Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
Azure-Sentinel/Hunting Queries/MultipleDataSources
История
cyberninjacat 92557a3a66 Query added in HighRiskSignInAroundAuthMethodOrDeviceRegistration.yaml 2024-08-12 19:32:22 +01:00
..
AADPrivilegedAccountsFailedMFA.yaml fixing IdenityInfo connector reference. New PR as old one ran into some issue. 2023-11-13 12:11:57 -08:00
AnomolousSignInsBasedonTime.yaml fixing IdenityInfo connector reference. New PR as old one ran into some issue. 2023-11-13 12:11:57 -08:00
ApplicationGrantedEWSPermissions.yaml
AzureResourceAssignedPublicIP.yaml
AzureResourceCreationWithNetworkActivity.yaml
AzureRunCommandMDELinked.yaml
BackupDeletion.yaml
CobaltDNSBeacon.yaml
CriticalOperationsWithSystemrestore.yaml fixing IdenityInfo connector reference. New PR as old one ran into some issue. 2023-11-13 12:11:57 -08:00
Dev-0056CommandLineActivityNovember2021.yaml
Dev-0322CommandLineActivityNovember2021(ASIMVersion).yaml
Dev-0322CommandLineActivityNovember2021.yaml
Dev-0322FileDropActivityNovember2021(ASIMVersion).yaml
Dev-0322FileDropActivityNovember2021.yaml
DormantServicePrincipalUpdateCredsandLogsIn.yaml
DormantUserUpdateMFAandLogsIn-UEBA.yaml
DormantUserUpdateMFAandLogsIn.yaml
DownloadofNewFileUsingCurl.yaml
ExchangeServersAssociatedSecurityAlerts.yaml
FailedSigninsWithAuditDetails.yaml
FireEyeRedTeamComms.yaml
FirewallRuleChanges_using_netsh.yaml
ForestBlizzard_IOC_RetroHunt.yaml
HighRiskSignInAroundAuthMethodOrDeviceRegistration.yaml Query added in HighRiskSignInAroundAuthMethodOrDeviceRegistration.yaml 2024-08-12 19:32:22 +01:00
LogonwithExpiredAccount.yaml
MailForwardingActivityFromNewLocation.yaml
NetworkConnectionldap_log4j.yaml
NetworkConnectiontoOMIPorts.yaml
NonCompliantSigninwithBulkDownload.yaml
NylonTyphoonCommandLineActivity-Nov2021.yaml
NylonTyphoonRegIOCPatterns.yaml
PermutationsOnLogonNames.yaml
PersistViaIFEORegistryKey.yaml
PossibleCommandInjectionagainstAzureIR.yaml
PotentialMicrosoftSecurityServicesTampering.yaml
PotentialSSHTunneltoAADConnectHost.yaml
PrivilegedAccountPasswordChanges.yaml Update PrivilegedAccountPasswordChanges.yaml 2023-12-15 11:16:46 +05:30
PrivilegedAccountsLockedOut.yaml Update PrivilegedAccountsLockedOut.yaml 2023-12-11 17:17:13 +05:30
RareDNSLookupWithDataTransfer.yaml
RareDomainsInCloudLogs.yaml
ReconActivitywithInteractiveLogonCorrelation.yaml
SQLAlertCorrelationwithCommonSecurityLogsandAuditLogs.yaml
SolarWindsInventory.yaml
StorageAccountKeyEnumerationWithSigninandAuditlogs.yaml
StorageAlertCorrelationwithCommonSecurityLogsandAuditLogs.yaml
StorageAlertCorrelationwithCommonSecurityLogsandStorageLogs.yaml
SuspiciousActivitiesRelatedToConfidentialDocuments.yaml Added strong identifiers in mappings, projected more values, small corrections 2024-03-26 16:48:47 -07:00
TrackingPasswordChanges.yaml
TrackingPrivAccounts.yaml
UnfamiliarsignincorrelationwithPortalSigninandAuditlogs.yaml
UnicodeObfuscationInCommandLine.yaml
UserGrantedAccess_CreatesResources.yaml
UseragentExploitPentest.yaml