Sittikorn S 57faeee943 Update KrbRelayUpServiceCreation ... Edit MaliciousService		2022-05-11 20:21:18 +07:00
..
ADAccountLockouts.yaml	Hunting Query TimeFrame Updates	2021-04-15 17:52:25 -07:00
ADFSDBLocalSqlStatements.yaml	added version, severity and requiredDataConnectors	2021-07-08 23:06:49 -04:00
Certutil-LOLBins.yaml	Revert "Revert "Merge branch 'master' of https://github.com/Azure/Azure-Sentinel""	2022-01-03 16:21:46 +02:00
CommandsexecutedbyWMIonnewhosts-potentialImpacket.yaml	New hunting queries:	2022-03-02 14:54:04 -08:00
Crashdumpdisabledonhost.yaml	New hunting and detection queries for:	2022-02-24 18:53:18 -08:00
CustomUserList_FailedLogons.yaml	Documentation links should not include locale - fix and add validations (#678)	2020-05-13 15:07:12 +03:00
DecoyUserAccountAuthenticationAttempt.yaml	Update DecoyUserAccountAuthenticationAttempt.yaml	2022-03-09 14:28:14 +02:00
Discorddownloadinvokedfromcmdline.yaml	New hunting and detection queries for:	2022-02-24 18:53:18 -08:00
ExchangePowerShellSnapin.yaml	Update ExchangePowerShellSnapin.yaml	2021-03-03 13:40:12 +02:00
ExternalIPaddressinCommandLine.yaml	New hunting queries:	2022-03-02 14:54:04 -08:00
FailedUserLogons.yaml	Hunting Query TimeFrame Updates	2021-04-15 17:52:25 -07:00
FakeComputerAccountAuthenticationAttempt.yaml	Update FakeComputerAccountAuthenticationAttempt.yaml	2022-03-03 14:16:08 +02:00
FileExecutionWithOneCharacterInTheName.yaml	Create FileExecutionWithOneCharacterInTheName.yaml	2022-03-09 15:24:39 +02:00
GroupAddedToPrivlegeGroup.yaml	Fixes	2021-08-06 14:12:37 -07:00
HostExportingMailboxAndRemovingExport.yaml	capitalize for consistency	2021-03-04 10:54:36 -08:00
HostsWithNewLogons.yaml	DNS to Syslog changes	2021-08-04 15:49:57 -07:00
Invoke-PowerShellTcpOneLine.yaml	HAFNIUM Queries	2021-03-02 13:09:15 -08:00
KrbRelayUpServiceCreation	Update KrbRelayUpServiceCreation	2022-05-11 20:21:18 +07:00
LargeScaleMalwareDeploymentGPOScheduledTask.yaml	Update LargeScaleMalwareDeploymentGPOScheduledTask.yaml	2022-03-03 14:16:19 +02:00
Least_Common_Parent_Child_Process.yaml	DNS to Syslog changes	2021-08-04 15:49:57 -07:00
Least_Common_Process_Command_Lines.yaml	DNS to Syslog changes	2021-08-04 15:49:57 -07:00
Least_Common_Process_With_Depth.yaml	DNS to Syslog changes	2021-08-04 15:49:57 -07:00
MSRPRN_Printer_Bug_Exploitation.yaml	Update MSRPRN_Printer_Bug_Exploitation.yaml	2022-03-03 14:16:32 +02:00
MultipleExplicitCredentialUsage4648Events.yaml	Hunting Query TimeFrame Updates	2021-04-15 17:52:25 -07:00
NewChildProcessOfW3WP.yaml	Adding ID to hunting query	2022-01-24 13:21:12 -08:00
NishangReverseTCPShellBase64.yaml	formatting	2021-03-05 15:34:10 -08:00
PotentialImpacketExecution.yaml	Impacket query + addition of latest Azure IP ranges	2022-03-10 14:24:30 -08:00
PotentialLocalExploitationForPrivilegeEscalation.yaml	Update PotentialLocalExploitationForPrivilegeEscalation.yaml	2022-03-03 11:19:22 +02:00
PotentialProcessDoppelganging.yaml	Create PotentialProcessDoppelganging.yaml	2022-03-09 15:23:09 +02:00
PowerCatDownload.yaml	MTPQueries&IOCPlaceholder	2021-03-05 15:00:41 -08:00
ProcessEntropy.yaml	fix for syntax error	2021-04-20 01:32:58 -07:00
RIDHijacking.yaml	Update RIDHijacking.yaml	2022-03-03 14:16:47 +02:00
RareProcbyServiceAccount.yaml	DNS to Syslog changes	2021-08-04 15:49:57 -07:00
RareProcessPath.yaml	DNS to Syslog changes	2021-08-04 15:49:57 -07:00
RareProcessWithCmdLine.yaml	DNS to Syslog changes	2021-08-04 15:49:57 -07:00
RareProcess_forWinHost.yaml	Fixes	2021-08-06 14:12:37 -07:00
RemoteLoginPerformedwithWMI.yaml	Update RemoteLoginPerformedwithWMI.yaml	2022-02-15 10:30:42 +02:00
RemoteScheduledTaskCreationUpdateUsingATSVCNamedPipe.yaml	Update RemoteScheduledTaskCreationUpdateUsingATSVCNamedPipe.yaml	2022-03-03 14:02:56 +02:00
RemoteScheduledTaskCreationUpdateviaSchtasks.yaml	Update RemoteScheduledTaskCreationUpdateviaSchtasks.yaml	2022-02-17 11:39:58 +02:00
ScheduledTaskCreationUpdateFromUserWritableDrectory.yaml	Update ScheduledTaskCreationUpdateFromUserWritableDrectory.yaml	2022-03-09 14:42:02 +02:00
ServiceInstallationFromUsersWritableDirectory.yaml	Update ServiceInstallationFromUsersWritableDirectory.yaml	2022-03-03 14:01:57 +02:00
SignedBinaryProxyExecutionRundll32.yaml	Revert "Revert "Merge branch 'master' of https://github.com/Azure/Azure-Sentinel""	2022-01-03 16:21:46 +02:00
SuspectedLSASSDump.yaml	Removed errant (	2021-06-24 08:25:25 -07:00
Suspicious_Windows_Login_outside_normal_hours.yaml	DNS to Syslog changes	2021-08-04 15:49:57 -07:00
Suspicious_enumeration_using_adfind.yaml	Hunting Query TimeFrame Updates	2021-04-15 17:52:25 -07:00
User Logons By Logon Type.yaml	Hunting Query TimeFrame Updates	2021-04-15 17:52:25 -07:00
UserAccountAddedToPrivlegeGroup.yaml	Hunting Query TimeFrame Updates	2021-04-15 17:52:25 -07:00
UserAccountCreatedDeleted.yaml	Hunting Query TimeFrame Updates	2021-04-15 17:52:25 -07:00
UserAdd_RemToGroupByUnauthorizedUser.yaml	Hunting Query TimeFrame Updates	2021-04-15 17:52:25 -07:00
UserCreatedByUnauthorizedUser.yaml	Hunting Query TimeFrame Updates	2021-04-15 17:52:25 -07:00
UsersOpenReadDeviceIdentityKey.yaml	removed 5061 since information is already added in 5058 event	2022-02-18 14:41:15 -05:00
VIPAccountFailedLogons.yaml	Hunting Query TimeFrame Updates	2021-04-15 17:52:25 -07:00
WindowsSystemShutdown-Reboot.yaml	Fixes	2021-08-06 14:12:37 -07:00
WindowsSystemTimeChange.yaml	Update WindowsSystemTimeChange.yaml	2020-10-27 10:33:23 -07:00
cscript_summary.yaml	Hunting Query TimeFrame Updates	2021-04-15 17:52:25 -07:00
enumeration_user_and_group.yaml	Hunting Query TimeFrame Updates	2021-04-15 17:52:25 -07:00
masquerading_files.yaml	Hunting Query TimeFrame Updates	2021-04-15 17:52:25 -07:00
new_processes.yaml	Update new_processes.yaml	2021-11-21 22:18:17 -08:00
persistence_create_account.yaml	Hunting Query TimeFrame Updates	2021-04-15 17:52:25 -07:00
powershell_downloads.yaml	Update powershell_downloads.yaml	2021-11-21 15:39:12 -08:00
powershell_newencodedscipts.yaml	Update powershell_newencodedscipts.yaml	2021-11-21 16:31:02 -08:00
uncommon_processes.yaml	Hunting Query TimeFrame Updates	2021-04-15 17:52:25 -07:00