Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
Azure-Sentinel/Hunting Queries/SecurityEvent
История
Ashwin Patil db309f2dca
Merge branch 'master' into ashwin/connector-fixes 		2021-12-08 17:45:20 -08:00
..
ADAccountLockouts.yaml
ADFSDBLocalSqlStatements.yaml
Certutil-LOLBins.yaml
CustomUserList_FailedLogons.yaml
ExchangePowerShellSnapin.yaml
FailedUserLogons.yaml
GroupAddedToPrivlegeGroup.yaml
HostExportingMailboxAndRemovingExport.yaml
HostsWithNewLogons.yaml
Invoke-PowerShellTcpOneLine.yaml
Least_Common_Parent_Child_Process.yaml
Least_Common_Process_Command_Lines.yaml
Least_Common_Process_With_Depth.yaml
MultipleExplicitCredentialUsage4648Events.yaml
NewChildProcessOfW3WP.yaml
NishangReverseTCPShellBase64.yaml
PowerCatDownload.yaml
ProcessEntropy.yaml
RareProcbyServiceAccount.yaml
RareProcessPath.yaml
RareProcessWithCmdLine.yaml
RareProcess_forWinHost.yaml
SignedBinaryProxyExecutionRundll32.yaml
SuspectedLSASSDump.yaml
Suspicious_Windows_Login_outside_normal_hours.yaml
Suspicious_enumeration_using_adfind.yaml
User Logons By Logon Type.yaml
UserAccountAddedToPrivlegeGroup.yaml
UserAccountCreatedDeleted.yaml
UserAdd_RemToGroupByUnauthorizedUser.yaml
UserCreatedByUnauthorizedUser.yaml
VIPAccountFailedLogons.yaml
WindowsSystemShutdown-Reboot.yaml
WindowsSystemTimeChange.yaml
cscript_summary.yaml
enumeration_user_and_group.yaml
masquerading_files.yaml
new_processes.yaml
persistence_create_account.yaml
powershell_downloads.yaml
powershell_newencodedscipts.yaml
uncommon_processes.yaml