87a249b0ba
|
||
|---|---|---|
| .. | ||
| ASimProcess | ||
| ASimRegistry | ||
| AWSCloudTrail | ||
| AuditLogs | ||
| AzureActivity | ||
| AzureDevOpsAuditing | ||
| AzureDiagnostics | ||
| AzureStorage | ||
| BehaviorAnalytics | ||
| CloudAppEvents | ||
| CommonSecurityLog | ||
| DeviceProcess | ||
| DnsEvents | ||
| GitHub | ||
| LAQueryLogs | ||
| Microsoft 365 Defender | ||
| MultipleDataSources | ||
| OfficeActivity | ||
| ProofpointPOD | ||
| SQLServer | ||
| SecurityAlert | ||
| SecurityEvent | ||
| SigninLogs | ||
| Syslog | ||
| ThreatIntelligenceIndicator | ||
| W3CIISLog | ||
| WireData | ||
| ZoomLogs | ||
| QUERY_TEMPLATE.md | ||
| readme.md | ||
readme.md
About
This folder contains Hunting Queries based on different types of data sources that you can leverage in order to perform broad threat hunting in your environment.
For general information please start with the Wiki pages.
More Specific to Hunting Queries:
- Contribute to Analytic Templates (Detections) and Hunting queries
- Specifics on what is required for Detections and Hunting queries is in the Query Style Guide
- These hunting queries are written using KQL query langauge and will provide you a starting point to protect your environment and get familiar with the different data tables.
- Get started and learn how to hunt for threats in your environment with Microsoft Sentinel.
Feedback
For questions or feedback, please contact AzureSentinel@microsoft.com