Azure-Sentinel

Roberto Rodriguez 34af7566cc added version, severity and requiredDataConnectors	2021-07-08 23:06:49 -04:00
..
ADAccountLockouts.yaml	Hunting Query TimeFrame Updates	2021-04-15 17:52:25 -07:00
ADFSDBLocalSqlStatements.yaml	added version, severity and requiredDataConnectors	2021-07-08 23:06:49 -04:00
Certutil-LOLBins.yaml	Hunting Query TimeFrame Updates	2021-04-15 17:52:25 -07:00
CustomUserList_FailedLogons.yaml	Documentation links should not include locale - fix and add validations (#678 )	2020-05-13 15:07:12 +03:00
ExchangePowerShellSnapin.yaml	Update ExchangePowerShellSnapin.yaml	2021-03-03 13:40:12 +02:00
FailedUserLogons.yaml	Hunting Query TimeFrame Updates	2021-04-15 17:52:25 -07:00
GroupAddedToPrivlegeGroup.yaml	Add a comment about DnsAdmins and DnsUpdatePorxy	2020-06-20 10:31:34 -04:00
HostExportingMailboxAndRemovingExport.yaml	capitalize for consistency	2021-03-04 10:54:36 -08:00
HostsWithNewLogons.yaml	fix for partner reported issue	2019-10-11 19:02:10 +01:00
Invoke-PowerShellTcpOneLine.yaml	HAFNIUM Queries	2021-03-02 13:09:15 -08:00
Least_Common_Parent_Child_Process.yaml	updated to yaml files	2020-06-04 18:22:23 -07:00
Least_Common_Process_Command_Lines.yaml	updated to yaml files	2020-06-04 18:22:23 -07:00
Least_Common_Process_With_Depth.yaml	updated to yaml files	2020-06-04 18:22:23 -07:00
MultipleExplicitCredentialUsage4648Events.yaml	Hunting Query TimeFrame Updates	2021-04-15 17:52:25 -07:00
NewChildProcessOfW3WP.yaml	removed unecessary extend	2021-03-03 15:57:36 -08:00
NishangReverseTCPShellBase64.yaml	formatting	2021-03-05 15:34:10 -08:00
PowerCatDownload.yaml	MTPQueries&IOCPlaceholder	2021-03-05 15:00:41 -08:00
ProcessEntropy.yaml	fix for syntax error	2021-04-20 01:32:58 -07:00
RareProcbyServiceAccount.yaml	Removing unicod chars	2021-01-31 12:59:07 -08:00
RareProcessPath.yaml	correcting query text to fix yaml parsing	2020-02-11 13:02:51 -08:00
RareProcessWithCmdLine.yaml	Update RareProcessWithCmdLine.yaml	2020-10-16 11:43:59 -07:00
RareProcess_forWinHost.yaml	These queries do not work as expansion. Converted to hunting	2020-07-26 20:17:45 +03:00
SignedBinaryProxyExecutionRundll32.yaml	Update SignedBinaryProxyExecutionRundll32.yaml	2021-05-19 08:18:25 +01:00
SuspectedLSASSDump.yaml	Removed errant (	2021-06-24 08:25:25 -07:00
Suspicious_Windows_Login_outside_normal_hours.yaml	changes per PR Review	2020-09-01 12:56:22 -07:00
Suspicious_enumeration_using_adfind.yaml	Hunting Query TimeFrame Updates	2021-04-15 17:52:25 -07:00
User Logons By Logon Type.yaml	Hunting Query TimeFrame Updates	2021-04-15 17:52:25 -07:00
UserAccountAddedToPrivlegeGroup.yaml	Hunting Query TimeFrame Updates	2021-04-15 17:52:25 -07:00
UserAccountCreatedDeleted.yaml	Hunting Query TimeFrame Updates	2021-04-15 17:52:25 -07:00
UserAdd_RemToGroupByUnauthorizedUser.yaml	Hunting Query TimeFrame Updates	2021-04-15 17:52:25 -07:00
UserCreatedByUnauthorizedUser.yaml	Hunting Query TimeFrame Updates	2021-04-15 17:52:25 -07:00
VIPAccountFailedLogons.yaml	Hunting Query TimeFrame Updates	2021-04-15 17:52:25 -07:00
Windows System Shutdown-Reboot(T1529)	Update Windows System Shutdown-Reboot(T1529)	2021-03-02 21:39:12 -08:00
WindowsSystemTimeChange.yaml	Update WindowsSystemTimeChange.yaml	2020-10-27 10:33:23 -07:00
cscript_summary.yaml	Hunting Query TimeFrame Updates	2021-04-15 17:52:25 -07:00
enumeration_user_and_group.yaml	Hunting Query TimeFrame Updates	2021-04-15 17:52:25 -07:00
masquerading_files.yaml	Hunting Query TimeFrame Updates	2021-04-15 17:52:25 -07:00
new_processes.yaml	missed a couple timestamps	2019-09-04 08:35:55 -07:00
persistence_create_account.yaml	Hunting Query TimeFrame Updates	2021-04-15 17:52:25 -07:00
powershell_downloads.yaml	Hunting Query TimeFrame Updates	2021-04-15 17:52:25 -07:00
powershell_newencodedscipts.yaml	missed a couple timestamps	2019-09-04 08:35:55 -07:00
uncommon_processes.yaml	Hunting Query TimeFrame Updates	2021-04-15 17:52:25 -07:00

ADAccountLockouts.yaml

Hunting Query TimeFrame Updates

2021-04-15 17:52:25 -07:00

ADFSDBLocalSqlStatements.yaml

added version, severity and requiredDataConnectors

2021-07-08 23:06:49 -04:00

Certutil-LOLBins.yaml

Hunting Query TimeFrame Updates

2021-04-15 17:52:25 -07:00

CustomUserList_FailedLogons.yaml

Documentation links should not include locale - fix and add validations (#678 )

2020-05-13 15:07:12 +03:00

ExchangePowerShellSnapin.yaml

Update ExchangePowerShellSnapin.yaml

2021-03-03 13:40:12 +02:00

FailedUserLogons.yaml

Hunting Query TimeFrame Updates

2021-04-15 17:52:25 -07:00

GroupAddedToPrivlegeGroup.yaml

Add a comment about DnsAdmins and DnsUpdatePorxy

2020-06-20 10:31:34 -04:00

HostExportingMailboxAndRemovingExport.yaml

capitalize for consistency

2021-03-04 10:54:36 -08:00

HostsWithNewLogons.yaml

fix for partner reported issue

2019-10-11 19:02:10 +01:00

Invoke-PowerShellTcpOneLine.yaml

HAFNIUM Queries

2021-03-02 13:09:15 -08:00

Least_Common_Parent_Child_Process.yaml

updated to yaml files

2020-06-04 18:22:23 -07:00

Least_Common_Process_Command_Lines.yaml

updated to yaml files

2020-06-04 18:22:23 -07:00

Least_Common_Process_With_Depth.yaml

updated to yaml files

2020-06-04 18:22:23 -07:00

MultipleExplicitCredentialUsage4648Events.yaml

Hunting Query TimeFrame Updates

2021-04-15 17:52:25 -07:00

NewChildProcessOfW3WP.yaml

removed unecessary extend

2021-03-03 15:57:36 -08:00

NishangReverseTCPShellBase64.yaml

formatting

2021-03-05 15:34:10 -08:00

PowerCatDownload.yaml

MTPQueries&IOCPlaceholder

2021-03-05 15:00:41 -08:00

ProcessEntropy.yaml

fix for syntax error

2021-04-20 01:32:58 -07:00

RareProcbyServiceAccount.yaml

Removing unicod chars

2021-01-31 12:59:07 -08:00

RareProcessPath.yaml

correcting query text to fix yaml parsing

2020-02-11 13:02:51 -08:00

RareProcessWithCmdLine.yaml

Update RareProcessWithCmdLine.yaml

2020-10-16 11:43:59 -07:00

RareProcess_forWinHost.yaml

These queries do not work as expansion. Converted to hunting

2020-07-26 20:17:45 +03:00

SignedBinaryProxyExecutionRundll32.yaml

Update SignedBinaryProxyExecutionRundll32.yaml

2021-05-19 08:18:25 +01:00

SuspectedLSASSDump.yaml

Removed errant (

2021-06-24 08:25:25 -07:00

Suspicious_Windows_Login_outside_normal_hours.yaml

changes per PR Review

2020-09-01 12:56:22 -07:00

Suspicious_enumeration_using_adfind.yaml

Hunting Query TimeFrame Updates

2021-04-15 17:52:25 -07:00

User Logons By Logon Type.yaml

Hunting Query TimeFrame Updates

2021-04-15 17:52:25 -07:00

UserAccountAddedToPrivlegeGroup.yaml

Hunting Query TimeFrame Updates

2021-04-15 17:52:25 -07:00

UserAccountCreatedDeleted.yaml

Hunting Query TimeFrame Updates

2021-04-15 17:52:25 -07:00

UserAdd_RemToGroupByUnauthorizedUser.yaml

Hunting Query TimeFrame Updates

2021-04-15 17:52:25 -07:00

UserCreatedByUnauthorizedUser.yaml

Hunting Query TimeFrame Updates

2021-04-15 17:52:25 -07:00

VIPAccountFailedLogons.yaml

Hunting Query TimeFrame Updates

2021-04-15 17:52:25 -07:00

Windows System Shutdown-Reboot(T1529)

Update Windows System Shutdown-Reboot(T1529)

2021-03-02 21:39:12 -08:00

WindowsSystemTimeChange.yaml

Update WindowsSystemTimeChange.yaml

2020-10-27 10:33:23 -07:00

cscript_summary.yaml

Hunting Query TimeFrame Updates

2021-04-15 17:52:25 -07:00

enumeration_user_and_group.yaml

Hunting Query TimeFrame Updates

2021-04-15 17:52:25 -07:00

masquerading_files.yaml

Hunting Query TimeFrame Updates

2021-04-15 17:52:25 -07:00

new_processes.yaml

missed a couple timestamps

2019-09-04 08:35:55 -07:00

persistence_create_account.yaml

Hunting Query TimeFrame Updates

2021-04-15 17:52:25 -07:00

powershell_downloads.yaml

Hunting Query TimeFrame Updates

2021-04-15 17:52:25 -07:00

powershell_newencodedscipts.yaml

missed a couple timestamps

2019-09-04 08:35:55 -07:00

uncommon_processes.yaml

Hunting Query TimeFrame Updates

2021-04-15 17:52:25 -07:00