| .. |
|
ADAccountLockouts.yaml
|
Update ADAccountLockouts.yaml
|
2020-07-17 16:38:18 -07:00 |
|
CustomUserList_FailedLogons.yaml
|
Documentation links should not include locale - fix and add validations (#678)
|
2020-05-13 15:07:12 +03:00 |
|
FailedUserLogons.yaml
|
Updating entities and putting in YAML format
|
2019-09-03 15:10:13 -07:00 |
|
GroupAddedToPrivlegeGroup.yaml
|
Add a comment about DnsAdmins and DnsUpdatePorxy
|
2020-06-20 10:31:34 -04:00 |
|
HostExportingMailboxAndRemovingExport.yaml
|
adding tags
|
2021-01-15 17:26:22 -08:00 |
|
HostsWithNewLogons.yaml
|
fix for partner reported issue
|
2019-10-11 19:02:10 +01:00 |
|
Least_Common_Parent_Child_Process.yaml
|
updated to yaml files
|
2020-06-04 18:22:23 -07:00 |
|
Least_Common_Process_Command_Lines.yaml
|
updated to yaml files
|
2020-06-04 18:22:23 -07:00 |
|
Least_Common_Process_With_Depth.yaml
|
updated to yaml files
|
2020-06-04 18:22:23 -07:00 |
|
MultipleExplicitCredentialUsage4648Events.yaml
|
adding tags
|
2021-01-15 17:26:22 -08:00 |
|
ProcessEntropy.yaml
|
Update ProcessEntropy.yaml
|
2020-11-30 08:43:21 -08:00 |
|
RareProcbyServiceAccount.yaml
|
Updating entities and putting in YAML format
|
2019-09-03 15:10:13 -07:00 |
|
RareProcessPath.yaml
|
correcting query text to fix yaml parsing
|
2020-02-11 13:02:51 -08:00 |
|
RareProcessWithCmdLine.yaml
|
Update RareProcessWithCmdLine.yaml
|
2020-10-16 11:43:59 -07:00 |
|
RareProcess_forWinHost.yaml
|
These queries do not work as expansion. Converted to hunting
|
2020-07-26 20:17:45 +03:00 |
|
Suspicious_Windows_Login_outside_normal_hours.yaml
|
changes per PR Review
|
2020-09-01 12:56:22 -07:00 |
|
Suspicious_enumeration_using_adfind.yaml
|
adding tags
|
2021-01-15 17:26:22 -08:00 |
|
User Logons By Logon Type.yaml
|
Updating entities and putting in YAML format
|
2019-09-03 15:10:13 -07:00 |
|
UserAccountAddedToPrivlegeGroup.yaml
|
Documentation links should not include locale - fix and add validations (#678)
|
2020-05-13 15:07:12 +03:00 |
|
UserAccountCreatedDeleted.yaml
|
Updating entities and putting in YAML format
|
2019-09-03 15:10:13 -07:00 |
|
UserAdd_RemToGroupByUnauthorizedUser.yaml
|
Updating entities and putting in YAML format
|
2019-09-03 15:10:13 -07:00 |
|
UserCreatedByUnauthorizedUser.yaml
|
Updating entities and putting in YAML format
|
2019-09-03 15:10:13 -07:00 |
|
VIPAccountFailedLogons.yaml
|
Updating entities and putting in YAML format
|
2019-09-03 15:10:13 -07:00 |
|
WindowsSystemTimeChange.yaml
|
Update WindowsSystemTimeChange.yaml
|
2020-10-27 10:33:23 -07:00 |
|
cscript_summary.yaml
|
Updating entities and putting in YAML format
|
2019-09-03 15:10:13 -07:00 |
|
enumeration_user_and_group.yaml
|
Updating entities and putting in YAML format
|
2019-09-03 15:10:13 -07:00 |
|
masquerading_files.yaml
|
Updating entities and putting in YAML format
|
2019-09-03 15:10:13 -07:00 |
|
new_processes.yaml
|
missed a couple timestamps
|
2019-09-04 08:35:55 -07:00 |
|
persistence_create_account.yaml
|
Updating entities and putting in YAML format
|
2019-09-03 15:10:13 -07:00 |
|
powershell_downloads.yaml
|
missed a couple timestamps
|
2019-09-04 08:35:55 -07:00 |
|
powershell_newencodedscipts.yaml
|
missed a couple timestamps
|
2019-09-04 08:35:55 -07:00 |
|
uncommon_processes.yaml
|
Updating entities and putting in YAML format
|
2019-09-03 15:10:13 -07:00 |
