DixitVedanshi 4ead45aed9 Updating versions		2023-05-03 11:40:31 +05:30
..
ADAccountLockouts.yaml	Hunting Query TimeFrame Updates	2021-04-15 17:52:25 -07:00
ADFSDBLocalSqlStatements.yaml	added version, severity and requiredDataConnectors	2021-07-08 23:06:49 -04:00
Certutil-LOLBins.yaml	File path update hunting queries	2023-02-23 14:55:16 +05:30
CommandsexecutedbyWMIonnewhosts-potentialImpacket.yaml	File path update hunting queries	2023-02-23 14:55:16 +05:30
Crashdumpdisabledonhost.yaml	File path update hunting queries	2023-02-23 14:55:16 +05:30
CustomUserList_FailedLogons.yaml	File path update hunting queries	2023-02-23 14:55:16 +05:30
DecoyUserAccountAuthenticationAttempt.yaml	File path update hunting queries	2023-02-23 14:55:16 +05:30
Discorddownloadinvokedfromcmdline.yaml	File path update hunting queries	2023-02-23 14:55:16 +05:30
ExchangePowerShellSnapin.yaml	File path update hunting queries	2023-02-23 14:55:16 +05:30
ExternalIPaddressinCommandLine.yaml	Remaining tagging	2022-11-01 18:42:28 +05:30
FailedUserLogons.yaml	File path update hunting queries	2023-02-23 14:55:16 +05:30
FakeComputerAccountAuthenticationAttempt.yaml	Update FakeComputerAccountAuthenticationAttempt.yaml	2022-03-03 14:16:08 +02:00
FileExecutionWithOneCharacterInTheName.yaml	File path update hunting queries	2023-02-23 14:55:16 +05:30
GroupAddedToPrivlegeGroup.yaml	File path update hunting queries	2023-02-23 14:55:16 +05:30
HostExportingMailboxAndRemovingExport.yaml	File path update hunting queries	2023-02-23 14:55:16 +05:30
HostsWithNewLogons.yaml	File path update hunting queries	2023-02-23 14:55:16 +05:30
Invoke-PowerShellTcpOneLine.yaml	Hunting Queries files path update	2023-02-23 15:10:55 +05:30
KrbRelayUpServiceCreation	Update KrbRelayUpServiceCreation	2022-05-11 20:21:18 +07:00
LargeScaleMalwareDeploymentGPOScheduledTask.yaml	Update LargeScaleMalwareDeploymentGPOScheduledTask.yaml	2022-03-03 14:16:19 +02:00
Least_Common_Parent_Child_Process.yaml	Hunting Queries files path update	2023-02-23 15:10:55 +05:30
Least_Common_Process_Command_Lines.yaml	Hunting Queries files path update	2023-02-23 15:10:55 +05:30
Least_Common_Process_With_Depth.yaml	Hunting Queries files path update	2023-02-23 15:10:55 +05:30
MSRPRN_Printer_Bug_Exploitation.yaml	Hunting Queries files path update	2023-02-23 15:10:55 +05:30
MultipleExplicitCredentialUsage4648Events.yaml	Hunting Queries files path update	2023-02-23 15:10:55 +05:30
NewChildProcessOfW3WP.yaml	Hunting Queries files path update	2023-02-23 15:10:55 +05:30
NishangReverseTCPShellBase64.yaml	Hunting Queries files path update	2023-02-23 15:10:55 +05:30
PotentialImpacketExecution.yaml	updating whitespaces	2023-02-28 19:31:27 +05:30
PotentialLocalExploitationForPrivilegeEscalation.yaml	Update PotentialLocalExploitationForPrivilegeEscalation.yaml	2022-03-03 11:19:22 +02:00
PotentialProcessDoppelganging.yaml	KQL Validations for Multiple data sources hunting queries	2023-02-08 11:25:45 +05:30
PowerCatDownload.yaml	Hunting Queries files path update	2023-02-23 15:10:55 +05:30
ProcessEntropy.yaml	Hunting Queries files path update	2023-02-23 15:10:55 +05:30
RIDHijacking.yaml	Update RIDHijacking.yaml	2022-03-03 14:16:47 +02:00
RareProcbyServiceAccount.yaml	Hunting Queries files path update	2023-02-23 15:10:55 +05:30
RareProcessPath.yaml	Hunting Queries files path update	2023-02-23 15:10:55 +05:30
RareProcessWithCmdLine.yaml	Hunting Queries files path update	2023-02-23 15:10:55 +05:30
RareProcess_forWinHost.yaml	Hunting Queries files path update	2023-02-23 15:10:55 +05:30
RemoteLoginPerformedwithWMI.yaml	Hunting Queries files path update	2023-02-23 15:10:55 +05:30
RemoteScheduledTaskCreationUpdateUsingATSVCNamedPipe.yaml	Hunting Queries files path update	2023-02-23 15:10:55 +05:30
RemoteScheduledTaskCreationUpdateviaSchtasks.yaml	Update RemoteScheduledTaskCreationUpdateviaSchtasks.yaml	2022-02-17 11:39:58 +02:00
ScheduledTaskCreationUpdateFromUserWritableDrectory.yaml	Hunting Queries files path update	2023-02-23 15:10:55 +05:30
ServiceInstallationFromUsersWritableDirectory.yaml	Hunting Queries files path update	2023-02-23 15:10:55 +05:30
SignedBinaryProxyExecutionRundll32.yaml	Hunting Queries files path update	2023-02-23 15:10:55 +05:30
SuspectedLSASSDump.yaml	Hunting Queries files path update	2023-02-23 15:10:55 +05:30
Suspicious_Windows_Login_outside_normal_hours.yaml	Hunting Queries files path update	2023-02-23 15:10:55 +05:30
Suspicious_enumeration_using_adfind.yaml	Hunting Queries files path update	2023-02-23 15:10:55 +05:30
User Logons By Logon Type.yaml	Hunting Queries files path update	2023-02-23 15:10:55 +05:30
UserAccountAddedToPrivlegeGroup.yaml	Hunting Queries files path update	2023-02-23 15:10:55 +05:30
UserAccountCreatedDeleted.yaml	Hunting Queries files path update	2023-02-23 15:10:55 +05:30
UserAdd_RemToGroupByUnauthorizedUser.yaml	Hunting Queries files path update	2023-02-23 15:10:55 +05:30
UserCreatedByUnauthorizedUser.yaml	Hunting Queries files path update	2023-02-23 15:10:55 +05:30
UsersOpenReadDeviceIdentityKey.yaml	Updating package.	2022-05-26 18:55:24 +05:30
VIPAccountFailedLogons.yaml	Hunting Queries files path update	2023-02-23 15:10:55 +05:30
WindowsSystemShutdown-Reboot.yaml	Fixes	2021-08-06 14:12:37 -07:00
WindowsSystemTimeChange.yaml	Hunting Queries files path update	2023-02-23 15:10:55 +05:30
cscript_summary.yaml	File path update hunting queries	2023-02-23 14:55:16 +05:30
enumeration_user_and_group.yaml	File path update hunting queries	2023-02-23 14:55:16 +05:30
hunt_LOLBins.yaml	Updating versions	2023-05-03 11:40:31 +05:30
masquerading_files.yaml	Hunting Queries files path update	2023-02-23 15:10:55 +05:30
new_processes.yaml	Hunting Queries files path update	2023-02-23 15:10:55 +05:30
persistence_create_account.yaml	Hunting Queries files path update	2023-02-23 15:10:55 +05:30
powershell_downloads.yaml	Hunting Queries files path update	2023-02-23 15:10:55 +05:30
powershell_newencodedscipts.yaml	Hunting Queries files path update	2023-02-23 15:10:55 +05:30
uncommon_processes.yaml	Hunting Queries files path update	2023-02-23 15:10:55 +05:30