Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
Azure-Sentinel/Detections
История
necoh 1beae7fec4
Update KnownPHOSPHORUSDomainsIP-October2020.yaml 
The current requieredDataType(SecurityAlert (Office 365 Security & Compliance)) is incorrect. 
According to OfficeATP it should be SecurityAlert (OATP).
 		2020-11-19 10:49:15 +02:00
..
AWSCloudTrail Feature/lahisham/migrate scheduled templates to new entity mapping (#1319) 2020-11-17 17:27:25 +02:00
AuditLogs Feature/lahisham/migrate scheduled templates to new entity mapping (#1319) 2020-11-17 17:27:25 +02:00
AzureActivity Feature/lahisham/migrate scheduled templates to new entity mapping (#1319) 2020-11-17 17:27:25 +02:00
AzureDevOpsAuditing Feature/lahisham/migrate scheduled templates to new entity mapping (#1319) 2020-11-17 17:27:25 +02:00
AzureDiagnostics Feature/lahisham/migrate scheduled templates to new entity mapping (#1319) 2020-11-17 17:27:25 +02:00
AzureFirewall Feature/lahisham/migrate scheduled templates to new entity mapping (#1319) 2020-11-17 17:27:25 +02:00
CommonSecurityLog Feature/lahisham/migrate scheduled templates to new entity mapping (#1319) 2020-11-17 17:27:25 +02:00
DnsEvents Feature/lahisham/migrate scheduled templates to new entity mapping (#1319) 2020-11-17 17:27:25 +02:00
EsetSMC Feature/lahisham/migrate scheduled templates to new entity mapping (#1319) 2020-11-17 17:27:25 +02:00
GitHub Feature/lahisham/migrate scheduled templates to new entity mapping (#1319) 2020-11-17 17:27:25 +02:00
InfobloxNIOS Feature/lahisham/migrate scheduled templates to new entity mapping (#1319) 2020-11-17 17:27:25 +02:00
LAQueryLogs PR comments changes 2020-09-22 14:21:47 -07:00
MultipleDataSources Update KnownPHOSPHORUSDomainsIP-October2020.yaml 2020-11-19 10:49:15 +02:00
OfficeActivity Feature/lahisham/migrate scheduled templates to new entity mapping (#1319) 2020-11-17 17:27:25 +02:00
OktaSSO Feature/lahisham/migrate scheduled templates to new entity mapping (#1319) 2020-11-17 17:27:25 +02:00
ProofpointTAP Feature/lahisham/migrate scheduled templates to new entity mapping (#1319) 2020-11-17 17:27:25 +02:00
PulseConnectSecure Feature/lahisham/migrate scheduled templates to new entity mapping (#1319) 2020-11-17 17:27:25 +02:00
QualysVM Feature/lahisham/migrate scheduled templates to new entity mapping (#1319) 2020-11-17 17:27:25 +02:00
SecurityAlert Feature/lahisham/migrate scheduled templates to new entity mapping (#1319) 2020-11-17 17:27:25 +02:00
SecurityEvent Feature/lahisham/migrate scheduled templates to new entity mapping (#1319) 2020-11-17 17:27:25 +02:00
SigninLogs Feature/lahisham/migrate scheduled templates to new entity mapping (#1319) 2020-11-17 17:27:25 +02:00
SophosXGFirewall Feature/lahisham/migrate scheduled templates to new entity mapping (#1319) 2020-11-17 17:27:25 +02:00
SymantecProxySG Feature/lahisham/migrate scheduled templates to new entity mapping (#1319) 2020-11-17 17:27:25 +02:00
SymantecVIP Feature/lahisham/migrate scheduled templates to new entity mapping (#1319) 2020-11-17 17:27:25 +02:00
Syslog Feature/lahisham/migrate scheduled templates to new entity mapping (#1319) 2020-11-17 17:27:25 +02:00
ThreatIntelligenceIndicator Feature/lahisham/migrate scheduled templates to new entity mapping (#1319) 2020-11-17 17:27:25 +02:00
VMwareCarbonBlack Feature/lahisham/migrate scheduled templates to new entity mapping (#1319) 2020-11-17 17:27:25 +02:00
W3CIISLog Feature/lahisham/migrate scheduled templates to new entity mapping (#1319) 2020-11-17 17:27:25 +02:00
ZoomLogs Feature/lahisham/migrate scheduled templates to new entity mapping (#1319) 2020-11-17 17:27:25 +02:00
readme.md Update readme.md 2020-06-26 11:46:22 -07:00

readme.md

About

This folder contains Detections based on different types of data sources that you can leverage in order to create alerts and respond to threats in your environment.

For general information please start with the Wiki pages.

More Specific to Detections:

  • Contribute to Analytic Templates (Detections) and Hunting queries
  • Specifics on what is required for Detections and Hunting queries is in the Query Style Guide
  • These detections are written using KQL query langauge and will provide you a starting point to protect your environment and get familiar with the different data tables.
  • To enable these detections in your environment follow the out of the box guidance.
  • The rule created will run the query on the scheduled time that was defined, and trigger an alert that will be seen both in the SecurityAlert table and in a case in the Incidents tab

Feedback

For questions or feedback, please contact AzureSentinel@microsoft.com