| .. |
|
Apache_log4j_Vulnerability.yaml
|
Adding in | where SyslogMessage has "AUOMS_EXECVE" to improve perf so we only parse what is needed
|
2021-12-14 20:13:21 -08:00 |
|
Base64_Download_Activity.yaml
|
updating or adding version
|
2021-12-14 20:16:31 -08:00 |
|
Container_Miner_Activity.yaml
|
Adding query for review
|
2021-12-17 08:55:38 -08:00 |
|
CryptoCurrencyMiners.yaml
|
Updating the name from “Azure Sentinel” to “Microsoft Sentinel” for Detection and Hunting Queries.
|
2021-11-09 18:41:23 -08:00 |
|
Firewall_Disable_Activity.yaml
|
updating or adding version
|
2021-12-14 20:16:31 -08:00 |
|
Linux_Toolkit_Detected.yaml
|
Adding with slight change in description
|
2021-12-15 17:41:05 -08:00 |
|
Process_Termination_Activity.yaml
|
updating or adding version
|
2021-12-14 20:16:31 -08:00 |
|
RareProcess_ForLxHost.yaml
|
Updating queries with common timestamp param to support future features.
|
2021-09-10 10:10:13 -07:00 |
|
SCXExecuteRunAsProviders.yml
|
updating or adding version
|
2021-12-14 20:16:31 -08:00 |
|
SchedTaskAggregation.yaml
|
Updating queries with common timestamp param to support future features.
|
2021-09-10 10:10:13 -07:00 |
|
SchedTaskEditViaCrontab.yaml
|
Updating queries with common timestamp param to support future features.
|
2021-09-10 10:10:13 -07:00 |
|
Suspicious_ShellScript_Activity.yaml
|
updating or adding version
|
2021-12-14 20:16:31 -08:00 |
|
disabled_account_squid_usage.yaml
|
fixes
|
2021-08-06 14:18:45 -07:00 |
|
squid_abused_tlds.yaml
|
Updating queries with common timestamp param to support future features.
|
2021-09-10 10:10:13 -07:00 |
|
squid_malformed_requests.yaml
|
Updating queries with common timestamp param to support future features.
|
2021-09-10 10:10:13 -07:00 |
|
squid_volume_anomalies.yaml
|
Removed the deprecated MITRE techniques from hunting and detection queries and updating them with the latest ones that seem most appropriate.
|
2021-08-12 10:58:18 -07:00 |
306066418e