Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
Azure-Sentinel/Hunting Queries/MultipleDataSources
История
cyberninjacat 92557a3a66 Query added in HighRiskSignInAroundAuthMethodOrDeviceRegistration.yaml 2024-08-12 19:32:22 +01:00
..
AADPrivilegedAccountsFailedMFA.yaml
AnomolousSignInsBasedonTime.yaml
ApplicationGrantedEWSPermissions.yaml
AzureResourceAssignedPublicIP.yaml
AzureResourceCreationWithNetworkActivity.yaml
AzureRunCommandMDELinked.yaml
BackupDeletion.yaml
CobaltDNSBeacon.yaml
CriticalOperationsWithSystemrestore.yaml
Dev-0056CommandLineActivityNovember2021.yaml
Dev-0322CommandLineActivityNovember2021(ASIMVersion).yaml
Dev-0322CommandLineActivityNovember2021.yaml
Dev-0322FileDropActivityNovember2021(ASIMVersion).yaml
Dev-0322FileDropActivityNovember2021.yaml
DormantServicePrincipalUpdateCredsandLogsIn.yaml
DormantUserUpdateMFAandLogsIn-UEBA.yaml
DormantUserUpdateMFAandLogsIn.yaml
DownloadofNewFileUsingCurl.yaml
ExchangeServersAssociatedSecurityAlerts.yaml
FailedSigninsWithAuditDetails.yaml
FireEyeRedTeamComms.yaml
FirewallRuleChanges_using_netsh.yaml
ForestBlizzard_IOC_RetroHunt.yaml
HighRiskSignInAroundAuthMethodOrDeviceRegistration.yaml Query added in HighRiskSignInAroundAuthMethodOrDeviceRegistration.yaml 2024-08-12 19:32:22 +01:00
LogonwithExpiredAccount.yaml
MailForwardingActivityFromNewLocation.yaml
NetworkConnectionldap_log4j.yaml
NetworkConnectiontoOMIPorts.yaml
NonCompliantSigninwithBulkDownload.yaml
NylonTyphoonCommandLineActivity-Nov2021.yaml
NylonTyphoonRegIOCPatterns.yaml
PermutationsOnLogonNames.yaml
PersistViaIFEORegistryKey.yaml
PossibleCommandInjectionagainstAzureIR.yaml
PotentialMicrosoftSecurityServicesTampering.yaml
PotentialSSHTunneltoAADConnectHost.yaml
PrivilegedAccountPasswordChanges.yaml
PrivilegedAccountsLockedOut.yaml
RareDNSLookupWithDataTransfer.yaml
RareDomainsInCloudLogs.yaml
ReconActivitywithInteractiveLogonCorrelation.yaml
SQLAlertCorrelationwithCommonSecurityLogsandAuditLogs.yaml
SolarWindsInventory.yaml
StorageAccountKeyEnumerationWithSigninandAuditlogs.yaml
StorageAlertCorrelationwithCommonSecurityLogsandAuditLogs.yaml
StorageAlertCorrelationwithCommonSecurityLogsandStorageLogs.yaml
SuspiciousActivitiesRelatedToConfidentialDocuments.yaml
TrackingPasswordChanges.yaml
TrackingPrivAccounts.yaml
UnfamiliarsignincorrelationwithPortalSigninandAuditlogs.yaml
UnicodeObfuscationInCommandLine.yaml
UserGrantedAccess_CreatesResources.yaml
UseragentExploitPentest.yaml