issues
search
netevert
/
sentinel-attack
Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
MIT License
1.05k
stars
207
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Question about the whitelist queries
#53
secAnalyst
opened
1 year ago
0
Issue with how workbook queries the CSV storage files.
#52
Networking-G
opened
1 year ago
0
Dashboard error: 'project' operator: Failed to resolve table or column expression named 'process_create_whitelist'...
#51
Networking-G
opened
1 year ago
1
Deploying hunting workbooks error
#50
siuolkl
opened
2 years ago
12
fixed InstallUtil.exe detection
#49
slazaru
closed
1 year ago
0
SysmonEvent13_RegistrySetValue missing from Sysmon function query
#48
mpp-eric-m
opened
3 years ago
0
Process hollowing rule update
#47
heyibrahimkhan
closed
3 years ago
1
Missing page/bad link
#46
rod-trent
closed
3 years ago
2
Incorrect logic in "T1093_Process_Holoowing.txt" KQL
#45
spwn3d1
closed
3 years ago
1
post-deployment configuration will fail if you enter any upper case characters for your workspace
#44
bobsyourmom
opened
4 years ago
0
Fix ConnectNamedPipe
#43
amadeuskonopko
closed
3 years ago
1
Fix ConnectNamedPipe
#42
amadeuskonopko
closed
4 years ago
0
Improve queries performance: replace 'contains' with 'has'
#41
sloutsky
opened
4 years ago
0
Parse config
#40
akapv
closed
4 years ago
1
added workspace name variable
#39
temores
closed
4 years ago
0
added workspace name variable
#38
temores
closed
4 years ago
0
added workspace name variable
#37
temores
closed
4 years ago
0
Vnet DNS Server missing in Lab
#36
MathiasVandePol
opened
4 years ago
1
build process guid drilldown
#35
netevert
closed
4 years ago
0
build parent process guid drilldown
#34
netevert
closed
4 years ago
0
build pipe name drilldown
#33
netevert
closed
4 years ago
0
build network connection drilldown
#32
netevert
closed
4 years ago
0
build file create drilldown
#31
netevert
closed
4 years ago
0
build user drilldown
#30
netevert
closed
4 years ago
0
build MITRE ATT&CK drilldown
#29
netevert
closed
4 years ago
0
Migrate documentation to wiki
#28
netevert
closed
4 years ago
0
fixing index position on system selections
#27
temores
closed
4 years ago
0
update Sentinel utilities pip library
#26
temores
closed
4 years ago
0
parser does not parse EventID 3
#25
ssi0202
closed
4 years ago
1
alert rules that correlate to Threat Intelligence
#24
ssi0202
opened
4 years ago
0
ProcessCreate is missing a field
#23
qc-gordon
closed
4 years ago
0
Fix OSSEM field name process_command_line
#22
pemontto
closed
4 years ago
0
importing rules with import-azsentinelalertrules does not work
#21
ssi0202
closed
4 years ago
1
cost related to doing the sentinel attack ?
#20
ssi0202
closed
4 years ago
1
Parser/Sysmon missing MITRE attribution details for EventID 22
#19
CyberSecOps
opened
5 years ago
1
Parser incorrectly parses sysmon Event 1 events from process_commandline field onwards
#18
netevert
closed
4 years ago
0
phase_name for all Event ID's is not being captured by Sentinel
#17
netevert
closed
5 years ago
3
Pipe Create Event is not parsed correctly
#16
netevert
closed
5 years ago
0
Workbook and Dashboard errors
#15
CyberSecOps
closed
5 years ago
3
Recalculate ATT&CK coverage and update detection numbers
#14
netevert
opened
5 years ago
0
Add AZSentinel support
#13
netevert
closed
5 years ago
0
update to parse dns events for sysmon v10
#12
ashwin-patil
closed
5 years ago
0
Use workbooks resource inheritance to reduce crossComponentResources duplication in workbook template
#11
netevert
closed
4 years ago
0
Link in hunting workbook README links to jupyter notebooks
#10
netevert
closed
5 years ago
0
I think i can simplify your workbook template?
#9
gardnerjr
closed
4 years ago
2
build computer drill-down workbook
#8
netevert
closed
4 years ago
0
build ATT&CK trigger overview workbook
#7
netevert
closed
5 years ago
0
build white-listing solution
#6
netevert
closed
4 years ago
0
match to windows defender ATP logs as well as sysmon
#5
ssi0202
opened
5 years ago
2
Documentation link in ATT&CK telemetry dashboard points to deleted branch
#4
netevert
closed
5 years ago
0
Next