1
0
Форкнуть 0
Sample queries for Advanced hunting in Microsoft 365 Defender
Перейти к файлу
tali-ash efa17a600b
Update README.md
2022-02-17 10:59:25 +02:00
Campaigns Create Devices with Log4j vulnerability alerts and additional other alert related context.md 2022-01-11 15:46:16 -08:00
Collection title updates, see-also, typos 2021-03-09 17:56:58 -05:00
Command and Control Update C2-NamedPipe.md 2021-08-17 20:44:30 +02:00
Credential Access New AHQ 2021-03-05 10:32:46 -08:00
Defense evasion title updates, see-also, typos 2021-03-09 17:56:58 -05:00
Delivery Update Qakbot Craigslist Domains.md 2021-11-02 12:45:44 -07:00
Discovery title updates, see-also, typos 2021-03-09 17:56:58 -05:00
Email Queries Update JNLP-File-Attachment.md 2021-08-12 15:26:51 -07:00
Execution Create Detect PowerShell v2 Downgrade.md 2021-04-16 12:01:53 -04:00
Exfiltration Update detect-exfiltration-after-termination.md 2022-01-16 17:04:25 +02:00
Exploits Update CVE-2021-36934 usage detection.md 2022-01-16 17:06:27 +02:00
Fun Update Make FolderPath Vogon Poetry.md 2020-09-01 14:02:39 -04:00
General queries Update Events surrounding alert.txt 2022-01-19 17:12:13 +02:00
Impact Merge pull request #231 from martyav/ransomware-healthcare-misc 2020-11-11 13:28:21 +02:00
Initial access Update Check for Maalware Baazar (abuse.ch) hashes in your mail flow.md 2022-01-16 17:12:54 +02:00
Lateral Movement Change CSL to TXT 2021-02-22 15:11:44 +02:00
M365-PowerBi Dashboard Add files via upload 2021-06-20 08:40:59 +03:00
Network Change CSL to TXT 2021-02-22 15:11:44 +02:00
Notebooks Add files via upload 2021-04-26 18:57:58 +03:00
Persistence title updates, see-also, typos 2021-03-09 17:56:58 -05:00
Privilege escalation Rename SAM-Name-Changes-CVE-2021-42278 to SAM-Name-Changes-CVE-2021-42278.md 2021-12-16 09:54:50 +02:00
Protection events Update ExploitGuardBlockOfficeChildProcess.txt 2022-01-19 17:13:26 +02:00
Ransomware Update IcedId attachments.md 2022-01-16 17:15:32 +02:00
TVM Update devices_with_vuln_and_users_received_payload.md 2022-01-19 17:14:34 +02:00
Troubleshooting Updating URL list 2021-09-17 10:33:58 -04:00
Webcasts Create l33tspeak 11 Oct 2021 - externaldata and query partitioning.csl 2021-10-11 11:25:09 -04:00
.gitignore Initial commit 2018-03-18 05:07:43 -07:00
00-query-submission-template.md Update 00-query-submission-template.md 2021-02-15 15:11:31 +02:00
CODE_OF_CONDUCT.md Create CODE_OF_CONDUCT.md 2020-04-22 15:48:37 +03:00
LICENSE Initial commit 2018-03-18 05:07:47 -07:00
MTPAHCheatSheetv01-dark.pdf Add files via upload 2020-07-06 13:45:51 +04:00
MTPAHCheatSheetv01-light.pdf Add files via upload 2020-07-06 13:45:51 +04:00
README.md Update README.md 2022-02-17 10:59:25 +02:00
SECURITY.md Create SECURITY.md 2020-04-22 15:49:02 +03:00

README.md

page_type languages products description
sample
kusto
Microsoft 365 Defender
Microsoft 365 Defender repository for Advanced Hunting

Deprecated

We moved to Microsoft threat protection community, the unified Microsoft Sentinel and Microsoft 365 Defender repository.

Microsoft SIEM and XDR Community provides a forum for the community members, aka, Threat Hunters, to join in and submit these contributions via GitHub Pull Requests or contribution ideas as GitHub Issues. Hunting queries for Microsoft 365 Defender will provide value to both Microsoft 365 Defender and Microsoft Sentinel products, hence a multiple impact for a single contribution. These contributions can be just based on your idea of the value to enterprise your contribution provides or can be from the GitHub open issues list or even enhancements to existing contributions.