История

v-ampami f76b6ed5bd Merge branch 'master' into ubiquiti_data_conn		2021-03-30 13:02:25 +05:30
..
AWSCloudTrail	updated empty connector, moved Teams queries into OfficeActivity, updated some entity mappings	2021-02-04 15:31:02 -08:00
AWSS3	updated empty connector, moved Teams queries into OfficeActivity, updated some entity mappings	2021-02-04 15:31:02 -08:00
AuditLogs	adding entities and fixing up some mappings	2021-03-21 12:36:33 -07:00
AzureActivity	adding in timegenerated and using has	2021-03-21 19:53:36 -07:00
AzureDevOpsAuditing	Update ADOVariableCreatedDeleted.yaml	2021-02-18 08:21:34 -08:00
AzureDiagnostics	fixed missing datatype to align with other	2020-07-23 16:24:40 -07:00
AzureStorage	Multiple Fixes	2021-02-25 16:28:52 +00:00
BehaviorAnalytics	updated empty connector, moved Teams queries into OfficeActivity, updated some entity mappings	2021-02-04 15:31:02 -08:00
DnsEvents	capitalize for consistency	2021-03-04 10:54:36 -08:00
GitHub	updated empty connector, moved Teams queries into OfficeActivity, updated some entity mappings	2021-02-04 15:31:02 -08:00
LAQueryLogs	🐛 Remove NBSPs where they break API interaction	2020-12-11 12:57:34 +00:00
MultipleDataSources	Merge pull request #2022 from thmcelro/Tom-Exchange-Queries	2021-03-25 11:38:27 -07:00
OfficeActivity	Merge pull request #1802 from Azure/shainw-fixuphunt	2021-03-09 10:25:34 -08:00
ProofpointPOD	updated detections and hutnig queries of Cisco Umbrella, Cisco ISE and Proofpoint POD	2021-01-13 14:43:42 +02:00
SQLServer	Updated Queries	2020-07-29 20:05:49 +05:30
SecurityAlert	Fixes for IP, User, Process	2020-10-20 17:48:45 -07:00
SecurityEvent	Merge pull request #1881 from Azure/pebryan/2021-3-5_HAFNIUM2	2021-03-05 15:50:58 -08:00
SigninLogs	Adding in timeframe to support other features	2021-03-21 20:27:29 -07:00
Syslog	Update RareProcess_ForLxHost.yaml	2020-10-19 11:32:11 -07:00
ThreatIntelligenceIndicator	Add ThreatIntelligenceTaxii as data connector	2020-08-25 10:56:21 +01:00
Ubiquiti	ubiquiti - updated rules and queries	2021-03-29 12:27:14 +03:00
W3CIISLog	GUID Updates	2021-03-25 18:31:46 +00:00
WireData	Changing GUIDs of hunting queries that had duplicates from Detection queries	2020-04-13 10:52:12 -07:00
ZoomLogs	updated empty connector, moved Teams queries into OfficeActivity, updated some entity mappings	2021-02-04 15:31:02 -08:00
QUERY_TEMPLATE.md	Couple additional fixes	2021-02-01 08:22:36 -08:00
readme.md	Update readme.md	2020-06-26 11:47:58 -07:00

readme.md

About

This folder contains Hunting Queries based on different types of data sources that you can leverage in order to perform broad threat hunting in your environment.

For general information please start with the Wiki pages.

More Specific to Hunting Queries:

Contribute to Analytic Templates (Detections) and Hunting queries
Specifics on what is required for Detections and Hunting queries is in the Query Style Guide
These hunting queries are written using KQL query langauge and will provide you a starting point to protect your environment and get familiar with the different data tables.
Get started and learn how to hunt for threats in your environment with Azure Sentinel.

Feedback

For questions or feedback, please contact AzureSentinel@microsoft.com