| .. |
|
ADAccountLockouts.yaml
|
Update ADAccountLockouts.yaml
|
2020-07-17 16:38:18 -07:00 |
|
CustomUserList_FailedLogons.yaml
|
Documentation links should not include locale - fix and add validations (#678)
|
2020-05-13 15:07:12 +03:00 |
|
ExchangePowerShellSnapin.yaml
|
Update ExchangePowerShellSnapin.yaml
|
2021-03-03 13:40:12 +02:00 |
|
FailedUserLogons.yaml
|
Updating entities and putting in YAML format
|
2019-09-03 15:10:13 -07:00 |
|
GroupAddedToPrivlegeGroup.yaml
|
Add a comment about DnsAdmins and DnsUpdatePorxy
|
2020-06-20 10:31:34 -04:00 |
|
HostExportingMailboxAndRemovingExport.yaml
|
capitalize for consistency
|
2021-03-04 10:54:36 -08:00 |
|
HostsWithNewLogons.yaml
|
fix for partner reported issue
|
2019-10-11 19:02:10 +01:00 |
|
Invoke-PowerShellTcpOneLine.yaml
|
HAFNIUM Queries
|
2021-03-02 13:09:15 -08:00 |
|
Least_Common_Parent_Child_Process.yaml
|
updated to yaml files
|
2020-06-04 18:22:23 -07:00 |
|
Least_Common_Process_Command_Lines.yaml
|
updated to yaml files
|
2020-06-04 18:22:23 -07:00 |
|
Least_Common_Process_With_Depth.yaml
|
updated to yaml files
|
2020-06-04 18:22:23 -07:00 |
|
MultipleExplicitCredentialUsage4648Events.yaml
|
capitalize for consistency
|
2021-03-04 10:54:36 -08:00 |
|
NewChildProcessOfW3WP.yaml
|
removed unecessary extend
|
2021-03-03 15:57:36 -08:00 |
|
NishangReverseTCPShellBase64.yaml
|
formatting
|
2021-03-05 15:34:10 -08:00 |
|
PowerCatDownload.yaml
|
MTPQueries&IOCPlaceholder
|
2021-03-05 15:00:41 -08:00 |
|
ProcdumpofLsass.yaml
|
MTPQueries&IOCPlaceholder
|
2021-03-05 15:00:41 -08:00 |
|
ProcessEntropy.yaml
|
Update ProcessEntropy.yaml
|
2020-11-30 08:43:21 -08:00 |
|
RareProcbyServiceAccount.yaml
|
Removing unicod chars
|
2021-01-31 12:59:07 -08:00 |
|
RareProcessPath.yaml
|
correcting query text to fix yaml parsing
|
2020-02-11 13:02:51 -08:00 |
|
RareProcessWithCmdLine.yaml
|
Update RareProcessWithCmdLine.yaml
|
2020-10-16 11:43:59 -07:00 |
|
RareProcess_forWinHost.yaml
|
These queries do not work as expansion. Converted to hunting
|
2020-07-26 20:17:45 +03:00 |
|
Suspicious_Windows_Login_outside_normal_hours.yaml
|
changes per PR Review
|
2020-09-01 12:56:22 -07:00 |
|
Suspicious_enumeration_using_adfind.yaml
|
capitalize for consistency
|
2021-03-04 10:54:36 -08:00 |
|
User Logons By Logon Type.yaml
|
Updating entities and putting in YAML format
|
2019-09-03 15:10:13 -07:00 |
|
UserAccountAddedToPrivlegeGroup.yaml
|
Documentation links should not include locale - fix and add validations (#678)
|
2020-05-13 15:07:12 +03:00 |
|
UserAccountCreatedDeleted.yaml
|
Updating entities and putting in YAML format
|
2019-09-03 15:10:13 -07:00 |
|
UserAdd_RemToGroupByUnauthorizedUser.yaml
|
Updating entities and putting in YAML format
|
2019-09-03 15:10:13 -07:00 |
|
UserCreatedByUnauthorizedUser.yaml
|
Updating entities and putting in YAML format
|
2019-09-03 15:10:13 -07:00 |
|
VIPAccountFailedLogons.yaml
|
Updating entities and putting in YAML format
|
2019-09-03 15:10:13 -07:00 |
|
Windows System Shutdown-Reboot(T1529)
|
Update Windows System Shutdown-Reboot(T1529)
|
2021-03-02 21:39:12 -08:00 |
|
WindowsSystemTimeChange.yaml
|
Update WindowsSystemTimeChange.yaml
|
2020-10-27 10:33:23 -07:00 |
|
cscript_summary.yaml
|
Removing unicod chars
|
2021-01-31 12:59:07 -08:00 |
|
enumeration_user_and_group.yaml
|
Updating entities and putting in YAML format
|
2019-09-03 15:10:13 -07:00 |
|
masquerading_files.yaml
|
Updating entities and putting in YAML format
|
2019-09-03 15:10:13 -07:00 |
|
new_processes.yaml
|
missed a couple timestamps
|
2019-09-04 08:35:55 -07:00 |
|
persistence_create_account.yaml
|
Updating entities and putting in YAML format
|
2019-09-03 15:10:13 -07:00 |
|
powershell_downloads.yaml
|
missed a couple timestamps
|
2019-09-04 08:35:55 -07:00 |
|
powershell_newencodedscipts.yaml
|
missed a couple timestamps
|
2019-09-04 08:35:55 -07:00 |
|
uncommon_processes.yaml
|
Updating entities and putting in YAML format
|
2019-09-03 15:10:13 -07:00 |
