Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
Azure-Sentinel/Detections/SecurityEvent
История
Tiago Duarte ac62bd58bb
Added missing TargetUserName and TargetDomainName 
Added missing TargetUserName and TargetDomainName as the rule was failing after the last update
 		2023-12-22 13:19:44 +00:00
..
AADHealthMonAgentRegKeyAccess.yaml Version misses 2023-12-14 20:55:42 -08:00
AADHealthSvcAgentRegKeyAccess.yaml Adding FullName 2023-12-14 20:47:06 -08:00
ADFSAbnormalEnhancedKeyUsageAttribute-OID.yaml Adding FullName 2023-12-14 20:47:06 -08:00
ADFSDBNamedPipeConnection.yaml updating Version 2023-03-01 14:42:57 +05:30
ADFSRemoteAuthSyncConnection.yaml updating Version 2023-03-01 14:42:57 +05:30
ADFSRemoteHTTPNetworkConnection.yaml updating Version 2023-03-01 14:42:57 +05:30
AccessibilityFeaturesModification.yaml Adding FullName 2023-12-14 20:47:06 -08:00
AdminSDHolder_Modifications.yaml Adding FullName 2023-12-14 20:47:06 -08:00
COMEventSystemLoadingNewDLL.yaml Adding FullName 2023-12-14 20:47:06 -08:00
CredentialDumpingServiceInstallation.yaml updating Version 2023-03-01 14:42:57 +05:30
CredentialDumpingToolsFileArtifacts.yaml updating Version 2023-03-01 14:42:57 +05:30
DSRMAccountAbuse.yaml Adding FullName 2023-12-14 20:47:06 -08:00
DumpingLSASSProcessIntoaFile.yaml updating Version 2023-03-01 14:42:57 +05:30
ExcessiveLogonFailures.yaml updating Version 2023-03-01 14:42:57 +05:30
ExchangeOABVirtualDirectoryAttributeContainingPotentialWebshell.yaml updating Version 2023-03-01 14:42:57 +05:30
FakeComputerAccountCreated.yaml Adjusting identifier count per entity type 2023-12-14 22:41:39 -08:00
GainCodeExecutionADFSViaSMB.yaml updating Version 2023-03-01 14:42:57 +05:30
GroupCreatedAddedToPrivlegeGroup_1h.yaml Adjusting identifier count per entity type 2023-12-14 22:41:39 -08:00
LateralMovementViaDCOM.yaml updating Version 2023-03-01 14:42:57 +05:30
LocalDeviceJoinInfoAndTransportKeyRegKeysAccess.yaml Analytic rules version incremented 2023-11-12 13:42:10 +05:30
MacroInvokingShellBrowserWindowCOMObjects.yaml updating Version 2023-03-01 14:42:57 +05:30
MidnightBlizzard_SuspiciousRundll32Exec.yaml Adjusting identifier count per entity type 2023-12-14 22:41:39 -08:00
MidnightBlizzard_SuspiciousScriptRegistryWrite.yaml Adding FullName 2023-12-14 20:47:06 -08:00
MultipleFailedFollowedBySuccess.yaml updating Version 2023-03-01 14:42:57 +05:30
NRT_SecurityEventLogCleared.yaml updating Version 2023-03-01 14:42:57 +05:30
NRT_base64_encoded_pefile.yaml updating Version 2023-03-01 14:42:57 +05:30
NRT_execute_base64_decodedpayload.yaml updating Version 2023-03-01 14:42:57 +05:30
NewEXEdeployedviaDefaultDomainorDefaultDomainControllerPolicies.yaml updating Version 2023-03-01 14:42:57 +05:30
NonDCActiveDirectoryReplication.yaml updating Version 2023-03-01 14:42:57 +05:30
PotenialResourceBasedConstrainedDelegationAbuse.yaml Adjusting identifier count per entity type 2023-12-14 22:41:39 -08:00
PotentialBuildProcessCompromise.yaml Adding FullName 2023-12-14 20:47:06 -08:00
PotentialFodhelperUACBypass.yaml updating Version 2023-03-01 14:42:57 +05:30
PotentialKerberoast.yaml Adding FullName 2023-12-14 20:47:06 -08:00
PotentialRemoteDesktopTunneling.yaml updating Version 2023-03-01 14:42:57 +05:30
Potentialre-namedsdeleteusage.yaml updating Version 2023-03-01 14:42:57 +05:30
RDP_MultipleConnectionsFromSingleSystem.yaml Adding FullName 2023-12-14 20:47:06 -08:00
RDP_Nesting.yaml Adding FullName 2023-12-14 20:47:06 -08:00
RDP_RareConnection.yaml Adding FullName 2023-12-14 20:47:06 -08:00
RegistryPersistenceViaAppCertDLLModification.yaml updating Version 2023-03-01 14:42:57 +05:30
RegistryPersistenceViaAppInt_DLLsModification.yaml updating Version 2023-03-01 14:42:57 +05:30
ScheduleTaskHide.yaml version update 2023-03-01 17:36:16 +05:30
SdeletedeployedviaGPOandrunrecursively.yaml version update 2023-03-01 17:36:16 +05:30
SecurityEventLogCleared.yaml version update 2023-03-01 17:36:16 +05:30
SilkTyphoonNewUMServiceChildProcess.yaml Adding FullName 2023-12-14 20:47:06 -08:00
SilkTyphoonSuspiciousUMServiceError.yaml Adding FullName 2023-12-14 20:47:06 -08:00
SolorigateNamedPipe.yaml Adding FullName 2023-12-14 20:47:06 -08:00
StartStopHealthService.yaml version update 2023-03-01 17:36:16 +05:30
TimeSeriesAnomaly-ProcessExecutions.yaml version update 2023-03-01 17:36:16 +05:30
UserAccountAdd-Removed.yaml Adding FullName 2023-12-14 20:47:06 -08:00
UserAccountAddedToPrivlegeGroup_1h.yaml Adjusting identifier count per entity type 2023-12-14 22:41:39 -08:00
UserAccountCreatedDeleted_10m.yaml Adjusting identifier count per entity type 2023-12-14 22:41:39 -08:00
UserAccountEnabledDisabled_10m.yaml Added missing TargetUserName and TargetDomainName 2023-12-22 13:19:44 +00:00
UserCreatedAddedToBuiltinAdmins_1d.yaml Adjusting identifier count per entity type 2023-12-14 22:41:39 -08:00
UserPrincipalNameAssignedToUserAccount.yaml Adjusting identifier count per entity type 2023-12-14 22:41:39 -08:00
WDigestDowngradeAttack.yaml version update 2023-03-01 17:36:16 +05:30
WindowsBinariesExecutedfromNon-DefaultDirectory.yaml version update 2023-03-01 17:36:16 +05:30
WindowsBinariesLolbinsRenamed.yaml version update 2023-03-01 17:36:16 +05:30
base64_encoded_pefile.yaml updating Version 2023-03-01 14:42:57 +05:30
execute_base64_decodedpayload.yaml updating Version 2023-03-01 14:42:57 +05:30
gte_6_FailedLogons_10m.yaml Adding FullName 2023-12-14 20:47:06 -08:00
malware_in_recyclebin.yaml updating Version 2023-03-01 14:42:57 +05:30
password_never_expires.yaml Adjusting identifier count per entity type 2023-12-14 22:41:39 -08:00
password_not_set.yaml updating Version 2023-03-01 14:42:57 +05:30
powershell_empire.yaml updating Version 2023-03-01 14:42:57 +05:30