Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
Azure-Sentinel/Detections/MultipleDataSources
История
..
AADAWSConsoleCorrelation.yaml
AADHostLoginCorrelation.yaml
AAD_PAVPN_Correlation.yaml
ADFS-DKM-MasterKey-Export.yaml
AWSConsoleAADCorrelation.yaml
Accountcreatedfromnon-approvedsources.yaml
AdditionalFilesUploadedByActor.yaml
AnomalousIPUsageFollowedByTeamsAction.yaml
AquaBlizzardFeb2022.yaml
AuditPolicyManipulation_using_auditpol.yaml
AuthenticationMethodsChangedforPrivilegedAccount.yaml
B64IPInURLFromMDE.yaml
B64UserInWebURIFromMDE.yaml
BariumDomainIOC112020.yaml
BariumIPIOC112020.yaml
BrutforceAttemptOnAzurePortalAndAWSConsolAtSameTime.yaml
COMRegistryKeyModifiedtoPointtoFileinColorDrivers.yaml
CadetBlizzard_Jan2022_IOC.yaml
CaramelTsunami_IOC.yaml
ChiaCryptoMining.yaml
Cross-CloudSuspiciousComputeResourcecreationinGCP.yaml
CrossCloudSuspiciousUserActivityObservedInGCPEnvourment.yaml
CrossCloudUnauthorizedCredentialsAccessDetection.yaml
DEV-0322_SolarWinds_Serv-U_IOC.yaml
DenimTsunamiAVDetection.yaml
DenimTsunamiC2DomainsJuly2022.yaml
DenimTsunamiFileHashesJuly2022.yaml
Dev-0228FilePathHashesNovember2021.yaml
Dev-0270NewUserSep2022.yaml
Dev-0270PowershellSep2022.yaml
Dev-0270RegistryIOCSep2022.yaml
Dev-0270WMICDiscoverySep2022.yaml
Dev-0530_FileExtRename.yaml
Dev-0530_July2022.yaml
DiamondSleetJan272021IOCs.yaml
DiamondSleetOct292020IOCs.yaml
DisabledAccIPSigninWithRareRiskyOps.yaml
EUROPIUM _September2022.yaml
EmailAccessviaActiveSync.yaml
EmeraldSleetIOCs.yaml
EuropiumUnusualIdentity.yaml
ExchangeServerVulnerabilitiesMarch2021IoCs.yaml
ExchangeWorkerProcessMakingRemoteCall.yaml
ForestBlizzardJuly2019IOCs.yaml
ForestBlizzardOct292020IOCs.yaml
GainCodeExecutionADFSviaWMI.yaml
GraniteTyphoonIOCs.yaml
HiveRansomwareJuly2022.yaml
HostAADCorrelation.yaml
KnownMintSandstormDomainsIP-October2020.yaml
Log4J_IPIOC_Dec112021.yaml
MFADisable.yaml
MSHTMLVuln.yaml
MailBoxTampering.yaml
MalformedUserAgents.yaml
Manganese_VPN-IOCs.yaml
Mercury_Log4j_August2022.yaml
MidnightBlizzard_DomainIOCsMarch2021.yaml
MidnightBlizzard_FoggyWeb.yaml
MidnightBlizzard_IOCsMay2021.yaml
MultiplePasswordresetsbyUser.yaml
NetworkEndpointCorrelation.yaml
NewUserAgentLast24h.yaml
NylonTyphoonIOCsNov2021.yaml
PHOSPHORUSMarch2019IOCs.yaml
PhishinglinkExecutionObserved.yaml
PlaidRainIPIoC.yaml
PotentialBuildProcessCompromiseMDE.yaml
PotentialFodhelperUACBypass(ASIMVersion).yaml
PotentialMercury_Webshell.yaml
PrestigeRansomwareIOCsOct22.yaml
PrivilegedAccountsSigninFailureSpikes.yaml
RiskyUserIn3Pnetworkactivity.yaml
RubySleetOct292020IOCs.yaml
RunCommandUEBABreach.yaml
SUNSPOTHashes.yaml
SUNSPOTLogFile.yaml
SeashellBlizzardIOCs.yaml
SecurityServiceRegistryACLModification.yaml
SigninFirewallCorrelation.yaml
SilkTyphoonUmServiceSuspiciousFile.yaml
Solorigate-Network-Beacon.yaml
Solorigate-VM-Network.yaml
StarBlizzardDomainsAugust2022.yaml
SuccessfulAWSConsoleLoginfromIPAddressObservedConductingPasswordSpray.yaml
SucessfullSiginFromPhingLink.yaml
SuspiciousAWSConsolLoginByCredentialAceessAlerts.yaml
SuspiciousLoginfromDeletedExternalIdentities.yaml
SuspiciousModificationofGlobalAdminProperties.yaml
SuspiciousVMInstanceCreationActivity.yaml
TarraskHashIoC.yaml
TimeSeriesAnomaly-MultiVendor_DataExfiltration.yaml
Unauthorized_user_access_across_AWS_and_Azure.yaml
UnusualGuestActivity.yaml
UserAgentSearch_log4j.yaml
UserImpersonateByAAID.yaml
UserImpersonateByRiskyUser.yaml
WSLMalwareCorrelation.yaml
ZincOctober2022_AVHits_IOC.yaml
ZincOctober2022_Filename_Commandline_IOC.yaml
ZincOctober2022_IP_Domain_Hash_IOC.yaml
powershell_MangoSandstorm.yaml