Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
Azure-Sentinel/Detections
История
elforb 851627ca83
Symantec VIP Template Package (#5039) 
* Symantec VIP Template Package

* preview + id fixes

* handle review comments

* 3p fix

* branding fix
 		2022-05-26 16:24:47 +05:30
..
ASimAuthentication Fix template version format 2022-04-04 13:49:49 +03:00
ASimDNS asim/fix-dns-ti-rule 2022-04-27 16:42:52 +03:00
ASimFileEvent Updated version 2022-03-02 15:09:46 -08:00
ASimNetworkSession asim/fix-dns-ti-rule 2022-04-27 16:42:52 +03:00
ASimProcess Updated version 2022-03-02 15:09:46 -08:00
ASimWebSession remove-tabs-from-detections 2022-04-10 10:27:06 +03:00
AWSCloudTrail Fixed typos in descriptions 2022-02-08 09:37:38 -08:00
AWSGuardDuty Fixing typo 2022-02-09 00:47:34 +05:30
AuditLogs Update NRT_PrivlegedRoleAssignedOutsidePIM.yaml 2022-04-22 19:16:41 +05:30
AzureActivity Update NRT_Creation_of_Expensive_Computes_in_Azure.yaml 2022-03-31 23:46:19 +05:30
AzureAppServices
AzureDevOpsAuditing return sub techniques 2022-01-17 17:53:26 +02:00
AzureDiagnostics New NRT Rules Created 2022-02-07 15:31:00 -08:00
AzureFirewall add support for techniques in validations 2022-01-16 13:33:29 +02:00
CiscoUmbrella Merge branch 'master' into ashwin/connector-fixes 2021-12-08 17:45:20 -08:00
CommonSecurityLog Create Package 2022-05-25 19:57:35 +05:30
DeviceEvents Updates 4 more scheduled alert rule techniques. 2022-02-23 13:02:50 +02:00
DeviceFileEvents Updates 4 more scheduled alert rule techniques. 2022-02-23 13:02:50 +02:00
DeviceNetworkEvents Corrects multiple detection rule's techniques-tactics mappings. 2022-02-23 09:50:47 +02:00
DeviceProcessEvents Corrects Algorithm Entity values for Solarwinds scheduled alert rules. 2022-02-01 17:33:19 +02:00
DnsEvents New NRT Rules Created 2022-02-07 15:31:00 -08:00
Duo Security
GitHub
Heartbeat
LAQueryLogs
MultipleDataSources Merge pull request #4233 from ep3p/patch-2 2022-04-25 02:48:54 -07:00
OfficeActivity Project Original Parameters 2022-04-18 16:00:41 +02:00
ProofpointPOD
QualysVM
QualysVMV2
SecurityAlert changes and fixes 2022-05-09 13:12:50 -07:00
SecurityEvent Merge pull request #4525 from samikroy/patch-18 2022-04-22 07:53:46 -07:00
SecurityNestedRecommendation Detection query for Vulnerable Machines related to log4j CVE-2021-44228 using Microsoft Defender for Cloud data 2021-12-14 10:52:52 -08:00
SigninLogs Merge pull request #4349 from ep3p/patch-6 2022-05-11 05:13:51 -07:00
ThreatIntelligenceIndicator Update IPEntity_W3CIISLog.yaml 2022-04-26 14:55:48 +05:30
W3CIISLog
WindowsEvent Merge pull request #5003 from yaelrbergman/patch-4 2022-05-24 13:37:29 +05:30
ZoomLogs add support for techniques in validations 2022-01-16 13:33:29 +02:00
http_proxy_oab_CL
readme.md

readme.md

About

This folder contains Detections based on different types of data sources that you can leverage in order to create alerts and respond to threats in your environment.

For general information please start with the Wiki pages.

More Specific to Detections:

  • Contribute to Analytic Templates (Detections) and Hunting queries
  • Specifics on what is required for Detections and Hunting queries is in the Query Style Guide
  • These detections are written using KQL query langauge and will provide you a starting point to protect your environment and get familiar with the different data tables.
  • To enable these detections in your environment follow the out of the box guidance (Notice that after a detection is available in this GitHub, it might take up to 2 weeks before it is available in Microsoft Sentinel portal).
  • The rule created will run the query on the scheduled time that was defined, and trigger an alert that will be seen both in the SecurityAlert table and in a case in the Incidents tab

Feedback

For questions or feedback, please contact AzureSentinel@microsoft.com