История

aprakash13 a02403e37d Merge pull request #5165 from BlackB0lt/patch-6 New Hunting - Spawning MSDT process		2022-06-13 18:15:09 -07:00
..
ASimProcess	ASIM renames	2022-03-02 15:05:56 -08:00
ASimRegistry	ASIM renames	2022-03-02 15:05:56 -08:00
AWSCloudTrail	Fixing missing day due to midtime usage	2022-05-09 16:02:13 -07:00
AWSS3	Fixing missing day due to midtime usage	2022-05-09 16:02:13 -07:00
AuditLogs	Fixing typos	2022-05-20 17:34:53 -07:00
AzureActivity	Fixing typos	2022-05-20 17:34:53 -07:00
AzureDevOpsAuditing	Revert "Revert "Merge branch 'master' of https://github.com/Azure/Azure-Sentinel ""	2022-01-03 16:21:46 +02:00
AzureDiagnostics	Updated queries as per suggestions from Shain.	2022-04-05 11:02:20 -07:00
AzureStorage	Updating connector to MicrosoftThreatProtection	2022-03-07 09:52:34 -08:00
BehaviorAnalytics	typo fix on UserPrincipalName	2022-05-21 08:03:39 -07:00
CommonSecurityLog	Adding outputs	2022-06-02 15:40:00 +01:00
DnsEvents	Adding additional entity outputs as needed by other tooling and to support future automap of entities similar to Detections	2022-05-20 15:23:48 -07:00
GitHub	Removed the deprecated MITRE techniques from hunting and detection queries and updating them with the latest ones that seem most appropriate.	2021-08-12 10:58:18 -07:00
LAQueryLogs	Update CrossServiceADXQueries.yaml	2022-06-10 09:55:36 +02:00
Microsoft 365 Defender	Merge pull request #5165 from BlackB0lt/patch-6	2022-06-13 18:15:09 -07:00
MultipleDataSources	changes and fixes	2022-05-09 13:12:50 -07:00
OfficeActivity	Adding additional entity outputs as needed by other tooling and to support future automap of entities similar to Detections	2022-05-20 15:23:48 -07:00
ProofpointPOD	Fixes	2021-08-06 14:12:37 -07:00
SQLServer	Updating the name from “Azure Sentinel” to “Microsoft Sentinel” for Detection and Hunting Queries.	2021-11-09 18:41:23 -08:00
SecurityAlert	replacing deprecated parsejson with parse_json	2021-08-17 12:26:48 -07:00
SecurityEvent	Update KrbRelayUpServiceCreation	2022-05-11 20:21:18 +07:00
SigninLogs	Fixing Account entity map for AADUserId	2022-05-23 10:36:07 -07:00
Syslog	Revert "Package Creation for Syslog-- DO NOT MERGE AS 1P" (#5140 )	2022-05-31 12:36:05 +05:30
ThreatIntelligenceIndicator	Updating TI queries based on feedback and discussions on this PR - #3477 - and I don't want preferences for a specific environment to be included. This includes generic changes that need to be done.	2021-11-29 13:58:28 -08:00
W3CIISLog	Adding additional entity outputs as needed by other tooling and to support future automap of entities similar to Detections	2022-05-20 15:23:48 -07:00
WireData	regex replace with ipv4_is_private	2022-03-14 11:10:08 -07:00
ZoomLogs	Removed the deprecated MITRE techniques from hunting and detection queries and updating them with the latest ones that seem most appropriate.	2021-08-12 10:58:18 -07:00
QUERY_TEMPLATE.md	Couple additional fixes	2021-02-01 08:22:36 -08:00
readme.md	Updating the name from “Azure Sentinel” to “Microsoft Sentinel” for Detection and Hunting Queries.	2021-11-09 18:41:23 -08:00

readme.md

About

This folder contains Hunting Queries based on different types of data sources that you can leverage in order to perform broad threat hunting in your environment.

For general information please start with the Wiki pages.

More Specific to Hunting Queries:

Contribute to Analytic Templates (Detections) and Hunting queries
Specifics on what is required for Detections and Hunting queries is in the Query Style Guide
These hunting queries are written using KQL query langauge and will provide you a starting point to protect your environment and get familiar with the different data tables.
Get started and learn how to hunt for threats in your environment with Microsoft Sentinel.

Feedback

For questions or feedback, please contact AzureSentinel@microsoft.com