| .. |
|
ADFSDomainTrustMods.yaml
|
Version incremented for Workbook Dodzero and detection queries
|
2023-11-12 02:51:42 +05:30 |
|
AccountCreatedDeletedByNonApprovedUser.yaml
|
Version incremented for Workbook Dodzero and detection queries
|
2023-11-12 02:51:42 +05:30 |
|
AccountCreatedandDeletedinShortTimeframe.yaml
|
Version incremented for Workbook Dodzero and detection queries
|
2023-11-12 02:51:42 +05:30 |
|
AccountElevatedtoNewRole.yaml
|
Business Email Compromise - Financial Fraud
|
2023-11-01 19:59:30 +05:30 |
|
AdditionofaTemporaryAccessPasstoaPrivilegedAccount.yaml
|
Couple more fixes
|
2023-12-14 22:59:43 -08:00 |
|
AdminPromoAfterRoleMgmtAppPermissionGrant.yaml
|
Version incremented for Workbook Dodzero and detection queries
|
2023-11-12 02:51:42 +05:30 |
|
ApplicationIDURIChanged.yaml
|
Couple more fixes
|
2023-12-14 22:59:43 -08:00 |
|
ApplicationRedirectURLUpdate.yaml
|
Couple more fixes
|
2023-12-14 22:59:43 -08:00 |
|
AuthenticationMethodChangedforPrivilegedAccount.yaml
|
Business Email Compromise - Financial Fraud
|
2023-11-01 19:59:30 +05:30 |
|
AzureADRoleManagementPermissionGrant.yaml
|
Version incremented for Workbook Dodzero and detection queries
|
2023-11-12 02:51:42 +05:30 |
|
BulkChangestoPrivilegedAccountPermissions.yaml
|
Version incremented for Workbook Dodzero and detection queries
|
2023-11-12 02:51:42 +05:30 |
|
ChangestoApplicationLogoutURL.yaml
|
Adjusting identifier count per entity type
|
2023-12-14 22:41:39 -08:00 |
|
ChangestoApplicationOwnership.yaml
|
version updated
|
2024-01-08 10:37:35 +05:30 |
|
ChangestoPIMSettings.yaml
|
Adjusting identifier count per entity type
|
2023-12-14 22:41:39 -08:00 |
|
ConditionalAccessPolicyModifiedbyNewUser.yaml
|
Adjusting identifier count per entity type
|
2023-12-14 22:41:39 -08:00 |
|
CredentialAddedAfterAdminConsent.yaml
|
Version incremented for Workbook Dodzero and detection queries
|
2023-11-12 02:51:42 +05:30 |
|
Cross-tenantAccessSettingsOrganizationAdded.yaml
|
Version incremented for Workbook Dodzero and detection queries
|
2023-11-12 02:51:42 +05:30 |
|
Cross-tenantAccessSettingsOrganizationDeleted.yaml
|
Version incremented for Workbook Dodzero and detection queries
|
2023-11-12 02:51:42 +05:30 |
|
Cross-tenantAccessSettingsOrganizationInboundCollaborationSettingsChanged.yaml
|
Version incremented for Workbook Dodzero and detection queries
|
2023-11-12 02:51:42 +05:30 |
|
Cross-tenantAccessSettingsOrganizationInboundDirectSettingsChanged.yaml
|
Version incremented for Workbook Dodzero and detection queries
|
2023-11-12 02:51:42 +05:30 |
|
Cross-tenantAccessSettingsOrganizationOutboundCollaborationSettingsChanged.yaml
|
Version incremented for Workbook Dodzero and detection queries
|
2023-11-12 02:51:42 +05:30 |
|
Cross-tenantAccessSettingsOrganizationOutboundDirectSettingsChanged.yaml
|
Version incremented for Workbook Dodzero and detection queries
|
2023-11-12 02:51:42 +05:30 |
|
End-userconsentstoppedduetorisk-basedconsent.yaml
|
Adjusting identifier count per entity type
|
2023-12-14 22:41:39 -08:00 |
|
FirstAppOrServicePrincipalCredential.yaml
|
Version incremented for Workbook Dodzero and detection queries
|
2023-11-12 02:51:42 +05:30 |
|
GuestAccountsAddedinAADGroupsOtherThanTheOnesSpecified.yaml
|
Version incremented for Workbook Dodzero and detection queries
|
2023-11-12 02:51:42 +05:30 |
|
GuestUsersInvitedtoTenantbyNewInviters.yaml
|
Adjusting identifier count per entity type
|
2023-12-14 22:41:39 -08:00 |
|
MailPermissionsAddedToApplication.yaml
|
Analytic rules version incremented
|
2023-11-12 13:42:10 +05:30 |
|
MaliciousOAuthApp_O365AttackToolkit.yaml
|
Analytic rules version incremented
|
2023-11-12 13:42:10 +05:30 |
|
MaliciousOAuthApp_PwnAuth.yaml
|
Analytic rules version incremented
|
2023-11-12 13:42:10 +05:30 |
|
MultipleAdmin_membership_removals_from_NewAdmin.yaml
|
Analytic rules version incremented
|
2023-11-12 13:42:10 +05:30 |
|
NRT_ADFSDomainTrustMods.yaml
|
Analytic rules version incremented
|
2023-11-12 13:42:10 +05:30 |
|
NRT_AuthenticationMethodsChangedforVIPUsers.yaml
|
Analytic rules version incremented
|
2023-11-12 13:42:10 +05:30 |
|
NRT_NewAppOrServicePrincipalCredential.yaml
|
Analytic rules version incremented
|
2023-11-12 13:42:10 +05:30 |
|
NRT_PIMElevationRequestRejected.yaml
|
Analytic rules version incremented
|
2023-11-12 13:42:10 +05:30 |
|
NRT_PrivlegedRoleAssignedOutsidePIM.yaml
|
Analytic rules version incremented
|
2023-11-12 13:42:10 +05:30 |
|
NRT_UseraddedtoPrivilgedGroups.yaml
|
Analytic rules version incremented
|
2023-11-12 13:42:10 +05:30 |
|
NewAppOrServicePrincipalCredential.yaml
|
Analytic rules version incremented
|
2023-11-12 13:42:10 +05:30 |
|
NewExtUserGrantedAdmin.yaml
|
version update
|
2023-03-01 00:06:08 +05:30 |
|
PIMElevationRequestRejected.yaml
|
Analytic rules version incremented
|
2023-11-12 13:42:10 +05:30 |
|
PrivilegedAccountPermissionsChanged.yaml
|
Business Email Compromise - Financial Fraud
|
2023-11-01 19:59:30 +05:30 |
|
PrivlegedRoleAssignedOutsidePIM.yaml
|
Analytic rules version incremented
|
2023-11-12 13:42:10 +05:30 |
|
RareApplicationConsent.yaml
|
Analytic rules version incremented
|
2023-11-12 13:42:10 +05:30 |
|
ServicePrincipalAssignedAppRoleWithSensitiveAccess.yaml
|
Fixing up remaining AuditLog detections with entity mappings
|
2023-12-29 16:19:59 -08:00 |
|
ServicePrincipalAssignedPrivilegedRole.yaml
|
Update ServicePrincipalAssignedPrivilegedRole.yaml
|
2024-02-27 06:56:33 -08:00 |
|
SuspiciousLinkingofExternalIdtoExistingUsers.yaml
|
Fixing up remaining AuditLog detections with entity mappings
|
2023-12-29 16:19:59 -08:00 |
|
SuspiciousOAuthApp_OfflineAccess.yaml
|
Analytic rules version incremented
|
2023-11-12 13:42:10 +05:30 |
|
SuspiciousServicePrincipalcreationactivity.yaml
|
Analytic rules version incremented
|
2023-11-12 13:42:10 +05:30 |
|
URLAddedtoApplicationfromUnknownDomain.yaml
|
version updated
|
2024-01-08 10:37:35 +05:30 |
|
UserAccountCreatedUsingIncorrectNamingFormat.yaml
|
Fixing up remaining AuditLog detections with entity mappings
|
2023-12-29 16:19:59 -08:00 |
|
UserAddedtoAdminRole.yaml
|
Business Email Compromise - Financial Fraud
|
2023-11-01 19:59:30 +05:30 |
|
UserAssignedPrivilegedRole.yaml
|
Analytic rules version incremented
|
2023-11-12 13:42:10 +05:30 |
|
UserStatechangedfromGuesttoMember.yaml
|
Fixing up remaining AuditLog detections with entity mappings
|
2023-12-29 16:19:59 -08:00 |
|
Useraccountcreatedwithoutexpectedattributesdefined.yaml
|
Fixing up remaining AuditLog detections with entity mappings
|
2023-12-29 16:19:59 -08:00 |
|
UseraddedtoPrivilgedGroups.yaml
|
Validation error removed
|
2023-11-12 14:24:14 +05:30 |
|
nrt_FirstAppOrServicePrincipalCredential.yaml
|
Analytic rules version incremented
|
2023-11-12 13:42:10 +05:30 |
