История

Igal Shapira 59d89255b3 UEBA queries - fix tactics to be with no white spaces		2021-01-17 13:52:14 +02:00
..
AWSCloudTrail	PR review fixes	2020-05-01 16:09:07 -07:00
AWSS3	Related links added as suggested by Julian	2020-09-25 17:02:18 -07:00
AuditLogs	Update StsRefreshTokenModification.yaml	2021-01-08 15:41:41 -08:00
AzureActivity	solarigate queries	2020-12-17 14:10:48 +00:00
AzureDevOpsAuditing	Upd Tactics/Techniques, combined hunting folder	2020-07-17 09:41:49 -07:00
AzureDiagnostics	fixed missing datatype to align with other	2020-07-23 16:24:40 -07:00
BehaviorAnalytics	UEBA queries - fix tactics to be with no white spaces	2021-01-17 13:52:14 +02:00
DnsEvents	adding tags	2021-01-15 17:26:22 -08:00
GitHub	Merge pull request #1493 from BenMcGarry/patch-4	2021-01-07 17:49:23 -08:00
LAQueryLogs	🐛 Remove NBSPs where they break API interaction	2020-12-11 12:57:34 +00:00
MultipleDataSources	adding tags	2021-01-15 17:26:22 -08:00
OfficeActivity	adding tags	2021-01-15 17:26:22 -08:00
SQLServer	Updated Queries	2020-07-29 20:05:49 +05:30
SecurityAlert	Fixes for IP, User, Process	2020-10-20 17:48:45 -07:00
SecurityEvent	adding tags	2021-01-15 17:26:22 -08:00
SigninLogs	adding tags	2021-01-15 17:26:22 -08:00
Syslog	Update RareProcess_ForLxHost.yaml	2020-10-19 11:32:11 -07:00
TeamsLogs	removed requiredConnectors for CustomConnector	2020-07-28 12:16:55 -07:00
ThreatIntelligenceIndicator	Add ThreatIntelligenceTaxii as data connector	2020-08-25 10:56:21 +01:00
W3CIISLog	adding tags	2021-01-15 17:26:22 -08:00
WireData	Changing GUIDs of hunting queries that had duplicates from Detection queries	2020-04-13 10:52:12 -07:00
ZoomLogs	removed requiredConnectors for CustomConnector	2020-07-28 12:16:55 -07:00
QUERY_TEMPLATE.md	pushing initial version of PrivAccountTracking and some minor fixes	2019-03-29 12:36:39 -07:00
readme.md	Update readme.md	2020-06-26 11:47:58 -07:00

readme.md

About

This folder contains Hunting Queries based on different types of data sources that you can leverage in order to perform broad threat hunting in your environment.

For general information please start with the Wiki pages.

More Specific to Hunting Queries:

Contribute to Analytic Templates (Detections) and Hunting queries
Specifics on what is required for Detections and Hunting queries is in the Query Style Guide
These hunting queries are written using KQL query langauge and will provide you a starting point to protect your environment and get familiar with the different data tables.
Get started and learn how to hunt for threats in your environment with Azure Sentinel.

Feedback

For questions or feedback, please contact AzureSentinel@microsoft.com