Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
Azure-Sentinel/Detections
История
Shain 354e25e587
Merge pull request #1097 from swiftsolves-msft/nateswift-detect-ti 
Create IPEntity_AzureNetworkAnalytics.yaml
 		2020-10-08 11:46:54 -07:00
..
AWSCloudTrail Fixed metadata issues and moved RareClientFileAccess back to hunting as it needs further work 2020-06-03 06:44:36 -07:00
AuditLogs changes based on PR review 2020-07-16 18:47:15 -07:00
AzureActivity changes per PR Review 2020-09-01 12:53:33 -07:00
AzureDevOpsAuditing Fixing up bugs related to missing items in schema or output values missing from query 2020-07-23 11:45:41 -07:00
AzureDiagnostics corrected connnector for Keyvault 2020-09-09 11:25:14 -07:00
CommonSecurityLog Update Zscaler-LowVolumeDomainRequests.yaml 2020-09-17 18:01:43 +01:00
DnsEvents Merge branch 'master' into pebryan-dns-hunting-bugbash 2020-08-13 11:38:06 -07:00
EsetSMC adding Eset SMC parser (#476) 2020-07-08 17:55:11 -07:00
GitHub Merge pull request #987 from Azure/itay/fixGithubDetections2 2020-09-21 07:09:15 -07:00
InfobloxNIOS Update ExcessiveNXDOMAINDNSQueries.yaml (#1021) 2020-08-31 14:53:11 +03:00
LAQueryLogs PR comments changes 2020-09-22 14:21:47 -07:00
MultipleDataSources Update AWSConsoleAADCorrelation.yaml 2020-09-01 09:54:22 -07:00
OfficeActivity Merge branch 'master' into patch-1 2020-10-02 11:47:21 +05:30
OktaSSO revisions 2020-08-27 08:53:09 -07:00
ProofpointTAP Proofpoint Bug Bash changes 2020-08-31 07:51:25 -07:00
PulseConnectSecure Rename PulseConnectSecureVPN-PasswordSpray.yaml to PulseConnectSecureVPN-DistinctFailedUserLogin.yaml 2020-09-17 11:42:21 -07:00
QualysVM ACNCD_Custom_DataConnector_v2 (#729) 2020-06-19 14:00:16 -07:00
SecurityAlert Update CorrelateIPC_Unfamiliar-Atypical 2020-09-25 10:09:11 +02:00
SecurityEvent Merge pull request #1090 from Azure/BugFix_FailedLogonAttemptswithin10m 2020-09-17 13:54:25 -07:00
SigninLogs change directory: Detections/SigninLogs/GitHub Activities from Infrequent Country.yaml -> Detections/GitHub/GitHub Activities from Infrequent Country.yaml 2020-09-21 12:29:24 +03:00
SophosXGFirewall ACNCD_DataConnectors_final (#767) 2020-07-07 15:25:53 -07:00
SymantecProxySG ACNCD_DataConnectors_final (#767) 2020-07-07 15:25:53 -07:00
SymantecVIP Fixing up bugs related to missing items in schema or output values missing from query 2020-07-23 11:45:41 -07:00
Syslog Update ssh_potentialBruteForce.yaml 2020-08-13 11:47:53 -07:00
ThreatIntelligenceIndicator Merge pull request #1097 from swiftsolves-msft/nateswift-detect-ti 2020-10-08 11:46:54 -07:00
VMwareCarbonBlack Fixing up bugs related to missing items in schema or output values missing from query 2020-07-23 11:45:41 -07:00
W3CIISLog Merge pull request #704 from robMSFT/robMSFT-WebShellCorrelate 2020-06-03 21:12:54 -07:00
ZoomLogs Fixing up bugs related to missing items in schema or output values missing from query 2020-07-23 11:45:41 -07:00
readme.md Update readme.md 2020-06-26 11:46:22 -07:00

readme.md

About

This folder contains Detections based on different types of data sources that you can leverage in order to create alerts and respond to threats in your environment.

For general information please start with the Wiki pages.

More Specific to Detections:

  • Contribute to Analytic Templates (Detections) and Hunting queries
  • Specifics on what is required for Detections and Hunting queries is in the Query Style Guide
  • These detections are written using KQL query langauge and will provide you a starting point to protect your environment and get familiar with the different data tables.
  • To enable these detections in your environment follow the out of the box guidance.
  • The rule created will run the query on the scheduled time that was defined, and trigger an alert that will be seen both in the SecurityAlert table and in a case in the Incidents tab

Feedback

For questions or feedback, please contact AzureSentinel@microsoft.com