Path	Lines of Code
Detections/ASimAuthentication/imAuthBruteForce.yaml	75
Detections/ASimAuthentication/imAuthPasswordSpray.yaml	46
Detections/ASimAuthentication/imAuthSigninsMultipleCountries.yaml	69
Detections/ASimAuthentication/imSigninAttemptsByIPviaDisabledAccounts.yaml	54
Detections/ASimDNS/imDNS_Miners.yaml	89
Detections/ASimDNS/imDNS_TorProxies.yaml	77
Detections/ASimDNS/imDns_DomainEntity_DnsEvents.yaml	4
Detections/ASimDNS/imDns_ExcessiveNXDOMAINDNSQueries.yaml	70
Detections/ASimDNS/imDns_HighNXDomainCount_detection.yaml	83
Detections/ASimDNS/imDns_IPEntity_DnsEvents.yaml	4
Detections/ASimFileEvent/SuspiciousAccessOfBECRelatedDocuments.yaml	5
Detections/ASimFileEvent/imFileESolarWindsSunburstSupernova.yaml	31
Detections/ASimNetworkSession/ExcessiveHTTPFailuresFromSource.yaml	4
Detections/ASimNetworkSession/IPEntity_imNetworkSession.yaml	4
Detections/ASimNetworkSession/PortScan.yaml	4
Detections/ASimNetworkSession/PossibleBeaconingActivity.yaml	4
Detections/ASimProcess/NewEXEdeployedviaDefaultDomainorDefaultDomainControllerPolicies(ASIMVersion).yaml	57
Detections/ASimProcess/Potentialre-namedsdeleteusage(ASIMVersion).yaml	24
Detections/ASimProcess/SdeletedeployedviaGPOandrunrecursively(ASIMVersion).yaml	35
Detections/ASimProcess/imFileEvent_Dev-0228FilePathHashesNovember2021(ASIMVersion).yaml	40
Detections/ASimProcess/imProcess_AdFind_Usage.yaml	35
Detections/ASimProcess/imProcess_MidnightBlizzard_SuspiciousRundll32Exec.yaml	29
Detections/ASimProcess/imProcess_SolarWinds_SUNBURST_Process-IOCs.yaml	34
Detections/ASimProcess/imProcess_base64_encoded_pefile.yaml	30
Detections/ASimProcess/imProcess_malware_in_recyclebin.yaml	30
Detections/ASimWebSession/DiscordCDNRiskyFileDownload_ASim.yaml	63
Detections/ASimWebSession/ExcessiveNetworkFailuresFromSource.yaml	62
Detections/ASimWebSession/PossibleDGAContacts.yaml	57
Detections/ASimWebSession/PotentiallyHarmfulFileTypes.yaml	85
Detections/ASimWebSession/UnusualUACryptoMiners.yaml	71
Detections/ASimWebSession/UnusualUAHackTool.yaml	82
Detections/ASimWebSession/UnusualUAPowershell.yaml	76
Detections/AWSCloudTrail/AWS_ChangeToRDSDatabase.yaml	5
Detections/AWSCloudTrail/AWS_ChangeToVPC.yaml	5
Detections/AWSCloudTrail/AWS_ClearStopChangeTrailLogs.yaml	5
Detections/AWSCloudTrail/AWS_ConsoleLogonWithoutMFA.yaml	5
Detections/AWSCloudTrail/AWS_CredentialHijack.yaml	5
Detections/AWSCloudTrail/AWS_FullAdminPolicyAttachedToRolesUsersGroups.yaml	5
Detections/AWSCloudTrail/AWS_IngressEgressSecurityGroupChange.yaml	5
Detections/AWSCloudTrail/AWS_LoadBalancerSecGroupChange.yaml	5
Detections/AWSCloudTrail/NRT_AWS_ConsoleLogonWithoutMFA.yaml	5
Detections/AWSCloudTrail/SuspiciousAccessOfBECRelatedDocumentsInAWSS3Buckets.yaml	5
Detections/AWSGuardDuty/AWS_GuardDuty_template.yaml	4
Detections/Anomalies/SignInAnomaly.yaml	63
Detections/Anomalies/UnusualAnomaly.yaml	45
Detections/AuditLogs/ADFSDomainTrustMods.yaml	5
Detections/AuditLogs/AccountCreatedDeletedByNonApprovedUser.yaml	5
Detections/AuditLogs/AccountCreatedandDeletedinShortTimeframe.yaml	5
Detections/AuditLogs/AccountElevatedtoNewRole.yaml	5
Detections/AuditLogs/AdditionofaTemporaryAccessPasstoaPrivilegedAccount.yaml	82
Detections/AuditLogs/AdminPromoAfterRoleMgmtAppPermissionGrant.yaml	5
Detections/AuditLogs/ApplicationIDURIChanged.yaml	77
Detections/AuditLogs/ApplicationRedirectURLUpdate.yaml	86
Detections/AuditLogs/AuthenticationMethodChangedforPrivilegedAccount.yaml	5
Detections/AuditLogs/AzureADRoleManagementPermissionGrant.yaml	5
Detections/AuditLogs/BulkChangestoPrivilegedAccountPermissions.yaml	5
Detections/AuditLogs/ChangestoApplicationLogoutURL.yaml	77
Detections/AuditLogs/ChangestoApplicationOwnership.yaml	78
Detections/AuditLogs/ChangestoPIMSettings.yaml	58
Detections/AuditLogs/ConditionalAccessPolicyModifiedbyNewUser.yaml	79
Detections/AuditLogs/CredentialAddedAfterAdminConsent.yaml	5
Detections/AuditLogs/Cross-tenantAccessSettingsOrganizationAdded.yaml	6
Detections/AuditLogs/Cross-tenantAccessSettingsOrganizationDeleted.yaml	6
Detections/AuditLogs/Cross-tenantAccessSettingsOrganizationInboundCollaborationSettingsChanged.yaml	6
Detections/AuditLogs/Cross-tenantAccessSettingsOrganizationInboundDirectSettingsChanged.yaml	6
Detections/AuditLogs/Cross-tenantAccessSettingsOrganizationOutboundCollaborationSettingsChanged.yaml	6
Detections/AuditLogs/Cross-tenantAccessSettingsOrganizationOutboundDirectSettingsChanged.yaml	6
Detections/AuditLogs/End-userconsentstoppedduetorisk-basedconsent.yaml	76
Detections/AuditLogs/FirstAppOrServicePrincipalCredential.yaml	5
Detections/AuditLogs/GuestAccountsAddedinAADGroupsOtherThanTheOnesSpecified.yaml	6
Detections/AuditLogs/GuestUsersInvitedtoTenantbyNewInviters.yaml	84
Detections/AuditLogs/MailPermissionsAddedToApplication.yaml	5
Detections/AuditLogs/MaliciousOAuthApp_O365AttackToolkit.yaml	5
Detections/AuditLogs/MaliciousOAuthApp_PwnAuth.yaml	5
Detections/AuditLogs/MultipleAdmin_membership_removals_from_NewAdmin.yaml	5
Detections/AuditLogs/NRT_ADFSDomainTrustMods.yaml	5
Detections/AuditLogs/NRT_AuthenticationMethodsChangedforVIPUsers.yaml	6
Detections/AuditLogs/NRT_NewAppOrServicePrincipalCredential.yaml	5
Detections/AuditLogs/NRT_PIMElevationRequestRejected.yaml	5
Detections/AuditLogs/NRT_PrivlegedRoleAssignedOutsidePIM.yaml	5
Detections/AuditLogs/NRT_UseraddedtoPrivilgedGroups.yaml	5
Detections/AuditLogs/NewAppOrServicePrincipalCredential.yaml	5
Detections/AuditLogs/NewExtUserGrantedAdmin.yaml	5
Detections/AuditLogs/PIMElevationRequestRejected.yaml	5
Detections/AuditLogs/PrivilegedAccountPermissionsChanged.yaml	5
Detections/AuditLogs/PrivlegedRoleAssignedOutsidePIM.yaml	5
Detections/AuditLogs/RareApplicationConsent.yaml	5
Detections/AuditLogs/ServicePrincipalAssignedAppRoleWithSensitiveAccess.yaml	93
Detections/AuditLogs/ServicePrincipalAssignedPrivilegedRole.yaml	84
Detections/AuditLogs/SuspiciousLinkingofExternalIdtoExistingUsers.yaml	82
Detections/AuditLogs/SuspiciousOAuthApp_OfflineAccess.yaml	5
Detections/AuditLogs/SuspiciousServicePrincipalcreationactivity.yaml	5
Detections/AuditLogs/URLAddedtoApplicationfromUnknownDomain.yaml	101
Detections/AuditLogs/UserAccountCreatedUsingIncorrectNamingFormat.yaml	82
Detections/AuditLogs/UserAddedtoAdminRole.yaml	5
Detections/AuditLogs/UserAssignedPrivilegedRole.yaml	5
Detections/AuditLogs/UserStatechangedfromGuesttoMember.yaml	82
Detections/AuditLogs/Useraccountcreatedwithoutexpectedattributesdefined.yaml	95
Detections/AuditLogs/UseraddedtoPrivilgedGroups.yaml	5
Detections/AuditLogs/nrt_FirstAppOrServicePrincipalCredential.yaml	6
Detections/AzureActivity/AADHybridHealthADFSNewServer.yaml	4
Detections/AzureActivity/AADHybridHealthADFSServiceDelete.yaml	4
Detections/AzureActivity/AADHybridHealthADFSSuspApp.yaml	4
Detections/AzureActivity/AzDiagSettingsDeleted.yaml	67
Detections/AzureActivity/Creating_Anomalous_Number_Of_Resources_detection.yaml	4
Detections/AzureActivity/Creation_of_Expensive_Computes_in_Azure.yaml	4
Detections/AzureActivity/Granting_Permissions_To_Account_detection.yaml	4
Detections/AzureActivity/NRT-AADHybridHealthADFSNewServer.yaml	4
Detections/AzureActivity/NRT_Creation_of_Expensive_Computes_in_Azure.yaml	4
Detections/AzureActivity/New-CloudShell-User.yaml	4
Detections/AzureActivity/NewResourceGroupsDeployedTo.yaml	4
Detections/AzureActivity/RareOperations.yaml	4
Detections/AzureActivity/RareRunCommandPowerShellScript.yaml	80
Detections/AzureActivity/TimeSeriesAnomaly_Mass_Cloud_Resource_Deletions.yaml	4
Detections/AzureAppServices/AVScan_Failure.yaml	31
Detections/AzureAppServices/AVScan_Infected_Files_Found.yaml	31
Detections/AzureDevOpsAuditing/ADOAgentPoolCreatedDeleted.yaml	4
Detections/AzureDevOpsAuditing/ADOAuditStreamDisabled.yaml	4
Detections/AzureDevOpsAuditing/ADONewExtensionAdded.yaml	4
Detections/AzureDevOpsAuditing/ADOPATUsedWithBrowser.yaml	4
Detections/AzureDevOpsAuditing/ADOPipelineModifiedbyNewUser.yaml	4
Detections/AzureDevOpsAuditing/ADORetentionReduced.yaml	4
Detections/AzureDevOpsAuditing/ADOSecretNotSecured.yaml	4
Detections/AzureDevOpsAuditing/ADOVariableModifiedByNewUser.yaml	4
Detections/AzureDevOpsAuditing/AzDOAdminGroupAdditions.yaml	4
Detections/AzureDevOpsAuditing/AzDOHistoricPrPolicyBypassing.yaml	4
Detections/AzureDevOpsAuditing/AzDOHistoricServiceConnectionAdds.yaml	4
Detections/AzureDevOpsAuditing/AzDOPatSessionMisuse.yaml	4
Detections/AzureDevOpsAuditing/AzDOPipelineCreatedDeletedOneDay.yaml	4
Detections/AzureDevOpsAuditing/AzDOServiceConnectionUsage.yaml	4
Detections/AzureDevOpsAuditing/ExternalUpstreamSourceAddedtoAzureDevOpsFeed.yaml	4
Detections/AzureDevOpsAuditing/NRT_ADOAuditStreamDisabled.yaml	4
Detections/AzureDevOpsAuditing/NewAgentAddedToPoolbyNewUserorofNewOS.yaml	4
Detections/AzureDevOpsAuditing/NewPAPCAPCASaddedtoADO.yaml	4
Detections/AzureDiagnostics/AzureWAFmatching_log4j_vuln.yaml	5
Detections/AzureDiagnostics/KeyVaultSensitiveOperations.yaml	5
Detections/AzureDiagnostics/KeyvaultMassSecretRetrieval.yaml	5
Detections/AzureDiagnostics/MaliciousWAFSessions.yaml	5
Detections/AzureDiagnostics/NRT_KeyVaultSensitiveOperations.yaml	5
Detections/AzureDiagnostics/TimeSeriesKeyvaultAccessAnomaly.yaml	5
Detections/AzureFirewall/SeveralDenyActionsRegistered.yaml	5
Detections/AzureWAF/AFD-Premium-WAF-SQLiDetection.yaml	4
Detections/AzureWAF/AFD-Premium-WAF-XSSDetection.yaml	4
Detections/AzureWAF/AppGwWAF-SQLiDetection.yaml	62
Detections/AzureWAF/AppGwWAF-XSSDetection.yaml	59
Detections/BehaviorAnalytics/SuspiciousSigninByAADConnectAccount.yaml	66
Detections/CiscoUmbrella/CiscoUmbrellaConnectionNon-CorporatePrivateNetwork.yaml	35
Detections/CiscoUmbrella/CiscoUmbrellaConnectionToUnpopularWebsiteDetected.yaml	43
Detections/CiscoUmbrella/CiscoUmbrellaCryptoMinerUserAgentDetected.yaml	34
Detections/CiscoUmbrella/CiscoUmbrellaEmptyUserAgentDetected.yaml	34
Detections/CiscoUmbrella/CiscoUmbrellaHackToolUserAgentDetected.yaml	82
Detections/CiscoUmbrella/CiscoUmbrellaPowershellUserAgentDetected.yaml	35
Detections/CiscoUmbrella/CiscoUmbrellaRareUserAgentDetected.yaml	40
Detections/CiscoUmbrella/CiscoUmbrellaRequestAllowedHarmfulMaliciousURICategory.yaml	52
Detections/CiscoUmbrella/CiscoUmbrellaRequestBlocklistedFileType.yaml	37
Detections/CiscoUmbrella/CiscoUmbrellaURIContainsIPAddress.yaml	34
Detections/CommonSecurityLog/CiscoASA-AvgAttackDetectRateIncrease.yaml	5
Detections/CommonSecurityLog/CiscoASA-ThreatDetectionMessage.yaml	5
Detections/CommonSecurityLog/CreepyDriveRequestSequence.yaml	59
Detections/CommonSecurityLog/CreepyDriveURLs.yaml	56
Detections/CommonSecurityLog/CreepySnailURLParameters.yaml	65
Detections/CommonSecurityLog/Fortinet-NetworkBeaconPattern.yaml	85
Detections/CommonSecurityLog/MultiVendor-PossibleDGAContacts.yaml	132
Detections/CommonSecurityLog/PaloAlto-NetworkBeaconing.yaml	5
Detections/CommonSecurityLog/PaloAlto-PortScanning.yaml	5
Detections/CommonSecurityLog/PaloAlto-UnusualThreatSignatures.yaml	5
Detections/CommonSecurityLog/TimeSeriesAnomaly-MultiVendor_NetworkTraffic.yaml	92
Detections/CommonSecurityLog/Wazuh-Large_Number_of_Web_errors_from_an_IP.yaml	44
Detections/DeviceEvents/SolarWinds_TEARDROP_Process-IOCs.yaml	5
Detections/DeviceFileEvents/PEfiledroppedinColorDriversFolder.yaml	46
Detections/DeviceFileEvents/SolarWinds_SUNBURST_&_SUPERNOVA_File-IOCs.yaml	5
Detections/DeviceNetworkEvents/SolarWinds_SUNBURST_Network-IOCs.yaml	5
Detections/DeviceProcessEvents/AdFind_Usage.yaml	5
Detections/DeviceProcessEvents/SolarWinds_SUNBURST_Process-IOCs.yaml	61
Detections/DnsEvents/DNS_HighNXDomainCount_detection.yaml	5
Detections/DnsEvents/DNS_HighReverseDNSCount_detection.yaml	5
Detections/DnsEvents/DNS_Miners.yaml	5
Detections/DnsEvents/DNS_TorProxies.yaml	5
Detections/DnsEvents/NRT_DNS_Related_To_Mining_Pools.yaml	5
Detections/DuoSecurity/IPEntity_DuoSecurity.yaml	5
Detections/DuoSecurity/TrustMonitorEvent.yaml	44
Detections/GitHub/(Preview) GitHub - Activities from Infrequent Country.yaml	5
Detections/GitHub/(Preview) GitHub - Two Factor Authentication Disabled in GitHub.yaml	5
Detections/GitHub/NRT Two Factor Authentication Disabled.yaml	6
Detections/GitHub/Security Vulnerability in Repo.yaml	6
Detections/GitHub/Threat Intel Matches to GitHub Audit Logs.yaml	4
Detections/Heartbeat/MissingDCHearbeat.yaml	48
Detections/Heartbeat/OMI_vulnerability_detection.yaml	56
Detections/LAQueryLogs/UserSearchingForVIPUserActivity.yaml	50
Detections/MultipleDataSources/AADAWSConsoleCorrelation.yaml	84
Detections/MultipleDataSources/AADHostLoginCorrelation.yaml	128
Detections/MultipleDataSources/AAD_PAVPN_Correlation.yaml	86
Detections/MultipleDataSources/ADFS-DKM-MasterKey-Export.yaml	98
Detections/MultipleDataSources/AWSConsoleAADCorrelation.yaml	69
Detections/MultipleDataSources/Accountcreatedfromnon-approvedsources.yaml	103
Detections/MultipleDataSources/AdditionalFilesUploadedByActor.yaml	5
Detections/MultipleDataSources/AnomalousIPUsageFollowedByTeamsAction.yaml	128
Detections/MultipleDataSources/AquaBlizzardFeb2022.yaml	5
Detections/MultipleDataSources/AuditPolicyManipulation_using_auditpol.yaml	79
Detections/MultipleDataSources/AuthenticationMethodsChangedforPrivilegedAccount.yaml	5
Detections/MultipleDataSources/B64IPInURLFromMDE.yaml	72
Detections/MultipleDataSources/B64UserInWebURIFromMDE.yaml	79
Detections/MultipleDataSources/BariumDomainIOC112020.yaml	5
Detections/MultipleDataSources/BariumIPIOC112020.yaml	5
Detections/MultipleDataSources/BrutforceAttemptOnAzurePortalAndAWSConsolAtSameTime.yaml	3
Detections/MultipleDataSources/COMRegistryKeyModifiedtoPointtoFileinColorDrivers.yaml	74
Detections/MultipleDataSources/CadetBlizzard_Jan2022_IOC.yaml	5
Detections/MultipleDataSources/CaramelTsunami_IOC.yaml	5
Detections/MultipleDataSources/ChiaCryptoMining.yaml	5
Detections/MultipleDataSources/Cross-CloudSuspiciousComputeResourcecreationinGCP.yaml	3
Detections/MultipleDataSources/CrossCloudSuspiciousUserActivityObservedInGCPEnvourment.yaml	3
Detections/MultipleDataSources/CrossCloudUnauthorizedCredentialsAccessDetection.yaml	3
Detections/MultipleDataSources/DEV-0322_SolarWinds_Serv-U_IOC.yaml	5
Detections/MultipleDataSources/DenimTsunamiAVDetection.yaml	5
Detections/MultipleDataSources/DenimTsunamiC2DomainsJuly2022.yaml	5
Detections/MultipleDataSources/DenimTsunamiFileHashesJuly2022.yaml	5
Detections/MultipleDataSources/Dev-0228FilePathHashesNovember2021.yaml	77
Detections/MultipleDataSources/Dev-0270NewUserSep2022.yaml	4
Detections/MultipleDataSources/Dev-0270PowershellSep2022.yaml	5
Detections/MultipleDataSources/Dev-0270RegistryIOCSep2022.yaml	5
Detections/MultipleDataSources/Dev-0270WMICDiscoverySep2022.yaml	5
Detections/MultipleDataSources/Dev-0530_FileExtRename.yaml	60
Detections/MultipleDataSources/Dev-0530_July2022.yaml	5
Detections/MultipleDataSources/DiamondSleetJan272021IOCs.yaml	5
Detections/MultipleDataSources/DiamondSleetOct292020IOCs.yaml	5
Detections/MultipleDataSources/DisabledAccIPSigninWithRareRiskyOps.yaml	115
Detections/MultipleDataSources/EUROPIUM _September2022.yaml	159
Detections/MultipleDataSources/EmailAccessviaActiveSync.yaml	88
Detections/MultipleDataSources/EmeraldSleetIOCs.yaml	5
Detections/MultipleDataSources/EuropiumUnusualIdentity.yaml	67
Detections/MultipleDataSources/ExchangeServerVulnerabilitiesMarch2021IoCs.yaml	5
Detections/MultipleDataSources/ExchangeWorkerProcessMakingRemoteCall.yaml	70
Detections/MultipleDataSources/ForestBlizzardJuly2019IOCs.yaml	142
Detections/MultipleDataSources/ForestBlizzardOct292020IOCs.yaml	5
Detections/MultipleDataSources/GainCodeExecutionADFSviaWMI.yaml	171
Detections/MultipleDataSources/GraniteTyphoonIOCs.yaml	5
Detections/MultipleDataSources/HiveRansomwareJuly2022.yaml	5
Detections/MultipleDataSources/HostAADCorrelation.yaml	102
Detections/MultipleDataSources/KnownMintSandstormDomainsIP-October2020.yaml	5
Detections/MultipleDataSources/Log4J_IPIOC_Dec112021.yaml	5
Detections/MultipleDataSources/MFADisable.yaml	5
Detections/MultipleDataSources/MSHTMLVuln.yaml	5
Detections/MultipleDataSources/MailBoxTampering.yaml	89
Detections/MultipleDataSources/MalformedUserAgents.yaml	109
Detections/MultipleDataSources/Manganese_VPN-IOCs.yaml	5
Detections/MultipleDataSources/Mercury_Log4j_August2022.yaml	244
Detections/MultipleDataSources/MidnightBlizzard_DomainIOCsMarch2021.yaml	5
Detections/MultipleDataSources/MidnightBlizzard_FoggyWeb.yaml	5
Detections/MultipleDataSources/MidnightBlizzard_IOCsMay2021.yaml	5
Detections/MultipleDataSources/MultiplePasswordresetsbyUser.yaml	136
Detections/MultipleDataSources/NetworkEndpointCorrelation.yaml	5
Detections/MultipleDataSources/NewUserAgentLast24h.yaml	5
Detections/MultipleDataSources/NylonTyphoonIOCsNov2021.yaml	5
Detections/MultipleDataSources/PHOSPHORUSMarch2019IOCs.yaml	5
Detections/MultipleDataSources/PhishinglinkExecutionObserved.yaml	112
Detections/MultipleDataSources/PlaidRainIPIoC.yaml	5
Detections/MultipleDataSources/PotentialBuildProcessCompromiseMDE.yaml	5
Detections/MultipleDataSources/PotentialFodhelperUACBypass(ASIMVersion).yaml	47
Detections/MultipleDataSources/PotentialMercury_Webshell.yaml	6
Detections/MultipleDataSources/PrestigeRansomwareIOCsOct22.yaml	124
Detections/MultipleDataSources/PrivilegedAccountsSigninFailureSpikes.yaml	5
Detections/MultipleDataSources/RiskyUserIn3Pnetworkactivity.yaml	98
Detections/MultipleDataSources/RubySleetOct292020IOCs.yaml	5
Detections/MultipleDataSources/RunCommandUEBABreach.yaml	79
Detections/MultipleDataSources/SUNSPOTHashes.yaml	5
Detections/MultipleDataSources/SUNSPOTLogFile.yaml	5
Detections/MultipleDataSources/SeashellBlizzardIOCs.yaml	5
Detections/MultipleDataSources/SecurityServiceRegistryACLModification.yaml	142
Detections/MultipleDataSources/SigninFirewallCorrelation.yaml	67
Detections/MultipleDataSources/SilkTyphoonUmServiceSuspiciousFile.yaml	5
Detections/MultipleDataSources/Solorigate-Network-Beacon.yaml	5
Detections/MultipleDataSources/Solorigate-VM-Network.yaml	5
Detections/MultipleDataSources/StarBlizzardDomainsAugust2022.yaml	117
Detections/MultipleDataSources/SuccessfulAWSConsoleLoginfromIPAddressObservedConductingPasswordSpray.yaml	3
Detections/MultipleDataSources/SucessfullSiginFromPhingLink.yaml	138
Detections/MultipleDataSources/SuspiciousAWSConsolLoginByCredentialAceessAlerts.yaml	3
Detections/MultipleDataSources/SuspiciousLoginfromDeletedExternalIdentities.yaml	74
Detections/MultipleDataSources/SuspiciousModificationofGlobalAdminProperties.yaml	88
Detections/MultipleDataSources/SuspiciousVMInstanceCreationActivity.yaml	141
Detections/MultipleDataSources/TarraskHashIoC.yaml	5
Detections/MultipleDataSources/TimeSeriesAnomaly-MultiVendor_DataExfiltration.yaml	123
Detections/MultipleDataSources/Unauthorized_user_access_across_AWS_and_Azure.yaml	3
Detections/MultipleDataSources/UnusualGuestActivity.yaml	5
Detections/MultipleDataSources/UserAgentSearch_log4j.yaml	5
Detections/MultipleDataSources/UserImpersonateByAAID.yaml	3
Detections/MultipleDataSources/UserImpersonateByRiskyUser.yaml	3
Detections/MultipleDataSources/WSLMalwareCorrelation.yaml	5
Detections/MultipleDataSources/ZincOctober2022_AVHits_IOC.yaml	5
Detections/MultipleDataSources/ZincOctober2022_Filename_Commandline_IOC.yaml	5
Detections/MultipleDataSources/ZincOctober2022_IP_Domain_Hash_IOC.yaml	5
Detections/MultipleDataSources/powershell_MangoSandstorm.yaml	79
Detections/OfficeActivity/BEC_MailboxRule.yaml	5
Detections/OfficeActivity/External User added to Team and immediately uploads file.yaml	5
Detections/OfficeActivity/ExternalUserAddedRemovedInTeams.yaml	5
Detections/OfficeActivity/ForestBlizzardCredHarvesting.yaml	5
Detections/OfficeActivity/MailItemsAccessedTimeSeries.yaml	5
Detections/OfficeActivity/Mail_redirect_via_ExO_transport_rule.yaml	5
Detections/OfficeActivity/Malicious_Inbox_Rule.yaml	5
Detections/OfficeActivity/MultipleTeamsDeletes.yaml	5
Detections/OfficeActivity/NRT_Malicious_Inbox_Rule.yaml	32
Detections/OfficeActivity/NRT_Office_MailForwarding.yaml	54
Detections/OfficeActivity/Office_MailForwarding.yaml	5
Detections/OfficeActivity/Office_Uploaded_Executables.yaml	5
Detections/OfficeActivity/RareOfficeOperations.yaml	5
Detections/OfficeActivity/SharePoint_Downloads_byNewIP.yaml	5
Detections/OfficeActivity/SharePoint_Downloads_byNewUserAgent.yaml	5
Detections/OfficeActivity/exchange_auditlogdisabled.yaml	5
Detections/OfficeActivity/office_policytampering.yaml	5
Detections/ProofpointPOD/ProofpointPODBinaryInAttachment.yaml	4
Detections/ProofpointPOD/ProofpointPODDataExfiltrationToPrivateEmail.yaml	4
Detections/ProofpointPOD/ProofpointPODEmailSenderIPinTIList.yaml	6
Detections/ProofpointPOD/ProofpointPODEmailSenderInTIList.yaml	6
Detections/ProofpointPOD/ProofpointPODHighRiskNotDiscarded.yaml	4
Detections/ProofpointPOD/ProofpointPODMultipleArchivedAttachmentsToSameRecipient.yaml	4
Detections/ProofpointPOD/ProofpointPODMultipleLargeEmailsToSameRecipient.yaml	4
Detections/ProofpointPOD/ProofpointPODMultipleProtectedEmailsToUnknownRecipient.yaml	4
Detections/ProofpointPOD/ProofpointPODSuspiciousAttachment.yaml	4
Detections/ProofpointPOD/ProofpointPODWeakCiphers.yaml	4
Detections/PulseConnectSecure/PulseConnectSecureVPN-CVE_2021_22893_Exploit.yaml	39
Detections/QualysVM/HighNumberofVulnDetected.yaml	5
Detections/QualysVM/NewHighSeverityVulnDetectedAcrossMulitpleHosts.yaml	5
Detections/QualysVMV2/HighNumberofVulnDetectedV2.yaml	5
Detections/QualysVMV2/NewHighSeverityVulnDetectedAcrossMulitpleHostsV2.yaml	5
Detections/SecurityAlert/AVSpringShell.yaml	5
Detections/SecurityAlert/AVTarrask.yaml	5
Detections/SecurityAlert/AVdetectionsrelatedtoUkrainebasedthreats.yaml	5
Detections/SecurityAlert/AquaBlizzardAVHits.yaml	5
Detections/SecurityAlert/CoreBackupDeletionwithSecurityAlert.yaml	4
Detections/SecurityAlert/CorrelateIPC_Unfamiliar-Atypical.yaml	5
Detections/SecurityAlert/DetectPIMAlertDisablingActivity.yaml	61
Detections/SecurityAlert/Dev-0530AVHits.yaml	59
Detections/SecurityAlert/EuropiumAVHits.yaml	60
Detections/SecurityAlert/HiveRansomwareAVHits.yaml	59
Detections/SecurityAlert/MDE_hitsforADFandAzureSynapsePipelines.yaml	61
Detections/SecurityAlert/Massdownload_USBFileCopy.yaml	131
Detections/SecurityAlert/Solorigate-Defender-Detections.yaml	60
Detections/SecurityAlert/Suspicious_WorkSpaceDeletion_Attempt.yaml	90
Detections/SecurityEvent/AADHealthMonAgentRegKeyAccess.yaml	139
Detections/SecurityEvent/AADHealthSvcAgentRegKeyAccess.yaml	137
Detections/SecurityEvent/ADFSAbnormalEnhancedKeyUsageAttribute-OID.yaml	72
Detections/SecurityEvent/ADFSDBNamedPipeConnection.yaml	5
Detections/SecurityEvent/ADFSRemoteAuthSyncConnection.yaml	5
Detections/SecurityEvent/ADFSRemoteHTTPNetworkConnection.yaml	5
Detections/SecurityEvent/AccessibilityFeaturesModification.yaml	74
Detections/SecurityEvent/AdminSDHolder_Modifications.yaml	56
Detections/SecurityEvent/COMEventSystemLoadingNewDLL.yaml	117
Detections/SecurityEvent/CredentialDumpingServiceInstallation.yaml	5
Detections/SecurityEvent/CredentialDumpingToolsFileArtifacts.yaml	5
Detections/SecurityEvent/DSRMAccountAbuse.yaml	72
Detections/SecurityEvent/DumpingLSASSProcessIntoaFile.yaml	5
Detections/SecurityEvent/ExcessiveLogonFailures.yaml	5
Detections/SecurityEvent/ExchangeOABVirtualDirectoryAttributeContainingPotentialWebshell.yaml	5
Detections/SecurityEvent/FakeComputerAccountCreated.yaml	71
Detections/SecurityEvent/GainCodeExecutionADFSViaSMB.yaml	5
Detections/SecurityEvent/GroupCreatedAddedToPrivlegeGroup_1h.yaml	150
Detections/SecurityEvent/LateralMovementViaDCOM.yaml	5
Detections/SecurityEvent/LocalDeviceJoinInfoAndTransportKeyRegKeysAccess.yaml	5
Detections/SecurityEvent/MacroInvokingShellBrowserWindowCOMObjects.yaml	5
Detections/SecurityEvent/MidnightBlizzard_SuspiciousRundll32Exec.yaml	84
Detections/SecurityEvent/MidnightBlizzard_SuspiciousScriptRegistryWrite.yaml	91
Detections/SecurityEvent/MultipleFailedFollowedBySuccess.yaml	5
Detections/SecurityEvent/NRT_SecurityEventLogCleared.yaml	5
Detections/SecurityEvent/NRT_base64_encoded_pefile.yaml	5
Detections/SecurityEvent/NRT_execute_base64_decodedpayload.yaml	5
Detections/SecurityEvent/NewEXEdeployedviaDefaultDomainorDefaultDomainControllerPolicies.yaml	5
Detections/SecurityEvent/NonDCActiveDirectoryReplication.yaml	5
Detections/SecurityEvent/PotenialResourceBasedConstrainedDelegationAbuse.yaml	62
Detections/SecurityEvent/PotentialBuildProcessCompromise.yaml	121
Detections/SecurityEvent/PotentialFodhelperUACBypass.yaml	5
Detections/SecurityEvent/PotentialKerberoast.yaml	118
Detections/SecurityEvent/PotentialRemoteDesktopTunneling.yaml	5
Detections/SecurityEvent/Potentialre-namedsdeleteusage.yaml	5
Detections/SecurityEvent/RDP_MultipleConnectionsFromSingleSystem.yaml	96
Detections/SecurityEvent/RDP_Nesting.yaml	159
Detections/SecurityEvent/RDP_RareConnection.yaml	103
Detections/SecurityEvent/RegistryPersistenceViaAppCertDLLModification.yaml	5
Detections/SecurityEvent/RegistryPersistenceViaAppInt_DLLsModification.yaml	5
Detections/SecurityEvent/ScheduleTaskHide.yaml	5
Detections/SecurityEvent/SdeletedeployedviaGPOandrunrecursively.yaml	5
Detections/SecurityEvent/SecurityEventLogCleared.yaml	5
Detections/SecurityEvent/SilkTyphoonNewUMServiceChildProcess.yaml	95
Detections/SecurityEvent/SilkTyphoonSuspiciousUMServiceError.yaml	45
Detections/SecurityEvent/SolorigateNamedPipe.yaml	95
Detections/SecurityEvent/StartStopHealthService.yaml	5
Detections/SecurityEvent/TimeSeriesAnomaly-ProcessExecutions.yaml	5
Detections/SecurityEvent/UserAccountAdd-Removed.yaml	129
Detections/SecurityEvent/UserAccountAddedToPrivlegeGroup_1h.yaml	112
Detections/SecurityEvent/UserAccountCreatedDeleted_10m.yaml	148
Detections/SecurityEvent/UserAccountEnabledDisabled_10m.yaml	149
Detections/SecurityEvent/UserCreatedAddedToBuiltinAdmins_1d.yaml	141
Detections/SecurityEvent/UserPrincipalNameAssignedToUserAccount.yaml	63
Detections/SecurityEvent/WDigestDowngradeAttack.yaml	5
Detections/SecurityEvent/WindowsBinariesExecutedfromNon-DefaultDirectory.yaml	5
Detections/SecurityEvent/WindowsBinariesLolbinsRenamed.yaml	5
Detections/SecurityEvent/base64_encoded_pefile.yaml	5
Detections/SecurityEvent/execute_base64_decodedpayload.yaml	5
Detections/SecurityEvent/gte_6_FailedLogons_10m.yaml	140
Detections/SecurityEvent/malware_in_recyclebin.yaml	5
Detections/SecurityEvent/password_never_expires.yaml	107
Detections/SecurityEvent/password_not_set.yaml	5
Detections/SecurityEvent/powershell_empire.yaml	5
Detections/SecurityNestedRecommendation/Log4jVulnerableMachines.yaml	5
Detections/SecurityNestedRecommendation/OMIGODVulnerableMachines.yaml	50
Detections/SigninLogs/ADFSSignInLogsPasswordSpray.yaml	5
Detections/SigninLogs/AnomalousSingleFactorSignin.yaml	73
Detections/SigninLogs/AnomalousUserAppSigninLocationIncrease-detection.yaml	5
Detections/SigninLogs/AuthenticationAttemptfromNewCountry.yaml	107
Detections/SigninLogs/AuthenticationsofPrivilegedAccountsOutsideofExpectedControls.yaml	69
Detections/SigninLogs/AzureAADPowerShellAnomaly.yaml	5
Detections/SigninLogs/AzurePortalSigninfromanotherAzureTenant.yaml	5
Detections/SigninLogs/Brute Force Attack against GitHub Account.yaml	5
Detections/SigninLogs/BruteForceCloudPC.yaml	5
Detections/SigninLogs/BypassCondAccessRule.yaml	5
Detections/SigninLogs/DisabledAccountSigninsAcrossManyApplications.yaml	5
Detections/SigninLogs/DistribPassCrackAttempt.yaml	5
Detections/SigninLogs/ExplicitMFADeny.yaml	5
Detections/SigninLogs/FailedLogonToAzurePortal.yaml	5
Detections/SigninLogs/MFARejectedbyUser.yaml	5
Detections/SigninLogs/NRT_MFARejectedbyUser.yaml	5
Detections/SigninLogs/NewCountryValidCreds.yaml	80
Detections/SigninLogs/PrivilegedUserLogonfromnewASN.yaml	66
Detections/SigninLogs/SeamlessSSOPasswordSpray.yaml	5
Detections/SigninLogs/ServicePrincipalAuthenticationAttemptfromNewCountry.yaml	53
Detections/SigninLogs/Sign-in Burst from Multiple Locations.yaml	5
Detections/SigninLogs/SigninAttemptsByIPviaDisabledAccounts.yaml	5
Detections/SigninLogs/SigninBruteForce-AzurePortal.yaml	5
Detections/SigninLogs/SigninPasswordSpray.yaml	5
Detections/SigninLogs/SuccessThenFail_DiffIP_SameUserandApp.yaml	5
Detections/SigninLogs/UserAccounts-CABlockedSigninSpikes.yaml	5
Detections/Syslog/FailedLogonAttempts_UnknownUser.yaml	5
Detections/Syslog/NRT_squid_events_for_mining_pools.yaml	5
Detections/Syslog/squid_cryptomining_pools.yaml	5
Detections/Syslog/squid_tor_proxies.yaml	5
Detections/Syslog/ssh_potentialBruteForce.yaml	5
Detections/ThreatIntelligenceIndicator/DomainEntity_CommonSecurityLog.yaml	5
Detections/ThreatIntelligenceIndicator/DomainEntity_DnsEvents.yaml	5
Detections/ThreatIntelligenceIndicator/DomainEntity_PaloAlto.yaml	5
Detections/ThreatIntelligenceIndicator/DomainEntity_SecurityAlert.yaml	5
Detections/ThreatIntelligenceIndicator/DomainEntity_Syslog.yaml	5
Detections/ThreatIntelligenceIndicator/DomainEntity_imWebSession.yaml	5
Detections/ThreatIntelligenceIndicator/EmailEntity_AzureActivity.yaml	5
Detections/ThreatIntelligenceIndicator/EmailEntity_OfficeActivity.yaml	5
Detections/ThreatIntelligenceIndicator/EmailEntity_PaloAlto.yaml	5
Detections/ThreatIntelligenceIndicator/EmailEntity_SecurityAlert.yaml	5
Detections/ThreatIntelligenceIndicator/EmailEntity_SecurityEvent.yaml	5
Detections/ThreatIntelligenceIndicator/EmailEntity_SigninLogs.yaml	5
Detections/ThreatIntelligenceIndicator/FileHashEntity_CommonSecurityLog.yaml	5
Detections/ThreatIntelligenceIndicator/FileHashEntity_SecurityEvent.yaml	5
Detections/ThreatIntelligenceIndicator/IPEntity_AWSCloudTrail.yaml	5
Detections/ThreatIntelligenceIndicator/IPEntity_AppServiceHTTPLogs.yaml	5
Detections/ThreatIntelligenceIndicator/IPEntity_AzureActivity.yaml	5
Detections/ThreatIntelligenceIndicator/IPEntity_AzureFirewall.yaml	5
Detections/ThreatIntelligenceIndicator/IPEntity_AzureKeyVault.yaml	5
Detections/ThreatIntelligenceIndicator/IPEntity_AzureNetworkAnalytics.yaml	5
Detections/ThreatIntelligenceIndicator/IPEntity_AzureSQL.yaml	5
Detections/ThreatIntelligenceIndicator/IPEntity_CustomSecurityLog.yaml	5
Detections/ThreatIntelligenceIndicator/IPEntity_DnsEvents.yaml	5
Detections/ThreatIntelligenceIndicator/IPEntity_OfficeActivity.yaml	5
Detections/ThreatIntelligenceIndicator/IPEntity_VMConnection.yaml	5
Detections/ThreatIntelligenceIndicator/IPEntity_W3CIISLog.yaml	5
Detections/ThreatIntelligenceIndicator/IPEntity_imWebSession.yaml	5
Detections/ThreatIntelligenceIndicator/IPentity_SigninLogs.yaml	5
Detections/ThreatIntelligenceIndicator/URLEntity_AuditLogs.yaml	5
Detections/ThreatIntelligenceIndicator/URLEntity_OfficeActivity.yaml	5
Detections/ThreatIntelligenceIndicator/URLEntity_PaloAlto.yaml	5
Detections/ThreatIntelligenceIndicator/URLEntity_SecurityAlerts.yaml	5
Detections/ThreatIntelligenceIndicator/URLEntity_Syslog.yaml	5
Detections/W3CIISLog/AnomomlousUserAgentConnection.yaml	63
Detections/W3CIISLog/HighFailedLogonCountByClientIP.yaml	92
Detections/W3CIISLog/HighFailedLogonCountByUser.yaml	99
Detections/W3CIISLog/HighPortCountByClientIP.yaml	80
Detections/W3CIISLog/MaliciousAlertLinkedWebRequests.yaml	6
Detections/W3CIISLog/ProxyShellPwn2Own.yaml	65
Detections/W3CIISLog/SilkTyphoonSuspiciousExchangeRequestPattern.yaml	65
Detections/W3CIISLog/Supernovawebshell.yaml	6
Detections/WindowsEvents/CaramelTsunami_IOC_WindowsEvent.yaml	5
Detections/WindowsEvents/ChiaCryptoMining_WindowsEvent.yaml	5
Detections/ZoomLogs/E2EEDisbaled.yaml	42
Detections/ZoomLogs/ExternalUserAccess.yaml	51
Detections/ZoomLogs/JoiningMeetingFromAnotherTimeZone.yaml	58
Detections/ZoomLogs/SupiciousLinkSharing.yaml	46
Detections/http_proxy_oab_CL/ExchagngeSuspiciousFileDownloads.yaml	48
Detections/http_proxy_oab_CL/SilkTyphoonSuspiciousFileDownloads.yaml	46