Azure-Sentinel/Hunting Queries
“Jouni 34331ae44f Adding queries to look for abnormal sch task creation and launch 2024-10-06 14:57:52 +03:00
..
ASimProcess up ver 2023-09-20 14:53:19 +03:00
ASimRegistry Remaining tagging 2022-11-01 18:42:28 +05:30
AWSCloudTrail Skip validations for hunting Queries and Analytic Rules 2022-10-13 16:28:02 +05:30
AuditLogs Updated ApprovedAccessPackagesDetails.yaml 2024-07-20 11:41:38 +01:00
AzureActivity Corrects cloudshell query logic (OperationName field is always empty). 2023-06-28 15:19:09 +03:00
AzureDevOpsAuditing Azure Active Directory to Entra ID 2023-11-11 16:56:17 +05:30
AzureDiagnostics Packaging Web Shells Threat Protection 2023-05-23 11:29:35 +05:30
AzureStorage Azure Active Directory to Entra ID 2023-11-11 16:56:17 +05:30
BehaviorAnalytics Azure Active Directory to Entra ID 2023-11-11 16:56:17 +05:30
CloudAppEvents Added strong identifiers in mappings, projected more values, small corrections 2024-03-26 16:48:47 -07:00
CommonSecurityLog updating whitespaces 2023-02-28 19:31:27 +05:30
DnsEvents File path update hunting queries 2023-02-23 14:55:16 +05:30
GitHub Updated HQ description for 255 char limit 2023-08-11 17:30:43 +05:30
LAQueryLogs Hunting Queries KQL Validations 2023-02-07 16:48:24 +05:30
Microsoft 365 Defender Adding queries to look for abnormal sch task creation and launch 2024-10-06 14:57:52 +03:00
MultipleDataSources Query added in HighRiskSignInAroundAuthMethodOrDeviceRegistration.yaml 2024-08-12 19:32:22 +01:00
OfficeActivity BEC threat ceentric Solution Packaging 2023-08-04 16:49:31 +05:30
ProofpointPOD Updating description 2023-02-28 18:46:12 +05:30
SQLServer updating commas 2023-02-28 16:37:12 +05:30
SecurityAlert Updating versions 2023-05-03 11:40:31 +05:30
SecurityEvent Azure Active Directory to Entra ID 2023-11-11 16:56:17 +05:30
SigninLogs Revert "Repackaging BusineessEmail Solution" 2024-03-04 19:39:25 +05:30
Syslog Updated versions 2023-08-11 18:05:05 +05:30
ThreatIntelligenceIndicator Merge branch 'master' into v-vdixit/file-path-update3 2023-02-28 18:54:19 +05:30
W3CIISLog Updated for review comments 2023-08-17 09:47:55 +05:30
WireData Updated versions 2023-08-11 18:05:05 +05:30
ZoomLogs Updated versions 2023-08-11 18:05:05 +05:30
QUERY_TEMPLATE.md
readme.md

readme.md

About

This folder contains Hunting Queries based on different types of data sources that you can leverage in order to perform broad threat hunting in your environment.

For general information please start with the Wiki pages.

More Specific to Hunting Queries:

Feedback

For questions or feedback, please contact AzureSentinel@microsoft.com