История

gitj121 305e9350ad Adding with changes		2021-12-13 18:40:12 -08:00
..
ASimProcess	Blog Support Queries	2021-11-17 19:34:51 -08:00
AWSCloudTrail	more fixes	2021-08-06 14:29:41 -07:00
AWSS3	Fixes	2021-08-06 14:12:37 -07:00
AuditLogs	Merge pull request #1605 from setprice2245/patch-1	2021-11-21 11:51:53 -08:00
AzureActivity	Removing comments & minor fixes	2021-11-22 16:03:12 +00:00
AzureDevOpsAuditing	Removed the deprecated MITRE techniques from hunting and detection queries and updating them with the latest ones that seem most appropriate.	2021-08-12 10:58:18 -07:00
AzureDiagnostics	Update WAF_log4j_vulnerability.yaml	2021-12-13 08:52:20 -08:00
AzureStorage	Updating queries with common timestamp param to support future features.	2021-09-10 10:10:13 -07:00
BehaviorAnalytics	Updating queries with common timestamp param to support future features.	2021-09-10 10:10:13 -07:00
CommonSecurityLog	Updating queries with common timestamp param to support future features.	2021-09-10 10:10:13 -07:00
DnsEvents	Updating queries with common timestamp param to support future features.	2021-09-10 10:10:13 -07:00
GitHub	Removed the deprecated MITRE techniques from hunting and detection queries and updating them with the latest ones that seem most appropriate.	2021-08-12 10:58:18 -07:00
LAQueryLogs	Merge pull request #2803 from Azure/pebryan/2021-8-9_Watchlists	2021-08-19 13:13:18 -07:00
MultipleDataSources	removed tags	2021-12-06 08:56:50 -08:00
OfficeActivity	Updating queries with common timestamp param to support future features.	2021-09-10 10:10:13 -07:00
ProofpointPOD	Fixes	2021-08-06 14:12:37 -07:00
SQLServer	Updating the name from “Azure Sentinel” to “Microsoft Sentinel” for Detection and Hunting Queries.	2021-11-09 18:41:23 -08:00
SecurityAlert	replacing deprecated parsejson with parse_json	2021-08-17 12:26:48 -07:00
SecurityEvent	Merge pull request #3500 from Azure/shainw-merge2705	2021-11-22 08:05:28 -08:00
SigninLogs	Merge pull request #3176 from thmcelro/tom-low-and-slow	2021-11-21 22:07:15 -08:00
Syslog	Adding with changes	2021-12-13 18:40:12 -08:00
ThreatIntelligenceIndicator	Updating TI queries based on feedback and discussions on this PR - #3477 - and I don't want preferences for a specific environment to be included. This includes generic changes that need to be done.	2021-11-29 13:58:28 -08:00
W3CIISLog	Updating queries with common timestamp param to support future features.	2021-09-10 10:10:13 -07:00
WireData	Removed the deprecated MITRE techniques from hunting and detection queries and updating them with the latest ones that seem most appropriate.	2021-08-12 10:58:18 -07:00
ZoomLogs	Removed the deprecated MITRE techniques from hunting and detection queries and updating them with the latest ones that seem most appropriate.	2021-08-12 10:58:18 -07:00
QUERY_TEMPLATE.md	Couple additional fixes	2021-02-01 08:22:36 -08:00
readme.md	Updating the name from “Azure Sentinel” to “Microsoft Sentinel” for Detection and Hunting Queries.	2021-11-09 18:41:23 -08:00

readme.md

About

This folder contains Hunting Queries based on different types of data sources that you can leverage in order to perform broad threat hunting in your environment.

For general information please start with the Wiki pages.

More Specific to Hunting Queries:

Contribute to Analytic Templates (Detections) and Hunting queries
Specifics on what is required for Detections and Hunting queries is in the Query Style Guide
These hunting queries are written using KQL query langauge and will provide you a starting point to protect your environment and get familiar with the different data tables.
Get started and learn how to hunt for threats in your environment with Microsoft Sentinel.

Feedback

For questions or feedback, please contact AzureSentinel@microsoft.com