Ashwin Patil
f1956267ef
replacing deprecated parsejson with parse_json
2021-08-17 12:26:48 -07:00
Pete Bryan
b1faf7dc83
DNS to Syslog changes
2021-08-04 15:49:57 -07:00
Pete Bryan
a10c26d96c
Hunting Query TimeFrame Updates
2021-04-15 17:52:25 -07:00
Pete Bryan
caeb9b887b
Fixes for IP, User, Process
2020-10-20 17:48:45 -07:00
Ashwin Patil
37c828a345
removed whitespace from Privilege Escalation
2020-07-28 11:32:12 -07:00
Tom Mc
1581bf07ea
Changing selection criteria for compatability with Defender alerts
2020-05-20 13:48:51 +01:00
Tom Mc
11edd6b6f8
Remove APSX specific code, replace with extension list
2020-05-20 10:15:20 +01:00
Tom Mc
893dcb2be4
makeset -> make_set
2020-05-20 09:40:00 +01:00
Tom Mc
9b78e0a574
Updated connector ID
...
Updated connector ID to MDATP.
2020-05-19 10:11:08 +01:00
Tom Mc
e521524efd
Revision to remove ID and Title
...
Revised code to remove alert title and ID's, using w3wp as more realible selection creiteria.
2020-05-18 15:49:41 +01:00
Tom Mc
104d3d3b05
Changes based on feedback from Shain
2020-05-15 14:41:37 +01:00
Tom Mc
a143e02314
Switch AlertType over to DisplayName
2020-05-14 10:09:52 +01:00
Tom Mc
a2aa03446a
MDATP web shell hunting enrichments
...
Two queries that enrich MDATP web shell alerts. Covering MDATP alerts for a suspicious file on disk and MDATP alerts for a suspicious command line execution.
2020-05-12 15:52:33 +01:00
Shain Wray (MSTIC)
014f0e0954
adding in some other entities
2019-09-04 09:10:05 -07:00
Shain Wray (MSTIC)
21356dca56
Changing to yaml and adding entities if available
2019-09-03 13:13:24 -07:00
juliango2100
fbb16d9ef9
Update AlertsWithProcess.txt
2019-08-21 17:41:10 -07:00
juliango2100
577b258a72
Update AlertsWithFile.txt
2019-08-21 17:40:35 -07:00
juliango2100
40fd8456da
Update AlertsOnHost.txt
2019-08-21 17:39:57 -07:00
juliango2100
13ba1cdf02
Update AlertsForUser.txt
2019-08-21 17:39:27 -07:00
juliango2100
b35d9edf45
Update AlertsForIP.txt
2019-08-21 17:38:55 -07:00
juliango2100
26b8164681
Update AlertsWithProcess.txt
2019-08-21 17:33:37 -07:00
juliango2100
65fbb7cccb
Update AlertsWithFile.txt
2019-08-21 17:33:21 -07:00
juliango2100
bc0447e389
Update AlertsOnHost.txt
2019-08-21 17:33:05 -07:00
juliango2100
849b84ce82
Update AlertsForUser.txt
2019-08-21 17:32:52 -07:00
juliango2100
dbb050c2ac
Update AlertsForIP.txt
2019-08-21 17:32:33 -07:00
juliango2100
140a2dc732
Create AlertsWithProcess.txt
2019-08-21 17:28:25 -07:00
juliango2100
0989b2df5b
Create AlertsWithFile.txt
2019-08-21 17:28:06 -07:00
juliango2100
e46fa4fd13
Create AlertsOnHost.txt
2019-08-21 17:27:46 -07:00
juliango2100
2dc2aac24d
Create AlertsForUser.txt
2019-08-21 17:27:28 -07:00
juliango2100
6b8bd8b35d
Create AlertsForIP.txt
2019-08-21 17:27:06 -07:00