Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
Azure-Sentinel/Detections
История
chicduong 167a139603 revisions 2020-08-27 08:53:09 -07:00
..
AWSCloudTrail Fixed metadata issues and moved RareClientFileAccess back to hunting as it needs further work 2020-06-03 06:44:36 -07:00
AuditLogs changes based on PR review 2020-07-16 18:47:15 -07:00
AzureActivity Merge pull request #454 from jeffhoyo/patch-1 2020-01-27 06:20:41 -08:00
AzureDevOpsAuditing Fixing up bugs related to missing items in schema or output values missing from query 2020-07-23 11:45:41 -07:00
AzureDiagnostics fixing typos 2020-07-14 19:08:37 -07:00
CommonSecurityLog Typo in Persistence 2020-07-28 12:01:49 -07:00
DnsEvents Merge branch 'master' into pebryan-dns-hunting-bugbash 2020-08-13 11:38:06 -07:00
EsetSMC adding Eset SMC parser (#476) 2020-07-08 17:55:11 -07:00
GitHub removed requiredConnectors for CustomConnector 2020-07-28 12:16:55 -07:00
InfobloxNIOS ACN_CD_InfobloxUpdate (#879) 2020-07-24 11:54:35 -07:00
MultipleDataSources Fixed typo in analytical rule description 2020-08-24 05:56:06 +01:00
OfficeActivity Merge pull request #818 from Azure/shainw-fixFwdDest 2020-07-13 17:35:25 -07:00
OktaSSO revisions 2020-08-27 08:53:09 -07:00
ProofpointTAP Update MalwareLinkClicked.yaml 2020-07-21 17:53:27 -07:00
PulseConnectSecure ACNCD_Custom_DataConnector_v2 (#729) 2020-06-19 14:00:16 -07:00
QualysVM ACNCD_Custom_DataConnector_v2 (#729) 2020-06-19 14:00:16 -07:00
SecurityEvent Also fixing locale in doc URLs 2020-06-03 06:51:10 -07:00
SigninLogs Moving file and adding YAML extension 2020-07-30 10:57:44 -07:00
SophosXGFirewall ACNCD_DataConnectors_final (#767) 2020-07-07 15:25:53 -07:00
SymantecProxySG ACNCD_DataConnectors_final (#767) 2020-07-07 15:25:53 -07:00
SymantecVIP Fixing up bugs related to missing items in schema or output values missing from query 2020-07-23 11:45:41 -07:00
Syslog Update ssh_potentialBruteForce.yaml 2020-08-13 11:47:53 -07:00
ThreatIntelligenceIndicator Queryandplaybook (#685) 2020-05-14 18:26:55 +01:00
VMwareCarbonBlack Fixing up bugs related to missing items in schema or output values missing from query 2020-07-23 11:45:41 -07:00
W3CIISLog Merge pull request #704 from robMSFT/robMSFT-WebShellCorrelate 2020-06-03 21:12:54 -07:00
ZoomLogs Fixing up bugs related to missing items in schema or output values missing from query 2020-07-23 11:45:41 -07:00
readme.md Update readme.md 2020-06-26 11:46:22 -07:00

readme.md

About

This folder contains Detections based on different types of data sources that you can leverage in order to create alerts and respond to threats in your environment.

For general information please start with the Wiki pages.

More Specific to Detections:

  • Contribute to Analytic Templates (Detections) and Hunting queries
  • Specifics on what is required for Detections and Hunting queries is in the Query Style Guide
  • These detections are written using KQL query langauge and will provide you a starting point to protect your environment and get familiar with the different data tables.
  • To enable these detections in your environment follow the out of the box guidance.
  • The rule created will run the query on the scheduled time that was defined, and trigger an alert that will be seen both in the SecurityAlert table and in a case in the Incidents tab

Feedback

For questions or feedback, please contact AzureSentinel@microsoft.com