Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
Azure-Sentinel/Detections
История
aprakash13 024478d425
Merge pull request #4782 from TheAlistairRoss/patch-3 
Update AuthenticationMethodsChangedforPrivilegedAccount.yaml
 		2022-06-13 18:09:01 -07:00
..
ASimAuthentication Fix template version format 2022-04-04 13:49:49 +03:00
ASimDNS asim/fix-dns-ti-rule 2022-04-27 16:42:52 +03:00
ASimFileEvent Updated version 2022-03-02 15:09:46 -08:00
ASimNetworkSession asim/fix-dns-ti-rule 2022-04-27 16:42:52 +03:00
ASimProcess Updated version 2022-03-02 15:09:46 -08:00
ASimWebSession remove-tabs-from-detections 2022-04-10 10:27:06 +03:00
AWSCloudTrail Fixed typos in descriptions 2022-02-08 09:37:38 -08:00
AWSGuardDuty Fixing typo 2022-02-09 00:47:34 +05:30
AuditLogs Update UserAssignedPrivilegedRole.yaml 2022-05-24 17:15:47 +02:00
AzureActivity Update NRT_Creation_of_Expensive_Computes_in_Azure.yaml 2022-03-31 23:46:19 +05:30
AzureAppServices add Scheduled kind to all exisitng templates (solutions + detections) 2021-10-19 16:51:50 +03:00
AzureDevOpsAuditing Adding new NRT rule 2022-06-12 00:13:08 +05:30
AzureDiagnostics New NRT Rules Created 2022-02-07 15:31:00 -08:00
AzureFirewall add support for techniques in validations 2022-01-16 13:33:29 +02:00
CiscoUmbrella Merge branch 'master' into ashwin/connector-fixes 2021-12-08 17:45:20 -08:00
CommonSecurityLog Merge pull request #5170 from Azure/cefchanges/individualContent-1 2022-06-09 11:57:19 +05:30
DeviceEvents Updates 4 more scheduled alert rule techniques. 2022-02-23 13:02:50 +02:00
DeviceFileEvents Updates 4 more scheduled alert rule techniques. 2022-02-23 13:02:50 +02:00
DeviceNetworkEvents Corrects multiple detection rule's techniques-tactics mappings. 2022-02-23 09:50:47 +02:00
DeviceProcessEvents Corrects Algorithm Entity values for Solarwinds scheduled alert rules. 2022-02-01 17:33:19 +02:00
DnsEvents New NRT Rules Created 2022-02-07 15:31:00 -08:00
Duo Security add Scheduled kind to all exisitng templates (solutions + detections) 2021-10-19 16:51:50 +03:00
GitHub add Scheduled kind to all exisitng templates (solutions + detections) 2021-10-19 16:51:50 +03:00
Heartbeat Removing new tactic 2021-12-01 11:51:20 +01:00
LAQueryLogs Update Scheduled 2021-11-11 11:19:31 +01:00
MultipleDataSources Merge pull request #4782 from TheAlistairRoss/patch-3 2022-06-13 18:09:01 -07:00
OfficeActivity Project Original Parameters 2022-04-18 16:00:41 +02:00
ProofpointPOD Update ProofpointPODEmailSenderIPinTIList.yaml 2021-12-01 16:17:01 -08:00
QualysVM add Scheduled kind to all exisitng templates (solutions + detections) 2021-10-19 16:51:50 +03:00
QualysVMV2 Update NewHighSeverityVulnDetectedAcrossMulitpleHostsV2.yaml 2021-12-07 17:14:29 +02:00
SecurityAlert changes and fixes 2022-05-09 13:12:50 -07:00
SecurityEvent Merge pull request #4525 from samikroy/patch-18 2022-04-22 07:53:46 -07:00
SecurityNestedRecommendation Detection query for Vulnerable Machines related to log4j CVE-2021-44228 using Microsoft Defender for Cloud data 2021-12-14 10:52:52 -08:00
SigninLogs Update SigninBruteForce-AzurePortal.yaml 2022-06-06 12:04:18 -07:00
Syslog Revert "Package Creation for Syslog-- DO NOT MERGE AS 1P" (#5140) 2022-05-31 12:36:05 +05:30
ThreatIntelligenceIndicator Merge pull request #5269 from ep3p/patch-5 2022-06-13 17:56:25 -07:00
W3CIISLog add Scheduled kind to all exisitng templates (solutions + detections) 2021-10-19 16:51:50 +03:00
WindowsEvent Merge pull request #5003 from yaelrbergman/patch-4 2022-05-24 13:37:29 +05:30
ZoomLogs add support for techniques in validations 2022-01-16 13:33:29 +02:00
http_proxy_oab_CL add Scheduled kind to all exisitng templates (solutions + detections) 2021-10-19 16:51:50 +03:00
readme.md Updating the name from “Azure Sentinel” to “Microsoft Sentinel” for Detection and Hunting Queries. 2021-11-09 18:41:23 -08:00

readme.md

About

This folder contains Detections based on different types of data sources that you can leverage in order to create alerts and respond to threats in your environment.

For general information please start with the Wiki pages.

More Specific to Detections:

  • Contribute to Analytic Templates (Detections) and Hunting queries
  • Specifics on what is required for Detections and Hunting queries is in the Query Style Guide
  • These detections are written using KQL query langauge and will provide you a starting point to protect your environment and get familiar with the different data tables.
  • To enable these detections in your environment follow the out of the box guidance (Notice that after a detection is available in this GitHub, it might take up to 2 weeks before it is available in Microsoft Sentinel portal).
  • The rule created will run the query on the scheduled time that was defined, and trigger an alert that will be seen both in the SecurityAlert table and in a case in the Incidents tab

Feedback

For questions or feedback, please contact AzureSentinel@microsoft.com