Azure-Sentinel/Hunting Queries
v-atulyadav 8f13a73e52
Merge pull request #9323 from jischell-msft/jischell-msft/rmm
Add hunting queries for Remote Monitoring and Management tools
2023-11-29 08:10:45 +05:30
..
ASimProcess up ver 2023-09-20 14:53:19 +03:00
ASimRegistry Remaining tagging 2022-11-01 18:42:28 +05:30
AWSCloudTrail Skip validations for hunting Queries and Analytic Rules 2022-10-13 16:28:02 +05:30
AuditLogs Azure Active Directory to Entra ID 2023-11-11 16:56:17 +05:30
AzureActivity Corrects cloudshell query logic (OperationName field is always empty). 2023-06-28 15:19:09 +03:00
AzureDevOpsAuditing Azure Active Directory to Entra ID 2023-11-11 16:56:17 +05:30
AzureDiagnostics Packaging Web Shells Threat Protection 2023-05-23 11:29:35 +05:30
AzureStorage Azure Active Directory to Entra ID 2023-11-11 16:56:17 +05:30
BehaviorAnalytics Azure Active Directory to Entra ID 2023-11-11 16:56:17 +05:30
CommonSecurityLog updating whitespaces 2023-02-28 19:31:27 +05:30
DnsEvents File path update hunting queries 2023-02-23 14:55:16 +05:30
GitHub Updated HQ description for 255 char limit 2023-08-11 17:30:43 +05:30
LAQueryLogs Hunting Queries KQL Validations 2023-02-07 16:48:24 +05:30
Microsoft 365 Defender Merge pull request #9323 from jischell-msft/jischell-msft/rmm 2023-11-29 08:10:45 +05:30
MultipleDataSources fixing IdenityInfo connector reference. New PR as old one ran into some issue. 2023-11-13 12:11:57 -08:00
OfficeActivity BEC threat ceentric Solution Packaging 2023-08-04 16:49:31 +05:30
ProofpointPOD Updating description 2023-02-28 18:46:12 +05:30
SQLServer updating commas 2023-02-28 16:37:12 +05:30
SecurityAlert Updating versions 2023-05-03 11:40:31 +05:30
SecurityEvent Azure Active Directory to Entra ID 2023-11-11 16:56:17 +05:30
SigninLogs fixing IdenityInfo connector reference. New PR as old one ran into some issue. 2023-11-13 12:11:57 -08:00
Syslog Updated versions 2023-08-11 18:05:05 +05:30
ThreatIntelligenceIndicator Merge branch 'master' into v-vdixit/file-path-update3 2023-02-28 18:54:19 +05:30
W3CIISLog Updated for review comments 2023-08-17 09:47:55 +05:30
WireData Updated versions 2023-08-11 18:05:05 +05:30
ZoomLogs Updated versions 2023-08-11 18:05:05 +05:30
QUERY_TEMPLATE.md Couple additional fixes 2021-02-01 08:22:36 -08:00
readme.md Updating the name from “Azure Sentinel” to “Microsoft Sentinel” for Detection and Hunting Queries. 2021-11-09 18:41:23 -08:00

readme.md

About

This folder contains Hunting Queries based on different types of data sources that you can leverage in order to perform broad threat hunting in your environment.

For general information please start with the Wiki pages.

More Specific to Hunting Queries:

Feedback

For questions or feedback, please contact AzureSentinel@microsoft.com