path	# lines of code
Detections/ProofpointPOD/ProofpointPODMultipleArchivedAttachmentsToSameRecipient.yaml	4
Detections/ProofpointPOD/ProofpointPODSuspiciousAttachment.yaml	4
Detections/ProofpointPOD/ProofpointPODEmailSenderIPinTIList.yaml	6
Detections/ProofpointPOD/ProofpointPODMultipleLargeEmailsToSameRecipient.yaml	4
Detections/ProofpointPOD/ProofpointPODEmailSenderInTIList.yaml	6
Detections/ProofpointPOD/ProofpointPODDataExfiltrationToPrivateEmail.yaml	4
Detections/ProofpointPOD/ProofpointPODMultipleProtectedEmailsToUnknownRecipient.yaml	4
Detections/ProofpointPOD/ProofpointPODHighRiskNotDiscarded.yaml	4
Detections/ProofpointPOD/ProofpointPODWeakCiphers.yaml	4
Detections/ProofpointPOD/ProofpointPODBinaryInAttachment.yaml	4
Detections/CiscoUmbrella/CiscoUmbrellaRequestBlocklistedFileType.yaml	37
Detections/CiscoUmbrella/CiscoUmbrellaURIContainsIPAddress.yaml	34
Detections/CiscoUmbrella/CiscoUmbrellaHackToolUserAgentDetected.yaml	82
Detections/CiscoUmbrella/CiscoUmbrellaConnectionNon-CorporatePrivateNetwork.yaml	35
Detections/CiscoUmbrella/CiscoUmbrellaRequestAllowedHarmfulMaliciousURICategory.yaml	52
Detections/CiscoUmbrella/CiscoUmbrellaRareUserAgentDetected.yaml	40
Detections/CiscoUmbrella/CiscoUmbrellaEmptyUserAgentDetected.yaml	34
Detections/CiscoUmbrella/CiscoUmbrellaPowershellUserAgentDetected.yaml	35
Detections/CiscoUmbrella/CiscoUmbrellaCryptoMinerUserAgentDetected.yaml	34
Detections/CiscoUmbrella/CiscoUmbrellaConnectionToUnpopularWebsiteDetected.yaml	43
Detections/Heartbeat/OMI_vulnerability_detection.yaml	56
Detections/Heartbeat/MissingDCHearbeat.yaml	48
Detections/WindowsEvents/CaramelTsunami_IOC_WindowsEvent.yaml	5
Detections/WindowsEvents/ChiaCryptoMining_WindowsEvent.yaml	5
Detections/MultipleDataSources/DenimTsunamiFileHashesJuly2022.yaml	5
Detections/MultipleDataSources/ZincOctober2022_Filename_Commandline_IOC.yaml	5
Detections/MultipleDataSources/Dev-0270NewUserSep2022.yaml	4
Detections/MultipleDataSources/AAD_PAVPN_Correlation.yaml	86
Detections/MultipleDataSources/UserImpersonateByRiskyUser.yaml	3
Detections/MultipleDataSources/SUNSPOTHashes.yaml	5
Detections/MultipleDataSources/MFADisable.yaml	5
Detections/MultipleDataSources/SUNSPOTLogFile.yaml	5
Detections/MultipleDataSources/UserImpersonateByAAID.yaml	3
Detections/MultipleDataSources/MailBoxTampering.yaml	89
Detections/MultipleDataSources/RiskyUserIn3Pnetworkactivity.yaml	98
Detections/MultipleDataSources/HostAADCorrelation.yaml	102
Detections/MultipleDataSources/Dev-0270RegistryIOCSep2022.yaml	5
Detections/MultipleDataSources/BariumDomainIOC112020.yaml	5
Detections/MultipleDataSources/BrutforceAttemptOnAzurePortalAndAWSConsolAtSameTime.yaml	3
Detections/MultipleDataSources/SeashellBlizzardIOCs.yaml	5
Detections/MultipleDataSources/Dev-0530_FileExtRename.yaml	60
Detections/MultipleDataSources/CrossCloudUnauthorizedCredentialsAccessDetection.yaml	3
Detections/MultipleDataSources/Solorigate-VM-Network.yaml	5
Detections/MultipleDataSources/EmeraldSleetIOCs.yaml	5
Detections/MultipleDataSources/MalformedUserAgents.yaml	109
Detections/MultipleDataSources/COMRegistryKeyModifiedtoPointtoFileinColorDrivers.yaml	74
Detections/MultipleDataSources/ExchangeWorkerProcessMakingRemoteCall.yaml	70
Detections/MultipleDataSources/AuditPolicyManipulation_using_auditpol.yaml	79
Detections/MultipleDataSources/EmailAccessviaActiveSync.yaml	88
Detections/MultipleDataSources/SuspiciousAWSConsolLoginByCredentialAceessAlerts.yaml	3
Detections/MultipleDataSources/PotentialMercury_Webshell.yaml	6
Detections/MultipleDataSources/Dev-0530_July2022.yaml	5
Detections/MultipleDataSources/KnownMintSandstormDomainsIP-October2020.yaml	5
Detections/MultipleDataSources/powershell_MangoSandstorm.yaml	79
Detections/MultipleDataSources/SuccessfulAWSConsoleLoginfromIPAddressObservedConductingPasswordSpray.yaml	3
Detections/MultipleDataSources/SuspiciousLoginfromDeletedExternalIdentities.yaml	74
Detections/MultipleDataSources/PrivilegedAccountsSigninFailureSpikes.yaml	5
Detections/MultipleDataSources/Unauthorized_user_access_across_AWS_and_Azure.yaml	3
Detections/MultipleDataSources/MidnightBlizzard_DomainIOCsMarch2021.yaml	5
Detections/MultipleDataSources/StarBlizzardDomainsAugust2022.yaml	117
Detections/MultipleDataSources/HiveRansomwareJuly2022.yaml	5
Detections/MultipleDataSources/DenimTsunamiC2DomainsJuly2022.yaml	5
Detections/MultipleDataSources/PotentialFodhelperUACBypass(ASIMVersion).yaml	47
Detections/MultipleDataSources/Dev-0270PowershellSep2022.yaml	5
Detections/MultipleDataSources/DiamondSleetOct292020IOCs.yaml	5
Detections/MultipleDataSources/Dev-0228FilePathHashesNovember2021.yaml	77
Detections/MultipleDataSources/AdditionalFilesUploadedByActor.yaml	5
Detections/MultipleDataSources/CrossCloudSuspiciousUserActivityObservedInGCPEnvourment.yaml	3
Detections/MultipleDataSources/RunCommandUEBABreach.yaml	79
Detections/MultipleDataSources/GainCodeExecutionADFSviaWMI.yaml	171
Detections/MultipleDataSources/DenimTsunamiAVDetection.yaml	5
Detections/MultipleDataSources/AWSConsoleAADCorrelation.yaml	69
Detections/MultipleDataSources/Cross-CloudSuspiciousComputeResourcecreationinGCP.yaml	3
Detections/MultipleDataSources/UserAgentSearch_log4j.yaml	5
Detections/MultipleDataSources/PrestigeRansomwareIOCsOct22.yaml	124
Detections/MultipleDataSources/ExchangeServerVulnerabilitiesMarch2021IoCs.yaml	5
Detections/MultipleDataSources/PotentialBuildProcessCompromiseMDE.yaml	5
Detections/MultipleDataSources/ZincOctober2022_IP_Domain_Hash_IOC.yaml	5
Detections/MultipleDataSources/NewUserAgentLast24h.yaml	5
Detections/MultipleDataSources/ForestBlizzardOct292020IOCs.yaml	5
Detections/MultipleDataSources/SuspiciousModificationofGlobalAdminProperties.yaml	88
Detections/MultipleDataSources/AquaBlizzardFeb2022.yaml	5
Detections/MultipleDataSources/SuspiciousVMInstanceCreationActivity.yaml	141
Detections/MultipleDataSources/SucessfullSiginFromPhingLink.yaml	138
Detections/MultipleDataSources/CadetBlizzard_Jan2022_IOC.yaml	5
Detections/MultipleDataSources/ChiaCryptoMining.yaml	5
Detections/MultipleDataSources/DEV-0322_SolarWinds_Serv-U_IOC.yaml	5
Detections/MultipleDataSources/AuthenticationMethodsChangedforPrivilegedAccount.yaml	5
Detections/MultipleDataSources/AnomalousIPUsageFollowedByTeamsAction.yaml	128
Detections/MultipleDataSources/PlaidRainIPIoC.yaml	5
Detections/MultipleDataSources/EUROPIUM _September2022.yaml	159
Detections/MultipleDataSources/MSHTMLVuln.yaml	5
Detections/MultipleDataSources/TimeSeriesAnomaly-MultiVendor_DataExfiltration.yaml	123
Detections/MultipleDataSources/Log4J_IPIOC_Dec112021.yaml	5
Detections/MultipleDataSources/DiamondSleetJan272021IOCs.yaml	5
Detections/MultipleDataSources/Dev-0270WMICDiscoverySep2022.yaml	5
Detections/MultipleDataSources/UnusualGuestActivity.yaml	5
Detections/MultipleDataSources/WSLMalwareCorrelation.yaml	5
Detections/MultipleDataSources/BariumIPIOC112020.yaml	5
Detections/MultipleDataSources/RubySleetOct292020IOCs.yaml	5
Detections/MultipleDataSources/CaramelTsunami_IOC.yaml	5
Detections/MultipleDataSources/PHOSPHORUSMarch2019IOCs.yaml	5
Detections/MultipleDataSources/SecurityServiceRegistryACLModification.yaml	142
Detections/MultipleDataSources/Manganese_VPN-IOCs.yaml	5
Detections/MultipleDataSources/AADAWSConsoleCorrelation.yaml	84
Detections/MultipleDataSources/MidnightBlizzard_FoggyWeb.yaml	5
Detections/MultipleDataSources/EuropiumUnusualIdentity.yaml	67
Detections/MultipleDataSources/SilkTyphoonUmServiceSuspiciousFile.yaml	5
Detections/MultipleDataSources/ADFS-DKM-MasterKey-Export.yaml	98
Detections/MultipleDataSources/NylonTyphoonIOCsNov2021.yaml	5
Detections/MultipleDataSources/MidnightBlizzard_IOCsMay2021.yaml	5
Detections/MultipleDataSources/PhishinglinkExecutionObserved.yaml	112
Detections/MultipleDataSources/GraniteTyphoonIOCs.yaml	5
Detections/MultipleDataSources/AADHostLoginCorrelation.yaml	128
Detections/MultipleDataSources/Accountcreatedfromnon-approvedsources.yaml	103
Detections/MultipleDataSources/B64IPInURLFromMDE.yaml	72
Detections/MultipleDataSources/Mercury_Log4j_August2022.yaml	244
Detections/MultipleDataSources/NetworkEndpointCorrelation.yaml	5
Detections/MultipleDataSources/Solorigate-Network-Beacon.yaml	5
Detections/MultipleDataSources/TarraskHashIoC.yaml	5
Detections/MultipleDataSources/ZincOctober2022_AVHits_IOC.yaml	5
Detections/MultipleDataSources/MultiplePasswordresetsbyUser.yaml	136
Detections/MultipleDataSources/DisabledAccIPSigninWithRareRiskyOps.yaml	115
Detections/MultipleDataSources/ForestBlizzardJuly2019IOCs.yaml	142
Detections/MultipleDataSources/SigninFirewallCorrelation.yaml	67
Detections/MultipleDataSources/B64UserInWebURIFromMDE.yaml	79
Detections/PulseConnectSecure/PulseConnectSecureVPN-CVE_2021_22893_Exploit.yaml	39
Detections/SecurityNestedRecommendation/Log4jVulnerableMachines.yaml	5
Detections/SecurityNestedRecommendation/OMIGODVulnerableMachines.yaml	50
Detections/DeviceProcessEvents/SolarWinds_SUNBURST_Process-IOCs.yaml	61
Detections/DeviceProcessEvents/AdFind_Usage.yaml	5
Detections/AzureDiagnostics/KeyvaultMassSecretRetrieval.yaml	5
Detections/AzureDiagnostics/TimeSeriesKeyvaultAccessAnomaly.yaml	5
Detections/AzureDiagnostics/MaliciousWAFSessions.yaml	5
Detections/AzureDiagnostics/AzureWAFmatching_log4j_vuln.yaml	5
Detections/AzureDiagnostics/NRT_KeyVaultSensitiveOperations.yaml	5
Detections/AzureDiagnostics/KeyVaultSensitiveOperations.yaml	5
Detections/SecurityEvent/PotentialFodhelperUACBypass.yaml	5
Detections/SecurityEvent/CredentialDumpingToolsFileArtifacts.yaml	5
Detections/SecurityEvent/RegistryPersistenceViaAppCertDLLModification.yaml	5
Detections/SecurityEvent/SilkTyphoonSuspiciousUMServiceError.yaml	45
Detections/SecurityEvent/MidnightBlizzard_SuspiciousRundll32Exec.yaml	84
Detections/SecurityEvent/FakeComputerAccountCreated.yaml	71
Detections/SecurityEvent/NRT_execute_base64_decodedpayload.yaml	5
Detections/SecurityEvent/malware_in_recyclebin.yaml	5
Detections/SecurityEvent/LocalDeviceJoinInfoAndTransportKeyRegKeysAccess.yaml	5
Detections/SecurityEvent/GroupCreatedAddedToPrivlegeGroup_1h.yaml	150
Detections/SecurityEvent/NonDCActiveDirectoryReplication.yaml	5
Detections/SecurityEvent/SecurityEventLogCleared.yaml	5
Detections/SecurityEvent/GainCodeExecutionADFSViaSMB.yaml	5
Detections/SecurityEvent/StartStopHealthService.yaml	5
Detections/SecurityEvent/MacroInvokingShellBrowserWindowCOMObjects.yaml	5
Detections/SecurityEvent/NRT_SecurityEventLogCleared.yaml	5
Detections/SecurityEvent/gte_6_FailedLogons_10m.yaml	140
Detections/SecurityEvent/LateralMovementViaDCOM.yaml	5
Detections/SecurityEvent/CredentialDumpingServiceInstallation.yaml	5
Detections/SecurityEvent/WindowsBinariesLolbinsRenamed.yaml	5
Detections/SecurityEvent/NewEXEdeployedviaDefaultDomainorDefaultDomainControllerPolicies.yaml	5
Detections/SecurityEvent/SilkTyphoonNewUMServiceChildProcess.yaml	95
Detections/SecurityEvent/SdeletedeployedviaGPOandrunrecursively.yaml	5
Detections/SecurityEvent/UserAccountAdd-Removed.yaml	129
Detections/SecurityEvent/AccessibilityFeaturesModification.yaml	74
Detections/SecurityEvent/RDP_RareConnection.yaml	103
Detections/SecurityEvent/DumpingLSASSProcessIntoaFile.yaml	5
Detections/SecurityEvent/ADFSRemoteHTTPNetworkConnection.yaml	5
Detections/SecurityEvent/ADFSDBNamedPipeConnection.yaml	5
Detections/SecurityEvent/PotentialKerberoast.yaml	118
Detections/SecurityEvent/powershell_empire.yaml	5
Detections/SecurityEvent/PotentialBuildProcessCompromise.yaml	121
Detections/SecurityEvent/AADHealthMonAgentRegKeyAccess.yaml	139
Detections/SecurityEvent/AdminSDHolder_Modifications.yaml	56
Detections/SecurityEvent/UserAccountEnabledDisabled_10m.yaml	149
Detections/SecurityEvent/UserAccountAddedToPrivlegeGroup_1h.yaml	112
Detections/SecurityEvent/UserCreatedAddedToBuiltinAdmins_1d.yaml	141
Detections/SecurityEvent/RegistryPersistenceViaAppInt_DLLsModification.yaml	5
Detections/SecurityEvent/NRT_base64_encoded_pefile.yaml	5
Detections/SecurityEvent/UserPrincipalNameAssignedToUserAccount.yaml	63
Detections/SecurityEvent/DSRMAccountAbuse.yaml	72
Detections/SecurityEvent/RDP_MultipleConnectionsFromSingleSystem.yaml	96
Detections/SecurityEvent/MidnightBlizzard_SuspiciousScriptRegistryWrite.yaml	91
Detections/SecurityEvent/WDigestDowngradeAttack.yaml	5
Detections/SecurityEvent/SolorigateNamedPipe.yaml	95
Detections/SecurityEvent/TimeSeriesAnomaly-ProcessExecutions.yaml	5
Detections/SecurityEvent/PotentialRemoteDesktopTunneling.yaml	5
Detections/SecurityEvent/password_not_set.yaml	5
Detections/SecurityEvent/execute_base64_decodedpayload.yaml	5
Detections/SecurityEvent/base64_encoded_pefile.yaml	5
Detections/SecurityEvent/PotenialResourceBasedConstrainedDelegationAbuse.yaml	62
Detections/SecurityEvent/MultipleFailedFollowedBySuccess.yaml	5
Detections/SecurityEvent/AADHealthSvcAgentRegKeyAccess.yaml	137
Detections/SecurityEvent/ADFSRemoteAuthSyncConnection.yaml	5
Detections/SecurityEvent/COMEventSystemLoadingNewDLL.yaml	117
Detections/SecurityEvent/UserAccountCreatedDeleted_10m.yaml	148
Detections/SecurityEvent/ExcessiveLogonFailures.yaml	5
Detections/SecurityEvent/ExchangeOABVirtualDirectoryAttributeContainingPotentialWebshell.yaml	5
Detections/SecurityEvent/password_never_expires.yaml	107
Detections/SecurityEvent/Potentialre-namedsdeleteusage.yaml	5
Detections/SecurityEvent/ScheduleTaskHide.yaml	5
Detections/SecurityEvent/WindowsBinariesExecutedfromNon-DefaultDirectory.yaml	5
Detections/SecurityEvent/ADFSAbnormalEnhancedKeyUsageAttribute-OID.yaml	72
Detections/SecurityEvent/RDP_Nesting.yaml	159
Detections/ASimProcess/NewEXEdeployedviaDefaultDomainorDefaultDomainControllerPolicies(ASIMVersion).yaml	57
Detections/ASimProcess/imProcess_base64_encoded_pefile.yaml	30
Detections/ASimProcess/imProcess_MidnightBlizzard_SuspiciousRundll32Exec.yaml	29
Detections/ASimProcess/SdeletedeployedviaGPOandrunrecursively(ASIMVersion).yaml	35
Detections/ASimProcess/imProcess_malware_in_recyclebin.yaml	30
Detections/ASimProcess/imProcess_AdFind_Usage.yaml	35
Detections/ASimProcess/imFileEvent_Dev-0228FilePathHashesNovember2021(ASIMVersion).yaml	40
Detections/ASimProcess/Potentialre-namedsdeleteusage(ASIMVersion).yaml	24
Detections/ASimProcess/imProcess_SolarWinds_SUNBURST_Process-IOCs.yaml	34
Detections/QualysVM/NewHighSeverityVulnDetectedAcrossMulitpleHosts.yaml	5
Detections/QualysVM/HighNumberofVulnDetected.yaml	5
Detections/ASimAuthentication/imAuthSigninsMultipleCountries.yaml	69
Detections/ASimAuthentication/imAuthPasswordSpray.yaml	46
Detections/ASimAuthentication/imSigninAttemptsByIPviaDisabledAccounts.yaml	54
Detections/ASimAuthentication/imAuthBruteForce.yaml	75
Detections/AzureAppServices/AVScan_Infected_Files_Found.yaml	31
Detections/AzureAppServices/AVScan_Failure.yaml	31
Detections/ASimFileEvent/imFileESolarWindsSunburstSupernova.yaml	31
Detections/ASimFileEvent/SuspiciousAccessOfBECRelatedDocuments.yaml	5
Detections/AzureDevOpsAuditing/ExternalUpstreamSourceAddedtoAzureDevOpsFeed.yaml	4
Detections/AzureDevOpsAuditing/ADOSecretNotSecured.yaml	4
Detections/AzureDevOpsAuditing/ADOVariableModifiedByNewUser.yaml	4
Detections/AzureDevOpsAuditing/ADOPATUsedWithBrowser.yaml	4
Detections/AzureDevOpsAuditing/AzDOHistoricServiceConnectionAdds.yaml	4
Detections/AzureDevOpsAuditing/NRT_ADOAuditStreamDisabled.yaml	4
Detections/AzureDevOpsAuditing/AzDOAdminGroupAdditions.yaml	4
Detections/AzureDevOpsAuditing/AzDOPipelineCreatedDeletedOneDay.yaml	4
Detections/AzureDevOpsAuditing/ADOAuditStreamDisabled.yaml	4
Detections/AzureDevOpsAuditing/ADOPipelineModifiedbyNewUser.yaml	4
Detections/AzureDevOpsAuditing/AzDOPatSessionMisuse.yaml	4
Detections/AzureDevOpsAuditing/NewPAPCAPCASaddedtoADO.yaml	4
Detections/AzureDevOpsAuditing/ADOAgentPoolCreatedDeleted.yaml	4
Detections/AzureDevOpsAuditing/AzDOHistoricPrPolicyBypassing.yaml	4
Detections/AzureDevOpsAuditing/NewAgentAddedToPoolbyNewUserorofNewOS.yaml	4
Detections/AzureDevOpsAuditing/AzDOServiceConnectionUsage.yaml	4
Detections/AzureDevOpsAuditing/ADORetentionReduced.yaml	4
Detections/AzureDevOpsAuditing/ADONewExtensionAdded.yaml	4
Detections/DnsEvents/NRT_DNS_Related_To_Mining_Pools.yaml	5
Detections/DnsEvents/DNS_HighNXDomainCount_detection.yaml	5
Detections/DnsEvents/DNS_Miners.yaml	5
Detections/DnsEvents/DNS_HighReverseDNSCount_detection.yaml	5
Detections/DnsEvents/DNS_TorProxies.yaml	5
Detections/W3CIISLog/AnomomlousUserAgentConnection.yaml	63
Detections/W3CIISLog/HighPortCountByClientIP.yaml	80
Detections/W3CIISLog/MaliciousAlertLinkedWebRequests.yaml	6
Detections/W3CIISLog/HighFailedLogonCountByClientIP.yaml	92
Detections/W3CIISLog/SilkTyphoonSuspiciousExchangeRequestPattern.yaml	65
Detections/W3CIISLog/Supernovawebshell.yaml	6
Detections/W3CIISLog/ProxyShellPwn2Own.yaml	65
Detections/W3CIISLog/HighFailedLogonCountByUser.yaml	99
Detections/AWSGuardDuty/AWS_GuardDuty_template.yaml	4
Detections/DeviceEvents/SolarWinds_TEARDROP_Process-IOCs.yaml	5
Detections/SigninLogs/DistribPassCrackAttempt.yaml	5
Detections/SigninLogs/SigninBruteForce-AzurePortal.yaml	5
Detections/SigninLogs/AzureAADPowerShellAnomaly.yaml	5
Detections/SigninLogs/Brute Force Attack against GitHub Account.yaml	5
Detections/SigninLogs/AnomalousSingleFactorSignin.yaml	73
Detections/SigninLogs/SigninAttemptsByIPviaDisabledAccounts.yaml	5
Detections/SigninLogs/BypassCondAccessRule.yaml	5
Detections/SigninLogs/NewCountryValidCreds.yaml	80
Detections/SigninLogs/DisabledAccountSigninsAcrossManyApplications.yaml	5
Detections/SigninLogs/UserAccounts-CABlockedSigninSpikes.yaml	5
Detections/SigninLogs/AuthenticationsofPrivilegedAccountsOutsideofExpectedControls.yaml	69
Detections/SigninLogs/AnomalousUserAppSigninLocationIncrease-detection.yaml	5
Detections/SigninLogs/PrivilegedUserLogonfromnewASN.yaml	66
Detections/SigninLogs/ServicePrincipalAuthenticationAttemptfromNewCountry.yaml	53
Detections/SigninLogs/NRT_MFARejectedbyUser.yaml	5
Detections/SigninLogs/FailedLogonToAzurePortal.yaml	5
Detections/SigninLogs/BruteForceCloudPC.yaml	5
Detections/SigninLogs/AuthenticationAttemptfromNewCountry.yaml	107
Detections/SigninLogs/MFARejectedbyUser.yaml	5
Detections/SigninLogs/SuccessThenFail_DiffIP_SameUserandApp.yaml	5
Detections/SigninLogs/Sign-in Burst from Multiple Locations.yaml	5
Detections/SigninLogs/ExplicitMFADeny.yaml	5
Detections/SigninLogs/SigninPasswordSpray.yaml	5
Detections/SigninLogs/SeamlessSSOPasswordSpray.yaml	5
Detections/SigninLogs/ADFSSignInLogsPasswordSpray.yaml	5
Detections/SigninLogs/AzurePortalSigninfromanotherAzureTenant.yaml	5
Detections/DuoSecurity/IPEntity_DuoSecurity.yaml	5
Detections/DuoSecurity/TrustMonitorEvent.yaml	44
Detections/DeviceFileEvents/PEfiledroppedinColorDriversFolder.yaml	46
Detections/DeviceFileEvents/SolarWinds_SUNBURST_&_SUPERNOVA_File-IOCs.yaml	5
Detections/GitHub/Threat Intel Matches to GitHub Audit Logs.yaml	4
Detections/GitHub/(Preview) GitHub - Two Factor Authentication Disabled in GitHub.yaml	5
Detections/GitHub/Security Vulnerability in Repo.yaml	6
Detections/GitHub/(Preview) GitHub - Activities from Infrequent Country.yaml	5
Detections/GitHub/NRT Two Factor Authentication Disabled.yaml	6
Detections/ASimDNS/imDns_HighNXDomainCount_detection.yaml	83
Detections/ASimDNS/imDNS_Miners.yaml	89
Detections/ASimDNS/imDNS_TorProxies.yaml	77
Detections/ASimDNS/imDns_IPEntity_DnsEvents.yaml	4
Detections/ASimDNS/imDns_ExcessiveNXDOMAINDNSQueries.yaml	70
Detections/ASimDNS/imDns_DomainEntity_DnsEvents.yaml	4
Detections/QualysVMV2/HighNumberofVulnDetectedV2.yaml	5
Detections/QualysVMV2/NewHighSeverityVulnDetectedAcrossMulitpleHostsV2.yaml	5
Detections/BehaviorAnalytics/SuspiciousSigninByAADConnectAccount.yaml	66
Detections/AzureWAF/AppGwWAF-XSSDetection.yaml	59
Detections/AzureWAF/AppGwWAF-SQLiDetection.yaml	62
Detections/AzureWAF/AFD-Premium-WAF-SQLiDetection.yaml	4
Detections/AzureWAF/AFD-Premium-WAF-XSSDetection.yaml	4
Detections/AuditLogs/ChangestoApplicationOwnership.yaml	78
Detections/AuditLogs/AuthenticationMethodChangedforPrivilegedAccount.yaml	5
Detections/AuditLogs/Cross-tenantAccessSettingsOrganizationDeleted.yaml	6
Detections/AuditLogs/ConditionalAccessPolicyModifiedbyNewUser.yaml	79
Detections/AuditLogs/UserAccountCreatedUsingIncorrectNamingFormat.yaml	82
Detections/AuditLogs/MultipleAdmin_membership_removals_from_NewAdmin.yaml	5
Detections/AuditLogs/MaliciousOAuthApp_PwnAuth.yaml	5
Detections/AuditLogs/SuspiciousOAuthApp_OfflineAccess.yaml	5
Detections/AuditLogs/ApplicationIDURIChanged.yaml	77
Detections/AuditLogs/GuestAccountsAddedinAADGroupsOtherThanTheOnesSpecified.yaml	6
Detections/AuditLogs/NRT_PIMElevationRequestRejected.yaml	5
Detections/AuditLogs/Cross-tenantAccessSettingsOrganizationOutboundDirectSettingsChanged.yaml	6
Detections/AuditLogs/NewExtUserGrantedAdmin.yaml	5
Detections/AuditLogs/AccountCreatedDeletedByNonApprovedUser.yaml	5
Detections/AuditLogs/AdditionofaTemporaryAccessPasstoaPrivilegedAccount.yaml	82
Detections/AuditLogs/NewAppOrServicePrincipalCredential.yaml	5
Detections/AuditLogs/nrt_FirstAppOrServicePrincipalCredential.yaml	6
Detections/AuditLogs/NRT_NewAppOrServicePrincipalCredential.yaml	5
Detections/AuditLogs/GuestUsersInvitedtoTenantbyNewInviters.yaml	84
Detections/AuditLogs/NRT_UseraddedtoPrivilgedGroups.yaml	5
Detections/AuditLogs/RareApplicationConsent.yaml	5
Detections/AuditLogs/Cross-tenantAccessSettingsOrganizationAdded.yaml	6
Detections/AuditLogs/ApplicationRedirectURLUpdate.yaml	86
Detections/AuditLogs/PrivlegedRoleAssignedOutsidePIM.yaml	5
Detections/AuditLogs/AccountElevatedtoNewRole.yaml	5
Detections/AuditLogs/MailPermissionsAddedToApplication.yaml	5
Detections/AuditLogs/ServicePrincipalAssignedAppRoleWithSensitiveAccess.yaml	93
Detections/AuditLogs/AdminPromoAfterRoleMgmtAppPermissionGrant.yaml	5
Detections/AuditLogs/PIMElevationRequestRejected.yaml	5
Detections/AuditLogs/NRT_PrivlegedRoleAssignedOutsidePIM.yaml	5
Detections/AuditLogs/Cross-tenantAccessSettingsOrganizationOutboundCollaborationSettingsChanged.yaml	6
Detections/AuditLogs/NRT_ADFSDomainTrustMods.yaml	5
Detections/AuditLogs/ChangestoPIMSettings.yaml	58
Detections/AuditLogs/ServicePrincipalAssignedPrivilegedRole.yaml	84
Detections/AuditLogs/SuspiciousLinkingofExternalIdtoExistingUsers.yaml	82
Detections/AuditLogs/FirstAppOrServicePrincipalCredential.yaml	5
Detections/AuditLogs/ADFSDomainTrustMods.yaml	5
Detections/AuditLogs/MaliciousOAuthApp_O365AttackToolkit.yaml	5
Detections/AuditLogs/SuspiciousServicePrincipalcreationactivity.yaml	5
Detections/AuditLogs/NRT_AuthenticationMethodsChangedforVIPUsers.yaml	6
Detections/AuditLogs/URLAddedtoApplicationfromUnknownDomain.yaml	101
Detections/AuditLogs/AccountCreatedandDeletedinShortTimeframe.yaml	5
Detections/AuditLogs/BulkChangestoPrivilegedAccountPermissions.yaml	5
Detections/AuditLogs/End-userconsentstoppedduetorisk-basedconsent.yaml	76
Detections/AuditLogs/Cross-tenantAccessSettingsOrganizationInboundDirectSettingsChanged.yaml	6
Detections/AuditLogs/Cross-tenantAccessSettingsOrganizationInboundCollaborationSettingsChanged.yaml	6
Detections/AuditLogs/UserAssignedPrivilegedRole.yaml	5
Detections/AuditLogs/UseraddedtoPrivilgedGroups.yaml	5
Detections/AuditLogs/AzureADRoleManagementPermissionGrant.yaml	5
Detections/AuditLogs/UserStatechangedfromGuesttoMember.yaml	82
Detections/AuditLogs/ChangestoApplicationLogoutURL.yaml	77
Detections/AuditLogs/PrivilegedAccountPermissionsChanged.yaml	5
Detections/AuditLogs/Useraccountcreatedwithoutexpectedattributesdefined.yaml	95
Detections/AuditLogs/UserAddedtoAdminRole.yaml	5
Detections/AuditLogs/CredentialAddedAfterAdminConsent.yaml	5
Detections/ASimNetworkSession/ExcessiveHTTPFailuresFromSource.yaml	4
Detections/ASimNetworkSession/PortScan.yaml	4
Detections/ASimNetworkSession/PossibleBeaconingActivity.yaml	4
Detections/ASimNetworkSession/IPEntity_imNetworkSession.yaml	4
Detections/ThreatIntelligenceIndicator/IPEntity_AzureSQL.yaml	5
Detections/ThreatIntelligenceIndicator/IPEntity_OfficeActivity.yaml	5
Detections/ThreatIntelligenceIndicator/IPEntity_imWebSession.yaml	5
Detections/ThreatIntelligenceIndicator/IPEntity_AppServiceHTTPLogs.yaml	5
Detections/ThreatIntelligenceIndicator/IPEntity_DnsEvents.yaml	5
Detections/ThreatIntelligenceIndicator/EmailEntity_SecurityEvent.yaml	5
Detections/ThreatIntelligenceIndicator/EmailEntity_OfficeActivity.yaml	5
Detections/ThreatIntelligenceIndicator/DomainEntity_CommonSecurityLog.yaml	5
Detections/ThreatIntelligenceIndicator/FileHashEntity_SecurityEvent.yaml	5
Detections/ThreatIntelligenceIndicator/DomainEntity_imWebSession.yaml	5
Detections/ThreatIntelligenceIndicator/IPEntity_AWSCloudTrail.yaml	5
Detections/ThreatIntelligenceIndicator/DomainEntity_SecurityAlert.yaml	5
Detections/ThreatIntelligenceIndicator/FileHashEntity_CommonSecurityLog.yaml	5
Detections/ThreatIntelligenceIndicator/IPEntity_CustomSecurityLog.yaml	5
Detections/ThreatIntelligenceIndicator/URLEntity_PaloAlto.yaml	5
Detections/ThreatIntelligenceIndicator/DomainEntity_Syslog.yaml	5
Detections/ThreatIntelligenceIndicator/IPentity_SigninLogs.yaml	5
Detections/ThreatIntelligenceIndicator/DomainEntity_PaloAlto.yaml	5
Detections/ThreatIntelligenceIndicator/URLEntity_Syslog.yaml	5
Detections/ThreatIntelligenceIndicator/EmailEntity_SigninLogs.yaml	5
Detections/ThreatIntelligenceIndicator/URLEntity_OfficeActivity.yaml	5
Detections/ThreatIntelligenceIndicator/EmailEntity_SecurityAlert.yaml	5
Detections/ThreatIntelligenceIndicator/EmailEntity_PaloAlto.yaml	5
Detections/ThreatIntelligenceIndicator/IPEntity_AzureActivity.yaml	5
Detections/ThreatIntelligenceIndicator/IPEntity_AzureFirewall.yaml	5
Detections/ThreatIntelligenceIndicator/IPEntity_VMConnection.yaml	5
Detections/ThreatIntelligenceIndicator/IPEntity_W3CIISLog.yaml	5
Detections/ThreatIntelligenceIndicator/URLEntity_AuditLogs.yaml	5
Detections/ThreatIntelligenceIndicator/DomainEntity_DnsEvents.yaml	5
Detections/ThreatIntelligenceIndicator/URLEntity_SecurityAlerts.yaml	5
Detections/ThreatIntelligenceIndicator/IPEntity_AzureKeyVault.yaml	5
Detections/ThreatIntelligenceIndicator/EmailEntity_AzureActivity.yaml	5
Detections/ThreatIntelligenceIndicator/IPEntity_AzureNetworkAnalytics.yaml	5
Detections/ZoomLogs/JoiningMeetingFromAnotherTimeZone.yaml	58
Detections/ZoomLogs/SupiciousLinkSharing.yaml	46
Detections/ZoomLogs/ExternalUserAccess.yaml	51
Detections/ZoomLogs/E2EEDisbaled.yaml	42
Detections/LAQueryLogs/UserSearchingForVIPUserActivity.yaml	50
Detections/Syslog/ssh_potentialBruteForce.yaml	5
Detections/Syslog/squid_cryptomining_pools.yaml	5
Detections/Syslog/NRT_squid_events_for_mining_pools.yaml	5
Detections/Syslog/FailedLogonAttempts_UnknownUser.yaml	5
Detections/Syslog/squid_tor_proxies.yaml	5
Detections/CommonSecurityLog/CiscoASA-ThreatDetectionMessage.yaml	5
Detections/CommonSecurityLog/PaloAlto-NetworkBeaconing.yaml	5
Detections/CommonSecurityLog/CreepyDriveURLs.yaml	56
Detections/CommonSecurityLog/Wazuh-Large_Number_of_Web_errors_from_an_IP.yaml	44
Detections/CommonSecurityLog/CiscoASA-AvgAttackDetectRateIncrease.yaml	5
Detections/CommonSecurityLog/Fortinet-NetworkBeaconPattern.yaml	85
Detections/CommonSecurityLog/PaloAlto-PortScanning.yaml	5
Detections/CommonSecurityLog/CreepySnailURLParameters.yaml	65
Detections/CommonSecurityLog/CreepyDriveRequestSequence.yaml	59
Detections/CommonSecurityLog/MultiVendor-PossibleDGAContacts.yaml	132
Detections/CommonSecurityLog/TimeSeriesAnomaly-MultiVendor_NetworkTraffic.yaml	92
Detections/CommonSecurityLog/PaloAlto-UnusualThreatSignatures.yaml	5
Detections/DeviceNetworkEvents/SolarWinds_SUNBURST_Network-IOCs.yaml	5
Detections/ASimWebSession/ExcessiveNetworkFailuresFromSource.yaml	62
Detections/ASimWebSession/PotentiallyHarmfulFileTypes.yaml	85
Detections/ASimWebSession/UnusualUAPowershell.yaml	76
Detections/ASimWebSession/UnusualUACryptoMiners.yaml	71
Detections/ASimWebSession/PossibleDGAContacts.yaml	57
Detections/ASimWebSession/DiscordCDNRiskyFileDownload_ASim.yaml	63
Detections/ASimWebSession/UnusualUAHackTool.yaml	82
Detections/AWSCloudTrail/AWS_ChangeToVPC.yaml	5
Detections/AWSCloudTrail/AWS_CredentialHijack.yaml	5
Detections/AWSCloudTrail/NRT_AWS_ConsoleLogonWithoutMFA.yaml	5
Detections/AWSCloudTrail/AWS_IngressEgressSecurityGroupChange.yaml	5
Detections/AWSCloudTrail/SuspiciousAccessOfBECRelatedDocumentsInAWSS3Buckets.yaml	5
Detections/AWSCloudTrail/AWS_LoadBalancerSecGroupChange.yaml	5
Detections/AWSCloudTrail/AWS_FullAdminPolicyAttachedToRolesUsersGroups.yaml	5
Detections/AWSCloudTrail/AWS_ClearStopChangeTrailLogs.yaml	5
Detections/AWSCloudTrail/AWS_ChangeToRDSDatabase.yaml	5
Detections/AWSCloudTrail/AWS_ConsoleLogonWithoutMFA.yaml	5
Detections/AzureActivity/Creating_Anomalous_Number_Of_Resources_detection.yaml	4
Detections/AzureActivity/NRT-AADHybridHealthADFSNewServer.yaml	4
Detections/AzureActivity/NRT_Creation_of_Expensive_Computes_in_Azure.yaml	4
Detections/AzureActivity/AzDiagSettingsDeleted.yaml	67
Detections/AzureActivity/AADHybridHealthADFSSuspApp.yaml	4
Detections/AzureActivity/RareRunCommandPowerShellScript.yaml	80
Detections/AzureActivity/New-CloudShell-User.yaml	4
Detections/AzureActivity/RareOperations.yaml	4
Detections/AzureActivity/NewResourceGroupsDeployedTo.yaml	4
Detections/AzureActivity/Creation_of_Expensive_Computes_in_Azure.yaml	4
Detections/AzureActivity/AADHybridHealthADFSServiceDelete.yaml	4
Detections/AzureActivity/AADHybridHealthADFSNewServer.yaml	4
Detections/AzureActivity/TimeSeriesAnomaly_Mass_Cloud_Resource_Deletions.yaml	4
Detections/AzureActivity/Granting_Permissions_To_Account_detection.yaml	4
Detections/OfficeActivity/Malicious_Inbox_Rule.yaml	5
Detections/OfficeActivity/MultipleTeamsDeletes.yaml	5
Detections/OfficeActivity/ExternalUserAddedRemovedInTeams.yaml	5
Detections/OfficeActivity/SharePoint_Downloads_byNewIP.yaml	5
Detections/OfficeActivity/ForestBlizzardCredHarvesting.yaml	5
Detections/OfficeActivity/RareOfficeOperations.yaml	5
Detections/OfficeActivity/NRT_Office_MailForwarding.yaml	54
Detections/OfficeActivity/Office_MailForwarding.yaml	5
Detections/OfficeActivity/Mail_redirect_via_ExO_transport_rule.yaml	5
Detections/OfficeActivity/SharePoint_Downloads_byNewUserAgent.yaml	5
Detections/OfficeActivity/office_policytampering.yaml	5
Detections/OfficeActivity/Office_Uploaded_Executables.yaml	5
Detections/OfficeActivity/BEC_MailboxRule.yaml	5
Detections/OfficeActivity/External User added to Team and immediately uploads file.yaml	5
Detections/OfficeActivity/exchange_auditlogdisabled.yaml	5
Detections/OfficeActivity/NRT_Malicious_Inbox_Rule.yaml	32
Detections/OfficeActivity/MailItemsAccessedTimeSeries.yaml	5
Detections/SecurityAlert/DetectPIMAlertDisablingActivity.yaml	61
Detections/SecurityAlert/AVdetectionsrelatedtoUkrainebasedthreats.yaml	5
Detections/SecurityAlert/Massdownload_USBFileCopy.yaml	131
Detections/SecurityAlert/AVTarrask.yaml	5
Detections/SecurityAlert/EuropiumAVHits.yaml	60
Detections/SecurityAlert/HiveRansomwareAVHits.yaml	59
Detections/SecurityAlert/CoreBackupDeletionwithSecurityAlert.yaml	4
Detections/SecurityAlert/Solorigate-Defender-Detections.yaml	60
Detections/SecurityAlert/Suspicious_WorkSpaceDeletion_Attempt.yaml	90
Detections/SecurityAlert/AVSpringShell.yaml	5
Detections/SecurityAlert/AquaBlizzardAVHits.yaml	5
Detections/SecurityAlert/CorrelateIPC_Unfamiliar-Atypical.yaml	5
Detections/SecurityAlert/MDE_hitsforADFandAzureSynapsePipelines.yaml	61
Detections/SecurityAlert/Dev-0530AVHits.yaml	59
Detections/http_proxy_oab_CL/SilkTyphoonSuspiciousFileDownloads.yaml	46
Detections/http_proxy_oab_CL/ExchagngeSuspiciousFileDownloads.yaml	48
Detections/Anomalies/UnusualAnomaly.yaml	45
Detections/Anomalies/SignInAnomaly.yaml	63
Detections/AzureFirewall/SeveralDenyActionsRegistered.yaml	5
DataConnectors/GithubFunction/AzureFunctionGitHub/requirements.psd1	6
DataConnectors/GithubFunction/AzureFunctionGitHub/profile.ps1	19
DataConnectors/Fluentd-VMSS/plugin/out_remote_syslog-as.rb	132
DataConnectors/Fluentd-VMSS/plugin/parser_cef-as.rb	203
DataConnectors/Fluentd-VMSS/plugin/cef_version_0_keys.yaml	166
DataConnectors/S3-Lambda/S3toSentinel.ps1	227
DataConnectors/JumpCloud Single Sign On/AzureFunctionJumpCloud/requirements.psd1	8
DataConnectors/JumpCloud Single Sign On/AzureFunctionJumpCloud/JCQueueTrigger1/run.ps1	133
DataConnectors/JumpCloud Single Sign On/AzureFunctionJumpCloud/JCTimerTrigger/run.ps1	36
DataConnectors/JumpCloud Single Sign On/AzureFunctionJumpCloud/profile.ps1	18
DataConnectors/AzureStorage/LogDownloader.cs	77
DataConnectors/AzureStorage/GetAzureStorageLogsFunction.cs	327
DataConnectors/AWS-S3-AzureFunction/AzFun-AWS-S3-Ingestion/__init__.py	512
DataConnectors/O365 DataCSharp/Teams.CustomConnector.Models/AuditInitialReport.cs	17
DataConnectors/O365 DataCSharp/Teams.CustomConnector.Models/AuditDetailedReport.cs	49
DataConnectors/O365 DataCSharp/Teams.CustomConnector.Models/Errors.cs	12
DataConnectors/O365 DataCSharp/Teams.CustomConnector.Processor/Processor.cs	201
DataConnectors/O365 DataCSharp/Teams.CustomConnector.Serverless/EgressTeamsLogs.cs	102
DataConnectors/O365 DataCSharp/Teams.CustomConnector.Common/RetryWithExponentialBackoff.cs	38
DataConnectors/O365 DataCSharp/Teams.CustomConnector.Common/OperationDetails.cs	13
DataConnectors/O365 DataCSharp/Teams.CustomConnector.Common/KeyVaultHelper.cs	60
DataConnectors/O365 DataCSharp/Teams.CustomConnector.Common/ExponentialBackoff.cs	35
DataConnectors/O365 DataCSharp/Teams.CustomConnector.Common/Constants.cs	57
DataConnectors/O365 DataCSharp/Teams.CustomConnector.Sentinel/AzureLogAnalyticsConnector.cs	67
DataConnectors/O365 DataCSharp/Teams.CustomConnector.StorageHandler/StorageHandler.cs	113
DataConnectors/microsoft-sentinel-log-analytics-logstash-output-plugin/microsoft-sentinel-log-analytics-logstash-output-plugin.gemspec	19
DataConnectors/microsoft-sentinel-log-analytics-logstash-output-plugin/lib/logstash/outputs/microsoft-sentinel-log-analytics-logstash-output-plugin.rb	56
DataConnectors/microsoft-sentinel-log-analytics-logstash-output-plugin/lib/logstash/sentinel_la/logStashCompressedStream.rb	105
DataConnectors/microsoft-sentinel-log-analytics-logstash-output-plugin/lib/logstash/sentinel_la/version.rb	9
DataConnectors/microsoft-sentinel-log-analytics-logstash-output-plugin/lib/logstash/sentinel_la/logStashAutoResizeBuffer.rb	104
DataConnectors/microsoft-sentinel-log-analytics-logstash-output-plugin/lib/logstash/sentinel_la/logAnalyticsClient.rb	102
DataConnectors/microsoft-sentinel-log-analytics-logstash-output-plugin/lib/logstash/sentinel_la/customSizeBasedBuffer.rb	137
DataConnectors/microsoft-sentinel-log-analytics-logstash-output-plugin/lib/logstash/sentinel_la/eventsHandler.rb	43
DataConnectors/microsoft-sentinel-log-analytics-logstash-output-plugin/lib/logstash/sentinel_la/logstashLoganalyticsConfiguration.rb	193
DataConnectors/microsoft-sentinel-log-analytics-logstash-output-plugin/lib/logstash/sentinel_la/logsSender.rb	34
DataConnectors/microsoft-sentinel-log-analytics-logstash-output-plugin/lib/logstash/sentinel_la/logStashEventsBatcher.rb	115
DataConnectors/microsoft-sentinel-log-analytics-logstash-output-plugin/lib/logstash/sentinel_la/sampleFileCreator.rb	50
DataConnectors/microsoft-sentinel-log-analytics-logstash-output-plugin/lib/logstash/sentinel_la/logAnalyticsAadTokenProvider.rb	71
DataConnectors/O365 Data/O365APItoAS-Template/requirements.psd1	6
DataConnectors/O365 Data/O365APItoAS-Template/TimerTrigger/modules/Write-OMSLogfile.ps1	126
DataConnectors/O365 Data/O365APItoAS-Template/TimerTrigger/run.ps1	276
DataConnectors/O365 Data/O365APItoAS-Template/profile.ps1	18
DataConnectors/JSON-Import/dotnet_loganalytics_json_import/Program.cs	43
DataConnectors/M365Defender-VulnerabilityManagement/deploymentScript.ps1	22
DataConnectors/M365Defender-VulnerabilityManagement/maintenance/buildFiles.ps1	2
DataConnectors/M365Defender-VulnerabilityManagement/maintenance/deployLatestFunctionPackage.ps1	7
DataConnectors/M365Defender-VulnerabilityManagement/functionPackage/requirements.psd1	10
DataConnectors/M365Defender-VulnerabilityManagement/functionPackage/Modules/AzMon.Ingestion/AzMon.Ingestion.psm1	135
DataConnectors/M365Defender-VulnerabilityManagement/functionPackage/Modules/AzMon.Ingestion/AzMon.Ingestion.psd1	81
DataConnectors/M365Defender-VulnerabilityManagement/functionPackage/profile.ps1	19
DataConnectors/M365Defender-VulnerabilityManagement/functionPackage/GetMDVMData/run.ps1	243
DataConnectors/AWS-CloudTrail-Ingestion-Lambda/SNS-Lambda-Trigger/IngestCloudTrailEventsToSentinel.ps1	314
DataConnectors/AWS-CloudTrail-Ingestion-Lambda/SQS-Lambda-Trigger/IngestCloudTrailEventsToSentinel.ps1	315
DataConnectors/Qualys VM/AzureFunctionQualysVM/run.ps1	212
DataConnectors/GCP/Terraform/sentinel_resources_creation_gov/GCPCloudIDSLogSetup/GCPCloudIDSLogSetup.tf	86
DataConnectors/GCP/Terraform/sentinel_resources_creation_gov/GCPInitialAuthenticationSetupGov/GCPInitialAuthenticationSetupGov.tf	96
DataConnectors/GCP/Terraform/sentinel_resources_creation_gov/GCPAuditLogsSetup/GCPAuditLogsSetup.tf	74
DataConnectors/GCP/Terraform/sentinel_resources_creation_gov/GCPIAMCCPLogsSetup/GCPIAMLOGS.tf	82
DataConnectors/GCP/Terraform/sentinel_resources_creation_gov/GCPDNS_CCPLogsSetupGov/GCPDNSLogSetup.tf	82
DataConnectors/GCP/Terraform/sentinel_resources_creation_gov/GCPCDNLogsSetup/GCPCDNLogSetup.tf	86
DataConnectors/GCP/Terraform/sentinel_resources_creation/GCPCloudIDSLogSetup/GCPCloudIDSLogSetup.tf	86
DataConnectors/GCP/Terraform/sentinel_resources_creation/GCPDNS_CCPLogsSetup/GCPDNSLogSetup.tf	82
DataConnectors/GCP/Terraform/sentinel_resources_creation/GCPInitialAuthenticationSetup/GCPInitialAuthenticationSetup.tf	114
DataConnectors/GCP/Terraform/sentinel_resources_creation/GCPFirewallLogsSetup/GCPFirewallLogSetup.tf	82
DataConnectors/GCP/Terraform/sentinel_resources_creation/GCPAuditLogsSetup/GCPAuditLogsSetup.tf	78
DataConnectors/GCP/Terraform/sentinel_resources_creation/GCPIAMCCPLogsSetup/GCPIAMLOGS.tf	82
DataConnectors/GCP/Terraform/sentinel_resources_creation/GCPCDNLogsSetup/GCPCDNLogSetup.tf	86
DataConnectors/GCP/Terraform/sentinel_resources_creation/GCPVPCFlowLogsSetup/GCPVPCFlowLogSetup.tf	82
DataConnectors/Templates/Connector_REST_API_AzureFunctionApp_template/Template_REST_API_AzureFunction_App_Code/Template_REST_API_Function_App_PowerShell/requirements.psd1	7
DataConnectors/Templates/Connector_REST_API_AzureFunctionApp_template/Template_REST_API_AzureFunction_App_Code/Template_REST_API_Function_App_PowerShell/profile.ps1	18
DataConnectors/Templates/Connector_REST_API_AzureFunctionApp_template/Template_REST_API_AzureFunction_App_Code/Template_REST_API_Function_App_PowerShell/Template_REST_API_Function_App_PowerShell.ps1	119
DataConnectors/Templates/Connector_REST_API_AzureFunctionApp_template/Template_REST_API_AzureFunction_App_Code/Template_REST_API_Function_App_Python/Template_REST_API_Function_App_Python.py	57
DataConnectors/Templates/Connector_REST_API_AzureFunctionApp_template/Template_REST_API_AzureFunction_App_Code/Template_REST_API_Function_App_C#/Template_REST_API_Function_App_C#.cs	237
DataConnectors/CEF/cef_gather_info.py	95
DataConnectors/CEF/TimeGenerated.py	120
DataConnectors/CEF/cef_troubleshoot.py	653
DataConnectors/CEF/cef_installer.py	554
DataConnectors/microsoft-logstash-output-azure-loganalytics/spec/outputs/azure_loganalytics_spec.rb	65
DataConnectors/microsoft-logstash-output-azure-loganalytics/microsoft-logstash-output-azure-loganalytics.gemspec	18
DataConnectors/microsoft-logstash-output-azure-loganalytics/lib/logstash/logAnalyticsClient/logStashAutoResizeBuffer.rb	97
DataConnectors/microsoft-logstash-output-azure-loganalytics/lib/logstash/logAnalyticsClient/logAnalyticsClient.rb	48
DataConnectors/microsoft-logstash-output-azure-loganalytics/lib/logstash/logAnalyticsClient/logstashLoganalyticsConfiguration.rb	115
DataConnectors/microsoft-logstash-output-azure-loganalytics/lib/logstash/outputs/microsoft-logstash-output-azure-loganalytics.rb	68
DataConnectors/AWS-CloudTrail-AzureFunction/AzFunAWSCloudTrailLogsIngestion/__init__.py	378
DataConnectors/AWS-S3/CloudWatchPushBasedLambdaFunction.py	48
DataConnectors/AWS-S3/CloudWatchLambdaFunction.py	47
DataConnectors/AWS-S3/ConfigAwsConnector.ps1	70
DataConnectors/AWS-S3/Enviornment/EnviornmentConstants.ps1	20
DataConnectors/AWS-S3/Utils/AwsResourceCreator.ps1	268
DataConnectors/AWS-S3/Utils/AwsSentinelTag.ps1	15
DataConnectors/AWS-S3/Utils/AwsPoliciesUpdate.ps1	125
DataConnectors/AWS-S3/Utils/HelperFunctions.ps1	227
DataConnectors/AWS-S3/Utils/CommonAwsPolicies.ps1	224
DataConnectors/AWS-S3/ConfigGuardDutyDataConnector.ps1	270
DataConnectors/AWS-S3/ConfigCustomLogDataConnector.ps1	30
DataConnectors/AWS-S3/ConfigCloudTrailDataConnector.ps1	299
DataConnectors/AWS-S3/ConfigVpcFlowDataConnector.ps1	56
DataConnectors/AWS-S3/ConfigCloudWatchDataConnector.ps1	97
DataConnectors/AWS-S3/ConfigVpcFlowLogs.ps1	27
DataConnectors/AWS-S3/CloudWatchLambdaFunction_V2.py	85
DataConnectors/AWS-SecurityHubFindings/AzFunAWSSecurityHubIngestion/__init__.py	334
DataConnectors/Duo Security/requirements.psd1	6
DataConnectors/Duo Security/AzureFunctionDuoSecurity/run.ps1	250
DataConnectors/Duo Security/profile.ps1	19
DataConnectors/Syslog/Sentinel_AMA_troubleshoot.py	673
DataConnectors/Syslog/Forwarder_AMA_installer.py	248
DataConnectors/MCASActivityFunction/AzureFunctionMCASActivity/requirements.psd1	7
DataConnectors/MCASActivityFunction/AzureFunctionMCASActivity/MCASActivityTimerTrigger/run.ps1	304
DataConnectors/MCASActivityFunction/AzureFunctionMCASActivity/profile.ps1	19
DataConnectors/Zoom/requirements.psd1	6
DataConnectors/Zoom/profile.ps1	18
DataConnectors/Zoom/ZoomLogs/run.ps1	165
DataConnectors/DocuSign-SecurityEvents/Application_Consent.ps1	63
DataConnectors/DocuSign-SecurityEvents/AzureFunctionDocuSignMonitor/requirements.psd1	7
DataConnectors/DocuSign-SecurityEvents/AzureFunctionDocuSignMonitor/DocuSignMonitorTimerTrigger/run.ps1	381
DataConnectors/DocuSign-SecurityEvents/AzureFunctionDocuSignMonitor/profile.ps1	19
DataConnectors/Okta Single Sign-On/AzureFunctionOktaSSO_V2/requirements.psd1	8
DataConnectors/Okta Single Sign-On/AzureFunctionOktaSSO_V2/AzureFunctionOktaSSO/run.ps1	167
DataConnectors/Okta Single Sign-On/AzureFunctionOktaSSO_V2/profile.ps1	18
DataConnectors/Okta Single Sign-On/AzureFunctionOktaSSO/requirements.psd1	7
DataConnectors/Okta Single Sign-On/AzureFunctionOktaSSO/AzureFunctionOktaSSO/run.ps1	86
DataConnectors/Okta Single Sign-On/AzureFunctionOktaSSO/profile.ps1	18
DataConnectors/OneLogin/requirements.psd1	6
DataConnectors/OneLogin/profile.ps1	18
DataConnectors/OneLogin/OneLogin/run.ps1	54
DataConnectors/AADUserInfo/requirements.psd1	7
DataConnectors/AADUserInfo/profile.ps1	19
DataConnectors/AADUserInfo/AADUserInfo/run.ps1	78
ASIM/dev/ASimTester/Validate-ASimCsv/Validate-ASimCsv.ps1	47
ASIM/dev/ASimTester/filteringTest/ASimFilteringTest.py	484
ASIM/dev/Delete-SentinelFunction/Delete-SentinelFunction.ps1	92
ASIM/dev/Parser YAML templates/vimAuditEventTemplate.yaml	77
ASIM/dev/Parser YAML templates/vimUserManagementTemplate.yaml	62
ASIM/dev/Parser YAML templates/ASimUserManagementTemplate.yaml	30
ASIM/dev/Parser YAML templates/ASimAuthenticationTemplate.yaml	30
ASIM/dev/Parser YAML templates/ASimDnsTemplate.yaml	30
ASIM/dev/Parser YAML templates/vimRegistryEventTemplate.yaml	72
ASIM/dev/Parser YAML templates/vimDhcpEventTemplate.yaml	62
ASIM/dev/Parser YAML templates/ASimAuditEventTemplate.yaml	30
ASIM/dev/Parser YAML templates/vimAlertEventTemplate.yaml	82
ASIM/dev/Parser YAML templates/ASimAlertEventTemplate.yaml	30
ASIM/dev/Parser YAML templates/vimProcessEventTemplate.yaml	97
ASIM/dev/Parser YAML templates/vimAuthenticationTemplate.yaml	95
ASIM/dev/Parser YAML templates/ASimFileEventTemplate.yaml	30
ASIM/dev/Parser YAML templates/ASimDhcpEventTemplate.yaml	30
ASIM/dev/Parser YAML templates/vimDnsTemplate.yaml	72
ASIM/dev/Parser YAML templates/ASimNetworkSessionTemplate.yaml	30
ASIM/dev/Parser YAML templates/ASimWebSessionTemplate.yaml	30
ASIM/dev/Parser YAML templates/ASimRegistryEventTemplate.yaml	30
ASIM/dev/Parser YAML templates/vimFileEventTemplate.yaml	77
ASIM/dev/Parser YAML templates/vimNetworkSessionTemplate.yaml	77
ASIM/dev/Parser YAML templates/ASimProcessEventTemplate.yaml	30
ASIM/dev/Parser YAML templates/vimWebSessionTemplate.yaml	72
ASIM/dev/ASimYaml2ARM/KqlFuncYaml2Arm.py	219
ASIM/lib/functions/ASIM_LookupHTTPStatusCode.yaml	228
ASIM/lib/functions/ASIM_GetUserType.yaml	45
ASIM/lib/functions/ASIM_ResolveDvcFQDN.yaml	26
ASIM/lib/functions/ASIM_LookupDnsQueryType.yaml	117
ASIM/lib/functions/ASIM_LookupDnsResponseCode.yaml	50
ASIM/lib/functions/ASIM_ResolveDstFQDN.yaml	26
ASIM/lib/functions/ASIM_Enrich_IdentityInfo.yaml	100
ASIM/lib/functions/ASIM_FillNull.yaml	26
ASIM/lib/functions/ASIM_GetWindowsUserType.yaml	45
ASIM/lib/functions/ASIM_GetSourceBySourceType.yaml	25
ASIM/lib/functions/ASIM_LookupICMPType.yaml	75
ASIM/lib/functions/ASIM_ResolveSrcFQDN.yaml	26
ASIM/lib/functions/ASIM_LookupAADcodes.yaml	57
ASIM/lib/functions/ASIM_IdentityInfo.yaml	57
ASIM/lib/functions/ASIM_ResolveNetworkProtocol.yaml	179
ASIM/lib/functions/ASIM_GetUsernameType.yaml	27
ASIM/lib/functions/ASIM_GetDisabledParsers.yaml	22
ASIM/lib/functions/ASIM_GetWatchlistsRaw.yaml	30
ASIM/lib/functions/ASIM_ResolveFQDN.yaml	39
ASIM/lib/functions/ASIM_ResolveICMPType.yaml	78
ASIM/lib/functions/ASIM_ResolveDnsResponseCode.yaml	53
ASIM/lib/functions/ASIM_LookupNetworkProtocol.yaml	176
ASIM/lib/functions/ASIM_ResolveDnsQueryType.yaml	120
ASIM/lib/functions/ASIM_GetWatchlistRaw.yaml	30
ASIM/schemas/ASimNotification.yaml	74
ASIM/schemas/ASimAuditEvent.yaml	118
ASIM/schemas/ASimDns.yaml	256
ASIM/schemas/common/ASimEnumerations.yaml	112
ASIM/schemas/common/ASimEventFields.yaml	120
ASIM/schemas/common/ASimInspectionFields.yaml	62
ASIM/schemas/ASimFileEvent.yaml	232
ASIM/schemas/ASimDHCPEvent.yaml	110
ASIM/schemas/entities/ASimSystem.yaml	107
ASIM/schemas/entities/ASimProcess.yaml	10
ASIM/schemas/entities/ASimDvc.yaml	91
ASIM/schemas/entities/ASimGroup.yaml	33
ASIM/schemas/entities/ASimExtendedProcess.yaml	10
ASIM/schemas/entities/ASimUser.yaml	29
ASIM/schemas/entities/ASimActor.yaml	33
ASIM/schemas/entities/ASimApp.yaml	31
ASIM/schemas/ASimAuthentication.yaml	106
ASIM/schemas/ASimProcessEvent.yaml	63
ASIM/schemas/ASimUserManagement.yaml	95
ASIM/schemas/ASimRegistryEvent.yaml	88
Hunting Queries/ProofpointPOD/ProofpointPODHighScorePhishValue.yaml	3
Hunting Queries/ProofpointPOD/ProofpointPODRecipientsHighNumberDiscardReject.yaml	3
Hunting Queries/ProofpointPOD/ProofpointPODHighScoreMalwareValue.yaml	3
Hunting Queries/ProofpointPOD/ProofpointPODHighScoreSuspectValue.yaml	3
Hunting Queries/ProofpointPOD/ProofpointPODHighScoreAdultValue.yaml	3
Hunting Queries/ProofpointPOD/ProofpointPODSendersLargeNumberOfCorruptedEmails.yaml	3
Hunting Queries/ProofpointPOD/ProofpointPODLargeOutboundEmails.yaml	3
Hunting Queries/ProofpointPOD/ProofpointPODRecipientsLargeNumberOfCorruptedEmails.yaml	3
Hunting Queries/ProofpointPOD/ProofpointPODHighScoreSpamValue.yaml	3
Hunting Queries/ProofpointPOD/ProofpointPODSuspiciousFileTypesInAttachments.yaml	3
Hunting Queries/MultipleDataSources/NetworkConnectiontoOMIPorts.yaml	4
Hunting Queries/MultipleDataSources/AzureRunCommandMDELinked.yaml	70
Hunting Queries/MultipleDataSources/NylonTyphoonRegIOCPatterns.yaml	4
Hunting Queries/MultipleDataSources/FireEyeRedTeamComms.yaml	99
Hunting Queries/MultipleDataSources/AADPrivilegedAccountsFailedMFA.yaml	52
Hunting Queries/MultipleDataSources/PrivilegedAccountPasswordChanges.yaml	34
Hunting Queries/MultipleDataSources/HighRiskSignInAroundAuthMethodOrDeviceRegistration.yaml	61
Hunting Queries/MultipleDataSources/UseragentExploitPentest.yaml	4
Hunting Queries/MultipleDataSources/PrivilegedAccountsLockedOut.yaml	36
Hunting Queries/MultipleDataSources/LogonwithExpiredAccount.yaml	78
Hunting Queries/MultipleDataSources/AzureResourceAssignedPublicIP.yaml	4
Hunting Queries/MultipleDataSources/ReconActivitywithInteractiveLogonCorrelation.yaml	46
Hunting Queries/MultipleDataSources/RareDomainsInCloudLogs.yaml	107
Hunting Queries/MultipleDataSources/FailedSigninsWithAuditDetails.yaml	83
Hunting Queries/MultipleDataSources/DormantUserUpdateMFAandLogsIn-UEBA.yaml	48
Hunting Queries/MultipleDataSources/BackupDeletion.yaml	4
Hunting Queries/MultipleDataSources/FirewallRuleChanges_using_netsh.yaml	145
Hunting Queries/MultipleDataSources/StorageAlertCorrelationwithCommonSecurityLogsandAuditLogs.yaml	61
Hunting Queries/MultipleDataSources/StorageAlertCorrelationwithCommonSecurityLogsandStorageLogs.yaml	50
Hunting Queries/MultipleDataSources/DormantUserUpdateMFAandLogsIn.yaml	48
Hunting Queries/MultipleDataSources/NonCompliantSigninwithBulkDownload.yaml	48
Hunting Queries/MultipleDataSources/PotentialMicrosoftSecurityServicesTampering.yaml	4
Hunting Queries/MultipleDataSources/RareDNSLookupWithDataTransfer.yaml	113
Hunting Queries/MultipleDataSources/ForestBlizzard_IOC_RetroHunt.yaml	4
Hunting Queries/MultipleDataSources/Dev-0322CommandLineActivityNovember2021(ASIMVersion).yaml	4
Hunting Queries/MultipleDataSources/ApplicationGrantedEWSPermissions.yaml	4
Hunting Queries/MultipleDataSources/PossibleCommandInjectionagainstAzureIR.yaml	89
Hunting Queries/MultipleDataSources/SQLAlertCorrelationwithCommonSecurityLogsandAuditLogs.yaml	56
Hunting Queries/MultipleDataSources/UnfamiliarsignincorrelationwithPortalSigninandAuditlogs.yaml	60
Hunting Queries/MultipleDataSources/PersistViaIFEORegistryKey.yaml	4
Hunting Queries/MultipleDataSources/Dev-0322FileDropActivityNovember2021.yaml	4
Hunting Queries/MultipleDataSources/TrackingPasswordChanges.yaml	87
Hunting Queries/MultipleDataSources/NetworkConnectionldap_log4j.yaml	4
Hunting Queries/MultipleDataSources/AzureResourceCreationWithNetworkActivity.yaml	115
Hunting Queries/MultipleDataSources/SuspiciousActivitiesRelatedToConfidentialDocuments.yaml	45
Hunting Queries/MultipleDataSources/UserGrantedAccess_CreatesResources.yaml	87
Hunting Queries/MultipleDataSources/PermutationsOnLogonNames.yaml	124
Hunting Queries/MultipleDataSources/StorageAccountKeyEnumerationWithSigninandAuditlogs.yaml	58
Hunting Queries/MultipleDataSources/TrackingPrivAccounts.yaml	187
Hunting Queries/MultipleDataSources/Dev-0056CommandLineActivityNovember2021.yaml	4
Hunting Queries/MultipleDataSources/UnicodeObfuscationInCommandLine.yaml	4
Hunting Queries/MultipleDataSources/MailForwardingActivityFromNewLocation.yaml	75
Hunting Queries/MultipleDataSources/ExchangeServersAssociatedSecurityAlerts.yaml	36
Hunting Queries/MultipleDataSources/CriticalOperationsWithSystemrestore.yaml	103
Hunting Queries/MultipleDataSources/DownloadofNewFileUsingCurl.yaml	57
Hunting Queries/MultipleDataSources/PotentialSSHTunneltoAADConnectHost.yaml	34
Hunting Queries/MultipleDataSources/Dev-0322CommandLineActivityNovember2021.yaml	4
Hunting Queries/MultipleDataSources/CobaltDNSBeacon.yaml	4
Hunting Queries/MultipleDataSources/NylonTyphoonCommandLineActivity-Nov2021.yaml	4
Hunting Queries/MultipleDataSources/AnomolousSignInsBasedonTime.yaml	43
Hunting Queries/MultipleDataSources/Dev-0322FileDropActivityNovember2021(ASIMVersion).yaml	4
Hunting Queries/MultipleDataSources/SolarWindsInventory.yaml	4
Hunting Queries/MultipleDataSources/DormantServicePrincipalUpdateCredsandLogsIn.yaml	39
Hunting Queries/AzureStorage/AzureStorageFileOnEndpoint.yaml	24
Hunting Queries/AzureStorage/AzureStorageFileCreateAccessDelete.yaml	66
Hunting Queries/AzureStorage/AzureStorageUploadLinkAccount.yaml	44
Hunting Queries/AzureStorage/AzureStorageUploadFromVPS.yaml	32
Hunting Queries/AzureStorage/AzureStorageMassDeletion.yaml	31
Hunting Queries/AzureStorage/AzureStorageFileCreatedQuicklyDeleted.yaml	39
Hunting Queries/AzureDiagnostics/WAF_log4j_vulnerability.yaml	4
Hunting Queries/AzureDiagnostics/SpringShellExploitationAttempt.yaml	50
Hunting Queries/AzureDiagnostics/SpringshellWebshellUsage.yaml	4
Hunting Queries/AzureDiagnostics/CriticalPortsOpened.yaml	52
Hunting Queries/AzureDiagnostics/AzureKeyVaultAccessManipulation.yaml	4
Hunting Queries/SecurityEvent/UserCreatedByUnauthorizedUser.yaml	4
Hunting Queries/SecurityEvent/Invoke-PowerShellTcpOneLine.yaml	4
Hunting Queries/SecurityEvent/PotentialImpacketExecution.yaml	4
Hunting Queries/SecurityEvent/FileExecutionWithOneCharacterInTheName.yaml	4
Hunting Queries/SecurityEvent/Discorddownloadinvokedfromcmdline.yaml	4
Hunting Queries/SecurityEvent/masquerading_files.yaml	4
Hunting Queries/SecurityEvent/hunt_LOLBins.yaml	37
Hunting Queries/SecurityEvent/RareProcess_forWinHost.yaml	4
Hunting Queries/SecurityEvent/UserAdd_RemToGroupByUnauthorizedUser.yaml	4
Hunting Queries/SecurityEvent/ExternalIPaddressinCommandLine.yaml	46
Hunting Queries/SecurityEvent/RemoteScheduledTaskCreationUpdateviaSchtasks.yaml	19
Hunting Queries/SecurityEvent/Least_Common_Parent_Child_Process.yaml	4
Hunting Queries/SecurityEvent/MultipleExplicitCredentialUsage4648Events.yaml	4
Hunting Queries/SecurityEvent/RareProcbyServiceAccount.yaml	4
Hunting Queries/SecurityEvent/Suspicious_Windows_Login_outside_normal_hours.yaml	4
Hunting Queries/SecurityEvent/SignedBinaryProxyExecutionRundll32.yaml	4
Hunting Queries/SecurityEvent/Least_Common_Process_Command_Lines.yaml	4
Hunting Queries/SecurityEvent/PotentialProcessDoppelganging.yaml	34
Hunting Queries/SecurityEvent/UserAccountAddedToPrivlegeGroup.yaml	4
Hunting Queries/SecurityEvent/ADAccountLockouts.yaml	17
Hunting Queries/SecurityEvent/ServiceInstallationFromUsersWritableDirectory.yaml	4
Hunting Queries/SecurityEvent/GroupAddedToPrivlegeGroup.yaml	4
Hunting Queries/SecurityEvent/DecoyUserAccountAuthenticationAttempt.yaml	4
Hunting Queries/SecurityEvent/powershell_downloads.yaml	4
Hunting Queries/SecurityEvent/NewChildProcessOfW3WP.yaml	4
Hunting Queries/SecurityEvent/HostExportingMailboxAndRemovingExport.yaml	4
Hunting Queries/SecurityEvent/powershell_newencodedscipts.yaml	4
Hunting Queries/SecurityEvent/FailedUserLogons.yaml	4
Hunting Queries/SecurityEvent/FakeComputerAccountAuthenticationAttempt.yaml	18
Hunting Queries/SecurityEvent/PowerCatDownload.yaml	4
Hunting Queries/SecurityEvent/Crashdumpdisabledonhost.yaml	4
Hunting Queries/SecurityEvent/ADFSDBLocalSqlStatements.yaml	36
Hunting Queries/SecurityEvent/ProcessEntropy.yaml	4
Hunting Queries/SecurityEvent/persistence_create_account.yaml	4
Hunting Queries/SecurityEvent/CustomUserList_FailedLogons.yaml	4
Hunting Queries/SecurityEvent/LargeScaleMalwareDeploymentGPOScheduledTask.yaml	19
Hunting Queries/SecurityEvent/RIDHijacking.yaml	19
Hunting Queries/SecurityEvent/uncommon_processes.yaml	4
Hunting Queries/SecurityEvent/MSRPRN_Printer_Bug_Exploitation.yaml	4
Hunting Queries/SecurityEvent/PotentialLocalExploitationForPrivilegeEscalation.yaml	19
Hunting Queries/SecurityEvent/WindowsSystemShutdown-Reboot.yaml	35
Hunting Queries/SecurityEvent/UsersOpenReadDeviceIdentityKey.yaml	42
Hunting Queries/SecurityEvent/ExchangePowerShellSnapin.yaml	4
Hunting Queries/SecurityEvent/CommandsexecutedbyWMIonnewhosts-potentialImpacket.yaml	4
Hunting Queries/SecurityEvent/UserAccountCreatedDeleted.yaml	4
Hunting Queries/SecurityEvent/VIPAccountFailedLogons.yaml	4
Hunting Queries/SecurityEvent/cscript_summary.yaml	4
Hunting Queries/SecurityEvent/RemoteLoginPerformedwithWMI.yaml	4
Hunting Queries/SecurityEvent/RemoteScheduledTaskCreationUpdateUsingATSVCNamedPipe.yaml	4
Hunting Queries/SecurityEvent/new_processes.yaml	4
Hunting Queries/SecurityEvent/ScheduledTaskCreationUpdateFromUserWritableDrectory.yaml	4
Hunting Queries/SecurityEvent/RareProcessPath.yaml	4
Hunting Queries/SecurityEvent/Least_Common_Process_With_Depth.yaml	4
Hunting Queries/SecurityEvent/SuspectedLSASSDump.yaml	4
Hunting Queries/SecurityEvent/RareProcessWithCmdLine.yaml	4
Hunting Queries/SecurityEvent/NishangReverseTCPShellBase64.yaml	4
Hunting Queries/SecurityEvent/WindowsSystemTimeChange.yaml	4
Hunting Queries/SecurityEvent/User Logons By Logon Type.yaml	4
Hunting Queries/SecurityEvent/enumeration_user_and_group.yaml	4
Hunting Queries/SecurityEvent/HostsWithNewLogons.yaml	4
Hunting Queries/SecurityEvent/Suspicious_enumeration_using_adfind.yaml	4
Hunting Queries/SecurityEvent/Certutil-LOLBins.yaml	4
Hunting Queries/Microsoft 365 Defender/TVM/Microsoft Defender Anti virus Engine details.yaml	23
Hunting Queries/Microsoft 365 Defender/TVM/Microsoft Defender Anti virus Platform details.yaml	23
Hunting Queries/Microsoft 365 Defender/TVM/Detect_CISA_Alert_AA22-117A2021_Top_Routinely_Exploited_Vulnerabilities.yaml	56
Hunting Queries/Microsoft 365 Defender/TVM/Microsoft Defender AV mode device count.yaml	11
Hunting Queries/Microsoft 365 Defender/TVM/devices_with_vuln_and_users_received_payload.yaml	36
Hunting Queries/Microsoft 365 Defender/TVM/Microsoft Defender AV details.yaml	39
Hunting Queries/Microsoft 365 Defender/TVM/Microsoft Defender Anti virus Security Intelligence details.yaml	24
Hunting Queries/Microsoft 365 Defender/TVM/devices_with_vuln_and_users_received_payload (1).yaml	25
Hunting Queries/Microsoft 365 Defender/Initial access/SuspiciousUrlClicked.yaml	18
Hunting Queries/Microsoft 365 Defender/Initial access/identify-potential-missed-phishing-email-campaigns.yaml	17
Hunting Queries/Microsoft 365 Defender/Initial access/detect-bluekeep-exploitation-attempts.yaml	25
Hunting Queries/Microsoft 365 Defender/Initial access/detect-mailsniper.yaml	57
Hunting Queries/Microsoft 365 Defender/Initial access/Non_intended_user_logon.yaml	28
Hunting Queries/Microsoft 365 Defender/Initial access/ActiveDirectory_Account_lockout_and_unlocks.yaml	25
Hunting Queries/Microsoft 365 Defender/Initial access/Check for Maalware Baazar (abuse.ch) hashes in your mail flow.yaml	22
Hunting Queries/Microsoft 365 Defender/Initial access/User navigation to redirected URL.yaml	48
Hunting Queries/Microsoft 365 Defender/Initial access/files-from-malicious-sender.yaml	20
Hunting Queries/Microsoft 365 Defender/Initial access/PhishingEmailUrlRedirector.yaml	5
Hunting Queries/Microsoft 365 Defender/Initial access/jar-attachments.yaml	20
Hunting Queries/Microsoft 365 Defender/Persistence/scheduled task creation.yaml	13
Hunting Queries/Microsoft 365 Defender/Persistence/Possible webshell drop.yaml	4
Hunting Queries/Microsoft 365 Defender/Persistence/Create account (1).yaml	21
Hunting Queries/Microsoft 365 Defender/Persistence/riskySignInToNewMFAMethod.yaml	34
Hunting Queries/Microsoft 365 Defender/Persistence/rare_sch_task_launch.yaml	45
Hunting Queries/Microsoft 365 Defender/Persistence/multipleAADAdminsRemovals.yaml	29
Hunting Queries/Microsoft 365 Defender/Persistence/LocalAdminGroupChanges.yaml	46
Hunting Queries/Microsoft 365 Defender/Persistence/detect-prifou-pua.yaml	27
Hunting Queries/Microsoft 365 Defender/Persistence/localAdminAccountLogon.yaml	13
Hunting Queries/Microsoft 365 Defender/Persistence/detect-impacket-wmipersist.yaml	23
Hunting Queries/Microsoft 365 Defender/Persistence/AddedCredentialFromContryXAndSigninFromCountryY.yaml	5
Hunting Queries/Microsoft 365 Defender/Persistence/qakbot-campaign-registry-edit.yaml	21
Hunting Queries/Microsoft 365 Defender/Persistence/Create account.yaml	30
Hunting Queries/Microsoft 365 Defender/Persistence/wadhrama-ransomware.yaml	38
Hunting Queries/Microsoft 365 Defender/Persistence/NewAppOrServicePrincipalCredential[Nobelium].yaml	48
Hunting Queries/Microsoft 365 Defender/Persistence/sch_task_creation.yaml	45
Hunting Queries/Microsoft 365 Defender/Persistence/CredentialsAddAfterAdminConsentedToApp[Nobelium].yaml	36
Hunting Queries/Microsoft 365 Defender/Persistence/Rare-process-as-a-service.yaml	60
Hunting Queries/Microsoft 365 Defender/Persistence/riskySignInToDeviceRegistration.yaml	37
Hunting Queries/Microsoft 365 Defender/Persistence/rare_sch_task_with_activity.yaml	28
Hunting Queries/Microsoft 365 Defender/Persistence/Accessibility Features.yaml	46
Hunting Queries/Microsoft 365 Defender/Protection events/AV Detections with Source.yaml	25
Hunting Queries/Microsoft 365 Defender/Protection events/ExploitGuardNetworkProtectionEvents.yaml	15
Hunting Queries/Microsoft 365 Defender/Protection events/ExploitGuardStats (1).yaml	13
Hunting Queries/Microsoft 365 Defender/Protection events/Antivirus detections.yaml	19
Hunting Queries/Microsoft 365 Defender/Protection events/ExploitGuardBlockOfficeChildProcess.yaml	21
Hunting Queries/Microsoft 365 Defender/Protection events/ExploitGuardBlockOfficeChildProcess (1).yaml	29
Hunting Queries/Microsoft 365 Defender/Protection events/ExploitGuardBlockOfficeChildProcess (3).yaml	29
Hunting Queries/Microsoft 365 Defender/Protection events/ExploitGuardBlockOfficeChildProcess (2).yaml	29
Hunting Queries/Microsoft 365 Defender/Protection events/ExploitGuardASRStats (1).yaml	14
Hunting Queries/Microsoft 365 Defender/Protection events/PUA ThreatName per Computer.yaml	16
Hunting Queries/Microsoft 365 Defender/Protection events/SmartScreen URL block ignored by user.yaml	38
Hunting Queries/Microsoft 365 Defender/Protection events/ExploitGuardControlledFolderAccess.yaml	13
Hunting Queries/Microsoft 365 Defender/Protection events/ExploitGuardASRStats (2).yaml	13
Hunting Queries/Microsoft 365 Defender/Protection events/Antivirus detections (1).yaml	24
Hunting Queries/Microsoft 365 Defender/Protection events/SmartScreen app block ignored by user.yaml	34
Hunting Queries/Microsoft 365 Defender/Protection events/ExploitGuardStats.yaml	13
Hunting Queries/Microsoft 365 Defender/Protection events/ExploitGuardControlledFolderAccess (2).yaml	17
Hunting Queries/Microsoft 365 Defender/Protection events/AV Detections with USB Disk Drive.yaml	28
Hunting Queries/Microsoft 365 Defender/Protection events/Windows filtering events (Firewall).yaml	16
Hunting Queries/Microsoft 365 Defender/Protection events/ExploitGuardAsrDescriptions.yaml	55
Hunting Queries/Microsoft 365 Defender/Protection events/ExploitGuardASRStats.yaml	13
Hunting Queries/Microsoft 365 Defender/Protection events/ExploitGuardControlledFolderAccess (1).yaml	14
Hunting Queries/Microsoft 365 Defender/Discovery/qakbot-campaign-outlook.yaml	19
Hunting Queries/Microsoft 365 Defender/Discovery/MultipleSensitiveLdaps.yaml	36
Hunting Queries/Microsoft 365 Defender/Discovery/MDI_Find_deleted_accounts_and_by_whom.yaml	27
Hunting Queries/Microsoft 365 Defender/Discovery/MDI_Group_Memebership_Changes.yaml	45
Hunting Queries/Microsoft 365 Defender/Discovery/Enumeration of users & groups for lateral movement.yaml	16
Hunting Queries/Microsoft 365 Defender/Discovery/SMB shares discovery.yaml	17
Hunting Queries/Microsoft 365 Defender/Discovery/detect-nbtscan-activity.yaml	5
Hunting Queries/Microsoft 365 Defender/Discovery/Roasting.yaml	39
Hunting Queries/Microsoft 365 Defender/Discovery/PasswordSearch.yaml	20
Hunting Queries/Microsoft 365 Defender/Discovery/SensitiveLdaps.yaml	15
Hunting Queries/Microsoft 365 Defender/Discovery/Discover hosts doing possible network scans.yaml	17
Hunting Queries/Microsoft 365 Defender/Discovery/DetectTorrentUse.yaml	13
Hunting Queries/Microsoft 365 Defender/Discovery/VulnComputers.yaml	19
Hunting Queries/Microsoft 365 Defender/Discovery/DetectTorRelayConnectivity.yaml	24
Hunting Queries/Microsoft 365 Defender/Discovery/qakbot-campaign-esentutl.yaml	6
Hunting Queries/Microsoft 365 Defender/Discovery/SuspiciousEnumerationUsingAdfind[Nobelium].yaml	34
Hunting Queries/Microsoft 365 Defender/Discovery/URL Detection.yaml	12
Hunting Queries/Microsoft 365 Defender/Discovery/ConnectedNetworkDeviceDiscovery.yaml	17
Hunting Queries/Microsoft 365 Defender/Discovery/MultipleLdaps.yaml	18
Hunting Queries/Microsoft 365 Defender/Discovery/doppelpaymer.yaml	28
Hunting Queries/Microsoft 365 Defender/Discovery/detect-suspicious-commands-initiated-by-web-server-processes.yaml	33
Hunting Queries/Microsoft 365 Defender/Discovery/Detect-Not-Active-AD-User-Accounts.yaml	15
Hunting Queries/Microsoft 365 Defender/Device Inventory/Find Software By Name and Version.yaml	21
Hunting Queries/Microsoft 365 Defender/Device Inventory/Devices In Subnet - IPAddressV6.yaml	18
Hunting Queries/Microsoft 365 Defender/Device Inventory/Devices By Specific DeviceType and DeviceSubtype.yaml	17
Hunting Queries/Microsoft 365 Defender/Device Inventory/Anomalous Device Models.yaml	17
Hunting Queries/Microsoft 365 Defender/Device Inventory/Seen Connected Networks.yaml	17
Hunting Queries/Microsoft 365 Defender/Device Inventory/Commonality of Operating Systems.yaml	16
Hunting Queries/Microsoft 365 Defender/Device Inventory/NotOnboarded Devices by DeviceName Suffix.yaml	18
Hunting Queries/Microsoft 365 Defender/Device Inventory/NotOnboarded Devices by DeviceName Prefix.yaml	18
Hunting Queries/Microsoft 365 Defender/Device Inventory/Devices In Subnet - IPAddressV4.yaml	18
Hunting Queries/Microsoft 365 Defender/Device Inventory/Seen IPv4 Network Subnets.yaml	18
Hunting Queries/Microsoft 365 Defender/Device Inventory/Seen IPv6 Network Subnets.yaml	18
Hunting Queries/Microsoft 365 Defender/Device Inventory/Count and Percentage of DeviceType.yaml	21
Hunting Queries/Microsoft 365 Defender/Device Inventory/Most Common Services.yaml	18
Hunting Queries/Microsoft 365 Defender/Device Inventory/Can Be Onboarded Devices.yaml	18
Hunting Queries/Microsoft 365 Defender/Network/Defender for Endpoint Telemetry.yaml	24
Hunting Queries/Microsoft 365 Defender/Execution/reverse-shell-nishang.yaml	23
Hunting Queries/Microsoft 365 Defender/Execution/detect-impacket-dcomexec.yaml	42
Hunting Queries/Microsoft 365 Defender/Execution/detect-malicious-use-of-msiexec-msiexec.yaml	23
Hunting Queries/Microsoft 365 Defender/Execution/PowershellCommand footprint.yaml	19
Hunting Queries/Microsoft 365 Defender/Execution/qakbot-campaign-suspicious-javascript.yaml	21
Hunting Queries/Microsoft 365 Defender/Execution/Detect Encoded Powershell.yaml	14
Hunting Queries/Microsoft 365 Defender/Execution/umworkerprocess-unusual-subprocess-activity.yaml	23
Hunting Queries/Microsoft 365 Defender/Execution/Base64 Detector and Decoder.yaml	18
Hunting Queries/Microsoft 365 Defender/Execution/detect-malicious-rar-extraction.yaml	7
Hunting Queries/Microsoft 365 Defender/Execution/detect-malicious-use-of-msiexec-mimikatz.yaml	23
Hunting Queries/Microsoft 365 Defender/Execution/File Copy and Execution.yaml	32
Hunting Queries/Microsoft 365 Defender/Execution/reverse-shell-nishang-base64.yaml	28
Hunting Queries/Microsoft 365 Defender/Execution/launch-questd-w-osascript.yaml	20
Hunting Queries/Microsoft 365 Defender/Execution/Base64encodePEFile.yaml	14
Hunting Queries/Microsoft 365 Defender/Execution/locate-shlayer-payload-decryption-activity.yaml	5
Hunting Queries/Microsoft 365 Defender/Execution/powershell-activity-after-email-from-malicious-sender.yaml	24
Hunting Queries/Microsoft 365 Defender/Execution/Webserver Executing Suspicious Applications.yaml	18
Hunting Queries/Microsoft 365 Defender/Execution/Detect PowerShell v2 Downgrade.yaml	18
Hunting Queries/Microsoft 365 Defender/Execution/detect-office-apps-spawn-msdt-CVE-2022-30190.yaml	23
Hunting Queries/Microsoft 365 Defender/Execution/Malware_In_recyclebin.yaml	16
Hunting Queries/Microsoft 365 Defender/Execution/Possible Ransomware Related Destruction Activity.yaml	30
Hunting Queries/Microsoft 365 Defender/Execution/detect-bluekeep-related-mining.yaml	27
Hunting Queries/Microsoft 365 Defender/Execution/office-apps-launching-wscipt.yaml	21
Hunting Queries/Microsoft 365 Defender/Execution/detect-doublepulsar-execution.yaml	24
Hunting Queries/Microsoft 365 Defender/Execution/detect-impacket-psexec-module.yaml	50
Hunting Queries/Microsoft 365 Defender/Execution/powershell-version-2.0-execution.yaml	17
Hunting Queries/Microsoft 365 Defender/Execution/locate-shlayer-payload-decrytion-activity.yaml	5
Hunting Queries/Microsoft 365 Defender/Execution/python-based-attacks-on-macos.yaml	18
Hunting Queries/Microsoft 365 Defender/Execution/detect-impacket-atexec.yaml	36
Hunting Queries/Microsoft 365 Defender/Execution/detect-web-server-exploit-doublepulsar.yaml	72
Hunting Queries/Microsoft 365 Defender/Execution/sql-server-abuse.yaml	114
Hunting Queries/Microsoft 365 Defender/Execution/detect-exploitation-of-cve-2018-8653.yaml	25
Hunting Queries/Microsoft 365 Defender/Execution/locate-surfbuyer-downloader-decoding-activity.yaml	18
Hunting Queries/Microsoft 365 Defender/Execution/PowershellCommand - uncommon commands on machine.yaml	23
Hunting Queries/Microsoft 365 Defender/Execution/Masquerading system executable.yaml	23
Hunting Queries/Microsoft 365 Defender/Execution/detect-potential-kerberoast-activities.yaml	31
Hunting Queries/Microsoft 365 Defender/Execution/ExecuteBase64DecodedPayload.yaml	21
Hunting Queries/Microsoft 365 Defender/Execution/jse-launched-by-word.yaml	23
Hunting Queries/Microsoft 365 Defender/Execution/PowerShell downloads.yaml	22
Hunting Queries/Microsoft 365 Defender/Execution/check-for-shadowhammer-activity-implant.yaml	27
Hunting Queries/Microsoft 365 Defender/Execution/detect-impacket-wmiexec.yaml	45
Hunting Queries/Microsoft 365 Defender/Execution/umworkerprocess-creating-webshell.yaml	4
Hunting Queries/Microsoft 365 Defender/Execution/Bitsadmin Activity.yaml	39
Hunting Queries/Microsoft 365 Defender/Execution/detect-malicious-use-of-msiexec-powershell.yaml	22
Hunting Queries/Microsoft 365 Defender/Execution/detect-office-products-spawning-wmic.yaml	20
Hunting Queries/Microsoft 365 Defender/Execution/anomalous-payload-delivered-from-iso-file.yaml	34
Hunting Queries/Microsoft 365 Defender/Execution/exchange-iis-worker-dropping-webshell.yaml	4
Hunting Queries/Microsoft 365 Defender/Execution/detect-anomalous-process-trees.yaml	93
Hunting Queries/Microsoft 365 Defender/Execution/detect-suspicious-mshta-usage.yaml	23
Hunting Queries/Microsoft 365 Defender/Exfiltration/Anomaly of MailItemAccess by GraphAPI [Nobelium].yaml	32
Hunting Queries/Microsoft 365 Defender/Exfiltration/7-zip-prep-for-exfiltration.yaml	20
Hunting Queries/Microsoft 365 Defender/Exfiltration/codeRepoExfil.yaml	14
Hunting Queries/Microsoft 365 Defender/Exfiltration/Map external devices (1).yaml	26
Hunting Queries/Microsoft 365 Defender/Exfiltration/OAuth Apps accessing user mail via GraphAPI [Nobelium].yaml	23
Hunting Queries/Microsoft 365 Defender/Exfiltration/detect-exfiltration-after-termination.yaml	26
Hunting Queries/Microsoft 365 Defender/Exfiltration/OAuth Apps reading mail both via GraphAPI and directly [Nobelium].yaml	42
Hunting Queries/Microsoft 365 Defender/Exfiltration/unusual-volume-of-file-sharing.yaml	62
Hunting Queries/Microsoft 365 Defender/Exfiltration/Password Protected Archive Creation.yaml	21
Hunting Queries/Microsoft 365 Defender/Exfiltration/exchange-powershell-snapin-loaded.yaml	21
Hunting Queries/Microsoft 365 Defender/Exfiltration/detect-archive-exfiltration-to-competitor.yaml	25
Hunting Queries/Microsoft 365 Defender/Exfiltration/MailItemsAccessed Throttling [Nobelium].yaml	24
Hunting Queries/Microsoft 365 Defender/Exfiltration/OAuth Apps reading mail via GraphAPI anomaly [Nobelium].yaml	27
Hunting Queries/Microsoft 365 Defender/Exfiltration/Map external devices.yaml	36
Hunting Queries/Microsoft 365 Defender/Exfiltration/Possible File Copy to USB Drive.yaml	26
Hunting Queries/Microsoft 365 Defender/Exfiltration/Data copied to other location than C drive.yaml	19
Hunting Queries/Microsoft 365 Defender/Exfiltration/detect-steganography-exfiltration.yaml	37
Hunting Queries/Microsoft 365 Defender/Exfiltration/Files copied to USB drives.yaml	32
Hunting Queries/Microsoft 365 Defender/Ransomware/LaZagne Credential Theft.yaml	15
Hunting Queries/Microsoft 365 Defender/Ransomware/Backup deletion.yaml	16
Hunting Queries/Microsoft 365 Defender/Ransomware/Stopping processes using net stop.yaml	17
Hunting Queries/Microsoft 365 Defender/Ransomware/IcedId attachments.yaml	21
Hunting Queries/Microsoft 365 Defender/Ransomware/Suspicious Bitlocker Encryption.yaml	4
Hunting Queries/Microsoft 365 Defender/Ransomware/IcedId Delivery.yaml	15
Hunting Queries/Microsoft 365 Defender/Ransomware/ASR--Rule-Ransomware-triggered.yaml	31
Hunting Queries/Microsoft 365 Defender/Ransomware/HTA Startup Persistence.yaml	14
Hunting Queries/Microsoft 365 Defender/Ransomware/Qakbot discovery activies.yaml	21
Hunting Queries/Microsoft 365 Defender/Ransomware/Discovery for highly-privileged accounts.yaml	20
Hunting Queries/Microsoft 365 Defender/Ransomware/IcedId email delivery.yaml	17
Hunting Queries/Microsoft 365 Defender/Ransomware/Potential ransomware activity related to Cobalt Strike.yaml	40
Hunting Queries/Microsoft 365 Defender/Ransomware/Suspicious Google Doc Links.yaml	19
Hunting Queries/Microsoft 365 Defender/Ransomware/DarkSide.yaml	13
Hunting Queries/Microsoft 365 Defender/Ransomware/Check for multiple signs of ransomware activity.yaml	85
Hunting Queries/Microsoft 365 Defender/Ransomware/Fake Replies.yaml	21
Hunting Queries/Microsoft 365 Defender/Ransomware/Sticky Keys.yaml	13
Hunting Queries/Microsoft 365 Defender/Ransomware/Turning off System Restore.yaml	21
Hunting Queries/Microsoft 365 Defender/Ransomware/Turning off services using sc exe.yaml	17
Hunting Queries/Microsoft 365 Defender/Ransomware/File Backup Deletion Alerts.yaml	15
Hunting Queries/Microsoft 365 Defender/Ransomware/Distribution from remote location.yaml	18
Hunting Queries/Microsoft 365 Defender/Ransomware/Suspicious Image Load related to IcedId.yaml	15
Hunting Queries/Microsoft 365 Defender/Ransomware/Stopping multiple processes using taskkill.yaml	17
Hunting Queries/Microsoft 365 Defender/Ransomware/Deletion of data on multiple drives using cipher exe.yaml	21
Hunting Queries/Microsoft 365 Defender/Ransomware/Gootkit File Delivery.yaml	23
Hunting Queries/Microsoft 365 Defender/Ransomware/DEV-0270/Email data exfiltration via PowerShell.yaml	14
Hunting Queries/Microsoft 365 Defender/Ransomware/DEV-0270/Modifying the registry to add a ransom message notification.yaml	13
Hunting Queries/Microsoft 365 Defender/Ransomware/DEV-0270/Disabling Services via Registry.yaml	15
Hunting Queries/Microsoft 365 Defender/Ransomware/DEV-0270/DLLHost.exe WMIC domain discovery.yaml	14
Hunting Queries/Microsoft 365 Defender/Ransomware/DEV-0270/PowerShell adding exclusion path for Microsoft Defender of ProgramData.yaml	13
Hunting Queries/Microsoft 365 Defender/Ransomware/DEV-0270/Create new user with known DEV-0270 username and password.yaml	16
Hunting Queries/Microsoft 365 Defender/Ransomware/DEV-0270/Add malicious user to Admins and RDP users group via PowerShell.yaml	14
Hunting Queries/Microsoft 365 Defender/Ransomware/DEV-0270/DLLHost.exe file creation via PowerShell.yaml	14
Hunting Queries/Microsoft 365 Defender/Ransomware/Clearing of forensic evidence from event logs using wevtutil.yaml	17
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_Ammyy_createproc.yaml	21
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_ConnectWise_createproc.yaml	24
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_PcVisit_netconn.yaml	25
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_ScreenMeet_createproc.yaml	21
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_DistantDesktop_createproc.yaml	21
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_RealVNC_netconn.yaml	25
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_ChromeRDP_createproc.yaml	21
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_PDQ_filesig.yaml	20
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_RemoteDesktopPlus_netconn.yaml	23
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_mRemoteNG_netconn.yaml	22
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_BarracudaRMM_netconn.yaml	28
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_parsec.app_createproc.yaml	21
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_ChromeRDP_netconn.yaml	23
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_BeyondTrust_filesig.yaml	24
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_ConnectWise_netconn.yaml	31
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_NinjaRMM_createproc.yaml	24
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_SimpleHelp_filesig.yaml	20
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_parsec.app_netconn.yaml	31
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_Action1_netconn.yaml	23
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_RemotePC_netconn.yaml	27
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_Addigy_netconn.yaml	35
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_ISLOnline_createproc.yaml	21
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_NinjaRMM_filesig.yaml	20
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_BarracudaRMM_createproc.yaml	23
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_Pulseway_createproc.yaml	21
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_TigerVNC_netconn.yaml	22
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_ZohoAssist_createproc.yaml	21
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_IperiusRemote_createproc.yaml	21
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_Atera_filesig.yaml	20
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_Ammyy_filesig.yaml	20
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_BarracudaRMM_filesig.yaml	20
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_Kaseya_netconn.yaml	28
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_Naverisk_createproc.yaml	23
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_XMReality_netconn.yaml	23
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm__all_netconn.yaml	185
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_PDQ_createproc.yaml	21
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_RemoteUtilities_filesig.yaml	20
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_AnyViewer_netconn.yaml	28
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_Splashtop_filesig.yaml	20
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_RPort_createproc.yaml	21
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_PDQ_netconn.yaml	27
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_GetScreen_createproc.yaml	21
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_FleetDeck_createproc.yaml	21
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_Naverisk_filesig.yaml	23
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_DesktopNow_netconn.yaml	23
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_AweSun_createproc.yaml	21
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_DistantDesktop_filesig.yaml	20
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_ServerEye_createproc.yaml	24
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_FleetDeck_netconn.yaml	23
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_PcVisit_filesig.yaml	20
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_AweSun_filesig.yaml	20
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_LiteManager_netconn.yaml	29
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_TightVNC_createproc.yaml	21
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_SupRemo_createproc.yaml	21
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_RPort_netconn.yaml	22
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_AnyViewer_filesig.yaml	20
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_SyncroMSP_createproc.yaml	21
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_RustDesk_netconn.yaml	22
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_XMReality_createproc.yaml	21
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_TeamViewer_createproc.yaml	21
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_Panorama9_createproc.yaml	21
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_DameWare_netconn.yaml	33
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_LiteManager_filesig.yaml	20
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_PcVisit_createproc.yaml	21
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_DattoRMM_filesig.yaml	20
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_TightVNC_netconn.yaml	22
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_TeamViewer_filesig.yaml	20
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_RustDesk_createproc.yaml	20
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_AnyDesk_createproc.yaml	21
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_Pulseway_filesig.yaml	20
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_DattoRMM_netconn.yaml	35
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_Atera_createproc.yaml	20
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_TeamViewer_netconn.yaml	25
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_DistantDesktop_netconn.yaml	26
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_MeshCentral_netconn.yaml	22
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_NAble_netconn.yaml	38
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_TacticalRMM_netconn.yaml	25
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_NAble_createproc.yaml	25
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_MSP360_CloudBerry_netconn.yaml	31
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_ScreenMeet_filesig.yaml	20
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_SimpleHelp_netconn.yaml	23
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_ServerEye_filesig.yaml	20
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_IperiusRemote_filesig.yaml	20
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_OptiTune_createproc.yaml	21
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_SyncroMSP_netconn.yaml	26
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_ConnectWise_filesig.yaml	24
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_LiteManager_createproc.yaml	24
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_GetScreen_filesig.yaml	20
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_ScreenMeet_netconn.yaml	23
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_SyncroMSP_filesig.yaml	20
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_AnyDesk_netconn.yaml	25
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_Kaseya_filesig.yaml	20
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_SimpleHelp_createproc.yaml	21
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_Atera_netconn.yaml	25
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_ZohoAssist_filesig.yaml	22
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_GetScreen_netconn.yaml	26
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_ShowMyPC_netconn.yaml	23
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_UltraViewer_filesig.yaml	20
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_TigerVNC_createproc.yaml	21
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_LogMeIn_netconn.yaml	38
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_MSP360_CloudBerry_filesig.yaml	23
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_MeshCentral_createproc.yaml	20
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_SupRemo_netconn.yaml	25
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_RemoteUtilities_netconn.yaml	23
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_AnyDesk_filesig.yaml	20
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_LogMeIn_createproc.yaml	25
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_Level_filesig.yaml	20
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_TacticalRMM_createproc.yaml	24
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_Panorama9_netconn.yaml	22
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_DesktopNow_createproc.yaml	21
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_mRemoteNG_createproc.yaml	20
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_BeyondTrust_createproc.yaml	20
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_Level_netconn.yaml	27
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_RealVNC_filesig.yaml	20
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_OptiTune_netconn.yaml	25
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_TightVNC_filesig.yaml	20
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_BeyondTrust_netconn.yaml	26
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_SupRemo_filesig.yaml	20
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_UltraViewer_createproc.yaml	21
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_Splashtop_netconn.yaml	25
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_RealVNC_createproc.yaml	20
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_AeroAdmin_createproc.yaml	21
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_NetSupport_filesig.yaml	20
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_ISLOnline_filesig.yaml	23
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_NetSupport_netconn.yaml	22
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_AweSun_netconn.yaml	28
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_Action1_filesig.yaml	20
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_Action1_createproc.yaml	21
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_XMReality_filesig.yaml	20
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_FleetDeck_filesig.yaml	20
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_Splashtop_createproc.yaml	21
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_AnyViewer_createproc.yaml	21
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_NAble_filesig.yaml	23
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_DameWare_filesig.yaml	20
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_ShowMyPC_createproc.yaml	21
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_OptiTune_filesig.yaml	20
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_MeshCentral_filesig.yaml	20
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_UltraViewer_netconn.yaml	23
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_RemoteUtilities_createproc.yaml	21
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_ShowMyPC_filesig.yaml	20
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_NinjaRMM_netconn.yaml	25
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_ZohoAssist_netconn.yaml	42
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_DWService_filesig.yaml	20
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_Naverisk_netconn.yaml	24
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_ServerEye_netconn.yaml	26
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_DameWare_createproc.yaml	26
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_ISLOnline_netconn.yaml	22
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_Pulseway_netconn.yaml	23
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_RemotePC_filesig.yaml	20
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_Panorama9_filesig.yaml	20
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_DesktopNow_filesig.yaml	20
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_NetSupport_createproc.yaml	20
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_LogMeIn_filesig.yaml	20
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_RemoteDesktopPlus_createproc.yaml	22
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_IperiusRemote_netconn.yaml	27
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_MSP360_CloudBerry_createproc.yaml	30
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_Ammyy_netconn.yaml	23
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_Level_createproc.yaml	21
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_parsec.app_filesig.yaml	20
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_AeroAdmin_filesig.yaml	20
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_TacticalRMM_filesig.yaml	23
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_RemotePC_createproc.yaml	25
Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_AeroAdmin_netconn.yaml	23
Hunting Queries/Microsoft 365 Defender/Impact/backup-deletion.yaml	19
Hunting Queries/Microsoft 365 Defender/Impact/wadhrama-data-destruction.yaml	22
Hunting Queries/Microsoft 365 Defender/Impact/turn-off-system-restore.yaml	27
Hunting Queries/Microsoft 365 Defender/Impact/ransom-note-creation-macos.yaml	18
Hunting Queries/Microsoft 365 Defender/Impact/unusual-volume-of-file-deletion.yaml	74
Hunting Queries/Microsoft 365 Defender/ASR rules/ASR-rules-categorized-detection-graph.yaml	25
Hunting Queries/Microsoft 365 Defender/Campaigns/cobalt-strike-invoked-w-wmi.yaml	38
Hunting Queries/Microsoft 365 Defender/Campaigns/Abuse.ch Recent Threat Feed (1).yaml	39
Hunting Queries/Microsoft 365 Defender/Campaigns/APT29 thinktanks.yaml	14
Hunting Queries/Microsoft 365 Defender/Campaigns/c2-lookup-response[Nobelium].yaml	23
Hunting Queries/Microsoft 365 Defender/Campaigns/EUROPIUM/Identify unusual identity additions related to EUROPIUM.yaml	13
Hunting Queries/Microsoft 365 Defender/Campaigns/EUROPIUM/Identify EUROPIUM IOCs.yaml	13
Hunting Queries/Microsoft 365 Defender/Campaigns/EUROPIUM/Identify Microsoft Defender Antivirus detection related to EUROPIUM.yaml	16
Hunting Queries/Microsoft 365 Defender/Campaigns/Ransomware hits healthcare - Robbinhood activity.yaml	15
Hunting Queries/Microsoft 365 Defender/Campaigns/fireeye-red-team-tools-HASHs [Nobelium].yaml	335
Hunting Queries/Microsoft 365 Defender/Campaigns/Judgement Panda exfil activity.yaml	21
Hunting Queries/Microsoft 365 Defender/Campaigns/fireeye-red-team-tools-CVEs [Nobelium].yaml	43
Hunting Queries/Microsoft 365 Defender/Campaigns/Ransomware hits healthcare - Alternate Data Streams use.yaml	18
Hunting Queries/Microsoft 365 Defender/Campaigns/Ransomware hits healthcare - Vulnerable Gigabyte drivers.yaml	13
Hunting Queries/Microsoft 365 Defender/Campaigns/Threat actor Phosphorus masquerading as conference organizers (1).yaml	4
Hunting Queries/Microsoft 365 Defender/Campaigns/Sysrv-botnet/app-armor-stopped.yaml	13
Hunting Queries/Microsoft 365 Defender/Campaigns/Sysrv-botnet/java-executing-cmd-to-run-powershell.yaml	14
Hunting Queries/Microsoft 365 Defender/Campaigns/Sysrv-botnet/rce-on-vulnerable-server.yaml	14
Hunting Queries/Microsoft 365 Defender/Campaigns/Sysrv-botnet/kinsing-miner-download.yaml	13
Hunting Queries/Microsoft 365 Defender/Campaigns/Sysrv-botnet/tomcat-8-executing-powershell.yaml	15
Hunting Queries/Microsoft 365 Defender/Campaigns/Sysrv-botnet/oracle-webLogic-executing-powershell.yaml	14
Hunting Queries/Microsoft 365 Defender/Campaigns/Abusing settingcontent-ms.yaml	17
Hunting Queries/Microsoft 365 Defender/Campaigns/MacOceanLotusBackdoor.yaml	16
Hunting Queries/Microsoft 365 Defender/Campaigns/Elise backdoor.yaml	15
Hunting Queries/Microsoft 365 Defender/Campaigns/apt ta17 293a ps.yaml	14
Hunting Queries/Microsoft 365 Defender/Campaigns/WastedLocker Downloader.yaml	14
Hunting Queries/Microsoft 365 Defender/Campaigns/Equation Group C2 Communication.yaml	15
Hunting Queries/Microsoft 365 Defender/Campaigns/Ransomware hits healthcare - Turning off System Restore.yaml	21
Hunting Queries/Microsoft 365 Defender/Campaigns/OceanLotus registry activity.yaml	20
Hunting Queries/Microsoft 365 Defender/Campaigns/Log4J/Suspicious JScript staging comment.yaml	15
Hunting Queries/Microsoft 365 Defender/Campaigns/Log4J/Devices with Log4j vulnerability alerts and additional other alert related context.yaml	38
Hunting Queries/Microsoft 365 Defender/Campaigns/Log4J/Suspicious PowerShell curl flags.yaml	15
Hunting Queries/Microsoft 365 Defender/Campaigns/Log4J/Suspicious process event creation from VMWare Horizon TomcatService.yaml	15
Hunting Queries/Microsoft 365 Defender/Campaigns/Log4J/Alerts related to Log4j vulnerability.yaml	26
Hunting Queries/Microsoft 365 Defender/Campaigns/detect-cyzfc-activity (2).yaml	21
Hunting Queries/Microsoft 365 Defender/Campaigns/oceanlotus-apt32-files.yaml	98
Hunting Queries/Microsoft 365 Defender/Campaigns/compromised-certificate[Nobelium].yaml	26
Hunting Queries/Microsoft 365 Defender/Campaigns/robbinhood-driver.yaml	23
Hunting Queries/Microsoft 365 Defender/Campaigns/Bazacall/Excel Macro Execution.yaml	14
Hunting Queries/Microsoft 365 Defender/Campaigns/Bazacall/RunDLL Suspicious Network Connection.yaml	13
Hunting Queries/Microsoft 365 Defender/Campaigns/Bazacall/Renamed Rclone Exfil.yaml	13
Hunting Queries/Microsoft 365 Defender/Campaigns/Bazacall/Dropping payload via certutil.yaml	17
Hunting Queries/Microsoft 365 Defender/Campaigns/Bazacall/Cobalt Strike Lateral Movement.yaml	15
Hunting Queries/Microsoft 365 Defender/Campaigns/Bazacall/NTDS theft.yaml	18
Hunting Queries/Microsoft 365 Defender/Campaigns/Bazacall/Malicious Excel Delivery.yaml	14
Hunting Queries/Microsoft 365 Defender/Campaigns/Bazacall/Bazacall Emails.yaml	14
Hunting Queries/Microsoft 365 Defender/Campaigns/Bazacall/Excel file download domain pattern.yaml	14
Hunting Queries/Microsoft 365 Defender/Campaigns/Bazarloader/Zip-Doc - Word Launching MSHTA.yaml	13
Hunting Queries/Microsoft 365 Defender/Campaigns/Bazarloader/Zip-Doc - Creation of JPG Payload File.yaml	14
Hunting Queries/Microsoft 365 Defender/Campaigns/Bazarloader/Stolen Images Execution.yaml	13
Hunting Queries/Microsoft 365 Defender/Campaigns/compromised nvidia certificates[Lapsus$].yaml	27
Hunting Queries/Microsoft 365 Defender/Campaigns/cypherpunk-remote-exec-w-psexesvc.yaml	19
Hunting Queries/Microsoft 365 Defender/Campaigns/StarBlizzardDomainIOCsAug2022.yaml	27
Hunting Queries/Microsoft 365 Defender/Campaigns/DofoilNameCoinServerTraffic.yaml	17
Hunting Queries/Microsoft 365 Defender/Campaigns/Ransomware hits healthcare - Backup deletion.yaml	14
Hunting Queries/Microsoft 365 Defender/Campaigns/apt sofacy.yaml	15
Hunting Queries/Microsoft 365 Defender/Campaigns/apt tropictrooper.yaml	14
Hunting Queries/Microsoft 365 Defender/Campaigns/snip3-aviation-targeting-emails.yaml	24
Hunting Queries/Microsoft 365 Defender/Campaigns/c2-lookup-from-nonbrowser[Nobelium] (1).yaml	24
Hunting Queries/Microsoft 365 Defender/Campaigns/Ransomware hits healthcare - Clearing of system logs.yaml	13
Hunting Queries/Microsoft 365 Defender/Campaigns/c2-lookup-from-nonbrowser[Nobelium].yaml	23
Hunting Queries/Microsoft 365 Defender/Campaigns/apt sofacy zebrocy.yaml	14
Hunting Queries/Microsoft 365 Defender/Campaigns/KNOTWEED/KNOTWEED-FileHashIOCsJuly2022.yaml	39
Hunting Queries/Microsoft 365 Defender/Campaigns/KNOTWEED/KNOTWEED-AVDetections.yaml	18
Hunting Queries/Microsoft 365 Defender/Campaigns/KNOTWEED/KNOTWEED-DownloadingnewfileusingCurl.yaml	25
Hunting Queries/Microsoft 365 Defender/Campaigns/KNOTWEED/KNOTWEED-COMRegistryKeyModifiedtoPointtoColorProfileFolder.yaml	3
Hunting Queries/Microsoft 365 Defender/Campaigns/KNOTWEED/KNOTWEED-PEFileDroppedinColorProfileFolder.yaml	3
Hunting Queries/Microsoft 365 Defender/Campaigns/KNOTWEED/KNOTWEED-DomainIOCsJuly2022.yaml	20
Hunting Queries/Microsoft 365 Defender/Campaigns/confluence-weblogic-targeted.yaml	70
Hunting Queries/Microsoft 365 Defender/Campaigns/Jupyter-Solarmaker/deimos-component-execution.yaml	20
Hunting Queries/Microsoft 365 Defender/Campaigns/Jupyter-Solarmaker/successive-tk-domain-calls.yaml	16
Hunting Queries/Microsoft 365 Defender/Campaigns/Jupyter-Solarmaker/evasive-powershell-executions.yaml	15
Hunting Queries/Microsoft 365 Defender/Campaigns/Jupyter-Solarmaker/evasive-powershell-strings.yaml	15
Hunting Queries/Microsoft 365 Defender/Campaigns/Ransomware hits healthcare - Cipher.exe tool deleting data.yaml	19
Hunting Queries/Microsoft 365 Defender/Campaigns/c2-lookup-response[Nobelium] (1).yaml	24
Hunting Queries/Microsoft 365 Defender/Campaigns/detect-cyzfc-activity.yaml	27
Hunting Queries/Microsoft 365 Defender/Campaigns/detect-cyzfc-activity (1).yaml	20
Hunting Queries/Microsoft 365 Defender/Campaigns/Bear Activity GTR 2019.yaml	14
Hunting Queries/Microsoft 365 Defender/Campaigns/Threat actor Phosphorus masquerading as conference organizers.yaml	18
Hunting Queries/Microsoft 365 Defender/Campaigns/snip3-encoded-powershell-structure.yaml	17
Hunting Queries/Microsoft 365 Defender/Campaigns/Abuse.ch Recent Threat Feed.yaml	66
Hunting Queries/Microsoft 365 Defender/Campaigns/apt unidentified nov 18 (1).yaml	14
Hunting Queries/Microsoft 365 Defender/Campaigns/oceanlotus-apt32-network.yaml	30
Hunting Queries/Microsoft 365 Defender/Campaigns/detect-cyzfc-activity (4).yaml	27
Hunting Queries/Microsoft 365 Defender/Campaigns/Dragon Fly.yaml	14
Hunting Queries/Microsoft 365 Defender/Campaigns/launching-cmd-echo[Nobelium].yaml	25
Hunting Queries/Microsoft 365 Defender/Campaigns/snip3-detectsanboxie-function-call.yaml	16
Hunting Queries/Microsoft 365 Defender/Campaigns/ZLoader/Payload Delivery.yaml	14
Hunting Queries/Microsoft 365 Defender/Campaigns/ZLoader/Malicious bat file.yaml	14
Hunting Queries/Microsoft 365 Defender/Campaigns/ZLoader/Suspicious Registry Keys.yaml	14
Hunting Queries/Microsoft 365 Defender/Campaigns/Threat actor Phosphorus masquerading as conference organizers (2).yaml	4
Hunting Queries/Microsoft 365 Defender/Campaigns/LemonDuck/LemonDuck-component-names.yaml	19
Hunting Queries/Microsoft 365 Defender/Campaigns/LemonDuck/LemonDuck-registration-function.yaml	17
Hunting Queries/Microsoft 365 Defender/Campaigns/LemonDuck/LemonDuck-competition-killer.yaml	21
Hunting Queries/Microsoft 365 Defender/Campaigns/LemonDuck/LemonDuck-component-download-structure.yaml	17
Hunting Queries/Microsoft 365 Defender/Campaigns/LemonDuck/LemonDuck-id-generation.yaml	15
Hunting Queries/Microsoft 365 Defender/Campaigns/LemonDuck/LemonDuck-email-subjects.yaml	16
Hunting Queries/Microsoft 365 Defender/Campaigns/LemonDuck/LemonDuck-control-structure.yaml	15
Hunting Queries/Microsoft 365 Defender/Campaigns/LemonDuck/LemonDuck-defender-exclusions.yaml	14
Hunting Queries/Microsoft 365 Defender/Campaigns/detect-cyzfc-activity (3).yaml	21
Hunting Queries/Microsoft 365 Defender/Campaigns/StrRAT malware/StrRAT-AV-Discovery.yaml	14
Hunting Queries/Microsoft 365 Defender/Campaigns/StrRAT malware/StrRAT-Email-Delivery.yaml	28
Hunting Queries/Microsoft 365 Defender/Campaigns/StrRAT malware/StrRAT-Malware-Persistence.yaml	14
Hunting Queries/Microsoft 365 Defender/Campaigns/snip3-revengerat-c2-exfiltration.yaml	16
Hunting Queries/Microsoft 365 Defender/Campaigns/apt unidentified nov 18.yaml	14
Hunting Queries/Microsoft 365 Defender/Campaigns/redmenshen-bpfdoor-backdoor.yaml	21
Hunting Queries/Microsoft 365 Defender/Campaigns/Macaw Ransomware/Use of MSBuild as LOLBin.yaml	14
Hunting Queries/Microsoft 365 Defender/Campaigns/Macaw Ransomware/Imminent Ransomware.yaml	38
Hunting Queries/Microsoft 365 Defender/Campaigns/Macaw Ransomware/PSExec Attrib commands.yaml	17
Hunting Queries/Microsoft 365 Defender/Campaigns/Macaw Ransomware/Inhibit recovery by disabling tools and functionality.yaml	16
Hunting Queries/Microsoft 365 Defender/Campaigns/Macaw Ransomware/Disable Controlled Folders.yaml	14
Hunting Queries/Microsoft 365 Defender/Campaigns/Macaw Ransomware/Mass account password change.yaml	15
Hunting Queries/Microsoft 365 Defender/Campaigns/Cloud Hopper.yaml	14
Hunting Queries/Microsoft 365 Defender/Campaigns/MacOceanLotusDropper.yaml	17
Hunting Queries/Microsoft 365 Defender/Campaigns/Qakbot/Qakbot email theft (1).yaml	15
Hunting Queries/Microsoft 365 Defender/Campaigns/Qakbot/Excel launching anomalous processes.yaml	5
Hunting Queries/Microsoft 365 Defender/Campaigns/Qakbot/Qakbot reconnaissance activities.yaml	19
Hunting Queries/Microsoft 365 Defender/Campaigns/Qakbot/Qakbot email theft.yaml	15
Hunting Queries/Microsoft 365 Defender/Campaigns/Qakbot/Qakbot Craigslist Domains.yaml	13
Hunting Queries/Microsoft 365 Defender/Campaigns/Qakbot/General attempts to access local email store.yaml	16
Hunting Queries/Microsoft 365 Defender/Campaigns/possible-affected-software-orion[Nobelium].yaml	25
Hunting Queries/Microsoft 365 Defender/Campaigns/Ransomware hits healthcare - Possible compromised accounts.yaml	34
Hunting Queries/Microsoft 365 Defender/Campaigns/APT Baby Shark.yaml	16
Hunting Queries/Microsoft 365 Defender/Campaigns/robbinhood-evasion.yaml	25
Hunting Queries/Microsoft 365 Defender/Campaigns/cypherpunk-exclusive-commands.yaml	18
Hunting Queries/Microsoft 365 Defender/Campaigns/Dopplepaymer In-Memory Malware Implant.yaml	14
Hunting Queries/Microsoft 365 Defender/Campaigns/launching-base64-powershell[Nobelium].yaml	30
Hunting Queries/Microsoft 365 Defender/Campaigns/known-affected-software-orion[Nobelium].yaml	23
Hunting Queries/Microsoft 365 Defender/Campaigns/Hurricane Panda activity.yaml	15
Hunting Queries/Microsoft 365 Defender/Campaigns/snip3-malicious-network-connectivity.yaml	18
Hunting Queries/Microsoft 365 Defender/Cloud Apps/file-download-events.yaml	28
Hunting Queries/Microsoft 365 Defender/Cloud Apps/aad-role-adds.yaml	34
Hunting Queries/Microsoft 365 Defender/Cloud Apps/mass-downloads.yaml	20
Hunting Queries/Microsoft 365 Defender/Cloud Apps/aad-group-adds.yaml	28
Hunting Queries/Microsoft 365 Defender/Email Queries/Remediation/Email remediation action list.yaml	25
Hunting Queries/Microsoft 365 Defender/Email Queries/Remediation/AIR investigation actions insight.yaml	35
Hunting Queries/Microsoft 365 Defender/Email Queries/ZAP/Total ZAP count.yaml	20
Hunting Queries/Microsoft 365 Defender/Email Queries/Overrides/Top policies performing user overrides.yaml	20
Hunting Queries/Microsoft 365 Defender/Email Queries/Overrides/Top policies performing admin overrides.yaml	20
Hunting Queries/Microsoft 365 Defender/Email Queries/Overrides/User overrides.yaml	21
Hunting Queries/Microsoft 365 Defender/Email Queries/Overrides/Admin overrides.yaml	21
Hunting Queries/Microsoft 365 Defender/Email Queries/Mailflow/Top 100 senders.yaml	20
Hunting Queries/Microsoft 365 Defender/Email Queries/Mailflow/Zero day threats.yaml	20
Hunting Queries/Microsoft 365 Defender/Email Queries/Mailflow/Detections by detection methods.yaml	46
Hunting Queries/Microsoft 365 Defender/Email Queries/Mailflow/Mailflow by directionality.yaml	21
Hunting Queries/Microsoft 365 Defender/Email Queries/Mailflow/Top 100 malicious email senders.yaml	21
Hunting Queries/Microsoft 365 Defender/Email Queries/Mailflow/Sender recipient contact establishment.yaml	35
Hunting Queries/Microsoft 365 Defender/Email Queries/Mailflow/Malicious emails detected per day.yaml	29
Hunting Queries/Microsoft 365 Defender/Email Queries/Mailflow/Mail reply to new domain.yaml	40
Hunting Queries/Microsoft 365 Defender/Email Queries/Phish/Possible device code phishing attempts.yaml	47
Hunting Queries/Microsoft 365 Defender/Email Queries/Phish/Possible Teams phishing activity.yaml	34
Hunting Queries/Microsoft 365 Defender/Email Queries/Phish/Appspot phishing abuse.yaml	31
Hunting Queries/Microsoft 365 Defender/Email Queries/Phish/PhishDetectionByDetectionMethod.yaml	39
Hunting Queries/Microsoft 365 Defender/Email Queries/Hunting/Top outbound recipient domains sending inbound emails with threats.yaml	26
Hunting Queries/Microsoft 365 Defender/Email Queries/Hunting/BEC - File sharing tactics - Dropbox.yaml	30
Hunting Queries/Microsoft 365 Defender/Email Queries/Hunting/Email bombing.yaml	12
Hunting Queries/Microsoft 365 Defender/Email Queries/Hunting/Inbox rule change which forward-redirect email.yaml	21
Hunting Queries/Microsoft 365 Defender/Email Queries/Hunting/BEC - File sharing tactics - OneDrive or SharePoint.yaml	38
Hunting Queries/Microsoft 365 Defender/Email Queries/Hunting/Hunt for malicious URLs using external IOC source.yaml	28
Hunting Queries/Microsoft 365 Defender/Email Queries/Hunting/Emails containing links to IP addresses.yaml	18
Hunting Queries/Microsoft 365 Defender/Email Queries/Hunting/Good emails from senders with bad patterns.yaml	30
Hunting Queries/Microsoft 365 Defender/Email Queries/Hunting/Automated email notifications and suspicious sign-in activity.yaml	26
Hunting Queries/Microsoft 365 Defender/Email Queries/Hunting/Hunt for email conversation take over attempts.yaml	40
Hunting Queries/Microsoft 365 Defender/Email Queries/Hunting/Hunt for malicious attachments using external IOC source.yaml	27
Hunting Queries/Microsoft 365 Defender/Email Queries/Hunting/Hunt for email bombing attacks.yaml	25
Hunting Queries/Microsoft 365 Defender/Email Queries/URL Click/User clicks on malicious inbound emails.yaml	28
Hunting Queries/Microsoft 365 Defender/Email Queries/URL Click/URL click on ZAP Email.yaml	23
Hunting Queries/Microsoft 365 Defender/Email Queries/URL Click/URLClick details based on malicious URL click alert.yaml	22
Hunting Queries/Microsoft 365 Defender/Email Queries/URL Click/User clicked through events.yaml	20
Hunting Queries/Microsoft 365 Defender/Email Queries/URL Click/URL click count by click action.yaml	22
Hunting Queries/Microsoft 365 Defender/Email Queries/URL Click/URL clicks actions by URL.yaml	22
Hunting Queries/Microsoft 365 Defender/Email Queries/URL Click/User clicks on phishing URLs in emails.yaml	21
Hunting Queries/Microsoft 365 Defender/Email Queries/URL Click/End user malicious clicks.yaml	24
Hunting Queries/Microsoft 365 Defender/Email Queries/Attachment/Safe attachment detection.yaml	23
Hunting Queries/Microsoft 365 Defender/Email Queries/Attachment/ATP policy status check.yaml	27
Hunting Queries/Microsoft 365 Defender/Email Queries/Attachment/JNLP attachment.yaml	18
Hunting Queries/Microsoft 365 Defender/Email Queries/Authentication/Spoof attempts with auth failure.yaml	22
Hunting Queries/Microsoft 365 Defender/Email Queries/Authentication/Authentication failures.yaml	23
Hunting Queries/Microsoft 365 Defender/Email Queries/QR code/Suspicious sign-in attempts from QR code phishing campaigns.yaml	47
Hunting Queries/Microsoft 365 Defender/Email Queries/QR code/Personalized campaigns based on the first few keywords.yaml	25
Hunting Queries/Microsoft 365 Defender/Email Queries/QR code/Emails with QR codes from non-prevalent sender.yaml	36
Hunting Queries/Microsoft 365 Defender/Email Queries/QR code/Emails delivered having URLs from QR codes.yaml	25
Hunting Queries/Microsoft 365 Defender/Email Queries/QR code/Inbound emails with QR code URLs.yaml	25
Hunting Queries/Microsoft 365 Defender/Email Queries/QR code/Hunting for user signals-clusters.yaml	26
Hunting Queries/Microsoft 365 Defender/Email Queries/QR code/Personalized campaigns based on the last few keywords.yaml	25
Hunting Queries/Microsoft 365 Defender/Email Queries/QR code/Campaign with suspicious keywords.yaml	25
Hunting Queries/Microsoft 365 Defender/Email Queries/QR code/Emails with QR codes and suspicious keywords in subject.yaml	27
Hunting Queries/Microsoft 365 Defender/Email Queries/QR code/Risky sign-in attempt from a non-managed device.yaml	31
Hunting Queries/Microsoft 365 Defender/Email Queries/QR code/Hunting for sender patterns.yaml	47
Hunting Queries/Microsoft 365 Defender/Email Queries/QR code/Campaign with randomly named attachments.yaml	24
Hunting Queries/Microsoft 365 Defender/Email Queries/QR code/Custom detection-Emails with QR from non-prevalent senders.yaml	51
Hunting Queries/Microsoft 365 Defender/Email Queries/Quarantine/Quarantine Release Email Details.yaml	27
Hunting Queries/Microsoft 365 Defender/Email Queries/Quarantine/Quarantine release trend.yaml	22
Hunting Queries/Microsoft 365 Defender/Email Queries/Quarantine/High Confidence Phish Released.yaml	27
Hunting Queries/Microsoft 365 Defender/Email Queries/Quarantine/Group quarantine release.yaml	24
Hunting Queries/Microsoft 365 Defender/Email Queries/Spoof and Impersonation/Spoof and impersonation phish detections.yaml	22
Hunting Queries/Microsoft 365 Defender/Email Queries/Spoof and Impersonation/Spoof and impersonation detections by sender IP.yaml	21
Hunting Queries/Microsoft 365 Defender/Email Queries/Spoof and Impersonation/Referral phish emails.yaml	27
Hunting Queries/Microsoft 365 Defender/Email Queries/Spoof and Impersonation/Display Name - Spoof and Impersonation.yaml	35
Hunting Queries/Microsoft 365 Defender/Email Queries/Spoof and Impersonation/User not covered under display name impersonation.yaml	28
Hunting Queries/Microsoft 365 Defender/Email Queries/Top Attacks/Attacked more than x times average.yaml	24
Hunting Queries/Microsoft 365 Defender/Email Queries/Top Attacks/Top external malicious senders.yaml	21
Hunting Queries/Microsoft 365 Defender/Email Queries/Top Attacks/Top targeted users.yaml	21
Hunting Queries/Microsoft 365 Defender/Email Queries/Top Attacks/Top 10 URL domains attacking organization.yaml	27
Hunting Queries/Microsoft 365 Defender/Email Queries/Top Attacks/Top 10 percent of most attacked users.yaml	25
Hunting Queries/Microsoft 365 Defender/Email Queries/Top Attacks/Malicious mails by sender IPs.yaml	21
Hunting Queries/Microsoft 365 Defender/Email Queries/Malware/Email containing malware accessed on a unmanaged device.yaml	30
Hunting Queries/Microsoft 365 Defender/Email Queries/Malware/Malware detections by detection methods.yaml	32
Hunting Queries/Microsoft 365 Defender/Email Queries/Malware/Email malware detection report.yaml	26
Hunting Queries/Microsoft 365 Defender/Email Queries/Malware/Email containing malware sent by an internal sender.yaml	20
Hunting Queries/Microsoft 365 Defender/Email Queries/Submissions/Status of submissions.yaml	25
Hunting Queries/Microsoft 365 Defender/Email Queries/Submissions/Admin reported submissions.yaml	22
Hunting Queries/Microsoft 365 Defender/Email Queries/Submissions/User reported submissions.yaml	22
Hunting Queries/Microsoft 365 Defender/Email Queries/Submissions/Top submitters of admin submissions.yaml	25
Hunting Queries/Microsoft 365 Defender/Email Queries/Submissions/Top submitters of user submissions.yaml	25
Hunting Queries/Microsoft 365 Defender/Email Queries/General/New TABL Items.yaml	33
Hunting Queries/Microsoft 365 Defender/Email Queries/General/MDO daily detection summary report.yaml	65
Hunting Queries/Microsoft 365 Defender/Email Queries/General/Hunt for Admin email access.yaml	25
Hunting Queries/Microsoft 365 Defender/Email Queries/General/Malicious email senders.yaml	22
Hunting Queries/Microsoft 365 Defender/Email Queries/General/Hunt for TABL changes.yaml	20
Hunting Queries/Microsoft 365 Defender/Email Queries/General/Mail item accessed.yaml	21
Hunting Queries/Microsoft 365 Defender/Email Queries/General/Local time to UTC time conversion.yaml	20
Hunting Queries/Microsoft 365 Defender/Email Queries/General/Email sender IP address Geo location information.yaml	20
Hunting Queries/Microsoft 365 Defender/Email Queries/General/Audit Email Preview-Download action.yaml	29
Hunting Queries/Microsoft 365 Defender/Email Queries/URL/Phishing Email Url Redirector.yaml	6
Hunting Queries/Microsoft 365 Defender/Email Queries/URL/SafeLinks URL detections.yaml	23
Hunting Queries/Microsoft 365 Defender/Troubleshooting/Connectivity Failures by Domain.yaml	25
Hunting Queries/Microsoft 365 Defender/Troubleshooting/Connectivity Failures by Device.yaml	87
Hunting Queries/Microsoft 365 Defender/Collection/MailItemsAccessedTimeSeries[Solarigate].yaml	49
Hunting Queries/Microsoft 365 Defender/Collection/Anomaly of MailItemAccess by Other Users Mailbox [Nobelium].yaml	38
Hunting Queries/Microsoft 365 Defender/Collection/HostExportingMailboxAndRemovingExport[Solarigate].yaml	32
Hunting Queries/Microsoft 365 Defender/Defense evasion/qakbot-campaign-process-injection.yaml	21
Hunting Queries/Microsoft 365 Defender/Defense evasion/alt-data-streams.yaml	26
Hunting Queries/Microsoft 365 Defender/Defense evasion/suspicious-command-interpreters-added-to-registry.yaml	27
Hunting Queries/Microsoft 365 Defender/Defense evasion/clear-system-logs.yaml	19
Hunting Queries/Microsoft 365 Defender/Defense evasion/locate-files-possibly-signed-by-fraudulent-ecc-certificates.yaml	7
Hunting Queries/Microsoft 365 Defender/Defense evasion/regsvr32-rundll32-image-loads-abnormal-extension.yaml	29
Hunting Queries/Microsoft 365 Defender/Defense evasion/hiding-java-class-file.yaml	18
Hunting Queries/Microsoft 365 Defender/Defense evasion/regsvr32-rundll32-with-anomalous-parent-process.yaml	30
Hunting Queries/Microsoft 365 Defender/Defense evasion/doppelpaymer-stop-services.yaml	24
Hunting Queries/Microsoft 365 Defender/Defense evasion/suspicious-base64-encoded-registry-keys.yaml	26
Hunting Queries/Microsoft 365 Defender/Defense evasion/PotentialMicrosoftDefenderTampering[Solarigate].yaml	33
Hunting Queries/Microsoft 365 Defender/Defense evasion/Discovering potentially tampered devices [Nobelium].yaml	9
Hunting Queries/Microsoft 365 Defender/Defense evasion/UpdateStsRefreshToken[Solorigate].yaml	27
Hunting Queries/Microsoft 365 Defender/Defense evasion/regsvr32-rundll32-image-loads-from-abnormal-locations.yaml	39
Hunting Queries/Microsoft 365 Defender/Defense evasion/suspicious-keywords-in-registry.yaml	21
Hunting Queries/Microsoft 365 Defender/Defense evasion/deleting-data-w-cipher-tool.yaml	24
Hunting Queries/Microsoft 365 Defender/Defense evasion/ADFSDomainTrustMods[Nobelium].yaml	45
Hunting Queries/Microsoft 365 Defender/Defense evasion/MailPermissionsAddedToApplication[Nobelium].yaml	48
Hunting Queries/Microsoft 365 Defender/Defense evasion/qakbot-campaign-self-deletion.yaml	22
Hunting Queries/Microsoft 365 Defender/Command and Control/C2-NamedPipe.yaml	61
Hunting Queries/Microsoft 365 Defender/Command and Control/Device network events w low count FQDN.yaml	26
Hunting Queries/Microsoft 365 Defender/Command and Control/python-use-by-ransomware-macos.yaml	19
Hunting Queries/Microsoft 365 Defender/Command and Control/reverse-shell-ransomware-macos.yaml	18
Hunting Queries/Microsoft 365 Defender/Command and Control/check-for-shadowhammer-activity-download-domain.yaml	19
Hunting Queries/Microsoft 365 Defender/Command and Control/c2-bluekeep.yaml	28
Hunting Queries/Microsoft 365 Defender/Command and Control/recon-with-rundll.yaml	25
Hunting Queries/Microsoft 365 Defender/Command and Control/Tor.yaml	21
Hunting Queries/Microsoft 365 Defender/Command and Control/EncodedDomainURL [Nobelium].yaml	74
Hunting Queries/Microsoft 365 Defender/Command and Control/DNSPattern [Nobelium].yaml	71
Hunting Queries/Microsoft 365 Defender/Command and Control/Connection to Rare DNS Hosts.yaml	31
Hunting Queries/Microsoft 365 Defender/Delivery/Email link + download + SmartScreen warning.yaml	41
Hunting Queries/Microsoft 365 Defender/Delivery/powercat-download.yaml	23
Hunting Queries/Microsoft 365 Defender/Delivery/Dropbox downloads linked from other site.yaml	20
Hunting Queries/Microsoft 365 Defender/Delivery/Open email link.yaml	54
Hunting Queries/Microsoft 365 Defender/Delivery/detect-jscript-file-creation.yaml	20
Hunting Queries/Microsoft 365 Defender/Delivery/Pivot from detections to related downloads.yaml	48
Hunting Queries/Microsoft 365 Defender/Delivery/Qakbot Craigslist Domains.yaml	13
Hunting Queries/Microsoft 365 Defender/Delivery/Gootkit-malware.yaml	27
Hunting Queries/Microsoft 365 Defender/Delivery/Doc attachment with link to download.yaml	55
Hunting Queries/Microsoft 365 Defender/Credential Access/doppelpaymer-procdump.yaml	27
Hunting Queries/Microsoft 365 Defender/Credential Access/wadhrama-credential-dump.yaml	21
Hunting Queries/Microsoft 365 Defender/Credential Access/lazagne.yaml	29
Hunting Queries/Microsoft 365 Defender/Credential Access/Active Directory Sensitive Group Modifications.yaml	64
Hunting Queries/Microsoft 365 Defender/Credential Access/lsass-credential-dumping.yaml	30
Hunting Queries/Microsoft 365 Defender/Credential Access/procdump-lsass-credentials.yaml	22
Hunting Queries/Microsoft 365 Defender/Credential Access/wdigest-caching.yaml	32
Hunting Queries/Microsoft 365 Defender/Credential Access/Private Key Files.yaml	27
Hunting Queries/Microsoft 365 Defender/Credential Access/identify-accounts-logged-on-to-endpoints-affected-by-cobalt-strike.yaml	39
Hunting Queries/Microsoft 365 Defender/Credential Access/Attempts to request Kerberos service ticket using the AS service.yaml	34
Hunting Queries/Microsoft 365 Defender/Credential Access/logon-attempts-after-malicious-email.yaml	23
Hunting Queries/Microsoft 365 Defender/Credential Access/cobalt-strike.yaml	5
Hunting Queries/Microsoft 365 Defender/Fun/EmojiHunt.yaml	18
Hunting Queries/Microsoft 365 Defender/Fun/Make FolderPath Vogon Poetry.yaml	52
Hunting Queries/Microsoft 365 Defender/Privilege escalation/ServicePrincipalAddedToRole [Nobelium].yaml	5
Hunting Queries/Microsoft 365 Defender/Privilege escalation/SAM-Name-Changes-CVE-2021-42278.yaml	20
Hunting Queries/Microsoft 365 Defender/Privilege escalation/detect-cve-2019-1053-sandboxescape-exploit.yaml	25
Hunting Queries/Microsoft 365 Defender/Privilege escalation/detect-cve-2019-1069-bearlpe-exploit.yaml	32
Hunting Queries/Microsoft 365 Defender/Privilege escalation/detect-cve-2019-0863-AngryPolarBearBug2-exploit.yaml	26
Hunting Queries/Microsoft 365 Defender/Privilege escalation/dell-driver-vulnerability-2021.yaml	5
Hunting Queries/Microsoft 365 Defender/Privilege escalation/cve-2019-0808-nufsys-file creation.yaml	28
Hunting Queries/Microsoft 365 Defender/Privilege escalation/detect-cve-2019-1129-byebear-exploit.yaml	27
Hunting Queries/Microsoft 365 Defender/Privilege escalation/detect-av-edr-privileged-delete-vulnerability.yaml	25
Hunting Queries/Microsoft 365 Defender/Privilege escalation/riskySignInToElevateAccess.yaml	28
Hunting Queries/Microsoft 365 Defender/Privilege escalation/detect-cve-2019-0973-installerbypass-exploit.yaml	26
Hunting Queries/Microsoft 365 Defender/Privilege escalation/Add uncommon credential type to application [Nobelium].yaml	5
Hunting Queries/Microsoft 365 Defender/Privilege escalation/cve-2019-0808-set-scheduled-task.yaml	26
Hunting Queries/Microsoft 365 Defender/Privilege escalation/locate-ALPC-local-privilege-elevation-exploit.yaml	23
Hunting Queries/Microsoft 365 Defender/Privilege escalation/cve-2019-0808-c2.yaml	24
Hunting Queries/Microsoft 365 Defender/Lateral Movement/detect-suspicious-rdp-connections.yaml	41
Hunting Queries/Microsoft 365 Defender/Lateral Movement/ServiceAccountsPerformingRemotePS.yaml	55
Hunting Queries/Microsoft 365 Defender/Lateral Movement/Network Logons with Local Accounts.yaml	16
Hunting Queries/Microsoft 365 Defender/Lateral Movement/remote-file-creation-with-psexec.yaml	38
Hunting Queries/Microsoft 365 Defender/Lateral Movement/Device Logons from Unknown IPs.yaml	26
Hunting Queries/Microsoft 365 Defender/Lateral Movement/Non-local logons with -500 account.yaml	13
Hunting Queries/Microsoft 365 Defender/Lateral Movement/Account brute force.yaml	23
Hunting Queries/Microsoft 365 Defender/Lateral Movement/ImpersonatedUserFootprint.yaml	35
Hunting Queries/Microsoft 365 Defender/Lateral Movement/doppelpaymer-psexec.yaml	26
Hunting Queries/Microsoft 365 Defender/Lateral Movement/Account brute force (1).yaml	26
Hunting Queries/Microsoft 365 Defender/General queries/insider-threat-detection-queries (2).yaml	10
Hunting Queries/Microsoft 365 Defender/General queries/Crashing Applications.yaml	22
Hunting Queries/Microsoft 365 Defender/General queries/Alert Events from Internal IP Address.yaml	28
Hunting Queries/Microsoft 365 Defender/General queries/Network footprint (3).yaml	16
Hunting Queries/Microsoft 365 Defender/General queries/Endpoint Agent Health Status Report.yaml	106
Hunting Queries/Microsoft 365 Defender/General queries/Events surrounding alert.yaml	19
Hunting Queries/Microsoft 365 Defender/General queries/Machine info from IP address.yaml	23
Hunting Queries/Microsoft 365 Defender/General queries/insider-threat-detection-queries.yaml	10
Hunting Queries/Microsoft 365 Defender/General queries/insider-threat-detection-queries (14).yaml	10
Hunting Queries/Microsoft 365 Defender/General queries/MD AV Signature and Platform Version.yaml	27
Hunting Queries/Microsoft 365 Defender/General queries/Phish and Malware received by user vs total amount of email.yaml	15
Hunting Queries/Microsoft 365 Defender/General queries/File footprint (1).yaml	19
Hunting Queries/Microsoft 365 Defender/General queries/Events surrounding alert (1).yaml	27
Hunting Queries/Microsoft 365 Defender/General queries/insider-threat-detection-queries (7).yaml	28
Hunting Queries/Microsoft 365 Defender/General queries/Detect Azure RemoteIP.yaml	33
Hunting Queries/Microsoft 365 Defender/General queries/Linux Agent Age Report.yaml	27
Hunting Queries/Microsoft 365 Defender/General queries/Machine info from IP address (2).yaml	19
Hunting Queries/Microsoft 365 Defender/General queries/MITRE - Suspicious Events.yaml	70
Hunting Queries/Microsoft 365 Defender/General queries/insider-threat-detection-queries (13).yaml	10
Hunting Queries/Microsoft 365 Defender/General queries/Firewall Policy Design Assistant.yaml	68
Hunting Queries/Microsoft 365 Defender/General queries/Machine info from IP address (3).yaml	22
Hunting Queries/Microsoft 365 Defender/General queries/Services.yaml	12
Hunting Queries/Microsoft 365 Defender/General queries/insider-threat-detection-queries (18).yaml	10
Hunting Queries/Microsoft 365 Defender/General queries/insider-threat-detection-queries (4).yaml	10
Hunting Queries/Microsoft 365 Defender/General queries/insider-threat-detection-queries (9).yaml	10
Hunting Queries/Microsoft 365 Defender/General queries/insider-threat-detection-queries (8).yaml	10
Hunting Queries/Microsoft 365 Defender/General queries/insider-threat-detection-queries (6).yaml	26
Hunting Queries/Microsoft 365 Defender/General queries/System Guard Security Level Drop.yaml	30
Hunting Queries/Microsoft 365 Defender/General queries/Device uptime calculation.yaml	22
Hunting Queries/Microsoft 365 Defender/General queries/File footprint.yaml	25
Hunting Queries/Microsoft 365 Defender/General queries/Network footprint (1).yaml	20
Hunting Queries/Microsoft 365 Defender/General queries/insider-threat-detection-queries (19).yaml	10
Hunting Queries/Microsoft 365 Defender/General queries/Failed Logon Attempt.yaml	18
Hunting Queries/Microsoft 365 Defender/General queries/AppLocker Policy Design Assistant.yaml	45
Hunting Queries/Microsoft 365 Defender/General queries/Network footprint (2).yaml	17
Hunting Queries/Microsoft 365 Defender/General queries/insider-threat-detection-queries (10).yaml	10
Hunting Queries/Microsoft 365 Defender/General queries/Device Count by DNS Suffix.yaml	17
Hunting Queries/Microsoft 365 Defender/General queries/Events surrounding alert (2).yaml	23
Hunting Queries/Microsoft 365 Defender/General queries/Network footprint.yaml	15
Hunting Queries/Microsoft 365 Defender/General queries/insider-threat-detection-queries (5).yaml	10
Hunting Queries/Microsoft 365 Defender/General queries/insider-threat-detection-queries (17).yaml	39
Hunting Queries/Microsoft 365 Defender/General queries/Baseline Comparison.yaml	257
Hunting Queries/Microsoft 365 Defender/General queries/System Guard Security Level Baseline.yaml	19
Hunting Queries/Microsoft 365 Defender/General queries/insider-threat-detection-queries (15).yaml	10
Hunting Queries/Microsoft 365 Defender/General queries/Network info of machine.yaml	22
Hunting Queries/Microsoft 365 Defender/General queries/insider-threat-detection-queries (3).yaml	10
Hunting Queries/Microsoft 365 Defender/General queries/insider-threat-detection-queries (12).yaml	10
Hunting Queries/Microsoft 365 Defender/General queries/insider-threat-detection-queries (1).yaml	10
Hunting Queries/Microsoft 365 Defender/General queries/wifikeys.yaml	17
Hunting Queries/Microsoft 365 Defender/General queries/insider-threat-detection-queries (16).yaml	10
Hunting Queries/Microsoft 365 Defender/General queries/Machine info from IP address (1).yaml	32
Hunting Queries/Microsoft 365 Defender/General queries/Events surrounding alert (3).yaml	27
Hunting Queries/Microsoft 365 Defender/General queries/insider-threat-detection-queries (11).yaml	10
Hunting Queries/Microsoft 365 Defender/Exploits/Linux-DynoRoot-CVE-2018-1111.yaml	23
Hunting Queries/Microsoft 365 Defender/Exploits/CVE-2022-26134-Confluence.yaml	23
Hunting Queries/Microsoft 365 Defender/Exploits/CVE-2022-22965 Network Activity.yaml	17
Hunting Queries/Microsoft 365 Defender/Exploits/print-pooler-service-suspicious-file-creation.yaml	23
Hunting Queries/Microsoft 365 Defender/Exploits/VMWare-LPE-2022-22960.yaml	25
Hunting Queries/Microsoft 365 Defender/Exploits/SolarWinds -CVE-2021-35211.yaml	4
Hunting Queries/Microsoft 365 Defender/Exploits/CVE-2021-36934 usage detection.yaml	4
Hunting Queries/Microsoft 365 Defender/Exploits/MosaicLoader.yaml	15
Hunting Queries/Microsoft 365 Defender/Exploits/Print Spooler RCE/Suspicious files in spool folder.yaml	15
Hunting Queries/Microsoft 365 Defender/Exploits/Print Spooler RCE/Suspicious DLLs in spool folder.yaml	19
Hunting Queries/Microsoft 365 Defender/Exploits/Print Spooler RCE/Suspicious Spoolsv Child Process.yaml	35
Hunting Queries/Microsoft 365 Defender/Exploits/Print Spooler RCE/Spoolsv Spawning Rundll32.yaml	17
Hunting Queries/Microsoft 365 Defender/Exploits/printnightmare-cve-2021-1675 usage detection.yaml	6
Hunting Queries/Microsoft 365 Defender/Exploits/winrar-cve-2018-20250-file-creation.yaml	5
Hunting Queries/Microsoft 365 Defender/Exploits/Electron-CVE-2018-1000006.yaml	25
Hunting Queries/Microsoft 365 Defender/Exploits/winrar-cve-2018-20250-ace-files.yaml	23
Hunting Queries/Microsoft 365 Defender/Exploits/Flash-CVE-2018-4848.yaml	22
Hunting Queries/Microsoft 365 Defender/Exploits/AcroRd-Exploits.yaml	10
Hunting Queries/Microsoft 365 Defender/Exploits/printnightmare-cve-2021-1675 usage detection (1).yaml	6
Hunting Queries/ASimProcess/imProcess_Suspicious_enumeration_using_adfind.yaml	39
Hunting Queries/ASimProcess/imProcess_enumeration_user_and_group.yaml	18
Hunting Queries/ASimProcess/imProcess_NishangReverseTCPShellBase64.yaml	28
Hunting Queries/ASimProcess/imProcess_Invoke-PowerShellTcpOneLine.yaml	27
Hunting Queries/ASimProcess/imProcess_HostExportingMailboxAndRemovingExport.yaml	39
Hunting Queries/ASimProcess/imProcess_Windows System Shutdown-Reboot(T1529).yaml	23
Hunting Queries/ASimProcess/imProcess_ExchangePowerShellSnapin.yaml	27
Hunting Queries/ASimProcess/imProcess_Certutil-LOLBins.yaml	24
Hunting Queries/ASimProcess/inProcess_SignedBinaryProxyExecutionRundll32.yaml	24
Hunting Queries/ASimProcess/imProcess_uncommon_processes.yaml	28
Hunting Queries/ASimProcess/imProcess_ProcessEntropy.yaml	146
Hunting Queries/ASimProcess/imProcess_SolarWindsInventory.yaml	19
Hunting Queries/ASimProcess/imProcess_Dev-0056CommandLineActivityNovember2021(ASIMVersion).yaml	32
Hunting Queries/ASimProcess/Discorddownloadinvokedfromcmdline(ASIMVersion).yaml	47
Hunting Queries/ASimProcess/imProcess_cscript_summary.yaml	21
Hunting Queries/ASimProcess/imProcess_persistence_create_account.yaml	27
Hunting Queries/ASimProcess/imProcess_powershell_downloads.yaml	18
Hunting Queries/ASimProcess/imProcess_PowerCatDownload.yaml	26
Hunting Queries/ASimRegistry/Crashdumpdisabledonhost(ASIMVersion).yaml	34
Hunting Queries/SQLServer/SQL-UserAdded_to_SecurityAdmin.yaml	4
Hunting Queries/SQLServer/SQL-MultipleFailedLogon_InShortSpan.yaml	4
Hunting Queries/SQLServer/SQL-UserRoleChanged.yaml	4
Hunting Queries/SQLServer/SQL-New_UserCreated.yaml	4
Hunting Queries/SQLServer/SQL-UserDeletedFromDatabase.yaml	4
Hunting Queries/SQLServer/SQL-Failed SQL Logons.yaml	4
Hunting Queries/SQLServer/SQL-UserRemovedFromSecurityAdmin.yaml	4
Hunting Queries/SQLServer/SQL-UserRemovedFromServerRole.yaml	4
Hunting Queries/SQLServer/SQL-MultipleFailedLogon_FromSameIP.yaml	4
Hunting Queries/AzureDevOpsAuditing/Project visibility changed to public.yaml	4
Hunting Queries/AzureDevOpsAuditing/ADOReleasePipelineCreated.yaml	4
Hunting Queries/AzureDevOpsAuditing/AAD Conditional Access Disabled.yaml	4
Hunting Queries/AzureDevOpsAuditing/Addtional Org Admin Added.yaml	4
Hunting Queries/AzureDevOpsAuditing/ADOBuildCheckDeleted.yaml	4
Hunting Queries/AzureDevOpsAuditing/ADONewPackageFeedCreated.yaml	4
Hunting Queries/AzureDevOpsAuditing/Guest users access enabled.yaml	4
Hunting Queries/AzureDevOpsAuditing/AzDOPrPolicyBypassers.yaml	4
Hunting Queries/AzureDevOpsAuditing/ADOBuildDeletedAfterPipelineMod.yaml	4
Hunting Queries/AzureDevOpsAuditing/AzDODisplayNameSwapping.yaml	4
Hunting Queries/AzureDevOpsAuditing/Public project created.yaml	4
Hunting Queries/AzureDevOpsAuditing/ADOVariableCreatedDeleted.yaml	4
Hunting Queries/AzureDevOpsAuditing/ADONewReleaseApprover.yaml	4
Hunting Queries/AzureDevOpsAuditing/ADONewAgentPoolCreated.yaml	4
Hunting Queries/AzureDevOpsAuditing/ADOInternalUpstreamPacakgeFeedAdded.yaml	4
Hunting Queries/AzureDevOpsAuditing/ADONewPATOperation.yaml	4
Hunting Queries/AzureDevOpsAuditing/Public Projects enabled.yaml	4
Hunting Queries/DnsEvents/Solorigate-DNS-Pattern.yaml	4
Hunting Queries/DnsEvents/Solorigate-Encoded-Domain-URL.yaml	4
Hunting Queries/DnsEvents/DNS_WannaCry.yaml	4
Hunting Queries/DnsEvents/DNS_DomainAnomalousLookupIncrease.yaml	4
Hunting Queries/DnsEvents/DNS_HighPercentNXDomainCount.yaml	4
Hunting Queries/DnsEvents/DNS_CommonlyAbusedTLDs.yaml	4
Hunting Queries/DnsEvents/DNS_LongURILookup.yaml	4
Hunting Queries/DnsEvents/DNS_FullNameAnomalousLookupIncrease.yaml	4
Hunting Queries/DnsEvents/DNS_HighReverseDNSCount.yaml	4
Hunting Queries/W3CIISLog/WebShellActivity.yaml	4
Hunting Queries/W3CIISLog/SuspectedProxyTokenExploitation.yaml	31
Hunting Queries/W3CIISLog/Potential_IIS_BF.yaml	83
Hunting Queries/W3CIISLog/PotentialWebshell.yaml	5
Hunting Queries/W3CIISLog/SuspectedMailBoxExportHostonOWA.yaml	26
Hunting Queries/W3CIISLog/RareUserAgentStrings.yaml	43
Hunting Queries/W3CIISLog/ExchangeServerProxyLogonURI.yaml	30
Hunting Queries/W3CIISLog/RareClientFileAccess.yaml	52
Hunting Queries/W3CIISLog/ClientIPwithManyUserAgents.yaml	38
Hunting Queries/W3CIISLog/ExchangeServerSuspiciousURIsVisited.yaml	44
Hunting Queries/W3CIISLog/Potential_IIS_CodeInject.yaml	94
Hunting Queries/SigninLogs/DisabledAccountSigninAttempts.yaml	4
Hunting Queries/SigninLogs/riskSignInWithDeviceRegistration.yaml	57
Hunting Queries/SigninLogs/AnomalousUserAppSigninLocationIncrease.yaml	9
Hunting Queries/SigninLogs/UnauthUser_AzurePortal.yaml	17
Hunting Queries/SigninLogs/LowAndSlowPasswordAttempt.yaml	37
Hunting Queries/SigninLogs/DisabledAccountSigninAttemptsByIP.yaml	4
Hunting Queries/SigninLogs/InactiveAccounts.yaml	93
Hunting Queries/SigninLogs/multipleAADAdminRemovals.yaml	34
Hunting Queries/SigninLogs/Signins-from-NordVPN-Providers.yaml	4
Hunting Queries/SigninLogs/SmartLockouts.yaml	26
Hunting Queries/SigninLogs/SignInLogsWithExpandedPolicies.yaml	43
Hunting Queries/SigninLogs/SpikeInFailedSignInAttempts.yaml	42
Hunting Queries/SigninLogs/signinBurstFromMultipleLocations.yaml	70
Hunting Queries/SigninLogs/LoginSpikeWithIncreaseFailureRate.yaml	75
Hunting Queries/SigninLogs/SuspiciousSignintoPrivilegedAccount.yaml	4
Hunting Queries/SigninLogs/AdministratorsAuthenticatingtoAnotherAzureADTenant.yaml	41
Hunting Queries/SigninLogs/UserAccountsMeasurableincreaseofsuccessfulsignins.yaml	66
Hunting Queries/SigninLogs/AnomalousUserAppSigninLocationIncreaseDetail.yaml	11
Hunting Queries/SigninLogs/AADSuspectedBruteForce.yaml	39
Hunting Queries/SigninLogs/SuccessThenFail_SameUserDiffApp.yaml	65
Hunting Queries/SigninLogs/Signins-From-VPS-Providers.yaml	4
Hunting Queries/SigninLogs/SuccessfulAccount-SigninAttemptsByIPviaDisabledAccounts.yaml	58
Hunting Queries/SigninLogs/UserAccounts-BlockedAccounts.yaml	50
Hunting Queries/SigninLogs/MFASpamming.yaml	44
Hunting Queries/SigninLogs/anomalous_app_azuread_signin.yaml	54
Hunting Queries/SigninLogs/MFAUserBlocked.yaml	101
Hunting Queries/GitHub/Inactive or New Account Usage.yaml	43
Hunting Queries/GitHub/Mass Deletion of Repositories .yaml	33
Hunting Queries/GitHub/Unusual Number of Repository Clones.yaml	32
Hunting Queries/GitHub/Suspicious Fork Activity.yaml	37
Hunting Queries/GitHub/Oauth App Restrictions Disabled.yaml	15
Hunting Queries/GitHub/Repository Permission Switched to Public.yaml	15
Hunting Queries/GitHub/User First Time Repository Delete Activity.yaml	24
Hunting Queries/GitHub/Org Repositories Default Permissions Change.yaml	15
Hunting Queries/GitHub/User Grant Access and Grants Other Access.yaml	25
Hunting Queries/GitHub/First Time User Invite and Add Member to Org.yaml	24
Hunting Queries/BehaviorAnalytics/Anomalous Failed Logon.yaml	4
Hunting Queries/BehaviorAnalytics/Anomalous Activity Role Assignment.yaml	4
Hunting Queries/BehaviorAnalytics/Anomalous Role Assignment.yaml	4
Hunting Queries/BehaviorAnalytics/Anomalous Code Execution.yaml	4
Hunting Queries/BehaviorAnalytics/Anomalous Password Reset.yaml	4
Hunting Queries/BehaviorAnalytics/Anomalous Defensive Mechanism Modification.yaml	4
Hunting Queries/BehaviorAnalytics/Anomalous AAD Account Manipulation.yaml	4
Hunting Queries/BehaviorAnalytics/Anomalous Sign-in Activity.yaml	4
Hunting Queries/BehaviorAnalytics/Anomalous Resource Access.yaml	4
Hunting Queries/BehaviorAnalytics/Anomalous Geo Location Logon.yaml	4
Hunting Queries/BehaviorAnalytics/Anomalous Login to Devices.yaml	4
Hunting Queries/BehaviorAnalytics/Anomalous Account Creation.yaml	4
Hunting Queries/BehaviorAnalytics/Anomalous Data Access.yaml	4
Hunting Queries/BehaviorAnalytics/Anomalous RDP Activity.yaml	4
Hunting Queries/AuditLogs/UserGrantedAccess_AllAuditActivity.yaml	90
Hunting Queries/AuditLogs/ConsentToApplicationDiscovery.yaml	99
Hunting Queries/AuditLogs/BitLockerKeyRetrieval.yaml	35
Hunting Queries/AuditLogs/StsRefreshTokenModification.yaml	4
Hunting Queries/AuditLogs/ApprovedAccessPackagesDetails.yaml	61
Hunting Queries/AuditLogs/AccountMFAModifications.yaml	36
Hunting Queries/AuditLogs/AccountAddedtoPrivilegedPIMGroup.yaml	35
Hunting Queries/AuditLogs/NonredeemedGuesUserInvites.yaml	53
Hunting Queries/AuditLogs/RareAuditActivityByUser.yaml	74
Hunting Queries/AuditLogs/UsersAuthenticatingtoOtherAzureADTenants.yaml	30
Hunting Queries/AuditLogs/UserGrantedAccess_GrantsOthersAccess.yaml	4
Hunting Queries/AuditLogs/AppRequiredResourceAccessUpdate.yaml	48
Hunting Queries/AuditLogs/RareAuditActivityByApp.yaml	79
Hunting Queries/CloudAppEvents/SetPolicyConfigInCloudAppEvents.yaml	35
Hunting Queries/ThreatIntelligenceIndicator/FileEntity_Syslog.yaml	4
Hunting Queries/ThreatIntelligenceIndicator/FileEntity_WireData.yaml	4
Hunting Queries/ThreatIntelligenceIndicator/FileEntity_SecurityEvent.yaml	4
Hunting Queries/ThreatIntelligenceIndicator/FileEntity_OfficeActivity.yaml	4
Hunting Queries/ThreatIntelligenceIndicator/FileEntity_VMConnection.yaml	4
Hunting Queries/ZoomLogs/NewTZ.yaml	36
Hunting Queries/ZoomLogs/MultipleRegistrationDenies.yaml	46
Hunting Queries/ZoomLogs/HighCPURoom.yaml	35
Hunting Queries/ZoomLogs/NewDomainAccess.yaml	31
Hunting Queries/LAQueryLogs/MultipleLargeQueriesByUser.yaml	35
Hunting Queries/LAQueryLogs/NewServicePrincipalRunningQueries.yaml	40
Hunting Queries/LAQueryLogs/NewClientRunningQueries.yaml	38
Hunting Queries/LAQueryLogs/QueryDataVolumeAnomolies.yaml	42
Hunting Queries/LAQueryLogs/QueryLookingForSecrets.yaml	40
Hunting Queries/LAQueryLogs/NewUserRunningQueries.yaml	35
Hunting Queries/LAQueryLogs/UserRunningMultipleQueriesThatFail.yaml	34
Hunting Queries/LAQueryLogs/CrossWorkspaceQueryAnomolies.yaml	51
Hunting Queries/LAQueryLogs/UserReturningMoreDataThanDailyAverage.yaml	48
Hunting Queries/LAQueryLogs/CrossServiceADXQueries.yaml	24
Hunting Queries/LAQueryLogs/NewUserCallingSensitiveWatchlist.yaml	36
Hunting Queries/WireData/WireDataBeacon.yaml	54
Hunting Queries/Syslog/Apache_log4j_Vulnerability.yaml	4
Hunting Queries/Syslog/Suspicious_ShellScript_Activity.yaml	4
Hunting Queries/Syslog/Linux_Toolkit_Detected.yaml	4
Hunting Queries/Syslog/SchedTaskEditViaCrontab.yaml	4
Hunting Queries/Syslog/CryptoThreatActivity.yaml	4
Hunting Queries/Syslog/Process_Termination_Activity.yaml	4
Hunting Queries/Syslog/Firewall_Disable_Activity.yaml	4
Hunting Queries/Syslog/SCXExecuteRunAsProviders.yaml	4
Hunting Queries/Syslog/SchedTaskAggregation.yaml	4
Hunting Queries/Syslog/disabled_account_squid_usage.yaml	54
Hunting Queries/Syslog/Base64_Download_Activity.yaml	4
Hunting Queries/Syslog/squid_volume_anomalies.yaml	4
Hunting Queries/Syslog/RareProcess_ForLxHost.yaml	4
Hunting Queries/Syslog/squid_abused_tlds.yaml	4
Hunting Queries/Syslog/squid_malformed_requests.yaml	4
Hunting Queries/Syslog/CryptoCurrencyMiners.yaml	4
Hunting Queries/Syslog/Container_Miner_Activity.yaml	4
Hunting Queries/CommonSecurityLog/NetworkConnectionToNewExternalLDAPServer.yaml	4
Hunting Queries/CommonSecurityLog/RiskyCommandB64EncodedInUrl.yaml	4
Hunting Queries/CommonSecurityLog/AbnormallyLargeJPEGFiledDownloadedfromNewSource.yaml	42
Hunting Queries/CommonSecurityLog/B64IPInURL.yaml	4
Hunting Queries/AWSCloudTrail/AWS_Unused_UnsupportedCloudRegions.yaml	4
Hunting Queries/AWSCloudTrail/AWS_SuspiciousCredentialTokenAccessOfValid_IAM_Roles.yaml	4
Hunting Queries/AWSCloudTrail/AWS_IAM_PolicyChange.yaml	4
Hunting Queries/AWSCloudTrail/AWS_PrivilegedRoleAttachedToInstance.yaml	4
Hunting Queries/AWSCloudTrail/AWS_IAM_PrivilegeEscalationbyAttachment.yaml	4
Hunting Queries/AzureActivity/Rare_Custom_Script_Extension.yaml	3
Hunting Queries/AzureActivity/Anomalous_Listing_Of_Storage_Keys.yaml	3
Hunting Queries/AzureActivity/Azure-CloudShell-Usage.yaml	42
Hunting Queries/AzureActivity/Creating_Anomalous_Number_Of_Resources.yaml	3
Hunting Queries/AzureActivity/Granting_Permissions_to_Account.yaml	3
Hunting Queries/AzureActivity/AzureNSG_AdministrativeOperations.yaml	3
Hunting Queries/AzureActivity/AzureAdministrationFromVPS.yaml	3
Hunting Queries/AzureActivity/AzureSentinelConnectors_AdministrativeOperations.yaml	3
Hunting Queries/AzureActivity/Common_Deployed_Resources.yaml	3
Hunting Queries/AzureActivity/AnalyticsRulesAdministrativeOperations.yaml	3
Hunting Queries/AzureActivity/AzureVirtualNetworkSubnets_AdministrativeOperationset.yaml	2
Hunting Queries/AzureActivity/AzureRunCommandFromAzureIP.yaml	3
Hunting Queries/AzureActivity/AzureSentinelWorkbooks_AdministrativeOperation.yaml	3
Hunting Queries/AzureActivity/AnomalousAzureOperationModel.yaml	3
Hunting Queries/AzureActivity/PortOpenedForAzureResource.yaml	3
Hunting Queries/OfficeActivity/MultipleTeamsDeletes.yaml	4
Hunting Queries/OfficeActivity/ExternalUserFromNewOrgAddedToTeams.yaml	4
Hunting Queries/OfficeActivity/MultipleUsersEmailForwardedToSameDestination.yaml	4
Hunting Queries/OfficeActivity/New_WindowsReservedFileNamesOnOfficeFileServices.yaml	4
Hunting Queries/OfficeActivity/powershell_or_nonbrowser_MailboxLogin.yaml	4
Hunting Queries/OfficeActivity/NewBotAddedToTeams.yaml	3
Hunting Queries/OfficeActivity/sharepoint_downloads.yaml	4
Hunting Queries/OfficeActivity/MultiTeamBot.yaml	4
Hunting Queries/OfficeActivity/double_file_ext_exes.yaml	4
Hunting Queries/OfficeActivity/ExternalUserAddedRemovedInTeams_HuntVersion.yaml	4
Hunting Queries/OfficeActivity/nonowner_MailboxLogin.yaml	4
Hunting Queries/OfficeActivity/new_sharepoint_downloads_by_IP.yaml	4
Hunting Queries/OfficeActivity/new_sharepoint_downloads_by_UserAgent.yaml	4
Hunting Queries/OfficeActivity/UserAddToTeamsAndUploadsFile.yaml	4
Hunting Queries/OfficeActivity/new_adminaccountactivity.yaml	4
Hunting Queries/OfficeActivity/Mail_redirect_via_ExO_transport_rule_hunting.yaml	4
Hunting Queries/OfficeActivity/WindowsReservedFileNamesOnOfficeFileServices.yaml	4
Hunting Queries/OfficeActivity/OfficeMailForwarding_hunting.yaml	4
Hunting Queries/OfficeActivity/MultiTeamOwner.yaml	4
Hunting Queries/OfficeActivity/AnomolousUserAccessingOtherUsersMailbox.yaml	4
Hunting Queries/OfficeActivity/TeamsFilesUploaded.yaml	4
Hunting Queries/SecurityAlert/WebShellFileAlertEnrich.yaml	45
Hunting Queries/SecurityAlert/AlertsWithFile.yaml	42
Hunting Queries/SecurityAlert/WebShellCommandAlertEnrich.yaml	81
Hunting Queries/SecurityAlert/AlertsForIP.yaml	48
Hunting Queries/SecurityAlert/AlertsWithProcess.yaml	41
Hunting Queries/SecurityAlert/AlertsForUser.yaml	37
Hunting Queries/SecurityAlert/AlertsOnHost.yaml	44
Hunting Queries/DeviceProcess/VScodeExtensionofanUser.yaml	45
Summary rules/WebSession/PaloAltoPANOSWebSessionIPSummary.yaml	28
Summary rules/WebSession/FortinetFortigateWebSessionIPSummary.yaml	27
Summary rules/WebSession/ZscalarWebSessionIPSummary.yaml	26
Summary rules/Network/PaloAltoPANOSNetworkSessionIPSummary.yaml	25
Summary rules/Network/ZscalarNetworkSessionIPSummary.yaml	26
Summary rules/Network/FortinetFortigateNetworkSessionIPSummary.yaml	27
Summary rules/DNS/ZscalarDNSEventsIPSummary.yaml	27
Parsers/ASimDhcpEvent/Parsers/ASimDhcpEventNative.yaml	48
Parsers/ASimDhcpEvent/Parsers/vimDhcpEventInfobloxBloxOne.yaml	175
Parsers/ASimDhcpEvent/Parsers/vimDhcpEventNative.yaml	86
Parsers/ASimDhcpEvent/Parsers/ASimDhcpEvent.yaml	36
Parsers/ASimDhcpEvent/Parsers/ASimDhcpEventInfobloxBloxOne.yaml	135
Parsers/ASimDhcpEvent/Parsers/imDhcpEvent.yaml	65
Parsers/ASimDhcpEvent/Parsers/vimDhcpEventEmpty.yaml	132
Parsers/ASimRegistryEvent/Parsers/ASimRegistryEventNative.yaml	47
Parsers/ASimRegistryEvent/Parsers/ASimRegistryEventMicrosoftSysmon.yaml	141
Parsers/ASimRegistryEvent/Parsers/ASimRegistryEventMicrosoftWindowsEvent.yaml	40
Parsers/ASimRegistryEvent/Parsers/ASimRegistryEventMicrosoftSecurityEvent.yaml	50
Parsers/ASimRegistryEvent/Parsers/vimRegistryEventMicrosoftWindowsEvent.yaml	176
Parsers/ASimRegistryEvent/Parsers/ASimRegistryEventVMwareCarbonBlackCloud.yaml	86
Parsers/ASimRegistryEvent/Parsers/vimRegistryEventEmpty.yaml	117
Parsers/ASimRegistryEvent/Parsers/vimRegistryEventVMwareCarbonBlackCloud.yaml	127
Parsers/ASimRegistryEvent/Parsers/vimRegistryEventMicrosoftSysmonWindowsEvent.yaml	160
Parsers/ASimRegistryEvent/Parsers/ASimRegistryEventSentinelOne.yaml	117
Parsers/ASimRegistryEvent/Parsers/vimRegistryEventSentinelOne.yaml	160
Parsers/ASimRegistryEvent/Parsers/ASimRegistryEventMicrosoft365D.yaml	108
Parsers/ASimRegistryEvent/Parsers/vimRegistryEventMicrosoftSysmon.yaml	173
Parsers/ASimRegistryEvent/Parsers/vimRegistryEventMicrosoft365D.yaml	158
Parsers/ASimRegistryEvent/Parsers/vimRegistryEventMicrosoftSecurityEvent.yaml	172
Parsers/ASimRegistryEvent/Parsers/imRegistryEvent.yaml	88
Parsers/ASimRegistryEvent/Parsers/vimRegistryEventNative.yaml	99
Parsers/ASimRegistryEvent/Parsers/vimRegistryEventTrendMicroVisionOne.yaml	100
Parsers/ASimRegistryEvent/Parsers/ASimRegistryEvent.yaml	50
Parsers/ASimRegistryEvent/Parsers/ASimRegistryEventTrendMicroVisionOne.yaml	72
Parsers/ASimRegistryEvent/Parsers/ASimRegistryEventMicrosoftSysmonWindowsEvent.yaml	111
Parsers/PAN_Parser.csl	78
Parsers/ASimUserManagement/Parsers/vimUserManagementMicrosoftWindowsEvent.yaml	243
Parsers/ASimUserManagement/Parsers/ASimUserManagementMicrosoftWindowsEvent.yaml	161
Parsers/ASimUserManagement/Parsers/ASimUserManagementNative.yaml	52
Parsers/ASimUserManagement/Parsers/vimUserManagementMicrosoftSecurityEvent.yaml	257
Parsers/ASimUserManagement/Parsers/vimUserManagementSentinelOne.yaml	221
Parsers/ASimUserManagement/Parsers/ASimUserManagementSentinelOne.yaml	178
Parsers/ASimUserManagement/Parsers/ASimUserManagementLinuxAuthpriv.yaml	318
Parsers/ASimUserManagement/Parsers/imUserManagement.yaml	81
Parsers/ASimUserManagement/Parsers/ASimUserManagementMicrosoftSecurityEvent.yaml	205
Parsers/ASimUserManagement/Parsers/ASimUserManagementCiscoISE.yaml	130
Parsers/ASimUserManagement/Parsers/vimUserManagementEmpty.yaml	146
Parsers/ASimUserManagement/Parsers/vimUserManagementNative.yaml	90
Parsers/ASimUserManagement/Parsers/vimUserManagementLinuxAuthpriv.yaml	411
Parsers/ASimUserManagement/Parsers/ASimUserManagement.yaml	51
Parsers/ASimUserManagement/Parsers/vimUserManagementCiscoISE.yaml	173
Parsers/Epic_Parser.csl	91
Parsers/ASimAuthentication/Parsers/ASimAuthenticationBarracudaWAF.yaml	215
Parsers/ASimAuthentication/Parsers/vimAuthenticationPaloAltoCortexDataLake.yaml	253
Parsers/ASimAuthentication/Parsers/vimAuthenticationOktaV2.yaml	279
Parsers/ASimAuthentication/Parsers/ASimAuthenticationCrowdStrikeFalconHost.yaml	109
Parsers/ASimAuthentication/Parsers/vimAuthenticationCiscoMeraki.yaml	224
Parsers/ASimAuthentication/Parsers/ASimAuthenticationPostgreSQL.yaml	187
Parsers/ASimAuthentication/Parsers/vimAuthenticationEmpty.yaml	153
Parsers/ASimAuthentication/Parsers/vimAuthenticationOktaOSS.yaml	189
Parsers/ASimAuthentication/Parsers/ASimAuthenticationSudo.yaml	119
Parsers/ASimAuthentication/Parsers/ASimAuthenticationOktaOSS.yaml	113
Parsers/ASimAuthentication/Parsers/vimAuthenticationCrowdStrikeFalconHost.yaml	182
Parsers/ASimAuthentication/Parsers/ASimAuthenticationMicrosoftWindowsEvent.yaml	214
Parsers/ASimAuthentication/Parsers/ASimAuthenticationCiscoASA.yaml	226
Parsers/ASimAuthentication/Parsers/vimAuthenticationNative.yaml	105
Parsers/ASimAuthentication/Parsers/vimAuthenticationAADNonInteractive.yaml	194
Parsers/ASimAuthentication/Parsers/vimAuthenticationSudo.yaml	258
Parsers/ASimAuthentication/Parsers/imAuthentication.yaml	115
Parsers/ASimAuthentication/Parsers/ASimAuthenticationCiscoMeraki.yaml	146
Parsers/ASimAuthentication/Parsers/ASimAuthenticationCiscoISE.yaml	257
Parsers/ASimAuthentication/Parsers/ASimAuthenticationOktaV2.yaml	165
Parsers/ASimAuthentication/Parsers/vimAuthenticationCiscoISE.yaml	352
Parsers/ASimAuthentication/Parsers/vimAuthenticationVectraXDRAudit.yaml	136
Parsers/ASimAuthentication/Parsers/vimAuthenticationAADSigninLogs.yaml	203
Parsers/ASimAuthentication/Parsers/ASimAuthenticationSalesforceSC.yaml	347
Parsers/ASimAuthentication/Parsers/vimAuthenticationPostgreSQL.yaml	494
Parsers/ASimAuthentication/Parsers/ASimAuthenticationAADManagedIdentity.yaml	98
Parsers/ASimAuthentication/Parsers/vimAuthenticationAADServicePrincipalSignInLogs.yaml	260
Parsers/ASimAuthentication/Parsers/vimAuthenticationIllumioSaaSCore.yaml	147
Parsers/ASimAuthentication/Parsers/ASimAuthenticationM365Defender.yaml	186
Parsers/ASimAuthentication/Parsers/vimAuthenticationVMwareCarbonBlackCloud.yaml	155
Parsers/ASimAuthentication/Parsers/ASimAuthenticationSentinelOne.yaml	227
Parsers/ASimAuthentication/Parsers/ASimAuthenticationIllumioSaaSCore.yaml	87
Parsers/ASimAuthentication/Parsers/ASimAuthenticationAWSCloudTrail.yaml	112
Parsers/ASimAuthentication/Parsers/ASimAuthenticationVMwareCarbonBlackCloud.yaml	81
Parsers/ASimAuthentication/Parsers/vimAuthenticationSalesforceSC.yaml	446
Parsers/ASimAuthentication/Parsers/ASimAuthenticationAADServicePrincipalSignInLogs.yaml	133
Parsers/ASimAuthentication/Parsers/vimAuthenticationCiscoMerakiSyslog.yaml	232
Parsers/ASimAuthentication/Parsers/vimAuthenticationAADManagedIdentity.yaml	188
Parsers/ASimAuthentication/Parsers/vimAuthenticationGoogleWorkspace.yaml	235
Parsers/ASimAuthentication/Parsers/vimAuthenticationSu.yaml	222
Parsers/ASimAuthentication/Parsers/ASimAuthenticationSu.yaml	110
Parsers/ASimAuthentication/Parsers/ASimAuthenticationPaloAltoCortexDataLake.yaml	172
Parsers/ASimAuthentication/Parsers/vimAuthenticationMicrosoftWindowsEvent.yaml	396
Parsers/ASimAuthentication/Parsers/ASimAuthenticationGoogleWorkspace.yaml	153
Parsers/ASimAuthentication/Parsers/vimAuthenticationSshd.yaml	337
Parsers/ASimAuthentication/Parsers/ASimAuthenticationAADNonInteractive.yaml	103
Parsers/ASimAuthentication/Parsers/ASimAuthenticationVectraXDRAudit.yaml	54
Parsers/ASimAuthentication/Parsers/ASimAuthenticationCiscoMerakiSyslog.yaml	155
Parsers/ASimAuthentication/Parsers/vimAuthenticationCiscoASA.yaml	351
Parsers/ASimAuthentication/Parsers/vimAuthenticationSentinelOne.yaml	323
Parsers/ASimAuthentication/Parsers/ASimAuthenticationAADSigninLogs.yaml	111
Parsers/ASimAuthentication/Parsers/ASimAuthenticationMicrosoftMD4IoT.yaml	63
Parsers/ASimAuthentication/Parsers/vimAuthenticationBarracudaWAF.yaml	315
Parsers/ASimAuthentication/Parsers/ASimAuthentication.yaml	86
Parsers/ASimAuthentication/Parsers/ASimAuthenticationNative.yaml	43
Parsers/ASimAuthentication/Parsers/vimAuthenticationMicrosoftMD4IoT.yaml	144
Parsers/ASimAuthentication/Parsers/ASimAuthenticationSshd.yaml	210
Parsers/ASimAuthentication/Parsers/vimAuthenticationAWSCloudTrail.yaml	223
Parsers/ASimAuthentication/Parsers/vimAuthenticationM365Defender.yaml	386
Parsers/ASimFileEvent/Parsers/ASimFileEventMicrosoft365D.yaml	130
Parsers/ASimFileEvent/Parsers/vimFileEventLinuxSysmonFileCreated.yaml	151
Parsers/ASimFileEvent/Parsers/ASimFileEventLinuxSysmonFileCreated.yaml	72
Parsers/ASimFileEvent/Parsers/ASimFileEventAzureQueueStorage.yaml	94
Parsers/ASimFileEvent/Parsers/vimFileEventM365D.yaml	207
Parsers/ASimFileEvent/Parsers/vimFileEventNative.yaml	111
Parsers/ASimFileEvent/Parsers/vimFileEventMicrosoftSysmon.yaml	178
Parsers/ASimFileEvent/Parsers/vimFileEventEmpty.yaml	161
Parsers/ASimFileEvent/Parsers/ASimFileEventLinuxSysmonFileDeleted.yaml	94
Parsers/ASimFileEvent/Parsers/ASimFileEvent.yaml	64
Parsers/ASimFileEvent/Parsers/vimFileEventMicrosoftSharePoint.yaml	232
Parsers/ASimFileEvent/Parsers/vimFileEventAzureFileStorage.yaml	152
Parsers/ASimFileEvent/Parsers/ASimFileEventSentinelOne.yaml	125
Parsers/ASimFileEvent/Parsers/ASimFileEventNative.yaml	53
Parsers/ASimFileEvent/Parsers/ASimFileEventAzureFileStorage.yaml	69
Parsers/ASimFileEvent/Parsers/vimFileEventMicrosoftWindowsEvents.yaml	190
Parsers/ASimFileEvent/Parsers/vimFileEventGoogleWorkspace.yaml	343
Parsers/ASimFileEvent/Parsers/ASimFileEventMicrosoftSharePoint.yaml	147
Parsers/ASimFileEvent/Parsers/ASimFileEventGoogleWorkspace.yaml	285
Parsers/ASimFileEvent/Parsers/vimFileEventAzureBlobStorage.yaml	144
Parsers/ASimFileEvent/Parsers/ASimFileEventVMwareCarbonBlackCloud.yaml	154
Parsers/ASimFileEvent/Parsers/vimFileEventSentinelOne.yaml	172
Parsers/ASimFileEvent/Parsers/vimFileEventMicrosoftSecurityEvents.yaml	184
Parsers/ASimFileEvent/Parsers/imFileEvent.yaml	109
Parsers/ASimFileEvent/Parsers/ASimFileEventAzureTableStorage.yaml	69
Parsers/ASimFileEvent/Parsers/vimFileEventAzureQueueStorage.yaml	153
Parsers/ASimFileEvent/Parsers/vimFileEventAzureTableStorage.yaml	156
Parsers/ASimFileEvent/Parsers/vimFileEventMicrosoftSysmonWindowsEvent.yaml	169
Parsers/ASimFileEvent/Parsers/ASimFileEventAzureBlobStorage.yaml	85
Parsers/ASimFileEvent/Parsers/ASimFileEventMicrosoftWindowsEvents.yaml	91
Parsers/ASimFileEvent/Parsers/ASimFileEventMicrosoftSysmonWindowsEvent.yaml	96
Parsers/ASimFileEvent/Parsers/vimFileEventLinuxSysmonFileDeleted.yaml	154
Parsers/ASimFileEvent/Parsers/ASimFileEventMicrosoftSecurityEvents.yaml	81
Parsers/ASimFileEvent/Parsers/ASimFileEventMicrosoftSysmon.yaml	104
Parsers/ASimFileEvent/Parsers/vimFileEventVMwareCarbonBlackCloud.yaml	211
Parsers/ASimDns/Parsers/vimDnsZscalerZIA.yaml	132
Parsers/ASimDns/Parsers/ASimDnsFortinetFortigate.yaml	214
Parsers/ASimDns/Parsers/vimDnsGcp.yaml	114
Parsers/ASimDns/Parsers/ASimDnsSentinelOne.yaml	196
Parsers/ASimDns/Parsers/vimDnsInfobloxBloxOne.yaml	285
Parsers/ASimDns/Parsers/ASimDns.yaml	59
Parsers/ASimDns/Parsers/ASimDnsInfobloxBloxOne.yaml	229
Parsers/ASimDns/Parsers/ASimDnsCorelightZeek.yaml	204
Parsers/ASimDns/Parsers/vimDnsInfobloxNIOS.yaml	209
Parsers/ASimDns/Parsers/vimDnsEmpty.yaml	173
Parsers/ASimDns/Parsers/ASimDnsVectraAI.yaml	114
Parsers/ASimDns/Parsers/vimDnsVectraAI.yaml	144
Parsers/ASimDns/Parsers/ASimDnsCiscoUmbrella.yaml	65
Parsers/ASimDns/Parsers/ASimDnsMicrosoftSysmonWindowsEvent.yaml	109
Parsers/ASimDns/Parsers/vimDnsFortinetFortigate.yaml	273
Parsers/ASimDns/Parsers/vimDnsMicrosoftNXlog.yaml	335
Parsers/ASimDns/Parsers/vimDnsMicrosoftSysmonWindowsEvent.yaml	165
Parsers/ASimDns/Parsers/vimDnsCorelightZeek.yaml	256
Parsers/ASimDns/Parsers/ASimDnsAzureFirewall.yaml	110
Parsers/ASimDns/Parsers/vimDnsSentinelOne.yaml	248
Parsers/ASimDns/Parsers/vimDnsMicrosoftOMS.yaml	256
Parsers/ASimDns/Parsers/ASimDnsMicrosoftNXlog.yaml	280
Parsers/ASimDns/Parsers/ASimDnsInfobloxNIOS.yaml	92
Parsers/ASimDns/Parsers/ASimDnsMicrosoftOMS.yaml	206
Parsers/ASimDns/Parsers/vimDnsCiscoUmbrella.yaml	108
Parsers/ASimDns/Parsers/vimDnsMicrosoftSysmon.yaml	180
Parsers/ASimDns/Parsers/vimDnsAzureFirewall.yaml	189
Parsers/ASimDns/Parsers/imDns.yaml	86
Parsers/ASimDns/Parsers/vimDnsNative.yaml	103
Parsers/ASimDns/Parsers/ASimDnsZscalerZIA.yaml	87
Parsers/ASimDns/Parsers/ASimDnsNative.yaml	58
Parsers/ASimDns/Parsers/ASimDnsGcp.yaml	73
Parsers/ASimDns/Parsers/ASimDnsMicrosoftSysmon.yaml	118
Parsers/AS-McAfeeSolidcore/AS-McAfeeSolidcore.yaml	22
Parsers/Netscaler_parser.csl	66
Parsers/AS-StealthDefend/AS-StealthDefend.yaml	20
Parsers/ASimProcessEvent/Parsers/vimProcessCreateMicrosoftSysmon.yaml	215
Parsers/ASimProcessEvent/Parsers/ASimProcessEventTerminate.yaml	41
Parsers/ASimProcessEvent/Parsers/ASimProcessTerminateMicrosoftSysmonWindowsEvent.yaml	59
Parsers/ASimProcessEvent/Parsers/imProcessEvent.yaml	106
Parsers/ASimProcessEvent/Parsers/vimProcessTerminateMicrosoftSysmonWindowsEvent.yaml	161
Parsers/ASimProcessEvent/Parsers/vimProcessCreateMicrosoftSysmonWidowsEvent.yaml	200
Parsers/ASimProcessEvent/Parsers/ASimProcessTerminateMicrosoftSysmon.yaml	83
Parsers/ASimProcessEvent/Parsers/vimProcessEventMicrosoft365D.yaml	176
Parsers/ASimProcessEvent/Parsers/ASimProcessCreateTrendMicroVisionOne.yaml	134
Parsers/ASimProcessEvent/Parsers/ASimProcessEventCreate.yaml	45
Parsers/ASimProcessEvent/Parsers/vimProcessCreateTrendMicroVisionOne.yaml	200
Parsers/ASimProcessEvent/Parsers/vimProcessCreateMicrosoftWindowsEvents.yaml	148
Parsers/ASimProcessEvent/Parsers/imProcessTerminate.yaml	79
Parsers/ASimProcessEvent/Parsers/ASimProcessEventMD4IoT.yaml	62
Parsers/ASimProcessEvent/Parsers/ASimProcessTerminateVMwareCarbonBlackCloud.yaml	112
Parsers/ASimProcessEvent/Parsers/ASimProcessCreateMicrosoftSecurityEvents.yaml	106
Parsers/ASimProcessEvent/Parsers/ASimProcessCreateMicrosoftWindowsEvents.yaml	76
Parsers/ASimProcessEvent/Parsers/vimProcessEventMD4IoT.yaml	122
Parsers/ASimProcessEvent/Parsers/vimProcessTerminateMD4IoT.yaml	123
Parsers/ASimProcessEvent/Parsers/vimProcessCreateSentinelOne.yaml	234
Parsers/ASimProcessEvent/Parsers/vimProcessTerminateVMwareCarbonBlackCloud.yaml	187
Parsers/ASimProcessEvent/Parsers/ASimProcessCreateMicrosoftSysmon.yaml	131
Parsers/ASimProcessEvent/Parsers/vimProcessCreateMD4IoT.yaml	123
Parsers/ASimProcessEvent/Parsers/vimProcessTerminateMicrosoftSecurityEvents.yaml	118
Parsers/ASimProcessEvent/Parsers/ASimProcessTerminateMicrosoftSecurityEvents.yaml	67
Parsers/ASimProcessEvent/Parsers/ASimProcessCreateLinuxSysmon.yaml	107
Parsers/ASimProcessEvent/Parsers/imProcessCreate.yaml	88
Parsers/ASimProcessEvent/Parsers/ASimProcessCreateSentinelOne.yaml	153
Parsers/ASimProcessEvent/Parsers/ASimProcessTerminateMicrosoftWindowsEvents.yaml	58
Parsers/ASimProcessEvent/Parsers/vimProcessTerminateMicrosoftWindowsEvents.yaml	133
Parsers/ASimProcessEvent/Parsers/ASimProcessEventMicrosoft365D.yaml	93
Parsers/ASimProcessEvent/Parsers/ASimProcessTerminateLinuxSysmon.yaml	58
Parsers/ASimProcessEvent/Parsers/vimProcessEmpty.yaml	177
Parsers/ASimProcessEvent/Parsers/vimProcessTerminateLinuxSysmon.yaml	117
Parsers/ASimProcessEvent/Parsers/vimProcessCreateMicrosoftSecurityEvents.yaml	184
Parsers/ASimProcessEvent/Parsers/ASimProcessCreateMicrosoftSysmonWindowsEvent.yaml	114
Parsers/ASimProcessEvent/Parsers/vimProcessCreateLinuxSysmon.yaml	171
Parsers/ASimProcessEvent/Parsers/ASimProcessCreateVMwareCarbonBlackCloud.yaml	250
Parsers/ASimProcessEvent/Parsers/ASimProcessEventNative.yaml	49
Parsers/ASimProcessEvent/Parsers/vimProcessEventNative.yaml	137
Parsers/ASimProcessEvent/Parsers/ASimProcessEvent.yaml	59
Parsers/ASimProcessEvent/Parsers/vimProcessCreateVMwareCarbonBlackCloud.yaml	331
Parsers/ASimProcessEvent/Parsers/vimProcessTerminateMicrosoftSysmon.yaml	146
Parsers/ASimAuditEvent/Parsers/vimAuditEventBarracudaWAF.yaml	205
Parsers/ASimAuditEvent/Parsers/ASimAuditEventVectraXDRAudit.yaml	54
Parsers/ASimAuditEvent/Parsers/ASimAuditEventMicrosoftSecurityEvents.yaml	201
Parsers/ASimAuditEvent/Parsers/ASimAuditEvent.yaml	63
Parsers/ASimAuditEvent/Parsers/ASimAuditEventCiscoMerakiSyslog.yaml	225
Parsers/ASimAuditEvent/Parsers/ASimAuditEventMicrosoftEvent.yaml	184
Parsers/ASimAuditEvent/Parsers/ASimAuditEventMicrosoftExchangeAdmin365.yaml	122
Parsers/ASimAuditEvent/Parsers/ASimAuditEventVMwareCarbonBlackCloud.yaml	316
Parsers/ASimAuditEvent/Parsers/ASimAuditEventCrowdStrikeFalconHost.yaml	160
Parsers/ASimAuditEvent/Parsers/vimAuditEventVectraXDRAudit.yaml	74
Parsers/ASimAuditEvent/Parsers/imAuditEvent.yaml	93
Parsers/ASimAuditEvent/Parsers/ASimAuditEventCiscoMeraki.yaml	219
Parsers/ASimAuditEvent/Parsers/vimAuditEventVMwareCarbonBlackCloud.yaml	375
Parsers/ASimAuditEvent/Parsers/vimAuditEventIllumioSaaSCore.yaml	434
Parsers/ASimAuditEvent/Parsers/vimAuditEventEmpty.yaml	146
Parsers/ASimAuditEvent/Parsers/ASimAuditEventBarracudaWAF.yaml	159
Parsers/ASimAuditEvent/Parsers/vimAuditEventNative.yaml	103
Parsers/ASimAuditEvent/Parsers/vimAuditEventCrowdStrikeFalconHost.yaml	217
Parsers/ASimAuditEvent/Parsers/vimAuditEventBarracudaCEF.yaml	205
Parsers/ASimAuditEvent/Parsers/vimAuditEventMicrosoftSecurityEvents.yaml	288
Parsers/ASimAuditEvent/Parsers/vimAuditEventInfobloxBloxOne.yaml	179
Parsers/ASimAuditEvent/Parsers/ASimAuditEventNative.yaml	44
Parsers/ASimAuditEvent/Parsers/ASimAuditEventBarracudaCEF.yaml	160
Parsers/ASimAuditEvent/Parsers/vimAuditEventCiscoISE.yaml	360
Parsers/ASimAuditEvent/Parsers/ASimAuditEventCiscoISE.yaml	295
Parsers/ASimAuditEvent/Parsers/vimAuditEventMicrosoftWindowsEvents.yaml	282
Parsers/ASimAuditEvent/Parsers/vimAuditEventMicrosoftExchangeAdmin365.yaml	191
Parsers/ASimAuditEvent/Parsers/ASimAuditEventInfobloxBloxOne.yaml	143
Parsers/ASimAuditEvent/Parsers/vimAuditEventAzureAdminActivity.yaml	216
Parsers/ASimAuditEvent/Parsers/ASimAuditEventAzureAdminActivity.yaml	155
Parsers/ASimAuditEvent/Parsers/vimAuditEventCiscoMeraki.yaml	257
Parsers/ASimAuditEvent/Parsers/ASimAuditEventIllumioSaaSCore.yaml	375
Parsers/ASimAuditEvent/Parsers/vimAuditEventMicrosoftEvent.yaml	260
Parsers/ASimAuditEvent/Parsers/ASimAuditEventMicrosoftWindowsEvents.yaml	196
Parsers/ASimAuditEvent/Parsers/vimAuditEventCiscoMerakiSyslog.yaml	263
Parsers/ASimNetworkSession/ASimNetworkSessionV1/ProductParsers/NetworkSessionCheckPoint.yaml	69
Parsers/ASimNetworkSession/ASimNetworkSessionV1/ProductParsers/NetworkSessionPaloAltoPanOS.yaml	107
Parsers/ASimNetworkSession/ASimNetworkSessionV1/ProductParsers/NetworkSessionMicrosoft365Defender.yaml	65
Parsers/ASimNetworkSession/ASimNetworkSessionV1/ProductParsers/NetworkSessionMicrosoftWindowsFirewall.yaml	40
Parsers/ASimNetworkSession/ASimNetworkSessionV1/ProductParsers/NetworkSessionMicrosoftWireData.yaml	49
Parsers/ASimNetworkSession/ASimNetworkSessionV1/ProductParsers/NetworkSessionCiscoASA.yaml	37
Parsers/ASimNetworkSession/ASimNetworkSessionV1/ProductParsers/NetworkSessionZScalerZIA.yaml	70
Parsers/ASimNetworkSession/ASimNetworkSessionV1/NetworkSessionGeneric.yaml	27
Parsers/ASimNetworkSession/ASimNetworkSessionV1/NetworkSessionEmpty.yaml	143
Parsers/ASimNetworkSession/Parsers/vimNetworkSessionVMConnection.yaml	260
Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionPaloAltoCEF.yaml	131
Parsers/ASimNetworkSession/Parsers/vimNetworkSessionAppGateSDP.yaml	232
Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionCiscoMeraki.yaml	382
Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionMicrosoftLinuxSysmon.yaml	120
Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionVectraAI.yaml	134
Parsers/ASimNetworkSession/Parsers/vimNetworkSessionMicrosoftSecurityEventFirewall.yaml	295
Parsers/ASimNetworkSession/Parsers/vimNetworkSessionPaloAltoCEF.yaml	180
Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionNative.yaml	54
Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionVMConnection.yaml	153
Parsers/ASimNetworkSession/Parsers/vimNetworkSessionMicrosoft365Defender.yaml	274
Parsers/ASimNetworkSession/Parsers/vimNetworkSessionVMwareCarbonBlackCloud.yaml	331
Parsers/ASimNetworkSession/Parsers/vimNetworkSessionCiscoMerakiSyslog.yaml	454
Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionCheckPointFirewall.yaml	268
Parsers/ASimNetworkSession/Parsers/vimNetworkSessionCiscoFirepower.yaml	318
Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionMicrosoftSecurityEventFirewall.yaml	173
Parsers/ASimNetworkSession/Parsers/vimNetworkSessionzScalerZIA.yaml	168
Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionForcePointFirewall.yaml	341
Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionCiscoMerakiSyslog.yaml	386
Parsers/ASimNetworkSession/Parsers/vimNetworkSessionMicrosoftWindowsEventFirewall.yaml	196
Parsers/ASimNetworkSession/Parsers/vimNetworkSessionFortinetFortiGate.yaml	176
Parsers/ASimNetworkSession/Parsers/vimNetworkSessionNative.yaml	128
Parsers/ASimNetworkSession/Parsers/vimNetworkSessionForcePointFirewall.yaml	416
Parsers/ASimNetworkSession/Parsers/vimNetworkSessionIllumioSaaSCore.yaml	385
Parsers/ASimNetworkSession/Parsers/vimNetworkSessionMicrosoftLinuxSysmon.yaml	204
Parsers/ASimNetworkSession/Parsers/vimNetworkSessionSonicWallFirewall.yaml	435
Parsers/ASimNetworkSession/Parsers/vimNetworkSessionSentinelOne.yaml	228
Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionMD4IoTAgent.yaml	122
Parsers/ASimNetworkSession/Parsers/vimNetworkSessionAzureNSG.yaml	155
Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionSentinelOne.yaml	153
Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionAzureFirewall.yaml	99
Parsers/ASimNetworkSession/Parsers/vimNetworkSessionCorelightZeek.yaml	190
Parsers/ASimNetworkSession/Parsers/vimNetworkSessionEmpty.yaml	164
Parsers/ASimNetworkSession/Parsers/vimNetworkSessionMicrosoftSysmon.yaml	204
Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionCiscoISE.yaml	159
Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionMicrosoftSysmonWindowsEvent.yaml	121
Parsers/ASimNetworkSession/Parsers/vimNetworkSessionMD4IoTSensor.yaml	137
Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionIllumioSaaSCore.yaml	306
Parsers/ASimNetworkSession/Parsers/vimNetworkSessionAWSVPC.yaml	292
Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionMicrosoftWindowsEventFirewall.yaml	135
Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionzScalerZIA.yaml	110
Parsers/ASimNetworkSession/Parsers/imNetworkSession.yaml	140
Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionBarracudaWAF.yaml	132
Parsers/ASimNetworkSession/Parsers/vimNetworkSessionCheckPointFirewall.yaml	325
Parsers/ASimNetworkSession/Parsers/vimNetworkSessionBarracudaCEF.yaml	205
Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionMicrosoftSysmon.yaml	126
Parsers/ASimNetworkSession/Parsers/vimNetworkSessionCiscoISE.yaml	226
Parsers/ASimNetworkSession/Parsers/vimNetworkSessionMicrosoftSysmonWindowsEvent.yaml	195
Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionBarracudaCEF.yaml	158
Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionVMwareCarbonBlackCloud.yaml	250
Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionCiscoASA.yaml	461
Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionMD4IoTSensor.yaml	67
Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionAppGateSDP.yaml	158
Parsers/ASimNetworkSession/Parsers/vimNetworkSessionCiscoMeraki.yaml	450
Parsers/ASimNetworkSession/Parsers/vimNetworkSessionCiscoASA.yaml	590
Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionSonicWallFirewall.yaml	385
Parsers/ASimNetworkSession/Parsers/vimNetworkSessionAzureFirewall.yaml	190
Parsers/ASimNetworkSession/Parsers/vimNetworkSessionWatchGuardFirewareOS.yaml	207
Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionAWSVPC.yaml	230
Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionCiscoFirepower.yaml	242
Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionFortinetFortiGate.yaml	120
Parsers/ASimNetworkSession/Parsers/vimNetworkSessionCrowdStrikeFalconHost.yaml	393
Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionAzureNSG.yaml	82
Parsers/ASimNetworkSession/Parsers/ASimNetworkSession.yaml	103
Parsers/ASimNetworkSession/Parsers/vimNetworkSessionMD4IoTAgent.yaml	208
Parsers/ASimNetworkSession/Parsers/vimNetworkSessionBarracudaWAF.yaml	204
Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionWatchGuardFirewareOS.yaml	130
Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionCrowdStrikeFalconHost.yaml	296
Parsers/ASimNetworkSession/Parsers/vimNetworkSessionVectraAI.yaml	196
Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionCorelightZeek.yaml	129
Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionMicrosoft365Defender.yaml	194
Parsers/ASimWebSession/Parsers/ASimWebSessionFortinetFortiGate.yaml	151
Parsers/ASimWebSession/Parsers/ASimWebSessionVectraAI.yaml	132
Parsers/ASimWebSession/Parsers/ASimWebSessionCitrixNetScaler.yaml	154
Parsers/ASimWebSession/Parsers/ASimWebSessionBarracudaCEF.yaml	181
Parsers/ASimWebSession/Parsers/ASimWebSessionCiscoMeraki.yaml	186
Parsers/ASimWebSession/Parsers/ASimWebSessionNative.yaml	73
Parsers/ASimWebSession/Parsers/vimWebSessionCitrixNetScaler.yaml	219
Parsers/ASimWebSession/Parsers/vimWebSessionCiscoMeraki.yaml	248
Parsers/ASimWebSession/Parsers/vimWebSessionSonicWallFirewall.yaml	457
Parsers/ASimWebSession/Parsers/imWebSession.yaml	105
Parsers/ASimWebSession/Parsers/ASimWebSessionF5ASM.yaml	74
Parsers/ASimWebSession/Parsers/vimWebSessionIIS.yaml	139
Parsers/ASimWebSession/Parsers/vimWebSessionApacheHTTPServer.yaml	135
Parsers/ASimWebSession/Parsers/vimWebSessionBarracudaWAF.yaml	262
Parsers/ASimWebSession/Parsers/ASimWebSessionApacheHTTPServer.yaml	71
Parsers/ASimWebSession/Parsers/ASimWebSessionSquidProxy.yaml	79
Parsers/ASimWebSession/Parsers/ASimWebSessionCiscoFirepower.yaml	204
Parsers/ASimWebSession/Parsers/vimWebSessionzScalerZIA.yaml	194
Parsers/ASimWebSession/Parsers/vimWebSessionSquidProxy.yaml	141
Parsers/ASimWebSession/Parsers/vimWebSessionCiscoFirepower.yaml	268
Parsers/ASimWebSession/Parsers/vimWebSessionEmpty.yaml	179
Parsers/ASimWebSession/Parsers/vimWebSessionNative.yaml	126
Parsers/ASimWebSession/Parsers/ASimWebSessionSonicWallFirewall.yaml	407
Parsers/ASimWebSession/Parsers/vimWebSessionBarracudaCEF.yaml	246
Parsers/ASimWebSession/Parsers/ASimWebSessionBarracudaWAF.yaml	195
Parsers/ASimWebSession/Parsers/vimWebSessionVectraAI.yaml	196
Parsers/ASimWebSession/Parsers/vimWebSessionFortinetFortiGate.yaml	212
Parsers/ASimWebSession/Parsers/ASimWebSession.yaml	64
Parsers/ASimWebSession/Parsers/ASimWebSessionIIS.yaml	87
Parsers/ASimWebSession/Parsers/vimWebSessionF5ASM.yaml	163
Parsers/ASimWebSession/Parsers/ASimWebSessionzScalerZIA.yaml	123
Parsers/ASimAlertEvent/Parsers/vimAlertEventMicrosoftDefenderXDR.yaml	228
Parsers/ASimAlertEvent/Parsers/ASimAlertEventMicrosoftDefenderXDR.yaml	174
Parsers/ASimAlertEvent/Parsers/ASimAlertEvent.yaml	36
Parsers/ASimAlertEvent/Parsers/vimAlertEventSentinelOneSingularity.yaml	176
Parsers/ASimAlertEvent/Parsers/vimAlertEventEmpty.yaml	129
Parsers/ASimAlertEvent/Parsers/imAlertEvent.yaml	78
Parsers/ASimAlertEvent/Parsers/ASimAlertEventSentinelOneSingularity.yaml	113
Solutions/ForgeRock Common Audit for CEF/Parsers/ForgeRockParser.yaml	12
Solutions/Microsoft Defender for Cloud Apps/Analytic Rules/AdditionalFilesUploadedByActor.yaml	51
Solutions/NetClean ProActive/Analytic Rules/NetClean_Sentinel_analytic_rule.yaml	45
Solutions/Watchguard Firebox/Parsers/WatchGuardFirebox.yaml	45
Solutions/CiscoWSA/Hunting Queries/CiscoWSARareApplications.yaml	26
Solutions/CiscoWSA/Hunting Queries/CiscoWSAUrlShortenerLinks.yaml	32
Solutions/CiscoWSA/Hunting Queries/CiscoWSAUncategorizedResources.yaml	32
Solutions/CiscoWSA/Hunting Queries/CiscoWSAUploadedFiles.yaml	25
Solutions/CiscoWSA/Hunting Queries/CiscoWSAUrlRareErrorUrl.yaml	27
Solutions/CiscoWSA/Hunting Queries/CiscoWSATopResources.yaml	27
Solutions/CiscoWSA/Hunting Queries/CiscoWSAUrlUsersWithErrors.yaml	30
Solutions/CiscoWSA/Hunting Queries/CiscoWSATopApplications.yaml	23
Solutions/CiscoWSA/Hunting Queries/CiscoWSABlockedFiles.yaml	24
Solutions/CiscoWSA/Hunting Queries/CiscoWSAUrlSuspiciousResources.yaml	32
Solutions/CiscoWSA/Parsers/CiscoWSAEvent.yaml	141
Solutions/CiscoWSA/Analytic Rules/CiscoWSAUnexpectedUrl.yaml	34
Solutions/CiscoWSA/Analytic Rules/CiscoWSAMultipleErrorsToUrl.yaml	36
Solutions/CiscoWSA/Analytic Rules/CiscoWSAPublicIPSource.yaml	30
Solutions/CiscoWSA/Analytic Rules/CiscoWSAUnscannableFile.yaml	38
Solutions/CiscoWSA/Analytic Rules/CiscoWSADataExfiltration.yaml	36
Solutions/CiscoWSA/Analytic Rules/CiscoWSAAccessToUnwantedSite.yaml	31
Solutions/CiscoWSA/Analytic Rules/CiscoWSAMultipleErrorsToUnwantedCategory.yaml	40
Solutions/CiscoWSA/Analytic Rules/CiscoWSAMultipleUnwantedFileTypes.yaml	36
Solutions/CiscoWSA/Analytic Rules/CiscoWSAProtocolAbuse.yaml	34
Solutions/CiscoWSA/Analytic Rules/CiscoWSAMultipleInfectedFiles.yaml	36
Solutions/CiscoWSA/Analytic Rules/CiscoWSAUnexpectedFileType.yaml	36
Solutions/Google Cloud Platform Cloud Monitoring/Parsers/GCP_MONITOR.yaml	23
Solutions/Google Cloud Platform Cloud Monitoring/Data Connectors/AzureFunctionGCPMonitor/sentinel_connector_async.py	80
Solutions/Google Cloud Platform Cloud Monitoring/Data Connectors/AzureFunctionGCPMonitor/main.py	125
Solutions/Google Cloud Platform Cloud Monitoring/Data Connectors/AzureFunctionGCPMonitor/state_manager.py	18
Solutions/VMware vCenter/Parsers/vCenter.yaml	31
Solutions/VMware vCenter/Analytic Rules/vCenter-Root impersonation.yaml	29
Solutions/VMware vCenter/Analytic Rules/vCenterRootLogin.yaml	37
Solutions/Exabeam Advanced Analytics/Parsers/ExabeamEvent.yaml	104
Solutions/OpenVPN/Parsers/OpenVpnEvent.yaml	34
Solutions/AbnormalSecurity/Data Connectors/SentinelFunctionsOrchestrator/__init__.py	143
Solutions/AbnormalSecurity/Data Connectors/SentinelFunctionsOrchestrator/sentinel_connector_async.py	96
Solutions/AbnormalSecurity/Data Connectors/SentinelFunctionsOrchestrator/soar_connector_async_v2.py	230
Solutions/AbnormalSecurity/Data Connectors/SentinelFunctionsOrchestrator/soar_connector_async_v2_local_run.py	75
Solutions/AbnormalSecurity/Data Connectors/SentinelFunctionsOrchestrator/soar_connector_async.py	193
Solutions/AbnormalSecurity/Data Connectors/SentinelFunctionsOrchestrator/utils.py	135
Solutions/AbnormalSecurity/Data Connectors/SentinelTimerTrigger/__init__.py	13
Solutions/AbnormalSecurity/Data Connectors/SoarDatetimeEntity/__init__.py	30
Solutions/CTERA/Hunting Queries/AccessDenied.yaml	40
Solutions/CTERA/Hunting Queries/BatchDeletions.yaml	40
Solutions/CTERA/Hunting Queries/BatchPermissionChanges.yaml	40
Solutions/CTERA/Analytic Rules/MassPermissionChanges.yaml	65
Solutions/CTERA/Analytic Rules/InfectedFileDetected.yaml	49
Solutions/CTERA/Analytic Rules/RansomwareUserBlocked.yaml	50
Solutions/CTERA/Analytic Rules/MassAccessDenied.yaml	65
Solutions/CTERA/Analytic Rules/RansomwareDetected.yaml	48
Solutions/CTERA/Analytic Rules/MassDeletions.yaml	65
Solutions/MailGuard 365/Hunting Queries/MailGuard365PhishingThreats.yaml	28
Solutions/MailGuard 365/Hunting Queries/MailGuard365MalwareThreats.yaml	31
Solutions/MailGuard 365/Hunting Queries/MailGuard365HighConfidenceThreats.yaml	25
Solutions/Cribl/Parsers/CriblUIAccess.yaml	29
Solutions/Cribl/Parsers/CriblInternal.yaml	32
Solutions/Cribl/Parsers/CriblAccess.yaml	20
Solutions/Cribl/Parsers/CriblAudit.yaml	31
Solutions/Cisco ACI/Parsers/CiscoACIEvent.yaml	27
Solutions/TenableIO/Parsers/TenableIOAssets.yaml	129
Solutions/TenableIO/Parsers/TenableIOVulnerabilities.yaml	220
Solutions/TenableIO/Data Connectors/TenableVulnExportStatusAndSendChunks/__init__.py	68
Solutions/TenableIO/Data Connectors/TenableAssetExportOrchestrator/__init__.py	69
Solutions/TenableIO/Data Connectors/TenableProcessFailedAssetChunkFromQueue/__init__.py	35
Solutions/TenableIO/Data Connectors/TenableProcessVulnChunkFromQueue/__init__.py	71
Solutions/TenableIO/Data Connectors/tenable_helper.py	87
Solutions/TenableIO/Data Connectors/exports_queue.py	28
Solutions/TenableIO/Data Connectors/exports_store.py	136
Solutions/TenableIO/Data Connectors/TenableGenerateJobStats/__init__.py	136
Solutions/TenableIO/Data Connectors/TenableProcessAssetChunkFromQueue/__init__.py	68
Solutions/TenableIO/Data Connectors/TenableCleanTables/__init__.py	35
Solutions/TenableIO/Data Connectors/TenableAssetExportStatusAndSendChunks/__init__.py	66
Solutions/TenableIO/Data Connectors/TenableStartAssetExportJob/__init__.py	11
Solutions/TenableIO/Data Connectors/azure_sentinel.py	58
Solutions/TenableIO/Data Connectors/TenableExportStarter/__init__.py	117
Solutions/TenableIO/Data Connectors/TenableProcessFailedVulnChunkFromQueue/__init__.py	35
Solutions/TenableIO/Data Connectors/TenableStartVulnExportJob/__init__.py	11
Solutions/TenableIO/Data Connectors/TenableVulnExportOrchestrator/__init__.py	69
Solutions/TenableIO/Data Connectors/TenableCleanUpOrchestrator/__init__.py	14
Solutions/TenableIO/Data Connectors/TenableExportsOrchestrator/__init__.py	109
Solutions/Feedly/Data Connectors/FeedlySentinelConnector/__init__.py	7
Solutions/Feedly/Data Connectors/FeedlySentinelConnector/sentinel_api.py	42
Solutions/Feedly/Data Connectors/FeedlySentinelConnector/config.py	29
Solutions/Feedly/Data Connectors/FeedlySentinelConnector/state_manager.py	35
Solutions/Feedly/Data Connectors/FeedlySentinelConnector/worker.py	74
Solutions/Feedly/Data Connectors/FeedlySentinelConnector/feedly_downloader.py	19
Solutions/PostgreSQL/Parsers/PostgreSQLEvent.yaml	20
Solutions/Infoblox NIOS/Parsers/Infoblox_dhcpoption.yaml	29
Solutions/Infoblox NIOS/Parsers/Infoblox_dhcpother.yaml	17
Solutions/Infoblox NIOS/Parsers/Infoblox_dhcp_consolidated.yaml	11
Solutions/Infoblox NIOS/Parsers/Infoblox_dhcpadded.yaml	23
Solutions/Infoblox NIOS/Parsers/Infoblox_dhcpremoved.yaml	23
Solutions/Infoblox NIOS/Parsers/Infoblox_dns_consolidated.yaml	11
Solutions/Infoblox NIOS/Parsers/Infoblox_dhcprelease.yaml	27
Solutions/Infoblox NIOS/Parsers/Infoblox_dhcpinform.yaml	24
Solutions/Infoblox NIOS/Parsers/Infoblox_dhcpoffer.yaml	29
Solutions/Infoblox NIOS/Parsers/Infoblox_dnsgss.yaml	22
Solutions/Infoblox NIOS/Parsers/Infoblox_allotherdhcpdTypes.yaml	17
Solutions/Infoblox NIOS/Parsers/Infoblox_dhcpsession.yaml	29
Solutions/Infoblox NIOS/Parsers/Infoblox_allotherlogTypes.yaml	16
Solutions/Infoblox NIOS/Parsers/Infoblox_dnszone.yaml	31
Solutions/Infoblox NIOS/Parsers/Infoblox.yaml	11
Solutions/Infoblox NIOS/Parsers/Infoblox_dhcprequest.yaml	28
Solutions/Infoblox NIOS/Parsers/Infoblox_dhcpexpire.yaml	23
Solutions/Infoblox NIOS/Parsers/Infoblox_dhcpdiscover.yaml	24
Solutions/Infoblox NIOS/Parsers/Infoblox_dhcpbindupdate.yaml	25
Solutions/Infoblox NIOS/Parsers/Infoblox_dhcpack.yaml	24
Solutions/Infoblox NIOS/Parsers/Infoblox_dnsclient.yaml	67
Solutions/Infoblox NIOS/Parsers/Infoblox_allotherdnsTypes.yaml	17
Solutions/Infoblox NIOS/Analytic Rules/PotentialDHCPStarvationAttack.yaml	34
Solutions/Infoblox NIOS/Analytic Rules/ExcessiveNXDOMAINDNSQueries.yaml	37
Solutions/EatonForeseer/Analytic Rules/EatonUnautorizedLogins.yaml	57
Solutions/CiscoUmbrella/Hunting Queries/CiscoUmbrellaDNSRequestsUunreliableCategory.yaml	19
Solutions/CiscoUmbrella/Hunting Queries/CiscoUmbrellaHighValuesOfUploadedData.yaml	18
Solutions/CiscoUmbrella/Hunting Queries/CiscoUmbrellaRequestsUncategorizedURI.yaml	17
Solutions/CiscoUmbrella/Hunting Queries/CiscoUmbrellaDNSErrors.yaml	17
Solutions/CiscoUmbrella/Hunting Queries/CiscoUmbrellaHighCountsOfTheSameBytesInSize.yaml	19
Solutions/CiscoUmbrella/Hunting Queries/CiscoUmbrellaBlockedUserAgents.yaml	15
Solutions/CiscoUmbrella/Hunting Queries/CiscoUmbrellaPossibleConnectionC2.yaml	18
Solutions/CiscoUmbrella/Hunting Queries/CiscoUmbrellaAnomalousFQDNsforDomain.yaml	18
Solutions/CiscoUmbrella/Hunting Queries/CiscoUmbrellaProxyAllowedUnreliableCategory.yaml	19
Solutions/CiscoUmbrella/Hunting Queries/CiscoUmbrellaPossibleDataExfiltration.yaml	18
Solutions/CiscoUmbrella/Parsers/Cisco_Umbrella.yaml	156
Solutions/CiscoUmbrella/Analytic Rules/CiscoUmbrellaRequestBlocklistedFileType.yaml	40
Solutions/CiscoUmbrella/Analytic Rules/CiscoUmbrellaURIContainsIPAddress.yaml	37
Solutions/CiscoUmbrella/Analytic Rules/CiscoUmbrellaHackToolUserAgentDetected.yaml	93
Solutions/CiscoUmbrella/Analytic Rules/CiscoUmbrellaConnectionNon-CorporatePrivateNetwork.yaml	33
Solutions/CiscoUmbrella/Analytic Rules/CiscoUmbrellaRequestAllowedHarmfulMaliciousURICategory.yaml	54
Solutions/CiscoUmbrella/Analytic Rules/CiscoUmbrellaRareUserAgentDetected.yaml	41
Solutions/CiscoUmbrella/Analytic Rules/CiscoUmbrellaEmptyUserAgentDetected.yaml	35
Solutions/CiscoUmbrella/Analytic Rules/CiscoUmbrellaPowershellUserAgentDetected.yaml	39
Solutions/CiscoUmbrella/Analytic Rules/CiscoUmbrellaCryptoMinerUserAgentDetected.yaml	39
Solutions/CiscoUmbrella/Analytic Rules/CiscoUmbrellaConnectionToUnpopularWebsiteDetected.yaml	44
Solutions/CiscoUmbrella/Data Connectors/ciscoUmbrellaDataConn/__init__.py	543
Solutions/CiscoUmbrella/Data Connectors/ciscoUmbrellaDataConn/state_manager.py	21
Solutions/Legacy IOC based Threat Protection/Hunting Queries/NetworkConnectiontoOMIPorts.yaml	63
Solutions/Legacy IOC based Threat Protection/Hunting Queries/NylonTyphoonRegIOCPatterns.yaml	91
Solutions/Legacy IOC based Threat Protection/Hunting Queries/ForestBlizzard_IOC_RetroHunt.yaml	45
Solutions/Legacy IOC based Threat Protection/Hunting Queries/Dev-0322CommandLineActivityNovember2021(ASIMVersion).yaml	70
Solutions/Legacy IOC based Threat Protection/Hunting Queries/Dev-0322FileDropActivityNovember2021.yaml	8
Solutions/Legacy IOC based Threat Protection/Hunting Queries/Dev-0056CommandLineActivityNovember2021.yaml	45
Solutions/Legacy IOC based Threat Protection/Hunting Queries/Dev-0322CommandLineActivityNovember2021.yaml	63
Solutions/Legacy IOC based Threat Protection/Hunting Queries/NylonTyphoonCommandLineActivity-Nov2021.yaml	91
Solutions/Legacy IOC based Threat Protection/Hunting Queries/Dev-0322FileDropActivityNovember2021(ASIMVersion).yaml	9
Solutions/Legacy IOC based Threat Protection/Hunting Queries/SolarWindsInventory.yaml	61
Solutions/Legacy IOC based Threat Protection/Deprecated Analytic Rules/SUNSPOTLogFile.yaml	4
Solutions/Legacy IOC based Threat Protection/Deprecated Analytic Rules/BariumDomainIOC112020.yaml	153
Solutions/Legacy IOC based Threat Protection/Deprecated Analytic Rules/SeashellBlizzardIOCs.yaml	152
Solutions/Legacy IOC based Threat Protection/Deprecated Analytic Rules/Solorigate-VM-Network.yaml	4
Solutions/Legacy IOC based Threat Protection/Deprecated Analytic Rules/EmeraldSleetIOCs.yaml	75
Solutions/Legacy IOC based Threat Protection/Deprecated Analytic Rules/Dev-0530_July2022.yaml	164
Solutions/Legacy IOC based Threat Protection/Deprecated Analytic Rules/KnownMintSandstormDomainsIP-October2020.yaml	68
Solutions/Legacy IOC based Threat Protection/Deprecated Analytic Rules/MidnightBlizzard_DomainIOCsMarch2021.yaml	105
Solutions/Legacy IOC based Threat Protection/Deprecated Analytic Rules/HiveRansomwareJuly2022.yaml	60
Solutions/Legacy IOC based Threat Protection/Deprecated Analytic Rules/DenimTsunamiC2DomainsJuly2022.yaml	59
Solutions/Legacy IOC based Threat Protection/Deprecated Analytic Rules/DiamondSleetOct292020IOCs.yaml	39
Solutions/Legacy IOC based Threat Protection/Deprecated Analytic Rules/DenimTsunamiAVDetection.yaml	4
Solutions/Legacy IOC based Threat Protection/Deprecated Analytic Rules/ExchangeServerVulnerabilitiesMarch2021IoCs.yaml	130
Solutions/Legacy IOC based Threat Protection/Deprecated Analytic Rules/ForestBlizzardOct292020IOCs.yaml	27
Solutions/Legacy IOC based Threat Protection/Deprecated Analytic Rules/AquaBlizzardFeb2022.yaml	170
Solutions/Legacy IOC based Threat Protection/Deprecated Analytic Rules/CadetBlizzard_Jan2022_IOC.yaml	75
Solutions/Legacy IOC based Threat Protection/Deprecated Analytic Rules/ChiaCryptoMining.yaml	225
Solutions/Legacy IOC based Threat Protection/Deprecated Analytic Rules/DEV-0322_SolarWinds_Serv-U_IOC.yaml	174
Solutions/Legacy IOC based Threat Protection/Deprecated Analytic Rules/PlaidRainIPIoC.yaml	164
Solutions/Legacy IOC based Threat Protection/Deprecated Analytic Rules/MSHTMLVuln.yaml	48
Solutions/Legacy IOC based Threat Protection/Deprecated Analytic Rules/WSLMalwareCorrelation.yaml	141
Solutions/Legacy IOC based Threat Protection/Deprecated Analytic Rules/BariumIPIOC112020.yaml	174
Solutions/Legacy IOC based Threat Protection/Deprecated Analytic Rules/RubySleetOct292020IOCs.yaml	80
Solutions/Legacy IOC based Threat Protection/Deprecated Analytic Rules/CaramelTsunami_IOC.yaml	199
Solutions/Legacy IOC based Threat Protection/Deprecated Analytic Rules/PHOSPHORUSMarch2019IOCs.yaml	113
Solutions/Legacy IOC based Threat Protection/Deprecated Analytic Rules/Manganese_VPN-IOCs.yaml	4
Solutions/Legacy IOC based Threat Protection/Deprecated Analytic Rules/MidnightBlizzard_FoggyWeb.yaml	204
Solutions/Legacy IOC based Threat Protection/Deprecated Analytic Rules/SilkTyphoonUmServiceSuspiciousFile.yaml	50
Solutions/Legacy IOC based Threat Protection/Deprecated Analytic Rules/NylonTyphoonIOCsNov2021.yaml	200
Solutions/Legacy IOC based Threat Protection/Deprecated Analytic Rules/MidnightBlizzard_IOCsMay2021.yaml	184
Solutions/Legacy IOC based Threat Protection/Deprecated Analytic Rules/Solorigate-Network-Beacon.yaml	87
Solutions/Legacy IOC based Threat Protection/Deprecated Analytic Rules/TarraskHashIoC.yaml	60
Solutions/Dragos/Parsers/DragosPullNotificationsToSentinel.yaml	46
Solutions/Dragos/Parsers/DragosNotificationsToSentinel.yaml	18
Solutions/Dragos/Parsers/DragosSeverityToSentinelSeverity.yaml	19
Solutions/Dragos/Parsers/DragosPushNotificationsToSentinel.yaml	41
Solutions/Dragos/Analytic Rules/DragosNotifiction.yaml	63
Solutions/Auth0/Parsers/Auth0.yaml	20
Solutions/Auth0/Data Connectors/Auth0Connector/main.py	321
Solutions/Auth0/Data Connectors/Auth0Connector/state_manager.py	18
Solutions/Auth0/Data Connectors/Auth0Connector/sentinel_connector.py	90
Solutions/DNS Essentials/Hunting Queries/PotentialBeaconingActivity.yaml	53
Solutions/DNS Essentials/Hunting Queries/PossibleDNSTunnelingOrDataExfiltrationActivity.yaml	17
Solutions/DNS Essentials/Hunting Queries/ConnectionToUnpopularWebsiteDetected.yaml	118
Solutions/DNS Essentials/Hunting Queries/CVE-2020-1350 (SIGRED)ExploitationPattern.yaml	28
Solutions/DNS Essentials/Hunting Queries/DNSQueryWithFailuresInLast24Hours.yaml	26
Solutions/DNS Essentials/Hunting Queries/UnexpectedTopLevelDomains.yaml	33
Solutions/DNS Essentials/Hunting Queries/Sources(Clients)WithHighNumberOfErrors.yaml	27
Solutions/DNS Essentials/Hunting Queries/DomainsWithLargeNumberOfSubDomains.yaml	31
Solutions/DNS Essentials/Hunting Queries/IncreaseInDNSRequestsByClientThanTheDailyAverageCount.yaml	63
Solutions/DNS Essentials/Hunting Queries/AnomalousIncreaseInDNSActivityByClients.yaml	119
Solutions/DNS Essentials/Analytic Rules/PotentialDGADetectedviaRepetitiveFailuresAnomalyBased.yaml	144
Solutions/DNS Essentials/Analytic Rules/NgrokReverseProxyOnNetwork.yaml	42
Solutions/DNS Essentials/Analytic Rules/ExcessiveNXDOMAINDNSQueriesStaticThresholdBased.yaml	46
Solutions/DNS Essentials/Analytic Rules/ExcessiveNXDOMAINDNSQueriesAnomalyBased.yaml	88
Solutions/DNS Essentials/Analytic Rules/RareClientObservedWithHighReverseDNSLookupCountAnomalyBased.yaml	60
Solutions/DNS Essentials/Analytic Rules/MultipleErrorsReportedForSameDNSQueryStaticThresholdBased.yaml	74
Solutions/DNS Essentials/Analytic Rules/PotentialDGADetectedviaRepetitiveFailuresStaticThresholdBased.yaml	67
Solutions/DNS Essentials/Analytic Rules/MultipleErrorsReportedForSameDNSQueryAnomalyBased.yaml	121
Solutions/DNS Essentials/Analytic Rules/RareClientObservedWithHighReverseDNSLookupCountStaticThresholdBased.yaml	58
Solutions/Akamai Security Events/Parsers/AkamaiSIEMEvent.yaml	96
Solutions/CognyteLuminar/Data Connectors/Cognyte Luminar/__init__.py	403
Solutions/CognyteLuminar/Data Connectors/Cognyte Luminar/state_manager.py	18
Solutions/OracleDatabaseAudit/Hunting Queries/OracleDBAuditLargeQueries.yaml	34
Solutions/OracleDatabaseAudit/Hunting Queries/OracleDBAuditDbConnectNonOperationalTime.yaml	39
Solutions/OracleDatabaseAudit/Hunting Queries/OracleDBAuditUsersPrivilegesReview.yaml	26
Solutions/OracleDatabaseAudit/Hunting Queries/OracleDBAuditUsersNewPrivilegesAdded.yaml	33
Solutions/OracleDatabaseAudit/Hunting Queries/OracleDBAuditDroppedTables.yaml	27
Solutions/OracleDatabaseAudit/Hunting Queries/OracleDBAuditActionsByUser.yaml	35
Solutions/OracleDatabaseAudit/Hunting Queries/OracleDBAuditInactiveUsers.yaml	38
Solutions/OracleDatabaseAudit/Hunting Queries/OracleDBAuditListOfTablesQueried.yaml	29
Solutions/OracleDatabaseAudit/Hunting Queries/OracleDBAuditActiveUsers.yaml	25
Solutions/OracleDatabaseAudit/Hunting Queries/OracleDBAuditActionsByIp.yaml	35
Solutions/OracleDatabaseAudit/Parsers/OracleDatabaseAuditEvent.yaml	221
Solutions/OracleDatabaseAudit/Analytic Rules/OracleDBAuditQueryOnSensitiveTable.yaml	35
Solutions/OracleDatabaseAudit/Analytic Rules/OracleDBAuditForbiddenSrcIpAddr.yaml	38
Solutions/OracleDatabaseAudit/Analytic Rules/OracleDBAuditDropManyTables.yaml	36
Solutions/OracleDatabaseAudit/Analytic Rules/OracleDBAuditConnectFromExternalIp.yaml	43
Solutions/OracleDatabaseAudit/Analytic Rules/OracleDBAuditRareUserActivity.yaml	47
Solutions/OracleDatabaseAudit/Analytic Rules/OracleDBAuditNewUserDetected.yaml	40
Solutions/OracleDatabaseAudit/Analytic Rules/OracleDBAuditSelectOnManyTables.yaml	36
Solutions/OracleDatabaseAudit/Analytic Rules/OracleDBAuditShutdownServer.yaml	36
Solutions/OracleDatabaseAudit/Analytic Rules/OracleDBAuditSQLInjectionPatterns.yaml	36
Solutions/OracleDatabaseAudit/Analytic Rules/OracleDBAuditNewIpForUser.yaml	46
Solutions/IONIX/Analytic Rules/HighUrgencyActionItems.yaml	42
Solutions/Microsoft Exchange Security - Exchange Online/Parsers/MESOfficeActivityLogs.yaml	62
Solutions/Microsoft Exchange Security - Exchange Online/Parsers/MESCheckOnlineVIP.yaml	25
Solutions/Microsoft Exchange Security - Exchange Online/Parsers/ExchangeEnvironmentList.yaml	26
Solutions/Microsoft Exchange Security - Exchange Online/Parsers/MESCompareDataMRA.yaml	187
Solutions/Microsoft Exchange Security - Exchange Online/Parsers/ExchangeConfiguration.yaml	330
Solutions/Microsoft Exchange Security - Exchange Online/# - General Content/Solutions/ESICollector/OnlineDeployment/CollectExchSecIns.ps1	3543
Solutions/Microsoft Exchange Security - Exchange Online/# - General Content/Solutions/ESICollector/OnlineDeployment/ExchangeOnlinePermSetup.ps1	36
Solutions/Infoblox Cloud Data Connector/Parsers/InfobloxCDC.yaml	64
Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-ManyNXDOMAINDNSResponsesDetected.yaml	51
Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-DataExfiltrationAttack.yaml	66
Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-TI-CommonSecurityLogMatchFound-MalwareC2.yaml	67
Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-ManyHighThreatLevelQueriesFromSingleHostDetected.yaml	51
Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-ManyHighThreatLevelSingleQueryDetected.yaml	51
Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-TI-InfobloxCDCMatchFound-LookalikeDomains.yaml	79
Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-HighThreatLevelQueryNotBlockedDetected.yaml	67
Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-TI-SyslogMatchFound-URL.yaml	69
Solutions/DEV-0537DetectionandHunting/Hunting Queries/Empty.yaml	21
Solutions/Lookout Cloud Security Platform for Microsoft Sentinel/Parsers/LookoutCSActivities.yaml	28
Solutions/Lookout Cloud Security Platform for Microsoft Sentinel/Parsers/LookoutCSViolations.yaml	39
Solutions/Lookout Cloud Security Platform for Microsoft Sentinel/Parsers/LookoutCSAnomalies.yaml	36
Solutions/Lookout Cloud Security Platform for Microsoft Sentinel/Data Connectors/LookoutCSConnector/LookoutCloudSecurityEvents/__init__.py	340
Solutions/Lookout Cloud Security Platform for Microsoft Sentinel/Data Connectors/LookoutCSConnector/LookoutCloudSecurityViolations/__init__.py	340
Solutions/Lookout Cloud Security Platform for Microsoft Sentinel/Data Connectors/LookoutCSConnector/LookoutCloudSecurityAnamolies/__init__.py	340
Solutions/Votiro/Analytic Rules/VotiroFileBlockedInEmail.yaml	51
Solutions/Votiro/Analytic Rules/VotiroFileBlockedFromConnector.yaml	52
Solutions/Web Shells Threat Protection/Hunting Queries/Possible webshell drop.yaml	32
Solutions/Web Shells Threat Protection/Hunting Queries/WebShellActivity.yaml	62
Solutions/Web Shells Threat Protection/Hunting Queries/SpringshellWebshellUsage.yaml	35
Solutions/Web Shells Threat Protection/Hunting Queries/PotentialWebshell.yaml	30
Solutions/Web Shells Threat Protection/Hunting Queries/umworkerprocess-creating-webshell.yaml	30
Solutions/Web Shells Threat Protection/Hunting Queries/exchange-iis-worker-dropping-webshell.yaml	33
Solutions/Web Shells Threat Protection/Analytic Rules/PotentialMercury_Webshell.yaml	64
Solutions/Web Shells Threat Protection/Analytic Rules/MaliciousAlertLinkedWebRequests.yaml	85
Solutions/Web Shells Threat Protection/Analytic Rules/Supernovawebshell.yaml	63
Solutions/Oracle Cloud Infrastructure/Hunting Queries/OCIUserNewUsers.yaml	24
Solutions/Oracle Cloud Infrastructure/Hunting Queries/OCIDestinationsOut.yaml	27
Solutions/Oracle Cloud Infrastructure/Hunting Queries/OCIUserDeleteActions.yaml	23
Solutions/Oracle Cloud Infrastructure/Hunting Queries/OCIUserTerminatedInstances.yaml	23
Solutions/Oracle Cloud Infrastructure/Hunting Queries/OCIUserUpdatedInstances.yaml	23
Solutions/Oracle Cloud Infrastructure/Hunting Queries/OCIUpdateActivities.yaml	24
Solutions/Oracle Cloud Infrastructure/Hunting Queries/OCIUserSources.yaml	24
Solutions/Oracle Cloud Infrastructure/Hunting Queries/OCIDestinationsIn.yaml	27
Solutions/Oracle Cloud Infrastructure/Hunting Queries/OCIUserDeletedUsers.yaml	23
Solutions/Oracle Cloud Infrastructure/Hunting Queries/OCILaunchedInstances.yaml	23
Solutions/Oracle Cloud Infrastructure/Parsers/OCILogs.yaml	29
Solutions/Oracle Cloud Infrastructure/Analytic Rules/OCIInsecureMetadataEndpoint.yaml	30
Solutions/Oracle Cloud Infrastructure/Analytic Rules/OCIMultipleRejects.yaml	47
Solutions/Oracle Cloud Infrastructure/Analytic Rules/OCIDiscoveryActivity.yaml	32
Solutions/Oracle Cloud Infrastructure/Analytic Rules/OCISSHScan.yaml	36
Solutions/Oracle Cloud Infrastructure/Analytic Rules/OCIEventRuleDeleted.yaml	29
Solutions/Oracle Cloud Infrastructure/Analytic Rules/OCIUnexpectedUserAgent.yaml	30
Solutions/Oracle Cloud Infrastructure/Analytic Rules/OCIInboundSSHConnection.yaml	33
Solutions/Oracle Cloud Infrastructure/Analytic Rules/OCIMultipleInstancesLaunched.yaml	32
Solutions/Oracle Cloud Infrastructure/Analytic Rules/OCIMultipleInstancesTerminated.yaml	32
Solutions/Oracle Cloud Infrastructure/Analytic Rules/OCIMetadataEndpointIpAccess.yaml	31
Solutions/Oracle Cloud Infrastructure/Data Connectors/AzureFunctionOCILogs/main.py	163
Solutions/Oracle Cloud Infrastructure/Data Connectors/AzureFunctionOCILogs/sentinel_connector.py	100
Solutions/IPinfo/Data Connectors/Privacy Extended/AzureFunctionIPinfoPrivacyExtended/constants.py	87
Solutions/IPinfo/Data Connectors/Privacy Extended/AzureFunctionIPinfoPrivacyExtended/main.py	86
Solutions/IPinfo/Data Connectors/Privacy Extended/AzureFunctionIPinfoPrivacyExtended/utils.py	153
Solutions/IPinfo/Data Connectors/Country ASN/AzureFunctionIPinfoCountryASN/constants.py	75
Solutions/IPinfo/Data Connectors/Country ASN/AzureFunctionIPinfoCountryASN/main.py	80
Solutions/IPinfo/Data Connectors/Country ASN/AzureFunctionIPinfoCountryASN/utils.py	153
Solutions/IPinfo/Data Connectors/WHOIS MNT/AzureFunctionIPinfoWHOISMNT/constants.py	75
Solutions/IPinfo/Data Connectors/WHOIS MNT/AzureFunctionIPinfoWHOISMNT/main.py	83
Solutions/IPinfo/Data Connectors/WHOIS MNT/AzureFunctionIPinfoWHOISMNT/utils.py	153
Solutions/IPinfo/Data Connectors/Iplocation/AzureFunctionIPinfoIplocation/constants.py	79
Solutions/IPinfo/Data Connectors/Iplocation/AzureFunctionIPinfoIplocation/main.py	81
Solutions/IPinfo/Data Connectors/Iplocation/AzureFunctionIPinfoIplocation/utils.py	153
Solutions/IPinfo/Data Connectors/ASN/AzureFunctionIPinfoASN/constants.py	71
Solutions/IPinfo/Data Connectors/ASN/AzureFunctionIPinfoASN/main.py	78
Solutions/IPinfo/Data Connectors/ASN/AzureFunctionIPinfoASN/utils.py	153
Solutions/IPinfo/Data Connectors/Carrier/AzureFunctionIPinfoCarrier/constants.py	71
Solutions/IPinfo/Data Connectors/Carrier/AzureFunctionIPinfoCarrier/main.py	78
Solutions/IPinfo/Data Connectors/Carrier/AzureFunctionIPinfoCarrier/utils.py	153
Solutions/IPinfo/Data Connectors/WHOIS POC/AzureFunctionIPinfoWHOISPOC/constants.py	83
Solutions/IPinfo/Data Connectors/WHOIS POC/AzureFunctionIPinfoWHOISPOC/main.py	87
Solutions/IPinfo/Data Connectors/WHOIS POC/AzureFunctionIPinfoWHOISPOC/utils.py	153
Solutions/IPinfo/Data Connectors/RWHOIS/AzureFunctionIPinfoRWHOIS/constants.py	87
Solutions/IPinfo/Data Connectors/RWHOIS/AzureFunctionIPinfoRWHOIS/main.py	87
Solutions/IPinfo/Data Connectors/RWHOIS/AzureFunctionIPinfoRWHOIS/utils.py	153
Solutions/IPinfo/Data Connectors/Privacy/AzureFunctionIPinfoPrivacy/constants.py	73
Solutions/IPinfo/Data Connectors/Privacy/AzureFunctionIPinfoPrivacy/main.py	79
Solutions/IPinfo/Data Connectors/Privacy/AzureFunctionIPinfoPrivacy/utils.py	153
Solutions/IPinfo/Data Connectors/Abuse/AzureFunctionIPinfoAbuse/constants.py	73
Solutions/IPinfo/Data Connectors/Abuse/AzureFunctionIPinfoAbuse/main.py	79
Solutions/IPinfo/Data Connectors/Abuse/AzureFunctionIPinfoAbuse/utils.py	153
Solutions/IPinfo/Data Connectors/Company/AzureFunctionIPinfoCompany/constants.py	77
Solutions/IPinfo/Data Connectors/Company/AzureFunctionIPinfoCompany/main.py	81
Solutions/IPinfo/Data Connectors/Company/AzureFunctionIPinfoCompany/utils.py	153
Solutions/IPinfo/Data Connectors/WHOIS ASN/AzureFunctionIPinfoWHOISASN/constants.py	73
Solutions/IPinfo/Data Connectors/WHOIS ASN/AzureFunctionIPinfoWHOISASN/main.py	82
Solutions/IPinfo/Data Connectors/WHOIS ASN/AzureFunctionIPinfoWHOISASN/utils.py	153
Solutions/IPinfo/Data Connectors/WHOIS ORG/AzureFunctionIPinfoWHOISORG/constants.py	93
Solutions/IPinfo/Data Connectors/WHOIS ORG/AzureFunctionIPinfoWHOISORG/main.py	92
Solutions/IPinfo/Data Connectors/WHOIS ORG/AzureFunctionIPinfoWHOISORG/utils.py	153
Solutions/IPinfo/Data Connectors/WHOIS NET/AzureFunctionIPinfoWHOISNET/constants.py	87
Solutions/IPinfo/Data Connectors/WHOIS NET/AzureFunctionIPinfoWHOISNET/main.py	89
Solutions/IPinfo/Data Connectors/WHOIS NET/AzureFunctionIPinfoWHOISNET/utils.py	153
Solutions/IPinfo/Data Connectors/Iplocation Extended/AzureFunctionIPinfoIplocationExtended/constants.py	83
Solutions/IPinfo/Data Connectors/Iplocation Extended/AzureFunctionIPinfoIplocationExtended/main.py	84
Solutions/IPinfo/Data Connectors/Iplocation Extended/AzureFunctionIPinfoIplocationExtended/utils.py	153
Solutions/IPinfo/Data Connectors/Domain/AzureFunctionIPinfoDomain/constants.py	65
Solutions/IPinfo/Data Connectors/Domain/AzureFunctionIPinfoDomain/main.py	75
Solutions/IPinfo/Data Connectors/Domain/AzureFunctionIPinfoDomain/utils.py	153
Solutions/IPinfo/Data Connectors/RIRWHOIS/AzureFunctionIPinfoRIRWHOIS/constants.py	99
Solutions/IPinfo/Data Connectors/RIRWHOIS/AzureFunctionIPinfoRIRWHOIS/main.py	92
Solutions/IPinfo/Data Connectors/RIRWHOIS/AzureFunctionIPinfoRIRWHOIS/utils.py	153
Solutions/WithSecureElementsViaFunction/Data Connectors/WithSecureElementsAzureFunction/function_app.py	80
Solutions/WithSecureElementsViaFunction/Data Connectors/WithSecureElementsAzureFunction/__init__.py	1
Solutions/WithSecureElementsViaFunction/Data Connectors/WithSecureElementsAzureFunction/lib/__init__.py	1
Solutions/WithSecureElementsViaFunction/Data Connectors/WithSecureElementsAzureFunction/lib/ws_connector.py	25
Solutions/WithSecureElementsViaFunction/Data Connectors/WithSecureElementsAzureFunction/lib/message_factory.py	526
Solutions/WithSecureElementsViaFunction/Data Connectors/WithSecureElementsAzureFunction/lib/events_formatter.py	113
Solutions/WithSecureElementsViaFunction/Data Connectors/WithSecureElementsAzureFunction/lib/azure_storage_table.py	47
Solutions/WithSecureElementsViaFunction/Data Connectors/WithSecureElementsAzureFunction/lib/log_ingestion_api.py	17
Solutions/WithSecureElementsViaFunction/Data Connectors/WithSecureElementsAzureFunction/lib/withsecure_client.py	146
Solutions/Malware Protection Essentials/Hunting Queries/FileCretaedInStartupFolder.yaml	101
Solutions/Malware Protection Essentials/Hunting Queries/SystemFilesModifiedByUser.yaml	111
Solutions/Malware Protection Essentials/Hunting Queries/NewMaliciousScheduledTask.yaml	96
Solutions/Malware Protection Essentials/Hunting Queries/ExecutableInUncommonLocation.yaml	104
Solutions/Malware Protection Essentials/Hunting Queries/FilesWithRansomwareExtensions.yaml	95
Solutions/Malware Protection Essentials/Hunting Queries/NewScheduledTaskCreation.yaml	93
Solutions/Malware Protection Essentials/Analytic Rules/WindowsAllowFirewallRuleAdded.yaml	113
Solutions/Malware Protection Essentials/Analytic Rules/StartupRegistryModified.yaml	125
Solutions/Malware Protection Essentials/Analytic Rules/BackupDeletionDetected.yaml	97
Solutions/Malware Protection Essentials/Analytic Rules/SuspiciousProcessCreation.yaml	95
Solutions/Malware Protection Essentials/Analytic Rules/WindowsUpdateDisabled.yaml	112
Solutions/Malware Protection Essentials/Analytic Rules/PrintProcessersModified.yaml	109
Solutions/Armis/Parsers/ArmisActivities.yaml	40
Solutions/Armis/Parsers/ArmisDevice.yaml	64
Solutions/Armis/Parsers/ArmisAlerts.yaml	38
Solutions/Armis/Data Connectors/ArmisAlerts/ArmisAlertSentinelConnector/__init__.py	361
Solutions/Armis/Data Connectors/ArmisAlerts/ArmisAlertSentinelConnector/state_manager.py	27
Solutions/Armis/Data Connectors/ArmisAlerts/Exceptions/ArmisExceptions.py	4
Solutions/Armis/Data Connectors/ArmisDevice/ArmisDeviceSentinelConnector/__init__.py	456
Solutions/Armis/Data Connectors/ArmisDevice/ArmisDeviceSentinelConnector/exports_store.py	76
Solutions/Armis/Data Connectors/ArmisDevice/ArmisDeviceSentinelConnector/state_manager.py	32
Solutions/Armis/Data Connectors/ArmisDevice/Exceptions/ArmisExceptions.py	6
Solutions/Armis/Data Connectors/ArmisActivities/ArmisActivitySentinelConnector/__init__.py	367
Solutions/Armis/Data Connectors/ArmisActivities/ArmisActivitySentinelConnector/state_manager.py	27
Solutions/Armis/Data Connectors/ArmisActivities/Exceptions/ArmisExceptions.py	4
Solutions/Armis/Data Connectors/ArmisAlertsActivities/ArmisAlertActivitySentinelConnector/sentinel.py	150
Solutions/Armis/Data Connectors/ArmisAlertsActivities/ArmisAlertActivitySentinelConnector/__init__.py	340
Solutions/Armis/Data Connectors/ArmisAlertsActivities/ArmisAlertActivitySentinelConnector/exports_store.py	74
Solutions/Armis/Data Connectors/ArmisAlertsActivities/ArmisAlertActivitySentinelConnector/state_manager.py	33
Solutions/Armis/Data Connectors/ArmisAlertsActivities/ArmisAlertActivitySentinelConnector/utils.py	205
Solutions/Armis/Data Connectors/ArmisAlertsActivities/ArmisAlertActivitySentinelConnector/consts.py	30
Solutions/Armis/Data Connectors/ArmisAlertsActivities/Exceptions/ArmisExceptions.py	4
Solutions/Fortinet FortiNDR Cloud/Parsers/Fortinet_FortiNDR_Cloud.yaml	357
Solutions/Fortinet FortiNDR Cloud/Data Connectors/fortinetFortiNdrCloudDataConn/errors.py	10
Solutions/Fortinet FortiNDR Cloud/Data Connectors/fortinetFortiNdrCloudDataConn/globalVariables.py	4
Solutions/Fortinet FortiNDR Cloud/Data Connectors/fortinetFortiNdrCloudDataConn/FetchAndSendEventsHistory/__init__.py	76
Solutions/Fortinet FortiNDR Cloud/Data Connectors/fortinetFortiNdrCloudDataConn/sentinel/sentinel.py	52
Solutions/Fortinet FortiNDR Cloud/Data Connectors/fortinetFortiNdrCloudDataConn/sentinel/__init__.py	1
Solutions/Fortinet FortiNDR Cloud/Data Connectors/fortinetFortiNdrCloudDataConn/FetchAndSendEvents/__init__.py	86
Solutions/Fortinet FortiNDR Cloud/Data Connectors/fortinetFortiNdrCloudDataConn/FncRestClient.py	27
Solutions/Fortinet FortiNDR Cloud/Data Connectors/fortinetFortiNdrCloudDataConn/SingletonEternalOrchestrator/__init__.py	145
Solutions/Fortinet FortiNDR Cloud/Data Connectors/fortinetFortiNdrCloudDataConn/OrchestratorWatchdog/__init__.py	150
Solutions/Fortinet FortiNDR Cloud/Data Connectors/fortinetFortiNdrCloudDataConn/FetchAndSendDetections/__init__.py	86
Solutions/Fortinet FortiNDR Cloud/Data Connectors/fortinetFortiNdrCloudDataConn/FetchAndSendDetectionsHistory/__init__.py	101
Solutions/SenservaPro/Hunting Queries/AzureSecureScoreSelfServicePasswordReset.yaml	18
Solutions/SenservaPro/Hunting Queries/UserAccountDisabled.yaml	17
Solutions/SenservaPro/Hunting Queries/AzureSecureScoreIntegratedApps.yaml	18
Solutions/SenservaPro/Hunting Queries/AzureSecureScoreRoleOverlap.yaml	18
Solutions/SenservaPro/Hunting Queries/StaleLastPasswordChange.yaml	17
Solutions/SenservaPro/Hunting Queries/ServicePrincipalNotUsingClientCredentials.yaml	19
Solutions/SenservaPro/Hunting Queries/AzureSecureScorePWAgePolicyNew.yaml	20
Solutions/SenservaPro/Hunting Queries/AzureSecureScoreOneAdmin.yaml	19
Solutions/SenservaPro/Hunting Queries/AzureSecureScoreUserRiskPolicy.yaml	18
Solutions/SenservaPro/Hunting Queries/ApplicationNotUsingClientCredentials.yaml	18
Solutions/SenservaPro/Hunting Queries/AzureSecureScoreMFARegistrationV2.yaml	19
Solutions/SenservaPro/Hunting Queries/AzureSecureScoreBlockLegacyAuthentication.yaml	20
Solutions/SenservaPro/Hunting Queries/AzureSecureScoreSigninRiskPolicy.yaml	18
Solutions/SenservaPro/Hunting Queries/NonAdminGuest.yaml	17
Solutions/SenservaPro/Hunting Queries/AzureSecureScoreAdminMFAV2.yaml	19
Solutions/SenservaPro/Analytic Rules/SelfServicePasswordReset.yaml	41
Solutions/SenservaPro/Analytic Rules/UserRiskPolicy.yaml	41
Solutions/SenservaPro/Analytic Rules/MFARegistration.yaml	40
Solutions/SenservaPro/Analytic Rules/UserAccountDisabled.yaml	40
Solutions/SenservaPro/Analytic Rules/BlockLegacyAuthentication.yaml	44
Solutions/SenservaPro/Analytic Rules/ThirdPartyIntegratedApps.yaml	43
Solutions/SenservaPro/Analytic Rules/NotUsingClientCredentials.yaml	41
Solutions/SenservaPro/Analytic Rules/SearchStaleLastPasswordChange.yaml	40
Solutions/SenservaPro/Analytic Rules/AppsNoClientCredentials.yaml	41
Solutions/SenservaPro/Analytic Rules/AdminMFA.yaml	41
Solutions/SenservaPro/Analytic Rules/PasswordAgePolicyNew.yaml	24
Solutions/SenservaPro/Analytic Rules/OneGlobalAdmin.yaml	40
Solutions/SenservaPro/Analytic Rules/SignInRiskPolicy.yaml	41
Solutions/SenservaPro/Analytic Rules/GlobaAdminRoleOverlap.yaml	41
Solutions/SenservaPro/Analytic Rules/NonAdminGuest.yaml	40
Solutions/Attacker Tools Threat Protection Essentials/Hunting Queries/PotentialImpacketExecution.yaml	61
Solutions/Attacker Tools Threat Protection Essentials/Hunting Queries/CobaltDNSBeacon.yaml	40
Solutions/Attacker Tools Threat Protection Essentials/Analytic Rules/CredentialDumpingToolsFileArtifacts.yaml	49
Solutions/Attacker Tools Threat Protection Essentials/Analytic Rules/CredentialDumpingServiceInstallation.yaml	48
Solutions/Attacker Tools Threat Protection Essentials/Analytic Rules/AdFind_Usage.yaml	60
Solutions/Attacker Tools Threat Protection Essentials/Analytic Rules/powershell_empire.yaml	146
Solutions/PaloAltoCDL/Hunting Queries/PaloAltoCDLIPsByPorts.yaml	25
Solutions/PaloAltoCDL/Hunting Queries/PaloAltoCDLRareFileRequests.yaml	26
Solutions/PaloAltoCDL/Hunting Queries/PaloAltoCDLRareApplicationLayerProtocol.yaml	26
Solutions/PaloAltoCDL/Hunting Queries/PaloAltoCDLCriticalEventResult.yaml	28
Solutions/PaloAltoCDL/Hunting Queries/PaloAltoCDLMultiDenyResultbyUser.yaml	27
Solutions/PaloAltoCDL/Hunting Queries/PaloAltoCDLOutdatedConfigVersions.yaml	27
Solutions/PaloAltoCDL/Hunting Queries/PaloAltoCDLFilePermissionWithPutRequest.yaml	26
Solutions/PaloAltoCDL/Hunting Queries/PaloAltoCDLRarePortsbyUser.yaml	30
Solutions/PaloAltoCDL/Hunting Queries/PaloAltoCDLIncompleteApplicationProtocol.yaml	28
Solutions/PaloAltoCDL/Hunting Queries/PaloAltoCDLOutdatedAgentVersions.yaml	27
Solutions/PaloAltoCDL/Analytic Rules/PaloAltoCDLFileTypeWasChanged.yaml	36
Solutions/PaloAltoCDL/Analytic Rules/PaloAltoCDLPutMethodInHighRiskFileType.yaml	34
Solutions/PaloAltoCDL/Analytic Rules/PaloAltoCDLConflictingMacAddress.yaml	39
Solutions/PaloAltoCDL/Analytic Rules/PaloAltoCDLPossibleFlooding.yaml	36
Solutions/PaloAltoCDL/Analytic Rules/PaloAltoCDLInboundRiskPorts.yaml	33
Solutions/PaloAltoCDL/Analytic Rules/PaloAltoCDLPrivilegesWasChanged.yaml	38
Solutions/PaloAltoCDL/Analytic Rules/PaloAltoCDLPossiblePortScan.yaml	33
Solutions/PaloAltoCDL/Analytic Rules/PaloAltoCDLUnexpectedCountries.yaml	37
Solutions/PaloAltoCDL/Analytic Rules/PaloAltoCDLDroppingSessionWithSentTraffic.yaml	40
Solutions/PaloAltoCDL/Analytic Rules/PaloAltoCDLPossibleAttackWithoutResponse.yaml	39
Solutions/Multi Cloud Attack Coverage Essentials - Resource Abuse/Analytic Rules/UserImpersonateByRiskyUser.yaml	72
Solutions/Multi Cloud Attack Coverage Essentials - Resource Abuse/Analytic Rules/UserImpersonateByAAID.yaml	28
Solutions/Multi Cloud Attack Coverage Essentials - Resource Abuse/Analytic Rules/BrutforceAttemptOnAzurePortalAndAWSConsolAtSameTime.yaml	104
Solutions/Multi Cloud Attack Coverage Essentials - Resource Abuse/Analytic Rules/CrossCloudUnauthorizedCredentialsAccessDetection.yaml	147
Solutions/Multi Cloud Attack Coverage Essentials - Resource Abuse/Analytic Rules/SuspiciousAWSConsolLoginByCredentialAceessAlerts.yaml	130
Solutions/Multi Cloud Attack Coverage Essentials - Resource Abuse/Analytic Rules/SuccessfulAWSConsoleLoginfromIPAddressObservedConductingPasswordSpray.yaml	125
Solutions/Multi Cloud Attack Coverage Essentials - Resource Abuse/Analytic Rules/Unauthorized_user_access_across_AWS_and_Azure.yaml	145
Solutions/Multi Cloud Attack Coverage Essentials - Resource Abuse/Analytic Rules/CrossCloudSuspiciousUserActivityObservedInGCPEnvourment.yaml	151
Solutions/Multi Cloud Attack Coverage Essentials - Resource Abuse/Analytic Rules/Cross-CloudSuspiciousComputeResourcecreationinGCP.yaml	179
Solutions/Contrast Protect/Analytic Rules/ContrastExploits.yaml	67
Solutions/Contrast Protect/Analytic Rules/ContrastSuspicious.yaml	67
Solutions/Contrast Protect/Analytic Rules/ContrastBlocks.yaml	67
Solutions/Contrast Protect/Analytic Rules/ContrastProbes.yaml	67
Solutions/Workplace from Facebook/Parsers/Workplace_Facebook.yaml	23
Solutions/Workplace from Facebook/Data Connectors/WorkplaceFacebook/WorkplaceWebhooksTrigger/__init__.py	92
Solutions/Nasuni/Hunting Queries/FileDeleteEvents.yaml	71
Solutions/Nasuni/Analytic Rules/RansomwareAttackDetected.yaml	50
Solutions/Nasuni/Analytic Rules/RansomwareClientBlocked.yaml	47
Solutions/Microsoft Exchange Security - Exchange On-Premises/Parsers/ExchangeAdminAuditLogs.yaml	65
Solutions/Microsoft Exchange Security - Exchange On-Premises/Parsers/MESCheckVIP.yaml	29
Solutions/Microsoft Exchange Security - Exchange On-Premises/Parsers/MESCompareDataOnPMRA.yaml	183
Solutions/Microsoft Exchange Security - Exchange On-Premises/Parsers/ExchangeEnvironmentList.yaml	26
Solutions/Microsoft Exchange Security - Exchange On-Premises/Parsers/ExchangeConfiguration.yaml	82
Solutions/Microsoft Exchange Security - Exchange On-Premises/Analytic Rules/ServerOrientedWithUserOrientedAdministration.yaml	77
Solutions/Microsoft Exchange Security - Exchange On-Premises/Analytic Rules/CriticalCmdletsUsageDetection.yaml	55
Solutions/Microsoft Exchange Security - Exchange On-Premises/# - General Content/Solutions/ESICollector/OnlineDeployment/CollectExchSecIns.ps1	3543
Solutions/Microsoft Exchange Security - Exchange On-Premises/# - General Content/Solutions/ESICollector/OnlineDeployment/ExchangeOnlinePermSetup.ps1	36
Solutions/ProofPointTap/Parsers/ProofpointTAPEvent.yaml	42
Solutions/ProofPointTap/Analytic Rules/MalwareAttachmentDelivered.yaml	52
Solutions/ProofPointTap/Analytic Rules/MalwareLinkClicked.yaml	52
Solutions/ProofPointTap/Data Connectors/requirements.psd1	7
Solutions/ProofPointTap/Data Connectors/AzureFunctionProofpointTAP/run.ps1	155
Solutions/ProofPointTap/Data Connectors/profile.ps1	18
Solutions/JuniperIDP/Parsers/JuniperIDP.yaml	96
Solutions/Infoblox/Parsers/InfobloxCDC_SOCInsights.yaml	43
Solutions/Infoblox/Parsers/InfobloxInsightEvents.yaml	40
Solutions/Infoblox/Parsers/InfobloxInsight.yaml	41
Solutions/Infoblox/Parsers/InfobloxInsightComments.yaml	19
Solutions/Infoblox/Parsers/InfobloxInsightAssets.yaml	39
Solutions/Infoblox/Parsers/InfobloxInsightIndicators.yaml	39
Solutions/Infoblox/Analytic Rules/Infoblox-SOCInsight-Detected-CDCSource.yaml	53
Solutions/Infoblox/Analytic Rules/Infoblox-SOCInsight-Detected-APISource.yaml	55
Solutions/Infoblox/Data Connectors/InfobloxCloudDataConnector/InfobloxDossierRequiredSource/list_of_sources.py	143
Solutions/Infoblox/Data Connectors/InfobloxCloudDataConnector/InfobloxDossierRequiredSource/__init__.py	38
Solutions/Infoblox/Data Connectors/InfobloxCloudDataConnector/AzureStorageToIndicators/__init__.py	18
Solutions/Infoblox/Data Connectors/InfobloxCloudDataConnector/AzureStorageToIndicators/create_indicator.py	167
Solutions/Infoblox/Data Connectors/InfobloxCloudDataConnector/AzureStorageToIndicators/indicator_mapping.py	149
Solutions/Infoblox/Data Connectors/InfobloxCloudDataConnector/InfobloxParseRawIndicators/__init__.py	22
Solutions/Infoblox/Data Connectors/InfobloxCloudDataConnector/InfobloxParseRawIndicators/parse_json_files.py	372
Solutions/Infoblox/Data Connectors/InfobloxCloudDataConnector/InfobloxDossierHttpStarter/__init__.py	65
Solutions/Infoblox/Data Connectors/InfobloxCloudDataConnector/InfobloxDossierOrchestrator/__init__.py	88
Solutions/Infoblox/Data Connectors/InfobloxCloudDataConnector/InfobloxDossierOrchestrator/create_dossier_job.py	105
Solutions/Infoblox/Data Connectors/InfobloxCloudDataConnector/InfobloxDossierJobResult/__init__.py	19
Solutions/Infoblox/Data Connectors/InfobloxCloudDataConnector/InfobloxDossierJobResult/get_dossier_result.py	170
Solutions/Infoblox/Data Connectors/InfobloxCloudDataConnector/SharedCode/sentinel.py	85
Solutions/Infoblox/Data Connectors/InfobloxCloudDataConnector/SharedCode/infoblox_exception.py	6
Solutions/Infoblox/Data Connectors/InfobloxCloudDataConnector/SharedCode/__init__.py	1
Solutions/Infoblox/Data Connectors/InfobloxCloudDataConnector/SharedCode/state_manager.py	28
Solutions/Infoblox/Data Connectors/InfobloxCloudDataConnector/SharedCode/utils.py	948
Solutions/Infoblox/Data Connectors/InfobloxCloudDataConnector/SharedCode/consts.py	110
Solutions/Infoblox/Data Connectors/InfobloxCloudDataConnector/SharedCode/logger.py	18
Solutions/Infoblox/Data Connectors/InfobloxCloudDataConnector/RetryFailedIndicators/__init__.py	13
Solutions/Infoblox/Data Connectors/InfobloxCloudDataConnector/RetryFailedIndicators/retry_failed_indicators.py	89
Solutions/Infoblox/Data Connectors/InfobloxCloudDataConnector/InfobloxCurrentToAzureStorage/__init__.py	35
Solutions/Infoblox/Data Connectors/InfobloxCloudDataConnector/InfobloxCurrentToAzureStorage/infoblox_to_azure_storage.py	519
Solutions/Infoblox/Data Connectors/InfobloxCloudDataConnector/InfobloxHistoricalToAzureStorage/__init__.py	35
Solutions/Infoblox/Data Connectors/InfobloxCloudDataConnector/InfobloxHistoricalToAzureStorage/infoblox_to_azure_storage.py	538
Solutions/Global Secure Access/Hunting Queries/MultipleTeamsDeletes.yaml	65
Solutions/Global Secure Access/Hunting Queries/ExternalUserFromNewOrgAddedToTeams.yaml	15
Solutions/Global Secure Access/Hunting Queries/MultipleUsersEmailForwardedToSameDestination.yaml	65
Solutions/Global Secure Access/Hunting Queries/New_WindowsReservedFileNamesOnOfficeFileServices.yaml	74
Solutions/Global Secure Access/Hunting Queries/powershell_or_nonbrowser_MailboxLogin.yaml	50
Solutions/Global Secure Access/Hunting Queries/NewBotAddedToTeams.yaml	61
Solutions/Global Secure Access/Hunting Queries/sharepoint_downloads.yaml	62
Solutions/Global Secure Access/Hunting Queries/MultiTeamBot.yaml	58
Solutions/Global Secure Access/Hunting Queries/double_file_ext_exes.yaml	52
Solutions/Global Secure Access/Hunting Queries/ExternalUserAddedRemovedInTeams_HuntVersion.yaml	42
Solutions/Global Secure Access/Hunting Queries/nonowner_MailboxLogin.yaml	67
Solutions/Global Secure Access/Hunting Queries/new_sharepoint_downloads_by_IP.yaml	67
Solutions/Global Secure Access/Hunting Queries/new_sharepoint_downloads_by_UserAgent.yaml	75
Solutions/Global Secure Access/Hunting Queries/UserAddToTeamsAndUploadsFile.yaml	62
Solutions/Global Secure Access/Hunting Queries/new_adminaccountactivity.yaml	53
Solutions/Global Secure Access/Hunting Queries/Mail_redirect_via_ExO_transport_rule_hunting.yaml	73
Solutions/Global Secure Access/Hunting Queries/WindowsReservedFileNamesOnOfficeFileServices.yaml	74
Solutions/Global Secure Access/Hunting Queries/OfficeMailForwarding_hunting.yaml	64
Solutions/Global Secure Access/Hunting Queries/MultiTeamOwner.yaml	74
Solutions/Global Secure Access/Hunting Queries/AnomolousUserAccessingOtherUsersMailbox.yaml	110
Solutions/Global Secure Access/Hunting Queries/TeamsFilesUploaded.yaml	72
Solutions/Global Secure Access/Analytic Rules/Office 365 - office_policytampering.yaml	100
Solutions/Global Secure Access/Analytic Rules/Office 365 - Mail_redirect_via_ExO_transport_rule.yaml	119
Solutions/Global Secure Access/Analytic Rules/SWG - Source IP Port Scan.yaml	41
Solutions/Global Secure Access/Analytic Rules/Office 365 - exchange_auditlogdisabled.yaml	73
Solutions/Global Secure Access/Analytic Rules/Office 365 - Malicious_Inbox_Rule.yaml	76
Solutions/Global Secure Access/Analytic Rules/SWG - Abnormal Deny Rate.yaml	58
Solutions/Global Secure Access/Analytic Rules/Office 365 - Office_Uploaded_Executables.yaml	85
Solutions/Global Secure Access/Analytic Rules/Office 365 - SharePoint_Downloads_byNewUserAgent.yaml	116
Solutions/Global Secure Access/Analytic Rules/Office 365 - sharepoint_file_transfer_above_threshold.yaml	87
Solutions/Global Secure Access/Analytic Rules/Office 365 - RareOfficeOperations.yaml	62
Solutions/Global Secure Access/Analytic Rules/Office 365 - SharePoint_Downloads_byNewIP.yaml	91
Solutions/Global Secure Access/Analytic Rules/SWG - Abnormal Port to Protocol.yaml	54
Solutions/Global Secure Access/Analytic Rules/Office 365 - ExternalUserAddedRemovedInTeams.yaml	94
Solutions/Global Secure Access/Analytic Rules/Office 365 - Office_MailForwarding.yaml	71
Solutions/Global Secure Access/Analytic Rules/Office 365 - External User added to Team and immediately uploads file.yaml	125
Solutions/Global Secure Access/Analytic Rules/Office 365 - sharepoint_file_transfer_folders_above_threshold.yaml	91
Solutions/Global Secure Access/Analytic Rules/Identity - AfterHoursActivity.yaml	41
Solutions/Global Secure Access/Analytic Rules/Office 365 - MultipleTeamsDeletes.yaml	58
Solutions/ExtraHop/Analytic Rules/ExtraHopSentinelAlerts.yaml	64
Solutions/ExtraHop/Data Connectors/ExtraHopDataConnector/ExtraHopSentinelActivity/extrahop.py	68
Solutions/ExtraHop/Data Connectors/ExtraHopDataConnector/ExtraHopSentinelActivity/sentinel.py	197
Solutions/ExtraHop/Data Connectors/ExtraHopDataConnector/ExtraHopSentinelActivity/__init__.py	22
Solutions/ExtraHop/Data Connectors/ExtraHopDataConnector/SharedCode/__init__.py	1
Solutions/ExtraHop/Data Connectors/ExtraHopDataConnector/SharedCode/extrahop_exceptions.py	9
Solutions/ExtraHop/Data Connectors/ExtraHopDataConnector/SharedCode/consts.py	10
Solutions/ExtraHop/Data Connectors/ExtraHopDataConnector/SharedCode/logger.py	12
Solutions/ExtraHop/Data Connectors/ExtraHopDataConnector/ExtraHopDetectionsOrchestrator/__init__.py	11
Solutions/ExtraHop/Data Connectors/ExtraHopDataConnector/ExtraHopHttpStarter/__init__.py	67
Solutions/McAfee ePolicy Orchestrator/Hunting Queries/McAfeeEPOEmailThreats.yaml	39
Solutions/McAfee ePolicy Orchestrator/Hunting Queries/McAfeeEPOObjectsNotScanned.yaml	27
Solutions/McAfee ePolicy Orchestrator/Hunting Queries/McAfeeEPOThreatNotBlocked.yaml	36
Solutions/McAfee ePolicy Orchestrator/Hunting Queries/McAfeeEPOAgentErrors.yaml	35
Solutions/McAfee ePolicy Orchestrator/Hunting Queries/McAfeeEPOScanErrors.yaml	35
Solutions/McAfee ePolicy Orchestrator/Hunting Queries/McAfeeEPOLongTermInfectedSystems.yaml	41
Solutions/McAfee ePolicy Orchestrator/Hunting Queries/McAfeeEPOInfectedSystems.yaml	25
Solutions/McAfee ePolicy Orchestrator/Hunting Queries/McAfeeEPOInfectedFiles.yaml	25
Solutions/McAfee ePolicy Orchestrator/Hunting Queries/McAfeeEPOMultipleThreats.yaml	29
Solutions/McAfee ePolicy Orchestrator/Hunting Queries/McAfeeEPOApplicationsBlocked.yaml	28
Solutions/McAfee ePolicy Orchestrator/Parsers/McAfeeEPOEvent.yaml	200
Solutions/McAfee ePolicy Orchestrator/Analytic Rules/McAfeeEPOTaskError.yaml	33
Solutions/McAfee ePolicy Orchestrator/Analytic Rules/McAfeeEPODeploymentFailed.yaml	33
Solutions/McAfee ePolicy Orchestrator/Analytic Rules/McAfeeEPOScanningEngineDisabled.yaml	34
Solutions/McAfee ePolicy Orchestrator/Analytic Rules/McAfeeEPOUnableCleanDeleteInfectedFile.yaml	39
Solutions/McAfee ePolicy Orchestrator/Analytic Rules/McAfeeEPOThreatNotBlocked.yaml	35
Solutions/McAfee ePolicy Orchestrator/Analytic Rules/McAfeeEPOUpdateFailed.yaml	34
Solutions/McAfee ePolicy Orchestrator/Analytic Rules/McAfeeEPOMultipleThreatsSameHost.yaml	40
Solutions/McAfee ePolicy Orchestrator/Analytic Rules/McAfeeEPOAttemptUninstallAgent.yaml	34
Solutions/McAfee ePolicy Orchestrator/Analytic Rules/McAfeeEPOAgentHandlerDown.yaml	33
Solutions/McAfee ePolicy Orchestrator/Analytic Rules/McAfeeEPOSpamEmail.yaml	33
Solutions/McAfee ePolicy Orchestrator/Analytic Rules/McAfeeEPOExceptionAdded.yaml	31
Solutions/McAfee ePolicy Orchestrator/Analytic Rules/McAfeeEPOLoggingError.yaml	38
Solutions/McAfee ePolicy Orchestrator/Analytic Rules/McAfeeEPOFirewallDisabled.yaml	35
Solutions/McAfee ePolicy Orchestrator/Analytic Rules/McAfeeEPOAlertError.yaml	30
Solutions/CofenseIntelligence/Data Connectors/CofenseIntelligenceDataConnector/CofenseToSentinel/sentinel.py	126
Solutions/CofenseIntelligence/Data Connectors/CofenseIntelligenceDataConnector/CofenseToSentinel/__init__.py	13
Solutions/CofenseIntelligence/Data Connectors/CofenseIntelligenceDataConnector/CofenseToSentinel/cofense_to_sentinel.py	273
Solutions/CofenseIntelligence/Data Connectors/CofenseIntelligenceDataConnector/CofenseToSentinel/cofense_to_sentinel_mapping.py	60
Solutions/CofenseIntelligence/Data Connectors/CofenseIntelligenceDataConnector/DownloadThreatReports/__init__.py	149
Solutions/CofenseIntelligence/Data Connectors/CofenseIntelligenceDataConnector/CofenseIntelligenceMalware/cofense_malware_data_to_sentinel.py	391
Solutions/CofenseIntelligence/Data Connectors/CofenseIntelligenceDataConnector/CofenseIntelligenceMalware/__init__.py	13
Solutions/CofenseIntelligence/Data Connectors/CofenseIntelligenceDataConnector/SentinelToDefender/sentinel.py	711
Solutions/CofenseIntelligence/Data Connectors/CofenseIntelligenceDataConnector/SentinelToDefender/__init__.py	34
Solutions/CofenseIntelligence/Data Connectors/CofenseIntelligenceDataConnector/SentinelToDefender/sentinel_to_defender_mapping.py	151
Solutions/CofenseIntelligence/Data Connectors/CofenseIntelligenceDataConnector/SentinelToDefender/defender.py	283
Solutions/CofenseIntelligence/Data Connectors/CofenseIntelligenceDataConnector/SharedCode/sentinel.py	117
Solutions/CofenseIntelligence/Data Connectors/CofenseIntelligenceDataConnector/SharedCode/manage_checkpoints.py	82
Solutions/CofenseIntelligence/Data Connectors/CofenseIntelligenceDataConnector/SharedCode/__init__.py	1
Solutions/CofenseIntelligence/Data Connectors/CofenseIntelligenceDataConnector/SharedCode/cofense_intelligence_exception.py	3
Solutions/CofenseIntelligence/Data Connectors/CofenseIntelligenceDataConnector/SharedCode/state_manager.py	37
Solutions/CofenseIntelligence/Data Connectors/CofenseIntelligenceDataConnector/SharedCode/utils.py	433
Solutions/CofenseIntelligence/Data Connectors/CofenseIntelligenceDataConnector/SharedCode/consts.py	63
Solutions/CofenseIntelligence/Data Connectors/CofenseIntelligenceDataConnector/SharedCode/logger.py	25
Solutions/CofenseIntelligence/Data Connectors/CofenseIntelligenceDataConnector/RetryFailedIndicators/sentinel.py	111
Solutions/CofenseIntelligence/Data Connectors/CofenseIntelligenceDataConnector/RetryFailedIndicators/__init__.py	12
Solutions/CofenseIntelligence/Data Connectors/CofenseIntelligenceDataConnector/RetryFailedIndicators/retry_failed_indicators.py	269
Solutions/TransmitSecurity/Data Connectors/TransmitSecurityConnector/__init__.py	126
Solutions/Digital Guardian Data Loss Prevention/Hunting Queries/DigitalGuardianNewIncidents.yaml	25
Solutions/Digital Guardian Data Loss Prevention/Hunting Queries/DigitalGuardianRareDestinationPorts.yaml	25
Solutions/Digital Guardian Data Loss Prevention/Hunting Queries/DigitalGuardianDomains.yaml	26
Solutions/Digital Guardian Data Loss Prevention/Hunting Queries/DigitalGuardianRareNetworkProtocols.yaml	30
Solutions/Digital Guardian Data Loss Prevention/Hunting Queries/DigitalGuardianInsecureProtocolSources.yaml	24
Solutions/Digital Guardian Data Loss Prevention/Hunting Queries/DigitalGuardianFilesSentByUsers.yaml	24
Solutions/Digital Guardian Data Loss Prevention/Hunting Queries/DigitalGuardianInspectedFiles.yaml	24
Solutions/Digital Guardian Data Loss Prevention/Hunting Queries/DigitalGuardianUrlByUser.yaml	24
Solutions/Digital Guardian Data Loss Prevention/Hunting Queries/DigitalGuardianIncidentsByUser.yaml	25
Solutions/Digital Guardian Data Loss Prevention/Hunting Queries/DigitalGuardianRareUrls.yaml	26
Solutions/Digital Guardian Data Loss Prevention/Parsers/DigitalGuardianDLPEvent.yaml	31
Solutions/Digital Guardian Data Loss Prevention/Analytic Rules/DigitalGuardianPossibleProtocolAbuse.yaml	30
Solutions/Digital Guardian Data Loss Prevention/Analytic Rules/DigitalGuardianFileSentToExternal.yaml	36
Solutions/Digital Guardian Data Loss Prevention/Analytic Rules/DigitalGuardianClassifiedDataInsecureTransfer.yaml	35
Solutions/Digital Guardian Data Loss Prevention/Analytic Rules/DigitalGuardianFilesSentToExternalDomain.yaml	38
Solutions/Digital Guardian Data Loss Prevention/Analytic Rules/DigitalGuardianUnexpectedProtocol.yaml	29
Solutions/Digital Guardian Data Loss Prevention/Analytic Rules/DigitalGuardianFileSentToExternalDomain.yaml	35
Solutions/Digital Guardian Data Loss Prevention/Analytic Rules/DigitalGuardianExfiltrationToFileShareServices.yaml	33
Solutions/Digital Guardian Data Loss Prevention/Analytic Rules/DigitalGuardianMultipleIncidentsFromUser.yaml	32
Solutions/Digital Guardian Data Loss Prevention/Analytic Rules/DigitalGuardianViolationNotBlocked.yaml	32
Solutions/Digital Guardian Data Loss Prevention/Analytic Rules/DigitalGuardianExfiltrationOverDNS.yaml	29
Solutions/ThreatConnect/Analytic Rules/ThreatConnect_EmailEntity_OfficeActivity.yaml	68
Solutions/ThreatConnect/Analytic Rules/ThreatConnect_IPEntity_NetworkSessions.yaml	80
Solutions/ThreatConnect/Analytic Rules/ThreatConnect_URLEntity_OfficeActivity.yaml	54
Solutions/ThreatConnect/Analytic Rules/ThreatConnect_DomainEntity_DnsEvents.yaml	92
Solutions/ThreatConnect/Analytic Rules/ThreatConnect_EmailEntity_SigninLogs.yaml	83
Solutions/JBoss/Parsers/JBossEvent.yaml	20
Solutions/Lookout/Parsers/LookoutEvents.yaml	86
Solutions/Lookout/Analytic Rules/LookoutThreatEvent.yaml	44
Solutions/Lookout/Data Connectors/LookoutAPISentinelConnector/azuresecret_handler.py	44
Solutions/Lookout/Data Connectors/LookoutAPISentinelConnector/__init__.py	92
Solutions/Lookout/Data Connectors/LookoutAPISentinelConnector/mes_request.py	186
Solutions/Armorblox/Analytic Rules/ArmorbloxNeedsReviewAlert.yaml	40
Solutions/Armorblox/Data Connectors/ArmorbloxAzureSentinelConnector/__init__.py	122
Solutions/Armorblox/Data Connectors/ArmorbloxAzureSentinelConnector/state_manager.py	18
Solutions/Morphisec/Parsers/Morphisec.yaml	27
Solutions/Infoblox SOC Insights/Parsers/InfobloxCDC_SOCInsights.yaml	43
Solutions/Infoblox SOC Insights/Parsers/InfobloxInsightEvents.yaml	40
Solutions/Infoblox SOC Insights/Parsers/InfobloxInsight.yaml	41
Solutions/Infoblox SOC Insights/Parsers/InfobloxInsightComments.yaml	19
Solutions/Infoblox SOC Insights/Parsers/InfobloxInsightAssets.yaml	39
Solutions/Infoblox SOC Insights/Parsers/InfobloxInsightIndicators.yaml	39
Solutions/Infoblox SOC Insights/Analytic Rules/Infoblox-SOCInsightDetected-CDCSource.yaml	56
Solutions/Infoblox SOC Insights/Analytic Rules/Infoblox-SOCInsightDetected-APISource.yaml	55
Solutions/RidgeSecurity/Analytic Rules/RidgeSecurity_Vulnerabilities.yaml	42
Solutions/RidgeSecurity/Analytic Rules/RidgeSecurity_Risks.yaml	42
Solutions/PaloAlto-PAN-OS/Hunting Queries/PaloAlto-HighRiskPorts.yaml	112
Solutions/PaloAlto-PAN-OS/Hunting Queries/Palo Alto - potential beaconing detected.yaml	61
Solutions/PaloAlto-PAN-OS/Analytic Rules/PaloAlto-NetworkBeaconing.yaml	65
Solutions/PaloAlto-PAN-OS/Analytic Rules/PaloAlto-PortScanning.yaml	65
Solutions/PaloAlto-PAN-OS/Analytic Rules/FileHashEntity_Covid19_CommonSecurityLog.yaml	70
Solutions/PaloAlto-PAN-OS/Analytic Rules/PaloAlto-UnusualThreatSignatures.yaml	57
Solutions/Snowflake/Hunting Queries/SnowflakeDormantUser.yaml	26
Solutions/Snowflake/Hunting Queries/SnowflakeDeletedTables.yaml	25
Solutions/Snowflake/Hunting Queries/SnowflakeAdminSources.yaml	34
Solutions/Snowflake/Hunting Queries/SnowflakeTimeConsumingQueries.yaml	26
Solutions/Snowflake/Hunting Queries/SnowflakeUnknownQueryType.yaml	24
Solutions/Snowflake/Hunting Queries/SnowflakeUserSources.yaml	29
Solutions/Snowflake/Hunting Queries/SnowflakeDeletedDatabases.yaml	25
Solutions/Snowflake/Hunting Queries/SnowflakeUnusedAdmins.yaml	31
Solutions/Snowflake/Hunting Queries/SnowflakeFailedLogins.yaml	25
Solutions/Snowflake/Hunting Queries/SnowflakeHighCreditConsumingQueries.yaml	26
Solutions/Snowflake/Parsers/Snowflake.yaml	20
Solutions/Snowflake/Analytic Rules/SnowflakeUnusualQuery.yaml	31
Solutions/Snowflake/Analytic Rules/SnowflakePrivilegesDiscovery.yaml	30
Solutions/Snowflake/Analytic Rules/SnowflakeMultipleLoginFailure.yaml	33
Solutions/Snowflake/Analytic Rules/SnowflakeMultipleLoginFailureFromIP.yaml	33
Solutions/Snowflake/Analytic Rules/SnowflakePossibleDataDestruction.yaml	33
Solutions/Snowflake/Analytic Rules/SnowflakeQueryOnSensitiveTable.yaml	33
Solutions/Snowflake/Analytic Rules/SnowflakeDiscoveryActivity.yaml	33
Solutions/Snowflake/Analytic Rules/SnowflakeUserAddAdminPrivileges.yaml	34
Solutions/Snowflake/Analytic Rules/SnowflakeMultipleFailedQueries.yaml	33
Solutions/Snowflake/Analytic Rules/SnowflakeLongQueryProcessTime.yaml	30
Solutions/Snowflake/Data Connectors/AzureFunctionSnowflake/main.py	187
Solutions/Snowflake/Data Connectors/AzureFunctionSnowflake/state_manager.py	21
Solutions/Snowflake/Data Connectors/AzureFunctionSnowflake/sentinel_connector.py	103
Solutions/Trend Micro Vision One/Analytic Rules/Create Incident for XDR Alerts.yaml	89
Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/timer_trigger/__init__.py	104
Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/oat_pipeline_file_qt/__init__.py	42
Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/queue_trigger_rca/__init__.py	63
Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/oat_pipeline_task_poison_qt/__init__.py	10
Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/oat_pipeline_file_poison_qt/__init__.py	10
Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/queue_trigger_wb/__init__.py	113
Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/queue_trigger_wb_poison/__init__.py	12
Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/oat_pipeline_task_qt/__init__.py	70
Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/queue_trigger_oat_poison/__init__.py	10
Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/timer_trigger_oat/__init__.py	105
Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/shared_code/services/__init__.py	1
Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/shared_code/services/workbench_service.py	219
Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/shared_code/services/oat_service.py	284
Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/shared_code/transform_utils.py	293
Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/shared_code/models/rca.py	1
Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/shared_code/models/__init__.py	1
Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/shared_code/models/oat.py	411
Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/shared_code/models/workbench.py	36
Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/shared_code/__init__.py	1
Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/shared_code/exceptions.py	2
Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/shared_code/decorators/__init__.py	1
Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/shared_code/decorators/timer.py	18
Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/shared_code/configurations.py	117
Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/shared_code/customized_logger/__init__.py	1
Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/shared_code/customized_logger/customized_json_logger.py	38
Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/shared_code/utils.py	71
Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/shared_code/data_collector.py	80
Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/shared_code/trace_utils/__init__.py	1
Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/shared_code/trace_utils/trace/trace_manager.py	22
Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/shared_code/trace_utils/trace/__init__.py	1
Solutions/Sophos XG Firewall/Parsers/SophosXGFirewall.yaml	77
Solutions/Sophos XG Firewall/Analytic Rules/ExcessiveAmountofDeniedConnectionsfromASingleSource.yaml	31
Solutions/Sophos XG Firewall/Analytic Rules/PortScanDetected.yaml	32
Solutions/OneLoginIAM/Parsers/OneLogin.yaml	589
Solutions/OneLoginIAM/Data Connectors/OneLoginWebhooksTrigger/__init__.py	80
Solutions/Cisco SD-WAN/Parsers/CiscoSyslogFW6LogSummary.yaml	47
Solutions/Cisco SD-WAN/Parsers/CiscoSDWANNetflow.yaml	243
Solutions/Cisco SD-WAN/Parsers/MapNetflowUsername.yaml	18
Solutions/Cisco SD-WAN/Parsers/CiscoSyslogUTD.yaml	51
Solutions/Cisco SD-WAN/Analytic Rules/CiscoSDWANSentinelMalwareEvents.yaml	55
Solutions/Cisco SD-WAN/Analytic Rules/CiscoSDWANSentinelIPSEventThreshold.yaml	38
Solutions/Cisco SD-WAN/Analytic Rules/CiscoSDWANSentinelIntrusionEvents.yaml	36
Solutions/Cisco SD-WAN/Analytic Rules/CiscoSDWANSentinelMonitorCriticalIP.yaml	41
Solutions/Broadcom SymantecDLP/Parsers/SymantecDLP.yaml	32
Solutions/Cyborg Security HUNTER/Hunting Queries/Proxy VBScript Execution via CurrentVersion Registry Key.yaml	22
Solutions/Cyborg Security HUNTER/Hunting Queries/Potential Maldoc Execution Chain Observed.yaml	42
Solutions/Cyborg Security HUNTER/Hunting Queries/PowerShell Pastebin Download.yaml	32
Solutions/Cyborg Security HUNTER/Hunting Queries/Rundll32 or cmd Executing Application from Explorer - Potential Malware Execution Chain.yaml	30
Solutions/Cyborg Security HUNTER/Hunting Queries/Prohibited Applications Spawning cmd.exe or powershell.exe.yaml	39
Solutions/Cyborg Security HUNTER/Hunting Queries/Metasploit Impacket PsExec Process Creation Activity.yaml	19
Solutions/Cyborg Security HUNTER/Hunting Queries/Powershell Encoded Command Execution.yaml	21
Solutions/Cyborg Security HUNTER/Hunting Queries/LSASS Memory Dumping using WerFault.exe - Command Identification.yaml	18
Solutions/Cyborg Security HUNTER/Hunting Queries/Excessive Windows Discovery and Execution Processes - Potential Malware Installation.yaml	62
Solutions/Cyborg Security HUNTER/Hunting Queries/Attempted VBScript Stored in Non-Run CurrentVersion Registry Key Value.yaml	29
Solutions/Forescout (Legacy)/Parsers/ForescoutEvent.yaml	23
Solutions/Azure Firewall/Hunting Queries/Azure Firewall - First time source IP to Destination.yaml	40
Solutions/Azure Firewall/Hunting Queries/Azure Firewall - Uncommon Port to IP.yaml	40
Solutions/Azure Firewall/Hunting Queries/Azure Firewall - Source IP Abnormally Connects to Multiple Destinations.yaml	46
Solutions/Azure Firewall/Hunting Queries/Azure Firewall - First Time Source IP to Destination Using Port.yaml	40
Solutions/Azure Firewall/Hunting Queries/Azure Firewall - Uncommon Port for Organization.yaml	41
Solutions/Azure Firewall/Analytic Rules/Azure Firewall - Abnormal Deny Rate for Source IP.yaml	86
Solutions/Azure Firewall/Analytic Rules/Azure Firewall - Abnormal Port to Protocol.yaml	82
Solutions/Azure Firewall/Analytic Rules/Azure Firewall - Port Scan.yaml	51
Solutions/Azure Firewall/Analytic Rules/Azure Firewall - Multiple Sources Affected by the Same TI Destination.yaml	51
Solutions/Azure Firewall/Analytic Rules/Azure Firewall - Port Sweep.yaml	59
Solutions/Azure Firewall/Analytic Rules/SeveralDenyActionsRegistered.yaml	70
Solutions/Trend Micro TippingPoint/Parsers/TrendMicroTippingPoint.yaml	24
Solutions/HYAS Protect/Parsers/HYASProtectDNS.yaml	26
Solutions/HYAS Protect/Data Connectors/HyasProtect/__init__.py	184
Solutions/HYAS Protect/Data Connectors/HyasProtect/state_manager.py	30
Solutions/HYAS Protect/Data Connectors/HyasProtect/utils.py	70
Solutions/UEBA Essentials/Hunting Queries/Anomalous Failed Logon.yaml	46
Solutions/UEBA Essentials/Hunting Queries/anomaliesOnVIPUsers.yaml	20
Solutions/UEBA Essentials/Hunting Queries/Anomalous Activity Role Assignment.yaml	36
Solutions/UEBA Essentials/Hunting Queries/Anomalous Role Assignment.yaml	52
Solutions/UEBA Essentials/Hunting Queries/Anomalous Code Execution.yaml	34
Solutions/UEBA Essentials/Hunting Queries/dormantAccountActivityFromUncommonCountry.yaml	24
Solutions/UEBA Essentials/Hunting Queries/anomalousActionInTenant.yaml	22
Solutions/UEBA Essentials/Hunting Queries/loginActivityFromBotnet.yaml	25
Solutions/UEBA Essentials/Hunting Queries/Anomalous Password Reset.yaml	49
Solutions/UEBA Essentials/Hunting Queries/firstConnectionFromGroup.yaml	31
Solutions/UEBA Essentials/Hunting Queries/Anomalous Defensive Mechanism Modification.yaml	34
Solutions/UEBA Essentials/Hunting Queries/Anomalous AAD Account Manipulation.yaml	26
Solutions/UEBA Essentials/Hunting Queries/updateKeyVaultActivity.yaml	26
Solutions/UEBA Essentials/Hunting Queries/terminatedEmployeeAccessHVA.yaml	27
Solutions/UEBA Essentials/Hunting Queries/terminatedEmployeeActivity.yaml	25
Solutions/UEBA Essentials/Hunting Queries/Anomalous Sign-in Activity.yaml	8
Solutions/UEBA Essentials/Hunting Queries/newAccountAddedToAdminGroup.yaml	22
Solutions/UEBA Essentials/Hunting Queries/Anomalous Resource Access.yaml	34
Solutions/UEBA Essentials/Hunting Queries/Anomalous Geo Location Logon.yaml	46
Solutions/UEBA Essentials/Hunting Queries/Anomalous Login to Devices.yaml	36
Solutions/UEBA Essentials/Hunting Queries/Anomalous Account Creation.yaml	50
Solutions/UEBA Essentials/Hunting Queries/Anomalous Data Access.yaml	34
Solutions/UEBA Essentials/Hunting Queries/Anomalous RDP Activity.yaml	35
Solutions/Endpoint Threat Protection Essentials/Hunting Queries/FileExecutionWithOneCharacterInTheName.yaml	52
Solutions/Endpoint Threat Protection Essentials/Hunting Queries/BackupDeletion.yaml	90
Solutions/Endpoint Threat Protection Essentials/Hunting Queries/SignedBinaryProxyExecutionRundll32.yaml	52
Solutions/Endpoint Threat Protection Essentials/Hunting Queries/DownloadOfNewFileUsingCurl.yaml	60
Solutions/Endpoint Threat Protection Essentials/Hunting Queries/PotentialMicrosoftSecurityServicesTampering.yaml	117
Solutions/Endpoint Threat Protection Essentials/Hunting Queries/PersistViaIFEORegistryKey.yaml	90
Solutions/Endpoint Threat Protection Essentials/Hunting Queries/WindowsFirewallUpdateUsingNetsh.yaml	147
Solutions/Endpoint Threat Protection Essentials/Hunting Queries/UnicodeObfuscationInCommandLine.yaml	55
Solutions/Endpoint Threat Protection Essentials/Hunting Queries/ASimProcess_WindowsSystemShutdownReboot.yaml	24
Solutions/Endpoint Threat Protection Essentials/Hunting Queries/SuspiciousPowerShellCommandExecution.yaml	57
Solutions/Endpoint Threat Protection Essentials/Hunting Queries/RemoteLoginPerformedwithWMI.yaml	46
Solutions/Endpoint Threat Protection Essentials/Hunting Queries/RemoteScheduledTaskCreationUpdateUsingATSVCNamedPipe.yaml	49
Solutions/Endpoint Threat Protection Essentials/Hunting Queries/ASimProcess_CertutilLoLBins.yaml	26
Solutions/Endpoint Threat Protection Essentials/Hunting Queries/ScheduledTaskCreationUpdateFromUserWritableDrectory.yaml	51
Solutions/Endpoint Threat Protection Essentials/Hunting Queries/Certutil-LOLBins.yaml	55
Solutions/Endpoint Threat Protection Essentials/Analytic Rules/RegistryPersistenceViaAppCertDLLModification.yaml	45
Solutions/Endpoint Threat Protection Essentials/Analytic Rules/malware_in_recyclebin.yaml	71
Solutions/Endpoint Threat Protection Essentials/Analytic Rules/SecurityEventLogCleared.yaml	59
Solutions/Endpoint Threat Protection Essentials/Analytic Rules/MacroInvokingShellBrowserWindowCOMObjects.yaml	48
Solutions/Endpoint Threat Protection Essentials/Analytic Rules/LateralMovementViaDCOM.yaml	49
Solutions/Endpoint Threat Protection Essentials/Analytic Rules/WindowsBinariesLolbinsRenamed.yaml	50
Solutions/Endpoint Threat Protection Essentials/Analytic Rules/SuspiciousPowerShellCommandExecuted.yaml	69
Solutions/Endpoint Threat Protection Essentials/Analytic Rules/DumpingLSASSProcessIntoaFile.yaml	48
Solutions/Endpoint Threat Protection Essentials/Analytic Rules/RegistryPersistenceViaAppInt_DLLsModification.yaml	45
Solutions/Endpoint Threat Protection Essentials/Analytic Rules/WDigestDowngradeAttack.yaml	44
Solutions/Endpoint Threat Protection Essentials/Analytic Rules/PotentialRemoteDesktopTunneling.yaml	49
Solutions/Endpoint Threat Protection Essentials/Analytic Rules/execute_base64_decodedpayload.yaml	73
Solutions/Endpoint Threat Protection Essentials/Analytic Rules/base64_encoded_pefile.yaml	68
Solutions/Endpoint Threat Protection Essentials/Analytic Rules/WindowsBinariesExecutedfromNon-DefaultDirectory.yaml	50
Solutions/ARGOSCloudSecurity/Analytic Rules/ExploitableSecurityIssues.yaml	45
Solutions/Windows Forwarded Events/Analytic Rules/moveit_file_transfer_folders_above_threshold.yaml	62
Solutions/Windows Forwarded Events/Analytic Rules/CaramelTsunami_IOC_WindowsEvent.yaml	45
Solutions/Windows Forwarded Events/Analytic Rules/moveit_file_transfer_above_threshold.yaml	62
Solutions/Windows Forwarded Events/Analytic Rules/ChiaCryptoMining_WindowsEvent.yaml	38
Solutions/Cisco ETD/Data Connectors/CiscoETDAzureSentinelConnector/__init__.py	199
Solutions/Samsung Knox Asset Intelligence/Analytic Rules/SamsungKnoxPeripheralAccessDetectionWithCamera.yaml	28
Solutions/Samsung Knox Asset Intelligence/Analytic Rules/SamsungKnoxSuspiciousURLs.yaml	36
Solutions/Samsung Knox Asset Intelligence/Analytic Rules/SamsungKnoxApplicationPrivilegeEscalationOrChange.yaml	30
Solutions/Samsung Knox Asset Intelligence/Analytic Rules/SamsungKnoxPasswordLockout.yaml	31
Solutions/Samsung Knox Asset Intelligence/Analytic Rules/SamsungKnoxKeyguardDisabledFeatureSet.yaml	30
Solutions/Samsung Knox Asset Intelligence/Analytic Rules/SamsungKnoxSecurityLogFull.yaml	28
Solutions/Samsung Knox Asset Intelligence/Analytic Rules/SamsungKnoxPeripheralAccessDetectionWithMic.yaml	34
Solutions/Samsung Knox Asset Intelligence/Analytic Rules/SamsungKnoxMobileDeviceBootCompromise.yaml	30
Solutions/ContinuousDiagnostics&Mitigation/Hunting Queries/ContinuousDiagnostics&MitigationPosture.yaml	43
Solutions/ContinuousDiagnostics&Mitigation/Analytic Rules/ContinuousDiagnostics&MitigationPostureChanged.yaml	54
Solutions/Illusive Platform/Analytic Rules/Illusive_Detection_Query.yaml	67
Solutions/QualysVM/Parsers/QualysHostDetection.yaml	88
Solutions/QualysVM/Analytic Rules/HighNumberofVulnDetectedV2.yaml	35
Solutions/QualysVM/Analytic Rules/NewHighSeverityVulnDetectedAcrossMulitpleHostsV2.yaml	28
Solutions/QualysVM/Data Connectors/requirements.psd1	7
Solutions/QualysVM/Data Connectors/AzureFunctionQualysVM_V2/run.ps1	285
Solutions/QualysVM/Data Connectors/profile.ps1	18
Solutions/Agari/Data Connectors/requirements.psd1	7
Solutions/Agari/Data Connectors/AzureFunctionAgari/run.ps1	451
Solutions/Agari/Data Connectors/profile.ps1	18
Solutions/Cynerio/Parsers/CynerioEvent_NetworkSession.yaml	177
Solutions/Cynerio/Parsers/CynerioEvent_Authentication.yaml	48
Solutions/Cynerio/Analytic Rules/IoTWeakPasswords.yaml	35
Solutions/Cynerio/Analytic Rules/SuspiciousConnections.yaml	33
Solutions/Cynerio/Analytic Rules/IoTDefaultPasswords.yaml	35
Solutions/Cynerio/Analytic Rules/IoTExploitationAttempts.yaml	36
Solutions/Cynerio/Analytic Rules/MedicalDeviceScanning.yaml	32
Solutions/DomainTools/Parsers/DomainToolsDNS.yaml	37
Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/ReturnDomainsFromSearchHash/__init__.py	95
Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/PivotByRegistrantOrg/__init__.py	95
Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/PivotByRegistrantName/__init__.py	95
Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/ReverseEmailDomain/__init__.py	95
Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/ReverseIP/__init__.py	95
Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/InvestigateDomain/__init__.py	458
Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/PivotSSLEmail/__init__.py	95
Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/ReverseIPHost-Domains/__init__.py	74
Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/EnrichDomain/__init__.py	306
Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/EnrichDomain/utils.py	74
Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/PivotMXHost/__init__.py	95
Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/DomainRiskScore/__init__.py	70
Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/ReturnTaggedWithAll/__init__.py	95
Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/PivotByMXIP/__init__.py	95
Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/DomainSearch/__init__.py	113
Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/PivotNameServerHost/__init__.py	95
Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/DomainProfile/__init__.py	70
Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/WhoisHistory/__init__.py	87
Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/WhoisLookup/__init__.py	70
Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/ParsedWhois/__init__.py	111
Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/ReverseWhois/__init__.py	83
Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/Evidence/__init__.py	70
Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/ReverseIPWhois/__init__.py	95
Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/ReturnTaggedWithAny/__init__.py	95
Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/PivotByNameserverIPAddress/__init__.py	95
Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/ReverseEmail/__init__.py	95
Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/ClassicReverseIP/__init__.py	74
Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/PivotBySSLHash/__init__.py	95
Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/ReverseNameServer/__init__.py	74
Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/HostingHistory/__init__.py	70
Solutions/ImpervaCloudWAF/Hunting Queries/ImpervaTopApplicationsErrors.yaml	29
Solutions/ImpervaCloudWAF/Hunting Queries/ImpervaRareDstPorts.yaml	24
Solutions/ImpervaCloudWAF/Hunting Queries/ImpervaInsecureWebProtocolVersion.yaml	24
Solutions/ImpervaCloudWAF/Hunting Queries/ImpervaRareApplications.yaml	25
Solutions/ImpervaCloudWAF/Hunting Queries/ImpervaRequestsFromBots.yaml	24
Solutions/ImpervaCloudWAF/Hunting Queries/ImpervaRareClientApplications.yaml	25
Solutions/ImpervaCloudWAF/Hunting Queries/ImpervaTopSourcesErrors.yaml	25
Solutions/ImpervaCloudWAF/Hunting Queries/ImpervaDestinationBlocked.yaml	27
Solutions/ImpervaCloudWAF/Hunting Queries/ImpervaNonWebApplication.yaml	24
Solutions/ImpervaCloudWAF/Hunting Queries/ImpervaSourceBlocked.yaml	27
Solutions/ImpervaCloudWAF/Parsers/ImpervaWAFCloud.yaml	48
Solutions/ImpervaCloudWAF/Analytic Rules/ImpervaAdminPanelUncommonIp.yaml	31
Solutions/ImpervaCloudWAF/Analytic Rules/ImpervaForbiddenCountry.yaml	32
Solutions/ImpervaCloudWAF/Analytic Rules/ImpervaMultipleUAsSource.yaml	4
Solutions/ImpervaCloudWAF/Analytic Rules/ImpervaMaliciousClient.yaml	35
Solutions/ImpervaCloudWAF/Analytic Rules/ImpervaForbiddenMethod.yaml	35
Solutions/ImpervaCloudWAF/Analytic Rules/ImpervaSuspiciousDstPort.yaml	32
Solutions/ImpervaCloudWAF/Analytic Rules/ImpervaAttackNotBlocked.yaml	31
Solutions/ImpervaCloudWAF/Analytic Rules/ImpervaMaliciousUA.yaml	31
Solutions/ImpervaCloudWAF/Analytic Rules/ImpervaCommandInUri.yaml	31
Solutions/ImpervaCloudWAF/Analytic Rules/ImpervaAbnormalProtocolUsage.yaml	31
Solutions/ImpervaCloudWAF/Data Connectors/ImpervaWAFCloudSentinelConnector/__init__.py	221
Solutions/ImpervaCloudWAF/Data Connectors/ImpervaWAFCloudSentinelConnector/state_manager.py	18
Solutions/Web Session Essentials/Hunting Queries/ThreatInfoFoundInWebRequests.yaml	51
Solutions/Web Session Essentials/Hunting Queries/RequestFromBotsAndCrawlers.yaml	42
Solutions/Web Session Essentials/Hunting Queries/PotentialBeaconingDetected_TimeDelta.yaml	58
Solutions/Web Session Essentials/Hunting Queries/PotentialBeaconingDetected_LimitedDomainBased.yaml	54
Solutions/Web Session Essentials/Hunting Queries/IPAddressInURL.yaml	55
Solutions/Web Session Essentials/Hunting Queries/ExcessiveForbiddenRequestsDetected.yaml	50
Solutions/Web Session Essentials/Hunting Queries/PotentialBeaconingDetected_SimilarSrcBytes.yaml	53
Solutions/Web Session Essentials/Hunting Queries/KaliLinuxUserAgentDetected.yaml	20
Solutions/Web Session Essentials/Hunting Queries/EmptyUserAgent.yaml	65
Solutions/Web Session Essentials/Analytic Rules/ThreatInfoFoundInWebRequests.yaml	90
Solutions/Web Session Essentials/Analytic Rules/KnownMaliciousUserAgents.yaml	84
Solutions/Web Session Essentials/Analytic Rules/LocalFileInclusion-LFI.yaml	80
Solutions/Web Session Essentials/Analytic Rules/RequestToPotentiallyHarmfulFileTypes.yaml	112
Solutions/Web Session Essentials/Analytic Rules/RareUserAgentDetected.yaml	149
Solutions/Web Session Essentials/Analytic Rules/DiscordCDNRiskyFileDownload.yaml	90
Solutions/Web Session Essentials/Analytic Rules/MultipleClientErrorsWithinShortTime.yaml	67
Solutions/Web Session Essentials/Analytic Rules/MultipleUAsFromSingleIP.yaml	62
Solutions/Web Session Essentials/Analytic Rules/PotentionalFileEnumeration.yaml	75
Solutions/Web Session Essentials/Analytic Rules/DataExfiltrationTimeSeriesAnomaly.yaml	245
Solutions/Web Session Essentials/Analytic Rules/PossibleMaliciousDoubleExtension.yaml	88
Solutions/Web Session Essentials/Analytic Rules/PrivateIPInURL.yaml	110
Solutions/Web Session Essentials/Analytic Rules/RarelyRequestedResources.yaml	101
Solutions/Web Session Essentials/Analytic Rules/MultipleServerErrorsWithinShortTime.yaml	70
Solutions/Web Session Essentials/Analytic Rules/CommandInURL.yaml	81
Solutions/Salesforce Service Cloud/Parsers/SalesforceServiceCloud.yaml	227
Solutions/Salesforce Service Cloud/Analytic Rules/Salesforce-PasswordSpray.yaml	34
Solutions/Salesforce Service Cloud/Analytic Rules/Salesforce-BruteForce.yaml	52
Solutions/Salesforce Service Cloud/Analytic Rules/Salesforce-SigninsMultipleCountries.yaml	41
Solutions/Salesforce Service Cloud/Data Connectors/SalesforceSentinelConnector/__init__.py	239
Solutions/Trend Micro Deep Security/Parsers/TrendMicroDeepSecurity.yaml	38
Solutions/Blackberry CylancePROTECT/Parsers/CylancePROTECT.yaml	127
Solutions/Blackberry CylancePROTECT/Parsers/CylancePROTECT-old.yaml	126
Solutions/OSSEC/Parsers/OSSECEvent.yaml	58
Solutions/ZeroNetworks/Hunting Queries/ZNSegmentOutboundBlockRulesDeleted.yaml	34
Solutions/ZeroNetworks/Hunting Queries/ZNSegmentInboundBlockRulesDeleted.yaml	34
Solutions/ZeroNetworks/Hunting Queries/ZNSegmentExcessiveAccesstoBuiltinGroupbyUser.yaml	39
Solutions/ZeroNetworks/Hunting Queries/ZNSegmentExcessiveAccessbyUser.yaml	39
Solutions/ZeroNetworks/Parsers/ZNSegmentAudit.yaml	208
Solutions/ZeroNetworks/Playbooks/ZeroNetworksConnector/ZeroNetworks-swagger.yaml	379
Solutions/ZeroNetworks/Analytic Rules/ZNSegmentRareJITRuleCreation.yaml	51
Solutions/ZeroNetworks/Analytic Rules/ZNSegmentMachineRemovedfromProtection.yaml	35
Solutions/ZeroNetworks/Analytic Rules/ZNSegmentNewAPIToken.yaml	31
Solutions/ZeroNetworks/Data Connectors/SegmentFunctionConnector/AzureFunction_ZeroNetworks_Segment_Audit/requirements.psd1	7
Solutions/ZeroNetworks/Data Connectors/SegmentFunctionConnector/AzureFunction_ZeroNetworks_Segment_Audit/ZeroNetworks_Segment_Audit_TimeTrigger/run.ps1	129
Solutions/ZeroNetworks/Data Connectors/SegmentFunctionConnector/AzureFunction_ZeroNetworks_Segment_Audit/profile.ps1	18
Solutions/Trend Micro Apex One/Hunting Queries/TMApexOneSuspiciousFiles.yaml	27
Solutions/Trend Micro Apex One/Hunting Queries/TMApexOneDataLossPreventionAction.yaml	69
Solutions/Trend Micro Apex One/Hunting Queries/TMApexOneChannelType.yaml	75
Solutions/Trend Micro Apex One/Hunting Queries/TMApexOneBehaviorMonitoringTranslatedOperation.yaml	46
Solutions/Trend Micro Apex One/Hunting Queries/TMApexOneRareAppProtocolByIP.yaml	148
Solutions/Trend Micro Apex One/Hunting Queries/TMApexOneBehaviorMonitoringTranslatedAction.yaml	45
Solutions/Trend Micro Apex One/Hunting Queries/TMApexOneSpywareDetection.yaml	27
Solutions/Trend Micro Apex One/Hunting Queries/TMApexOneBehaviorMonitoringTypesOfEvent.yaml	38
Solutions/Trend Micro Apex One/Hunting Queries/TMApexOneTopSources.yaml	39
Solutions/Trend Micro Apex One/Hunting Queries/TMApexOneBehaviorMonitoringTriggeredPolicy.yaml	46
Solutions/Trend Micro Apex One/Parsers/TMApexOneEvent.yaml	79
Solutions/Trend Micro Apex One/Analytic Rules/TMApexOnePossibleExploitOrExecuteOperation.yaml	36
Solutions/Trend Micro Apex One/Analytic Rules/TMApexOneDvcAccessPermissionWasChanged.yaml	46
Solutions/Trend Micro Apex One/Analytic Rules/TMApexOneMultipleDenyOrTerminateActionOnSingleIp.yaml	33
Solutions/Trend Micro Apex One/Analytic Rules/TMApexOneInboundRemoteAccess.yaml	35
Solutions/Trend Micro Apex One/Analytic Rules/TMApexOneRiskCnCEvents.yaml	33
Solutions/Trend Micro Apex One/Analytic Rules/TMApexOneCommandLineSuspiciousRequests.yaml	34
Solutions/Trend Micro Apex One/Analytic Rules/TMApexOneSpywareWithFailedResponse.yaml	34
Solutions/Trend Micro Apex One/Analytic Rules/TMApexOneAttackDiscoveryDetectionRisks.yaml	33
Solutions/Trend Micro Apex One/Analytic Rules/TMApexOneSuspiciousConnections.yaml	35
Solutions/Cisco ISE/Hunting Queries/CiscoISESourceHighNumberAuthenticationErrors.yaml	18
Solutions/Cisco ISE/Hunting Queries/CiscoISEFailedAuthentication.yaml	16
Solutions/Cisco ISE/Hunting Queries/CiscoISEFailedLoginsSSHCLI.yaml	16
Solutions/Cisco ISE/Hunting Queries/CiscoISEGuestAuthenticationSuccess.yaml	20
Solutions/Cisco ISE/Hunting Queries/CiscoISEExpiredCertInClientCertChain.yaml	13
Solutions/Cisco ISE/Hunting Queries/CiscoISEAuthenticationToSuspendedAccount.yaml	16
Solutions/Cisco ISE/Hunting Queries/CiscoISEDynamicAuthorizationFailed.yaml	17
Solutions/Cisco ISE/Hunting Queries/CiscoISERareUserAgent.yaml	24
Solutions/Cisco ISE/Hunting Queries/CiscoISESuspendLogCollector.yaml	15
Solutions/Cisco ISE/Hunting Queries/CiscoISEGuestAuthenticationFailed.yaml	15
Solutions/Cisco ISE/Analytic Rules/CiscoISEDeviceChangedIP.yaml	45
Solutions/Cisco ISE/Analytic Rules/CiscoISELogCollectorSuspended.yaml	32
Solutions/Cisco ISE/Analytic Rules/CiscoISEBackupFailed.yaml	37
Solutions/Cisco ISE/Analytic Rules/CiscoISEAdminPasswordReset.yaml	38
Solutions/Cisco ISE/Analytic Rules/CiscoISEDevicePostureStatusChanged.yaml	41
Solutions/Cisco ISE/Analytic Rules/CiscoISECertExpired.yaml	42
Solutions/Cisco ISE/Analytic Rules/CiscoISELogsDeleted.yaml	42
Solutions/Cisco ISE/Analytic Rules/CiscoISECmdExecutionWithHighestPrivilegesNewIP.yaml	51
Solutions/Cisco ISE/Analytic Rules/CiscoISECmdExecutionWithHighestPrivilegesNewUser.yaml	51
Solutions/Cisco ISE/Analytic Rules/CiscoISEAttempDeleteLocalStoreLogs.yaml	42
Solutions/VMWareESXi/Hunting Queries/ESXiVMHighLoad.yaml	28
Solutions/VMWareESXi/Hunting Queries/ESXiUnusedVMs.yaml	57
Solutions/VMWareESXi/Hunting Queries/ESXiRootLoginFailure.yaml	25
Solutions/VMWareESXi/Hunting Queries/ESXiRootLogins.yaml	25
Solutions/VMWareESXi/Hunting Queries/ESXiVirtualImagesList.yaml	26
Solutions/VMWareESXi/Hunting Queries/ESXiVMPoweredOn.yaml	26
Solutions/VMWareESXi/Hunting Queries/ESXiDormantUsers.yaml	25
Solutions/VMWareESXi/Hunting Queries/ESXiNFCDownloadActivities.yaml	27
Solutions/VMWareESXi/Hunting Queries/ESXiVMPoweredOff.yaml	26
Solutions/VMWareESXi/Hunting Queries/ESXiDownloadErrors.yaml	23
Solutions/VMWareESXi/Parsers/VMwareESXi.yaml	23
Solutions/VMWareESXi/Analytic Rules/ESXiDormantVMStarted.yaml	57
Solutions/VMWareESXi/Analytic Rules/ESXiSharedOrStolenRootAccount.yaml	33
Solutions/VMWareESXi/Analytic Rules/ESXiLowTempDirSpace.yaml	33
Solutions/VMWareESXi/Analytic Rules/ESXiRootLogin.yaml	40
Solutions/VMWareESXi/Analytic Rules/ESXiVMStopped.yaml	35
Solutions/VMWareESXi/Analytic Rules/ESXiNewVM.yaml	39
Solutions/VMWareESXi/Analytic Rules/ESXiLowPatchDiskSpace.yaml	33
Solutions/VMWareESXi/Analytic Rules/ESXiMultipleNewVM.yaml	46
Solutions/VMWareESXi/Analytic Rules/ESXiMultipleVMStopped.yaml	43
Solutions/VMWareESXi/Analytic Rules/ESXiUnexpectedDiskImage.yaml	39
Solutions/VMWareESXi/Analytic Rules/ESXiRootImpersonation.yaml	30
Solutions/VMware SD-WAN and SASE/Hunting Queries/VECOfrequentFailedLogins.yaml	27
Solutions/VMware SD-WAN and SASE/Analytic Rules/vmw-sdwan-orchestrator-config-change.yaml	45
Solutions/VMware SD-WAN and SASE/Analytic Rules/vmw-sdwan-device-congestion.yaml	39
Solutions/VMware SD-WAN and SASE/Analytic Rules/vmw-sase-cws-policy-publish.yaml	39
Solutions/VMware SD-WAN and SASE/Analytic Rules/vmw-sase-cwsdlp-violation.yaml	51
Solutions/VMware SD-WAN and SASE/Analytic Rules/vmw-sdwan-idps-alert-syslog.yaml	86
Solutions/VMware SD-WAN and SASE/Analytic Rules/vmw-sdwan-nsd-cssdown.yaml	38
Solutions/VMware SD-WAN and SASE/Analytic Rules/vmw-sase-cws-policyviolation.yaml	48
Solutions/VMware SD-WAN and SASE/Analytic Rules/vmw-sdwan-idps-alert-api.yaml	51
Solutions/VMware SD-WAN and SASE/Analytic Rules/vmw-sdwan-idps-update-success.yaml	43
Solutions/VMware SD-WAN and SASE/Analytic Rules/vmw-sase-cws-policychange.yaml	45
Solutions/VMware SD-WAN and SASE/Analytic Rules/vmw-sdwan-lanside-devicedetect.yaml	51
Solutions/VMware SD-WAN and SASE/Analytic Rules/vmw-sdwan-rpfcheck.yaml	66
Solutions/VMware SD-WAN and SASE/Analytic Rules/vmw-sdwan-idps-updatefailed.yaml	45
Solutions/VMware SD-WAN and SASE/Analytic Rules/vmw-sdwan-ipfrag-attempt.yaml	67
Solutions/VMware SD-WAN and SASE/Data Connectors/Function App Connector/vmw_sdwan_sase_funcapp/sdwan_efslogs/__init__.py	547
Solutions/VMware SD-WAN and SASE/Data Connectors/Function App Connector/vmw_sdwan_sase_funcapp/cws_healthcheck/__init__.py	179
Solutions/VMware SD-WAN and SASE/Data Connectors/Function App Connector/vmw_sdwan_sase_funcapp/sdwan_auditlogs/__init__.py	291
Solutions/VMware SD-WAN and SASE/Data Connectors/Function App Connector/vmw_sdwan_sase_funcapp/cws_weblogs/__init__.py	248
Solutions/VMware SD-WAN and SASE/Data Connectors/Function App Connector/vmw_sdwan_sase_funcapp/cws_dlplogs/__init__.py	283
Solutions/GitLab/Parsers/GitLabAccess.yaml	15
Solutions/GitLab/Parsers/GitLabApp.yaml	24
Solutions/GitLab/Parsers/GitLabAudit.yaml	35
Solutions/GitLab/Analytic Rules/GitLab_BruteForce.yaml	48
Solutions/GitLab/Analytic Rules/GitLab_Impersonation.yaml	48
Solutions/GitLab/Analytic Rules/GitLab_RepoVisibilityChange.yaml	39
Solutions/GitLab/Analytic Rules/GitLab_SignInBurst.yaml	34
Solutions/GitLab/Analytic Rules/GitLab_ExternalUser.yaml	49
Solutions/GitLab/Analytic Rules/GitLab_MaliciousIP.yaml	49
Solutions/GitLab/Analytic Rules/GitLab_LocalAuthNoMFA.yaml	33
Solutions/GitLab/Analytic Rules/GitLab_Repo_Deletion.yaml	52
Solutions/GitLab/Analytic Rules/GitLab_PAT_Repo.yaml	36
Solutions/Azure DDoS Protection/Analytic Rules/AttackSourcesPPSThreshold.yaml	34
Solutions/Azure DDoS Protection/Analytic Rules/AttackSourcesPercentThreshold.yaml	38
Solutions/Ivanti Unified Endpoint Management/Parsers/IvantiUEMEvent.yaml	22
Solutions/Cisco Secure Endpoint/Hunting Queries/CiscoSEModifiedAgent.yaml	24
Solutions/Cisco Secure Endpoint/Hunting Queries/CiscoSEScannedFiles.yaml	24
Solutions/Cisco Secure Endpoint/Hunting Queries/CiscoSELoginsToConsole.yaml	24
Solutions/Cisco Secure Endpoint/Hunting Queries/CiscoSEUncommonApplicationBehavior.yaml	24
Solutions/Cisco Secure Endpoint/Hunting Queries/CiscoSEMaliciousFiles.yaml	28
Solutions/Cisco Secure Endpoint/Hunting Queries/CiscoSESuspiciousPSDownloads.yaml	24
Solutions/Cisco Secure Endpoint/Hunting Queries/CiscoSERareFilesScanned.yaml	25
Solutions/Cisco Secure Endpoint/Hunting Queries/CiscoSEInfectedHosts.yaml	24
Solutions/Cisco Secure Endpoint/Hunting Queries/CiscoSEVulnerableApplications.yaml	24
Solutions/Cisco Secure Endpoint/Hunting Queries/CiscoSEInfectedUsers.yaml	24
Solutions/Cisco Secure Endpoint/Parsers/CiscoSecureEndpoint.yaml	58
Solutions/Cisco Secure Endpoint/Analytic Rules/CiscoSEC2Connection.yaml	33
Solutions/Cisco Secure Endpoint/Analytic Rules/CiscoSEGenIoC.yaml	33
Solutions/Cisco Secure Endpoint/Analytic Rules/CiscoSERansomwareActivityOnHost copy.yaml	33
Solutions/Cisco Secure Endpoint/Analytic Rules/CiscoSEMalwareExecution.yaml	33
Solutions/Cisco Secure Endpoint/Analytic Rules/CiscoSEUnexpectedBinary.yaml	33
Solutions/Cisco Secure Endpoint/Analytic Rules/CiscoSEMultipleMalwareOnHost.yaml	33
Solutions/Cisco Secure Endpoint/Analytic Rules/CiscoEndpointHighAlert.yaml	42
Solutions/Cisco Secure Endpoint/Analytic Rules/CiscoSEPolicyUpdateFailure.yaml	29
Solutions/Cisco Secure Endpoint/Analytic Rules/CiscoSEDropperActivity.yaml	33
Solutions/Cisco Secure Endpoint/Analytic Rules/CiscoSEWebshell.yaml	33
Solutions/Cisco Secure Endpoint/Analytic Rules/CiscoSEMalwareOutbreak.yaml	33
Solutions/Cisco Secure Endpoint/Data Connectors/AzureFunctionCiscoSecureEndpoint/main.py	151
Solutions/Cisco Secure Endpoint/Data Connectors/AzureFunctionCiscoSecureEndpoint/state_manager.py	21
Solutions/Cisco Secure Endpoint/Data Connectors/AzureFunctionCiscoSecureEndpoint/sentinel_connector.py	100
Solutions/Azure Activity/Hunting Queries/Rare_Custom_Script_Extension.yaml	72
Solutions/Azure Activity/Hunting Queries/Anomalous_Listing_Of_Storage_Keys.yaml	35
Solutions/Azure Activity/Hunting Queries/Creating_Anomalous_Number_Of_Resources.yaml	29
Solutions/Azure Activity/Hunting Queries/Granting_Permissions_to_Account.yaml	43
Solutions/Azure Activity/Hunting Queries/AzureNSG_AdministrativeOperations.yaml	37
Solutions/Azure Activity/Hunting Queries/AzureAdministrationFromVPS.yaml	38
Solutions/Azure Activity/Hunting Queries/AzureSentinelConnectors_AdministrativeOperations.yaml	36
Solutions/Azure Activity/Hunting Queries/Common_Deployed_Resources.yaml	44
Solutions/Azure Activity/Hunting Queries/AnalyticsRulesAdministrativeOperations.yaml	37
Solutions/Azure Activity/Hunting Queries/AzureVirtualNetworkSubnets_AdministrativeOperationset.yaml	37
Solutions/Azure Activity/Hunting Queries/AzureRunCommandFromAzureIP.yaml	49
Solutions/Azure Activity/Hunting Queries/AzureSentinelWorkbooks_AdministrativeOperation.yaml	37
Solutions/Azure Activity/Hunting Queries/AnomalousAzureOperationModel.yaml	121
Solutions/Azure Activity/Hunting Queries/PortOpenedForAzureResource.yaml	51
Solutions/Azure Activity/Hunting Queries/Machine_Learning_Creation.yaml	44
Solutions/Azure Activity/Analytic Rules/Creating_Anomalous_Number_Of_Resources_detection.yaml	64
Solutions/Azure Activity/Analytic Rules/NRT-AADHybridHealthADFSNewServer.yaml	42
Solutions/Azure Activity/Analytic Rules/NRT_Creation_of_Expensive_Computes_in_Azure.yaml	49
Solutions/Azure Activity/Analytic Rules/AADHybridHealthADFSSuspApp.yaml	52
Solutions/Azure Activity/Analytic Rules/New-CloudShell-User.yaml	49
Solutions/Azure Activity/Analytic Rules/SubscriptionMigration.yaml	63
Solutions/Azure Activity/Analytic Rules/RareOperations.yaml	43
Solutions/Azure Activity/Analytic Rules/NewResourceGroupsDeployedTo.yaml	38
Solutions/Azure Activity/Analytic Rules/Creation_of_Expensive_Computes_in_Azure.yaml	53
Solutions/Azure Activity/Analytic Rules/AADHybridHealthADFSServiceDelete.yaml	47
Solutions/Azure Activity/Analytic Rules/AADHybridHealthADFSNewServer.yaml	46
Solutions/Azure Activity/Analytic Rules/TimeSeriesAnomaly_Mass_Cloud_Resource_Deletions.yaml	59
Solutions/Azure Activity/Analytic Rules/Granting_Permissions_To_Account_detection.yaml	65
Solutions/Azure Activity/Analytic Rules/Machine_Learning_Creation.yaml	53
Solutions/AzureDevOpsAuditing/Hunting Queries/Project visibility changed to public.yaml	28
Solutions/AzureDevOpsAuditing/Hunting Queries/ADOReleasePipelineCreated.yaml	51
Solutions/AzureDevOpsAuditing/Hunting Queries/Addtional Org Admin Added.yaml	30
Solutions/AzureDevOpsAuditing/Hunting Queries/ADOBuildCheckDeleted.yaml	27
Solutions/AzureDevOpsAuditing/Hunting Queries/ADONewPackageFeedCreated.yaml	34
Solutions/AzureDevOpsAuditing/Hunting Queries/Guest users access enabled.yaml	29
Solutions/AzureDevOpsAuditing/Hunting Queries/AzDOPrPolicyBypassers.yaml	25
Solutions/AzureDevOpsAuditing/Hunting Queries/ADOBuildDeletedAfterPipelineMod.yaml	19
Solutions/AzureDevOpsAuditing/Hunting Queries/EntraID Conditional Access Disabled.yaml	29
Solutions/AzureDevOpsAuditing/Hunting Queries/AzDODisplayNameSwapping.yaml	25
Solutions/AzureDevOpsAuditing/Hunting Queries/Public project created.yaml	28
Solutions/AzureDevOpsAuditing/Hunting Queries/ADOVariableCreatedDeleted.yaml	37
Solutions/AzureDevOpsAuditing/Hunting Queries/ADONewReleaseApprover.yaml	42
Solutions/AzureDevOpsAuditing/Hunting Queries/ADONewAgentPoolCreated.yaml	6
Solutions/AzureDevOpsAuditing/Hunting Queries/ADOInternalUpstreamPacakgeFeedAdded.yaml	67
Solutions/AzureDevOpsAuditing/Hunting Queries/ADONewPATOperation.yaml	33
Solutions/AzureDevOpsAuditing/Hunting Queries/Public Projects enabled.yaml	29
Solutions/AzureDevOpsAuditing/Parsers/ADOAuditLogs.yaml	17
Solutions/AzureDevOpsAuditing/Analytic Rules/ADOMaliciousToolingDetections1.yaml	36
Solutions/AzureDevOpsAuditing/Analytic Rules/ExternalUpstreamSourceAddedtoAzureDevOpsFeed.yaml	55
Solutions/AzureDevOpsAuditing/Analytic Rules/ADOSecretNotSecured.yaml	44
Solutions/AzureDevOpsAuditing/Analytic Rules/ADOVariableModifiedByNewUser.yaml	53
Solutions/AzureDevOpsAuditing/Analytic Rules/ADOPATUsedWithBrowser.yaml	38
Solutions/AzureDevOpsAuditing/Analytic Rules/AzDOHistoricServiceConnectionAdds.yaml	67
Solutions/AzureDevOpsAuditing/Analytic Rules/NRT_ADOAuditStreamDisabled.yaml	33
Solutions/AzureDevOpsAuditing/Analytic Rules/AzDOAdminGroupAdditions.yaml	47
Solutions/AzureDevOpsAuditing/Analytic Rules/AzDOPipelineCreatedDeletedOneDay.yaml	69
Solutions/AzureDevOpsAuditing/Analytic Rules/ADOAuditStreamDisabled.yaml	37
Solutions/AzureDevOpsAuditing/Analytic Rules/ADOPipelineModifiedbyNewUser.yaml	65
Solutions/AzureDevOpsAuditing/Analytic Rules/AzDOPatSessionMisuse.yaml	50
Solutions/AzureDevOpsAuditing/Analytic Rules/NewPAPCAPCASaddedtoADO.yaml	54
Solutions/AzureDevOpsAuditing/Analytic Rules/ADOAgentPoolCreatedDeleted.yaml	57
Solutions/AzureDevOpsAuditing/Analytic Rules/AzDOHistoricPrPolicyBypassing.yaml	52
Solutions/AzureDevOpsAuditing/Analytic Rules/NewAgentAddedToPoolbyNewUserorofNewOS.yaml	72
Solutions/AzureDevOpsAuditing/Analytic Rules/AzDOServiceConnectionUsage.yaml	38
Solutions/AzureDevOpsAuditing/Analytic Rules/ADORetentionReduced.yaml	39
Solutions/AzureDevOpsAuditing/Analytic Rules/ADONewExtensionAdded.yaml	41
Solutions/AzureSecurityBenchmark/Analytic Rules/AzureSecurityBenchmarkPostureChanged.yaml	38
Solutions/ForescoutHostPropertyMonitor/Analytic Rules/ForeScout-DNSSniffEventMonitor.yaml	35
Solutions/Neustar IP GeoPoint/Playbooks/NeustarIPGeoPoint_FunctionAppConnector/GetIPGeoInfo/__init__.py	71
Solutions/Jamf Protect/Parsers/JamfProtectNetworkTraffic.yaml	61
Solutions/Jamf Protect/Parsers/JamfProtectUnifiedLogs.yaml	11
Solutions/Jamf Protect/Parsers/JamfProtectTelemetry.yaml	740
Solutions/Jamf Protect/Parsers/JamfProtectAlerts.yaml	20
Solutions/Jamf Protect/Parsers/JamfProtectThreatEvents.yaml	65
Solutions/Jamf Protect/Analytic Rules/JamfProtectNetworkThreats.yaml	4
Solutions/Jamf Protect/Analytic Rules/JamfProtectUnifiedLogs.yaml	52
Solutions/Jamf Protect/Analytic Rules/JamfProtectAlerts.yaml	81
Solutions/Microsoft Defender for Office 365/Playbooks/CustomConnector/O365_Defender_FunctionAppConnector/BlockMalwareFileExtension/run.ps1	43
Solutions/Microsoft Defender for Office 365/Playbooks/CustomConnector/O365_Defender_FunctionAppConnector/requirements.psd1	9
Solutions/Microsoft Defender for Office 365/Playbooks/CustomConnector/O365_Defender_FunctionAppConnector/UpdateAllowBlockList/run.ps1	55
Solutions/Microsoft Defender for Office 365/Playbooks/CustomConnector/O365_Defender_FunctionAppConnector/DisconnectExchangeOnline/run.ps1	37
Solutions/Microsoft Defender for Office 365/Playbooks/CustomConnector/O365_Defender_FunctionAppConnector/GetInboxRule/run.ps1	37
Solutions/Microsoft Defender for Office 365/Playbooks/CustomConnector/O365_Defender_FunctionAppConnector/ListMalwarePolicy/run.ps1	43
Solutions/Microsoft Defender for Office 365/Playbooks/CustomConnector/O365_Defender_FunctionAppConnector/RemoveInboxRule/run.ps1	38
Solutions/Microsoft Defender for Office 365/Playbooks/CustomConnector/O365_Defender_FunctionAppConnector/RemoveAllowBlockListItems/run.ps1	42
Solutions/Microsoft Defender for Office 365/Playbooks/CustomConnector/O365_Defender_FunctionAppConnector/CreateAllowBlockList/run.ps1	55
Solutions/Microsoft Defender for Office 365/Playbooks/CustomConnector/O365_Defender_FunctionAppConnector/ListSpamPolicy/run.ps1	43
Solutions/Microsoft Defender for Office 365/Playbooks/CustomConnector/O365_Defender_FunctionAppConnector/CreateSpamRule/run.ps1	67
Solutions/Microsoft Defender for Office 365/Playbooks/CustomConnector/O365_Defender_FunctionAppConnector/profile.ps1	19
Solutions/Microsoft Defender for Office 365/Playbooks/CustomConnector/O365_Defender_FunctionAppConnector/TenantAllowBlockList/run.ps1	39
Solutions/Microsoft Defender for Office 365/Playbooks/CustomConnector/O365_Defender_FunctionAppConnector/ConnectExchangeOnline/run.ps1	36
Solutions/Microsoft Defender for Office 365/Playbooks/CustomConnector/O365_Defender_FunctionAppConnector/CreateSpamPolicy/run.ps1	42
Solutions/SAP/template/loggingconfig_PRD.yaml	195
Solutions/SAP/template/loggingconfig_DEV.yaml	195
Solutions/AWSAthena/Playbooks/CustomConnector/AWSAthena_FunctionAppConnector/GetQueryResults/__init__.py	78
Solutions/AWSAthena/Playbooks/CustomConnector/AWSAthena_FunctionAppConnector/ListDatabases/__init__.py	68
Solutions/AWSAthena/Playbooks/CustomConnector/AWSAthena_FunctionAppConnector/StartQueryExecution/__init__.py	77
Solutions/AWSAthena/Playbooks/CustomConnector/AWSAthena_FunctionAppConnector/ListDataCatalogs/__init__.py	47
Solutions/AWSAthena/Playbooks/CustomConnector/AWSAthena_FunctionAppConnector/GetQueryExecution/__init__.py	61
Solutions/AWSAthena/Playbooks/CustomConnector/AWSAthena_FunctionAppConnector/ListQueryExecutions/__init__.py	47
Solutions/Illumio Core/Parsers/IllumioCoreEvent.yaml	194
Solutions/BitSight/Parsers/BitSightBreaches.yaml	45
Solutions/BitSight/Parsers/BitSightFindingsSummary.yaml	43
Solutions/BitSight/Parsers/BitSightObservationStatistics.yaml	31
Solutions/BitSight/Parsers/BitSightDiligenceHistoricalStatistics.yaml	29
Solutions/BitSight/Parsers/BitSightCompanyRatings.yaml	43
Solutions/BitSight/Parsers/BitSightCompanyDetails.yaml	115
Solutions/BitSight/Parsers/BitSightIndustrialStatistics.yaml	31
Solutions/BitSight/Parsers/BitSightAlerts.yaml	43
Solutions/BitSight/Parsers/BitSightDiligenceStatistics.yaml	47
Solutions/BitSight/Parsers/BitSightFindingsData.yaml	73
Solutions/BitSight/Parsers/BitSightGraphData.yaml	29
Solutions/BitSight/Analytic Rules/BitSightDropInCompanyRatings.yaml	39
Solutions/BitSight/Analytic Rules/BitSightDiligenceRiskCategoryDetected.yaml	48
Solutions/BitSight/Analytic Rules/BitSightDropInHeadlineRating.yaml	38
Solutions/BitSight/Analytic Rules/BitSightCompromisedSystemsDetected.yaml	46
Solutions/BitSight/Analytic Rules/BitSightNewAlertFound.yaml	45
Solutions/BitSight/Analytic Rules/BitSightNewBreachFound.yaml	45
Solutions/BitSight/Data Connectors/BitSightDataConnector/PortFolioCompanies/__init__.py	19
Solutions/BitSight/Data Connectors/BitSightDataConnector/PortFolioCompanies/bitsight_portfolio.py	134
Solutions/BitSight/Data Connectors/BitSightDataConnector/BreachesDetails/__init__.py	29
Solutions/BitSight/Data Connectors/BitSightDataConnector/BreachesDetails/bitsight_breaches.py	189
Solutions/BitSight/Data Connectors/BitSightDataConnector/FindingsDetails/__init__.py	14
Solutions/BitSight/Data Connectors/BitSightDataConnector/FindingsDetails/bitsight_findings.py	247
Solutions/BitSight/Data Connectors/BitSightDataConnector/FindingsSummaryDetails/bitsight_findings_summary.py	226
Solutions/BitSight/Data Connectors/BitSightDataConnector/FindingsSummaryDetails/__init__.py	27
Solutions/BitSight/Data Connectors/BitSightDataConnector/SharedCode/__init__.py	1
Solutions/BitSight/Data Connectors/BitSightDataConnector/SharedCode/azure_sentinel.py	85
Solutions/BitSight/Data Connectors/BitSightDataConnector/SharedCode/get_logs_data.py	61
Solutions/BitSight/Data Connectors/BitSightDataConnector/SharedCode/state_manager.py	18
Solutions/BitSight/Data Connectors/BitSightDataConnector/SharedCode/utils.py	201
Solutions/BitSight/Data Connectors/BitSightDataConnector/SharedCode/consts.py	59
Solutions/BitSight/Data Connectors/BitSightDataConnector/SharedCode/bitsight_client.py	153
Solutions/BitSight/Data Connectors/BitSightDataConnector/SharedCode/bitsight_exception.py	3
Solutions/BitSight/Data Connectors/BitSightDataConnector/SharedCode/logger.py	22
Solutions/BitSight/Data Connectors/BitSightDataConnector/CompaniesDetails/__init__.py	29
Solutions/BitSight/Data Connectors/BitSightDataConnector/CompaniesDetails/bitsight_companies.py	248
Solutions/BitSight/Data Connectors/BitSightDataConnector/AlertsGraphStatisticsDetails/__init__.py	29
Solutions/BitSight/Data Connectors/BitSightDataConnector/AlertsGraphStatisticsDetails/bitsight_statistics.py	473
Solutions/MaturityModelForEventLogManagementM2131/Hunting Queries/M2131RecommendedDatatableNotLoggedEL3.yaml	90
Solutions/MaturityModelForEventLogManagementM2131/Hunting Queries/M2131RecommendedDatatableNotLoggedEL2.yaml	90
Solutions/MaturityModelForEventLogManagementM2131/Hunting Queries/M2131RecommendedDatatableNotLoggedEL1.yaml	90
Solutions/MaturityModelForEventLogManagementM2131/Hunting Queries/M2131RecommendedDatatableNotLoggedEL0.yaml	90
Solutions/MaturityModelForEventLogManagementM2131/Analytic Rules/M2131EventLogManagementPostureChangedEL1.yaml	40
Solutions/MaturityModelForEventLogManagementM2131/Analytic Rules/M2131EventLogManagementPostureChangedEL3.yaml	40
Solutions/MaturityModelForEventLogManagementM2131/Analytic Rules/M2131AssetStoppedLogging.yaml	34
Solutions/MaturityModelForEventLogManagementM2131/Analytic Rules/M2131DataConnectorAddedChangedRemoved.yaml	29
Solutions/MaturityModelForEventLogManagementM2131/Analytic Rules/M2131LogRetentionLessThan1Year.yaml	37
Solutions/MaturityModelForEventLogManagementM2131/Analytic Rules/M2131EventLogManagementPostureChangedEL2.yaml	40
Solutions/MaturityModelForEventLogManagementM2131/Analytic Rules/M2131RecommendedDatatableUnhealthy.yaml	90
Solutions/MaturityModelForEventLogManagementM2131/Analytic Rules/M2131EventLogManagementPostureChangedEL0.yaml	40
Solutions/Vectra XDR/Parsers/VectraLockdown.yaml	36
Solutions/Vectra XDR/Parsers/VectraDetections.yaml	71
Solutions/Vectra XDR/Parsers/VectraEntityScoring.yaml	59
Solutions/Vectra XDR/Parsers/VectraHealth.yaml	51
Solutions/Vectra XDR/Parsers/VectraAudits.yaml	48
Solutions/Vectra XDR/Analytic Rules/Detection_Account.yaml	61
Solutions/Vectra XDR/Analytic Rules/Detection_Host.yaml	61
Solutions/Vectra XDR/Analytic Rules/Create_Incident_Based_On_Tag_For_Host_Entity.yaml	56
Solutions/Vectra XDR/Analytic Rules/Create_Incident_Based_On_Tag_For_Account_Entity.yaml	53
Solutions/Vectra XDR/Analytic Rules/Priority_Account.yaml	52
Solutions/Vectra XDR/Analytic Rules/Priority_Host.yaml	52
Solutions/Vectra XDR/Data Connectors/VectraDataConnector/AccountEntities/__init__.py	57
Solutions/Vectra XDR/Data Connectors/VectraDataConnector/AccountEntities/account_entity_collector.py	47
Solutions/Vectra XDR/Data Connectors/VectraDataConnector/Detections/detections_collector.py	19
Solutions/Vectra XDR/Data Connectors/VectraDataConnector/Detections/__init__.py	75
Solutions/Vectra XDR/Data Connectors/VectraDataConnector/HostEntities/__init__.py	57
Solutions/Vectra XDR/Data Connectors/VectraDataConnector/HostEntities/host_entity_collector.py	46
Solutions/Vectra XDR/Data Connectors/VectraDataConnector/SharedCode/keyvault_secrets_management.py	32
Solutions/Vectra XDR/Data Connectors/VectraDataConnector/SharedCode/__init__.py	1
Solutions/Vectra XDR/Data Connectors/VectraDataConnector/SharedCode/azure_sentinel.py	83
Solutions/Vectra XDR/Data Connectors/VectraDataConnector/SharedCode/state_manager.py	22
Solutions/Vectra XDR/Data Connectors/VectraDataConnector/SharedCode/consts.py	65
Solutions/Vectra XDR/Data Connectors/VectraDataConnector/SharedCode/collector.py	1099
Solutions/Vectra XDR/Data Connectors/VectraDataConnector/SharedCode/logger.py	12
Solutions/Vectra XDR/Data Connectors/VectraDataConnector/Audits/__init__.py	74
Solutions/Vectra XDR/Data Connectors/VectraDataConnector/Audits/audits_collector.py	17
Solutions/Vectra XDR/Data Connectors/VectraDataConnector/Health/__init__.py	74
Solutions/Vectra XDR/Data Connectors/VectraDataConnector/Health/health_collector.py	20
Solutions/Vectra XDR/Data Connectors/VectraDataConnector/Lockdown/__init__.py	76
Solutions/Vectra XDR/Data Connectors/VectraDataConnector/Lockdown/lockdown_collector.py	20
Solutions/Vectra XDR/Data Connectors/VectraDataConnector/EntityScoring/__init__.py	79
Solutions/Vectra XDR/Data Connectors/VectraDataConnector/EntityScoring/entity_scoring_collector.py	48
Solutions/Alsid For AD/Parsers/afad_parser.yaml	113
Solutions/Alsid For AD/Analytic Rules/PasswordGuessing.yaml	31
Solutions/Alsid For AD/Analytic Rules/IndicatorsOfExposures.yaml	39
Solutions/Alsid For AD/Analytic Rules/ADAttacksPathways.yaml	40
Solutions/Alsid For AD/Analytic Rules/PrivilegedAccountIssues.yaml	40
Solutions/Alsid For AD/Analytic Rules/PasswordSpraying.yaml	31
Solutions/Alsid For AD/Analytic Rules/GoldenTicket.yaml	31
Solutions/Alsid For AD/Analytic Rules/UserAccountIssues.yaml	40
Solutions/Alsid For AD/Analytic Rules/LSASSMemory.yaml	31
Solutions/Alsid For AD/Analytic Rules/DCShadow.yaml	31
Solutions/Alsid For AD/Analytic Rules/DCSync.yaml	31
Solutions/Alsid For AD/Analytic Rules/PasswordIssues.yaml	40
Solutions/Alsid For AD/Analytic Rules/IndicatorsOfAttack.yaml	39
Solutions/Microsoft Purview/Analytic Rules/MicrosoftPurviewSensitiveDataDiscovered.yaml	46
Solutions/Microsoft Purview/Analytic Rules/MicrosoftPurviewSensitiveDataDiscoveredCustom.yaml	48
Solutions/OneIdentity/Parsers/OneIdentity_Safeguard.yaml	45
Solutions/Dynatrace/Parsers/DynatraceSecurityProblems.yaml	40
Solutions/Dynatrace/Parsers/DynatraceAttacks.yaml	41
Solutions/Dynatrace/Parsers/DynatraceAuditLogs.yaml	23
Solutions/Dynatrace/Parsers/DynatraceProblems.yaml	30
Solutions/Dynatrace/Analytic Rules/DynatraceApplicationSecurity_AttackDetection.yaml	61
Solutions/Dynatrace/Analytic Rules/DynatraceApplicationSecurity_ThirdPartyVulnerabilityDetection.yaml	71
Solutions/Dynatrace/Analytic Rules/DynatraceApplicationSecurity_NonCriticalVulnerabilityDetection.yaml	65
Solutions/Dynatrace/Analytic Rules/Dynatrace_ProblemDetection.yaml	54
Solutions/Dynatrace/Analytic Rules/DynatraceApplicationSecurity_CodeLevelVulnerabilityDetection.yaml	70
Solutions/Darktrace/Analytic Rules/CreateAlertFromModelBreach.yaml	75
Solutions/Darktrace/Analytic Rules/CreateAlertFromSystemStatus.yaml	56
Solutions/Darktrace/Analytic Rules/CreateIncidentFromAIAnalystIncident.yaml	65
Solutions/Eset Security Management Center/Analytic Rules/eset-threats.yaml	41
Solutions/Eset Security Management Center/Analytic Rules/eset-sites-blocked.yaml	45
Solutions/SpyCloud Enterprise Protection/Analytic Rules/SpyCloudEnterpriseProtectionBreachRule.yaml	53
Solutions/SpyCloud Enterprise Protection/Analytic Rules/SpyCloudEnterpriseProtectionMalwareRule.yaml	68
Solutions/Symantec Endpoint Protection/Parsers/SymantecEndpointProtection.yaml	186
Solutions/Symantec Endpoint Protection/Analytic Rules/MalwareDetected.yaml	39
Solutions/Symantec Endpoint Protection/Analytic Rules/ExcessiveBlockedTrafficGeneratedbyUser.yaml	54
Solutions/Prancer PenSuiteAI Integration/Hunting Queries/CSPM_query.yaml	36
Solutions/Prancer PenSuiteAI Integration/Hunting Queries/PAC_high_severity_query.yaml	39
Solutions/Prancer PenSuiteAI Integration/Analytic Rules/Virtual_Networks_High_Severity.yaml	52
Solutions/Prancer PenSuiteAI Integration/Analytic Rules/Storage_Accounts_High_Severity.yaml	52
Solutions/Prancer PenSuiteAI Integration/Analytic Rules/PAC_High_Severity.yaml	60
Solutions/Prancer PenSuiteAI Integration/Analytic Rules/Flow_Logs_High_Severity.yaml	52
Solutions/Prancer PenSuiteAI Integration/Analytic Rules/Sites_High_Severity.yaml	52
Solutions/Prancer PenSuiteAI Integration/Analytic Rules/Disks_High_Severity.yaml	52
Solutions/Prancer PenSuiteAI Integration/Analytic Rules/Vaults_High_Severity.yaml	52
Solutions/Prancer PenSuiteAI Integration/Analytic Rules/Registries_High_Severity.yaml	52
Solutions/Prancer PenSuiteAI Integration/Analytic Rules/Network_Security_Groups_High_Severity.yaml	52
Solutions/Prancer PenSuiteAI Integration/Analytic Rules/VM_High_Severity.yaml	52
Solutions/Prancer PenSuiteAI Integration/Analytic Rules/Subnets_High_Severity.yaml	52
Solutions/NXLogDnsLogs/Parsers/ASimDnsMicrosoftNXLog.yaml	11
Solutions/Authomize/Hunting queries/Privileged_Machines_Exposed_to_the_Internet.yaml	24
Solutions/Authomize/Hunting queries/IaaS_admin_detected.yaml	24
Solutions/Authomize/Hunting queries/Admin_SaaS_account_detected.yaml	4
Solutions/Authomize/Hunting queries/IaaS_shadow_admin_detected.yaml	24
Solutions/Authomize/Hunting queries/Chain_of_3_or_more_roles.yaml	24
Solutions/Authomize/Hunting queries/Password_Exfiltration_over_SCIM_application.yaml	28
Solutions/Authomize/Analytic Rules/Privileged_Machines_Exposed_to_the_Internet.yaml	58
Solutions/Authomize/Analytic Rules/IaaS_admin_detected.yaml	58
Solutions/Authomize/Analytic Rules/Detect_AWS_IAM_Users.yaml	57
Solutions/Authomize/Analytic Rules/Stale_IAAS_policy_attachment_to_role.yaml	58
Solutions/Authomize/Analytic Rules/New_direct_access_policy_was_granted.yaml	60
Solutions/Authomize/Analytic Rules/Admin_SaaS_account_detected.yaml	59
Solutions/Authomize/Analytic Rules/Admin_password_wasnt_updated.yaml	44
Solutions/Authomize/Analytic Rules/IaaS_shadow_admin_detected.yaml	58
Solutions/Authomize/Analytic Rules/Empty_group_with_entitlements.yaml	58
Solutions/Authomize/Analytic Rules/AWS_role_with_admin_privileges.yaml	57
Solutions/Authomize/Analytic Rules/Password_Exfiltration_over_SCIM.yaml	60
Solutions/Authomize/Analytic Rules/User_without_MFA.yaml	58
Solutions/Authomize/Analytic Rules/AWS_role_with_shadow_admin_privileges.yaml	58
Solutions/Authomize/Analytic Rules/Stale_AWS_policy_attachment_to_identity.yaml	58
Solutions/Authomize/Analytic Rules/Refactor_AWS_policy_based_on_activities.yaml	57
Solutions/Authomize/Analytic Rules/User_assigned_to_a_default_admin_role.yaml	58
Solutions/Authomize/Analytic Rules/Chain_of_3_or_more_roles.yaml	58
Solutions/Authomize/Analytic Rules/Unused_IaaS_Policy.yaml	61
Solutions/Authomize/Analytic Rules/IaaS_policy_not_attached_to_any_identity.yaml	58
Solutions/Authomize/Analytic Rules/New_service_account_gained_access_to_IaaS_resource.yaml	57
Solutions/Authomize/Analytic Rules/Access_to_AWS_without_MFA.yaml	58
Solutions/Authomize/Data Connectors/AuthomizeSentinelConnector/__init__.py	123
Solutions/Authomize/Data Connectors/AuthomizeSentinelConnector/azureworker.py	43
Solutions/Symantec VIP/Parsers/SymantecVIP.yaml	37
Solutions/Symantec VIP/Analytic Rules/ExcessiveFailedAuthenticationsfromInvalidInputs.yaml	36
Solutions/Symantec VIP/Analytic Rules/ClientDeniedAccess.yaml	42
Solutions/Rapid7InsightVM/Parsers/InsightVMVulnerabilities.yaml	67
Solutions/Rapid7InsightVM/Parsers/InsightVMAssets.yaml	48
Solutions/Rapid7InsightVM/Data Connectors/InsightVMCloudAPISentinelConnector/__init__.py	218
Solutions/Rapid7InsightVM/Data Connectors/InsightVMCloudAPISentinelConnector/sentinel_connector_async.py	80
Solutions/Rapid7InsightVM/Data Connectors/InsightVMCloudAPISentinelConnector/state_manager_async.py	58
Solutions/Cognni/Analytic Rules/CognniMediumRiskLegalIncidents.yaml	33
Solutions/Cognni/Analytic Rules/CognniLowRiskGovernanceIncidents.yaml	33
Solutions/Cognni/Analytic Rules/CognniHighRiskGovernanceIncidents.yaml	33
Solutions/Cognni/Analytic Rules/CognniHighRiskBusinessIncidents.yaml	33
Solutions/Cognni/Analytic Rules/CognniMediumRiskGovernanceIncidents.yaml	33
Solutions/Cognni/Analytic Rules/CognniMediumRiskFinancialIncidents.yaml	33
Solutions/Cognni/Analytic Rules/CognniMediumRiskBusinessIncidents.yaml	33
Solutions/Cognni/Analytic Rules/CognniHighRiskFinancialIncidents.yaml	33
Solutions/Cognni/Analytic Rules/CognniLowRiskFinancialIncidents.yaml	33
Solutions/Cognni/Analytic Rules/CognniLowRiskHRIncidents.yaml	33
Solutions/Cognni/Analytic Rules/CognniHighRiskLegalIncidents.yaml	33
Solutions/Cognni/Analytic Rules/CognniLowRiskBusinessIncidents.yaml	33
Solutions/Cognni/Analytic Rules/CognniLowRiskLegalIncidents.yaml	33
Solutions/Cognni/Analytic Rules/CognniMediumRiskHRIncidents.yaml	33
Solutions/Cognni/Analytic Rules/CognniHighRiskHRIncidents.yaml	33
Solutions/CyberArkEPM/DataConnectors/CyberArkEPMSentinelConnector/__init__.py	160
Solutions/CyberArkEPM/DataConnectors/CyberArkEPMSentinelConnector/pyepm.py	184
Solutions/CyberArkEPM/DataConnectors/CyberArkEPMSentinelConnector/state_manager.py	18
Solutions/CyberArkEPM/Hunting Queries/CyberArkEPMPowershellDownloads.yaml	25
Solutions/CyberArkEPM/Hunting Queries/CyberArkEPMScriptsExecuted.yaml	28
Solutions/CyberArkEPM/Hunting Queries/CyberArkEPMSuspiciousActivityAttempts.yaml	23
Solutions/CyberArkEPM/Hunting Queries/CyberArkEPMPowershellExecutionParameters.yaml	25
Solutions/CyberArkEPM/Hunting Queries/CyberArkEPMRareProcVendors.yaml	25
Solutions/CyberArkEPM/Hunting Queries/CyberArkEPMProcessesAccessedInternet.yaml	24
Solutions/CyberArkEPM/Hunting Queries/CyberArkEPMProcessesRunAsAdmin.yaml	26
Solutions/CyberArkEPM/Hunting Queries/CyberArkEPMProcessNewHash.yaml	25
Solutions/CyberArkEPM/Hunting Queries/CyberArkEPMRareProcessesRunByUsers.yaml	25
Solutions/CyberArkEPM/Hunting Queries/CyberArkEPMElevationRequests.yaml	25
Solutions/CyberArkEPM/Parsers/CyberArkEPM.yaml	96
Solutions/CyberArkEPM/Analytic Rules/CyberArkEPMUnexpectedExecutableLocation.yaml	23
Solutions/CyberArkEPM/Analytic Rules/CyberArkEPMMultipleAttackAttempts.yaml	30
Solutions/CyberArkEPM/Analytic Rules/CyberArkEPMRenamedWindowsBinary.yaml	23
Solutions/CyberArkEPM/Analytic Rules/CyberArkEPMMSBuildLOLBin.yaml	30
Solutions/CyberArkEPM/Analytic Rules/CyberArkEPMUnexpectedExecutableExtension.yaml	24
Solutions/CyberArkEPM/Analytic Rules/CyberArkEPMNewProcessStartetFromSystem.yaml	33
Solutions/CyberArkEPM/Analytic Rules/CyberArkEPMRareProcInternetAccess.yaml	41
Solutions/CyberArkEPM/Analytic Rules/CyberArkEPMAttackAttemptNotBlocked.yaml	30
Solutions/CyberArkEPM/Analytic Rules/CyberArkEPMProcessChangedStartLocation.yaml	33
Solutions/CyberArkEPM/Analytic Rules/CyberArkEPMPossibleExecutionOfPowershellEmpire.yaml	29
Solutions/ElasticAgent/Parsers/ElasticAgentEvent.yaml	168
Solutions/Microsoft Entra ID/Analytic Rules/AzureRBAC.yaml	57
Solutions/Microsoft Entra ID/Analytic Rules/MFASpammingfollowedbySuccessfullogin.yaml	46
Solutions/Microsoft Entra ID/Analytic Rules/SuspiciousAADJoinedDeviceUpdate.yaml	102
Solutions/Microsoft Entra ID/Analytic Rules/DistribPassCrackAttempt.yaml	60
Solutions/Microsoft Entra ID/Analytic Rules/Cross-tenantAccessSettingsOrganizationDeleted.yaml	66
Solutions/Microsoft Entra ID/Analytic Rules/SigninBruteForce-AzurePortal.yaml	101
Solutions/Microsoft Entra ID/Analytic Rules/MultipleAdmin_membership_removals_from_NewAdmin.yaml	109
Solutions/Microsoft Entra ID/Analytic Rules/AzureAADPowerShellAnomaly.yaml	60
Solutions/Microsoft Entra ID/Analytic Rules/MaliciousOAuthApp_PwnAuth.yaml	116
Solutions/Microsoft Entra ID/Analytic Rules/SuspiciousOAuthApp_OfflineAccess.yaml	112
Solutions/Microsoft Entra ID/Analytic Rules/GuestAccountsAddedinAADGroupsOtherThanTheOnesSpecified.yaml	92
Solutions/Microsoft Entra ID/Analytic Rules/Brute Force Attack against GitHub Account.yaml	48
Solutions/Microsoft Entra ID/Analytic Rules/NRT_PIMElevationRequestRejected.yaml	71
Solutions/Microsoft Entra ID/Analytic Rules/Cross-tenantAccessSettingsOrganizationOutboundDirectSettingsChanged.yaml	71
Solutions/Microsoft Entra ID/Analytic Rules/SigninAttemptsByIPviaDisabledAccounts.yaml	87
Solutions/Microsoft Entra ID/Analytic Rules/AccountCreatedDeletedByNonApprovedUser.yaml	61
Solutions/Microsoft Entra ID/Analytic Rules/BypassCondAccessRule.yaml	77
Solutions/Microsoft Entra ID/Analytic Rules/PossibleSignInfromAzureBackdoor.yaml	4
Solutions/Microsoft Entra ID/Analytic Rules/NewAppOrServicePrincipalCredential.yaml	86
Solutions/Microsoft Entra ID/Analytic Rules/PrivilegedAccountsSigninFailureSpikes.yaml	87
Solutions/Microsoft Entra ID/Analytic Rules/nrt_FirstAppOrServicePrincipalCredential.yaml	90
Solutions/Microsoft Entra ID/Analytic Rules/NRT_NewAppOrServicePrincipalCredential.yaml	84
Solutions/Microsoft Entra ID/Analytic Rules/DisabledAccountSigninsAcrossManyApplications.yaml	53
Solutions/Microsoft Entra ID/Analytic Rules/SuspiciousSignInFollowedByMFAModification.yaml	85
Solutions/Microsoft Entra ID/Analytic Rules/NRT_UseraddedtoPrivilgedGroups.yaml	53
Solutions/Microsoft Entra ID/Analytic Rules/UserAccounts-CABlockedSigninSpikes.yaml	114
Solutions/Microsoft Entra ID/Analytic Rules/RareApplicationConsent.yaml	96
Solutions/Microsoft Entra ID/Analytic Rules/NewOnmicrosoftDomainAdded.yaml	69
Solutions/Microsoft Entra ID/Analytic Rules/Cross-tenantAccessSettingsOrganizationAdded.yaml	69
Solutions/Microsoft Entra ID/Analytic Rules/UserAssignedNewPrivilegedRole.yaml	85
Solutions/Microsoft Entra ID/Analytic Rules/PrivlegedRoleAssignedOutsidePIM.yaml	69
Solutions/Microsoft Entra ID/Analytic Rules/MailPermissionsAddedToApplication.yaml	87
Solutions/Microsoft Entra ID/Analytic Rules/AdminPromoAfterRoleMgmtAppPermissionGrant.yaml	133
Solutions/Microsoft Entra ID/Analytic Rules/ExchangeFullAccessGrantedToApp.yaml	96
Solutions/Microsoft Entra ID/Analytic Rules/PIMElevationRequestRejected.yaml	74
Solutions/Microsoft Entra ID/Analytic Rules/AnomalousUserAppSigninLocationIncrease-detection.yaml	38
Solutions/Microsoft Entra ID/Analytic Rules/NRT_PrivlegedRoleAssignedOutsidePIM.yaml	63
Solutions/Microsoft Entra ID/Analytic Rules/Cross-tenantAccessSettingsOrganizationOutboundCollaborationSettingsChanged.yaml	71
Solutions/Microsoft Entra ID/Analytic Rules/NRT_ADFSDomainTrustMods.yaml	72
Solutions/Microsoft Entra ID/Analytic Rules/FirstAppOrServicePrincipalCredential.yaml	88
Solutions/Microsoft Entra ID/Analytic Rules/ADFSDomainTrustMods.yaml	91
Solutions/Microsoft Entra ID/Analytic Rules/MaliciousOAuthApp_O365AttackToolkit.yaml	123
Solutions/Microsoft Entra ID/Analytic Rules/AuthenticationMethodsChangedforPrivilegedAccount.yaml	81
Solutions/Microsoft Entra ID/Analytic Rules/SuspiciousServicePrincipalcreationactivity.yaml	97
Solutions/Microsoft Entra ID/Analytic Rules/NRT_AuthenticationMethodsChangedforVIPUsers.yaml	66
Solutions/Microsoft Entra ID/Analytic Rules/UnusualGuestActivity.yaml	78
Solutions/Microsoft Entra ID/Analytic Rules/AccountCreatedandDeletedinShortTimeframe.yaml	105
Solutions/Microsoft Entra ID/Analytic Rules/FailedLogonToAzurePortal.yaml	106
Solutions/Microsoft Entra ID/Analytic Rules/BulkChangestoPrivilegedAccountPermissions.yaml	88
Solutions/Microsoft Entra ID/Analytic Rules/BruteForceCloudPC.yaml	70
Solutions/Microsoft Entra ID/Analytic Rules/Cross-tenantAccessSettingsOrganizationInboundDirectSettingsChanged.yaml	71
Solutions/Microsoft Entra ID/Analytic Rules/Cross-tenantAccessSettingsOrganizationInboundCollaborationSettingsChanged.yaml	71
Solutions/Microsoft Entra ID/Analytic Rules/UserAssignedPrivilegedRole.yaml	64
Solutions/Microsoft Entra ID/Analytic Rules/MFARejectedbyUser.yaml	85
Solutions/Microsoft Entra ID/Analytic Rules/UseraddedtoPrivilgedGroups.yaml	57
Solutions/Microsoft Entra ID/Analytic Rules/SuccessThenFail_DiffIP_SameUserandApp.yaml	107
Solutions/Microsoft Entra ID/Analytic Rules/Sign-in Burst from Multiple Locations.yaml	47
Solutions/Microsoft Entra ID/Analytic Rules/ExplicitMFADeny.yaml	35
Solutions/Microsoft Entra ID/Analytic Rules/SigninPasswordSpray.yaml	86
Solutions/Microsoft Entra ID/Analytic Rules/SeamlessSSOPasswordSpray.yaml	54
Solutions/Microsoft Entra ID/Analytic Rules/ADFSSignInLogsPasswordSpray.yaml	44
Solutions/Microsoft Entra ID/Analytic Rules/AzureADRoleManagementPermissionGrant.yaml	58
Solutions/Microsoft Entra ID/Analytic Rules/AzurePortalSigninfromanotherAzureTenant.yaml	77
Solutions/Microsoft Entra ID/Analytic Rules/CredentialAddedAfterAdminConsent.yaml	153
Solutions/Pulse Connect Secure/Parsers/PulseConnectSecure.yaml	36
Solutions/Pulse Connect Secure/Analytic Rules/PulseConnectSecureVPN-DistinctFailedUserLogin.yaml	31
Solutions/Pulse Connect Secure/Analytic Rules/PulseConnectSecureVPN-BruteForce.yaml	35
Solutions/Windows Security Events/Hunting Queries/UserCreatedByUnauthorizedUser.yaml	47
Solutions/Windows Security Events/Hunting Queries/Invoke-PowerShellTcpOneLine.yaml	46
Solutions/Windows Security Events/Hunting Queries/Discorddownloadinvokedfromcmdline.yaml	45
Solutions/Windows Security Events/Hunting Queries/masquerading_files.yaml	47
Solutions/Windows Security Events/Hunting Queries/InternalProxies.yaml	51
Solutions/Windows Security Events/Hunting Queries/RareProcess_forWinHost.yaml	49
Solutions/Windows Security Events/Hunting Queries/UserAdd_RemToGroupByUnauthorizedUser.yaml	46
Solutions/Windows Security Events/Hunting Queries/KrbRelayUpServiceCreation.yaml	37
Solutions/Windows Security Events/Hunting Queries/RemoteScheduledTaskCreationUpdateviaSchtasks.yaml	22
Solutions/Windows Security Events/Hunting Queries/Least_Common_Parent_Child_Process.yaml	35
Solutions/Windows Security Events/Hunting Queries/MultipleExplicitCredentialUsage4648Events.yaml	76
Solutions/Windows Security Events/Hunting Queries/SuspiciousCommandlineTokenLolbas.yaml	40
Solutions/Windows Security Events/Hunting Queries/RareProcbyServiceAccount.yaml	84
Solutions/Windows Security Events/Hunting Queries/Suspicious_Windows_Login_outside_normal_hours.yaml	123
Solutions/Windows Security Events/Hunting Queries/Least_Common_Process_Command_Lines.yaml	32
Solutions/Windows Security Events/Hunting Queries/UserAccountAddedToPrivlegeGroup.yaml	51
Solutions/Windows Security Events/Hunting Queries/ADAccountLockouts.yaml	20
Solutions/Windows Security Events/Hunting Queries/ServiceInstallationFromUsersWritableDirectory.yaml	38
Solutions/Windows Security Events/Hunting Queries/GroupAddedToPrivlegeGroup.yaml	70
Solutions/Windows Security Events/Hunting Queries/DecoyUserAccountAuthenticationAttempt.yaml	41
Solutions/Windows Security Events/Hunting Queries/powershell_downloads.yaml	48
Solutions/Windows Security Events/Hunting Queries/NewChildProcessOfW3WP.yaml	48
Solutions/Windows Security Events/Hunting Queries/HostExportingMailboxAndRemovingExport.yaml	57
Solutions/Windows Security Events/Hunting Queries/powershell_newencodedscipts.yaml	64
Solutions/Windows Security Events/Hunting Queries/FailedUserLogons.yaml	37
Solutions/Windows Security Events/Hunting Queries/PowerCatDownload.yaml	30
Solutions/Windows Security Events/Hunting Queries/CreateDCInstallationMedia.yaml	50
Solutions/Windows Security Events/Hunting Queries/Crashdumpdisabledonhost.yaml	44
Solutions/Windows Security Events/Hunting Queries/ProcessEntropy.yaml	150
Solutions/Windows Security Events/Hunting Queries/persistence_create_account.yaml	39
Solutions/Windows Security Events/Hunting Queries/CustomUserList_FailedLogons.yaml	95
Solutions/Windows Security Events/Hunting Queries/uncommon_processes.yaml	57
Solutions/Windows Security Events/Hunting Queries/MSRPRN_Printer_Bug_Exploitation.yaml	45
Solutions/Windows Security Events/Hunting Queries/ExchangePowerShellSnapin.yaml	43
Solutions/Windows Security Events/Hunting Queries/CommandsexecutedbyWMIonnewhosts-potentialImpacket.yaml	55
Solutions/Windows Security Events/Hunting Queries/UserAccountCreatedDeleted.yaml	58
Solutions/Windows Security Events/Hunting Queries/VIPAccountFailedLogons.yaml	37
Solutions/Windows Security Events/Hunting Queries/cscript_summary.yaml	38
Solutions/Windows Security Events/Hunting Queries/new_processes.yaml	47
Solutions/Windows Security Events/Hunting Queries/RareProcessPath.yaml	88
Solutions/Windows Security Events/Hunting Queries/Least_Common_Process_With_Depth.yaml	30
Solutions/Windows Security Events/Hunting Queries/SuspectedLSASSDump.yaml	33
Solutions/Windows Security Events/Hunting Queries/RareProcessWithCmdLine.yaml	51
Solutions/Windows Security Events/Hunting Queries/WindowsSystemShutdownReboot.yaml	39
Solutions/Windows Security Events/Hunting Queries/NishangReverseTCPShellBase64.yaml	44
Solutions/Windows Security Events/Hunting Queries/WindowsSystemTimeChange.yaml	42
Solutions/Windows Security Events/Hunting Queries/User Logons By Logon Type.yaml	23
Solutions/Windows Security Events/Hunting Queries/enumeration_user_and_group.yaml	46
Solutions/Windows Security Events/Hunting Queries/HostsWithNewLogons.yaml	66
Solutions/Windows Security Events/Hunting Queries/Suspicious_enumeration_using_adfind.yaml	65
Solutions/Windows Security Events/Analytic Rules/PotentialFodhelperUACBypass.yaml	37
Solutions/Windows Security Events/Analytic Rules/NRT_execute_base64_decodedpayload.yaml	52
Solutions/Windows Security Events/Analytic Rules/LocalDeviceJoinInfoAndTransportKeyRegKeysAccess.yaml	106
Solutions/Windows Security Events/Analytic Rules/NonDCActiveDirectoryReplication.yaml	70
Solutions/Windows Security Events/Analytic Rules/GainCodeExecutionADFSViaSMB.yaml	65
Solutions/Windows Security Events/Analytic Rules/StartStopHealthService.yaml	45
Solutions/Windows Security Events/Analytic Rules/NRT_SecurityEventLogCleared.yaml	25
Solutions/Windows Security Events/Analytic Rules/NewEXEdeployedviaDefaultDomainorDefaultDomainControllerPolicies.yaml	53
Solutions/Windows Security Events/Analytic Rules/SdeletedeployedviaGPOandrunrecursively.yaml	41
Solutions/Windows Security Events/Analytic Rules/ADFSRemoteHTTPNetworkConnection.yaml	76
Solutions/Windows Security Events/Analytic Rules/ADFSDBNamedPipeConnection.yaml	77
Solutions/Windows Security Events/Analytic Rules/NRT_base64_encoded_pefile.yaml	45
Solutions/Windows Security Events/Analytic Rules/TimeSeriesAnomaly-ProcessExecutions.yaml	57
Solutions/Windows Security Events/Analytic Rules/password_not_set.yaml	74
Solutions/Windows Security Events/Analytic Rules/MultipleFailedFollowedBySuccess.yaml	74
Solutions/Windows Security Events/Analytic Rules/ADFSRemoteAuthSyncConnection.yaml	89
Solutions/Windows Security Events/Analytic Rules/ExcessiveLogonFailures.yaml	91
Solutions/Windows Security Events/Analytic Rules/ExchangeOABVirtualDirectoryAttributeContainingPotentialWebshell.yaml	47
Solutions/Windows Security Events/Analytic Rules/Potentialre-namedsdeleteusage.yaml	33
Solutions/Windows Security Events/Analytic Rules/ScheduleTaskHide.yaml	39
Solutions/ZeroFox/Analytic Rules/ZF_Alerts_MediumSeverityRule.yaml	33
Solutions/ZeroFox/Analytic Rules/ZF_Alerts_HighSeverityRule.yaml	33
Solutions/ZeroFox/Analytic Rules/ZF_Alerts_LowSeverityRule.yaml	33
Solutions/ZeroFox/Analytic Rules/ZF_Alerts_InformationalSeverityRule.yaml	33
Solutions/ZeroFox/Data Connectors/CTI/AzureFunctionZeroFoxCTI/disruption_connector/__init__.py	54
Solutions/ZeroFox/Data Connectors/CTI/AzureFunctionZeroFoxCTI/breaches_connector/__init__.py	54
Solutions/ZeroFox/Data Connectors/CTI/AzureFunctionZeroFoxCTI/botnet_connector/__init__.py	54
Solutions/ZeroFox/Data Connectors/CTI/AzureFunctionZeroFoxCTI/phishing_connector/__init__.py	54
Solutions/ZeroFox/Data Connectors/CTI/AzureFunctionZeroFoxCTI/vulnerabilities_connector/__init__.py	54
Solutions/ZeroFox/Data Connectors/CTI/AzureFunctionZeroFoxCTI/national_ids_connector/__init__.py	54
Solutions/ZeroFox/Data Connectors/CTI/AzureFunctionZeroFoxCTI/malware_connector/__init__.py	54
Solutions/ZeroFox/Data Connectors/CTI/AzureFunctionZeroFoxCTI/compromised_credentials_connector/__init__.py	54
Solutions/ZeroFox/Data Connectors/CTI/AzureFunctionZeroFoxCTI/discord_connector/__init__.py	54
Solutions/ZeroFox/Data Connectors/CTI/AzureFunctionZeroFoxCTI/email_addresses_connector/__init__.py	54
Solutions/ZeroFox/Data Connectors/CTI/AzureFunctionZeroFoxCTI/threat_actors_connector/__init__.py	54
Solutions/ZeroFox/Data Connectors/CTI/AzureFunctionZeroFoxCTI/dark_web_connector/__init__.py	54
Solutions/ZeroFox/Data Connectors/CTI/AzureFunctionZeroFoxCTI/ransomware_connector/__init__.py	54
Solutions/ZeroFox/Data Connectors/CTI/AzureFunctionZeroFoxCTI/irc_connector/__init__.py	54
Solutions/ZeroFox/Data Connectors/CTI/AzureFunctionZeroFoxCTI/exploits_connector/__init__.py	54
Solutions/ZeroFox/Data Connectors/CTI/AzureFunctionZeroFoxCTI/telegram_connector/__init__.py	54
Solutions/ZeroFox/Data Connectors/CTI/AzureFunctionZeroFoxCTI/c2_domains_connector/__init__.py	54
Solutions/ZeroFox/Data Connectors/CTI/AzureFunctionZeroFoxCTI/advanced_dark_web_connector/__init__.py	54
Solutions/ZeroFox/Data Connectors/CTI/AzureFunctionZeroFoxCTI/connections/sentinel.py	136
Solutions/ZeroFox/Data Connectors/CTI/AzureFunctionZeroFoxCTI/connections/__init__.py	1
Solutions/ZeroFox/Data Connectors/CTI/AzureFunctionZeroFoxCTI/connections/exceptions.py	12
Solutions/ZeroFox/Data Connectors/CTI/AzureFunctionZeroFoxCTI/connections/zerofox.py	79
Solutions/ZeroFox/Data Connectors/CTI/AzureFunctionZeroFoxCTI/botnet_compromised_credentials_connector/__init__.py	56
Solutions/ZeroFox/Data Connectors/CTI/AzureFunctionZeroFoxCTI/credit_cards_connector/__init__.py	54
Solutions/ZeroFox/Data Connectors/CTI/AzureFunctionZeroFoxCTI/phone_numbers_connector/__init__.py	54
Solutions/Azure kubernetes Service/Hunting Queries/AKS-clusterrolebinding.yaml	3
Solutions/Azure kubernetes Service/Hunting Queries/AKS-Rbac.yaml	3
Solutions/Integration for Atlassian Beacon/Analytic Rules/AtlassianBeacon_High.yaml	29
Solutions/MongoDBAudit/Parsers/MongoDBAudit.yaml	31
Solutions/Silverfort/Analytic Rules/User_Brute_Force.yaml	31
Solutions/Silverfort/Analytic Rules/Certifried.yaml	31
Solutions/Silverfort/Analytic Rules/NoPac_Breach.yaml	32
Solutions/Silverfort/Analytic Rules/Log4Shell.yaml	31
Solutions/PaloAltoPrismaCloud/Hunting Queries/PaloAltoPrismaCloudFailedLoginsUsers.yaml	26
Solutions/PaloAltoPrismaCloud/Hunting Queries/PaloAltoPrismaCloudUpdatedResources.yaml	23
Solutions/PaloAltoPrismaCloud/Hunting Queries/PaloAltoPrismaCloudHighSeverityAlerts.yaml	24
Solutions/PaloAltoPrismaCloud/Hunting Queries/PaloAltoPrismaCloudAccessKeysUsed.yaml	30
Solutions/PaloAltoPrismaCloud/Hunting Queries/PaloAltoPrismaCloudFailedLoginsSources.yaml	26
Solutions/PaloAltoPrismaCloud/Hunting Queries/PaloAltoPrismaCloudNewUsers.yaml	31
Solutions/PaloAltoPrismaCloud/Hunting Queries/PaloAltoPrismaCloudTopResources.yaml	25
Solutions/PaloAltoPrismaCloud/Hunting Queries/PaloAltoPrismaCloudOpenedAlerts.yaml	24
Solutions/PaloAltoPrismaCloud/Hunting Queries/PaloAltoPrismaCloudHighRiskScoreOpenedAlerts.yaml	27
Solutions/PaloAltoPrismaCloud/Parsers/PaloAltoPrismaCloud.yaml	168
Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudHighRiskScoreAlert.yaml	33
Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudAclInAllowAll.yaml	31
Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudAclAllowAllOut.yaml	31
Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudAclAllowInToAdminPort.yaml	31
Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudMaxRiskScoreAlert.yaml	31
Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudAnomalousApiKeyActivity.yaml	34
Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudIamAdminGroup.yaml	31
Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudInactiveUser.yaml	30
Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudHighSeverityAlertOpenedForXDays.yaml	40
Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudAclAccessKeysNotRotated.yaml	31
Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudMultipleFailedLoginsUser.yaml	34
Solutions/PaloAltoPrismaCloud/Data Connectors/AzureFunctionPrismaCloud/sentinel_connector_async.py	101
Solutions/PaloAltoPrismaCloud/Data Connectors/AzureFunctionPrismaCloud/main.py	193
Solutions/PaloAltoPrismaCloud/Data Connectors/AzureFunctionPrismaCloud/state_manager_async.py	34
Solutions/Sophos Endpoint Protection/Parsers/SophosEPEvent.yaml	71
Solutions/Sophos Endpoint Protection/Data Connectors/AzureFunctionSophos/main.py	140
Solutions/Sophos Endpoint Protection/Data Connectors/AzureFunctionSophos/state_manager.py	18
Solutions/Sophos Endpoint Protection/Data Connectors/AzureFunctionSophos/sentinel_connector.py	90
Solutions/TheHive/Parsers/TheHive.yaml	84
Solutions/TheHive/Data Connectors/TheHiveWebhooksTrigger/__init__.py	80
Solutions/Azure SQL Database solution for sentinel/Hunting Queries/HuntingQuery-PrevalenceBasedQuerySizeAnomaly.yaml	81
Solutions/Azure SQL Database solution for sentinel/Hunting Queries/HuntingQuery-VolumeResponseRowsStatefulAnomalyOnDatabase.yaml	82
Solutions/Azure SQL Database solution for sentinel/Hunting Queries/HuntingQuery-BooleanBlindSQLi.yaml	88
Solutions/Azure SQL Database solution for sentinel/Hunting Queries/HuntingQuery-SuspiciousStoredProcedures.yaml	51
Solutions/Azure SQL Database solution for sentinel/Hunting Queries/HuntingQuery-ExecutionTimeAnomaly.yaml	86
Solutions/Azure SQL Database solution for sentinel/Hunting Queries/HuntingQuery-TimeBasedQuerySizeAnomaly.yaml	83
Solutions/Azure SQL Database solution for sentinel/Hunting Queries/HuntingQuery-AffectedRowAnomaly.yaml	66
Solutions/Azure SQL Database solution for sentinel/Hunting Queries/HuntingQuery-VolumeAffectedRowsStatefulAnomalyOnDatabase.yaml	89
Solutions/Azure SQL Database solution for sentinel/Analytic Rules/Detection-VolumeResponseRowsStatefulAnomalyOnDatabase.yaml	83
Solutions/Azure SQL Database solution for sentinel/Analytic Rules/Detection-ErrorsFirewallStatefulAnomalyOnDatabase.yaml	86
Solutions/Azure SQL Database solution for sentinel/Analytic Rules/Detection-HotwordsFirewallRuleStatefulAnomalyOnDatabase.yaml	93
Solutions/Azure SQL Database solution for sentinel/Analytic Rules/Detection-HotwordsOLEObjectStatefulAnomalyOnDatabase.yaml	93
Solutions/Azure SQL Database solution for sentinel/Analytic Rules/Detection-HotwordsExecutionStatefulAnomalyOnDatabase.yaml	93
Solutions/Azure SQL Database solution for sentinel/Analytic Rules/Detection-HotwordsDropStatefulAnomalyOnDatabase.yaml	93
Solutions/Azure SQL Database solution for sentinel/Analytic Rules/Detection-ErrorsSyntaxStatefulAnomalyOnDatabase.yaml	86
Solutions/Azure SQL Database solution for sentinel/Analytic Rules/Detection-HotwordsOutgoingStatefulAnomalyOnDatabase.yaml	93
Solutions/Azure SQL Database solution for sentinel/Analytic Rules/Detection-ErrorsCredentialStatefulAnomalyOnDatabase.yaml	86
Solutions/Azure SQL Database solution for sentinel/Analytic Rules/Detection-VolumeAffectedRowsStatefulAnomalyOnDatabase.yaml	84
Solutions/MimecastSEG/Analytic Rules/MimecastSIEM_AV.yaml	56
Solutions/MimecastSEG/Analytic Rules/MimecastSIEM_Attachment.yaml	54
Solutions/MimecastSEG/Analytic Rules/MimecastDLP.yaml	41
Solutions/MimecastSEG/Analytic Rules/MimecastSIEM_Virus.yaml	54
Solutions/MimecastSEG/Analytic Rules/MimecastSIEM_Spam_Event.yaml	46
Solutions/MimecastSEG/Analytic Rules/MimecastSIEM_Url_Protect.yaml	52
Solutions/MimecastSEG/Analytic Rules/MimecastSIEM_Internal_Mail_Protect.yaml	52
Solutions/MimecastSEG/Analytic Rules/MimecastDLP_Hold.yaml	40
Solutions/MimecastSEG/Analytic Rules/MimecastSIEM_Impersonation.yaml	60
Solutions/MimecastSEG/Data Connectors/Models/Request/get_data_leak_protection_logs.py	18
Solutions/MimecastSEG/Data Connectors/Models/Request/__init__.py	1
Solutions/MimecastSEG/Data Connectors/Models/Request/refresh_access_key.py	5
Solutions/MimecastSEG/Data Connectors/Models/Request/get_siem_logs.py	13
Solutions/MimecastSEG/Data Connectors/Models/Error/errors.py	14
Solutions/MimecastSEG/Data Connectors/Models/Error/__init__.py	1
Solutions/MimecastSEG/Data Connectors/Models/Enum/mimecast_response_codes.py	10
Solutions/MimecastSEG/Data Connectors/Models/Enum/mimecast_endpoints.py	3
Solutions/MimecastSEG/Data Connectors/Models/Enum/__init__.py	1
Solutions/MimecastSEG/Data Connectors/Models/Enum/siem_types.py	11
Solutions/MimecastSEG/Data Connectors/GetSIEMLogs/__init__.py	70
Solutions/MimecastSEG/Data Connectors/Helpers/date_helper.py	20
Solutions/MimecastSEG/Data Connectors/Helpers/response_helper.py	49
Solutions/MimecastSEG/Data Connectors/Helpers/request_helper.py	106
Solutions/MimecastSEG/Data Connectors/Helpers/siem_response_helper.py	89
Solutions/MimecastSEG/Data Connectors/Helpers/azure_monitor_collector.py	40
Solutions/MimecastSEG/Data Connectors/TransformData/dlp_parser.py	11
Solutions/MimecastSEG/Data Connectors/TransformData/siem_parser.py	146
Solutions/MimecastSEG/Data Connectors/GetDLPLogs/__init__.py	73
Solutions/Amazon Web Services/Hunting Queries/AWS_CreateLoginProfile.yaml	29
Solutions/Amazon Web Services/Hunting Queries/AWS_LambdaLayerImportedExternalAccount.yaml	34
Solutions/Amazon Web Services/Hunting Queries/AWS_STStoECS.yaml	67
Solutions/Amazon Web Services/Hunting Queries/AWS_FailedBruteForceWithoutMFA.yaml	30
Solutions/Amazon Web Services/Hunting Queries/AWS_Unused_UnsupportedCloudRegions.yaml	51
Solutions/Amazon Web Services/Hunting Queries/AWS_NewRootAccessKey.yaml	29
Solutions/Amazon Web Services/Hunting Queries/AWS_LoginProfileUpdated.yaml	29
Solutions/Amazon Web Services/Hunting Queries/AWS_S3BucketEncryptionModified.yaml	29
Solutions/Amazon Web Services/Hunting Queries/AWS_AssumeRoleBruteForce.yaml	29
Solutions/Amazon Web Services/Hunting Queries/AWS_RiskyRoleName.yaml	35
Solutions/Amazon Web Services/Hunting Queries/AWS_ECRContainerMedium.yaml	31
Solutions/Amazon Web Services/Hunting Queries/AWS_FailedBruteForceS3Bucket.yaml	31
Solutions/Amazon Web Services/Hunting Queries/AWS_STStoKWN.yaml	67
Solutions/Amazon Web Services/Hunting Queries/AWS_S3BucketDeleted.yaml	29
Solutions/Amazon Web Services/Hunting Queries/AWS_STStoGlue.yaml	60
Solutions/Amazon Web Services/Hunting Queries/AWS_SuspiciousCredentialTokenAccessOfValid_IAM_Roles.yaml	48
Solutions/Amazon Web Services/Hunting Queries/AWS_RDSMasterPasswordChanged.yaml	28
Solutions/Amazon Web Services/Hunting Queries/AWS_LambdaFunctionThrottled.yaml	30
Solutions/Amazon Web Services/Hunting Queries/AWS_IAM_PolicyChange.yaml	35
Solutions/Amazon Web Services/Hunting Queries/AWS_ECRContainerLow.yaml	31
Solutions/Amazon Web Services/Hunting Queries/AWS_IAMUserGroupChanges.yaml	31
Solutions/Amazon Web Services/Hunting Queries/AWS_IAMAccsesDeniedDiscoveryEvents.yaml	28
Solutions/Amazon Web Services/Hunting Queries/AWS_PrivilegedRoleAttachedToInstance.yaml	49
Solutions/Amazon Web Services/Hunting Queries/AWS_ModificationofRouteTableAttributes.yaml	19
Solutions/Amazon Web Services/Hunting Queries/AWS_STStoLambda.yaml	60
Solutions/Amazon Web Services/Hunting Queries/AWS_BucketVersioningSuspended.yaml	29
Solutions/Amazon Web Services/Hunting Queries/AWS_STStoEC2.yaml	67
Solutions/Amazon Web Services/Hunting Queries/AWS_PolicywithExcessivePermissions.yaml	35
Solutions/Amazon Web Services/Hunting Queries/AWS_ModificationofVPCAttributes.yaml	19
Solutions/Amazon Web Services/Hunting Queries/AWS_EC2_WithoutKeyPair.yaml	31
Solutions/Amazon Web Services/Hunting Queries/AWS_NetworkACLDeleted.yaml	29
Solutions/Amazon Web Services/Hunting Queries/AWS_ModificationofSubnetAttributes.yaml	19
Solutions/Amazon Web Services/Hunting Queries/AWS_ExcessiveExecutionofDiscoveryEvents.yaml	30
Solutions/Amazon Web Services/Hunting Queries/AWS_IAM_PrivilegeEscalationbyAttachment.yaml	52
Solutions/Amazon Web Services/Hunting Queries/AWS_LambdaUpdateFunctionCode.yaml	27
Solutions/Amazon Web Services/Hunting Queries/AWS_CreateAccessKey.yaml	29
Solutions/Amazon Web Services/Analytic Rules/AWS_S3Ransomware.yaml	63
Solutions/Amazon Web Services/Analytic Rules/AWS_ChangeToVPC.yaml	53
Solutions/Amazon Web Services/Analytic Rules/AWS_CredentialHijack.yaml	52
Solutions/Amazon Web Services/Analytic Rules/AWS_CreatedCURDLambdaPolicytoPrivilegEscalation.yaml	77
Solutions/Amazon Web Services/Analytic Rules/AWS_SuspiciousCommandEC2.yaml	58
Solutions/Amazon Web Services/Analytic Rules/AWS_PrivilegeEscalationViaCRUDS3Policy.yaml	49
Solutions/Amazon Web Services/Analytic Rules/AWS_PrivilegeEscalationViaCRUDIAMPolicy.yaml	49
Solutions/Amazon Web Services/Analytic Rules/AWS_S3BucketAccessPointExposed.yaml	48
Solutions/Amazon Web Services/Analytic Rules/AWS_CreatedEC2PolicytoPrivilegeEscalation.yaml	77
Solutions/Amazon Web Services/Analytic Rules/AWS_GuardDuty_template.yaml	151
Solutions/Amazon Web Services/Analytic Rules/AWS_SAMLUpdateIdentity.yaml	42
Solutions/Amazon Web Services/Analytic Rules/AWS_CreatedCloudFormationPolicytoPrivilegeEscalation.yaml	77
Solutions/Amazon Web Services/Analytic Rules/AWS_PrivilegeEscalationViaCloudFormationPolicy.yaml	49
Solutions/Amazon Web Services/Analytic Rules/NRT_AWS_ConsoleLogonWithoutMFA.yaml	50
Solutions/Amazon Web Services/Analytic Rules/AWS_NetworkACLOpenToAllPorts.yaml	48
Solutions/Amazon Web Services/Analytic Rules/AWS_PrivilegeEscalationViaCRUDKMSPolicy.yaml	49
Solutions/Amazon Web Services/Analytic Rules/SuspiciousAWSCLICommandExecution.yaml	67
Solutions/Amazon Web Services/Analytic Rules/AWS_CreatedSSMPolicytoPrivilegeEscalation.yaml	77
Solutions/Amazon Web Services/Analytic Rules/AWS_PrivilegeEscalationViaEC2Policy.yaml	49
Solutions/Amazon Web Services/Analytic Rules/AWS_PrivilegeEscalationFullAccessManagedPolicy.yaml	44
Solutions/Amazon Web Services/Analytic Rules/AWS_S3BucketExposedviaPolicy.yaml	48
Solutions/Amazon Web Services/Analytic Rules/AWS_CreatedDataPipelinePolicytoPrivilegeEscalation.yaml	77
Solutions/Amazon Web Services/Analytic Rules/AWS_PrivilegeEscalationViaDataPipeline.yaml	49
Solutions/Amazon Web Services/Analytic Rules/AWS_PrivilegeEscalationAdminManagedPolicy.yaml	44
Solutions/Amazon Web Services/Analytic Rules/AWS_IngressEgressSecurityGroupChange.yaml	51
Solutions/Amazon Web Services/Analytic Rules/AWS_CreatedCRUDDyanmoDBPolicytoPrivilegeEscalation.yaml	77
Solutions/Amazon Web Services/Analytic Rules/AWS_PrivilegeEscalationViaGluePolicy.yaml	49
Solutions/Amazon Web Services/Analytic Rules/AWS_CreatedGluePolicytoPrivilegeEscalation.yaml	77
Solutions/Amazon Web Services/Analytic Rules/AWS_PrivilegeEscalationviaCRUDDynamoDB.yaml	49
Solutions/Amazon Web Services/Analytic Rules/AWS_APIfromTor.yaml	46
Solutions/Amazon Web Services/Analytic Rules/AWS_ECRImageScanningDisabled.yaml	45
Solutions/Amazon Web Services/Analytic Rules/AWS_PrivilegeEscalationAdministratorAccessManagedPolicy.yaml	44
Solutions/Amazon Web Services/Analytic Rules/AWS_CreatedCRUDS3PolicytoPrivilegeEscalation.yaml	77
Solutions/Amazon Web Services/Analytic Rules/AWS_LoadBalancerSecGroupChange.yaml	52
Solutions/Amazon Web Services/Analytic Rules/AWS_GuardDutyDisabled.yaml	42
Solutions/Amazon Web Services/Analytic Rules/AWS_RDSInstancePubliclyExposed.yaml	43
Solutions/Amazon Web Services/Analytic Rules/AWS_PrivilegeEscalationViaCRUDLambdaPolicy.yaml	49
Solutions/Amazon Web Services/Analytic Rules/AWS_S3BruteForce.yaml	64
Solutions/Amazon Web Services/Analytic Rules/AWS_OverlyPermessiveKMS.yaml	47
Solutions/Amazon Web Services/Analytic Rules/AWS_FullAdminPolicyAttachedToRolesUsersGroups.yaml	87
Solutions/Amazon Web Services/Analytic Rules/AWS_ClearStopChangeTrailLogs.yaml	52
Solutions/Amazon Web Services/Analytic Rules/SuspiciousAWSEC2ComputeResourceDeployments.yaml	48
Solutions/Amazon Web Services/Analytic Rules/AWS_PrivilegeEscalationViaSSM.yaml	49
Solutions/Amazon Web Services/Analytic Rules/AWS_S3ObjectPubliclyExposed.yaml	32
Solutions/Amazon Web Services/Analytic Rules/AWS_ChangeToRDSDatabase.yaml	51
Solutions/Amazon Web Services/Analytic Rules/AWS_SSMPubliclyExposed.yaml	44
Solutions/Amazon Web Services/Analytic Rules/AWS_CreatedCRUDIAMtoPrivilegeEscalation.yaml	77
Solutions/Amazon Web Services/Analytic Rules/AWS_ConsoleLogonWithoutMFA.yaml	55
Solutions/Amazon Web Services/Analytic Rules/AWS_ConfigServiceResourceDeletion.yaml	49
Solutions/Amazon Web Services/Analytic Rules/AWS_S3BucketExposedviaACL.yaml	48
Solutions/Amazon Web Services/Analytic Rules/AWS_LogTampering.yaml	49
Solutions/Amazon Web Services/Analytic Rules/AWS_ECRContainerHigh.yaml	47
Solutions/Amazon Web Services/Analytic Rules/AWS_SetDefaulyPolicyVersion.yaml	42
Solutions/Amazon Web Services/Analytic Rules/AWS_CreatedCRUDKMSPolicytoPrivilegeEscalation.yaml	77
Solutions/Amazon Web Services/Analytic Rules/AWS_CreationofEncryptKeysWithoutMFA.yaml	52
Solutions/42Crunch API Protection/Analytic Rules/APIAccountTakeover.yaml	45
Solutions/42Crunch API Protection/Analytic Rules/APIPasswordCracking.yaml	45
Solutions/42Crunch API Protection/Analytic Rules/APIKiterunnerDetection.yaml	47
Solutions/42Crunch API Protection/Analytic Rules/APIInvalidHostAccess.yaml	42
Solutions/42Crunch API Protection/Analytic Rules/APIJWTValidation.yaml	44
Solutions/42Crunch API Protection/Analytic Rules/APIAnomalyDetection.yaml	48
Solutions/42Crunch API Protection/Analytic Rules/APIAPIScaping.yaml	46
Solutions/42Crunch API Protection/Analytic Rules/APIBOLA.yaml	56
Solutions/42Crunch API Protection/Analytic Rules/APIFirstTimeAccess.yaml	51
Solutions/42Crunch API Protection/Analytic Rules/APIRateLimiting.yaml	44
Solutions/42Crunch API Protection/Analytic Rules/APISuspiciousLogin.yaml	47
Solutions/ApacheHTTPServer/Hunting Queries/ApacheRareURLsRequested.yaml	26
Solutions/ApacheHTTPServer/Hunting Queries/ApacheRequestsToUnexistingFiles.yaml	26
Solutions/ApacheHTTPServer/Hunting Queries/ApacheUrlClienterrors.yaml	28
Solutions/ApacheHTTPServer/Hunting Queries/ApacheUrlServerErrors.yaml	28
Solutions/ApacheHTTPServer/Hunting Queries/ApacheFilesErrorRequests.yaml	28
Solutions/ApacheHTTPServer/Hunting Queries/ApacheFilesRequested.yaml	27
Solutions/ApacheHTTPServer/Hunting Queries/ApacheRareFilesRequested.yaml	27
Solutions/ApacheHTTPServer/Hunting Queries/ApacheRareUserAgents.yaml	26
Solutions/ApacheHTTPServer/Hunting Queries/ApacheUnexpectedPostRequests.yaml	27
Solutions/ApacheHTTPServer/Hunting Queries/ApacheRareUAWithClientErrors.yaml	26
Solutions/ApacheHTTPServer/Parsers/ApacheHTTPServer.yaml	58
Solutions/ApacheHTTPServer/Analytic Rules/ApacheKnownMaliciousUserAgents.yaml	31
Solutions/ApacheHTTPServer/Analytic Rules/ApacheRequestToRareFile.yaml	42
Solutions/ApacheHTTPServer/Analytic Rules/ApacheCommandInURI.yaml	31
Solutions/ApacheHTTPServer/Analytic Rules/ApachePutSuspiciousFiles.yaml	39
Solutions/ApacheHTTPServer/Analytic Rules/ApacheMultipleServerErrorsRequestsFromSingleIP.yaml	35
Solutions/ApacheHTTPServer/Analytic Rules/ApacheMultipleClientErrorsFromSingleIP.yaml	33
Solutions/ApacheHTTPServer/Analytic Rules/ApacheCVE-2021-41773.yaml	34
Solutions/ApacheHTTPServer/Analytic Rules/ApachePrivateIpInUrl.yaml	30
Solutions/ApacheHTTPServer/Analytic Rules/ApacheRequestToSensitiveFiles.yaml	36
Solutions/ApacheHTTPServer/Analytic Rules/ApacheRequestFromPrivateIP.yaml	32
Solutions/Microsoft Defender for Cloud/Analytic Rules/CoreBackupDeletionwithSecurityAlert.yaml	69
Solutions/ISC Bind/Parsers/ISCBind.yaml	61
Solutions/Cisco Secure Cloud Analytics/Parsers/StealthwatchEvent.yaml	42
Solutions/MarkLogicAudit/Parsers/MarkLogicAudit.yaml	65
Solutions/Recorded Future/Hunting Queries/RecordedFutureIPThreatActorHunt.yaml	29
Solutions/Recorded Future/Hunting Queries/RecordedFutureDomainThreatActorHunt.yaml	35
Solutions/Recorded Future/Hunting Queries/RecordedFutureHashThreatActorHunt.yaml	35
Solutions/Recorded Future/Hunting Queries/RecordedFutureUrlThreatActorHunt.yaml	30
Solutions/Recorded Future/Analytic Rules/RecordedFutureUrlReportedbyInsiktGroupinSyslogEvents.yaml	60
Solutions/Recorded Future/Analytic Rules/RecordedFutureDomainMalwareC2inDNSEvents.yaml	59
Solutions/Recorded Future/Analytic Rules/RecordedFutureDomainMalwareC2inSyslogEvents.yaml	49
Solutions/Recorded Future/Analytic Rules/RecordedFutureIPMalwareC2inAzureActivityEvents.yaml	24
Solutions/Recorded Future/Analytic Rules/RecordedFutureHashObservedInUndergroundinCommonSecurityLog.yaml	46
Solutions/Recorded Future/Analytic Rules/RecordedFutureIPMalwareC2inDNSEvents.yaml	44
Solutions/Recorded Future/Analytic Rules/ThreatHunting/RecordedFutureThreatHuntingUrlAllActors.yaml	64
Solutions/Recorded Future/Analytic Rules/ThreatHunting/RecordedFutureThreatHuntingIPAllActors.yaml	63
Solutions/Recorded Future/Analytic Rules/ThreatHunting/RecordedFutureThreatHuntingHashAllActors.yaml	69
Solutions/Recorded Future/Analytic Rules/ThreatHunting/RecordedFutureThreatHuntingDomainAllActors.yaml	65
Solutions/Ubiquiti UniFi/Hunting Queries/UbiquitiTopFirewallRules.yaml	22
Solutions/Ubiquiti UniFi/Hunting Queries/UbiquitiInternalDnsServer.yaml	29
Solutions/Ubiquiti UniFi/Hunting Queries/UbiquitiRareInternalPorts.yaml	28
Solutions/Ubiquiti UniFi/Hunting Queries/UbiquitiTopBlockedDst.yaml	28
Solutions/Ubiquiti UniFi/Hunting Queries/UbiquitiUnusualSubdomains.yaml	29
Solutions/Ubiquiti UniFi/Hunting Queries/UbiquitiVulnerableDevices.yaml	24
Solutions/Ubiquiti UniFi/Hunting Queries/UbiquitiTopBlockedInternalServices.yaml	49
Solutions/Ubiquiti UniFi/Hunting Queries/UbiquitiTopBlockedSrc.yaml	29
Solutions/Ubiquiti UniFi/Hunting Queries/UbiquitiDnsTimeOut.yaml	27
Solutions/Ubiquiti UniFi/Hunting Queries/UbiquitiTopBlockedExternalServices.yaml	47
Solutions/Ubiquiti UniFi/Parsers/UbiquitiAuditEvent.yaml	183
Solutions/Ubiquiti UniFi/Analytic Rules/UbiquitiL2RLargeIcmp.yaml	43
Solutions/Ubiquiti UniFi/Analytic Rules/UbiquitiR2LDns.yaml	36
Solutions/Ubiquiti UniFi/Analytic Rules/UbiquitiR2LRDP.yaml	32
Solutions/Ubiquiti UniFi/Analytic Rules/UbiquitiNonCorpDns.yaml	33
Solutions/Ubiquiti UniFi/Analytic Rules/UbiquitiUnknownMacJoined.yaml	37
Solutions/Ubiquiti UniFi/Analytic Rules/UbiquitiCryptominer.yaml	34
Solutions/Ubiquiti UniFi/Analytic Rules/UbiquitiUnusualTraffic.yaml	31
Solutions/Ubiquiti UniFi/Analytic Rules/UbiquitiDestinationInTiList.yaml	40
Solutions/Ubiquiti UniFi/Analytic Rules/UbiquitiR2LSSH.yaml	32
Solutions/Ubiquiti UniFi/Analytic Rules/UbiquitiL2RFTP.yaml	36
Solutions/ESET Protect Platform/Parsers/ESETProtectPlatform.yaml	54
Solutions/ESET Protect Platform/Data Connectors/function_app.py	17
Solutions/ESET Protect Platform/Data Connectors/integration/__init__.py	1
Solutions/ESET Protect Platform/Data Connectors/integration/models_detections.py	96
Solutions/ESET Protect Platform/Data Connectors/integration/exceptions.py	29
Solutions/ESET Protect Platform/Data Connectors/integration/main.py	147
Solutions/ESET Protect Platform/Data Connectors/integration/utils.py	276
Solutions/ESET Protect Platform/Data Connectors/integration/models.py	86
Solutions/Tanium/Analytic Rules/TaniumThreatResponseAlerts.yaml	36
Solutions/Radiflow/Parsers/RadiflowEvent.yaml	78
Solutions/Radiflow/Analytic Rules/RadiflowPlatformAlert.yaml	84
Solutions/Radiflow/Analytic Rules/RadiflowNetworkScanningDetected.yaml	42
Solutions/Radiflow/Analytic Rules/RadiflowPolicyViolationDetected.yaml	32
Solutions/Radiflow/Analytic Rules/RadiflowExploitDetected.yaml	44
Solutions/Radiflow/Analytic Rules/RadiflowSuspiciousMaliciousActivityDetected.yaml	37
Solutions/Radiflow/Analytic Rules/RadiflowNewActivityDetected.yaml	37
Solutions/Radiflow/Analytic Rules/RadiflowUnauthorizedCommandinOperationalDevice.yaml	33
Solutions/Radiflow/Analytic Rules/RadiflowUnauthorizedInternetAccess.yaml	23
Solutions/McAfee Network Security Platform/Parsers/McAfeeNSPEvent.yaml	36
Solutions/SINEC Security Guard/Analytic Rules/SSG_Azure_Sentinel_analytic_rule.yaml	21
Solutions/NGINX HTTP Server/Hunting Queries/NGINXUncommonUAsString.yaml	25
Solutions/NGINX HTTP Server/Hunting Queries/NGINXRequestsToUnexistingFiles.yaml	26
Solutions/NGINX HTTP Server/Hunting Queries/NGINXAbnormalRequestSize.yaml	32
Solutions/NGINX HTTP Server/Hunting Queries/NGINXRequestsFromBotsCrawlers.yaml	23
Solutions/NGINX HTTP Server/Hunting Queries/NGINXTopURLsClientErrors.yaml	28
Solutions/NGINX HTTP Server/Hunting Queries/NGINXTopFilesWithErrorRequests.yaml	28
Solutions/NGINX HTTP Server/Hunting Queries/NGINXTopURLsServerErrors.yaml	28
Solutions/NGINX HTTP Server/Hunting Queries/NGINXRareFilesRequested.yaml	27
Solutions/NGINX HTTP Server/Hunting Queries/NGINXTopFilesRequested.yaml	27
Solutions/NGINX HTTP Server/Hunting Queries/NGINXRareURLsRequested.yaml	25
Solutions/NGINX HTTP Server/Parsers/NGINXHTTPServer.yaml	60
Solutions/NGINX HTTP Server/Analytic Rules/NGINXDifferentUAsFromSingleIP.yaml	33
Solutions/NGINX HTTP Server/Analytic Rules/NGINXRequestToSensitiveFiles.yaml	35
Solutions/NGINX HTTP Server/Analytic Rules/NGINXCommandsInRequest.yaml	31
Solutions/NGINX HTTP Server/Analytic Rules/NGINXCoreDump.yaml	30
Solutions/NGINX HTTP Server/Analytic Rules/NGINXSqlPattern.yaml	34
Solutions/NGINX HTTP Server/Analytic Rules/NGINXMultipleServerErrorsFromSingleIP.yaml	35
Solutions/NGINX HTTP Server/Analytic Rules/NGINXMultipleClientErrorsFromSingleIP.yaml	33
Solutions/NGINX HTTP Server/Analytic Rules/NGINXPutAndGetFileFromSameIP.yaml	44
Solutions/NGINX HTTP Server/Analytic Rules/NGINXPrivateIPinUrl.yaml	30
Solutions/FalconFriday/Analytic Rules/AzureADRareUserAgentAppSignin.yaml	107
Solutions/FalconFriday/Analytic Rules/DisableOrModifyWindowsDefender.yaml	5
Solutions/FalconFriday/Analytic Rules/RemoteDesktopProtocol.yaml	49
Solutions/FalconFriday/Analytic Rules/CertifiedPreOwned-TGTs-requested.yaml	50
Solutions/FalconFriday/Analytic Rules/UACBypass-3-changePK-SLUI-tampering.yaml	42
Solutions/FalconFriday/Analytic Rules/CertutilIngressToolTransfer.yaml	62
Solutions/FalconFriday/Analytic Rules/TrustedDeveloperUtilitiesProxyExecution.yaml	48
Solutions/FalconFriday/Analytic Rules/CreateProcessWithToken.yaml	64
Solutions/FalconFriday/Analytic Rules/SuspiciousParentProcessRelationship.yaml	23
Solutions/FalconFriday/Analytic Rules/MatchLegitimateNameOrLocation.yaml	62
Solutions/FalconFriday/Analytic Rules/ASRBypassingWritingExecutableContent.yaml	26
Solutions/FalconFriday/Analytic Rules/PasswordSprayingWithMDE.yaml	47
Solutions/FalconFriday/Analytic Rules/DLLSideLoading.yaml	5
Solutions/FalconFriday/Analytic Rules/COMHijacking.yaml	25
Solutions/FalconFriday/Analytic Rules/CertifiedPreOwned-backup-key-2.yaml	46
Solutions/FalconFriday/Analytic Rules/OracleSuspiciousCommandExecution.yaml	47
Solutions/FalconFriday/Analytic Rules/UACBypass-1-elevated-COM.yaml	42
Solutions/FalconFriday/Analytic Rules/DotNetToJScript.yaml	42
Solutions/FalconFriday/Analytic Rules/ExcessiveSharePermissions.yaml	95
Solutions/FalconFriday/Analytic Rules/CertifiedPreOwned-backup-key-1.yaml	54
Solutions/FalconFriday/Analytic Rules/SuspiciousNamedPipes.yaml	68
Solutions/FalconFriday/Analytic Rules/DCOMLateralMovement.yaml	37
Solutions/FalconFriday/Analytic Rules/OfficeProcessInjection.yaml	24
Solutions/FalconFriday/Analytic Rules/UACBypass-2-modify-ms-store.yaml	41
Solutions/FalconFriday/Analytic Rules/OfficeASRFromBrowser.yaml	27
Solutions/FalconFriday/Analytic Rules/ExpiredAccessCredentials.yaml	32
Solutions/FalconFriday/Analytic Rules/RecognizingBeaconingTraffic.yaml	79
Solutions/FalconFriday/Analytic Rules/AzureADUserAgentOSmissmatch.yaml	70
Solutions/Microsoft Defender XDR/Hunting Queries/TVM/Detect_CISA_Alert_AA22-117A2021_Top_Routinely_Exploited_Vulnerabilities.yaml	59
Solutions/Microsoft Defender XDR/Hunting Queries/Check for spoofing attempts on the domain with Authentication failures.yaml	36
Solutions/Microsoft Defender XDR/Hunting Queries/Persistence/LocalAdminGroupChanges.yaml	50
Solutions/Microsoft Defender XDR/Hunting Queries/Persistence/ScheduledTaskCreation.yaml	19
Solutions/Microsoft Defender XDR/Hunting Queries/Persistence/AccountCreation.yaml	32
Solutions/Microsoft Defender XDR/Hunting Queries/Persistence/RareProcessAsService.yaml	63
Solutions/Microsoft Defender XDR/Hunting Queries/Appspot Phishing Abuse.yaml	54
Solutions/Microsoft Defender XDR/Hunting Queries/EmailDelivered-ToInbox.yaml	36
Solutions/Microsoft Defender XDR/Hunting Queries/Delivered Bad Emails from Top bad IPv4 addresses.yaml	42
Solutions/Microsoft Defender XDR/Hunting Queries/Initial Access/DetectMailSniper.yaml	60
Solutions/Microsoft Defender XDR/Hunting Queries/Discovery/User&GroupEnumWithNetCommand.yaml	19
Solutions/Microsoft Defender XDR/Hunting Queries/Discovery/SuspiciousCommandInitiatedByWebServerProcess.yaml	35
Solutions/Microsoft Defender XDR/Hunting Queries/General Queries/MITRESuspiciousEvents.yaml	72
Solutions/Microsoft Defender XDR/Hunting Queries/Execution/AnomalousPayloadDeliveredWithISOFile.yaml	37
Solutions/Microsoft Defender XDR/Hunting Queries/Execution/SuspiciousMshtaUsage.yaml	25
Solutions/Microsoft Defender XDR/Hunting Queries/Execution/PotentialKerberoastActivities.yaml	36
Solutions/Microsoft Defender XDR/Hunting Queries/Execution/OfficeAppsLaunchingWscript.yaml	24
Solutions/Microsoft Defender XDR/Hunting Queries/Execution/SuspiciousAppExeutedByWebserver.yaml	21
Solutions/Microsoft Defender XDR/Hunting Queries/Execution/BitsadminActivity.yaml	42
Solutions/Microsoft Defender XDR/Hunting Queries/Execution/MaliciousUseOfMsiExecMimikatz.yaml	26
Solutions/Microsoft Defender XDR/Hunting Queries/Execution/MaliciousUseOfMSIExec.yaml	26
Solutions/Microsoft Defender XDR/Hunting Queries/Execution/PowerShellDownloads.yaml	27
Solutions/Microsoft Defender XDR/Hunting Queries/Exfiltration/FilesCopiedToUSBDrives.yaml	35
Solutions/Microsoft Defender XDR/Hunting Queries/Ransomware/LogDeletionUsingWevtutil.yaml	20
Solutions/Microsoft Defender XDR/Hunting Queries/Ransomware/QakbotDiscoveryActivities.yaml	26
Solutions/Microsoft Defender XDR/Hunting Queries/Ransomware/ShadowCopyDeletion.yaml	46
Solutions/Microsoft Defender XDR/Hunting Queries/Ransomware/DetectMultipleSignsOfRamsomwareActivity.yaml	90
Solutions/Microsoft Defender XDR/Hunting Queries/Ransomware/TurningOffServicesWithSCCommad.yaml	20
Solutions/Microsoft Defender XDR/Hunting Queries/Ransomware/MultiProcessKillWithTaskKill.yaml	20
Solutions/Microsoft Defender XDR/Hunting Queries/Ransomware/DataDeletionOnMulipleDrivesUsingCipherExe.yaml	24
Solutions/Microsoft Defender XDR/Hunting Queries/Ransomware/IcedIdSuspiciousImageLoad.yaml	18
Solutions/Microsoft Defender XDR/Hunting Queries/Ransomware/LaZagneCredTheft.yaml	18
Solutions/Microsoft Defender XDR/Hunting Queries/Ransomware/PotentialCobaltStrikeRansomwareActivity.yaml	44
Solutions/Microsoft Defender XDR/Hunting Queries/Ransomware/DEV-0270/DisableSecurityServiceViaRegistry.yaml	17
Solutions/Microsoft Defender XDR/Hunting Queries/Ransomware/DEV-0270/MDEExclusionUsingPowerShell.yaml	16
Solutions/Microsoft Defender XDR/Hunting Queries/Ransomware/DEV-0270/DomainDiscoveryWMICwithDLLHostExe.yaml	17
Solutions/Microsoft Defender XDR/Hunting Queries/Privilege Escalation/SAMNameChange_CVE-2021-42278.yaml	28
Solutions/Microsoft Defender XDR/Hunting Queries/Impact/AnomalousVoulmeOfFileDeletion.yaml	76
Solutions/Microsoft Defender XDR/Hunting Queries/Campaigns/Sysrv-botnet/MaliciousCMDExecutionByJava.yaml	19
Solutions/Microsoft Defender XDR/Hunting Queries/Campaigns/Log4j/DeviceWithLog4jAlerts.yaml	42
Solutions/Microsoft Defender XDR/Hunting Queries/Campaigns/Log4j/Log4jVulnRelatedAlerts.yaml	29
Solutions/Microsoft Defender XDR/Hunting Queries/Campaigns/Bazacall/PayloadDropUsingCertUtil.yaml	4
Solutions/Microsoft Defender XDR/Hunting Queries/Campaigns/Jupyter-Solarmaker/DeimosComponentExecution.yaml	22
Solutions/Microsoft Defender XDR/Hunting Queries/Campaigns/Snip3MaliciousNetworkConnectivity.yaml	23
Solutions/Microsoft Defender XDR/Hunting Queries/Campaigns/LemonDuck/LemonDuckRegistrationFunction.yaml	20
Solutions/Microsoft Defender XDR/Hunting Queries/Campaigns/RobbinhoodDriver.yaml	26
Solutions/Microsoft Defender XDR/Hunting Queries/Campaigns/JudgementPandaExfilActivity.yaml	28
Solutions/Microsoft Defender XDR/Hunting Queries/Campaigns/Macaw Ransomware/MaliciousUseOfMSBuildAsLoLBin.yaml	17
Solutions/Microsoft Defender XDR/Hunting Queries/Campaigns/Macaw Ransomware/ImminentRansomware.yaml	41
Solutions/Microsoft Defender XDR/Hunting Queries/Campaigns/Qakbot/QakbotReconActivities.yaml	21
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Remediation/Email remediation action list.yaml	25
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Remediation/AIR investigation actions insight.yaml	35
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/ZAP/Total ZAP count.yaml	20
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Overrides/Top policies performing user overrides.yaml	20
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Overrides/Top policies performing admin overrides.yaml	20
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Overrides/User overrides.yaml	21
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Overrides/Admin overrides.yaml	21
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Mailflow/Top 100 senders.yaml	20
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Mailflow/Zero day threats.yaml	20
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Mailflow/Detections by detection methods.yaml	46
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Mailflow/Mailflow by directionality.yaml	21
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Mailflow/Top 100 malicious email senders.yaml	21
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Mailflow/Sender recipient contact establishment.yaml	35
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Mailflow/Malicious emails detected per day.yaml	29
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Mailflow/Mail reply to new domain.yaml	40
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Phish/Possible device code phishing attempts.yaml	47
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Phish/Possible Teams phishing activity.yaml	34
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Phish/Appspot phishing abuse.yaml	31
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Phish/PhishDetectionByDetectionMethod.yaml	39
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Hunting/Top outbound recipient domains sending inbound emails with threats.yaml	26
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Hunting/BEC - File sharing tactics - Dropbox.yaml	30
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Hunting/Email bombing.yaml	12
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Hunting/Inbox rule change which forward-redirect email.yaml	21
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Hunting/BEC - File sharing tactics - OneDrive or SharePoint.yaml	38
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Hunting/Hunt for malicious URLs using external IOC source.yaml	28
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Hunting/Emails containing links to IP addresses.yaml	18
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Hunting/Good emails from senders with bad patterns.yaml	30
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Hunting/Automated email notifications and suspicious sign-in activity.yaml	26
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Hunting/Files share contents and suspicious sign-in activity.yaml	30
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Hunting/Hunt for email conversation take over attempts.yaml	40
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Hunting/Hunt for malicious attachments using external IOC source.yaml	27
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Hunting/Hunt for email bombing attacks.yaml	25
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/URL Click/User clicks on malicious inbound emails.yaml	28
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/URL Click/URL click on ZAP Email.yaml	23
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/URL Click/URLClick details based on malicious URL click alert.yaml	22
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/URL Click/User clicked through events.yaml	20
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/URL Click/URL click count by click action.yaml	22
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/URL Click/URL clicks actions by URL.yaml	22
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/URL Click/User clicks on phishing URLs in emails.yaml	21
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/URL Click/End user malicious clicks.yaml	24
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Attachment/Safe attachment detection.yaml	23
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Attachment/ATP policy status check.yaml	27
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Attachment/JNLP attachment.yaml	18
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Authentication/Spoof attempts with auth failure.yaml	22
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Authentication/Authentication failures.yaml	23
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/QR code/Suspicious sign-in attempts from QR code phishing campaigns.yaml	47
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/QR code/Personalized campaigns based on the first few keywords.yaml	25
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/QR code/Emails with QR codes from non-prevalent sender.yaml	36
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/QR code/Emails delivered having URLs from QR codes.yaml	25
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/QR code/Inbound emails with QR code URLs.yaml	25
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/QR code/Hunting for user signals-clusters.yaml	26
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/QR code/Personalized campaigns based on the last few keywords.yaml	25
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/QR code/Campaign with suspicious keywords.yaml	25
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/QR code/Emails with QR codes and suspicious keywords in subject.yaml	27
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/QR code/Risky sign-in attempt from a non-managed device.yaml	31
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/QR code/Hunting for sender patterns.yaml	47
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/QR code/Campaign with randomly named attachments.yaml	24
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/QR code/Custom detection-Emails with QR from non-prevalent senders.yaml	51
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Quarantine/Quarantine Release Email Details.yaml	27
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Quarantine/Quarantine release trend.yaml	22
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Quarantine/High Confidence Phish Released.yaml	27
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Quarantine/Group quarantine release.yaml	24
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Spoof and Impersonation/Spoof and impersonation phish detections.yaml	22
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Spoof and Impersonation/Spoof and impersonation detections by sender IP.yaml	21
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Spoof and Impersonation/Referral phish emails.yaml	27
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Spoof and Impersonation/Display Name - Spoof and Impersonation.yaml	35
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Spoof and Impersonation/User not covered under display name impersonation.yaml	28
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Top Attacks/Attacked more than x times average.yaml	24
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Top Attacks/Top external malicious senders.yaml	21
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Top Attacks/Top targeted users.yaml	21
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Top Attacks/Top 10 URL domains attacking organization.yaml	27
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Top Attacks/Top 10 percent of most attacked users.yaml	25
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Top Attacks/Malicious mails by sender IPs.yaml	21
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Malware/Email containing malware accessed on a unmanaged device.yaml	30
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Malware/Malware detections by detection methods.yaml	32
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Malware/Email malware detection report.yaml	26
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Malware/Email containing malware sent by an internal sender.yaml	20
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Submissions/Status of submissions.yaml	25
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Submissions/Admin reported submissions.yaml	22
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Submissions/User reported submissions.yaml	22
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Submissions/Top submitters of admin submissions.yaml	25
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Submissions/Top submitters of user submissions.yaml	25
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/General/New TABL Items.yaml	33
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/General/MDO daily detection summary report.yaml	65
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/General/Hunt for Admin email access.yaml	25
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/General/Malicious email senders.yaml	22
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/General/Hunt for TABL changes.yaml	20
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/General/Mail item accessed.yaml	21
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/General/Local time to UTC time conversion.yaml	20
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/General/Email sender IP address Geo location information.yaml	20
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/General/Audit Email Preview-Download action.yaml	29
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/URL/Phishing Email Url Redirector.yaml	6
Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/URL/SafeLinks URL detections.yaml	23
Solutions/Microsoft Defender XDR/Hunting Queries/Command and Control/ReconWithRundll.yaml	28
Solutions/Microsoft Defender XDR/Hunting Queries/Command and Control/C2-NamedPipe.yaml	65
Solutions/Microsoft Defender XDR/Hunting Queries/Credential Access/LSASSCredDumpProcdump.yaml	26
Solutions/Microsoft Defender XDR/Hunting Queries/Credential Access/DoppelPaymerProcdump.yaml	30
Solutions/Microsoft Defender XDR/Hunting Queries/Credential Access/LaZagne.yaml	32
Solutions/Microsoft Defender XDR/Hunting Queries/Lateral Movement/ServiceAccountsPerformingRemotePS.yaml	58
Solutions/Microsoft Defender XDR/Hunting Queries/Lateral Movement/AccountBruteForce.yaml	26
Solutions/Microsoft Defender XDR/Hunting Queries/Lateral Movement/RemoteFileCreationWithPsExec.yaml	41
Solutions/Microsoft Defender XDR/Hunting Queries/Defense Evasion/Regsvr32Rundll32ImageLoadsAbnormalExtension.yaml	32
Solutions/Microsoft Defender XDR/Hunting Queries/Defense Evasion/ClearSystemLogs.yaml	22
Solutions/Microsoft Defender XDR/Hunting Queries/Defense Evasion/QakbotCampaignSelfDeletion.yaml	22
Solutions/Microsoft Defender XDR/Hunting Queries/Defense Evasion/DoppelpaymerStopServices.yaml	27
Solutions/Microsoft Defender XDR/Hunting Queries/Defense Evasion/Regsvr32Rundll32WithAnomalousParentProcess.yaml	33
Solutions/Microsoft Defender XDR/Hunting Queries/Exploits/PrintNightmareUsageDetection-CVE-2021-1675.yaml	8
Solutions/Microsoft Defender XDR/Hunting Queries/Exploits/CVE-2022-26134-Confluence.yaml	26
Solutions/Microsoft Defender XDR/Hunting Queries/Exploits/SuspiciousFileCreationByPrintSpoolerService.yaml	25
Solutions/Microsoft Defender XDR/Hunting Queries/Exploits/MosaicLoader.yaml	18
Solutions/Microsoft Defender XDR/Hunting Queries/Exploits/Print Spooler RCE/SpoolsvSpawningRundll32.yaml	20
Solutions/Microsoft Defender XDR/Hunting Queries/Exploits/Print Spooler RCE/SuspiciousFilesInSpoolFolder.yaml	18
Solutions/Microsoft Defender XDR/Hunting Queries/Exploits/Print Spooler RCE/SuspiciousSpoolsvChildProcess.yaml	38
Solutions/Microsoft Defender XDR/Hunting Queries/Exploits/Print Spooler RCE/SuspiciousDLLInSpoolFolder.yaml	21
Solutions/Microsoft Defender XDR/Analytic Rules/SUNSPOTHashes.yaml	54
Solutions/Microsoft Defender XDR/Analytic Rules/Persistence/LocalAdminGroupChanges.yaml	83
Solutions/Microsoft Defender XDR/Analytic Rules/Persistence/AccountCreation.yaml	45
Solutions/Microsoft Defender XDR/Analytic Rules/Persistence/RareProcessAsService.yaml	85
Solutions/Microsoft Defender XDR/Analytic Rules/AVdetectionsrelatedtoUkrainebasedthreats.yaml	38
Solutions/Microsoft Defender XDR/Analytic Rules/AVTarrask.yaml	49
Solutions/Microsoft Defender XDR/Analytic Rules/Discovery/SuspiciousCommandInitiatedByWebServerProcess.yaml	54
Solutions/Microsoft Defender XDR/Analytic Rules/Execution/PotentialKerberoastActivities.yaml	62
Solutions/Microsoft Defender XDR/Analytic Rules/Execution/OfficeAppsLaunchingWscript.yaml	54
Solutions/Microsoft Defender XDR/Analytic Rules/Execution/BITSAdminActivity.yaml	69
Solutions/Microsoft Defender XDR/Analytic Rules/Exfiltration/FilesCopiedToUSBDrives.yaml	66
Solutions/Microsoft Defender XDR/Analytic Rules/SolarWinds_SUNBURST_Network-IOCs.yaml	66
Solutions/Microsoft Defender XDR/Analytic Rules/Ransomware/LogDeletionUsingWevtutil.yaml	37
Solutions/Microsoft Defender XDR/Analytic Rules/Ransomware/QakbotDiscoveryActivities.yaml	50
Solutions/Microsoft Defender XDR/Analytic Rules/Ransomware/ShadowCopyDeletion.yaml	67
Solutions/Microsoft Defender XDR/Analytic Rules/Ransomware/MultiProcessKillWithTaskKill.yaml	37
Solutions/Microsoft Defender XDR/Analytic Rules/Ransomware/DataDeletionOnMulipleDrivesUsingCipherExe.yaml	40
Solutions/Microsoft Defender XDR/Analytic Rules/Ransomware/LaZagneCredTheft.yaml	42
Solutions/Microsoft Defender XDR/Analytic Rules/Ransomware/PotentialCobaltStrikeRansomwareActivity.yaml	80
Solutions/Microsoft Defender XDR/Analytic Rules/Ransomware/DEV-0270/DisableSecurityServiceViaRegistry.yaml	25
Solutions/Microsoft Defender XDR/Analytic Rules/PossibleWebpBufferOverflow.yaml	87
Solutions/Microsoft Defender XDR/Analytic Rules/AVSpringShell.yaml	53
Solutions/Microsoft Defender XDR/Analytic Rules/Impact/AnomalousVoulmeOfFileDeletion.yaml	79
Solutions/Microsoft Defender XDR/Analytic Rules/PossiblePhishingwithCSL&NetworkSession.yaml	147
Solutions/Microsoft Defender XDR/Analytic Rules/PotentialBuildProcessCompromiseMDE.yaml	71
Solutions/Microsoft Defender XDR/Analytic Rules/Command and Control/C2-NamedPipe.yaml	82
Solutions/Microsoft Defender XDR/Analytic Rules/Credential Access/LSASSCredDumpProcdump.yaml	50
Solutions/Microsoft Defender XDR/Analytic Rules/Credential Access/DoppelPaymerProcDump.yaml	52
Solutions/Microsoft Defender XDR/Analytic Rules/Campaign/Sysrv-botnet/MaliciousCMDExecutionByJava.yaml	40
Solutions/Microsoft Defender XDR/Analytic Rules/Campaign/Jupyter-Solarmaker/DeimosComponentExecution.yaml	45
Solutions/Microsoft Defender XDR/Analytic Rules/Campaign/Macaw Ransomware/ImminentRansomware.yaml	63
Solutions/Microsoft Defender XDR/Analytic Rules/SolarWinds_TEARDROP_Process-IOCs.yaml	35
Solutions/Microsoft Defender XDR/Analytic Rules/Lateral Movement/ServiceAccountsPerformingRemotePS.yaml	72
Solutions/Microsoft Defender XDR/Analytic Rules/Lateral Movement/RemoteFileCreationWithPsExec.yaml	62
Solutions/Microsoft Defender XDR/Analytic Rules/Defense Evasion/DoppelpaymerStopService.yaml	47
Solutions/Microsoft Defender XDR/Analytic Rules/Defense Evasion/Regsvr32Rundll32ImageLoadsAbnormalExtension.yaml	63
Solutions/Microsoft Defender XDR/Analytic Rules/Defense Evasion/QakbotCampaignSelfDeletion.yaml	45
Solutions/Microsoft Defender XDR/Analytic Rules/Defense Evasion/Regsvr32Rundll32WithAnomalousParentProcess.yaml	63
Solutions/Microsoft Defender XDR/Analytic Rules/SolarWinds_SUNBURST_&_SUPERNOVA_File-IOCs.yaml	58
Solutions/Microsoft Defender XDR/Analytic Rules/Exploits/MosaicLoader.yaml	45
Solutions/TenableAD/Parsers/afad_parser.yaml	117
Solutions/TenableAD/Analytic Rules/TenableAdDCShadow.yaml	33
Solutions/TenableAD/Analytic Rules/TenableAdADAttacksPathways.yaml	42
Solutions/TenableAD/Analytic Rules/TenableAdDCSync.yaml	33
Solutions/TenableAD/Analytic Rules/TenableAdLSASSMemory.yaml	33
Solutions/TenableAD/Analytic Rules/TenableAdPrivilegedAccountIssues.yaml	42
Solutions/TenableAD/Analytic Rules/TenableAdUserAccountIssues.yaml	42
Solutions/TenableAD/Analytic Rules/TenableAdPasswordGuessing.yaml	33
Solutions/TenableAD/Analytic Rules/TenableAdIndicatorsOfAttack.yaml	41
Solutions/TenableAD/Analytic Rules/TenableAdGoldenTicket.yaml	33
Solutions/TenableAD/Analytic Rules/TenableAdPasswordSpraying.yaml	33
Solutions/TenableAD/Analytic Rules/TenableAdIndicatorsOfExposures.yaml	41
Solutions/TenableAD/Analytic Rules/TenableAdPasswordIssues.yaml	42
Solutions/Azure Key Vault/Analytic Rules/KeyvaultMassSecretRetrieval.yaml	80
Solutions/Azure Key Vault/Analytic Rules/TimeSeriesKeyvaultAccessAnomaly.yaml	85
Solutions/Azure Key Vault/Analytic Rules/NRT_KeyVaultSensitiveOperations.yaml	45
Solutions/Azure Key Vault/Analytic Rules/KeyVaultSensitiveOperations.yaml	49
Solutions/Azure Web Application Firewall (WAF)/Analytic Rules/App-GW-WAF-SQLiDetection.yaml	56
Solutions/Azure Web Application Firewall (WAF)/Analytic Rules/MaliciousWAFSessions.yaml	63
Solutions/Azure Web Application Firewall (WAF)/Analytic Rules/AFD-Premium-WAF-SQLiDetection.yaml	53
Solutions/Azure Web Application Firewall (WAF)/Analytic Rules/App-GW-WAF-Code-Injection.yaml	53
Solutions/Azure Web Application Firewall (WAF)/Analytic Rules/App-GW-WAF-Scanner-detection.yaml	56
Solutions/Azure Web Application Firewall (WAF)/Analytic Rules/App-GW-WAF-Path-Traversal-Attack.yaml	55
Solutions/Azure Web Application Firewall (WAF)/Analytic Rules/App-GW-WAF-XSSDetection.yaml	53
Solutions/Azure Web Application Firewall (WAF)/Analytic Rules/AFD-Premium-WAF-XSSDetection.yaml	50
Solutions/Azure Web Application Firewall (WAF)/Analytic Rules/AFD-WAF-Path-Traversal-Attack.yaml	55
Solutions/Azure Web Application Firewall (WAF)/Analytic Rules/AFD-WAF-Code-Injection.yaml	53
Solutions/Apache Log4j Vulnerability Detection/Hunting Queries/Apache_log4j_Vulnerability.yaml	53
Solutions/Apache Log4j Vulnerability Detection/Hunting Queries/NetworkConnectionToNewExternalLDAPServer.yaml	65
Solutions/Apache Log4j Vulnerability Detection/Hunting Queries/Suspicious_ShellScript_Activity.yaml	48
Solutions/Apache Log4j Vulnerability Detection/Hunting Queries/WAF_log4j_vulnerability.yaml	47
Solutions/Apache Log4j Vulnerability Detection/Hunting Queries/Linux_Toolkit_Detected.yaml	46
Solutions/Apache Log4j Vulnerability Detection/Hunting Queries/Process_Termination_Activity.yaml	46
Solutions/Apache Log4j Vulnerability Detection/Hunting Queries/Firewall_Disable_Activity.yaml	45
Solutions/Apache Log4j Vulnerability Detection/Hunting Queries/NetworkConnectionldap_log4j.yaml	57
Solutions/Apache Log4j Vulnerability Detection/Hunting Queries/Base64_Download_Activity.yaml	50
Solutions/Apache Log4j Vulnerability Detection/Hunting Queries/Container_Miner_Activity.yaml	47
Solutions/Apache Log4j Vulnerability Detection/Analytic Rules/AzureWAFmatching_log4j_vuln.yaml	47
Solutions/Apache Log4j Vulnerability Detection/Analytic Rules/Log4jVulnerableMachines.yaml	38
Solutions/Apache Log4j Vulnerability Detection/Analytic Rules/UserAgentSearch_log4j.yaml	101
Solutions/Apache Log4j Vulnerability Detection/Analytic Rules/Log4J_IPIOC_Dec112021.yaml	219
Solutions/PDNS Block Data Connector/DataConnectors/block-data-connector/__init__.py	101
Solutions/PDNS Block Data Connector/DataConnectors/block-data-connector/fetch_data.py	75
Solutions/PDNS Block Data Connector/DataConnectors/block-data-connector/state_manager.py	16
Solutions/Fortinet FortiWeb Cloud WAF-as-a-Service connector for Microsoft Sentinel/Hunting Queries/Unexpected Countries.yaml	27
Solutions/Fortinet FortiWeb Cloud WAF-as-a-Service connector for Microsoft Sentinel/Hunting Queries/owaspTop10-Threatsyaml.yaml	27
Solutions/Fortinet FortiWeb Cloud WAF-as-a-Service connector for Microsoft Sentinel/Parsers/Fortiweb.yaml	55
Solutions/Fortinet FortiWeb Cloud WAF-as-a-Service connector for Microsoft Sentinel/Analytic Rules/Fortiweb - WAF Allowed threat.yaml	31
Solutions/Box/Hunting Queries/BoxAdminIpAddress.yaml	25
Solutions/Box/Hunting Queries/BoxUserUploadsByVolume.yaml	28
Solutions/Box/Hunting Queries/BoxNewUsers.yaml	25
Solutions/Box/Hunting Queries/BoxUsersWithOwnerPermissions.yaml	25
Solutions/Box/Hunting Queries/BoxUserDownloadsByVolume.yaml	29
Solutions/Box/Hunting Queries/BoxUserGroupChanges.yaml	24
Solutions/Box/Hunting Queries/BoxDeletedUsers.yaml	24
Solutions/Box/Hunting Queries/BoxInactiveAdmins.yaml	36
Solutions/Box/Hunting Queries/BoxInactiveUsers.yaml	36
Solutions/Box/Parsers/BoxEvents.yaml	320
Solutions/Box/Analytic Rules/BoxAbnormalUserActivity.yaml	54
Solutions/Box/Analytic Rules/BoxInactiveUserLogin.yaml	42
Solutions/Box/Analytic Rules/BoxUserLoginAsAdmin.yaml	41
Solutions/Box/Analytic Rules/BoxMultipleItemsDeletedByUser.yaml	32
Solutions/Box/Analytic Rules/BoxBinaryFile.yaml	29
Solutions/Box/Analytic Rules/BoxItemSharedToExternalUser.yaml	32
Solutions/Box/Analytic Rules/BoxUserRoleChangedToOwner.yaml	42
Solutions/Box/Analytic Rules/BoxDownloadForbiddenFiles.yaml	37
Solutions/Box/Analytic Rules/BoxNewExternalUser.yaml	38
Solutions/Box/Data Connectors/AzureFunctionBox/main.py	158
Solutions/Box/Data Connectors/AzureFunctionBox/state_manager.py	18
Solutions/Box/Data Connectors/AzureFunctionBox/sentinel_connector.py	98
Solutions/Digital Shadows/Analytic Rules/Digital_Shadows_incident_creation_include.yaml	70
Solutions/Digital Shadows/Analytic Rules/Digital_Shadows_incident_creation_exclude.yaml	70
Solutions/Digital Shadows/Data Connectors/Digital Shadows/DigitalShadowsConnectorAzureFunction/constant.py	6
Solutions/Digital Shadows/Data Connectors/Digital Shadows/DigitalShadowsConnectorAzureFunction/__init__.py	27
Solutions/Digital Shadows/Data Connectors/Digital Shadows/DigitalShadowsConnectorAzureFunction/DS_poller.py	140
Solutions/Digital Shadows/Data Connectors/Digital Shadows/DigitalShadowsConnectorAzureFunction/AS_poller.py	2
Solutions/Digital Shadows/Data Connectors/Digital Shadows/DigitalShadowsConnectorAzureFunction/AS_api.py	39
Solutions/Digital Shadows/Data Connectors/Digital Shadows/DigitalShadowsConnectorAzureFunction/state_serializer.py	73
Solutions/Digital Shadows/Data Connectors/Digital Shadows/DigitalShadowsConnectorAzureFunction/DS_api.py	98
Solutions/Bitglass/Hunting Queries/BitglassUserDevices.yaml	25
Solutions/Bitglass/Hunting Queries/BitglassPrivilegedLoginFailures.yaml	29
Solutions/Bitglass/Hunting Queries/BitglassNewUsers.yaml	33
Solutions/Bitglass/Hunting Queries/BitglassNewApplications.yaml	25
Solutions/Bitglass/Hunting Queries/BitglassLoginFailures.yaml	29
Solutions/Bitglass/Hunting Queries/BitglassRiskyUsers.yaml	24
Solutions/Bitglass/Hunting Queries/BitglassApplications.yaml	24
Solutions/Bitglass/Hunting Queries/BitglassUncategorizedResources.yaml	25
Solutions/Bitglass/Hunting Queries/BitglassTopUsersWithBlocks.yaml	25
Solutions/Bitglass/Hunting Queries/BitglassInsecureWebProtocol.yaml	28
Solutions/Bitglass/Parsers/Bitglass.yaml	160
Solutions/Bitglass/Analytic Rules/BitglassNewDevice.yaml	35
Solutions/Bitglass/Analytic Rules/BitglassImpossibleTravelDistance.yaml	30
Solutions/Bitglass/Analytic Rules/BitglassSuspiciousFileUpload.yaml	33
Solutions/Bitglass/Analytic Rules/BitglassUserLoginNewGeoLocation.yaml	39
Solutions/Bitglass/Analytic Rules/BitglassUserUAChanged.yaml	35
Solutions/Bitglass/Analytic Rules/BitglassSmartEdgeAgentUninstall.yaml	30
Solutions/Bitglass/Analytic Rules/BitglassNewRiskyUser.yaml	30
Solutions/Bitglass/Analytic Rules/BitglassMultipleFailedLogins.yaml	33
Solutions/Bitglass/Analytic Rules/BitglassFilesSharedWithExternal.yaml	34
Solutions/Bitglass/Analytic Rules/BitglassNewAdminUser.yaml	30
Solutions/Bitglass/Data Connectors/BitglassSentinelConnector/__init__.py	194
Solutions/Bitglass/Data Connectors/BitglassSentinelConnector/state_manager.py	18
Solutions/Qualys VM Knowledgebase/Parsers/QualysKB.yaml	32
Solutions/Qualys VM Knowledgebase/Data Connectors/requirements.psd1	7
Solutions/Qualys VM Knowledgebase/Data Connectors/AzureFunctionQualysKB/run.ps1	262
Solutions/Qualys VM Knowledgebase/Data Connectors/profile.ps1	19
Solutions/Training/Azure-Sentinel-Training-Lab/Artifacts/Scripts/IngestCSV.ps1	181
Solutions/Bitwarden/Parsers/BitwardenEventLogs.yaml	129
Solutions/MimecastTIRegional/Data Connectors/Models/Request/__init__.py	6
Solutions/MimecastTIRegional/Data Connectors/Models/Request/get_threat_intel_feed.py	7
Solutions/MimecastTIRegional/Data Connectors/Models/Error/errors.py	14
Solutions/MimecastTIRegional/Data Connectors/Models/Error/__init__.py	1
Solutions/MimecastTIRegional/Data Connectors/Models/Enum/mimecast_response_codes.py	10
Solutions/MimecastTIRegional/Data Connectors/Models/Enum/mimecast_endpoints.py	2
Solutions/MimecastTIRegional/Data Connectors/Models/Enum/__init__.py	1
Solutions/MimecastTIRegional/Data Connectors/Helpers/threat_intel_feed_response_helper.py	104
Solutions/MimecastTIRegional/Data Connectors/Helpers/graph_api_collector.py	41
Solutions/MimecastTIRegional/Data Connectors/Helpers/date_helper.py	25
Solutions/MimecastTIRegional/Data Connectors/Helpers/property_mapper.py	28
Solutions/MimecastTIRegional/Data Connectors/Helpers/threat_intel_feed_request_helper.py	171
Solutions/MimecastTIRegional/Data Connectors/GetThreatIntelFeedRegional/__init__.py	38
Solutions/Threat Intelligence (NEW)/Hunting Queries/FileEntity_Syslog.yaml	48
Solutions/Threat Intelligence (NEW)/Hunting Queries/FileEntity_WireData.yaml	40
Solutions/Threat Intelligence (NEW)/Hunting Queries/FileEntity_SecurityEvent.yaml	49
Solutions/Threat Intelligence (NEW)/Hunting Queries/FileEntity_OfficeActivity.yaml	47
Solutions/Threat Intelligence (NEW)/Hunting Queries/FileEntity_VMConnection.yaml	48
Solutions/Threat Intelligence (NEW)/Parsers/ThreatIntelIndicatorsv2.yaml	51
Solutions/Threat Intelligence (NEW)/Analytic Rules/IPEntity_AzureSQL.yaml	66
Solutions/Threat Intelligence (NEW)/Analytic Rules/Threat Intel Matches to GitHub Audit Logs.yaml	50
Solutions/Threat Intelligence (NEW)/Analytic Rules/IPEntity_OfficeActivity.yaml	64
Solutions/Threat Intelligence (NEW)/Analytic Rules/IPEntity_DuoSecurity.yaml	57
Solutions/Threat Intelligence (NEW)/Analytic Rules/IPEntity_imWebSession.yaml	47
Solutions/Threat Intelligence (NEW)/Analytic Rules/IPEntity_AppServiceHTTPLogs.yaml	69
Solutions/Threat Intelligence (NEW)/Analytic Rules/IPEntity_DnsEvents.yaml	63
Solutions/Threat Intelligence (NEW)/Analytic Rules/EmailEntity_SecurityEvent.yaml	75
Solutions/Threat Intelligence (NEW)/Analytic Rules/EmailEntity_OfficeActivity.yaml	58
Solutions/Threat Intelligence (NEW)/Analytic Rules/DomainEntity_CommonSecurityLog.yaml	50
Solutions/Threat Intelligence (NEW)/Analytic Rules/URLEntity_EmailUrlInfo_Updated.yaml	62
Solutions/Threat Intelligence (NEW)/Analytic Rules/URLEntity_UrlClickEvents_Updated.yaml	62
Solutions/Threat Intelligence (NEW)/Analytic Rules/FileHashEntity_SecurityEvent.yaml	71
Solutions/Threat Intelligence (NEW)/Analytic Rules/DomainEntity_imWebSession.yaml	57
Solutions/Threat Intelligence (NEW)/Analytic Rules/IPEntity_AWSCloudTrail.yaml	64
Solutions/Threat Intelligence (NEW)/Analytic Rules/IPEntity_DeviceNetworkEvents_Updated.yaml	50
Solutions/Threat Intelligence (NEW)/Analytic Rules/DomainEntity_SecurityAlert.yaml	67
Solutions/Threat Intelligence (NEW)/Analytic Rules/EmailEntity_EmailEvents_Updated.yaml	50
Solutions/Threat Intelligence (NEW)/Analytic Rules/IPEntity_CloudAppEvents_Updated.yaml	4
Solutions/Threat Intelligence (NEW)/Analytic Rules/DomainEntity_EmailEvents_Updated.yaml	52
Solutions/Threat Intelligence (NEW)/Analytic Rules/FileHashEntity_CommonSecurityLog.yaml	63
Solutions/Threat Intelligence (NEW)/Analytic Rules/IPEntity_CustomSecurityLog.yaml	42
Solutions/Threat Intelligence (NEW)/Analytic Rules/URLEntity_PaloAlto.yaml	79
Solutions/Threat Intelligence (NEW)/Analytic Rules/DomainEntity_Syslog.yaml	73
Solutions/Threat Intelligence (NEW)/Analytic Rules/EmailEntity_CloudAppEvents_Updated.yaml	45
Solutions/Threat Intelligence (NEW)/Analytic Rules/FileHashEntity_DeviceFileEvents_Updated.yaml	38
Solutions/Threat Intelligence (NEW)/Analytic Rules/DomainEntity_PaloAlto.yaml	108
Solutions/Threat Intelligence (NEW)/Analytic Rules/URLEntity_Syslog.yaml	31
Solutions/Threat Intelligence (NEW)/Analytic Rules/EmailEntity_SigninLogs.yaml	66
Solutions/Threat Intelligence (NEW)/Analytic Rules/EmailEntity_SecurityAlert.yaml	65
Solutions/Threat Intelligence (NEW)/Analytic Rules/URLEntity_CloudAppEvents_Updated.yaml	4
Solutions/Threat Intelligence (NEW)/Analytic Rules/EmailEntity_PaloAlto.yaml	57
Solutions/Threat Intelligence (NEW)/Analytic Rules/IPEntity_AzureActivity.yaml	67
Solutions/Threat Intelligence (NEW)/Analytic Rules/IPEntity_SigninLogs_Updated.yaml	64
Solutions/Threat Intelligence (NEW)/Analytic Rules/IPEntity_AzureFirewall.yaml	69
Solutions/Threat Intelligence (NEW)/Analytic Rules/IPEntity_VMConnection.yaml	61
Solutions/Threat Intelligence (NEW)/Analytic Rules/IPEntity_Workday_Updated.yaml	53
Solutions/Threat Intelligence (NEW)/Analytic Rules/URLEntity_DeviceNetworkEvents_Updated.yaml	58
Solutions/Threat Intelligence (NEW)/Analytic Rules/IPEntity_W3CIISLog.yaml	63
Solutions/Threat Intelligence (NEW)/Analytic Rules/imDns_IPEntity_DnsEvents.yaml	80
Solutions/Threat Intelligence (NEW)/Analytic Rules/URLEntity_AuditLogs.yaml	61
Solutions/Threat Intelligence (NEW)/Analytic Rules/DomainEntity_DnsEvents.yaml	74
Solutions/Threat Intelligence (NEW)/Analytic Rules/URLEntity_SecurityAlerts.yaml	67
Solutions/Threat Intelligence (NEW)/Analytic Rules/DomainEntity_EmailUrlInfo_Updated.yaml	66
Solutions/Threat Intelligence (NEW)/Analytic Rules/IPEntity_AzureKeyVault.yaml	61
Solutions/Threat Intelligence (NEW)/Analytic Rules/DomainEntity_DeviceNetworkEvents_Updated.yaml	55
Solutions/Threat Intelligence (NEW)/Analytic Rules/EmailEntity_AzureActivity.yaml	55
Solutions/Threat Intelligence (NEW)/Analytic Rules/IPEntity_AzureNetworkAnalytics.yaml	62
Solutions/Threat Intelligence (NEW)/Analytic Rules/IPEntity_imNetworkSession.yaml	106
Solutions/Threat Intelligence (NEW)/Analytic Rules/DomainEntity_CloudAppEvents_Updated.yaml	72
Solutions/Threat Intelligence (NEW)/Analytic Rules/imDns_DomainEntity_DnsEvents.yaml	83
Solutions/OracleWebLogicServer/Hunting Queries/OracleWebLogicUrlServerErrors.yaml	28
Solutions/OracleWebLogicServer/Hunting Queries/OracleWebLogicUncommonUserAgents.yaml	26
Solutions/OracleWebLogicServer/Hunting Queries/OracleWebLogicAbnormalRequestSize.yaml	32
Solutions/OracleWebLogicServer/Hunting Queries/OracleWebLogicCriticalEventSeverity.yaml	29
Solutions/OracleWebLogicServer/Hunting Queries/OracleWebLogicRareURLsRequested.yaml	25
Solutions/OracleWebLogicServer/Hunting Queries/OracleWebLogicUrlClienterrors.yaml	28
Solutions/OracleWebLogicServer/Hunting Queries/OracleWebLogicFilesErrorRequests.yaml	28
Solutions/OracleWebLogicServer/Hunting Queries/OracleWebLogicRareUAWithClientErrors.yaml	27
Solutions/OracleWebLogicServer/Hunting Queries/OracleWebLogicErrors.yaml	22
Solutions/OracleWebLogicServer/Hunting Queries/OracleWebLogic403RequestsFiles.yaml	25
Solutions/OracleWebLogicServer/Parsers/OracleWebLogicServerEvent.yaml	79
Solutions/OracleWebLogicServer/Analytic Rules/OracleWebLogicExploitCVE-2021-2109.yaml	30
Solutions/OracleWebLogicServer/Analytic Rules/OracleWebLogicCommandInURI.yaml	30
Solutions/OracleWebLogicServer/Analytic Rules/OracleWebLogicDifferentUAsFromSingleIP.yaml	33
Solutions/OracleWebLogicServer/Analytic Rules/OracleWebLogicMultipleServerErrorsRequestsFromSingleIP.yaml	35
Solutions/OracleWebLogicServer/Analytic Rules/OracleWebLogicPrivateIpInUrl.yaml	35
Solutions/OracleWebLogicServer/Analytic Rules/OracleWebLogicPutAndGetFileFromSameIP.yaml	44
Solutions/OracleWebLogicServer/Analytic Rules/OracleWebLogicRequestToSensitiveFiles.yaml	36
Solutions/OracleWebLogicServer/Analytic Rules/OracleWebLogicMultipleClientErrorsFromSingleIP.yaml	33
Solutions/OracleWebLogicServer/Analytic Rules/OracleWebLogicPutSuspiciousFiles.yaml	43
Solutions/Commvault Security IQ/Tools/AssignLogicAppRoles.ps1	67
Solutions/Commvault Security IQ/Tools/Setup-CommvaultAutomation.ps1	222
Solutions/Commvault Security IQ/Playbooks/Runbooks/Commvault_Disable_IDP.py	50
Solutions/Commvault Security IQ/Playbooks/Runbooks/Commvault_Cycle_Token.ps1	69
Solutions/Commvault Security IQ/Playbooks/Runbooks/Commvault_Disable_Data_Aging.py	78
Solutions/Commvault Security IQ/Playbooks/Runbooks/Commvault_Disable_User.py	53
Solutions/Commvault Security IQ/Analytic Rules/CommvaultSecurityIQ_Alert.yaml	35
Solutions/Commvault Security IQ/Analytic Rules/User_Alert.yaml	35
Solutions/Commvault Security IQ/Analytic Rules/IDP_Alert.yaml	31
Solutions/Commvault Security IQ/Analytic Rules/Data_Alert.yaml	33
Solutions/Commvault Security IQ/Data Connectors/AzureFunctionCommvaultSecurityIQ/main.py	467
Solutions/Cortex XDR/Parsers/PaloAltoCortexXDR.yaml	41
Solutions/Cortex XDR/Analytic Rules/CortexXDR_Medium.yaml	51
Solutions/Cortex XDR/Analytic Rules/CortexXDR_Low.yaml	51
Solutions/Cortex XDR/Analytic Rules/CortexXDR_High.yaml	51
Solutions/FireEye Network Security/Parsers/FireEyeNXEvent.yaml	70
Solutions/Windows Server DNS/Hunting Queries/Solorigate-DNS-Pattern.yaml	45
Solutions/Windows Server DNS/Hunting Queries/Solorigate-Encoded-Domain-URL.yaml	44
Solutions/Windows Server DNS/Hunting Queries/DNS_WannaCry.yaml	45
Solutions/Windows Server DNS/Hunting Queries/DNS_DomainAnomalousLookupIncrease.yaml	73
Solutions/Windows Server DNS/Hunting Queries/DNS_HighPercentNXDomainCount.yaml	100
Solutions/Windows Server DNS/Hunting Queries/DNS_CommonlyAbusedTLDs.yaml	7
Solutions/Windows Server DNS/Hunting Queries/DNS_LongURILookup.yaml	57
Solutions/Windows Server DNS/Hunting Queries/DNS_FullNameAnomalousLookupIncrease.yaml	69
Solutions/Windows Server DNS/Hunting Queries/DNS_HighReverseDNSCount.yaml	24
Solutions/Windows Server DNS/Analytic Rules/NRT_DNS_Related_To_Mining_Pools.yaml	43
Solutions/Windows Server DNS/Analytic Rules/DNS_HighNXDomainCount_detection.yaml	39
Solutions/Windows Server DNS/Analytic Rules/DNS_Miners.yaml	47
Solutions/Windows Server DNS/Analytic Rules/DNS_HighReverseDNSCount_detection.yaml	31
Solutions/Windows Server DNS/Analytic Rules/DNS_TorProxies.yaml	42
Solutions/ZeroTrust(TIC3.0)/Analytic Rules/Zero_Trust_TIC3.0_ControlAssessmentPostureChange.yaml	48
Solutions/BloodHound Enterprise/Analytic Rules/BloodHoundEnterpriseTierZeroAssets.yaml	30
Solutions/BloodHound Enterprise/Analytic Rules/BloodHoundEnterpriseExposure.yaml	30
Solutions/BloodHound Enterprise/Analytic Rules/BloodHoundEnterpriseCriticalAttackPaths.yaml	30
Solutions/BloodHound Enterprise/Data Connectors/handler.go	172
Solutions/BloodHound Enterprise/Data Connectors/pkg/bloodhound/client.go	200
Solutions/BloodHound Enterprise/Data Connectors/pkg/model/model.go	36
Solutions/BloodHound Enterprise/Data Connectors/pkg/connector/main.go	597
Solutions/BloodHound Enterprise/Data Connectors/pkg/connector/config.go	44
Solutions/BloodHound Enterprise/Data Connectors/pkg/control/http_control.go	45
Solutions/BloodHound Enterprise/Data Connectors/pkg/azure/client.go	12
Solutions/IllumioSaaS/Parsers/IllumioSyslogAuditEvents.yaml	27
Solutions/IllumioSaaS/Parsers/IllumioSyslogNetworkTrafficEvents.yaml	42
Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Firewall_Tampering_Detection_Query.yaml	47
Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Suspend_Query.yaml	46
Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Offline_Detection_Query.yaml	44
Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Enforcement_Change_Detection_Query.yaml	58
Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Deactivated_Query.yaml	50
Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Clone_Detection_Query.yaml	41
Solutions/IllumioSaaS/Data Connectors/QueueManagerFunctionApp/queue_manager.py	52
Solutions/IllumioSaaS/Data Connectors/CommonCode/__init__.py	1
Solutions/IllumioSaaS/Data Connectors/CommonCode/helper.py	21
Solutions/IllumioSaaS/Data Connectors/CommonCode/azure_storage_queue.py	32
Solutions/IllumioSaaS/Data Connectors/CommonCode/constants.py	45
Solutions/IllumioSaaS/Data Connectors/CommonCode/sentinel_connector.py	48
Solutions/IllumioSaaS/Data Connectors/QueueTriggerFuncApp/azure_queue_trigger.py	161
Solutions/IllumioSaaS/Data Connectors/OnPremHealthFunctionApp/onprem_health_api.py	33
Solutions/IllumioSaaS/Data Connectors/TimedApiFunctionApp/api_response.py	179
Solutions/IllumioSaaS/Data Connectors/TimedSQSFunctionApp/aws_queue.py	250
Solutions/ZoomReports/Parsers/Zoom.yaml	109
Solutions/ZoomReports/Data Connectors/ZoomSentinelConnector/__init__.py	299
Solutions/ZoomReports/Data Connectors/ZoomSentinelConnector/state_manager.py	18
Solutions/GitHub/Hunting Queries/Inactive or New Account Usage.yaml	43
Solutions/GitHub/Hunting Queries/Mass Deletion of Repositories .yaml	33
Solutions/GitHub/Hunting Queries/Oauth App Restrictions Disabled.yaml	15
Solutions/GitHub/Hunting Queries/Repository Permission Switched to Public.yaml	14
Solutions/GitHub/Hunting Queries/User First Time Repository Delete Activity.yaml	24
Solutions/GitHub/Hunting Queries/Org Repositories Default Permissions Change.yaml	15
Solutions/GitHub/Hunting Queries/User Grant Access and Grants Other Access.yaml	25
Solutions/GitHub/Hunting Queries/First Time User Invite and Add Member to Org.yaml	24
Solutions/GitHub/Parsers/GitHubSecretScanningData.yaml	43
Solutions/GitHub/Parsers/GitHubAuditData.yaml	24
Solutions/GitHub/Parsers/GitHubCodeScanningData.yaml	42
Solutions/GitHub/Parsers/GitHubDependabotData.yaml	39
Solutions/GitHub/Analytic Rules/(Preview) GitHub - A payment method was removed.yaml	30
Solutions/GitHub/Analytic Rules/(Preview) GitHub - Repository was destroyed.yaml	30
Solutions/GitHub/Analytic Rules/(Preview) GitHub - User was added to the organization.yaml	32
Solutions/GitHub/Analytic Rules/(Preview) GitHub - Repository was created.yaml	30
Solutions/GitHub/Analytic Rules/(Preview) GitHub - Oauth application - a client secret was removed.yaml	30
Solutions/GitHub/Analytic Rules/(Preview) GitHub - pull request was created.yaml	31
Solutions/GitHub/Analytic Rules/(Preview) GitHub - Two Factor Authentication Disabled in GitHub.yaml	32
Solutions/GitHub/Analytic Rules/(Preview) GitHub - User visibility Was changed.yaml	32
Solutions/GitHub/Analytic Rules/(Preview) GitHub - User was blocked.yaml	32
Solutions/GitHub/Analytic Rules/Security Vulnerability in Repo.yaml	35
Solutions/GitHub/Analytic Rules/(Preview) GitHub - Activities from Infrequent Country.yaml	45
Solutions/GitHub/Analytic Rules/(Preview) GitHub - User was invited to the repository.yaml	32
Solutions/GitHub/Analytic Rules/NRT Two Factor Authentication Disabled.yaml	31
Solutions/GitHub/Analytic Rules/(Preview) GitHub - pull request was merged.yaml	31
Solutions/GitHub/Data Connectors/GithubWebhook/GithubWebhookConnector/__init__.py	99
Solutions/Zscaler Private Access (ZPA)/Hunting Queries/ZscalerApplicationByUsers.yaml	24
Solutions/Zscaler Private Access (ZPA)/Hunting Queries/ZscalerUrlhostname.yaml	25
Solutions/Zscaler Private Access (ZPA)/Hunting Queries/ZscalerAbnormalTotalBytesSize.yaml	26
Solutions/Zscaler Private Access (ZPA)/Hunting Queries/ZscalerUserAccessGroups.yaml	23
Solutions/Zscaler Private Access (ZPA)/Hunting Queries/ZscalerConnectionCloseReason.yaml	31
Solutions/Zscaler Private Access (ZPA)/Hunting Queries/ZscalerTopSourceIP.yaml	25
Solutions/Zscaler Private Access (ZPA)/Hunting Queries/ZscalerUserServerErrors.yaml	25
Solutions/Zscaler Private Access (ZPA)/Hunting Queries/ZscalerSourceLocation.yaml	24
Solutions/Zscaler Private Access (ZPA)/Hunting Queries/ZscalerIPsByPorts.yaml	24
Solutions/Zscaler Private Access (ZPA)/Hunting Queries/ZscalerTopConnectors.yaml	26
Solutions/Zscaler Private Access (ZPA)/Analytic Rules/ZscalerUnexpectedUpdateOperation.yaml	37
Solutions/Zscaler Private Access (ZPA)/Analytic Rules/ZscalerZPAConnectionsOutsideOperationalHours.yaml	33
Solutions/Zscaler Private Access (ZPA)/Analytic Rules/ZscalerUnexpectedCountEventResult.yaml	33
Solutions/Zscaler Private Access (ZPA)/Analytic Rules/ZscalerUnexpectedCountries.yaml	36
Solutions/Zscaler Private Access (ZPA)/Analytic Rules/ZscalerSharedZPASession.yaml	54
Solutions/Zscaler Private Access (ZPA)/Analytic Rules/ZscalerZPAConnectionsFromNewIP.yaml	43
Solutions/Zscaler Private Access (ZPA)/Analytic Rules/ZscalerZPAUnexpectedSessionDuration.yaml	52
Solutions/Zscaler Private Access (ZPA)/Analytic Rules/ZscalerZPAConnectionsFromNewCountry.yaml	39
Solutions/Zscaler Private Access (ZPA)/Analytic Rules/ZscalerZPAConnectionsByDormantUser.yaml	38
Solutions/Zscaler Private Access (ZPA)/Analytic Rules/ZscalerZPAConnectionsByNewUser.yaml	37
Solutions/AristaAwakeSecurity/Analytic Rules/HighSeverityMatchesByDevice.yaml	61
Solutions/AristaAwakeSecurity/Analytic Rules/HighMatchCountsByDevice.yaml	63
Solutions/AristaAwakeSecurity/Analytic Rules/ModelMatchesWithMultipleDestinationsByDevice.yaml	61
Solutions/Red Canary/Analytic Rules/RedCanaryThreatDetection.yaml	132
Solutions/GoogleWorkspaceReports/Hunting Queries/GWorkspacePossibleSCAMSPAMorPhishingCalendar.yaml	31
Solutions/GoogleWorkspaceReports/Hunting Queries/GWorkspaceDocumentSharedPublicilyWithLink.yaml	26
Solutions/GoogleWorkspaceReports/Hunting Queries/GWorkspaceUserWithSeveralDevices.yaml	25
Solutions/GoogleWorkspaceReports/Hunting Queries/GWorkspaceDocumentSharedPublicily.yaml	25
Solutions/GoogleWorkspaceReports/Hunting Queries/GWorkspaceDocumentSharedExternally.yaml	26
Solutions/GoogleWorkspaceReports/Hunting Queries/GWorkspaceUncommonUAsString.yaml	31
Solutions/GoogleWorkspaceReports/Hunting Queries/GWorkspaceDocumentCopiedToPrivateDrive.yaml	37
Solutions/GoogleWorkspaceReports/Hunting Queries/GWorkspaceRareDocType.yaml	25
Solutions/GoogleWorkspaceReports/Hunting Queries/GWorkspaceUnknownLoginType.yaml	27
Solutions/GoogleWorkspaceReports/Hunting Queries/GWorkspaceUserReportedCalendarInviteAsSpam.yaml	23
Solutions/GoogleWorkspaceReports/Hunting Queries/GWorkspaceSuspendedUsers.yaml	23
Solutions/GoogleWorkspaceReports/Hunting Queries/GWorkspaceSharedPrivateDocument.yaml	25
Solutions/GoogleWorkspaceReports/Hunting Queries/GWorkspaceLicenseRevokeAndAssignmentToUser.yaml	50
Solutions/GoogleWorkspaceReports/Hunting Queries/GWorkspaceMultiIPAddresses.yaml	25
Solutions/GoogleWorkspaceReports/Parsers/GWorkspaceActivityReports.yaml	204
Solutions/GoogleWorkspaceReports/Analytic Rules/GWorkspaceApiAccessToNewClient.yaml	30
Solutions/GoogleWorkspaceReports/Analytic Rules/GWorkspaceTwoStepAuthenticationDisabledForUser.yaml	29
Solutions/GoogleWorkspaceReports/Analytic Rules/GWorkspaceDifferentUAsFromSingleIP.yaml	34
Solutions/GoogleWorkspaceReports/Analytic Rules/GWorkspacePossibleMaldocFileNamesInGDRIVE.yaml	34
Solutions/GoogleWorkspaceReports/Analytic Rules/GWorkspacePossibleBruteForce.yaml	32
Solutions/GoogleWorkspaceReports/Analytic Rules/GWorkspaceOutboundRelayAddedToSuiteDomain.yaml	29
Solutions/GoogleWorkspaceReports/Analytic Rules/GWorkspaceChangedUserAccess.yaml	29
Solutions/GoogleWorkspaceReports/Analytic Rules/GWorkspaceAlertEvents.yaml	30
Solutions/GoogleWorkspaceReports/Analytic Rules/GWorkspaceAdminPermissionsGranted.yaml	29
Solutions/GoogleWorkspaceReports/Analytic Rules/GWorkspaceUnexpectedOSUpdate.yaml	44
Solutions/GoogleWorkspaceReports/Data Connectors/get_google_pickle_string.py	12
Solutions/GoogleWorkspaceReports/Data Connectors/GWorkspaceReportsAPISentinelConn/GWorkspaceReports-QueueTrigger/__init__.py	273
Solutions/GoogleWorkspaceReports/Data Connectors/GWorkspaceReportsAPISentinelConn/GWorkspaceReports-QueueTrigger/state_manager.py	99
Solutions/GoogleWorkspaceReports/Data Connectors/GWorkspaceReportsAPISentinelConn/GWorkspaceReports-TimeTrigger/__init__.py	207
Solutions/GoogleWorkspaceReports/Data Connectors/GWorkspaceReportsAPISentinelConn/GWorkspaceReports-TimeTrigger/state_manager.py	68
Solutions/Cisco UCS/Parsers/CiscoUCS.yaml	55
Solutions/Cloud Service Threat Protection Essentials/Hunting Queries/AzureResourceAssignedPublicIP.yaml	77
Solutions/Cloud Service Threat Protection Essentials/Hunting Queries/AzureKeyVaultAccessManipulation.yaml	50
Solutions/CrowdStrike Falcon Endpoint Protection/Parsers/CrowdStrikeReplicatorV2.yaml	155
Solutions/CrowdStrike Falcon Endpoint Protection/Parsers/CrowdStrikeReplicator.yaml	1074
Solutions/CrowdStrike Falcon Endpoint Protection/Parsers/CrowdStrikeFalconEventStream.yaml	67
Solutions/CrowdStrike Falcon Endpoint Protection/Parsers/CrowdStrikeReplicator_future.yaml	1123
Solutions/CrowdStrike Falcon Endpoint Protection/Analytic Rules/CriticalSeverityDetection.yaml	45
Solutions/CrowdStrike Falcon Endpoint Protection/Analytic Rules/CriticalOrHighSeverityDetectionsByUser.yaml	19
Solutions/CrowdStrike Falcon Endpoint Protection/Data Connectors/CrowdStrikeFalconAdversaryIntelligence/CrowdStrikeFalconThreatIntelConnector/__init__.py	187
Solutions/CrowdStrike Falcon Endpoint Protection/Data Connectors/CrowdStrikeFalconAdversaryIntelligence/CrowdStrikeFalconThreatIntelConnector/utils.py	107
Solutions/CrowdStrike Falcon Endpoint Protection/Data Connectors/CrowdstrikeReplicatorCLv2/CrowdstrikeFalconAPISentinelConn/Replicator/main_aws_queue.py	157
Solutions/CrowdStrike Falcon Endpoint Protection/Data Connectors/CrowdstrikeReplicatorCLv2/CrowdstrikeFalconAPISentinelConn/QueueTriggerCS/__init__.py	284
Solutions/CrowdStrike Falcon Endpoint Protection/Data Connectors/CrowdstrikeReplicatorCLv2/CrowdstrikeFalconAPISentinelConn/QueueTriggerCS/sentinel_connector_clv2_async.py	95
Solutions/CrowdStrike Falcon Endpoint Protection/Data Connectors/CrowdstrikeReplicatorCLv2/Data Collection Rules/Transformations/ASimRegistryEventCrowdStrikeFalcon.yaml	57
Solutions/CrowdStrike Falcon Endpoint Protection/Data Connectors/CrowdstrikeReplicatorCLv2/Data Collection Rules/Transformations/ASimUserManagementCrowdStrikeFalcon.yaml	54
Solutions/CrowdStrike Falcon Endpoint Protection/Data Connectors/CrowdstrikeReplicatorCLv2/Data Collection Rules/Transformations/ASimAuthenticationEventCrowdStrikeFalcon.yaml	79
Solutions/CrowdStrike Falcon Endpoint Protection/Data Connectors/CrowdstrikeReplicatorCLv2/Data Collection Rules/Transformations/ASimProcessEventCrowdStrikeFalcon.yaml	86
Solutions/CrowdStrike Falcon Endpoint Protection/Data Connectors/CrowdstrikeReplicator/CrowdstrikeFalconAPISentinelConnector/__init__.py	195
Solutions/CrowdStrike Falcon Endpoint Protection/Data Connectors/CrowdstrikeReplicator/CrowdstrikeFalconAPISentinelConnector/sentinel_connector_async.py	95
Solutions/CrowdStrike Falcon Endpoint Protection/Data Connectors/CrowdstrikeReplicator/CrowdstrikeFalconAPISentinelConnector/state_manager.py	18
Solutions/Valence Security/Analytic Rules/ValenceAlerts.yaml	34
Solutions/Microsoft 365/Hunting Queries/MultipleTeamsDeletes.yaml	38
Solutions/Microsoft 365/Hunting Queries/ExternalUserFromNewOrgAddedToTeams.yaml	15
Solutions/Microsoft 365/Hunting Queries/MultipleUsersEmailForwardedToSameDestination.yaml	60
Solutions/Microsoft 365/Hunting Queries/New_WindowsReservedFileNamesOnOfficeFileServices.yaml	49
Solutions/Microsoft 365/Hunting Queries/powershell_or_nonbrowser_MailboxLogin.yaml	31
Solutions/Microsoft 365/Hunting Queries/NewBotAddedToTeams.yaml	40
Solutions/Microsoft 365/Hunting Queries/sharepoint_downloads.yaml	39
Solutions/Microsoft 365/Hunting Queries/MultiTeamBot.yaml	38
Solutions/Microsoft 365/Hunting Queries/double_file_ext_exes.yaml	41
Solutions/Microsoft 365/Hunting Queries/ExternalUserAddedRemovedInTeams_HuntVersion.yaml	42
Solutions/Microsoft 365/Hunting Queries/nonowner_MailboxLogin.yaml	44
Solutions/Microsoft 365/Hunting Queries/new_sharepoint_downloads_by_IP.yaml	52
Solutions/Microsoft 365/Hunting Queries/new_sharepoint_downloads_by_UserAgent.yaml	59
Solutions/Microsoft 365/Hunting Queries/UserAddToTeamsAndUploadsFile.yaml	39
Solutions/Microsoft 365/Hunting Queries/new_adminaccountactivity.yaml	57
Solutions/Microsoft 365/Hunting Queries/Mail_redirect_via_ExO_transport_rule_hunting.yaml	45
Solutions/Microsoft 365/Hunting Queries/WindowsReservedFileNamesOnOfficeFileServices.yaml	54
Solutions/Microsoft 365/Hunting Queries/OfficeMailForwarding_hunting.yaml	43
Solutions/Microsoft 365/Hunting Queries/MultiTeamOwner.yaml	43
Solutions/Microsoft 365/Hunting Queries/AnomolousUserAccessingOtherUsersMailbox.yaml	22
Solutions/Microsoft 365/Hunting Queries/TeamsFilesUploaded.yaml	45
Solutions/Microsoft 365/Analytic Rules/Malicious_Inbox_Rule.yaml	38
Solutions/Microsoft 365/Analytic Rules/MultipleTeamsDeletes.yaml	41
Solutions/Microsoft 365/Analytic Rules/ExternalUserAddedRemovedInTeams.yaml	71
Solutions/Microsoft 365/Analytic Rules/SharePoint_Downloads_byNewIP.yaml	71
Solutions/Microsoft 365/Analytic Rules/ForestBlizzardCredHarvesting.yaml	4
Solutions/Microsoft 365/Analytic Rules/sharepoint_file_transfer_above_threshold.yaml	59
Solutions/Microsoft 365/Analytic Rules/RareOfficeOperations.yaml	45
Solutions/Microsoft 365/Analytic Rules/Office_MailForwarding.yaml	59
Solutions/Microsoft 365/Analytic Rules/Mail_redirect_via_ExO_transport_rule.yaml	52
Solutions/Microsoft 365/Analytic Rules/SharePoint_Downloads_byNewUserAgent.yaml	82
Solutions/Microsoft 365/Analytic Rules/office_policytampering.yaml	62
Solutions/Microsoft 365/Analytic Rules/Office_Uploaded_Executables.yaml	78
Solutions/Microsoft 365/Analytic Rules/External User added to Team and immediately uploads file.yaml	88
Solutions/Microsoft 365/Analytic Rules/exchange_auditlogdisabled.yaml	50
Solutions/Microsoft 365/Analytic Rules/sharepoint_file_transfer_folders_above_threshold.yaml	59
Solutions/Microsoft 365/Analytic Rules/MailItemsAccessedTimeSeries.yaml	80
Solutions/Vectra AI Detect/Analytic Rules/VectraDetect-Host-Detections.yaml	87
Solutions/Vectra AI Detect/Analytic Rules/VectraDetect-NewCampaign.yaml	62
Solutions/Vectra AI Detect/Analytic Rules/VectraDetect-Account-Detections.yaml	94
Solutions/Vectra AI Detect/Analytic Rules/VectraDetect-Host-by-Severity.yaml	87
Solutions/Vectra AI Detect/Analytic Rules/VectraDetect-Suspected-Behavior-by-Tactics.yaml	100
Solutions/Vectra AI Detect/Analytic Rules/VectraDetect-Account-by-Severity.yaml	37
Solutions/Vectra AI Detect/Analytic Rules/VectraDetect-HighSeverityDetection-by-Tactics.yaml	114
Solutions/PingFederate/Hunting Queries/PingFederateNewUsers.yaml	29
Solutions/PingFederate/Hunting Queries/PingFederateUnusualSources.yaml	29
Solutions/PingFederate/Hunting Queries/PingFederateFailedAuthentications.yaml	25
Solutions/PingFederate/Hunting Queries/PingFederatePasswordResetRequests.yaml	30
Solutions/PingFederate/Hunting Queries/PingFederateRareSources.yaml	25
Solutions/PingFederate/Hunting Queries/PingFederateUsersPaswordsReset.yaml	25
Solutions/PingFederate/Hunting Queries/PingFederateUnusualCountry.yaml	34
Solutions/PingFederate/Hunting Queries/PingFederateTopSources.yaml	24
Solutions/PingFederate/Hunting Queries/PingFederateSAMLSubjects.yaml	25
Solutions/PingFederate/Hunting Queries/PingFederateAuthUrls.yaml	25
Solutions/PingFederate/Parsers/PingFederateEvent.yaml	53
Solutions/PingFederate/Analytic Rules/PingFederateSamlOld.yaml	38
Solutions/PingFederate/Analytic Rules/PingFederateMultiplePasswordResetsForUser.yaml	36
Solutions/PingFederate/Analytic Rules/PingFederateNewUserSSO.yaml	38
Solutions/PingFederate/Analytic Rules/PingFederateForbiddenCountry.yaml	36
Solutions/PingFederate/Analytic Rules/PingFederateAuthFromNewSource.yaml	42
Solutions/PingFederate/Analytic Rules/PingFederateUnexpectedAuthUrl.yaml	44
Solutions/PingFederate/Analytic Rules/PingFederateOauthOld.yaml	38
Solutions/PingFederate/Analytic Rules/PingFederatePasswordRstReqUnexpectedSource.yaml	41
Solutions/PingFederate/Analytic Rules/PingFederateUnusualMailDomain.yaml	44
Solutions/PingFederate/Analytic Rules/PingFederateAbnormalPasswordResetsAttempts.yaml	32
Solutions/PingFederate/Analytic Rules/PingFederateUnexpectedUserCountry.yaml	40
Solutions/SonicWall Firewall/Hunting Queries/OutboundSSHConnections.yaml	34
Solutions/SonicWall Firewall/Analytic Rules/CaptureATPMaliciousFileDetection.yaml	60
Solutions/SonicWall Firewall/Analytic Rules/AllowedInboundSSHTelnetRDPConnections.yaml	66
Solutions/VaronisSaaS/Data Connectors/VaronisSaaSFunction/Varonis.Sentinel.Functions/Search/Model/FilterGroup.cs	12
Solutions/VaronisSaaS/Data Connectors/VaronisSaaSFunction/Varonis.Sentinel.Functions/Search/Model/AlertItem.cs	39
Solutions/VaronisSaaS/Data Connectors/VaronisSaaSFunction/Varonis.Sentinel.Functions/Search/Model/Filter.cs	13
Solutions/VaronisSaaS/Data Connectors/VaronisSaaSFunction/Varonis.Sentinel.Functions/Search/Model/RowDataRequest.cs	9
Solutions/VaronisSaaS/Data Connectors/VaronisSaaSFunction/Varonis.Sentinel.Functions/Search/Model/FilterOperator.cs	8
Solutions/VaronisSaaS/Data Connectors/VaronisSaaSFunction/Varonis.Sentinel.Functions/Search/Model/SearchRequest.cs	11
Solutions/VaronisSaaS/Data Connectors/VaronisSaaSFunction/Varonis.Sentinel.Functions/Search/Model/AlertAttributes.cs	86
Solutions/VaronisSaaS/Data Connectors/VaronisSaaSFunction/Varonis.Sentinel.Functions/Search/Model/SearchRowsResponse.cs	8
Solutions/VaronisSaaS/Data Connectors/VaronisSaaSFunction/Varonis.Sentinel.Functions/Search/Model/EmOperator.cs	25
Solutions/VaronisSaaS/Data Connectors/VaronisSaaSFunction/Varonis.Sentinel.Functions/Search/Model/SearchQuery.cs	9
Solutions/VaronisSaaS/Data Connectors/VaronisSaaSFunction/Varonis.Sentinel.Functions/Search/Model/Rule.cs	8
Solutions/VaronisSaaS/Data Connectors/VaronisSaaSFunction/Varonis.Sentinel.Functions/Search/Model/SearchResultType.cs	16
Solutions/VaronisSaaS/Data Connectors/VaronisSaaSFunction/Varonis.Sentinel.Functions/Search/Model/SearchResponseLink.cs	11
Solutions/VaronisSaaS/Data Connectors/VaronisSaaSFunction/Varonis.Sentinel.Functions/Search/AlertSearchQueryBuilder.cs	158
Solutions/VaronisSaaS/Data Connectors/VaronisSaaSFunction/Varonis.Sentinel.Functions/Search/SearchRequestBuilder.cs	46
Solutions/VaronisSaaS/Data Connectors/VaronisSaaSFunction/Varonis.Sentinel.Functions/Helpers/SearchConverter.cs	29
Solutions/VaronisSaaS/Data Connectors/VaronisSaaSFunction/Varonis.Sentinel.Functions/Helpers/BaseMapper.cs	13
Solutions/VaronisSaaS/Data Connectors/VaronisSaaSFunction/Varonis.Sentinel.Functions/Helpers/AlertExtensions.cs	24
Solutions/VaronisSaaS/Data Connectors/VaronisSaaSFunction/Varonis.Sentinel.Functions/Helpers/CustomParser.cs	25
Solutions/VaronisSaaS/Data Connectors/VaronisSaaSFunction/Varonis.Sentinel.Functions/Helpers/ParametersToValuesConverter.cs	38
Solutions/VaronisSaaS/Data Connectors/VaronisSaaSFunction/Varonis.Sentinel.Functions/Helpers/SearchAlertObjectMapper.cs	104
Solutions/VaronisSaaS/Data Connectors/VaronisSaaSFunction/Varonis.Sentinel.Functions/DatAlert/DatAlertClient.cs	143
Solutions/VaronisSaaS/Data Connectors/VaronisSaaSFunction/Varonis.Sentinel.Functions/DatAlert/DatAlertParams.cs	13
Solutions/VaronisSaaS/Data Connectors/VaronisSaaSFunction/Varonis.Sentinel.Functions/DatAlert/DatAlertClientFake.cs	57
Solutions/VaronisSaaS/Data Connectors/VaronisSaaSFunction/Varonis.Sentinel.Functions/DatAlert/IDatAlertClient.cs	10
Solutions/VaronisSaaS/Data Connectors/VaronisSaaSFunction/Varonis.Sentinel.Functions/Constants.cs	13
Solutions/VaronisSaaS/Data Connectors/VaronisSaaSFunction/Varonis.Sentinel.Functions/LogAnalytics/LogAnalyticsCollector.cs	25
Solutions/VaronisSaaS/Data Connectors/VaronisSaaSFunction/Varonis.Sentinel.Functions/LogAnalytics/ILogAnalyticsStorage.cs	8
Solutions/VaronisSaaS/Data Connectors/VaronisSaaSFunction/Varonis.Sentinel.Functions/LogAnalytics/LogAnalyticsMonitor.cs	12
Solutions/VaronisSaaS/Data Connectors/VaronisSaaSFunction/Varonis.Sentinel.Functions/LogAnalytics/LogAnalyticsFake.cs	22
Solutions/VaronisSaaS/Data Connectors/VaronisSaaSFunction/Varonis.Sentinel.Functions/FetchDataFunction.cs	72
Solutions/ESET Inspect/Data Connectors/esetinspect/__init__.py	5
Solutions/ESET Inspect/Data Connectors/esetinspect/eifunctions.py	5
Solutions/ESET Inspect/Data Connectors/esetinspect/inspect.py	142
Solutions/ESET Inspect/Data Connectors/datacollector/__init__.py	49
Solutions/ESET Inspect/Data Connectors/InspectGetDetections/__init__.py	69
Solutions/Microsoft Business Applications/Hunting Queries/Dataverse - Dataverse export copied to USB devices.yaml	61
Solutions/Microsoft Business Applications/Hunting Queries/Dataverse - Generic client app used to access production environments.yaml	56
Solutions/Microsoft Business Applications/Hunting Queries/Dataverse - Activity after failed logons.yaml	48
Solutions/Microsoft Business Applications/Hunting Queries/Power Apps - Anomalous bulk sharing of Power App to newly created guest users.yaml	89
Solutions/Microsoft Business Applications/Hunting Queries/Dataverse - Cross-environment data export activity.yaml	54
Solutions/Microsoft Business Applications/Hunting Queries/Dataverse - Activity after Microsoft Entra alerts.yaml	46
Solutions/Microsoft Business Applications/Hunting Queries/Dataverse - Identity management activity outside of privileged directory role membership.yaml	36
Solutions/Microsoft Business Applications/Hunting Queries/Dataverse - Identity management changes without MFA.yaml	54
Solutions/Microsoft Business Applications/Parsers/MSBizAppsNetworkAddresses.yaml	33
Solutions/Microsoft Business Applications/Parsers/MSBizAppsTerminatedEmployees.yaml	51
Solutions/Microsoft Business Applications/Parsers/DataverseSharePointSites.yaml	30
Solutions/Microsoft Business Applications/Parsers/MSBizAppsOrgSettings.yaml	478
Solutions/Microsoft Business Applications/Parsers/MSBizAppsVIPUsers.yaml	42
Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - Audit log data deletion.yaml	61
Solutions/Microsoft Business Applications/Analytic Rules/F&O - Unusual sign-in activity using single factor authentication.yaml	79
Solutions/Microsoft Business Applications/Analytic Rules/F&O - Mass update or deletion of user records.yaml	50
Solutions/Microsoft Business Applications/Analytic Rules/F&O - Reverted bank account number modifications.yaml	67
Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - Login from IP in the block list.yaml	75
Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - Anomalous application user activity.yaml	96
Solutions/Microsoft Business Applications/Analytic Rules/Power Automate - Departing employee flow activity.yaml	71
Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - Login from IP not in the allow list.yaml	77
Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - New non-interactive identity granted access.yaml	87
Solutions/Microsoft Business Applications/Analytic Rules/Power Platform - Possibly compromised user accesses Power Platform services.yaml	89
Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - Bulk record ownership re-assignment or sharing.yaml	72
Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - Suspicious security role modifications.yaml	100
Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - Terminated employee exfiltration over email.yaml	106
Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - TI map IP to DataverseActivity.yaml	118
Solutions/Microsoft Business Applications/Analytic Rules/Power Platform - Account added to privileged Microsoft Entra roles.yaml	79
Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - New sign-in from an unauthorized domain.yaml	82
Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - Executable uploaded to SharePoint document management site.yaml	83
Solutions/Microsoft Business Applications/Analytic Rules/F&O - Non-interactive account mapped to self or sensitive privileged user.yaml	75
Solutions/Microsoft Business Applications/Analytic Rules/Power Apps - App activity from unauthorized geo.yaml	94
Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - Mass download from SharePoint document management.yaml	79
Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - New user agent type that was not used with Office 365.yaml	81
Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - Guest user exfiltration following Power Platform defense impairment.yaml	126
Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - SharePoint document management site added or updated.yaml	79
Solutions/Microsoft Business Applications/Analytic Rules/Power Apps - Bulk sharing of Power Apps to newly created guest users.yaml	110
Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - Suspicious use of Web API.yaml	89
Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - Removal of blocked file extensions.yaml	65
Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - Suspicious use of TDS endpoint.yaml	101
Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - Mass export of records to Excel.yaml	90
Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - Terminated employee exfiltration to USB drive.yaml	86
Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - Unusual sign-in following disabled IP address-based cookie binding protection.yaml	108
Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - Hierarchy security manipulation.yaml	99
Solutions/Microsoft Business Applications/Analytic Rules/Power Automate - Unusual bulk deletion of flow resources.yaml	88
Solutions/Microsoft Business Applications/Analytic Rules/Power Platform - Connector added to a sensitive environment.yaml	41
Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - New user agent type that was not used before.yaml	91
Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - Mass deletion of records.yaml	83
Solutions/Microsoft Business Applications/Analytic Rules/Power Apps - Multiple users access a malicious link after launching new app.yaml	203
Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - Mass record updates.yaml	85
Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - New Dataverse application user activity type.yaml	77
Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - Export activity from terminated or notified employee.yaml	76
Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - TI map URL to DataverseActivity.yaml	123
Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - User bulk retrieval outside normal activity.yaml	97
Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - Malware found in SharePoint document management site.yaml	90
Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - Login by a sensitive privileged user.yaml	71
Solutions/Microsoft Business Applications/Analytic Rules/Power Platform - DLP policy updated or removed.yaml	87
Solutions/Microsoft Business Applications/Analytic Rules/F&O - Bank account change following network alias reassignment.yaml	87
Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - Honeypot instance activity.yaml	83
Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - Organization settings modified.yaml	68
Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - Audit logging disabled.yaml	68
Solutions/Microsoft Business Applications/Analytic Rules/Power Apps - Multiple apps deleted.yaml	82
Solutions/SecurityBridge App/Parsers/SecurityBridgeLogs.yaml	33
Solutions/SecurityBridge App/Analytical Rules/CriticalEventTriggered.yaml	36
Solutions/Barracuda CloudGen Firewall/Parsers/CGFWFirewallActivity.yaml	37
Solutions/Palo Alto - XDR (Cortex)/Detection Queries/WildFire Malware Detection.yaml	36
Solutions/Palo Alto - XDR (Cortex)/Detection Queries/Preventive Alerts.yaml	52
Solutions/SAP BTP/Analytic Rules/BTP - Malware detected in BAS dev space.yaml	69
Solutions/SAP BTP/Analytic Rules/BTP - Trust and authorization Identity Provider monitor.yaml	74
Solutions/SAP BTP/Analytic Rules/BTP - User added to sensitive privileged role collection.yaml	45
Solutions/SAP BTP/Analytic Rules/BTP - Failed access attempts across multiple BAS subaccounts.yaml	47
Solutions/SAP BTP/Analytic Rules/BTP - Mass user deletion in a sub account.yaml	55
Solutions/Synack/Integrations/AzureFunctionSynack/synack-service.js	111
Solutions/Synack/Integrations/AzureFunctionSynack/sync-service.js	220
Solutions/Synack/Integrations/AzureFunctionSynack/azure-service.js	173
Solutions/Synack/Integrations/AzureFunctionSynack/index.js	7
Solutions/Network Threat Protection Essentials/Hunting Queries/RiskyCommandB64EncodedInUrl.yaml	73
Solutions/Network Threat Protection Essentials/Hunting Queries/B64IPInURL.yaml	73
Solutions/Network Threat Protection Essentials/Analytic Rules/NewUserAgentLast24h.yaml	84
Solutions/Network Threat Protection Essentials/Analytic Rules/NetworkEndpointCorrelation.yaml	49
Solutions/Netwrix Auditor/Parsers/NetwrixAuditor.yaml	34
Solutions/SAP ETD Cloud/Analytic Rules/SAPETD-SynchAlerts.yaml	59
Solutions/SAP ETD Cloud/Analytic Rules/SAPETD-LoginFromUnexpectedNetwork.yaml	65
Solutions/Zscaler Internet Access/Parsers/ZScalerWeb_Parser.csl	34
Solutions/Zscaler Internet Access/Parsers/ZScalerFW_Parser.yaml	22
Solutions/Zscaler Internet Access/Parsers/ZScalerWeb_Parser.yaml	29
Solutions/Zscaler Internet Access/Parsers/ZScalerFW_Parser.csl	27
Solutions/Zscaler Internet Access/Analytic Rules/Zscaler-LowVolumeDomainRequests.yaml	53
Solutions/Zscaler Internet Access/Analytic Rules/DiscordCDNRiskyDownload.yaml	50
Solutions/CiscoASA/Analytic Rules/CiscoASA-ThreatDetectionMessage.yaml	39
Solutions/CiscoASA/Analytic Rules/CiscoASA-AvgAttackDetectRateIncrease.yaml	78
Solutions/Microsoft Windows SQL Server Database Audit/Hunting Queries/SQL-UserAdded_to_SecurityAdmin.yaml	50
Solutions/Microsoft Windows SQL Server Database Audit/Hunting Queries/SQL-MultipleFailedLogon_InShortSpan.yaml	50
Solutions/Microsoft Windows SQL Server Database Audit/Hunting Queries/SQL-UserRoleChanged.yaml	49
Solutions/Microsoft Windows SQL Server Database Audit/Hunting Queries/SQL-New_UserCreated.yaml	48
Solutions/Microsoft Windows SQL Server Database Audit/Hunting Queries/SQL-UserDeletedFromDatabase.yaml	52
Solutions/Microsoft Windows SQL Server Database Audit/Hunting Queries/SQL-Failed SQL Logons.yaml	44
Solutions/Microsoft Windows SQL Server Database Audit/Hunting Queries/SQL-UserRemovedFromSecurityAdmin.yaml	52
Solutions/Microsoft Windows SQL Server Database Audit/Hunting Queries/SQL-UserRemovedFromServerRole.yaml	51
Solutions/Microsoft Windows SQL Server Database Audit/Hunting Queries/SQL-MultipleFailedLogon_FromSameIP.yaml	50
Solutions/Cybersixgill-Actionable-Alerts/Hunting Queries/ActionableAlerts.yaml	11
Solutions/Cybersixgill-Actionable-Alerts/Data Connectors/CybersixgillAlerts/__init__.py	192
Solutions/Cybersixgill-Actionable-Alerts/Data Connectors/CybersixgillAlerts/state_manager.py	18
Solutions/Cybersixgill-Actionable-Alerts/Data Connectors/CybersixgillAlerts/utils.py	48
Solutions/AtlassianJiraAudit/Hunting Queries/JiraUpdatedWorkflows.yaml	24
Solutions/AtlassianJiraAudit/Hunting Queries/JiraNewUsers.yaml	25
Solutions/AtlassianJiraAudit/Hunting Queries/JiraUpdatedUsers.yaml	26
Solutions/AtlassianJiraAudit/Hunting Queries/JiraUpdatedProjectVersions.yaml	24
Solutions/AtlassianJiraAudit/Hunting Queries/JiraProjectVersionsReleased.yaml	24
Solutions/AtlassianJiraAudit/Hunting Queries/JiraUserIPs.yaml	25
Solutions/AtlassianJiraAudit/Hunting Queries/JiraUpdatedWorkflowSchemes.yaml	24
Solutions/AtlassianJiraAudit/Hunting Queries/JiraWorkflowAddedToProject.yaml	24
Solutions/AtlassianJiraAudit/Hunting Queries/JiraBlockedTasks.yaml	25
Solutions/AtlassianJiraAudit/Hunting Queries/JiraUpdatedProjects.yaml	24
Solutions/AtlassianJiraAudit/Parsers/JiraAudit.yaml	55
Solutions/AtlassianJiraAudit/Playbooks/Sync-CommentsFunctionApp/Sync-Comment.ps1	87
Solutions/AtlassianJiraAudit/Analytic Rules/JiraNewPrivilegedUser.yaml	32
Solutions/AtlassianJiraAudit/Analytic Rules/JiraNewUser.yaml	31
Solutions/AtlassianJiraAudit/Analytic Rules/JiraUserPasswordChange.yaml	36
Solutions/AtlassianJiraAudit/Analytic Rules/JiraPermissionSchemeUpdated.yaml	34
Solutions/AtlassianJiraAudit/Analytic Rules/JiraUserRemovedFromProject.yaml	31
Solutions/AtlassianJiraAudit/Analytic Rules/JiraProjectRolesChanged.yaml	34
Solutions/AtlassianJiraAudit/Analytic Rules/JiraPrivilegedUserPasswordChanged.yaml	37
Solutions/AtlassianJiraAudit/Analytic Rules/JiraGlobalPermissionAdded.yaml	34
Solutions/AtlassianJiraAudit/Analytic Rules/JiraWorkflowSchemeCopied.yaml	35
Solutions/AtlassianJiraAudit/Analytic Rules/JiraUserRemovedFromGroup.yaml	31
Solutions/AtlassianJiraAudit/Data Connectors/JiraAuditAPISentinelConnector/__init__.py	118
Solutions/AtlassianJiraAudit/Data Connectors/JiraAuditAPISentinelConnector/state_manager.py	18
Solutions/Cyware/Hunting queries/MatchCywareIntelWatchlistItemsWithCommonLogs.yaml	20
Solutions/Cyware/Hunting queries/UnusualNetworkConnectionsToRareExternalDomains.yaml	19
Solutions/Cyware/Hunting queries/DetectingSuspiciousPowerShellCommandExecutions.yaml	28
Solutions/Dev 0270 Detection and Hunting/Analytic Rules/Dev-0270NewUserSep2022.yaml	47
Solutions/Dev 0270 Detection and Hunting/Analytic Rules/Dev-0270RegistryIOCSep2022.yaml	42
Solutions/Dev 0270 Detection and Hunting/Analytic Rules/Dev-0270PowershellSep2022.yaml	45
Solutions/Dev 0270 Detection and Hunting/Analytic Rules/Dev-0270WMICDiscoverySep2022.yaml	41
Solutions/Tomcat/Hunting Queries/TomcatRareURLsRequested.yaml	25
Solutions/Tomcat/Hunting Queries/TomcatUncommonUAsWithClientErrors.yaml	27
Solutions/Tomcat/Hunting Queries/TomcatTopURLsServerErrors.yaml	28
Solutions/Tomcat/Hunting Queries/TomcatERRORs.yaml	24
Solutions/Tomcat/Hunting Queries/Tomcat403RequestsFiles.yaml	25
Solutions/Tomcat/Hunting Queries/TomcatTopURLsClientErrors.yaml	28
Solutions/Tomcat/Hunting Queries/TomcatAbnormalRequestSize.yaml	36
Solutions/Tomcat/Hunting Queries/TomcatUncommonUAsWithServerErrors.yaml	27
Solutions/Tomcat/Hunting Queries/TomcatUncommonUAs.yaml	25
Solutions/Tomcat/Hunting Queries/TomcatRareFilesRequested.yaml	27
Solutions/Tomcat/Hunting Queries/TomcatTopFilesWithErrorRequests.yaml	28
Solutions/Tomcat/Parsers/TomcatEvent.yaml	67
Solutions/Tomcat/Analytic Rules/TomcatRequestSensitiveFiles.yaml	35
Solutions/Tomcat/Analytic Rules/TomcatSQLiPattern.yaml	30
Solutions/Tomcat/Analytic Rules/TomcatMultipleServerErrorsFromSingleIP.yaml	35
Solutions/Tomcat/Analytic Rules/TomcatCommandsinRequest.yaml	31
Solutions/Tomcat/Analytic Rules/TomcatPutAndGetFileFromSameIP.yaml	44
Solutions/Tomcat/Analytic Rules/TomcatServerErrorsAfterMultipleRequestsFromSameIP.yaml	46
Solutions/Tomcat/Analytic Rules/TomcatMultipleEmptyRequestsFromSameIP.yaml	35
Solutions/Tomcat/Analytic Rules/TomcatMultipleClientErrorsFromSingleIP.yaml	33
Solutions/Tomcat/Analytic Rules/TomcatRequestFromLocalhostIP.yaml	35
Solutions/SecurityThreatEssentialSolution/Hunting Queries/Signins-from-NordVPN-Providers.yaml	38
Solutions/SecurityThreatEssentialSolution/Hunting Queries/Signins-From-VPS-Providers.yaml	43
Solutions/SecurityThreatEssentialSolution/Analytic Rules/PossibleAiTMPhishingAttemptAgainstAAD.yaml	65
Solutions/SecurityThreatEssentialSolution/Analytic Rules/Threat_Essentials_MultipleAdmin_membership_removals_from_NewAdmin.yaml	72
Solutions/SecurityThreatEssentialSolution/Analytic Rules/Threat_Essentials_Mail_redirect_via_ExO_transport_rule.yaml	63
Solutions/SecurityThreatEssentialSolution/Analytic Rules/Threat_Essentials_TimeSeriesAnomaly-MultiVendor_DataExfiltration.yaml	121
Solutions/SecurityThreatEssentialSolution/Analytic Rules/Threat_Essentials_TimeSeriesAnomaly_Mass_Cloud_Resource_Deletions.yaml	59
Solutions/SecurityThreatEssentialSolution/Analytic Rules/Threat_Essentials_NRT_UseraddedtoPrivilgedGroups.yaml	58
Solutions/SecurityThreatEssentialSolution/Analytic Rules/Threat_Essentials_UserAssignedPrivilegedRole.yaml	53
Solutions/Netskope/Parsers/Netskope.yaml	288
Solutions/Netskope/Data Connectors/Netskope/requirements.psd1	7
Solutions/Netskope/Data Connectors/Netskope/AzureFunctionNetskope/run.ps1	388
Solutions/Netskope/Data Connectors/Netskope/profile.ps1	18
Solutions/ALC-WebCTRL/Data Connectors/TaskSetup/ALC-WebCTRL-AuditPull.ps1	103
Solutions/ALC-WebCTRL/Data Connectors/TaskSetup/ALC-WebCTRL-AuditPullTaskConfig.xml	50
Solutions/Azure Cloud NGFW by Palo Alto Networks/Hunting Queries/CloudNGFW-HighRiskPorts.yaml	114
Solutions/Azure Cloud NGFW by Palo Alto Networks/Hunting Queries/CloudNGFW-PotentialBeaconing.yaml	59
Solutions/Azure Cloud NGFW by Palo Alto Networks/Analytic Rules/CloudNGFW-UnusualThreatSignatures.yaml	59
Solutions/Azure Cloud NGFW by Palo Alto Networks/Analytic Rules/CloudNGFW-PortScanning.yaml	60
Solutions/Azure Cloud NGFW by Palo Alto Networks/Analytic Rules/CloudNGFW-NetworkBeaconing.yaml	67
Solutions/Cloudflare/Hunting Queries/CloudflareTopWafRules.yaml	26
Solutions/Cloudflare/Hunting Queries/CloudflareClientErrors.yaml	31
Solutions/Cloudflare/Hunting Queries/CloudflareUnexpectedCountries.yaml	24
Solutions/Cloudflare/Hunting Queries/CloudflareTopNetworkRules.yaml	26
Solutions/Cloudflare/Hunting Queries/CloudflareRareUAs.yaml	25
Solutions/Cloudflare/Hunting Queries/CloudflareFilesRequested.yaml	30
Solutions/Cloudflare/Hunting Queries/CloudflareClientTlsErrors.yaml	32
Solutions/Cloudflare/Hunting Queries/CloudflareServerTlsErrors.yaml	32
Solutions/Cloudflare/Hunting Queries/CloudflareServerErrors.yaml	31
Solutions/Cloudflare/Hunting Queries/CloudflareUnexpectedEdgeResponse.yaml	29
Solutions/Cloudflare/Parsers/Cloudflare.yaml	221
Solutions/Cloudflare/Analytic Rules/CloudflareUnexpectedRequest.yaml	32
Solutions/Cloudflare/Analytic Rules/CloudflareMultipleUAs.yaml	33
Solutions/Cloudflare/Analytic Rules/CloudflareXSSProbingPattern.yaml	38
Solutions/Cloudflare/Analytic Rules/CloudflareUnexpectedPost.yaml	35
Solutions/Cloudflare/Analytic Rules/CloudflareWafThreatAllowed.yaml	36
Solutions/Cloudflare/Analytic Rules/CloudflareUnexpectedUrl.yaml	32
Solutions/Cloudflare/Analytic Rules/CloudflareBadClientIp.yaml	36
Solutions/Cloudflare/Analytic Rules/CloudflareUnexpectedCountry.yaml	36
Solutions/Cloudflare/Analytic Rules/CloudflareEmptyUA.yaml	30
Solutions/Cloudflare/Analytic Rules/CloudflareMultipleErrorsSource.yaml	33
Solutions/Cloudflare/Data Connectors/AzureFunctionCloudflare/sentinel_connector_async.py	94
Solutions/Cloudflare/Data Connectors/AzureFunctionCloudflare/main.py	160
Solutions/Microsoft Entra ID Protection/Analytic Rules/CorrelateIPC_Unfamiliar-Atypical.yaml	122
Solutions/HolmSecurity/Data Connectors/AzureFunctionHolmSecurityAssetsConn/__init__.py	103
Solutions/Aruba ClearPass/Parsers/ArubaClearPass.yaml	89
Solutions/Corelight/Hunting Queries/CorelightFilesSeen.yaml	29
Solutions/Corelight/Hunting Queries/CorelightAbnormalEmailSubject.yaml	22
Solutions/Corelight/Hunting Queries/CorelightExternalServices.yaml	26
Solutions/Corelight/Hunting Queries/CorelightRarePOST.yaml	31
Solutions/Corelight/Hunting Queries/CorelightRepetitiveDnsFailures.yaml	27
Solutions/Corelight/Hunting Queries/CorelightFilesTransferedByIp.yaml	28
Solutions/Corelight/Hunting Queries/CorelightObfuscatedBinary.yaml	25
Solutions/Corelight/Hunting Queries/CorelightDataTransferedByIp.yaml	25
Solutions/Corelight/Hunting Queries/CorelightCompressedFilesTransferredOverHTTP.yaml	26
Solutions/Corelight/Hunting Queries/CorelightMultipleRemoteSMBConnectionsFromSingleIP.yaml	26
Solutions/Corelight/Parsers/corelight_suri_aggregations.yaml	64
Solutions/Corelight/Parsers/corelight_capture_loss.yaml	28
Solutions/Corelight/Parsers/corelight_http.yaml	205
Solutions/Corelight/Parsers/corelight_corelight_metrics_iface.yaml	164
Solutions/Corelight/Parsers/corelight_stats.yaml	48
Solutions/Corelight/Parsers/corelight_dnp3.yaml	31
Solutions/Corelight/Parsers/corelight_zeek_doctor.yaml	30
Solutions/Corelight/Parsers/corelight_ftp.yaml	107
Solutions/Corelight/Parsers/corelight_http_red.yaml	53
Solutions/Corelight/Parsers/corelight_bacnet.yaml	33
Solutions/Corelight/Parsers/corelight_mqtt_subscribe.yaml	33
Solutions/Corelight/Parsers/corelight_log4shell.yaml	35
Solutions/Corelight/Parsers/corelight_sip.yaml	49
Solutions/Corelight/Parsers/corelight_rfb.yaml	38
Solutions/Corelight/Parsers/corelight_profinet_debug.yaml	29
Solutions/Corelight/Parsers/corelight_smb_files.yaml	125
Solutions/Corelight/Parsers/corelight_kerberos.yaml	42
Solutions/Corelight/Parsers/corelight_known_services.yaml	35
Solutions/Corelight/Parsers/corelight_corelight_metrics_zeek_doctor.yaml	67
Solutions/Corelight/Parsers/corelight_ocsp.yaml	33
Solutions/Corelight/Parsers/corelight_intel.yaml	101
Solutions/Corelight/Parsers/corelight_mqtt_connect.yaml	34
Solutions/Corelight/Parsers/corelight_util_stats.yaml	24
Solutions/Corelight/Parsers/corelight_rdp.yaml	117
Solutions/Corelight/Parsers/corelight_suricata_corelight.yaml	207
Solutions/Corelight/Parsers/corelight_profinet.yaml	33
Solutions/Corelight/Parsers/corelight_radius.yaml	36
Solutions/Corelight/Parsers/corelight_openflow.yaml	56
Solutions/Corelight/Parsers/corelight_smb_mapping.yaml	97
Solutions/Corelight/Parsers/corelight_packet_filter.yaml	27
Solutions/Corelight/Parsers/corelight_corelight_metrics_disk.yaml	968
Solutions/Corelight/Parsers/corelight_suricata_eve.yaml	24
Solutions/Corelight/Parsers/corelight_known_hosts.yaml	33
Solutions/Corelight/Parsers/corelight_tunnel.yaml	30
Solutions/Corelight/Parsers/corelight_stepping.yaml	35
Solutions/Corelight/Parsers/corelight_cip.yaml	31
Solutions/Corelight/Parsers/corelight_unknown_smartpcap.yaml	26
Solutions/Corelight/Parsers/corelight_notice.yaml	146
Solutions/Corelight/Parsers/corelight_known_users.yaml	33
Solutions/Corelight/Parsers/corelight_dga.yaml	33
Solutions/Corelight/Parsers/corelight_socks.yaml	38
Solutions/Corelight/Parsers/corelight_mysql.yaml	87
Solutions/Corelight/Parsers/corelight_ipsec.yaml	52
Solutions/Corelight/Parsers/corelight_ssl_red.yaml	43
Solutions/Corelight/Parsers/corelight_mqtt_publish.yaml	35
Solutions/Corelight/Parsers/corelight_conn_red.yaml	64
Solutions/Corelight/Parsers/corelight_corelight_burst.yaml	33
Solutions/Corelight/Parsers/corelight_ntlm.yaml	35
Solutions/Corelight/Parsers/corelight_weird.yaml	32
Solutions/Corelight/Parsers/corelight_conn_long.yaml	64
Solutions/Corelight/Parsers/corelight_traceroute.yaml	26
Solutions/Corelight/Parsers/corelight_known_devices.yaml	33
Solutions/Corelight/Parsers/corelight_dns.yaml	167
Solutions/Corelight/Parsers/corelight_datared.yaml	41
Solutions/Corelight/Parsers/corelight_local_subnets.yaml	31
Solutions/Corelight/Parsers/corelight_conn.yaml	198
Solutions/Corelight/Parsers/corelight_smartpcap_stats.yaml	44
Solutions/Corelight/Parsers/corelight_iso_cotp.yaml	29
Solutions/Corelight/Parsers/corelight_profinet_dce_rpc.yaml	35
Solutions/Corelight/Parsers/corelight_enip.yaml	34
Solutions/Corelight/Parsers/corelight_suricata_stats.yaml	24
Solutions/Corelight/Parsers/corelight_weird_red.yaml	33
Solutions/Corelight/Parsers/corelight_software.yaml	74
Solutions/Corelight/Parsers/corelight_corelight_profiling.yaml	27
Solutions/Corelight/Parsers/corelight_x509.yaml	171
Solutions/Corelight/Parsers/corelight_weird_stats.yaml	25
Solutions/Corelight/Parsers/corelight_known_remotes.yaml	28
Solutions/Corelight/Parsers/corelight_corelight_overall_capture_loss.yaml	26
Solutions/Corelight/Parsers/corelight_known_domains.yaml	32
Solutions/Corelight/Parsers/corelight_smtp_links.yaml	31
Solutions/Corelight/Parsers/corelight_files.yaml	137
Solutions/Corelight/Parsers/corelight_local_subnets_graphs.yaml	28
Solutions/Corelight/Parsers/corelight_syslog.yaml	32
Solutions/Corelight/Parsers/corelight_vpn.yaml	177
Solutions/Corelight/Parsers/corelight_x509_red.yaml	44
Solutions/Corelight/Parsers/corelight_dpd.yaml	31
Solutions/Corelight/Parsers/corelight_snmp.yaml	37
Solutions/Corelight/Parsers/corelight_smtp.yaml	129
Solutions/Corelight/Parsers/corelight_dns_red.yaml	33
Solutions/Corelight/Parsers/corelight_suricata_zeek_stats.yaml	30
Solutions/Corelight/Parsers/corelight_ssl.yaml	133
Solutions/Corelight/Parsers/corelight_irc.yaml	37
Solutions/Corelight/Parsers/corelight_known_certs.yaml	36
Solutions/Corelight/Parsers/corelight_wireguard.yaml	31
Solutions/Corelight/Parsers/corelight_corelight_metrics_memory.yaml	63
Solutions/Corelight/Parsers/corelight_tds_sql_batch.yaml	30
Solutions/Corelight/Parsers/corelight_etc_viz.yaml	111
Solutions/Corelight/Parsers/corelight_enip_debug.yaml	29
Solutions/Corelight/Parsers/corelight_ntp.yaml	41
Solutions/Corelight/Parsers/corelight_stun.yaml	35
Solutions/Corelight/Parsers/corelight_reporter.yaml	26
Solutions/Corelight/Parsers/corelight_generic_dns_tunnels.yaml	27
Solutions/Corelight/Parsers/corelight_dce_rpc.yaml	32
Solutions/Corelight/Parsers/corelight_s7comm.yaml	97
Solutions/Corelight/Parsers/corelight_http2.yaml	46
Solutions/Corelight/Parsers/corelight_encrypted_dns.yaml	29
Solutions/Corelight/Parsers/corelight_dhcp.yaml	37
Solutions/Corelight/Parsers/corelight_smartpcap.yaml	24
Solutions/Corelight/Parsers/corelight_stun_nat.yaml	33
Solutions/Corelight/Parsers/corelight_enip_list_identity.yaml	37
Solutions/Corelight/Parsers/corelight_tds_rpc.yaml	30
Solutions/Corelight/Parsers/corelight_generic_icmp_tunnels.yaml	32
Solutions/Corelight/Parsers/corelight_pe.yaml	39
Solutions/Corelight/Parsers/corelight_known_names.yaml	32
Solutions/Corelight/Parsers/corelight_modbus.yaml	30
Solutions/Corelight/Parsers/corelight_local_subnets_dj.yaml	28
Solutions/Corelight/Parsers/corelight_corelight_metrics_system.yaml	61
Solutions/Corelight/Parsers/corelight_specific_dns_tunnels.yaml	32
Solutions/Corelight/Parsers/corelight_signatures.yaml	34
Solutions/Corelight/Parsers/corelight_files_red.yaml	47
Solutions/Corelight/Parsers/corelight_ssh.yaml	162
Solutions/Corelight/Parsers/corelight_tds.yaml	29
Solutions/Corelight/Parsers/corelight_icmp_specific_tunnels.yaml	33
Solutions/Corelight/Analytic Rules/CorelightMultipleCompressedFilesTransferredOverHTTP.yaml	34
Solutions/Corelight/Analytic Rules/CorelightMultipleFilesSentOverHTTPAbnormalRequests.yaml	35
Solutions/Corelight/Analytic Rules/CorelightSMTPEmailSubjectNonAsciiCharacters.yaml	36
Solutions/Corelight/Analytic Rules/CorelightPossibleWebshellRarePOST.yaml	36
Solutions/Corelight/Analytic Rules/CorelightPossibleWebshell.yaml	33
Solutions/Corelight/Analytic Rules/CorelightExternalProxyDetected.yaml	31
Solutions/Corelight/Analytic Rules/CorelightC2RepetitiveFailures.yaml	35
Solutions/Corelight/Analytic Rules/CorelightForcedExternalOutboundSMB.yaml	33
Solutions/Corelight/Analytic Rules/CorelightTypoSquattingOrPunycodePhishingHTTPRequest.yaml	31
Solutions/Corelight/Analytic Rules/CorelightNetworkServiceScanning.yaml	37
Solutions/Netskopev2/Parsers/EventsNetwork.yaml	165
Solutions/Netskopev2/Parsers/EventsConnection.yaml	131
Solutions/Netskopev2/Parsers/AlertsCtep.yaml	153
Solutions/Netskopev2/Parsers/AlertsQuarantine.yaml	157
Solutions/Netskopev2/Parsers/EventsApplication.yaml	323
Solutions/Netskopev2/Parsers/EventsAudit.yaml	63
Solutions/Netskopev2/Parsers/EventIncident.yaml	134
Solutions/Netskopev2/Parsers/AlertsPolicy.yaml	447
Solutions/Netskopev2/Parsers/AlertsUba.yaml	326
Solutions/Netskopev2/Parsers/AlertsSecurityAssessment.yaml	129
Solutions/Netskopev2/Parsers/AlertsDLP.yaml	319
Solutions/Netskopev2/Parsers/AlertsMalsite.yaml	261
Solutions/Netskopev2/Parsers/AlertsCompromisedCredential.yaml	102
Solutions/Netskopev2/Parsers/AlertsRemediation.yaml	205
Solutions/Netskopev2/Parsers/EventsPage.yaml	203
Solutions/Netskopev2/Parsers/NetskopeWebTransactions.yaml	333
Solutions/Netskopev2/Parsers/AlertsMalware.yaml	289
Solutions/Netskopev2/Analytic Rules/NetskopeWebTxErrors.yaml	38
Solutions/Netskopev2/Data Connectors/NetskopeDataConnector/WebTxMetrics/sentinel.py	93
Solutions/Netskopev2/Data Connectors/NetskopeDataConnector/WebTxMetrics/__init__.py	10
Solutions/Netskopev2/Data Connectors/NetskopeDataConnector/WebTxMetrics/ingest_message.py	125
Solutions/Netskopev2/Data Connectors/NetskopeDataConnector/SharedCode/__init__.py	1
Solutions/Netskopev2/Data Connectors/NetskopeDataConnector/SharedCode/netskope_exception.py	3
Solutions/Netskopev2/Data Connectors/NetskopeDataConnector/SharedCode/validate_params.py	53
Solutions/Netskopev2/Data Connectors/NetskopeDataConnector/SharedCode/state_manager.py	49
Solutions/Netskopev2/Data Connectors/NetskopeDataConnector/SharedCode/utils.py	20
Solutions/Netskopev2/Data Connectors/NetskopeDataConnector/SharedCode/consts.py	25
Solutions/Netskopev2/Data Connectors/NetskopeDataConnector/SharedCode/logger.py	21
Solutions/Netskopev2/Data Connectors/NetskopeDataConnector/NetskopeToAzureStorage/netskope_api_async.py	164
Solutions/Netskopev2/Data Connectors/NetskopeDataConnector/NetskopeToAzureStorage/__init__.py	15
Solutions/Netskopev2/Data Connectors/NetskopeDataConnector/NetskopeToAzureStorage/netskope_to_azure_storage.py	699
Solutions/Netskopev2/Data Connectors/NetskopeDataConnector/StorageToSentinel/sentinel.py	93
Solutions/Netskopev2/Data Connectors/NetskopeDataConnector/StorageToSentinel/netskope_azure_storage_to_sentinel.py	320
Solutions/Netskopev2/Data Connectors/NetskopeDataConnector/StorageToSentinel/__init__.py	43
Solutions/Netskopev2/Data Connectors/NetskopeDataConnector/StorageToSentinel/remove_duplicates_in_azure_storage.py	411
Solutions/vArmour Application Controller/Analytic Rules/vArmourApplicationControllerSMBRealmTraversal.yaml	43
Solutions/Zinc Open Source/Analytic Rules/ZincOctober2022_Filename_Commandline_IOC.yaml	76
Solutions/Zinc Open Source/Analytic Rules/ZincOctober2022_IP_Domain_Hash_IOC.yaml	195
Solutions/Zinc Open Source/Analytic Rules/ZincOctober2022_AVHits_IOC.yaml	49
Solutions/RubrikSecurityCloud/Data Connectors/RubrikWebhookEvents/RubrikEventsOrchestrator/__init__.py	14
Solutions/RubrikSecurityCloud/Data Connectors/RubrikWebhookEvents/RubrikRansomwareOrchestrator/__init__.py	16
Solutions/RubrikSecurityCloud/Data Connectors/RubrikWebhookEvents/RubrikActivity/sentinel.py	99
Solutions/RubrikSecurityCloud/Data Connectors/RubrikWebhookEvents/RubrikActivity/__init__.py	34
Solutions/RubrikSecurityCloud/Data Connectors/RubrikWebhookEvents/RubrikActivity/rubrik.py	70
Solutions/RubrikSecurityCloud/Data Connectors/RubrikWebhookEvents/RubrikAnomalyOrchestrator/__init__.py	14
Solutions/RubrikSecurityCloud/Data Connectors/RubrikWebhookEvents/RubrikThreathuntOrchestrator/__init__.py	16
Solutions/RubrikSecurityCloud/Data Connectors/RubrikWebhookEvents/shared_code/consts.py	10
Solutions/RubrikSecurityCloud/Data Connectors/RubrikWebhookEvents/shared_code/rubrik_exception.py	3
Solutions/RubrikSecurityCloud/Data Connectors/RubrikWebhookEvents/shared_code/logger.py	12
Solutions/RubrikSecurityCloud/Data Connectors/RubrikWebhookEvents/RubrikHttpStarter/__init__.py	55
Solutions/SlackAudit/Hunting Queries/SlackAuditSuspiciousFilesDownloaded.yaml	32
Solutions/SlackAudit/Hunting Queries/SlackAuditApplicationsInstalled.yaml	24
Solutions/SlackAudit/Hunting Queries/SlackAuditUserPermissionsChanged.yaml	23
Solutions/SlackAudit/Hunting Queries/SlackAuditUploadedFilesByUser.yaml	26
Solutions/SlackAudit/Hunting Queries/SlackAuditDeactivatedUsers.yaml	24
Solutions/SlackAudit/Hunting Queries/SlackAuditDownloadedFilesByUser.yaml	27
Solutions/SlackAudit/Hunting Queries/SlackAuditNewUsers.yaml	28
Solutions/SlackAudit/Hunting Queries/SlackAuditUserLoginsByIP.yaml	25
Solutions/SlackAudit/Hunting Queries/SlackAuditUsersJoinedChannelsWithoutInvites.yaml	25
Solutions/SlackAudit/Hunting Queries/SlackAuditFailedLoginsUnknownUsername.yaml	38
Solutions/SlackAudit/Parsers/SlackAudit.yaml	170
Solutions/SlackAudit/Analytic Rules/SlackAuditEmptyUA.yaml	29
Solutions/SlackAudit/Analytic Rules/SlackAuditMultipleArchivedFilesUploadedInShortTimePeriod.yaml	34
Solutions/SlackAudit/Analytic Rules/SlackAuditSensitiveFile.yaml	35
Solutions/SlackAudit/Analytic Rules/SlackAuditUserEmailChanged.yaml	39
Solutions/SlackAudit/Analytic Rules/SlackAuditUserChangedToAdminOrOwner.yaml	31
Solutions/SlackAudit/Analytic Rules/SlackAuditMultipleFailedLoginsForUser.yaml	32
Solutions/SlackAudit/Analytic Rules/SlackAuditUserLoginAfterDeactivated.yaml	44
Solutions/SlackAudit/Analytic Rules/SlackAuditUnknownUA.yaml	34
Solutions/SlackAudit/Analytic Rules/SlackAuditSuspiciousFileDownloaded.yaml	39
Solutions/SlackAudit/Data Connectors/SlackAuditAPISentinelConnector/__init__.py	278
Solutions/SlackAudit/Data Connectors/SlackAuditAPISentinelConnector/state_manager.py	18
Solutions/MicrosoftDefenderForEndpoint/Hunting Queries/MDE_Process-IOCs.yaml	55
Solutions/MicrosoftDefenderForEndpoint/Hunting Queries/MDE_Usage.yaml	58
Solutions/MicrosoftDefenderForEndpoint/Parsers/AssignedIPAddress.yaml	23
Solutions/MicrosoftDefenderForEndpoint/Parsers/Devicefromip.yaml	22
Solutions/MicrosoftDefenderForEndpoint/Analytic Rules/AquaBlizzardAVHits.yaml	58
Solutions/Citrix ADC/Parsers/CitrixADCEventOld.yaml	168
Solutions/IronNet IronDefense/Analytic Rules/IronDefense_Detection_Query.yaml	63
Solutions/CohesitySecurity/build.ps1	2
Solutions/CohesitySecurity/Tools/Cohesity_Playbook_ARM_Template_Generator.ps1	445
Solutions/CohesitySecurity/Data Connectors/Helios2Sentinel/IncidentConsumer/IncidentConsumer.cs	105
Solutions/CohesitySecurity/Data Connectors/Helios2Sentinel/remove.py	37
Solutions/CohesitySecurity/Data Connectors/Helios2Sentinel/deploy.py	20
Solutions/CohesitySecurity/Data Connectors/Helios2Sentinel/IncidentProducer/IncidentProducer.cs	376
Solutions/CohesitySecurity/build_one_solution.ps1	1315
Solutions/Cloud Identity Threat Protection Essentials/Hunting Queries/DisabledAccountSigninAttempts.yaml	43
Solutions/Cloud Identity Threat Protection Essentials/Hunting Queries/StsRefreshTokenModification.yaml	67
Solutions/Cloud Identity Threat Protection Essentials/Hunting Queries/DisabledAccountSigninAttemptsByIP.yaml	28
Solutions/Cloud Identity Threat Protection Essentials/Hunting Queries/Signins-from-NordVPN-Providers.yaml	72
Solutions/Cloud Identity Threat Protection Essentials/Hunting Queries/ApplicationGrantedEWSPermissions.yaml	54
Solutions/Cloud Identity Threat Protection Essentials/Hunting Queries/SuspiciousSignintoPrivilegedAccount.yaml	92
Solutions/Cloud Identity Threat Protection Essentials/Hunting Queries/Signins-From-VPS-Providers.yaml	8
Solutions/Cloud Identity Threat Protection Essentials/Hunting Queries/UserGrantedAccess_GrantsOthersAccess.yaml	76
Solutions/Cloud Identity Threat Protection Essentials/Analytic Rules/MFADisable.yaml	58
Solutions/Cloud Identity Threat Protection Essentials/Analytic Rules/NewExtUserGrantedAdmin.yaml	87
Solutions/Team Cymru Scout/Parsers/CymruScoutSummaryTopCerts.yaml	48
Solutions/Team Cymru Scout/Parsers/CymruScoutTopTagsByIP.yaml	32
Solutions/Team Cymru Scout/Parsers/CymruScoutTopServicesByIP.yaml	32
Solutions/Team Cymru Scout/Parsers/CymruScoutDomainData.yaml	26
Solutions/Team Cymru Scout/Parsers/CymruScoutSummaryTopFingerprints.yaml	32
Solutions/Team Cymru Scout/Parsers/CymruScoutIdentity.yaml	28
Solutions/Team Cymru Scout/Parsers/CymruScoutTopAsnsByIP.yaml	32
Solutions/Team Cymru Scout/Parsers/CymruScoutSummaryTopPdns.yaml	28
Solutions/Team Cymru Scout/Parsers/CymruScoutSummary.yaml	56
Solutions/Team Cymru Scout/Parsers/CymruScoutWhois.yaml	110
Solutions/Team Cymru Scout/Parsers/CymruScoutTopCountryCodesByIP.yaml	32
Solutions/Team Cymru Scout/Parsers/CymruScoutAccountUsage.yaml	16
Solutions/Team Cymru Scout/Parsers/CymruScoutSummaryTopOpenPorts.yaml	34
Solutions/Team Cymru Scout/Parsers/CymruScoutDomain.yaml	43
Solutions/Team Cymru Scout/Parsers/CymruScoutProtoByIP.yaml	34
Solutions/Team Cymru Scout/Parsers/CymruScoutCorrelate.yaml	70
Solutions/Team Cymru Scout/Parsers/CymruScoutIP.yaml	92
Solutions/Team Cymru Scout/Data Connectors/TeamCymruScout/IPDataCollector/__init__.py	12
Solutions/Team Cymru Scout/Data Connectors/TeamCymruScout/IPDataCollector/ip_collector.py	252
Solutions/Team Cymru Scout/Data Connectors/TeamCymruScout/DomainDataCollector/__init__.py	12
Solutions/Team Cymru Scout/Data Connectors/TeamCymruScout/DomainDataCollector/domain_collector.py	87
Solutions/Team Cymru Scout/Data Connectors/TeamCymruScout/SharedCode/sentinel.py	197
Solutions/Team Cymru Scout/Data Connectors/TeamCymruScout/SharedCode/teamcymruscout_client.py	173
Solutions/Team Cymru Scout/Data Connectors/TeamCymruScout/SharedCode/__init__.py	1
Solutions/Team Cymru Scout/Data Connectors/TeamCymruScout/SharedCode/teamcymruscout_exception.py	9
Solutions/Team Cymru Scout/Data Connectors/TeamCymruScout/SharedCode/get_logs_data.py	52
Solutions/Team Cymru Scout/Data Connectors/TeamCymruScout/SharedCode/state_manager.py	18
Solutions/Team Cymru Scout/Data Connectors/TeamCymruScout/SharedCode/utils.py	147
Solutions/Team Cymru Scout/Data Connectors/TeamCymruScout/SharedCode/checkpoint_manager.py	32
Solutions/Team Cymru Scout/Data Connectors/TeamCymruScout/SharedCode/consts.py	48
Solutions/Team Cymru Scout/Data Connectors/TeamCymruScout/SharedCode/logger.py	12
Solutions/Team Cymru Scout/Data Connectors/TeamCymruScout/AccountUsageDataCollector/__init__.py	17
Solutions/Team Cymru Scout/Data Connectors/TeamCymruScout/AccountUsageDataCollector/account_usage_data.py	31
Solutions/Veritas NetBackup/Analytic Rules/NetBackup_many_login_fail.yaml	38
Solutions/Veritas NetBackup/Analytic Rules/NetBackup_many_Anomalies.yaml	38
Solutions/Mulesoft/Parsers/MuleSoftCloudhub.yaml	40
Solutions/Mulesoft/Data Connectors/MuleSoftCloudhubSentinelConnector/__init__.py	109
Solutions/Mulesoft/Data Connectors/MuleSoftCloudhubSentinelConnector/rest_api.py	43
Solutions/Mulesoft/Data Connectors/MuleSoftCloudhubSentinelConnector/state_manager.py	18
Solutions/Alibaba Cloud/DataConnectors/AliCloudSentinelConnector/__init__.py	145
Solutions/Alibaba Cloud/DataConnectors/AliCloudSentinelConnector/state_manager.py	18
Solutions/Alibaba Cloud/Parsers/AliCloud.yaml	24
Solutions/AtlassianConfluenceAudit/Parsers/ConfluenceAudit.yaml	76
Solutions/AtlassianConfluenceAudit/Data Connectors/AtlassianConfluenceAuditDataConnector/ConfluenceAuditAPISentinelConnector/__init__.py	115
Solutions/AtlassianConfluenceAudit/Data Connectors/AtlassianConfluenceAuditDataConnector/ConfluenceAuditAPISentinelConnector/state_manager.py	18
Solutions/iboss/Parsers/ibossUrlEvent.yaml	42
Solutions/Flare/Analytic Rules/FlareHost.yaml	23
Solutions/Flare/Analytic Rules/FlareCloudBucket.yaml	23
Solutions/Flare/Analytic Rules/FlarePaste.yaml	23
Solutions/Flare/Analytic Rules/FlareSSLcert.yaml	23
Solutions/Flare/Analytic Rules/FlareSourceCode.yaml	23
Solutions/Flare/Analytic Rules/FlareInfectedDevice.yaml	23
Solutions/Flare/Analytic Rules/FlareDarkweb.yaml	23
Solutions/Flare/Analytic Rules/FlareCredentialLeaks.yaml	23
Solutions/Flare/Analytic Rules/FlareDork.yaml	23
Solutions/GoogleCloudPlatformIAM/Hunting Queries/GCPIAMRareUA.yaml	33
Solutions/GoogleCloudPlatformIAM/Hunting Queries/GCPIAMNewServiceAccountsKeys.yaml	30
Solutions/GoogleCloudPlatformIAM/Hunting Queries/GCPIAMNewCustomRoles.yaml	30
Solutions/GoogleCloudPlatformIAM/Hunting Queries/GCPIAMTopSrcIpAddrFailedActions.yaml	28
Solutions/GoogleCloudPlatformIAM/Hunting Queries/GCPIAMRareActionUser.yaml	35
Solutions/GoogleCloudPlatformIAM/Hunting Queries/GCPIAMDisabledServiceAccounts.yaml	30
Solutions/GoogleCloudPlatformIAM/Hunting Queries/GCPIAMNewServiceAccounts.yaml	30
Solutions/GoogleCloudPlatformIAM/Hunting Queries/GCPIAMDeletedServiceAccounts.yaml	30
Solutions/GoogleCloudPlatformIAM/Hunting Queries/GCPIAMChangedRoles.yaml	19
Solutions/GoogleCloudPlatformIAM/Hunting Queries/GCPIAMTopServiceAccountsFailedActions.yaml	27
Solutions/GoogleCloudPlatformIAM/Analytic Rules/GCPIAMServiceAccountEnumeration.yaml	32
Solutions/GoogleCloudPlatformIAM/Analytic Rules/GCPIAMNewServiceAccount.yaml	40
Solutions/GoogleCloudPlatformIAM/Analytic Rules/GCPIAMEmptyUA.yaml	37
Solutions/GoogleCloudPlatformIAM/Analytic Rules/GCPIAMDisableDataAccessLogging.yaml	39
Solutions/GoogleCloudPlatformIAM/Analytic Rules/GCPIAMHighPrivilegedRoleAdded.yaml	43
Solutions/GoogleCloudPlatformIAM/Analytic Rules/GCPIAMPublicBucket.yaml	42
Solutions/GoogleCloudPlatformIAM/Analytic Rules/GCPIAMNewAuthenticationToken.yaml	41
Solutions/GoogleCloudPlatformIAM/Analytic Rules/GCPIAMServiceAccountKeysEnumeration.yaml	32
Solutions/GoogleCloudPlatformIAM/Analytic Rules/GCPIAMPrivilegesEnumeration.yaml	32
Solutions/GoogleCloudPlatformIAM/Analytic Rules/GCPIAMNewServiceAccountKey.yaml	41
Solutions/GoogleCloudPlatformIAM/Data Connectors/AzureFunctionGCPIAM/main.py	97
Solutions/GoogleCloudPlatformIAM/Data Connectors/AzureFunctionGCPIAM/state_manager.py	18
Solutions/GoogleCloudPlatformIAM/Data Connectors/AzureFunctionGCPIAM/sentinel_connector.py	90
Solutions/Semperis Directory Services Protector/Parsers/dsp_parser.yaml	44
Solutions/Semperis Directory Services Protector/Analytic Rules/Semperis_DSP_RBAC_Changes.yaml	61
Solutions/Semperis Directory Services Protector/Analytic Rules/Semperis_DSP_Failed_Logons.yaml	53
Solutions/Semperis Directory Services Protector/Analytic Rules/SemperisDSP_WellKnownPrivilegedSIDsInsIDHistory.yaml	33
Solutions/Semperis Directory Services Protector/Analytic Rules/SemperisDSP_RecentsIDHistoryChangesOnADObjects.yaml	33
Solutions/Semperis Directory Services Protector/Analytic Rules/SemperisDSP_ZerologonVulnerability.yaml	32
Solutions/Semperis Directory Services Protector/Analytic Rules/Semperis_DSP_Operations_Critical_Notifications_.yaml	55
Solutions/Semperis Directory Services Protector/Analytic Rules/SemperisDSP_EvidenceOfMimikatzDCShadowAttack.yaml	23
Solutions/Semperis Directory Services Protector/Analytic Rules/SemperisDSP_KerberoskrbtgtAccount.yaml	32
Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTUnauthorizedRemoteAccess.yaml	76
Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTPLCStopCommand.yaml	77
Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTNetworkScanning.yaml	76
Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTFirmwareUpdates.yaml	76
Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTUnauthorizedNetworkConfiguration.yaml	76
Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTHighBandwidth.yaml	76
Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTExcessiveLoginAttempts.yaml	76
Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTInternetAccess.yaml	76
Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTMalware.yaml	77
Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTDenialofService.yaml	76
Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTUnauthorizedDevice.yaml	76
Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTInsecurePLC.yaml	76
Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTINoSensorTrafficDetected.yaml	76
Solutions/MailRisk/Data Connectors/mailrisk.py	79
Solutions/MailRisk/Data Connectors/models/link.py	14
Solutions/MailRisk/Data Connectors/models/__init__.py	14
Solutions/MailRisk/Data Connectors/models/assessment.py	19
Solutions/MailRisk/Data Connectors/models/event_types.py	8
Solutions/MailRisk/Data Connectors/models/event.py	16
Solutions/MailRisk/Data Connectors/models/risk_categories.py	8
Solutions/MailRisk/Data Connectors/models/email.py	104
Solutions/MailRisk/Data Connectors/models/attachment.py	34
Solutions/MailRisk/Data Connectors/models/risk_levels.py	3
Solutions/MailRisk/Data Connectors/models/header.py	12
Solutions/MailRisk/Data Connectors/models/model.py	11
Solutions/MailRisk/Data Connectors/sentinel_api.py	37
Solutions/MailRisk/Data Connectors/config.py	23
Solutions/MailRisk/Data Connectors/MailRiskSentinelIntegration/__init__.py	22
Solutions/MailRisk/Data Connectors/sentinel_integration.py	40
Solutions/Pure Storage/Parsers/PureStorageFlashBladeParser.yaml	23
Solutions/Pure Storage/Parsers/PureStorageFlashArrayParser.yaml	20
Solutions/Pure Storage/Analytic Rules/PureFailedLogin.yaml	52
Solutions/Pure Storage/Analytic Rules/FB-FabricModuleUnhealthy.yaml	44
Solutions/Pure Storage/Analytic Rules/PureControllerFailed.yaml	43
Solutions/Claroty/Hunting Queries/ClarotyCriticalEvents.yaml	23
Solutions/Claroty/Hunting Queries/ClarotySRAFailedLogins.yaml	26
Solutions/Claroty/Hunting Queries/ClarotyScanSources.yaml	24
Solutions/Claroty/Hunting Queries/ClarotyWriteExecuteOperations.yaml	24
Solutions/Claroty/Hunting Queries/ClarotyScantargets.yaml	24
Solutions/Claroty/Hunting Queries/ClarotyBaselineDeviation.yaml	24
Solutions/Claroty/Hunting Queries/ClarotyConflictAssets.yaml	24
Solutions/Claroty/Hunting Queries/ClarotyUnresolvedAlerts.yaml	24
Solutions/Claroty/Hunting Queries/ClarotyPLCLogins.yaml	25
Solutions/Claroty/Hunting Queries/ClarotyUnapprovedAccess.yaml	24
Solutions/Claroty/Parsers/ClarotyEvent.yaml	89
Solutions/Claroty/Analytic Rules/ClarotyPolicyViolation.yaml	30
Solutions/Claroty/Analytic Rules/ClarotyMultipleFailedLogin.yaml	35
Solutions/Claroty/Analytic Rules/ClarotyAssetDown.yaml	30
Solutions/Claroty/Analytic Rules/ClarotyTreat.yaml	36
Solutions/Claroty/Analytic Rules/ClarotyCriticalBaselineDeviation.yaml	31
Solutions/Claroty/Analytic Rules/ClarotySuspiciousActivity.yaml	30
Solutions/Claroty/Analytic Rules/ClarotyLoginToUncommonSite.yaml	44
Solutions/Claroty/Analytic Rules/ClarotySuspiciousFileTransfer.yaml	30
Solutions/Claroty/Analytic Rules/ClarotyNewAsset.yaml	30
Solutions/Claroty/Analytic Rules/ClarotyMultipleFailedLoginsSameDst.yaml	37
Solutions/Syslog/Hunting Queries/SchedTaskEditViaCrontab.yaml	36
Solutions/Syslog/Hunting Queries/CryptoThreatActivity.yaml	40
Solutions/Syslog/Hunting Queries/SCXExecuteRunAsProviders.yaml	67
Solutions/Syslog/Hunting Queries/SchedTaskAggregation.yaml	9
Solutions/Syslog/Hunting Queries/squid_volume_anomalies.yaml	46
Solutions/Syslog/Hunting Queries/RareProcess_ForLxHost.yaml	40
Solutions/Syslog/Hunting Queries/squid_abused_tlds.yaml	37
Solutions/Syslog/Hunting Queries/squid_malformed_requests.yaml	38
Solutions/Syslog/Hunting Queries/CryptoCurrencyMiners.yaml	38
Solutions/Syslog/Analytic Rules/ssh_potentialBruteForce.yaml	36
Solutions/Syslog/Analytic Rules/sftp_file_transfer_above_threshold.yaml	74
Solutions/Syslog/Analytic Rules/sftp_file_transfer_folders_above_threshold.yaml	75
Solutions/Syslog/Analytic Rules/squid_cryptomining_pools.yaml	66
Solutions/Syslog/Analytic Rules/NRT_squid_events_for_mining_pools.yaml	57
Solutions/Syslog/Analytic Rules/FailedLogonAttempts_UnknownUser.yaml	57
Solutions/Syslog/Analytic Rules/squid_tor_proxies.yaml	62
Solutions/Syslog/Workspace Functions/SyslogConnectorsOverallStatus.yaml	61
Solutions/Syslog/Workspace Functions/SyslogConnectorsEventVolumebyDeviceProduct.yaml	56
Solutions/SymantecProxySG/Parsers/SymantecProxySG.yaml	22
Solutions/SymantecProxySG/Analytic Rules/ExcessiveDeniedProxyTraffic.yaml	37
Solutions/SymantecProxySG/Analytic Rules/UserAccessedSuspiciousURLCategories.yaml	40
Solutions/Tenable App/Parsers/afad_parser.yaml	117
Solutions/Tenable App/Parsers/TenableVMVulnerabilities.yaml	220
Solutions/Tenable App/Parsers/TenableVMAssets.yaml	129
Solutions/Tenable App/Analytic Rules/TIEPasswordGuessing.yaml	33
Solutions/Tenable App/Analytic Rules/TIEPasswordIssues.yaml	42
Solutions/Tenable App/Analytic Rules/TIEGoldenTicket.yaml	33
Solutions/Tenable App/Analytic Rules/TIEIndicatorsOfAttack.yaml	41
Solutions/Tenable App/Analytic Rules/TIEDCShadow.yaml	33
Solutions/Tenable App/Analytic Rules/TIEDCSync.yaml	33
Solutions/Tenable App/Analytic Rules/TIEADAttacksPathways.yaml	42
Solutions/Tenable App/Analytic Rules/TIEUserAccountIssues.yaml	42
Solutions/Tenable App/Analytic Rules/TIEPrivilegedAccountIssues.yaml	42
Solutions/Tenable App/Analytic Rules/TIELSASSMemory.yaml	33
Solutions/Tenable App/Analytic Rules/TIEIndicatorsOfExposures.yaml	41
Solutions/Tenable App/Analytic Rules/TIEPasswordSpraying.yaml	33
Solutions/Tenable App/Data Connectors/TenableVM/TenableVulnExportStatusAndSendChunks/__init__.py	79
Solutions/Tenable App/Data Connectors/TenableVM/TenableAssetExportOrchestrator/__init__.py	71
Solutions/Tenable App/Data Connectors/TenableVM/TenableComplianceExportOrchestrator/__init__.py	87
Solutions/Tenable App/Data Connectors/TenableVM/TenableComplianceExportStatusAndSendChunks/__init__.py	90
Solutions/Tenable App/Data Connectors/TenableVM/TenableProcessFailedAssetChunkFromQueue/__init__.py	35
Solutions/Tenable App/Data Connectors/TenableVM/TenableProcessVulnChunkFromQueue/__init__.py	87
Solutions/Tenable App/Data Connectors/TenableVM/tenable_helper.py	84
Solutions/Tenable App/Data Connectors/TenableVM/exports_queue.py	30
Solutions/Tenable App/Data Connectors/TenableVM/exports_store.py	138
Solutions/Tenable App/Data Connectors/TenableVM/TenableProcessComplianceChunkFromQueue/__init__.py	125
Solutions/Tenable App/Data Connectors/TenableVM/TenableGenerateJobStats/__init__.py	142
Solutions/Tenable App/Data Connectors/TenableVM/TenableProcessAssetChunkFromQueue/__init__.py	82
Solutions/Tenable App/Data Connectors/TenableVM/TenableCleanTables/__init__.py	41
Solutions/Tenable App/Data Connectors/TenableVM/TenableAssetExportStatusAndSendChunks/__init__.py	75
Solutions/Tenable App/Data Connectors/TenableVM/TenableStartAssetExportJob/__init__.py	11
Solutions/Tenable App/Data Connectors/TenableVM/azure_sentinel.py	58
Solutions/Tenable App/Data Connectors/TenableVM/TenableStartComplianceExportJob/__init__.py	20
Solutions/Tenable App/Data Connectors/TenableVM/TenableExportStarter/__init__.py	134
Solutions/Tenable App/Data Connectors/TenableVM/TenableProcessFailedComplianceChunkFromQueue/__init__.py	45
Solutions/Tenable App/Data Connectors/TenableVM/TenableProcessFailedVulnChunkFromQueue/__init__.py	35
Solutions/Tenable App/Data Connectors/TenableVM/TenableStartVulnExportJob/__init__.py	36
Solutions/Tenable App/Data Connectors/TenableVM/TenableVulnExportOrchestrator/__init__.py	72
Solutions/Tenable App/Data Connectors/TenableVM/TenableCleanUpOrchestrator/__init__.py	13
Solutions/Tenable App/Data Connectors/TenableVM/TenableExportsOrchestrator/__init__.py	176
Solutions/VMware Carbon Black Cloud/Analytic Rules/CriticalThreatDetected.yaml	36
Solutions/VMware Carbon Black Cloud/Analytic Rules/KnownMalwareDetected.yaml	38
Solutions/VMware Carbon Black Cloud/Data Connectors/requirements.psd1	9
Solutions/VMware Carbon Black Cloud/Data Connectors/AzureFunctionVMwareCarbonBlack/AlertsApiTimer/run.ps1	307
Solutions/VMware Carbon Black Cloud/Data Connectors/AzureFunctionVMwareCarbonBlack/AuditEventsAlertsTimer/run.ps1	375
Solutions/VMware Carbon Black Cloud/Data Connectors/profile.ps1	18
Solutions/Threat Intelligence/Hunting Queries/FileEntity_Syslog.yaml	65
Solutions/Threat Intelligence/Hunting Queries/FileEntity_WireData.yaml	69
Solutions/Threat Intelligence/Hunting Queries/FileEntity_SecurityEvent.yaml	74
Solutions/Threat Intelligence/Hunting Queries/FileEntity_OfficeActivity.yaml	63
Solutions/Threat Intelligence/Hunting Queries/FileEntity_VMConnection.yaml	70
Solutions/Threat Intelligence/Analytic Rules/IPEntity_AzureSQL.yaml	70
Solutions/Threat Intelligence/Analytic Rules/Threat Intel Matches to GitHub Audit Logs.yaml	28
Solutions/Threat Intelligence/Analytic Rules/URLEntity_UrlClickEvents.yaml	72
Solutions/Threat Intelligence/Analytic Rules/IPEntity_OfficeActivity.yaml	75
Solutions/Threat Intelligence/Analytic Rules/IPEntity_CloudAppEvents.yaml	4
Solutions/Threat Intelligence/Analytic Rules/IPEntity_DuoSecurity.yaml	54
Solutions/Threat Intelligence/Analytic Rules/IPEntity_imWebSession.yaml	39
Solutions/Threat Intelligence/Analytic Rules/IPEntity_AppServiceHTTPLogs.yaml	92
Solutions/Threat Intelligence/Analytic Rules/IPEntity_DnsEvents.yaml	77
Solutions/Threat Intelligence/Analytic Rules/URLEntity_CloudAppEvents.yaml	4
Solutions/Threat Intelligence/Analytic Rules/IPEntity_SigninLogs.yaml	75
Solutions/Threat Intelligence/Analytic Rules/EmailEntity_SecurityEvent.yaml	91
Solutions/Threat Intelligence/Analytic Rules/EmailEntity_OfficeActivity.yaml	70
Solutions/Threat Intelligence/Analytic Rules/URLEntity_DeviceNetworkEvents.yaml	73
Solutions/Threat Intelligence/Analytic Rules/DomainEntity_CommonSecurityLog.yaml	40
Solutions/Threat Intelligence/Analytic Rules/FileHashEntity_SecurityEvent.yaml	91
Solutions/Threat Intelligence/Analytic Rules/DomainEntity_imWebSession.yaml	50
Solutions/Threat Intelligence/Analytic Rules/IPEntity_AWSCloudTrail.yaml	76
Solutions/Threat Intelligence/Analytic Rules/DomainEntity_SecurityAlert.yaml	79
Solutions/Threat Intelligence/Analytic Rules/FileHashEntity_CommonSecurityLog.yaml	85
Solutions/Threat Intelligence/Analytic Rules/IPEntity_CustomSecurityLog.yaml	69
Solutions/Threat Intelligence/Analytic Rules/URLEntity_PaloAlto.yaml	49
Solutions/Threat Intelligence/Analytic Rules/DomainEntity_Syslog.yaml	91
Solutions/Threat Intelligence/Analytic Rules/DomainEntity_EmailUrlInfo.yaml	74
Solutions/Threat Intelligence/Analytic Rules/IPEntity_Workday.yaml	80
Solutions/Threat Intelligence/Analytic Rules/IPEntity_DeviceNetworkEvents.yaml	69
Solutions/Threat Intelligence/Analytic Rules/DomainEntity_PaloAlto.yaml	65
Solutions/Threat Intelligence/Analytic Rules/URLEntity_Syslog.yaml	31
Solutions/Threat Intelligence/Analytic Rules/EmailEntity_SigninLogs.yaml	77
Solutions/Threat Intelligence/Analytic Rules/URLEntity_OfficeActivity.yaml	53
Solutions/Threat Intelligence/Analytic Rules/EmailEntity_SecurityAlert.yaml	75
Solutions/Threat Intelligence/Analytic Rules/EmailEntity_CloudAppEvents.yaml	38
Solutions/Threat Intelligence/Analytic Rules/URLEntity_EmailUrlInfo.yaml	69
Solutions/Threat Intelligence/Analytic Rules/DomainEntity_EmailEvents.yaml	59
Solutions/Threat Intelligence/Analytic Rules/EmailEntity_PaloAlto.yaml	67
Solutions/Threat Intelligence/Analytic Rules/IPEntity_AzureActivity.yaml	86
Solutions/Threat Intelligence/Analytic Rules/IPEntity_AzureFirewall.yaml	78
Solutions/Threat Intelligence/Analytic Rules/IPEntity_VMConnection.yaml	73
Solutions/Threat Intelligence/Analytic Rules/IPEntity_W3CIISLog.yaml	77
Solutions/Threat Intelligence/Analytic Rules/imDns_IPEntity_DnsEvents.yaml	103
Solutions/Threat Intelligence/Analytic Rules/URLEntity_AuditLogs.yaml	77
Solutions/Threat Intelligence/Analytic Rules/DomainEntity_DnsEvents.yaml	89
Solutions/Threat Intelligence/Analytic Rules/URLEntity_SecurityAlerts.yaml	71
Solutions/Threat Intelligence/Analytic Rules/DomainEntity_DeviceNetworkEvents.yaml	74
Solutions/Threat Intelligence/Analytic Rules/IPEntity_AzureKeyVault.yaml	70
Solutions/Threat Intelligence/Analytic Rules/FileHashEntity_DeviceFileEvents.yaml	66
Solutions/Threat Intelligence/Analytic Rules/EmailEntity_EmailEvents.yaml	58
Solutions/Threat Intelligence/Analytic Rules/DomainEntity_CloudAppEvents.yaml	48
Solutions/Threat Intelligence/Analytic Rules/EmailEntity_AzureActivity.yaml	70
Solutions/Threat Intelligence/Analytic Rules/IPEntity_AzureNetworkAnalytics.yaml	79
Solutions/Threat Intelligence/Analytic Rules/IPEntity_imNetworkSession.yaml	122
Solutions/Threat Intelligence/Analytic Rules/imDns_DomainEntity_DnsEvents.yaml	109
Solutions/SecurityScorecard Cybersecurity Ratings/Data Connectors/SecurityScorecardRatings/SecurityScorecardRatingsSentinelConnector/scorecard.py	62
Solutions/SecurityScorecard Cybersecurity Ratings/Data Connectors/SecurityScorecardRatings/SecurityScorecardRatingsSentinelConnector/__init__.py	202
Solutions/SecurityScorecard Cybersecurity Ratings/Data Connectors/SecurityScorecardRatings/SecurityScorecardRatingsSentinelConnector/writers.py	190
Solutions/SecurityScorecard Cybersecurity Ratings/Data Connectors/SecurityScorecardRatings/SecurityScorecardRatingsSentinelConnector/state_manager.py	26
Solutions/SecurityScorecard Cybersecurity Ratings/Data Connectors/SecurityScorecardRatings/SecurityScorecardRatingsSentinelConnector/utils.py	13
Solutions/SecurityScorecard Cybersecurity Ratings/Data Connectors/SecurityScorecardRatings/SecurityScorecardRatingsSentinelConnector/scorecard_exceptions.py	10
Solutions/SecurityScorecard Cybersecurity Ratings/Data Connectors/SecurityScorecardFactor/SecurityScorecardFactorSentinelConnector/scorecard.py	82
Solutions/SecurityScorecard Cybersecurity Ratings/Data Connectors/SecurityScorecardFactor/SecurityScorecardFactorSentinelConnector/__init__.py	202
Solutions/SecurityScorecard Cybersecurity Ratings/Data Connectors/SecurityScorecardFactor/SecurityScorecardFactorSentinelConnector/writers.py	188
Solutions/SecurityScorecard Cybersecurity Ratings/Data Connectors/SecurityScorecardFactor/SecurityScorecardFactorSentinelConnector/state_manager.py	26
Solutions/SecurityScorecard Cybersecurity Ratings/Data Connectors/SecurityScorecardFactor/SecurityScorecardFactorSentinelConnector/utils.py	19
Solutions/SecurityScorecard Cybersecurity Ratings/Data Connectors/SecurityScorecardFactor/SecurityScorecardFactorSentinelConnector/scorecard_exceptions.py	10
Solutions/SecurityScorecard Cybersecurity Ratings/Data Connectors/SecurityScorecardIssue/SecurityScorecardIssueSentinelConnector/scorecard.py	89
Solutions/SecurityScorecard Cybersecurity Ratings/Data Connectors/SecurityScorecardIssue/SecurityScorecardIssueSentinelConnector/__init__.py	184
Solutions/SecurityScorecard Cybersecurity Ratings/Data Connectors/SecurityScorecardIssue/SecurityScorecardIssueSentinelConnector/writers.py	177
Solutions/SecurityScorecard Cybersecurity Ratings/Data Connectors/SecurityScorecardIssue/SecurityScorecardIssueSentinelConnector/state_manager.py	26
Solutions/SecurityScorecard Cybersecurity Ratings/Data Connectors/SecurityScorecardIssue/SecurityScorecardIssueSentinelConnector/utils.py	18
Solutions/SecurityScorecard Cybersecurity Ratings/Data Connectors/SecurityScorecardIssue/SecurityScorecardIssueSentinelConnector/scorecard_exceptions.py	10
Solutions/CiscoDuoSecurity/Hunting Queries/CiscoDuoAdmin2FAFailure.yaml	28
Solutions/CiscoDuoSecurity/Hunting Queries/CiscoDuoAuthenticationErrorReasons.yaml	25
Solutions/CiscoDuoSecurity/Hunting Queries/CiscoDuoUnsecuredDevices.yaml	29
Solutions/CiscoDuoSecurity/Hunting Queries/CiscoDuoNewUsers.yaml	29
Solutions/CiscoDuoSecurity/Hunting Queries/CiscoDuoAuthenticationErrorEvents.yaml	29
Solutions/CiscoDuoSecurity/Hunting Queries/CiscoDuoAdminFailure.yaml	28
Solutions/CiscoDuoSecurity/Hunting Queries/CiscoDuoUnpachedAccessDevices.yaml	30
Solutions/CiscoDuoSecurity/Hunting Queries/CiscoDuoDeletedUsers.yaml	28
Solutions/CiscoDuoSecurity/Hunting Queries/CiscoDuoFraudAuthentication.yaml	29
Solutions/CiscoDuoSecurity/Hunting Queries/CiscoDuoAdminDeleteActions.yaml	28
Solutions/CiscoDuoSecurity/Parsers/CiscoDuo.yaml	97
Solutions/CiscoDuoSecurity/Analytic Rules/CiscoDuoNewAccessDevice.yaml	40
Solutions/CiscoDuoSecurity/Analytic Rules/CiscoDuoADSyncFailed.yaml	29
Solutions/CiscoDuoSecurity/Analytic Rules/CiscoDuoUnexpectedAuthFactor.yaml	36
Solutions/CiscoDuoSecurity/Analytic Rules/CiscoDuoMultipleUsersDeleted.yaml	31
Solutions/CiscoDuoSecurity/Analytic Rules/CiscoDuoAdminDeleted.yaml	29
Solutions/CiscoDuoSecurity/Analytic Rules/CiscoDuoAdminPasswordReset.yaml	4
Solutions/CiscoDuoSecurity/Analytic Rules/CiscoDuoNewAuthDeviceLocation.yaml	40
Solutions/CiscoDuoSecurity/Analytic Rules/CiscoDuoMultipleUserLoginFailures.yaml	33
Solutions/CiscoDuoSecurity/Analytic Rules/CiscoDuoAdminMFAFailures.yaml	32
Solutions/CiscoDuoSecurity/Analytic Rules/CiscoDuoNewAdmin.yaml	30
Solutions/CiscoDuoSecurity/Data Connectors/AzureFunctionCiscoDuo/main.py	373
Solutions/CiscoDuoSecurity/Data Connectors/AzureFunctionCiscoDuo/state_manager.py	18
Solutions/CiscoDuoSecurity/Data Connectors/AzureFunctionCiscoDuo/sentinel_connector.py	90
Solutions/Mimecast/Parsers/MimecastAT/Mimecast_AT_Performane_Detail.yaml	26
Solutions/Mimecast/Parsers/MimecastAT/Mimecast_AT_Safe_Score.yaml	27
Solutions/Mimecast/Parsers/MimecastAT/Mimecast_AT_User_Data.yaml	35
Solutions/Mimecast/Parsers/MimecastAT/Mimecast_AT_Watchlist.yaml	23
Solutions/Mimecast/Parsers/MimecastSEG/Mimecast_SEG_DLP.yaml	27
Solutions/Mimecast/Parsers/MimecastSEG/Mimecast_SEG_CG.yaml	195
Solutions/Mimecast/Parsers/MimecastCI/Mimecast_Cloud_Integrated.yaml	79
Solutions/Mimecast/Parsers/MimecastTTP/Mimecast_TTP_Impersonation.yaml	37
Solutions/Mimecast/Parsers/MimecastTTP/Mimecast_TTP_Attachment.yaml	35
Solutions/Mimecast/Parsers/MimecastTTP/Mimecast_TTP_Url.yaml	99
Solutions/Mimecast/Parsers/MimecastAudit/Mimecast_Audit.yaml	26
Solutions/Mimecast/Analytic Rules/MimecastSEG/MimecastCG_Spam_Event.yaml	45
Solutions/Mimecast/Analytic Rules/MimecastSEG/MimecastCG_Virus.yaml	45
Solutions/Mimecast/Analytic Rules/MimecastSEG/MimecastCG_Internal_Mail_Protect.yaml	48
Solutions/Mimecast/Analytic Rules/MimecastSEG/MimecastCG_Url_Protect.yaml	47
Solutions/Mimecast/Analytic Rules/MimecastSEG/MimecastDLP_Notifications.yaml	44
Solutions/Mimecast/Analytic Rules/MimecastSEG/MimecastDLP_hold.yaml	43
Solutions/Mimecast/Analytic Rules/MimecastSEG/MimecastCG_AV.yaml	45
Solutions/Mimecast/Analytic Rules/MimecastSEG/MimecastCG_Impersonation.yaml	47
Solutions/Mimecast/Analytic Rules/MimecastSEG/MimecastCG_Attachment.yaml	55
Solutions/Mimecast/Analytic Rules/MimecastTTP/Mimecast_TTP_Impersonation.yaml	48
Solutions/Mimecast/Analytic Rules/MimecastTTP/Mimecast_TTP_Attachment.yaml	45
Solutions/Mimecast/Analytic Rules/MimecastTTP/Mimecast_TTP_Url.yaml	53
Solutions/Mimecast/Analytic Rules/MimecastAudit/Mimecast_Audit.yaml	53
Solutions/Mimecast/Data Connectors/MimecastAT/WatchlistDetails/__init__.py	15
Solutions/Mimecast/Data Connectors/MimecastAT/WatchlistDetails/mimecast_watchlist_details_to_sentinel.py	213
Solutions/Mimecast/Data Connectors/MimecastAT/UserData/__init__.py	15
Solutions/Mimecast/Data Connectors/MimecastAT/UserData/mimecast_user_data_to_sentinel.py	233
Solutions/Mimecast/Data Connectors/MimecastAT/SharedCode/sentinel.py	249
Solutions/Mimecast/Data Connectors/MimecastAT/SharedCode/__init__.py	1
Solutions/Mimecast/Data Connectors/MimecastAT/SharedCode/mimecast_exception.py	6
Solutions/Mimecast/Data Connectors/MimecastAT/SharedCode/state_manager.py	30
Solutions/Mimecast/Data Connectors/MimecastAT/SharedCode/utils.py	751
Solutions/Mimecast/Data Connectors/MimecastAT/SharedCode/consts.py	58
Solutions/Mimecast/Data Connectors/MimecastAT/SharedCode/logger.py	18
Solutions/Mimecast/Data Connectors/MimecastAT/SafeScoreDetails/__init__.py	15
Solutions/Mimecast/Data Connectors/MimecastAT/SafeScoreDetails/mimecast_safe_score_details_to_sentinel.py	213
Solutions/Mimecast/Data Connectors/MimecastAT/PerformanceDetails/mimecast_performance_details_to_sentinel.py	216
Solutions/Mimecast/Data Connectors/MimecastAT/PerformanceDetails/__init__.py	15
Solutions/Mimecast/Data Connectors/MimecastCloudIntegrated/SharedCode/sentinel.py	318
Solutions/Mimecast/Data Connectors/MimecastCloudIntegrated/SharedCode/__init__.py	1
Solutions/Mimecast/Data Connectors/MimecastCloudIntegrated/SharedCode/mimecast_exception.py	6
Solutions/Mimecast/Data Connectors/MimecastCloudIntegrated/SharedCode/state_manager.py	30
Solutions/Mimecast/Data Connectors/MimecastCloudIntegrated/SharedCode/utils.py	628
Solutions/Mimecast/Data Connectors/MimecastCloudIntegrated/SharedCode/consts.py	63
Solutions/Mimecast/Data Connectors/MimecastCloudIntegrated/SharedCode/logger.py	18
Solutions/Mimecast/Data Connectors/MimecastCloudIntegrated/MimecastCI/__init__.py	37
Solutions/Mimecast/Data Connectors/MimecastCloudIntegrated/MimecastCI/mimecast_ci_to_sentinel.py	553
Solutions/Mimecast/Data Connectors/MimecastSEG/MimecastDLP/__init__.py	37
Solutions/Mimecast/Data Connectors/MimecastSEG/MimecastDLP/mimecast_dlp_to_sentinel.py	342
Solutions/Mimecast/Data Connectors/MimecastSEG/SharedCode/sentinel.py	386
Solutions/Mimecast/Data Connectors/MimecastSEG/SharedCode/__init__.py	1
Solutions/Mimecast/Data Connectors/MimecastSEG/SharedCode/mimecast_exception.py	6
Solutions/Mimecast/Data Connectors/MimecastSEG/SharedCode/state_manager.py	30
Solutions/Mimecast/Data Connectors/MimecastSEG/SharedCode/utils.py	625
Solutions/Mimecast/Data Connectors/MimecastSEG/SharedCode/consts.py	69
Solutions/Mimecast/Data Connectors/MimecastSEG/SharedCode/logger.py	18
Solutions/Mimecast/Data Connectors/MimecastSEG/MimecastCG/__init__.py	37
Solutions/Mimecast/Data Connectors/MimecastSEG/MimecastCG/mimecast_cg_to_sentinel.py	555
Solutions/Mimecast/Data Connectors/MimecastTTP/MimecastTTPUrl/__init__.py	38
Solutions/Mimecast/Data Connectors/MimecastTTP/MimecastTTPUrl/mimecast_ttp_url.py	219
Solutions/Mimecast/Data Connectors/MimecastTTP/MimecastTTPAttachment/mimecast_ttp_attachment.py	222
Solutions/Mimecast/Data Connectors/MimecastTTP/MimecastTTPAttachment/__init__.py	38
Solutions/Mimecast/Data Connectors/MimecastTTP/SharedCode/sentinel.py	249
Solutions/Mimecast/Data Connectors/MimecastTTP/SharedCode/__init__.py	1
Solutions/Mimecast/Data Connectors/MimecastTTP/SharedCode/mimecast_exception.py	6
Solutions/Mimecast/Data Connectors/MimecastTTP/SharedCode/state_manager.py	30
Solutions/Mimecast/Data Connectors/MimecastTTP/SharedCode/utils.py	733
Solutions/Mimecast/Data Connectors/MimecastTTP/SharedCode/consts.py	58
Solutions/Mimecast/Data Connectors/MimecastTTP/SharedCode/logger.py	18
Solutions/Mimecast/Data Connectors/MimecastTTP/MimecastTTPImpersonation/__init__.py	38
Solutions/Mimecast/Data Connectors/MimecastTTP/MimecastTTPImpersonation/mimecast_ttp_impersonation.py	224
Solutions/Mimecast/Data Connectors/MimecastAudit/SharedCode/sentinel.py	256
Solutions/Mimecast/Data Connectors/MimecastAudit/SharedCode/__init__.py	1
Solutions/Mimecast/Data Connectors/MimecastAudit/SharedCode/mimecast_exception.py	6
Solutions/Mimecast/Data Connectors/MimecastAudit/SharedCode/state_manager.py	30
Solutions/Mimecast/Data Connectors/MimecastAudit/SharedCode/utils.py	565
Solutions/Mimecast/Data Connectors/MimecastAudit/SharedCode/consts.py	54
Solutions/Mimecast/Data Connectors/MimecastAudit/SharedCode/logger.py	18
Solutions/Mimecast/Data Connectors/MimecastAudit/MimecastAudit/__init__.py	47
Solutions/Mimecast/Data Connectors/MimecastAudit/MimecastAudit/mimecast_audit_to_sentinel.py	474
Solutions/MicrosoftPurviewInsiderRiskManagement/Hunting Queries/InsiderEntityAnomalyFollowedByIRMAlert.yaml	41
Solutions/MicrosoftPurviewInsiderRiskManagement/Hunting Queries/InsiderMultipleEntityAnomalies.yaml	46
Solutions/MicrosoftPurviewInsiderRiskManagement/Hunting Queries/InsiderISPAnomalyCorrelatedToExfiltrationAlert.yaml	60
Solutions/MicrosoftPurviewInsiderRiskManagement/Hunting Queries/InsiderSignInRiskFollowedBySensitiveDataAccessyaml.yaml	43
Solutions/MicrosoftPurviewInsiderRiskManagement/Hunting Queries/InsiderPossibleSabotage.yaml	68
Solutions/MicrosoftPurviewInsiderRiskManagement/Analytic Rules/InsiderRiskHighUserAlertsCorrelation.yaml	101
Solutions/MicrosoftPurviewInsiderRiskManagement/Analytic Rules/InsiderRiskyAccessByApplication.yaml	51
Solutions/MicrosoftPurviewInsiderRiskManagement/Analytic Rules/InsiderRiskHighUserIncidentsCorrelation.yaml	96
Solutions/MicrosoftPurviewInsiderRiskManagement/Analytic Rules/InsiderRiskM365IRMAlertObserved.yaml	66
Solutions/MicrosoftPurviewInsiderRiskManagement/Analytic Rules/InsiderRiskSensitiveDataAccessOutsideOrgGeo.yaml	57
Solutions/AIShield AI Security Monitoring/Parsers/Guardian.yaml	27
Solutions/AIShield AI Security Monitoring/Parsers/AIShield.yaml	23
Solutions/AIShield AI Security Monitoring/Analytic Rules/SecretsVulDetection.yaml	41
Solutions/AIShield AI Security Monitoring/Analytic Rules/TimeSeriesForecastingModelExtractionHighSuspiciousVulnDetection.yaml	43
Solutions/AIShield AI Security Monitoring/Analytic Rules/BlockSubstringVulDetection.yaml	41
Solutions/AIShield AI Security Monitoring/Analytic Rules/SentimentVulDetection.yaml	41
Solutions/AIShield AI Security Monitoring/Analytic Rules/BIIDetectionVulDetection.yaml	41
Solutions/AIShield AI Security Monitoring/Analytic Rules/NoLLMOutputVulDetection.yaml	41
Solutions/AIShield AI Security Monitoring/Analytic Rules/NotSafeForWorkVulDetection.yaml	41
Solutions/AIShield AI Security Monitoring/Analytic Rules/GenderBiasVulDetection.yaml	41
Solutions/AIShield AI Security Monitoring/Analytic Rules/BlockCompetitorVulDetection.yaml	41
Solutions/AIShield AI Security Monitoring/Analytic Rules/InvisibleTextVulDetection.yaml	41
Solutions/AIShield AI Security Monitoring/Analytic Rules/MaliciousURLDetectionVulDetection.yaml	41
Solutions/AIShield AI Security Monitoring/Analytic Rules/ContentAccessControlBlockedListVulDetection.yaml	41
Solutions/AIShield AI Security Monitoring/Analytic Rules/URLReachabilityVulDetection.yaml	41
Solutions/AIShield AI Security Monitoring/Analytic Rules/ContentSafetyToxicityVulDetection.yaml	41
Solutions/AIShield AI Security Monitoring/Analytic Rules/SecurityIntegrityChecksPIIVulDetection.yaml	40
Solutions/AIShield AI Security Monitoring/Analytic Rules/LanguageDetectionVulDetection.yaml	41
Solutions/AIShield AI Security Monitoring/Analytic Rules/TabularClassificationModelExtractionHighSuspiciousVulnDetection.yaml	43
Solutions/AIShield AI Security Monitoring/Analytic Rules/TabularClassificationModelEvasionHighSuspiciousVulnDetection.yaml	43
Solutions/AIShield AI Security Monitoring/Analytic Rules/ContentAccessControlAllowedListVulDetection.yaml	41
Solutions/AIShield AI Security Monitoring/Analytic Rules/NaturalLanguageProcessingModelExtractionHighSuspiciousVulDetection.yaml	22
Solutions/AIShield AI Security Monitoring/Analytic Rules/ImageClassficationModelEvasionLowSuspiciousVulnDetection.yaml	43
Solutions/AIShield AI Security Monitoring/Analytic Rules/BanTopicVulDetection.yaml	41
Solutions/AIShield AI Security Monitoring/Analytic Rules/CodeDetectionVulDetection.yaml	41
Solutions/AIShield AI Security Monitoring/Analytic Rules/ContentSafetyProfanityVulDetection.yaml	41
Solutions/AIShield AI Security Monitoring/Analytic Rules/JSONPolicyViolationVulDetection.yaml	41
Solutions/AIShield AI Security Monitoring/Analytic Rules/InputOutputRelevanceVulDetection.yaml	41
Solutions/AIShield AI Security Monitoring/Analytic Rules/ImageClassficationModelExtractionHighSuspiciousVulnDetection.yaml	43
Solutions/AIShield AI Security Monitoring/Analytic Rules/RacialBiasVulDetection.yaml	41
Solutions/AIShield AI Security Monitoring/Analytic Rules/SpecialPIIDetectionVulDetection.yaml	41
Solutions/AIShield AI Security Monitoring/Analytic Rules/SameInOpLanguageDetectionVulDetection.yaml	41
Solutions/AIShield AI Security Monitoring/Analytic Rules/ImageClassficationModelEvasionHighSuspiciousVulnDetection.yaml	43
Solutions/AIShield AI Security Monitoring/Analytic Rules/URLDetectionVulDetection.yaml	41
Solutions/AIShield AI Security Monitoring/Analytic Rules/PrivacyProtectionPIIVulDetection.yaml	41
Solutions/AIShield AI Security Monitoring/Analytic Rules/TokenLimitVulDetection.yaml	41
Solutions/AIShield AI Security Monitoring/Analytic Rules/TabularClassificationModelEvasionLowSuspiciousVulnDetection.yaml	43
Solutions/AIShield AI Security Monitoring/Analytic Rules/ImageSegmentationModelExtractionHighSuspiciousVulnDetection.yaml	43
Solutions/AIShield AI Security Monitoring/Analytic Rules/RegexVulDetection.yaml	41
Solutions/AIShield AI Security Monitoring/Analytic Rules/InputRateLimiterVulDetection.yaml	41
Solutions/Dataminr Pulse/Parsers/DataminrPulseAlerts.yaml	102
Solutions/Dataminr Pulse/Parsers/DataminrPulseCyberAlerts.yaml	105
Solutions/Dataminr Pulse/Analytic Rules/DataminrSentinelAlerts.yaml	36
Solutions/Dataminr Pulse/Data Connectors/DataminrPulseAlerts/DataminrPulseAlertsSentinelOrchestrator/__init__.py	10
Solutions/Dataminr Pulse/Data Connectors/DataminrPulseAlerts/DataminrPulseAlertsHttpStarter/__init__.py	104
Solutions/Dataminr Pulse/Data Connectors/DataminrPulseAlerts/DataminrPulseAlertsManualActivity/__init__.py	17
Solutions/Dataminr Pulse/Data Connectors/DataminrPulseAlerts/DataminrPulseAlertsManualActivity/dataminrpulse_integration_settings.py	341
Solutions/Dataminr Pulse/Data Connectors/DataminrPulseAlerts/RetryFailedIndicators/sentinel.py	193
Solutions/Dataminr Pulse/Data Connectors/DataminrPulseAlerts/RetryFailedIndicators/__init__.py	12
Solutions/Dataminr Pulse/Data Connectors/DataminrPulseAlerts/RetryFailedIndicators/retry_failed_indicators.py	271
Solutions/Dataminr Pulse/Data Connectors/DataminrPulseAlerts/RetryFailedIndicators/post_to_log_analytics.py	115
Solutions/Dataminr Pulse/Data Connectors/DataminrPulseAlerts/shared_code/dataminrpulse_exception.py	3
Solutions/Dataminr Pulse/Data Connectors/DataminrPulseAlerts/shared_code/validate_params.py	46
Solutions/Dataminr Pulse/Data Connectors/DataminrPulseAlerts/shared_code/state_manager.py	37
Solutions/Dataminr Pulse/Data Connectors/DataminrPulseAlerts/shared_code/consts.py	36
Solutions/Dataminr Pulse/Data Connectors/DataminrPulseAlerts/shared_code/logger.py	12
Solutions/Dataminr Pulse/Data Connectors/DataminrPulseAlerts/DataminrPulseAlertsSentinelActivity/sentinel.py	94
Solutions/Dataminr Pulse/Data Connectors/DataminrPulseAlerts/DataminrPulseAlertsSentinelActivity/__init__.py	20
Solutions/Dataminr Pulse/Data Connectors/DataminrPulseAlerts/DataminrPulseAlertsSentinelActivity/dataminr_pulse.py	288
Solutions/Dataminr Pulse/Data Connectors/DataminrPulseAlerts/DataminrPulseThreatIntelligence/sentinel.py	193
Solutions/Dataminr Pulse/Data Connectors/DataminrPulseAlerts/DataminrPulseThreatIntelligence/__init__.py	13
Solutions/Dataminr Pulse/Data Connectors/DataminrPulseAlerts/DataminrPulseThreatIntelligence/dataminr_pulse_threat_intelligence.py	235
Solutions/Dataminr Pulse/Data Connectors/DataminrPulseAlerts/DataminrPulseThreatIntelligence/get_logs_data.py	64
Solutions/Dataminr Pulse/Data Connectors/DataminrPulseAlerts/DataminrPulseThreatIntelligence/dataminr_pulse_to_threat_intelligence_mapping.py	118
Solutions/ESETPROTECT/Parsers/ESETPROTECT.yaml	138
Solutions/ESETPROTECT/Analytic Rules/ESETThreatDetected.yaml	45
Solutions/ESETPROTECT/Analytic Rules/ESETWebsiteBlocked.yaml	48
Solutions/NXLogAixAudit/Parsers/NXLog_parsed_AIX_Audit_view.yaml	33
Solutions/Google Apigee/Parsers/ApigeeXV2.yaml	43
Solutions/Google Apigee/Parsers/Unified_ApigeeX.yaml	82
Solutions/Google Apigee/Parsers/ApigeeX.yaml	17
Solutions/Google Apigee/Data Connectors/AzureFunctionApigeeX/main.py	99
Solutions/Google Apigee/Data Connectors/AzureFunctionApigeeX/state_manager.py	18
Solutions/Google Apigee/Data Connectors/AzureFunctionApigeeX/sentinel_connector.py	100
Solutions/GreyNoiseThreatIntelligence/Analytic Rules/GreyNoise_IPEntity_CustomSecurityLog.yaml	66
Solutions/GreyNoiseThreatIntelligence/Analytic Rules/GreyNoise_IPEntity_OfficeActivity.yaml	80
Solutions/GreyNoiseThreatIntelligence/Analytic Rules/GreyNoise_IPEntity_imNetworkSession.yaml	130
Solutions/GreyNoiseThreatIntelligence/Analytic Rules/GreyNoise_IPEntity_DnsEvents.yaml	79
Solutions/GreyNoiseThreatIntelligence/Analytic Rules/GreyNoise_IPEntity_SigninLogs.yaml	65
Solutions/GreyNoiseThreatIntelligence/Data Connectors/GreyNoiseAPISentinelConnector/main.py	300
Solutions/GreyNoiseThreatIntelligence/Data Connectors/GreyNoiseAPISentinelConnector/stixGen.py	38
Solutions/MimecastTTP/Analytic Rules/MimecastTTPImpersonation.yaml	43
Solutions/MimecastTTP/Analytic Rules/MimecastTTPUrl.yaml	50
Solutions/MimecastTTP/Analytic Rules/MimecastTTPAttachment.yaml	47
Solutions/MimecastTTP/Data Connectors/Models/Request/__init__.py	6
Solutions/MimecastTTP/Data Connectors/Models/Request/refresh_access_key.py	5
Solutions/MimecastTTP/Data Connectors/Models/Request/get_ttp_impersonation_logs.py	8
Solutions/MimecastTTP/Data Connectors/Models/Request/get_ttp_url_logs.py	8
Solutions/MimecastTTP/Data Connectors/Models/Request/get_ttp_attachment_logs.py	8
Solutions/MimecastTTP/Data Connectors/Models/Error/errors.py	14
Solutions/MimecastTTP/Data Connectors/Models/Error/__init__.py	1
Solutions/MimecastTTP/Data Connectors/Models/Enum/mimecast_response_codes.py	10
Solutions/MimecastTTP/Data Connectors/Models/Enum/mimecast_endpoints.py	5
Solutions/MimecastTTP/Data Connectors/Models/Enum/__init__.py	1
Solutions/MimecastTTP/Data Connectors/GetTTPAttachment/__init__.py	78
Solutions/MimecastTTP/Data Connectors/GetTTPUrl/__init__.py	74
Solutions/MimecastTTP/Data Connectors/Helpers/date_helper.py	25
Solutions/MimecastTTP/Data Connectors/Helpers/response_helper.py	51
Solutions/MimecastTTP/Data Connectors/Helpers/request_helper.py	117
Solutions/MimecastTTP/Data Connectors/Helpers/azure_monitor_collector.py	44
Solutions/MimecastTTP/Data Connectors/GetTTPImpersonation/__init__.py	78
Solutions/MimecastTTP/Data Connectors/TransformData/ttp_attachment_parser.py	13
Solutions/MimecastTTP/Data Connectors/TransformData/ttp_url_parser.py	13
Solutions/MimecastTTP/Data Connectors/TransformData/ttp_impersonation_parser.py	13
Solutions/CofenseTriage/Data Connectors/CofenseTriageDataConnector/NonCofenseBasedIndicatorCreatorToCofense/sentinel.py	727
Solutions/CofenseTriage/Data Connectors/CofenseTriageDataConnector/NonCofenseBasedIndicatorCreatorToCofense/sentinel_to_cofense_mapping.py	42
Solutions/CofenseTriage/Data Connectors/CofenseTriageDataConnector/NonCofenseBasedIndicatorCreatorToCofense/__init__.py	23
Solutions/CofenseTriage/Data Connectors/CofenseTriageDataConnector/NonCofenseBasedIndicatorCreatorToCofense/cofense.py	330
Solutions/CofenseTriage/Data Connectors/CofenseTriageDataConnector/SharedCode/__init__.py	1
Solutions/CofenseTriage/Data Connectors/CofenseTriageDataConnector/SharedCode/cofense_exception.py	3
Solutions/CofenseTriage/Data Connectors/CofenseTriageDataConnector/SharedCode/state_manager.py	37
Solutions/CofenseTriage/Data Connectors/CofenseTriageDataConnector/SharedCode/utils.py	444
Solutions/CofenseTriage/Data Connectors/CofenseTriageDataConnector/SharedCode/consts.py	66
Solutions/CofenseTriage/Data Connectors/CofenseTriageDataConnector/SharedCode/logger.py	22
Solutions/CofenseTriage/Data Connectors/CofenseTriageDataConnector/RetryFailedIndicators/sentinel.py	193
Solutions/CofenseTriage/Data Connectors/CofenseTriageDataConnector/RetryFailedIndicators/__init__.py	13
Solutions/CofenseTriage/Data Connectors/CofenseTriageDataConnector/RetryFailedIndicators/retry_failed_indicators.py	270
Solutions/CofenseTriage/Data Connectors/CofenseTriageDataConnector/CofenseBasedIndicatorCreator/sentinel.py	193
Solutions/CofenseTriage/Data Connectors/CofenseTriageDataConnector/CofenseBasedIndicatorCreator/__init__.py	22
Solutions/CofenseTriage/Data Connectors/CofenseTriageDataConnector/CofenseBasedIndicatorCreator/cofense.py	86
Solutions/CofenseTriage/Data Connectors/CofenseTriageDataConnector/CofenseBasedIndicatorCreator/cofense_to_sentinel_mapping.py	323
Solutions/CofenseTriage/Data Connectors/CofenseTriageDataConnector/IndicatorCreatorToDefender/sentinel.py	751
Solutions/CofenseTriage/Data Connectors/CofenseTriageDataConnector/IndicatorCreatorToDefender/__init__.py	23
Solutions/CofenseTriage/Data Connectors/CofenseTriageDataConnector/IndicatorCreatorToDefender/sentinel_to_defender_mapping.py	168
Solutions/CofenseTriage/Data Connectors/CofenseTriageDataConnector/IndicatorCreatorToDefender/defender.py	281
Solutions/SailPointIdentityNow/Analytic Rules/SailPointIdentityNowAlertsForTriggers.yaml	32
Solutions/SailPointIdentityNow/Analytic Rules/SailPointIdentityNowUserWithFailedEvents.yaml	34
Solutions/SailPointIdentityNow/Analytic Rules/SailPointIdentityNowFailedEventsBasedOnTime.yaml	32
Solutions/SailPointIdentityNow/Analytic Rules/SailPointIdentityNowEventType.yaml	32
Solutions/SailPointIdentityNow/Analytic Rules/SailPointIdentityNowFailedEvents.yaml	30
Solutions/SailPointIdentityNow/Analytic Rules/SailPointIdentityNowEventTypeTechnicalName.yaml	33
Solutions/SailPointIdentityNow/Data Connectors/SearchEvent/__init__.py	179
Solutions/Okta Single Sign-On/Hunting Queries/LegacyAuthentication.yaml	37
Solutions/Okta Single Sign-On/Hunting Queries/LoginNordVPN.yaml	41
Solutions/Okta Single Sign-On/Hunting Queries/CreateAPIToken.yaml	26
Solutions/Okta Single Sign-On/Hunting Queries/UserPasswordReset.yaml	30
Solutions/Okta Single Sign-On/Hunting Queries/NewDeviceRegistration.yaml	51
Solutions/Okta Single Sign-On/Hunting Queries/AdminPrivilegeGrant.yaml	37
Solutions/Okta Single Sign-On/Hunting Queries/RareMFAOperation.yaml	42
Solutions/Okta Single Sign-On/Hunting Queries/LoginFromMultipleLocations.yaml	68
Solutions/Okta Single Sign-On/Hunting Queries/LoginsVPSProvider.yaml	41
Solutions/Okta Single Sign-On/Hunting Queries/ImpersonationSession.yaml	31
Solutions/Okta Single Sign-On/Parsers/OktaSSO.yaml	157
Solutions/Okta Single Sign-On/Analytic Rules/UserSessionImpersonation.yaml	46
Solutions/Okta Single Sign-On/Analytic Rules/LoginfromUsersfromDifferentCountrieswithin3hours.yaml	37
Solutions/Okta Single Sign-On/Analytic Rules/DeviceRegistrationMaliciousIP.yaml	50
Solutions/Okta Single Sign-On/Analytic Rules/FailedLoginsFromUnknownOrInvalidUser.yaml	44
Solutions/Okta Single Sign-On/Analytic Rules/MFAFatigue.yaml	49
Solutions/Okta Single Sign-On/Analytic Rules/HighRiskAdminActivity.yaml	51
Solutions/Okta Single Sign-On/Analytic Rules/PhishingDetection.yaml	47
Solutions/Okta Single Sign-On/Analytic Rules/PasswordSpray.yaml	40
Solutions/Okta Single Sign-On/Analytic Rules/NewDeviceLocationCriticalOperation.yaml	61
Solutions/Okta Single Sign-On/Data Connectors/OktaSingleSign-On/AzureFunctionOktaSSO_V2/requirements.psd1	8
Solutions/Okta Single Sign-On/Data Connectors/OktaSingleSign-On/AzureFunctionOktaSSO_V2/AzureFunctionOktaSSO/run.ps1	167
Solutions/Okta Single Sign-On/Data Connectors/OktaSingleSign-On/AzureFunctionOktaSSO_V2/profile.ps1	18
Solutions/Trend Micro Cloud App Security/Hunting Queries/TrendMicroCASInfectedFilesInEmails.yaml	26
Solutions/Trend Micro Cloud App Security/Hunting Queries/TrendMicroCASSuspiciousFilesSharepoint.yaml	25
Solutions/Trend Micro Cloud App Security/Hunting Queries/TrendMicroCASVAThreats.yaml	25
Solutions/Trend Micro Cloud App Security/Hunting Queries/TrendMicroCASTopFilesRecievedViaEmail.yaml	25
Solutions/Trend Micro Cloud App Security/Hunting Queries/TrendMicroCASUserDLPViolations.yaml	24
Solutions/Trend Micro Cloud App Security/Hunting Queries/TrendMicroCASRiskyUsers.yaml	24
Solutions/Trend Micro Cloud App Security/Hunting Queries/TrendMicroCASRansomwareThreats.yaml	24
Solutions/Trend Micro Cloud App Security/Hunting Queries/TrendMicroCASScanDiscoveredThreats.yaml	29
Solutions/Trend Micro Cloud App Security/Hunting Queries/TrendMicroCASRareFilesRecievedViaEmail.yaml	26
Solutions/Trend Micro Cloud App Security/Hunting Queries/TrendMicroCASFilesOnShares.yaml	29
Solutions/Trend Micro Cloud App Security/Parsers/TrendMicroCAS.yaml	78
Solutions/Trend Micro Cloud App Security/Analytic Rules/TrendMicroCASVAOutbreak.yaml	36
Solutions/Trend Micro Cloud App Security/Analytic Rules/TrendMicroCASUnexpectedFileInMail.yaml	33
Solutions/Trend Micro Cloud App Security/Analytic Rules/TrendMicroCASRansomwareOutbreak.yaml	31
Solutions/Trend Micro Cloud App Security/Analytic Rules/TrendMicroCASPossiblePhishingMail.yaml	34
Solutions/Trend Micro Cloud App Security/Analytic Rules/TrendMicroCASRansomwareOnHost.yaml	33
Solutions/Trend Micro Cloud App Security/Analytic Rules/TrendMicroCASThreatNotBlocked.yaml	30
Solutions/Trend Micro Cloud App Security/Analytic Rules/TrendMicroCASVAInfectedUser.yaml	34
Solutions/Trend Micro Cloud App Security/Analytic Rules/TrendMicroCASSuspiciousFilename.yaml	30
Solutions/Trend Micro Cloud App Security/Analytic Rules/TrendMicroCASDLPViolation.yaml	29
Solutions/Trend Micro Cloud App Security/Analytic Rules/TrendMicroCASUnexpectedFileOnFileShare.yaml	33
Solutions/Trend Micro Cloud App Security/Data Connectors/TrendMicroCASSentinelConnector/__init__.py	183
Solutions/Trend Micro Cloud App Security/Data Connectors/TrendMicroCASSentinelConnector/state_manager.py	18
Solutions/NozomiNetworks/Parsers/NozomiNetworksEvents.yaml	42
Solutions/Juniper SRX/Parsers/JuniperSRX.yaml	101
Solutions/MimecastAudit/Analytic Rules/MimecastAudit.yaml	51
Solutions/MimecastAudit/Data Connectors/GetAuditEvents/__init__.py	75
Solutions/MimecastAudit/Data Connectors/Models/Request/__init__.py	1
Solutions/MimecastAudit/Data Connectors/Models/Request/refresh_access_key.py	5
Solutions/MimecastAudit/Data Connectors/Models/Request/get_audit_events.py	14
Solutions/MimecastAudit/Data Connectors/Models/Error/errors.py	14
Solutions/MimecastAudit/Data Connectors/Models/Error/__init__.py	1
Solutions/MimecastAudit/Data Connectors/Models/Enum/mimecast_response_codes.py	10
Solutions/MimecastAudit/Data Connectors/Models/Enum/mimecast_endpoints.py	3
Solutions/MimecastAudit/Data Connectors/Models/Enum/__init__.py	1
Solutions/MimecastAudit/Data Connectors/Helpers/date_helper.py	20
Solutions/MimecastAudit/Data Connectors/Helpers/checkpoint_helper.py	43
Solutions/MimecastAudit/Data Connectors/Helpers/response_helper.py	54
Solutions/MimecastAudit/Data Connectors/Helpers/request_helper.py	121
Solutions/MimecastAudit/Data Connectors/Helpers/azure_monitor_collector.py	38
Solutions/MimecastAudit/Data Connectors/TransformData/audit_parser.py	27
Solutions/Proofpoint On demand(POD) Email Security/Hunting Queries/ProofpointPODHighScorePhishValue.yaml	16
Solutions/Proofpoint On demand(POD) Email Security/Hunting Queries/ProofpointPODRecipientsHighNumberDiscardReject.yaml	19
Solutions/Proofpoint On demand(POD) Email Security/Hunting Queries/ProofpointPODHighScoreMalwareValue.yaml	16
Solutions/Proofpoint On demand(POD) Email Security/Hunting Queries/ProofpointPODHighScoreSuspectValue.yaml	16
Solutions/Proofpoint On demand(POD) Email Security/Hunting Queries/ProofpointPODHighScoreAdultValue.yaml	16
Solutions/Proofpoint On demand(POD) Email Security/Hunting Queries/ProofpointPODSendersLargeNumberOfCorruptedEmails.yaml	19
Solutions/Proofpoint On demand(POD) Email Security/Hunting Queries/ProofpointPODLargeOutboundEmails.yaml	29
Solutions/Proofpoint On demand(POD) Email Security/Hunting Queries/ProofpointPODRecipientsLargeNumberOfCorruptedEmails.yaml	19
Solutions/Proofpoint On demand(POD) Email Security/Hunting Queries/ProofpointPODHighScoreSpamValue.yaml	16
Solutions/Proofpoint On demand(POD) Email Security/Hunting Queries/ProofpointPODSuspiciousFileTypesInAttachments.yaml	17
Solutions/Proofpoint On demand(POD) Email Security/Parsers/ProofpointPOD.yaml	317
Solutions/Proofpoint On demand(POD) Email Security/Analytic Rules/ProofpointPODMultipleArchivedAttachmentsToSameRecipient.yaml	38
Solutions/Proofpoint On demand(POD) Email Security/Analytic Rules/ProofpointPODSuspiciousAttachment.yaml	36
Solutions/Proofpoint On demand(POD) Email Security/Analytic Rules/ProofpointPODEmailSenderIPinTIList.yaml	60
Solutions/Proofpoint On demand(POD) Email Security/Analytic Rules/ProofpointPODMultipleLargeEmailsToSameRecipient.yaml	37
Solutions/Proofpoint On demand(POD) Email Security/Analytic Rules/ProofpointPODEmailSenderInTIList.yaml	52
Solutions/Proofpoint On demand(POD) Email Security/Analytic Rules/ProofpointPODDataExfiltrationToPrivateEmail.yaml	40
Solutions/Proofpoint On demand(POD) Email Security/Analytic Rules/ProofpointPODMultipleProtectedEmailsToUnknownRecipient.yaml	49
Solutions/Proofpoint On demand(POD) Email Security/Analytic Rules/ProofpointPODHighRiskNotDiscarded.yaml	35
Solutions/Proofpoint On demand(POD) Email Security/Analytic Rules/ProofpointPODWeakCiphers.yaml	32
Solutions/Proofpoint On demand(POD) Email Security/Analytic Rules/ProofpointPODBinaryInAttachment.yaml	39
Solutions/Proofpoint On demand(POD) Email Security/Data Connectors/ProofpointSentinelConnector/__init__.py	165
Solutions/Proofpoint On demand(POD) Email Security/Data Connectors/ProofpointSentinelConnector/sentinel_connector.py	100
Solutions/Vectra AI Stream/Parsers/vectra_beacon.yaml	17
Solutions/Vectra AI Stream/Parsers/vectra_match.yaml	17
Solutions/Vectra AI Stream/Parsers/vectra_isession.yaml	17
Solutions/Vectra AI Stream/Parsers/vectra_dns.yaml	17
Solutions/Vectra AI Stream/Parsers/vectra_smtp.yaml	17
Solutions/Vectra AI Stream/Parsers/vectra_ldap.yaml	17
Solutions/Vectra AI Stream/Parsers/vectra_ssl.yaml	17
Solutions/Vectra AI Stream/Parsers/VectraStream_function.yaml	460
Solutions/Vectra AI Stream/Parsers/vectra_x509.yaml	17
Solutions/Vectra AI Stream/Parsers/vectra_stream.yaml	13
Solutions/Vectra AI Stream/Parsers/vectra_ssh.yaml	17
Solutions/Vectra AI Stream/Parsers/vectra_dhcp.yaml	17
Solutions/Vectra AI Stream/Parsers/vectra_dcerpc.yaml	17
Solutions/Vectra AI Stream/Parsers/vectra_http.yaml	17
Solutions/Vectra AI Stream/Parsers/vectra_rdp.yaml	17
Solutions/Vectra AI Stream/Parsers/vectra_smbmapping.yaml	17
Solutions/Vectra AI Stream/Parsers/vectra_kerberos.yaml	17
Solutions/Vectra AI Stream/Parsers/vectra_smbfiles.yaml	17
Solutions/Vectra AI Stream/Parsers/vectra_radius.yaml	17
Solutions/Vectra AI Stream/Parsers/vectra_ntlm.yaml	17
Solutions/CybersecurityMaturityModelCertification(CMMC)2.0/Analytic Rules/CMMC2.0Level1FoundationalPosture.yaml	35
Solutions/CybersecurityMaturityModelCertification(CMMC)2.0/Analytic Rules/CMMC2.0Level2AdvancedPosture.yaml	35
Solutions/Theom/Analytic Rules/TRIS0012_Dev_secrets_exposed.yaml	38
Solutions/Theom/Analytic Rules/TRIS0015_Healthcare_data_exposed.yaml	38
Solutions/Theom/Analytic Rules/TheomRisksLow.yaml	58
Solutions/Theom/Analytic Rules/TheomRisksMedium.yaml	58
Solutions/Theom/Analytic Rules/TheomRisksCritical.yaml	58
Solutions/Theom/Analytic Rules/TRIS0035_Shadow_DB_large_datastore_value.yaml	38
Solutions/Theom/Analytic Rules/TRIS0003_Financial_data_unencrypted.yaml	38
Solutions/Theom/Analytic Rules/TRIS0034_Overprovisioned_Roles_Shadow_DB.yaml	40
Solutions/Theom/Analytic Rules/TRIS0018_National_IDs_exposed.yaml	38
Solutions/Theom/Analytic Rules/TheomRisksInsights.yaml	58
Solutions/Theom/Analytic Rules/TRIS0007-10_TRIS0014_Critical_data_in_API_headers_or_body.yaml	39
Solutions/Theom/Analytic Rules/TRIS0026_Financial_data_exposed.yaml	38
Solutions/Theom/Analytic Rules/TRIS0005_Unencrypted_public_data_stores.yaml	38
Solutions/Theom/Analytic Rules/TRIS0002_National_IDs_unencrypted.yaml	38
Solutions/Theom/Analytic Rules/TRIS0032_Dark_Data_with_large_fin_value.yaml	38
Solutions/Theom/Analytic Rules/TRIS0036_Shadow_DB_with_atypical_accesses.yaml	40
Solutions/Theom/Analytic Rules/TRIS0001_Dev_secrets_unencrypted.yaml	37
Solutions/Theom/Analytic Rules/TRIS0033_Least_priv_large_value_shadow_DB.yaml	38
Solutions/Theom/Analytic Rules/TRIS0004_Healthcare_data_unencrypted.yaml	38
Solutions/Theom/Analytic Rules/TheomRisksHigh.yaml	58
Solutions/SonraiSecurity/Analytic Rules/SonraiTicketAssigned.yaml	66
Solutions/SonraiSecurity/Analytic Rules/SonraiTicketClosed.yaml	65
Solutions/SonraiSecurity/Analytic Rules/SonraiTicketUpdated.yaml	65
Solutions/SonraiSecurity/Analytic Rules/SonraiNewTicket.yaml	64
Solutions/SonraiSecurity/Analytic Rules/SonraiTicketRiskAccepted.yaml	5
Solutions/SonraiSecurity/Analytic Rules/SonraiTicketReopened.yaml	66
Solutions/SonraiSecurity/Analytic Rules/SonraiTicketSnoozed.yaml	65
Solutions/SonraiSecurity/Analytic Rules/SonraiTicketEscalationExecuted.yaml	65
Solutions/SonraiSecurity/Analytic Rules/SonraiTicketCommentAdded.yaml	65
Solutions/SentinelOne/Hunting Queries/SentinelOneNewRules.yaml	25
Solutions/SentinelOne/Hunting Queries/SentinelOneAlertTriggers.yaml	25
Solutions/SentinelOne/Hunting Queries/SentinelOneAgentNotUpdated.yaml	26
Solutions/SentinelOne/Hunting Queries/SentinelOneScannedHosts.yaml	25
Solutions/SentinelOne/Hunting Queries/SentinelOneUsersByAlertCount.yaml	29
Solutions/SentinelOne/Hunting Queries/SentinelOneRulesDeleted.yaml	25
Solutions/SentinelOne/Hunting Queries/SentinelOneAgentStatus.yaml	25
Solutions/SentinelOne/Hunting Queries/SentinelOneHostNotScanned.yaml	29
Solutions/SentinelOne/Hunting Queries/SentinelOneSourcesByAlertCount.yaml	25
Solutions/SentinelOne/Hunting Queries/SentinelOneUninstalledAgents.yaml	23
Solutions/SentinelOne/Parsers/SentinelOne.yaml	651
Solutions/SentinelOne/Analytic Rules/SentinelOneAlertFromCustomRule.yaml	31
Solutions/SentinelOne/Analytic Rules/SentinelOneNewAdmin.yaml	29
Solutions/SentinelOne/Analytic Rules/SentinelOneViewAgentPassphrase.yaml	33
Solutions/SentinelOne/Analytic Rules/SentinelOneSameCustomRuleHitOnDiffHosts.yaml	35
Solutions/SentinelOne/Analytic Rules/SentinelOneAgentUninstalled.yaml	30
Solutions/SentinelOne/Analytic Rules/SentinelOneExclusionAdded.yaml	30
Solutions/SentinelOne/Analytic Rules/SentinelOneRuleDisabled.yaml	30
Solutions/SentinelOne/Analytic Rules/SentinelOneBlacklistHashDeleted.yaml	36
Solutions/SentinelOne/Analytic Rules/SentinelOneRuleDeleted.yaml	30
Solutions/SentinelOne/Analytic Rules/SentinelOneAdminLoginNewIP.yaml	47
Solutions/SentinelOne/Analytic Rules/SentinelOneMultipleAlertsOnHost.yaml	33
Solutions/SentinelOne/Data Connectors/SentinelOneSentinelConnector/__init__.py	173
Solutions/SentinelOne/Data Connectors/SentinelOneSentinelConnector/state_manager.py	18
Solutions/CiscoSEG/Hunting Queries/CiscoSEGDroppedOutMails.yaml	25
Solutions/CiscoSEG/Hunting Queries/CiscoSEGUsersReceivedSpam.yaml	27
Solutions/CiscoSEG/Hunting Queries/CiscoSEGFailedTLSIn.yaml	25
Solutions/CiscoSEG/Hunting Queries/CiscoSEGFailedSPFFailure.yaml	25
Solutions/CiscoSEG/Hunting Queries/CiscoSEGDroppedInMails.yaml	25
Solutions/CiscoSEG/Hunting Queries/CiscoSEGFailedDKIMFailure.yaml	25
Solutions/CiscoSEG/Hunting Queries/CiscoSEGSpamMails.yaml	27
Solutions/CiscoSEG/Hunting Queries/CiscoSEGFailedTLSOut.yaml	25
Solutions/CiscoSEG/Hunting Queries/CiscoSEGInsecureProtocol.yaml	25
Solutions/CiscoSEG/Hunting Queries/CiscoSEGFailedDMARKFailure.yaml	25
Solutions/CiscoSEG/Parsers/CiscoSEGEvent.yaml	47
Solutions/CiscoSEG/Analytic Rules/CiscoSEGDLPViolation.yaml	32
Solutions/CiscoSEG/Analytic Rules/CiscoSEGMaliciousAttachmentNotBlocked.yaml	33
Solutions/CiscoSEG/Analytic Rules/CiscoSEGMultipleLargeEmails.yaml	37
Solutions/CiscoSEG/Analytic Rules/CiscoSEGPossibleOutbreak.yaml	32
Solutions/CiscoSEG/Analytic Rules/CiscoSEGSuspiciousLink.yaml	33
Solutions/CiscoSEG/Analytic Rules/CiscoSEGMultipleSuspiciousEmails.yaml	34
Solutions/CiscoSEG/Analytic Rules/CiscoSEGUnscannableAttachment.yaml	32
Solutions/CiscoSEG/Analytic Rules/CiscoSEGUnexpextedAttachment.yaml	32
Solutions/CiscoSEG/Analytic Rules/CiscoSEGSuspiciousSenderDomain.yaml	39
Solutions/CiscoSEG/Analytic Rules/CiscoSEGPotentialLinkToMalwareDownload.yaml	33
Solutions/CiscoSEG/Analytic Rules/CiscoSEGUnclassifiedLink.yaml	33
Solutions/GoogleCloudPlatformDNS/Hunting Queries/GCPDNSIpLookup.yaml	28
Solutions/GoogleCloudPlatformDNS/Hunting Queries/GCPDNSRequestToTOR.yaml	27
Solutions/GoogleCloudPlatformDNS/Hunting Queries/GCPDNSSourceHighErrors.yaml	24
Solutions/GoogleCloudPlatformDNS/Hunting Queries/GCPDNSErrors.yaml	27
Solutions/GoogleCloudPlatformDNS/Hunting Queries/GCPDNSServerLatency.yaml	27
Solutions/GoogleCloudPlatformDNS/Hunting Queries/GCPDNSUnexpectedTLD.yaml	24
Solutions/GoogleCloudPlatformDNS/Hunting Queries/GCPDNSRareDomains.yaml	25
Solutions/GoogleCloudPlatformDNS/Hunting Queries/GCPDNSOnlineShares.yaml	27
Solutions/GoogleCloudPlatformDNS/Hunting Queries/GCPDNSUnusualTLD.yaml	33
Solutions/GoogleCloudPlatformDNS/Hunting Queries/GCPDNSRareErrors.yaml	26
Solutions/GoogleCloudPlatformDNS/Parsers/GCPCloudDNS.yaml	131
Solutions/GoogleCloudPlatformDNS/Analytic Rules/GCPDNSDataExfiltration.yaml	32
Solutions/GoogleCloudPlatformDNS/Analytic Rules/GCPDNSExchangeAutodiscoverAbuse.yaml	34
Solutions/GoogleCloudPlatformDNS/Analytic Rules/GCPDNSUNC2452AptActivity.yaml	32
Solutions/GoogleCloudPlatformDNS/Analytic Rules/GCPDNSMaliciousPythonPackages.yaml	32
Solutions/GoogleCloudPlatformDNS/Analytic Rules/GCPDNSIpCheck.yaml	33
Solutions/GoogleCloudPlatformDNS/Analytic Rules/GCPDNSCVE-2021-40444.yaml	32
Solutions/GoogleCloudPlatformDNS/Analytic Rules/GCPDNSIpDynDns.yaml	33
Solutions/GoogleCloudPlatformDNS/Analytic Rules/GCPDNSSIGREDPattern.yaml	32
Solutions/GoogleCloudPlatformDNS/Analytic Rules/GCPDNSMultipleErrorsFromIp.yaml	32
Solutions/GoogleCloudPlatformDNS/Analytic Rules/GCPDNSPrintNightmare.yaml	32
Solutions/GoogleCloudPlatformDNS/Analytic Rules/GCPDNSMultipleErrorsQuery.yaml	36
Solutions/GoogleCloudPlatformDNS/Data Connectors/AzureFunctionGCPDNS/main.py	99
Solutions/GoogleCloudPlatformDNS/Data Connectors/AzureFunctionGCPDNS/state_manager.py	18
Solutions/GoogleCloudPlatformDNS/Data Connectors/AzureFunctionGCPDNS/sentinel_connector.py	90
Solutions/AWS Systems Manager/Playbooks/CustomConnector/AWS_SSM_FunctionAppConnector/DescribeInstancePatches/__init__.py	93
Solutions/AWS Systems Manager/Playbooks/CustomConnector/AWS_SSM_FunctionAppConnector/StopAutomationExecution/__init__.py	78
Solutions/AWS Systems Manager/Playbooks/CustomConnector/AWS_SSM_FunctionAppConnector/GetInventory/__init__.py	96
Solutions/AWS Systems Manager/Playbooks/CustomConnector/AWS_SSM_FunctionAppConnector/RemoveTagFromResource/__init__.py	82
Solutions/AWS Systems Manager/Playbooks/CustomConnector/AWS_SSM_FunctionAppConnector/DescribeInstanceInformation/__init__.py	97
Solutions/AWS Systems Manager/Playbooks/CustomConnector/AWS_SSM_FunctionAppConnector/AddTagsToResource/__init__.py	85
Solutions/AWS Systems Manager/Playbooks/CustomConnector/AWS_SSM_FunctionAppConnector/ListDocuments/__init__.py	80
Solutions/AWS Systems Manager/Playbooks/CustomConnector/AWS_SSM_FunctionAppConnector/GetAutomationExecution/__init__.py	81
Solutions/AWS Systems Manager/Playbooks/CustomConnector/AWS_SSM_FunctionAppConnector/CreateDocument/__init__.py	128
Solutions/AWS Systems Manager/Playbooks/CustomConnector/AWS_SSM_FunctionAppConnector/StartAutomationExecution/__init__.py	139
Solutions/AWS Systems Manager/Playbooks/CustomConnector/AWS_SSM_FunctionAppConnector/ListTagsForResource/__init__.py	76
Solutions/AWS Systems Manager/Playbooks/CustomConnector/AWS_SSM_FunctionAppConnector/DeleteDocument/__init__.py	92
Solutions/AWS Systems Manager/Playbooks/CustomConnector/AWS_SSM_FunctionAppConnector/DescribeDocument/__init__.py	85
Solutions/AWS Systems Manager/Playbooks/CustomConnector/AWS_SSM_FunctionAppConnector/GetDocument/__init__.py	89
Solutions/Network Session Essentials/Hunting Queries/Remote Desktop Network Traffic(ASIM Network Session schema).yaml	30
Solutions/Network Session Essentials/Hunting Queries/MismatchBetweenDestinationAppNameAndDestinationPort.yaml	86
Solutions/Network Session Essentials/Hunting Queries/DetectPortMisuseByStaticThresholdHunting.yaml	131
Solutions/Network Session Essentials/Hunting Queries/DetectPortMisuseByAnomalyHunting.yaml	173
Solutions/Network Session Essentials/Hunting Queries/Detect Outbound LDAP Traffic(ASIM Network Session schema).yaml	26
Solutions/Network Session Essentials/Hunting Queries/Protocols passing authentication in cleartext (ASIM Network Session schema).yaml	35
Solutions/Network Session Essentials/Hunting Queries/DetectsSeveralUsersWithTheSameMACAddress.yaml	72
Solutions/Network Session Essentials/Analytic Rules/ExcessiveHTTPFailuresFromSource.yaml	94
Solutions/Network Session Essentials/Analytic Rules/DetectPortMisuseByStaticThreshold.yaml	151
Solutions/Network Session Essentials/Analytic Rules/AnomalyFoundInNetworkSessionTraffic.yaml	192
Solutions/Network Session Essentials/Analytic Rules/PortScan.yaml	95
Solutions/Network Session Essentials/Analytic Rules/NetworkPortSweepFromExternalNetwork.yaml	91
Solutions/Network Session Essentials/Analytic Rules/DetectPortMisuseByAnomalyBasedDetection.yaml	192
Solutions/Network Session Essentials/Analytic Rules/PossibleBeaconingActivity.yaml	107
Solutions/Network Session Essentials/Analytic Rules/Anomaly in SMB Traffic(ASIM Network Session schema).yaml	53
Solutions/Network Session Essentials/Analytic Rules/Remote Desktop Network Brute force (ASIM Network Session schema).yaml	39
Solutions/AWS_IAM/Playbooks/AWS_IAM_FunctionAppConnector/ListAttachedUserPolicies/__init__.py	25
Solutions/AWS_IAM/Playbooks/AWS_IAM_FunctionAppConnector/ListGroupsForUser/__init__.py	33
Solutions/AWS_IAM/Playbooks/AWS_IAM_FunctionAppConnector/DeleteAccessKey/__init__.py	21
Solutions/AWS_IAM/Playbooks/AWS_IAM_FunctionAppConnector/ListAccessKeys/__init__.py	25
Solutions/AWS_IAM/Playbooks/AWS_IAM_FunctionAppConnector/DetachUserPolicy/__init__.py	22
Solutions/AWS_IAM/Playbooks/AWS_IAM_FunctionAppConnector/DeleteUserPolicy/__init__.py	21
Solutions/AWS_IAM/Playbooks/AWS_IAM_FunctionAppConnector/GetUser/__init__.py	28
Solutions/AWS_IAM/Playbooks/AWS_IAM_FunctionAppConnector/ListUserPolicies/__init__.py	33
Solutions/AWS_IAM/Playbooks/AWS_IAM_FunctionAppConnector/TagUser/__init__.py	31
Solutions/CyberArkAudit/Data Connectors/CyberArkAuditConnector/exporter.py	45
Solutions/CyberArkAudit/Data Connectors/CyberArkAuditConnector/main.py	15
Solutions/CyberArkAudit/Data Connectors/CyberArkAuditConnector/audit.py	165
Solutions/CyberArkAudit/Data Connectors/CyberArkAuditConnector/storage.py	39
Solutions/SquidProxy/Parsers/SquidProxy.yaml	22
Solutions/1Password/Data Connectors/requirements.psd1	9
Solutions/1Password/Data Connectors/function/run.ps1	61
Solutions/1Password/Data Connectors/Modules/HelperFunctions/HelperFunctions.psm1	351
Solutions/1Password/Data Connectors/profile.ps1	19
Solutions/1Password/Analytics Rules/1Password - New service account integration created.yaml	51
Solutions/1Password/Analytics Rules/1Password - User added to privileged group.yaml	69
Solutions/1Password/Analytics Rules/1Password - Non-privileged vault user permission change.yaml	65
Solutions/1Password/Analytics Rules/1Password - Vault Export.yaml	48
Solutions/1Password/Analytics Rules/1Password - Privileged vault permission change.yaml	66
Solutions/1Password/Analytics Rules/1Password - Disable MFA factor or type for all user accounts.yaml	49
Solutions/1Password/Analytics Rules/1Password - Changes to firewall rules.yaml	51
Solutions/1Password/Analytics Rules/1Password - User account MFA settings changed.yaml	50
Solutions/1Password/Analytics Rules/1Password - Changes to SSO configuration.yaml	51
Solutions/1Password/Analytics Rules/1Password - Potential insider privilege escalation via vault.yaml	57
Solutions/1Password/Analytics Rules/1Password - Log Ingestion Failure.yaml	39
Solutions/1Password/Analytics Rules/1Password - Service account integration token adjustment.yaml	51
Solutions/1Password/Analytics Rules/1Password - Vault Export Post Account Creation.yaml	63
Solutions/1Password/Analytics Rules/1Password - Manual account creation.yaml	55
Solutions/1Password/Analytics Rules/1Password - Vault export prior to account suspension or deletion.yaml	71
Solutions/1Password/Analytics Rules/1Password - Secret Extraction Post Vault Access Change By Administrator.yaml	78
Solutions/1Password/Analytics Rules/1Password - Successful anomalous sign-in.yaml	66
Solutions/1Password/Analytics Rules/1Password - Potential insider privilege escalation via group.yaml	62
Solutions/CTM360/Analytic Rules/Tlsv1InUseLow.yaml	53
Solutions/CTM360/Analytic Rules/AutoGeneratedPage.yaml	40
Solutions/CTM360/Analytic Rules/Tlsv11InUseMedium.yaml	60
Solutions/CTM360/Analytic Rules/TLSCertificateUsingWeakCipherMedium.yaml	53
Solutions/CTM360/Analytic Rules/ExposedEmailAddress.yaml	41
Solutions/CTM360/Analytic Rules/Tlsv11InUseInfo.yaml	53
Solutions/CTM360/Analytic Rules/TLSCertificateHostnameMismatch.yaml	50
Solutions/CTM360/Analytic Rules/HeaderContentSecurityPolicyMissing.yaml	49
Solutions/CTM360/Analytic Rules/LeakedCredential.yaml	38
Solutions/CTM360/Analytic Rules/ExposedAdminLoginPage.yaml	50
Solutions/CTM360/Analytic Rules/CodeRepository.yaml	41
Solutions/CTM360/Analytic Rules/Phishing.yaml	43
Solutions/CTM360/Analytic Rules/HeaderXFrameOptionsMissingLow.yaml	48
Solutions/CTM360/Analytic Rules/HeaderXFrameOptionsMissingMedium.yaml	49
Solutions/CTM360/Analytic Rules/CompromisedCards.yaml	41
Solutions/CTM360/Analytic Rules/CookiesHttponlyFlagNotUsed.yaml	48
Solutions/CTM360/Analytic Rules/DMARCNotConfigured.yaml	49
Solutions/CTM360/Analytic Rules/TLSCertificateUsingWeakCipherInformational.yaml	53
Solutions/CTM360/Analytic Rules/BrandImpersonationINFO.yaml	42
Solutions/CTM360/Analytic Rules/SPFPolicySetToSoftFail.yaml	50
Solutions/CTM360/Analytic Rules/HeaderReferrerPolicyMissing.yaml	49
Solutions/CTM360/Analytic Rules/CookiesSecureFlagNotUsed.yaml	48
Solutions/CTM360/Analytic Rules/ExposedUserList.yaml	48
Solutions/CTM360/Analytic Rules/DomainInfringemen.yaml	43
Solutions/CTM360/Analytic Rules/SubresourceIntegritySRINotImplemented.yaml	48
Solutions/CTM360/Analytic Rules/SubdomainInfringement.yaml	44
Solutions/CTM360/Analytic Rules/SPFNotConfigured.yaml	50
Solutions/CTM360/Analytic Rules/HeaderXFrameOptionsMissingInformational.yaml	48
Solutions/CTM360/Analytic Rules/HeaderXXSSProtectionMissing.yaml	48
Solutions/CTM360/Analytic Rules/HeaderWebServerExposed.yaml	48
Solutions/CTM360/Analytic Rules/SuspiciousMobileAppINFO.yaml	42
Solutions/CTM360/Analytic Rules/CookiesSamesiteFlagNotUsed.yaml	49
Solutions/CTM360/Analytic Rules/ExecutiveImpersonation.yaml	41
Solutions/CTM360/Analytic Rules/BrandImpersonationHIGH.yaml	43
Solutions/CTM360/Analytic Rules/HeaderHTTPStrictTransportSecurityMissing.yaml	49
Solutions/CTM360/Analytic Rules/BrandAbuse.yaml	47
Solutions/CTM360/Analytic Rules/Tlsv1InUseMedium.yaml	53
Solutions/CTM360/Analytic Rules/SuspiciousMobileAppHigh.yaml	41
Solutions/CTM360/Data Connectors/CBS/AzureFunctionCTM360_CBS/__init__.py	149
Solutions/CTM360/Data Connectors/CBS/AzureFunctionCTM360_CBS/state_manager.py	18
Solutions/CTM360/Data Connectors/HackerView/AzureFunctionCTM360_HV/__init__.py	150
Solutions/CTM360/Data Connectors/HackerView/AzureFunctionCTM360_HV/state_manager.py	18
Solutions/CiscoMeraki/Parsers/CiscoMeraki.yaml	246
Solutions/Business Email Compromise - Financial Fraud/Hunting Queries/UserDetectPrivilegeGroup.yaml	34
Solutions/Business Email Compromise - Financial Fraud/Hunting Queries/riskSignInWithNewMFAMethod.yaml	94
Solutions/Business Email Compromise - Financial Fraud/Hunting Queries/new_locations_azuread_signin.yaml	65
Solutions/Business Email Compromise - Financial Fraud/Hunting Queries/AWSBucketAPILogs-SuspiciousDataAccessToS3BucketsfromUnknownIP.yaml	49
Solutions/Business Email Compromise - Financial Fraud/Hunting Queries/UserLoginIPAddressTeleportation.yaml	112
Solutions/Business Email Compromise - Financial Fraud/Hunting Queries/OfficeMailRuleCreationWithMailMoveActivity.yaml	72
Solutions/Business Email Compromise - Financial Fraud/Hunting Queries/Emailforwarding_SAPdownload.yaml	76
Solutions/Business Email Compromise - Financial Fraud/Hunting Queries/LegacyAuthAttempt.yaml	42
Solutions/Business Email Compromise - Financial Fraud/Hunting Queries/UserAccounts-UnusualLogonTimes.yaml	76
Solutions/Business Email Compromise - Financial Fraud/Hunting Queries/AWSBucketAPILogs-S3BucketDataTransferTimeSeriesAnomaly.yaml	54
Solutions/Business Email Compromise - Financial Fraud/Hunting Queries/UserAccounts-NewSingleFactorAuth.yaml	67
Solutions/Business Email Compromise - Financial Fraud/Hunting Queries/SAP_HighdownloadfromPriviledgedaccount.yaml	56
Solutions/Business Email Compromise - Financial Fraud/Hunting Queries/SuccessfulSigninFromNon-CompliantDevice.yaml	67
Solutions/Business Email Compromise - Financial Fraud/Analytic Rules/AuthenticationMethodChangedforPrivilegedAccount.yaml	71
Solutions/Business Email Compromise - Financial Fraud/Analytic Rules/SuspiciousAccessOfBECRelatedDocumentsInAWSS3Buckets.yaml	72
Solutions/Business Email Compromise - Financial Fraud/Analytic Rules/AccountElevatedtoNewRole.yaml	87
Solutions/Business Email Compromise - Financial Fraud/Analytic Rules/BEC_MailboxRule.yaml	54
Solutions/Business Email Compromise - Financial Fraud/Analytic Rules/SuspiciousAccessOfBECRelatedDocuments.yaml	88
Solutions/Business Email Compromise - Financial Fraud/Analytic Rules/PrivilegedAccountPermissionsChanged.yaml	79
Solutions/Business Email Compromise - Financial Fraud/Analytic Rules/UserAddedtoAdminRole.yaml	74
Solutions/LastPass/Hunting Queries/LoginIntoLastPassFromUnknownIP.yaml	24
Solutions/LastPass/Hunting Queries/FailedSigninsDueToMFA.yaml	21
Solutions/LastPass/Hunting Queries/PasswordMoveToSharedFolder.yaml	16
Solutions/LastPass/Analytic Rules/FailedSigninDueToMFA.yaml	43
Solutions/LastPass/Analytic Rules/UnusualVolumeOfPasswordsUpdatedOrRemoved.yaml	45
Solutions/LastPass/Analytic Rules/HighlySensitivePasswordAccessed.yaml	44
Solutions/LastPass/Analytic Rules/TIMapIPEntityToLastPass.yaml	30
Solutions/LastPass/Analytic Rules/EmployeeAccountDeleted.yaml	36
Solutions/Egress Defend/Hunting Queries/DangerousLinksClicked.yaml	16
Solutions/Egress Defend/Parsers/DefendAuditData.yaml	26
Solutions/Egress Defend/Analytic Rules/DangerousLinksClicked.yaml	51
Solutions/Egress Defend/Analytic Rules/DangerousAttachmentReceived.yaml	55
Tutorials/Microsoft 365 Defender/Webcasts/Airlift 2021 - Lets Invoke.csl	415
Tools/Azure-Sentinel-add-on/default/data/ui/views/home.xml	4
Tools/Azure-Sentinel-add-on/default/data/ui/nav/default.xml	3
Tools/Azure-Sentinel-add-on/default/data/ui/alerts/send_to_sentinel.html	33
Tools/Azure-Sentinel-add-on/README/alert_actions.conf.spec	9
Tools/Azure-Sentinel-add-on/README/addon_builder.conf.spec	4
Tools/ConvertYamlToJson/ConvertSentinelRuleFrom-Yaml.ps1	177
Tools/ArcSight-Data-Migration/lacat-opt.py	152
Tools/Copy-AzOperationalInsightsTable/Copy-AzOperationalInsightsTable.ps1	123
Tools/RDAP/RDAPQuery/RDAPQuery/QueryEngine.cs	206
Tools/RDAP/RDAPQuery/RDAPQuery/LogAnalytics.cs	159
Tools/Az.SecurityInsights-Samples/Alert Rules/Import GitHub YAML rules/ImportGitHubYAMLrules.ps1	158
Tools/Az.SecurityInsights-Samples/Alert Rules/Import Analytics Rules/importAzureSentinelRules.ps1	164
Tools/Az.SecurityInsights-Samples/Alert Rules/Export Analytics Rules/exportAzureSentinelRules.ps1	91
Tools/Az.SecurityInsights-Samples/Alert Rule Actions/Add Action to All Azure Sentinel Analytics Rules/addAzureSentinelAlertAction.ps1	97
Tools/AzureDataExplorer/Pipeline/Migrate-LA-to-ADX-Pipeline.ps1	611
Tools/AzureDataExplorer/CreateTables_ADX_ScriptFile/Create-LA-Tables-ADX-ScriptFile.ps1	392
Tools/AzureDataExplorer/Migrate-LA-to-ADX.ps1	613
Tools/AzureDataExplorer/CreateTables_ADX/Create-LA-Tables-ADX.ps1	318
Tools/Create-Azure-Sentinel-Solution/pipeline/createSolutionV4.ps1	305
Tools/Create-Azure-Sentinel-Solution/createSolution.ps1	1314
Tools/Create-Azure-Sentinel-Solution/common/commonFunctions.ps1	3350
Tools/Create-Azure-Sentinel-Solution/common/standardLogStreams.ps1	106
Tools/Create-Azure-Sentinel-Solution/common/LogAppInsights.ps1	387
Tools/Create-Azure-Sentinel-Solution/common/createCCPConnector.ps1	921
Tools/Create-Azure-Sentinel-Solution/common/get-ccp-details.ps1	362
Tools/Create-Azure-Sentinel-Solution/common/templating/replacePlaybookParamNames.js	8
Tools/Create-Azure-Sentinel-Solution/common/templating/replacePlaybookVarNames.js	8
Tools/Create-Azure-Sentinel-Solution/common/templating/replaceLocationValue.js	8
Tools/Create-Azure-Sentinel-Solution/common/templating/SolutionAutomationInput.ts	26
Tools/Create-Azure-Sentinel-Solution/V3/createSolutionV3.ps1	292
Tools/Create-Azure-Sentinel-Solution/arm-ttk/download-arm-ttk.ps1	15
Tools/Create-Azure-Sentinel-Solution/arm-ttk/run-arm-ttk-in-automation.ps1	45
Tools/Create-Azure-Sentinel-Solution/V2/createSolutionV2.ps1	2512
Tools/Create-Azure-Sentinel-Solution/V2/templating/replacePlaybookParamNames.js	8
Tools/Create-Azure-Sentinel-Solution/V2/templating/replacePlaybookVarNames.js	8
Tools/Create-Azure-Sentinel-Solution/V2/templating/replaceLocationValue.js	8
Tools/Create-Azure-Sentinel-Solution/V2/templating/SolutionAutomationInput.ts	26
Tools/Create-Azure-Sentinel-Solution/templating/replacePlaybookParamNames.js	8
Tools/Create-Azure-Sentinel-Solution/templating/replacePlaybookVarNames.js	8
Tools/Create-Azure-Sentinel-Solution/templating/replaceLocationValue.js	8
Tools/Create-Azure-Sentinel-Solution/templating/SolutionAutomationInput.ts	20
Tools/SyncMSServiceTags/syncMSServiceTags.ps1	35
Tools/Sample-Data-Ingest-Tool/SampleDataIngestTool/AppConfig.cs	33
Tools/Sample-Data-Ingest-Tool/SampleDataIngestTool/SampleDataPath.cs	26
Tools/Sample-Data-Ingest-Tool/SampleDataIngestTool/LogAnalyticsCheck.cs	58
Tools/Sample-Data-Ingest-Tool/SampleDataIngestTool/Program.cs	158
Tools/validate-detections/action.ps1	45
Tools/Syslog-cef-data-replicator/syslog.py	44
Tools/Syslog-cef-data-replicator/pysyslog.py	70
Tools/Syslog-cef-data-replicator/pycef.py	63
Tools/SIEM-Data-Migration/installTools.ps1	7
Tools/PowerShell/Create-AnalyticsRulesFromTemplates/Create-AnalyticsRulesFromTemplates.ps1	162
Tools/PowerShell/Add-PlaybooksToSentinel/Add-PlaybooksToSentinel.ps1	136
Tools/PowerShell/SentinelAnalyticRulesManagementScript.ps1	1107
Tools/ParameterizedFunction/AuditEventDataLookup_Func.ps1	136
Tools/ParameterizedFunction/EnrichAuditEvents_Func.ps1	60
Tools/Sample Code/HttpDataCollectorAPI/HttpDataCollectorAPI/Program.cs	74
Tools/Playbook-ARM-Template-Generator/src/Playbook_ARM_Template_Generator.ps1	526
Tools/CustomLogsIngestion-DCE-DCR/src/Send-AzMonitorCustomLogs.ps1	190
Tools/externaldata/emailevents.yaml	5
Tools/externaldata/genstoragectxkql.ps1	88
Tools/externaldata/emailurlinfo.yaml	5
Tools/externaldata/dnsevents.yaml	5
Tools/externaldata/securityalert.yaml	5
Tools/externaldata/event.yaml	5
Tools/externaldata/emailattachmentinfo.yaml	5
Tools/externaldata/heartbeat.yaml	5
Tools/externaldata/appservicehttplogs.yaml	5
Tools/externaldata/auditlogs.yaml	5
Tools/Sentinel-All-In-One/v2/Scripts/EnableRules.ps1	276
Tools/Sentinel-All-In-One/v2/Scripts/Create-NewSolutionAndRulesFromList.ps1	187
Tools/Sentinel-All-In-One/v1/ARMTemplates/Scripts/EnableRules.ps1	63
Tools/Sentinel-All-In-One/v1/Powershell/DeleteConnectors.ps1	108
Tools/Sentinel-All-In-One/v1/Powershell/SentinelallInOne.ps1	383
Tools/Sentinel-All-In-One/v1/MSSPversion/Scripts/EnableRules.ps1	63
Tools/MITREATT&CK-LayerGeneration-Notebook/msticpyconfig.yaml	4
Tools/UploadToBlobLookupTables/UploadToBlobLookupTables/requirements.psd1	6
Tools/UploadToBlobLookupTables/UploadToBlobLookupTables/profile.ps1	18
Tools/UploadToBlobLookupTables/UploadToBlobLookupTables/UploadToBlobLookupTables/run.ps1	83
Tools/Archive-Log-Tool/ArchiveLogsTool-PowerShell/Configure-Long-Term-Retention.ps1	510
Playbooks/AzureMonitor-ManagedId/azuremonitor.liquid	15
Playbooks/AS-Sign-Out-Google-User/CreateGoogleJWT/__init__.py	37
Playbooks/Isolate-AzVM/Convert-SnapshotsToVHD.ps1	195
Playbooks/Isolate-AzVM/Set-ManagedIdentity.ps1	92
Playbooks/Ingest-CanaryTokens/Detections/Canarytoken_triggered.yaml	31
Playbooks/PaloAlto-Wildfire/XMLResponse.xml	9
Playbooks/AS-Microsoft-DCR-Log-Ingestion/Scripts/OfficeAuditSubscriptionEnable.ps1	26
Playbooks/Update-CVE-IPs-WatchListwithGreyNoise/ApplyPermissionsonLogicApp.ps1	8
Playbooks/Update-CVE-IPs-WatchListwithGreyNoise/NetworkSearchingForGreyNoiseIPbyCVEActivity.yaml	43
Playbooks/Get-AlertEntitiesEnrichment/Deploy.ps1	6
Playbooks/Block-ExchangeIP/Block-ExchangeIP.ps1	7
Playbooks/Add-IP-Entity-To-Named-Location/AddApiPermissions.ps1	22
Playbooks/Resolve-McasInfrequentCountryAlerts/Deploy.ps1	5
Playbooks/AS-Make-GitHub-Repository-Private/Encode-Private-Key/Encode-Private-Key.ps1	21
Playbooks/AS-Make-GitHub-Repository-Private/CreateJWT-Function/CreateJWT.js	25
Playbooks/AS-Block-GitHub-User/Encode-Private-Key/Encode-Private-Key.ps1	21
Playbooks/AS-Block-GitHub-User/CreateJWT-Function/CreateJWT.js	25
Playbooks/MDTI-Actor-Lookup/function_app.py	104
Watchlists/ListofTCPUDPPorts/CSVtoRawContentConverterScript.ps1	37
Watchlists/UpdateCloudIPs/AzureFunctionUpdateCloudIPs/requirements.psd1	8
Watchlists/UpdateCloudIPs/AzureFunctionUpdateCloudIPs/profile.ps1	19
Watchlists/UpdateCloudIPs/AzureFunctionUpdateCloudIPs/UpdateCloudIPs/run.ps1	529
Exploration Queries/InputEntity_Account/Acc2Host_HostWithMostFails.yaml	83
Exploration Queries/InputEntity_Account/Acc2IP_rareIPLocation.yaml	79
Exploration Queries/InputEntity_Account/HostsAppConTriggered.yaml	38
Exploration Queries/InputEntity_Account/UserAccount_LogonsFromIPAddress.yaml	32
Exploration Queries/InputEntity_Account/UserAccount_NewResourceAccess.yaml	44
Exploration Queries/InputEntity_Account/LeastPrevProcess_ByAccount.yaml	47
Exploration Queries/InputEntity_Account/UserAccount_NewInteractiveLogon.yaml	44
Exploration Queries/InputEntity_Account/UserAccount_FailedLogons.yaml	54
Exploration Queries/InputEntity_Account/UserAccount_ResourceLogon.yaml	61
Exploration Queries/InputEntity_Account/UserAccount_Peers.yaml	43
Exploration Queries/InputEntity_Account/UserAccount_ScreenshotHosts.yaml	25
Exploration Queries/InputEntity_Account/UserAccount_SuccessLogons.yaml	57
Exploration Queries/IoT/ConnectionData_DefenderForIoT_GetIoTDevice2IoTDevice.yaml	51
Exploration Queries/IoT/Process_byIoTDevice.yaml	28
Exploration Queries/IoT/ConnectionData_DefenderForIoT_GetIoTDevice2IP.yaml	50
Exploration Queries/IoT/ConnectionData_DefenderForIoT_GetIoTDevice2Host.yaml	52
Exploration Queries/InputEntity_Process/LeastPrevLxHosts_ByProcess.yaml	33
Exploration Queries/InputEntity_Process/WinHosts_WithThisProcess.yaml	57
Exploration Queries/InputEntity_Process/File_UnsignedLoadBlocked.yaml	27
Exploration Queries/InputEntity_Process/Process2Host_VMConfigChange.yaml	68
Exploration Queries/InputEntity_Process/LeastPrevOut_ByProcess.yaml	34
Exploration Queries/InputEntity_Process/LeastPrevIn_ByProcess.yaml	34
Exploration Queries/ExplorationQueryTemplate.yaml	16
Exploration Queries/InputEntity_Host/ConnectionData_DefenderForIoT_GetHost2Host.yaml	52
Exploration Queries/InputEntity_Host/ProcessesOnHost.yaml	38
Exploration Queries/InputEntity_Host/UsersConnectedByHost.yaml	57
Exploration Queries/InputEntity_Host/ServiceCreatedOnHost.yaml	40
Exploration Queries/InputEntity_Host/LeastPrevOut_ByHost.yaml	30
Exploration Queries/InputEntity_Host/ProcessBlockedNonMS.yaml	25
Exploration Queries/InputEntity_Host/ConnectionData_DefenderForIoT_GetHost2IoTDevice.yaml	50
Exploration Queries/InputEntity_Host/MostPrevOut_ByHost.yaml	30
Exploration Queries/InputEntity_Host/UserAccount_CreatedDeleted.yaml	31
Exploration Queries/InputEntity_Host/Host2Acc_PossibleSuccessfulBruteForce.yaml	42
Exploration Queries/InputEntity_Host/LeastPrevIn_ByHost.yaml	29
Exploration Queries/InputEntity_Host/ParentProcessesOnHost.yaml	65
Exploration Queries/InputEntity_Host/ConnectionData_DefenderForIoT_GetHost2IP.yaml	52
Exploration Queries/InputEntity_Host/LeastPrevProcess_ByHost.yaml	29
Exploration Queries/InputEntity_Host/UsersTriggeringAppCon.yaml	37
Exploration Queries/InputEntity_Host/MostPrevIn_ByHost.yaml	29
Exploration Queries/InputEntity_IP/LeastPrevClientIP-DNSNameQueryToIP.yaml	23
Exploration Queries/InputEntity_IP/ConnectionData_DefenderForIoT_GetIP2IoTDevice.yaml	51
Exploration Queries/InputEntity_IP/IP2IP_SrcIPsWithMostDROP.yaml	28
Exploration Queries/InputEntity_IP/IP2Account_byMostActiveAccounts.yaml	53
Exploration Queries/InputEntity_IP/LeastPrevOut_ByIPAddress.yaml	32
Exploration Queries/InputEntity_IP/IP2Host_HostByTrafficFromIPMost.yaml	27
Exploration Queries/InputEntity_IP/MostPrevClientIP-DNSNameQueryToIP.yaml	23
Exploration Queries/InputEntity_IP/ConnectionData_DefenderForIoT_GetIP2Host.yaml	52
Exploration Queries/InputEntity_IP/IP2IP_IPsWithMostDROPs.yaml	29
Exploration Queries/InputEntity_IP/LeastPrevIn_ByIPAddress.yaml	32
Exploration Queries/InputEntity_IP/MostPrevLxHosts_ByIP.yaml	32
Exploration Queries/InputEntity_IP/ConnectionData_DefenderForIoT_GetIP2IP.yaml	50
Exploration Queries/InputEntity_IP/IP2Host_HostByTrafficFromIPLeast.yaml	27
Exploration Queries/InputEntity_IP/IP2Host_HostByTrafficToIPLeast.yaml	26
Exploration Queries/InputEntity_IP/IP2Host_HostByTrafficToIPMost.yaml	26
Exploration Queries/InputEntity_IP/IP2Account_byLeastActiveAccounts.yaml	53
Exploration Queries/InputEntity_File/HostwithFile.yaml	28