Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
Azure-Sentinel/Detections
История
aprakash13 97a6dafb74
Merge pull request #4453 from vpaschalidis/patch-57 
Create RegistryPersistenceViaAppInt_DLLsModification.yaml
 		2022-04-12 23:49:49 -07:00
..
ASimAuthentication Fix template version format 2022-04-04 13:49:49 +03:00
ASimDNS remove-tabs-from-detections 2022-04-10 10:27:06 +03:00
ASimFileEvent Updated version 2022-03-02 15:09:46 -08:00
ASimNetworkSession remove-tabs-from-detections 2022-04-10 10:27:06 +03:00
ASimProcess Updated version 2022-03-02 15:09:46 -08:00
ASimWebSession remove-tabs-from-detections 2022-04-10 10:27:06 +03:00
AWSCloudTrail Fixed typos in descriptions 2022-02-08 09:37:38 -08:00
AWSGuardDuty Fixing typo 2022-02-09 00:47:34 +05:30
AlsidForAD return sub techniques 2022-01-17 17:53:26 +02:00
AuditLogs updated severity 2022-03-24 11:19:17 -07:00
AzureActivity add severity 2022-03-24 11:11:08 -07:00
AzureAppServices
AzureDevOpsAuditing return sub techniques 2022-01-17 17:53:26 +02:00
AzureDiagnostics New NRT Rules Created 2022-02-07 15:31:00 -08:00
AzureFirewall add support for techniques in validations 2022-01-16 13:33:29 +02:00
CiscoUmbrella Merge branch 'master' into ashwin/connector-fixes 2021-12-08 17:45:20 -08:00
Cognni
CommonSecurityLog version updates 2022-03-14 11:26:50 -07:00
CyberpionSecurityLogs
DeviceEvents Updates 4 more scheduled alert rule techniques. 2022-02-23 13:02:50 +02:00
DeviceFileEvents Updates 4 more scheduled alert rule techniques. 2022-02-23 13:02:50 +02:00
DeviceNetworkEvents Corrects multiple detection rule's techniques-tactics mappings. 2022-02-23 09:50:47 +02:00
DeviceProcessEvents Corrects Algorithm Entity values for Solarwinds scheduled alert rules. 2022-02-01 17:33:19 +02:00
DnsEvents New NRT Rules Created 2022-02-07 15:31:00 -08:00
Duo Security
EsetSMC
GitHub
Heartbeat
LAQueryLogs
MultipleDataSources Merge pull request #4620 from Azure/Tarrask_Detection 2022-04-12 08:38:16 -07:00
OfficeActivity Merge pull request #4330 from samikroy/patch-10 2022-03-10 17:18:58 -08:00
ProofpointPOD
PulseConnectSecure
QualysVM
QualysVMV2 Update NewHighSeverityVulnDetectedAcrossMulitpleHostsV2.yaml 2021-12-07 17:14:29 +02:00
SecurityAlert Update AVTarrask.yaml 2022-04-12 08:25:26 -07:00
SecurityEvent Merge pull request #4453 from vpaschalidis/patch-57 2022-04-12 23:49:49 -07:00
SecurityNestedRecommendation Detection query for Vulnerable Machines related to log4j CVE-2021-44228 using Microsoft Defender for Cloud data 2021-12-14 10:52:52 -08:00
SigninLogs Merge pull request #4189 from ep3p/patch-21 2022-04-12 05:35:14 -07:00
SymantecVIP
Syslog query fixes 2022-03-14 11:26:59 -07:00
ThreatIntelligenceIndicator Merge branch 'master' into addingWindowsForwardedEventsConncetor 2022-03-15 16:32:17 +02:00
TrendMicroXDR
VectraAI Update VectraDetect-Host-by-Severity.yaml 2022-02-08 11:08:44 +02:00
W3CIISLog
WindowsEvent Merge pull request #4237 from yaelrbergman/patch-2 2022-03-17 11:46:34 +02:00
ZoomLogs add support for techniques in validations 2022-01-16 13:33:29 +02:00
http_proxy_oab_CL
readme.md

readme.md

About

This folder contains Detections based on different types of data sources that you can leverage in order to create alerts and respond to threats in your environment.

For general information please start with the Wiki pages.

More Specific to Detections:

  • Contribute to Analytic Templates (Detections) and Hunting queries
  • Specifics on what is required for Detections and Hunting queries is in the Query Style Guide
  • These detections are written using KQL query langauge and will provide you a starting point to protect your environment and get familiar with the different data tables.
  • To enable these detections in your environment follow the out of the box guidance (Notice that after a detection is available in this GitHub, it might take up to 2 weeks before it is available in Microsoft Sentinel portal).
  • The rule created will run the query on the scheduled time that was defined, and trigger an alert that will be seen both in the SecurityAlert table and in a case in the Incidents tab

Feedback

For questions or feedback, please contact AzureSentinel@microsoft.com