294fe33f20
* renaming M365Defender to comply conventions |
||
---|---|---|
.. | ||
ASimAuthentication | ||
ASimDNS | ||
ASimProcess | ||
AWSCloudTrail | ||
AlsidForAD | ||
AuditLogs | ||
AzureActivity | ||
AzureAppServices | ||
AzureDevOpsAuditing | ||
AzureDiagnostics | ||
AzureFirewall | ||
CiscoUmbrella | ||
Cognni | ||
CommonSecurityLog | ||
CyberpionSecurityLogs | ||
DeviceEvents | ||
DeviceFileEvents | ||
DeviceNetworkEvents | ||
DeviceProcessEvents | ||
DnsEvents | ||
Duo Security | ||
EsetSMC | ||
GitHub | ||
InfobloxNIOS | ||
LAQueryLogs | ||
MultipleDataSources | ||
OfficeActivity | ||
OktaSSO | ||
ProofpointPOD | ||
PulseConnectSecure | ||
QualysVM | ||
SecurityAlert | ||
SecurityEvent | ||
SigninLogs | ||
SophosXGFirewall | ||
SymantecProxySG | ||
SymantecVIP | ||
Syslog | ||
ThreatIntelligenceIndicator | ||
TrendMicroXDR | ||
VMwareCarbonBlack | ||
VectraAI | ||
W3CIISLog | ||
ZoomLogs | ||
http_proxy_oab_CL | ||
readme.md |
readme.md
About
This folder contains Detections based on different types of data sources that you can leverage in order to create alerts and respond to threats in your environment.
For general information please start with the Wiki pages.
More Specific to Detections:
- Contribute to Analytic Templates (Detections) and Hunting queries
- Specifics on what is required for Detections and Hunting queries is in the Query Style Guide
- These detections are written using KQL query langauge and will provide you a starting point to protect your environment and get familiar with the different data tables.
- To enable these detections in your environment follow the out of the box guidance (Notice that after a detection is available in this GitHub, it might take up to 2 weeks before it is available in Azure Sentinel portal).
- The rule created will run the query on the scheduled time that was defined, and trigger an alert that will be seen both in the SecurityAlert table and in a case in the Incidents tab
Feedback
For questions or feedback, please contact AzureSentinel@microsoft.com