Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
Azure-Sentinel/Hunting Queries/SecurityEvent
История
..
ADAccountLockouts.yaml
ADFSDBLocalSqlStatements.yaml
Certutil-LOLBins.yaml
CommandsexecutedbyWMIonnewhosts-potentialImpacket.yaml
Crashdumpdisabledonhost.yaml
CustomUserList_FailedLogons.yaml
DecoyUserAccountAuthenticationAttempt.yaml
Discorddownloadinvokedfromcmdline.yaml
ExchangePowerShellSnapin.yaml
ExternalIPaddressinCommandLine.yaml
FailedUserLogons.yaml
FakeComputerAccountAuthenticationAttempt.yaml
FileExecutionWithOneCharacterInTheName.yaml
GroupAddedToPrivlegeGroup.yaml
HostExportingMailboxAndRemovingExport.yaml
HostsWithNewLogons.yaml
Invoke-PowerShellTcpOneLine.yaml
KrbRelayUpServiceCreation
LargeScaleMalwareDeploymentGPOScheduledTask.yaml
Least_Common_Parent_Child_Process.yaml
Least_Common_Process_Command_Lines.yaml
Least_Common_Process_With_Depth.yaml
MSRPRN_Printer_Bug_Exploitation.yaml
MultipleExplicitCredentialUsage4648Events.yaml
NewChildProcessOfW3WP.yaml
NishangReverseTCPShellBase64.yaml
PotentialImpacketExecution.yaml
PotentialLocalExploitationForPrivilegeEscalation.yaml
PotentialProcessDoppelganging.yaml
PowerCatDownload.yaml
ProcessEntropy.yaml
RIDHijacking.yaml
RareProcbyServiceAccount.yaml
RareProcessPath.yaml
RareProcessWithCmdLine.yaml
RareProcess_forWinHost.yaml
RemoteLoginPerformedwithWMI.yaml
RemoteScheduledTaskCreationUpdateUsingATSVCNamedPipe.yaml
RemoteScheduledTaskCreationUpdateviaSchtasks.yaml
ScheduledTaskCreationUpdateFromUserWritableDrectory.yaml
ServiceInstallationFromUsersWritableDirectory.yaml
SignedBinaryProxyExecutionRundll32.yaml
SuspectedLSASSDump.yaml
Suspicious_Windows_Login_outside_normal_hours.yaml
Suspicious_enumeration_using_adfind.yaml
User Logons By Logon Type.yaml
UserAccountAddedToPrivlegeGroup.yaml
UserAccountCreatedDeleted.yaml
UserAdd_RemToGroupByUnauthorizedUser.yaml
UserCreatedByUnauthorizedUser.yaml
UsersOpenReadDeviceIdentityKey.yaml
VIPAccountFailedLogons.yaml
WindowsSystemShutdown-Reboot.yaml
WindowsSystemTimeChange.yaml
cscript_summary.yaml
enumeration_user_and_group.yaml
hunt_LOLBins.yaml
masquerading_files.yaml
new_processes.yaml
persistence_create_account.yaml
powershell_downloads.yaml
powershell_newencodedscipts.yaml
uncommon_processes.yaml