Azure-Sentinel

Граф коммитов

Автор	SHA1	Сообщение	Дата
Shain Wray (MSTIC)	95e3a9bc52	updated empty connector, moved Teams queries into OfficeActivity, updated some entity mappings	2021-02-04 15:31:02 -08:00
Shain Wray (MSTIC)	e56e19d4bf	Removing unicod chars	2021-01-31 12:59:07 -08:00
Igal Shapira	59d89255b3	UEBA queries - fix tactics to be with no white spaces	2021-01-17 13:52:14 +02:00
Raz Marom	690062e8d1	change name field	2020-10-14 15:02:12 +03:00
Raz Marom	89f01093d2	remove requiredConnectors	2020-10-14 14:52:22 +03:00
Raz Marom	af26eae49e	add a new Hunting Query	2020-10-14 14:45:38 +03:00
juliango2100	b448fa84ef	Update Anomalous Defensive Mechanism Modification.yaml	2020-09-23 14:59:32 -07:00
juliango2100	7008bda03a	Update Anomalous Data Access.yaml	2020-09-23 14:59:15 -07:00
juliango2100	b2e9afa207	Update Anomalous Code Execution.yaml	2020-09-23 14:58:49 -07:00
Raz Marom	1181d3ff4c	comment fix - replace occurences of 'contains' -> 'has' in queries	2020-09-21 15:12:14 +03:00
Raz Marom	cf6105e6a5	add 3 new queries + change description + mofidy queries	2020-09-10 13:43:44 +03:00
Raz Marom	8c860468e9	Fix \| Hunting description	2020-08-27 10:04:50 +03:00
Raz Marom	9b2b0a5ddc	typo fix	2020-08-20 14:42:14 +03:00
Raz Marom	7c38561461	Queries \| Fix naming	2020-08-20 13:52:13 +03:00
Raz Marom	62839bfbc5	Queries \| Rename output attributes to match Polygon	2020-08-18 13:51:35 +03:00
Raz Marom	b08d9e7176	Feature \| Naming \| Change queries parameter names & values to match Polygon	2020-08-10 20:08:08 +03:00
itay6588	0883e15967	fixed Displayname error and change UPN parsing location (#859 ) * fixed Displayname error * Update Anomalous AAD Account Manipulation.yaml	2020-07-15 11:15:59 +03:00
Igal	80bced91fe	Align ueba queries to .yaml (#858 ) * Align ueba queries to .yaml * fix tactics Co-authored-by: Igal Shapira <igshapir@microsoft.com>	2020-07-15 09:02:10 +03:00
itay6588	429ac644eb	Sentinel UEBA Hunting Queries (#833 ) * Add files via upload BehaviorAnalytics hunting queries * Rename Account Access Removal - Password Reset.txt to Account Access Removal - Password Reset.yaml * Update Account Access Removal - Password Reset.yaml * Update and rename Account Manipulation - Add to Group.txt to Account Manipulation - Add to Group.yaml * Update and rename Valid Accounts - Local Accounts.txt to Valid Accounts - Local Accounts.yaml * Delete Account Access Removal - Password Reset.yaml * Delete Account Manipulation - Add to Group.yaml * Delete Valid Accounts - Local Accounts.yaml * BehaviorAnalytics Hunting Queries Sentinel UEBA Hunting Queries * Update Anomalous Account Creation.yaml * Update Anomalous Account Manipulation.yaml * Update Anomalous Failed Logon.yaml * Update Anomalous Geo Location Logon.yml * Update Anomalous Login to Devices.yml * Update Anomalous Password Reset.yml * Update Anomalous RDP Activity.yml * Update Anomalous Resource Access.yml * Update Anomalous Role Assignment.yml * Update Anomalous Sign-in Activity.yml * Update Anomalous Sign-in Activity.yml * Update Anomalous Sign-in Activity.yml * Update Anomalous Account Creation.yaml * Update Anomalous Account Creation.yaml * Update Anomalous Account Manipulation.yaml * Update Anomalous Failed Logon.yaml * Update Anomalous Geo Location Logon.yml * Update Anomalous Login to Devices.yml * Update Anomalous Password Reset.yml * Update Anomalous RDP Activity.yml * Update Anomalous Resource Access.yml * Update Anomalous Role Assignment.yml * Update Anomalous Sign-in Activity.yml * added handling of external accounts * Add criteria information for critical & high AAD Roles * change filter location * added filter to join * Updated Target User UPN * add UPN fix * added UPN fix * Update Anomalous Geo Location Logon.yml * Update Anomalous Login to Devices.yml * Update Anomalous Failed Logon.yaml * Update Anomalous Geo Location Logon.yml * Update Anomalous Login to Devices.yml * Update Anomalous Password Reset.yml * Update Anomalous Sign-in Activity.yml * Update Anomalous RDP Activity.yml * Update Anomalous RDP Activity.yml * Update Anomalous Resource Access.yml * Update Anomalous Password Reset.yml * Update Anomalous Login to Devices.yml * Update Anomalous Sign-in Activity.yml	2020-07-15 08:27:14 +03:00

19 Коммитов