История

v-atulyadav beb0e86c53 Merge pull request #10399 from JouniMi/impacket_wmiexec Adding query to hunt for impacket wmiexec		2024-04-29 11:42:10 +05:30
..
ASimProcess	up ver	2023-09-20 14:53:19 +03:00
ASimRegistry	Remaining tagging	2022-11-01 18:42:28 +05:30
AWSCloudTrail	Skip validations for hunting Queries and Analytic Rules	2022-10-13 16:28:02 +05:30
AuditLogs	Azure Active Directory to Entra ID	2023-11-11 16:56:17 +05:30
AzureActivity	Corrects cloudshell query logic (OperationName field is always empty).	2023-06-28 15:19:09 +03:00
AzureDevOpsAuditing	Azure Active Directory to Entra ID	2023-11-11 16:56:17 +05:30
AzureDiagnostics	Packaging Web Shells Threat Protection	2023-05-23 11:29:35 +05:30
AzureStorage	Azure Active Directory to Entra ID	2023-11-11 16:56:17 +05:30
BehaviorAnalytics	Azure Active Directory to Entra ID	2023-11-11 16:56:17 +05:30
CommonSecurityLog	updating whitespaces	2023-02-28 19:31:27 +05:30
DnsEvents	File path update hunting queries	2023-02-23 14:55:16 +05:30
GitHub	Updated HQ description for 255 char limit	2023-08-11 17:30:43 +05:30
LAQueryLogs	Hunting Queries KQL Validations	2023-02-07 16:48:24 +05:30
Microsoft 365 Defender	Merge pull request #10399 from JouniMi/impacket_wmiexec	2024-04-29 11:42:10 +05:30
MultipleDataSources	Update PrivilegedAccountPasswordChanges.yaml	2023-12-15 11:16:46 +05:30
OfficeActivity	BEC threat ceentric Solution Packaging	2023-08-04 16:49:31 +05:30
ProofpointPOD	Updating description	2023-02-28 18:46:12 +05:30
SQLServer	updating commas	2023-02-28 16:37:12 +05:30
SecurityAlert	Updating versions	2023-05-03 11:40:31 +05:30
SecurityEvent	Azure Active Directory to Entra ID	2023-11-11 16:56:17 +05:30
SigninLogs	Revert "Repackaging BusineessEmail Solution"	2024-03-04 19:39:25 +05:30
Syslog	Updated versions	2023-08-11 18:05:05 +05:30
ThreatIntelligenceIndicator	Merge branch 'master' into v-vdixit/file-path-update3	2023-02-28 18:54:19 +05:30
W3CIISLog	Updated for review comments	2023-08-17 09:47:55 +05:30
WireData	Updated versions	2023-08-11 18:05:05 +05:30
ZoomLogs	Updated versions	2023-08-11 18:05:05 +05:30
QUERY_TEMPLATE.md	Couple additional fixes	2021-02-01 08:22:36 -08:00
readme.md	Updating the name from “Azure Sentinel” to “Microsoft Sentinel” for Detection and Hunting Queries.	2021-11-09 18:41:23 -08:00

readme.md

About

This folder contains Hunting Queries based on different types of data sources that you can leverage in order to perform broad threat hunting in your environment.

For general information please start with the Wiki pages.

More Specific to Hunting Queries:

Contribute to Analytic Templates (Detections) and Hunting queries
Specifics on what is required for Detections and Hunting queries is in the Query Style Guide
These hunting queries are written using KQL query langauge and will provide you a starting point to protect your environment and get familiar with the different data tables.
Get started and learn how to hunt for threats in your environment with Microsoft Sentinel.

Feedback

For questions or feedback, please contact AzureSentinel@microsoft.com