Azure-Sentinel/Hunting Queries
“Jouni 34331ae44f Adding queries to look for abnormal sch task creation and launch 2024-10-06 14:57:52 +03:00
..
ASimProcess
ASimRegistry
AWSCloudTrail
AuditLogs
AzureActivity
AzureDevOpsAuditing
AzureDiagnostics
AzureStorage
BehaviorAnalytics
CloudAppEvents
CommonSecurityLog
DnsEvents
GitHub
LAQueryLogs
Microsoft 365 Defender Adding queries to look for abnormal sch task creation and launch 2024-10-06 14:57:52 +03:00
MultipleDataSources Query added in HighRiskSignInAroundAuthMethodOrDeviceRegistration.yaml 2024-08-12 19:32:22 +01:00
OfficeActivity
ProofpointPOD
SQLServer
SecurityAlert
SecurityEvent
SigninLogs
Syslog
ThreatIntelligenceIndicator
W3CIISLog
WireData
ZoomLogs
QUERY_TEMPLATE.md
readme.md

readme.md

About

This folder contains Hunting Queries based on different types of data sources that you can leverage in order to perform broad threat hunting in your environment.

For general information please start with the Wiki pages.

More Specific to Hunting Queries:

Feedback

For questions or feedback, please contact AzureSentinel@microsoft.com