История

Roberto Rodriguez 66339faa1a added new hunting query to cover updates of the permissions scopes and app roles of an OAuth application		2021-07-28 04:57:01 -04:00
..
ASimProcess	Fix DvcHostName -> DvcHostName	2021-07-05 13:57:52 +03:00
AWSCloudTrail	Hunting query timeframe updates	2021-04-12 14:15:43 -07:00
AWSS3	updated empty connector, moved Teams queries into OfficeActivity, updated some entity mappings	2021-02-04 15:31:02 -08:00
AuditLogs	added new hunting query to cover updates of the permissions scopes and app roles of an OAuth application	2021-07-28 04:57:01 -04:00
AzureActivity	Update Common_Deployed_Resources.yaml	2021-07-13 13:12:23 -07:00
AzureDevOpsAuditing	Hunting query timeframe updates	2021-04-12 14:15:43 -07:00
AzureDiagnostics	fixed CriticalPortsOpened	2021-05-12 14:12:09 +03:00
AzureStorage	Hunting query timeframe updates	2021-04-12 14:15:43 -07:00
BehaviorAnalytics	updated empty connector, moved Teams queries into OfficeActivity, updated some entity mappings	2021-02-04 15:31:02 -08:00
CommonSecurityLog	Swap join legs to improve perf	2021-05-06 10:46:33 -07:00
DnsEvents	Hunting query timeframe updates	2021-04-12 14:15:43 -07:00
GitHub	Hunting query timeframe updates	2021-04-12 14:15:43 -07:00
LAQueryLogs	Hunting query timeframe updates	2021-04-12 14:15:43 -07:00
MultipleDataSources	add endswith condition	2021-07-01 18:10:53 -04:00
OfficeActivity	Update NewBotAddedToTeams.yaml	2021-05-14 01:32:47 +02:00
ProofpointPOD	Hunting Query TimeFrame Updates	2021-04-15 17:52:25 -07:00
SQLServer	Hunting Query TimeFrame Updates	2021-04-15 17:52:25 -07:00
SecurityAlert	Hunting Query TimeFrame Updates	2021-04-15 17:52:25 -07:00
SecurityEvent	added version, severity and requiredDataConnectors	2021-07-08 23:06:49 -04:00
SigninLogs	Fixed queries that had leftover variables	2021-05-25 13:10:40 -07:00
Syslog	Hunting Query TimeFrame Updates	2021-04-15 17:52:25 -07:00
ThreatIntelligenceIndicator	Hunting Query TimeFrame Updates	2021-04-15 17:52:25 -07:00
W3CIISLog	updates	2021-06-08 00:05:13 +01:00
WireData	Changing GUIDs of hunting queries that had duplicates from Detection queries	2020-04-13 10:52:12 -07:00
ZoomLogs	Hunting Query TimeFrame Updates	2021-04-15 17:52:25 -07:00
QUERY_TEMPLATE.md	Couple additional fixes	2021-02-01 08:22:36 -08:00
readme.md	Update readme.md	2020-06-26 11:47:58 -07:00

readme.md

About

This folder contains Hunting Queries based on different types of data sources that you can leverage in order to perform broad threat hunting in your environment.

For general information please start with the Wiki pages.

More Specific to Hunting Queries:

Contribute to Analytic Templates (Detections) and Hunting queries
Specifics on what is required for Detections and Hunting queries is in the Query Style Guide
These hunting queries are written using KQL query langauge and will provide you a starting point to protect your environment and get familiar with the different data tables.
Get started and learn how to hunt for threats in your environment with Azure Sentinel.

Feedback

For questions or feedback, please contact AzureSentinel@microsoft.com