83ae7d405f
Moving Teams queries out of folder and removing duplicates, plus mapp… |
||
|---|---|---|
| .. | ||
| AWSCloudTrail | ||
| AlsidForAD | ||
| AuditLogs | ||
| AzureActivity | ||
| AzureDevOpsAuditing | ||
| AzureDiagnostics | ||
| AzureFirewall | ||
| CiscoUmbrella | ||
| CommonSecurityLog | ||
| CyberpionSecurityLogs | ||
| DeviceEvents | ||
| DeviceFileEvents | ||
| DeviceNetworkEvents | ||
| DeviceProcessEvents | ||
| DnsEvents | ||
| EsetSMC | ||
| GitHub | ||
| InfobloxNIOS | ||
| LAQueryLogs | ||
| MultipleDataSources | ||
| OfficeActivity | ||
| OktaSSO | ||
| ProofpointPOD | ||
| ProofpointTAP | ||
| PulseConnectSecure | ||
| QualysVM | ||
| SecurityAlert | ||
| SecurityEvent | ||
| SigninLogs | ||
| SophosXGFirewall | ||
| SymantecProxySG | ||
| SymantecVIP | ||
| Syslog | ||
| ThreatIntelligenceIndicator | ||
| TrendMicroXDR | ||
| VMwareCarbonBlack | ||
| W3CIISLog | ||
| ZoomLogs | ||
| htttp_proxy_oab_CL | ||
| readme.md | ||
readme.md
About
This folder contains Detections based on different types of data sources that you can leverage in order to create alerts and respond to threats in your environment.
For general information please start with the Wiki pages.
More Specific to Detections:
- Contribute to Analytic Templates (Detections) and Hunting queries
- Specifics on what is required for Detections and Hunting queries is in the Query Style Guide
- These detections are written using KQL query langauge and will provide you a starting point to protect your environment and get familiar with the different data tables.
- To enable these detections in your environment follow the out of the box guidance.
- The rule created will run the query on the scheduled time that was defined, and trigger an alert that will be seen both in the SecurityAlert table and in a case in the Incidents tab
Feedback
For questions or feedback, please contact AzureSentinel@microsoft.com