Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
Azure-Sentinel/Detections/SecurityEvent
История
aprakash13 197fb2918f
Merge pull request #4525 from samikroy/patch-18 
Possible fix for the issue #4516
 		2022-04-22 07:53:46 -07:00
..
AADHealthMonAgentRegKeyAccess.yaml Update AADHealthMonAgentRegKeyAccess.yaml 2022-03-10 17:36:36 +02:00
AADHealthSvcAgentRegKeyAccess.yaml Update AADHealthSvcAgentRegKeyAccess.yaml 2022-03-10 17:37:01 +02:00
ADFSDBNamedPipeConnection.yaml Updating version 2021-11-23 12:50:43 -08:00
ADFSRemoteAuthSyncConnection.yaml add Scheduled kind to all exisitng templates (solutions + detections) 2021-10-19 16:51:50 +03:00
ADFSRemoteHTTPNetworkConnection.yaml add Scheduled kind to all exisitng templates (solutions + detections) 2021-10-19 16:51:50 +03:00
AccessibilityFeaturesModification.yaml Update AccessibilityFeaturesModification.yaml 2022-03-11 09:41:12 +02:00
AdminSDHolder_Modifications.yaml Update AdminSDHolder_Modifications.yaml 2022-01-20 09:16:52 +02:00
CredentialDumpingServiceInstallation.yaml Update CredentialDumpingServiceInstallation.yaml 2022-04-22 20:16:42 +05:30
CredentialDumpingToolsFileArtifacts.yaml Update CredentialDumpingToolsFileArtifacts.yaml 2022-04-22 20:17:09 +05:30
DSRMAccountAbuse.yaml Update DSRMAccountAbuse.yaml 2022-03-11 15:06:28 +02:00
DumpingLSASSProcessIntoaFile.yaml Update DumpingLSASSProcessIntoaFile.yaml 2022-03-11 11:11:42 +02:00
ExcessiveLogonFailures.yaml add Scheduled kind to all exisitng templates (solutions + detections) 2021-10-19 16:51:50 +03:00
ExchangeOABVirtualDirectoryAttributeContainingPotentialWebshell.yaml add Scheduled kind to all exisitng templates (solutions + detections) 2021-10-19 16:51:50 +03:00
FakeComputerAccountCreated.yaml Update FakeComputerAccountCreated.yaml 2022-01-19 10:06:12 +02:00
GainCodeExecutionADFSViaSMB.yaml Replace ProcessName with NewProcessName 2022-01-30 09:23:28 +01:00
GroupCreatedAddedToPrivlegeGroup_1h.yaml Adding connectorId: WindowsForwardedEvents 2022-03-16 13:25:02 +02:00
HAFNIUMNewUMServiceChildProcess.yaml Update HAFNIUMNewUMServiceChildProcess.yaml 2022-03-10 17:37:26 +02:00
HAFNIUMSuspiciousUMServiceError.yaml add Scheduled kind to all exisitng templates (solutions + detections) 2021-10-19 16:51:50 +03:00
LateralMovementViaDCOM.yaml Update LateralMovementViaDCOM.yaml 2022-03-11 13:11:06 +02:00
LocalDeviceJoinInfoAndTransportKeyRegKeysAccess.yaml Adding AADInternals tag 2022-02-17 11:59:38 -05:00
MacroInvokingShellBrowserWindowCOMObjects.yaml Update MacroInvokingShellBrowserWindowCOMObjects.yaml 2022-03-11 17:06:47 +02:00
MultipleFailedFollowedBySuccess.yaml add Scheduled kind to all exisitng templates (solutions + detections) 2021-10-19 16:51:50 +03:00
NOBELIUM_SuspiciousRundll32Exec.yaml Update NOBELIUM_SuspiciousRundll32Exec.yaml 2022-03-10 17:38:05 +02:00
NOBELIUM_SuspiciousScriptRegistryWrite.yaml Update NOBELIUM_SuspiciousScriptRegistryWrite.yaml 2022-03-10 17:38:33 +02:00
NRT_SecurityEventLogCleared.yaml New NRT Rules Created 2022-02-07 15:31:00 -08:00
NRT_base64_encoded_pefile.yaml New NRT Rules Created 2022-02-07 15:31:00 -08:00
NRT_execute_base64_decodedpayload.yaml Fixed query 2022-02-07 16:10:10 -08:00
NewEXEdeployedviaDefaultDomainorDefaultDomainControllerPolicies.yaml Updated tactics and added entities 2022-02-25 13:50:51 -08:00
NonDCActiveDirectoryReplication.yaml Update NonDCActiveDirectoryReplication.yaml 2021-11-07 21:12:09 -08:00
PotenialResourceBasedConstrainedDelegationAbuse.yaml Update PotenialResourceBasedConstrainedDelegationAbuse.yaml 2022-01-19 10:03:47 +02:00
PotentialBuildProcessCompromise.yaml Update PotentialBuildProcessCompromise.yaml 2022-03-10 17:39:05 +02:00
PotentialFodhelperUACBypass.yaml PR Comment Updates 2022-02-25 09:45:25 -08:00
PotentialKerberoast.yaml Adding connectorId: WindowsForwardedEvents 2022-03-16 13:25:02 +02:00
PotentialRemoteDesktopTunneling.yaml Update PotentialRemoteDesktopTunneling.yaml 2022-02-15 09:51:39 +02:00
Potentialre-namedsdeleteusage.yaml Update version numbers 2022-03-01 10:44:34 -08:00
RDP_MultipleConnectionsFromSingleSystem.yaml Adding connectorId: WindowsForwardedEvents 2022-03-16 13:25:02 +02:00
RDP_Nesting.yaml Adding connectorId: WindowsForwardedEvents 2022-03-16 13:25:02 +02:00
RDP_RareConnection.yaml Adding connectorId: WindowsForwardedEvents 2022-03-16 13:25:02 +02:00
RegistryPersistenceViaAppCertDLLModification.yaml Create RegistryPersistenceViaAppCertDLLModification.yaml 2022-03-11 14:29:15 +02:00
RegistryPersistenceViaAppInt_DLLsModification.yaml Create RegistryPersistenceViaAppInt_DLLsModification.yaml 2022-03-21 09:41:02 +02:00
ScheduleTaskHide.yaml Update ScheduleTaskHide.yaml 2022-04-12 04:31:52 -07:00
SdeletedeployedviaGPOandrunrecursively.yaml Fixed entity issues 2022-03-01 11:26:29 -08:00
SecurityEventLogCleared.yaml SecurityEventLogCleared WEF connector 2022-03-16 13:44:52 +02:00
SolorigateNamedPipe.yaml Adding connectorId: WindowsForwardedEvents 2022-03-16 13:25:02 +02:00
StartStopHealthService.yaml return sub techniques 2022-01-17 17:53:26 +02:00
TimeSeriesAnomaly-ProcessExecutions.yaml updated query frequency 2022-03-07 12:22:02 -08:00
UserAccountAdd-Removed.yaml Adding connectorId: WindowsForwardedEvents 2022-03-16 13:25:02 +02:00
UserAccountAddedToPrivlegeGroup_1h.yaml Adding connectorId: WindowsForwardedEvents 2022-03-16 13:25:02 +02:00
UserAccountCreatedDeleted_10m.yaml Adding connectorId: WindowsForwardedEvents 2022-03-16 13:25:02 +02:00
UserAccountEnabledDisabled_10m.yaml Update UserAccountEnabledDisabled_10m.yaml 2022-03-10 17:39:30 +02:00
UserCreatedAddedToBuiltinAdmins_1d.yaml Update UserCreatedAddedToBuiltinAdmins_1d.yaml 2022-03-10 17:39:53 +02:00
UserPrincipalNameAssignedToUserAccount.yaml Update UserPrincipalNameAssignedToUserAccount.yaml 2022-02-02 16:55:26 +02:00
WDigestDowngradeAttack.yaml Update WDigestDowngradeAttack.yaml 2022-03-10 15:07:57 +02:00
WindowsBinariesExecutedfromNon-DefaultDirectory.yaml Update WindowsBinariesExecutedfromNon-DefaultDirectory.yaml 2022-02-15 10:26:42 +02:00
WindowsBinariesLolbinsRenamed.yaml Update WindowsBinariesLolbinsRenamed.yaml 2022-03-11 11:55:54 +02:00
base64_encoded_pefile.yaml Update base64_encoded_pefile.yaml 2022-03-10 17:40:17 +02:00
execute_base64_decodedpayload.yaml Update execute_base64_decodedpayload.yaml 2022-03-10 17:40:38 +02:00
gte_6_FailedLogons_10m.yaml Adding connectorId: WindowsForwardedEvents 2022-03-16 13:25:02 +02:00
malware_in_recyclebin.yaml Update malware_in_recyclebin.yaml 2022-03-10 17:42:21 +02:00
password_never_expires.yaml Adding connectorId: WindowsForwardedEvents 2022-03-16 13:25:02 +02:00
password_not_set.yaml add Scheduled kind to all exisitng templates (solutions + detections) 2021-10-19 16:51:50 +03:00
powershell_empire.yaml Update powershell_empire.yaml 2022-03-10 17:42:55 +02:00