История

Pete Bryan c5ff0bb0c4 Updated file name		2023-10-03 17:10:28 -07:00
..
ASimProcess	up ver	2023-09-20 14:53:19 +03:00
ASimRegistry	Remaining tagging	2022-11-01 18:42:28 +05:30
AWSCloudTrail	Skip validations for hunting Queries and Analytic Rules	2022-10-13 16:28:02 +05:30
AuditLogs	Updated file name	2023-10-03 17:10:28 -07:00
AzureActivity	Corrects cloudshell query logic (OperationName field is always empty).	2023-06-28 15:19:09 +03:00
AzureDevOpsAuditing	skip validations	2022-09-22 19:24:32 +05:30
AzureDiagnostics	Packaging Web Shells Threat Protection	2023-05-23 11:29:35 +05:30
AzureStorage	Updating connector to MicrosoftThreatProtection	2022-03-07 09:52:34 -08:00
BehaviorAnalytics	Removed unwanted sections from source	2022-08-16 18:18:38 +05:30
CommonSecurityLog	updating whitespaces	2023-02-28 19:31:27 +05:30
DnsEvents	File path update hunting queries	2023-02-23 14:55:16 +05:30
GitHub	Updated HQ description for 255 char limit	2023-08-11 17:30:43 +05:30
LAQueryLogs	Hunting Queries KQL Validations	2023-02-07 16:48:24 +05:30
Microsoft 365 Defender	Add techniques shortened desc added custom schema	2023-09-08 17:36:45 -04:00
MultipleDataSources	Updated HQ description for 255 char limit	2023-08-11 17:30:43 +05:30
OfficeActivity	BEC threat ceentric Solution Packaging	2023-08-04 16:49:31 +05:30
ProofpointPOD	Updating description	2023-02-28 18:46:12 +05:30
SQLServer	updating commas	2023-02-28 16:37:12 +05:30
SecurityAlert	Updating versions	2023-05-03 11:40:31 +05:30
SecurityEvent	Updating versions	2023-05-03 11:40:31 +05:30
SigninLogs	Create MFA Spamming	2023-08-24 18:05:48 +05:30
Syslog	Updated versions	2023-08-11 18:05:05 +05:30
ThreatIntelligenceIndicator	Merge branch 'master' into v-vdixit/file-path-update3	2023-02-28 18:54:19 +05:30
W3CIISLog	Updated for review comments	2023-08-17 09:47:55 +05:30
WireData	Updated versions	2023-08-11 18:05:05 +05:30
ZoomLogs	Updated versions	2023-08-11 18:05:05 +05:30
QUERY_TEMPLATE.md	Couple additional fixes	2021-02-01 08:22:36 -08:00
readme.md	Updating the name from “Azure Sentinel” to “Microsoft Sentinel” for Detection and Hunting Queries.	2021-11-09 18:41:23 -08:00

readme.md

About

This folder contains Hunting Queries based on different types of data sources that you can leverage in order to perform broad threat hunting in your environment.

For general information please start with the Wiki pages.

More Specific to Hunting Queries:

Contribute to Analytic Templates (Detections) and Hunting queries
Specifics on what is required for Detections and Hunting queries is in the Query Style Guide
These hunting queries are written using KQL query langauge and will provide you a starting point to protect your environment and get familiar with the different data tables.
Get started and learn how to hunt for threats in your environment with Microsoft Sentinel.

Feedback

For questions or feedback, please contact AzureSentinel@microsoft.com