Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
Azure-Sentinel/Detections
История
aprakash13 c68495bf70
Update New-CloudShell-User.yaml 		2021-10-11 17:07:29 -07:00
..
ASimAuthentication adding kind property to exisitng templates 2021-09-29 15:22:39 +03:00
ASimDNS adding kind property to exisitng templates 2021-09-29 15:22:39 +03:00
ASimFileEvent adding kind property to exisitng templates 2021-09-29 15:22:39 +03:00
ASimProcess adding kind property to exisitng templates 2021-09-29 15:22:39 +03:00
AWSCloudTrail adding kind property to exisitng templates 2021-09-29 15:22:39 +03:00
AlsidForAD adding kind property to exisitng templates 2021-09-29 15:22:39 +03:00
AuditLogs adding kind property to exisitng templates 2021-09-29 15:22:39 +03:00
AzureActivity Update New-CloudShell-User.yaml 2021-10-11 17:07:29 -07:00
AzureAppServices adding kind property to exisitng templates 2021-09-29 15:22:39 +03:00
AzureDevOpsAuditing adding kind property to exisitng templates 2021-09-29 15:22:39 +03:00
AzureDiagnostics Merge pull request #3172 from Azure/shainw-ARG1 2021-10-05 06:39:05 -07:00
AzureFirewall adding kind property to exisitng templates 2021-09-29 15:22:39 +03:00
CiscoUmbrella adding kind property to exisitng templates 2021-09-29 15:22:39 +03:00
Cognni adding kind property to exisitng templates 2021-09-29 15:22:39 +03:00
CommonSecurityLog adding kind property to exisitng templates 2021-09-29 15:22:39 +03:00
CyberpionSecurityLogs adding kind property to exisitng templates 2021-09-29 15:22:39 +03:00
DeviceEvents adding kind property to exisitng templates 2021-09-29 15:22:39 +03:00
DeviceFileEvents adding kind property to exisitng templates 2021-09-29 15:22:39 +03:00
DeviceNetworkEvents adding kind property to exisitng templates 2021-09-29 15:22:39 +03:00
DeviceProcessEvents adding kind property to exisitng templates 2021-09-29 15:22:39 +03:00
DnsEvents adding kind property to exisitng templates 2021-09-29 15:22:39 +03:00
Duo Security adding kind property to exisitng templates 2021-09-29 15:22:39 +03:00
EsetSMC adding kind property to exisitng templates 2021-09-29 15:22:39 +03:00
GitHub adding kind property to exisitng templates 2021-09-29 15:22:39 +03:00
Heartbeat adding kind property to exisitng templates 2021-09-29 15:22:39 +03:00
InfobloxNIOS adding kind property to exisitng templates 2021-09-29 15:22:39 +03:00
LAQueryLogs adding kind property to exisitng templates 2021-09-29 15:22:39 +03:00
MultipleDataSources adding kind property to exisitng templates 2021-09-29 15:22:39 +03:00
OfficeActivity Merge branch 'master' into pr-malicious-inbox-triggering 2021-10-03 18:39:37 -07:00
OktaSSO adding kind property to exisitng templates 2021-09-29 15:22:39 +03:00
ProofpointPOD adding kind property to exisitng templates 2021-09-29 15:22:39 +03:00
PulseConnectSecure adding kind property to exisitng templates 2021-09-29 15:22:39 +03:00
QualysVM adding kind property to exisitng templates 2021-09-29 15:22:39 +03:00
QualysVMV2 updated dataType for Qualys V2 version 2021-08-17 12:01:52 +05:30
SecurityAlert Adding with description change 2021-10-05 11:02:04 -07:00
SecurityEvent Update SolorigateNamedPipe.yaml 2021-09-30 12:58:27 -07:00
SecurityNestedRecommendation adding kind property to exisitng templates 2021-09-29 15:22:39 +03:00
SigninLogs adding kind property to exisitng templates 2021-09-29 15:22:39 +03:00
SophosXGFirewall adding kind property to exisitng templates 2021-09-29 15:22:39 +03:00
SymantecProxySG adding kind property to exisitng templates 2021-09-29 15:22:39 +03:00
SymantecVIP adding kind property to exisitng templates 2021-09-29 15:22:39 +03:00
Syslog adding kind property to exisitng templates 2021-09-29 15:22:39 +03:00
ThreatIntelligenceIndicator adding kind property to exisitng templates 2021-09-29 15:22:39 +03:00
TrendMicroXDR adding kind property to exisitng templates 2021-09-29 15:22:39 +03:00
VMwareCarbonBlack adding kind property to exisitng templates 2021-09-29 15:22:39 +03:00
VectraAI adding kind property to exisitng templates 2021-09-29 15:22:39 +03:00
W3CIISLog adding kind property to exisitng templates 2021-09-29 15:22:39 +03:00
ZoomLogs adding kind property to exisitng templates 2021-09-29 15:22:39 +03:00
http_proxy_oab_CL remove duplicate kind 2021-09-29 15:30:55 +03:00
readme.md Update readme.md 2021-05-08 18:58:44 +03:00

readme.md

About

This folder contains Detections based on different types of data sources that you can leverage in order to create alerts and respond to threats in your environment.

For general information please start with the Wiki pages.

More Specific to Detections:

  • Contribute to Analytic Templates (Detections) and Hunting queries
  • Specifics on what is required for Detections and Hunting queries is in the Query Style Guide
  • These detections are written using KQL query langauge and will provide you a starting point to protect your environment and get familiar with the different data tables.
  • To enable these detections in your environment follow the out of the box guidance (Notice that after a detection is available in this GitHub, it might take up to 2 weeks before it is available in Azure Sentinel portal).
  • The rule created will run the query on the scheduled time that was defined, and trigger an alert that will be seen both in the SecurityAlert table and in a case in the Incidents tab

Feedback

For questions or feedback, please contact AzureSentinel@microsoft.com