cyberninjacat 92557a3a66 Query added in HighRiskSignInAroundAuthMethodOrDeviceRegistration.yaml		2024-08-12 19:32:22 +01:00
..
AADPrivilegedAccountsFailedMFA.yaml	fixing IdenityInfo connector reference. New PR as old one ran into some issue.	2023-11-13 12:11:57 -08:00
AnomolousSignInsBasedonTime.yaml	fixing IdenityInfo connector reference. New PR as old one ran into some issue.	2023-11-13 12:11:57 -08:00
ApplicationGrantedEWSPermissions.yaml	File path update hunting queries	2023-02-23 14:55:16 +05:30
AzureResourceAssignedPublicIP.yaml	updating whitespaces	2023-02-28 19:31:27 +05:30
AzureResourceCreationWithNetworkActivity.yaml	Updated HQ description for 255 char limit	2023-08-11 17:30:43 +05:30
AzureRunCommandMDELinked.yaml	Added queries and detections for cross tenant activity:	2021-10-24 23:24:41 -07:00
BackupDeletion.yaml	File path update hunting queries	2023-02-23 14:55:16 +05:30
CobaltDNSBeacon.yaml	updating whitespaces	2023-02-28 19:31:27 +05:30
CriticalOperationsWithSystemrestore.yaml	fixing IdenityInfo connector reference. New PR as old one ran into some issue.	2023-11-13 12:11:57 -08:00
Dev-0056CommandLineActivityNovember2021.yaml	File path update hunting queries	2023-02-23 14:55:16 +05:30
Dev-0322CommandLineActivityNovember2021(ASIMVersion).yaml	File path update hunting queries	2023-02-23 14:55:16 +05:30
Dev-0322CommandLineActivityNovember2021.yaml	File path update hunting queries	2023-02-23 14:55:16 +05:30
Dev-0322FileDropActivityNovember2021(ASIMVersion).yaml	File path update hunting queries	2023-02-23 14:55:16 +05:30
Dev-0322FileDropActivityNovember2021.yaml	File path update hunting queries	2023-02-23 14:55:16 +05:30
DormantServicePrincipalUpdateCredsandLogsIn.yaml	Added queries and detections for cross tenant activity:	2021-10-24 23:24:41 -07:00
DormantUserUpdateMFAandLogsIn-UEBA.yaml	Updating the name from “Azure Sentinel” to “Microsoft Sentinel” for Detection and Hunting Queries.	2021-11-09 18:41:23 -08:00
DormantUserUpdateMFAandLogsIn.yaml	Added queries and detections for cross tenant activity:	2021-10-24 23:24:41 -07:00
DownloadofNewFileUsingCurl.yaml	Added queries related to KNOTWEED activity	2022-07-26 16:18:19 -07:00
ExchangeServersAssociatedSecurityAlerts.yaml	GUID Updates	2021-03-25 18:31:46 +00:00
FailedSigninsWithAuditDetails.yaml	Updated HQ description for 255 char limit	2023-08-11 17:30:43 +05:30
FireEyeRedTeamComms.yaml	Hunting Query TimeFrame Updates	2021-04-15 17:52:25 -07:00
FirewallRuleChanges_using_netsh.yaml	Azure Active Directory to Entra ID	2023-11-11 16:56:17 +05:30
ForestBlizzard_IOC_RetroHunt.yaml	Standalone Content Renaming (#7981)	2023-05-08 18:52:09 +05:30
HighRiskSignInAroundAuthMethodOrDeviceRegistration.yaml	Query added in HighRiskSignInAroundAuthMethodOrDeviceRegistration.yaml	2024-08-12 19:32:22 +01:00
LogonwithExpiredAccount.yaml	Update LogonwithExpiredAccount.yaml	2023-04-28 17:00:50 +05:30
MailForwardingActivityFromNewLocation.yaml	Azure Active Directory to Entra ID	2023-11-11 16:56:17 +05:30
NetworkConnectionldap_log4j.yaml	File path update hunting queries	2023-02-23 14:55:16 +05:30
NetworkConnectiontoOMIPorts.yaml	File path update hunting queries	2023-02-23 14:55:16 +05:30
NonCompliantSigninwithBulkDownload.yaml	Update NonCompliantSigninwithBulkDownload.yaml	2022-12-06 12:59:23 -08:00
NylonTyphoonCommandLineActivity-Nov2021.yaml	Standalone Content Renaming (#7981)	2023-05-08 18:52:09 +05:30
NylonTyphoonRegIOCPatterns.yaml	Standalone Content Renaming (#7981)	2023-05-08 18:52:09 +05:30
PermutationsOnLogonNames.yaml	Updated HQ description for 255 char limit	2023-08-11 17:30:43 +05:30
PersistViaIFEORegistryKey.yaml	File path update hunting queries	2023-02-23 14:55:16 +05:30
PossibleCommandInjectionagainstAzureIR.yaml	Updating version and entity mapping	2023-06-13 18:55:36 +05:30
PotentialMicrosoftSecurityServicesTampering.yaml	File path update hunting queries	2023-02-23 14:55:16 +05:30
PotentialSSHTunneltoAADConnectHost.yaml	Moved to use inbuilt query	2023-03-27 15:12:12 -07:00
PrivilegedAccountPasswordChanges.yaml	Update PrivilegedAccountPasswordChanges.yaml	2023-12-15 11:16:46 +05:30
PrivilegedAccountsLockedOut.yaml	Update PrivilegedAccountsLockedOut.yaml	2023-12-11 17:17:13 +05:30
RareDNSLookupWithDataTransfer.yaml	Updated HQ description for 255 char limit	2023-08-11 17:30:43 +05:30
RareDomainsInCloudLogs.yaml	Updated HQ description for 255 char limit	2023-08-11 17:30:43 +05:30
ReconActivitywithInteractiveLogonCorrelation.yaml	adding connectorID	2022-03-10 17:05:47 +02:00
SQLAlertCorrelationwithCommonSecurityLogsandAuditLogs.yaml	Submitting with mapping entry changes	2021-07-30 12:33:27 -07:00
SolarWindsInventory.yaml	File path update hunting queries	2023-02-23 14:55:16 +05:30
StorageAccountKeyEnumerationWithSigninandAuditlogs.yaml	Changing _SubscriptionId to SubscriptionId as schema was updated awhile back. These still run, but we need to be using the update field name.	2022-03-29 16:24:50 -07:00
StorageAlertCorrelationwithCommonSecurityLogsandAuditLogs.yaml	Updating PR with EntityMapping	2021-07-30 12:14:54 -07:00
StorageAlertCorrelationwithCommonSecurityLogsandStorageLogs.yaml	Updating PR with EntityMapping	2021-07-30 12:14:54 -07:00
SuspiciousActivitiesRelatedToConfidentialDocuments.yaml	Added strong identifiers in mappings, projected more values, small corrections	2024-03-26 16:48:47 -07:00
TrackingPasswordChanges.yaml	Updated HQ description for 255 char limit	2023-08-11 17:30:43 +05:30
TrackingPrivAccounts.yaml	Updated HQ description for 255 char limit	2023-08-11 17:30:43 +05:30
UnfamiliarsignincorrelationwithPortalSigninandAuditlogs.yaml	Updating versions	2023-05-03 11:40:31 +05:30
UnicodeObfuscationInCommandLine.yaml	File path update hunting queries	2023-02-23 14:55:16 +05:30
UserGrantedAccess_CreatesResources.yaml	Remaining tagging	2022-11-01 18:42:28 +05:30
UseragentExploitPentest.yaml	updating whitespaces	2023-02-28 19:31:27 +05:30