Microsoft-365-Defender-Hunting-Queries

История

tali-ash 8ff24d70e9 Update ExploitGuardBlockOfficeChildProcess.txt		2022-01-19 17:13:26 +02:00
..
AV Detections with Source.txt	Update AV Detections with Source.txt	2020-05-14 08:45:15 +03:00
AV Detections with USB Disk Drive.txt	Update AV Detections with USB Disk Drive.txt	2020-05-14 08:49:10 +03:00
Antivirus detections.txt	Update Antivirus detections.txt	2021-01-27 09:19:02 +02:00
ExploitGuardASRStats.txt	Count by DeviceId is more accurate	2020-06-21 08:49:50 +03:00
ExploitGuardAsrDescriptions.txt	Added new ASR rules	2020-05-28 20:18:25 +02:00
ExploitGuardBlockOfficeChildProcess.txt	Update ExploitGuardBlockOfficeChildProcess.txt	2022-01-19 17:13:26 +02:00
ExploitGuardControlledFolderAccess.txt	Update ExploitGuardControlledFolderAccess.txt	2020-04-22 11:47:20 +03:00
ExploitGuardNetworkProtectionEvents.txt	Merge branch 'master' into master	2020-04-22 13:46:43 +03:00
ExploitGuardStats.txt	Update github queries to use the new advanced hunting device schema	2020-01-05 15:46:07 +02:00
PUA ThreatName per Computer.txt	Update PUA ThreatName per Computer.txt	2021-01-26 14:23:32 +02:00
README.md	Change folder heirarchy - removing parent folder Hunting Queries, and moving 2 queries into a new Exploits folder	2018-03-22 09:31:29 +02:00
SmartScreen URL block ignored by user.txt	Update github queries to use the new advanced hunting device schema	2020-01-05 15:46:07 +02:00
SmartScreen app block ignored by user.txt	Update github queries to use the new advanced hunting device schema	2020-01-05 15:46:07 +02:00
Windows filtering events (Firewall).txt	Update github queries to use the new advanced hunting device schema	2020-01-05 15:46:07 +02:00
WindowsDefenderAVEvents.txt	Requested update complete	2019-04-01 04:50:26 -07:00

README.md

This folder contains queries on Windows Defender suite block events (as well as block-audit events when in ExploitGuard audit mode). This includes Windows Defender Antivirus, Exploit Guard, SmartScreen, and more.