Azure-Sentinel/Hunting Queries
..
ASimProcess
ASimRegistry
AWSCloudTrail
AuditLogs
AzureActivity
AzureDevOpsAuditing
AzureDiagnostics
AzureStorage
BehaviorAnalytics
CloudAppEvents
CommonSecurityLog
DeviceProcess
DnsEvents
GitHub
LAQueryLogs
Microsoft 365 Defender
MultipleDataSources
OfficeActivity
ProofpointPOD
SQLServer
SecurityAlert
SecurityEvent
SigninLogs
Syslog
ThreatIntelligenceIndicator
W3CIISLog
WireData
ZoomLogs
QUERY_TEMPLATE.md
readme.md

readme.md

About

This folder contains Hunting Queries based on different types of data sources that you can leverage in order to perform broad threat hunting in your environment.

For general information please start with the Wiki pages.

More Specific to Hunting Queries:

Feedback

For questions or feedback, please contact AzureSentinel@microsoft.com