issues
search
Bert-JanP
/
Hunting-Queries-Detection-Rules
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
https://kqlquery.com
BSD 3-Clause "New" or "Revised" License
1.1k
stars
202
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Update Mapping.md
#49
BaderAlrowaiei
closed
2 weeks ago
1
Missing "Timestamp" and "union" in TheArtOfKnowingYourData.md
#48
ep3p
closed
3 weeks ago
1
Defender For Cloud Apps /MITREBehaviors.md cannot pull from Behaviorinfo/BehaviorEntities tables
#47
verdensdalle
closed
4 weeks ago
1
Update nf_ransomware_leaksite_monitoring.md
#46
m4nbat
closed
1 month ago
2
Create nf_ransomware_leaksite_monitoring.md
#45
m4nbat
closed
1 month ago
1
Microsoft Defender Issue
#43
taremooo
closed
1 month ago
1
Update ttp_t1127-001_suspNetworkConnMSBuild.md
#42
BaderAlrowaiei
closed
2 months ago
1
Update Mapping.md
#41
BaderAlrowaiei
closed
2 months ago
1
Add monitoring for cloud break glass accounts
#40
erikgruetter
closed
2 months ago
3
Create UrlClickEvents.me
#39
guys1444
closed
2 months ago
1
`MonitorDelegations` Added
#38
babakmhz
closed
3 months ago
1
Create NTDSDitFileModifications.md
#37
inodee
closed
3 months ago
1
URL and Spelling
#36
BaderAlrowaiei
closed
4 months ago
1
Create nf_ttp_smoke-sandstorm_unusual_coreuicomponent.dll-behaviour.md
#35
m4nbat
closed
5 months ago
0
Create nf_ttp_t1547-001_yellowcockatoo_powershell_create_link_in_startup
#34
m4nbat
closed
5 months ago
1
Update and rename nf_ttp_t1543_scattered-spider_azure_arc_persistence…
#33
m4nbat
closed
5 months ago
1
Create nf_ttp_t1543_peach-sandstorm_azure_arc_persistence.md
#32
m4nbat
closed
5 months ago
1
Create nf_ttp_t1562.001_scattered-spider_abuse conditional_access_tru…
#31
m4nbat
closed
5 months ago
0
Create nf_ttp_t1566-001_ipfs_phishing.md
#30
m4nbat
closed
5 months ago
1
Update Email - ExecutableFileRecieved.md
#29
cyb3rmik3
closed
5 months ago
1
Create ttp_t1562-001_disabledefender.md
#28
m4nbat
closed
6 months ago
0
Create ttp_t1219_netsupportrat_fin7.md
#27
m4nbat
closed
6 months ago
0
Create ttp_t1127-001_suspNetworkConnMSBuild.md
#26
m4nbat
closed
6 months ago
0
Create ttp_t1059-001_powershell_windowsappsdir_fin7.md
#25
m4nbat
closed
6 months ago
0
Create ttp_t1027-010_powershellEncodedCommand.md
#24
m4nbat
closed
6 months ago
2
Create Detect_Known_RAT_RMM_Process_Patterns.md
#23
inodee
closed
6 months ago
1
Adding `Webshell Detection`
#22
babakmhz
closed
6 months ago
4
Create Rare_Outgoing_IPv4_Connections.md
#21
inodee
closed
8 months ago
1
Fixed a typo in README.md
#20
saakshii12
closed
8 months ago
0
Update README.md
#19
mishrasamiksha
closed
8 months ago
0
Fixed a Typo in README.md
#18
prajjwalyd
closed
8 months ago
0
geo_info_from_ip_address not available in MDE AH
#17
mezzofix
closed
9 months ago
1
Update Curl-CVE-2023-38545.md
#16
fklapper
closed
9 months ago
1
Update Behavior - InboundConnectionFromMaliciousIP.md
#15
Lodewyk-Git
closed
10 months ago
6
custom rules fails to decode base64 encoded string
#14
mezzofix
closed
11 months ago
3
Update LocalAccountCreated.md
#13
cyb3rmik3
closed
1 year ago
1
Azure
#12
dazeez
closed
1 year ago
2
Update TI Feed - AbuseCHIPBlacklistFeed.md
#11
WesSec
closed
1 year ago
1
Update Email - ExecutableFileRecieved.md
#10
Subratam
closed
1 year ago
2
Flips comparison operator in time filters
#9
Korving-F
closed
1 year ago
2
improve context for each result
#8
lawndoc
closed
1 year ago
2
fix logic and add context
#7
lawndoc
closed
1 year ago
1
fix device count
#6
lawndoc
closed
1 year ago
1
Change principle to principal CloudPersistenceActivityByUserAtRisk.md
#5
ep3p
closed
1 year ago
1
Create Impersonate Execution.md
#4
prashanthpulisetti
closed
1 year ago
1
Update README.md
#3
rod-trent
closed
1 year ago
0
Remove space in MS Exchange Zero Day Sept 2022.md
#2
ep3p
closed
1 year ago
1