txt 2019-08-21 17:33:05 -07:00
juliango2100 849b84ce82
Update AlertsForUser.txt 2019-08-21 17:32:52 -07:00
juliango2100 dbb050c2ac
Update AlertsForIP.txt 2019-08-21 17:32:33 -07:00
juliango2100 140a2dc732
Create AlertsWithProcess.txt 2019-08-21 17:28:25 -07:00
juliango2100 0989b2df5b
Create AlertsWithFile.txt 2019-08-21 17:28:06 -07:00
juliango2100 e46fa4fd13
Create AlertsOnHost.txt 2019-08-21 17:27:46 -07:00
juliango2100 2dc2aac24d
Create AlertsForUser.txt 2019-08-21 17:27:28 -07:00
juliango2100 6b8bd8b35d
Create AlertsForIP.txt 2019-08-21 17:27:06 -07:00