issues
search
microsoft
/
Microsoft-365-Defender-Hunting-Queries
Sample queries for Advanced hunting in Microsoft 365 Defender
MIT License
1.94k
stars
539
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Devices without successful AV scan in the last n days
#438
f-bader
closed
2 years ago
1
Create Suspicious PowerShell curl flags.md
#437
dreadphones
closed
2 years ago
0
specified Windows Powershell
#436
hollsy
closed
2 years ago
1
Create SAM-Name-Changes-CVE-2021-42278
#435
danaim1
closed
2 years ago
1
Create Qakbot Craigslist Domains.md
#434
dreadphones
closed
2 years ago
0
Microsoft-365-Defender-Hunting-Queries/M365-PowerBi Dashboard/: Table 'Software' contains a duplicate value
#433
KhaaliTurbo
opened
3 years ago
0
Graph Role Management permission grant and Admin promotion via Admin Directory Role
#432
Cyb3rWard0g
closed
2 years ago
1
Add modification-of-exefile-shell-open-key.md
#431
Karneades
opened
3 years ago
1
Qakbot campaign process injection query is not correct
#430
ionsor
opened
3 years ago
0
Update qakbot-campaign-process-injection.md
#429
ionsor
opened
3 years ago
0
Update insider-threat-detection-queries.md
#428
sei-nitc
opened
3 years ago
0
Create Qakbot Craigslist Domains.md
#427
mcyr5
closed
3 years ago
0
Update Imminent Ransomware.md
#426
endisphotic
closed
3 years ago
0
Create Use of MSBuild as LOLBin.md
#425
dreadphones
closed
3 years ago
0
Create l33tspeak 11 Oct 2021 - externaldata and query partitioning.csl
#424
mjmelone
closed
3 years ago
0
Update Airlift 2021 - Lets Invoke.csl
#423
KustoKing
opened
3 years ago
0
Attack Surface Reduction Rules Device Events
#422
deanpickering
opened
3 years ago
1
Adding Airlift 2021 content
#421
mjmelone
closed
3 years ago
0
Create Suspicious Registry Keys.md
#420
dreadphones
closed
3 years ago
0
Updated to use the new UsbDriveMounted event
#419
mjmelone
opened
3 years ago
0
Updating URL list
#418
mjmelone
closed
3 years ago
0
Update Qakbot discovery activies.md
#417
cbresponse
opened
3 years ago
0
Update DetectTorRelayConnectivity.md
#416
Dylan-J
closed
2 years ago
0
improved malicious SMB named pipe detection
#415
Iveco
closed
2 years ago
0
Create EarthBaku-APT-41-files-domains.txt
#414
Phoenix9032
opened
3 years ago
0
Initial commit for rclone hunting queries
#413
LoZio
opened
3 years ago
1
rclone hashes for all version released
#412
LoZio
closed
3 years ago
1
Create successive-tk-domain-calls.md
#411
alimajalt
closed
3 years ago
0
Create deimos-component-execution.md
#410
alimajalt
closed
3 years ago
0
Update evasive-powershell-executions.md
#409
alimajalt
closed
3 years ago
0
C2 Framework detection by SMB named pipes
#408
Iveco
closed
3 years ago
1
Create JNLP-File-Attachment.md
#407
mcyr5
closed
3 years ago
1
Moving LemonDuck-component-names.md
#406
alimajalt
closed
3 years ago
0
Create LemonDuck-component-download-structure.md
#405
alimajalt
closed
3 years ago
0
Create LemonDuck-defender-exclusions.md
#404
alimajalt
closed
3 years ago
0
Create LemonDuck-competition-killer.md
#403
alimajalt
closed
3 years ago
0
Create LemonDuck-id-generation.md
#402
alimajalt
closed
3 years ago
0
Create LemonDuck-component-names.md
#401
alimajalt
closed
3 years ago
0
Create LemonDuck-control-structure.md
#400
alimajalt
closed
3 years ago
0
Create LemonDuck-registration-function
#399
alimajalt
closed
3 years ago
0
Create LemonDuck-email-subjects
#398
alimajalt
closed
3 years ago
0
Create Stolen Images Execution.md
#397
dreadphones
closed
3 years ago
0
ProxyShell.md
#396
Shivammalaviya
opened
3 years ago
0
Create Processes Created from Files with Non-ASCII Characters.md
#395
mjmelone
opened
3 years ago
0
Create referral-phish-emails.md
#394
alimajalt
closed
3 years ago
0
Create Ousaban Banking Trojan.md
#393
Shivammalaviya
opened
3 years ago
0
Create RunDLL Suspicious Network Connection.md
#392
dreadphones
closed
3 years ago
0
Update Malicious Excel Delivery.md
#391
dreadphones
closed
3 years ago
0
Update Bazacall Emails.md
#390
dreadphones
closed
3 years ago
0
Update Bazacall Emails.md
#389
dreadphones
closed
3 years ago
0
Next