История

Ajeet Prakash (MSTIC) 93e5695871 Updating the query		2021-11-08 15:56:58 -08:00
..
ASimProcess	Fix DvcHostName -> DvcHostName	2021-07-05 13:57:52 +03:00
AWSCloudTrail	more fixes	2021-08-06 14:29:41 -07:00
AWSS3	Fixes	2021-08-06 14:12:37 -07:00
AuditLogs	more fixes	2021-08-06 17:15:28 -07:00
AzureActivity	Added queries and detections for cross tenant activity:	2021-10-24 23:24:41 -07:00
AzureDevOpsAuditing	Removed the deprecated MITRE techniques from hunting and detection queries and updating them with the latest ones that seem most appropriate.	2021-08-12 10:58:18 -07:00
AzureDiagnostics	updating logic to use new value	2021-09-17 18:03:35 -07:00
AzureStorage	Updating queries with common timestamp param to support future features.	2021-09-10 10:10:13 -07:00
BehaviorAnalytics	Updating queries with common timestamp param to support future features.	2021-09-10 10:10:13 -07:00
CommonSecurityLog	Updating queries with common timestamp param to support future features.	2021-09-10 10:10:13 -07:00
DnsEvents	Updating queries with common timestamp param to support future features.	2021-09-10 10:10:13 -07:00
GitHub	Removed the deprecated MITRE techniques from hunting and detection queries and updating them with the latest ones that seem most appropriate.	2021-08-12 10:58:18 -07:00
LAQueryLogs	Merge pull request #2803 from Azure/pebryan/2021-8-9_Watchlists	2021-08-19 13:13:18 -07:00
MultipleDataSources	Updating the query	2021-11-08 15:56:58 -08:00
OfficeActivity	Updating queries with common timestamp param to support future features.	2021-09-10 10:10:13 -07:00
ProofpointPOD	Fixes	2021-08-06 14:12:37 -07:00
SQLServer	Hunting Query TimeFrame Updates	2021-04-15 17:52:25 -07:00
SecurityAlert	replacing deprecated parsejson with parse_json	2021-08-17 12:26:48 -07:00
SecurityEvent	Fixes	2021-08-06 14:12:37 -07:00
SigninLogs	Merge pull request #3351 from Azure/ashwin/aadsecops	2021-11-08 13:40:09 -08:00
Syslog	improved SCX Execute RunAsProvder to cover older versions of AUOMS	2021-09-24 03:04:35 -04:00
ThreatIntelligenceIndicator	Sylog to Zoom	2021-08-06 13:39:23 -07:00
W3CIISLog	Updating queries with common timestamp param to support future features.	2021-09-10 10:10:13 -07:00
WireData	Removed the deprecated MITRE techniques from hunting and detection queries and updating them with the latest ones that seem most appropriate.	2021-08-12 10:58:18 -07:00
ZoomLogs	Removed the deprecated MITRE techniques from hunting and detection queries and updating them with the latest ones that seem most appropriate.	2021-08-12 10:58:18 -07:00
QUERY_TEMPLATE.md	…
readme.md	…

readme.md

About

This folder contains Hunting Queries based on different types of data sources that you can leverage in order to perform broad threat hunting in your environment.

For general information please start with the Wiki pages.

More Specific to Hunting Queries:

Contribute to Analytic Templates (Detections) and Hunting queries
Specifics on what is required for Detections and Hunting queries is in the Query Style Guide
These hunting queries are written using KQL query langauge and will provide you a starting point to protect your environment and get familiar with the different data tables.
Get started and learn how to hunt for threats in your environment with Azure Sentinel.

Feedback

For questions or feedback, please contact AzureSentinel@microsoft.com