История

aprakash13 bc3a62616f Merge pull request #4783 from iotmaker1/patch-1 Update OperationNameValue comparison operator		2022-05-11 04:56:19 -07:00
..
ASimProcess	ASIM renames	2022-03-02 15:05:56 -08:00
ASimRegistry	ASIM renames	2022-03-02 15:05:56 -08:00
AWSCloudTrail	Fixing missing day due to midtime usage	2022-05-09 16:02:13 -07:00
AWSS3	Fixing missing day due to midtime usage	2022-05-09 16:02:13 -07:00
AuditLogs	Merge pull request #1605 from setprice2245/patch-1	2021-11-21 11:51:53 -08:00
AzureActivity	Update OperationNameValue comparison operator	2022-05-04 09:39:20 -04:00
AzureDevOpsAuditing	Revert "Revert "Merge branch 'master' of https://github.com/Azure/Azure-Sentinel ""	2022-01-03 16:21:46 +02:00
AzureDiagnostics	Updated queries as per suggestions from Shain.	2022-04-05 11:02:20 -07:00
AzureStorage	Updating connector to MicrosoftThreatProtection	2022-03-07 09:52:34 -08:00
BehaviorAnalytics	Updating queries with common timestamp param to support future features.	2021-09-10 10:10:13 -07:00
CommonSecurityLog	Update PaloAlto-HighRiskPorts.yaml	2022-01-19 12:09:40 +05:30
DnsEvents	Remove Duplicate Query in Filter for Known Domains Using Long DNS	2022-02-22 15:35:02 +08:00
GitHub	Removed the deprecated MITRE techniques from hunting and detection queries and updating them with the latest ones that seem most appropriate.	2021-08-12 10:58:18 -07:00
LAQueryLogs	Update CrossServiceADXQueries.yaml	2022-04-27 16:30:34 +02:00
Microsoft 365 Defender	Merge pull request #4190 from BlackB0lt/patch-1	2022-04-22 06:47:25 -07:00
MultipleDataSources	changes and fixes	2022-05-09 13:12:50 -07:00
OfficeActivity	Merge pull request #4409 from ep3p/patch-11	2022-04-22 14:11:46 -07:00
ProofpointPOD	Fixes	2021-08-06 14:12:37 -07:00
SQLServer	Updating the name from “Azure Sentinel” to “Microsoft Sentinel” for Detection and Hunting Queries.	2021-11-09 18:41:23 -08:00
SecurityAlert	replacing deprecated parsejson with parse_json	2021-08-17 12:26:48 -07:00
SecurityEvent	Impacket query + addition of latest Azure IP ranges	2022-03-10 14:24:30 -08:00
SigninLogs	Merge pull request #4506 from thmcelro/advanced-hunting-tom	2022-03-25 10:15:20 -07:00
Syslog	Adding with changes	2022-03-31 16:38:02 -07:00
ThreatIntelligenceIndicator	Updating TI queries based on feedback and discussions on this PR - #3477 - and I don't want preferences for a specific environment to be included. This includes generic changes that need to be done.	2021-11-29 13:58:28 -08:00
W3CIISLog	Update SuspectedProxyTokenExploitation.yaml	2022-04-26 14:38:49 +05:30
WireData	regex replace with ipv4_is_private	2022-03-14 11:10:08 -07:00
ZoomLogs	Removed the deprecated MITRE techniques from hunting and detection queries and updating them with the latest ones that seem most appropriate.	2021-08-12 10:58:18 -07:00
QUERY_TEMPLATE.md	Couple additional fixes	2021-02-01 08:22:36 -08:00
readme.md	Updating the name from “Azure Sentinel” to “Microsoft Sentinel” for Detection and Hunting Queries.	2021-11-09 18:41:23 -08:00

readme.md

About

This folder contains Hunting Queries based on different types of data sources that you can leverage in order to perform broad threat hunting in your environment.

For general information please start with the Wiki pages.

More Specific to Hunting Queries:

Contribute to Analytic Templates (Detections) and Hunting queries
Specifics on what is required for Detections and Hunting queries is in the Query Style Guide
These hunting queries are written using KQL query langauge and will provide you a starting point to protect your environment and get familiar with the different data tables.
Get started and learn how to hunt for threats in your environment with Microsoft Sentinel.

Feedback

For questions or feedback, please contact AzureSentinel@microsoft.com