Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
Azure-Sentinel/Detections
История
aprakash13 37c99ad126
Merge pull request #4233 from ep3p/patch-2 
Fix QueryFrequency in AnomalousIPUsageFollowedByTeamsAction.yaml
 		2022-04-25 02:48:54 -07:00
..
ASimAuthentication Fix template version format 2022-04-04 13:49:49 +03:00
ASimDNS remove-tabs-from-detections 2022-04-10 10:27:06 +03:00
ASimFileEvent Updated version 2022-03-02 15:09:46 -08:00
ASimNetworkSession remove-tabs-from-detections 2022-04-10 10:27:06 +03:00
ASimProcess Updated version 2022-03-02 15:09:46 -08:00
ASimWebSession remove-tabs-from-detections 2022-04-10 10:27:06 +03:00
AWSCloudTrail Fixed typos in descriptions 2022-02-08 09:37:38 -08:00
AWSGuardDuty Fixing typo 2022-02-09 00:47:34 +05:30
AlsidForAD return sub techniques 2022-01-17 17:53:26 +02:00
AuditLogs Update NRT_PrivlegedRoleAssignedOutsidePIM.yaml 2022-04-22 19:16:41 +05:30
AzureActivity Update NRT_Creation_of_Expensive_Computes_in_Azure.yaml 2022-03-31 23:46:19 +05:30
AzureAppServices add Scheduled kind to all exisitng templates (solutions + detections) 2021-10-19 16:51:50 +03:00
AzureDevOpsAuditing return sub techniques 2022-01-17 17:53:26 +02:00
AzureDiagnostics New NRT Rules Created 2022-02-07 15:31:00 -08:00
AzureFirewall add support for techniques in validations 2022-01-16 13:33:29 +02:00
CiscoUmbrella Merge branch 'master' into ashwin/connector-fixes 2021-12-08 17:45:20 -08:00
Cognni add Scheduled kind to all exisitng templates (solutions + detections) 2021-10-19 16:51:50 +03:00
CommonSecurityLog Merge pull request #4684 from Azure/ashwin/fusion-panthreatscenario 2022-04-22 06:58:20 -07:00
CyberpionSecurityLogs add Scheduled kind to all exisitng templates (solutions + detections) 2021-10-19 16:51:50 +03:00
DeviceEvents Updates 4 more scheduled alert rule techniques. 2022-02-23 13:02:50 +02:00
DeviceFileEvents Updates 4 more scheduled alert rule techniques. 2022-02-23 13:02:50 +02:00
DeviceNetworkEvents Corrects multiple detection rule's techniques-tactics mappings. 2022-02-23 09:50:47 +02:00
DeviceProcessEvents Corrects Algorithm Entity values for Solarwinds scheduled alert rules. 2022-02-01 17:33:19 +02:00
DnsEvents New NRT Rules Created 2022-02-07 15:31:00 -08:00
Duo Security add Scheduled kind to all exisitng templates (solutions + detections) 2021-10-19 16:51:50 +03:00
EsetSMC add Scheduled kind to all exisitng templates (solutions + detections) 2021-10-19 16:51:50 +03:00
GitHub add Scheduled kind to all exisitng templates (solutions + detections) 2021-10-19 16:51:50 +03:00
Heartbeat Removing new tactic 2021-12-01 11:51:20 +01:00
LAQueryLogs Update Scheduled 2021-11-11 11:19:31 +01:00
MultipleDataSources Merge pull request #4233 from ep3p/patch-2 2022-04-25 02:48:54 -07:00
OfficeActivity Project Original Parameters 2022-04-18 16:00:41 +02:00
ProofpointPOD Update ProofpointPODEmailSenderIPinTIList.yaml 2021-12-01 16:17:01 -08:00
PulseConnectSecure add Scheduled kind to all exisitng templates (solutions + detections) 2021-10-19 16:51:50 +03:00
QualysVM add Scheduled kind to all exisitng templates (solutions + detections) 2021-10-19 16:51:50 +03:00
QualysVMV2 Update NewHighSeverityVulnDetectedAcrossMulitpleHostsV2.yaml 2021-12-07 17:14:29 +02:00
SecurityAlert Update AVTarrask.yaml 2022-04-12 08:25:26 -07:00
SecurityEvent Merge pull request #4525 from samikroy/patch-18 2022-04-22 07:53:46 -07:00
SecurityNestedRecommendation Detection query for Vulnerable Machines related to log4j CVE-2021-44228 using Microsoft Defender for Cloud data 2021-12-14 10:52:52 -08:00
SigninLogs Ignore expired token due to signin frequency expired 2022-04-21 10:07:46 +02:00
SymantecVIP add Scheduled kind to all exisitng templates (solutions + detections) 2021-10-19 16:51:50 +03:00
Syslog query fixes 2022-03-14 11:26:59 -07:00
ThreatIntelligenceIndicator Merge pull request #3934 from ep3p/patch-16 2022-04-22 14:32:50 -07:00
TrendMicroXDR Update Create Incident for XDR Alerts (Medium & Low).yaml 2021-11-09 19:31:20 -08:00
VectraAI Update VectraDetect-Host-by-Severity.yaml 2022-02-08 11:08:44 +02:00
W3CIISLog add Scheduled kind to all exisitng templates (solutions + detections) 2021-10-19 16:51:50 +03:00
WindowsEvent Merge pull request #4237 from yaelrbergman/patch-2 2022-03-17 11:46:34 +02:00
ZoomLogs add support for techniques in validations 2022-01-16 13:33:29 +02:00
http_proxy_oab_CL add Scheduled kind to all exisitng templates (solutions + detections) 2021-10-19 16:51:50 +03:00
readme.md Updating the name from “Azure Sentinel” to “Microsoft Sentinel” for Detection and Hunting Queries. 2021-11-09 18:41:23 -08:00

readme.md

About

This folder contains Detections based on different types of data sources that you can leverage in order to create alerts and respond to threats in your environment.

For general information please start with the Wiki pages.

More Specific to Detections:

  • Contribute to Analytic Templates (Detections) and Hunting queries
  • Specifics on what is required for Detections and Hunting queries is in the Query Style Guide
  • These detections are written using KQL query langauge and will provide you a starting point to protect your environment and get familiar with the different data tables.
  • To enable these detections in your environment follow the out of the box guidance (Notice that after a detection is available in this GitHub, it might take up to 2 weeks before it is available in Microsoft Sentinel portal).
  • The rule created will run the query on the scheduled time that was defined, and trigger an alert that will be seen both in the SecurityAlert table and in a case in the Incidents tab

Feedback

For questions or feedback, please contact AzureSentinel@microsoft.com