Shain
|
f1f7773c90
|
Merge pull request #1991 from thmcelro/Tom-Exchange-Queries
Tom exchange queries
|
2021-03-25 09:53:43 -07:00 |
Thomas McElroy
|
23a552b3c7
|
Updates
- Move query to correct folder
- Adding required connectors
|
2021-03-25 16:42:44 +00:00 |
v-ampami
|
ab93f51c34
|
Moving Parser, Hunting queries, Analytic rules to solution
|
2021-03-25 12:29:28 +05:30 |
|
Shain
|
eb4792cb5a
|
Merge pull request #1956 from Azure/PersistViaIFEO
Submit Persist via IFEO query
|
2021-03-24 21:53:07 -07:00 |
|
Shain
|
b84090e0fb
|
Merge pull request #1900 from socprime/box_rules_and_queries
Box workbook and rules
|
2021-03-24 21:51:38 -07:00 |
v-maudan
|
b55cb5b4ce
|
Merge branch 'master' into v-maudan/SlackAudit_To_Solution
|
2021-03-24 18:23:49 +05:30 |
Vitalii Uslystyi
|
93ee4622f1
|
Merge branch 'master' into box_rules_and_queries
|
2021-03-24 11:37:41 +02:00 |
|
Vitalii Uslystyi
|
54ac3d60b1
|
box - updated rules and queries
|
2021-03-24 11:06:09 +02:00 |
|
v-maudan
|
fd46d31984
|
Move SlackAudit to solution folder
|
2021-03-24 13:46:54 +05:30 |
|
v-ampami
|
11042d5df8
|
Moved Hunting queries, Parsers, Analytic rules to solution
|
2021-03-24 13:22:08 +05:30 |
|
Shain
|
b9aa367752
|
Merge pull request #1986 from Azure/shainw-huntformatUpd3
adding entities and fixing up some mappings
|
2021-03-23 20:48:58 -07:00 |
|
Shain
|
d0202b7a52
|
Merge pull request #1985 from Azure/shainw-huntformatUpd2
adding in entities and fixing up some queries.
|
2021-03-23 20:48:48 -07:00 |
|
Shain
|
d43e0a60da
|
Merge pull request #1984 from Azure/shainw-huntFormatUpd
updating entity mappings and descriptions to fix some characters that…
|
2021-03-23 20:47:20 -07:00 |
|
Shain
|
227614b88f
|
Merge pull request #1796 from socprime/SlackAuditConnector
SlackAudit: dataconnector+workbook
|
2021-03-23 20:40:58 -07:00 |
|
Shain
|
6741ab7e8a
|
Merge pull request #1801 from socprime/oracle_db_audit_rules_and_queries
Add Oracle DB Audit Parser and Rules
|
2021-03-23 20:33:23 -07:00 |
|
Vitalii Uslystyi
|
b8f5ab7509
|
oracle db audit - fixed hunting queries
|
2021-03-23 16:39:13 +02:00 |
|
v-maudan
|
bb38955d92
|
moving McAfeeePO parser,detection, hunting queries to solution folder
|
2021-03-23 11:18:30 +05:30 |
v-jayakal
|
66b39e221e
|
Merge pull request #1799 from socprime/mcafeeepo_parser_and_rules
McAfeeePO Parser and Rules
|
2021-03-22 22:19:03 -07:00 |
Alex Verbniak
|
749f8bfe2a
|
Merge branch 'SlackAuditConnector' of github.com:socprime/Azure-Sentinel into SlackAuditConnector
|
2021-03-22 16:37:38 +02:00 |
|
Alex Verbniak
|
716230bfc3
|
SlackAudit:rules and queries updates
|
2021-03-22 16:36:58 +02:00 |
|
Thomas McElroy
|
65ddf104c5
|
Typo and bugfix
|
2021-03-22 12:42:17 +00:00 |
|
Thomas McElroy
|
729bdc58fb
|
Hunting queries for Exchange activity
Hunting queries to detect ProxyLogon and other web exploitation activity.
|
2021-03-22 12:36:26 +00:00 |
|
Shain Wray (MSTIC)
|
605d3f044e
|
Adding in timeframe to support other features
|
2021-03-21 20:27:29 -07:00 |
|
Shain Wray (MSTIC)
|
7e233ecc7c
|
adding in timegenerated and using has
|
2021-03-21 19:53:36 -07:00 |
|
Shain Wray (MSTIC)
|
d46434afcf
|
fixing broken time check
|
2021-03-21 13:08:33 -07:00 |
|
Shain Wray (MSTIC)
|
48e705181e
|
adding entities and fixing up some mappings
|
2021-03-21 12:36:33 -07:00 |
|
Shain Wray (MSTIC)
|
bffde1fcb0
|
adding in entities and fixing up some queries.
|
2021-03-21 12:11:46 -07:00 |
|
Shain Wray (MSTIC)
|
68662f4613
|
updating entity mappings and descriptions to fix some characters that may cause issue on import to other tooling.
|
2021-03-21 11:42:36 -07:00 |
Jannie Li
|
a19589113c
|
remove timeframe
|
2021-03-18 15:27:39 -04:00 |
|
Vitalii Uslystyi
|
b708b6f4d7
|
oracle db audit - updated queries
|
2021-03-18 15:43:37 +02:00 |
|
Vitalii Uslystyi
|
86ada1af49
|
box - updated rules and queries
|
2021-03-18 15:38:41 +02:00 |
|
Vitalii Uslystyi
|
d932b33adb
|
Merge branch 'box_rules_and_queries' of github.com:socprime/Azure-Sentinel into box_rules_and_queries
|
2021-03-18 15:11:22 +02:00 |
|
Vitalii Uslystyi
|
bfb237225d
|
box - updated queries
|
2021-03-18 15:03:24 +02:00 |
|
Vitalii Uslystyi
|
77fab9538d
|
McAfeeEPO - updated queries
|
2021-03-18 14:45:55 +02:00 |
|
v-maudan
|
26e7efa928
|
Moving cisco umbrella to solution folder
|
2021-03-17 23:05:39 -07:00 |
|
Shain
|
f681d42dfb
|
Merge pull request #1803 from Azure/cisccoumbrella-missingconnectors
update missing connectors and missing techniques for CiscoUmbrella
|
2021-03-17 19:53:39 -07:00 |
|
Jannie Li
|
f5933d9035
|
fix yaml file error
|
2021-03-17 02:03:09 -04:00 |
|
Jannie Li
|
5cf4c942a8
|
fix query error
|
2021-03-17 01:59:43 -04:00 |
|
Jannie Li
|
e1472eed59
|
submit initial draft
|
2021-03-17 01:54:59 -04:00 |
v-rucdu
|
ee02cae67b
|
Merge branch 'master' into SlackAuditConnector
|
2021-03-16 10:27:24 +05:30 |
vu-socprime
|
9bf2d185de
|
Merge branch 'master' into box_rules_and_queries
|
2021-03-11 17:29:10 +02:00 |
|
Shain
|
83ae7d405f
|
Merge pull request #1802 from Azure/shainw-fixuphunt
Moving Teams queries out of folder and removing duplicates, plus mapp…
|
2021-03-09 10:25:34 -08:00 |
|
Alex Verbniak
|
25dc3f9166
|
SlackAudit:rules and parser changes
|
2021-03-09 17:55:51 +02:00 |
Sergiy Prystaiko
|
be31971129
|
Box - add rules and queries
|
2021-03-09 17:22:09 +02:00 |
|
Sergiy Prystaiko
|
2b0ae495e1
|
McAfeeEPO - updated rules and queries
|
2021-03-09 16:38:10 +02:00 |
|
Sergiy Prystaiko
|
4e6f1cea17
|
oracle db audit - updated rules and queries
|
2021-03-09 15:14:52 +02:00 |
|
Shain
|
90dd26f479
|
Merge pull request #1881 from Azure/pebryan/2021-3-5_HAFNIUM2
MTPQueries&IOCPlaceholder
|
2021-03-05 15:50:58 -08:00 |
Pete Bryan
|
d33fe20fcf
|
formatting
|
2021-03-05 15:34:10 -08:00 |
|
Pete Bryan
|
ab5b9808d3
|
MTPQueries&IOCPlaceholder
|
2021-03-05 15:00:41 -08:00 |
|
Sergiy Prystaiko
|
10ad5ac0bc
|
oracle db audit - update hunting queries
|
2021-03-05 10:44:37 +02:00 |