path # lines of code # active days days since first update days since last update # commits # contributors first updated last updated first contributor last contributor Detections/ProofpointPOD/ProofpointPODMultipleArchivedAttachmentsToSameRecipient.yaml 4 128 1577 293 189 91 2021-01-11 2024-07-18 sp@socprime.com 164491672+shishirdw@users.noreply.github.com Detections/ProofpointPOD/ProofpointPODSuspiciousAttachment.yaml 4 128 1577 293 189 91 2021-01-11 2024-07-18 sp@socprime.com 164491672+shishirdw@users.noreply.github.com Detections/ProofpointPOD/ProofpointPODEmailSenderIPinTIList.yaml 6 122 1577 293 192 100 2021-01-11 2024-07-18 sp@socprime.com 164491672+shishirdw@users.noreply.github.com Detections/ProofpointPOD/ProofpointPODMultipleLargeEmailsToSameRecipient.yaml 4 128 1577 293 189 91 2021-01-11 2024-07-18 sp@socprime.com 164491672+shishirdw@users.noreply.github.com Detections/ProofpointPOD/ProofpointPODEmailSenderInTIList.yaml 6 133 1577 293 205 104 2021-01-11 2024-07-18 sp@socprime.com 164491672+shishirdw@users.noreply.github.com Detections/ProofpointPOD/ProofpointPODDataExfiltrationToPrivateEmail.yaml 4 128 1577 293 189 91 2021-01-11 2024-07-18 sp@socprime.com 164491672+shishirdw@users.noreply.github.com Detections/ProofpointPOD/ProofpointPODMultipleProtectedEmailsToUnknownRecipient.yaml 4 139 1577 293 214 100 2021-01-11 2024-07-18 sp@socprime.com 164491672+shishirdw@users.noreply.github.com Detections/ProofpointPOD/ProofpointPODHighRiskNotDiscarded.yaml 4 129 1577 293 190 91 2021-01-11 2024-07-18 sp@socprime.com 164491672+shishirdw@users.noreply.github.com Detections/ProofpointPOD/ProofpointPODWeakCiphers.yaml 4 138 1577 293 205 96 2021-01-11 2024-07-18 sp@socprime.com 164491672+shishirdw@users.noreply.github.com Detections/ProofpointPOD/ProofpointPODBinaryInAttachment.yaml 4 128 1577 293 189 91 2021-01-11 2024-07-18 sp@socprime.com 164491672+shishirdw@users.noreply.github.com Detections/CiscoUmbrella/CiscoUmbrellaRequestBlocklistedFileType.yaml 37 86 1577 293 127 72 2021-01-11 2024-07-18 sp@socprime.com 164491672+shishirdw@users.noreply.github.com Detections/CiscoUmbrella/CiscoUmbrellaURIContainsIPAddress.yaml 34 98 1577 293 150 82 2021-01-11 2024-07-18 sp@socprime.com 164491672+shishirdw@users.noreply.github.com Detections/CiscoUmbrella/CiscoUmbrellaHackToolUserAgentDetected.yaml 82 113 1577 293 167 92 2021-01-11 2024-07-18 sp@socprime.com 164491672+shishirdw@users.noreply.github.com Detections/CiscoUmbrella/CiscoUmbrellaConnectionNon-CorporatePrivateNetwork.yaml 35 100 1577 293 155 82 2021-01-11 2024-07-18 sp@socprime.com 164491672+shishirdw@users.noreply.github.com Detections/CiscoUmbrella/CiscoUmbrellaRequestAllowedHarmfulMaliciousURICategory.yaml 52 98 1577 293 150 82 2021-01-11 2024-07-18 sp@socprime.com 164491672+shishirdw@users.noreply.github.com Detections/CiscoUmbrella/CiscoUmbrellaRareUserAgentDetected.yaml 40 113 1577 293 167 92 2021-01-11 2024-07-18 sp@socprime.com 164491672+shishirdw@users.noreply.github.com Detections/CiscoUmbrella/CiscoUmbrellaEmptyUserAgentDetected.yaml 34 113 1577 293 167 92 2021-01-11 2024-07-18 sp@socprime.com 164491672+shishirdw@users.noreply.github.com Detections/CiscoUmbrella/CiscoUmbrellaPowershellUserAgentDetected.yaml 35 113 1577 293 167 92 2021-01-11 2024-07-18 sp@socprime.com 164491672+shishirdw@users.noreply.github.com Detections/CiscoUmbrella/CiscoUmbrellaCryptoMinerUserAgentDetected.yaml 34 113 1577 293 167 92 2021-01-11 2024-07-18 sp@socprime.com 164491672+shishirdw@users.noreply.github.com Detections/CiscoUmbrella/CiscoUmbrellaConnectionToUnpopularWebsiteDetected.yaml 43 113 1577 293 167 92 2021-01-11 2024-07-18 sp@socprime.com 164491672+shishirdw@users.noreply.github.com Detections/Heartbeat/OMI_vulnerability_detection.yaml 56 116 1318 259 211 87 2021-09-27 2024-08-21 45466083+shainw@users.noreply.github.com nilepagn@microsoft.com Detections/Heartbeat/MissingDCHearbeat.yaml 48 78 1261 259 146 66 2021-11-23 2024-08-21 ep3p@users.noreply.github.com nilepagn@microsoft.com Detections/WindowsEvents/CaramelTsunami_IOC_WindowsEvent.yaml 5 34 730 293 45 37 2023-05-08 2024-07-18 50784041+anders-alex@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/WindowsEvents/ChiaCryptoMining_WindowsEvent.yaml 5 51 973 293 80 45 2022-09-07 2024-07-18 v-atulyadav@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/MultipleDataSources/DenimTsunamiFileHashesJuly2022.yaml 5 57 730 293 86 55 2023-05-08 2024-07-18 50784041+anders-alex@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/MultipleDataSources/ZincOctober2022_Filename_Commandline_IOC.yaml 5 50 951 293 78 39 2022-09-29 2024-07-18 v-sabiraj@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/MultipleDataSources/Dev-0270NewUserSep2022.yaml 4 53 973 293 82 47 2022-09-07 2024-07-18 37783395+aprakash13@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/MultipleDataSources/AAD_PAVPN_Correlation.yaml 86 156 2072 261 258 115 2019-09-04 2024-08-19 45466083+shainw@users.noreply.github.com v-prasadboke@microsoft.com Detections/MultipleDataSources/UserImpersonateByRiskyUser.yaml 3 67 622 293 151 48 2023-08-24 2024-07-18 arjuntrivedi42@yahoo.com 164491672+shishirdw@users.noreply.github.com Detections/MultipleDataSources/SUNSPOTHashes.yaml 5 132 1541 293 225 100 2021-02-16 2024-07-18 peter.bryan@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/MultipleDataSources/MFADisable.yaml 5 173 1969 293 263 131 2019-12-16 2024-07-18 45466083+shainw@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/MultipleDataSources/SUNSPOTLogFile.yaml 5 150 1541 293 223 113 2021-02-16 2024-07-18 peter.bryan@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/MultipleDataSources/UserImpersonateByAAID.yaml 3 56 622 293 113 43 2023-08-24 2024-07-18 arjuntrivedi42@yahoo.com 164491672+shishirdw@users.noreply.github.com Detections/MultipleDataSources/MailBoxTampering.yaml 89 89 1188 58 127 75 2022-02-04 2025-03-10 jekurien@microsoft.com idoshabi@microsoft.com Detections/MultipleDataSources/RiskyUserIn3Pnetworkactivity.yaml 98 99 706 259 231 79 2023-06-01 2024-08-21 artrived@microsoft.com nilepagn@microsoft.com Detections/MultipleDataSources/HostAADCorrelation.yaml 102 191 2088 293 306 127 2019-08-19 2024-07-18 peter.bryan@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/MultipleDataSources/Dev-0270RegistryIOCSep2022.yaml 5 73 973 293 112 58 2022-09-07 2024-07-18 37783395+aprakash13@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/MultipleDataSources/BariumDomainIOC112020.yaml 5 193 1638 293 305 142 2020-11-11 2024-07-18 peter.bryan@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/MultipleDataSources/BrutforceAttemptOnAzurePortalAndAWSConsolAtSameTime.yaml 3 57 628 293 114 43 2023-08-18 2024-07-18 arjuntrivedi42@yahoo.com 164491672+shishirdw@users.noreply.github.com Detections/MultipleDataSources/SeashellBlizzardIOCs.yaml 5 57 730 293 86 55 2023-05-08 2024-07-18 50784041+anders-alex@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/MultipleDataSources/Dev-0530_FileExtRename.yaml 60 106 1028 293 188 76 2022-07-14 2024-07-18 ashwin-patil@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/MultipleDataSources/CrossCloudUnauthorizedCredentialsAccessDetection.yaml 3 60 608 293 143 47 2023-09-07 2024-07-18 arjuntrivedi42@yahoo.com 164491672+shishirdw@users.noreply.github.com Detections/MultipleDataSources/Solorigate-VM-Network.yaml 5 124 1541 293 187 100 2021-02-16 2024-07-18 yoweiz@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/MultipleDataSources/EmeraldSleetIOCs.yaml 5 57 730 293 86 55 2023-05-08 2024-07-18 50784041+anders-alex@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/MultipleDataSources/MalformedUserAgents.yaml 109 203 2094 261 307 144 2019-08-13 2024-08-19 sagamzu@microsoft.com v-prasadboke@microsoft.com Detections/MultipleDataSources/COMRegistryKeyModifiedtoPointtoFileinColorDrivers.yaml 74 101 1016 293 167 67 2022-07-26 2024-07-18 peter.bryan@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/MultipleDataSources/ExchangeWorkerProcessMakingRemoteCall.yaml 70 110 950 261 195 81 2022-09-30 2024-08-19 peter.bryan@microsoft.com v-prasadboke@microsoft.com Detections/MultipleDataSources/AuditPolicyManipulation_using_auditpol.yaml 79 146 1556 261 238 109 2021-02-01 2024-08-19 jannieli@microsoft.com v-prasadboke@microsoft.com Detections/MultipleDataSources/EmailAccessviaActiveSync.yaml 88 158 1555 293 258 116 2021-02-02 2024-07-18 jannieli@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/MultipleDataSources/SuspiciousAWSConsolLoginByCredentialAceessAlerts.yaml 3 56 628 293 111 43 2023-08-18 2024-07-18 arjuntrivedi42@yahoo.com 164491672+shishirdw@users.noreply.github.com Detections/MultipleDataSources/PotentialMercury_Webshell.yaml 6 79 986 293 117 67 2022-08-25 2024-07-18 github@shezaf.com 164491672+shishirdw@users.noreply.github.com Detections/MultipleDataSources/Dev-0530_July2022.yaml 5 107 1028 293 177 75 2022-07-14 2024-07-18 ashwin-patil@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/MultipleDataSources/KnownMintSandstormDomainsIP-October2020.yaml 5 57 730 293 86 55 2023-05-08 2024-07-18 50784041+anders-alex@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/MultipleDataSources/powershell_MangoSandstorm.yaml 79 72 730 58 105 64 2023-05-08 2025-03-10 50784041+anders-alex@users.noreply.github.com idoshabi@microsoft.com Detections/MultipleDataSources/SuccessfulAWSConsoleLoginfromIPAddressObservedConductingPasswordSpray.yaml 3 55 615 293 110 43 2023-08-31 2024-07-18 arjuntrivedi42@yahoo.com 164491672+shishirdw@users.noreply.github.com Detections/MultipleDataSources/SuspiciousLoginfromDeletedExternalIdentities.yaml 74 137 1002 293 246 98 2022-08-09 2024-07-18 aspatil@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/MultipleDataSources/PrivilegedAccountsSigninFailureSpikes.yaml 5 116 1286 293 215 92 2021-10-29 2024-07-18 ashwin-patil@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/MultipleDataSources/Unauthorized_user_access_across_AWS_and_Azure.yaml 3 61 608 293 155 48 2023-09-07 2024-07-18 arjuntrivedi42@yahoo.com 164491672+shishirdw@users.noreply.github.com Detections/MultipleDataSources/MidnightBlizzard_DomainIOCsMarch2021.yaml 5 57 730 293 86 55 2023-05-08 2024-07-18 50784041+anders-alex@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/MultipleDataSources/StarBlizzardDomainsAugust2022.yaml 117 79 730 106 141 60 2023-05-08 2025-01-21 50784041+anders-alex@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Detections/MultipleDataSources/HiveRansomwareJuly2022.yaml 5 102 1037 293 161 75 2022-07-05 2024-07-18 alexander.collins@tanium.com 164491672+shishirdw@users.noreply.github.com Detections/MultipleDataSources/DenimTsunamiC2DomainsJuly2022.yaml 5 57 730 293 86 55 2023-05-08 2024-07-18 50784041+anders-alex@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/MultipleDataSources/PotentialFodhelperUACBypass(ASIMVersion).yaml 47 68 1162 576 94 51 2022-03-02 2023-10-09 37783395+aprakash13@users.noreply.github.com mrudula.oruganti@gigamon.com Detections/MultipleDataSources/Dev-0270PowershellSep2022.yaml 5 73 973 293 113 58 2022-09-07 2024-07-18 37783395+aprakash13@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/MultipleDataSources/DiamondSleetOct292020IOCs.yaml 5 57 730 293 86 55 2023-05-08 2024-07-18 50784041+anders-alex@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/MultipleDataSources/Dev-0228FilePathHashesNovember2021.yaml 77 126 1266 293 217 98 2021-11-18 2024-07-18 ep3p@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/MultipleDataSources/AdditionalFilesUploadedByActor.yaml 5 126 1535 293 186 104 2021-02-22 2024-07-18 62295189+thmcelro@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/MultipleDataSources/CrossCloudSuspiciousUserActivityObservedInGCPEnvourment.yaml 3 46 581 293 103 40 2023-10-04 2024-07-18 arjuntrivedi42@yahoo.com 164491672+shishirdw@users.noreply.github.com Detections/MultipleDataSources/RunCommandUEBABreach.yaml 79 187 1290 261 334 129 2021-10-25 2024-08-19 peter.bryan@microsoft.com v-prasadboke@microsoft.com Detections/MultipleDataSources/GainCodeExecutionADFSviaWMI.yaml 171 126 1532 293 180 102 2021-02-25 2024-07-18 jannieli@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/MultipleDataSources/DenimTsunamiAVDetection.yaml 5 57 730 293 86 55 2023-05-08 2024-07-18 50784041+anders-alex@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/MultipleDataSources/AWSConsoleAADCorrelation.yaml 69 190 2088 293 323 133 2019-08-19 2024-07-18 peter.bryan@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/MultipleDataSources/Cross-CloudSuspiciousComputeResourcecreationinGCP.yaml 3 46 581 293 104 40 2023-10-04 2024-07-18 arjuntrivedi42@yahoo.com 164491672+shishirdw@users.noreply.github.com Detections/MultipleDataSources/UserAgentSearch_log4j.yaml 5 83 1239 293 133 70 2021-12-15 2024-07-18 45466083+shainw@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/MultipleDataSources/PrestigeRansomwareIOCsOct22.yaml 124 103 936 261 165 85 2022-10-14 2024-08-19 ashwin-patil@users.noreply.github.com v-prasadboke@microsoft.com Detections/MultipleDataSources/ExchangeServerVulnerabilitiesMarch2021IoCs.yaml 5 199 1523 293 311 145 2021-03-06 2024-07-18 peter.bryan@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/MultipleDataSources/PotentialBuildProcessCompromiseMDE.yaml 5 141 1541 293 241 105 2021-02-16 2024-07-18 peter.bryan@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/MultipleDataSources/ZincOctober2022_IP_Domain_Hash_IOC.yaml 5 50 951 293 77 39 2022-09-29 2024-07-18 v-sabiraj@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/MultipleDataSources/NewUserAgentLast24h.yaml 5 143 2094 293 199 107 2019-08-13 2024-07-18 sagamzu@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/MultipleDataSources/ForestBlizzardOct292020IOCs.yaml 5 57 730 293 86 55 2023-05-08 2024-07-18 50784041+anders-alex@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/MultipleDataSources/SuspiciousModificationofGlobalAdminProperties.yaml 88 126 1002 261 202 93 2022-08-09 2024-08-19 aspatil@microsoft.com v-prasadboke@microsoft.com Detections/MultipleDataSources/AquaBlizzardFeb2022.yaml 5 57 730 293 86 55 2023-05-08 2024-07-18 50784041+anders-alex@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/MultipleDataSources/SuspiciousVMInstanceCreationActivity.yaml 141 77 581 261 171 55 2023-10-04 2024-08-19 arjuntrivedi42@yahoo.com v-prasadboke@microsoft.com Detections/MultipleDataSources/SucessfullSiginFromPhingLink.yaml 138 102 706 293 240 79 2023-06-01 2024-07-18 artrived@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/MultipleDataSources/CadetBlizzard_Jan2022_IOC.yaml 5 57 730 293 86 55 2023-05-08 2024-07-18 50784041+anders-alex@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/MultipleDataSources/ChiaCryptoMining.yaml 5 116 1408 293 200 98 2021-06-29 2024-07-18 37783395+aprakash13@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/MultipleDataSources/DEV-0322_SolarWinds_Serv-U_IOC.yaml 5 117 1394 293 199 98 2021-07-13 2024-07-18 45466083+shainw@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/MultipleDataSources/AuthenticationMethodsChangedforPrivilegedAccount.yaml 5 155 1287 293 280 115 2021-10-28 2024-07-18 pebryan@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/MultipleDataSources/AnomalousIPUsageFollowedByTeamsAction.yaml 128 196 1749 57 311 140 2020-07-23 2025-03-11 45466083+shainw@users.noreply.github.com v-atulyadav@microsoft.com Detections/MultipleDataSources/PlaidRainIPIoC.yaml 5 57 730 293 86 55 2023-05-08 2024-07-18 50784041+anders-alex@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/MultipleDataSources/EUROPIUM _September2022.yaml 159 107 972 293 187 74 2022-09-08 2024-07-18 37783395+aprakash13@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/MultipleDataSources/MSHTMLVuln.yaml 5 108 1328 293 160 84 2021-09-17 2024-07-18 28437644+sandytsang@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/MultipleDataSources/TimeSeriesAnomaly-MultiVendor_DataExfiltration.yaml 123 188 2094 261 275 139 2019-08-13 2024-08-19 sagamzu@microsoft.com v-prasadboke@microsoft.com Detections/MultipleDataSources/Log4J_IPIOC_Dec112021.yaml 5 91 1242 293 163 81 2021-12-12 2024-07-18 avita.merberg@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/MultipleDataSources/DiamondSleetJan272021IOCs.yaml 5 57 730 293 86 55 2023-05-08 2024-07-18 50784041+anders-alex@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/MultipleDataSources/Dev-0270WMICDiscoverySep2022.yaml 5 73 973 293 112 58 2022-09-07 2024-07-18 37783395+aprakash13@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/MultipleDataSources/UnusualGuestActivity.yaml 5 141 1265 293 256 98 2021-11-19 2024-07-18 ashwin-patil@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/MultipleDataSources/WSLMalwareCorrelation.yaml 5 149 1325 293 247 103 2021-09-20 2024-07-18 jekurien@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/MultipleDataSources/BariumIPIOC112020.yaml 5 206 1638 293 329 144 2020-11-11 2024-07-18 peter.bryan@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/MultipleDataSources/RubySleetOct292020IOCs.yaml 5 57 730 293 86 55 2023-05-08 2024-07-18 50784041+anders-alex@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/MultipleDataSources/CaramelTsunami_IOC.yaml 5 57 730 293 86 55 2023-05-08 2024-07-18 50784041+anders-alex@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/MultipleDataSources/PHOSPHORUSMarch2019IOCs.yaml 5 192 1660 293 297 141 2020-10-20 2024-07-18 peter.bryan@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/MultipleDataSources/SecurityServiceRegistryACLModification.yaml 142 144 1568 259 222 116 2021-01-20 2024-08-21 45466083+shainw@users.noreply.github.com nilepagn@microsoft.com Detections/MultipleDataSources/Manganese_VPN-IOCs.yaml 5 135 2045 293 203 109 2019-10-01 2024-07-18 45466083+shainw@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/MultipleDataSources/AADAWSConsoleCorrelation.yaml 84 173 2088 293 300 119 2019-08-19 2024-07-18 peter.bryan@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/MultipleDataSources/MidnightBlizzard_FoggyWeb.yaml 5 57 730 293 86 55 2023-05-08 2024-07-18 50784041+anders-alex@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/MultipleDataSources/EuropiumUnusualIdentity.yaml 67 92 972 293 158 64 2022-09-08 2024-07-18 37783395+aprakash13@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/MultipleDataSources/SilkTyphoonUmServiceSuspiciousFile.yaml 5 57 730 293 86 55 2023-05-08 2024-07-18 50784041+anders-alex@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/MultipleDataSources/ADFS-DKM-MasterKey-Export.yaml 98 170 1599 293 274 126 2020-12-20 2024-07-18 45466083+shainw@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/MultipleDataSources/NylonTyphoonIOCsNov2021.yaml 5 57 730 293 86 55 2023-05-08 2024-07-18 50784041+anders-alex@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/MultipleDataSources/MidnightBlizzard_IOCsMay2021.yaml 5 57 730 293 86 55 2023-05-08 2024-07-18 50784041+anders-alex@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/MultipleDataSources/PhishinglinkExecutionObserved.yaml 112 81 678 293 186 68 2023-06-29 2024-07-18 arjuntrivedi42@yahoo.com 164491672+shishirdw@users.noreply.github.com Detections/MultipleDataSources/GraniteTyphoonIOCs.yaml 5 57 730 293 86 55 2023-05-08 2024-07-18 50784041+anders-alex@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/MultipleDataSources/AADHostLoginCorrelation.yaml 128 226 2088 58 372 144 2019-08-19 2025-03-10 peter.bryan@microsoft.com idoshabi@microsoft.com Detections/MultipleDataSources/Accountcreatedfromnon-approvedsources.yaml 103 120 1034 268 211 73 2022-07-08 2024-08-12 pebryan@microsoft.com 62938807+haim-na@users.noreply.github.com Detections/MultipleDataSources/B64IPInURLFromMDE.yaml 72 72 1072 261 94 51 2022-05-31 2024-08-19 62295189+thmcelro@users.noreply.github.com v-prasadboke@microsoft.com Detections/MultipleDataSources/Mercury_Log4j_August2022.yaml 244 102 986 293 175 71 2022-08-25 2024-07-18 github@shezaf.com 164491672+shishirdw@users.noreply.github.com Detections/MultipleDataSources/NetworkEndpointCorrelation.yaml 5 171 2094 293 237 120 2019-08-13 2024-07-18 sagamzu@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/MultipleDataSources/Solorigate-Network-Beacon.yaml 5 185 1597 293 286 138 2020-12-22 2024-07-18 peter.bryan@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/MultipleDataSources/TarraskHashIoC.yaml 5 87 1121 293 135 72 2022-04-12 2024-07-18 peter.bryan@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/MultipleDataSources/ZincOctober2022_AVHits_IOC.yaml 5 50 951 293 76 39 2022-09-29 2024-07-18 v-sabiraj@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/MultipleDataSources/MultiplePasswordresetsbyUser.yaml 136 223 2017 261 343 152 2019-10-29 2024-08-19 45466083+shainw@users.noreply.github.com v-prasadboke@microsoft.com Detections/MultipleDataSources/DisabledAccIPSigninWithRareRiskyOps.yaml 115 46 555 293 94 40 2023-10-30 2024-07-18 137959176+ishadave@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/MultipleDataSources/ForestBlizzardJuly2019IOCs.yaml 142 77 730 293 134 62 2023-05-08 2024-07-18 50784041+anders-alex@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/MultipleDataSources/SigninFirewallCorrelation.yaml 67 201 2094 261 301 140 2019-08-13 2024-08-19 sagamzu@microsoft.com v-prasadboke@microsoft.com Detections/MultipleDataSources/B64UserInWebURIFromMDE.yaml 79 52 1072 576 63 39 2022-05-31 2023-10-09 62295189+thmcelro@users.noreply.github.com mrudula.oruganti@gigamon.com Detections/PulseConnectSecure/PulseConnectSecureVPN-CVE_2021_22893_Exploit.yaml 39 77 1092 261 116 56 2022-05-11 2024-08-19 61369934+blackb0lt@users.noreply.github.com v-prasadboke@microsoft.com Detections/SecurityNestedRecommendation/Log4jVulnerableMachines.yaml 5 65 1240 293 96 59 2021-12-14 2024-07-18 aprakash@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/SecurityNestedRecommendation/OMIGODVulnerableMachines.yaml 50 88 1328 261 135 70 2021-09-17 2024-08-19 28437644+sandytsang@users.noreply.github.com v-prasadboke@microsoft.com Detections/DeviceProcessEvents/SolarWinds_SUNBURST_Process-IOCs.yaml 61 160 1603 293 273 128 2020-12-16 2024-07-18 andesreedhar@gmail.com 164491672+shishirdw@users.noreply.github.com Detections/DeviceProcessEvents/AdFind_Usage.yaml 5 107 1476 293 177 95 2021-04-22 2024-07-18 38758896+testleper@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/AzureDiagnostics/KeyvaultMassSecretRetrieval.yaml 5 174 2094 293 276 125 2019-08-13 2024-07-18 sagamzu@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/AzureDiagnostics/TimeSeriesKeyvaultAccessAnomaly.yaml 5 145 2094 293 238 117 2019-08-13 2024-07-18 sagamzu@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/AzureDiagnostics/MaliciousWAFSessions.yaml 5 137 1633 293 216 98 2020-11-16 2024-07-18 74541184+vanimstic@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/AzureDiagnostics/AzureWAFmatching_log4j_vuln.yaml 5 82 1241 293 131 70 2021-12-13 2024-07-18 45466083+shainw@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/AzureDiagnostics/NRT_KeyVaultSensitiveOperations.yaml 5 69 1185 293 110 66 2022-02-07 2024-07-18 pebryan@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/AzureDiagnostics/KeyVaultSensitiveOperations.yaml 5 146 2094 293 233 119 2019-08-13 2024-07-18 sagamzu@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/SecurityEvent/PotentialFodhelperUACBypass.yaml 5 88 1167 293 129 66 2022-02-25 2024-07-18 45466083+shainw@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/SecurityEvent/CredentialDumpingToolsFileArtifacts.yaml 5 84 1175 293 128 65 2022-02-17 2024-07-18 96576100+vpaschalidis@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/SecurityEvent/RegistryPersistenceViaAppCertDLLModification.yaml 5 57 1153 293 79 48 2022-03-11 2024-07-18 96576100+vpaschalidis@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/SecurityEvent/SilkTyphoonSuspiciousUMServiceError.yaml 45 61 730 293 96 58 2023-05-08 2024-07-18 50784041+anders-alex@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/SecurityEvent/MidnightBlizzard_SuspiciousRundll32Exec.yaml 84 77 730 268 128 65 2023-05-08 2024-08-12 50784041+anders-alex@users.noreply.github.com 62938807+haim-na@users.noreply.github.com Detections/SecurityEvent/FakeComputerAccountCreated.yaml 71 72 1224 293 108 63 2021-12-30 2024-07-18 96576100+vpaschalidis@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/SecurityEvent/NRT_execute_base64_decodedpayload.yaml 5 66 1185 293 97 60 2022-02-07 2024-07-18 pebryan@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/SecurityEvent/malware_in_recyclebin.yaml 5 155 2094 293 226 113 2019-08-13 2024-07-18 sagamzu@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/SecurityEvent/LocalDeviceJoinInfoAndTransportKeyRegKeysAccess.yaml 5 116 1175 293 191 85 2022-02-17 2024-07-18 37783395+aprakash13@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/SecurityEvent/GroupCreatedAddedToPrivlegeGroup_1h.yaml 150 202 2094 261 307 140 2019-08-13 2024-08-19 sagamzu@microsoft.com v-prasadboke@microsoft.com Detections/SecurityEvent/NonDCActiveDirectoryReplication.yaml 5 83 1464 293 119 67 2021-05-04 2024-07-18 rrodri0622@gmail.com 164491672+shishirdw@users.noreply.github.com Detections/SecurityEvent/SecurityEventLogCleared.yaml 5 162 2094 293 239 120 2019-08-13 2024-07-18 sagamzu@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/SecurityEvent/GainCodeExecutionADFSViaSMB.yaml 5 125 1526 293 180 102 2021-03-03 2024-07-18 jannieli@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/SecurityEvent/StartStopHealthService.yaml 5 107 1514 293 149 88 2021-03-15 2024-07-18 jannieli@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/SecurityEvent/MacroInvokingShellBrowserWindowCOMObjects.yaml 5 57 1153 293 81 48 2022-03-11 2024-07-18 96576100+vpaschalidis@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/SecurityEvent/NRT_SecurityEventLogCleared.yaml 5 66 1185 293 95 60 2022-02-07 2024-07-18 pebryan@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/SecurityEvent/gte_6_FailedLogons_10m.yaml 140 226 2094 293 361 159 2019-08-13 2024-07-18 sagamzu@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/SecurityEvent/LateralMovementViaDCOM.yaml 5 57 1153 293 80 48 2022-03-11 2024-07-18 96576100+vpaschalidis@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/SecurityEvent/CredentialDumpingServiceInstallation.yaml 5 82 1178 293 129 63 2022-02-14 2024-07-18 96576100+vpaschalidis@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/SecurityEvent/WindowsBinariesLolbinsRenamed.yaml 5 57 1153 293 88 51 2022-03-11 2024-07-18 96576100+vpaschalidis@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/SecurityEvent/NewEXEdeployedviaDefaultDomainorDefaultDomainControllerPolicies.yaml 5 89 1167 293 129 66 2022-02-25 2024-07-18 45466083+shainw@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/SecurityEvent/SilkTyphoonNewUMServiceChildProcess.yaml 95 62 730 293 98 58 2023-05-08 2024-07-18 50784041+anders-alex@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/SecurityEvent/SdeletedeployedviaGPOandrunrecursively.yaml 5 89 1163 293 133 67 2022-03-01 2024-07-18 pebryan@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/SecurityEvent/UserAccountAdd-Removed.yaml 129 174 2094 293 244 131 2019-08-13 2024-07-18 sagamzu@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/SecurityEvent/AccessibilityFeaturesModification.yaml 74 86 1154 261 128 67 2022-03-10 2024-08-19 96576100+vpaschalidis@users.noreply.github.com v-prasadboke@microsoft.com Detections/SecurityEvent/RDP_RareConnection.yaml 103 158 2025 293 231 117 2019-10-21 2024-07-18 shainw@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/SecurityEvent/DumpingLSASSProcessIntoaFile.yaml 5 57 1153 293 84 48 2022-03-11 2024-07-18 96576100+vpaschalidis@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/SecurityEvent/ADFSRemoteHTTPNetworkConnection.yaml 5 78 1406 293 107 66 2021-07-01 2024-07-18 rrodri0622@gmail.com 164491672+shishirdw@users.noreply.github.com Detections/SecurityEvent/ADFSDBNamedPipeConnection.yaml 5 90 1469 293 129 76 2021-04-29 2024-07-18 rrodri0622@gmail.com 164491672+shishirdw@users.noreply.github.com Detections/SecurityEvent/PotentialKerberoast.yaml 118 188 2094 261 275 137 2019-08-13 2024-08-19 sagamzu@microsoft.com v-prasadboke@microsoft.com Detections/SecurityEvent/powershell_empire.yaml 5 176 2094 293 268 131 2019-08-13 2024-07-18 sagamzu@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/SecurityEvent/PotentialBuildProcessCompromise.yaml 121 142 1541 293 213 110 2021-02-16 2024-07-18 peter.bryan@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/SecurityEvent/AADHealthMonAgentRegKeyAccess.yaml 139 134 1351 293 236 97 2021-08-25 2024-07-18 rrodri0622@gmail.com 164491672+shishirdw@users.noreply.github.com Detections/SecurityEvent/AdminSDHolder_Modifications.yaml 56 72 1204 293 105 63 2022-01-19 2024-07-18 96576100+vpaschalidis@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/SecurityEvent/UserAccountEnabledDisabled_10m.yaml 149 198 1858 261 304 142 2020-04-05 2024-08-19 samik.n.roy@gmail.com v-prasadboke@microsoft.com Detections/SecurityEvent/UserAccountAddedToPrivlegeGroup_1h.yaml 112 234 2094 261 351 155 2019-08-13 2024-08-19 sagamzu@microsoft.com v-prasadboke@microsoft.com Detections/SecurityEvent/UserCreatedAddedToBuiltinAdmins_1d.yaml 141 164 2094 293 236 126 2019-08-13 2024-07-18 sagamzu@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/SecurityEvent/RegistryPersistenceViaAppInt_DLLsModification.yaml 5 59 1143 293 84 50 2022-03-21 2024-07-18 96576100+vpaschalidis@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/SecurityEvent/NRT_base64_encoded_pefile.yaml 5 66 1185 293 95 60 2022-02-07 2024-07-18 pebryan@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/SecurityEvent/UserPrincipalNameAssignedToUserAccount.yaml 63 82 1218 293 131 70 2022-01-05 2024-07-18 96576100+vpaschalidis@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/SecurityEvent/DSRMAccountAbuse.yaml 72 67 1153 293 99 58 2022-03-11 2024-07-18 96576100+vpaschalidis@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/SecurityEvent/RDP_MultipleConnectionsFromSingleSystem.yaml 96 170 2025 293 268 128 2019-10-21 2024-07-18 shainw@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/SecurityEvent/MidnightBlizzard_SuspiciousScriptRegistryWrite.yaml 91 64 730 293 109 57 2023-05-08 2024-07-18 50784041+anders-alex@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/SecurityEvent/WDigestDowngradeAttack.yaml 5 57 1154 293 84 51 2022-03-10 2024-07-18 96576100+vpaschalidis@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/SecurityEvent/SolorigateNamedPipe.yaml 95 168 1589 293 256 124 2020-12-30 2024-07-18 45466083+shainw@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/SecurityEvent/TimeSeriesAnomaly-ProcessExecutions.yaml 5 151 2094 293 216 120 2019-08-13 2024-07-18 sagamzu@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/SecurityEvent/PotentialRemoteDesktopTunneling.yaml 5 64 1178 293 97 55 2022-02-14 2024-07-18 96576100+vpaschalidis@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/SecurityEvent/password_not_set.yaml 5 134 2094 293 188 106 2019-08-13 2024-07-18 sagamzu@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/SecurityEvent/execute_base64_decodedpayload.yaml 5 142 2094 293 200 108 2019-08-13 2024-07-18 sagamzu@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/SecurityEvent/base64_encoded_pefile.yaml 5 142 2094 293 199 108 2019-08-13 2024-07-18 sagamzu@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/SecurityEvent/PotenialResourceBasedConstrainedDelegationAbuse.yaml 62 72 1218 293 108 63 2022-01-05 2024-07-18 96576100+vpaschalidis@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/SecurityEvent/MultipleFailedFollowedBySuccess.yaml 5 107 1860 293 146 88 2020-04-03 2024-07-18 62712382+robmsft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/SecurityEvent/AADHealthSvcAgentRegKeyAccess.yaml 137 119 1351 293 196 88 2021-08-25 2024-07-18 rrodri0622@gmail.com 164491672+shishirdw@users.noreply.github.com Detections/SecurityEvent/ADFSRemoteAuthSyncConnection.yaml 5 94 1406 293 138 73 2021-07-01 2024-07-18 rrodri0622@gmail.com 164491672+shishirdw@users.noreply.github.com Detections/SecurityEvent/COMEventSystemLoadingNewDLL.yaml 117 78 937 293 128 71 2022-10-13 2024-07-18 45466083+shainw@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/SecurityEvent/UserAccountCreatedDeleted_10m.yaml 148 190 2094 261 285 141 2019-08-13 2024-08-19 sagamzu@microsoft.com v-prasadboke@microsoft.com Detections/SecurityEvent/ExcessiveLogonFailures.yaml 5 136 2094 293 188 105 2019-08-13 2024-07-18 sagamzu@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/SecurityEvent/ExchangeOABVirtualDirectoryAttributeContainingPotentialWebshell.yaml 5 109 1512 293 158 85 2021-03-17 2024-07-18 peter.bryan@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/SecurityEvent/password_never_expires.yaml 107 193 2094 268 284 137 2019-08-13 2024-08-12 sagamzu@microsoft.com 62938807+haim-na@users.noreply.github.com Detections/SecurityEvent/Potentialre-namedsdeleteusage.yaml 5 90 1167 293 132 66 2022-02-25 2024-07-18 45466083+shainw@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/SecurityEvent/ScheduleTaskHide.yaml 5 61 1121 293 88 57 2022-04-12 2024-07-18 peter.bryan@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/SecurityEvent/WindowsBinariesExecutedfromNon-DefaultDirectory.yaml 5 65 1178 293 99 58 2022-02-14 2024-07-18 96576100+vpaschalidis@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/SecurityEvent/ADFSAbnormalEnhancedKeyUsageAttribute-OID.yaml 72 77 987 293 124 54 2022-08-24 2024-07-18 45466083+shainw@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/SecurityEvent/RDP_Nesting.yaml 159 199 2025 106 290 141 2019-10-21 2025-01-21 shainw@microsoft.com 128674128+v1managedservices@users.noreply.github.com Detections/ASimProcess/NewEXEdeployedviaDefaultDomainorDefaultDomainControllerPolicies(ASIMVersion).yaml 57 94 1162 293 141 70 2022-03-02 2024-07-18 37783395+aprakash13@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/ASimProcess/imProcess_base64_encoded_pefile.yaml 30 117 1428 293 196 88 2021-06-09 2024-07-18 t-yuvalnaor@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/ASimProcess/imProcess_MidnightBlizzard_SuspiciousRundll32Exec.yaml 29 84 730 293 149 69 2023-05-08 2024-07-18 50784041+anders-alex@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/ASimProcess/SdeletedeployedviaGPOandrunrecursively(ASIMVersion).yaml 35 109 1162 13 184 82 2022-03-02 2025-04-24 37783395+aprakash13@users.noreply.github.com v-prasadboke@microsoft.com Detections/ASimProcess/imProcess_malware_in_recyclebin.yaml 30 132 1424 293 219 96 2021-06-13 2024-07-18 t-yuvalnaor@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/ASimProcess/imProcess_AdFind_Usage.yaml 35 142 1428 268 218 105 2021-06-09 2024-08-12 t-yuvalnaor@microsoft.com 62938807+haim-na@users.noreply.github.com Detections/ASimProcess/imFileEvent_Dev-0228FilePathHashesNovember2021(ASIMVersion).yaml 40 71 855 268 112 53 2023-01-03 2024-08-12 62938807+haim-na@users.noreply.github.com Detections/ASimProcess/Potentialre-namedsdeleteusage(ASIMVersion).yaml 24 100 1162 293 176 77 2022-03-02 2024-07-18 37783395+aprakash13@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/ASimProcess/imProcess_SolarWinds_SUNBURST_Process-IOCs.yaml 34 130 1415 259 216 95 2021-06-22 2024-08-21 github@shezaf.com nilepagn@microsoft.com Detections/QualysVM/NewHighSeverityVulnDetectedAcrossMulitpleHosts.yaml 5 121 1783 293 181 93 2020-06-19 2024-07-18 59736871+chicduong@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/QualysVM/HighNumberofVulnDetected.yaml 5 127 1783 293 189 97 2020-06-19 2024-07-18 59736871+chicduong@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/ASimAuthentication/imAuthSigninsMultipleCountries.yaml 69 149 1414 259 264 115 2021-06-23 2024-08-21 yafruch@microsoft.com nilepagn@microsoft.com Detections/ASimAuthentication/imAuthPasswordSpray.yaml 46 108 1414 293 154 85 2021-06-23 2024-07-18 yafruch@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/ASimAuthentication/imSigninAttemptsByIPviaDisabledAccounts.yaml 54 97 1380 293 147 79 2021-07-27 2024-07-18 49263271+yaronfruchtmann@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/ASimAuthentication/imAuthBruteForce.yaml 75 162 1414 261 266 111 2021-06-23 2024-08-19 yafruch@microsoft.com v-prasadboke@microsoft.com Detections/AzureAppServices/AVScan_Infected_Files_Found.yaml 31 113 1608 293 170 91 2020-12-11 2024-07-18 ndicola@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/AzureAppServices/AVScan_Failure.yaml 31 122 1608 293 185 95 2020-12-11 2024-07-18 ndicola@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/ASimFileEvent/imFileESolarWindsSunburstSupernova.yaml 31 141 1373 293 226 100 2021-08-03 2024-07-18 49263271+yaronfruchtmann@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/ASimFileEvent/SuspiciousAccessOfBECRelatedDocuments.yaml 5 51 803 293 95 44 2023-02-24 2024-07-18 peter.bryan@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/AzureDevOpsAuditing/ExternalUpstreamSourceAddedtoAzureDevOpsFeed.yaml 4 79 1552 576 112 72 2021-02-05 2023-10-09 peter.bryan@microsoft.com mrudula.oruganti@gigamon.com Detections/AzureDevOpsAuditing/ADOSecretNotSecured.yaml 4 79 1541 576 113 72 2021-02-16 2023-10-09 peter.bryan@microsoft.com mrudula.oruganti@gigamon.com Detections/AzureDevOpsAuditing/ADOVariableModifiedByNewUser.yaml 4 79 1552 576 113 72 2021-02-05 2023-10-09 peter.bryan@microsoft.com mrudula.oruganti@gigamon.com Detections/AzureDevOpsAuditing/ADOPATUsedWithBrowser.yaml 4 92 1541 576 129 82 2021-02-16 2023-10-09 peter.bryan@microsoft.com mrudula.oruganti@gigamon.com Detections/AzureDevOpsAuditing/AzDOHistoricServiceConnectionAdds.yaml 4 89 1755 576 125 78 2020-07-17 2023-10-09 45466083+shainw@users.noreply.github.com mrudula.oruganti@gigamon.com Detections/AzureDevOpsAuditing/NRT_ADOAuditStreamDisabled.yaml 4 51 1061 576 77 41 2022-06-11 2023-10-09 samik.n.roy@gmail.com mrudula.oruganti@gigamon.com Detections/AzureDevOpsAuditing/AzDOAdminGroupAdditions.yaml 4 97 1755 576 137 84 2020-07-17 2023-10-09 45466083+shainw@users.noreply.github.com mrudula.oruganti@gigamon.com Detections/AzureDevOpsAuditing/AzDOPipelineCreatedDeletedOneDay.yaml 4 77 1552 576 107 72 2021-02-05 2023-10-09 peter.bryan@microsoft.com mrudula.oruganti@gigamon.com Detections/AzureDevOpsAuditing/ADOAuditStreamDisabled.yaml 4 80 1552 576 112 72 2021-02-05 2023-10-09 peter.bryan@microsoft.com mrudula.oruganti@gigamon.com Detections/AzureDevOpsAuditing/ADOPipelineModifiedbyNewUser.yaml 4 119 1552 576 183 98 2021-02-05 2023-10-09 peter.bryan@microsoft.com mrudula.oruganti@gigamon.com Detections/AzureDevOpsAuditing/AzDOPatSessionMisuse.yaml 4 138 1755 576 209 109 2020-07-17 2023-10-09 45466083+shainw@users.noreply.github.com mrudula.oruganti@gigamon.com Detections/AzureDevOpsAuditing/NewPAPCAPCASaddedtoADO.yaml 4 81 1552 576 115 72 2021-02-05 2023-10-09 peter.bryan@microsoft.com mrudula.oruganti@gigamon.com Detections/AzureDevOpsAuditing/ADOAgentPoolCreatedDeleted.yaml 4 80 1552 576 113 72 2021-02-05 2023-10-09 peter.bryan@microsoft.com mrudula.oruganti@gigamon.com Detections/AzureDevOpsAuditing/AzDOHistoricPrPolicyBypassing.yaml 4 89 1755 576 125 78 2020-07-17 2023-10-09 45466083+shainw@users.noreply.github.com mrudula.oruganti@gigamon.com Detections/AzureDevOpsAuditing/NewAgentAddedToPoolbyNewUserorofNewOS.yaml 4 78 1552 576 111 72 2021-02-05 2023-10-09 peter.bryan@microsoft.com mrudula.oruganti@gigamon.com Detections/AzureDevOpsAuditing/AzDOServiceConnectionUsage.yaml 4 91 1755 576 129 81 2020-07-17 2023-10-09 45466083+shainw@users.noreply.github.com mrudula.oruganti@gigamon.com Detections/AzureDevOpsAuditing/ADORetentionReduced.yaml 4 38 1282 576 56 41 2021-11-02 2023-10-09 pebryan@microsoft.com mrudula.oruganti@gigamon.com Detections/AzureDevOpsAuditing/ADONewExtensionAdded.yaml 4 78 1541 576 111 72 2021-02-16 2023-10-09 peter.bryan@microsoft.com mrudula.oruganti@gigamon.com Detections/DnsEvents/NRT_DNS_Related_To_Mining_Pools.yaml 5 70 1185 293 106 65 2022-02-07 2024-07-18 pebryan@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/DnsEvents/DNS_HighNXDomainCount_detection.yaml 5 134 2094 293 185 105 2019-08-13 2024-07-18 sagamzu@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/DnsEvents/DNS_Miners.yaml 5 136 2094 293 189 108 2019-08-13 2024-07-18 sagamzu@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/DnsEvents/DNS_HighReverseDNSCount_detection.yaml 5 124 2094 293 173 101 2019-08-13 2024-07-18 sagamzu@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/DnsEvents/DNS_TorProxies.yaml 5 135 2094 293 186 106 2019-08-13 2024-07-18 sagamzu@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/W3CIISLog/AnomomlousUserAgentConnection.yaml 63 133 2064 293 182 106 2019-09-12 2024-07-18 42559062+juliango2100@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/W3CIISLog/HighPortCountByClientIP.yaml 80 139 2094 261 181 104 2019-08-13 2024-08-19 sagamzu@microsoft.com v-prasadboke@microsoft.com Detections/W3CIISLog/MaliciousAlertLinkedWebRequests.yaml 6 137 1812 293 193 118 2020-05-21 2024-07-18 62712382+robmsft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/W3CIISLog/HighFailedLogonCountByClientIP.yaml 92 156 2094 261 216 116 2019-08-13 2024-08-19 sagamzu@microsoft.com v-prasadboke@microsoft.com Detections/W3CIISLog/SilkTyphoonSuspiciousExchangeRequestPattern.yaml 65 57 730 293 82 54 2023-05-08 2024-07-18 50784041+anders-alex@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/W3CIISLog/Supernovawebshell.yaml 6 167 1581 293 251 132 2021-01-07 2024-07-18 45466083+shainw@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/W3CIISLog/ProxyShellPwn2Own.yaml 65 94 1367 261 140 74 2021-08-09 2024-08-19 45466083+shainw@users.noreply.github.com v-prasadboke@microsoft.com Detections/W3CIISLog/HighFailedLogonCountByUser.yaml 99 141 2094 293 190 107 2019-08-13 2024-07-18 sagamzu@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/AWSGuardDuty/AWS_GuardDuty_template.yaml 4 84 1266 293 151 81 2021-11-18 2024-07-18 ep3p@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/DeviceEvents/SolarWinds_TEARDROP_Process-IOCs.yaml 5 196 1603 293 341 136 2020-12-16 2024-07-18 andesreedhar@gmail.com 164491672+shishirdw@users.noreply.github.com Detections/SigninLogs/DistribPassCrackAttempt.yaml 5 166 2094 293 261 126 2019-08-13 2024-07-18 sagamzu@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/SigninLogs/SigninBruteForce-AzurePortal.yaml 5 191 2094 293 299 137 2019-08-13 2024-07-18 sagamzu@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/SigninLogs/AzureAADPowerShellAnomaly.yaml 5 170 1608 293 281 133 2020-12-11 2024-07-18 andesreedhar@gmail.com 164491672+shishirdw@users.noreply.github.com Detections/SigninLogs/Brute Force Attack against GitHub Account.yaml 5 122 1749 293 204 100 2020-07-23 2024-07-18 45466083+shainw@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/SigninLogs/AnomalousSingleFactorSignin.yaml 73 18 327 259 49 22 2024-06-14 2024-08-21 103927368+tduarte14@users.noreply.github.com nilepagn@microsoft.com Detections/SigninLogs/SigninAttemptsByIPviaDisabledAccounts.yaml 5 165 2064 293 262 126 2019-09-12 2024-07-18 42559062+juliango2100@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/SigninLogs/BypassCondAccessRule.yaml 5 159 2094 293 252 124 2019-08-13 2024-07-18 sagamzu@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/SigninLogs/NewCountryValidCreds.yaml 80 84 729 293 163 69 2023-05-09 2024-07-18 84290680+lem0w@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/SigninLogs/DisabledAccountSigninsAcrossManyApplications.yaml 5 157 2094 293 249 123 2019-08-13 2024-07-18 sagamzu@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/SigninLogs/UserAccounts-CABlockedSigninSpikes.yaml 5 109 1286 293 197 85 2021-10-29 2024-07-18 ashwin-patil@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/SigninLogs/AuthenticationsofPrivilegedAccountsOutsideofExpectedControls.yaml 69 84 1034 293 134 59 2022-07-08 2024-07-18 pebryan@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/SigninLogs/AnomalousUserAppSigninLocationIncrease-detection.yaml 5 143 2094 293 232 116 2019-08-13 2024-07-18 sagamzu@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/SigninLogs/PrivilegedUserLogonfromnewASN.yaml 66 152 1034 293 261 99 2022-07-08 2024-07-18 pebryan@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/SigninLogs/ServicePrincipalAuthenticationAttemptfromNewCountry.yaml 53 55 1034 576 71 38 2022-07-08 2023-10-09 pebryan@microsoft.com mrudula.oruganti@gigamon.com Detections/SigninLogs/NRT_MFARejectedbyUser.yaml 5 98 1185 293 178 84 2022-02-07 2024-07-18 pebryan@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/SigninLogs/FailedLogonToAzurePortal.yaml 5 178 2094 293 280 135 2019-08-13 2024-07-18 sagamzu@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/SigninLogs/BruteForceCloudPC.yaml 5 110 1302 293 200 85 2021-10-13 2024-07-18 56966432+rod-trent@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/SigninLogs/AuthenticationAttemptfromNewCountry.yaml 107 121 1034 293 225 90 2022-07-08 2024-07-18 pebryan@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/SigninLogs/MFARejectedbyUser.yaml 5 144 1287 293 266 109 2021-10-28 2024-07-18 pebryan@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/SigninLogs/SuccessThenFail_DiffIP_SameUserandApp.yaml 5 160 2094 293 252 123 2019-08-13 2024-07-18 sagamzu@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/SigninLogs/Sign-in Burst from Multiple Locations.yaml 5 129 1749 293 221 103 2020-07-23 2024-07-18 45466083+shainw@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/SigninLogs/ExplicitMFADeny.yaml 5 177 1666 106 305 136 2020-10-14 2025-01-21 57229057+secops-and-hops@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Detections/SigninLogs/SigninPasswordSpray.yaml 5 164 1868 293 256 127 2020-03-26 2024-07-18 62712382+robmsft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/SigninLogs/SeamlessSSOPasswordSpray.yaml 5 91 1154 293 161 76 2022-03-10 2024-07-18 ep3p@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/SigninLogs/ADFSSignInLogsPasswordSpray.yaml 5 97 1156 293 169 76 2022-03-08 2024-07-18 ep3p@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/SigninLogs/AzurePortalSigninfromanotherAzureTenant.yaml 5 139 1290 293 266 109 2021-10-25 2024-07-18 peter.bryan@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/DuoSecurity/IPEntity_DuoSecurity.yaml 5 77 1544 293 110 59 2021-02-13 2024-07-18 ndicola@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/DuoSecurity/TrustMonitorEvent.yaml 44 76 1544 259 122 53 2021-02-13 2024-08-21 ndicola@microsoft.com nilepagn@microsoft.com Detections/DeviceFileEvents/PEfiledroppedinColorDriversFolder.yaml 46 56 1016 576 78 41 2022-07-26 2023-10-09 peter.bryan@microsoft.com mrudula.oruganti@gigamon.com Detections/DeviceFileEvents/SolarWinds_SUNBURST_&_SUPERNOVA_File-IOCs.yaml 5 175 1603 293 307 132 2020-12-16 2024-07-18 andesreedhar@gmail.com 164491672+shishirdw@users.noreply.github.com Detections/GitHub/Threat Intel Matches to GitHub Audit Logs.yaml 4 117 1766 293 164 94 2020-07-06 2024-07-18 ashwinpatil@outlook.com 164491672+shishirdw@users.noreply.github.com Detections/GitHub/(Preview) GitHub - Two Factor Authentication Disabled in GitHub.yaml 5 29 965 293 54 30 2022-09-15 2024-07-18 v-atulyadav@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/GitHub/Security Vulnerability in Repo.yaml 6 109 1791 293 147 90 2020-06-11 2024-07-18 itay.argoety@gmail.com 164491672+shishirdw@users.noreply.github.com Detections/GitHub/(Preview) GitHub - Activities from Infrequent Country.yaml 5 29 965 293 54 30 2022-09-15 2024-07-18 v-atulyadav@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/GitHub/NRT Two Factor Authentication Disabled.yaml 6 73 1081 293 118 56 2022-05-22 2024-07-18 samik.n.roy@gmail.com 164491672+shishirdw@users.noreply.github.com Detections/ASimDNS/imDns_HighNXDomainCount_detection.yaml 83 135 1340 261 198 97 2021-09-05 2024-08-19 49263271+yaronfruchtmann@users.noreply.github.com v-prasadboke@microsoft.com Detections/ASimDNS/imDNS_Miners.yaml 89 148 1423 293 259 113 2021-06-14 2024-07-18 tj@senserva.com 164491672+shishirdw@users.noreply.github.com Detections/ASimDNS/imDNS_TorProxies.yaml 77 136 1423 293 233 105 2021-06-14 2024-07-18 tj@senserva.com 164491672+shishirdw@users.noreply.github.com Detections/ASimDNS/imDns_IPEntity_DnsEvents.yaml 4 121 1331 293 193 96 2021-09-14 2024-07-18 49263271+yaronfruchtmann@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/ASimDNS/imDns_ExcessiveNXDOMAINDNSQueries.yaml 70 139 1423 293 212 107 2021-06-14 2024-07-18 tj@senserva.com 164491672+shishirdw@users.noreply.github.com Detections/ASimDNS/imDns_DomainEntity_DnsEvents.yaml 4 93 1331 293 132 74 2021-09-14 2024-07-18 49263271+yaronfruchtmann@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/QualysVMV2/HighNumberofVulnDetectedV2.yaml 5 86 1384 293 146 74 2021-07-23 2024-07-18 v-maudan@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/QualysVMV2/NewHighSeverityVulnDetectedAcrossMulitpleHostsV2.yaml 5 87 1384 293 145 74 2021-07-23 2024-07-18 v-maudan@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/BehaviorAnalytics/SuspiciousSigninByAADConnectAccount.yaml 66 98 779 293 192 71 2023-03-20 2024-07-18 peter.bryan@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/AzureWAF/AppGwWAF-XSSDetection.yaml 59 56 1021 576 78 39 2022-07-21 2023-10-09 104413086+shabaz-github@users.noreply.github.com mrudula.oruganti@gigamon.com Detections/AzureWAF/AppGwWAF-SQLiDetection.yaml 62 56 1021 576 78 39 2022-07-21 2023-10-09 104413086+shabaz-github@users.noreply.github.com mrudula.oruganti@gigamon.com Detections/AzureWAF/AFD-Premium-WAF-SQLiDetection.yaml 4 52 923 293 68 43 2022-10-27 2024-07-18 104413086+shabaz-github@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/AzureWAF/AFD-Premium-WAF-XSSDetection.yaml 4 52 923 293 69 43 2022-10-27 2024-07-18 104413086+shabaz-github@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/AuditLogs/ChangestoApplicationOwnership.yaml 78 105 1034 293 191 69 2022-07-08 2024-07-18 pebryan@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/AuditLogs/AuthenticationMethodChangedforPrivilegedAccount.yaml 5 79 1034 293 124 58 2022-07-08 2024-07-18 pebryan@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/AuditLogs/Cross-tenantAccessSettingsOrganizationDeleted.yaml 6 76 921 293 122 62 2022-10-29 2024-07-18 34609431+dimmand@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/AuditLogs/ConditionalAccessPolicyModifiedbyNewUser.yaml 79 125 1034 293 208 79 2022-07-08 2024-07-18 pebryan@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/AuditLogs/UserAccountCreatedUsingIncorrectNamingFormat.yaml 82 80 1034 293 112 56 2022-07-08 2024-07-18 pebryan@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/AuditLogs/MultipleAdmin_membership_removals_from_NewAdmin.yaml 5 91 1140 293 162 77 2022-03-24 2024-07-18 45466083+shainw@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/AuditLogs/MaliciousOAuthApp_PwnAuth.yaml 5 143 1777 293 239 118 2020-06-25 2024-07-18 nicholas.b.carr@gmail.com 164491672+shishirdw@users.noreply.github.com Detections/AuditLogs/SuspiciousOAuthApp_OfflineAccess.yaml 5 141 1777 293 233 115 2020-06-25 2024-07-18 nicholas.b.carr@gmail.com 164491672+shishirdw@users.noreply.github.com Detections/AuditLogs/ApplicationIDURIChanged.yaml 77 98 1034 293 169 65 2022-07-08 2024-07-18 pebryan@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/AuditLogs/GuestAccountsAddedinAADGroupsOtherThanTheOnesSpecified.yaml 6 99 933 293 175 72 2022-10-17 2024-07-18 34609431+dimmand@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/AuditLogs/NRT_PIMElevationRequestRejected.yaml 5 99 1185 293 177 86 2022-02-07 2024-07-18 pebryan@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/AuditLogs/Cross-tenantAccessSettingsOrganizationOutboundDirectSettingsChanged.yaml 6 76 921 293 122 62 2022-10-29 2024-07-18 34609431+dimmand@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/AuditLogs/NewExtUserGrantedAdmin.yaml 5 75 1056 293 109 53 2022-06-16 2024-07-18 62295189+thmcelro@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/AuditLogs/AccountCreatedDeletedByNonApprovedUser.yaml 5 113 1286 293 200 85 2021-10-29 2024-07-18 aviyer@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/AuditLogs/AdditionofaTemporaryAccessPasstoaPrivilegedAccount.yaml 82 122 1034 293 226 78 2022-07-08 2024-07-18 pebryan@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/AuditLogs/NewAppOrServicePrincipalCredential.yaml 5 174 1618 293 299 134 2020-12-01 2024-07-18 nicholas.b.carr@gmail.com 164491672+shishirdw@users.noreply.github.com Detections/AuditLogs/nrt_FirstAppOrServicePrincipalCredential.yaml 6 127 1071 293 209 84 2022-06-01 2024-07-18 samik.n.roy@gmail.com 164491672+shishirdw@users.noreply.github.com Detections/AuditLogs/NRT_NewAppOrServicePrincipalCredential.yaml 5 99 1185 293 177 86 2022-02-07 2024-07-18 pebryan@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/AuditLogs/GuestUsersInvitedtoTenantbyNewInviters.yaml 84 98 1034 293 168 65 2022-07-08 2024-07-18 pebryan@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/AuditLogs/NRT_UseraddedtoPrivilgedGroups.yaml 5 103 1185 293 184 88 2022-02-07 2024-07-18 pebryan@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/AuditLogs/RareApplicationConsent.yaml 5 173 2064 293 288 131 2019-09-12 2024-07-18 42559062+juliango2100@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/AuditLogs/Cross-tenantAccessSettingsOrganizationAdded.yaml 6 76 912 293 123 62 2022-11-07 2024-07-18 34609431+dimmand@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/AuditLogs/ApplicationRedirectURLUpdate.yaml 86 98 1034 293 169 65 2022-07-08 2024-07-18 pebryan@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/AuditLogs/PrivlegedRoleAssignedOutsidePIM.yaml 5 115 1287 293 219 95 2021-10-28 2024-07-18 pebryan@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/AuditLogs/AccountElevatedtoNewRole.yaml 5 79 1034 293 124 58 2022-07-08 2024-07-18 pebryan@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/AuditLogs/MailPermissionsAddedToApplication.yaml 5 149 1600 293 248 117 2020-12-19 2024-07-18 45466083+shainw@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/AuditLogs/ServicePrincipalAssignedAppRoleWithSensitiveAccess.yaml 93 112 1034 293 166 71 2022-07-08 2024-07-18 pebryan@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/AuditLogs/AdminPromoAfterRoleMgmtAppPermissionGrant.yaml 5 125 1265 293 243 98 2021-11-19 2024-07-18 rrodri0622@gmail.com 164491672+shishirdw@users.noreply.github.com Detections/AuditLogs/PIMElevationRequestRejected.yaml 5 116 1287 293 203 84 2021-10-28 2024-07-18 pebryan@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/AuditLogs/NRT_PrivlegedRoleAssignedOutsidePIM.yaml 5 93 1133 293 162 77 2022-03-31 2024-07-18 samik.n.roy@gmail.com 164491672+shishirdw@users.noreply.github.com Detections/AuditLogs/Cross-tenantAccessSettingsOrganizationOutboundCollaborationSettingsChanged.yaml 6 76 921 293 123 62 2022-10-29 2024-07-18 34609431+dimmand@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/AuditLogs/NRT_ADFSDomainTrustMods.yaml 5 99 1185 293 177 86 2022-02-07 2024-07-18 pebryan@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/AuditLogs/ChangestoPIMSettings.yaml 58 98 1034 293 168 65 2022-07-08 2024-07-18 pebryan@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/AuditLogs/ServicePrincipalAssignedPrivilegedRole.yaml 84 100 1034 268 148 66 2022-07-08 2024-08-12 pebryan@microsoft.com 62938807+haim-na@users.noreply.github.com Detections/AuditLogs/SuspiciousLinkingofExternalIdtoExistingUsers.yaml 82 100 1002 293 173 68 2022-08-09 2024-07-18 aspatil@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/AuditLogs/FirstAppOrServicePrincipalCredential.yaml 5 179 1599 293 304 137 2020-12-20 2024-07-18 45466083+shainw@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/AuditLogs/ADFSDomainTrustMods.yaml 5 172 1608 293 283 131 2020-12-11 2024-07-18 andesreedhar@gmail.com 164491672+shishirdw@users.noreply.github.com Detections/AuditLogs/MaliciousOAuthApp_O365AttackToolkit.yaml 5 143 1777 293 237 118 2020-06-25 2024-07-18 nicholas.b.carr@gmail.com 164491672+shishirdw@users.noreply.github.com Detections/AuditLogs/SuspiciousServicePrincipalcreationactivity.yaml 5 127 1266 293 242 100 2021-11-18 2024-07-18 cesarmaneiro@gmail.com 164491672+shishirdw@users.noreply.github.com Detections/AuditLogs/NRT_AuthenticationMethodsChangedforVIPUsers.yaml 6 83 1114 293 127 65 2022-04-19 2024-07-18 samik.n.roy@gmail.com 164491672+shishirdw@users.noreply.github.com Detections/AuditLogs/URLAddedtoApplicationfromUnknownDomain.yaml 101 134 1034 293 225 92 2022-07-08 2024-07-18 pebryan@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/AuditLogs/AccountCreatedandDeletedinShortTimeframe.yaml 5 115 1287 293 209 91 2021-10-28 2024-07-18 pebryan@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/AuditLogs/BulkChangestoPrivilegedAccountPermissions.yaml 5 116 1287 293 203 84 2021-10-28 2024-07-18 pebryan@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/AuditLogs/End-userconsentstoppedduetorisk-basedconsent.yaml 76 100 1034 293 172 65 2022-07-08 2024-07-18 pebryan@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/AuditLogs/Cross-tenantAccessSettingsOrganizationInboundDirectSettingsChanged.yaml 6 76 921 293 122 62 2022-10-29 2024-07-18 34609431+dimmand@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/AuditLogs/Cross-tenantAccessSettingsOrganizationInboundCollaborationSettingsChanged.yaml 6 76 921 293 122 62 2022-10-29 2024-07-18 34609431+dimmand@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/AuditLogs/UserAssignedPrivilegedRole.yaml 5 126 1287 293 225 92 2021-10-28 2024-07-18 pebryan@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/AuditLogs/UseraddedtoPrivilgedGroups.yaml 5 191 1757 293 316 142 2020-07-15 2024-07-18 ashwinpatil@outlook.com 164491672+shishirdw@users.noreply.github.com Detections/AuditLogs/AzureADRoleManagementPermissionGrant.yaml 5 125 1265 293 242 98 2021-11-19 2024-07-18 rrodri0622@gmail.com 164491672+shishirdw@users.noreply.github.com Detections/AuditLogs/UserStatechangedfromGuesttoMember.yaml 82 80 1034 293 112 56 2022-07-08 2024-07-18 pebryan@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/AuditLogs/ChangestoApplicationLogoutURL.yaml 77 98 1034 293 168 65 2022-07-08 2024-07-18 pebryan@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/AuditLogs/PrivilegedAccountPermissionsChanged.yaml 5 80 1034 293 125 58 2022-07-08 2024-07-18 pebryan@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/AuditLogs/Useraccountcreatedwithoutexpectedattributesdefined.yaml 95 108 1034 293 164 67 2022-07-08 2024-07-18 pebryan@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/AuditLogs/UserAddedtoAdminRole.yaml 5 99 1034 293 158 72 2022-07-08 2024-07-18 pebryan@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/AuditLogs/CredentialAddedAfterAdminConsent.yaml 5 152 1545 293 249 120 2021-02-12 2024-07-18 jannieli@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/ASimNetworkSession/ExcessiveHTTPFailuresFromSource.yaml 4 80 1150 293 131 67 2022-03-14 2024-07-18 andesreedhar@gmail.com 164491672+shishirdw@users.noreply.github.com Detections/ASimNetworkSession/PortScan.yaml 4 72 1150 293 120 64 2022-03-14 2024-07-18 andesreedhar@gmail.com 164491672+shishirdw@users.noreply.github.com Detections/ASimNetworkSession/PossibleBeaconingActivity.yaml 4 71 1235 293 116 64 2021-12-19 2024-07-18 49263271+yaronfruchtmann@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/ASimNetworkSession/IPEntity_imNetworkSession.yaml 4 78 1150 293 120 66 2022-03-14 2024-07-18 andesreedhar@gmail.com 164491672+shishirdw@users.noreply.github.com Detections/ThreatIntelligenceIndicator/IPEntity_AzureSQL.yaml 5 111 1286 293 175 83 2021-10-29 2024-07-18 37783395+aprakash13@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/ThreatIntelligenceIndicator/IPEntity_OfficeActivity.yaml 5 167 2080 293 248 117 2019-08-27 2024-07-18 45466083+shainw@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/ThreatIntelligenceIndicator/IPEntity_imWebSession.yaml 5 77 1150 293 114 64 2022-03-14 2024-07-18 andesreedhar@gmail.com 164491672+shishirdw@users.noreply.github.com Detections/ThreatIntelligenceIndicator/IPEntity_AppServiceHTTPLogs.yaml 5 145 1608 293 222 114 2020-12-11 2024-07-18 ndicola@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/ThreatIntelligenceIndicator/IPEntity_DnsEvents.yaml 5 167 2079 293 252 117 2019-08-28 2024-07-18 45466083+shainw@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/ThreatIntelligenceIndicator/EmailEntity_SecurityEvent.yaml 5 163 2080 293 253 122 2019-08-27 2024-07-18 45466083+shainw@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/ThreatIntelligenceIndicator/EmailEntity_OfficeActivity.yaml 5 144 2080 293 218 112 2019-08-27 2024-07-18 45466083+shainw@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/ThreatIntelligenceIndicator/DomainEntity_CommonSecurityLog.yaml 5 138 2021 293 205 105 2019-10-25 2024-07-18 55599770+srisang@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/ThreatIntelligenceIndicator/FileHashEntity_SecurityEvent.yaml 5 184 2077 293 278 128 2019-08-30 2024-07-18 shainw@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/ThreatIntelligenceIndicator/DomainEntity_imWebSession.yaml 5 76 1150 293 112 61 2022-03-14 2024-07-18 andesreedhar@gmail.com 164491672+shishirdw@users.noreply.github.com Detections/ThreatIntelligenceIndicator/IPEntity_AWSCloudTrail.yaml 5 140 2080 293 210 110 2019-08-27 2024-07-18 45466083+shainw@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/ThreatIntelligenceIndicator/DomainEntity_SecurityAlert.yaml 5 155 2079 293 236 117 2019-08-28 2024-07-18 shainw@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/ThreatIntelligenceIndicator/FileHashEntity_CommonSecurityLog.yaml 5 169 2077 293 253 120 2019-08-30 2024-07-18 shainw@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/ThreatIntelligenceIndicator/IPEntity_CustomSecurityLog.yaml 5 78 1226 293 117 63 2021-12-28 2024-07-18 45466083+shainw@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/ThreatIntelligenceIndicator/URLEntity_PaloAlto.yaml 5 145 2080 293 219 109 2019-08-27 2024-07-18 45466083+shainw@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/ThreatIntelligenceIndicator/DomainEntity_Syslog.yaml 5 144 2079 293 217 110 2019-08-28 2024-07-18 shainw@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/ThreatIntelligenceIndicator/IPentity_SigninLogs.yaml 5 145 2080 293 221 110 2019-08-27 2024-07-18 45466083+shainw@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/ThreatIntelligenceIndicator/DomainEntity_PaloAlto.yaml 5 149 2079 293 228 108 2019-08-28 2024-07-18 shainw@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/ThreatIntelligenceIndicator/URLEntity_Syslog.yaml 5 139 2080 293 208 110 2019-08-27 2024-07-18 45466083+shainw@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/ThreatIntelligenceIndicator/EmailEntity_SigninLogs.yaml 5 145 2080 293 216 112 2019-08-27 2024-07-18 45466083+shainw@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/ThreatIntelligenceIndicator/URLEntity_OfficeActivity.yaml 5 164 2080 293 254 122 2019-08-27 2024-07-18 45466083+shainw@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/ThreatIntelligenceIndicator/EmailEntity_SecurityAlert.yaml 5 145 2080 293 222 112 2019-08-27 2024-07-18 45466083+shainw@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/ThreatIntelligenceIndicator/EmailEntity_PaloAlto.yaml 5 143 2080 293 217 112 2019-08-27 2024-07-18 45466083+shainw@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/ThreatIntelligenceIndicator/IPEntity_AzureActivity.yaml 5 151 2080 293 226 114 2019-08-27 2024-07-18 45466083+shainw@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/ThreatIntelligenceIndicator/IPEntity_AzureFirewall.yaml 5 97 1265 293 163 76 2021-11-19 2024-07-18 ep3p@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/ThreatIntelligenceIndicator/IPEntity_VMConnection.yaml 5 144 2079 293 215 112 2019-08-28 2024-07-18 45466083+shainw@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/ThreatIntelligenceIndicator/IPEntity_W3CIISLog.yaml 5 158 2079 293 232 121 2019-08-28 2024-07-18 45466083+shainw@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/ThreatIntelligenceIndicator/URLEntity_AuditLogs.yaml 5 141 2080 293 212 110 2019-08-27 2024-07-18 45466083+shainw@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/ThreatIntelligenceIndicator/DomainEntity_DnsEvents.yaml 5 154 2079 293 236 117 2019-08-28 2024-07-18 shainw@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/ThreatIntelligenceIndicator/URLEntity_SecurityAlerts.yaml 5 140 2080 293 213 110 2019-08-27 2024-07-18 45466083+shainw@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/ThreatIntelligenceIndicator/IPEntity_AzureKeyVault.yaml 5 115 1286 293 187 87 2021-10-29 2024-07-18 37783395+aprakash13@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/ThreatIntelligenceIndicator/EmailEntity_AzureActivity.yaml 5 152 2080 293 231 116 2019-08-27 2024-07-18 45466083+shainw@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/ThreatIntelligenceIndicator/IPEntity_AzureNetworkAnalytics.yaml 5 147 1688 293 219 115 2020-09-22 2024-07-18 30509195+swiftsolves-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/ZoomLogs/JoiningMeetingFromAnotherTimeZone.yaml 58 175 1839 261 262 128 2020-04-24 2024-08-19 peter.bryan@microsoft.com v-prasadboke@microsoft.com Detections/ZoomLogs/SupiciousLinkSharing.yaml 46 168 1839 106 267 122 2020-04-24 2025-01-21 peter.bryan@microsoft.com 128674128+v1managedservices@users.noreply.github.com Detections/ZoomLogs/ExternalUserAccess.yaml 51 164 1839 261 241 123 2020-04-24 2024-08-19 peter.bryan@microsoft.com v-prasadboke@microsoft.com Detections/ZoomLogs/E2EEDisbaled.yaml 42 145 1839 261 197 106 2020-04-24 2024-08-19 peter.bryan@microsoft.com v-prasadboke@microsoft.com Detections/LAQueryLogs/UserSearchingForVIPUserActivity.yaml 50 156 1688 261 241 117 2020-09-22 2024-08-19 pebryan@microsoft.com v-prasadboke@microsoft.com Detections/Syslog/ssh_potentialBruteForce.yaml 5 144 2094 293 211 107 2019-08-13 2024-07-18 sagamzu@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/Syslog/squid_cryptomining_pools.yaml 5 130 2094 293 183 100 2019-08-13 2024-07-18 sagamzu@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/Syslog/NRT_squid_events_for_mining_pools.yaml 5 69 1185 293 100 58 2022-02-07 2024-07-18 pebryan@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/Syslog/FailedLogonAttempts_UnknownUser.yaml 5 143 2094 293 195 108 2019-08-13 2024-07-18 sagamzu@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/Syslog/squid_tor_proxies.yaml 5 130 2094 293 183 100 2019-08-13 2024-07-18 sagamzu@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/CommonSecurityLog/CiscoASA-ThreatDetectionMessage.yaml 5 100 2094 293 149 88 2019-08-13 2024-07-18 sagamzu@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/CommonSecurityLog/PaloAlto-NetworkBeaconing.yaml 5 107 2094 293 160 98 2019-08-13 2024-07-18 sagamzu@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/CommonSecurityLog/CreepyDriveURLs.yaml 56 52 1072 576 64 39 2022-05-31 2023-10-09 62295189+thmcelro@users.noreply.github.com mrudula.oruganti@gigamon.com Detections/CommonSecurityLog/Wazuh-Large_Number_of_Web_errors_from_an_IP.yaml 44 79 922 259 149 57 2022-10-28 2024-08-21 104008048+v-atulyadav@users.noreply.github.com nilepagn@microsoft.com Detections/CommonSecurityLog/CiscoASA-AvgAttackDetectRateIncrease.yaml 5 90 2094 293 135 83 2019-08-13 2024-07-18 sagamzu@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/CommonSecurityLog/Fortinet-NetworkBeaconPattern.yaml 85 138 1863 261 197 110 2020-03-31 2024-08-19 62712382+robmsft@users.noreply.github.com v-prasadboke@microsoft.com Detections/CommonSecurityLog/PaloAlto-PortScanning.yaml 5 118 2094 293 176 102 2019-08-13 2024-07-18 sagamzu@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/CommonSecurityLog/CreepySnailURLParameters.yaml 65 72 1072 261 96 51 2022-05-31 2024-08-19 62295189+thmcelro@users.noreply.github.com v-prasadboke@microsoft.com Detections/CommonSecurityLog/CreepyDriveRequestSequence.yaml 59 52 1072 576 64 39 2022-05-31 2023-10-09 62295189+thmcelro@users.noreply.github.com mrudula.oruganti@gigamon.com Detections/CommonSecurityLog/MultiVendor-PossibleDGAContacts.yaml 132 164 1867 58 244 111 2020-03-27 2025-03-10 62712382+robmsft@users.noreply.github.com idoshabi@microsoft.com Detections/CommonSecurityLog/TimeSeriesAnomaly-MultiVendor_NetworkTraffic.yaml 92 154 2094 106 231 111 2019-08-13 2025-01-21 sagamzu@microsoft.com 128674128+v1managedservices@users.noreply.github.com Detections/CommonSecurityLog/PaloAlto-UnusualThreatSignatures.yaml 5 40 1141 293 68 40 2022-03-23 2024-07-18 ashwin-patil@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/DeviceNetworkEvents/SolarWinds_SUNBURST_Network-IOCs.yaml 5 179 1603 293 310 133 2020-12-16 2024-07-18 andesreedhar@gmail.com 164491672+shishirdw@users.noreply.github.com Detections/ASimWebSession/ExcessiveNetworkFailuresFromSource.yaml 62 126 1150 261 209 94 2022-03-14 2024-08-19 andesreedhar@gmail.com v-prasadboke@microsoft.com Detections/ASimWebSession/PotentiallyHarmfulFileTypes.yaml 85 115 1252 293 207 102 2021-12-02 2024-07-18 92377750+yaronmsft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/ASimWebSession/UnusualUAPowershell.yaml 76 110 1252 259 210 88 2021-12-02 2024-08-21 49263271+yaronfruchtmann@users.noreply.github.com nilepagn@microsoft.com Detections/ASimWebSession/UnusualUACryptoMiners.yaml 71 109 1252 259 209 88 2021-12-02 2024-08-21 49263271+yaronfruchtmann@users.noreply.github.com nilepagn@microsoft.com Detections/ASimWebSession/PossibleDGAContacts.yaml 57 152 1235 261 267 110 2021-12-19 2024-08-19 92377750+yaronmsft@users.noreply.github.com v-prasadboke@microsoft.com Detections/ASimWebSession/DiscordCDNRiskyFileDownload_ASim.yaml 63 89 1150 293 131 66 2022-03-14 2024-07-18 andesreedhar@gmail.com 164491672+shishirdw@users.noreply.github.com Detections/ASimWebSession/UnusualUAHackTool.yaml 82 132 1252 259 247 99 2021-12-02 2024-08-21 49263271+yaronfruchtmann@users.noreply.github.com nilepagn@microsoft.com Detections/AWSCloudTrail/AWS_ChangeToVPC.yaml 5 150 2094 293 225 117 2019-08-13 2024-07-18 sagamzu@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/AWSCloudTrail/AWS_CredentialHijack.yaml 5 124 2094 293 176 101 2019-08-13 2024-07-18 sagamzu@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/AWSCloudTrail/NRT_AWS_ConsoleLogonWithoutMFA.yaml 5 67 1185 293 100 63 2022-02-07 2024-07-18 pebryan@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/AWSCloudTrail/AWS_IngressEgressSecurityGroupChange.yaml 5 125 2094 293 171 101 2019-08-13 2024-07-18 sagamzu@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/AWSCloudTrail/SuspiciousAccessOfBECRelatedDocumentsInAWSS3Buckets.yaml 5 69 803 293 119 56 2023-02-24 2024-07-18 peter.bryan@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/AWSCloudTrail/AWS_LoadBalancerSecGroupChange.yaml 5 125 2094 293 171 101 2019-08-13 2024-07-18 sagamzu@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/AWSCloudTrail/AWS_FullAdminPolicyAttachedToRolesUsersGroups.yaml 5 116 1836 293 161 97 2020-04-27 2024-07-18 ashwinpatil@outlook.com 164491672+shishirdw@users.noreply.github.com Detections/AWSCloudTrail/AWS_ClearStopChangeTrailLogs.yaml 5 138 2094 293 192 111 2019-08-13 2024-07-18 sagamzu@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/AWSCloudTrail/AWS_ChangeToRDSDatabase.yaml 5 135 2094 293 195 109 2019-08-13 2024-07-18 sagamzu@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/AWSCloudTrail/AWS_ConsoleLogonWithoutMFA.yaml 5 124 2094 293 173 101 2019-08-13 2024-07-18 sagamzu@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/AzureActivity/Creating_Anomalous_Number_Of_Resources_detection.yaml 4 126 2094 293 174 101 2019-08-13 2024-07-18 sagamzu@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/AzureActivity/NRT-AADHybridHealthADFSNewServer.yaml 4 92 1185 293 156 81 2022-02-07 2024-07-18 pebryan@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/AzureActivity/NRT_Creation_of_Expensive_Computes_in_Azure.yaml 4 61 1133 293 88 56 2022-03-31 2024-07-18 samik.n.roy@gmail.com 164491672+shishirdw@users.noreply.github.com Detections/AzureActivity/AzDiagSettingsDeleted.yaml 67 95 1056 293 147 71 2022-06-16 2024-07-18 59922811+kennethmldk@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/AzureActivity/AADHybridHealthADFSSuspApp.yaml 4 104 1350 293 167 84 2021-08-26 2024-07-18 peter.bryan@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/AzureActivity/RareRunCommandPowerShellScript.yaml 80 192 1290 261 329 127 2021-10-25 2024-08-19 peter.bryan@microsoft.com v-prasadboke@microsoft.com Detections/AzureActivity/New-CloudShell-User.yaml 4 112 1602 293 161 94 2020-12-17 2024-07-18 45466083+shainw@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/AzureActivity/RareOperations.yaml 4 130 2084 293 180 104 2019-08-23 2024-07-18 aprakash@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/AzureActivity/NewResourceGroupsDeployedTo.yaml 4 137 2094 293 189 108 2019-08-13 2024-07-18 sagamzu@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/AzureActivity/Creation_of_Expensive_Computes_in_Azure.yaml 4 71 1359 293 100 60 2021-08-17 2024-07-18 aspatil@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/AzureActivity/AADHybridHealthADFSServiceDelete.yaml 4 105 1350 293 168 85 2021-08-26 2024-07-18 peter.bryan@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/AzureActivity/AADHybridHealthADFSNewServer.yaml 4 103 1350 293 166 84 2021-08-26 2024-07-18 peter.bryan@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/AzureActivity/TimeSeriesAnomaly_Mass_Cloud_Resource_Deletions.yaml 4 58 1140 293 86 53 2022-03-24 2024-07-18 45466083+shainw@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/AzureActivity/Granting_Permissions_To_Account_detection.yaml 4 169 2094 293 258 122 2019-08-13 2024-07-18 sagamzu@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/OfficeActivity/Malicious_Inbox_Rule.yaml 5 125 1892 293 181 100 2020-03-02 2024-07-18 37783395+aprakash13@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/OfficeActivity/MultipleTeamsDeletes.yaml 5 121 1697 293 181 97 2020-09-13 2024-07-18 samik.n.roy@gmail.com 164491672+shishirdw@users.noreply.github.com Detections/OfficeActivity/ExternalUserAddedRemovedInTeams.yaml 5 163 1697 293 246 114 2020-09-13 2024-07-18 samik.n.roy@gmail.com 164491672+shishirdw@users.noreply.github.com Detections/OfficeActivity/SharePoint_Downloads_byNewIP.yaml 5 118 2084 293 160 93 2019-08-23 2024-07-18 shainw@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/OfficeActivity/ForestBlizzardCredHarvesting.yaml 5 34 730 293 45 37 2023-05-08 2024-07-18 50784041+anders-alex@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/OfficeActivity/RareOfficeOperations.yaml 5 177 2094 293 265 128 2019-08-13 2024-07-18 sagamzu@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/OfficeActivity/NRT_Office_MailForwarding.yaml 54 81 1185 576 123 63 2022-02-07 2023-10-09 pebryan@microsoft.com mrudula.oruganti@gigamon.com Detections/OfficeActivity/Office_MailForwarding.yaml 5 169 2084 293 252 117 2019-08-23 2024-07-18 shainw@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/OfficeActivity/Mail_redirect_via_ExO_transport_rule.yaml 5 132 1828 293 178 102 2020-05-05 2024-07-18 37285853+duzlov@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/OfficeActivity/SharePoint_Downloads_byNewUserAgent.yaml 5 129 2084 293 175 98 2019-08-23 2024-07-18 shainw@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/OfficeActivity/office_policytampering.yaml 5 143 2094 293 207 112 2019-08-13 2024-07-18 sagamzu@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/OfficeActivity/Office_Uploaded_Executables.yaml 5 105 1896 293 143 88 2020-02-27 2024-07-18 shainw@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/OfficeActivity/BEC_MailboxRule.yaml 5 47 672 293 104 50 2023-07-05 2024-07-18 peter.bryan@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/OfficeActivity/External User added to Team and immediately uploads file.yaml 5 71 1252 293 99 57 2021-12-02 2024-07-18 samik.n.roy@gmail.com 164491672+shishirdw@users.noreply.github.com Detections/OfficeActivity/exchange_auditlogdisabled.yaml 5 131 2094 293 179 105 2019-08-13 2024-07-18 sagamzu@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/OfficeActivity/NRT_Malicious_Inbox_Rule.yaml 32 51 1185 576 67 47 2022-02-07 2023-10-09 pebryan@microsoft.com mrudula.oruganti@gigamon.com Detections/OfficeActivity/MailItemsAccessedTimeSeries.yaml 5 126 1609 293 191 98 2020-12-10 2024-07-18 45466083+shainw@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/SecurityAlert/DetectPIMAlertDisablingActivity.yaml 61 95 1315 293 165 70 2021-09-30 2024-07-18 jekurien@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/SecurityAlert/AVdetectionsrelatedtoUkrainebasedthreats.yaml 5 103 1163 293 191 79 2022-03-01 2024-07-18 pebryan@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/SecurityAlert/Massdownload_USBFileCopy.yaml 131 92 1108 293 149 67 2022-04-25 2024-07-18 jekurien@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/SecurityAlert/AVTarrask.yaml 5 98 1121 293 180 73 2022-04-12 2024-07-18 peter.bryan@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/SecurityAlert/EuropiumAVHits.yaml 60 108 972 261 192 73 2022-09-08 2024-08-19 37783395+aprakash13@users.noreply.github.com v-prasadboke@microsoft.com Detections/SecurityAlert/HiveRansomwareAVHits.yaml 59 116 1037 261 193 85 2022-07-05 2024-08-19 alexander.collins@tanium.com v-prasadboke@microsoft.com Detections/SecurityAlert/CoreBackupDeletionwithSecurityAlert.yaml 4 38 1279 576 57 40 2021-11-05 2023-10-09 jekurien@microsoft.com mrudula.oruganti@gigamon.com Detections/SecurityAlert/Solorigate-Defender-Detections.yaml 60 151 1602 293 232 116 2020-12-17 2024-07-18 peter.bryan@microsoft.com 164491672+shishirdw@users.noreply.github.com Detections/SecurityAlert/Suspicious_WorkSpaceDeletion_Attempt.yaml 90 122 1122 293 197 91 2022-04-11 2024-07-18 37783395+aprakash13@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/SecurityAlert/AVSpringShell.yaml 5 124 1128 58 215 79 2022-04-05 2025-03-10 45466083+shainw@users.noreply.github.com idoshabi@microsoft.com Detections/SecurityAlert/AquaBlizzardAVHits.yaml 5 34 730 293 45 37 2023-05-08 2024-07-18 50784041+anders-alex@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/SecurityAlert/CorrelateIPC_Unfamiliar-Atypical.yaml 5 160 1644 293 258 125 2020-11-05 2024-07-18 offirsh@yahoo.com 164491672+shishirdw@users.noreply.github.com Detections/SecurityAlert/MDE_hitsforADFandAzureSynapsePipelines.yaml 61 110 1094 261 168 73 2022-05-09 2024-08-19 37783395+aprakash13@users.noreply.github.com v-prasadboke@microsoft.com Detections/SecurityAlert/Dev-0530AVHits.yaml 59 118 1028 261 194 84 2022-07-14 2024-08-19 ashwin-patil@users.noreply.github.com v-prasadboke@microsoft.com Detections/http_proxy_oab_CL/SilkTyphoonSuspiciousFileDownloads.yaml 46 54 730 261 76 51 2023-05-08 2024-08-19 50784041+anders-alex@users.noreply.github.com v-prasadboke@microsoft.com Detections/http_proxy_oab_CL/ExchagngeSuspiciousFileDownloads.yaml 48 68 950 261 102 62 2022-09-30 2024-08-19 nevermoe@nevermoes-macbook-pro.local v-prasadboke@microsoft.com Detections/Anomalies/UnusualAnomaly.yaml 45 89 1015 293 159 61 2022-07-27 2024-07-18 ep3p@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/Anomalies/SignInAnomaly.yaml 63 64 736 293 112 58 2023-05-02 2024-07-18 84290680+lem0w@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Detections/AzureFirewall/SeveralDenyActionsRegistered.yaml 5 156 1661 293 256 121 2020-10-19 2024-07-18 kml@cloudus.dk 164491672+shishirdw@users.noreply.github.com DataConnectors/GithubFunction/AzureFunctionGitHub/requirements.psd1 6 19 1609 576 24 19 2020-12-10 2023-10-09 andesreedhar@gmail.com mrudula.oruganti@gigamon.com DataConnectors/GithubFunction/AzureFunctionGitHub/profile.ps1 19 19 1609 576 24 19 2020-12-10 2023-10-09 andesreedhar@gmail.com mrudula.oruganti@gigamon.com DataConnectors/Fluentd-VMSS/plugin/out_remote_syslog-as.rb 132 8 1871 576 9 6 2020-03-23 2023-10-09 ndicola@microsoft.com mrudula.oruganti@gigamon.com DataConnectors/Fluentd-VMSS/plugin/parser_cef-as.rb 203 8 1871 576 9 6 2020-03-23 2023-10-09 ndicola@microsoft.com mrudula.oruganti@gigamon.com DataConnectors/Fluentd-VMSS/plugin/cef_version_0_keys.yaml 166 8 1871 576 9 6 2020-03-23 2023-10-09 ndicola@microsoft.com mrudula.oruganti@gigamon.com DataConnectors/S3-Lambda/S3toSentinel.ps1 227 15 1735 576 20 13 2020-08-06 2023-10-09 ndicola@microsoft.com mrudula.oruganti@gigamon.com DataConnectors/JumpCloud Single Sign On/AzureFunctionJumpCloud/requirements.psd1 8 14 1735 576 17 15 2020-08-06 2023-10-09 26394346+cabberley@users.noreply.github.com mrudula.oruganti@gigamon.com DataConnectors/JumpCloud Single Sign On/AzureFunctionJumpCloud/JCQueueTrigger1/run.ps1 133 14 1735 576 17 15 2020-08-06 2023-10-09 26394346+cabberley@users.noreply.github.com mrudula.oruganti@gigamon.com DataConnectors/JumpCloud Single Sign On/AzureFunctionJumpCloud/JCTimerTrigger/run.ps1 36 14 1735 576 17 15 2020-08-06 2023-10-09 26394346+cabberley@users.noreply.github.com mrudula.oruganti@gigamon.com DataConnectors/JumpCloud Single Sign On/AzureFunctionJumpCloud/profile.ps1 18 14 1735 576 17 15 2020-08-06 2023-10-09 26394346+cabberley@users.noreply.github.com mrudula.oruganti@gigamon.com DataConnectors/AzureStorage/LogDownloader.cs 77 8 1846 576 9 7 2020-04-17 2023-10-09 ross.bevington@microsoft.com mrudula.oruganti@gigamon.com DataConnectors/AzureStorage/GetAzureStorageLogsFunction.cs 327 10 1846 576 12 9 2020-04-17 2023-10-09 ross.bevington@microsoft.com mrudula.oruganti@gigamon.com DataConnectors/AWS-S3-AzureFunction/AzFun-AWS-S3-Ingestion/__init__.py 512 34 1443 576 50 31 2021-05-25 2023-10-09 22670063+sreedharande@users.noreply.github.com mrudula.oruganti@gigamon.com DataConnectors/O365 DataCSharp/Teams.CustomConnector.Models/AuditInitialReport.cs 17 8 1841 576 9 7 2020-04-22 2023-10-09 mabadola@microsoft.com mrudula.oruganti@gigamon.com DataConnectors/O365 DataCSharp/Teams.CustomConnector.Models/AuditDetailedReport.cs 49 8 1841 576 9 7 2020-04-22 2023-10-09 mabadola@microsoft.com mrudula.oruganti@gigamon.com DataConnectors/O365 DataCSharp/Teams.CustomConnector.Models/Errors.cs 12 8 1841 576 9 7 2020-04-22 2023-10-09 mabadola@microsoft.com mrudula.oruganti@gigamon.com DataConnectors/O365 DataCSharp/Teams.CustomConnector.Processor/Processor.cs 201 8 1841 576 10 7 2020-04-22 2023-10-09 mabadola@microsoft.com mrudula.oruganti@gigamon.com DataConnectors/O365 DataCSharp/Teams.CustomConnector.Serverless/EgressTeamsLogs.cs 102 8 1841 576 10 7 2020-04-22 2023-10-09 mabadola@microsoft.com mrudula.oruganti@gigamon.com DataConnectors/O365 DataCSharp/Teams.CustomConnector.Common/RetryWithExponentialBackoff.cs 38 8 1841 576 10 7 2020-04-22 2023-10-09 mabadola@microsoft.com mrudula.oruganti@gigamon.com DataConnectors/O365 DataCSharp/Teams.CustomConnector.Common/OperationDetails.cs 13 8 1841 576 9 7 2020-04-22 2023-10-09 mabadola@microsoft.com mrudula.oruganti@gigamon.com DataConnectors/O365 DataCSharp/Teams.CustomConnector.Common/KeyVaultHelper.cs 60 23 1841 576 26 22 2020-04-22 2023-10-09 mabadola@microsoft.com mrudula.oruganti@gigamon.com DataConnectors/O365 DataCSharp/Teams.CustomConnector.Common/ExponentialBackoff.cs 35 8 1841 576 9 7 2020-04-22 2023-10-09 mabadola@microsoft.com mrudula.oruganti@gigamon.com DataConnectors/O365 DataCSharp/Teams.CustomConnector.Common/Constants.cs 57 8 1841 576 9 7 2020-04-22 2023-10-09 mabadola@microsoft.com mrudula.oruganti@gigamon.com DataConnectors/O365 DataCSharp/Teams.CustomConnector.Sentinel/AzureLogAnalyticsConnector.cs 67 8 1841 576 10 7 2020-04-22 2023-10-09 mabadola@microsoft.com mrudula.oruganti@gigamon.com DataConnectors/O365 DataCSharp/Teams.CustomConnector.StorageHandler/StorageHandler.cs 113 23 1841 576 26 22 2020-04-22 2023-10-09 mabadola@microsoft.com mrudula.oruganti@gigamon.com DataConnectors/microsoft-sentinel-log-analytics-logstash-output-plugin/microsoft-sentinel-log-analytics-logstash-output-plugin.gemspec 19 54 650 58 80 49 2023-07-27 2025-03-10 anknar@microsoft.com idoshabi@microsoft.com DataConnectors/microsoft-sentinel-log-analytics-logstash-output-plugin/lib/logstash/outputs/microsoft-sentinel-log-analytics-logstash-output-plugin.rb 56 83 650 259 156 60 2023-07-27 2024-08-21 anknar@microsoft.com nilepagn@microsoft.com DataConnectors/microsoft-sentinel-log-analytics-logstash-output-plugin/lib/logstash/sentinel_la/logStashCompressedStream.rb 105 28 650 293 50 29 2023-07-27 2024-07-18 anknar@microsoft.com 164491672+shishirdw@users.noreply.github.com DataConnectors/microsoft-sentinel-log-analytics-logstash-output-plugin/lib/logstash/sentinel_la/version.rb 9 104 650 58 182 71 2023-07-27 2025-03-10 anknar@microsoft.com idoshabi@microsoft.com DataConnectors/microsoft-sentinel-log-analytics-logstash-output-plugin/lib/logstash/sentinel_la/logStashAutoResizeBuffer.rb 104 28 650 293 50 29 2023-07-27 2024-07-18 anknar@microsoft.com 164491672+shishirdw@users.noreply.github.com DataConnectors/microsoft-sentinel-log-analytics-logstash-output-plugin/lib/logstash/sentinel_la/logAnalyticsClient.rb 102 96 650 106 175 65 2023-07-27 2025-01-21 anknar@microsoft.com 128674128+v1managedservices@users.noreply.github.com DataConnectors/microsoft-sentinel-log-analytics-logstash-output-plugin/lib/logstash/sentinel_la/customSizeBasedBuffer.rb 137 28 650 293 50 29 2023-07-27 2024-07-18 anknar@microsoft.com 164491672+shishirdw@users.noreply.github.com DataConnectors/microsoft-sentinel-log-analytics-logstash-output-plugin/lib/logstash/sentinel_la/eventsHandler.rb 43 28 650 293 50 29 2023-07-27 2024-07-18 anknar@microsoft.com 164491672+shishirdw@users.noreply.github.com DataConnectors/microsoft-sentinel-log-analytics-logstash-output-plugin/lib/logstash/sentinel_la/logstashLoganalyticsConfiguration.rb 193 82 650 259 157 60 2023-07-27 2024-08-21 anknar@microsoft.com nilepagn@microsoft.com DataConnectors/microsoft-sentinel-log-analytics-logstash-output-plugin/lib/logstash/sentinel_la/logsSender.rb 34 28 650 293 50 29 2023-07-27 2024-07-18 anknar@microsoft.com 164491672+shishirdw@users.noreply.github.com DataConnectors/microsoft-sentinel-log-analytics-logstash-output-plugin/lib/logstash/sentinel_la/logStashEventsBatcher.rb 115 56 650 58 82 49 2023-07-27 2025-03-10 anknar@microsoft.com idoshabi@microsoft.com DataConnectors/microsoft-sentinel-log-analytics-logstash-output-plugin/lib/logstash/sentinel_la/sampleFileCreator.rb 50 28 650 293 50 29 2023-07-27 2024-07-18 anknar@microsoft.com 164491672+shishirdw@users.noreply.github.com DataConnectors/microsoft-sentinel-log-analytics-logstash-output-plugin/lib/logstash/sentinel_la/logAnalyticsAadTokenProvider.rb 71 92 650 106 167 65 2023-07-27 2025-01-21 anknar@microsoft.com 128674128+v1managedservices@users.noreply.github.com DataConnectors/O365 Data/O365APItoAS-Template/requirements.psd1 6 8 1950 576 9 5 2020-01-04 2023-10-09 ndicola@microsoft.com mrudula.oruganti@gigamon.com DataConnectors/O365 Data/O365APItoAS-Template/TimerTrigger/modules/Write-OMSLogfile.ps1 126 8 1950 576 9 5 2020-01-04 2023-10-09 ndicola@microsoft.com mrudula.oruganti@gigamon.com DataConnectors/O365 Data/O365APItoAS-Template/TimerTrigger/run.ps1 276 106 1950 58 190 78 2020-01-04 2025-03-10 ndicola@microsoft.com idoshabi@microsoft.com DataConnectors/O365 Data/O365APItoAS-Template/profile.ps1 18 8 1950 576 9 5 2020-01-04 2023-10-09 ndicola@microsoft.com mrudula.oruganti@gigamon.com DataConnectors/JSON-Import/dotnet_loganalytics_json_import/Program.cs 43 8 1861 576 10 7 2020-04-02 2023-10-09 ross.bevington@microsoft.com mrudula.oruganti@gigamon.com DataConnectors/M365Defender-VulnerabilityManagement/deploymentScript.ps1 22 39 880 293 72 35 2022-12-09 2024-07-18 alex@andersconnection.com 164491672+shishirdw@users.noreply.github.com DataConnectors/M365Defender-VulnerabilityManagement/maintenance/buildFiles.ps1 2 57 848 268 100 50 2023-01-10 2024-08-12 alex@andersconnection.com 62938807+haim-na@users.noreply.github.com DataConnectors/M365Defender-VulnerabilityManagement/maintenance/deployLatestFunctionPackage.ps1 7 44 848 57 77 43 2023-01-10 2025-03-11 alex@andersconnection.com v-atulyadav@microsoft.com DataConnectors/M365Defender-VulnerabilityManagement/functionPackage/requirements.psd1 10 45 880 259 103 46 2022-12-09 2024-08-21 alex@andersconnection.com nilepagn@microsoft.com DataConnectors/M365Defender-VulnerabilityManagement/functionPackage/Modules/AzMon.Ingestion/AzMon.Ingestion.psm1 135 25 443 268 37 22 2024-02-19 2024-08-12 alex@andersconnection.com 62938807+haim-na@users.noreply.github.com DataConnectors/M365Defender-VulnerabilityManagement/functionPackage/Modules/AzMon.Ingestion/AzMon.Ingestion.psd1 81 25 443 268 37 22 2024-02-19 2024-08-12 alex@andersconnection.com 62938807+haim-na@users.noreply.github.com DataConnectors/M365Defender-VulnerabilityManagement/functionPackage/profile.ps1 19 32 880 293 62 35 2022-12-09 2024-07-18 alex@andersconnection.com 164491672+shishirdw@users.noreply.github.com DataConnectors/M365Defender-VulnerabilityManagement/functionPackage/GetMDVMData/run.ps1 243 94 878 259 190 57 2022-12-11 2024-08-21 alex@andersconnection.com nilepagn@microsoft.com DataConnectors/AWS-CloudTrail-Ingestion-Lambda/SNS-Lambda-Trigger/IngestCloudTrailEventsToSentinel.ps1 314 23 1521 576 31 27 2021-03-08 2023-10-09 22670063+sreedharande@users.noreply.github.com mrudula.oruganti@gigamon.com DataConnectors/AWS-CloudTrail-Ingestion-Lambda/SQS-Lambda-Trigger/IngestCloudTrailEventsToSentinel.ps1 315 23 1521 576 31 27 2021-03-08 2023-10-09 22670063+sreedharande@users.noreply.github.com mrudula.oruganti@gigamon.com DataConnectors/Qualys VM/AzureFunctionQualysVM/run.ps1 212 50 1783 576 64 43 2020-06-19 2023-10-09 59736871+chicduong@users.noreply.github.com mrudula.oruganti@gigamon.com DataConnectors/GCP/Terraform/sentinel_resources_creation_gov/GCPCloudIDSLogSetup/GCPCloudIDSLogSetup.tf 86 12 57 13 13 8 2025-03-11 2025-04-24 v-gsrihitha@microsoft.com v-prasadboke@microsoft.com DataConnectors/GCP/Terraform/sentinel_resources_creation_gov/GCPInitialAuthenticationSetupGov/GCPInitialAuthenticationSetupGov.tf 96 25 471 268 37 24 2024-01-22 2024-08-12 stavbelladev@microsoft.com 62938807+haim-na@users.noreply.github.com DataConnectors/GCP/Terraform/sentinel_resources_creation_gov/GCPAuditLogsSetup/GCPAuditLogsSetup.tf 74 25 471 268 37 24 2024-01-22 2024-08-12 stavbelladev@microsoft.com 62938807+haim-na@users.noreply.github.com DataConnectors/GCP/Terraform/sentinel_resources_creation_gov/GCPIAMCCPLogsSetup/GCPIAMLOGS.tf 82 13 71 13 17 12 2025-02-25 2025-04-24 v-hkopparala@microsoft.com v-prasadboke@microsoft.com DataConnectors/GCP/Terraform/sentinel_resources_creation_gov/GCPDNS_CCPLogsSetupGov/GCPDNSLogSetup.tf 82 15 85 13 20 13 2025-02-11 2025-04-24 v-pmalreddy@microsoft.com v-prasadboke@microsoft.com DataConnectors/GCP/Terraform/sentinel_resources_creation_gov/GCPCDNLogsSetup/GCPCDNLogSetup.tf 86 11 64 13 13 9 2025-03-04 2025-04-24 v-pmalreddy@microsoft.com v-prasadboke@microsoft.com DataConnectors/GCP/Terraform/sentinel_resources_creation/GCPCloudIDSLogSetup/GCPCloudIDSLogSetup.tf 86 12 57 13 13 8 2025-03-11 2025-04-24 v-gsrihitha@microsoft.com v-prasadboke@microsoft.com DataConnectors/GCP/Terraform/sentinel_resources_creation/GCPDNS_CCPLogsSetup/GCPDNSLogSetup.tf 82 15 85 13 21 13 2025-02-11 2025-04-24 v-pmalreddy@microsoft.com v-prasadboke@microsoft.com DataConnectors/GCP/Terraform/sentinel_resources_creation/GCPInitialAuthenticationSetup/GCPInitialAuthenticationSetup.tf 114 112 966 268 191 78 2022-09-14 2024-08-12 danielohfeld@microsoft.com 62938807+haim-na@users.noreply.github.com DataConnectors/GCP/Terraform/sentinel_resources_creation/GCPFirewallLogsSetup/GCPFirewallLogSetup.tf 82 24 213 58 31 11 2024-10-06 2025-03-10 idoshabi@microsoft.com idoshabi@microsoft.com DataConnectors/GCP/Terraform/sentinel_resources_creation/GCPAuditLogsSetup/GCPAuditLogsSetup.tf 78 109 966 268 197 77 2022-09-14 2024-08-12 danielohfeld@microsoft.com 62938807+haim-na@users.noreply.github.com DataConnectors/GCP/Terraform/sentinel_resources_creation/GCPIAMCCPLogsSetup/GCPIAMLOGS.tf 82 13 71 13 17 12 2025-02-25 2025-04-24 v-hkopparala@microsoft.com v-prasadboke@microsoft.com DataConnectors/GCP/Terraform/sentinel_resources_creation/GCPCDNLogsSetup/GCPCDNLogSetup.tf 86 11 64 13 13 9 2025-03-04 2025-04-24 v-pmalreddy@microsoft.com v-prasadboke@microsoft.com DataConnectors/GCP/Terraform/sentinel_resources_creation/GCPVPCFlowLogsSetup/GCPVPCFlowLogSetup.tf 82 15 78 13 18 12 2025-02-18 2025-04-24 maniskumar@microsoft.com v-prasadboke@microsoft.com DataConnectors/Templates/Connector_REST_API_AzureFunctionApp_template/Template_REST_API_AzureFunction_App_Code/Template_REST_API_Function_App_PowerShell/requirements.psd1 7 7 1759 576 8 6 2020-07-13 2023-10-09 59736871+chicduong@users.noreply.github.com mrudula.oruganti@gigamon.com DataConnectors/Templates/Connector_REST_API_AzureFunctionApp_template/Template_REST_API_AzureFunction_App_Code/Template_REST_API_Function_App_PowerShell/profile.ps1 18 7 1759 576 8 6 2020-07-13 2023-10-09 59736871+chicduong@users.noreply.github.com mrudula.oruganti@gigamon.com DataConnectors/Templates/Connector_REST_API_AzureFunctionApp_template/Template_REST_API_AzureFunction_App_Code/Template_REST_API_Function_App_PowerShell/Template_REST_API_Function_App_PowerShell.ps1 119 37 1759 576 47 37 2020-07-13 2023-10-09 59736871+chicduong@users.noreply.github.com mrudula.oruganti@gigamon.com DataConnectors/Templates/Connector_REST_API_AzureFunctionApp_template/Template_REST_API_AzureFunction_App_Code/Template_REST_API_Function_App_Python/Template_REST_API_Function_App_Python.py 57 56 1759 268 72 52 2020-07-13 2024-08-12 59736871+chicduong@users.noreply.github.com 62938807+haim-na@users.noreply.github.com DataConnectors/Templates/Connector_REST_API_AzureFunctionApp_template/Template_REST_API_AzureFunction_App_Code/Template_REST_API_Function_App_C#/Template_REST_API_Function_App_C#.cs 237 28 782 293 41 32 2023-03-17 2024-07-18 avia_tam@yahoo.com 164491672+shishirdw@users.noreply.github.com DataConnectors/CEF/cef_gather_info.py 95 58 1535 576 81 52 2021-02-22 2023-10-09 noamlandress@microsoft.com mrudula.oruganti@gigamon.com DataConnectors/CEF/TimeGenerated.py 120 18 1653 576 23 13 2020-10-27 2023-10-09 noamlandress@microsoft.com mrudula.oruganti@gigamon.com DataConnectors/CEF/cef_troubleshoot.py 653 145 2115 293 268 101 2019-07-23 2024-07-18 46102293+morshabi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com DataConnectors/CEF/cef_installer.py 554 129 2115 293 212 94 2019-07-23 2024-07-18 46102293+morshabi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com DataConnectors/microsoft-logstash-output-azure-loganalytics/spec/outputs/azure_loganalytics_spec.rb 65 8 1808 576 9 7 2020-05-25 2023-10-09 ronmarsiano@gmail.com mrudula.oruganti@gigamon.com DataConnectors/microsoft-logstash-output-azure-loganalytics/microsoft-logstash-output-azure-loganalytics.gemspec 18 19 1808 576 23 15 2020-05-25 2023-10-09 ronmarsiano@gmail.com mrudula.oruganti@gigamon.com DataConnectors/microsoft-logstash-output-azure-loganalytics/lib/logstash/logAnalyticsClient/logStashAutoResizeBuffer.rb 97 10 1808 576 12 9 2020-05-25 2023-10-09 ronmarsiano@gmail.com mrudula.oruganti@gigamon.com DataConnectors/microsoft-logstash-output-azure-loganalytics/lib/logstash/logAnalyticsClient/logAnalyticsClient.rb 48 8 1808 576 9 7 2020-05-25 2023-10-09 ronmarsiano@gmail.com mrudula.oruganti@gigamon.com DataConnectors/microsoft-logstash-output-azure-loganalytics/lib/logstash/logAnalyticsClient/logstashLoganalyticsConfiguration.rb 115 10 1808 576 12 9 2020-05-25 2023-10-09 ronmarsiano@gmail.com mrudula.oruganti@gigamon.com DataConnectors/microsoft-logstash-output-azure-loganalytics/lib/logstash/outputs/microsoft-logstash-output-azure-loganalytics.rb 68 12 1808 576 15 11 2020-05-25 2023-10-09 ronmarsiano@gmail.com mrudula.oruganti@gigamon.com DataConnectors/AWS-CloudTrail-AzureFunction/AzFunAWSCloudTrailLogsIngestion/__init__.py 378 18 1386 576 21 18 2021-07-21 2023-10-09 50611022+sarah-yo@users.noreply.github.com mrudula.oruganti@gigamon.com DataConnectors/AWS-S3/CloudWatchPushBasedLambdaFunction.py 48 8 107 57 14 10 2025-01-20 2025-03-11 ashwin.venkatesha@illumio.com v-atulyadav@microsoft.com DataConnectors/AWS-S3/CloudWatchLambdaFunction.py 47 63 574 58 108 40 2023-10-11 2025-03-10 jp@bluecycle.net idoshabi@microsoft.com DataConnectors/AWS-S3/ConfigAwsConnector.ps1 70 92 1303 268 132 81 2021-10-12 2024-08-12 t-shfeli@microsoft.com 62938807+haim-na@users.noreply.github.com DataConnectors/AWS-S3/Enviornment/EnviornmentConstants.ps1 20 56 471 261 103 40 2024-01-22 2024-08-19 stavbelladev@microsoft.com v-prasadboke@microsoft.com DataConnectors/AWS-S3/Utils/AwsResourceCreator.ps1 268 115 1303 13 189 91 2021-10-12 2025-04-24 t-shfeli@microsoft.com v-prasadboke@microsoft.com DataConnectors/AWS-S3/Utils/AwsSentinelTag.ps1 15 32 1276 13 44 26 2021-11-08 2025-04-24 52034287+sagamzu@users.noreply.github.com v-prasadboke@microsoft.com DataConnectors/AWS-S3/Utils/AwsPoliciesUpdate.ps1 125 40 1303 13 55 32 2021-10-12 2025-04-24 t-shfeli@microsoft.com v-prasadboke@microsoft.com DataConnectors/AWS-S3/Utils/HelperFunctions.ps1 227 40 1303 576 56 39 2021-10-12 2023-10-09 t-shfeli@microsoft.com mrudula.oruganti@gigamon.com DataConnectors/AWS-S3/Utils/CommonAwsPolicies.ps1 224 100 1303 8 155 86 2021-10-12 2025-04-29 t-shfeli@microsoft.com v-atulyadav@microsoft.com DataConnectors/AWS-S3/ConfigGuardDutyDataConnector.ps1 270 116 1332 13 175 100 2021-09-13 2025-04-24 76727866+yuvalnaor@users.noreply.github.com v-prasadboke@microsoft.com DataConnectors/AWS-S3/ConfigCustomLogDataConnector.ps1 30 57 1135 268 92 56 2022-03-29 2024-08-12 danielohfeld@microsoft.com 62938807+haim-na@users.noreply.github.com DataConnectors/AWS-S3/ConfigCloudTrailDataConnector.ps1 299 105 1332 13 161 89 2021-09-13 2025-04-24 76727866+yuvalnaor@users.noreply.github.com v-prasadboke@microsoft.com DataConnectors/AWS-S3/ConfigVpcFlowDataConnector.ps1 56 73 1332 268 119 63 2021-09-13 2024-08-12 76727866+yuvalnaor@users.noreply.github.com 62938807+haim-na@users.noreply.github.com DataConnectors/AWS-S3/ConfigCloudWatchDataConnector.ps1 97 86 815 13 131 65 2023-02-12 2025-04-24 danielohfeld@microsoft.com v-prasadboke@microsoft.com DataConnectors/AWS-S3/ConfigVpcFlowLogs.ps1 27 54 1332 268 79 51 2021-09-13 2024-08-12 76727866+yuvalnaor@users.noreply.github.com 62938807+haim-na@users.noreply.github.com DataConnectors/AWS-S3/CloudWatchLambdaFunction_V2.py 85 16 404 268 23 15 2024-03-29 2024-08-12 anknar@microsoft.com 62938807+haim-na@users.noreply.github.com DataConnectors/AWS-SecurityHubFindings/AzFunAWSSecurityHubIngestion/__init__.py 334 143 1444 58 222 105 2021-05-24 2025-03-10 58700052+malowe101@users.noreply.github.com idoshabi@microsoft.com DataConnectors/Duo Security/requirements.psd1 6 21 1427 576 28 23 2021-06-10 2023-10-09 v-jayakal@microsoft.com mrudula.oruganti@gigamon.com DataConnectors/Duo Security/AzureFunctionDuoSecurity/run.ps1 250 38 1427 576 54 41 2021-06-10 2023-10-09 v-jayakal@microsoft.com mrudula.oruganti@gigamon.com DataConnectors/Duo Security/profile.ps1 19 21 1427 576 28 23 2021-06-10 2023-10-09 v-jayakal@microsoft.com mrudula.oruganti@gigamon.com DataConnectors/Syslog/Sentinel_AMA_troubleshoot.py 673 123 687 268 269 82 2023-06-20 2024-08-12 95091844+benedictschmieder@users.noreply.github.com 62938807+haim-na@users.noreply.github.com DataConnectors/Syslog/Forwarder_AMA_installer.py 248 130 1078 26 252 86 2022-05-25 2025-04-11 63061287+noamlandress@users.noreply.github.com bartleyriley@gmail.com DataConnectors/MCASActivityFunction/AzureFunctionMCASActivity/requirements.psd1 7 42 1450 576 61 47 2021-05-18 2023-10-09 25964057+dicolanl@users.noreply.github.com mrudula.oruganti@gigamon.com DataConnectors/MCASActivityFunction/AzureFunctionMCASActivity/MCASActivityTimerTrigger/run.ps1 304 47 1450 576 75 50 2021-05-18 2023-10-09 25964057+dicolanl@users.noreply.github.com mrudula.oruganti@gigamon.com DataConnectors/MCASActivityFunction/AzureFunctionMCASActivity/profile.ps1 19 24 1450 576 31 27 2021-05-18 2023-10-09 25964057+dicolanl@users.noreply.github.com mrudula.oruganti@gigamon.com DataConnectors/Zoom/requirements.psd1 6 8 1843 576 9 6 2020-04-20 2023-10-09 peter.bryan@microsoft.com mrudula.oruganti@gigamon.com DataConnectors/Zoom/profile.ps1 18 8 1843 576 9 6 2020-04-20 2023-10-09 peter.bryan@microsoft.com mrudula.oruganti@gigamon.com DataConnectors/Zoom/ZoomLogs/run.ps1 165 35 1843 293 70 33 2020-04-20 2024-07-18 peter.bryan@microsoft.com 164491672+shishirdw@users.noreply.github.com DataConnectors/DocuSign-SecurityEvents/Application_Consent.ps1 63 22 1539 576 27 22 2021-02-18 2023-10-09 50611022+sarah-yo@users.noreply.github.com mrudula.oruganti@gigamon.com DataConnectors/DocuSign-SecurityEvents/AzureFunctionDocuSignMonitor/requirements.psd1 7 34 1574 576 43 31 2021-01-14 2023-10-09 50611022+sarah-yo@users.noreply.github.com mrudula.oruganti@gigamon.com DataConnectors/DocuSign-SecurityEvents/AzureFunctionDocuSignMonitor/DocuSignMonitorTimerTrigger/run.ps1 381 62 1574 293 87 57 2021-01-14 2024-07-18 50611022+sarah-yo@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com DataConnectors/DocuSign-SecurityEvents/AzureFunctionDocuSignMonitor/profile.ps1 19 20 1574 576 26 20 2021-01-14 2023-10-09 50611022+sarah-yo@users.noreply.github.com mrudula.oruganti@gigamon.com DataConnectors/Okta Single Sign-On/AzureFunctionOktaSSO_V2/requirements.psd1 8 13 1673 576 15 11 2020-10-07 2023-10-09 26394346+cabberley@users.noreply.github.com mrudula.oruganti@gigamon.com DataConnectors/Okta Single Sign-On/AzureFunctionOktaSSO_V2/AzureFunctionOktaSSO/run.ps1 167 42 1673 576 55 38 2020-10-07 2023-10-09 26394346+cabberley@users.noreply.github.com mrudula.oruganti@gigamon.com DataConnectors/Okta Single Sign-On/AzureFunctionOktaSSO_V2/profile.ps1 18 13 1673 576 15 11 2020-10-07 2023-10-09 26394346+cabberley@users.noreply.github.com mrudula.oruganti@gigamon.com DataConnectors/Okta Single Sign-On/AzureFunctionOktaSSO/requirements.psd1 7 8 1765 576 9 7 2020-07-07 2023-10-09 59736871+chicduong@users.noreply.github.com mrudula.oruganti@gigamon.com DataConnectors/Okta Single Sign-On/AzureFunctionOktaSSO/AzureFunctionOktaSSO/run.ps1 86 22 1765 576 26 18 2020-07-07 2023-10-09 59736871+chicduong@users.noreply.github.com mrudula.oruganti@gigamon.com DataConnectors/Okta Single Sign-On/AzureFunctionOktaSSO/profile.ps1 18 8 1765 576 9 7 2020-07-07 2023-10-09 59736871+chicduong@users.noreply.github.com mrudula.oruganti@gigamon.com DataConnectors/OneLogin/requirements.psd1 6 22 1815 576 31 25 2020-05-18 2023-10-09 ndicola@microsoft.com mrudula.oruganti@gigamon.com DataConnectors/OneLogin/profile.ps1 18 7 1815 576 9 7 2020-05-18 2023-10-09 ndicola@microsoft.com mrudula.oruganti@gigamon.com DataConnectors/OneLogin/OneLogin/run.ps1 54 40 1815 576 55 45 2020-05-18 2023-10-09 ndicola@microsoft.com mrudula.oruganti@gigamon.com DataConnectors/AADUserInfo/requirements.psd1 7 22 1530 576 29 24 2021-02-27 2023-10-09 ndicola@microsoft.com mrudula.oruganti@gigamon.com DataConnectors/AADUserInfo/profile.ps1 19 22 1530 576 29 24 2021-02-27 2023-10-09 ndicola@microsoft.com mrudula.oruganti@gigamon.com DataConnectors/AADUserInfo/AADUserInfo/run.ps1 78 22 1530 576 29 24 2021-02-27 2023-10-09 ndicola@microsoft.com mrudula.oruganti@gigamon.com ASIM/dev/ASimTester/Validate-ASimCsv/Validate-ASimCsv.ps1 47 29 616 293 57 26 2023-08-30 2024-07-18 40334679+azurekid@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com ASIM/dev/ASimTester/filteringTest/ASimFilteringTest.py 484 45 678 293 110 41 2023-06-29 2024-07-18 t-taligaev@microsoft.com 164491672+shishirdw@users.noreply.github.com ASIM/dev/Delete-SentinelFunction/Delete-SentinelFunction.ps1 92 18 1157 576 32 21 2022-03-07 2023-10-09 49263271+yaronfruchtmann@users.noreply.github.com mrudula.oruganti@gigamon.com ASIM/dev/Parser YAML templates/vimAuditEventTemplate.yaml 77 48 621 58 98 38 2023-08-25 2025-03-10 rogierdijkman@hotmail.com idoshabi@microsoft.com ASIM/dev/Parser YAML templates/vimUserManagementTemplate.yaml 62 46 588 58 97 38 2023-09-27 2025-03-10 40334679+azurekid@users.noreply.github.com idoshabi@microsoft.com ASIM/dev/Parser YAML templates/ASimUserManagementTemplate.yaml 30 47 621 58 97 38 2023-08-25 2025-03-10 rogierdijkman@hotmail.com idoshabi@microsoft.com ASIM/dev/Parser YAML templates/ASimAuthenticationTemplate.yaml 30 62 1218 58 117 52 2022-01-05 2025-03-10 82669434+rinure-msft@users.noreply.github.com idoshabi@microsoft.com ASIM/dev/Parser YAML templates/ASimDnsTemplate.yaml 30 62 1218 58 117 52 2022-01-05 2025-03-10 82669434+rinure-msft@users.noreply.github.com idoshabi@microsoft.com ASIM/dev/Parser YAML templates/vimRegistryEventTemplate.yaml 72 47 588 58 98 38 2023-09-27 2025-03-10 40334679+azurekid@users.noreply.github.com idoshabi@microsoft.com ASIM/dev/Parser YAML templates/vimDhcpEventTemplate.yaml 62 37 421 58 67 35 2024-03-12 2025-03-10 97222872+vakohl@users.noreply.github.com idoshabi@microsoft.com ASIM/dev/Parser YAML templates/ASimAuditEventTemplate.yaml 30 47 621 58 95 38 2023-08-25 2025-03-10 rogierdijkman@hotmail.com idoshabi@microsoft.com ASIM/dev/Parser YAML templates/vimAlertEventTemplate.yaml 82 17 181 58 36 15 2024-11-07 2025-03-10 idoshabi@microsoft.com idoshabi@microsoft.com ASIM/dev/Parser YAML templates/ASimAlertEventTemplate.yaml 30 17 181 58 36 15 2024-11-07 2025-03-10 idoshabi@microsoft.com idoshabi@microsoft.com ASIM/dev/Parser YAML templates/vimProcessEventTemplate.yaml 97 47 621 58 100 38 2023-08-25 2025-03-10 rogierdijkman@hotmail.com idoshabi@microsoft.com ASIM/dev/Parser YAML templates/vimAuthenticationTemplate.yaml 95 62 1218 58 120 52 2022-01-05 2025-03-10 82669434+rinure-msft@users.noreply.github.com idoshabi@microsoft.com ASIM/dev/Parser YAML templates/ASimFileEventTemplate.yaml 30 76 1218 58 141 63 2022-01-05 2025-03-10 82669434+rinure-msft@users.noreply.github.com idoshabi@microsoft.com ASIM/dev/Parser YAML templates/ASimDhcpEventTemplate.yaml 30 37 421 58 67 35 2024-03-12 2025-03-10 97222872+vakohl@users.noreply.github.com idoshabi@microsoft.com ASIM/dev/Parser YAML templates/vimDnsTemplate.yaml 72 62 1218 58 119 52 2022-01-05 2025-03-10 82669434+rinure-msft@users.noreply.github.com idoshabi@microsoft.com ASIM/dev/Parser YAML templates/ASimNetworkSessionTemplate.yaml 30 62 1218 58 117 52 2022-01-05 2025-03-10 82669434+rinure-msft@users.noreply.github.com idoshabi@microsoft.com ASIM/dev/Parser YAML templates/ASimWebSessionTemplate.yaml 30 61 1218 58 115 52 2022-01-05 2025-03-10 82669434+rinure-msft@users.noreply.github.com idoshabi@microsoft.com ASIM/dev/Parser YAML templates/ASimRegistryEventTemplate.yaml 30 47 621 58 95 38 2023-08-25 2025-03-10 rogierdijkman@hotmail.com idoshabi@microsoft.com ASIM/dev/Parser YAML templates/vimFileEventTemplate.yaml 77 47 588 58 99 38 2023-09-27 2025-03-10 40334679+azurekid@users.noreply.github.com idoshabi@microsoft.com ASIM/dev/Parser YAML templates/vimNetworkSessionTemplate.yaml 77 62 1218 58 121 52 2022-01-05 2025-03-10 82669434+rinure-msft@users.noreply.github.com idoshabi@microsoft.com ASIM/dev/Parser YAML templates/ASimProcessEventTemplate.yaml 30 47 621 58 96 38 2023-08-25 2025-03-10 rogierdijkman@hotmail.com idoshabi@microsoft.com ASIM/dev/Parser YAML templates/vimWebSessionTemplate.yaml 72 62 1218 58 121 52 2022-01-05 2025-03-10 82669434+rinure-msft@users.noreply.github.com idoshabi@microsoft.com ASIM/dev/ASimYaml2ARM/KqlFuncYaml2Arm.py 219 90 1155 58 136 59 2022-03-09 2025-03-10 66744578+hollyollyoxenfree@users.noreply.github.com idoshabi@microsoft.com ASIM/lib/functions/ASIM_LookupHTTPStatusCode.yaml 228 44 901 576 76 36 2022-11-18 2023-10-09 guus.verbeek@wortell.nl mrudula.oruganti@gigamon.com ASIM/lib/functions/ASIM_GetUserType.yaml 45 37 880 293 47 38 2022-12-09 2024-07-18 gianni@kustoking.com 164491672+shishirdw@users.noreply.github.com ASIM/lib/functions/ASIM_ResolveDvcFQDN.yaml 26 69 1016 576 102 43 2022-07-26 2023-10-09 76791132+szabolevo@users.noreply.github.com mrudula.oruganti@gigamon.com ASIM/lib/functions/ASIM_LookupDnsQueryType.yaml 117 38 1016 576 63 33 2022-07-26 2023-10-09 76791132+szabolevo@users.noreply.github.com mrudula.oruganti@gigamon.com ASIM/lib/functions/ASIM_LookupDnsResponseCode.yaml 50 38 1016 576 63 33 2022-07-26 2023-10-09 76791132+szabolevo@users.noreply.github.com mrudula.oruganti@gigamon.com ASIM/lib/functions/ASIM_ResolveDstFQDN.yaml 26 69 1016 576 102 43 2022-07-26 2023-10-09 76791132+szabolevo@users.noreply.github.com mrudula.oruganti@gigamon.com ASIM/lib/functions/ASIM_Enrich_IdentityInfo.yaml 100 39 856 457 63 29 2023-01-02 2024-02-05 v-amolpatil@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com ASIM/lib/functions/ASIM_FillNull.yaml 26 20 224 58 23 12 2024-09-25 2025-03-10 maniskumar@microsoft.com idoshabi@microsoft.com ASIM/lib/functions/ASIM_GetWindowsUserType.yaml 45 64 880 293 97 52 2022-12-09 2024-07-18 gianni@kustoking.com 164491672+shishirdw@users.noreply.github.com ASIM/lib/functions/ASIM_GetSourceBySourceType.yaml 25 38 1016 576 63 33 2022-07-26 2023-10-09 76791132+szabolevo@users.noreply.github.com mrudula.oruganti@gigamon.com ASIM/lib/functions/ASIM_LookupICMPType.yaml 75 38 1016 576 63 33 2022-07-26 2023-10-09 76791132+szabolevo@users.noreply.github.com mrudula.oruganti@gigamon.com ASIM/lib/functions/ASIM_ResolveSrcFQDN.yaml 26 69 1016 576 102 43 2022-07-26 2023-10-09 76791132+szabolevo@users.noreply.github.com mrudula.oruganti@gigamon.com ASIM/lib/functions/ASIM_LookupAADcodes.yaml 57 67 1016 576 122 48 2022-07-26 2023-10-09 76791132+szabolevo@users.noreply.github.com mrudula.oruganti@gigamon.com ASIM/lib/functions/ASIM_IdentityInfo.yaml 57 34 856 457 48 27 2023-01-02 2024-02-05 v-amolpatil@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com ASIM/lib/functions/ASIM_ResolveNetworkProtocol.yaml 179 69 1016 576 101 43 2022-07-26 2023-10-09 76791132+szabolevo@users.noreply.github.com mrudula.oruganti@gigamon.com ASIM/lib/functions/ASIM_GetUsernameType.yaml 27 44 848 457 76 36 2023-01-10 2024-02-05 guus.verbeek@wortell.nl 86425481+seanmacdonald8@users.noreply.github.com ASIM/lib/functions/ASIM_GetDisabledParsers.yaml 22 38 1016 576 63 33 2022-07-26 2023-10-09 76791132+szabolevo@users.noreply.github.com mrudula.oruganti@gigamon.com ASIM/lib/functions/ASIM_GetWatchlistsRaw.yaml 30 57 1016 576 97 40 2022-07-26 2023-10-09 76791132+szabolevo@users.noreply.github.com mrudula.oruganti@gigamon.com ASIM/lib/functions/ASIM_ResolveFQDN.yaml 39 80 1016 576 118 48 2022-07-26 2023-10-09 76791132+szabolevo@users.noreply.github.com mrudula.oruganti@gigamon.com ASIM/lib/functions/ASIM_ResolveICMPType.yaml 78 69 1016 576 101 43 2022-07-26 2023-10-09 76791132+szabolevo@users.noreply.github.com mrudula.oruganti@gigamon.com ASIM/lib/functions/ASIM_ResolveDnsResponseCode.yaml 53 69 1016 576 101 43 2022-07-26 2023-10-09 76791132+szabolevo@users.noreply.github.com mrudula.oruganti@gigamon.com ASIM/lib/functions/ASIM_LookupNetworkProtocol.yaml 176 38 1016 576 63 33 2022-07-26 2023-10-09 76791132+szabolevo@users.noreply.github.com mrudula.oruganti@gigamon.com ASIM/lib/functions/ASIM_ResolveDnsQueryType.yaml 120 69 1016 576 101 43 2022-07-26 2023-10-09 76791132+szabolevo@users.noreply.github.com mrudula.oruganti@gigamon.com ASIM/lib/functions/ASIM_GetWatchlistRaw.yaml 30 57 1016 576 97 40 2022-07-26 2023-10-09 76791132+szabolevo@users.noreply.github.com mrudula.oruganti@gigamon.com ASIM/schemas/ASimNotification.yaml 74 44 748 293 70 48 2023-04-20 2024-07-18 39997089+oshezaf@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com ASIM/schemas/ASimAuditEvent.yaml 118 98 870 268 156 74 2022-12-19 2024-08-12 github@shezaf.com 62938807+haim-na@users.noreply.github.com ASIM/schemas/ASimDns.yaml 256 90 849 293 163 72 2023-01-09 2024-07-18 39997089+oshezaf@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com ASIM/schemas/common/ASimEnumerations.yaml 112 88 870 293 141 68 2022-12-19 2024-07-18 github@shezaf.com 164491672+shishirdw@users.noreply.github.com ASIM/schemas/common/ASimEventFields.yaml 120 73 870 293 104 56 2022-12-19 2024-07-18 github@shezaf.com 164491672+shishirdw@users.noreply.github.com ASIM/schemas/common/ASimInspectionFields.yaml 62 70 870 293 102 59 2022-12-19 2024-07-18 github@shezaf.com 164491672+shishirdw@users.noreply.github.com ASIM/schemas/ASimFileEvent.yaml 232 110 862 293 214 78 2022-12-27 2024-07-18 github@shezaf.com 164491672+shishirdw@users.noreply.github.com ASIM/schemas/ASimDHCPEvent.yaml 110 34 616 293 73 27 2023-08-30 2024-07-18 97222872+vakohl@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com ASIM/schemas/entities/ASimSystem.yaml 107 90 849 293 149 70 2023-01-09 2024-07-18 39997089+oshezaf@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com ASIM/schemas/entities/ASimProcess.yaml 10 78 849 293 134 63 2023-01-09 2024-07-18 39997089+oshezaf@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com ASIM/schemas/entities/ASimDvc.yaml 91 73 870 293 104 57 2022-12-19 2024-07-18 github@shezaf.com 164491672+shishirdw@users.noreply.github.com ASIM/schemas/entities/ASimGroup.yaml 33 40 659 293 89 35 2023-07-18 2024-07-18 gianni@kustoking.com 164491672+shishirdw@users.noreply.github.com ASIM/schemas/entities/ASimExtendedProcess.yaml 10 75 780 293 137 61 2023-03-19 2024-07-18 demehra@microsoft.com 164491672+shishirdw@users.noreply.github.com ASIM/schemas/entities/ASimUser.yaml 29 59 849 293 85 53 2023-01-09 2024-07-18 39997089+oshezaf@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com ASIM/schemas/entities/ASimActor.yaml 33 66 870 293 97 54 2022-12-19 2024-07-18 github@shezaf.com 164491672+shishirdw@users.noreply.github.com ASIM/schemas/entities/ASimApp.yaml 31 111 849 268 181 81 2023-01-09 2024-08-12 39997089+oshezaf@users.noreply.github.com 62938807+haim-na@users.noreply.github.com ASIM/schemas/ASimAuthentication.yaml 106 90 834 293 162 71 2023-01-24 2024-07-18 github@shezaf.com 164491672+shishirdw@users.noreply.github.com ASIM/schemas/ASimProcessEvent.yaml 63 77 793 293 137 61 2023-03-06 2024-07-18 demehra@microsoft.com 164491672+shishirdw@users.noreply.github.com ASIM/schemas/ASimUserManagement.yaml 95 45 659 293 91 36 2023-07-18 2024-07-18 gianni@kustoking.com 164491672+shishirdw@users.noreply.github.com ASIM/schemas/ASimRegistryEvent.yaml 88 33 616 293 67 27 2023-08-30 2024-07-18 97222872+vakohl@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/ProofpointPOD/ProofpointPODHighScorePhishValue.yaml 3 86 1577 457 124 72 2021-01-11 2024-02-05 sp@socprime.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/ProofpointPOD/ProofpointPODRecipientsHighNumberDiscardReject.yaml 3 86 1577 457 124 72 2021-01-11 2024-02-05 sp@socprime.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/ProofpointPOD/ProofpointPODHighScoreMalwareValue.yaml 3 86 1577 457 124 72 2021-01-11 2024-02-05 sp@socprime.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/ProofpointPOD/ProofpointPODHighScoreSuspectValue.yaml 3 86 1577 457 124 72 2021-01-11 2024-02-05 sp@socprime.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/ProofpointPOD/ProofpointPODHighScoreAdultValue.yaml 3 86 1577 457 125 72 2021-01-11 2024-02-05 sp@socprime.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/ProofpointPOD/ProofpointPODSendersLargeNumberOfCorruptedEmails.yaml 3 86 1577 457 124 72 2021-01-11 2024-02-05 sp@socprime.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/ProofpointPOD/ProofpointPODLargeOutboundEmails.yaml 3 80 1577 457 115 65 2021-01-11 2024-02-05 sp@socprime.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/ProofpointPOD/ProofpointPODRecipientsLargeNumberOfCorruptedEmails.yaml 3 86 1577 457 124 72 2021-01-11 2024-02-05 sp@socprime.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/ProofpointPOD/ProofpointPODHighScoreSpamValue.yaml 3 86 1577 457 124 72 2021-01-11 2024-02-05 sp@socprime.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/ProofpointPOD/ProofpointPODSuspiciousFileTypesInAttachments.yaml 3 86 1577 457 124 72 2021-01-11 2024-02-05 sp@socprime.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/MultipleDataSources/NetworkConnectiontoOMIPorts.yaml 4 86 1328 457 135 65 2021-09-17 2024-02-05 28437644+sandytsang@users.noreply.github.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/MultipleDataSources/AzureRunCommandMDELinked.yaml 70 18 1290 576 25 19 2021-10-25 2023-10-09 peter.bryan@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/MultipleDataSources/NylonTyphoonRegIOCPatterns.yaml 4 34 730 293 45 37 2023-05-08 2024-07-18 50784041+anders-alex@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/MultipleDataSources/FireEyeRedTeamComms.yaml 99 37 1556 576 53 38 2021-02-01 2023-10-09 johnbilliris@users.noreply.github.com mrudula.oruganti@gigamon.com Hunting Queries/MultipleDataSources/AADPrivilegedAccountsFailedMFA.yaml 52 48 1286 293 93 42 2021-10-29 2024-07-18 ashwin-patil@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/MultipleDataSources/PrivilegedAccountPasswordChanges.yaml 34 68 1287 293 133 53 2021-10-28 2024-07-18 pebryan@microsoft.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/MultipleDataSources/HighRiskSignInAroundAuthMethodOrDeviceRegistration.yaml 61 14 268 106 16 13 2024-08-12 2025-01-21 retro.writing0l@icloud.com 128674128+v1managedservices@users.noreply.github.com Hunting Queries/MultipleDataSources/UseragentExploitPentest.yaml 4 91 2073 457 128 77 2019-09-03 2024-02-05 shainw@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/MultipleDataSources/PrivilegedAccountsLockedOut.yaml 36 68 1287 293 132 53 2021-10-28 2024-07-18 pebryan@microsoft.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/MultipleDataSources/LogonwithExpiredAccount.yaml 78 79 2073 293 102 76 2019-09-03 2024-07-18 shainw@microsoft.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/MultipleDataSources/AzureResourceAssignedPublicIP.yaml 4 109 2017 457 154 87 2019-10-29 2024-02-05 shainw@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/MultipleDataSources/ReconActivitywithInteractiveLogonCorrelation.yaml 46 31 1352 576 35 29 2021-08-24 2023-10-09 jekurien@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/MultipleDataSources/RareDomainsInCloudLogs.yaml 107 107 2073 293 153 92 2019-09-03 2024-07-18 shainw@microsoft.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/MultipleDataSources/FailedSigninsWithAuditDetails.yaml 83 74 2073 293 106 65 2019-09-03 2024-07-18 shainw@microsoft.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/MultipleDataSources/DormantUserUpdateMFAandLogsIn-UEBA.yaml 48 26 1290 576 40 29 2021-10-25 2023-10-09 peter.bryan@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/MultipleDataSources/BackupDeletion.yaml 4 72 1037 457 109 49 2022-07-05 2024-02-05 alexander.collins@tanium.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/MultipleDataSources/FirewallRuleChanges_using_netsh.yaml 145 70 1556 293 119 64 2021-02-01 2024-07-18 jannieli@microsoft.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/MultipleDataSources/StorageAlertCorrelationwithCommonSecurityLogsandAuditLogs.yaml 61 17 1392 576 21 14 2021-07-15 2023-10-09 jekurien@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/MultipleDataSources/StorageAlertCorrelationwithCommonSecurityLogsandStorageLogs.yaml 50 17 1392 576 22 14 2021-07-15 2023-10-09 jekurien@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/MultipleDataSources/DormantUserUpdateMFAandLogsIn.yaml 48 18 1290 576 25 19 2021-10-25 2023-10-09 peter.bryan@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/MultipleDataSources/NonCompliantSigninwithBulkDownload.yaml 48 26 903 576 40 26 2022-11-16 2023-10-09 jekurien@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/MultipleDataSources/PotentialMicrosoftSecurityServicesTampering.yaml 4 102 1577 457 147 87 2021-01-11 2024-02-05 aprakash@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/MultipleDataSources/RareDNSLookupWithDataTransfer.yaml 113 128 2073 293 180 106 2019-09-03 2024-07-18 shainw@microsoft.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/MultipleDataSources/ForestBlizzard_IOC_RetroHunt.yaml 4 34 730 293 45 37 2023-05-08 2024-07-18 50784041+anders-alex@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/MultipleDataSources/Dev-0322CommandLineActivityNovember2021(ASIMVersion).yaml 4 58 1162 457 87 52 2022-03-02 2024-02-05 37783395+aprakash13@users.noreply.github.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/MultipleDataSources/ApplicationGrantedEWSPermissions.yaml 4 69 1374 457 96 58 2021-08-02 2024-02-05 pebryan@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/MultipleDataSources/PossibleCommandInjectionagainstAzureIR.yaml 89 61 1094 293 111 68 2022-05-09 2024-07-18 37783395+aprakash13@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/MultipleDataSources/SQLAlertCorrelationwithCommonSecurityLogsandAuditLogs.yaml 56 17 1392 576 22 14 2021-07-15 2023-10-09 jekurien@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/MultipleDataSources/UnfamiliarsignincorrelationwithPortalSigninandAuditlogs.yaml 60 61 1363 293 81 65 2021-08-13 2024-07-18 jekurien@microsoft.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/MultipleDataSources/PersistViaIFEORegistryKey.yaml 4 89 1512 457 128 76 2021-03-17 2024-02-05 jannieli@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/MultipleDataSources/Dev-0322FileDropActivityNovember2021.yaml 4 54 1276 457 84 47 2021-11-08 2024-02-05 37783395+aprakash13@users.noreply.github.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/MultipleDataSources/TrackingPasswordChanges.yaml 87 98 2018 293 135 85 2019-10-28 2024-07-18 shainw@microsoft.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/MultipleDataSources/NetworkConnectionldap_log4j.yaml 4 82 1239 457 132 72 2021-12-15 2024-02-05 45466083+shainw@users.noreply.github.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/MultipleDataSources/AzureResourceCreationWithNetworkActivity.yaml 115 99 2024 293 140 84 2019-10-22 2024-07-18 shainw@microsoft.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/MultipleDataSources/SuspiciousActivitiesRelatedToConfidentialDocuments.yaml 45 25 435 261 32 20 2024-02-27 2024-08-19 jamie.huang@gmail.com v-prasadboke@microsoft.com Hunting Queries/MultipleDataSources/UserGrantedAccess_CreatesResources.yaml 87 42 2017 576 53 41 2019-10-29 2023-10-09 shainw@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/MultipleDataSources/PermutationsOnLogonNames.yaml 124 92 2073 293 127 80 2019-09-03 2024-07-18 shainw@microsoft.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/MultipleDataSources/StorageAccountKeyEnumerationWithSigninandAuditlogs.yaml 58 31 1325 576 39 27 2021-09-20 2023-10-09 jekurien@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/MultipleDataSources/TrackingPrivAccounts.yaml 187 116 2073 293 162 96 2019-09-03 2024-07-18 shainw@microsoft.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/MultipleDataSources/Dev-0056CommandLineActivityNovember2021.yaml 4 68 1266 457 105 61 2021-11-18 2024-02-05 ep3p@users.noreply.github.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/MultipleDataSources/UnicodeObfuscationInCommandLine.yaml 4 70 1372 457 105 58 2021-08-04 2024-02-05 pebryan@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/MultipleDataSources/MailForwardingActivityFromNewLocation.yaml 75 58 939 293 92 46 2022-10-11 2024-07-18 jekurien@microsoft.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/MultipleDataSources/ExchangeServersAssociatedSecurityAlerts.yaml 36 22 1507 576 28 23 2021-03-22 2023-10-09 62295189+thmcelro@users.noreply.github.com mrudula.oruganti@gigamon.com Hunting Queries/MultipleDataSources/CriticalOperationsWithSystemrestore.yaml 103 63 1051 293 116 52 2022-06-21 2024-07-18 jekurien@microsoft.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/MultipleDataSources/DownloadofNewFileUsingCurl.yaml 57 35 1016 576 55 33 2022-07-26 2023-10-09 peter.bryan@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/MultipleDataSources/PotentialSSHTunneltoAADConnectHost.yaml 34 30 779 293 41 30 2023-03-20 2024-07-18 peter.bryan@microsoft.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/MultipleDataSources/Dev-0322CommandLineActivityNovember2021.yaml 4 55 1276 457 87 48 2021-11-08 2024-02-05 aprakash@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/MultipleDataSources/CobaltDNSBeacon.yaml 4 101 2073 457 146 86 2019-09-03 2024-02-05 shainw@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/MultipleDataSources/NylonTyphoonCommandLineActivity-Nov2021.yaml 4 34 730 293 45 37 2023-05-08 2024-07-18 50784041+anders-alex@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/MultipleDataSources/AnomolousSignInsBasedonTime.yaml 43 51 1287 293 97 46 2021-10-28 2024-07-18 pebryan@microsoft.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/MultipleDataSources/Dev-0322FileDropActivityNovember2021(ASIMVersion).yaml 4 58 1162 457 87 52 2022-03-02 2024-02-05 37783395+aprakash13@users.noreply.github.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/MultipleDataSources/SolarWindsInventory.yaml 4 120 1603 457 173 98 2020-12-16 2024-02-05 45466083+shainw@users.noreply.github.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/MultipleDataSources/DormantServicePrincipalUpdateCredsandLogsIn.yaml 39 18 1290 576 25 19 2021-10-25 2023-10-09 peter.bryan@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/AzureStorage/AzureStorageFileOnEndpoint.yaml 24 79 1535 293 129 78 2021-02-22 2024-07-18 62295189+thmcelro@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/AzureStorage/AzureStorageFileCreateAccessDelete.yaml 66 51 1535 576 66 46 2021-02-22 2023-10-09 62295189+thmcelro@users.noreply.github.com mrudula.oruganti@gigamon.com Hunting Queries/AzureStorage/AzureStorageUploadLinkAccount.yaml 44 39 1535 576 51 38 2021-02-22 2023-10-09 62295189+thmcelro@users.noreply.github.com mrudula.oruganti@gigamon.com Hunting Queries/AzureStorage/AzureStorageUploadFromVPS.yaml 32 38 1535 576 49 38 2021-02-22 2023-10-09 62295189+thmcelro@users.noreply.github.com mrudula.oruganti@gigamon.com Hunting Queries/AzureStorage/AzureStorageMassDeletion.yaml 31 38 1535 576 50 38 2021-02-22 2023-10-09 62295189+thmcelro@users.noreply.github.com mrudula.oruganti@gigamon.com Hunting Queries/AzureStorage/AzureStorageFileCreatedQuicklyDeleted.yaml 39 50 1535 57 65 49 2021-02-22 2025-03-11 62295189+thmcelro@users.noreply.github.com v-atulyadav@microsoft.com Hunting Queries/AzureDiagnostics/WAF_log4j_vulnerability.yaml 4 71 1242 457 129 65 2021-12-12 2024-02-05 45466083+shainw@users.noreply.github.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/AzureDiagnostics/SpringShellExploitationAttempt.yaml 50 19 1128 576 25 22 2022-04-05 2023-10-09 45466083+shainw@users.noreply.github.com mrudula.oruganti@gigamon.com Hunting Queries/AzureDiagnostics/SpringshellWebshellUsage.yaml 4 54 1128 293 81 61 2022-04-05 2024-07-18 45466083+shainw@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/AzureDiagnostics/CriticalPortsOpened.yaml 52 69 2028 576 86 60 2019-10-18 2023-10-09 oscarbralo@outlook.com mrudula.oruganti@gigamon.com Hunting Queries/AzureDiagnostics/AzureKeyVaultAccessManipulation.yaml 4 66 1350 457 112 62 2021-08-26 2024-02-05 mzorich@gmail.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/SecurityEvent/UserCreatedByUnauthorizedUser.yaml 4 70 2073 457 100 65 2019-09-03 2024-02-05 shainw@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/SecurityEvent/Invoke-PowerShellTcpOneLine.yaml 4 69 1527 457 99 64 2021-03-02 2024-02-05 45466083+shainw@users.noreply.github.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/SecurityEvent/PotentialImpacketExecution.yaml 4 62 1154 457 102 55 2022-03-10 2024-02-05 aprakash@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/SecurityEvent/FileExecutionWithOneCharacterInTheName.yaml 4 58 1155 457 86 49 2022-03-09 2024-02-05 66744578+hollyollyoxenfree@users.noreply.github.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/SecurityEvent/Discorddownloadinvokedfromcmdline.yaml 4 62 1167 457 90 59 2022-02-25 2024-02-05 45466083+shainw@users.noreply.github.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/SecurityEvent/masquerading_files.yaml 4 70 2073 457 100 65 2019-09-03 2024-02-05 shainw@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/SecurityEvent/hunt_LOLBins.yaml 37 59 996 293 89 57 2022-08-15 2024-07-18 sonnydaniel12@gmail.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/SecurityEvent/RareProcess_forWinHost.yaml 4 65 1746 457 94 56 2020-07-26 2024-02-05 yafruch@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/SecurityEvent/UserAdd_RemToGroupByUnauthorizedUser.yaml 4 70 2073 457 100 65 2019-09-03 2024-02-05 shainw@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/SecurityEvent/ExternalIPaddressinCommandLine.yaml 46 42 1162 576 56 41 2022-03-02 2023-10-09 37783395+aprakash13@users.noreply.github.com mrudula.oruganti@gigamon.com Hunting Queries/SecurityEvent/RemoteScheduledTaskCreationUpdateviaSchtasks.yaml 19 23 1176 576 31 24 2022-02-16 2023-10-09 96576100+vpaschalidis@users.noreply.github.com mrudula.oruganti@gigamon.com Hunting Queries/SecurityEvent/Least_Common_Parent_Child_Process.yaml 4 68 2073 457 95 60 2019-09-03 2024-02-05 shainw@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/SecurityEvent/MultipleExplicitCredentialUsage4648Events.yaml 4 92 1593 457 135 80 2020-12-26 2024-02-05 45466083+shainw@users.noreply.github.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/SecurityEvent/RareProcbyServiceAccount.yaml 4 77 2073 457 109 70 2019-09-03 2024-02-05 shainw@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/SecurityEvent/Suspicious_Windows_Login_outside_normal_hours.yaml 4 62 1709 457 89 56 2020-09-01 2024-02-05 ashwinpatil@outlook.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/SecurityEvent/SignedBinaryProxyExecutionRundll32.yaml 4 89 1486 457 137 72 2021-04-12 2024-02-05 chiheb-chebbi@outlook.fr 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/SecurityEvent/Least_Common_Process_Command_Lines.yaml 4 68 2073 457 95 60 2019-09-03 2024-02-05 shainw@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/SecurityEvent/PotentialProcessDoppelganging.yaml 34 49 1155 293 67 53 2022-03-09 2024-07-18 66744578+hollyollyoxenfree@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/SecurityEvent/UserAccountAddedToPrivlegeGroup.yaml 4 76 2073 457 107 69 2019-09-03 2024-02-05 shainw@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/SecurityEvent/ADAccountLockouts.yaml 17 33 1849 576 42 30 2020-04-14 2023-10-09 jan.marek@technet.ms mrudula.oruganti@gigamon.com Hunting Queries/SecurityEvent/ServiceInstallationFromUsersWritableDirectory.yaml 4 62 1174 457 95 54 2022-02-18 2024-02-05 96576100+vpaschalidis@users.noreply.github.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/SecurityEvent/GroupAddedToPrivlegeGroup.yaml 4 69 2073 457 95 63 2019-09-03 2024-02-05 shainw@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/SecurityEvent/DecoyUserAccountAuthenticationAttempt.yaml 4 63 1176 457 91 54 2022-02-16 2024-02-05 96576100+vpaschalidis@users.noreply.github.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/SecurityEvent/powershell_downloads.yaml 4 82 2073 457 125 78 2019-09-03 2024-02-05 shainw@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/SecurityEvent/NewChildProcessOfW3WP.yaml 4 90 1526 457 131 80 2021-03-03 2024-02-05 peter.bryan@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/SecurityEvent/HostExportingMailboxAndRemovingExport.yaml 4 84 1600 457 124 74 2020-12-19 2024-02-05 45466083+shainw@users.noreply.github.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/SecurityEvent/powershell_newencodedscipts.yaml 4 96 2073 457 146 77 2019-09-03 2024-02-05 shainw@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/SecurityEvent/FailedUserLogons.yaml 4 70 2073 457 97 65 2019-09-03 2024-02-05 shainw@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/SecurityEvent/FakeComputerAccountAuthenticationAttempt.yaml 18 25 1185 576 42 24 2022-02-07 2023-10-09 96576100+vpaschalidis@users.noreply.github.com mrudula.oruganti@gigamon.com Hunting Queries/SecurityEvent/PowerCatDownload.yaml 4 69 1527 457 103 65 2021-03-02 2024-02-05 45466083+shainw@users.noreply.github.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/SecurityEvent/Crashdumpdisabledonhost.yaml 4 62 1167 457 90 59 2022-02-25 2024-02-05 45466083+shainw@users.noreply.github.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/SecurityEvent/ADFSDBLocalSqlStatements.yaml 36 17 1398 576 23 20 2021-07-09 2023-10-09 45466083+shainw@users.noreply.github.com mrudula.oruganti@gigamon.com Hunting Queries/SecurityEvent/ProcessEntropy.yaml 4 86 2073 457 119 75 2019-09-03 2024-02-05 shainw@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/SecurityEvent/persistence_create_account.yaml 4 70 2073 457 100 65 2019-09-03 2024-02-05 shainw@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/SecurityEvent/CustomUserList_FailedLogons.yaml 4 52 2073 457 73 46 2019-09-03 2024-02-05 shainw@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/SecurityEvent/LargeScaleMalwareDeploymentGPOScheduledTask.yaml 19 25 1185 576 42 24 2022-02-07 2023-10-09 96576100+vpaschalidis@users.noreply.github.com mrudula.oruganti@gigamon.com Hunting Queries/SecurityEvent/RIDHijacking.yaml 19 26 1204 576 37 25 2022-01-19 2023-10-09 39997089+oshezaf@users.noreply.github.com mrudula.oruganti@gigamon.com Hunting Queries/SecurityEvent/uncommon_processes.yaml 4 70 2073 457 100 65 2019-09-03 2024-02-05 shainw@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/SecurityEvent/MSRPRN_Printer_Bug_Exploitation.yaml 4 68 1204 457 102 60 2022-01-19 2024-02-05 39997089+oshezaf@users.noreply.github.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/SecurityEvent/PotentialLocalExploitationForPrivilegeEscalation.yaml 19 20 1162 576 32 20 2022-03-02 2023-10-09 96576100+vpaschalidis@users.noreply.github.com mrudula.oruganti@gigamon.com Hunting Queries/SecurityEvent/WindowsSystemShutdown-Reboot.yaml 35 14 1370 576 18 15 2021-08-06 2023-10-09 pebryan@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/SecurityEvent/UsersOpenReadDeviceIdentityKey.yaml 42 51 1175 293 93 52 2022-02-17 2024-07-18 rrodri0622@gmail.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/SecurityEvent/ExchangePowerShellSnapin.yaml 4 69 1527 457 100 65 2021-03-02 2024-02-05 45466083+shainw@users.noreply.github.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/SecurityEvent/CommandsexecutedbyWMIonnewhosts-potentialImpacket.yaml 4 62 1162 457 90 57 2022-03-02 2024-02-05 37783395+aprakash13@users.noreply.github.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/SecurityEvent/UserAccountCreatedDeleted.yaml 4 70 2073 457 100 65 2019-09-03 2024-02-05 shainw@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/SecurityEvent/VIPAccountFailedLogons.yaml 4 70 2073 457 100 65 2019-09-03 2024-02-05 shainw@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/SecurityEvent/cscript_summary.yaml 4 84 2073 457 116 76 2019-09-03 2024-02-05 shainw@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/SecurityEvent/RemoteLoginPerformedwithWMI.yaml 4 64 1178 457 98 54 2022-02-14 2024-02-05 96576100+vpaschalidis@users.noreply.github.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/SecurityEvent/RemoteScheduledTaskCreationUpdateUsingATSVCNamedPipe.yaml 4 62 1176 457 95 48 2022-02-16 2024-02-05 96576100+vpaschalidis@users.noreply.github.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/SecurityEvent/new_processes.yaml 4 71 2073 457 111 68 2019-09-03 2024-02-05 shainw@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/SecurityEvent/ScheduledTaskCreationUpdateFromUserWritableDrectory.yaml 4 61 1174 457 97 48 2022-02-18 2024-02-05 96576100+vpaschalidis@users.noreply.github.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/SecurityEvent/RareProcessPath.yaml 4 65 1969 457 93 59 2019-12-16 2024-02-05 shainw@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/SecurityEvent/Least_Common_Process_With_Depth.yaml 4 68 2073 457 95 60 2019-09-03 2024-02-05 shainw@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/SecurityEvent/SuspectedLSASSDump.yaml 4 62 1413 457 89 55 2021-06-24 2024-02-05 45466083+shainw@users.noreply.github.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/SecurityEvent/RareProcessWithCmdLine.yaml 4 74 1746 457 105 62 2020-07-26 2024-02-05 yafruch@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/SecurityEvent/NishangReverseTCPShellBase64.yaml 4 66 1524 457 99 63 2021-03-05 2024-02-05 45466083+shainw@users.noreply.github.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/SecurityEvent/WindowsSystemTimeChange.yaml 4 61 1654 457 92 51 2020-10-26 2024-02-05 45466083+shainw@users.noreply.github.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/SecurityEvent/User Logons By Logon Type.yaml 4 70 2073 457 100 65 2019-09-03 2024-02-05 shainw@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/SecurityEvent/enumeration_user_and_group.yaml 4 72 2073 457 99 66 2019-09-03 2024-02-05 shainw@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/SecurityEvent/HostsWithNewLogons.yaml 4 63 2073 457 87 58 2019-09-03 2024-02-05 shainw@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/SecurityEvent/Suspicious_enumeration_using_adfind.yaml 4 93 1596 457 141 82 2020-12-23 2024-02-05 ashwinpatil@outlook.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/SecurityEvent/Certutil-LOLBins.yaml 4 97 1511 457 145 80 2021-03-18 2024-02-05 chiheb-chebbi@outlook.fr 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/TVM/Microsoft Defender Anti virus Engine details.yaml 23 34 1023 576 50 26 2022-07-19 2023-10-09 109241764+sonalimeshram21@users.noreply.github.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/TVM/Microsoft Defender Anti virus Platform details.yaml 23 34 1023 576 50 26 2022-07-19 2023-10-09 109241764+sonalimeshram21@users.noreply.github.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/TVM/Detect_CISA_Alert_AA22-117A2021_Top_Routinely_Exploited_Vulnerabilities.yaml 56 33 1105 576 48 26 2022-04-28 2023-10-09 81473026+jaekk0@users.noreply.github.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/TVM/Microsoft Defender AV mode device count.yaml 11 35 1029 576 55 26 2022-07-13 2023-10-09 109241764+sonalimeshram21@users.noreply.github.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/TVM/devices_with_vuln_and_users_received_payload.yaml 36 54 1203 293 104 65 2022-01-20 2024-07-18 orshemesh@microsoft.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/TVM/Microsoft Defender AV details.yaml 39 35 1029 576 56 26 2022-07-13 2023-10-09 109241764+sonalimeshram21@users.noreply.github.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/TVM/Microsoft Defender Anti virus Security Intelligence details.yaml 24 34 1023 576 50 26 2022-07-19 2023-10-09 109241764+sonalimeshram21@users.noreply.github.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/TVM/devices_with_vuln_and_users_received_payload (1).yaml 25 25 1203 576 41 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Initial access/SuspiciousUrlClicked.yaml 18 86 1203 293 194 88 2022-01-20 2024-07-18 orshemesh@microsoft.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/Initial access/identify-potential-missed-phishing-email-campaigns.yaml 17 26 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Initial access/detect-bluekeep-exploitation-attempts.yaml 25 26 1203 576 42 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Initial access/detect-mailsniper.yaml 57 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Initial access/Non_intended_user_logon.yaml 28 54 1203 293 73 48 2022-01-20 2024-07-18 orshemesh@microsoft.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/Initial access/ActiveDirectory_Account_lockout_and_unlocks.yaml 25 42 471 261 67 32 2024-01-22 2024-08-19 martin77s@users.noreply.github.com v-prasadboke@microsoft.com Hunting Queries/Microsoft 365 Defender/Initial access/Check for Maalware Baazar (abuse.ch) hashes in your mail flow.yaml 22 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Initial access/User navigation to redirected URL.yaml 48 30 1000 576 47 30 2022-08-11 2023-10-09 64156578+mjmelone@users.noreply.github.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Initial access/files-from-malicious-sender.yaml 20 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Initial access/PhishingEmailUrlRedirector.yaml 5 26 1203 576 41 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Initial access/jar-attachments.yaml 20 54 1203 293 100 49 2022-01-20 2024-07-18 orshemesh@microsoft.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/Persistence/scheduled task creation.yaml 13 25 1203 576 39 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Persistence/Possible webshell drop.yaml 4 60 1203 293 95 61 2022-01-20 2024-07-18 orshemesh@microsoft.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/Persistence/Create account (1).yaml 21 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Persistence/riskySignInToNewMFAMethod.yaml 34 14 1140 576 18 15 2022-03-24 2023-10-09 45466083+shainw@users.noreply.github.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Persistence/rare_sch_task_launch.yaml 45 23 213 58 28 11 2024-10-06 2025-03-10 “jouni.mikkola@wissy.org” idoshabi@microsoft.com Hunting Queries/Microsoft 365 Defender/Persistence/multipleAADAdminsRemovals.yaml 29 42 1140 293 77 42 2022-03-24 2024-07-18 45466083+shainw@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/Persistence/LocalAdminGroupChanges.yaml 46 54 1203 293 104 64 2022-01-20 2024-07-18 orshemesh@microsoft.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/Persistence/detect-prifou-pua.yaml 27 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Persistence/localAdminAccountLogon.yaml 13 25 1203 576 39 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Persistence/detect-impacket-wmipersist.yaml 23 22 375 261 29 18 2024-04-27 2024-08-19 “jouni.mikkola@wissy.org” v-prasadboke@microsoft.com Hunting Queries/Microsoft 365 Defender/Persistence/AddedCredentialFromContryXAndSigninFromCountryY.yaml 5 26 1203 576 42 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Persistence/qakbot-campaign-registry-edit.yaml 21 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Persistence/Create account.yaml 30 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Persistence/wadhrama-ransomware.yaml 38 54 1203 576 83 43 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Persistence/NewAppOrServicePrincipalCredential[Nobelium].yaml 48 54 1203 293 100 49 2022-01-20 2024-07-18 orshemesh@microsoft.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/Persistence/sch_task_creation.yaml 45 23 213 58 28 11 2024-10-06 2025-03-10 “jouni.mikkola@wissy.org” idoshabi@microsoft.com Hunting Queries/Microsoft 365 Defender/Persistence/CredentialsAddAfterAdminConsentedToApp[Nobelium].yaml 36 26 1203 576 42 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Persistence/Rare-process-as-a-service.yaml 60 25 457 268 38 21 2024-02-05 2024-08-12 “jouni.mikkola@wissy.org” 62938807+haim-na@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/Persistence/riskySignInToDeviceRegistration.yaml 37 42 1140 293 77 42 2022-03-24 2024-07-18 45466083+shainw@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/Persistence/rare_sch_task_with_activity.yaml 28 23 213 58 28 11 2024-10-06 2025-03-10 “jouni.mikkola@wissy.org” idoshabi@microsoft.com Hunting Queries/Microsoft 365 Defender/Persistence/Accessibility Features.yaml 46 25 1203 576 39 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Protection events/AV Detections with Source.yaml 25 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Protection events/ExploitGuardNetworkProtectionEvents.yaml 15 54 1203 293 72 48 2022-01-20 2024-07-18 orshemesh@microsoft.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/Protection events/ExploitGuardStats (1).yaml 13 26 1203 576 41 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Protection events/Antivirus detections.yaml 19 25 1203 576 39 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Protection events/ExploitGuardBlockOfficeChildProcess.yaml 21 26 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Protection events/ExploitGuardBlockOfficeChildProcess (1).yaml 29 26 1203 576 41 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Protection events/ExploitGuardBlockOfficeChildProcess (3).yaml 29 26 1203 576 41 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Protection events/ExploitGuardBlockOfficeChildProcess (2).yaml 29 26 1203 576 41 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Protection events/ExploitGuardASRStats (1).yaml 14 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Protection events/PUA ThreatName per Computer.yaml 16 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Protection events/SmartScreen URL block ignored by user.yaml 38 26 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Protection events/ExploitGuardControlledFolderAccess.yaml 13 25 1203 576 39 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Protection events/ExploitGuardASRStats (2).yaml 13 25 1203 576 41 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Protection events/Antivirus detections (1).yaml 24 25 1203 576 41 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Protection events/SmartScreen app block ignored by user.yaml 34 26 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Protection events/ExploitGuardStats.yaml 13 25 1203 576 39 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Protection events/ExploitGuardControlledFolderAccess (2).yaml 17 26 1203 576 41 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Protection events/AV Detections with USB Disk Drive.yaml 28 25 1203 576 39 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Protection events/Windows filtering events (Firewall).yaml 16 25 1203 576 39 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Protection events/ExploitGuardAsrDescriptions.yaml 55 46 1203 261 68 38 2022-01-20 2024-08-19 orshemesh@microsoft.com v-prasadboke@microsoft.com Hunting Queries/Microsoft 365 Defender/Protection events/ExploitGuardASRStats.yaml 13 25 1203 576 39 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Protection events/ExploitGuardControlledFolderAccess (1).yaml 14 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Discovery/qakbot-campaign-outlook.yaml 19 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Discovery/MultipleSensitiveLdaps.yaml 36 38 1203 106 60 35 2022-01-20 2025-01-21 orshemesh@microsoft.com 128674128+v1managedservices@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/Discovery/MDI_Find_deleted_accounts_and_by_whom.yaml 27 12 323 106 31 14 2024-06-18 2025-01-21 61195587+mattnovitsch@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/Discovery/MDI_Group_Memebership_Changes.yaml 45 13 323 106 34 14 2024-06-18 2025-01-21 61195587+mattnovitsch@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/Discovery/Enumeration of users & groups for lateral movement.yaml 16 25 1203 576 39 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Discovery/SMB shares discovery.yaml 17 25 1203 576 39 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Discovery/detect-nbtscan-activity.yaml 5 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Discovery/Roasting.yaml 39 26 1203 576 41 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Discovery/PasswordSearch.yaml 20 26 1203 576 41 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Discovery/SensitiveLdaps.yaml 15 26 1203 576 41 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Discovery/Discover hosts doing possible network scans.yaml 17 25 1203 576 39 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Discovery/DetectTorrentUse.yaml 13 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Discovery/VulnComputers.yaml 19 26 1203 576 41 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Discovery/DetectTorRelayConnectivity.yaml 24 54 1203 576 83 42 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Discovery/qakbot-campaign-esentutl.yaml 6 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Discovery/SuspiciousEnumerationUsingAdfind[Nobelium].yaml 34 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Discovery/URL Detection.yaml 12 25 1203 576 39 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Discovery/ConnectedNetworkDeviceDiscovery.yaml 17 28 477 268 41 22 2024-01-16 2024-08-12 61195587+mattnovitsch@users.noreply.github.com 62938807+haim-na@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/Discovery/MultipleLdaps.yaml 18 26 1203 576 41 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Discovery/doppelpaymer.yaml 28 54 1203 576 83 43 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Discovery/detect-suspicious-commands-initiated-by-web-server-processes.yaml 33 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Discovery/Detect-Not-Active-AD-User-Accounts.yaml 15 26 1203 576 41 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Device Inventory/Find Software By Name and Version.yaml 21 47 988 576 78 43 2022-08-23 2023-10-09 niroimy@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Device Inventory/Devices In Subnet - IPAddressV6.yaml 18 31 988 576 56 32 2022-08-23 2023-10-09 niroimy@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Device Inventory/Devices By Specific DeviceType and DeviceSubtype.yaml 17 31 988 576 56 32 2022-08-23 2023-10-09 niroimy@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Device Inventory/Anomalous Device Models.yaml 17 31 988 576 56 32 2022-08-23 2023-10-09 niroimy@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Device Inventory/Seen Connected Networks.yaml 17 31 988 576 56 32 2022-08-23 2023-10-09 niroimy@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Device Inventory/Commonality of Operating Systems.yaml 16 31 988 576 56 32 2022-08-23 2023-10-09 niroimy@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Device Inventory/NotOnboarded Devices by DeviceName Suffix.yaml 18 31 988 576 56 32 2022-08-23 2023-10-09 niroimy@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Device Inventory/NotOnboarded Devices by DeviceName Prefix.yaml 18 31 988 576 56 32 2022-08-23 2023-10-09 niroimy@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Device Inventory/Devices In Subnet - IPAddressV4.yaml 18 31 988 576 56 32 2022-08-23 2023-10-09 niroimy@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Device Inventory/Seen IPv4 Network Subnets.yaml 18 31 988 576 56 32 2022-08-23 2023-10-09 niroimy@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Device Inventory/Seen IPv6 Network Subnets.yaml 18 31 988 576 56 32 2022-08-23 2023-10-09 niroimy@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Device Inventory/Count and Percentage of DeviceType.yaml 21 31 988 576 56 32 2022-08-23 2023-10-09 niroimy@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Device Inventory/Most Common Services.yaml 18 31 988 576 56 32 2022-08-23 2023-10-09 niroimy@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Device Inventory/Can Be Onboarded Devices.yaml 18 31 988 576 56 32 2022-08-23 2023-10-09 niroimy@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Network/Defender for Endpoint Telemetry.yaml 24 25 1203 576 39 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Execution/reverse-shell-nishang.yaml 23 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Execution/detect-impacket-dcomexec.yaml 42 22 375 261 27 18 2024-04-27 2024-08-19 “jouni.mikkola@wissy.org” v-prasadboke@microsoft.com Hunting Queries/Microsoft 365 Defender/Execution/detect-malicious-use-of-msiexec-msiexec.yaml 23 26 961 576 43 29 2022-09-19 2023-10-09 45466083+shainw@users.noreply.github.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Execution/PowershellCommand footprint.yaml 19 25 1203 576 39 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Execution/qakbot-campaign-suspicious-javascript.yaml 21 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Execution/Detect Encoded Powershell.yaml 14 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Execution/umworkerprocess-unusual-subprocess-activity.yaml 23 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Execution/Base64 Detector and Decoder.yaml 18 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Execution/detect-malicious-rar-extraction.yaml 7 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Execution/detect-malicious-use-of-msiexec-mimikatz.yaml 23 26 961 576 43 29 2022-09-19 2023-10-09 45466083+shainw@users.noreply.github.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Execution/File Copy and Execution.yaml 32 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Execution/reverse-shell-nishang-base64.yaml 28 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Execution/launch-questd-w-osascript.yaml 20 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Execution/Base64encodePEFile.yaml 14 25 1203 576 39 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Execution/locate-shlayer-payload-decryption-activity.yaml 5 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Execution/powershell-activity-after-email-from-malicious-sender.yaml 24 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Execution/Webserver Executing Suspicious Applications.yaml 18 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Execution/Detect PowerShell v2 Downgrade.yaml 18 26 1203 576 41 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Execution/detect-office-apps-spawn-msdt-CVE-2022-30190.yaml 23 33 1072 576 50 26 2022-05-31 2023-10-09 61369934+blackb0lt@users.noreply.github.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Execution/Malware_In_recyclebin.yaml 16 26 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Execution/Possible Ransomware Related Destruction Activity.yaml 30 50 1203 576 81 47 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Execution/detect-bluekeep-related-mining.yaml 27 26 1203 576 42 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Execution/office-apps-launching-wscipt.yaml 21 25 1203 576 41 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Execution/detect-doublepulsar-execution.yaml 24 55 1203 576 84 43 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Execution/detect-impacket-psexec-module.yaml 50 22 389 261 32 20 2024-04-13 2024-08-19 “jouni.mikkola@wissy.org” v-prasadboke@microsoft.com Hunting Queries/Microsoft 365 Defender/Execution/powershell-version-2.0-execution.yaml 17 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Execution/locate-shlayer-payload-decrytion-activity.yaml 5 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Execution/python-based-attacks-on-macos.yaml 18 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Execution/detect-impacket-atexec.yaml 36 20 340 261 39 21 2024-06-01 2024-08-19 “jouni.mikkola@wissy.org” v-prasadboke@microsoft.com Hunting Queries/Microsoft 365 Defender/Execution/detect-web-server-exploit-doublepulsar.yaml 72 54 1203 576 83 43 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Execution/sql-server-abuse.yaml 114 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Execution/detect-exploitation-of-cve-2018-8653.yaml 25 25 1203 576 41 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Execution/locate-surfbuyer-downloader-decoding-activity.yaml 18 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Execution/PowershellCommand - uncommon commands on machine.yaml 23 25 1203 576 39 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Execution/Masquerading system executable.yaml 23 25 1203 576 39 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Execution/detect-potential-kerberoast-activities.yaml 31 24 481 293 36 23 2024-01-12 2024-07-18 24293001+mattiasborg82@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/Execution/ExecuteBase64DecodedPayload.yaml 21 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Execution/jse-launched-by-word.yaml 23 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Execution/PowerShell downloads.yaml 22 26 1203 391 40 22 2022-01-20 2024-04-11 orshemesh@microsoft.com v-prasadboke@microsoft.com Hunting Queries/Microsoft 365 Defender/Execution/check-for-shadowhammer-activity-implant.yaml 27 26 1203 576 41 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Execution/detect-impacket-wmiexec.yaml 45 22 375 261 29 18 2024-04-27 2024-08-19 “jouni.mikkola@wissy.org” v-prasadboke@microsoft.com Hunting Queries/Microsoft 365 Defender/Execution/umworkerprocess-creating-webshell.yaml 4 60 1203 293 95 61 2022-01-20 2024-07-18 orshemesh@microsoft.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/Execution/Bitsadmin Activity.yaml 39 28 994 576 45 29 2022-08-17 2023-10-09 64156578+mjmelone@users.noreply.github.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Execution/detect-malicious-use-of-msiexec-powershell.yaml 22 26 961 576 43 29 2022-09-19 2023-10-09 45466083+shainw@users.noreply.github.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Execution/detect-office-products-spawning-wmic.yaml 20 26 1203 576 41 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Execution/anomalous-payload-delivered-from-iso-file.yaml 34 26 463 268 39 21 2024-01-30 2024-08-12 “jouni.mikkola@wissy.org” 62938807+haim-na@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/Execution/exchange-iis-worker-dropping-webshell.yaml 4 60 1203 293 95 61 2022-01-20 2024-07-18 orshemesh@microsoft.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/Execution/detect-anomalous-process-trees.yaml 93 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Execution/detect-suspicious-mshta-usage.yaml 23 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Exfiltration/Anomaly of MailItemAccess by GraphAPI [Nobelium].yaml 32 26 1203 576 42 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Exfiltration/7-zip-prep-for-exfiltration.yaml 20 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Exfiltration/codeRepoExfil.yaml 14 14 1140 576 18 15 2022-03-24 2023-10-09 45466083+shainw@users.noreply.github.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Exfiltration/Map external devices (1).yaml 26 26 1203 576 41 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Exfiltration/OAuth Apps accessing user mail via GraphAPI [Nobelium].yaml 23 25 1203 576 41 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Exfiltration/detect-exfiltration-after-termination.yaml 26 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Exfiltration/OAuth Apps reading mail both via GraphAPI and directly [Nobelium].yaml 42 25 1203 576 41 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Exfiltration/unusual-volume-of-file-sharing.yaml 62 28 890 576 44 24 2022-11-29 2023-10-09 abhirooppal@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Exfiltration/Password Protected Archive Creation.yaml 21 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Exfiltration/exchange-powershell-snapin-loaded.yaml 21 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Exfiltration/detect-archive-exfiltration-to-competitor.yaml 25 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Exfiltration/MailItemsAccessed Throttling [Nobelium].yaml 24 54 1203 293 101 49 2022-01-20 2024-07-18 orshemesh@microsoft.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/Exfiltration/OAuth Apps reading mail via GraphAPI anomaly [Nobelium].yaml 27 25 1203 576 41 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Exfiltration/Map external devices.yaml 36 26 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Exfiltration/Possible File Copy to USB Drive.yaml 26 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Exfiltration/Data copied to other location than C drive.yaml 19 25 1203 576 39 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Exfiltration/detect-steganography-exfiltration.yaml 37 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Exfiltration/Files copied to USB drives.yaml 32 53 1203 293 81 50 2022-01-20 2024-07-18 orshemesh@microsoft.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/Ransomware/LaZagne Credential Theft.yaml 15 26 1203 576 41 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Ransomware/Backup deletion.yaml 16 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Ransomware/Stopping processes using net stop.yaml 17 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Ransomware/IcedId attachments.yaml 21 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Ransomware/Suspicious Bitlocker Encryption.yaml 4 26 1203 576 41 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Ransomware/IcedId Delivery.yaml 15 26 1203 576 41 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Ransomware/ASR--Rule-Ransomware-triggered.yaml 31 32 1058 576 50 31 2022-06-14 2023-10-09 91258706+bert-janp@users.noreply.github.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Ransomware/HTA Startup Persistence.yaml 14 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Ransomware/Qakbot discovery activies.yaml 21 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Ransomware/Discovery for highly-privileged accounts.yaml 20 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Ransomware/IcedId email delivery.yaml 17 26 1203 576 41 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Ransomware/Potential ransomware activity related to Cobalt Strike.yaml 40 26 1203 576 41 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Ransomware/Suspicious Google Doc Links.yaml 19 26 1203 576 41 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Ransomware/DarkSide.yaml 13 26 1203 576 41 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Ransomware/Check for multiple signs of ransomware activity.yaml 85 54 1203 293 73 48 2022-01-20 2024-07-18 orshemesh@microsoft.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/Ransomware/Fake Replies.yaml 21 25 1203 576 41 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Ransomware/Sticky Keys.yaml 13 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Ransomware/Turning off System Restore.yaml 21 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Ransomware/Turning off services using sc exe.yaml 17 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Ransomware/File Backup Deletion Alerts.yaml 15 26 1203 576 41 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Ransomware/Distribution from remote location.yaml 18 26 1203 576 41 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Ransomware/Suspicious Image Load related to IcedId.yaml 15 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Ransomware/Stopping multiple processes using taskkill.yaml 17 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Ransomware/Deletion of data on multiple drives using cipher exe.yaml 21 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Ransomware/Gootkit File Delivery.yaml 23 26 1203 576 41 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Ransomware/DEV-0270/Email data exfiltration via PowerShell.yaml 14 31 979 576 49 31 2022-09-01 2023-10-09 jonahbaron0135@gmail.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Ransomware/DEV-0270/Modifying the registry to add a ransom message notification.yaml 13 31 979 576 48 31 2022-09-01 2023-10-09 jonahbaron0135@gmail.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Ransomware/DEV-0270/Disabling Services via Registry.yaml 15 31 981 576 48 31 2022-08-30 2023-10-09 47709940+endisphotic@users.noreply.github.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Ransomware/DEV-0270/DLLHost.exe WMIC domain discovery.yaml 14 31 979 576 48 31 2022-09-01 2023-10-09 jonahbaron0135@gmail.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Ransomware/DEV-0270/PowerShell adding exclusion path for Microsoft Defender of ProgramData.yaml 13 31 979 576 48 31 2022-09-01 2023-10-09 jonahbaron0135@gmail.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Ransomware/DEV-0270/Create new user with known DEV-0270 username and password.yaml 16 31 979 576 48 31 2022-09-01 2023-10-09 jonahbaron0135@gmail.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Ransomware/DEV-0270/Add malicious user to Admins and RDP users group via PowerShell.yaml 14 31 979 576 48 31 2022-09-01 2023-10-09 jonahbaron0135@gmail.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Ransomware/DEV-0270/DLLHost.exe file creation via PowerShell.yaml 14 31 979 576 48 31 2022-09-01 2023-10-09 jonahbaron0135@gmail.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Ransomware/Clearing of forensic evidence from event logs using wevtutil.yaml 17 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_Ammyy_createproc.yaml 21 30 554 293 63 29 2023-10-31 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_ConnectWise_createproc.yaml 24 29 553 293 63 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_PcVisit_netconn.yaml 25 29 553 293 62 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_ScreenMeet_createproc.yaml 21 29 553 293 63 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_DistantDesktop_createproc.yaml 21 29 553 293 63 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_RealVNC_netconn.yaml 25 29 553 293 62 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_ChromeRDP_createproc.yaml 21 29 553 293 63 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_PDQ_filesig.yaml 20 29 553 293 61 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_RemoteDesktopPlus_netconn.yaml 23 29 553 293 62 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_mRemoteNG_netconn.yaml 22 29 553 293 62 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_BarracudaRMM_netconn.yaml 28 29 553 293 62 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_parsec.app_createproc.yaml 21 29 553 293 63 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_ChromeRDP_netconn.yaml 23 29 553 293 62 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_BeyondTrust_filesig.yaml 24 29 553 293 61 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_ConnectWise_netconn.yaml 31 29 553 293 62 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_NinjaRMM_createproc.yaml 24 29 553 293 63 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_SimpleHelp_filesig.yaml 20 29 553 293 61 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_parsec.app_netconn.yaml 31 29 553 293 62 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_Action1_netconn.yaml 23 30 554 293 62 29 2023-10-31 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_RemotePC_netconn.yaml 27 29 553 293 62 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_Addigy_netconn.yaml 35 30 554 293 62 29 2023-10-31 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_ISLOnline_createproc.yaml 21 29 553 293 63 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_NinjaRMM_filesig.yaml 20 29 553 293 61 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_BarracudaRMM_createproc.yaml 23 29 553 293 63 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_Pulseway_createproc.yaml 21 29 553 293 63 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_TigerVNC_netconn.yaml 22 29 553 293 62 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_ZohoAssist_createproc.yaml 21 29 553 293 63 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_IperiusRemote_createproc.yaml 21 29 553 293 63 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_Atera_filesig.yaml 20 29 553 293 61 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_Ammyy_filesig.yaml 20 30 554 293 61 29 2023-10-31 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_BarracudaRMM_filesig.yaml 20 29 553 293 61 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_Kaseya_netconn.yaml 28 29 553 293 62 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_Naverisk_createproc.yaml 23 29 553 293 63 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_XMReality_netconn.yaml 23 29 553 293 62 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm__all_netconn.yaml 185 29 553 293 62 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_PDQ_createproc.yaml 21 29 553 293 63 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_RemoteUtilities_filesig.yaml 20 29 553 293 61 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_AnyViewer_netconn.yaml 28 29 553 293 62 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_Splashtop_filesig.yaml 20 29 553 293 61 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_RPort_createproc.yaml 21 29 553 293 63 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_PDQ_netconn.yaml 27 29 553 293 62 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_GetScreen_createproc.yaml 21 29 553 293 63 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_FleetDeck_createproc.yaml 21 29 553 293 63 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_Naverisk_filesig.yaml 23 29 553 293 61 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_DesktopNow_netconn.yaml 23 29 553 293 62 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_AweSun_createproc.yaml 21 29 553 293 63 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_DistantDesktop_filesig.yaml 20 29 553 293 61 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_ServerEye_createproc.yaml 24 31 553 293 67 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_FleetDeck_netconn.yaml 23 29 553 293 62 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_PcVisit_filesig.yaml 20 29 553 293 61 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_AweSun_filesig.yaml 20 29 553 293 61 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_LiteManager_netconn.yaml 29 29 553 293 62 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_TightVNC_createproc.yaml 21 29 553 293 63 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_SupRemo_createproc.yaml 21 29 553 293 63 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_RPort_netconn.yaml 22 29 553 293 62 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_AnyViewer_filesig.yaml 20 29 553 293 61 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_SyncroMSP_createproc.yaml 21 29 553 293 63 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_RustDesk_netconn.yaml 22 29 553 293 62 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_XMReality_createproc.yaml 21 29 553 293 63 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_TeamViewer_createproc.yaml 21 29 553 293 63 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_Panorama9_createproc.yaml 21 29 553 293 63 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_DameWare_netconn.yaml 33 29 553 293 62 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_LiteManager_filesig.yaml 20 29 553 293 61 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_PcVisit_createproc.yaml 21 29 553 293 63 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_DattoRMM_filesig.yaml 20 29 553 293 61 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_TightVNC_netconn.yaml 22 29 553 293 62 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_TeamViewer_filesig.yaml 20 29 553 293 61 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_RustDesk_createproc.yaml 20 29 553 293 63 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_AnyDesk_createproc.yaml 21 30 554 293 63 29 2023-10-31 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_Pulseway_filesig.yaml 20 29 553 293 61 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_DattoRMM_netconn.yaml 35 29 553 293 62 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_Atera_createproc.yaml 20 29 553 293 63 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_TeamViewer_netconn.yaml 25 29 553 293 62 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_DistantDesktop_netconn.yaml 26 29 553 293 62 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_MeshCentral_netconn.yaml 22 29 553 293 62 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_NAble_netconn.yaml 38 29 553 293 62 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_TacticalRMM_netconn.yaml 25 29 553 293 62 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_NAble_createproc.yaml 25 29 553 293 63 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_MSP360_CloudBerry_netconn.yaml 31 29 553 293 64 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_ScreenMeet_filesig.yaml 20 29 553 293 61 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_SimpleHelp_netconn.yaml 23 29 553 293 62 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_ServerEye_filesig.yaml 20 31 553 293 63 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_IperiusRemote_filesig.yaml 20 29 553 293 61 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_OptiTune_createproc.yaml 21 29 553 293 63 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_SyncroMSP_netconn.yaml 26 29 553 293 62 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_ConnectWise_filesig.yaml 24 29 553 293 61 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_LiteManager_createproc.yaml 24 29 553 293 63 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_GetScreen_filesig.yaml 20 29 553 293 61 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_ScreenMeet_netconn.yaml 23 29 553 293 62 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_SyncroMSP_filesig.yaml 20 29 553 293 61 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_AnyDesk_netconn.yaml 25 30 554 293 62 29 2023-10-31 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_Kaseya_filesig.yaml 20 29 553 293 61 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_SimpleHelp_createproc.yaml 21 29 553 293 63 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_Atera_netconn.yaml 25 29 553 293 62 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_ZohoAssist_filesig.yaml 22 30 553 293 62 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_GetScreen_netconn.yaml 26 29 553 293 62 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_ShowMyPC_netconn.yaml 23 29 553 293 62 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_UltraViewer_filesig.yaml 20 29 553 293 61 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_TigerVNC_createproc.yaml 21 29 553 293 63 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_LogMeIn_netconn.yaml 38 29 553 293 62 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_MSP360_CloudBerry_filesig.yaml 23 29 553 293 61 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_MeshCentral_createproc.yaml 20 29 553 293 63 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_SupRemo_netconn.yaml 25 29 553 293 62 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_RemoteUtilities_netconn.yaml 23 29 553 293 62 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_AnyDesk_filesig.yaml 20 30 554 293 61 29 2023-10-31 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_LogMeIn_createproc.yaml 25 29 553 293 63 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_Level_filesig.yaml 20 29 553 293 61 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_TacticalRMM_createproc.yaml 24 29 553 293 63 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_Panorama9_netconn.yaml 22 29 553 293 62 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_DesktopNow_createproc.yaml 21 29 553 293 63 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_mRemoteNG_createproc.yaml 20 29 553 293 63 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_BeyondTrust_createproc.yaml 20 29 553 293 63 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_Level_netconn.yaml 27 29 553 293 62 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_RealVNC_filesig.yaml 20 29 553 293 61 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_OptiTune_netconn.yaml 25 29 553 293 62 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_TightVNC_filesig.yaml 20 29 553 293 61 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_BeyondTrust_netconn.yaml 26 29 553 293 62 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_SupRemo_filesig.yaml 20 29 553 293 61 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_UltraViewer_createproc.yaml 21 29 553 293 63 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_Splashtop_netconn.yaml 25 29 553 293 62 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_RealVNC_createproc.yaml 20 29 553 293 63 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_AeroAdmin_createproc.yaml 21 30 554 293 63 29 2023-10-31 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_NetSupport_filesig.yaml 20 29 553 293 61 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_ISLOnline_filesig.yaml 23 29 553 293 61 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_NetSupport_netconn.yaml 22 29 553 293 62 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_AweSun_netconn.yaml 28 29 553 293 62 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_Action1_filesig.yaml 20 30 554 293 61 29 2023-10-31 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_Action1_createproc.yaml 21 30 554 293 63 29 2023-10-31 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_XMReality_filesig.yaml 20 29 553 293 61 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_FleetDeck_filesig.yaml 20 29 553 293 61 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_Splashtop_createproc.yaml 21 29 553 293 63 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_AnyViewer_createproc.yaml 21 29 553 293 63 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_NAble_filesig.yaml 23 29 553 293 61 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_DameWare_filesig.yaml 20 29 553 293 61 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_ShowMyPC_createproc.yaml 21 29 553 293 63 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_OptiTune_filesig.yaml 20 29 553 293 61 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_MeshCentral_filesig.yaml 20 29 553 293 61 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_UltraViewer_netconn.yaml 23 29 553 293 62 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_RemoteUtilities_createproc.yaml 21 29 553 293 63 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_ShowMyPC_filesig.yaml 20 29 553 293 61 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_NinjaRMM_netconn.yaml 25 29 553 293 62 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_ZohoAssist_netconn.yaml 42 29 553 293 64 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_DWService_filesig.yaml 20 31 553 293 63 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_Naverisk_netconn.yaml 24 29 553 293 62 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_ServerEye_netconn.yaml 26 31 553 293 64 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_DameWare_createproc.yaml 26 29 553 293 63 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_ISLOnline_netconn.yaml 22 29 553 293 62 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_Pulseway_netconn.yaml 23 29 553 293 62 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_RemotePC_filesig.yaml 20 29 553 293 61 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_Panorama9_filesig.yaml 20 29 553 293 61 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_DesktopNow_filesig.yaml 20 29 553 293 61 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_NetSupport_createproc.yaml 20 29 553 293 63 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_LogMeIn_filesig.yaml 20 29 553 293 61 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_RemoteDesktopPlus_createproc.yaml 22 29 553 293 63 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_IperiusRemote_netconn.yaml 27 29 553 293 62 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_MSP360_CloudBerry_createproc.yaml 30 29 553 293 63 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_Ammyy_netconn.yaml 23 30 554 293 62 29 2023-10-31 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_Level_createproc.yaml 21 29 553 293 65 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_parsec.app_filesig.yaml 20 29 553 293 61 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_AeroAdmin_filesig.yaml 20 30 554 293 61 29 2023-10-31 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_TacticalRMM_filesig.yaml 23 29 553 293 61 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_RemotePC_createproc.yaml 25 29 553 293 63 29 2023-11-01 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_AeroAdmin_netconn.yaml 23 30 554 293 62 29 2023-10-31 2024-07-18 jischell-msft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/Impact/backup-deletion.yaml 19 25 1203 576 41 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Impact/wadhrama-data-destruction.yaml 22 54 1203 576 83 43 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Impact/turn-off-system-restore.yaml 27 26 1203 576 41 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Impact/ransom-note-creation-macos.yaml 18 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Impact/unusual-volume-of-file-deletion.yaml 74 52 890 293 100 61 2022-11-29 2024-07-18 abhirooppal@microsoft.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/ASR rules/ASR-rules-categorized-detection-graph.yaml 25 34 625 293 69 32 2023-08-21 2024-07-18 kijoniimura@microsoft.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/Campaigns/cobalt-strike-invoked-w-wmi.yaml 38 54 1203 576 83 43 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/Abuse.ch Recent Threat Feed (1).yaml 39 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/APT29 thinktanks.yaml 14 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/c2-lookup-response[Nobelium].yaml 23 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/EUROPIUM/Identify unusual identity additions related to EUROPIUM.yaml 13 30 972 576 50 32 2022-09-08 2023-10-09 37783395+aprakash13@users.noreply.github.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/EUROPIUM/Identify EUROPIUM IOCs.yaml 13 30 972 576 50 32 2022-09-08 2023-10-09 37783395+aprakash13@users.noreply.github.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/EUROPIUM/Identify Microsoft Defender Antivirus detection related to EUROPIUM.yaml 16 30 972 576 50 32 2022-09-08 2023-10-09 37783395+aprakash13@users.noreply.github.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/Ransomware hits healthcare - Robbinhood activity.yaml 15 25 1203 576 39 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/fireeye-red-team-tools-HASHs [Nobelium].yaml 335 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/Judgement Panda exfil activity.yaml 21 25 1203 576 39 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/fireeye-red-team-tools-CVEs [Nobelium].yaml 43 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/Ransomware hits healthcare - Alternate Data Streams use.yaml 18 25 1203 576 39 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/Ransomware hits healthcare - Vulnerable Gigabyte drivers.yaml 13 26 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/Threat actor Phosphorus masquerading as conference organizers (1).yaml 4 26 1203 576 42 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/Sysrv-botnet/app-armor-stopped.yaml 13 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/Sysrv-botnet/java-executing-cmd-to-run-powershell.yaml 14 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/Sysrv-botnet/rce-on-vulnerable-server.yaml 14 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/Sysrv-botnet/kinsing-miner-download.yaml 13 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/Sysrv-botnet/tomcat-8-executing-powershell.yaml 15 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/Sysrv-botnet/oracle-webLogic-executing-powershell.yaml 14 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/Abusing settingcontent-ms.yaml 17 25 1203 576 39 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/MacOceanLotusBackdoor.yaml 16 26 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/Elise backdoor.yaml 15 25 1203 576 39 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/apt ta17 293a ps.yaml 14 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/WastedLocker Downloader.yaml 14 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/Equation Group C2 Communication.yaml 15 25 1203 576 39 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/Ransomware hits healthcare - Turning off System Restore.yaml 21 25 1203 576 39 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/OceanLotus registry activity.yaml 20 25 1203 576 39 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/Log4J/Suspicious JScript staging comment.yaml 15 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/Log4J/Devices with Log4j vulnerability alerts and additional other alert related context.yaml 38 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/Log4J/Suspicious PowerShell curl flags.yaml 15 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/Log4J/Suspicious process event creation from VMWare Horizon TomcatService.yaml 15 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/Log4J/Alerts related to Log4j vulnerability.yaml 26 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/detect-cyzfc-activity (2).yaml 21 26 1203 576 41 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/oceanlotus-apt32-files.yaml 98 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/compromised-certificate[Nobelium].yaml 26 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/robbinhood-driver.yaml 23 54 1203 576 83 43 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/Bazacall/Excel Macro Execution.yaml 14 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/Bazacall/RunDLL Suspicious Network Connection.yaml 13 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/Bazacall/Renamed Rclone Exfil.yaml 13 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/Bazacall/Dropping payload via certutil.yaml 17 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/Bazacall/Cobalt Strike Lateral Movement.yaml 15 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/Bazacall/NTDS theft.yaml 18 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/Bazacall/Malicious Excel Delivery.yaml 14 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/Bazacall/Bazacall Emails.yaml 14 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/Bazacall/Excel file download domain pattern.yaml 14 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/Bazarloader/Zip-Doc - Word Launching MSHTA.yaml 13 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/Bazarloader/Zip-Doc - Creation of JPG Payload File.yaml 14 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/Bazarloader/Stolen Images Execution.yaml 13 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/compromised nvidia certificates[Lapsus$].yaml 27 38 1155 576 62 38 2022-03-09 2023-10-09 62024256+davidbrilliant@users.noreply.github.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/cypherpunk-remote-exec-w-psexesvc.yaml 19 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/StarBlizzardDomainIOCsAug2022.yaml 27 34 730 293 45 37 2023-05-08 2024-07-18 50784041+anders-alex@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/Campaigns/DofoilNameCoinServerTraffic.yaml 17 25 1203 576 39 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/Ransomware hits healthcare - Backup deletion.yaml 14 26 1203 576 42 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/apt sofacy.yaml 15 25 1203 576 39 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/apt tropictrooper.yaml 14 25 1203 576 39 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/snip3-aviation-targeting-emails.yaml 24 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/c2-lookup-from-nonbrowser[Nobelium] (1).yaml 24 26 1203 576 41 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/Ransomware hits healthcare - Clearing of system logs.yaml 13 26 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/c2-lookup-from-nonbrowser[Nobelium].yaml 23 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/apt sofacy zebrocy.yaml 14 25 1203 576 39 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/KNOTWEED/KNOTWEED-FileHashIOCsJuly2022.yaml 39 55 1016 576 80 45 2022-07-26 2023-10-09 peter.bryan@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/KNOTWEED/KNOTWEED-AVDetections.yaml 18 55 1016 576 80 45 2022-07-26 2023-10-09 peter.bryan@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/KNOTWEED/KNOTWEED-DownloadingnewfileusingCurl.yaml 25 55 1016 576 81 45 2022-07-26 2023-10-09 peter.bryan@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/KNOTWEED/KNOTWEED-COMRegistryKeyModifiedtoPointtoColorProfileFolder.yaml 3 55 1016 576 80 45 2022-07-26 2023-10-09 peter.bryan@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/KNOTWEED/KNOTWEED-PEFileDroppedinColorProfileFolder.yaml 3 55 1016 576 80 45 2022-07-26 2023-10-09 peter.bryan@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/KNOTWEED/KNOTWEED-DomainIOCsJuly2022.yaml 20 55 1016 576 80 45 2022-07-26 2023-10-09 peter.bryan@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/confluence-weblogic-targeted.yaml 70 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/Jupyter-Solarmaker/deimos-component-execution.yaml 20 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/Jupyter-Solarmaker/successive-tk-domain-calls.yaml 16 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/Jupyter-Solarmaker/evasive-powershell-executions.yaml 15 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/Jupyter-Solarmaker/evasive-powershell-strings.yaml 15 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/Ransomware hits healthcare - Cipher.exe tool deleting data.yaml 19 26 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/c2-lookup-response[Nobelium] (1).yaml 24 26 1203 576 41 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/detect-cyzfc-activity.yaml 27 26 1203 576 42 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/detect-cyzfc-activity (1).yaml 20 26 1203 576 41 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/Bear Activity GTR 2019.yaml 14 25 1203 576 39 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/Threat actor Phosphorus masquerading as conference organizers.yaml 18 26 1203 576 42 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/snip3-encoded-powershell-structure.yaml 17 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/Abuse.ch Recent Threat Feed.yaml 66 50 1203 293 97 61 2022-01-20 2024-07-18 orshemesh@microsoft.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/Campaigns/apt unidentified nov 18 (1).yaml 14 25 1203 576 41 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/oceanlotus-apt32-network.yaml 30 25 1203 576 41 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/detect-cyzfc-activity (4).yaml 27 26 1203 576 41 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/Dragon Fly.yaml 14 25 1203 576 39 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/launching-cmd-echo[Nobelium].yaml 25 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/snip3-detectsanboxie-function-call.yaml 16 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/ZLoader/Payload Delivery.yaml 14 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/ZLoader/Malicious bat file.yaml 14 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/ZLoader/Suspicious Registry Keys.yaml 14 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/Threat actor Phosphorus masquerading as conference organizers (2).yaml 4 26 1203 576 43 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/LemonDuck/LemonDuck-component-names.yaml 19 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/LemonDuck/LemonDuck-registration-function.yaml 17 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/LemonDuck/LemonDuck-competition-killer.yaml 21 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/LemonDuck/LemonDuck-component-download-structure.yaml 17 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/LemonDuck/LemonDuck-id-generation.yaml 15 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/LemonDuck/LemonDuck-email-subjects.yaml 16 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/LemonDuck/LemonDuck-control-structure.yaml 15 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/LemonDuck/LemonDuck-defender-exclusions.yaml 14 25 1203 576 41 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/detect-cyzfc-activity (3).yaml 21 26 1203 576 41 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/StrRAT malware/StrRAT-AV-Discovery.yaml 14 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/StrRAT malware/StrRAT-Email-Delivery.yaml 28 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/StrRAT malware/StrRAT-Malware-Persistence.yaml 14 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/snip3-revengerat-c2-exfiltration.yaml 16 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/apt unidentified nov 18.yaml 14 25 1203 576 39 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/redmenshen-bpfdoor-backdoor.yaml 21 62 1084 293 84 47 2022-05-19 2024-07-18 61369934+blackb0lt@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/Campaigns/Macaw Ransomware/Use of MSBuild as LOLBin.yaml 14 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/Macaw Ransomware/Imminent Ransomware.yaml 38 25 1203 576 41 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/Macaw Ransomware/PSExec Attrib commands.yaml 17 25 1203 576 41 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/Macaw Ransomware/Inhibit recovery by disabling tools and functionality.yaml 16 25 1203 576 41 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/Macaw Ransomware/Disable Controlled Folders.yaml 14 25 1203 576 41 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/Macaw Ransomware/Mass account password change.yaml 15 25 1203 576 41 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/Cloud Hopper.yaml 14 25 1203 576 39 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/MacOceanLotusDropper.yaml 17 26 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/Qakbot/Qakbot email theft (1).yaml 15 26 1203 576 41 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/Qakbot/Excel launching anomalous processes.yaml 5 26 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/Qakbot/Qakbot reconnaissance activities.yaml 19 26 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/Qakbot/Qakbot email theft.yaml 15 26 1203 576 41 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/Qakbot/Qakbot Craigslist Domains.yaml 13 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/Qakbot/General attempts to access local email store.yaml 16 25 1203 576 39 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/possible-affected-software-orion[Nobelium].yaml 25 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/Ransomware hits healthcare - Possible compromised accounts.yaml 34 25 1203 576 39 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/APT Baby Shark.yaml 16 25 1203 576 39 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/robbinhood-evasion.yaml 25 54 1203 576 84 43 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/cypherpunk-exclusive-commands.yaml 18 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/Dopplepaymer In-Memory Malware Implant.yaml 14 25 1203 576 39 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/launching-base64-powershell[Nobelium].yaml 30 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/known-affected-software-orion[Nobelium].yaml 23 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/Hurricane Panda activity.yaml 15 25 1203 576 39 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Campaigns/snip3-malicious-network-connectivity.yaml 18 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Cloud Apps/file-download-events.yaml 28 39 644 293 63 30 2023-08-02 2024-07-18 keithfle@microsoft.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/Cloud Apps/aad-role-adds.yaml 34 53 614 293 112 42 2023-09-01 2024-07-18 keithfle@microsoft.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/Cloud Apps/mass-downloads.yaml 20 31 614 293 60 28 2023-09-01 2024-07-18 keithfle@microsoft.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/Cloud Apps/aad-group-adds.yaml 28 53 614 293 112 42 2023-09-01 2024-07-18 keithfle@microsoft.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/Email Queries/Remediation/Email remediation action list.yaml 25 51 334 57 89 37 2024-06-07 2025-03-11 v-atulyadav@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/Remediation/AIR investigation actions insight.yaml 35 11 58 13 15 13 2025-03-10 2025-04-24 45426291+damozes1@users.noreply.github.com v-prasadboke@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/ZAP/Total ZAP count.yaml 20 51 334 57 88 37 2024-06-07 2025-03-11 113417470+ajaj-shaikh@users.noreply.github.com v-atulyadav@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/Overrides/Top policies performing user overrides.yaml 20 52 335 57 90 37 2024-06-06 2025-03-11 113417470+ajaj-shaikh@users.noreply.github.com v-atulyadav@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/Overrides/Top policies performing admin overrides.yaml 20 51 335 57 88 37 2024-06-06 2025-03-11 113417470+ajaj-shaikh@users.noreply.github.com v-atulyadav@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/Overrides/User overrides.yaml 21 51 335 57 88 37 2024-06-06 2025-03-11 113417470+ajaj-shaikh@users.noreply.github.com v-atulyadav@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/Overrides/Admin overrides.yaml 21 51 335 57 88 37 2024-06-06 2025-03-11 113417470+ajaj-shaikh@users.noreply.github.com v-atulyadav@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/Mailflow/Top 100 senders.yaml 20 51 335 57 88 37 2024-06-06 2025-03-11 113417470+ajaj-shaikh@users.noreply.github.com v-atulyadav@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/Mailflow/Zero day threats.yaml 20 51 335 57 89 37 2024-06-06 2025-03-11 113417470+ajaj-shaikh@users.noreply.github.com v-atulyadav@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/Mailflow/Detections by detection methods.yaml 46 51 335 57 89 37 2024-06-06 2025-03-11 113417470+ajaj-shaikh@users.noreply.github.com v-atulyadav@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/Mailflow/Mailflow by directionality.yaml 21 51 335 57 89 37 2024-06-06 2025-03-11 113417470+ajaj-shaikh@users.noreply.github.com v-atulyadav@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/Mailflow/Top 100 malicious email senders.yaml 21 51 335 57 88 37 2024-06-06 2025-03-11 113417470+ajaj-shaikh@users.noreply.github.com v-atulyadav@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/Mailflow/Sender recipient contact establishment.yaml 35 50 331 57 87 37 2024-06-10 2025-03-11 v-atulyadav@microsoft.com v-atulyadav@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/Mailflow/Malicious emails detected per day.yaml 29 51 335 57 89 37 2024-06-06 2025-03-11 113417470+ajaj-shaikh@users.noreply.github.com v-atulyadav@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/Mailflow/Mail reply to new domain.yaml 40 51 335 57 89 37 2024-06-06 2025-03-11 113417470+ajaj-shaikh@users.noreply.github.com v-atulyadav@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/Phish/Possible device code phishing attempts.yaml 47 11 58 13 15 13 2025-03-10 2025-04-24 45426291+damozes1@users.noreply.github.com v-prasadboke@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/Phish/Possible Teams phishing activity.yaml 34 11 58 13 15 13 2025-03-10 2025-04-24 45426291+damozes1@users.noreply.github.com v-prasadboke@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/Phish/Appspot phishing abuse.yaml 31 50 334 57 88 37 2024-06-07 2025-03-11 v-atulyadav@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/Phish/PhishDetectionByDetectionMethod.yaml 39 49 338 57 86 38 2024-06-03 2025-03-11 113417470+ajaj-shaikh@users.noreply.github.com v-atulyadav@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/Hunting/Top outbound recipient domains sending inbound emails with threats.yaml 26 11 58 13 15 13 2025-03-10 2025-04-24 45426291+damozes1@users.noreply.github.com v-prasadboke@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/Hunting/BEC - File sharing tactics - Dropbox.yaml 30 11 58 13 15 13 2025-03-10 2025-04-24 45426291+damozes1@users.noreply.github.com v-prasadboke@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/Hunting/Email bombing.yaml 12 11 58 13 16 13 2025-03-10 2025-04-24 113417470+ajaj-shaikh@users.noreply.github.com v-prasadboke@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/Hunting/Inbox rule change which forward-redirect email.yaml 21 51 337 57 86 35 2024-06-04 2025-03-11 45426291+damozes1@users.noreply.github.com v-atulyadav@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/Hunting/BEC - File sharing tactics - OneDrive or SharePoint.yaml 38 11 58 13 15 13 2025-03-10 2025-04-24 45426291+damozes1@users.noreply.github.com v-prasadboke@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/Hunting/Hunt for malicious URLs using external IOC source.yaml 28 51 337 57 86 35 2024-06-04 2025-03-11 45426291+damozes1@users.noreply.github.com v-atulyadav@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/Hunting/Emails containing links to IP addresses.yaml 18 30 237 57 48 24 2024-09-12 2025-03-11 45426291+damozes1@users.noreply.github.com v-atulyadav@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/Hunting/Good emails from senders with bad patterns.yaml 30 30 237 57 48 24 2024-09-12 2025-03-11 45426291+damozes1@users.noreply.github.com v-atulyadav@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/Hunting/Automated email notifications and suspicious sign-in activity.yaml 26 11 58 13 15 13 2025-03-10 2025-04-24 45426291+damozes1@users.noreply.github.com v-prasadboke@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/Hunting/Hunt for email conversation take over attempts.yaml 40 48 321 57 94 37 2024-06-20 2025-03-11 45426291+damozes1@users.noreply.github.com v-atulyadav@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/Hunting/Hunt for malicious attachments using external IOC source.yaml 27 51 337 57 86 35 2024-06-04 2025-03-11 45426291+damozes1@users.noreply.github.com v-atulyadav@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/Hunting/Hunt for email bombing attacks.yaml 25 11 58 13 15 13 2025-03-10 2025-04-24 45426291+damozes1@users.noreply.github.com v-prasadboke@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/URL Click/User clicks on malicious inbound emails.yaml 28 51 335 57 90 37 2024-06-06 2025-03-11 113417470+ajaj-shaikh@users.noreply.github.com v-atulyadav@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/URL Click/URL click on ZAP Email.yaml 23 52 329 57 98 39 2024-06-12 2025-03-11 45426291+damozes1@users.noreply.github.com v-atulyadav@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/URL Click/URLClick details based on malicious URL click alert.yaml 22 49 321 57 95 37 2024-06-20 2025-03-11 45426291+damozes1@users.noreply.github.com v-atulyadav@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/URL Click/User clicked through events.yaml 20 51 335 57 90 37 2024-06-06 2025-03-11 113417470+ajaj-shaikh@users.noreply.github.com v-atulyadav@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/URL Click/URL click count by click action.yaml 22 51 335 57 91 37 2024-06-06 2025-03-11 113417470+ajaj-shaikh@users.noreply.github.com v-atulyadav@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/URL Click/URL clicks actions by URL.yaml 22 52 329 57 97 39 2024-06-12 2025-03-11 45426291+damozes1@users.noreply.github.com v-atulyadav@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/URL Click/User clicks on phishing URLs in emails.yaml 21 52 335 57 90 37 2024-06-06 2025-03-11 113417470+ajaj-shaikh@users.noreply.github.com v-atulyadav@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/URL Click/End user malicious clicks.yaml 24 51 335 57 90 37 2024-06-06 2025-03-11 113417470+ajaj-shaikh@users.noreply.github.com v-atulyadav@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/Attachment/Safe attachment detection.yaml 23 51 334 57 88 37 2024-06-07 2025-03-11 113417470+ajaj-shaikh@users.noreply.github.com v-atulyadav@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/Attachment/ATP policy status check.yaml 27 52 335 57 88 37 2024-06-06 2025-03-11 113417470+ajaj-shaikh@users.noreply.github.com v-atulyadav@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/Attachment/JNLP attachment.yaml 18 50 334 57 87 37 2024-06-07 2025-03-11 v-atulyadav@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/Authentication/Spoof attempts with auth failure.yaml 22 52 335 57 88 37 2024-06-06 2025-03-11 113417470+ajaj-shaikh@users.noreply.github.com v-atulyadav@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/Authentication/Authentication failures.yaml 23 51 334 57 88 37 2024-06-07 2025-03-11 113417470+ajaj-shaikh@users.noreply.github.com v-atulyadav@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/QR code/Suspicious sign-in attempts from QR code phishing campaigns.yaml 47 51 334 57 87 36 2024-06-07 2025-03-11 45426291+damozes1@users.noreply.github.com v-atulyadav@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/QR code/Personalized campaigns based on the first few keywords.yaml 25 51 334 57 87 36 2024-06-07 2025-03-11 45426291+damozes1@users.noreply.github.com v-atulyadav@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/QR code/Emails with QR codes from non-prevalent sender.yaml 36 51 331 57 91 38 2024-06-10 2025-03-11 45426291+damozes1@users.noreply.github.com v-atulyadav@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/QR code/Emails delivered having URLs from QR codes.yaml 25 51 331 57 91 38 2024-06-10 2025-03-11 45426291+damozes1@users.noreply.github.com v-atulyadav@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/QR code/Inbound emails with QR code URLs.yaml 25 51 331 57 91 38 2024-06-10 2025-03-11 45426291+damozes1@users.noreply.github.com v-atulyadav@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/QR code/Hunting for user signals-clusters.yaml 26 51 334 57 88 36 2024-06-07 2025-03-11 45426291+damozes1@users.noreply.github.com v-atulyadav@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/QR code/Personalized campaigns based on the last few keywords.yaml 25 51 334 57 87 36 2024-06-07 2025-03-11 45426291+damozes1@users.noreply.github.com v-atulyadav@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/QR code/Campaign with suspicious keywords.yaml 25 51 334 57 87 36 2024-06-07 2025-03-11 45426291+damozes1@users.noreply.github.com v-atulyadav@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/QR code/Emails with QR codes and suspicious keywords in subject.yaml 27 51 331 57 91 38 2024-06-10 2025-03-11 45426291+damozes1@users.noreply.github.com v-atulyadav@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/QR code/Risky sign-in attempt from a non-managed device.yaml 31 51 334 57 87 36 2024-06-07 2025-03-11 45426291+damozes1@users.noreply.github.com v-atulyadav@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/QR code/Hunting for sender patterns.yaml 47 51 334 57 87 36 2024-06-07 2025-03-11 45426291+damozes1@users.noreply.github.com v-atulyadav@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/QR code/Campaign with randomly named attachments.yaml 24 51 334 57 87 36 2024-06-07 2025-03-11 45426291+damozes1@users.noreply.github.com v-atulyadav@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/QR code/Custom detection-Emails with QR from non-prevalent senders.yaml 51 50 329 57 94 39 2024-06-12 2025-03-11 45426291+damozes1@users.noreply.github.com v-atulyadav@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/Quarantine/Quarantine Release Email Details.yaml 27 42 296 57 88 33 2024-07-15 2025-03-11 retro.writing0l@icloud.com v-atulyadav@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/Quarantine/Quarantine release trend.yaml 22 51 335 57 89 37 2024-06-06 2025-03-11 113417470+ajaj-shaikh@users.noreply.github.com v-atulyadav@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/Quarantine/High Confidence Phish Released.yaml 27 42 296 57 88 33 2024-07-15 2025-03-11 retro.writing0l@icloud.com v-atulyadav@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/Quarantine/Group quarantine release.yaml 24 51 335 57 89 37 2024-06-06 2025-03-11 113417470+ajaj-shaikh@users.noreply.github.com v-atulyadav@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/Spoof and Impersonation/Spoof and impersonation phish detections.yaml 22 51 335 57 88 37 2024-06-06 2025-03-11 113417470+ajaj-shaikh@users.noreply.github.com v-atulyadav@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/Spoof and Impersonation/Spoof and impersonation detections by sender IP.yaml 21 51 335 57 88 37 2024-06-06 2025-03-11 113417470+ajaj-shaikh@users.noreply.github.com v-atulyadav@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/Spoof and Impersonation/Referral phish emails.yaml 27 50 334 57 88 37 2024-06-07 2025-03-11 v-atulyadav@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/Spoof and Impersonation/Display Name - Spoof and Impersonation.yaml 35 50 338 57 87 38 2024-06-03 2025-03-11 113417470+ajaj-shaikh@users.noreply.github.com v-atulyadav@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/Spoof and Impersonation/User not covered under display name impersonation.yaml 28 51 335 57 88 37 2024-06-06 2025-03-11 113417470+ajaj-shaikh@users.noreply.github.com v-atulyadav@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/Top Attacks/Attacked more than x times average.yaml 24 50 331 57 88 37 2024-06-10 2025-03-11 v-atulyadav@microsoft.com v-atulyadav@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/Top Attacks/Top external malicious senders.yaml 21 50 331 57 88 37 2024-06-10 2025-03-11 v-atulyadav@microsoft.com v-atulyadav@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/Top Attacks/Top targeted users.yaml 21 51 335 57 89 37 2024-06-06 2025-03-11 113417470+ajaj-shaikh@users.noreply.github.com v-atulyadav@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/Top Attacks/Top 10 URL domains attacking organization.yaml 27 52 335 57 90 37 2024-06-06 2025-03-11 113417470+ajaj-shaikh@users.noreply.github.com v-atulyadav@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/Top Attacks/Top 10 percent of most attacked users.yaml 25 50 331 57 87 37 2024-06-10 2025-03-11 v-atulyadav@microsoft.com v-atulyadav@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/Top Attacks/Malicious mails by sender IPs.yaml 21 51 335 57 89 37 2024-06-06 2025-03-11 113417470+ajaj-shaikh@users.noreply.github.com v-atulyadav@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/Malware/Email containing malware accessed on a unmanaged device.yaml 30 49 321 57 95 37 2024-06-20 2025-03-11 45426291+damozes1@users.noreply.github.com v-atulyadav@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/Malware/Malware detections by detection methods.yaml 32 52 335 57 90 37 2024-06-06 2025-03-11 113417470+ajaj-shaikh@users.noreply.github.com v-atulyadav@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/Malware/Email malware detection report.yaml 26 52 335 57 88 37 2024-06-06 2025-03-11 113417470+ajaj-shaikh@users.noreply.github.com v-atulyadav@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/Malware/Email containing malware sent by an internal sender.yaml 20 51 329 57 95 39 2024-06-12 2025-03-11 45426291+damozes1@users.noreply.github.com v-atulyadav@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/Submissions/Status of submissions.yaml 25 50 331 57 87 37 2024-06-10 2025-03-11 v-atulyadav@microsoft.com v-atulyadav@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/Submissions/Admin reported submissions.yaml 22 50 331 57 89 37 2024-06-10 2025-03-11 v-atulyadav@microsoft.com v-atulyadav@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/Submissions/User reported submissions.yaml 22 50 331 57 88 37 2024-06-10 2025-03-11 v-atulyadav@microsoft.com v-atulyadav@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/Submissions/Top submitters of admin submissions.yaml 25 50 331 57 88 37 2024-06-10 2025-03-11 v-atulyadav@microsoft.com v-atulyadav@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/Submissions/Top submitters of user submissions.yaml 25 50 331 57 88 37 2024-06-10 2025-03-11 v-atulyadav@microsoft.com v-atulyadav@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/General/New TABL Items.yaml 33 44 306 57 92 35 2024-07-05 2025-03-11 retro.writing0l@icloud.com v-atulyadav@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/General/MDO daily detection summary report.yaml 65 52 337 57 87 35 2024-06-04 2025-03-11 45426291+damozes1@users.noreply.github.com v-atulyadav@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/General/Hunt for Admin email access.yaml 25 11 58 13 15 13 2025-03-10 2025-04-24 45426291+damozes1@users.noreply.github.com v-prasadboke@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/General/Malicious email senders.yaml 22 52 335 57 90 37 2024-06-06 2025-03-11 113417470+ajaj-shaikh@users.noreply.github.com v-atulyadav@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/General/Hunt for TABL changes.yaml 20 51 337 57 86 35 2024-06-04 2025-03-11 45426291+damozes1@users.noreply.github.com v-atulyadav@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/General/Mail item accessed.yaml 21 51 335 57 88 37 2024-06-06 2025-03-11 113417470+ajaj-shaikh@users.noreply.github.com v-atulyadav@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/General/Local time to UTC time conversion.yaml 20 51 335 57 88 37 2024-06-06 2025-03-11 113417470+ajaj-shaikh@users.noreply.github.com v-atulyadav@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/General/Email sender IP address Geo location information.yaml 20 11 58 13 15 13 2025-03-10 2025-04-24 45426291+damozes1@users.noreply.github.com v-prasadboke@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/General/Audit Email Preview-Download action.yaml 29 52 337 57 87 35 2024-06-04 2025-03-11 45426291+damozes1@users.noreply.github.com v-atulyadav@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/URL/Phishing Email Url Redirector.yaml 6 50 334 57 88 37 2024-06-07 2025-03-11 v-atulyadav@microsoft.com Hunting Queries/Microsoft 365 Defender/Email Queries/URL/SafeLinks URL detections.yaml 23 52 335 57 89 37 2024-06-06 2025-03-11 113417470+ajaj-shaikh@users.noreply.github.com v-atulyadav@microsoft.com Hunting Queries/Microsoft 365 Defender/Troubleshooting/Connectivity Failures by Domain.yaml 25 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Troubleshooting/Connectivity Failures by Device.yaml 87 26 1203 576 41 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Collection/MailItemsAccessedTimeSeries[Solarigate].yaml 49 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Collection/Anomaly of MailItemAccess by Other Users Mailbox [Nobelium].yaml 38 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Collection/HostExportingMailboxAndRemovingExport[Solarigate].yaml 32 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Defense evasion/qakbot-campaign-process-injection.yaml 21 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Defense evasion/alt-data-streams.yaml 26 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Defense evasion/suspicious-command-interpreters-added-to-registry.yaml 27 16 87 13 19 11 2025-02-09 2025-04-24 90253114+jounimi@users.noreply.github.com v-prasadboke@microsoft.com Hunting Queries/Microsoft 365 Defender/Defense evasion/clear-system-logs.yaml 19 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Defense evasion/locate-files-possibly-signed-by-fraudulent-ecc-certificates.yaml 7 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Defense evasion/regsvr32-rundll32-image-loads-abnormal-extension.yaml 29 25 463 268 38 21 2024-01-30 2024-08-12 “jouni.mikkola@wissy.org” 62938807+haim-na@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/Defense evasion/hiding-java-class-file.yaml 18 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Defense evasion/regsvr32-rundll32-with-anomalous-parent-process.yaml 30 26 463 268 40 21 2024-01-30 2024-08-12 “jouni.mikkola@wissy.org” 62938807+haim-na@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/Defense evasion/doppelpaymer-stop-services.yaml 24 54 1203 576 83 43 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Defense evasion/suspicious-base64-encoded-registry-keys.yaml 26 16 87 13 19 11 2025-02-09 2025-04-24 90253114+jounimi@users.noreply.github.com v-prasadboke@microsoft.com Hunting Queries/Microsoft 365 Defender/Defense evasion/PotentialMicrosoftDefenderTampering[Solarigate].yaml 33 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Defense evasion/Discovering potentially tampered devices [Nobelium].yaml 9 54 1203 293 100 49 2022-01-20 2024-07-18 orshemesh@microsoft.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/Defense evasion/UpdateStsRefreshToken[Solorigate].yaml 27 53 1203 293 99 49 2022-01-20 2024-07-18 orshemesh@microsoft.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/Defense evasion/regsvr32-rundll32-image-loads-from-abnormal-locations.yaml 39 26 463 268 40 21 2024-01-30 2024-08-12 “jouni.mikkola@wissy.org” 62938807+haim-na@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/Defense evasion/suspicious-keywords-in-registry.yaml 21 16 87 13 19 11 2025-02-09 2025-04-24 90253114+jounimi@users.noreply.github.com v-prasadboke@microsoft.com Hunting Queries/Microsoft 365 Defender/Defense evasion/deleting-data-w-cipher-tool.yaml 24 26 1203 576 41 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Defense evasion/ADFSDomainTrustMods[Nobelium].yaml 45 53 1203 293 99 49 2022-01-20 2024-07-18 orshemesh@microsoft.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/Defense evasion/MailPermissionsAddedToApplication[Nobelium].yaml 48 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Defense evasion/qakbot-campaign-self-deletion.yaml 22 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Command and Control/C2-NamedPipe.yaml 61 25 1203 576 41 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Command and Control/Device network events w low count FQDN.yaml 26 25 1203 576 39 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Command and Control/python-use-by-ransomware-macos.yaml 19 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Command and Control/reverse-shell-ransomware-macos.yaml 18 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Command and Control/check-for-shadowhammer-activity-download-domain.yaml 19 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Command and Control/c2-bluekeep.yaml 28 26 1203 576 42 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Command and Control/recon-with-rundll.yaml 25 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Command and Control/Tor.yaml 21 25 1203 576 39 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Command and Control/EncodedDomainURL [Nobelium].yaml 74 53 1203 293 99 49 2022-01-20 2024-07-18 orshemesh@microsoft.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/Command and Control/DNSPattern [Nobelium].yaml 71 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Command and Control/Connection to Rare DNS Hosts.yaml 31 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Delivery/Email link + download + SmartScreen warning.yaml 41 25 1203 576 39 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Delivery/powercat-download.yaml 23 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Delivery/Dropbox downloads linked from other site.yaml 20 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Delivery/Open email link.yaml 54 26 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Delivery/detect-jscript-file-creation.yaml 20 26 1203 576 41 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Delivery/Pivot from detections to related downloads.yaml 48 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Delivery/Qakbot Craigslist Domains.yaml 13 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Delivery/Gootkit-malware.yaml 27 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Delivery/Doc attachment with link to download.yaml 55 25 1203 576 39 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Credential Access/doppelpaymer-procdump.yaml 27 55 1203 576 84 43 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Credential Access/wadhrama-credential-dump.yaml 21 54 1203 576 83 43 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Credential Access/lazagne.yaml 29 54 1203 576 83 43 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Credential Access/Active Directory Sensitive Group Modifications.yaml 64 54 1203 293 83 52 2022-01-20 2024-07-18 orshemesh@microsoft.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/Credential Access/lsass-credential-dumping.yaml 30 20 422 268 34 21 2024-03-11 2024-08-12 “jouni.mikkola@wissy.org” 62938807+haim-na@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/Credential Access/procdump-lsass-credentials.yaml 22 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Credential Access/wdigest-caching.yaml 32 26 1203 576 41 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Credential Access/Private Key Files.yaml 27 25 1203 576 39 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Credential Access/identify-accounts-logged-on-to-endpoints-affected-by-cobalt-strike.yaml 39 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Credential Access/Attempts to request Kerberos service ticket using the AS service.yaml 34 21 384 261 33 19 2024-04-18 2024-08-19 97222872+vakohl@users.noreply.github.com v-prasadboke@microsoft.com Hunting Queries/Microsoft 365 Defender/Credential Access/logon-attempts-after-malicious-email.yaml 23 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Credential Access/cobalt-strike.yaml 5 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Fun/EmojiHunt.yaml 18 25 1203 576 39 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Fun/Make FolderPath Vogon Poetry.yaml 52 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Privilege escalation/ServicePrincipalAddedToRole [Nobelium].yaml 5 25 1203 576 41 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Privilege escalation/SAM-Name-Changes-CVE-2021-42278.yaml 20 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Privilege escalation/detect-cve-2019-1053-sandboxescape-exploit.yaml 25 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Privilege escalation/detect-cve-2019-1069-bearlpe-exploit.yaml 32 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Privilege escalation/detect-cve-2019-0863-AngryPolarBearBug2-exploit.yaml 26 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Privilege escalation/dell-driver-vulnerability-2021.yaml 5 26 1203 576 41 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Privilege escalation/cve-2019-0808-nufsys-file creation.yaml 28 25 1203 576 41 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Privilege escalation/detect-cve-2019-1129-byebear-exploit.yaml 27 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Privilege escalation/detect-av-edr-privileged-delete-vulnerability.yaml 25 27 874 576 34 24 2022-12-15 2023-10-09 61369934+blackb0lt@users.noreply.github.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Privilege escalation/riskySignInToElevateAccess.yaml 28 42 1140 293 78 42 2022-03-24 2024-07-18 45466083+shainw@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/Privilege escalation/detect-cve-2019-0973-installerbypass-exploit.yaml 26 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Privilege escalation/Add uncommon credential type to application [Nobelium].yaml 5 54 1203 293 101 49 2022-01-20 2024-07-18 orshemesh@microsoft.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/Privilege escalation/cve-2019-0808-set-scheduled-task.yaml 26 25 1203 576 41 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Privilege escalation/locate-ALPC-local-privilege-elevation-exploit.yaml 23 26 1203 576 41 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Privilege escalation/cve-2019-0808-c2.yaml 24 25 1203 576 42 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Lateral Movement/detect-suspicious-rdp-connections.yaml 41 26 1203 576 42 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Lateral Movement/ServiceAccountsPerformingRemotePS.yaml 55 25 1203 576 39 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Lateral Movement/Network Logons with Local Accounts.yaml 16 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Lateral Movement/remote-file-creation-with-psexec.yaml 38 55 1203 576 84 43 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Lateral Movement/Device Logons from Unknown IPs.yaml 26 25 1203 576 39 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Lateral Movement/Non-local logons with -500 account.yaml 13 25 1203 576 39 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Lateral Movement/Account brute force.yaml 23 25 1203 576 39 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Lateral Movement/ImpersonatedUserFootprint.yaml 35 50 1203 293 101 62 2022-01-20 2024-07-18 orshemesh@microsoft.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/Lateral Movement/doppelpaymer-psexec.yaml 26 55 1203 576 84 43 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Lateral Movement/Account brute force (1).yaml 26 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/General queries/insider-threat-detection-queries (2).yaml 10 26 1203 576 41 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/General queries/Crashing Applications.yaml 22 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/General queries/Alert Events from Internal IP Address.yaml 28 25 1203 576 39 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/General queries/Network footprint (3).yaml 16 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/General queries/Endpoint Agent Health Status Report.yaml 106 76 1203 293 121 67 2022-01-20 2024-07-18 orshemesh@microsoft.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/General queries/Events surrounding alert.yaml 19 25 1203 576 39 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/General queries/Machine info from IP address.yaml 23 25 1203 576 39 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/General queries/insider-threat-detection-queries.yaml 10 26 1203 576 41 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/General queries/insider-threat-detection-queries (14).yaml 10 26 1203 576 41 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/General queries/MD AV Signature and Platform Version.yaml 27 26 1203 576 42 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/General queries/Phish and Malware received by user vs total amount of email.yaml 15 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/General queries/File footprint (1).yaml 19 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/General queries/Events surrounding alert (1).yaml 27 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/General queries/insider-threat-detection-queries (7).yaml 28 26 1203 576 41 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/General queries/Detect Azure RemoteIP.yaml 33 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/General queries/Linux Agent Age Report.yaml 27 30 1022 576 47 30 2022-07-20 2023-10-09 64156578+mjmelone@users.noreply.github.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/General queries/Machine info from IP address (2).yaml 19 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/General queries/MITRE - Suspicious Events.yaml 70 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/General queries/insider-threat-detection-queries (13).yaml 10 26 1203 576 41 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/General queries/Firewall Policy Design Assistant.yaml 68 44 1203 576 66 43 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/General queries/Machine info from IP address (3).yaml 22 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/General queries/Services.yaml 12 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/General queries/insider-threat-detection-queries (18).yaml 10 26 1203 576 41 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/General queries/insider-threat-detection-queries (4).yaml 10 26 1203 576 41 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/General queries/insider-threat-detection-queries (9).yaml 10 26 1203 576 41 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/General queries/insider-threat-detection-queries (8).yaml 10 26 1203 576 42 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/General queries/insider-threat-detection-queries (6).yaml 26 26 1203 576 41 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/General queries/System Guard Security Level Drop.yaml 30 25 1203 576 39 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/General queries/Device uptime calculation.yaml 22 26 1203 576 44 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/General queries/File footprint.yaml 25 25 1203 576 39 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/General queries/Network footprint (1).yaml 20 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/General queries/insider-threat-detection-queries (19).yaml 10 26 1203 576 42 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/General queries/Failed Logon Attempt.yaml 18 25 1203 576 39 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/General queries/AppLocker Policy Design Assistant.yaml 45 26 1203 576 41 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/General queries/Network footprint (2).yaml 17 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/General queries/insider-threat-detection-queries (10).yaml 10 26 1203 576 41 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/General queries/Device Count by DNS Suffix.yaml 17 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/General queries/Events surrounding alert (2).yaml 23 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/General queries/Network footprint.yaml 15 25 1203 576 39 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/General queries/insider-threat-detection-queries (5).yaml 10 26 1203 576 41 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/General queries/insider-threat-detection-queries (17).yaml 39 26 1203 576 41 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/General queries/Baseline Comparison.yaml 257 25 1203 576 39 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/General queries/System Guard Security Level Baseline.yaml 19 25 1203 576 39 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/General queries/insider-threat-detection-queries (15).yaml 10 26 1203 576 41 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/General queries/Network info of machine.yaml 22 25 1203 576 39 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/General queries/insider-threat-detection-queries (3).yaml 10 55 1203 293 74 48 2022-01-20 2024-07-18 orshemesh@microsoft.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/General queries/insider-threat-detection-queries (12).yaml 10 26 1203 576 41 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/General queries/insider-threat-detection-queries (1).yaml 10 26 1203 576 41 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/General queries/wifikeys.yaml 17 49 1203 293 74 44 2022-01-20 2024-07-18 orshemesh@microsoft.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/General queries/insider-threat-detection-queries (16).yaml 10 26 1203 576 42 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/General queries/Machine info from IP address (1).yaml 32 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/General queries/Events surrounding alert (3).yaml 27 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/General queries/insider-threat-detection-queries (11).yaml 10 26 1203 576 41 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Exploits/Linux-DynoRoot-CVE-2018-1111.yaml 23 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Exploits/CVE-2022-26134-Confluence.yaml 23 32 1062 576 48 25 2022-06-10 2023-10-09 ashwin-patil@users.noreply.github.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Exploits/CVE-2022-22965 Network Activity.yaml 17 35 1129 576 48 26 2022-04-04 2023-10-09 47709940+endisphotic@users.noreply.github.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Exploits/print-pooler-service-suspicious-file-creation.yaml 23 18 1176 576 24 18 2022-02-16 2023-10-09 61369934+blackb0lt@users.noreply.github.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Exploits/VMWare-LPE-2022-22960.yaml 25 62 1084 293 80 46 2022-05-19 2024-07-18 61369934+blackb0lt@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Microsoft 365 Defender/Exploits/SolarWinds -CVE-2021-35211.yaml 4 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Exploits/CVE-2021-36934 usage detection.yaml 4 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Exploits/MosaicLoader.yaml 15 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Exploits/Print Spooler RCE/Suspicious files in spool folder.yaml 15 26 1203 576 41 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Exploits/Print Spooler RCE/Suspicious DLLs in spool folder.yaml 19 25 1203 576 41 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Exploits/Print Spooler RCE/Suspicious Spoolsv Child Process.yaml 35 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Exploits/Print Spooler RCE/Spoolsv Spawning Rundll32.yaml 17 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Exploits/printnightmare-cve-2021-1675 usage detection.yaml 6 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Exploits/winrar-cve-2018-20250-file-creation.yaml 5 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Exploits/Electron-CVE-2018-1000006.yaml 25 25 1203 576 39 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Exploits/winrar-cve-2018-20250-ace-files.yaml 23 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Exploits/Flash-CVE-2018-4848.yaml 22 25 1203 576 39 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Exploits/AcroRd-Exploits.yaml 10 25 1203 576 39 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/Microsoft 365 Defender/Exploits/printnightmare-cve-2021-1675 usage detection (1).yaml 6 25 1203 576 40 22 2022-01-20 2023-10-09 orshemesh@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/ASimProcess/imProcess_Suspicious_enumeration_using_adfind.yaml 39 23 1424 576 30 19 2021-06-13 2023-10-09 t-yuvalnaor@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/ASimProcess/imProcess_enumeration_user_and_group.yaml 18 36 1424 576 52 34 2021-06-13 2023-10-09 t-yuvalnaor@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/ASimProcess/imProcess_NishangReverseTCPShellBase64.yaml 28 38 1428 391 53 34 2021-06-09 2024-04-11 t-yuvalnaor@microsoft.com v-prasadboke@microsoft.com Hunting Queries/ASimProcess/imProcess_Invoke-PowerShellTcpOneLine.yaml 27 38 1428 391 53 34 2021-06-09 2024-04-11 t-yuvalnaor@microsoft.com v-prasadboke@microsoft.com Hunting Queries/ASimProcess/imProcess_HostExportingMailboxAndRemovingExport.yaml 39 37 1428 576 53 34 2021-06-09 2023-10-09 t-yuvalnaor@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/ASimProcess/imProcess_Windows System Shutdown-Reboot(T1529).yaml 23 34 1416 576 48 33 2021-06-21 2023-10-09 github@shezaf.com mrudula.oruganti@gigamon.com Hunting Queries/ASimProcess/imProcess_ExchangePowerShellSnapin.yaml 27 37 1428 576 52 34 2021-06-09 2023-10-09 t-yuvalnaor@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/ASimProcess/imProcess_Certutil-LOLBins.yaml 24 34 1416 576 49 33 2021-06-21 2023-10-09 github@shezaf.com mrudula.oruganti@gigamon.com Hunting Queries/ASimProcess/inProcess_SignedBinaryProxyExecutionRundll32.yaml 24 34 1416 576 49 33 2021-06-21 2023-10-09 github@shezaf.com mrudula.oruganti@gigamon.com Hunting Queries/ASimProcess/imProcess_uncommon_processes.yaml 28 37 1424 576 53 35 2021-06-13 2023-10-09 t-yuvalnaor@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/ASimProcess/imProcess_ProcessEntropy.yaml 146 69 1424 293 121 77 2021-06-13 2024-07-18 t-yuvalnaor@microsoft.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/ASimProcess/imProcess_SolarWindsInventory.yaml 19 68 1424 293 120 76 2021-06-13 2024-07-18 t-yuvalnaor@microsoft.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/ASimProcess/imProcess_Dev-0056CommandLineActivityNovember2021(ASIMVersion).yaml 32 49 1162 293 92 63 2022-03-02 2024-07-18 37783395+aprakash13@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/ASimProcess/Discorddownloadinvokedfromcmdline(ASIMVersion).yaml 47 66 1162 293 114 76 2022-03-02 2024-07-18 37783395+aprakash13@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/ASimProcess/imProcess_cscript_summary.yaml 21 36 1424 576 50 34 2021-06-13 2023-10-09 t-yuvalnaor@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/ASimProcess/imProcess_persistence_create_account.yaml 27 36 1424 576 51 34 2021-06-13 2023-10-09 t-yuvalnaor@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/ASimProcess/imProcess_powershell_downloads.yaml 18 89 1428 293 170 85 2021-06-09 2024-07-18 t-yuvalnaor@microsoft.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/ASimProcess/imProcess_PowerCatDownload.yaml 26 23 1428 576 30 19 2021-06-09 2023-10-09 t-yuvalnaor@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/ASimRegistry/Crashdumpdisabledonhost(ASIMVersion).yaml 34 41 1162 576 54 41 2022-03-02 2023-10-09 37783395+aprakash13@users.noreply.github.com mrudula.oruganti@gigamon.com Hunting Queries/SQLServer/SQL-UserAdded_to_SecurityAdmin.yaml 4 90 1768 457 136 80 2020-07-04 2024-02-05 ihussain@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/SQLServer/SQL-MultipleFailedLogon_InShortSpan.yaml 4 91 1768 457 137 80 2020-07-04 2024-02-05 ihussain@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/SQLServer/SQL-UserRoleChanged.yaml 4 90 1768 457 136 80 2020-07-04 2024-02-05 ihussain@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/SQLServer/SQL-New_UserCreated.yaml 4 91 1768 457 137 80 2020-07-04 2024-02-05 ihussain@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/SQLServer/SQL-UserDeletedFromDatabase.yaml 4 90 1768 457 136 80 2020-07-04 2024-02-05 ihussain@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/SQLServer/SQL-Failed SQL Logons.yaml 4 91 1768 457 138 80 2020-07-04 2024-02-05 ihussain@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/SQLServer/SQL-UserRemovedFromSecurityAdmin.yaml 4 90 1768 457 136 80 2020-07-04 2024-02-05 ihussain@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/SQLServer/SQL-UserRemovedFromServerRole.yaml 4 90 1768 457 136 80 2020-07-04 2024-02-05 ihussain@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/SQLServer/SQL-MultipleFailedLogon_FromSameIP.yaml 4 90 1768 457 136 80 2020-07-04 2024-02-05 ihussain@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/AzureDevOpsAuditing/Project visibility changed to public.yaml 4 52 1776 576 70 57 2020-06-26 2023-10-09 hosam.kamel@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/AzureDevOpsAuditing/ADOReleasePipelineCreated.yaml 4 54 1551 576 74 57 2021-02-06 2023-10-09 peter.bryan@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/AzureDevOpsAuditing/AAD Conditional Access Disabled.yaml 4 86 1776 293 138 81 2020-06-26 2024-07-18 hosam.kamel@microsoft.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/AzureDevOpsAuditing/Addtional Org Admin Added.yaml 4 58 1776 576 79 62 2020-06-26 2023-10-09 hosam.kamel@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/AzureDevOpsAuditing/ADOBuildCheckDeleted.yaml 4 46 1547 576 63 51 2021-02-10 2023-10-09 peter.bryan@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/AzureDevOpsAuditing/ADONewPackageFeedCreated.yaml 4 73 1551 576 106 74 2021-02-06 2023-10-09 peter.bryan@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/AzureDevOpsAuditing/Guest users access enabled.yaml 4 58 1776 576 79 62 2020-06-26 2023-10-09 hosam.kamel@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/AzureDevOpsAuditing/AzDOPrPolicyBypassers.yaml 4 49 1755 576 67 55 2020-07-17 2023-10-09 45466083+shainw@users.noreply.github.com mrudula.oruganti@gigamon.com Hunting Queries/AzureDevOpsAuditing/ADOBuildDeletedAfterPipelineMod.yaml 4 46 1541 576 66 51 2021-02-16 2023-10-09 peter.bryan@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/AzureDevOpsAuditing/AzDODisplayNameSwapping.yaml 4 49 1755 576 67 55 2020-07-17 2023-10-09 45466083+shainw@users.noreply.github.com mrudula.oruganti@gigamon.com Hunting Queries/AzureDevOpsAuditing/Public project created.yaml 4 58 1776 576 79 62 2020-06-26 2023-10-09 hosam.kamel@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/AzureDevOpsAuditing/ADOVariableCreatedDeleted.yaml 4 60 1541 576 84 64 2021-02-16 2023-10-09 peter.bryan@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/AzureDevOpsAuditing/ADONewReleaseApprover.yaml 4 53 1541 576 73 57 2021-02-16 2023-10-09 peter.bryan@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/AzureDevOpsAuditing/ADONewAgentPoolCreated.yaml 4 46 1541 576 63 51 2021-02-16 2023-10-09 peter.bryan@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/AzureDevOpsAuditing/ADOInternalUpstreamPacakgeFeedAdded.yaml 4 54 1551 576 74 57 2021-02-06 2023-10-09 peter.bryan@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/AzureDevOpsAuditing/ADONewPATOperation.yaml 4 53 1541 576 73 57 2021-02-16 2023-10-09 peter.bryan@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/AzureDevOpsAuditing/Public Projects enabled.yaml 4 58 1776 576 79 62 2020-06-26 2023-10-09 hosam.kamel@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/DnsEvents/Solorigate-DNS-Pattern.yaml 4 111 1602 457 164 92 2020-12-17 2024-02-05 45466083+shainw@users.noreply.github.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/DnsEvents/Solorigate-Encoded-Domain-URL.yaml 4 121 1602 457 175 97 2020-12-17 2024-02-05 45466083+shainw@users.noreply.github.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/DnsEvents/DNS_WannaCry.yaml 4 108 2075 457 154 89 2019-09-01 2024-02-05 shainw@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/DnsEvents/DNS_DomainAnomalousLookupIncrease.yaml 4 96 2075 457 137 75 2019-09-01 2024-02-05 shainw@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/DnsEvents/DNS_HighPercentNXDomainCount.yaml 4 98 2075 457 139 76 2019-09-01 2024-02-05 shainw@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/DnsEvents/DNS_CommonlyAbusedTLDs.yaml 4 115 2075 457 162 93 2019-09-01 2024-02-05 shainw@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/DnsEvents/DNS_LongURILookup.yaml 4 111 2075 457 159 94 2019-09-01 2024-02-05 shainw@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/DnsEvents/DNS_FullNameAnomalousLookupIncrease.yaml 4 95 2075 457 136 75 2019-09-01 2024-02-05 shainw@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/DnsEvents/DNS_HighReverseDNSCount.yaml 4 104 2075 457 147 85 2019-09-01 2024-02-05 shainw@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/W3CIISLog/WebShellActivity.yaml 4 82 1444 293 117 84 2021-05-24 2024-07-18 74541184+vanimstic@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/W3CIISLog/SuspectedProxyTokenExploitation.yaml 31 32 1346 576 38 33 2021-08-30 2023-10-09 peter.bryan@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/W3CIISLog/Potential_IIS_BF.yaml 83 99 2072 293 141 87 2019-09-04 2024-07-18 42559062+juliango2100@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/W3CIISLog/PotentialWebshell.yaml 5 111 2072 293 157 102 2019-09-04 2024-07-18 42559062+juliango2100@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/W3CIISLog/SuspectedMailBoxExportHostonOWA.yaml 26 129 1600 293 184 104 2020-12-19 2024-07-18 45466083+shainw@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/W3CIISLog/RareUserAgentStrings.yaml 43 75 2072 576 99 72 2019-09-04 2023-10-09 42559062+juliango2100@users.noreply.github.com mrudula.oruganti@gigamon.com Hunting Queries/W3CIISLog/ExchangeServerProxyLogonURI.yaml 30 69 1507 576 90 60 2021-03-22 2023-10-09 62295189+thmcelro@users.noreply.github.com mrudula.oruganti@gigamon.com Hunting Queries/W3CIISLog/RareClientFileAccess.yaml 52 156 1869 293 228 125 2020-03-25 2024-07-18 62295189+thmcelro@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/W3CIISLog/ClientIPwithManyUserAgents.yaml 38 114 2072 293 159 98 2019-09-04 2024-07-18 42559062+juliango2100@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/W3CIISLog/ExchangeServerSuspiciousURIsVisited.yaml 44 60 1504 576 81 56 2021-03-25 2023-10-09 peter.bryan@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/W3CIISLog/Potential_IIS_CodeInject.yaml 94 128 2072 293 180 98 2019-09-04 2024-07-18 42559062+juliango2100@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/SigninLogs/DisabledAccountSigninAttempts.yaml 4 103 2072 457 145 83 2019-09-04 2024-02-05 42559062+juliango2100@users.noreply.github.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/SigninLogs/riskSignInWithDeviceRegistration.yaml 57 25 1139 576 36 25 2022-03-25 2023-10-09 37783395+aprakash13@users.noreply.github.com mrudula.oruganti@gigamon.com Hunting Queries/SigninLogs/AnomalousUserAppSigninLocationIncrease.yaml 9 119 2072 293 195 98 2019-09-04 2024-07-18 42559062+juliango2100@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/SigninLogs/UnauthUser_AzurePortal.yaml 17 63 2072 576 86 61 2019-09-04 2023-10-09 42559062+juliango2100@users.noreply.github.com mrudula.oruganti@gigamon.com Hunting Queries/SigninLogs/LowAndSlowPasswordAttempt.yaml 37 66 1310 293 95 66 2021-10-05 2024-07-18 62295189+thmcelro@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/SigninLogs/DisabledAccountSigninAttemptsByIP.yaml 4 91 2072 457 130 78 2019-09-04 2024-02-05 42559062+juliango2100@users.noreply.github.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/SigninLogs/InactiveAccounts.yaml 93 111 2072 293 162 91 2019-09-04 2024-07-18 42559062+juliango2100@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/SigninLogs/multipleAADAdminRemovals.yaml 34 53 1139 293 93 50 2022-03-25 2024-07-18 37783395+aprakash13@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/SigninLogs/Signins-from-NordVPN-Providers.yaml 4 70 1140 457 100 57 2022-03-24 2024-02-05 45466083+shainw@users.noreply.github.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/SigninLogs/SmartLockouts.yaml 26 19 1287 576 28 19 2021-10-28 2023-10-09 pebryan@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/SigninLogs/SignInLogsWithExpandedPolicies.yaml 43 56 2072 576 73 57 2019-09-04 2023-10-09 42559062+juliango2100@users.noreply.github.com mrudula.oruganti@gigamon.com Hunting Queries/SigninLogs/SpikeInFailedSignInAttempts.yaml 42 34 1286 576 52 34 2021-10-29 2023-10-09 aviyer@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/SigninLogs/signinBurstFromMultipleLocations.yaml 70 101 2072 293 155 96 2019-09-04 2024-07-18 42559062+juliango2100@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/SigninLogs/LoginSpikeWithIncreaseFailureRate.yaml 75 92 1682 293 134 83 2020-09-28 2024-07-18 62295189+thmcelro@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/SigninLogs/SuspiciousSignintoPrivilegedAccount.yaml 4 65 1293 457 102 57 2021-10-22 2024-02-05 jekurien@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/SigninLogs/AdministratorsAuthenticatingtoAnotherAzureADTenant.yaml 41 66 1034 293 118 51 2022-07-08 2024-07-18 pebryan@microsoft.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/SigninLogs/UserAccountsMeasurableincreaseofsuccessfulsignins.yaml 66 33 1286 576 50 29 2021-10-29 2023-10-09 ashwin-patil@users.noreply.github.com mrudula.oruganti@gigamon.com Hunting Queries/SigninLogs/AnomalousUserAppSigninLocationIncreaseDetail.yaml 11 119 2072 293 193 98 2019-09-04 2024-07-18 42559062+juliango2100@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/SigninLogs/AADSuspectedBruteForce.yaml 39 22 1252 576 32 19 2021-12-02 2023-10-09 cesarmaneiro@gmail.com mrudula.oruganti@gigamon.com Hunting Queries/SigninLogs/SuccessThenFail_SameUserDiffApp.yaml 65 83 2072 293 108 83 2019-09-04 2024-07-18 42559062+juliango2100@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/SigninLogs/Signins-From-VPS-Providers.yaml 4 133 1602 457 193 101 2020-12-17 2024-02-05 45466083+shainw@users.noreply.github.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/SigninLogs/SuccessfulAccount-SigninAttemptsByIPviaDisabledAccounts.yaml 58 51 1742 576 75 48 2020-07-30 2023-10-09 45466083+shainw@users.noreply.github.com mrudula.oruganti@gigamon.com Hunting Queries/SigninLogs/UserAccounts-BlockedAccounts.yaml 50 51 1286 293 70 50 2021-10-29 2024-07-18 ashwin-patil@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/SigninLogs/MFASpamming.yaml 44 24 435 268 39 23 2024-02-27 2024-08-12 v-prasadboke@microsoft.com 62938807+haim-na@users.noreply.github.com Hunting Queries/SigninLogs/anomalous_app_azuread_signin.yaml 54 91 2072 293 145 83 2019-09-04 2024-07-18 42559062+juliango2100@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/SigninLogs/MFAUserBlocked.yaml 101 133 1857 268 224 107 2020-04-06 2024-08-12 45466083+shainw@users.noreply.github.com 62938807+haim-na@users.noreply.github.com Hunting Queries/GitHub/Inactive or New Account Usage.yaml 43 63 1791 457 78 50 2020-06-11 2024-02-05 itay.argoety@gmail.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/GitHub/Mass Deletion of Repositories .yaml 33 64 1791 457 79 50 2020-06-11 2024-02-05 itay.argoety@gmail.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/GitHub/Unusual Number of Repository Clones.yaml 32 100 1766 293 141 79 2020-07-06 2024-07-18 ashwinpatil@outlook.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/GitHub/Suspicious Fork Activity.yaml 37 76 1791 293 100 73 2020-06-11 2024-07-18 itay.argoety@gmail.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/GitHub/Oauth App Restrictions Disabled.yaml 15 63 1791 576 85 54 2020-06-11 2023-10-09 itay.argoety@gmail.com mrudula.oruganti@gigamon.com Hunting Queries/GitHub/Repository Permission Switched to Public.yaml 15 58 1791 576 75 51 2020-06-11 2023-10-09 itay.argoety@gmail.com mrudula.oruganti@gigamon.com Hunting Queries/GitHub/User First Time Repository Delete Activity.yaml 24 41 1791 576 49 34 2020-06-11 2023-10-09 itay.argoety@gmail.com mrudula.oruganti@gigamon.com Hunting Queries/GitHub/Org Repositories Default Permissions Change.yaml 15 40 1791 576 50 35 2020-06-11 2023-10-09 itay.argoety@gmail.com mrudula.oruganti@gigamon.com Hunting Queries/GitHub/User Grant Access and Grants Other Access.yaml 25 67 1791 457 91 57 2020-06-11 2024-02-05 itay.argoety@gmail.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/GitHub/First Time User Invite and Add Member to Org.yaml 24 49 1791 576 60 39 2020-06-11 2023-10-09 itay.argoety@gmail.com mrudula.oruganti@gigamon.com Hunting Queries/BehaviorAnalytics/Anomalous Failed Logon.yaml 4 61 1757 576 94 53 2020-07-15 2023-10-09 igal.shapira@gmail.com mrudula.oruganti@gigamon.com Hunting Queries/BehaviorAnalytics/Anomalous Activity Role Assignment.yaml 4 91 1666 576 132 71 2020-10-14 2023-10-09 ramaro@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/BehaviorAnalytics/Anomalous Role Assignment.yaml 4 65 1757 576 99 53 2020-07-15 2023-10-09 igal.shapira@gmail.com mrudula.oruganti@gigamon.com Hunting Queries/BehaviorAnalytics/Anomalous Code Execution.yaml 4 62 1700 576 96 51 2020-09-10 2023-10-09 ramaro@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/BehaviorAnalytics/Anomalous Password Reset.yaml 4 65 1757 576 99 53 2020-07-15 2023-10-09 igal.shapira@gmail.com mrudula.oruganti@gigamon.com Hunting Queries/BehaviorAnalytics/Anomalous Defensive Mechanism Modification.yaml 4 76 1700 576 115 65 2020-09-10 2023-10-09 ramaro@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/BehaviorAnalytics/Anomalous AAD Account Manipulation.yaml 4 125 1757 58 200 96 2020-07-15 2025-03-10 itay.argoety@gmail.com idoshabi@microsoft.com Hunting Queries/BehaviorAnalytics/Anomalous Sign-in Activity.yaml 4 73 1757 576 109 56 2020-07-15 2023-10-09 igal.shapira@gmail.com mrudula.oruganti@gigamon.com Hunting Queries/BehaviorAnalytics/Anomalous Resource Access.yaml 4 71 1757 576 106 55 2020-07-15 2023-10-09 igal.shapira@gmail.com mrudula.oruganti@gigamon.com Hunting Queries/BehaviorAnalytics/Anomalous Geo Location Logon.yaml 4 67 1757 576 101 54 2020-07-15 2023-10-09 igal.shapira@gmail.com mrudula.oruganti@gigamon.com Hunting Queries/BehaviorAnalytics/Anomalous Login to Devices.yaml 4 72 1757 576 107 56 2020-07-15 2023-10-09 igal.shapira@gmail.com mrudula.oruganti@gigamon.com Hunting Queries/BehaviorAnalytics/Anomalous Account Creation.yaml 4 99 1757 293 167 77 2020-07-15 2024-07-18 igal.shapira@gmail.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/BehaviorAnalytics/Anomalous Data Access.yaml 4 62 1700 576 96 51 2020-09-10 2023-10-09 ramaro@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/BehaviorAnalytics/Anomalous RDP Activity.yaml 4 71 1757 576 106 55 2020-07-15 2023-10-09 igal.shapira@gmail.com mrudula.oruganti@gigamon.com Hunting Queries/AuditLogs/UserGrantedAccess_AllAuditActivity.yaml 90 65 2017 576 86 64 2019-10-29 2023-10-09 shainw@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/AuditLogs/ConsentToApplicationDiscovery.yaml 99 92 2075 293 151 95 2019-09-01 2024-07-18 shainw@microsoft.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/AuditLogs/BitLockerKeyRetrieval.yaml 35 34 1034 576 49 26 2022-07-08 2023-10-09 pebryan@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/AuditLogs/StsRefreshTokenModification.yaml 4 87 1580 457 125 77 2021-01-08 2024-02-05 45466083+shainw@users.noreply.github.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/AuditLogs/ApprovedAccessPackagesDetails.yaml 61 15 292 259 40 16 2024-07-19 2024-08-21 retro.writing0l@icloud.com nilepagn@microsoft.com Hunting Queries/AuditLogs/AccountMFAModifications.yaml 36 25 581 293 59 26 2023-10-04 2024-07-18 peter.bryan@microsoft.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/AuditLogs/AccountAddedtoPrivilegedPIMGroup.yaml 35 33 1263 576 51 33 2021-11-21 2023-10-09 45466083+shainw@users.noreply.github.com mrudula.oruganti@gigamon.com Hunting Queries/AuditLogs/NonredeemedGuesUserInvites.yaml 53 60 1002 293 87 48 2022-08-09 2024-07-18 aspatil@microsoft.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/AuditLogs/RareAuditActivityByUser.yaml 74 93 2075 293 131 82 2019-09-01 2024-07-18 shainw@microsoft.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/AuditLogs/UsersAuthenticatingtoOtherAzureADTenants.yaml 30 62 1034 293 108 49 2022-07-08 2024-07-18 pebryan@microsoft.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/AuditLogs/UserGrantedAccess_GrantsOthersAccess.yaml 4 100 2017 457 140 84 2019-10-29 2024-02-05 shainw@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/AuditLogs/AppRequiredResourceAccessUpdate.yaml 48 15 1379 576 18 14 2021-07-28 2023-10-09 peter.bryan@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/AuditLogs/RareAuditActivityByApp.yaml 79 94 2075 293 131 82 2019-09-01 2024-07-18 shainw@microsoft.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/CloudAppEvents/SetPolicyConfigInCloudAppEvents.yaml 35 25 435 261 32 20 2024-02-27 2024-08-19 jamie.huang@gmail.com v-prasadboke@microsoft.com Hunting Queries/ThreatIntelligenceIndicator/FileEntity_Syslog.yaml 4 105 2078 457 156 87 2019-08-29 2024-02-05 45466083+shainw@users.noreply.github.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/ThreatIntelligenceIndicator/FileEntity_WireData.yaml 4 109 2078 457 162 90 2019-08-29 2024-02-05 45466083+shainw@users.noreply.github.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/ThreatIntelligenceIndicator/FileEntity_SecurityEvent.yaml 4 105 2078 457 157 87 2019-08-29 2024-02-05 45466083+shainw@users.noreply.github.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/ThreatIntelligenceIndicator/FileEntity_OfficeActivity.yaml 4 105 2078 457 156 87 2019-08-29 2024-02-05 45466083+shainw@users.noreply.github.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/ThreatIntelligenceIndicator/FileEntity_VMConnection.yaml 4 109 2078 457 162 90 2019-08-29 2024-02-05 45466083+shainw@users.noreply.github.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/ZoomLogs/NewTZ.yaml 36 79 1836 576 99 67 2020-04-27 2023-10-09 peter.bryan@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/ZoomLogs/MultipleRegistrationDenies.yaml 46 105 1839 293 145 88 2020-04-24 2024-07-18 peter.bryan@microsoft.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/ZoomLogs/HighCPURoom.yaml 35 79 1839 576 97 68 2020-04-24 2023-10-09 peter.bryan@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/ZoomLogs/NewDomainAccess.yaml 31 72 1836 576 89 64 2020-04-27 2023-10-09 peter.bryan@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/LAQueryLogs/MultipleLargeQueriesByUser.yaml 35 70 1688 576 89 61 2020-09-22 2023-10-09 pebryan@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/LAQueryLogs/NewServicePrincipalRunningQueries.yaml 40 63 1688 576 79 52 2020-09-22 2023-10-09 pebryan@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/LAQueryLogs/NewClientRunningQueries.yaml 38 62 1688 576 78 52 2020-09-22 2023-10-09 pebryan@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/LAQueryLogs/QueryDataVolumeAnomolies.yaml 42 63 1688 576 80 52 2020-09-22 2023-10-09 pebryan@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/LAQueryLogs/QueryLookingForSecrets.yaml 40 70 1688 576 89 61 2020-09-22 2023-10-09 pebryan@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/LAQueryLogs/NewUserRunningQueries.yaml 35 63 1688 576 79 52 2020-09-22 2023-10-09 pebryan@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/LAQueryLogs/UserRunningMultipleQueriesThatFail.yaml 34 63 1688 576 79 52 2020-09-22 2023-10-09 pebryan@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/LAQueryLogs/CrossWorkspaceQueryAnomolies.yaml 51 63 1706 576 79 52 2020-09-04 2023-10-09 pebryan@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/LAQueryLogs/UserReturningMoreDataThanDailyAverage.yaml 48 89 1688 293 111 71 2020-09-22 2024-07-18 pebryan@microsoft.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/LAQueryLogs/CrossServiceADXQueries.yaml 24 43 1106 576 61 31 2022-04-27 2023-10-09 ep3p@users.noreply.github.com mrudula.oruganti@gigamon.com Hunting Queries/LAQueryLogs/NewUserCallingSensitiveWatchlist.yaml 36 16 1367 576 20 15 2021-08-09 2023-10-09 pebryan@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/WireData/WireDataBeacon.yaml 54 119 2072 293 170 102 2019-09-04 2024-07-18 42559062+juliango2100@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Syslog/Apache_log4j_Vulnerability.yaml 4 85 1243 457 137 69 2021-12-11 2024-02-05 45466083+shainw@users.noreply.github.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/Syslog/Suspicious_ShellScript_Activity.yaml 4 74 1241 457 124 62 2021-12-13 2024-02-05 v-rucdu@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/Syslog/Linux_Toolkit_Detected.yaml 4 72 1238 457 117 59 2021-12-16 2024-02-05 fihry@tenable.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/Syslog/SchedTaskEditViaCrontab.yaml 4 92 2072 457 127 69 2019-09-04 2024-02-05 42559062+juliango2100@users.noreply.github.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/Syslog/CryptoThreatActivity.yaml 4 59 904 457 83 39 2022-11-15 2024-02-05 jekurien@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/Syslog/Process_Termination_Activity.yaml 4 74 1240 457 120 59 2021-12-14 2024-02-05 fihry@tenable.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/Syslog/Firewall_Disable_Activity.yaml 4 73 1239 457 119 59 2021-12-15 2024-02-05 45466083+shainw@users.noreply.github.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/Syslog/SCXExecuteRunAsProviders.yaml 4 42 860 457 65 33 2022-12-29 2024-02-05 v-sabiraj@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/Syslog/SchedTaskAggregation.yaml 4 92 2072 457 127 69 2019-09-04 2024-02-05 42559062+juliango2100@users.noreply.github.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/Syslog/disabled_account_squid_usage.yaml 54 81 2072 293 119 69 2019-09-04 2024-07-18 42559062+juliango2100@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/Syslog/Base64_Download_Activity.yaml 4 75 1242 457 123 62 2021-12-12 2024-02-05 45466083+shainw@users.noreply.github.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/Syslog/squid_volume_anomalies.yaml 4 64 2072 457 94 50 2019-09-04 2024-02-05 42559062+juliango2100@users.noreply.github.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/Syslog/RareProcess_ForLxHost.yaml 4 91 1746 457 125 64 2020-07-26 2024-02-05 yafruch@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/Syslog/squid_abused_tlds.yaml 4 99 2072 457 137 74 2019-09-04 2024-02-05 42559062+juliango2100@users.noreply.github.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/Syslog/squid_malformed_requests.yaml 4 95 2072 457 130 70 2019-09-04 2024-02-05 42559062+juliango2100@users.noreply.github.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/Syslog/CryptoCurrencyMiners.yaml 4 76 1846 457 112 62 2020-04-17 2024-02-05 kevin.sheldrake@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/Syslog/Container_Miner_Activity.yaml 4 71 1237 457 116 57 2021-12-17 2024-02-05 45466083+shainw@users.noreply.github.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/CommonSecurityLog/NetworkConnectionToNewExternalLDAPServer.yaml 4 73 1237 457 122 63 2021-12-17 2024-02-05 37783395+aprakash13@users.noreply.github.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/CommonSecurityLog/RiskyCommandB64EncodedInUrl.yaml 4 71 1072 457 107 52 2022-05-31 2024-02-05 62295189+thmcelro@users.noreply.github.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/CommonSecurityLog/AbnormallyLargeJPEGFiledDownloadedfromNewSource.yaml 42 35 1016 576 56 33 2022-07-26 2023-10-09 peter.bryan@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/CommonSecurityLog/B64IPInURL.yaml 4 71 1072 457 106 52 2022-05-31 2024-02-05 62295189+thmcelro@users.noreply.github.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/AWSCloudTrail/AWS_Unused_UnsupportedCloudRegions.yaml 4 71 1836 576 90 63 2020-04-27 2023-10-09 ashwinpatil@outlook.com mrudula.oruganti@gigamon.com Hunting Queries/AWSCloudTrail/AWS_SuspiciousCredentialTokenAccessOfValid_IAM_Roles.yaml 4 69 1968 576 85 63 2019-12-17 2023-10-09 ashwinpatil@outlook.com mrudula.oruganti@gigamon.com Hunting Queries/AWSCloudTrail/AWS_IAM_PolicyChange.yaml 4 64 2075 576 80 59 2019-09-01 2023-10-09 shainw@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/AWSCloudTrail/AWS_PrivilegedRoleAttachedToInstance.yaml 4 63 2003 576 76 54 2019-11-12 2023-10-09 ashwinpatil@outlook.com mrudula.oruganti@gigamon.com Hunting Queries/AWSCloudTrail/AWS_IAM_PrivilegeEscalationbyAttachment.yaml 4 66 1836 576 82 61 2020-04-27 2023-10-09 ashwinpatil@outlook.com mrudula.oruganti@gigamon.com Hunting Queries/AzureActivity/Rare_Custom_Script_Extension.yaml 3 82 1851 457 113 69 2020-04-12 2024-02-05 aprakash@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/AzureActivity/Anomalous_Listing_Of_Storage_Keys.yaml 3 114 2075 457 167 91 2019-09-01 2024-02-05 shainw@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/AzureActivity/Azure-CloudShell-Usage.yaml 42 87 1602 293 141 93 2020-12-17 2024-07-18 45466083+shainw@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/AzureActivity/Creating_Anomalous_Number_Of_Resources.yaml 3 117 2075 457 175 91 2019-09-01 2024-02-05 shainw@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/AzureActivity/Granting_Permissions_to_Account.yaml 3 107 2075 457 146 85 2019-09-01 2024-02-05 shainw@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/AzureActivity/AzureNSG_AdministrativeOperations.yaml 3 81 1749 457 114 70 2020-07-23 2024-02-05 ashwinpatil@outlook.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/AzureActivity/AzureAdministrationFromVPS.yaml 3 97 1535 457 133 80 2021-02-22 2024-02-05 62295189+thmcelro@users.noreply.github.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/AzureActivity/AzureSentinelConnectors_AdministrativeOperations.yaml 3 103 1749 457 150 86 2020-07-23 2024-02-05 ashwinpatil@outlook.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/AzureActivity/Common_Deployed_Resources.yaml 3 113 2075 457 163 89 2019-09-01 2024-02-05 shainw@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/AzureActivity/AnalyticsRulesAdministrativeOperations.yaml 3 94 1749 457 137 82 2020-07-23 2024-02-05 ashwinpatil@outlook.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/AzureActivity/AzureVirtualNetworkSubnets_AdministrativeOperationset.yaml 2 98 1749 457 138 84 2020-07-23 2024-02-05 ashwinpatil@outlook.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/AzureActivity/AzureRunCommandFromAzureIP.yaml 3 82 1290 457 127 70 2021-10-25 2024-02-05 peter.bryan@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/AzureActivity/AzureSentinelWorkbooks_AdministrativeOperation.yaml 3 94 1749 457 136 82 2020-07-23 2024-02-05 ashwinpatil@outlook.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/AzureActivity/AnomalousAzureOperationModel.yaml 3 69 1262 457 106 64 2021-11-22 2024-02-05 45466083+shainw@users.noreply.github.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/AzureActivity/PortOpenedForAzureResource.yaml 3 102 2017 457 143 84 2019-10-29 2024-02-05 shainw@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/OfficeActivity/MultipleTeamsDeletes.yaml 4 97 1538 457 125 78 2021-02-19 2024-02-05 shainw@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/OfficeActivity/ExternalUserFromNewOrgAddedToTeams.yaml 4 83 1538 457 105 68 2021-02-19 2024-02-05 shainw@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/OfficeActivity/MultipleUsersEmailForwardedToSameDestination.yaml 4 29 779 293 42 33 2023-03-20 2024-07-18 v-rbajaj@microsoft.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/OfficeActivity/New_WindowsReservedFileNamesOnOfficeFileServices.yaml 4 90 1896 457 113 73 2020-02-27 2024-02-05 shainw@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/OfficeActivity/powershell_or_nonbrowser_MailboxLogin.yaml 4 91 2073 457 116 76 2019-09-03 2024-02-05 shainw@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/OfficeActivity/NewBotAddedToTeams.yaml 3 93 1538 457 120 78 2021-02-19 2024-02-05 shainw@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/OfficeActivity/sharepoint_downloads.yaml 4 89 2073 457 112 71 2019-09-03 2024-02-05 shainw@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/OfficeActivity/MultiTeamBot.yaml 4 97 1538 457 125 78 2021-02-19 2024-02-05 shainw@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/OfficeActivity/double_file_ext_exes.yaml 4 100 1792 457 129 84 2020-06-10 2024-02-05 peter.bryan@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/OfficeActivity/ExternalUserAddedRemovedInTeams_HuntVersion.yaml 4 86 1538 457 111 73 2021-02-19 2024-02-05 shainw@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/OfficeActivity/nonowner_MailboxLogin.yaml 4 103 2073 457 138 82 2019-09-03 2024-02-05 shainw@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/OfficeActivity/new_sharepoint_downloads_by_IP.yaml 4 100 2073 457 125 80 2019-09-03 2024-02-05 shainw@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/OfficeActivity/new_sharepoint_downloads_by_UserAgent.yaml 4 108 2073 457 138 84 2019-09-03 2024-02-05 shainw@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/OfficeActivity/UserAddToTeamsAndUploadsFile.yaml 4 86 1538 457 111 73 2021-02-19 2024-02-05 shainw@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/OfficeActivity/new_adminaccountactivity.yaml 4 86 2073 457 108 69 2019-09-03 2024-02-05 shainw@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/OfficeActivity/Mail_redirect_via_ExO_transport_rule_hunting.yaml 4 111 1827 457 161 94 2020-05-06 2024-02-05 37285853+duzlov@users.noreply.github.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/OfficeActivity/WindowsReservedFileNamesOnOfficeFileServices.yaml 4 93 1896 457 119 78 2020-02-27 2024-02-05 shainw@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/OfficeActivity/OfficeMailForwarding_hunting.yaml 4 109 2073 457 155 92 2019-09-03 2024-02-05 shainw@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/OfficeActivity/MultiTeamOwner.yaml 4 90 1553 457 110 72 2021-02-04 2024-02-05 shainw@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/OfficeActivity/AnomolousUserAccessingOtherUsersMailbox.yaml 4 102 1599 457 140 77 2020-12-20 2024-02-05 45466083+shainw@users.noreply.github.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/OfficeActivity/TeamsFilesUploaded.yaml 4 83 1793 457 102 68 2020-06-09 2024-02-05 62295189+thmcelro@users.noreply.github.com 86425481+seanmacdonald8@users.noreply.github.com Hunting Queries/SecurityAlert/WebShellFileAlertEnrich.yaml 45 70 1821 576 98 64 2020-05-12 2023-10-09 62295189+thmcelro@users.noreply.github.com mrudula.oruganti@gigamon.com Hunting Queries/SecurityAlert/AlertsWithFile.yaml 42 39 2073 293 52 40 2019-09-03 2024-07-18 shainw@microsoft.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/SecurityAlert/WebShellCommandAlertEnrich.yaml 81 61 1821 576 75 55 2020-05-12 2023-10-09 62295189+thmcelro@users.noreply.github.com mrudula.oruganti@gigamon.com Hunting Queries/SecurityAlert/AlertsForIP.yaml 48 60 2073 576 75 54 2019-09-03 2023-10-09 shainw@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/SecurityAlert/AlertsWithProcess.yaml 41 32 2073 576 39 27 2019-09-03 2023-10-09 shainw@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/SecurityAlert/AlertsForUser.yaml 37 32 2073 576 39 27 2019-09-03 2023-10-09 shainw@microsoft.com mrudula.oruganti@gigamon.com Hunting Queries/SecurityAlert/AlertsOnHost.yaml 44 52 2073 293 66 52 2019-09-03 2024-07-18 shainw@microsoft.com 164491672+shishirdw@users.noreply.github.com Hunting Queries/DeviceProcess/VScodeExtensionofanUser.yaml 45 18 181 58 25 12 2024-11-07 2025-03-10 52849781+anish833@users.noreply.github.com idoshabi@microsoft.com Summary rules/WebSession/PaloAltoPANOSWebSessionIPSummary.yaml 28 11 55 13 16 13 2025-03-13 2025-04-24 v-atulyadav@microsoft.com v-prasadboke@microsoft.com Summary rules/WebSession/FortinetFortigateWebSessionIPSummary.yaml 27 11 55 13 16 13 2025-03-13 2025-04-24 v-atulyadav@microsoft.com v-prasadboke@microsoft.com Summary rules/WebSession/ZscalarWebSessionIPSummary.yaml 26 11 55 13 16 13 2025-03-13 2025-04-24 v-atulyadav@microsoft.com v-prasadboke@microsoft.com Summary rules/Network/PaloAltoPANOSNetworkSessionIPSummary.yaml 25 11 55 13 16 13 2025-03-13 2025-04-24 v-atulyadav@microsoft.com v-prasadboke@microsoft.com Summary rules/Network/ZscalarNetworkSessionIPSummary.yaml 26 11 55 13 16 13 2025-03-13 2025-04-24 v-atulyadav@microsoft.com v-prasadboke@microsoft.com Summary rules/Network/FortinetFortigateNetworkSessionIPSummary.yaml 27 11 55 13 16 13 2025-03-13 2025-04-24 v-atulyadav@microsoft.com v-prasadboke@microsoft.com Summary rules/DNS/ZscalarDNSEventsIPSummary.yaml 27 11 55 13 16 13 2025-03-13 2025-04-24 v-atulyadav@microsoft.com v-prasadboke@microsoft.com Parsers/ASimDhcpEvent/Parsers/ASimDhcpEventNative.yaml 48 20 421 268 31 23 2024-03-12 2024-08-12 97222872+vakohl@users.noreply.github.com 62938807+haim-na@users.noreply.github.com Parsers/ASimDhcpEvent/Parsers/vimDhcpEventInfobloxBloxOne.yaml 175 29 286 58 31 12 2024-07-25 2025-03-10 nipun.brahmbhatt@crestdatasys.com idoshabi@microsoft.com Parsers/ASimDhcpEvent/Parsers/vimDhcpEventNative.yaml 86 20 421 268 33 23 2024-03-12 2024-08-12 97222872+vakohl@users.noreply.github.com 62938807+haim-na@users.noreply.github.com Parsers/ASimDhcpEvent/Parsers/ASimDhcpEvent.yaml 36 47 421 58 61 32 2024-03-12 2025-03-10 97222872+vakohl@users.noreply.github.com idoshabi@microsoft.com Parsers/ASimDhcpEvent/Parsers/ASimDhcpEventInfobloxBloxOne.yaml 135 29 286 58 31 12 2024-07-25 2025-03-10 nipun.brahmbhatt@crestdatasys.com idoshabi@microsoft.com Parsers/ASimDhcpEvent/Parsers/imDhcpEvent.yaml 65 46 421 58 60 32 2024-03-12 2025-03-10 97222872+vakohl@users.noreply.github.com idoshabi@microsoft.com Parsers/ASimDhcpEvent/Parsers/vimDhcpEventEmpty.yaml 132 20 421 268 33 23 2024-03-12 2024-08-12 97222872+vakohl@users.noreply.github.com 62938807+haim-na@users.noreply.github.com Parsers/ASimRegistryEvent/Parsers/ASimRegistryEventNative.yaml 47 27 532 293 57 28 2023-11-22 2024-07-18 97222872+vakohl@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Parsers/ASimRegistryEvent/Parsers/ASimRegistryEventMicrosoftSysmon.yaml 141 39 572 106 82 34 2023-10-13 2025-01-21 97222872+vakohl@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Parsers/ASimRegistryEvent/Parsers/ASimRegistryEventMicrosoftWindowsEvent.yaml 40 40 573 106 84 34 2023-10-12 2025-01-21 97222872+vakohl@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Parsers/ASimRegistryEvent/Parsers/ASimRegistryEventMicrosoftSecurityEvent.yaml 50 13 342 106 22 14 2024-05-30 2025-01-21 balekhya@microsoft.com 128674128+v1managedservices@users.noreply.github.com Parsers/ASimRegistryEvent/Parsers/vimRegistryEventMicrosoftWindowsEvent.yaml 176 103 1145 106 173 82 2022-03-19 2025-01-21 92377750+yaronmsft@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Parsers/ASimRegistryEvent/Parsers/ASimRegistryEventVMwareCarbonBlackCloud.yaml 86 34 573 293 73 28 2023-10-12 2024-07-18 jayesh.prajapati@cdsys.local 164491672+shishirdw@users.noreply.github.com Parsers/ASimRegistryEvent/Parsers/vimRegistryEventEmpty.yaml 117 60 1145 268 116 53 2022-03-19 2024-08-12 92377750+yaronmsft@users.noreply.github.com 62938807+haim-na@users.noreply.github.com Parsers/ASimRegistryEvent/Parsers/vimRegistryEventVMwareCarbonBlackCloud.yaml 127 37 635 293 76 28 2023-08-11 2024-07-18 jayesh.prajapati@cdsys.local 164491672+shishirdw@users.noreply.github.com Parsers/ASimRegistryEvent/Parsers/vimRegistryEventMicrosoftSysmonWindowsEvent.yaml 160 15 338 106 25 13 2024-06-03 2025-01-21 balekhya@microsoft.com 128674128+v1managedservices@users.noreply.github.com Parsers/ASimRegistryEvent/Parsers/ASimRegistryEventSentinelOne.yaml 117 29 595 293 55 24 2023-09-20 2024-07-18 jayesh.prajapati@cdsys.local 164491672+shishirdw@users.noreply.github.com Parsers/ASimRegistryEvent/Parsers/vimRegistryEventSentinelOne.yaml 160 52 646 293 110 37 2023-07-31 2024-07-18 jayesh.prajapati@cdsys.local 164491672+shishirdw@users.noreply.github.com Parsers/ASimRegistryEvent/Parsers/ASimRegistryEventMicrosoft365D.yaml 108 26 575 293 58 25 2023-10-10 2024-07-18 97222872+vakohl@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Parsers/ASimRegistryEvent/Parsers/vimRegistryEventMicrosoftSysmon.yaml 173 74 1145 106 126 63 2022-03-19 2025-01-21 92377750+yaronmsft@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Parsers/ASimRegistryEvent/Parsers/vimRegistryEventMicrosoft365D.yaml 158 43 1145 293 77 37 2022-03-19 2024-07-18 92377750+yaronmsft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Parsers/ASimRegistryEvent/Parsers/vimRegistryEventMicrosoftSecurityEvent.yaml 172 25 1145 106 37 28 2022-03-19 2025-01-21 92377750+yaronmsft@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Parsers/ASimRegistryEvent/Parsers/imRegistryEvent.yaml 88 10 293 106 24 15 2024-07-18 2025-01-21 balekhya@microsoft.com 128674128+v1managedservices@users.noreply.github.com Parsers/ASimRegistryEvent/Parsers/vimRegistryEventNative.yaml 99 27 532 293 57 28 2023-11-22 2024-07-18 97222872+vakohl@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Parsers/ASimRegistryEvent/Parsers/vimRegistryEventTrendMicroVisionOne.yaml 100 31 646 293 49 24 2023-07-31 2024-07-18 jayesh.prajapati@cdsys.local 164491672+shishirdw@users.noreply.github.com Parsers/ASimRegistryEvent/Parsers/ASimRegistryEvent.yaml 50 11 293 106 26 15 2024-07-18 2025-01-21 balekhya@microsoft.com 128674128+v1managedservices@users.noreply.github.com Parsers/ASimRegistryEvent/Parsers/ASimRegistryEventTrendMicroVisionOne.yaml 72 29 582 293 47 24 2023-10-03 2024-07-18 jayesh.prajapati@cdsys.local 164491672+shishirdw@users.noreply.github.com Parsers/ASimRegistryEvent/Parsers/ASimRegistryEventMicrosoftSysmonWindowsEvent.yaml 111 16 328 106 27 13 2024-06-13 2025-01-21 balekhya@microsoft.com 128674128+v1managedservices@users.noreply.github.com Parsers/PAN_Parser.csl 78 63 1799 576 86 47 2020-06-03 2023-10-09 joe.stahl@gmail.com mrudula.oruganti@gigamon.com Parsers/ASimUserManagement/Parsers/vimUserManagementMicrosoftWindowsEvent.yaml 243 12 342 106 35 13 2024-05-30 2025-01-21 balekhya@microsoft.com 128674128+v1managedservices@users.noreply.github.com Parsers/ASimUserManagement/Parsers/ASimUserManagementMicrosoftWindowsEvent.yaml 161 13 342 106 33 13 2024-05-30 2025-01-21 balekhya@microsoft.com 128674128+v1managedservices@users.noreply.github.com Parsers/ASimUserManagement/Parsers/ASimUserManagementNative.yaml 52 20 426 268 34 22 2024-03-07 2024-08-12 97222872+vakohl@users.noreply.github.com 62938807+haim-na@users.noreply.github.com Parsers/ASimUserManagement/Parsers/vimUserManagementMicrosoftSecurityEvent.yaml 257 64 659 106 141 45 2023-07-18 2025-01-21 gianni@kustoking.com 128674128+v1managedservices@users.noreply.github.com Parsers/ASimUserManagement/Parsers/vimUserManagementSentinelOne.yaml 221 51 617 268 93 36 2023-08-29 2024-08-12 jayesh.prajapati@cdsys.local 62938807+haim-na@users.noreply.github.com Parsers/ASimUserManagement/Parsers/ASimUserManagementSentinelOne.yaml 178 52 647 268 95 36 2023-07-30 2024-08-12 jayesh.prajapati@cdsys.local 62938807+haim-na@users.noreply.github.com Parsers/ASimUserManagement/Parsers/ASimUserManagementLinuxAuthpriv.yaml 318 48 580 268 89 35 2023-10-05 2024-08-12 gianni@kustoking.com 62938807+haim-na@users.noreply.github.com Parsers/ASimUserManagement/Parsers/imUserManagement.yaml 81 80 640 106 202 50 2023-08-06 2025-01-21 gianni@kustoking.com 128674128+v1managedservices@users.noreply.github.com Parsers/ASimUserManagement/Parsers/ASimUserManagementMicrosoftSecurityEvent.yaml 205 46 659 106 108 34 2023-07-18 2025-01-21 gianni@kustoking.com 128674128+v1managedservices@users.noreply.github.com Parsers/ASimUserManagement/Parsers/ASimUserManagementCiscoISE.yaml 130 52 678 268 95 46 2023-06-29 2024-08-12 sp@socprime.com 62938807+haim-na@users.noreply.github.com Parsers/ASimUserManagement/Parsers/vimUserManagementEmpty.yaml 146 71 659 268 150 48 2023-07-18 2024-08-12 gianni@kustoking.com 62938807+haim-na@users.noreply.github.com Parsers/ASimUserManagement/Parsers/vimUserManagementNative.yaml 90 20 426 268 34 22 2024-03-07 2024-08-12 97222872+vakohl@users.noreply.github.com 62938807+haim-na@users.noreply.github.com Parsers/ASimUserManagement/Parsers/vimUserManagementLinuxAuthpriv.yaml 411 48 580 268 90 35 2023-10-05 2024-08-12 gianni@kustoking.com 62938807+haim-na@users.noreply.github.com Parsers/ASimUserManagement/Parsers/ASimUserManagement.yaml 51 75 659 106 173 47 2023-07-18 2025-01-21 gianni@kustoking.com 128674128+v1managedservices@users.noreply.github.com Parsers/ASimUserManagement/Parsers/vimUserManagementCiscoISE.yaml 173 57 678 268 110 50 2023-06-29 2024-08-12 sp@socprime.com 62938807+haim-na@users.noreply.github.com Parsers/Epic_Parser.csl 91 40 1800 576 54 29 2020-06-02 2023-10-09 joe.stahl@gmail.com mrudula.oruganti@gigamon.com Parsers/ASimAuthentication/Parsers/ASimAuthenticationBarracudaWAF.yaml 215 46 685 107 79 35 2023-06-22 2025-01-20 jayesh.prajapati@cdsys.local v-amolpatil@microsoft.com Parsers/ASimAuthentication/Parsers/vimAuthenticationPaloAltoCortexDataLake.yaml 253 42 586 261 68 31 2023-09-29 2024-08-19 nirali.shah@crestdatasys.com v-prasadboke@microsoft.com Parsers/ASimAuthentication/Parsers/vimAuthenticationOktaV2.yaml 279 12 352 106 33 13 2024-05-20 2025-01-21 balekhya@microsoft.com 128674128+v1managedservices@users.noreply.github.com Parsers/ASimAuthentication/Parsers/ASimAuthenticationCrowdStrikeFalconHost.yaml 109 24 600 293 44 25 2023-09-15 2024-07-18 nirali.shah@crestdatasys.com 164491672+shishirdw@users.noreply.github.com Parsers/ASimAuthentication/Parsers/vimAuthenticationCiscoMeraki.yaml 224 75 692 106 131 51 2023-06-15 2025-01-21 jayesh.prajapati@cdsys.local 128674128+v1managedservices@users.noreply.github.com Parsers/ASimAuthentication/Parsers/ASimAuthenticationPostgreSQL.yaml 187 92 1059 261 174 60 2022-06-13 2024-08-19 github@shezaf.com v-prasadboke@microsoft.com Parsers/ASimAuthentication/Parsers/vimAuthenticationEmpty.yaml 153 116 1059 268 193 76 2022-06-13 2024-08-12 github@shezaf.com 62938807+haim-na@users.noreply.github.com Parsers/ASimAuthentication/Parsers/vimAuthenticationOktaOSS.yaml 189 155 1059 106 298 95 2022-06-13 2025-01-21 github@shezaf.com 128674128+v1managedservices@users.noreply.github.com Parsers/ASimAuthentication/Parsers/ASimAuthenticationSudo.yaml 119 71 844 293 117 53 2023-01-14 2024-07-18 juju4@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Parsers/ASimAuthentication/Parsers/ASimAuthenticationOktaOSS.yaml 113 160 1059 106 299 101 2022-06-13 2025-01-21 github@shezaf.com 128674128+v1managedservices@users.noreply.github.com Parsers/ASimAuthentication/Parsers/vimAuthenticationCrowdStrikeFalconHost.yaml 182 40 600 261 71 33 2023-09-15 2024-08-19 nirali.shah@crestdatasys.com v-prasadboke@microsoft.com Parsers/ASimAuthentication/Parsers/ASimAuthenticationMicrosoftWindowsEvent.yaml 214 141 1059 58 260 87 2022-06-13 2025-03-10 github@shezaf.com idoshabi@microsoft.com Parsers/ASimAuthentication/Parsers/ASimAuthenticationCiscoASA.yaml 226 31 671 293 58 29 2023-07-06 2024-07-18 gianni@kustoking.com 164491672+shishirdw@users.noreply.github.com Parsers/ASimAuthentication/Parsers/vimAuthenticationNative.yaml 105 20 148 57 39 11 2024-12-10 2025-03-11 balekhya@microsoft.com v-atulyadav@microsoft.com Parsers/ASimAuthentication/Parsers/vimAuthenticationAADNonInteractive.yaml 194 117 1059 268 210 80 2022-06-13 2024-08-12 github@shezaf.com 62938807+haim-na@users.noreply.github.com Parsers/ASimAuthentication/Parsers/vimAuthenticationSudo.yaml 258 20 392 261 30 19 2024-04-10 2024-08-19 97222872+vakohl@users.noreply.github.com v-prasadboke@microsoft.com Parsers/ASimAuthentication/Parsers/imAuthentication.yaml 115 249 1059 57 500 115 2022-06-13 2025-03-11 github@shezaf.com v-atulyadav@microsoft.com Parsers/ASimAuthentication/Parsers/ASimAuthenticationCiscoMeraki.yaml 146 64 692 106 111 48 2023-06-15 2025-01-21 jayesh.prajapati@cdsys.local 128674128+v1managedservices@users.noreply.github.com Parsers/ASimAuthentication/Parsers/ASimAuthenticationCiscoISE.yaml 257 51 674 293 113 41 2023-07-03 2024-07-18 sp@socprime.com 164491672+shishirdw@users.noreply.github.com Parsers/ASimAuthentication/Parsers/ASimAuthenticationOktaV2.yaml 165 13 352 106 36 13 2024-05-20 2025-01-21 balekhya@microsoft.com 128674128+v1managedservices@users.noreply.github.com Parsers/ASimAuthentication/Parsers/vimAuthenticationCiscoISE.yaml 352 68 674 261 141 49 2023-07-03 2024-08-19 sp@socprime.com v-prasadboke@microsoft.com Parsers/ASimAuthentication/Parsers/vimAuthenticationVectraXDRAudit.yaml 136 59 671 261 91 43 2023-07-06 2024-08-19 dhruvil.bhatt@crestdatasys.com v-prasadboke@microsoft.com Parsers/ASimAuthentication/Parsers/vimAuthenticationAADSigninLogs.yaml 203 117 1059 268 211 80 2022-06-13 2024-08-12 github@shezaf.com 62938807+haim-na@users.noreply.github.com Parsers/ASimAuthentication/Parsers/ASimAuthenticationSalesforceSC.yaml 347 38 964 268 58 26 2022-09-16 2024-08-12 rushriva@microsoft.com 62938807+haim-na@users.noreply.github.com Parsers/ASimAuthentication/Parsers/vimAuthenticationPostgreSQL.yaml 494 127 1059 261 223 79 2022-06-13 2024-08-19 github@shezaf.com v-prasadboke@microsoft.com Parsers/ASimAuthentication/Parsers/ASimAuthenticationAADManagedIdentity.yaml 98 129 1059 268 213 84 2022-06-13 2024-08-12 github@shezaf.com 62938807+haim-na@users.noreply.github.com Parsers/ASimAuthentication/Parsers/vimAuthenticationAADServicePrincipalSignInLogs.yaml 260 121 1059 268 207 78 2022-06-13 2024-08-12 github@shezaf.com 62938807+haim-na@users.noreply.github.com Parsers/ASimAuthentication/Parsers/vimAuthenticationIllumioSaaSCore.yaml 147 24 215 58 33 9 2024-10-04 2025-03-10 ashwin.venkatesha@illumio.com idoshabi@microsoft.com Parsers/ASimAuthentication/Parsers/ASimAuthenticationM365Defender.yaml 186 118 1059 293 192 84 2022-06-13 2024-07-18 github@shezaf.com 164491672+shishirdw@users.noreply.github.com Parsers/ASimAuthentication/Parsers/vimAuthenticationVMwareCarbonBlackCloud.yaml 155 47 625 261 72 33 2023-08-21 2024-08-19 jayesh.prajapati@cdsys.local v-prasadboke@microsoft.com Parsers/ASimAuthentication/Parsers/ASimAuthenticationSentinelOne.yaml 227 50 648 261 91 31 2023-07-29 2024-08-19 jayesh.prajapati@cdsys.local v-prasadboke@microsoft.com Parsers/ASimAuthentication/Parsers/ASimAuthenticationIllumioSaaSCore.yaml 87 23 215 58 30 9 2024-10-04 2025-03-10 ashwin.venkatesha@illumio.com idoshabi@microsoft.com Parsers/ASimAuthentication/Parsers/ASimAuthenticationAWSCloudTrail.yaml 112 103 1059 293 185 75 2022-06-13 2024-07-18 github@shezaf.com 164491672+shishirdw@users.noreply.github.com Parsers/ASimAuthentication/Parsers/ASimAuthenticationVMwareCarbonBlackCloud.yaml 81 28 625 293 42 23 2023-08-21 2024-07-18 jayesh.prajapati@cdsys.local 164491672+shishirdw@users.noreply.github.com Parsers/ASimAuthentication/Parsers/vimAuthenticationSalesforceSC.yaml 446 43 663 268 68 29 2023-07-14 2024-08-12 97222872+vakohl@users.noreply.github.com 62938807+haim-na@users.noreply.github.com Parsers/ASimAuthentication/Parsers/ASimAuthenticationAADServicePrincipalSignInLogs.yaml 133 127 1059 268 212 84 2022-06-13 2024-08-12 github@shezaf.com 62938807+haim-na@users.noreply.github.com Parsers/ASimAuthentication/Parsers/vimAuthenticationCiscoMerakiSyslog.yaml 232 11 334 106 24 14 2024-06-07 2025-01-21 balekhya@microsoft.com 128674128+v1managedservices@users.noreply.github.com Parsers/ASimAuthentication/Parsers/vimAuthenticationAADManagedIdentity.yaml 188 122 1059 268 208 78 2022-06-13 2024-08-12 github@shezaf.com 62938807+haim-na@users.noreply.github.com Parsers/ASimAuthentication/Parsers/vimAuthenticationGoogleWorkspace.yaml 235 37 505 268 57 28 2023-12-19 2024-08-12 97222872+vakohl@users.noreply.github.com 62938807+haim-na@users.noreply.github.com Parsers/ASimAuthentication/Parsers/vimAuthenticationSu.yaml 222 68 829 268 109 47 2023-01-29 2024-08-12 github@shezaf.com 62938807+haim-na@users.noreply.github.com Parsers/ASimAuthentication/Parsers/ASimAuthenticationSu.yaml 110 90 844 268 147 63 2023-01-14 2024-08-12 juju4@users.noreply.github.com 62938807+haim-na@users.noreply.github.com Parsers/ASimAuthentication/Parsers/ASimAuthenticationPaloAltoCortexDataLake.yaml 172 29 586 268 44 24 2023-09-29 2024-08-12 nirali.shah@crestdatasys.com 62938807+haim-na@users.noreply.github.com Parsers/ASimAuthentication/Parsers/vimAuthenticationMicrosoftWindowsEvent.yaml 396 144 1059 58 252 86 2022-06-13 2025-03-10 github@shezaf.com idoshabi@microsoft.com Parsers/ASimAuthentication/Parsers/ASimAuthenticationGoogleWorkspace.yaml 153 27 505 268 40 25 2023-12-19 2024-08-12 97222872+vakohl@users.noreply.github.com 62938807+haim-na@users.noreply.github.com Parsers/ASimAuthentication/Parsers/vimAuthenticationSshd.yaml 337 94 829 261 163 59 2023-01-29 2024-08-19 github@shezaf.com v-prasadboke@microsoft.com Parsers/ASimAuthentication/Parsers/ASimAuthenticationAADNonInteractive.yaml 103 134 1059 268 238 94 2022-06-13 2024-08-12 github@shezaf.com 62938807+haim-na@users.noreply.github.com Parsers/ASimAuthentication/Parsers/ASimAuthenticationVectraXDRAudit.yaml 54 40 671 293 60 33 2023-07-06 2024-07-18 dhruvil.bhatt@crestdatasys.com 164491672+shishirdw@users.noreply.github.com Parsers/ASimAuthentication/Parsers/ASimAuthenticationCiscoMerakiSyslog.yaml 155 12 334 106 25 14 2024-06-07 2025-01-21 balekhya@microsoft.com 128674128+v1managedservices@users.noreply.github.com Parsers/ASimAuthentication/Parsers/vimAuthenticationCiscoASA.yaml 351 67 671 261 133 46 2023-07-06 2024-08-19 gianni@kustoking.com v-prasadboke@microsoft.com Parsers/ASimAuthentication/Parsers/vimAuthenticationSentinelOne.yaml 323 53 648 261 94 31 2023-07-29 2024-08-19 jayesh.prajapati@cdsys.local v-prasadboke@microsoft.com Parsers/ASimAuthentication/Parsers/ASimAuthenticationAADSigninLogs.yaml 111 134 1059 268 239 94 2022-06-13 2024-08-12 github@shezaf.com 62938807+haim-na@users.noreply.github.com Parsers/ASimAuthentication/Parsers/ASimAuthenticationMicrosoftMD4IoT.yaml 63 62 1059 293 105 49 2022-06-13 2024-07-18 github@shezaf.com 164491672+shishirdw@users.noreply.github.com Parsers/ASimAuthentication/Parsers/vimAuthenticationBarracudaWAF.yaml 315 65 685 107 109 45 2023-06-22 2025-01-20 jayesh.prajapati@cdsys.local v-amolpatil@microsoft.com Parsers/ASimAuthentication/Parsers/ASimAuthentication.yaml 86 252 1059 57 512 124 2022-06-13 2025-03-11 github@shezaf.com v-atulyadav@microsoft.com Parsers/ASimAuthentication/Parsers/ASimAuthenticationNative.yaml 43 18 148 57 29 10 2024-12-10 2025-03-11 balekhya@microsoft.com v-atulyadav@microsoft.com Parsers/ASimAuthentication/Parsers/vimAuthenticationMicrosoftMD4IoT.yaml 144 76 1059 261 132 51 2022-06-13 2024-08-19 github@shezaf.com v-prasadboke@microsoft.com Parsers/ASimAuthentication/Parsers/ASimAuthenticationSshd.yaml 210 69 844 293 133 48 2023-01-14 2024-07-18 juju4@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Parsers/ASimAuthentication/Parsers/vimAuthenticationAWSCloudTrail.yaml 223 119 1059 261 214 79 2022-06-13 2024-08-19 github@shezaf.com v-prasadboke@microsoft.com Parsers/ASimAuthentication/Parsers/vimAuthenticationM365Defender.yaml 386 132 1059 268 214 86 2022-06-13 2024-08-12 github@shezaf.com 62938807+haim-na@users.noreply.github.com Parsers/ASimFileEvent/Parsers/ASimFileEventMicrosoft365D.yaml 130 26 559 293 57 26 2023-10-26 2024-07-18 97222872+vakohl@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Parsers/ASimFileEvent/Parsers/vimFileEventLinuxSysmonFileCreated.yaml 151 52 947 293 91 44 2022-10-03 2024-07-18 github@shezaf.com 164491672+shishirdw@users.noreply.github.com Parsers/ASimFileEvent/Parsers/ASimFileEventLinuxSysmonFileCreated.yaml 72 26 537 293 57 26 2023-11-17 2024-07-18 97222872+vakohl@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Parsers/ASimFileEvent/Parsers/ASimFileEventAzureQueueStorage.yaml 94 27 551 293 58 26 2023-11-03 2024-07-18 97222872+vakohl@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Parsers/ASimFileEvent/Parsers/vimFileEventM365D.yaml 207 109 947 293 196 77 2022-10-03 2024-07-18 github@shezaf.com 164491672+shishirdw@users.noreply.github.com Parsers/ASimFileEvent/Parsers/vimFileEventNative.yaml 111 67 853 293 116 57 2023-01-05 2024-07-18 39997089+oshezaf@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Parsers/ASimFileEvent/Parsers/vimFileEventMicrosoftSysmon.yaml 178 68 855 106 128 51 2023-01-03 2025-01-21 39997089+oshezaf@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Parsers/ASimFileEvent/Parsers/vimFileEventEmpty.yaml 161 99 862 268 180 63 2022-12-27 2024-08-12 v-sabiraj@microsoft.com 62938807+haim-na@users.noreply.github.com Parsers/ASimFileEvent/Parsers/ASimFileEventLinuxSysmonFileDeleted.yaml 94 26 537 293 57 26 2023-11-17 2024-07-18 97222872+vakohl@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Parsers/ASimFileEvent/Parsers/ASimFileEvent.yaml 64 92 595 106 213 58 2023-09-20 2025-01-21 jayesh.prajapati@cdsys.local 128674128+v1managedservices@users.noreply.github.com Parsers/ASimFileEvent/Parsers/vimFileEventMicrosoftSharePoint.yaml 232 86 947 293 158 58 2022-10-03 2024-07-18 github@shezaf.com 164491672+shishirdw@users.noreply.github.com Parsers/ASimFileEvent/Parsers/vimFileEventAzureFileStorage.yaml 152 54 947 293 92 44 2022-10-03 2024-07-18 github@shezaf.com 164491672+shishirdw@users.noreply.github.com Parsers/ASimFileEvent/Parsers/ASimFileEventSentinelOne.yaml 125 49 595 293 106 38 2023-09-20 2024-07-18 jayesh.prajapati@cdsys.local 164491672+shishirdw@users.noreply.github.com Parsers/ASimFileEvent/Parsers/ASimFileEventNative.yaml 53 29 533 293 74 30 2023-11-21 2024-07-18 anknar@microsoft.com 164491672+shishirdw@users.noreply.github.com Parsers/ASimFileEvent/Parsers/ASimFileEventAzureFileStorage.yaml 69 27 553 293 58 26 2023-11-01 2024-07-18 97222872+vakohl@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Parsers/ASimFileEvent/Parsers/vimFileEventMicrosoftWindowsEvents.yaml 190 67 881 106 123 52 2022-12-08 2025-01-21 github@shezaf.com 128674128+v1managedservices@users.noreply.github.com Parsers/ASimFileEvent/Parsers/vimFileEventGoogleWorkspace.yaml 343 26 504 268 46 25 2023-12-20 2024-08-12 97222872+vakohl@users.noreply.github.com 62938807+haim-na@users.noreply.github.com Parsers/ASimFileEvent/Parsers/ASimFileEventMicrosoftSharePoint.yaml 147 26 552 293 57 26 2023-11-02 2024-07-18 97222872+vakohl@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Parsers/ASimFileEvent/Parsers/ASimFileEventGoogleWorkspace.yaml 285 26 504 268 44 25 2023-12-20 2024-08-12 97222872+vakohl@users.noreply.github.com 62938807+haim-na@users.noreply.github.com Parsers/ASimFileEvent/Parsers/vimFileEventAzureBlobStorage.yaml 144 53 947 293 91 44 2022-10-03 2024-07-18 github@shezaf.com 164491672+shishirdw@users.noreply.github.com Parsers/ASimFileEvent/Parsers/ASimFileEventVMwareCarbonBlackCloud.yaml 154 32 573 293 64 26 2023-10-12 2024-07-18 jayesh.prajapati@cdsys.local 164491672+shishirdw@users.noreply.github.com Parsers/ASimFileEvent/Parsers/vimFileEventSentinelOne.yaml 172 51 647 293 108 38 2023-07-30 2024-07-18 jayesh.prajapati@cdsys.local 164491672+shishirdw@users.noreply.github.com Parsers/ASimFileEvent/Parsers/vimFileEventMicrosoftSecurityEvents.yaml 184 14 336 106 33 13 2024-06-05 2025-01-21 balekhya@microsoft.com 128674128+v1managedservices@users.noreply.github.com Parsers/ASimFileEvent/Parsers/imFileEvent.yaml 109 143 947 106 287 84 2022-10-03 2025-01-21 github@shezaf.com 128674128+v1managedservices@users.noreply.github.com Parsers/ASimFileEvent/Parsers/ASimFileEventAzureTableStorage.yaml 69 26 551 293 57 26 2023-11-03 2024-07-18 97222872+vakohl@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Parsers/ASimFileEvent/Parsers/vimFileEventAzureQueueStorage.yaml 153 54 947 293 92 44 2022-10-03 2024-07-18 github@shezaf.com 164491672+shishirdw@users.noreply.github.com Parsers/ASimFileEvent/Parsers/vimFileEventAzureTableStorage.yaml 156 53 947 293 91 44 2022-10-03 2024-07-18 github@shezaf.com 164491672+shishirdw@users.noreply.github.com Parsers/ASimFileEvent/Parsers/vimFileEventMicrosoftSysmonWindowsEvent.yaml 169 13 335 106 31 13 2024-06-06 2025-01-21 balekhya@microsoft.com 128674128+v1managedservices@users.noreply.github.com Parsers/ASimFileEvent/Parsers/ASimFileEventAzureBlobStorage.yaml 85 26 551 293 58 26 2023-11-03 2024-07-18 97222872+vakohl@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Parsers/ASimFileEvent/Parsers/ASimFileEventMicrosoftWindowsEvents.yaml 91 42 554 106 92 34 2023-10-31 2025-01-21 97222872+vakohl@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Parsers/ASimFileEvent/Parsers/ASimFileEventMicrosoftSysmonWindowsEvent.yaml 96 14 335 106 32 13 2024-06-06 2025-01-21 balekhya@microsoft.com 128674128+v1managedservices@users.noreply.github.com Parsers/ASimFileEvent/Parsers/vimFileEventLinuxSysmonFileDeleted.yaml 154 52 947 293 92 44 2022-10-03 2024-07-18 github@shezaf.com 164491672+shishirdw@users.noreply.github.com Parsers/ASimFileEvent/Parsers/ASimFileEventMicrosoftSecurityEvents.yaml 81 9 281 106 25 13 2024-07-30 2025-01-21 97222872+vakohl@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Parsers/ASimFileEvent/Parsers/ASimFileEventMicrosoftSysmon.yaml 104 39 540 106 88 34 2023-11-14 2025-01-21 97222872+vakohl@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Parsers/ASimFileEvent/Parsers/vimFileEventVMwareCarbonBlackCloud.yaml 211 34 615 293 66 26 2023-08-31 2024-07-18 jayesh.prajapati@cdsys.local 164491672+shishirdw@users.noreply.github.com Parsers/ASimDns/Parsers/vimDnsZscalerZIA.yaml 132 66 1145 457 101 52 2022-03-19 2024-02-05 92377750+yaronmsft@users.noreply.github.com 86425481+seanmacdonald8@users.noreply.github.com Parsers/ASimDns/Parsers/ASimDnsFortinetFortigate.yaml 214 27 545 293 43 23 2023-11-09 2024-07-18 gianni@kustoking.com 164491672+shishirdw@users.noreply.github.com Parsers/ASimDns/Parsers/vimDnsGcp.yaml 114 40 1145 576 67 41 2022-03-19 2023-10-09 92377750+yaronmsft@users.noreply.github.com mrudula.oruganti@gigamon.com Parsers/ASimDns/Parsers/ASimDnsSentinelOne.yaml 196 32 647 293 60 24 2023-07-30 2024-07-18 jayesh.prajapati@cdsys.local 164491672+shishirdw@users.noreply.github.com Parsers/ASimDns/Parsers/vimDnsInfobloxBloxOne.yaml 285 30 286 58 34 12 2024-07-25 2025-03-10 nipun.brahmbhatt@crestdatasys.com idoshabi@microsoft.com Parsers/ASimDns/Parsers/ASimDns.yaml 59 139 1145 58 230 89 2022-03-19 2025-03-10 92377750+yaronmsft@users.noreply.github.com idoshabi@microsoft.com Parsers/ASimDns/Parsers/ASimDnsInfobloxBloxOne.yaml 229 30 286 58 33 12 2024-07-25 2025-03-10 nipun.brahmbhatt@crestdatasys.com idoshabi@microsoft.com Parsers/ASimDns/Parsers/ASimDnsCorelightZeek.yaml 204 65 1145 576 123 52 2022-03-19 2023-10-09 92377750+yaronmsft@users.noreply.github.com mrudula.oruganti@gigamon.com Parsers/ASimDns/Parsers/vimDnsInfobloxNIOS.yaml 209 130 1145 293 210 85 2022-03-19 2024-07-18 92377750+yaronmsft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Parsers/ASimDns/Parsers/vimDnsEmpty.yaml 173 66 1145 576 104 49 2022-03-19 2023-10-09 92377750+yaronmsft@users.noreply.github.com mrudula.oruganti@gigamon.com Parsers/ASimDns/Parsers/ASimDnsVectraAI.yaml 114 40 1134 576 55 33 2022-03-30 2023-10-09 39997089+oshezaf@users.noreply.github.com mrudula.oruganti@gigamon.com Parsers/ASimDns/Parsers/vimDnsVectraAI.yaml 144 39 1134 576 56 36 2022-03-30 2023-10-09 39997089+oshezaf@users.noreply.github.com mrudula.oruganti@gigamon.com Parsers/ASimDns/Parsers/ASimDnsCiscoUmbrella.yaml 65 35 1145 576 56 37 2022-03-19 2023-10-09 92377750+yaronmsft@users.noreply.github.com mrudula.oruganti@gigamon.com Parsers/ASimDns/Parsers/ASimDnsMicrosoftSysmonWindowsEvent.yaml 109 12 334 106 30 13 2024-06-07 2025-01-21 balekhya@microsoft.com 128674128+v1managedservices@users.noreply.github.com Parsers/ASimDns/Parsers/vimDnsFortinetFortigate.yaml 273 42 545 268 66 33 2023-11-09 2024-08-12 gianni@kustoking.com 62938807+haim-na@users.noreply.github.com Parsers/ASimDns/Parsers/vimDnsMicrosoftNXlog.yaml 335 65 1145 293 106 52 2022-03-19 2024-07-18 92377750+yaronmsft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Parsers/ASimDns/Parsers/vimDnsMicrosoftSysmonWindowsEvent.yaml 165 12 334 106 30 13 2024-06-07 2025-01-21 balekhya@microsoft.com 128674128+v1managedservices@users.noreply.github.com Parsers/ASimDns/Parsers/vimDnsCorelightZeek.yaml 256 65 1145 576 123 52 2022-03-19 2023-10-09 92377750+yaronmsft@users.noreply.github.com mrudula.oruganti@gigamon.com Parsers/ASimDns/Parsers/ASimDnsAzureFirewall.yaml 110 33 1145 576 45 31 2022-03-19 2023-10-09 92377750+yaronmsft@users.noreply.github.com mrudula.oruganti@gigamon.com Parsers/ASimDns/Parsers/vimDnsSentinelOne.yaml 248 32 647 293 60 24 2023-07-30 2024-07-18 jayesh.prajapati@cdsys.local 164491672+shishirdw@users.noreply.github.com Parsers/ASimDns/Parsers/vimDnsMicrosoftOMS.yaml 256 59 1145 576 85 47 2022-03-19 2023-10-09 92377750+yaronmsft@users.noreply.github.com mrudula.oruganti@gigamon.com Parsers/ASimDns/Parsers/ASimDnsMicrosoftNXlog.yaml 280 73 1145 293 121 55 2022-03-19 2024-07-18 92377750+yaronmsft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Parsers/ASimDns/Parsers/ASimDnsInfobloxNIOS.yaml 92 110 1145 293 167 78 2022-03-19 2024-07-18 92377750+yaronmsft@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Parsers/ASimDns/Parsers/ASimDnsMicrosoftOMS.yaml 206 59 1145 576 85 47 2022-03-19 2023-10-09 92377750+yaronmsft@users.noreply.github.com mrudula.oruganti@gigamon.com Parsers/ASimDns/Parsers/vimDnsCiscoUmbrella.yaml 108 35 1145 576 56 37 2022-03-19 2023-10-09 92377750+yaronmsft@users.noreply.github.com mrudula.oruganti@gigamon.com Parsers/ASimDns/Parsers/vimDnsMicrosoftSysmon.yaml 180 66 1145 106 114 54 2022-03-19 2025-01-21 92377750+yaronmsft@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Parsers/ASimDns/Parsers/vimDnsAzureFirewall.yaml 189 33 1145 576 45 31 2022-03-19 2023-10-09 92377750+yaronmsft@users.noreply.github.com mrudula.oruganti@gigamon.com Parsers/ASimDns/Parsers/imDns.yaml 86 128 1145 58 217 83 2022-03-19 2025-03-10 92377750+yaronmsft@users.noreply.github.com idoshabi@microsoft.com Parsers/ASimDns/Parsers/vimDnsNative.yaml 103 109 1145 457 209 73 2022-03-19 2024-02-05 92377750+yaronmsft@users.noreply.github.com 86425481+seanmacdonald8@users.noreply.github.com Parsers/ASimDns/Parsers/ASimDnsZscalerZIA.yaml 87 66 1145 457 101 52 2022-03-19 2024-02-05 92377750+yaronmsft@users.noreply.github.com 86425481+seanmacdonald8@users.noreply.github.com Parsers/ASimDns/Parsers/ASimDnsNative.yaml 58 108 1145 147 188 69 2022-03-19 2024-12-11 92377750+yaronmsft@users.noreply.github.com balekhya@microsoft.com Parsers/ASimDns/Parsers/ASimDnsGcp.yaml 73 40 1145 576 65 40 2022-03-19 2023-10-09 92377750+yaronmsft@users.noreply.github.com mrudula.oruganti@gigamon.com Parsers/ASimDns/Parsers/ASimDnsMicrosoftSysmon.yaml 118 94 1145 106 161 74 2022-03-19 2025-01-21 92377750+yaronmsft@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Parsers/AS-McAfeeSolidcore/AS-McAfeeSolidcore.yaml 22 26 564 293 54 26 2023-10-21 2024-07-18 101294083+acceleryntsecuritydev@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Parsers/Netscaler_parser.csl 66 11 1794 576 13 8 2020-06-08 2023-10-09 joe.stahl@gmail.com mrudula.oruganti@gigamon.com Parsers/AS-StealthDefend/AS-StealthDefend.yaml 20 26 551 293 59 27 2023-11-03 2024-07-18 101294083+acceleryntsecuritydev@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Parsers/ASimProcessEvent/Parsers/vimProcessCreateMicrosoftSysmon.yaml 215 110 1169 106 169 71 2022-02-23 2025-01-21 github@shezaf.com 128674128+v1managedservices@users.noreply.github.com Parsers/ASimProcessEvent/Parsers/ASimProcessEventTerminate.yaml 41 91 1107 268 156 61 2022-04-26 2024-08-12 49263271+yaronfruchtmann@users.noreply.github.com 62938807+haim-na@users.noreply.github.com Parsers/ASimProcessEvent/Parsers/ASimProcessTerminateMicrosoftSysmonWindowsEvent.yaml 59 11 278 106 15 12 2024-08-02 2025-01-21 balekhya@microsoft.com 128674128+v1managedservices@users.noreply.github.com Parsers/ASimProcessEvent/Parsers/imProcessEvent.yaml 106 93 596 106 194 58 2023-09-19 2025-01-21 97222872+vakohl@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Parsers/ASimProcessEvent/Parsers/vimProcessTerminateMicrosoftSysmonWindowsEvent.yaml 161 11 278 106 15 12 2024-08-02 2025-01-21 balekhya@microsoft.com 128674128+v1managedservices@users.noreply.github.com Parsers/ASimProcessEvent/Parsers/vimProcessCreateMicrosoftSysmonWidowsEvent.yaml 200 12 293 106 21 13 2024-07-18 2025-01-21 balekhya@microsoft.com 128674128+v1managedservices@users.noreply.github.com Parsers/ASimProcessEvent/Parsers/ASimProcessTerminateMicrosoftSysmon.yaml 83 89 1107 106 135 60 2022-04-26 2025-01-21 49263271+yaronfruchtmann@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Parsers/ASimProcessEvent/Parsers/vimProcessEventMicrosoft365D.yaml 176 89 1169 576 139 63 2022-02-23 2023-10-09 github@shezaf.com mrudula.oruganti@gigamon.com Parsers/ASimProcessEvent/Parsers/ASimProcessCreateTrendMicroVisionOne.yaml 134 26 646 293 40 22 2023-07-31 2024-07-18 jayesh.prajapati@cdsys.local 164491672+shishirdw@users.noreply.github.com Parsers/ASimProcessEvent/Parsers/ASimProcessEventCreate.yaml 45 103 1107 268 203 66 2022-04-26 2024-08-12 49263271+yaronfruchtmann@users.noreply.github.com 62938807+haim-na@users.noreply.github.com Parsers/ASimProcessEvent/Parsers/vimProcessCreateTrendMicroVisionOne.yaml 200 26 646 293 40 22 2023-07-31 2024-07-18 jayesh.prajapati@cdsys.local 164491672+shishirdw@users.noreply.github.com Parsers/ASimProcessEvent/Parsers/vimProcessCreateMicrosoftWindowsEvents.yaml 148 98 1169 293 147 76 2022-02-23 2024-07-18 github@shezaf.com 164491672+shishirdw@users.noreply.github.com Parsers/ASimProcessEvent/Parsers/imProcessTerminate.yaml 79 116 1169 268 214 75 2022-02-23 2024-08-12 github@shezaf.com 62938807+haim-na@users.noreply.github.com Parsers/ASimProcessEvent/Parsers/ASimProcessEventMD4IoT.yaml 62 38 1107 576 49 26 2022-04-26 2023-10-09 49263271+yaronfruchtmann@users.noreply.github.com mrudula.oruganti@gigamon.com Parsers/ASimProcessEvent/Parsers/ASimProcessTerminateVMwareCarbonBlackCloud.yaml 112 31 635 293 47 24 2023-08-11 2024-07-18 jayesh.prajapati@cdsys.local 164491672+shishirdw@users.noreply.github.com Parsers/ASimProcessEvent/Parsers/ASimProcessCreateMicrosoftSecurityEvents.yaml 106 51 1107 576 75 37 2022-04-26 2023-10-09 49263271+yaronfruchtmann@users.noreply.github.com mrudula.oruganti@gigamon.com Parsers/ASimProcessEvent/Parsers/ASimProcessCreateMicrosoftWindowsEvents.yaml 76 81 1107 293 126 65 2022-04-26 2024-07-18 49263271+yaronfruchtmann@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Parsers/ASimProcessEvent/Parsers/vimProcessEventMD4IoT.yaml 122 54 1169 576 72 37 2022-02-23 2023-10-09 github@shezaf.com mrudula.oruganti@gigamon.com Parsers/ASimProcessEvent/Parsers/vimProcessTerminateMD4IoT.yaml 123 38 1102 576 50 26 2022-05-01 2023-10-09 49263271+yaronfruchtmann@users.noreply.github.com mrudula.oruganti@gigamon.com Parsers/ASimProcessEvent/Parsers/vimProcessCreateSentinelOne.yaml 234 31 647 293 58 26 2023-07-30 2024-07-18 jayesh.prajapati@cdsys.local 164491672+shishirdw@users.noreply.github.com Parsers/ASimProcessEvent/Parsers/vimProcessTerminateVMwareCarbonBlackCloud.yaml 187 32 635 293 48 24 2023-08-11 2024-07-18 jayesh.prajapati@cdsys.local 164491672+shishirdw@users.noreply.github.com Parsers/ASimProcessEvent/Parsers/ASimProcessCreateMicrosoftSysmon.yaml 131 94 1107 106 138 60 2022-04-26 2025-01-21 49263271+yaronfruchtmann@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Parsers/ASimProcessEvent/Parsers/vimProcessCreateMD4IoT.yaml 123 38 1102 576 51 26 2022-05-01 2023-10-09 49263271+yaronfruchtmann@users.noreply.github.com mrudula.oruganti@gigamon.com Parsers/ASimProcessEvent/Parsers/vimProcessTerminateMicrosoftSecurityEvents.yaml 118 79 1169 293 108 64 2022-02-23 2024-07-18 github@shezaf.com 164491672+shishirdw@users.noreply.github.com Parsers/ASimProcessEvent/Parsers/ASimProcessTerminateMicrosoftSecurityEvents.yaml 67 63 1107 293 86 53 2022-04-26 2024-07-18 49263271+yaronfruchtmann@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Parsers/ASimProcessEvent/Parsers/ASimProcessCreateLinuxSysmon.yaml 107 34 1107 576 45 24 2022-04-26 2023-10-09 49263271+yaronfruchtmann@users.noreply.github.com mrudula.oruganti@gigamon.com Parsers/ASimProcessEvent/Parsers/imProcessCreate.yaml 88 154 1169 268 311 98 2022-02-23 2024-08-12 github@shezaf.com 62938807+haim-na@users.noreply.github.com Parsers/ASimProcessEvent/Parsers/ASimProcessCreateSentinelOne.yaml 153 30 647 293 57 25 2023-07-30 2024-07-18 jayesh.prajapati@cdsys.local 164491672+shishirdw@users.noreply.github.com Parsers/ASimProcessEvent/Parsers/ASimProcessTerminateMicrosoftWindowsEvents.yaml 58 80 1107 293 122 65 2022-04-26 2024-07-18 49263271+yaronfruchtmann@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Parsers/ASimProcessEvent/Parsers/vimProcessTerminateMicrosoftWindowsEvents.yaml 133 96 1169 293 144 76 2022-02-23 2024-07-18 github@shezaf.com 164491672+shishirdw@users.noreply.github.com Parsers/ASimProcessEvent/Parsers/ASimProcessEventMicrosoft365D.yaml 93 71 1107 576 114 50 2022-04-26 2023-10-09 49263271+yaronfruchtmann@users.noreply.github.com mrudula.oruganti@gigamon.com Parsers/ASimProcessEvent/Parsers/ASimProcessTerminateLinuxSysmon.yaml 58 59 1107 293 98 44 2022-04-26 2024-07-18 49263271+yaronfruchtmann@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Parsers/ASimProcessEvent/Parsers/vimProcessEmpty.yaml 177 89 1169 293 167 66 2022-02-23 2024-07-18 github@shezaf.com 164491672+shishirdw@users.noreply.github.com Parsers/ASimProcessEvent/Parsers/vimProcessTerminateLinuxSysmon.yaml 117 52 1169 576 69 37 2022-02-23 2023-10-09 github@shezaf.com mrudula.oruganti@gigamon.com Parsers/ASimProcessEvent/Parsers/vimProcessCreateMicrosoftSecurityEvents.yaml 184 65 1169 576 94 48 2022-02-23 2023-10-09 github@shezaf.com mrudula.oruganti@gigamon.com Parsers/ASimProcessEvent/Parsers/ASimProcessCreateMicrosoftSysmonWindowsEvent.yaml 114 13 338 106 22 13 2024-06-03 2025-01-21 balekhya@microsoft.com 128674128+v1managedservices@users.noreply.github.com Parsers/ASimProcessEvent/Parsers/vimProcessCreateLinuxSysmon.yaml 171 48 1169 576 64 35 2022-02-23 2023-10-09 github@shezaf.com mrudula.oruganti@gigamon.com Parsers/ASimProcessEvent/Parsers/ASimProcessCreateVMwareCarbonBlackCloud.yaml 250 34 635 293 59 26 2023-08-11 2024-07-18 jayesh.prajapati@cdsys.local 164491672+shishirdw@users.noreply.github.com Parsers/ASimProcessEvent/Parsers/ASimProcessEventNative.yaml 49 27 532 293 57 28 2023-11-22 2024-07-18 97222872+vakohl@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Parsers/ASimProcessEvent/Parsers/vimProcessEventNative.yaml 137 28 532 293 58 28 2023-11-22 2024-07-18 97222872+vakohl@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Parsers/ASimProcessEvent/Parsers/ASimProcessEvent.yaml 59 136 1107 106 257 88 2022-04-26 2025-01-21 49263271+yaronfruchtmann@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Parsers/ASimProcessEvent/Parsers/vimProcessCreateVMwareCarbonBlackCloud.yaml 331 34 635 293 59 26 2023-08-11 2024-07-18 jayesh.prajapati@cdsys.local 164491672+shishirdw@users.noreply.github.com Parsers/ASimProcessEvent/Parsers/vimProcessTerminateMicrosoftSysmon.yaml 146 109 1169 106 160 72 2022-02-23 2025-01-21 github@shezaf.com 128674128+v1managedservices@users.noreply.github.com Parsers/ASimAuditEvent/Parsers/vimAuditEventBarracudaWAF.yaml 205 53 685 106 92 43 2023-06-22 2025-01-21 jayesh.prajapati@cdsys.local 128674128+v1managedservices@users.noreply.github.com Parsers/ASimAuditEvent/Parsers/ASimAuditEventVectraXDRAudit.yaml 54 76 671 293 151 52 2023-07-06 2024-07-18 dhruvil.bhatt@crestdatasys.com 164491672+shishirdw@users.noreply.github.com Parsers/ASimAuditEvent/Parsers/ASimAuditEventMicrosoftSecurityEvents.yaml 201 11 334 106 30 13 2024-06-07 2025-01-21 balekhya@microsoft.com 128674128+v1managedservices@users.noreply.github.com Parsers/ASimAuditEvent/Parsers/ASimAuditEvent.yaml 63 193 870 57 413 104 2022-12-19 2025-03-11 github@shezaf.com v-atulyadav@microsoft.com Parsers/ASimAuditEvent/Parsers/ASimAuditEventCiscoMerakiSyslog.yaml 225 10 330 106 19 14 2024-06-11 2025-01-21 balekhya@microsoft.com 128674128+v1managedservices@users.noreply.github.com Parsers/ASimAuditEvent/Parsers/ASimAuditEventMicrosoftEvent.yaml 184 11 334 106 30 13 2024-06-07 2025-01-21 balekhya@microsoft.com 128674128+v1managedservices@users.noreply.github.com Parsers/ASimAuditEvent/Parsers/ASimAuditEventMicrosoftExchangeAdmin365.yaml 122 46 862 457 72 39 2022-12-27 2024-02-05 v-sabiraj@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Parsers/ASimAuditEvent/Parsers/ASimAuditEventVMwareCarbonBlackCloud.yaml 316 46 625 268 79 38 2023-08-21 2024-08-12 jayesh.prajapati@cdsys.local 62938807+haim-na@users.noreply.github.com Parsers/ASimAuditEvent/Parsers/ASimAuditEventCrowdStrikeFalconHost.yaml 160 25 600 293 37 22 2023-09-15 2024-07-18 nirali.shah@crestdatasys.com 164491672+shishirdw@users.noreply.github.com Parsers/ASimAuditEvent/Parsers/vimAuditEventVectraXDRAudit.yaml 74 76 671 293 151 52 2023-07-06 2024-07-18 dhruvil.bhatt@crestdatasys.com 164491672+shishirdw@users.noreply.github.com Parsers/ASimAuditEvent/Parsers/imAuditEvent.yaml 93 185 869 57 400 96 2022-12-20 2025-03-11 39997089+oshezaf@users.noreply.github.com v-atulyadav@microsoft.com Parsers/ASimAuditEvent/Parsers/ASimAuditEventCiscoMeraki.yaml 219 47 691 106 84 39 2023-06-16 2025-01-21 jayesh.prajapati@cdsys.local 128674128+v1managedservices@users.noreply.github.com Parsers/ASimAuditEvent/Parsers/vimAuditEventVMwareCarbonBlackCloud.yaml 375 47 625 268 79 38 2023-08-21 2024-08-12 jayesh.prajapati@cdsys.local 62938807+haim-na@users.noreply.github.com Parsers/ASimAuditEvent/Parsers/vimAuditEventIllumioSaaSCore.yaml 434 28 258 58 38 9 2024-08-22 2025-03-10 ashwin.venkatesha@illumio.com idoshabi@microsoft.com Parsers/ASimAuditEvent/Parsers/vimAuditEventEmpty.yaml 146 78 870 268 129 57 2022-12-19 2024-08-12 github@shezaf.com 62938807+haim-na@users.noreply.github.com Parsers/ASimAuditEvent/Parsers/ASimAuditEventBarracudaWAF.yaml 159 52 685 106 91 43 2023-06-22 2025-01-21 jayesh.prajapati@cdsys.local 128674128+v1managedservices@users.noreply.github.com Parsers/ASimAuditEvent/Parsers/vimAuditEventNative.yaml 103 21 145 57 36 11 2024-12-13 2025-03-11 balekhya@microsoft.com v-atulyadav@microsoft.com Parsers/ASimAuditEvent/Parsers/vimAuditEventCrowdStrikeFalconHost.yaml 217 25 600 293 37 22 2023-09-15 2024-07-18 nirali.shah@crestdatasys.com 164491672+shishirdw@users.noreply.github.com Parsers/ASimAuditEvent/Parsers/vimAuditEventBarracudaCEF.yaml 205 12 329 106 23 13 2024-06-12 2025-01-21 balekhya@microsoft.com 128674128+v1managedservices@users.noreply.github.com Parsers/ASimAuditEvent/Parsers/vimAuditEventMicrosoftSecurityEvents.yaml 288 11 334 106 30 13 2024-06-07 2025-01-21 balekhya@microsoft.com 128674128+v1managedservices@users.noreply.github.com Parsers/ASimAuditEvent/Parsers/vimAuditEventInfobloxBloxOne.yaml 179 31 286 58 36 12 2024-07-25 2025-03-10 nipun.brahmbhatt@crestdatasys.com idoshabi@microsoft.com Parsers/ASimAuditEvent/Parsers/ASimAuditEventNative.yaml 44 18 145 57 27 10 2024-12-13 2025-03-11 balekhya@microsoft.com v-atulyadav@microsoft.com Parsers/ASimAuditEvent/Parsers/ASimAuditEventBarracudaCEF.yaml 160 11 329 106 22 13 2024-06-12 2025-01-21 balekhya@microsoft.com 128674128+v1managedservices@users.noreply.github.com Parsers/ASimAuditEvent/Parsers/vimAuditEventCiscoISE.yaml 360 33 678 293 59 30 2023-06-29 2024-07-18 sp@socprime.com 164491672+shishirdw@users.noreply.github.com Parsers/ASimAuditEvent/Parsers/ASimAuditEventCiscoISE.yaml 295 32 678 293 57 30 2023-06-29 2024-07-18 sp@socprime.com 164491672+shishirdw@users.noreply.github.com Parsers/ASimAuditEvent/Parsers/vimAuditEventMicrosoftWindowsEvents.yaml 282 103 862 106 222 85 2022-12-27 2025-01-21 v-sabiraj@microsoft.com 128674128+v1managedservices@users.noreply.github.com Parsers/ASimAuditEvent/Parsers/vimAuditEventMicrosoftExchangeAdmin365.yaml 191 46 862 457 72 39 2022-12-27 2024-02-05 v-sabiraj@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Parsers/ASimAuditEvent/Parsers/ASimAuditEventInfobloxBloxOne.yaml 143 30 286 58 33 12 2024-07-25 2025-03-10 nipun.brahmbhatt@crestdatasys.com idoshabi@microsoft.com Parsers/ASimAuditEvent/Parsers/vimAuditEventAzureAdminActivity.yaml 216 46 863 457 72 37 2022-12-26 2024-02-05 github@shezaf.com 86425481+seanmacdonald8@users.noreply.github.com Parsers/ASimAuditEvent/Parsers/ASimAuditEventAzureAdminActivity.yaml 155 49 870 457 76 37 2022-12-19 2024-02-05 github@shezaf.com 86425481+seanmacdonald8@users.noreply.github.com Parsers/ASimAuditEvent/Parsers/vimAuditEventCiscoMeraki.yaml 257 47 691 106 84 39 2023-06-16 2025-01-21 jayesh.prajapati@cdsys.local 128674128+v1managedservices@users.noreply.github.com Parsers/ASimAuditEvent/Parsers/ASimAuditEventIllumioSaaSCore.yaml 375 28 258 58 43 9 2024-08-22 2025-03-10 ashwin.venkatesha@illumio.com idoshabi@microsoft.com Parsers/ASimAuditEvent/Parsers/vimAuditEventMicrosoftEvent.yaml 260 12 334 106 31 13 2024-06-07 2025-01-21 balekhya@microsoft.com 128674128+v1managedservices@users.noreply.github.com Parsers/ASimAuditEvent/Parsers/ASimAuditEventMicrosoftWindowsEvents.yaml 196 108 870 106 235 85 2022-12-19 2025-01-21 github@shezaf.com 128674128+v1managedservices@users.noreply.github.com Parsers/ASimAuditEvent/Parsers/vimAuditEventCiscoMerakiSyslog.yaml 263 10 330 106 19 14 2024-06-11 2025-01-21 balekhya@microsoft.com 128674128+v1managedservices@users.noreply.github.com Parsers/ASimNetworkSession/ASimNetworkSessionV1/ProductParsers/NetworkSessionCheckPoint.yaml 69 40 1344 576 66 36 2021-09-01 2023-10-09 76435946+vu-socprime@users.noreply.github.com mrudula.oruganti@gigamon.com Parsers/ASimNetworkSession/ASimNetworkSessionV1/ProductParsers/NetworkSessionPaloAltoPanOS.yaml 107 39 1344 576 63 36 2021-09-01 2023-10-09 76435946+vu-socprime@users.noreply.github.com mrudula.oruganti@gigamon.com Parsers/ASimNetworkSession/ASimNetworkSessionV1/ProductParsers/NetworkSessionMicrosoft365Defender.yaml 65 39 1344 576 63 36 2021-09-01 2023-10-09 76435946+vu-socprime@users.noreply.github.com mrudula.oruganti@gigamon.com Parsers/ASimNetworkSession/ASimNetworkSessionV1/ProductParsers/NetworkSessionMicrosoftWindowsFirewall.yaml 40 46 1344 576 76 39 2021-09-01 2023-10-09 76435946+vu-socprime@users.noreply.github.com mrudula.oruganti@gigamon.com Parsers/ASimNetworkSession/ASimNetworkSessionV1/ProductParsers/NetworkSessionMicrosoftWireData.yaml 49 39 1344 576 63 36 2021-09-01 2023-10-09 76435946+vu-socprime@users.noreply.github.com mrudula.oruganti@gigamon.com Parsers/ASimNetworkSession/ASimNetworkSessionV1/ProductParsers/NetworkSessionCiscoASA.yaml 37 39 1344 576 63 36 2021-09-01 2023-10-09 76435946+vu-socprime@users.noreply.github.com mrudula.oruganti@gigamon.com Parsers/ASimNetworkSession/ASimNetworkSessionV1/ProductParsers/NetworkSessionZScalerZIA.yaml 70 46 1344 576 77 39 2021-09-01 2023-10-09 76435946+vu-socprime@users.noreply.github.com mrudula.oruganti@gigamon.com Parsers/ASimNetworkSession/ASimNetworkSessionV1/NetworkSessionGeneric.yaml 27 31 1344 576 47 33 2021-09-01 2023-10-09 76435946+vu-socprime@users.noreply.github.com mrudula.oruganti@gigamon.com Parsers/ASimNetworkSession/ASimNetworkSessionV1/NetworkSessionEmpty.yaml 143 31 1344 576 47 33 2021-09-01 2023-10-09 76435946+vu-socprime@users.noreply.github.com mrudula.oruganti@gigamon.com Parsers/ASimNetworkSession/Parsers/vimNetworkSessionVMConnection.yaml 260 114 1185 268 201 81 2022-02-07 2024-08-12 95616009+yaelrbergman@users.noreply.github.com 62938807+haim-na@users.noreply.github.com Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionPaloAltoCEF.yaml 131 124 1189 268 210 86 2022-02-03 2024-08-12 49263271+yaronfruchtmann@users.noreply.github.com 62938807+haim-na@users.noreply.github.com Parsers/ASimNetworkSession/Parsers/vimNetworkSessionAppGateSDP.yaml 232 87 1052 457 151 60 2022-06-20 2024-02-05 github@shezaf.com 86425481+seanmacdonald8@users.noreply.github.com Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionCiscoMeraki.yaml 382 128 1077 106 258 85 2022-05-26 2025-01-21 demehra@microsoft.com 128674128+v1managedservices@users.noreply.github.com Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionMicrosoftLinuxSysmon.yaml 120 97 1211 576 176 66 2022-01-12 2023-10-09 87809732+niktripathi@users.noreply.github.com mrudula.oruganti@gigamon.com Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionVectraAI.yaml 134 39 1135 576 57 33 2022-03-29 2023-10-09 github@shezaf.com mrudula.oruganti@gigamon.com Parsers/ASimNetworkSession/Parsers/vimNetworkSessionMicrosoftSecurityEventFirewall.yaml 295 18 337 106 37 15 2024-06-04 2025-01-21 balekhya@microsoft.com 128674128+v1managedservices@users.noreply.github.com Parsers/ASimNetworkSession/Parsers/vimNetworkSessionPaloAltoCEF.yaml 180 132 1189 268 236 91 2022-02-03 2024-08-12 49263271+yaronfruchtmann@users.noreply.github.com 62938807+haim-na@users.noreply.github.com Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionNative.yaml 54 68 966 457 102 48 2022-09-14 2024-02-05 github@shezaf.com 86425481+seanmacdonald8@users.noreply.github.com Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionVMConnection.yaml 153 83 1186 576 152 59 2022-02-06 2023-10-09 github@shezaf.com mrudula.oruganti@gigamon.com Parsers/ASimNetworkSession/Parsers/vimNetworkSessionMicrosoft365Defender.yaml 274 123 1211 293 209 90 2022-01-12 2024-07-18 87809732+niktripathi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Parsers/ASimNetworkSession/Parsers/vimNetworkSessionVMwareCarbonBlackCloud.yaml 331 36 635 293 65 26 2023-08-11 2024-07-18 jayesh.prajapati@cdsys.local 164491672+shishirdw@users.noreply.github.com Parsers/ASimNetworkSession/Parsers/vimNetworkSessionCiscoMerakiSyslog.yaml 454 11 336 106 20 14 2024-06-05 2025-01-21 balekhya@microsoft.com 128674128+v1managedservices@users.noreply.github.com Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionCheckPointFirewall.yaml 268 71 989 457 132 52 2022-08-22 2024-02-05 demehra@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Parsers/ASimNetworkSession/Parsers/vimNetworkSessionCiscoFirepower.yaml 318 31 677 293 59 27 2023-06-30 2024-07-18 jayesh.prajapati@cdsys.local 164491672+shishirdw@users.noreply.github.com Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionMicrosoftSecurityEventFirewall.yaml 173 12 337 106 31 13 2024-06-04 2025-01-21 balekhya@microsoft.com 128674128+v1managedservices@users.noreply.github.com Parsers/ASimNetworkSession/Parsers/vimNetworkSessionzScalerZIA.yaml 168 117 1211 457 195 76 2022-01-12 2024-02-05 87809732+niktripathi@users.noreply.github.com 86425481+seanmacdonald8@users.noreply.github.com Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionForcePointFirewall.yaml 341 44 781 293 62 38 2023-03-18 2024-07-18 demehra@microsoft.com 164491672+shishirdw@users.noreply.github.com Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionCiscoMerakiSyslog.yaml 386 11 336 106 20 14 2024-06-05 2025-01-21 balekhya@microsoft.com 128674128+v1managedservices@users.noreply.github.com Parsers/ASimNetworkSession/Parsers/vimNetworkSessionMicrosoftWindowsEventFirewall.yaml 196 174 1211 106 296 109 2022-01-12 2025-01-21 87809732+niktripathi@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Parsers/ASimNetworkSession/Parsers/vimNetworkSessionFortinetFortiGate.yaml 176 122 1052 293 221 75 2022-06-20 2024-07-18 75278885+kustoking@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Parsers/ASimNetworkSession/Parsers/vimNetworkSessionNative.yaml 128 52 966 457 80 42 2022-09-14 2024-02-05 github@shezaf.com 86425481+seanmacdonald8@users.noreply.github.com Parsers/ASimNetworkSession/Parsers/vimNetworkSessionForcePointFirewall.yaml 416 40 771 293 57 38 2023-03-28 2024-07-18 demehra@microsoft.com 164491672+shishirdw@users.noreply.github.com Parsers/ASimNetworkSession/Parsers/vimNetworkSessionIllumioSaaSCore.yaml 385 29 258 58 39 9 2024-08-22 2025-03-10 ashwin.venkatesha@illumio.com idoshabi@microsoft.com Parsers/ASimNetworkSession/Parsers/vimNetworkSessionMicrosoftLinuxSysmon.yaml 204 130 1211 457 223 84 2022-01-12 2024-02-05 87809732+niktripathi@users.noreply.github.com 86425481+seanmacdonald8@users.noreply.github.com Parsers/ASimNetworkSession/Parsers/vimNetworkSessionSonicWallFirewall.yaml 435 26 513 268 42 21 2023-12-11 2024-08-12 42151366+jaimeesc@users.noreply.github.com 62938807+haim-na@users.noreply.github.com Parsers/ASimNetworkSession/Parsers/vimNetworkSessionSentinelOne.yaml 228 32 647 293 62 24 2023-07-30 2024-07-18 jayesh.prajapati@cdsys.local 164491672+shishirdw@users.noreply.github.com Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionMD4IoTAgent.yaml 122 25 919 576 31 24 2022-10-31 2023-10-09 github@shezaf.com mrudula.oruganti@gigamon.com Parsers/ASimNetworkSession/Parsers/vimNetworkSessionAzureNSG.yaml 155 76 1175 576 119 52 2022-02-17 2023-10-09 github@shezaf.com mrudula.oruganti@gigamon.com Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionSentinelOne.yaml 153 32 647 293 61 24 2023-07-30 2024-07-18 jayesh.prajapati@cdsys.local 164491672+shishirdw@users.noreply.github.com Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionAzureFirewall.yaml 99 54 1178 576 83 44 2022-02-14 2023-10-09 github@shezaf.com mrudula.oruganti@gigamon.com Parsers/ASimNetworkSession/Parsers/vimNetworkSessionCorelightZeek.yaml 190 66 987 268 113 51 2022-08-24 2024-08-12 github@shezaf.com 62938807+haim-na@users.noreply.github.com Parsers/ASimNetworkSession/Parsers/vimNetworkSessionEmpty.yaml 164 71 1211 576 134 53 2022-01-12 2023-10-09 87809732+niktripathi@users.noreply.github.com mrudula.oruganti@gigamon.com Parsers/ASimNetworkSession/Parsers/vimNetworkSessionMicrosoftSysmon.yaml 204 13 323 106 20 12 2024-06-18 2025-01-21 balekhya@microsoft.com 128674128+v1managedservices@users.noreply.github.com Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionCiscoISE.yaml 159 53 685 293 114 41 2023-06-22 2024-07-18 sp@socprime.com 164491672+shishirdw@users.noreply.github.com Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionMicrosoftSysmonWindowsEvent.yaml 121 11 336 106 18 12 2024-06-05 2025-01-21 balekhya@microsoft.com 128674128+v1managedservices@users.noreply.github.com Parsers/ASimNetworkSession/Parsers/vimNetworkSessionMD4IoTSensor.yaml 137 24 916 576 31 24 2022-11-03 2023-10-09 90267997+nniryanb@users.noreply.github.com mrudula.oruganti@gigamon.com Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionIllumioSaaSCore.yaml 306 29 258 58 40 9 2024-08-22 2025-03-10 ashwin.venkatesha@illumio.com idoshabi@microsoft.com Parsers/ASimNetworkSession/Parsers/vimNetworkSessionAWSVPC.yaml 292 100 1183 268 159 73 2022-02-09 2024-08-12 39997089+oshezaf@users.noreply.github.com 62938807+haim-na@users.noreply.github.com Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionMicrosoftWindowsEventFirewall.yaml 135 155 1211 106 282 99 2022-01-12 2025-01-21 87809732+niktripathi@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionzScalerZIA.yaml 110 112 1211 457 188 73 2022-01-12 2024-02-05 87809732+niktripathi@users.noreply.github.com 86425481+seanmacdonald8@users.noreply.github.com Parsers/ASimNetworkSession/Parsers/imNetworkSession.yaml 140 313 1211 58 689 158 2022-01-12 2025-03-10 87809732+niktripathi@users.noreply.github.com idoshabi@microsoft.com Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionBarracudaWAF.yaml 132 55 685 106 96 42 2023-06-22 2025-01-21 jayesh.prajapati@cdsys.local 128674128+v1managedservices@users.noreply.github.com Parsers/ASimNetworkSession/Parsers/vimNetworkSessionCheckPointFirewall.yaml 325 70 989 457 120 50 2022-08-22 2024-02-05 demehra@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Parsers/ASimNetworkSession/Parsers/vimNetworkSessionBarracudaCEF.yaml 205 10 336 106 24 13 2024-06-05 2025-01-21 balekhya@microsoft.com 128674128+v1managedservices@users.noreply.github.com Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionMicrosoftSysmon.yaml 126 56 849 106 87 44 2023-01-09 2025-01-21 guus.verbeek@wortell.nl 128674128+v1managedservices@users.noreply.github.com Parsers/ASimNetworkSession/Parsers/vimNetworkSessionCiscoISE.yaml 226 53 685 293 115 41 2023-06-22 2024-07-18 sp@socprime.com 164491672+shishirdw@users.noreply.github.com Parsers/ASimNetworkSession/Parsers/vimNetworkSessionMicrosoftSysmonWindowsEvent.yaml 195 12 321 106 20 12 2024-06-20 2025-01-21 balekhya@microsoft.com 128674128+v1managedservices@users.noreply.github.com Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionBarracudaCEF.yaml 158 11 336 106 25 13 2024-06-05 2025-01-21 balekhya@microsoft.com 128674128+v1managedservices@users.noreply.github.com Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionVMwareCarbonBlackCloud.yaml 250 35 635 293 64 26 2023-08-11 2024-07-18 jayesh.prajapati@cdsys.local 164491672+shishirdw@users.noreply.github.com Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionCiscoASA.yaml 461 46 982 57 98 38 2022-08-29 2025-03-11 demehra@microsoft.com v-atulyadav@microsoft.com Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionMD4IoTSensor.yaml 67 25 919 576 32 24 2022-10-31 2023-10-09 github@shezaf.com mrudula.oruganti@gigamon.com Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionAppGateSDP.yaml 158 78 1078 457 129 55 2022-05-25 2024-02-05 github@shezaf.com 86425481+seanmacdonald8@users.noreply.github.com Parsers/ASimNetworkSession/Parsers/vimNetworkSessionCiscoMeraki.yaml 450 129 1077 106 258 85 2022-05-26 2025-01-21 demehra@microsoft.com 128674128+v1managedservices@users.noreply.github.com Parsers/ASimNetworkSession/Parsers/vimNetworkSessionCiscoASA.yaml 590 40 979 57 66 34 2022-09-01 2025-03-11 demehra@microsoft.com v-atulyadav@microsoft.com Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionSonicWallFirewall.yaml 385 26 513 268 42 21 2023-12-11 2024-08-12 42151366+jaimeesc@users.noreply.github.com 62938807+haim-na@users.noreply.github.com Parsers/ASimNetworkSession/Parsers/vimNetworkSessionAzureFirewall.yaml 190 86 1178 268 130 65 2022-02-14 2024-08-12 github@shezaf.com 62938807+haim-na@users.noreply.github.com Parsers/ASimNetworkSession/Parsers/vimNetworkSessionWatchGuardFirewareOS.yaml 207 52 983 268 89 47 2022-08-28 2024-08-12 gianni@kustoking.com 62938807+haim-na@users.noreply.github.com Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionAWSVPC.yaml 230 68 1183 576 111 51 2022-02-09 2023-10-09 39997089+oshezaf@users.noreply.github.com mrudula.oruganti@gigamon.com Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionCiscoFirepower.yaml 242 31 677 293 59 27 2023-06-30 2024-07-18 jayesh.prajapati@cdsys.local 164491672+shishirdw@users.noreply.github.com Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionFortinetFortiGate.yaml 120 121 1052 293 224 75 2022-06-20 2024-07-18 75278885+kustoking@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Parsers/ASimNetworkSession/Parsers/vimNetworkSessionCrowdStrikeFalconHost.yaml 393 28 586 293 46 23 2023-09-29 2024-07-18 nirali.shah@crestdatasys.com 164491672+shishirdw@users.noreply.github.com Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionAzureNSG.yaml 82 67 1175 576 108 48 2022-02-17 2023-10-09 github@shezaf.com mrudula.oruganti@gigamon.com Parsers/ASimNetworkSession/Parsers/ASimNetworkSession.yaml 103 316 1211 58 703 155 2022-01-12 2025-03-10 87809732+niktripathi@users.noreply.github.com idoshabi@microsoft.com Parsers/ASimNetworkSession/Parsers/vimNetworkSessionMD4IoTAgent.yaml 208 25 919 576 31 24 2022-10-31 2023-10-09 github@shezaf.com mrudula.oruganti@gigamon.com Parsers/ASimNetworkSession/Parsers/vimNetworkSessionBarracudaWAF.yaml 204 55 685 106 96 42 2023-06-22 2025-01-21 jayesh.prajapati@cdsys.local 128674128+v1managedservices@users.noreply.github.com Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionWatchGuardFirewareOS.yaml 130 31 983 576 53 31 2022-08-28 2023-10-09 gianni@kustoking.com mrudula.oruganti@gigamon.com Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionCrowdStrikeFalconHost.yaml 296 28 586 293 45 23 2023-09-29 2024-07-18 nirali.shah@crestdatasys.com 164491672+shishirdw@users.noreply.github.com Parsers/ASimNetworkSession/Parsers/vimNetworkSessionVectraAI.yaml 196 39 1135 576 57 33 2022-03-29 2023-10-09 github@shezaf.com mrudula.oruganti@gigamon.com Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionCorelightZeek.yaml 129 48 987 576 88 38 2022-08-24 2023-10-09 github@shezaf.com mrudula.oruganti@gigamon.com Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionMicrosoft365Defender.yaml 194 106 1211 293 182 82 2022-01-12 2024-07-18 87809732+niktripathi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Parsers/ASimWebSession/Parsers/ASimWebSessionFortinetFortiGate.yaml 151 59 691 293 115 48 2023-06-16 2024-07-18 75278885+kustoking@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Parsers/ASimWebSession/Parsers/ASimWebSessionVectraAI.yaml 132 56 1080 576 98 44 2022-05-23 2023-10-09 github@shezaf.com mrudula.oruganti@gigamon.com Parsers/ASimWebSession/Parsers/ASimWebSessionCitrixNetScaler.yaml 154 30 615 293 57 26 2023-08-31 2024-07-18 jayesh.prajapati@cdsys.local 164491672+shishirdw@users.noreply.github.com Parsers/ASimWebSession/Parsers/ASimWebSessionBarracudaCEF.yaml 181 14 351 106 31 13 2024-05-21 2025-01-21 balekhya@microsoft.com 128674128+v1managedservices@users.noreply.github.com Parsers/ASimWebSession/Parsers/ASimWebSessionCiscoMeraki.yaml 186 38 692 107 71 30 2023-06-15 2025-01-20 jayesh.prajapati@cdsys.local v-amolpatil@microsoft.com Parsers/ASimWebSession/Parsers/ASimWebSessionNative.yaml 73 35 853 457 49 28 2023-01-05 2024-02-05 39997089+oshezaf@users.noreply.github.com 86425481+seanmacdonald8@users.noreply.github.com Parsers/ASimWebSession/Parsers/vimWebSessionCitrixNetScaler.yaml 219 30 615 293 57 26 2023-08-31 2024-07-18 jayesh.prajapati@cdsys.local 164491672+shishirdw@users.noreply.github.com Parsers/ASimWebSession/Parsers/vimWebSessionCiscoMeraki.yaml 248 38 692 107 71 30 2023-06-15 2025-01-20 jayesh.prajapati@cdsys.local v-amolpatil@microsoft.com Parsers/ASimWebSession/Parsers/vimWebSessionSonicWallFirewall.yaml 457 24 513 261 30 16 2023-12-11 2024-08-19 42151366+jaimeesc@users.noreply.github.com v-prasadboke@microsoft.com Parsers/ASimWebSession/Parsers/imWebSession.yaml 105 244 1253 106 523 143 2021-12-01 2025-01-21 github@shezaf.com 128674128+v1managedservices@users.noreply.github.com Parsers/ASimWebSession/Parsers/ASimWebSessionF5ASM.yaml 74 35 624 293 55 25 2023-08-22 2024-07-18 jayesh.prajapati@cdsys.local 164491672+shishirdw@users.noreply.github.com Parsers/ASimWebSession/Parsers/vimWebSessionIIS.yaml 139 42 749 293 91 52 2023-04-19 2024-07-18 50784041+anders-alex@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Parsers/ASimWebSession/Parsers/vimWebSessionApacheHTTPServer.yaml 135 53 674 293 106 40 2023-07-03 2024-07-18 gianni@kustoking.com 164491672+shishirdw@users.noreply.github.com Parsers/ASimWebSession/Parsers/vimWebSessionBarracudaWAF.yaml 262 55 685 106 98 42 2023-06-22 2025-01-21 jayesh.prajapati@cdsys.local 128674128+v1managedservices@users.noreply.github.com Parsers/ASimWebSession/Parsers/ASimWebSessionApacheHTTPServer.yaml 71 38 674 293 65 33 2023-07-03 2024-07-18 gianni@kustoking.com 164491672+shishirdw@users.noreply.github.com Parsers/ASimWebSession/Parsers/ASimWebSessionSquidProxy.yaml 79 95 1248 576 145 62 2021-12-06 2023-10-09 github@shezaf.com mrudula.oruganti@gigamon.com Parsers/ASimWebSession/Parsers/ASimWebSessionCiscoFirepower.yaml 204 31 677 293 59 27 2023-06-30 2024-07-18 jayesh.prajapati@cdsys.local 164491672+shishirdw@users.noreply.github.com Parsers/ASimWebSession/Parsers/vimWebSessionzScalerZIA.yaml 194 126 1246 457 210 79 2021-12-08 2024-02-05 github@shezaf.com 86425481+seanmacdonald8@users.noreply.github.com Parsers/ASimWebSession/Parsers/vimWebSessionSquidProxy.yaml 141 101 1248 576 173 66 2021-12-06 2023-10-09 github@shezaf.com mrudula.oruganti@gigamon.com Parsers/ASimWebSession/Parsers/vimWebSessionCiscoFirepower.yaml 268 31 677 293 59 27 2023-06-30 2024-07-18 jayesh.prajapati@cdsys.local 164491672+shishirdw@users.noreply.github.com Parsers/ASimWebSession/Parsers/vimWebSessionEmpty.yaml 179 110 1253 457 197 79 2021-12-01 2024-02-05 github@shezaf.com 86425481+seanmacdonald8@users.noreply.github.com Parsers/ASimWebSession/Parsers/vimWebSessionNative.yaml 126 35 853 457 47 28 2023-01-05 2024-02-05 39997089+oshezaf@users.noreply.github.com 86425481+seanmacdonald8@users.noreply.github.com Parsers/ASimWebSession/Parsers/ASimWebSessionSonicWallFirewall.yaml 407 23 513 261 28 15 2023-12-11 2024-08-19 42151366+jaimeesc@users.noreply.github.com v-prasadboke@microsoft.com Parsers/ASimWebSession/Parsers/vimWebSessionBarracudaCEF.yaml 246 15 351 106 30 13 2024-05-21 2025-01-21 balekhya@microsoft.com 128674128+v1managedservices@users.noreply.github.com Parsers/ASimWebSession/Parsers/ASimWebSessionBarracudaWAF.yaml 195 55 685 106 98 42 2023-06-22 2025-01-21 jayesh.prajapati@cdsys.local 128674128+v1managedservices@users.noreply.github.com Parsers/ASimWebSession/Parsers/vimWebSessionVectraAI.yaml 196 55 1088 576 98 44 2022-05-15 2023-10-09 github@shezaf.com mrudula.oruganti@gigamon.com Parsers/ASimWebSession/Parsers/vimWebSessionFortinetFortiGate.yaml 212 59 691 293 115 48 2023-06-16 2024-07-18 75278885+kustoking@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Parsers/ASimWebSession/Parsers/ASimWebSession.yaml 64 251 1253 106 516 144 2021-12-01 2025-01-21 github@shezaf.com 128674128+v1managedservices@users.noreply.github.com Parsers/ASimWebSession/Parsers/ASimWebSessionIIS.yaml 87 32 764 293 48 34 2023-04-04 2024-07-18 samik.n.roy@gmail.com 164491672+shishirdw@users.noreply.github.com Parsers/ASimWebSession/Parsers/vimWebSessionF5ASM.yaml 163 35 624 293 55 25 2023-08-22 2024-07-18 jayesh.prajapati@cdsys.local 164491672+shishirdw@users.noreply.github.com Parsers/ASimWebSession/Parsers/ASimWebSessionzScalerZIA.yaml 123 118 1246 457 191 77 2021-12-08 2024-02-05 github@shezaf.com 86425481+seanmacdonald8@users.noreply.github.com Parsers/ASimAlertEvent/Parsers/vimAlertEventMicrosoftDefenderXDR.yaml 228 17 181 58 36 15 2024-11-07 2025-03-10 idoshabi@microsoft.com idoshabi@microsoft.com Parsers/ASimAlertEvent/Parsers/ASimAlertEventMicrosoftDefenderXDR.yaml 174 17 181 58 36 15 2024-11-07 2025-03-10 idoshabi@microsoft.com idoshabi@microsoft.com Parsers/ASimAlertEvent/Parsers/ASimAlertEvent.yaml 36 17 181 58 36 15 2024-11-07 2025-03-10 idoshabi@microsoft.com idoshabi@microsoft.com Parsers/ASimAlertEvent/Parsers/vimAlertEventSentinelOneSingularity.yaml 176 17 181 58 36 15 2024-11-07 2025-03-10 idoshabi@microsoft.com idoshabi@microsoft.com Parsers/ASimAlertEvent/Parsers/vimAlertEventEmpty.yaml 129 17 181 58 38 15 2024-11-07 2025-03-10 97222872+vakohl@users.noreply.github.com idoshabi@microsoft.com Parsers/ASimAlertEvent/Parsers/imAlertEvent.yaml 78 17 181 58 38 15 2024-11-07 2025-03-10 97222872+vakohl@users.noreply.github.com idoshabi@microsoft.com Parsers/ASimAlertEvent/Parsers/ASimAlertEventSentinelOneSingularity.yaml 113 17 181 58 36 15 2024-11-07 2025-03-10 idoshabi@microsoft.com idoshabi@microsoft.com Solutions/ForgeRock Common Audit for CEF/Parsers/ForgeRockParser.yaml 12 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Microsoft Defender for Cloud Apps/Analytic Rules/AdditionalFilesUploadedByActor.yaml 51 66 1078 293 105 58 2022-05-25 2024-07-18 104008048+v-atulyadav@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/NetClean ProActive/Analytic Rules/NetClean_Sentinel_analytic_rule.yaml 45 50 810 57 86 52 2023-02-17 2025-03-11 steven.bronkhorst@netclean.com v-atulyadav@microsoft.com Solutions/Watchguard Firebox/Parsers/WatchGuardFirebox.yaml 45 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/CiscoWSA/Hunting Queries/CiscoWSARareApplications.yaml 26 40 1258 57 68 36 2021-11-26 2025-03-11 sp@socprime.com v-atulyadav@microsoft.com Solutions/CiscoWSA/Hunting Queries/CiscoWSAUrlShortenerLinks.yaml 32 40 1258 57 68 36 2021-11-26 2025-03-11 sp@socprime.com v-atulyadav@microsoft.com Solutions/CiscoWSA/Hunting Queries/CiscoWSAUncategorizedResources.yaml 32 40 1258 57 68 36 2021-11-26 2025-03-11 sp@socprime.com v-atulyadav@microsoft.com Solutions/CiscoWSA/Hunting Queries/CiscoWSAUploadedFiles.yaml 25 41 1258 57 69 36 2021-11-26 2025-03-11 sp@socprime.com v-atulyadav@microsoft.com Solutions/CiscoWSA/Hunting Queries/CiscoWSAUrlRareErrorUrl.yaml 27 40 1258 57 68 36 2021-11-26 2025-03-11 sp@socprime.com v-atulyadav@microsoft.com Solutions/CiscoWSA/Hunting Queries/CiscoWSATopResources.yaml 27 40 1258 57 68 36 2021-11-26 2025-03-11 sp@socprime.com v-atulyadav@microsoft.com Solutions/CiscoWSA/Hunting Queries/CiscoWSAUrlUsersWithErrors.yaml 30 40 1258 57 68 36 2021-11-26 2025-03-11 sp@socprime.com v-atulyadav@microsoft.com Solutions/CiscoWSA/Hunting Queries/CiscoWSATopApplications.yaml 23 40 1258 57 68 36 2021-11-26 2025-03-11 sp@socprime.com v-atulyadav@microsoft.com Solutions/CiscoWSA/Hunting Queries/CiscoWSABlockedFiles.yaml 24 40 1258 57 68 36 2021-11-26 2025-03-11 sp@socprime.com v-atulyadav@microsoft.com Solutions/CiscoWSA/Hunting Queries/CiscoWSAUrlSuspiciousResources.yaml 32 40 1258 57 68 36 2021-11-26 2025-03-11 sp@socprime.com v-atulyadav@microsoft.com Solutions/CiscoWSA/Parsers/CiscoWSAEvent.yaml 141 53 624 261 106 43 2023-08-22 2024-08-19 mkchiliveri@gmail.com v-prasadboke@microsoft.com Solutions/CiscoWSA/Analytic Rules/CiscoWSAUnexpectedUrl.yaml 34 70 1258 57 115 56 2021-11-26 2025-03-11 sp@socprime.com v-atulyadav@microsoft.com Solutions/CiscoWSA/Analytic Rules/CiscoWSAMultipleErrorsToUrl.yaml 36 70 1258 57 115 56 2021-11-26 2025-03-11 sp@socprime.com v-atulyadav@microsoft.com Solutions/CiscoWSA/Analytic Rules/CiscoWSAPublicIPSource.yaml 30 70 1258 57 115 56 2021-11-26 2025-03-11 sp@socprime.com v-atulyadav@microsoft.com Solutions/CiscoWSA/Analytic Rules/CiscoWSAUnscannableFile.yaml 38 71 1258 57 116 56 2021-11-26 2025-03-11 sp@socprime.com v-atulyadav@microsoft.com Solutions/CiscoWSA/Analytic Rules/CiscoWSADataExfiltration.yaml 36 81 1258 57 128 65 2021-11-26 2025-03-11 sp@socprime.com v-atulyadav@microsoft.com Solutions/CiscoWSA/Analytic Rules/CiscoWSAAccessToUnwantedSite.yaml 31 81 1258 57 128 65 2021-11-26 2025-03-11 sp@socprime.com v-atulyadav@microsoft.com Solutions/CiscoWSA/Analytic Rules/CiscoWSAMultipleErrorsToUnwantedCategory.yaml 40 70 1258 57 115 56 2021-11-26 2025-03-11 sp@socprime.com v-atulyadav@microsoft.com Solutions/CiscoWSA/Analytic Rules/CiscoWSAMultipleUnwantedFileTypes.yaml 36 70 1258 57 115 56 2021-11-26 2025-03-11 sp@socprime.com v-atulyadav@microsoft.com Solutions/CiscoWSA/Analytic Rules/CiscoWSAProtocolAbuse.yaml 34 70 1258 57 115 56 2021-11-26 2025-03-11 sp@socprime.com v-atulyadav@microsoft.com Solutions/CiscoWSA/Analytic Rules/CiscoWSAMultipleInfectedFiles.yaml 36 69 1136 57 110 59 2022-03-28 2025-03-11 sp@socprime.com v-atulyadav@microsoft.com Solutions/CiscoWSA/Analytic Rules/CiscoWSAUnexpectedFileType.yaml 36 70 1258 57 115 56 2021-11-26 2025-03-11 sp@socprime.com v-atulyadav@microsoft.com Solutions/Google Cloud Platform Cloud Monitoring/Parsers/GCP_MONITOR.yaml 23 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Google Cloud Platform Cloud Monitoring/Data Connectors/AzureFunctionGCPMonitor/sentinel_connector_async.py 80 35 1041 576 51 28 2022-07-01 2023-10-09 v-amolpatil@microsoft.com mrudula.oruganti@gigamon.com Solutions/Google Cloud Platform Cloud Monitoring/Data Connectors/AzureFunctionGCPMonitor/main.py 125 35 1041 576 51 28 2022-07-01 2023-10-09 v-amolpatil@microsoft.com mrudula.oruganti@gigamon.com Solutions/Google Cloud Platform Cloud Monitoring/Data Connectors/AzureFunctionGCPMonitor/state_manager.py 18 35 1041 576 51 28 2022-07-01 2023-10-09 v-amolpatil@microsoft.com mrudula.oruganti@gigamon.com Solutions/VMware vCenter/Parsers/vCenter.yaml 31 48 624 58 89 40 2023-08-22 2025-03-10 mkchiliveri@gmail.com idoshabi@microsoft.com Solutions/VMware vCenter/Analytic Rules/vCenter-Root impersonation.yaml 29 55 975 58 86 49 2022-09-05 2025-03-10 rushriva@microsoft.com idoshabi@microsoft.com Solutions/VMware vCenter/Analytic Rules/vCenterRootLogin.yaml 37 55 968 58 86 50 2022-09-12 2025-03-10 45466083+shainw@users.noreply.github.com idoshabi@microsoft.com Solutions/Exabeam Advanced Analytics/Parsers/ExabeamEvent.yaml 104 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/OpenVPN/Parsers/OpenVpnEvent.yaml 34 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/AbnormalSecurity/Data Connectors/SentinelFunctionsOrchestrator/__init__.py 143 93 1315 58 158 71 2021-09-30 2025-03-10 tyng@abnormalsecurity.com idoshabi@microsoft.com Solutions/AbnormalSecurity/Data Connectors/SentinelFunctionsOrchestrator/sentinel_connector_async.py 96 18 1315 576 26 19 2021-09-30 2023-10-09 tyng@abnormalsecurity.com mrudula.oruganti@gigamon.com Solutions/AbnormalSecurity/Data Connectors/SentinelFunctionsOrchestrator/soar_connector_async_v2.py 230 44 219 57 77 23 2024-09-30 2025-03-11 nreddy@abnormalsecurity.com v-atulyadav@microsoft.com Solutions/AbnormalSecurity/Data Connectors/SentinelFunctionsOrchestrator/soar_connector_async_v2_local_run.py 75 24 219 58 30 12 2024-09-30 2025-03-10 nreddy@abnormalsecurity.com idoshabi@microsoft.com Solutions/AbnormalSecurity/Data Connectors/SentinelFunctionsOrchestrator/soar_connector_async.py 193 138 1315 57 226 91 2021-09-30 2025-03-11 tyng@abnormalsecurity.com v-atulyadav@microsoft.com Solutions/AbnormalSecurity/Data Connectors/SentinelFunctionsOrchestrator/utils.py 135 42 219 57 60 22 2024-09-30 2025-03-11 nreddy@abnormalsecurity.com v-atulyadav@microsoft.com Solutions/AbnormalSecurity/Data Connectors/SentinelTimerTrigger/__init__.py 13 60 1315 293 114 50 2021-09-30 2024-07-18 tyng@abnormalsecurity.com 164491672+shishirdw@users.noreply.github.com Solutions/AbnormalSecurity/Data Connectors/SoarDatetimeEntity/__init__.py 30 47 1315 293 86 45 2021-09-30 2024-07-18 tyng@abnormalsecurity.com 164491672+shishirdw@users.noreply.github.com Solutions/CTERA/Hunting Queries/AccessDenied.yaml 40 14 153 57 20 14 2024-12-05 2025-03-11 robert@ctera.com v-atulyadav@microsoft.com Solutions/CTERA/Hunting Queries/BatchDeletions.yaml 40 13 153 57 18 14 2024-12-05 2025-03-11 robert@ctera.com v-atulyadav@microsoft.com Solutions/CTERA/Hunting Queries/BatchPermissionChanges.yaml 40 14 153 57 19 14 2024-12-05 2025-03-11 robert@ctera.com v-atulyadav@microsoft.com Solutions/CTERA/Analytic Rules/MassPermissionChanges.yaml 65 14 153 57 19 14 2024-12-05 2025-03-11 robert@ctera.com v-atulyadav@microsoft.com Solutions/CTERA/Analytic Rules/InfectedFileDetected.yaml 49 13 153 57 18 14 2024-12-05 2025-03-11 robert@ctera.com v-atulyadav@microsoft.com Solutions/CTERA/Analytic Rules/RansomwareUserBlocked.yaml 50 34 226 57 44 19 2024-09-23 2025-03-11 robert@ctera.com v-atulyadav@microsoft.com Solutions/CTERA/Analytic Rules/MassAccessDenied.yaml 65 14 153 57 19 14 2024-12-05 2025-03-11 robert@ctera.com v-atulyadav@microsoft.com Solutions/CTERA/Analytic Rules/RansomwareDetected.yaml 48 34 226 57 44 19 2024-09-23 2025-03-11 robert@ctera.com v-atulyadav@microsoft.com Solutions/CTERA/Analytic Rules/MassDeletions.yaml 65 13 153 57 18 14 2024-12-05 2025-03-11 robert@ctera.com v-atulyadav@microsoft.com Solutions/MailGuard 365/Hunting Queries/MailGuard365PhishingThreats.yaml 28 31 729 293 64 28 2023-05-09 2024-07-18 prathikc@mailguard.com.au 164491672+shishirdw@users.noreply.github.com Solutions/MailGuard 365/Hunting Queries/MailGuard365MalwareThreats.yaml 31 31 729 293 64 28 2023-05-09 2024-07-18 prathikc@mailguard.com.au 164491672+shishirdw@users.noreply.github.com Solutions/MailGuard 365/Hunting Queries/MailGuard365HighConfidenceThreats.yaml 25 31 729 293 64 28 2023-05-09 2024-07-18 prathikc@mailguard.com.au 164491672+shishirdw@users.noreply.github.com Solutions/Cribl/Parsers/CriblUIAccess.yaml 29 15 278 106 19 15 2024-08-02 2025-01-21 kamilo@cribl.io 128674128+v1managedservices@users.noreply.github.com Solutions/Cribl/Parsers/CriblInternal.yaml 32 16 278 106 20 15 2024-08-02 2025-01-21 kamilo@cribl.io 128674128+v1managedservices@users.noreply.github.com Solutions/Cribl/Parsers/CriblAccess.yaml 20 15 278 106 20 15 2024-08-02 2025-01-21 kamilo@gmail.com 128674128+v1managedservices@users.noreply.github.com Solutions/Cribl/Parsers/CriblAudit.yaml 31 15 278 106 19 15 2024-08-02 2025-01-21 kamilo@cribl.io 128674128+v1managedservices@users.noreply.github.com Solutions/Cisco ACI/Parsers/CiscoACIEvent.yaml 27 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/TenableIO/Parsers/TenableIOAssets.yaml 129 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/TenableIO/Parsers/TenableIOVulnerabilities.yaml 220 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/TenableIO/Data Connectors/TenableVulnExportStatusAndSendChunks/__init__.py 68 76 1367 293 116 71 2021-08-09 2024-07-18 allenmichaelgrobelny@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/TenableIO/Data Connectors/TenableAssetExportOrchestrator/__init__.py 69 45 1367 293 59 48 2021-08-09 2024-07-18 allenmichaelgrobelny@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/TenableIO/Data Connectors/TenableProcessFailedAssetChunkFromQueue/__init__.py 35 16 1367 576 21 16 2021-08-09 2023-10-09 allenmichaelgrobelny@gmail.com mrudula.oruganti@gigamon.com Solutions/TenableIO/Data Connectors/TenableProcessVulnChunkFromQueue/__init__.py 71 32 1367 576 39 31 2021-08-09 2023-10-09 allenmichaelgrobelny@gmail.com mrudula.oruganti@gigamon.com Solutions/TenableIO/Data Connectors/tenable_helper.py 87 58 1367 576 90 46 2021-08-09 2023-10-09 allenmichaelgrobelny@gmail.com mrudula.oruganti@gigamon.com Solutions/TenableIO/Data Connectors/exports_queue.py 28 16 1367 576 21 16 2021-08-09 2023-10-09 allenmichaelgrobelny@gmail.com mrudula.oruganti@gigamon.com Solutions/TenableIO/Data Connectors/exports_store.py 136 16 1367 576 21 16 2021-08-09 2023-10-09 allenmichaelgrobelny@gmail.com mrudula.oruganti@gigamon.com Solutions/TenableIO/Data Connectors/TenableGenerateJobStats/__init__.py 136 16 1367 576 21 16 2021-08-09 2023-10-09 allenmichaelgrobelny@gmail.com mrudula.oruganti@gigamon.com Solutions/TenableIO/Data Connectors/TenableProcessAssetChunkFromQueue/__init__.py 68 32 1367 576 39 31 2021-08-09 2023-10-09 allenmichaelgrobelny@gmail.com mrudula.oruganti@gigamon.com Solutions/TenableIO/Data Connectors/TenableCleanTables/__init__.py 35 16 1367 576 21 16 2021-08-09 2023-10-09 allenmichaelgrobelny@gmail.com mrudula.oruganti@gigamon.com Solutions/TenableIO/Data Connectors/TenableAssetExportStatusAndSendChunks/__init__.py 66 76 1367 293 116 71 2021-08-09 2024-07-18 allenmichaelgrobelny@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/TenableIO/Data Connectors/TenableStartAssetExportJob/__init__.py 11 31 1367 576 38 31 2021-08-09 2023-10-09 allenmichaelgrobelny@gmail.com mrudula.oruganti@gigamon.com Solutions/TenableIO/Data Connectors/azure_sentinel.py 58 16 1367 576 21 16 2021-08-09 2023-10-09 allenmichaelgrobelny@gmail.com mrudula.oruganti@gigamon.com Solutions/TenableIO/Data Connectors/TenableExportStarter/__init__.py 117 16 1367 576 21 16 2021-08-09 2023-10-09 allenmichaelgrobelny@gmail.com mrudula.oruganti@gigamon.com Solutions/TenableIO/Data Connectors/TenableProcessFailedVulnChunkFromQueue/__init__.py 35 16 1367 576 21 16 2021-08-09 2023-10-09 allenmichaelgrobelny@gmail.com mrudula.oruganti@gigamon.com Solutions/TenableIO/Data Connectors/TenableStartVulnExportJob/__init__.py 11 32 1367 576 39 31 2021-08-09 2023-10-09 allenmichaelgrobelny@gmail.com mrudula.oruganti@gigamon.com Solutions/TenableIO/Data Connectors/TenableVulnExportOrchestrator/__init__.py 69 45 1367 293 59 48 2021-08-09 2024-07-18 allenmichaelgrobelny@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/TenableIO/Data Connectors/TenableCleanUpOrchestrator/__init__.py 14 16 1367 576 21 16 2021-08-09 2023-10-09 allenmichaelgrobelny@gmail.com mrudula.oruganti@gigamon.com Solutions/TenableIO/Data Connectors/TenableExportsOrchestrator/__init__.py 109 31 1367 576 38 31 2021-08-09 2023-10-09 allenmichaelgrobelny@gmail.com mrudula.oruganti@gigamon.com Solutions/Feedly/Data Connectors/FeedlySentinelConnector/__init__.py 7 33 644 293 65 30 2023-08-02 2024-07-18 mathieu@feedly.com 164491672+shishirdw@users.noreply.github.com Solutions/Feedly/Data Connectors/FeedlySentinelConnector/sentinel_api.py 42 33 644 293 65 30 2023-08-02 2024-07-18 mathieu@feedly.com 164491672+shishirdw@users.noreply.github.com Solutions/Feedly/Data Connectors/FeedlySentinelConnector/config.py 29 33 644 293 65 30 2023-08-02 2024-07-18 mathieu@feedly.com 164491672+shishirdw@users.noreply.github.com Solutions/Feedly/Data Connectors/FeedlySentinelConnector/state_manager.py 35 33 644 293 65 30 2023-08-02 2024-07-18 mathieu@feedly.com 164491672+shishirdw@users.noreply.github.com Solutions/Feedly/Data Connectors/FeedlySentinelConnector/worker.py 74 33 644 293 65 30 2023-08-02 2024-07-18 mathieu@feedly.com 164491672+shishirdw@users.noreply.github.com Solutions/Feedly/Data Connectors/FeedlySentinelConnector/feedly_downloader.py 19 33 644 293 65 30 2023-08-02 2024-07-18 mathieu@feedly.com 164491672+shishirdw@users.noreply.github.com Solutions/PostgreSQL/Parsers/PostgreSQLEvent.yaml 20 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Infoblox NIOS/Parsers/Infoblox_dhcpoption.yaml 29 43 624 106 91 39 2023-08-22 2025-01-21 mkchiliveri@gmail.com 128674128+v1managedservices@users.noreply.github.com Solutions/Infoblox NIOS/Parsers/Infoblox_dhcpother.yaml 17 43 624 106 91 39 2023-08-22 2025-01-21 mkchiliveri@gmail.com 128674128+v1managedservices@users.noreply.github.com Solutions/Infoblox NIOS/Parsers/Infoblox_dhcp_consolidated.yaml 11 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Infoblox NIOS/Parsers/Infoblox_dhcpadded.yaml 23 43 624 106 91 39 2023-08-22 2025-01-21 mkchiliveri@gmail.com 128674128+v1managedservices@users.noreply.github.com Solutions/Infoblox NIOS/Parsers/Infoblox_dhcpremoved.yaml 23 43 624 106 91 39 2023-08-22 2025-01-21 mkchiliveri@gmail.com 128674128+v1managedservices@users.noreply.github.com Solutions/Infoblox NIOS/Parsers/Infoblox_dns_consolidated.yaml 11 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Infoblox NIOS/Parsers/Infoblox_dhcprelease.yaml 27 43 624 106 91 39 2023-08-22 2025-01-21 mkchiliveri@gmail.com 128674128+v1managedservices@users.noreply.github.com Solutions/Infoblox NIOS/Parsers/Infoblox_dhcpinform.yaml 24 43 624 106 91 39 2023-08-22 2025-01-21 mkchiliveri@gmail.com 128674128+v1managedservices@users.noreply.github.com Solutions/Infoblox NIOS/Parsers/Infoblox_dhcpoffer.yaml 29 43 624 106 91 39 2023-08-22 2025-01-21 mkchiliveri@gmail.com 128674128+v1managedservices@users.noreply.github.com Solutions/Infoblox NIOS/Parsers/Infoblox_dnsgss.yaml 22 43 624 106 91 39 2023-08-22 2025-01-21 mkchiliveri@gmail.com 128674128+v1managedservices@users.noreply.github.com Solutions/Infoblox NIOS/Parsers/Infoblox_allotherdhcpdTypes.yaml 17 43 624 106 91 39 2023-08-22 2025-01-21 mkchiliveri@gmail.com 128674128+v1managedservices@users.noreply.github.com Solutions/Infoblox NIOS/Parsers/Infoblox_dhcpsession.yaml 29 43 624 106 91 39 2023-08-22 2025-01-21 mkchiliveri@gmail.com 128674128+v1managedservices@users.noreply.github.com Solutions/Infoblox NIOS/Parsers/Infoblox_allotherlogTypes.yaml 16 43 624 106 91 39 2023-08-22 2025-01-21 mkchiliveri@gmail.com 128674128+v1managedservices@users.noreply.github.com Solutions/Infoblox NIOS/Parsers/Infoblox_dnszone.yaml 31 43 624 106 91 39 2023-08-22 2025-01-21 mkchiliveri@gmail.com 128674128+v1managedservices@users.noreply.github.com Solutions/Infoblox NIOS/Parsers/Infoblox.yaml 11 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Infoblox NIOS/Parsers/Infoblox_dhcprequest.yaml 28 43 624 106 91 39 2023-08-22 2025-01-21 mkchiliveri@gmail.com 128674128+v1managedservices@users.noreply.github.com Solutions/Infoblox NIOS/Parsers/Infoblox_dhcpexpire.yaml 23 43 624 106 91 39 2023-08-22 2025-01-21 mkchiliveri@gmail.com 128674128+v1managedservices@users.noreply.github.com Solutions/Infoblox NIOS/Parsers/Infoblox_dhcpdiscover.yaml 24 43 624 106 91 39 2023-08-22 2025-01-21 mkchiliveri@gmail.com 128674128+v1managedservices@users.noreply.github.com Solutions/Infoblox NIOS/Parsers/Infoblox_dhcpbindupdate.yaml 25 43 624 106 91 39 2023-08-22 2025-01-21 mkchiliveri@gmail.com 128674128+v1managedservices@users.noreply.github.com Solutions/Infoblox NIOS/Parsers/Infoblox_dhcpack.yaml 24 43 624 106 91 39 2023-08-22 2025-01-21 mkchiliveri@gmail.com 128674128+v1managedservices@users.noreply.github.com Solutions/Infoblox NIOS/Parsers/Infoblox_dnsclient.yaml 67 43 624 106 91 39 2023-08-22 2025-01-21 mkchiliveri@gmail.com 128674128+v1managedservices@users.noreply.github.com Solutions/Infoblox NIOS/Parsers/Infoblox_allotherdnsTypes.yaml 17 43 624 106 91 39 2023-08-22 2025-01-21 mkchiliveri@gmail.com 128674128+v1managedservices@users.noreply.github.com Solutions/Infoblox NIOS/Analytic Rules/PotentialDHCPStarvationAttack.yaml 34 110 1128 57 174 80 2022-04-05 2025-03-11 v-ntripathi@microsoft.com v-atulyadav@microsoft.com Solutions/Infoblox NIOS/Analytic Rules/ExcessiveNXDOMAINDNSQueries.yaml 37 110 1128 57 174 80 2022-04-05 2025-03-11 v-ntripathi@microsoft.com v-atulyadav@microsoft.com Solutions/EatonForeseer/Analytic Rules/EatonUnautorizedLogins.yaml 57 43 1132 576 64 41 2022-04-01 2023-10-09 kushalj@microsoft.com mrudula.oruganti@gigamon.com Solutions/CiscoUmbrella/Hunting Queries/CiscoUmbrellaDNSRequestsUunreliableCategory.yaml 19 23 1511 576 29 26 2021-03-18 2023-10-09 v-jayakal@microsoft.com mrudula.oruganti@gigamon.com Solutions/CiscoUmbrella/Hunting Queries/CiscoUmbrellaHighValuesOfUploadedData.yaml 18 48 1511 293 65 56 2021-03-18 2024-07-18 v-jayakal@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/CiscoUmbrella/Hunting Queries/CiscoUmbrellaRequestsUncategorizedURI.yaml 17 23 1511 576 29 26 2021-03-18 2023-10-09 v-jayakal@microsoft.com mrudula.oruganti@gigamon.com Solutions/CiscoUmbrella/Hunting Queries/CiscoUmbrellaDNSErrors.yaml 17 23 1511 576 29 26 2021-03-18 2023-10-09 v-jayakal@microsoft.com mrudula.oruganti@gigamon.com Solutions/CiscoUmbrella/Hunting Queries/CiscoUmbrellaHighCountsOfTheSameBytesInSize.yaml 19 50 1511 576 71 51 2021-03-18 2023-10-09 v-jayakal@microsoft.com mrudula.oruganti@gigamon.com Solutions/CiscoUmbrella/Hunting Queries/CiscoUmbrellaBlockedUserAgents.yaml 15 35 1511 576 44 40 2021-03-18 2023-10-09 v-jayakal@microsoft.com mrudula.oruganti@gigamon.com Solutions/CiscoUmbrella/Hunting Queries/CiscoUmbrellaPossibleConnectionC2.yaml 18 38 1511 576 54 42 2021-03-18 2023-10-09 v-jayakal@microsoft.com mrudula.oruganti@gigamon.com Solutions/CiscoUmbrella/Hunting Queries/CiscoUmbrellaAnomalousFQDNsforDomain.yaml 18 39 1511 576 56 43 2021-03-18 2023-10-09 v-jayakal@microsoft.com mrudula.oruganti@gigamon.com Solutions/CiscoUmbrella/Hunting Queries/CiscoUmbrellaProxyAllowedUnreliableCategory.yaml 19 23 1511 576 29 26 2021-03-18 2023-10-09 v-jayakal@microsoft.com mrudula.oruganti@gigamon.com Solutions/CiscoUmbrella/Hunting Queries/CiscoUmbrellaPossibleDataExfiltration.yaml 18 23 1511 576 29 26 2021-03-18 2023-10-09 v-jayakal@microsoft.com mrudula.oruganti@gigamon.com Solutions/CiscoUmbrella/Parsers/Cisco_Umbrella.yaml 156 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/CiscoUmbrella/Analytic Rules/CiscoUmbrellaRequestBlocklistedFileType.yaml 40 88 1511 259 142 76 2021-03-18 2024-08-21 v-jayakal@microsoft.com nilepagn@microsoft.com Solutions/CiscoUmbrella/Analytic Rules/CiscoUmbrellaURIContainsIPAddress.yaml 37 100 1511 259 164 86 2021-03-18 2024-08-21 v-jayakal@microsoft.com nilepagn@microsoft.com Solutions/CiscoUmbrella/Analytic Rules/CiscoUmbrellaHackToolUserAgentDetected.yaml 93 115 1511 259 182 94 2021-03-18 2024-08-21 v-jayakal@microsoft.com nilepagn@microsoft.com Solutions/CiscoUmbrella/Analytic Rules/CiscoUmbrellaConnectionNon-CorporatePrivateNetwork.yaml 33 123 1511 259 214 91 2021-03-18 2024-08-21 v-jayakal@microsoft.com nilepagn@microsoft.com Solutions/CiscoUmbrella/Analytic Rules/CiscoUmbrellaRequestAllowedHarmfulMaliciousURICategory.yaml 54 100 1511 259 164 86 2021-03-18 2024-08-21 v-jayakal@microsoft.com nilepagn@microsoft.com Solutions/CiscoUmbrella/Analytic Rules/CiscoUmbrellaRareUserAgentDetected.yaml 41 115 1511 259 182 94 2021-03-18 2024-08-21 v-jayakal@microsoft.com nilepagn@microsoft.com Solutions/CiscoUmbrella/Analytic Rules/CiscoUmbrellaEmptyUserAgentDetected.yaml 35 115 1511 259 182 94 2021-03-18 2024-08-21 v-jayakal@microsoft.com nilepagn@microsoft.com Solutions/CiscoUmbrella/Analytic Rules/CiscoUmbrellaPowershellUserAgentDetected.yaml 39 115 1511 259 182 94 2021-03-18 2024-08-21 v-jayakal@microsoft.com nilepagn@microsoft.com Solutions/CiscoUmbrella/Analytic Rules/CiscoUmbrellaCryptoMinerUserAgentDetected.yaml 39 115 1511 259 182 94 2021-03-18 2024-08-21 v-jayakal@microsoft.com nilepagn@microsoft.com Solutions/CiscoUmbrella/Analytic Rules/CiscoUmbrellaConnectionToUnpopularWebsiteDetected.yaml 44 115 1511 259 182 94 2021-03-18 2024-08-21 v-jayakal@microsoft.com nilepagn@microsoft.com Solutions/CiscoUmbrella/Data Connectors/ciscoUmbrellaDataConn/__init__.py 543 98 999 268 165 70 2022-08-12 2024-08-12 v-marimanda@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/CiscoUmbrella/Data Connectors/ciscoUmbrellaDataConn/state_manager.py 21 31 811 293 46 32 2023-02-16 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Legacy IOC based Threat Protection/Hunting Queries/NetworkConnectiontoOMIPorts.yaml 63 85 870 293 153 76 2022-12-19 2024-07-18 104008048+v-atulyadav@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Legacy IOC based Threat Protection/Hunting Queries/NylonTyphoonRegIOCPatterns.yaml 91 47 735 293 89 54 2023-05-03 2024-07-18 v-vdixit@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Legacy IOC based Threat Protection/Hunting Queries/ForestBlizzard_IOC_RetroHunt.yaml 45 80 735 261 124 64 2023-05-03 2024-08-19 v-vdixit@microsoft.com v-prasadboke@microsoft.com Solutions/Legacy IOC based Threat Protection/Hunting Queries/Dev-0322CommandLineActivityNovember2021(ASIMVersion).yaml 70 71 870 293 132 69 2022-12-19 2024-07-18 104008048+v-atulyadav@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Legacy IOC based Threat Protection/Hunting Queries/Dev-0322FileDropActivityNovember2021.yaml 8 49 870 293 74 41 2022-12-19 2024-07-18 104008048+v-atulyadav@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Legacy IOC based Threat Protection/Hunting Queries/Dev-0056CommandLineActivityNovember2021.yaml 45 24 870 511 32 23 2022-12-19 2023-12-13 104008048+v-atulyadav@users.noreply.github.com v-rusraut@microsoft.com Solutions/Legacy IOC based Threat Protection/Hunting Queries/Dev-0322CommandLineActivityNovember2021.yaml 63 65 870 293 106 56 2022-12-19 2024-07-18 104008048+v-atulyadav@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Legacy IOC based Threat Protection/Hunting Queries/NylonTyphoonCommandLineActivity-Nov2021.yaml 91 70 735 293 129 68 2023-05-03 2024-07-18 v-vdixit@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Legacy IOC based Threat Protection/Hunting Queries/Dev-0322FileDropActivityNovember2021(ASIMVersion).yaml 9 49 870 293 74 41 2022-12-19 2024-07-18 104008048+v-atulyadav@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Legacy IOC based Threat Protection/Hunting Queries/SolarWindsInventory.yaml 61 77 870 293 123 61 2022-12-19 2024-07-18 104008048+v-atulyadav@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Legacy IOC based Threat Protection/Deprecated Analytic Rules/SUNSPOTLogFile.yaml 4 26 511 293 42 24 2023-12-13 2024-07-18 v-rusraut@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Legacy IOC based Threat Protection/Deprecated Analytic Rules/BariumDomainIOC112020.yaml 153 26 511 293 42 24 2023-12-13 2024-07-18 v-rusraut@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Legacy IOC based Threat Protection/Deprecated Analytic Rules/SeashellBlizzardIOCs.yaml 152 26 511 293 42 24 2023-12-13 2024-07-18 v-rusraut@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Legacy IOC based Threat Protection/Deprecated Analytic Rules/Solorigate-VM-Network.yaml 4 26 511 293 42 24 2023-12-13 2024-07-18 v-rusraut@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Legacy IOC based Threat Protection/Deprecated Analytic Rules/EmeraldSleetIOCs.yaml 75 26 511 293 42 24 2023-12-13 2024-07-18 v-rusraut@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Legacy IOC based Threat Protection/Deprecated Analytic Rules/Dev-0530_July2022.yaml 164 26 511 293 42 24 2023-12-13 2024-07-18 v-rusraut@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Legacy IOC based Threat Protection/Deprecated Analytic Rules/KnownMintSandstormDomainsIP-October2020.yaml 68 26 511 293 42 24 2023-12-13 2024-07-18 v-rusraut@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Legacy IOC based Threat Protection/Deprecated Analytic Rules/MidnightBlizzard_DomainIOCsMarch2021.yaml 105 26 511 293 42 24 2023-12-13 2024-07-18 v-rusraut@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Legacy IOC based Threat Protection/Deprecated Analytic Rules/HiveRansomwareJuly2022.yaml 60 26 511 293 42 24 2023-12-13 2024-07-18 v-rusraut@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Legacy IOC based Threat Protection/Deprecated Analytic Rules/DenimTsunamiC2DomainsJuly2022.yaml 59 26 511 293 42 24 2023-12-13 2024-07-18 v-rusraut@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Legacy IOC based Threat Protection/Deprecated Analytic Rules/DiamondSleetOct292020IOCs.yaml 39 26 511 293 42 24 2023-12-13 2024-07-18 v-rusraut@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Legacy IOC based Threat Protection/Deprecated Analytic Rules/DenimTsunamiAVDetection.yaml 4 26 511 293 42 24 2023-12-13 2024-07-18 v-rusraut@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Legacy IOC based Threat Protection/Deprecated Analytic Rules/ExchangeServerVulnerabilitiesMarch2021IoCs.yaml 130 26 511 293 42 24 2023-12-13 2024-07-18 v-rusraut@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Legacy IOC based Threat Protection/Deprecated Analytic Rules/ForestBlizzardOct292020IOCs.yaml 27 26 511 293 42 24 2023-12-13 2024-07-18 v-rusraut@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Legacy IOC based Threat Protection/Deprecated Analytic Rules/AquaBlizzardFeb2022.yaml 170 26 511 293 42 24 2023-12-13 2024-07-18 v-rusraut@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Legacy IOC based Threat Protection/Deprecated Analytic Rules/CadetBlizzard_Jan2022_IOC.yaml 75 28 511 293 48 25 2023-12-13 2024-07-18 v-rusraut@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Legacy IOC based Threat Protection/Deprecated Analytic Rules/ChiaCryptoMining.yaml 225 26 511 293 42 24 2023-12-13 2024-07-18 v-rusraut@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Legacy IOC based Threat Protection/Deprecated Analytic Rules/DEV-0322_SolarWinds_Serv-U_IOC.yaml 174 26 511 293 42 24 2023-12-13 2024-07-18 v-rusraut@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Legacy IOC based Threat Protection/Deprecated Analytic Rules/PlaidRainIPIoC.yaml 164 26 511 293 42 24 2023-12-13 2024-07-18 v-rusraut@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Legacy IOC based Threat Protection/Deprecated Analytic Rules/MSHTMLVuln.yaml 48 26 511 293 42 24 2023-12-13 2024-07-18 v-rusraut@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Legacy IOC based Threat Protection/Deprecated Analytic Rules/WSLMalwareCorrelation.yaml 141 26 511 293 42 24 2023-12-13 2024-07-18 v-rusraut@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Legacy IOC based Threat Protection/Deprecated Analytic Rules/BariumIPIOC112020.yaml 174 26 511 293 42 24 2023-12-13 2024-07-18 v-rusraut@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Legacy IOC based Threat Protection/Deprecated Analytic Rules/RubySleetOct292020IOCs.yaml 80 26 511 293 42 24 2023-12-13 2024-07-18 v-rusraut@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Legacy IOC based Threat Protection/Deprecated Analytic Rules/CaramelTsunami_IOC.yaml 199 26 511 293 42 24 2023-12-13 2024-07-18 v-rusraut@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Legacy IOC based Threat Protection/Deprecated Analytic Rules/PHOSPHORUSMarch2019IOCs.yaml 113 26 511 293 42 24 2023-12-13 2024-07-18 v-rusraut@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Legacy IOC based Threat Protection/Deprecated Analytic Rules/Manganese_VPN-IOCs.yaml 4 43 511 259 87 38 2023-12-13 2024-08-21 v-rusraut@microsoft.com nilepagn@microsoft.com Solutions/Legacy IOC based Threat Protection/Deprecated Analytic Rules/MidnightBlizzard_FoggyWeb.yaml 204 26 511 293 42 24 2023-12-13 2024-07-18 v-rusraut@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Legacy IOC based Threat Protection/Deprecated Analytic Rules/SilkTyphoonUmServiceSuspiciousFile.yaml 50 26 511 293 42 24 2023-12-13 2024-07-18 v-rusraut@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Legacy IOC based Threat Protection/Deprecated Analytic Rules/NylonTyphoonIOCsNov2021.yaml 200 26 511 293 42 24 2023-12-13 2024-07-18 v-rusraut@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Legacy IOC based Threat Protection/Deprecated Analytic Rules/MidnightBlizzard_IOCsMay2021.yaml 184 26 511 293 42 24 2023-12-13 2024-07-18 v-rusraut@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Legacy IOC based Threat Protection/Deprecated Analytic Rules/Solorigate-Network-Beacon.yaml 87 26 511 293 42 24 2023-12-13 2024-07-18 v-rusraut@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Legacy IOC based Threat Protection/Deprecated Analytic Rules/TarraskHashIoC.yaml 60 26 511 293 42 24 2023-12-13 2024-07-18 v-rusraut@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Dragos/Parsers/DragosPullNotificationsToSentinel.yaml 46 17 139 57 28 20 2024-12-19 2025-03-11 nschey@dragos.com v-atulyadav@microsoft.com Solutions/Dragos/Parsers/DragosNotificationsToSentinel.yaml 18 16 139 57 28 20 2024-12-19 2025-03-11 nschey@dragos.com v-atulyadav@microsoft.com Solutions/Dragos/Parsers/DragosSeverityToSentinelSeverity.yaml 19 10 139 57 15 11 2024-12-19 2025-03-11 nschey@dragos.com v-atulyadav@microsoft.com Solutions/Dragos/Parsers/DragosPushNotificationsToSentinel.yaml 41 10 139 57 16 11 2024-12-19 2025-03-11 nschey@dragos.com v-atulyadav@microsoft.com Solutions/Dragos/Analytic Rules/DragosNotifiction.yaml 63 17 139 57 33 20 2024-12-19 2025-03-11 nschey@dragos.com v-atulyadav@microsoft.com Solutions/Auth0/Parsers/Auth0.yaml 20 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Auth0/Data Connectors/Auth0Connector/main.py 321 131 1115 261 226 78 2022-04-18 2024-08-19 oleh.speka@socprime.com v-prasadboke@microsoft.com Solutions/Auth0/Data Connectors/Auth0Connector/state_manager.py 18 31 1115 576 52 26 2022-04-18 2023-10-09 oleh.speka@socprime.com mrudula.oruganti@gigamon.com Solutions/Auth0/Data Connectors/Auth0Connector/sentinel_connector.py 90 31 1115 576 52 26 2022-04-18 2023-10-09 oleh.speka@socprime.com mrudula.oruganti@gigamon.com Solutions/DNS Essentials/Hunting Queries/PotentialBeaconingActivity.yaml 53 52 839 106 93 51 2023-01-19 2025-01-21 97222872+vakohl@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/DNS Essentials/Hunting Queries/PossibleDNSTunnelingOrDataExfiltrationActivity.yaml 17 44 765 106 75 45 2023-04-03 2025-01-21 97222872+vakohl@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/DNS Essentials/Hunting Queries/ConnectionToUnpopularWebsiteDetected.yaml 118 53 839 106 94 51 2023-01-19 2025-01-21 97222872+vakohl@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/DNS Essentials/Hunting Queries/CVE-2020-1350 (SIGRED)ExploitationPattern.yaml 28 52 839 106 94 51 2023-01-19 2025-01-21 97222872+vakohl@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/DNS Essentials/Hunting Queries/DNSQueryWithFailuresInLast24Hours.yaml 26 55 839 106 100 51 2023-01-19 2025-01-21 97222872+vakohl@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/DNS Essentials/Hunting Queries/UnexpectedTopLevelDomains.yaml 33 52 839 106 94 51 2023-01-19 2025-01-21 97222872+vakohl@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/DNS Essentials/Hunting Queries/Sources(Clients)WithHighNumberOfErrors.yaml 27 53 839 106 95 51 2023-01-19 2025-01-21 97222872+vakohl@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/DNS Essentials/Hunting Queries/DomainsWithLargeNumberOfSubDomains.yaml 31 52 839 106 93 51 2023-01-19 2025-01-21 97222872+vakohl@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/DNS Essentials/Hunting Queries/IncreaseInDNSRequestsByClientThanTheDailyAverageCount.yaml 63 53 839 106 94 51 2023-01-19 2025-01-21 97222872+vakohl@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/DNS Essentials/Hunting Queries/AnomalousIncreaseInDNSActivityByClients.yaml 119 54 839 106 96 51 2023-01-19 2025-01-21 97222872+vakohl@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/DNS Essentials/Analytic Rules/PotentialDGADetectedviaRepetitiveFailuresAnomalyBased.yaml 144 43 839 293 68 41 2023-01-19 2024-07-18 97222872+vakohl@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/DNS Essentials/Analytic Rules/NgrokReverseProxyOnNetwork.yaml 42 22 446 268 41 24 2024-02-16 2024-08-12 99244859+praveenthepro@users.noreply.github.com 62938807+haim-na@users.noreply.github.com Solutions/DNS Essentials/Analytic Rules/ExcessiveNXDOMAINDNSQueriesStaticThresholdBased.yaml 46 43 839 293 68 41 2023-01-19 2024-07-18 97222872+vakohl@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/DNS Essentials/Analytic Rules/ExcessiveNXDOMAINDNSQueriesAnomalyBased.yaml 88 43 839 293 71 41 2023-01-19 2024-07-18 97222872+vakohl@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/DNS Essentials/Analytic Rules/RareClientObservedWithHighReverseDNSLookupCountAnomalyBased.yaml 60 43 839 293 68 41 2023-01-19 2024-07-18 97222872+vakohl@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/DNS Essentials/Analytic Rules/MultipleErrorsReportedForSameDNSQueryStaticThresholdBased.yaml 74 85 839 58 152 68 2023-01-19 2025-03-10 97222872+vakohl@users.noreply.github.com idoshabi@microsoft.com Solutions/DNS Essentials/Analytic Rules/PotentialDGADetectedviaRepetitiveFailuresStaticThresholdBased.yaml 67 43 839 293 68 41 2023-01-19 2024-07-18 97222872+vakohl@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/DNS Essentials/Analytic Rules/MultipleErrorsReportedForSameDNSQueryAnomalyBased.yaml 121 43 839 293 68 41 2023-01-19 2024-07-18 97222872+vakohl@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/DNS Essentials/Analytic Rules/RareClientObservedWithHighReverseDNSLookupCountStaticThresholdBased.yaml 58 43 839 293 68 41 2023-01-19 2024-07-18 97222872+vakohl@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Akamai Security Events/Parsers/AkamaiSIEMEvent.yaml 96 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/CognyteLuminar/Data Connectors/Cognyte Luminar/__init__.py 403 26 610 293 55 24 2023-09-05 2024-07-18 68921481+rambov@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/CognyteLuminar/Data Connectors/Cognyte Luminar/state_manager.py 18 26 610 293 55 24 2023-09-05 2024-07-18 68921481+rambov@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/OracleDatabaseAudit/Hunting Queries/OracleDBAuditLargeQueries.yaml 34 64 1505 57 99 63 2021-03-24 2025-03-11 tj@senserva.com v-atulyadav@microsoft.com Solutions/OracleDatabaseAudit/Hunting Queries/OracleDBAuditDbConnectNonOperationalTime.yaml 39 74 1505 57 120 72 2021-03-24 2025-03-11 tj@senserva.com v-atulyadav@microsoft.com Solutions/OracleDatabaseAudit/Hunting Queries/OracleDBAuditUsersPrivilegesReview.yaml 26 63 1505 57 98 63 2021-03-24 2025-03-11 tj@senserva.com v-atulyadav@microsoft.com Solutions/OracleDatabaseAudit/Hunting Queries/OracleDBAuditUsersNewPrivilegesAdded.yaml 33 82 1505 57 137 73 2021-03-24 2025-03-11 tj@senserva.com v-atulyadav@microsoft.com Solutions/OracleDatabaseAudit/Hunting Queries/OracleDBAuditDroppedTables.yaml 27 46 1505 57 76 46 2021-03-24 2025-03-11 tj@senserva.com v-atulyadav@microsoft.com Solutions/OracleDatabaseAudit/Hunting Queries/OracleDBAuditActionsByUser.yaml 35 46 1505 57 76 46 2021-03-24 2025-03-11 tj@senserva.com v-atulyadav@microsoft.com Solutions/OracleDatabaseAudit/Hunting Queries/OracleDBAuditInactiveUsers.yaml 38 46 1505 57 76 46 2021-03-24 2025-03-11 tj@senserva.com v-atulyadav@microsoft.com Solutions/OracleDatabaseAudit/Hunting Queries/OracleDBAuditListOfTablesQueried.yaml 29 63 1505 57 98 63 2021-03-24 2025-03-11 tj@senserva.com v-atulyadav@microsoft.com Solutions/OracleDatabaseAudit/Hunting Queries/OracleDBAuditActiveUsers.yaml 25 46 1505 57 76 46 2021-03-24 2025-03-11 tj@senserva.com v-atulyadav@microsoft.com Solutions/OracleDatabaseAudit/Hunting Queries/OracleDBAuditActionsByIp.yaml 35 46 1505 57 76 46 2021-03-24 2025-03-11 tj@senserva.com v-atulyadav@microsoft.com Solutions/OracleDatabaseAudit/Parsers/OracleDatabaseAuditEvent.yaml 221 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/OracleDatabaseAudit/Analytic Rules/OracleDBAuditQueryOnSensitiveTable.yaml 35 103 1505 57 174 85 2021-03-24 2025-03-11 tj@senserva.com v-atulyadav@microsoft.com Solutions/OracleDatabaseAudit/Analytic Rules/OracleDBAuditForbiddenSrcIpAddr.yaml 38 97 1505 57 149 82 2021-03-24 2025-03-11 tj@senserva.com v-atulyadav@microsoft.com Solutions/OracleDatabaseAudit/Analytic Rules/OracleDBAuditDropManyTables.yaml 36 97 1505 57 149 82 2021-03-24 2025-03-11 tj@senserva.com v-atulyadav@microsoft.com Solutions/OracleDatabaseAudit/Analytic Rules/OracleDBAuditConnectFromExternalIp.yaml 43 97 1505 57 149 82 2021-03-24 2025-03-11 tj@senserva.com v-atulyadav@microsoft.com Solutions/OracleDatabaseAudit/Analytic Rules/OracleDBAuditRareUserActivity.yaml 47 97 1505 57 149 82 2021-03-24 2025-03-11 tj@senserva.com v-atulyadav@microsoft.com Solutions/OracleDatabaseAudit/Analytic Rules/OracleDBAuditNewUserDetected.yaml 40 97 1505 57 149 82 2021-03-24 2025-03-11 tj@senserva.com v-atulyadav@microsoft.com Solutions/OracleDatabaseAudit/Analytic Rules/OracleDBAuditSelectOnManyTables.yaml 36 97 1505 57 149 82 2021-03-24 2025-03-11 tj@senserva.com v-atulyadav@microsoft.com Solutions/OracleDatabaseAudit/Analytic Rules/OracleDBAuditShutdownServer.yaml 36 97 1505 57 149 82 2021-03-24 2025-03-11 tj@senserva.com v-atulyadav@microsoft.com Solutions/OracleDatabaseAudit/Analytic Rules/OracleDBAuditSQLInjectionPatterns.yaml 36 97 1505 57 149 82 2021-03-24 2025-03-11 tj@senserva.com v-atulyadav@microsoft.com Solutions/OracleDatabaseAudit/Analytic Rules/OracleDBAuditNewIpForUser.yaml 46 97 1505 57 149 82 2021-03-24 2025-03-11 tj@senserva.com v-atulyadav@microsoft.com Solutions/IONIX/Analytic Rules/HighUrgencyActionItems.yaml 42 30 597 293 55 25 2023-09-18 2024-07-18 yotam@ionix.io 164491672+shishirdw@users.noreply.github.com Solutions/Microsoft Exchange Security - Exchange Online/Parsers/MESOfficeActivityLogs.yaml 62 17 431 268 21 14 2024-03-02 2024-08-12 nilepagn@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Exchange Security - Exchange Online/Parsers/MESCheckOnlineVIP.yaml 25 30 431 261 40 19 2024-03-02 2024-08-19 nilepagn@microsoft.com v-prasadboke@microsoft.com Solutions/Microsoft Exchange Security - Exchange Online/Parsers/ExchangeEnvironmentList.yaml 26 65 624 261 142 46 2023-08-22 2024-08-19 mkchiliveri@gmail.com v-prasadboke@microsoft.com Solutions/Microsoft Exchange Security - Exchange Online/Parsers/MESCompareDataMRA.yaml 187 54 431 58 83 31 2024-03-02 2025-03-10 nilepagn@microsoft.com idoshabi@microsoft.com Solutions/Microsoft Exchange Security - Exchange Online/Parsers/ExchangeConfiguration.yaml 330 93 624 261 195 60 2023-08-22 2024-08-19 mkchiliveri@gmail.com v-prasadboke@microsoft.com Solutions/Microsoft Exchange Security - Exchange Online/# - General Content/Solutions/ESICollector/OnlineDeployment/CollectExchSecIns.ps1 3543 12 65 13 19 14 2025-03-03 2025-04-24 nilepagn@microsoft.com v-prasadboke@microsoft.com Solutions/Microsoft Exchange Security - Exchange Online/# - General Content/Solutions/ESICollector/OnlineDeployment/ExchangeOnlinePermSetup.ps1 36 11 65 13 16 13 2025-03-03 2025-04-24 nilepagn@microsoft.com v-prasadboke@microsoft.com Solutions/Infoblox Cloud Data Connector/Parsers/InfobloxCDC.yaml 64 56 624 268 110 44 2023-08-22 2024-08-12 mkchiliveri@gmail.com 62938807+haim-na@users.noreply.github.com Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-ManyNXDOMAINDNSResponsesDetected.yaml 51 75 684 57 171 53 2023-06-23 2025-03-11 78623042+sschuur@users.noreply.github.com v-atulyadav@microsoft.com Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-DataExfiltrationAttack.yaml 66 75 684 57 171 53 2023-06-23 2025-03-11 78623042+sschuur@users.noreply.github.com v-atulyadav@microsoft.com Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-TI-CommonSecurityLogMatchFound-MalwareC2.yaml 67 76 684 57 173 53 2023-06-23 2025-03-11 78623042+sschuur@users.noreply.github.com v-atulyadav@microsoft.com Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-ManyHighThreatLevelQueriesFromSingleHostDetected.yaml 51 75 684 57 171 53 2023-06-23 2025-03-11 78623042+sschuur@users.noreply.github.com v-atulyadav@microsoft.com Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-ManyHighThreatLevelSingleQueryDetected.yaml 51 76 684 57 187 54 2023-06-23 2025-03-11 78623042+sschuur@users.noreply.github.com v-atulyadav@microsoft.com Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-TI-InfobloxCDCMatchFound-LookalikeDomains.yaml 79 77 684 57 190 54 2023-06-23 2025-03-11 78623042+sschuur@users.noreply.github.com v-atulyadav@microsoft.com Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-HighThreatLevelQueryNotBlockedDetected.yaml 67 139 1287 57 279 95 2021-10-28 2025-03-11 78623042+sschuur@users.noreply.github.com v-atulyadav@microsoft.com Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-TI-SyslogMatchFound-URL.yaml 69 77 684 57 174 53 2023-06-23 2025-03-11 78623042+sschuur@users.noreply.github.com v-atulyadav@microsoft.com Solutions/DEV-0537DetectionandHunting/Hunting Queries/Empty.yaml 21 18 1125 576 23 21 2022-04-08 2023-10-09 maniskumar@microsoft.com mrudula.oruganti@gigamon.com Solutions/Lookout Cloud Security Platform for Microsoft Sentinel/Parsers/LookoutCSActivities.yaml 28 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Lookout Cloud Security Platform for Microsoft Sentinel/Parsers/LookoutCSViolations.yaml 39 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Lookout Cloud Security Platform for Microsoft Sentinel/Parsers/LookoutCSAnomalies.yaml 36 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Lookout Cloud Security Platform for Microsoft Sentinel/Data Connectors/LookoutCSConnector/LookoutCloudSecurityEvents/__init__.py 340 60 807 293 110 50 2023-02-20 2024-07-18 45319244+aviatam@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Lookout Cloud Security Platform for Microsoft Sentinel/Data Connectors/LookoutCSConnector/LookoutCloudSecurityViolations/__init__.py 340 60 807 293 110 50 2023-02-20 2024-07-18 45319244+aviatam@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Lookout Cloud Security Platform for Microsoft Sentinel/Data Connectors/LookoutCSConnector/LookoutCloudSecurityAnamolies/__init__.py 340 60 807 293 110 50 2023-02-20 2024-07-18 45319244+aviatam@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Votiro/Analytic Rules/VotiroFileBlockedInEmail.yaml 51 62 875 259 132 46 2022-12-14 2024-08-21 111038486+sambhrant-metron@users.noreply.github.com nilepagn@microsoft.com Solutions/Votiro/Analytic Rules/VotiroFileBlockedFromConnector.yaml 52 62 875 259 129 46 2022-12-14 2024-08-21 111038486+sambhrant-metron@users.noreply.github.com nilepagn@microsoft.com Solutions/Web Shells Threat Protection/Hunting Queries/Possible webshell drop.yaml 32 52 715 293 103 54 2023-05-23 2024-07-18 v-rbajaj@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Web Shells Threat Protection/Hunting Queries/WebShellActivity.yaml 62 52 715 293 103 54 2023-05-23 2024-07-18 v-rbajaj@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Web Shells Threat Protection/Hunting Queries/SpringshellWebshellUsage.yaml 35 52 715 293 103 54 2023-05-23 2024-07-18 v-rbajaj@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Web Shells Threat Protection/Hunting Queries/PotentialWebshell.yaml 30 74 715 293 157 70 2023-05-23 2024-07-18 v-rbajaj@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Web Shells Threat Protection/Hunting Queries/umworkerprocess-creating-webshell.yaml 30 52 715 293 103 54 2023-05-23 2024-07-18 v-rbajaj@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Web Shells Threat Protection/Hunting Queries/exchange-iis-worker-dropping-webshell.yaml 33 52 715 293 103 54 2023-05-23 2024-07-18 v-rbajaj@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Web Shells Threat Protection/Analytic Rules/PotentialMercury_Webshell.yaml 64 67 715 259 123 63 2023-05-23 2024-08-21 v-rbajaj@microsoft.com nilepagn@microsoft.com Solutions/Web Shells Threat Protection/Analytic Rules/MaliciousAlertLinkedWebRequests.yaml 85 63 715 261 105 58 2023-05-23 2024-08-19 v-rbajaj@microsoft.com v-prasadboke@microsoft.com Solutions/Web Shells Threat Protection/Analytic Rules/Supernovawebshell.yaml 63 56 715 261 80 54 2023-05-23 2024-08-19 v-rbajaj@microsoft.com v-prasadboke@microsoft.com Solutions/Oracle Cloud Infrastructure/Hunting Queries/OCIUserNewUsers.yaml 24 33 1064 576 46 25 2022-06-08 2023-10-09 104008048+v-atulyadav@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Oracle Cloud Infrastructure/Hunting Queries/OCIDestinationsOut.yaml 27 60 1064 293 88 45 2022-06-08 2024-07-18 104008048+v-atulyadav@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Oracle Cloud Infrastructure/Hunting Queries/OCIUserDeleteActions.yaml 23 33 1064 576 46 25 2022-06-08 2023-10-09 104008048+v-atulyadav@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Oracle Cloud Infrastructure/Hunting Queries/OCIUserTerminatedInstances.yaml 23 33 1064 576 46 25 2022-06-08 2023-10-09 104008048+v-atulyadav@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Oracle Cloud Infrastructure/Hunting Queries/OCIUserUpdatedInstances.yaml 23 33 1064 576 46 25 2022-06-08 2023-10-09 104008048+v-atulyadav@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Oracle Cloud Infrastructure/Hunting Queries/OCIUpdateActivities.yaml 24 33 1064 576 46 25 2022-06-08 2023-10-09 104008048+v-atulyadav@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Oracle Cloud Infrastructure/Hunting Queries/OCIUserSources.yaml 24 33 1064 576 46 25 2022-06-08 2023-10-09 104008048+v-atulyadav@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Oracle Cloud Infrastructure/Hunting Queries/OCIDestinationsIn.yaml 27 33 1064 576 46 25 2022-06-08 2023-10-09 104008048+v-atulyadav@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Oracle Cloud Infrastructure/Hunting Queries/OCIUserDeletedUsers.yaml 23 33 1064 576 46 25 2022-06-08 2023-10-09 104008048+v-atulyadav@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Oracle Cloud Infrastructure/Hunting Queries/OCILaunchedInstances.yaml 23 33 1064 576 46 25 2022-06-08 2023-10-09 104008048+v-atulyadav@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Oracle Cloud Infrastructure/Parsers/OCILogs.yaml 29 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Oracle Cloud Infrastructure/Analytic Rules/OCIInsecureMetadataEndpoint.yaml 30 33 1064 576 46 25 2022-06-08 2023-10-09 104008048+v-atulyadav@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Oracle Cloud Infrastructure/Analytic Rules/OCIMultipleRejects.yaml 47 33 1064 576 46 25 2022-06-08 2023-10-09 104008048+v-atulyadav@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Oracle Cloud Infrastructure/Analytic Rules/OCIDiscoveryActivity.yaml 32 33 1064 576 46 25 2022-06-08 2023-10-09 104008048+v-atulyadav@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Oracle Cloud Infrastructure/Analytic Rules/OCISSHScan.yaml 36 33 1064 576 46 25 2022-06-08 2023-10-09 104008048+v-atulyadav@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Oracle Cloud Infrastructure/Analytic Rules/OCIEventRuleDeleted.yaml 29 33 1064 576 46 25 2022-06-08 2023-10-09 104008048+v-atulyadav@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Oracle Cloud Infrastructure/Analytic Rules/OCIUnexpectedUserAgent.yaml 30 33 1064 576 46 25 2022-06-08 2023-10-09 104008048+v-atulyadav@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Oracle Cloud Infrastructure/Analytic Rules/OCIInboundSSHConnection.yaml 33 33 1064 576 46 25 2022-06-08 2023-10-09 104008048+v-atulyadav@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Oracle Cloud Infrastructure/Analytic Rules/OCIMultipleInstancesLaunched.yaml 32 33 1064 576 46 25 2022-06-08 2023-10-09 104008048+v-atulyadav@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Oracle Cloud Infrastructure/Analytic Rules/OCIMultipleInstancesTerminated.yaml 32 33 1064 576 46 25 2022-06-08 2023-10-09 104008048+v-atulyadav@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Oracle Cloud Infrastructure/Analytic Rules/OCIMetadataEndpointIpAccess.yaml 31 33 1064 576 46 25 2022-06-08 2023-10-09 104008048+v-atulyadav@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Oracle Cloud Infrastructure/Data Connectors/AzureFunctionOCILogs/main.py 163 194 1064 57 451 122 2022-06-08 2025-03-11 104008048+v-atulyadav@users.noreply.github.com v-atulyadav@microsoft.com Solutions/Oracle Cloud Infrastructure/Data Connectors/AzureFunctionOCILogs/sentinel_connector.py 100 33 1064 576 46 25 2022-06-08 2023-10-09 104008048+v-atulyadav@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/IPinfo/Data Connectors/Privacy Extended/AzureFunctionIPinfoPrivacyExtended/constants.py 87 11 261 26 15 11 2024-08-19 2025-04-11 ahmadmujahid1950@gmail.com bartleyriley@gmail.com Solutions/IPinfo/Data Connectors/Privacy Extended/AzureFunctionIPinfoPrivacyExtended/main.py 86 11 261 26 15 11 2024-08-19 2025-04-11 ahmadmujahid1950@gmail.com bartleyriley@gmail.com Solutions/IPinfo/Data Connectors/Privacy Extended/AzureFunctionIPinfoPrivacyExtended/utils.py 153 11 261 26 15 11 2024-08-19 2025-04-11 ahmadmujahid1950@gmail.com bartleyriley@gmail.com Solutions/IPinfo/Data Connectors/Country ASN/AzureFunctionIPinfoCountryASN/constants.py 75 11 250 26 15 11 2024-08-30 2025-04-11 ahmadmujahid1950@gmail.com bartleyriley@gmail.com Solutions/IPinfo/Data Connectors/Country ASN/AzureFunctionIPinfoCountryASN/main.py 80 11 250 26 15 11 2024-08-30 2025-04-11 ahmadmujahid1950@gmail.com bartleyriley@gmail.com Solutions/IPinfo/Data Connectors/Country ASN/AzureFunctionIPinfoCountryASN/utils.py 153 11 250 26 15 11 2024-08-30 2025-04-11 ahmadmujahid1950@gmail.com bartleyriley@gmail.com Solutions/IPinfo/Data Connectors/WHOIS MNT/AzureFunctionIPinfoWHOISMNT/constants.py 75 11 261 26 15 11 2024-08-19 2025-04-11 ahmadmujahid1950@gmail.com bartleyriley@gmail.com Solutions/IPinfo/Data Connectors/WHOIS MNT/AzureFunctionIPinfoWHOISMNT/main.py 83 11 261 26 15 11 2024-08-19 2025-04-11 ahmadmujahid1950@gmail.com bartleyriley@gmail.com Solutions/IPinfo/Data Connectors/WHOIS MNT/AzureFunctionIPinfoWHOISMNT/utils.py 153 11 261 26 15 11 2024-08-19 2025-04-11 ahmadmujahid1950@gmail.com bartleyriley@gmail.com Solutions/IPinfo/Data Connectors/Iplocation/AzureFunctionIPinfoIplocation/constants.py 79 13 302 259 42 18 2024-07-09 2024-08-21 ahmadmujahid1950@gmail.com nilepagn@microsoft.com Solutions/IPinfo/Data Connectors/Iplocation/AzureFunctionIPinfoIplocation/main.py 81 13 302 259 42 18 2024-07-09 2024-08-21 ahmadmujahid1950@gmail.com nilepagn@microsoft.com Solutions/IPinfo/Data Connectors/Iplocation/AzureFunctionIPinfoIplocation/utils.py 153 13 302 259 42 18 2024-07-09 2024-08-21 ahmadmujahid1950@gmail.com nilepagn@microsoft.com Solutions/IPinfo/Data Connectors/ASN/AzureFunctionIPinfoASN/constants.py 71 11 261 26 15 11 2024-08-19 2025-04-11 ahmadmujahid1950@gmail.com bartleyriley@gmail.com Solutions/IPinfo/Data Connectors/ASN/AzureFunctionIPinfoASN/main.py 78 11 261 26 15 11 2024-08-19 2025-04-11 ahmadmujahid1950@gmail.com bartleyriley@gmail.com Solutions/IPinfo/Data Connectors/ASN/AzureFunctionIPinfoASN/utils.py 153 11 261 26 15 11 2024-08-19 2025-04-11 ahmadmujahid1950@gmail.com bartleyriley@gmail.com Solutions/IPinfo/Data Connectors/Carrier/AzureFunctionIPinfoCarrier/constants.py 71 11 261 26 15 11 2024-08-19 2025-04-11 ahmadmujahid1950@gmail.com bartleyriley@gmail.com Solutions/IPinfo/Data Connectors/Carrier/AzureFunctionIPinfoCarrier/main.py 78 11 261 26 15 11 2024-08-19 2025-04-11 ahmadmujahid1950@gmail.com bartleyriley@gmail.com Solutions/IPinfo/Data Connectors/Carrier/AzureFunctionIPinfoCarrier/utils.py 153 11 261 26 15 11 2024-08-19 2025-04-11 ahmadmujahid1950@gmail.com bartleyriley@gmail.com Solutions/IPinfo/Data Connectors/WHOIS POC/AzureFunctionIPinfoWHOISPOC/constants.py 83 11 261 26 15 11 2024-08-19 2025-04-11 ahmadmujahid1950@gmail.com bartleyriley@gmail.com Solutions/IPinfo/Data Connectors/WHOIS POC/AzureFunctionIPinfoWHOISPOC/main.py 87 11 261 26 15 11 2024-08-19 2025-04-11 ahmadmujahid1950@gmail.com bartleyriley@gmail.com Solutions/IPinfo/Data Connectors/WHOIS POC/AzureFunctionIPinfoWHOISPOC/utils.py 153 11 261 26 15 11 2024-08-19 2025-04-11 ahmadmujahid1950@gmail.com bartleyriley@gmail.com Solutions/IPinfo/Data Connectors/RWHOIS/AzureFunctionIPinfoRWHOIS/constants.py 87 11 261 26 15 11 2024-08-19 2025-04-11 ahmadmujahid1950@gmail.com bartleyriley@gmail.com Solutions/IPinfo/Data Connectors/RWHOIS/AzureFunctionIPinfoRWHOIS/main.py 87 11 261 26 15 11 2024-08-19 2025-04-11 ahmadmujahid1950@gmail.com bartleyriley@gmail.com Solutions/IPinfo/Data Connectors/RWHOIS/AzureFunctionIPinfoRWHOIS/utils.py 153 11 261 26 15 11 2024-08-19 2025-04-11 ahmadmujahid1950@gmail.com bartleyriley@gmail.com Solutions/IPinfo/Data Connectors/Privacy/AzureFunctionIPinfoPrivacy/constants.py 73 13 302 259 42 18 2024-07-09 2024-08-21 ahmadmujahid1950@gmail.com nilepagn@microsoft.com Solutions/IPinfo/Data Connectors/Privacy/AzureFunctionIPinfoPrivacy/main.py 79 13 302 259 42 18 2024-07-09 2024-08-21 ahmadmujahid1950@gmail.com nilepagn@microsoft.com Solutions/IPinfo/Data Connectors/Privacy/AzureFunctionIPinfoPrivacy/utils.py 153 13 302 259 42 18 2024-07-09 2024-08-21 ahmadmujahid1950@gmail.com nilepagn@microsoft.com Solutions/IPinfo/Data Connectors/Abuse/AzureFunctionIPinfoAbuse/constants.py 73 11 261 26 15 11 2024-08-19 2025-04-11 ahmadmujahid1950@gmail.com bartleyriley@gmail.com Solutions/IPinfo/Data Connectors/Abuse/AzureFunctionIPinfoAbuse/main.py 79 11 261 26 15 11 2024-08-19 2025-04-11 ahmadmujahid1950@gmail.com bartleyriley@gmail.com Solutions/IPinfo/Data Connectors/Abuse/AzureFunctionIPinfoAbuse/utils.py 153 11 261 26 15 11 2024-08-19 2025-04-11 ahmadmujahid1950@gmail.com bartleyriley@gmail.com Solutions/IPinfo/Data Connectors/Company/AzureFunctionIPinfoCompany/constants.py 77 13 302 259 42 18 2024-07-09 2024-08-21 ahmadmujahid1950@gmail.com nilepagn@microsoft.com Solutions/IPinfo/Data Connectors/Company/AzureFunctionIPinfoCompany/main.py 81 13 302 259 42 18 2024-07-09 2024-08-21 ahmadmujahid1950@gmail.com nilepagn@microsoft.com Solutions/IPinfo/Data Connectors/Company/AzureFunctionIPinfoCompany/utils.py 153 13 302 259 42 18 2024-07-09 2024-08-21 ahmadmujahid1950@gmail.com nilepagn@microsoft.com Solutions/IPinfo/Data Connectors/WHOIS ASN/AzureFunctionIPinfoWHOISASN/constants.py 73 11 261 26 15 11 2024-08-19 2025-04-11 ahmadmujahid1950@gmail.com bartleyriley@gmail.com Solutions/IPinfo/Data Connectors/WHOIS ASN/AzureFunctionIPinfoWHOISASN/main.py 82 11 261 26 15 11 2024-08-19 2025-04-11 ahmadmujahid1950@gmail.com bartleyriley@gmail.com Solutions/IPinfo/Data Connectors/WHOIS ASN/AzureFunctionIPinfoWHOISASN/utils.py 153 11 261 26 15 11 2024-08-19 2025-04-11 ahmadmujahid1950@gmail.com bartleyriley@gmail.com Solutions/IPinfo/Data Connectors/WHOIS ORG/AzureFunctionIPinfoWHOISORG/constants.py 93 11 261 26 15 11 2024-08-19 2025-04-11 ahmadmujahid1950@gmail.com bartleyriley@gmail.com Solutions/IPinfo/Data Connectors/WHOIS ORG/AzureFunctionIPinfoWHOISORG/main.py 92 11 261 26 15 11 2024-08-19 2025-04-11 ahmadmujahid1950@gmail.com bartleyriley@gmail.com Solutions/IPinfo/Data Connectors/WHOIS ORG/AzureFunctionIPinfoWHOISORG/utils.py 153 11 261 26 15 11 2024-08-19 2025-04-11 ahmadmujahid1950@gmail.com bartleyriley@gmail.com Solutions/IPinfo/Data Connectors/WHOIS NET/AzureFunctionIPinfoWHOISNET/constants.py 87 11 261 26 15 11 2024-08-19 2025-04-11 ahmadmujahid1950@gmail.com bartleyriley@gmail.com Solutions/IPinfo/Data Connectors/WHOIS NET/AzureFunctionIPinfoWHOISNET/main.py 89 11 261 26 15 11 2024-08-19 2025-04-11 ahmadmujahid1950@gmail.com bartleyriley@gmail.com Solutions/IPinfo/Data Connectors/WHOIS NET/AzureFunctionIPinfoWHOISNET/utils.py 153 11 261 26 15 11 2024-08-19 2025-04-11 ahmadmujahid1950@gmail.com bartleyriley@gmail.com Solutions/IPinfo/Data Connectors/Iplocation Extended/AzureFunctionIPinfoIplocationExtended/constants.py 83 11 261 26 15 11 2024-08-19 2025-04-11 ahmadmujahid1950@gmail.com bartleyriley@gmail.com Solutions/IPinfo/Data Connectors/Iplocation Extended/AzureFunctionIPinfoIplocationExtended/main.py 84 11 261 26 15 11 2024-08-19 2025-04-11 ahmadmujahid1950@gmail.com bartleyriley@gmail.com Solutions/IPinfo/Data Connectors/Iplocation Extended/AzureFunctionIPinfoIplocationExtended/utils.py 153 11 261 26 15 11 2024-08-19 2025-04-11 ahmadmujahid1950@gmail.com bartleyriley@gmail.com Solutions/IPinfo/Data Connectors/Domain/AzureFunctionIPinfoDomain/constants.py 65 11 261 26 15 11 2024-08-19 2025-04-11 ahmadmujahid1950@gmail.com bartleyriley@gmail.com Solutions/IPinfo/Data Connectors/Domain/AzureFunctionIPinfoDomain/main.py 75 11 261 26 15 11 2024-08-19 2025-04-11 ahmadmujahid1950@gmail.com bartleyriley@gmail.com Solutions/IPinfo/Data Connectors/Domain/AzureFunctionIPinfoDomain/utils.py 153 11 261 26 15 11 2024-08-19 2025-04-11 ahmadmujahid1950@gmail.com bartleyriley@gmail.com Solutions/IPinfo/Data Connectors/RIRWHOIS/AzureFunctionIPinfoRIRWHOIS/constants.py 99 11 261 26 15 11 2024-08-19 2025-04-11 ahmadmujahid1950@gmail.com bartleyriley@gmail.com Solutions/IPinfo/Data Connectors/RIRWHOIS/AzureFunctionIPinfoRIRWHOIS/main.py 92 11 261 26 15 11 2024-08-19 2025-04-11 ahmadmujahid1950@gmail.com bartleyriley@gmail.com Solutions/IPinfo/Data Connectors/RIRWHOIS/AzureFunctionIPinfoRIRWHOIS/utils.py 153 11 261 26 15 11 2024-08-19 2025-04-11 ahmadmujahid1950@gmail.com bartleyriley@gmail.com Solutions/WithSecureElementsViaFunction/Data Connectors/WithSecureElementsAzureFunction/function_app.py 80 32 440 8 53 29 2024-02-22 2025-04-29 maciej.antkiewicz@withsecure.com v-atulyadav@microsoft.com Solutions/WithSecureElementsViaFunction/Data Connectors/WithSecureElementsAzureFunction/__init__.py 1 23 440 268 38 23 2024-02-22 2024-08-12 maciej.antkiewicz@withsecure.com 62938807+haim-na@users.noreply.github.com Solutions/WithSecureElementsViaFunction/Data Connectors/WithSecureElementsAzureFunction/lib/__init__.py 1 23 440 268 38 23 2024-02-22 2024-08-12 maciej.antkiewicz@withsecure.com 62938807+haim-na@users.noreply.github.com Solutions/WithSecureElementsViaFunction/Data Connectors/WithSecureElementsAzureFunction/lib/ws_connector.py 25 24 440 268 39 23 2024-02-22 2024-08-12 maciej.antkiewicz@withsecure.com 62938807+haim-na@users.noreply.github.com Solutions/WithSecureElementsViaFunction/Data Connectors/WithSecureElementsAzureFunction/lib/message_factory.py 526 32 440 8 53 29 2024-02-22 2025-04-29 maciej.antkiewicz@withsecure.com v-atulyadav@microsoft.com Solutions/WithSecureElementsViaFunction/Data Connectors/WithSecureElementsAzureFunction/lib/events_formatter.py 113 23 440 268 38 23 2024-02-22 2024-08-12 maciej.antkiewicz@withsecure.com 62938807+haim-na@users.noreply.github.com Solutions/WithSecureElementsViaFunction/Data Connectors/WithSecureElementsAzureFunction/lib/azure_storage_table.py 47 23 440 268 38 23 2024-02-22 2024-08-12 maciej.antkiewicz@withsecure.com 62938807+haim-na@users.noreply.github.com Solutions/WithSecureElementsViaFunction/Data Connectors/WithSecureElementsAzureFunction/lib/log_ingestion_api.py 17 23 440 268 38 23 2024-02-22 2024-08-12 maciej.antkiewicz@withsecure.com 62938807+haim-na@users.noreply.github.com Solutions/WithSecureElementsViaFunction/Data Connectors/WithSecureElementsAzureFunction/lib/withsecure_client.py 146 33 440 8 54 29 2024-02-22 2025-04-29 maciej.antkiewicz@withsecure.com v-atulyadav@microsoft.com Solutions/Malware Protection Essentials/Hunting Queries/FileCretaedInStartupFolder.yaml 101 28 503 293 39 23 2023-12-21 2024-07-18 r.greatlove@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Malware Protection Essentials/Hunting Queries/SystemFilesModifiedByUser.yaml 111 28 503 293 39 23 2023-12-21 2024-07-18 r.greatlove@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Malware Protection Essentials/Hunting Queries/NewMaliciousScheduledTask.yaml 96 28 503 293 39 23 2023-12-21 2024-07-18 r.greatlove@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Malware Protection Essentials/Hunting Queries/ExecutableInUncommonLocation.yaml 104 28 503 293 39 23 2023-12-21 2024-07-18 r.greatlove@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Malware Protection Essentials/Hunting Queries/FilesWithRansomwareExtensions.yaml 95 28 503 293 39 23 2023-12-21 2024-07-18 r.greatlove@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Malware Protection Essentials/Hunting Queries/NewScheduledTaskCreation.yaml 93 28 503 293 39 23 2023-12-21 2024-07-18 r.greatlove@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Malware Protection Essentials/Analytic Rules/WindowsAllowFirewallRuleAdded.yaml 113 28 503 293 40 23 2023-12-21 2024-07-18 r.greatlove@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Malware Protection Essentials/Analytic Rules/StartupRegistryModified.yaml 125 28 503 293 39 23 2023-12-21 2024-07-18 r.greatlove@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Malware Protection Essentials/Analytic Rules/BackupDeletionDetected.yaml 97 29 503 293 40 23 2023-12-21 2024-07-18 r.greatlove@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Malware Protection Essentials/Analytic Rules/SuspiciousProcessCreation.yaml 95 49 503 58 66 29 2023-12-21 2025-03-10 r.greatlove@gmail.com idoshabi@microsoft.com Solutions/Malware Protection Essentials/Analytic Rules/WindowsUpdateDisabled.yaml 112 28 503 293 39 23 2023-12-21 2024-07-18 r.greatlove@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Malware Protection Essentials/Analytic Rules/PrintProcessersModified.yaml 109 28 503 293 39 23 2023-12-21 2024-07-18 r.greatlove@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Armis/Parsers/ArmisActivities.yaml 40 49 624 106 94 44 2023-08-22 2025-01-21 mkchiliveri@gmail.com 128674128+v1managedservices@users.noreply.github.com Solutions/Armis/Parsers/ArmisDevice.yaml 64 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Armis/Parsers/ArmisAlerts.yaml 38 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Armis/Data Connectors/ArmisAlerts/ArmisAlertSentinelConnector/__init__.py 361 49 966 293 90 46 2022-09-14 2024-07-18 jayesh.prajapati@cdsys.local 164491672+shishirdw@users.noreply.github.com Solutions/Armis/Data Connectors/ArmisAlerts/ArmisAlertSentinelConnector/state_manager.py 27 23 966 576 31 24 2022-09-14 2023-10-09 jayesh.prajapati@cdsys.local mrudula.oruganti@gigamon.com Solutions/Armis/Data Connectors/ArmisAlerts/Exceptions/ArmisExceptions.py 4 23 966 576 31 24 2022-09-14 2023-10-09 jayesh.prajapati@cdsys.local mrudula.oruganti@gigamon.com Solutions/Armis/Data Connectors/ArmisDevice/ArmisDeviceSentinelConnector/__init__.py 456 88 966 13 150 68 2022-09-14 2025-04-24 jayesh.prajapati@cdsys.local v-prasadboke@microsoft.com Solutions/Armis/Data Connectors/ArmisDevice/ArmisDeviceSentinelConnector/exports_store.py 76 17 181 58 32 13 2024-11-07 2025-03-10 shashank.shah@crestdata.ai idoshabi@microsoft.com Solutions/Armis/Data Connectors/ArmisDevice/ArmisDeviceSentinelConnector/state_manager.py 32 40 966 58 63 36 2022-09-14 2025-03-10 jayesh.prajapati@cdsys.local idoshabi@microsoft.com Solutions/Armis/Data Connectors/ArmisDevice/Exceptions/ArmisExceptions.py 6 40 966 58 63 36 2022-09-14 2025-03-10 jayesh.prajapati@cdsys.local idoshabi@microsoft.com Solutions/Armis/Data Connectors/ArmisActivities/ArmisActivitySentinelConnector/__init__.py 367 74 966 268 131 62 2022-09-14 2024-08-12 jayesh.prajapati@cdsys.local 62938807+haim-na@users.noreply.github.com Solutions/Armis/Data Connectors/ArmisActivities/ArmisActivitySentinelConnector/state_manager.py 27 23 966 576 31 24 2022-09-14 2023-10-09 jayesh.prajapati@cdsys.local mrudula.oruganti@gigamon.com Solutions/Armis/Data Connectors/ArmisActivities/Exceptions/ArmisExceptions.py 4 23 966 576 31 24 2022-09-14 2023-10-09 jayesh.prajapati@cdsys.local mrudula.oruganti@gigamon.com Solutions/Armis/Data Connectors/ArmisAlertsActivities/ArmisAlertActivitySentinelConnector/sentinel.py 150 15 257 106 25 17 2024-08-23 2025-01-21 jayesh.prajapati@crestdatasys.com 128674128+v1managedservices@users.noreply.github.com Solutions/Armis/Data Connectors/ArmisAlertsActivities/ArmisAlertActivitySentinelConnector/__init__.py 340 30 257 58 55 24 2024-08-23 2025-03-10 jayesh.prajapati@crestdatasys.com idoshabi@microsoft.com Solutions/Armis/Data Connectors/ArmisAlertsActivities/ArmisAlertActivitySentinelConnector/exports_store.py 74 17 181 58 32 13 2024-11-07 2025-03-10 shashank.shah@crestdata.ai idoshabi@microsoft.com Solutions/Armis/Data Connectors/ArmisAlertsActivities/ArmisAlertActivitySentinelConnector/state_manager.py 33 28 257 58 53 24 2024-08-23 2025-03-10 jayesh.prajapati@crestdatasys.com idoshabi@microsoft.com Solutions/Armis/Data Connectors/ArmisAlertsActivities/ArmisAlertActivitySentinelConnector/utils.py 205 33 257 58 63 26 2024-08-23 2025-03-10 jayesh.prajapati@crestdatasys.com idoshabi@microsoft.com Solutions/Armis/Data Connectors/ArmisAlertsActivities/ArmisAlertActivitySentinelConnector/consts.py 30 29 257 58 53 24 2024-08-23 2025-03-10 jayesh.prajapati@crestdatasys.com idoshabi@microsoft.com Solutions/Armis/Data Connectors/ArmisAlertsActivities/Exceptions/ArmisExceptions.py 4 18 257 106 28 18 2024-08-23 2025-01-21 jayesh.prajapati@crestdatasys.com 128674128+v1managedservices@users.noreply.github.com Solutions/Fortinet FortiNDR Cloud/Parsers/Fortinet_FortiNDR_Cloud.yaml 357 65 526 106 90 38 2023-11-28 2025-01-21 sxiuyang@fortinet.com 128674128+v1managedservices@users.noreply.github.com Solutions/Fortinet FortiNDR Cloud/Data Connectors/fortinetFortiNdrCloudDataConn/errors.py 10 21 365 261 31 18 2024-05-07 2024-08-19 sxiuyang@fortinet.com v-prasadboke@microsoft.com Solutions/Fortinet FortiNDR Cloud/Data Connectors/fortinetFortiNdrCloudDataConn/globalVariables.py 4 44 479 261 65 30 2024-01-14 2024-08-19 sxiuyang@fortinet.com v-prasadboke@microsoft.com Solutions/Fortinet FortiNDR Cloud/Data Connectors/fortinetFortiNdrCloudDataConn/FetchAndSendEventsHistory/__init__.py 76 33 365 261 60 23 2024-05-07 2024-08-19 sxiuyang@fortinet.com v-prasadboke@microsoft.com Solutions/Fortinet FortiNDR Cloud/Data Connectors/fortinetFortiNdrCloudDataConn/sentinel/sentinel.py 52 48 526 261 69 30 2023-11-28 2024-08-19 sxiuyang@fortinet.com v-prasadboke@microsoft.com Solutions/Fortinet FortiNDR Cloud/Data Connectors/fortinetFortiNdrCloudDataConn/sentinel/__init__.py 1 27 526 268 38 23 2023-11-28 2024-08-12 sxiuyang@fortinet.com 62938807+haim-na@users.noreply.github.com Solutions/Fortinet FortiNDR Cloud/Data Connectors/fortinetFortiNdrCloudDataConn/FetchAndSendEvents/__init__.py 86 33 365 261 60 23 2024-05-07 2024-08-19 sxiuyang@fortinet.com v-prasadboke@microsoft.com Solutions/Fortinet FortiNDR Cloud/Data Connectors/fortinetFortiNdrCloudDataConn/FncRestClient.py 27 17 224 106 21 14 2024-09-25 2025-01-21 sxiuyang@fortinet.com 128674128+v1managedservices@users.noreply.github.com Solutions/Fortinet FortiNDR Cloud/Data Connectors/fortinetFortiNdrCloudDataConn/SingletonEternalOrchestrator/__init__.py 145 48 526 261 71 30 2023-11-28 2024-08-19 sxiuyang@fortinet.com v-prasadboke@microsoft.com Solutions/Fortinet FortiNDR Cloud/Data Connectors/fortinetFortiNdrCloudDataConn/OrchestratorWatchdog/__init__.py 150 66 526 106 92 39 2023-11-28 2025-01-21 sxiuyang@fortinet.com 128674128+v1managedservices@users.noreply.github.com Solutions/Fortinet FortiNDR Cloud/Data Connectors/fortinetFortiNdrCloudDataConn/FetchAndSendDetections/__init__.py 86 42 365 106 56 28 2024-05-07 2025-01-21 sxiuyang@fortinet.com 128674128+v1managedservices@users.noreply.github.com Solutions/Fortinet FortiNDR Cloud/Data Connectors/fortinetFortiNdrCloudDataConn/FetchAndSendDetectionsHistory/__init__.py 101 44 365 106 65 30 2024-05-07 2025-01-21 sxiuyang@fortinet.com 128674128+v1managedservices@users.noreply.github.com Solutions/SenservaPro/Hunting Queries/AzureSecureScoreSelfServicePasswordReset.yaml 18 52 1505 293 88 49 2021-03-24 2024-07-18 tj@senserva.com 164491672+shishirdw@users.noreply.github.com Solutions/SenservaPro/Hunting Queries/UserAccountDisabled.yaml 17 35 1503 576 42 32 2021-03-26 2023-10-09 tj@senserva.com mrudula.oruganti@gigamon.com Solutions/SenservaPro/Hunting Queries/AzureSecureScoreIntegratedApps.yaml 18 25 1505 576 33 24 2021-03-24 2023-10-09 tj@senserva.com mrudula.oruganti@gigamon.com Solutions/SenservaPro/Hunting Queries/AzureSecureScoreRoleOverlap.yaml 18 24 1505 576 29 22 2021-03-24 2023-10-09 tj@senserva.com mrudula.oruganti@gigamon.com Solutions/SenservaPro/Hunting Queries/StaleLastPasswordChange.yaml 17 37 1505 576 45 32 2021-03-24 2023-10-09 tj@senserva.com mrudula.oruganti@gigamon.com Solutions/SenservaPro/Hunting Queries/ServicePrincipalNotUsingClientCredentials.yaml 19 24 1505 576 29 22 2021-03-24 2023-10-09 tj@senserva.com mrudula.oruganti@gigamon.com Solutions/SenservaPro/Hunting Queries/AzureSecureScorePWAgePolicyNew.yaml 20 25 1505 576 33 24 2021-03-24 2023-10-09 tj@senserva.com mrudula.oruganti@gigamon.com Solutions/SenservaPro/Hunting Queries/AzureSecureScoreOneAdmin.yaml 19 24 1505 576 29 22 2021-03-24 2023-10-09 tj@senserva.com mrudula.oruganti@gigamon.com Solutions/SenservaPro/Hunting Queries/AzureSecureScoreUserRiskPolicy.yaml 18 24 1505 576 29 22 2021-03-24 2023-10-09 tj@senserva.com mrudula.oruganti@gigamon.com Solutions/SenservaPro/Hunting Queries/ApplicationNotUsingClientCredentials.yaml 18 24 1505 576 29 22 2021-03-24 2023-10-09 tj@senserva.com mrudula.oruganti@gigamon.com Solutions/SenservaPro/Hunting Queries/AzureSecureScoreMFARegistrationV2.yaml 19 25 1505 576 34 24 2021-03-24 2023-10-09 tj@senserva.com mrudula.oruganti@gigamon.com Solutions/SenservaPro/Hunting Queries/AzureSecureScoreBlockLegacyAuthentication.yaml 20 25 1505 576 33 24 2021-03-24 2023-10-09 tj@senserva.com mrudula.oruganti@gigamon.com Solutions/SenservaPro/Hunting Queries/AzureSecureScoreSigninRiskPolicy.yaml 18 24 1505 576 29 22 2021-03-24 2023-10-09 tj@senserva.com mrudula.oruganti@gigamon.com Solutions/SenservaPro/Hunting Queries/NonAdminGuest.yaml 17 37 1505 576 45 32 2021-03-24 2023-10-09 tj@senserva.com mrudula.oruganti@gigamon.com Solutions/SenservaPro/Hunting Queries/AzureSecureScoreAdminMFAV2.yaml 19 38 1505 576 48 33 2021-03-24 2023-10-09 tj@senserva.com mrudula.oruganti@gigamon.com Solutions/SenservaPro/Analytic Rules/SelfServicePasswordReset.yaml 41 112 1505 293 171 89 2021-03-24 2024-07-18 tj@senserva.com 164491672+shishirdw@users.noreply.github.com Solutions/SenservaPro/Analytic Rules/UserRiskPolicy.yaml 41 84 1505 576 111 67 2021-03-24 2023-10-09 tj@senserva.com mrudula.oruganti@gigamon.com Solutions/SenservaPro/Analytic Rules/MFARegistration.yaml 40 104 1505 261 142 80 2021-03-24 2024-08-19 tj@senserva.com v-prasadboke@microsoft.com Solutions/SenservaPro/Analytic Rules/UserAccountDisabled.yaml 40 82 1503 576 109 67 2021-03-26 2023-10-09 tj@senserva.com mrudula.oruganti@gigamon.com Solutions/SenservaPro/Analytic Rules/BlockLegacyAuthentication.yaml 44 104 1505 261 142 80 2021-03-24 2024-08-19 tj@senserva.com v-prasadboke@microsoft.com Solutions/SenservaPro/Analytic Rules/ThirdPartyIntegratedApps.yaml 43 104 1505 261 142 80 2021-03-24 2024-08-19 tj@senserva.com v-prasadboke@microsoft.com Solutions/SenservaPro/Analytic Rules/NotUsingClientCredentials.yaml 41 104 1505 261 142 80 2021-03-24 2024-08-19 tj@senserva.com v-prasadboke@microsoft.com Solutions/SenservaPro/Analytic Rules/SearchStaleLastPasswordChange.yaml 40 84 1505 576 112 67 2021-03-24 2023-10-09 tj@senserva.com mrudula.oruganti@gigamon.com Solutions/SenservaPro/Analytic Rules/AppsNoClientCredentials.yaml 41 84 1505 576 110 67 2021-03-24 2023-10-09 tj@senserva.com mrudula.oruganti@gigamon.com Solutions/SenservaPro/Analytic Rules/AdminMFA.yaml 41 104 1505 261 142 80 2021-03-24 2024-08-19 tj@senserva.com v-prasadboke@microsoft.com Solutions/SenservaPro/Analytic Rules/PasswordAgePolicyNew.yaml 24 104 1505 261 142 80 2021-03-24 2024-08-19 tj@senserva.com v-prasadboke@microsoft.com Solutions/SenservaPro/Analytic Rules/OneGlobalAdmin.yaml 40 104 1505 261 142 80 2021-03-24 2024-08-19 tj@senserva.com v-prasadboke@microsoft.com Solutions/SenservaPro/Analytic Rules/SignInRiskPolicy.yaml 41 84 1505 576 112 67 2021-03-24 2023-10-09 tj@senserva.com mrudula.oruganti@gigamon.com Solutions/SenservaPro/Analytic Rules/GlobaAdminRoleOverlap.yaml 41 84 1505 576 111 67 2021-03-24 2023-10-09 tj@senserva.com mrudula.oruganti@gigamon.com Solutions/SenservaPro/Analytic Rules/NonAdminGuest.yaml 40 84 1505 576 112 67 2021-03-24 2023-10-09 tj@senserva.com mrudula.oruganti@gigamon.com Solutions/Attacker Tools Threat Protection Essentials/Hunting Queries/PotentialImpacketExecution.yaml 61 73 903 268 108 61 2022-11-16 2024-08-12 v-sabiraj@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Attacker Tools Threat Protection Essentials/Hunting Queries/CobaltDNSBeacon.yaml 40 102 903 261 168 73 2022-11-16 2024-08-19 v-sabiraj@microsoft.com v-prasadboke@microsoft.com Solutions/Attacker Tools Threat Protection Essentials/Analytic Rules/CredentialDumpingToolsFileArtifacts.yaml 49 66 903 261 115 61 2022-11-16 2024-08-19 v-sabiraj@microsoft.com v-prasadboke@microsoft.com Solutions/Attacker Tools Threat Protection Essentials/Analytic Rules/CredentialDumpingServiceInstallation.yaml 48 66 903 261 115 61 2022-11-16 2024-08-19 v-sabiraj@microsoft.com v-prasadboke@microsoft.com Solutions/Attacker Tools Threat Protection Essentials/Analytic Rules/AdFind_Usage.yaml 60 53 903 293 87 53 2022-11-16 2024-07-18 v-sabiraj@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Attacker Tools Threat Protection Essentials/Analytic Rules/powershell_empire.yaml 146 61 903 293 102 57 2022-11-16 2024-07-18 v-sabiraj@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/PaloAltoCDL/Hunting Queries/PaloAltoCDLIPsByPorts.yaml 25 71 1253 58 137 58 2021-12-01 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/PaloAltoCDL/Hunting Queries/PaloAltoCDLRareFileRequests.yaml 26 71 1253 58 137 58 2021-12-01 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/PaloAltoCDL/Hunting Queries/PaloAltoCDLRareApplicationLayerProtocol.yaml 26 72 1253 58 138 58 2021-12-01 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/PaloAltoCDL/Hunting Queries/PaloAltoCDLCriticalEventResult.yaml 28 73 1253 58 139 58 2021-12-01 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/PaloAltoCDL/Hunting Queries/PaloAltoCDLMultiDenyResultbyUser.yaml 27 73 1253 58 139 58 2021-12-01 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/PaloAltoCDL/Hunting Queries/PaloAltoCDLOutdatedConfigVersions.yaml 27 101 1253 58 188 77 2021-12-01 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/PaloAltoCDL/Hunting Queries/PaloAltoCDLFilePermissionWithPutRequest.yaml 26 72 1253 58 138 58 2021-12-01 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/PaloAltoCDL/Hunting Queries/PaloAltoCDLRarePortsbyUser.yaml 30 94 1253 58 169 67 2021-12-01 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/PaloAltoCDL/Hunting Queries/PaloAltoCDLIncompleteApplicationProtocol.yaml 28 72 1253 58 138 58 2021-12-01 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/PaloAltoCDL/Hunting Queries/PaloAltoCDLOutdatedAgentVersions.yaml 27 72 1253 58 138 58 2021-12-01 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/PaloAltoCDL/Analytic Rules/PaloAltoCDLFileTypeWasChanged.yaml 36 101 1253 58 188 77 2021-12-01 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/PaloAltoCDL/Analytic Rules/PaloAltoCDLPutMethodInHighRiskFileType.yaml 34 107 1253 58 203 82 2021-12-01 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/PaloAltoCDL/Analytic Rules/PaloAltoCDLConflictingMacAddress.yaml 39 103 1253 58 191 77 2021-12-01 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/PaloAltoCDL/Analytic Rules/PaloAltoCDLPossibleFlooding.yaml 36 107 1253 58 203 82 2021-12-01 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/PaloAltoCDL/Analytic Rules/PaloAltoCDLInboundRiskPorts.yaml 33 100 1253 58 187 77 2021-12-01 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/PaloAltoCDL/Analytic Rules/PaloAltoCDLPrivilegesWasChanged.yaml 38 107 1253 58 202 82 2021-12-01 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/PaloAltoCDL/Analytic Rules/PaloAltoCDLPossiblePortScan.yaml 33 107 1253 58 202 82 2021-12-01 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/PaloAltoCDL/Analytic Rules/PaloAltoCDLUnexpectedCountries.yaml 37 107 1253 58 202 82 2021-12-01 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/PaloAltoCDL/Analytic Rules/PaloAltoCDLDroppingSessionWithSentTraffic.yaml 40 107 1253 58 202 82 2021-12-01 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/PaloAltoCDL/Analytic Rules/PaloAltoCDLPossibleAttackWithoutResponse.yaml 39 107 1253 58 202 82 2021-12-01 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/Multi Cloud Attack Coverage Essentials - Resource Abuse/Analytic Rules/UserImpersonateByRiskyUser.yaml 72 29 527 293 58 30 2023-11-27 2024-07-18 nirali.shah@crestdatasys.com 164491672+shishirdw@users.noreply.github.com Solutions/Multi Cloud Attack Coverage Essentials - Resource Abuse/Analytic Rules/UserImpersonateByAAID.yaml 28 29 527 293 58 30 2023-11-27 2024-07-18 nirali.shah@crestdatasys.com 164491672+shishirdw@users.noreply.github.com Solutions/Multi Cloud Attack Coverage Essentials - Resource Abuse/Analytic Rules/BrutforceAttemptOnAzurePortalAndAWSConsolAtSameTime.yaml 104 46 527 261 79 36 2023-11-27 2024-08-19 nirali.shah@crestdatasys.com v-prasadboke@microsoft.com Solutions/Multi Cloud Attack Coverage Essentials - Resource Abuse/Analytic Rules/CrossCloudUnauthorizedCredentialsAccessDetection.yaml 147 56 527 261 99 41 2023-11-27 2024-08-19 nirali.shah@crestdatasys.com v-prasadboke@microsoft.com Solutions/Multi Cloud Attack Coverage Essentials - Resource Abuse/Analytic Rules/SuspiciousAWSConsolLoginByCredentialAceessAlerts.yaml 130 45 527 261 78 36 2023-11-27 2024-08-19 nirali.shah@crestdatasys.com v-prasadboke@microsoft.com Solutions/Multi Cloud Attack Coverage Essentials - Resource Abuse/Analytic Rules/SuccessfulAWSConsoleLoginfromIPAddressObservedConductingPasswordSpray.yaml 125 45 527 261 78 36 2023-11-27 2024-08-19 nirali.shah@crestdatasys.com v-prasadboke@microsoft.com Solutions/Multi Cloud Attack Coverage Essentials - Resource Abuse/Analytic Rules/Unauthorized_user_access_across_AWS_and_Azure.yaml 145 56 527 261 99 41 2023-11-27 2024-08-19 nirali.shah@crestdatasys.com v-prasadboke@microsoft.com Solutions/Multi Cloud Attack Coverage Essentials - Resource Abuse/Analytic Rules/CrossCloudSuspiciousUserActivityObservedInGCPEnvourment.yaml 151 56 527 261 99 41 2023-11-27 2024-08-19 nirali.shah@crestdatasys.com v-prasadboke@microsoft.com Solutions/Multi Cloud Attack Coverage Essentials - Resource Abuse/Analytic Rules/Cross-CloudSuspiciousComputeResourcecreationinGCP.yaml 179 56 527 261 99 41 2023-11-27 2024-08-19 nirali.shah@crestdatasys.com v-prasadboke@microsoft.com Solutions/Contrast Protect/Analytic Rules/ContrastExploits.yaml 67 72 1069 259 154 54 2022-06-03 2024-08-21 v-sabiraj@microsoft.com nilepagn@microsoft.com Solutions/Contrast Protect/Analytic Rules/ContrastSuspicious.yaml 67 72 1069 259 154 54 2022-06-03 2024-08-21 v-sabiraj@microsoft.com nilepagn@microsoft.com Solutions/Contrast Protect/Analytic Rules/ContrastBlocks.yaml 67 72 1069 259 154 54 2022-06-03 2024-08-21 v-sabiraj@microsoft.com nilepagn@microsoft.com Solutions/Contrast Protect/Analytic Rules/ContrastProbes.yaml 67 72 1069 259 154 54 2022-06-03 2024-08-21 v-sabiraj@microsoft.com nilepagn@microsoft.com Solutions/Workplace from Facebook/Parsers/Workplace_Facebook.yaml 23 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Workplace from Facebook/Data Connectors/WorkplaceFacebook/WorkplaceWebhooksTrigger/__init__.py 92 24 1077 576 35 20 2022-05-26 2023-10-09 55556791+elforb@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Nasuni/Hunting Queries/FileDeleteEvents.yaml 71 66 730 57 126 55 2023-05-08 2025-03-11 mdriscoll@nasuni.com v-atulyadav@microsoft.com Solutions/Nasuni/Analytic Rules/RansomwareAttackDetected.yaml 50 66 730 57 129 55 2023-05-08 2025-03-11 mdriscoll@nasuni.com v-atulyadav@microsoft.com Solutions/Nasuni/Analytic Rules/RansomwareClientBlocked.yaml 47 66 730 57 129 55 2023-05-08 2025-03-11 mdriscoll@nasuni.com v-atulyadav@microsoft.com Solutions/Microsoft Exchange Security - Exchange On-Premises/Parsers/ExchangeAdminAuditLogs.yaml 65 71 624 13 149 61 2023-08-22 2025-04-24 mkchiliveri@gmail.com v-prasadboke@microsoft.com Solutions/Microsoft Exchange Security - Exchange On-Premises/Parsers/MESCheckVIP.yaml 29 50 553 261 92 39 2023-11-01 2024-08-19 nilepagn@microsoft.com v-prasadboke@microsoft.com Solutions/Microsoft Exchange Security - Exchange On-Premises/Parsers/MESCompareDataOnPMRA.yaml 183 25 250 58 45 15 2024-08-30 2025-03-10 nilepagn@microsoft.com idoshabi@microsoft.com Solutions/Microsoft Exchange Security - Exchange On-Premises/Parsers/ExchangeEnvironmentList.yaml 26 67 624 261 143 46 2023-08-22 2024-08-19 mkchiliveri@gmail.com v-prasadboke@microsoft.com Solutions/Microsoft Exchange Security - Exchange On-Premises/Parsers/ExchangeConfiguration.yaml 82 89 624 261 181 57 2023-08-22 2024-08-19 mkchiliveri@gmail.com v-prasadboke@microsoft.com Solutions/Microsoft Exchange Security - Exchange On-Premises/Analytic Rules/ServerOrientedWithUserOrientedAdministration.yaml 77 87 727 293 170 68 2023-05-11 2024-07-18 nilepagn@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Microsoft Exchange Security - Exchange On-Premises/Analytic Rules/CriticalCmdletsUsageDetection.yaml 55 86 727 293 171 68 2023-05-11 2024-07-18 nilepagn@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Microsoft Exchange Security - Exchange On-Premises/# - General Content/Solutions/ESICollector/OnlineDeployment/CollectExchSecIns.ps1 3543 12 65 13 19 14 2025-03-03 2025-04-24 nilepagn@microsoft.com v-prasadboke@microsoft.com Solutions/Microsoft Exchange Security - Exchange On-Premises/# - General Content/Solutions/ESICollector/OnlineDeployment/ExchangeOnlinePermSetup.ps1 36 11 65 13 16 13 2025-03-03 2025-04-24 nilepagn@microsoft.com v-prasadboke@microsoft.com Solutions/ProofPointTap/Parsers/ProofpointTAPEvent.yaml 42 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/ProofPointTap/Analytic Rules/MalwareAttachmentDelivered.yaml 52 130 1395 259 221 98 2021-07-12 2024-08-21 73637076+v-admahe@users.noreply.github.com nilepagn@microsoft.com Solutions/ProofPointTap/Analytic Rules/MalwareLinkClicked.yaml 52 144 1395 26 239 104 2021-07-12 2025-04-11 73637076+v-admahe@users.noreply.github.com bartleyriley@gmail.com Solutions/ProofPointTap/Data Connectors/requirements.psd1 7 30 807 457 50 28 2023-02-20 2024-02-05 v-rbajaj@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Solutions/ProofPointTap/Data Connectors/AzureFunctionProofpointTAP/run.ps1 155 54 807 293 95 47 2023-02-20 2024-07-18 v-rbajaj@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/ProofPointTap/Data Connectors/profile.ps1 18 30 807 457 50 28 2023-02-20 2024-02-05 v-rbajaj@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Solutions/JuniperIDP/Parsers/JuniperIDP.yaml 96 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Infoblox/Parsers/InfobloxCDC_SOCInsights.yaml 43 16 296 106 26 16 2024-07-15 2025-01-21 nipun.brahmbhatt@crestdatasys.com 128674128+v1managedservices@users.noreply.github.com Solutions/Infoblox/Parsers/InfobloxInsightEvents.yaml 40 16 296 106 26 16 2024-07-15 2025-01-21 nipun.brahmbhatt@crestdatasys.com 128674128+v1managedservices@users.noreply.github.com Solutions/Infoblox/Parsers/InfobloxInsight.yaml 41 16 296 106 26 16 2024-07-15 2025-01-21 nipun.brahmbhatt@crestdatasys.com 128674128+v1managedservices@users.noreply.github.com Solutions/Infoblox/Parsers/InfobloxInsightComments.yaml 19 16 296 106 26 16 2024-07-15 2025-01-21 nipun.brahmbhatt@crestdatasys.com 128674128+v1managedservices@users.noreply.github.com Solutions/Infoblox/Parsers/InfobloxInsightAssets.yaml 39 16 296 106 26 16 2024-07-15 2025-01-21 nipun.brahmbhatt@crestdatasys.com 128674128+v1managedservices@users.noreply.github.com Solutions/Infoblox/Parsers/InfobloxInsightIndicators.yaml 39 16 296 106 26 16 2024-07-15 2025-01-21 nipun.brahmbhatt@crestdatasys.com 128674128+v1managedservices@users.noreply.github.com Solutions/Infoblox/Analytic Rules/Infoblox-SOCInsight-Detected-CDCSource.yaml 53 15 292 106 25 16 2024-07-19 2025-01-21 v-prasadboke@microsoft.com 128674128+v1managedservices@users.noreply.github.com Solutions/Infoblox/Analytic Rules/Infoblox-SOCInsight-Detected-APISource.yaml 55 15 292 106 25 16 2024-07-19 2025-01-21 v-prasadboke@microsoft.com 128674128+v1managedservices@users.noreply.github.com Solutions/Infoblox/Data Connectors/InfobloxCloudDataConnector/InfobloxDossierRequiredSource/list_of_sources.py 143 15 296 106 24 16 2024-07-15 2025-01-21 nipun.brahmbhatt@crestdatasys.com 128674128+v1managedservices@users.noreply.github.com Solutions/Infoblox/Data Connectors/InfobloxCloudDataConnector/InfobloxDossierRequiredSource/__init__.py 38 15 296 106 24 16 2024-07-15 2025-01-21 nipun.brahmbhatt@crestdatasys.com 128674128+v1managedservices@users.noreply.github.com Solutions/Infoblox/Data Connectors/InfobloxCloudDataConnector/AzureStorageToIndicators/__init__.py 18 15 296 106 24 16 2024-07-15 2025-01-21 nipun.brahmbhatt@crestdatasys.com 128674128+v1managedservices@users.noreply.github.com Solutions/Infoblox/Data Connectors/InfobloxCloudDataConnector/AzureStorageToIndicators/create_indicator.py 167 15 296 106 24 16 2024-07-15 2025-01-21 nipun.brahmbhatt@crestdatasys.com 128674128+v1managedservices@users.noreply.github.com Solutions/Infoblox/Data Connectors/InfobloxCloudDataConnector/AzureStorageToIndicators/indicator_mapping.py 149 15 296 106 24 16 2024-07-15 2025-01-21 nipun.brahmbhatt@crestdatasys.com 128674128+v1managedservices@users.noreply.github.com Solutions/Infoblox/Data Connectors/InfobloxCloudDataConnector/InfobloxParseRawIndicators/__init__.py 22 15 296 106 24 16 2024-07-15 2025-01-21 nipun.brahmbhatt@crestdatasys.com 128674128+v1managedservices@users.noreply.github.com Solutions/Infoblox/Data Connectors/InfobloxCloudDataConnector/InfobloxParseRawIndicators/parse_json_files.py 372 15 296 106 24 16 2024-07-15 2025-01-21 nipun.brahmbhatt@crestdatasys.com 128674128+v1managedservices@users.noreply.github.com Solutions/Infoblox/Data Connectors/InfobloxCloudDataConnector/InfobloxDossierHttpStarter/__init__.py 65 15 296 106 24 16 2024-07-15 2025-01-21 nipun.brahmbhatt@crestdatasys.com 128674128+v1managedservices@users.noreply.github.com Solutions/Infoblox/Data Connectors/InfobloxCloudDataConnector/InfobloxDossierOrchestrator/__init__.py 88 15 296 106 24 16 2024-07-15 2025-01-21 nipun.brahmbhatt@crestdatasys.com 128674128+v1managedservices@users.noreply.github.com Solutions/Infoblox/Data Connectors/InfobloxCloudDataConnector/InfobloxDossierOrchestrator/create_dossier_job.py 105 16 296 106 25 16 2024-07-15 2025-01-21 nipun.brahmbhatt@crestdatasys.com 128674128+v1managedservices@users.noreply.github.com Solutions/Infoblox/Data Connectors/InfobloxCloudDataConnector/InfobloxDossierJobResult/__init__.py 19 15 296 106 24 16 2024-07-15 2025-01-21 nipun.brahmbhatt@crestdatasys.com 128674128+v1managedservices@users.noreply.github.com Solutions/Infoblox/Data Connectors/InfobloxCloudDataConnector/InfobloxDossierJobResult/get_dossier_result.py 170 15 296 106 24 16 2024-07-15 2025-01-21 nipun.brahmbhatt@crestdatasys.com 128674128+v1managedservices@users.noreply.github.com Solutions/Infoblox/Data Connectors/InfobloxCloudDataConnector/SharedCode/sentinel.py 85 15 296 106 24 16 2024-07-15 2025-01-21 nipun.brahmbhatt@crestdatasys.com 128674128+v1managedservices@users.noreply.github.com Solutions/Infoblox/Data Connectors/InfobloxCloudDataConnector/SharedCode/infoblox_exception.py 6 15 296 106 24 16 2024-07-15 2025-01-21 nipun.brahmbhatt@crestdatasys.com 128674128+v1managedservices@users.noreply.github.com Solutions/Infoblox/Data Connectors/InfobloxCloudDataConnector/SharedCode/__init__.py 1 15 296 106 24 16 2024-07-15 2025-01-21 nipun.brahmbhatt@crestdatasys.com 128674128+v1managedservices@users.noreply.github.com Solutions/Infoblox/Data Connectors/InfobloxCloudDataConnector/SharedCode/state_manager.py 28 15 296 106 24 16 2024-07-15 2025-01-21 nipun.brahmbhatt@crestdatasys.com 128674128+v1managedservices@users.noreply.github.com Solutions/Infoblox/Data Connectors/InfobloxCloudDataConnector/SharedCode/utils.py 948 16 296 106 25 16 2024-07-15 2025-01-21 nipun.brahmbhatt@crestdatasys.com 128674128+v1managedservices@users.noreply.github.com Solutions/Infoblox/Data Connectors/InfobloxCloudDataConnector/SharedCode/consts.py 110 15 296 106 24 16 2024-07-15 2025-01-21 nipun.brahmbhatt@crestdatasys.com 128674128+v1managedservices@users.noreply.github.com Solutions/Infoblox/Data Connectors/InfobloxCloudDataConnector/SharedCode/logger.py 18 15 296 106 24 16 2024-07-15 2025-01-21 nipun.brahmbhatt@crestdatasys.com 128674128+v1managedservices@users.noreply.github.com Solutions/Infoblox/Data Connectors/InfobloxCloudDataConnector/RetryFailedIndicators/__init__.py 13 16 296 106 26 16 2024-07-15 2025-01-21 nipun.brahmbhatt@crestdatasys.com 128674128+v1managedservices@users.noreply.github.com Solutions/Infoblox/Data Connectors/InfobloxCloudDataConnector/RetryFailedIndicators/retry_failed_indicators.py 89 16 296 106 26 16 2024-07-15 2025-01-21 nipun.brahmbhatt@crestdatasys.com 128674128+v1managedservices@users.noreply.github.com Solutions/Infoblox/Data Connectors/InfobloxCloudDataConnector/InfobloxCurrentToAzureStorage/__init__.py 35 15 296 106 24 16 2024-07-15 2025-01-21 nipun.brahmbhatt@crestdatasys.com 128674128+v1managedservices@users.noreply.github.com Solutions/Infoblox/Data Connectors/InfobloxCloudDataConnector/InfobloxCurrentToAzureStorage/infoblox_to_azure_storage.py 519 15 296 106 24 16 2024-07-15 2025-01-21 nipun.brahmbhatt@crestdatasys.com 128674128+v1managedservices@users.noreply.github.com Solutions/Infoblox/Data Connectors/InfobloxCloudDataConnector/InfobloxHistoricalToAzureStorage/__init__.py 35 15 296 106 24 16 2024-07-15 2025-01-21 nipun.brahmbhatt@crestdatasys.com 128674128+v1managedservices@users.noreply.github.com Solutions/Infoblox/Data Connectors/InfobloxCloudDataConnector/InfobloxHistoricalToAzureStorage/infoblox_to_azure_storage.py 538 15 296 106 24 16 2024-07-15 2025-01-21 nipun.brahmbhatt@crestdatasys.com 128674128+v1managedservices@users.noreply.github.com Solutions/Global Secure Access/Hunting Queries/MultipleTeamsDeletes.yaml 65 35 272 58 42 19 2024-08-08 2025-03-10 131643892+moti-ba@users.noreply.github.com idoshabi@microsoft.com Solutions/Global Secure Access/Hunting Queries/ExternalUserFromNewOrgAddedToTeams.yaml 15 35 272 58 42 19 2024-08-08 2025-03-10 131643892+moti-ba@users.noreply.github.com idoshabi@microsoft.com Solutions/Global Secure Access/Hunting Queries/MultipleUsersEmailForwardedToSameDestination.yaml 65 35 272 58 42 19 2024-08-08 2025-03-10 131643892+moti-ba@users.noreply.github.com idoshabi@microsoft.com Solutions/Global Secure Access/Hunting Queries/New_WindowsReservedFileNamesOnOfficeFileServices.yaml 74 35 272 58 42 19 2024-08-08 2025-03-10 131643892+moti-ba@users.noreply.github.com idoshabi@microsoft.com Solutions/Global Secure Access/Hunting Queries/powershell_or_nonbrowser_MailboxLogin.yaml 50 35 272 58 42 19 2024-08-08 2025-03-10 131643892+moti-ba@users.noreply.github.com idoshabi@microsoft.com Solutions/Global Secure Access/Hunting Queries/NewBotAddedToTeams.yaml 61 35 272 58 42 19 2024-08-08 2025-03-10 131643892+moti-ba@users.noreply.github.com idoshabi@microsoft.com Solutions/Global Secure Access/Hunting Queries/sharepoint_downloads.yaml 62 35 272 58 42 19 2024-08-08 2025-03-10 131643892+moti-ba@users.noreply.github.com idoshabi@microsoft.com Solutions/Global Secure Access/Hunting Queries/MultiTeamBot.yaml 58 35 272 58 42 19 2024-08-08 2025-03-10 131643892+moti-ba@users.noreply.github.com idoshabi@microsoft.com Solutions/Global Secure Access/Hunting Queries/double_file_ext_exes.yaml 52 18 272 106 23 16 2024-08-08 2025-01-21 131643892+moti-ba@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Global Secure Access/Hunting Queries/ExternalUserAddedRemovedInTeams_HuntVersion.yaml 42 18 272 106 23 16 2024-08-08 2025-01-21 131643892+moti-ba@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Global Secure Access/Hunting Queries/nonowner_MailboxLogin.yaml 67 35 272 58 42 19 2024-08-08 2025-03-10 131643892+moti-ba@users.noreply.github.com idoshabi@microsoft.com Solutions/Global Secure Access/Hunting Queries/new_sharepoint_downloads_by_IP.yaml 67 35 272 58 42 19 2024-08-08 2025-03-10 131643892+moti-ba@users.noreply.github.com idoshabi@microsoft.com Solutions/Global Secure Access/Hunting Queries/new_sharepoint_downloads_by_UserAgent.yaml 75 35 272 58 42 19 2024-08-08 2025-03-10 131643892+moti-ba@users.noreply.github.com idoshabi@microsoft.com Solutions/Global Secure Access/Hunting Queries/UserAddToTeamsAndUploadsFile.yaml 62 35 272 58 42 19 2024-08-08 2025-03-10 131643892+moti-ba@users.noreply.github.com idoshabi@microsoft.com Solutions/Global Secure Access/Hunting Queries/new_adminaccountactivity.yaml 53 18 272 106 23 16 2024-08-08 2025-01-21 131643892+moti-ba@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Global Secure Access/Hunting Queries/Mail_redirect_via_ExO_transport_rule_hunting.yaml 73 35 272 58 42 19 2024-08-08 2025-03-10 131643892+moti-ba@users.noreply.github.com idoshabi@microsoft.com Solutions/Global Secure Access/Hunting Queries/WindowsReservedFileNamesOnOfficeFileServices.yaml 74 35 272 58 42 19 2024-08-08 2025-03-10 131643892+moti-ba@users.noreply.github.com idoshabi@microsoft.com Solutions/Global Secure Access/Hunting Queries/OfficeMailForwarding_hunting.yaml 64 35 272 58 42 19 2024-08-08 2025-03-10 131643892+moti-ba@users.noreply.github.com idoshabi@microsoft.com Solutions/Global Secure Access/Hunting Queries/MultiTeamOwner.yaml 74 35 272 58 42 19 2024-08-08 2025-03-10 131643892+moti-ba@users.noreply.github.com idoshabi@microsoft.com Solutions/Global Secure Access/Hunting Queries/AnomolousUserAccessingOtherUsersMailbox.yaml 110 43 272 58 69 26 2024-08-08 2025-03-10 131643892+moti-ba@users.noreply.github.com idoshabi@microsoft.com Solutions/Global Secure Access/Hunting Queries/TeamsFilesUploaded.yaml 72 35 272 58 42 19 2024-08-08 2025-03-10 131643892+moti-ba@users.noreply.github.com idoshabi@microsoft.com Solutions/Global Secure Access/Analytic Rules/Office 365 - office_policytampering.yaml 100 42 272 58 59 23 2024-08-08 2025-03-10 131643892+moti-ba@users.noreply.github.com idoshabi@microsoft.com Solutions/Global Secure Access/Analytic Rules/Office 365 - Mail_redirect_via_ExO_transport_rule.yaml 119 50 272 58 93 30 2024-08-08 2025-03-10 131643892+moti-ba@users.noreply.github.com idoshabi@microsoft.com Solutions/Global Secure Access/Analytic Rules/SWG - Source IP Port Scan.yaml 41 52 272 57 84 32 2024-08-08 2025-03-11 131643892+moti-ba@users.noreply.github.com v-atulyadav@microsoft.com Solutions/Global Secure Access/Analytic Rules/Office 365 - exchange_auditlogdisabled.yaml 73 42 272 58 61 23 2024-08-08 2025-03-10 131643892+moti-ba@users.noreply.github.com idoshabi@microsoft.com Solutions/Global Secure Access/Analytic Rules/Office 365 - Malicious_Inbox_Rule.yaml 76 42 272 58 60 23 2024-08-08 2025-03-10 131643892+moti-ba@users.noreply.github.com idoshabi@microsoft.com Solutions/Global Secure Access/Analytic Rules/SWG - Abnormal Deny Rate.yaml 58 52 272 57 83 32 2024-08-08 2025-03-11 131643892+moti-ba@users.noreply.github.com v-atulyadav@microsoft.com Solutions/Global Secure Access/Analytic Rules/Office 365 - Office_Uploaded_Executables.yaml 85 42 272 58 60 23 2024-08-08 2025-03-10 131643892+moti-ba@users.noreply.github.com idoshabi@microsoft.com Solutions/Global Secure Access/Analytic Rules/Office 365 - SharePoint_Downloads_byNewUserAgent.yaml 116 42 272 58 67 23 2024-08-08 2025-03-10 131643892+moti-ba@users.noreply.github.com idoshabi@microsoft.com Solutions/Global Secure Access/Analytic Rules/Office 365 - sharepoint_file_transfer_above_threshold.yaml 87 43 272 58 69 23 2024-08-08 2025-03-10 131643892+moti-ba@users.noreply.github.com idoshabi@microsoft.com Solutions/Global Secure Access/Analytic Rules/Office 365 - RareOfficeOperations.yaml 62 42 272 58 60 23 2024-08-08 2025-03-10 131643892+moti-ba@users.noreply.github.com idoshabi@microsoft.com Solutions/Global Secure Access/Analytic Rules/Office 365 - SharePoint_Downloads_byNewIP.yaml 91 42 272 58 60 23 2024-08-08 2025-03-10 131643892+moti-ba@users.noreply.github.com idoshabi@microsoft.com Solutions/Global Secure Access/Analytic Rules/SWG - Abnormal Port to Protocol.yaml 54 52 272 57 84 32 2024-08-08 2025-03-11 131643892+moti-ba@users.noreply.github.com v-atulyadav@microsoft.com Solutions/Global Secure Access/Analytic Rules/Office 365 - ExternalUserAddedRemovedInTeams.yaml 94 42 272 58 63 23 2024-08-08 2025-03-10 131643892+moti-ba@users.noreply.github.com idoshabi@microsoft.com Solutions/Global Secure Access/Analytic Rules/Office 365 - Office_MailForwarding.yaml 71 42 272 58 60 23 2024-08-08 2025-03-10 131643892+moti-ba@users.noreply.github.com idoshabi@microsoft.com Solutions/Global Secure Access/Analytic Rules/Office 365 - External User added to Team and immediately uploads file.yaml 125 50 272 58 90 30 2024-08-08 2025-03-10 131643892+moti-ba@users.noreply.github.com idoshabi@microsoft.com Solutions/Global Secure Access/Analytic Rules/Office 365 - sharepoint_file_transfer_folders_above_threshold.yaml 91 42 272 58 67 23 2024-08-08 2025-03-10 131643892+moti-ba@users.noreply.github.com idoshabi@microsoft.com Solutions/Global Secure Access/Analytic Rules/Identity - AfterHoursActivity.yaml 41 52 272 57 84 32 2024-08-08 2025-03-11 131643892+moti-ba@users.noreply.github.com v-atulyadav@microsoft.com Solutions/Global Secure Access/Analytic Rules/Office 365 - MultipleTeamsDeletes.yaml 58 42 272 58 60 23 2024-08-08 2025-03-10 131643892+moti-ba@users.noreply.github.com idoshabi@microsoft.com Solutions/ExtraHop/Analytic Rules/ExtraHopSentinelAlerts.yaml 64 13 85 13 21 10 2025-02-11 2025-04-24 nirali.shah@crestdata.ai v-prasadboke@microsoft.com Solutions/ExtraHop/Data Connectors/ExtraHopDataConnector/ExtraHopSentinelActivity/extrahop.py 68 9 85 13 11 9 2025-02-11 2025-04-24 nirali.shah@crestdata.ai v-prasadboke@microsoft.com Solutions/ExtraHop/Data Connectors/ExtraHopDataConnector/ExtraHopSentinelActivity/sentinel.py 197 9 85 13 11 9 2025-02-11 2025-04-24 nirali.shah@crestdata.ai v-prasadboke@microsoft.com Solutions/ExtraHop/Data Connectors/ExtraHopDataConnector/ExtraHopSentinelActivity/__init__.py 22 9 85 13 11 9 2025-02-11 2025-04-24 nirali.shah@crestdata.ai v-prasadboke@microsoft.com Solutions/ExtraHop/Data Connectors/ExtraHopDataConnector/SharedCode/__init__.py 1 9 85 13 11 9 2025-02-11 2025-04-24 nirali.shah@crestdata.ai v-prasadboke@microsoft.com Solutions/ExtraHop/Data Connectors/ExtraHopDataConnector/SharedCode/extrahop_exceptions.py 9 9 85 13 11 9 2025-02-11 2025-04-24 nirali.shah@crestdata.ai v-prasadboke@microsoft.com Solutions/ExtraHop/Data Connectors/ExtraHopDataConnector/SharedCode/consts.py 10 9 85 13 11 9 2025-02-11 2025-04-24 nirali.shah@crestdata.ai v-prasadboke@microsoft.com Solutions/ExtraHop/Data Connectors/ExtraHopDataConnector/SharedCode/logger.py 12 9 85 13 11 9 2025-02-11 2025-04-24 nirali.shah@crestdata.ai v-prasadboke@microsoft.com Solutions/ExtraHop/Data Connectors/ExtraHopDataConnector/ExtraHopDetectionsOrchestrator/__init__.py 11 9 85 13 11 9 2025-02-11 2025-04-24 nirali.shah@crestdata.ai v-prasadboke@microsoft.com Solutions/ExtraHop/Data Connectors/ExtraHopDataConnector/ExtraHopHttpStarter/__init__.py 67 9 85 13 11 9 2025-02-11 2025-04-24 nirali.shah@crestdata.ai v-prasadboke@microsoft.com Solutions/McAfee ePolicy Orchestrator/Hunting Queries/McAfeeEPOEmailThreats.yaml 39 55 1057 57 91 42 2022-06-15 2025-03-11 v-sabiraj@microsoft.com v-atulyadav@microsoft.com Solutions/McAfee ePolicy Orchestrator/Hunting Queries/McAfeeEPOObjectsNotScanned.yaml 27 55 1057 57 91 42 2022-06-15 2025-03-11 v-sabiraj@microsoft.com v-atulyadav@microsoft.com Solutions/McAfee ePolicy Orchestrator/Hunting Queries/McAfeeEPOThreatNotBlocked.yaml 36 55 1057 57 91 42 2022-06-15 2025-03-11 v-sabiraj@microsoft.com v-atulyadav@microsoft.com Solutions/McAfee ePolicy Orchestrator/Hunting Queries/McAfeeEPOAgentErrors.yaml 35 55 1057 57 91 42 2022-06-15 2025-03-11 v-sabiraj@microsoft.com v-atulyadav@microsoft.com Solutions/McAfee ePolicy Orchestrator/Hunting Queries/McAfeeEPOScanErrors.yaml 35 55 1057 57 91 42 2022-06-15 2025-03-11 v-sabiraj@microsoft.com v-atulyadav@microsoft.com Solutions/McAfee ePolicy Orchestrator/Hunting Queries/McAfeeEPOLongTermInfectedSystems.yaml 41 55 1057 57 91 42 2022-06-15 2025-03-11 v-sabiraj@microsoft.com v-atulyadav@microsoft.com Solutions/McAfee ePolicy Orchestrator/Hunting Queries/McAfeeEPOInfectedSystems.yaml 25 55 1057 57 91 42 2022-06-15 2025-03-11 v-sabiraj@microsoft.com v-atulyadav@microsoft.com Solutions/McAfee ePolicy Orchestrator/Hunting Queries/McAfeeEPOInfectedFiles.yaml 25 55 1057 57 91 42 2022-06-15 2025-03-11 v-sabiraj@microsoft.com v-atulyadav@microsoft.com Solutions/McAfee ePolicy Orchestrator/Hunting Queries/McAfeeEPOMultipleThreats.yaml 29 55 1057 57 92 42 2022-06-15 2025-03-11 v-sabiraj@microsoft.com v-atulyadav@microsoft.com Solutions/McAfee ePolicy Orchestrator/Hunting Queries/McAfeeEPOApplicationsBlocked.yaml 28 55 1057 57 91 42 2022-06-15 2025-03-11 v-sabiraj@microsoft.com v-atulyadav@microsoft.com Solutions/McAfee ePolicy Orchestrator/Parsers/McAfeeEPOEvent.yaml 200 58 624 293 127 51 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/McAfee ePolicy Orchestrator/Analytic Rules/McAfeeEPOTaskError.yaml 33 56 1057 57 92 42 2022-06-15 2025-03-11 v-sabiraj@microsoft.com v-atulyadav@microsoft.com Solutions/McAfee ePolicy Orchestrator/Analytic Rules/McAfeeEPODeploymentFailed.yaml 33 56 1057 57 92 42 2022-06-15 2025-03-11 v-sabiraj@microsoft.com v-atulyadav@microsoft.com Solutions/McAfee ePolicy Orchestrator/Analytic Rules/McAfeeEPOScanningEngineDisabled.yaml 34 56 1057 57 92 42 2022-06-15 2025-03-11 v-sabiraj@microsoft.com v-atulyadav@microsoft.com Solutions/McAfee ePolicy Orchestrator/Analytic Rules/McAfeeEPOUnableCleanDeleteInfectedFile.yaml 39 56 1057 57 92 42 2022-06-15 2025-03-11 v-sabiraj@microsoft.com v-atulyadav@microsoft.com Solutions/McAfee ePolicy Orchestrator/Analytic Rules/McAfeeEPOThreatNotBlocked.yaml 35 56 1057 57 92 42 2022-06-15 2025-03-11 v-sabiraj@microsoft.com v-atulyadav@microsoft.com Solutions/McAfee ePolicy Orchestrator/Analytic Rules/McAfeeEPOUpdateFailed.yaml 34 56 1057 57 92 42 2022-06-15 2025-03-11 v-sabiraj@microsoft.com v-atulyadav@microsoft.com Solutions/McAfee ePolicy Orchestrator/Analytic Rules/McAfeeEPOMultipleThreatsSameHost.yaml 40 56 1057 57 92 42 2022-06-15 2025-03-11 v-sabiraj@microsoft.com v-atulyadav@microsoft.com Solutions/McAfee ePolicy Orchestrator/Analytic Rules/McAfeeEPOAttemptUninstallAgent.yaml 34 56 1057 57 92 42 2022-06-15 2025-03-11 v-sabiraj@microsoft.com v-atulyadav@microsoft.com Solutions/McAfee ePolicy Orchestrator/Analytic Rules/McAfeeEPOAgentHandlerDown.yaml 33 56 1057 57 92 42 2022-06-15 2025-03-11 v-sabiraj@microsoft.com v-atulyadav@microsoft.com Solutions/McAfee ePolicy Orchestrator/Analytic Rules/McAfeeEPOSpamEmail.yaml 33 56 1057 57 92 42 2022-06-15 2025-03-11 v-sabiraj@microsoft.com v-atulyadav@microsoft.com Solutions/McAfee ePolicy Orchestrator/Analytic Rules/McAfeeEPOExceptionAdded.yaml 31 56 1057 57 92 42 2022-06-15 2025-03-11 v-sabiraj@microsoft.com v-atulyadav@microsoft.com Solutions/McAfee ePolicy Orchestrator/Analytic Rules/McAfeeEPOLoggingError.yaml 38 56 1057 57 92 42 2022-06-15 2025-03-11 v-sabiraj@microsoft.com v-atulyadav@microsoft.com Solutions/McAfee ePolicy Orchestrator/Analytic Rules/McAfeeEPOFirewallDisabled.yaml 35 56 1057 57 92 42 2022-06-15 2025-03-11 v-sabiraj@microsoft.com v-atulyadav@microsoft.com Solutions/McAfee ePolicy Orchestrator/Analytic Rules/McAfeeEPOAlertError.yaml 30 56 1057 57 92 42 2022-06-15 2025-03-11 v-sabiraj@microsoft.com v-atulyadav@microsoft.com Solutions/CofenseIntelligence/Data Connectors/CofenseIntelligenceDataConnector/CofenseToSentinel/sentinel.py 126 36 679 293 62 27 2023-06-28 2024-07-18 jayesh.prajapati@cdsys.local 164491672+shishirdw@users.noreply.github.com Solutions/CofenseIntelligence/Data Connectors/CofenseIntelligenceDataConnector/CofenseToSentinel/__init__.py 13 35 679 293 61 27 2023-06-28 2024-07-18 jayesh.prajapati@cdsys.local 164491672+shishirdw@users.noreply.github.com Solutions/CofenseIntelligence/Data Connectors/CofenseIntelligenceDataConnector/CofenseToSentinel/cofense_to_sentinel.py 273 35 679 293 61 27 2023-06-28 2024-07-18 jayesh.prajapati@cdsys.local 164491672+shishirdw@users.noreply.github.com Solutions/CofenseIntelligence/Data Connectors/CofenseIntelligenceDataConnector/CofenseToSentinel/cofense_to_sentinel_mapping.py 60 35 679 293 61 27 2023-06-28 2024-07-18 jayesh.prajapati@cdsys.local 164491672+shishirdw@users.noreply.github.com Solutions/CofenseIntelligence/Data Connectors/CofenseIntelligenceDataConnector/DownloadThreatReports/__init__.py 149 35 679 293 61 27 2023-06-28 2024-07-18 jayesh.prajapati@cdsys.local 164491672+shishirdw@users.noreply.github.com Solutions/CofenseIntelligence/Data Connectors/CofenseIntelligenceDataConnector/CofenseIntelligenceMalware/cofense_malware_data_to_sentinel.py 391 36 679 293 62 27 2023-06-28 2024-07-18 jayesh.prajapati@cdsys.local 164491672+shishirdw@users.noreply.github.com Solutions/CofenseIntelligence/Data Connectors/CofenseIntelligenceDataConnector/CofenseIntelligenceMalware/__init__.py 13 35 679 293 61 27 2023-06-28 2024-07-18 jayesh.prajapati@cdsys.local 164491672+shishirdw@users.noreply.github.com Solutions/CofenseIntelligence/Data Connectors/CofenseIntelligenceDataConnector/SentinelToDefender/sentinel.py 711 36 679 293 62 27 2023-06-28 2024-07-18 jayesh.prajapati@cdsys.local 164491672+shishirdw@users.noreply.github.com Solutions/CofenseIntelligence/Data Connectors/CofenseIntelligenceDataConnector/SentinelToDefender/__init__.py 34 35 679 293 61 27 2023-06-28 2024-07-18 jayesh.prajapati@cdsys.local 164491672+shishirdw@users.noreply.github.com Solutions/CofenseIntelligence/Data Connectors/CofenseIntelligenceDataConnector/SentinelToDefender/sentinel_to_defender_mapping.py 151 36 679 293 62 27 2023-06-28 2024-07-18 jayesh.prajapati@cdsys.local 164491672+shishirdw@users.noreply.github.com Solutions/CofenseIntelligence/Data Connectors/CofenseIntelligenceDataConnector/SentinelToDefender/defender.py 283 35 679 293 61 27 2023-06-28 2024-07-18 jayesh.prajapati@cdsys.local 164491672+shishirdw@users.noreply.github.com Solutions/CofenseIntelligence/Data Connectors/CofenseIntelligenceDataConnector/SharedCode/sentinel.py 117 35 679 293 61 27 2023-06-28 2024-07-18 jayesh.prajapati@cdsys.local 164491672+shishirdw@users.noreply.github.com Solutions/CofenseIntelligence/Data Connectors/CofenseIntelligenceDataConnector/SharedCode/manage_checkpoints.py 82 35 679 293 61 27 2023-06-28 2024-07-18 jayesh.prajapati@cdsys.local 164491672+shishirdw@users.noreply.github.com Solutions/CofenseIntelligence/Data Connectors/CofenseIntelligenceDataConnector/SharedCode/__init__.py 1 35 679 293 61 27 2023-06-28 2024-07-18 jayesh.prajapati@cdsys.local 164491672+shishirdw@users.noreply.github.com Solutions/CofenseIntelligence/Data Connectors/CofenseIntelligenceDataConnector/SharedCode/cofense_intelligence_exception.py 3 35 679 293 61 27 2023-06-28 2024-07-18 jayesh.prajapati@cdsys.local 164491672+shishirdw@users.noreply.github.com Solutions/CofenseIntelligence/Data Connectors/CofenseIntelligenceDataConnector/SharedCode/state_manager.py 37 35 679 293 61 27 2023-06-28 2024-07-18 jayesh.prajapati@cdsys.local 164491672+shishirdw@users.noreply.github.com Solutions/CofenseIntelligence/Data Connectors/CofenseIntelligenceDataConnector/SharedCode/utils.py 433 36 679 293 62 27 2023-06-28 2024-07-18 jayesh.prajapati@cdsys.local 164491672+shishirdw@users.noreply.github.com Solutions/CofenseIntelligence/Data Connectors/CofenseIntelligenceDataConnector/SharedCode/consts.py 63 36 679 293 62 27 2023-06-28 2024-07-18 jayesh.prajapati@cdsys.local 164491672+shishirdw@users.noreply.github.com Solutions/CofenseIntelligence/Data Connectors/CofenseIntelligenceDataConnector/SharedCode/logger.py 25 35 679 293 61 27 2023-06-28 2024-07-18 jayesh.prajapati@cdsys.local 164491672+shishirdw@users.noreply.github.com Solutions/CofenseIntelligence/Data Connectors/CofenseIntelligenceDataConnector/RetryFailedIndicators/sentinel.py 111 36 679 293 62 27 2023-06-28 2024-07-18 jayesh.prajapati@cdsys.local 164491672+shishirdw@users.noreply.github.com Solutions/CofenseIntelligence/Data Connectors/CofenseIntelligenceDataConnector/RetryFailedIndicators/__init__.py 12 35 679 293 61 27 2023-06-28 2024-07-18 jayesh.prajapati@cdsys.local 164491672+shishirdw@users.noreply.github.com Solutions/CofenseIntelligence/Data Connectors/CofenseIntelligenceDataConnector/RetryFailedIndicators/retry_failed_indicators.py 269 36 679 293 62 27 2023-06-28 2024-07-18 jayesh.prajapati@cdsys.local 164491672+shishirdw@users.noreply.github.com Solutions/TransmitSecurity/Data Connectors/TransmitSecurityConnector/__init__.py 126 29 335 58 65 24 2024-06-06 2025-03-10 tom.zarhin@transmitsecurity.com idoshabi@microsoft.com Solutions/Digital Guardian Data Loss Prevention/Hunting Queries/DigitalGuardianNewIncidents.yaml 25 24 286 57 49 22 2024-07-25 2025-03-11 v-rusraut@microsoft.com v-atulyadav@microsoft.com Solutions/Digital Guardian Data Loss Prevention/Hunting Queries/DigitalGuardianRareDestinationPorts.yaml 25 24 286 57 49 22 2024-07-25 2025-03-11 v-rusraut@microsoft.com v-atulyadav@microsoft.com Solutions/Digital Guardian Data Loss Prevention/Hunting Queries/DigitalGuardianDomains.yaml 26 24 286 57 49 22 2024-07-25 2025-03-11 v-rusraut@microsoft.com v-atulyadav@microsoft.com Solutions/Digital Guardian Data Loss Prevention/Hunting Queries/DigitalGuardianRareNetworkProtocols.yaml 30 24 286 57 49 22 2024-07-25 2025-03-11 v-rusraut@microsoft.com v-atulyadav@microsoft.com Solutions/Digital Guardian Data Loss Prevention/Hunting Queries/DigitalGuardianInsecureProtocolSources.yaml 24 24 286 57 49 22 2024-07-25 2025-03-11 v-rusraut@microsoft.com v-atulyadav@microsoft.com Solutions/Digital Guardian Data Loss Prevention/Hunting Queries/DigitalGuardianFilesSentByUsers.yaml 24 24 286 57 49 22 2024-07-25 2025-03-11 v-rusraut@microsoft.com v-atulyadav@microsoft.com Solutions/Digital Guardian Data Loss Prevention/Hunting Queries/DigitalGuardianInspectedFiles.yaml 24 24 286 57 49 22 2024-07-25 2025-03-11 v-rusraut@microsoft.com v-atulyadav@microsoft.com Solutions/Digital Guardian Data Loss Prevention/Hunting Queries/DigitalGuardianUrlByUser.yaml 24 24 286 57 49 22 2024-07-25 2025-03-11 v-rusraut@microsoft.com v-atulyadav@microsoft.com Solutions/Digital Guardian Data Loss Prevention/Hunting Queries/DigitalGuardianIncidentsByUser.yaml 25 24 286 57 49 22 2024-07-25 2025-03-11 v-rusraut@microsoft.com v-atulyadav@microsoft.com Solutions/Digital Guardian Data Loss Prevention/Hunting Queries/DigitalGuardianRareUrls.yaml 26 24 286 57 49 22 2024-07-25 2025-03-11 v-rusraut@microsoft.com v-atulyadav@microsoft.com Solutions/Digital Guardian Data Loss Prevention/Parsers/DigitalGuardianDLPEvent.yaml 31 12 286 106 32 15 2024-07-25 2025-01-21 v-rusraut@microsoft.com 128674128+v1managedservices@users.noreply.github.com Solutions/Digital Guardian Data Loss Prevention/Analytic Rules/DigitalGuardianPossibleProtocolAbuse.yaml 30 24 286 57 49 22 2024-07-25 2025-03-11 v-rusraut@microsoft.com v-atulyadav@microsoft.com Solutions/Digital Guardian Data Loss Prevention/Analytic Rules/DigitalGuardianFileSentToExternal.yaml 36 24 286 57 49 22 2024-07-25 2025-03-11 v-rusraut@microsoft.com v-atulyadav@microsoft.com Solutions/Digital Guardian Data Loss Prevention/Analytic Rules/DigitalGuardianClassifiedDataInsecureTransfer.yaml 35 24 286 57 49 22 2024-07-25 2025-03-11 v-rusraut@microsoft.com v-atulyadav@microsoft.com Solutions/Digital Guardian Data Loss Prevention/Analytic Rules/DigitalGuardianFilesSentToExternalDomain.yaml 38 24 286 57 49 22 2024-07-25 2025-03-11 v-rusraut@microsoft.com v-atulyadav@microsoft.com Solutions/Digital Guardian Data Loss Prevention/Analytic Rules/DigitalGuardianUnexpectedProtocol.yaml 29 24 286 57 49 22 2024-07-25 2025-03-11 v-rusraut@microsoft.com v-atulyadav@microsoft.com Solutions/Digital Guardian Data Loss Prevention/Analytic Rules/DigitalGuardianFileSentToExternalDomain.yaml 35 24 286 57 49 22 2024-07-25 2025-03-11 v-rusraut@microsoft.com v-atulyadav@microsoft.com Solutions/Digital Guardian Data Loss Prevention/Analytic Rules/DigitalGuardianExfiltrationToFileShareServices.yaml 33 24 286 57 49 22 2024-07-25 2025-03-11 v-rusraut@microsoft.com v-atulyadav@microsoft.com Solutions/Digital Guardian Data Loss Prevention/Analytic Rules/DigitalGuardianMultipleIncidentsFromUser.yaml 32 24 286 57 49 22 2024-07-25 2025-03-11 v-rusraut@microsoft.com v-atulyadav@microsoft.com Solutions/Digital Guardian Data Loss Prevention/Analytic Rules/DigitalGuardianViolationNotBlocked.yaml 32 24 286 57 49 22 2024-07-25 2025-03-11 v-rusraut@microsoft.com v-atulyadav@microsoft.com Solutions/Digital Guardian Data Loss Prevention/Analytic Rules/DigitalGuardianExfiltrationOverDNS.yaml 29 24 286 57 49 22 2024-07-25 2025-03-11 v-rusraut@microsoft.com v-atulyadav@microsoft.com Solutions/ThreatConnect/Analytic Rules/ThreatConnect_EmailEntity_OfficeActivity.yaml 68 37 588 259 99 35 2023-09-27 2024-08-21 jp@bluecycle.net nilepagn@microsoft.com Solutions/ThreatConnect/Analytic Rules/ThreatConnect_IPEntity_NetworkSessions.yaml 80 53 603 259 128 41 2023-09-12 2024-08-21 jp@bluecycle.net nilepagn@microsoft.com Solutions/ThreatConnect/Analytic Rules/ThreatConnect_URLEntity_OfficeActivity.yaml 54 37 588 259 99 35 2023-09-27 2024-08-21 jp@bluecycle.net nilepagn@microsoft.com Solutions/ThreatConnect/Analytic Rules/ThreatConnect_DomainEntity_DnsEvents.yaml 92 45 588 259 118 40 2023-09-27 2024-08-21 jp@bluecycle.net nilepagn@microsoft.com Solutions/ThreatConnect/Analytic Rules/ThreatConnect_EmailEntity_SigninLogs.yaml 83 37 588 259 99 35 2023-09-27 2024-08-21 jp@bluecycle.net nilepagn@microsoft.com Solutions/JBoss/Parsers/JBossEvent.yaml 20 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Lookout/Parsers/LookoutEvents.yaml 86 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Lookout/Analytic Rules/LookoutThreatEvent.yaml 44 63 1428 576 88 51 2021-06-09 2023-10-09 rajendra.khabiya@gate6.com mrudula.oruganti@gigamon.com Solutions/Lookout/Data Connectors/LookoutAPISentinelConnector/azuresecret_handler.py 44 26 1463 576 30 23 2021-05-05 2023-10-09 rajendra.khabiya@gate6.com mrudula.oruganti@gigamon.com Solutions/Lookout/Data Connectors/LookoutAPISentinelConnector/__init__.py 92 37 1464 576 46 28 2021-05-04 2023-10-09 rajendra.khabiya@gate6.com mrudula.oruganti@gigamon.com Solutions/Lookout/Data Connectors/LookoutAPISentinelConnector/mes_request.py 186 29 1464 950 38 25 2021-05-04 2022-09-30 rajendra.khabiya@gate6.com 53319081+chkp-jguo@users.noreply.github.com Solutions/Armorblox/Analytic Rules/ArmorbloxNeedsReviewAlert.yaml 40 82 1231 293 140 74 2021-12-23 2024-07-18 ankita.sharma@xoriant.com 164491672+shishirdw@users.noreply.github.com Solutions/Armorblox/Data Connectors/ArmorbloxAzureSentinelConnector/__init__.py 122 49 1336 576 71 43 2021-09-09 2023-10-09 2506956+ujayant@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Armorblox/Data Connectors/ArmorbloxAzureSentinelConnector/state_manager.py 18 19 1336 576 22 16 2021-09-09 2023-10-09 2506956+ujayant@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Morphisec/Parsers/Morphisec.yaml 27 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Infoblox SOC Insights/Parsers/InfobloxCDC_SOCInsights.yaml 43 18 426 261 22 14 2024-03-07 2024-08-19 78623042+sschuur@users.noreply.github.com v-prasadboke@microsoft.com Solutions/Infoblox SOC Insights/Parsers/InfobloxInsightEvents.yaml 40 18 426 261 22 14 2024-03-07 2024-08-19 78623042+sschuur@users.noreply.github.com v-prasadboke@microsoft.com Solutions/Infoblox SOC Insights/Parsers/InfobloxInsight.yaml 41 18 426 261 22 14 2024-03-07 2024-08-19 78623042+sschuur@users.noreply.github.com v-prasadboke@microsoft.com Solutions/Infoblox SOC Insights/Parsers/InfobloxInsightComments.yaml 19 18 426 261 22 14 2024-03-07 2024-08-19 78623042+sschuur@users.noreply.github.com v-prasadboke@microsoft.com Solutions/Infoblox SOC Insights/Parsers/InfobloxInsightAssets.yaml 39 18 426 261 22 14 2024-03-07 2024-08-19 78623042+sschuur@users.noreply.github.com v-prasadboke@microsoft.com Solutions/Infoblox SOC Insights/Parsers/InfobloxInsightIndicators.yaml 39 19 426 261 24 15 2024-03-07 2024-08-19 78623042+sschuur@users.noreply.github.com v-prasadboke@microsoft.com Solutions/Infoblox SOC Insights/Analytic Rules/Infoblox-SOCInsightDetected-CDCSource.yaml 56 30 426 259 60 23 2024-03-07 2024-08-21 78623042+sschuur@users.noreply.github.com nilepagn@microsoft.com Solutions/Infoblox SOC Insights/Analytic Rules/Infoblox-SOCInsightDetected-APISource.yaml 55 20 426 261 25 14 2024-03-07 2024-08-19 78623042+sschuur@users.noreply.github.com v-prasadboke@microsoft.com Solutions/RidgeSecurity/Analytic Rules/RidgeSecurity_Vulnerabilities.yaml 42 43 567 259 101 36 2023-10-18 2024-08-21 nilepagn@microsoft.com Solutions/RidgeSecurity/Analytic Rules/RidgeSecurity_Risks.yaml 42 43 567 259 101 36 2023-10-18 2024-08-21 nilepagn@microsoft.com Solutions/PaloAlto-PAN-OS/Hunting Queries/PaloAlto-HighRiskPorts.yaml 112 100 981 58 205 70 2022-08-30 2025-03-10 90677907+v-marimanda@users.noreply.github.com idoshabi@microsoft.com Solutions/PaloAlto-PAN-OS/Hunting Queries/Palo Alto - potential beaconing detected.yaml 61 109 779 58 229 72 2023-03-20 2025-03-10 v-vdixit@microsoft.com idoshabi@microsoft.com Solutions/PaloAlto-PAN-OS/Analytic Rules/PaloAlto-NetworkBeaconing.yaml 65 128 981 57 246 84 2022-08-30 2025-03-11 90677907+v-marimanda@users.noreply.github.com v-atulyadav@microsoft.com Solutions/PaloAlto-PAN-OS/Analytic Rules/PaloAlto-PortScanning.yaml 65 149 981 57 285 89 2022-08-30 2025-03-11 90677907+v-marimanda@users.noreply.github.com v-atulyadav@microsoft.com Solutions/PaloAlto-PAN-OS/Analytic Rules/FileHashEntity_Covid19_CommonSecurityLog.yaml 70 122 981 58 263 80 2022-08-30 2025-03-10 90677907+v-marimanda@users.noreply.github.com idoshabi@microsoft.com Solutions/PaloAlto-PAN-OS/Analytic Rules/PaloAlto-UnusualThreatSignatures.yaml 57 100 981 58 205 70 2022-08-30 2025-03-10 90677907+v-marimanda@users.noreply.github.com idoshabi@microsoft.com Solutions/Snowflake/Hunting Queries/SnowflakeDormantUser.yaml 26 14 1251 845 20 15 2021-12-03 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/Snowflake/Hunting Queries/SnowflakeDeletedTables.yaml 25 14 1251 845 20 15 2021-12-03 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/Snowflake/Hunting Queries/SnowflakeAdminSources.yaml 34 14 1251 845 20 15 2021-12-03 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/Snowflake/Hunting Queries/SnowflakeTimeConsumingQueries.yaml 26 40 1251 293 62 45 2021-12-03 2024-07-18 sp@socprime.com 164491672+shishirdw@users.noreply.github.com Solutions/Snowflake/Hunting Queries/SnowflakeUnknownQueryType.yaml 24 14 1251 845 20 15 2021-12-03 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/Snowflake/Hunting Queries/SnowflakeUserSources.yaml 29 14 1251 845 20 15 2021-12-03 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/Snowflake/Hunting Queries/SnowflakeDeletedDatabases.yaml 25 14 1251 845 20 15 2021-12-03 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/Snowflake/Hunting Queries/SnowflakeUnusedAdmins.yaml 31 14 1251 845 20 15 2021-12-03 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/Snowflake/Hunting Queries/SnowflakeFailedLogins.yaml 25 14 1251 845 20 15 2021-12-03 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/Snowflake/Hunting Queries/SnowflakeHighCreditConsumingQueries.yaml 26 68 1251 293 110 61 2021-12-03 2024-07-18 sp@socprime.com 164491672+shishirdw@users.noreply.github.com Solutions/Snowflake/Parsers/Snowflake.yaml 20 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Snowflake/Analytic Rules/SnowflakeUnusualQuery.yaml 31 41 1251 770 60 34 2021-12-03 2023-03-29 sp@socprime.com 63061287+noamlandress@users.noreply.github.com Solutions/Snowflake/Analytic Rules/SnowflakePrivilegesDiscovery.yaml 30 41 1251 770 60 34 2021-12-03 2023-03-29 sp@socprime.com 63061287+noamlandress@users.noreply.github.com Solutions/Snowflake/Analytic Rules/SnowflakeMultipleLoginFailure.yaml 33 52 1251 770 85 41 2021-12-03 2023-03-29 sp@socprime.com 63061287+noamlandress@users.noreply.github.com Solutions/Snowflake/Analytic Rules/SnowflakeMultipleLoginFailureFromIP.yaml 33 52 1251 770 85 41 2021-12-03 2023-03-29 sp@socprime.com 63061287+noamlandress@users.noreply.github.com Solutions/Snowflake/Analytic Rules/SnowflakePossibleDataDestruction.yaml 33 41 1251 770 60 34 2021-12-03 2023-03-29 sp@socprime.com 63061287+noamlandress@users.noreply.github.com Solutions/Snowflake/Analytic Rules/SnowflakeQueryOnSensitiveTable.yaml 33 41 1251 770 60 34 2021-12-03 2023-03-29 sp@socprime.com 63061287+noamlandress@users.noreply.github.com Solutions/Snowflake/Analytic Rules/SnowflakeDiscoveryActivity.yaml 33 62 1251 259 111 54 2021-12-03 2024-08-21 sp@socprime.com nilepagn@microsoft.com Solutions/Snowflake/Analytic Rules/SnowflakeUserAddAdminPrivileges.yaml 34 43 1251 770 62 34 2021-12-03 2023-03-29 sp@socprime.com 63061287+noamlandress@users.noreply.github.com Solutions/Snowflake/Analytic Rules/SnowflakeMultipleFailedQueries.yaml 33 52 1251 770 85 41 2021-12-03 2023-03-29 sp@socprime.com 63061287+noamlandress@users.noreply.github.com Solutions/Snowflake/Analytic Rules/SnowflakeLongQueryProcessTime.yaml 30 41 1251 770 60 34 2021-12-03 2023-03-29 sp@socprime.com 63061287+noamlandress@users.noreply.github.com Solutions/Snowflake/Data Connectors/AzureFunctionSnowflake/main.py 187 19 1316 576 22 19 2021-09-29 2023-10-09 vu@socprime.com mrudula.oruganti@gigamon.com Solutions/Snowflake/Data Connectors/AzureFunctionSnowflake/state_manager.py 21 19 1316 576 22 19 2021-09-29 2023-10-09 vu@socprime.com mrudula.oruganti@gigamon.com Solutions/Snowflake/Data Connectors/AzureFunctionSnowflake/sentinel_connector.py 103 42 1316 576 57 39 2021-09-29 2023-10-09 vu@socprime.com mrudula.oruganti@gigamon.com Solutions/Trend Micro Vision One/Analytic Rules/Create Incident for XDR Alerts.yaml 89 69 1070 259 123 61 2022-06-02 2024-08-21 adam_c_huang@trendmicro.com nilepagn@microsoft.com Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/timer_trigger/__init__.py 104 85 1092 13 151 63 2022-05-11 2025-04-24 101796244+v-spadarthi@users.noreply.github.com v-prasadboke@microsoft.com Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/oat_pipeline_file_qt/__init__.py 42 51 750 293 80 48 2023-04-18 2024-07-18 97503740+manishkumar1991@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/queue_trigger_rca/__init__.py 63 61 1092 259 108 49 2022-05-11 2024-08-21 101796244+v-spadarthi@users.noreply.github.com nilepagn@microsoft.com Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/oat_pipeline_task_poison_qt/__init__.py 10 28 750 293 42 33 2023-04-18 2024-07-18 97503740+manishkumar1991@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/oat_pipeline_file_poison_qt/__init__.py 10 28 750 293 42 33 2023-04-18 2024-07-18 97503740+manishkumar1991@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/queue_trigger_wb/__init__.py 113 95 1092 259 161 69 2022-05-11 2024-08-21 101796244+v-spadarthi@users.noreply.github.com nilepagn@microsoft.com Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/queue_trigger_wb_poison/__init__.py 12 21 1092 576 26 18 2022-05-11 2023-10-09 101796244+v-spadarthi@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/oat_pipeline_task_qt/__init__.py 70 52 750 293 81 49 2023-04-18 2024-07-18 97503740+manishkumar1991@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/queue_trigger_oat_poison/__init__.py 10 21 1092 576 26 18 2022-05-11 2023-10-09 101796244+v-spadarthi@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/timer_trigger_oat/__init__.py 105 108 1092 13 193 87 2022-05-11 2025-04-24 101796244+v-spadarthi@users.noreply.github.com v-prasadboke@microsoft.com Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/shared_code/services/__init__.py 1 21 1092 576 26 18 2022-05-11 2023-10-09 101796244+v-spadarthi@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/shared_code/services/workbench_service.py 219 110 1092 154 193 84 2022-05-11 2024-12-04 101796244+v-spadarthi@users.noreply.github.com 168534320+alekhya0824@users.noreply.github.com Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/shared_code/services/oat_service.py 284 89 1092 261 141 79 2022-05-11 2024-08-19 101796244+v-spadarthi@users.noreply.github.com v-prasadboke@microsoft.com Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/shared_code/transform_utils.py 293 81 1092 259 144 71 2022-05-11 2024-08-21 101796244+v-spadarthi@users.noreply.github.com nilepagn@microsoft.com Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/shared_code/models/rca.py 1 22 362 261 33 22 2024-05-10 2024-08-19 nikov_tsai@trendmicro.com v-prasadboke@microsoft.com Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/shared_code/models/__init__.py 1 21 1092 576 26 18 2022-05-11 2023-10-09 101796244+v-spadarthi@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/shared_code/models/oat.py 411 67 1092 261 97 65 2022-05-11 2024-08-19 101796244+v-spadarthi@users.noreply.github.com v-prasadboke@microsoft.com Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/shared_code/models/workbench.py 36 33 362 154 48 28 2024-05-10 2024-12-04 nikov_tsai@trendmicro.com 168534320+alekhya0824@users.noreply.github.com Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/shared_code/__init__.py 1 21 1092 576 26 18 2022-05-11 2023-10-09 101796244+v-spadarthi@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/shared_code/exceptions.py 2 21 1092 576 26 18 2022-05-11 2023-10-09 101796244+v-spadarthi@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/shared_code/decorators/__init__.py 1 28 750 293 42 33 2023-04-18 2024-07-18 97503740+manishkumar1991@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/shared_code/decorators/timer.py 18 28 750 293 42 33 2023-04-18 2024-07-18 97503740+manishkumar1991@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/shared_code/configurations.py 117 103 1092 13 185 83 2022-05-11 2025-04-24 101796244+v-spadarthi@users.noreply.github.com v-prasadboke@microsoft.com Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/shared_code/customized_logger/__init__.py 1 28 750 293 42 33 2023-04-18 2024-07-18 97503740+manishkumar1991@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/shared_code/customized_logger/customized_json_logger.py 38 28 750 293 42 33 2023-04-18 2024-07-18 97503740+manishkumar1991@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/shared_code/utils.py 71 70 1092 293 103 63 2022-05-11 2024-07-18 101796244+v-spadarthi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/shared_code/data_collector.py 80 46 1092 293 64 47 2022-05-11 2024-07-18 101796244+v-spadarthi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/shared_code/trace_utils/__init__.py 1 21 1092 576 26 18 2022-05-11 2023-10-09 101796244+v-spadarthi@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/shared_code/trace_utils/trace/trace_manager.py 22 46 1092 293 71 50 2022-05-11 2024-07-18 101796244+v-spadarthi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/shared_code/trace_utils/trace/__init__.py 1 21 1092 576 26 18 2022-05-11 2023-10-09 101796244+v-spadarthi@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Sophos XG Firewall/Parsers/SophosXGFirewall.yaml 77 49 624 106 97 42 2023-08-22 2025-01-21 mkchiliveri@gmail.com 128674128+v1managedservices@users.noreply.github.com Solutions/Sophos XG Firewall/Analytic Rules/ExcessiveAmountofDeniedConnectionsfromASingleSource.yaml 31 82 1064 58 128 58 2022-06-08 2025-03-10 105694882+v-laanjana@users.noreply.github.com idoshabi@microsoft.com Solutions/Sophos XG Firewall/Analytic Rules/PortScanDetected.yaml 32 82 1064 58 128 58 2022-06-08 2025-03-10 105694882+v-laanjana@users.noreply.github.com idoshabi@microsoft.com Solutions/OneLoginIAM/Parsers/OneLogin.yaml 589 46 624 293 107 38 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/OneLoginIAM/Data Connectors/OneLoginWebhooksTrigger/__init__.py 80 32 1003 576 53 29 2022-08-08 2023-10-09 anknar@microsoft.com mrudula.oruganti@gigamon.com Solutions/Cisco SD-WAN/Parsers/CiscoSyslogFW6LogSummary.yaml 47 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Cisco SD-WAN/Parsers/CiscoSDWANNetflow.yaml 243 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Cisco SD-WAN/Parsers/MapNetflowUsername.yaml 18 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Cisco SD-WAN/Parsers/CiscoSyslogUTD.yaml 51 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Cisco SD-WAN/Analytic Rules/CiscoSDWANSentinelMalwareEvents.yaml 55 48 686 259 111 49 2023-06-21 2024-08-21 jayesh.prajapati@cdsys.local nilepagn@microsoft.com Solutions/Cisco SD-WAN/Analytic Rules/CiscoSDWANSentinelIPSEventThreshold.yaml 38 47 686 259 109 49 2023-06-21 2024-08-21 jayesh.prajapati@cdsys.local nilepagn@microsoft.com Solutions/Cisco SD-WAN/Analytic Rules/CiscoSDWANSentinelIntrusionEvents.yaml 36 47 686 259 108 49 2023-06-21 2024-08-21 jayesh.prajapati@cdsys.local nilepagn@microsoft.com Solutions/Cisco SD-WAN/Analytic Rules/CiscoSDWANSentinelMonitorCriticalIP.yaml 41 48 686 259 110 49 2023-06-21 2024-08-21 jayesh.prajapati@cdsys.local nilepagn@microsoft.com Solutions/Broadcom SymantecDLP/Parsers/SymantecDLP.yaml 32 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Cyborg Security HUNTER/Hunting Queries/Proxy VBScript Execution via CurrentVersion Registry Key.yaml 22 26 554 293 57 29 2023-10-31 2024-07-18 mike@cyborgsecurity.com 164491672+shishirdw@users.noreply.github.com Solutions/Cyborg Security HUNTER/Hunting Queries/Potential Maldoc Execution Chain Observed.yaml 42 26 554 293 57 29 2023-10-31 2024-07-18 mike@cyborgsecurity.com 164491672+shishirdw@users.noreply.github.com Solutions/Cyborg Security HUNTER/Hunting Queries/PowerShell Pastebin Download.yaml 32 26 554 293 57 29 2023-10-31 2024-07-18 mike@cyborgsecurity.com 164491672+shishirdw@users.noreply.github.com Solutions/Cyborg Security HUNTER/Hunting Queries/Rundll32 or cmd Executing Application from Explorer - Potential Malware Execution Chain.yaml 30 26 554 293 57 29 2023-10-31 2024-07-18 mike@cyborgsecurity.com 164491672+shishirdw@users.noreply.github.com Solutions/Cyborg Security HUNTER/Hunting Queries/Prohibited Applications Spawning cmd.exe or powershell.exe.yaml 39 27 554 293 58 29 2023-10-31 2024-07-18 mike@cyborgsecurity.com 164491672+shishirdw@users.noreply.github.com Solutions/Cyborg Security HUNTER/Hunting Queries/Metasploit Impacket PsExec Process Creation Activity.yaml 19 26 554 293 57 29 2023-10-31 2024-07-18 mike@cyborgsecurity.com 164491672+shishirdw@users.noreply.github.com Solutions/Cyborg Security HUNTER/Hunting Queries/Powershell Encoded Command Execution.yaml 21 26 554 293 57 29 2023-10-31 2024-07-18 mike@cyborgsecurity.com 164491672+shishirdw@users.noreply.github.com Solutions/Cyborg Security HUNTER/Hunting Queries/LSASS Memory Dumping using WerFault.exe - Command Identification.yaml 18 26 554 293 57 29 2023-10-31 2024-07-18 mike@cyborgsecurity.com 164491672+shishirdw@users.noreply.github.com Solutions/Cyborg Security HUNTER/Hunting Queries/Excessive Windows Discovery and Execution Processes - Potential Malware Installation.yaml 62 26 554 293 57 29 2023-10-31 2024-07-18 mike@cyborgsecurity.com 164491672+shishirdw@users.noreply.github.com Solutions/Cyborg Security HUNTER/Hunting Queries/Attempted VBScript Stored in Non-Run CurrentVersion Registry Key Value.yaml 29 26 554 293 57 29 2023-10-31 2024-07-18 mike@cyborgsecurity.com 164491672+shishirdw@users.noreply.github.com Solutions/Forescout (Legacy)/Parsers/ForescoutEvent.yaml 23 15 321 259 43 17 2024-06-20 2024-08-21 v-shukore@microsoft.com nilepagn@microsoft.com Solutions/Azure Firewall/Hunting Queries/Azure Firewall - First time source IP to Destination.yaml 40 63 948 293 119 64 2022-10-02 2024-07-18 105694882+v-laanjana@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Azure Firewall/Hunting Queries/Azure Firewall - Uncommon Port to IP.yaml 40 62 948 293 118 64 2022-10-02 2024-07-18 105694882+v-laanjana@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Azure Firewall/Hunting Queries/Azure Firewall - Source IP Abnormally Connects to Multiple Destinations.yaml 46 63 948 293 119 64 2022-10-02 2024-07-18 105694882+v-laanjana@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Azure Firewall/Hunting Queries/Azure Firewall - First Time Source IP to Destination Using Port.yaml 40 63 948 293 120 64 2022-10-02 2024-07-18 105694882+v-laanjana@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Azure Firewall/Hunting Queries/Azure Firewall - Uncommon Port for Organization.yaml 41 62 948 293 119 64 2022-10-02 2024-07-18 105694882+v-laanjana@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Azure Firewall/Analytic Rules/Azure Firewall - Abnormal Deny Rate for Source IP.yaml 86 97 948 259 184 81 2022-10-02 2024-08-21 105694882+v-laanjana@users.noreply.github.com nilepagn@microsoft.com Solutions/Azure Firewall/Analytic Rules/Azure Firewall - Abnormal Port to Protocol.yaml 82 81 948 259 180 76 2022-10-02 2024-08-21 105694882+v-laanjana@users.noreply.github.com nilepagn@microsoft.com Solutions/Azure Firewall/Analytic Rules/Azure Firewall - Port Scan.yaml 51 90 948 293 175 82 2022-10-02 2024-07-18 105694882+v-laanjana@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Azure Firewall/Analytic Rules/Azure Firewall - Multiple Sources Affected by the Same TI Destination.yaml 51 109 948 259 237 84 2022-10-02 2024-08-21 105694882+v-laanjana@users.noreply.github.com nilepagn@microsoft.com Solutions/Azure Firewall/Analytic Rules/Azure Firewall - Port Sweep.yaml 59 88 948 293 190 77 2022-10-02 2024-07-18 105694882+v-laanjana@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Azure Firewall/Analytic Rules/SeveralDenyActionsRegistered.yaml 70 95 981 268 181 84 2022-08-30 2024-08-12 105694882+v-laanjana@users.noreply.github.com 62938807+haim-na@users.noreply.github.com Solutions/Trend Micro TippingPoint/Parsers/TrendMicroTippingPoint.yaml 24 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/HYAS Protect/Parsers/HYASProtectDNS.yaml 26 44 589 261 94 35 2023-09-26 2024-08-19 68921481+rambov@users.noreply.github.com v-prasadboke@microsoft.com Solutions/HYAS Protect/Data Connectors/HyasProtect/__init__.py 184 44 629 261 93 35 2023-08-17 2024-08-19 68921481+rambov@users.noreply.github.com v-prasadboke@microsoft.com Solutions/HYAS Protect/Data Connectors/HyasProtect/state_manager.py 30 26 629 293 56 23 2023-08-17 2024-07-18 68921481+rambov@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/HYAS Protect/Data Connectors/HyasProtect/utils.py 70 26 629 293 56 23 2023-08-17 2024-07-18 68921481+rambov@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/UEBA Essentials/Hunting Queries/Anomalous Failed Logon.yaml 46 55 1045 293 86 49 2022-06-27 2024-07-18 v-sabiraj@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/UEBA Essentials/Hunting Queries/anomaliesOnVIPUsers.yaml 20 34 1048 576 68 34 2022-06-24 2023-10-09 75278885+kustoking@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/UEBA Essentials/Hunting Queries/Anomalous Activity Role Assignment.yaml 36 56 1045 293 88 49 2022-06-27 2024-07-18 v-sabiraj@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/UEBA Essentials/Hunting Queries/Anomalous Role Assignment.yaml 52 55 1045 293 86 49 2022-06-27 2024-07-18 v-sabiraj@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/UEBA Essentials/Hunting Queries/Anomalous Code Execution.yaml 34 56 1045 293 88 49 2022-06-27 2024-07-18 v-sabiraj@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/UEBA Essentials/Hunting Queries/dormantAccountActivityFromUncommonCountry.yaml 24 62 1048 293 105 58 2022-06-24 2024-07-18 75278885+kustoking@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/UEBA Essentials/Hunting Queries/anomalousActionInTenant.yaml 22 62 1048 293 105 58 2022-06-24 2024-07-18 75278885+kustoking@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/UEBA Essentials/Hunting Queries/loginActivityFromBotnet.yaml 25 60 1048 293 104 58 2022-06-24 2024-07-18 75278885+kustoking@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/UEBA Essentials/Hunting Queries/Anomalous Password Reset.yaml 49 55 1045 293 86 49 2022-06-27 2024-07-18 v-sabiraj@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/UEBA Essentials/Hunting Queries/firstConnectionFromGroup.yaml 31 62 1048 293 105 58 2022-06-24 2024-07-18 75278885+kustoking@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/UEBA Essentials/Hunting Queries/Anomalous Defensive Mechanism Modification.yaml 34 56 1045 293 88 49 2022-06-27 2024-07-18 v-sabiraj@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/UEBA Essentials/Hunting Queries/Anomalous AAD Account Manipulation.yaml 26 57 1045 293 109 47 2022-06-27 2024-07-18 v-sabiraj@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/UEBA Essentials/Hunting Queries/updateKeyVaultActivity.yaml 26 60 1048 293 104 58 2022-06-24 2024-07-18 75278885+kustoking@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/UEBA Essentials/Hunting Queries/terminatedEmployeeAccessHVA.yaml 27 60 1048 293 103 58 2022-06-24 2024-07-18 75278885+kustoking@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/UEBA Essentials/Hunting Queries/terminatedEmployeeActivity.yaml 25 60 1048 293 103 58 2022-06-24 2024-07-18 75278885+kustoking@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/UEBA Essentials/Hunting Queries/Anomalous Sign-in Activity.yaml 8 97 1045 106 173 82 2022-06-27 2025-01-21 v-sabiraj@microsoft.com 128674128+v1managedservices@users.noreply.github.com Solutions/UEBA Essentials/Hunting Queries/newAccountAddedToAdminGroup.yaml 22 88 1048 293 166 78 2022-06-24 2024-07-18 75278885+kustoking@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/UEBA Essentials/Hunting Queries/Anomalous Resource Access.yaml 34 55 1045 293 86 49 2022-06-27 2024-07-18 v-sabiraj@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/UEBA Essentials/Hunting Queries/Anomalous Geo Location Logon.yaml 46 55 1045 293 86 49 2022-06-27 2024-07-18 v-sabiraj@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/UEBA Essentials/Hunting Queries/Anomalous Login to Devices.yaml 36 55 1045 293 86 49 2022-06-27 2024-07-18 v-sabiraj@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/UEBA Essentials/Hunting Queries/Anomalous Account Creation.yaml 50 82 1045 293 145 68 2022-06-27 2024-07-18 v-sabiraj@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/UEBA Essentials/Hunting Queries/Anomalous Data Access.yaml 34 56 1045 293 88 49 2022-06-27 2024-07-18 v-sabiraj@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/UEBA Essentials/Hunting Queries/Anomalous RDP Activity.yaml 35 55 1045 293 86 49 2022-06-27 2024-07-18 v-sabiraj@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Endpoint Threat Protection Essentials/Hunting Queries/FileExecutionWithOneCharacterInTheName.yaml 52 92 903 259 149 66 2022-11-16 2024-08-21 v-sabiraj@microsoft.com nilepagn@microsoft.com Solutions/Endpoint Threat Protection Essentials/Hunting Queries/BackupDeletion.yaml 90 75 903 268 105 56 2022-11-16 2024-08-12 v-sabiraj@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Endpoint Threat Protection Essentials/Hunting Queries/SignedBinaryProxyExecutionRundll32.yaml 52 68 903 259 117 59 2022-11-16 2024-08-21 v-sabiraj@microsoft.com nilepagn@microsoft.com Solutions/Endpoint Threat Protection Essentials/Hunting Queries/DownloadOfNewFileUsingCurl.yaml 60 21 427 268 37 24 2024-03-06 2024-08-12 r.greatlove@gmail.com 62938807+haim-na@users.noreply.github.com Solutions/Endpoint Threat Protection Essentials/Hunting Queries/PotentialMicrosoftSecurityServicesTampering.yaml 117 49 903 293 70 45 2022-11-16 2024-07-18 v-sabiraj@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Endpoint Threat Protection Essentials/Hunting Queries/PersistViaIFEORegistryKey.yaml 90 77 903 268 109 59 2022-11-16 2024-08-12 v-sabiraj@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Endpoint Threat Protection Essentials/Hunting Queries/WindowsFirewallUpdateUsingNetsh.yaml 147 21 436 268 38 24 2024-02-26 2024-08-12 r.greatlove@gmail.com 62938807+haim-na@users.noreply.github.com Solutions/Endpoint Threat Protection Essentials/Hunting Queries/UnicodeObfuscationInCommandLine.yaml 55 107 903 259 181 75 2022-11-16 2024-08-21 v-sabiraj@microsoft.com nilepagn@microsoft.com Solutions/Endpoint Threat Protection Essentials/Hunting Queries/ASimProcess_WindowsSystemShutdownReboot.yaml 24 21 436 268 37 24 2024-02-26 2024-08-12 r.greatlove@gmail.com 62938807+haim-na@users.noreply.github.com Solutions/Endpoint Threat Protection Essentials/Hunting Queries/SuspiciousPowerShellCommandExecution.yaml 57 28 442 268 45 25 2024-02-20 2024-08-12 r.greatlove@gmail.com 62938807+haim-na@users.noreply.github.com Solutions/Endpoint Threat Protection Essentials/Hunting Queries/RemoteLoginPerformedwithWMI.yaml 46 67 903 259 116 59 2022-11-16 2024-08-21 v-sabiraj@microsoft.com nilepagn@microsoft.com Solutions/Endpoint Threat Protection Essentials/Hunting Queries/RemoteScheduledTaskCreationUpdateUsingATSVCNamedPipe.yaml 49 90 903 259 149 68 2022-11-16 2024-08-21 v-sabiraj@microsoft.com nilepagn@microsoft.com Solutions/Endpoint Threat Protection Essentials/Hunting Queries/ASimProcess_CertutilLoLBins.yaml 26 21 436 268 37 24 2024-02-26 2024-08-12 r.greatlove@gmail.com 62938807+haim-na@users.noreply.github.com Solutions/Endpoint Threat Protection Essentials/Hunting Queries/ScheduledTaskCreationUpdateFromUserWritableDrectory.yaml 51 67 903 259 116 59 2022-11-16 2024-08-21 v-sabiraj@microsoft.com nilepagn@microsoft.com Solutions/Endpoint Threat Protection Essentials/Hunting Queries/Certutil-LOLBins.yaml 55 91 903 259 148 66 2022-11-16 2024-08-21 v-sabiraj@microsoft.com nilepagn@microsoft.com Solutions/Endpoint Threat Protection Essentials/Analytic Rules/RegistryPersistenceViaAppCertDLLModification.yaml 45 82 903 259 146 64 2022-11-16 2024-08-21 v-sabiraj@microsoft.com nilepagn@microsoft.com Solutions/Endpoint Threat Protection Essentials/Analytic Rules/malware_in_recyclebin.yaml 71 94 903 259 162 69 2022-11-16 2024-08-21 v-sabiraj@microsoft.com nilepagn@microsoft.com Solutions/Endpoint Threat Protection Essentials/Analytic Rules/SecurityEventLogCleared.yaml 59 71 903 268 115 61 2022-11-16 2024-08-12 v-sabiraj@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Endpoint Threat Protection Essentials/Analytic Rules/MacroInvokingShellBrowserWindowCOMObjects.yaml 48 99 903 58 170 73 2022-11-16 2025-03-10 v-sabiraj@microsoft.com idoshabi@microsoft.com Solutions/Endpoint Threat Protection Essentials/Analytic Rules/LateralMovementViaDCOM.yaml 49 82 903 259 146 64 2022-11-16 2024-08-21 v-sabiraj@microsoft.com nilepagn@microsoft.com Solutions/Endpoint Threat Protection Essentials/Analytic Rules/WindowsBinariesLolbinsRenamed.yaml 50 82 903 259 146 64 2022-11-16 2024-08-21 v-sabiraj@microsoft.com nilepagn@microsoft.com Solutions/Endpoint Threat Protection Essentials/Analytic Rules/SuspiciousPowerShellCommandExecuted.yaml 69 34 442 268 64 30 2024-02-20 2024-08-12 r.greatlove@gmail.com 62938807+haim-na@users.noreply.github.com Solutions/Endpoint Threat Protection Essentials/Analytic Rules/DumpingLSASSProcessIntoaFile.yaml 48 82 903 259 146 64 2022-11-16 2024-08-21 v-sabiraj@microsoft.com nilepagn@microsoft.com Solutions/Endpoint Threat Protection Essentials/Analytic Rules/RegistryPersistenceViaAppInt_DLLsModification.yaml 45 82 903 259 146 64 2022-11-16 2024-08-21 v-sabiraj@microsoft.com nilepagn@microsoft.com Solutions/Endpoint Threat Protection Essentials/Analytic Rules/WDigestDowngradeAttack.yaml 44 82 903 259 146 64 2022-11-16 2024-08-21 v-sabiraj@microsoft.com nilepagn@microsoft.com Solutions/Endpoint Threat Protection Essentials/Analytic Rules/PotentialRemoteDesktopTunneling.yaml 49 84 903 259 150 65 2022-11-16 2024-08-21 v-sabiraj@microsoft.com nilepagn@microsoft.com Solutions/Endpoint Threat Protection Essentials/Analytic Rules/execute_base64_decodedpayload.yaml 73 68 903 268 103 57 2022-11-16 2024-08-12 v-sabiraj@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Endpoint Threat Protection Essentials/Analytic Rules/base64_encoded_pefile.yaml 68 71 903 268 111 60 2022-11-16 2024-08-12 v-sabiraj@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Endpoint Threat Protection Essentials/Analytic Rules/WindowsBinariesExecutedfromNon-DefaultDirectory.yaml 50 83 903 259 145 64 2022-11-16 2024-08-21 v-sabiraj@microsoft.com nilepagn@microsoft.com Solutions/ARGOSCloudSecurity/Analytic Rules/ExploitableSecurityIssues.yaml 45 69 1218 259 128 63 2022-01-05 2024-08-21 david@argos-security.io nilepagn@microsoft.com Solutions/Windows Forwarded Events/Analytic Rules/moveit_file_transfer_folders_above_threshold.yaml 62 44 570 261 86 37 2023-10-15 2024-08-19 juju4@users.noreply.github.com v-prasadboke@microsoft.com Solutions/Windows Forwarded Events/Analytic Rules/CaramelTsunami_IOC_WindowsEvent.yaml 45 50 730 261 71 49 2023-05-08 2024-08-19 50784041+anders-alex@users.noreply.github.com v-prasadboke@microsoft.com Solutions/Windows Forwarded Events/Analytic Rules/moveit_file_transfer_above_threshold.yaml 62 44 570 261 85 37 2023-10-15 2024-08-19 juju4@users.noreply.github.com v-prasadboke@microsoft.com Solutions/Windows Forwarded Events/Analytic Rules/ChiaCryptoMining_WindowsEvent.yaml 38 63 1080 261 101 50 2022-05-23 2024-08-19 104008048+v-atulyadav@users.noreply.github.com v-prasadboke@microsoft.com Solutions/Cisco ETD/Data Connectors/CiscoETDAzureSentinelConnector/__init__.py 199 21 429 268 35 21 2024-03-04 2024-08-12 v-prasadboke@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Samsung Knox Asset Intelligence/Analytic Rules/SamsungKnoxPeripheralAccessDetectionWithCamera.yaml 28 27 139 8 54 23 2024-12-19 2025-04-29 sean.mcclelland@samsung.com v-atulyadav@microsoft.com Solutions/Samsung Knox Asset Intelligence/Analytic Rules/SamsungKnoxSuspiciousURLs.yaml 36 27 139 8 52 23 2024-12-19 2025-04-29 sean.mcclelland@samsung.com v-atulyadav@microsoft.com Solutions/Samsung Knox Asset Intelligence/Analytic Rules/SamsungKnoxApplicationPrivilegeEscalationOrChange.yaml 30 27 139 8 52 23 2024-12-19 2025-04-29 sean.mcclelland@samsung.com v-atulyadav@microsoft.com Solutions/Samsung Knox Asset Intelligence/Analytic Rules/SamsungKnoxPasswordLockout.yaml 31 27 139 8 50 23 2024-12-19 2025-04-29 sean.mcclelland@samsung.com v-atulyadav@microsoft.com Solutions/Samsung Knox Asset Intelligence/Analytic Rules/SamsungKnoxKeyguardDisabledFeatureSet.yaml 30 27 139 8 52 23 2024-12-19 2025-04-29 sean.mcclelland@samsung.com v-atulyadav@microsoft.com Solutions/Samsung Knox Asset Intelligence/Analytic Rules/SamsungKnoxSecurityLogFull.yaml 28 27 139 8 56 23 2024-12-19 2025-04-29 sean.mcclelland@samsung.com v-atulyadav@microsoft.com Solutions/Samsung Knox Asset Intelligence/Analytic Rules/SamsungKnoxPeripheralAccessDetectionWithMic.yaml 34 27 139 8 54 23 2024-12-19 2025-04-29 sean.mcclelland@samsung.com v-atulyadav@microsoft.com Solutions/Samsung Knox Asset Intelligence/Analytic Rules/SamsungKnoxMobileDeviceBootCompromise.yaml 30 27 139 8 50 23 2024-12-19 2025-04-29 sean.mcclelland@samsung.com v-atulyadav@microsoft.com Solutions/ContinuousDiagnostics&Mitigation/Hunting Queries/ContinuousDiagnostics&MitigationPosture.yaml 43 32 1073 576 48 26 2022-05-30 2023-10-09 54327442+thbanasi@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/ContinuousDiagnostics&Mitigation/Analytic Rules/ContinuousDiagnostics&MitigationPostureChanged.yaml 54 48 1073 576 79 36 2022-05-30 2023-10-09 54327442+thbanasi@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Illusive Platform/Analytic Rules/Illusive_Detection_Query.yaml 67 90 1023 106 189 63 2022-07-19 2025-01-21 101796244+v-spadarthi@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/QualysVM/Parsers/QualysHostDetection.yaml 88 39 624 8 74 35 2023-08-22 2025-04-29 mkchiliveri@gmail.com v-atulyadav@microsoft.com Solutions/QualysVM/Analytic Rules/HighNumberofVulnDetectedV2.yaml 35 62 992 57 94 49 2022-08-19 2025-03-11 v-ntripathi@microsoft.com v-atulyadav@microsoft.com Solutions/QualysVM/Analytic Rules/NewHighSeverityVulnDetectedAcrossMulitpleHostsV2.yaml 28 46 992 576 74 39 2022-08-19 2023-10-09 v-ntripathi@microsoft.com mrudula.oruganti@gigamon.com Solutions/QualysVM/Data Connectors/requirements.psd1 7 29 992 576 49 28 2022-08-19 2023-10-09 v-ntripathi@microsoft.com mrudula.oruganti@gigamon.com Solutions/QualysVM/Data Connectors/AzureFunctionQualysVM_V2/run.ps1 285 34 992 8 54 31 2022-08-19 2025-04-29 v-ntripathi@microsoft.com v-atulyadav@microsoft.com Solutions/QualysVM/Data Connectors/profile.ps1 18 29 992 576 49 28 2022-08-19 2023-10-09 v-ntripathi@microsoft.com mrudula.oruganti@gigamon.com Solutions/Agari/Data Connectors/requirements.psd1 7 18 1099 576 21 16 2022-05-04 2023-10-09 104008048+v-atulyadav@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Agari/Data Connectors/AzureFunctionAgari/run.ps1 451 18 1099 576 21 16 2022-05-04 2023-10-09 104008048+v-atulyadav@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Agari/Data Connectors/profile.ps1 18 18 1099 576 21 16 2022-05-04 2023-10-09 104008048+v-atulyadav@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Cynerio/Parsers/CynerioEvent_NetworkSession.yaml 177 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Cynerio/Parsers/CynerioEvent_Authentication.yaml 48 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Cynerio/Analytic Rules/IoTWeakPasswords.yaml 35 31 666 293 60 35 2023-07-11 2024-07-18 merav@cynerio.co 164491672+shishirdw@users.noreply.github.com Solutions/Cynerio/Analytic Rules/SuspiciousConnections.yaml 33 31 666 293 60 35 2023-07-11 2024-07-18 merav@cynerio.co 164491672+shishirdw@users.noreply.github.com Solutions/Cynerio/Analytic Rules/IoTDefaultPasswords.yaml 35 31 666 293 60 35 2023-07-11 2024-07-18 merav@cynerio.co 164491672+shishirdw@users.noreply.github.com Solutions/Cynerio/Analytic Rules/IoTExploitationAttempts.yaml 36 31 666 293 60 35 2023-07-11 2024-07-18 merav@cynerio.co 164491672+shishirdw@users.noreply.github.com Solutions/Cynerio/Analytic Rules/MedicalDeviceScanning.yaml 32 31 666 293 60 35 2023-07-11 2024-07-18 merav@cynerio.co 164491672+shishirdw@users.noreply.github.com Solutions/DomainTools/Parsers/DomainToolsDNS.yaml 37 15 313 106 40 17 2024-06-28 2025-01-21 vrambatza@loginsoft.com 128674128+v1managedservices@users.noreply.github.com Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/ReturnDomainsFromSearchHash/__init__.py 95 12 313 106 33 16 2024-06-28 2025-01-21 vrambatza@loginsoft.com 128674128+v1managedservices@users.noreply.github.com Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/PivotByRegistrantOrg/__init__.py 95 12 313 106 33 16 2024-06-28 2025-01-21 vrambatza@loginsoft.com 128674128+v1managedservices@users.noreply.github.com Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/PivotByRegistrantName/__init__.py 95 12 313 106 33 16 2024-06-28 2025-01-21 vrambatza@loginsoft.com 128674128+v1managedservices@users.noreply.github.com Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/ReverseEmailDomain/__init__.py 95 12 313 106 33 16 2024-06-28 2025-01-21 vrambatza@loginsoft.com 128674128+v1managedservices@users.noreply.github.com Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/ReverseIP/__init__.py 95 12 313 106 33 16 2024-06-28 2025-01-21 vrambatza@loginsoft.com 128674128+v1managedservices@users.noreply.github.com Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/InvestigateDomain/__init__.py 458 12 313 106 33 16 2024-06-28 2025-01-21 vrambatza@loginsoft.com 128674128+v1managedservices@users.noreply.github.com Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/PivotSSLEmail/__init__.py 95 12 313 106 33 16 2024-06-28 2025-01-21 vrambatza@loginsoft.com 128674128+v1managedservices@users.noreply.github.com Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/ReverseIPHost-Domains/__init__.py 74 12 313 106 33 16 2024-06-28 2025-01-21 vrambatza@loginsoft.com 128674128+v1managedservices@users.noreply.github.com Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/EnrichDomain/__init__.py 306 12 313 106 33 16 2024-06-28 2025-01-21 vrambatza@loginsoft.com 128674128+v1managedservices@users.noreply.github.com Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/EnrichDomain/utils.py 74 12 313 106 33 16 2024-06-28 2025-01-21 vrambatza@loginsoft.com 128674128+v1managedservices@users.noreply.github.com Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/PivotMXHost/__init__.py 95 12 313 106 33 16 2024-06-28 2025-01-21 vrambatza@loginsoft.com 128674128+v1managedservices@users.noreply.github.com Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/DomainRiskScore/__init__.py 70 27 313 58 53 24 2024-06-28 2025-03-10 vrambatza@loginsoft.com idoshabi@microsoft.com Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/ReturnTaggedWithAll/__init__.py 95 12 313 106 33 16 2024-06-28 2025-01-21 vrambatza@loginsoft.com 128674128+v1managedservices@users.noreply.github.com Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/PivotByMXIP/__init__.py 95 12 313 106 33 16 2024-06-28 2025-01-21 vrambatza@loginsoft.com 128674128+v1managedservices@users.noreply.github.com Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/DomainSearch/__init__.py 113 12 313 106 33 16 2024-06-28 2025-01-21 vrambatza@loginsoft.com 128674128+v1managedservices@users.noreply.github.com Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/PivotNameServerHost/__init__.py 95 12 313 106 33 16 2024-06-28 2025-01-21 vrambatza@loginsoft.com 128674128+v1managedservices@users.noreply.github.com Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/DomainProfile/__init__.py 70 12 313 106 33 16 2024-06-28 2025-01-21 vrambatza@loginsoft.com 128674128+v1managedservices@users.noreply.github.com Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/WhoisHistory/__init__.py 87 12 313 106 33 16 2024-06-28 2025-01-21 vrambatza@loginsoft.com 128674128+v1managedservices@users.noreply.github.com Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/WhoisLookup/__init__.py 70 12 313 106 33 16 2024-06-28 2025-01-21 vrambatza@loginsoft.com 128674128+v1managedservices@users.noreply.github.com Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/ParsedWhois/__init__.py 111 12 313 106 33 16 2024-06-28 2025-01-21 vrambatza@loginsoft.com 128674128+v1managedservices@users.noreply.github.com Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/ReverseWhois/__init__.py 83 12 313 106 33 16 2024-06-28 2025-01-21 vrambatza@loginsoft.com 128674128+v1managedservices@users.noreply.github.com Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/Evidence/__init__.py 70 12 313 106 33 16 2024-06-28 2025-01-21 vrambatza@loginsoft.com 128674128+v1managedservices@users.noreply.github.com Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/ReverseIPWhois/__init__.py 95 12 313 106 33 16 2024-06-28 2025-01-21 vrambatza@loginsoft.com 128674128+v1managedservices@users.noreply.github.com Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/ReturnTaggedWithAny/__init__.py 95 12 313 106 33 16 2024-06-28 2025-01-21 vrambatza@loginsoft.com 128674128+v1managedservices@users.noreply.github.com Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/PivotByNameserverIPAddress/__init__.py 95 12 313 106 33 16 2024-06-28 2025-01-21 vrambatza@loginsoft.com 128674128+v1managedservices@users.noreply.github.com Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/ReverseEmail/__init__.py 95 12 313 106 33 16 2024-06-28 2025-01-21 vrambatza@loginsoft.com 128674128+v1managedservices@users.noreply.github.com Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/ClassicReverseIP/__init__.py 74 12 313 106 33 16 2024-06-28 2025-01-21 vrambatza@loginsoft.com 128674128+v1managedservices@users.noreply.github.com Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/PivotBySSLHash/__init__.py 95 12 313 106 33 16 2024-06-28 2025-01-21 vrambatza@loginsoft.com 128674128+v1managedservices@users.noreply.github.com Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/ReverseNameServer/__init__.py 74 12 313 106 33 16 2024-06-28 2025-01-21 vrambatza@loginsoft.com 128674128+v1managedservices@users.noreply.github.com Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/HostingHistory/__init__.py 70 12 313 106 33 16 2024-06-28 2025-01-21 vrambatza@loginsoft.com 128674128+v1managedservices@users.noreply.github.com Solutions/ImpervaCloudWAF/Hunting Queries/ImpervaTopApplicationsErrors.yaml 29 15 1269 845 25 16 2021-11-15 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/ImpervaCloudWAF/Hunting Queries/ImpervaRareDstPorts.yaml 24 41 1269 293 66 45 2021-11-15 2024-07-18 sp@socprime.com 164491672+shishirdw@users.noreply.github.com Solutions/ImpervaCloudWAF/Hunting Queries/ImpervaInsecureWebProtocolVersion.yaml 24 15 1269 845 25 16 2021-11-15 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/ImpervaCloudWAF/Hunting Queries/ImpervaRareApplications.yaml 25 15 1269 845 25 16 2021-11-15 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/ImpervaCloudWAF/Hunting Queries/ImpervaRequestsFromBots.yaml 24 15 1269 845 25 16 2021-11-15 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/ImpervaCloudWAF/Hunting Queries/ImpervaRareClientApplications.yaml 25 15 1269 845 25 16 2021-11-15 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/ImpervaCloudWAF/Hunting Queries/ImpervaTopSourcesErrors.yaml 25 15 1269 845 25 16 2021-11-15 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/ImpervaCloudWAF/Hunting Queries/ImpervaDestinationBlocked.yaml 27 15 1269 845 25 16 2021-11-15 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/ImpervaCloudWAF/Hunting Queries/ImpervaNonWebApplication.yaml 24 15 1269 845 25 16 2021-11-15 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/ImpervaCloudWAF/Hunting Queries/ImpervaSourceBlocked.yaml 27 15 1269 845 25 16 2021-11-15 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/ImpervaCloudWAF/Parsers/ImpervaWAFCloud.yaml 48 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/ImpervaCloudWAF/Analytic Rules/ImpervaAdminPanelUncommonIp.yaml 31 57 1269 576 90 47 2021-11-15 2023-10-09 sp@socprime.com mrudula.oruganti@gigamon.com Solutions/ImpervaCloudWAF/Analytic Rules/ImpervaForbiddenCountry.yaml 32 46 1269 770 75 42 2021-11-15 2023-03-29 sp@socprime.com 63061287+noamlandress@users.noreply.github.com Solutions/ImpervaCloudWAF/Analytic Rules/ImpervaMultipleUAsSource.yaml 4 54 1269 770 86 45 2021-11-15 2023-03-29 sp@socprime.com 63061287+noamlandress@users.noreply.github.com Solutions/ImpervaCloudWAF/Analytic Rules/ImpervaMaliciousClient.yaml 35 58 1269 576 91 47 2021-11-15 2023-10-09 sp@socprime.com mrudula.oruganti@gigamon.com Solutions/ImpervaCloudWAF/Analytic Rules/ImpervaForbiddenMethod.yaml 35 46 1269 770 74 42 2021-11-15 2023-03-29 sp@socprime.com 63061287+noamlandress@users.noreply.github.com Solutions/ImpervaCloudWAF/Analytic Rules/ImpervaSuspiciousDstPort.yaml 32 57 1269 576 90 47 2021-11-15 2023-10-09 sp@socprime.com mrudula.oruganti@gigamon.com Solutions/ImpervaCloudWAF/Analytic Rules/ImpervaAttackNotBlocked.yaml 31 58 1269 576 91 47 2021-11-15 2023-10-09 sp@socprime.com mrudula.oruganti@gigamon.com Solutions/ImpervaCloudWAF/Analytic Rules/ImpervaMaliciousUA.yaml 31 57 1266 576 90 47 2021-11-18 2023-10-09 sp@socprime.com mrudula.oruganti@gigamon.com Solutions/ImpervaCloudWAF/Analytic Rules/ImpervaCommandInUri.yaml 31 57 1269 576 90 47 2021-11-15 2023-10-09 sp@socprime.com mrudula.oruganti@gigamon.com Solutions/ImpervaCloudWAF/Analytic Rules/ImpervaAbnormalProtocolUsage.yaml 31 47 1269 770 75 42 2021-11-15 2023-03-29 sp@socprime.com 63061287+noamlandress@users.noreply.github.com Solutions/ImpervaCloudWAF/Data Connectors/ImpervaWAFCloudSentinelConnector/__init__.py 221 113 1408 8 187 91 2021-06-29 2025-04-29 ov@socprime.com v-atulyadav@microsoft.com Solutions/ImpervaCloudWAF/Data Connectors/ImpervaWAFCloudSentinelConnector/state_manager.py 18 17 1408 576 20 17 2021-06-29 2023-10-09 ov@socprime.com mrudula.oruganti@gigamon.com Solutions/Web Session Essentials/Hunting Queries/ThreatInfoFoundInWebRequests.yaml 51 35 720 293 61 35 2023-05-18 2024-07-18 vakohl@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Web Session Essentials/Hunting Queries/RequestFromBotsAndCrawlers.yaml 42 34 720 293 60 35 2023-05-18 2024-07-18 vakohl@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Web Session Essentials/Hunting Queries/PotentialBeaconingDetected_TimeDelta.yaml 58 36 719 293 62 35 2023-05-19 2024-07-18 vakohl@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Web Session Essentials/Hunting Queries/PotentialBeaconingDetected_LimitedDomainBased.yaml 54 38 718 293 64 35 2023-05-20 2024-07-18 vakohl@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Web Session Essentials/Hunting Queries/IPAddressInURL.yaml 55 35 721 293 62 35 2023-05-17 2024-07-18 vakohl@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Web Session Essentials/Hunting Queries/ExcessiveForbiddenRequestsDetected.yaml 50 35 720 293 61 35 2023-05-18 2024-07-18 vakohl@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Web Session Essentials/Hunting Queries/PotentialBeaconingDetected_SimilarSrcBytes.yaml 53 37 719 293 63 35 2023-05-19 2024-07-18 vakohl@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Web Session Essentials/Hunting Queries/KaliLinuxUserAgentDetected.yaml 20 35 721 293 61 35 2023-05-17 2024-07-18 vakohl@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Web Session Essentials/Hunting Queries/EmptyUserAgent.yaml 65 38 728 293 65 35 2023-05-10 2024-07-18 97222872+vakohl@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Web Session Essentials/Analytic Rules/ThreatInfoFoundInWebRequests.yaml 90 35 720 293 62 35 2023-05-18 2024-07-18 vakohl@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Web Session Essentials/Analytic Rules/KnownMaliciousUserAgents.yaml 84 38 728 293 66 35 2023-05-10 2024-07-18 97222872+vakohl@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Web Session Essentials/Analytic Rules/LocalFileInclusion-LFI.yaml 80 34 710 293 60 35 2023-05-28 2024-07-18 vakohl@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Web Session Essentials/Analytic Rules/RequestToPotentiallyHarmfulFileTypes.yaml 112 31 678 293 57 35 2023-06-29 2024-07-18 vakohl@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Web Session Essentials/Analytic Rules/RareUserAgentDetected.yaml 149 54 728 261 92 48 2023-05-10 2024-08-19 97222872+vakohl@users.noreply.github.com v-prasadboke@microsoft.com Solutions/Web Session Essentials/Analytic Rules/DiscordCDNRiskyFileDownload.yaml 90 40 724 293 67 36 2023-05-14 2024-07-18 vakohl@ame.gbl 164491672+shishirdw@users.noreply.github.com Solutions/Web Session Essentials/Analytic Rules/MultipleClientErrorsWithinShortTime.yaml 67 37 722 293 68 36 2023-05-16 2024-07-18 vakohl@ame.gbl 164491672+shishirdw@users.noreply.github.com Solutions/Web Session Essentials/Analytic Rules/MultipleUAsFromSingleIP.yaml 62 53 728 261 90 48 2023-05-10 2024-08-19 97222872+vakohl@users.noreply.github.com v-prasadboke@microsoft.com Solutions/Web Session Essentials/Analytic Rules/PotentionalFileEnumeration.yaml 75 37 722 293 64 36 2023-05-16 2024-07-18 vakohl@ame.gbl 164491672+shishirdw@users.noreply.github.com Solutions/Web Session Essentials/Analytic Rules/DataExfiltrationTimeSeriesAnomaly.yaml 245 55 726 261 94 49 2023-05-12 2024-08-19 vakohl@ame.gbl v-prasadboke@microsoft.com Solutions/Web Session Essentials/Analytic Rules/PossibleMaliciousDoubleExtension.yaml 88 54 724 261 94 49 2023-05-14 2024-08-19 vakohl@ame.gbl v-prasadboke@microsoft.com Solutions/Web Session Essentials/Analytic Rules/PrivateIPInURL.yaml 110 57 728 261 95 48 2023-05-10 2024-08-19 97222872+vakohl@users.noreply.github.com v-prasadboke@microsoft.com Solutions/Web Session Essentials/Analytic Rules/RarelyRequestedResources.yaml 101 78 722 261 147 56 2023-05-16 2024-08-19 vakohl@ame.gbl v-prasadboke@microsoft.com Solutions/Web Session Essentials/Analytic Rules/MultipleServerErrorsWithinShortTime.yaml 70 37 722 293 68 36 2023-05-16 2024-07-18 vakohl@ame.gbl 164491672+shishirdw@users.noreply.github.com Solutions/Web Session Essentials/Analytic Rules/CommandInURL.yaml 81 55 722 261 88 48 2023-05-16 2024-08-19 vakohl@ame.gbl v-prasadboke@microsoft.com Solutions/Salesforce Service Cloud/Parsers/SalesforceServiceCloud.yaml 227 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Salesforce Service Cloud/Analytic Rules/Salesforce-PasswordSpray.yaml 34 61 973 13 86 41 2022-09-07 2025-04-24 rushriva@microsoft.com v-prasadboke@microsoft.com Solutions/Salesforce Service Cloud/Analytic Rules/Salesforce-BruteForce.yaml 52 73 973 26 107 52 2022-09-07 2025-04-11 rushriva@microsoft.com bartleyriley@gmail.com Solutions/Salesforce Service Cloud/Analytic Rules/Salesforce-SigninsMultipleCountries.yaml 41 61 973 13 85 41 2022-09-07 2025-04-24 rushriva@microsoft.com v-prasadboke@microsoft.com Solutions/Salesforce Service Cloud/Data Connectors/SalesforceSentinelConnector/__init__.py 239 87 1086 57 148 81 2022-05-17 2025-03-11 101796244+v-spadarthi@users.noreply.github.com v-atulyadav@microsoft.com Solutions/Trend Micro Deep Security/Parsers/TrendMicroDeepSecurity.yaml 38 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Blackberry CylancePROTECT/Parsers/CylancePROTECT.yaml 127 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Blackberry CylancePROTECT/Parsers/CylancePROTECT-old.yaml 126 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/OSSEC/Parsers/OSSECEvent.yaml 58 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/ZeroNetworks/Hunting Queries/ZNSegmentOutboundBlockRulesDeleted.yaml 34 25 926 576 32 26 2022-10-24 2023-10-09 nicholas.dicola@outlook.com mrudula.oruganti@gigamon.com Solutions/ZeroNetworks/Hunting Queries/ZNSegmentInboundBlockRulesDeleted.yaml 34 25 926 576 32 26 2022-10-24 2023-10-09 nicholas.dicola@outlook.com mrudula.oruganti@gigamon.com Solutions/ZeroNetworks/Hunting Queries/ZNSegmentExcessiveAccesstoBuiltinGroupbyUser.yaml 39 25 926 576 32 26 2022-10-24 2023-10-09 nicholas.dicola@outlook.com mrudula.oruganti@gigamon.com Solutions/ZeroNetworks/Hunting Queries/ZNSegmentExcessiveAccessbyUser.yaml 39 25 926 576 32 26 2022-10-24 2023-10-09 nicholas.dicola@outlook.com mrudula.oruganti@gigamon.com Solutions/ZeroNetworks/Parsers/ZNSegmentAudit.yaml 208 57 624 58 95 41 2023-08-22 2025-03-10 mkchiliveri@gmail.com idoshabi@microsoft.com Solutions/ZeroNetworks/Playbooks/ZeroNetworksConnector/ZeroNetworks-swagger.yaml 379 28 751 293 37 31 2023-04-17 2024-07-18 v-rbajaj@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/ZeroNetworks/Analytic Rules/ZNSegmentRareJITRuleCreation.yaml 51 39 925 576 54 36 2022-10-25 2023-10-09 nicholas.dicola@outlook.com mrudula.oruganti@gigamon.com Solutions/ZeroNetworks/Analytic Rules/ZNSegmentMachineRemovedfromProtection.yaml 35 25 925 576 32 26 2022-10-25 2023-10-09 nicholas.dicola@outlook.com mrudula.oruganti@gigamon.com Solutions/ZeroNetworks/Analytic Rules/ZNSegmentNewAPIToken.yaml 31 25 925 576 32 26 2022-10-25 2023-10-09 nicholas.dicola@outlook.com mrudula.oruganti@gigamon.com Solutions/ZeroNetworks/Data Connectors/SegmentFunctionConnector/AzureFunction_ZeroNetworks_Segment_Audit/requirements.psd1 7 26 926 576 33 26 2022-10-24 2023-10-09 nicholas.dicola@outlook.com mrudula.oruganti@gigamon.com Solutions/ZeroNetworks/Data Connectors/SegmentFunctionConnector/AzureFunction_ZeroNetworks_Segment_Audit/ZeroNetworks_Segment_Audit_TimeTrigger/run.ps1 129 25 926 576 32 26 2022-10-24 2023-10-09 nicholas.dicola@outlook.com mrudula.oruganti@gigamon.com Solutions/ZeroNetworks/Data Connectors/SegmentFunctionConnector/AzureFunction_ZeroNetworks_Segment_Audit/profile.ps1 18 25 926 576 32 26 2022-10-24 2023-10-09 nicholas.dicola@outlook.com mrudula.oruganti@gigamon.com Solutions/Trend Micro Apex One/Hunting Queries/TMApexOneSuspiciousFiles.yaml 27 72 1224 58 135 56 2021-12-30 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/Trend Micro Apex One/Hunting Queries/TMApexOneDataLossPreventionAction.yaml 69 84 1224 58 173 64 2021-12-30 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/Trend Micro Apex One/Hunting Queries/TMApexOneChannelType.yaml 75 97 1224 58 172 67 2021-12-30 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/Trend Micro Apex One/Hunting Queries/TMApexOneBehaviorMonitoringTranslatedOperation.yaml 46 97 1224 58 172 67 2021-12-30 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/Trend Micro Apex One/Hunting Queries/TMApexOneRareAppProtocolByIP.yaml 148 100 1224 58 190 75 2021-12-30 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/Trend Micro Apex One/Hunting Queries/TMApexOneBehaviorMonitoringTranslatedAction.yaml 45 72 1224 58 135 56 2021-12-30 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/Trend Micro Apex One/Hunting Queries/TMApexOneSpywareDetection.yaml 27 72 1224 58 135 56 2021-12-30 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/Trend Micro Apex One/Hunting Queries/TMApexOneBehaviorMonitoringTypesOfEvent.yaml 38 72 1224 58 135 56 2021-12-30 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/Trend Micro Apex One/Hunting Queries/TMApexOneTopSources.yaml 39 72 1224 58 135 56 2021-12-30 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/Trend Micro Apex One/Hunting Queries/TMApexOneBehaviorMonitoringTriggeredPolicy.yaml 46 72 1224 58 135 56 2021-12-30 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/Trend Micro Apex One/Parsers/TMApexOneEvent.yaml 79 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Trend Micro Apex One/Analytic Rules/TMApexOnePossibleExploitOrExecuteOperation.yaml 36 122 1224 58 227 85 2021-12-30 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/Trend Micro Apex One/Analytic Rules/TMApexOneDvcAccessPermissionWasChanged.yaml 46 105 1224 58 203 77 2021-12-30 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/Trend Micro Apex One/Analytic Rules/TMApexOneMultipleDenyOrTerminateActionOnSingleIp.yaml 33 100 1224 58 190 75 2021-12-30 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/Trend Micro Apex One/Analytic Rules/TMApexOneInboundRemoteAccess.yaml 35 101 1224 58 191 75 2021-12-30 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/Trend Micro Apex One/Analytic Rules/TMApexOneRiskCnCEvents.yaml 33 101 1224 58 191 75 2021-12-30 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/Trend Micro Apex One/Analytic Rules/TMApexOneCommandLineSuspiciousRequests.yaml 34 100 1224 58 190 75 2021-12-30 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/Trend Micro Apex One/Analytic Rules/TMApexOneSpywareWithFailedResponse.yaml 34 100 1224 58 190 75 2021-12-30 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/Trend Micro Apex One/Analytic Rules/TMApexOneAttackDiscoveryDetectionRisks.yaml 33 102 1224 58 193 77 2021-12-30 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/Trend Micro Apex One/Analytic Rules/TMApexOneSuspiciousConnections.yaml 35 100 1224 58 190 75 2021-12-30 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/Cisco ISE/Hunting Queries/CiscoISESourceHighNumberAuthenticationErrors.yaml 18 48 1538 58 75 45 2021-02-19 2025-03-10 ndicola@microsoft.com idoshabi@microsoft.com Solutions/Cisco ISE/Hunting Queries/CiscoISEFailedAuthentication.yaml 16 48 1538 58 75 45 2021-02-19 2025-03-10 ndicola@microsoft.com idoshabi@microsoft.com Solutions/Cisco ISE/Hunting Queries/CiscoISEFailedLoginsSSHCLI.yaml 16 48 1538 58 75 45 2021-02-19 2025-03-10 ndicola@microsoft.com idoshabi@microsoft.com Solutions/Cisco ISE/Hunting Queries/CiscoISEGuestAuthenticationSuccess.yaml 20 48 1538 58 75 45 2021-02-19 2025-03-10 ndicola@microsoft.com idoshabi@microsoft.com Solutions/Cisco ISE/Hunting Queries/CiscoISEExpiredCertInClientCertChain.yaml 13 48 1538 58 75 45 2021-02-19 2025-03-10 ndicola@microsoft.com idoshabi@microsoft.com Solutions/Cisco ISE/Hunting Queries/CiscoISEAuthenticationToSuspendedAccount.yaml 16 48 1538 58 75 45 2021-02-19 2025-03-10 ndicola@microsoft.com idoshabi@microsoft.com Solutions/Cisco ISE/Hunting Queries/CiscoISEDynamicAuthorizationFailed.yaml 17 48 1538 58 75 45 2021-02-19 2025-03-10 ndicola@microsoft.com idoshabi@microsoft.com Solutions/Cisco ISE/Hunting Queries/CiscoISERareUserAgent.yaml 24 48 1538 58 75 45 2021-02-19 2025-03-10 ndicola@microsoft.com idoshabi@microsoft.com Solutions/Cisco ISE/Hunting Queries/CiscoISESuspendLogCollector.yaml 15 48 1538 58 75 45 2021-02-19 2025-03-10 ndicola@microsoft.com idoshabi@microsoft.com Solutions/Cisco ISE/Hunting Queries/CiscoISEGuestAuthenticationFailed.yaml 15 48 1538 58 75 45 2021-02-19 2025-03-10 ndicola@microsoft.com idoshabi@microsoft.com Solutions/Cisco ISE/Analytic Rules/CiscoISEDeviceChangedIP.yaml 45 106 1538 58 176 92 2021-02-19 2025-03-10 ndicola@microsoft.com idoshabi@microsoft.com Solutions/Cisco ISE/Analytic Rules/CiscoISELogCollectorSuspended.yaml 32 106 1538 58 176 92 2021-02-19 2025-03-10 ndicola@microsoft.com idoshabi@microsoft.com Solutions/Cisco ISE/Analytic Rules/CiscoISEBackupFailed.yaml 37 106 1538 58 176 92 2021-02-19 2025-03-10 ndicola@microsoft.com idoshabi@microsoft.com Solutions/Cisco ISE/Analytic Rules/CiscoISEAdminPasswordReset.yaml 38 106 1538 58 176 92 2021-02-19 2025-03-10 ndicola@microsoft.com idoshabi@microsoft.com Solutions/Cisco ISE/Analytic Rules/CiscoISEDevicePostureStatusChanged.yaml 41 106 1538 58 176 92 2021-02-19 2025-03-10 ndicola@microsoft.com idoshabi@microsoft.com Solutions/Cisco ISE/Analytic Rules/CiscoISECertExpired.yaml 42 106 1538 58 176 92 2021-02-19 2025-03-10 ndicola@microsoft.com idoshabi@microsoft.com Solutions/Cisco ISE/Analytic Rules/CiscoISELogsDeleted.yaml 42 106 1538 58 176 92 2021-02-19 2025-03-10 ndicola@microsoft.com idoshabi@microsoft.com Solutions/Cisco ISE/Analytic Rules/CiscoISECmdExecutionWithHighestPrivilegesNewIP.yaml 51 132 1538 58 238 119 2021-02-19 2025-03-10 ndicola@microsoft.com idoshabi@microsoft.com Solutions/Cisco ISE/Analytic Rules/CiscoISECmdExecutionWithHighestPrivilegesNewUser.yaml 51 132 1538 58 238 119 2021-02-19 2025-03-10 ndicola@microsoft.com idoshabi@microsoft.com Solutions/Cisco ISE/Analytic Rules/CiscoISEAttempDeleteLocalStoreLogs.yaml 42 106 1538 58 176 92 2021-02-19 2025-03-10 ndicola@microsoft.com idoshabi@microsoft.com Solutions/VMWareESXi/Hunting Queries/ESXiVMHighLoad.yaml 28 39 1255 58 55 37 2021-11-29 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/VMWareESXi/Hunting Queries/ESXiUnusedVMs.yaml 57 67 1255 58 94 53 2021-11-29 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/VMWareESXi/Hunting Queries/ESXiRootLoginFailure.yaml 25 39 1255 58 55 37 2021-11-29 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/VMWareESXi/Hunting Queries/ESXiRootLogins.yaml 25 39 1255 58 55 37 2021-11-29 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/VMWareESXi/Hunting Queries/ESXiVirtualImagesList.yaml 26 39 1255 58 55 37 2021-11-29 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/VMWareESXi/Hunting Queries/ESXiVMPoweredOn.yaml 26 39 1255 58 55 37 2021-11-29 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/VMWareESXi/Hunting Queries/ESXiDormantUsers.yaml 25 39 1255 58 55 37 2021-11-29 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/VMWareESXi/Hunting Queries/ESXiNFCDownloadActivities.yaml 27 67 1255 58 94 53 2021-11-29 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/VMWareESXi/Hunting Queries/ESXiVMPoweredOff.yaml 26 39 1255 58 55 37 2021-11-29 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/VMWareESXi/Hunting Queries/ESXiDownloadErrors.yaml 23 39 1255 58 55 37 2021-11-29 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/VMWareESXi/Parsers/VMwareESXi.yaml 23 60 624 106 114 46 2023-08-22 2025-01-21 mkchiliveri@gmail.com 128674128+v1managedservices@users.noreply.github.com Solutions/VMWareESXi/Analytic Rules/ESXiDormantVMStarted.yaml 57 110 1255 58 177 94 2021-11-29 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/VMWareESXi/Analytic Rules/ESXiSharedOrStolenRootAccount.yaml 33 85 1255 58 125 69 2021-11-29 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/VMWareESXi/Analytic Rules/ESXiLowTempDirSpace.yaml 33 78 1255 58 116 65 2021-11-29 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/VMWareESXi/Analytic Rules/ESXiRootLogin.yaml 40 86 1255 58 125 69 2021-11-29 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/VMWareESXi/Analytic Rules/ESXiVMStopped.yaml 35 78 1255 58 116 65 2021-11-29 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/VMWareESXi/Analytic Rules/ESXiNewVM.yaml 39 77 1255 58 115 65 2021-11-29 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/VMWareESXi/Analytic Rules/ESXiLowPatchDiskSpace.yaml 33 77 1255 58 115 65 2021-11-29 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/VMWareESXi/Analytic Rules/ESXiMultipleNewVM.yaml 46 109 1255 58 179 98 2021-11-29 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/VMWareESXi/Analytic Rules/ESXiMultipleVMStopped.yaml 43 109 1255 58 178 98 2021-11-29 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/VMWareESXi/Analytic Rules/ESXiUnexpectedDiskImage.yaml 39 78 1255 58 116 65 2021-11-29 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/VMWareESXi/Analytic Rules/ESXiRootImpersonation.yaml 30 78 1255 58 116 65 2021-11-29 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/VMware SD-WAN and SASE/Hunting Queries/VECOfrequentFailedLogins.yaml 27 22 528 268 32 22 2023-11-26 2024-08-12 slaszlo@vmware.com 62938807+haim-na@users.noreply.github.com Solutions/VMware SD-WAN and SASE/Analytic Rules/vmw-sdwan-orchestrator-config-change.yaml 45 22 528 268 34 22 2023-11-26 2024-08-12 slaszlo@vmware.com 62938807+haim-na@users.noreply.github.com Solutions/VMware SD-WAN and SASE/Analytic Rules/vmw-sdwan-device-congestion.yaml 39 23 528 268 35 22 2023-11-26 2024-08-12 slaszlo@vmware.com 62938807+haim-na@users.noreply.github.com Solutions/VMware SD-WAN and SASE/Analytic Rules/vmw-sase-cws-policy-publish.yaml 39 22 528 268 33 22 2023-11-26 2024-08-12 slaszlo@vmware.com 62938807+haim-na@users.noreply.github.com Solutions/VMware SD-WAN and SASE/Analytic Rules/vmw-sase-cwsdlp-violation.yaml 51 22 528 268 35 22 2023-11-26 2024-08-12 slaszlo@vmware.com 62938807+haim-na@users.noreply.github.com Solutions/VMware SD-WAN and SASE/Analytic Rules/vmw-sdwan-idps-alert-syslog.yaml 86 22 528 268 32 22 2023-11-26 2024-08-12 slaszlo@vmware.com 62938807+haim-na@users.noreply.github.com Solutions/VMware SD-WAN and SASE/Analytic Rules/vmw-sdwan-nsd-cssdown.yaml 38 22 528 268 34 22 2023-11-26 2024-08-12 slaszlo@vmware.com 62938807+haim-na@users.noreply.github.com Solutions/VMware SD-WAN and SASE/Analytic Rules/vmw-sase-cws-policyviolation.yaml 48 22 528 268 36 22 2023-11-26 2024-08-12 slaszlo@vmware.com 62938807+haim-na@users.noreply.github.com Solutions/VMware SD-WAN and SASE/Analytic Rules/vmw-sdwan-idps-alert-api.yaml 51 22 528 268 34 22 2023-11-26 2024-08-12 slaszlo@vmware.com 62938807+haim-na@users.noreply.github.com Solutions/VMware SD-WAN and SASE/Analytic Rules/vmw-sdwan-idps-update-success.yaml 43 23 528 268 35 22 2023-11-26 2024-08-12 slaszlo@vmware.com 62938807+haim-na@users.noreply.github.com Solutions/VMware SD-WAN and SASE/Analytic Rules/vmw-sase-cws-policychange.yaml 45 22 528 268 33 22 2023-11-26 2024-08-12 slaszlo@vmware.com 62938807+haim-na@users.noreply.github.com Solutions/VMware SD-WAN and SASE/Analytic Rules/vmw-sdwan-lanside-devicedetect.yaml 51 22 528 268 33 22 2023-11-26 2024-08-12 slaszlo@vmware.com 62938807+haim-na@users.noreply.github.com Solutions/VMware SD-WAN and SASE/Analytic Rules/vmw-sdwan-rpfcheck.yaml 66 22 528 268 32 22 2023-11-26 2024-08-12 slaszlo@vmware.com 62938807+haim-na@users.noreply.github.com Solutions/VMware SD-WAN and SASE/Analytic Rules/vmw-sdwan-idps-updatefailed.yaml 45 23 528 268 35 22 2023-11-26 2024-08-12 slaszlo@vmware.com 62938807+haim-na@users.noreply.github.com Solutions/VMware SD-WAN and SASE/Analytic Rules/vmw-sdwan-ipfrag-attempt.yaml 67 22 528 268 33 22 2023-11-26 2024-08-12 slaszlo@vmware.com 62938807+haim-na@users.noreply.github.com Solutions/VMware SD-WAN and SASE/Data Connectors/Function App Connector/vmw_sdwan_sase_funcapp/sdwan_efslogs/__init__.py 547 20 483 268 30 22 2024-01-10 2024-08-12 slaszlo@vmware.com 62938807+haim-na@users.noreply.github.com Solutions/VMware SD-WAN and SASE/Data Connectors/Function App Connector/vmw_sdwan_sase_funcapp/cws_healthcheck/__init__.py 179 20 483 268 30 22 2024-01-10 2024-08-12 slaszlo@vmware.com 62938807+haim-na@users.noreply.github.com Solutions/VMware SD-WAN and SASE/Data Connectors/Function App Connector/vmw_sdwan_sase_funcapp/sdwan_auditlogs/__init__.py 291 20 483 268 30 22 2024-01-10 2024-08-12 slaszlo@vmware.com 62938807+haim-na@users.noreply.github.com Solutions/VMware SD-WAN and SASE/Data Connectors/Function App Connector/vmw_sdwan_sase_funcapp/cws_weblogs/__init__.py 248 20 483 268 30 22 2024-01-10 2024-08-12 slaszlo@vmware.com 62938807+haim-na@users.noreply.github.com Solutions/VMware SD-WAN and SASE/Data Connectors/Function App Connector/vmw_sdwan_sase_funcapp/cws_dlplogs/__init__.py 283 20 483 268 30 22 2024-01-10 2024-08-12 slaszlo@vmware.com 62938807+haim-na@users.noreply.github.com Solutions/GitLab/Parsers/GitLabAccess.yaml 15 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/GitLab/Parsers/GitLabApp.yaml 24 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/GitLab/Parsers/GitLabAudit.yaml 35 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/GitLab/Analytic Rules/GitLab_BruteForce.yaml 48 58 1156 57 100 49 2022-03-08 2025-03-11 guillaume.benats@gmail.com v-atulyadav@microsoft.com Solutions/GitLab/Analytic Rules/GitLab_Impersonation.yaml 48 78 1156 57 132 62 2022-03-08 2025-03-11 guillaume.benats@gmail.com v-atulyadav@microsoft.com Solutions/GitLab/Analytic Rules/GitLab_RepoVisibilityChange.yaml 39 58 1156 57 97 49 2022-03-08 2025-03-11 guillaume.benats@gmail.com v-atulyadav@microsoft.com Solutions/GitLab/Analytic Rules/GitLab_SignInBurst.yaml 34 70 1156 293 134 63 2022-03-08 2024-07-18 guillaume.benats@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/GitLab/Analytic Rules/GitLab_ExternalUser.yaml 49 58 1156 57 100 49 2022-03-08 2025-03-11 guillaume.benats@gmail.com v-atulyadav@microsoft.com Solutions/GitLab/Analytic Rules/GitLab_MaliciousIP.yaml 49 87 1156 57 159 75 2022-03-08 2025-03-11 guillaume.benats@gmail.com v-atulyadav@microsoft.com Solutions/GitLab/Analytic Rules/GitLab_LocalAuthNoMFA.yaml 33 57 1156 57 95 49 2022-03-08 2025-03-11 guillaume.benats@gmail.com v-atulyadav@microsoft.com Solutions/GitLab/Analytic Rules/GitLab_Repo_Deletion.yaml 52 57 1156 57 96 49 2022-03-08 2025-03-11 guillaume.benats@gmail.com v-atulyadav@microsoft.com Solutions/GitLab/Analytic Rules/GitLab_PAT_Repo.yaml 36 57 1156 57 97 49 2022-03-08 2025-03-11 guillaume.benats@gmail.com v-atulyadav@microsoft.com Solutions/Azure DDoS Protection/Analytic Rules/AttackSourcesPPSThreshold.yaml 34 65 997 457 107 55 2022-08-14 2024-02-05 107394676+netta11@users.noreply.github.com 86425481+seanmacdonald8@users.noreply.github.com Solutions/Azure DDoS Protection/Analytic Rules/AttackSourcesPercentThreshold.yaml 38 65 997 457 107 55 2022-08-14 2024-02-05 107394676+netta11@users.noreply.github.com 86425481+seanmacdonald8@users.noreply.github.com Solutions/Ivanti Unified Endpoint Management/Parsers/IvantiUEMEvent.yaml 22 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Cisco Secure Endpoint/Hunting Queries/CiscoSEModifiedAgent.yaml 24 69 1056 293 105 60 2022-06-16 2024-07-18 v-sabiraj@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Cisco Secure Endpoint/Hunting Queries/CiscoSEScannedFiles.yaml 24 33 1056 576 49 25 2022-06-16 2023-10-09 v-sabiraj@microsoft.com mrudula.oruganti@gigamon.com Solutions/Cisco Secure Endpoint/Hunting Queries/CiscoSELoginsToConsole.yaml 24 33 1056 576 49 25 2022-06-16 2023-10-09 v-sabiraj@microsoft.com mrudula.oruganti@gigamon.com Solutions/Cisco Secure Endpoint/Hunting Queries/CiscoSEUncommonApplicationBehavior.yaml 24 33 1056 576 49 25 2022-06-16 2023-10-09 v-sabiraj@microsoft.com mrudula.oruganti@gigamon.com Solutions/Cisco Secure Endpoint/Hunting Queries/CiscoSEMaliciousFiles.yaml 28 96 1056 293 153 74 2022-06-16 2024-07-18 v-sabiraj@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Cisco Secure Endpoint/Hunting Queries/CiscoSESuspiciousPSDownloads.yaml 24 33 1056 576 49 25 2022-06-16 2023-10-09 v-sabiraj@microsoft.com mrudula.oruganti@gigamon.com Solutions/Cisco Secure Endpoint/Hunting Queries/CiscoSERareFilesScanned.yaml 25 34 1056 576 50 25 2022-06-16 2023-10-09 v-sabiraj@microsoft.com mrudula.oruganti@gigamon.com Solutions/Cisco Secure Endpoint/Hunting Queries/CiscoSEInfectedHosts.yaml 24 33 1056 576 49 25 2022-06-16 2023-10-09 v-sabiraj@microsoft.com mrudula.oruganti@gigamon.com Solutions/Cisco Secure Endpoint/Hunting Queries/CiscoSEVulnerableApplications.yaml 24 68 1056 293 104 60 2022-06-16 2024-07-18 v-sabiraj@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Cisco Secure Endpoint/Hunting Queries/CiscoSEInfectedUsers.yaml 24 33 1056 576 49 25 2022-06-16 2023-10-09 v-sabiraj@microsoft.com mrudula.oruganti@gigamon.com Solutions/Cisco Secure Endpoint/Parsers/CiscoSecureEndpoint.yaml 58 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Cisco Secure Endpoint/Analytic Rules/CiscoSEC2Connection.yaml 33 34 1056 576 50 25 2022-06-16 2023-10-09 v-sabiraj@microsoft.com mrudula.oruganti@gigamon.com Solutions/Cisco Secure Endpoint/Analytic Rules/CiscoSEGenIoC.yaml 33 34 1056 576 50 25 2022-06-16 2023-10-09 v-sabiraj@microsoft.com mrudula.oruganti@gigamon.com Solutions/Cisco Secure Endpoint/Analytic Rules/CiscoSERansomwareActivityOnHost copy.yaml 33 34 1056 576 50 25 2022-06-16 2023-10-09 v-sabiraj@microsoft.com mrudula.oruganti@gigamon.com Solutions/Cisco Secure Endpoint/Analytic Rules/CiscoSEMalwareExecution.yaml 33 34 1056 576 50 25 2022-06-16 2023-10-09 v-sabiraj@microsoft.com mrudula.oruganti@gigamon.com Solutions/Cisco Secure Endpoint/Analytic Rules/CiscoSEUnexpectedBinary.yaml 33 34 1056 576 50 25 2022-06-16 2023-10-09 v-sabiraj@microsoft.com mrudula.oruganti@gigamon.com Solutions/Cisco Secure Endpoint/Analytic Rules/CiscoSEMultipleMalwareOnHost.yaml 33 34 1056 576 50 25 2022-06-16 2023-10-09 v-sabiraj@microsoft.com mrudula.oruganti@gigamon.com Solutions/Cisco Secure Endpoint/Analytic Rules/CiscoEndpointHighAlert.yaml 42 49 1056 259 90 37 2022-06-16 2024-08-21 v-sabiraj@microsoft.com nilepagn@microsoft.com Solutions/Cisco Secure Endpoint/Analytic Rules/CiscoSEPolicyUpdateFailure.yaml 29 34 1056 576 50 25 2022-06-16 2023-10-09 v-sabiraj@microsoft.com mrudula.oruganti@gigamon.com Solutions/Cisco Secure Endpoint/Analytic Rules/CiscoSEDropperActivity.yaml 33 34 1056 576 50 25 2022-06-16 2023-10-09 v-sabiraj@microsoft.com mrudula.oruganti@gigamon.com Solutions/Cisco Secure Endpoint/Analytic Rules/CiscoSEWebshell.yaml 33 34 1056 576 50 25 2022-06-16 2023-10-09 v-sabiraj@microsoft.com mrudula.oruganti@gigamon.com Solutions/Cisco Secure Endpoint/Analytic Rules/CiscoSEMalwareOutbreak.yaml 33 34 1056 576 50 25 2022-06-16 2023-10-09 v-sabiraj@microsoft.com mrudula.oruganti@gigamon.com Solutions/Cisco Secure Endpoint/Data Connectors/AzureFunctionCiscoSecureEndpoint/main.py 151 54 1056 576 76 36 2022-06-16 2023-10-09 v-sabiraj@microsoft.com mrudula.oruganti@gigamon.com Solutions/Cisco Secure Endpoint/Data Connectors/AzureFunctionCiscoSecureEndpoint/state_manager.py 21 33 1056 576 49 25 2022-06-16 2023-10-09 v-sabiraj@microsoft.com mrudula.oruganti@gigamon.com Solutions/Cisco Secure Endpoint/Data Connectors/AzureFunctionCiscoSecureEndpoint/sentinel_connector.py 100 33 1056 576 49 25 2022-06-16 2023-10-09 v-sabiraj@microsoft.com mrudula.oruganti@gigamon.com Solutions/Azure Activity/Hunting Queries/Rare_Custom_Script_Extension.yaml 72 73 895 293 124 62 2022-11-24 2024-07-18 105694882+v-laanjana@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Azure Activity/Hunting Queries/Anomalous_Listing_Of_Storage_Keys.yaml 35 72 895 293 123 62 2022-11-24 2024-07-18 105694882+v-laanjana@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Azure Activity/Hunting Queries/Creating_Anomalous_Number_Of_Resources.yaml 29 45 895 293 65 43 2022-11-24 2024-07-18 105694882+v-laanjana@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Azure Activity/Hunting Queries/Granting_Permissions_to_Account.yaml 43 46 895 293 66 43 2022-11-24 2024-07-18 105694882+v-laanjana@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Azure Activity/Hunting Queries/AzureNSG_AdministrativeOperations.yaml 37 46 895 293 66 43 2022-11-24 2024-07-18 105694882+v-laanjana@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Azure Activity/Hunting Queries/AzureAdministrationFromVPS.yaml 38 45 895 293 65 43 2022-11-24 2024-07-18 105694882+v-laanjana@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Azure Activity/Hunting Queries/AzureSentinelConnectors_AdministrativeOperations.yaml 36 46 895 293 66 43 2022-11-24 2024-07-18 105694882+v-laanjana@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Azure Activity/Hunting Queries/Common_Deployed_Resources.yaml 44 71 895 293 122 62 2022-11-24 2024-07-18 105694882+v-laanjana@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Azure Activity/Hunting Queries/AnalyticsRulesAdministrativeOperations.yaml 37 66 895 261 107 56 2022-11-24 2024-08-19 105694882+v-laanjana@users.noreply.github.com v-prasadboke@microsoft.com Solutions/Azure Activity/Hunting Queries/AzureVirtualNetworkSubnets_AdministrativeOperationset.yaml 37 45 895 293 66 43 2022-11-24 2024-07-18 105694882+v-laanjana@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Azure Activity/Hunting Queries/AzureRunCommandFromAzureIP.yaml 49 50 895 293 77 48 2022-11-24 2024-07-18 105694882+v-laanjana@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Azure Activity/Hunting Queries/AzureSentinelWorkbooks_AdministrativeOperation.yaml 37 46 895 293 66 43 2022-11-24 2024-07-18 105694882+v-laanjana@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Azure Activity/Hunting Queries/AnomalousAzureOperationModel.yaml 121 54 895 293 94 48 2022-11-24 2024-07-18 105694882+v-laanjana@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Azure Activity/Hunting Queries/PortOpenedForAzureResource.yaml 51 46 895 293 66 43 2022-11-24 2024-07-18 105694882+v-laanjana@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Azure Activity/Hunting Queries/Machine_Learning_Creation.yaml 44 14 93 26 18 11 2025-02-03 2025-04-11 44847443+mgstate@users.noreply.github.com bartleyriley@gmail.com Solutions/Azure Activity/Analytic Rules/Creating_Anomalous_Number_Of_Resources_detection.yaml 64 85 895 268 144 62 2022-11-24 2024-08-12 105694882+v-laanjana@users.noreply.github.com 62938807+haim-na@users.noreply.github.com Solutions/Azure Activity/Analytic Rules/NRT-AADHybridHealthADFSNewServer.yaml 42 93 895 268 160 72 2022-11-24 2024-08-12 105694882+v-laanjana@users.noreply.github.com 62938807+haim-na@users.noreply.github.com Solutions/Azure Activity/Analytic Rules/NRT_Creation_of_Expensive_Computes_in_Azure.yaml 49 92 895 268 157 71 2022-11-24 2024-08-12 105694882+v-laanjana@users.noreply.github.com 62938807+haim-na@users.noreply.github.com Solutions/Azure Activity/Analytic Rules/AADHybridHealthADFSSuspApp.yaml 52 98 895 268 176 72 2022-11-24 2024-08-12 105694882+v-laanjana@users.noreply.github.com 62938807+haim-na@users.noreply.github.com Solutions/Azure Activity/Analytic Rules/New-CloudShell-User.yaml 49 74 895 268 114 62 2022-11-24 2024-08-12 105694882+v-laanjana@users.noreply.github.com 62938807+haim-na@users.noreply.github.com Solutions/Azure Activity/Analytic Rules/SubscriptionMigration.yaml 63 65 817 268 98 60 2023-02-10 2024-08-12 98336965+ccmsft@users.noreply.github.com 62938807+haim-na@users.noreply.github.com Solutions/Azure Activity/Analytic Rules/RareOperations.yaml 43 74 895 268 114 62 2022-11-24 2024-08-12 105694882+v-laanjana@users.noreply.github.com 62938807+haim-na@users.noreply.github.com Solutions/Azure Activity/Analytic Rules/NewResourceGroupsDeployedTo.yaml 38 92 895 268 153 66 2022-11-24 2024-08-12 105694882+v-laanjana@users.noreply.github.com 62938807+haim-na@users.noreply.github.com Solutions/Azure Activity/Analytic Rules/Creation_of_Expensive_Computes_in_Azure.yaml 53 97 895 268 169 71 2022-11-24 2024-08-12 105694882+v-laanjana@users.noreply.github.com 62938807+haim-na@users.noreply.github.com Solutions/Azure Activity/Analytic Rules/AADHybridHealthADFSServiceDelete.yaml 47 98 895 268 172 72 2022-11-24 2024-08-12 105694882+v-laanjana@users.noreply.github.com 62938807+haim-na@users.noreply.github.com Solutions/Azure Activity/Analytic Rules/AADHybridHealthADFSNewServer.yaml 46 98 895 268 172 72 2022-11-24 2024-08-12 105694882+v-laanjana@users.noreply.github.com 62938807+haim-na@users.noreply.github.com Solutions/Azure Activity/Analytic Rules/TimeSeriesAnomaly_Mass_Cloud_Resource_Deletions.yaml 59 91 895 268 152 66 2022-11-24 2024-08-12 105694882+v-laanjana@users.noreply.github.com 62938807+haim-na@users.noreply.github.com Solutions/Azure Activity/Analytic Rules/Granting_Permissions_To_Account_detection.yaml 65 72 895 268 113 56 2022-11-24 2024-08-12 105694882+v-laanjana@users.noreply.github.com 62938807+haim-na@users.noreply.github.com Solutions/Azure Activity/Analytic Rules/Machine_Learning_Creation.yaml 53 19 91 13 27 11 2025-02-05 2025-04-24 44847443+mgstate@users.noreply.github.com v-prasadboke@microsoft.com Solutions/AzureDevOpsAuditing/Hunting Queries/Project visibility changed to public.yaml 28 31 959 8 47 33 2022-09-21 2025-04-29 v-mchatla@microsoft.com v-atulyadav@microsoft.com Solutions/AzureDevOpsAuditing/Hunting Queries/ADOReleasePipelineCreated.yaml 51 57 959 8 95 48 2022-09-21 2025-04-29 v-mchatla@microsoft.com v-atulyadav@microsoft.com Solutions/AzureDevOpsAuditing/Hunting Queries/Addtional Org Admin Added.yaml 30 31 959 8 47 33 2022-09-21 2025-04-29 v-mchatla@microsoft.com v-atulyadav@microsoft.com Solutions/AzureDevOpsAuditing/Hunting Queries/ADOBuildCheckDeleted.yaml 27 83 959 8 151 65 2022-09-21 2025-04-29 v-mchatla@microsoft.com v-atulyadav@microsoft.com Solutions/AzureDevOpsAuditing/Hunting Queries/ADONewPackageFeedCreated.yaml 34 83 959 8 151 65 2022-09-21 2025-04-29 v-mchatla@microsoft.com v-atulyadav@microsoft.com Solutions/AzureDevOpsAuditing/Hunting Queries/Guest users access enabled.yaml 29 31 959 8 47 33 2022-09-21 2025-04-29 v-mchatla@microsoft.com v-atulyadav@microsoft.com Solutions/AzureDevOpsAuditing/Hunting Queries/AzDOPrPolicyBypassers.yaml 25 31 959 8 47 33 2022-09-21 2025-04-29 v-mchatla@microsoft.com v-atulyadav@microsoft.com Solutions/AzureDevOpsAuditing/Hunting Queries/ADOBuildDeletedAfterPipelineMod.yaml 19 56 959 8 93 48 2022-09-21 2025-04-29 v-mchatla@microsoft.com v-atulyadav@microsoft.com Solutions/AzureDevOpsAuditing/Hunting Queries/EntraID Conditional Access Disabled.yaml 29 34 543 8 70 33 2023-11-11 2025-04-29 v-prasadboke@microsoft.com v-atulyadav@microsoft.com Solutions/AzureDevOpsAuditing/Hunting Queries/AzDODisplayNameSwapping.yaml 25 31 959 8 47 33 2022-09-21 2025-04-29 v-mchatla@microsoft.com v-atulyadav@microsoft.com Solutions/AzureDevOpsAuditing/Hunting Queries/Public project created.yaml 28 31 959 8 47 33 2022-09-21 2025-04-29 v-mchatla@microsoft.com v-atulyadav@microsoft.com Solutions/AzureDevOpsAuditing/Hunting Queries/ADOVariableCreatedDeleted.yaml 37 57 959 8 94 48 2022-09-21 2025-04-29 v-mchatla@microsoft.com v-atulyadav@microsoft.com Solutions/AzureDevOpsAuditing/Hunting Queries/ADONewReleaseApprover.yaml 42 56 959 8 93 48 2022-09-21 2025-04-29 v-mchatla@microsoft.com v-atulyadav@microsoft.com Solutions/AzureDevOpsAuditing/Hunting Queries/ADONewAgentPoolCreated.yaml 6 56 959 8 93 48 2022-09-21 2025-04-29 v-mchatla@microsoft.com v-atulyadav@microsoft.com Solutions/AzureDevOpsAuditing/Hunting Queries/ADOInternalUpstreamPacakgeFeedAdded.yaml 67 83 959 8 151 65 2022-09-21 2025-04-29 v-mchatla@microsoft.com v-atulyadav@microsoft.com Solutions/AzureDevOpsAuditing/Hunting Queries/ADONewPATOperation.yaml 33 56 959 8 94 48 2022-09-21 2025-04-29 v-mchatla@microsoft.com v-atulyadav@microsoft.com Solutions/AzureDevOpsAuditing/Hunting Queries/Public Projects enabled.yaml 29 31 959 8 47 33 2022-09-21 2025-04-29 v-mchatla@microsoft.com v-atulyadav@microsoft.com Solutions/AzureDevOpsAuditing/Parsers/ADOAuditLogs.yaml 17 6 29 8 12 5 2025-04-08 2025-04-29 r.greatlove@gmail.com v-atulyadav@microsoft.com Solutions/AzureDevOpsAuditing/Analytic Rules/ADOMaliciousToolingDetections1.yaml 36 65 539 8 127 43 2023-11-15 2025-04-29 zanecop@github.com v-atulyadav@microsoft.com Solutions/AzureDevOpsAuditing/Analytic Rules/ExternalUpstreamSourceAddedtoAzureDevOpsFeed.yaml 55 75 959 8 134 61 2022-09-21 2025-04-29 v-mchatla@microsoft.com v-atulyadav@microsoft.com Solutions/AzureDevOpsAuditing/Analytic Rules/ADOSecretNotSecured.yaml 44 75 959 8 134 62 2022-09-21 2025-04-29 v-mchatla@microsoft.com v-atulyadav@microsoft.com Solutions/AzureDevOpsAuditing/Analytic Rules/ADOVariableModifiedByNewUser.yaml 53 97 959 8 187 73 2022-09-21 2025-04-29 v-mchatla@microsoft.com v-atulyadav@microsoft.com Solutions/AzureDevOpsAuditing/Analytic Rules/ADOPATUsedWithBrowser.yaml 38 96 959 8 202 75 2022-09-21 2025-04-29 v-mchatla@microsoft.com v-atulyadav@microsoft.com Solutions/AzureDevOpsAuditing/Analytic Rules/AzDOHistoricServiceConnectionAdds.yaml 67 103 959 8 180 73 2022-09-21 2025-04-29 v-mchatla@microsoft.com v-atulyadav@microsoft.com Solutions/AzureDevOpsAuditing/Analytic Rules/NRT_ADOAuditStreamDisabled.yaml 33 89 959 8 158 64 2022-09-21 2025-04-29 v-mchatla@microsoft.com v-atulyadav@microsoft.com Solutions/AzureDevOpsAuditing/Analytic Rules/AzDOAdminGroupAdditions.yaml 47 89 959 8 157 71 2022-09-21 2025-04-29 v-mchatla@microsoft.com v-atulyadav@microsoft.com Solutions/AzureDevOpsAuditing/Analytic Rules/AzDOPipelineCreatedDeletedOneDay.yaml 69 89 959 8 159 64 2022-09-21 2025-04-29 v-mchatla@microsoft.com v-atulyadav@microsoft.com Solutions/AzureDevOpsAuditing/Analytic Rules/ADOAuditStreamDisabled.yaml 37 89 959 8 158 65 2022-09-21 2025-04-29 v-mchatla@microsoft.com v-atulyadav@microsoft.com Solutions/AzureDevOpsAuditing/Analytic Rules/ADOPipelineModifiedbyNewUser.yaml 65 107 959 8 207 75 2022-09-21 2025-04-29 v-mchatla@microsoft.com v-atulyadav@microsoft.com Solutions/AzureDevOpsAuditing/Analytic Rules/AzDOPatSessionMisuse.yaml 50 89 959 8 156 70 2022-09-21 2025-04-29 v-mchatla@microsoft.com v-atulyadav@microsoft.com Solutions/AzureDevOpsAuditing/Analytic Rules/NewPAPCAPCASaddedtoADO.yaml 54 100 959 8 179 67 2022-09-21 2025-04-29 v-mchatla@microsoft.com v-atulyadav@microsoft.com Solutions/AzureDevOpsAuditing/Analytic Rules/ADOAgentPoolCreatedDeleted.yaml 57 89 959 8 158 65 2022-09-21 2025-04-29 v-mchatla@microsoft.com v-atulyadav@microsoft.com Solutions/AzureDevOpsAuditing/Analytic Rules/AzDOHistoricPrPolicyBypassing.yaml 52 107 959 8 190 77 2022-09-21 2025-04-29 v-mchatla@microsoft.com v-atulyadav@microsoft.com Solutions/AzureDevOpsAuditing/Analytic Rules/NewAgentAddedToPoolbyNewUserorofNewOS.yaml 72 97 959 8 188 72 2022-09-21 2025-04-29 v-mchatla@microsoft.com v-atulyadav@microsoft.com Solutions/AzureDevOpsAuditing/Analytic Rules/AzDOServiceConnectionUsage.yaml 38 108 959 8 180 75 2022-09-21 2025-04-29 v-mchatla@microsoft.com v-atulyadav@microsoft.com Solutions/AzureDevOpsAuditing/Analytic Rules/ADORetentionReduced.yaml 39 75 959 8 134 62 2022-09-21 2025-04-29 v-mchatla@microsoft.com v-atulyadav@microsoft.com Solutions/AzureDevOpsAuditing/Analytic Rules/ADONewExtensionAdded.yaml 41 75 959 8 134 62 2022-09-21 2025-04-29 v-mchatla@microsoft.com v-atulyadav@microsoft.com Solutions/AzureSecurityBenchmark/Analytic Rules/AzureSecurityBenchmarkPostureChanged.yaml 38 49 1115 261 73 38 2022-04-18 2024-08-19 54327442+thbanasi@users.noreply.github.com v-prasadboke@microsoft.com Solutions/ForescoutHostPropertyMonitor/Analytic Rules/ForeScout-DNSSniffEventMonitor.yaml 35 73 981 13 101 54 2022-08-30 2025-04-24 62399390+fs-connect@users.noreply.github.com v-prasadboke@microsoft.com Solutions/Neustar IP GeoPoint/Playbooks/NeustarIPGeoPoint_FunctionAppConnector/GetIPGeoInfo/__init__.py 71 30 985 576 52 30 2022-08-26 2023-10-09 r.greatlove@gmail.com mrudula.oruganti@gigamon.com Solutions/Jamf Protect/Parsers/JamfProtectNetworkTraffic.yaml 61 7 34 13 9 4 2025-04-03 2025-04-24 thijsxhaflaire31@hotmail.com v-prasadboke@microsoft.com Solutions/Jamf Protect/Parsers/JamfProtectUnifiedLogs.yaml 11 7 34 13 9 4 2025-04-03 2025-04-24 thijsxhaflaire31@hotmail.com v-prasadboke@microsoft.com Solutions/Jamf Protect/Parsers/JamfProtectTelemetry.yaml 740 7 34 13 9 4 2025-04-03 2025-04-24 thijsxhaflaire31@hotmail.com v-prasadboke@microsoft.com Solutions/Jamf Protect/Parsers/JamfProtectAlerts.yaml 20 7 34 13 9 4 2025-04-03 2025-04-24 thijsxhaflaire31@hotmail.com v-prasadboke@microsoft.com Solutions/Jamf Protect/Parsers/JamfProtectThreatEvents.yaml 65 7 34 13 9 4 2025-04-03 2025-04-24 thijsxhaflaire31@hotmail.com v-prasadboke@microsoft.com Solutions/Jamf Protect/Analytic Rules/JamfProtectNetworkThreats.yaml 4 98 817 13 180 67 2023-02-10 2025-04-24 thijsxhaflaire31@hotmail.com v-prasadboke@microsoft.com Solutions/Jamf Protect/Analytic Rules/JamfProtectUnifiedLogs.yaml 52 78 817 13 127 57 2023-02-10 2025-04-24 thijsxhaflaire31@hotmail.com v-prasadboke@microsoft.com Solutions/Jamf Protect/Analytic Rules/JamfProtectAlerts.yaml 81 97 817 13 176 65 2023-02-10 2025-04-24 thijsxhaflaire31@hotmail.com v-prasadboke@microsoft.com Solutions/Microsoft Defender for Office 365/Playbooks/CustomConnector/O365_Defender_FunctionAppConnector/BlockMalwareFileExtension/run.ps1 43 28 687 293 60 40 2023-06-20 2024-07-18 95091844+benedictschmieder@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Microsoft Defender for Office 365/Playbooks/CustomConnector/O365_Defender_FunctionAppConnector/requirements.psd1 9 28 687 293 60 40 2023-06-20 2024-07-18 95091844+benedictschmieder@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Microsoft Defender for Office 365/Playbooks/CustomConnector/O365_Defender_FunctionAppConnector/UpdateAllowBlockList/run.ps1 55 28 687 293 60 40 2023-06-20 2024-07-18 95091844+benedictschmieder@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Microsoft Defender for Office 365/Playbooks/CustomConnector/O365_Defender_FunctionAppConnector/DisconnectExchangeOnline/run.ps1 37 28 687 293 60 40 2023-06-20 2024-07-18 95091844+benedictschmieder@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Microsoft Defender for Office 365/Playbooks/CustomConnector/O365_Defender_FunctionAppConnector/GetInboxRule/run.ps1 37 26 588 293 54 27 2023-09-27 2024-07-18 jp@bluecycle.net 164491672+shishirdw@users.noreply.github.com Solutions/Microsoft Defender for Office 365/Playbooks/CustomConnector/O365_Defender_FunctionAppConnector/ListMalwarePolicy/run.ps1 43 28 687 293 60 40 2023-06-20 2024-07-18 95091844+benedictschmieder@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Microsoft Defender for Office 365/Playbooks/CustomConnector/O365_Defender_FunctionAppConnector/RemoveInboxRule/run.ps1 38 26 588 293 54 27 2023-09-27 2024-07-18 jp@bluecycle.net 164491672+shishirdw@users.noreply.github.com Solutions/Microsoft Defender for Office 365/Playbooks/CustomConnector/O365_Defender_FunctionAppConnector/RemoveAllowBlockListItems/run.ps1 42 28 687 293 60 40 2023-06-20 2024-07-18 95091844+benedictschmieder@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Microsoft Defender for Office 365/Playbooks/CustomConnector/O365_Defender_FunctionAppConnector/CreateAllowBlockList/run.ps1 55 28 687 293 60 40 2023-06-20 2024-07-18 95091844+benedictschmieder@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Microsoft Defender for Office 365/Playbooks/CustomConnector/O365_Defender_FunctionAppConnector/ListSpamPolicy/run.ps1 43 28 687 293 60 40 2023-06-20 2024-07-18 95091844+benedictschmieder@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Microsoft Defender for Office 365/Playbooks/CustomConnector/O365_Defender_FunctionAppConnector/CreateSpamRule/run.ps1 67 28 687 293 60 40 2023-06-20 2024-07-18 95091844+benedictschmieder@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Microsoft Defender for Office 365/Playbooks/CustomConnector/O365_Defender_FunctionAppConnector/profile.ps1 19 28 687 293 60 40 2023-06-20 2024-07-18 95091844+benedictschmieder@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Microsoft Defender for Office 365/Playbooks/CustomConnector/O365_Defender_FunctionAppConnector/TenantAllowBlockList/run.ps1 39 28 687 293 60 40 2023-06-20 2024-07-18 95091844+benedictschmieder@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Microsoft Defender for Office 365/Playbooks/CustomConnector/O365_Defender_FunctionAppConnector/ConnectExchangeOnline/run.ps1 36 28 687 293 60 40 2023-06-20 2024-07-18 95091844+benedictschmieder@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Microsoft Defender for Office 365/Playbooks/CustomConnector/O365_Defender_FunctionAppConnector/CreateSpamPolicy/run.ps1 42 28 687 293 60 40 2023-06-20 2024-07-18 95091844+benedictschmieder@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/SAP/template/loggingconfig_PRD.yaml 195 48 1458 576 65 43 2021-05-10 2023-10-09 45784009+liemilyg@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/SAP/template/loggingconfig_DEV.yaml 195 48 1458 576 65 43 2021-05-10 2023-10-09 45784009+liemilyg@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/AWSAthena/Playbooks/CustomConnector/AWSAthena_FunctionAppConnector/GetQueryResults/__init__.py 78 29 905 576 33 21 2022-11-14 2023-10-09 r.greatlove@gmail.com mrudula.oruganti@gigamon.com Solutions/AWSAthena/Playbooks/CustomConnector/AWSAthena_FunctionAppConnector/ListDatabases/__init__.py 68 29 905 576 33 21 2022-11-14 2023-10-09 r.greatlove@gmail.com mrudula.oruganti@gigamon.com Solutions/AWSAthena/Playbooks/CustomConnector/AWSAthena_FunctionAppConnector/StartQueryExecution/__init__.py 77 29 905 576 33 21 2022-11-14 2023-10-09 r.greatlove@gmail.com mrudula.oruganti@gigamon.com Solutions/AWSAthena/Playbooks/CustomConnector/AWSAthena_FunctionAppConnector/ListDataCatalogs/__init__.py 47 29 905 576 33 21 2022-11-14 2023-10-09 r.greatlove@gmail.com mrudula.oruganti@gigamon.com Solutions/AWSAthena/Playbooks/CustomConnector/AWSAthena_FunctionAppConnector/GetQueryExecution/__init__.py 61 29 905 576 33 21 2022-11-14 2023-10-09 r.greatlove@gmail.com mrudula.oruganti@gigamon.com Solutions/AWSAthena/Playbooks/CustomConnector/AWSAthena_FunctionAppConnector/ListQueryExecutions/__init__.py 47 29 905 576 33 21 2022-11-14 2023-10-09 r.greatlove@gmail.com mrudula.oruganti@gigamon.com Solutions/Illumio Core/Parsers/IllumioCoreEvent.yaml 194 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/BitSight/Parsers/BitSightBreaches.yaml 45 51 624 261 97 40 2023-08-22 2024-08-19 mkchiliveri@gmail.com v-prasadboke@microsoft.com Solutions/BitSight/Parsers/BitSightFindingsSummary.yaml 43 51 624 261 97 40 2023-08-22 2024-08-19 mkchiliveri@gmail.com v-prasadboke@microsoft.com Solutions/BitSight/Parsers/BitSightObservationStatistics.yaml 31 51 624 261 97 40 2023-08-22 2024-08-19 mkchiliveri@gmail.com v-prasadboke@microsoft.com Solutions/BitSight/Parsers/BitSightDiligenceHistoricalStatistics.yaml 29 51 624 261 97 40 2023-08-22 2024-08-19 mkchiliveri@gmail.com v-prasadboke@microsoft.com Solutions/BitSight/Parsers/BitSightCompanyRatings.yaml 43 51 624 261 97 40 2023-08-22 2024-08-19 mkchiliveri@gmail.com v-prasadboke@microsoft.com Solutions/BitSight/Parsers/BitSightCompanyDetails.yaml 115 51 624 261 97 40 2023-08-22 2024-08-19 mkchiliveri@gmail.com v-prasadboke@microsoft.com Solutions/BitSight/Parsers/BitSightIndustrialStatistics.yaml 31 51 624 261 97 40 2023-08-22 2024-08-19 mkchiliveri@gmail.com v-prasadboke@microsoft.com Solutions/BitSight/Parsers/BitSightAlerts.yaml 43 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/BitSight/Parsers/BitSightDiligenceStatistics.yaml 47 51 624 261 97 40 2023-08-22 2024-08-19 mkchiliveri@gmail.com v-prasadboke@microsoft.com Solutions/BitSight/Parsers/BitSightFindingsData.yaml 73 51 624 261 97 40 2023-08-22 2024-08-19 mkchiliveri@gmail.com v-prasadboke@microsoft.com Solutions/BitSight/Parsers/BitSightGraphData.yaml 29 51 624 261 97 40 2023-08-22 2024-08-19 mkchiliveri@gmail.com v-prasadboke@microsoft.com Solutions/BitSight/Analytic Rules/BitSightDropInCompanyRatings.yaml 39 50 781 259 102 39 2023-03-18 2024-08-21 jayesh.prajapati@cdsys.local nilepagn@microsoft.com Solutions/BitSight/Analytic Rules/BitSightDiligenceRiskCategoryDetected.yaml 48 47 781 259 97 39 2023-03-18 2024-08-21 jayesh.prajapati@cdsys.local nilepagn@microsoft.com Solutions/BitSight/Analytic Rules/BitSightDropInHeadlineRating.yaml 38 50 781 259 102 39 2023-03-18 2024-08-21 jayesh.prajapati@cdsys.local nilepagn@microsoft.com Solutions/BitSight/Analytic Rules/BitSightCompromisedSystemsDetected.yaml 46 47 781 259 97 39 2023-03-18 2024-08-21 jayesh.prajapati@cdsys.local nilepagn@microsoft.com Solutions/BitSight/Analytic Rules/BitSightNewAlertFound.yaml 45 47 781 259 98 40 2023-03-18 2024-08-21 jayesh.prajapati@cdsys.local nilepagn@microsoft.com Solutions/BitSight/Analytic Rules/BitSightNewBreachFound.yaml 45 47 781 259 98 40 2023-03-18 2024-08-21 jayesh.prajapati@cdsys.local nilepagn@microsoft.com Solutions/BitSight/Data Connectors/BitSightDataConnector/PortFolioCompanies/__init__.py 19 27 481 268 37 23 2024-01-12 2024-08-12 jayesh.prajapati@cdsys.local 62938807+haim-na@users.noreply.github.com Solutions/BitSight/Data Connectors/BitSightDataConnector/PortFolioCompanies/bitsight_portfolio.py 134 51 481 58 64 31 2024-01-12 2025-03-10 jayesh.prajapati@cdsys.local idoshabi@microsoft.com Solutions/BitSight/Data Connectors/BitSightDataConnector/BreachesDetails/__init__.py 29 53 807 268 88 44 2023-02-20 2024-08-12 jayesh.prajapati@cdsys.local 62938807+haim-na@users.noreply.github.com Solutions/BitSight/Data Connectors/BitSightDataConnector/BreachesDetails/bitsight_breaches.py 189 78 807 58 116 52 2023-02-20 2025-03-10 jayesh.prajapati@cdsys.local idoshabi@microsoft.com Solutions/BitSight/Data Connectors/BitSightDataConnector/FindingsDetails/__init__.py 14 53 807 268 88 44 2023-02-20 2024-08-12 jayesh.prajapati@cdsys.local 62938807+haim-na@users.noreply.github.com Solutions/BitSight/Data Connectors/BitSightDataConnector/FindingsDetails/bitsight_findings.py 247 77 807 58 115 52 2023-02-20 2025-03-10 jayesh.prajapati@cdsys.local idoshabi@microsoft.com Solutions/BitSight/Data Connectors/BitSightDataConnector/FindingsSummaryDetails/bitsight_findings_summary.py 226 78 807 58 116 52 2023-02-20 2025-03-10 jayesh.prajapati@cdsys.local idoshabi@microsoft.com Solutions/BitSight/Data Connectors/BitSightDataConnector/FindingsSummaryDetails/__init__.py 27 53 807 268 88 44 2023-02-20 2024-08-12 jayesh.prajapati@cdsys.local 62938807+haim-na@users.noreply.github.com Solutions/BitSight/Data Connectors/BitSightDataConnector/SharedCode/__init__.py 1 29 807 293 54 28 2023-02-20 2024-07-18 jayesh.prajapati@cdsys.local 164491672+shishirdw@users.noreply.github.com Solutions/BitSight/Data Connectors/BitSightDataConnector/SharedCode/azure_sentinel.py 85 53 807 268 88 44 2023-02-20 2024-08-12 jayesh.prajapati@cdsys.local 62938807+haim-na@users.noreply.github.com Solutions/BitSight/Data Connectors/BitSightDataConnector/SharedCode/get_logs_data.py 61 52 481 58 65 32 2024-01-12 2025-03-10 jayesh.prajapati@cdsys.local idoshabi@microsoft.com Solutions/BitSight/Data Connectors/BitSightDataConnector/SharedCode/state_manager.py 18 29 807 293 54 28 2023-02-20 2024-07-18 jayesh.prajapati@cdsys.local 164491672+shishirdw@users.noreply.github.com Solutions/BitSight/Data Connectors/BitSightDataConnector/SharedCode/utils.py 201 53 481 58 66 32 2024-01-12 2025-03-10 jayesh.prajapati@cdsys.local idoshabi@microsoft.com Solutions/BitSight/Data Connectors/BitSightDataConnector/SharedCode/consts.py 59 52 481 58 65 32 2024-01-12 2025-03-10 jayesh.prajapati@cdsys.local idoshabi@microsoft.com Solutions/BitSight/Data Connectors/BitSightDataConnector/SharedCode/bitsight_client.py 153 57 481 58 86 39 2024-01-12 2025-03-10 jayesh.prajapati@cdsys.local idoshabi@microsoft.com Solutions/BitSight/Data Connectors/BitSightDataConnector/SharedCode/bitsight_exception.py 3 29 807 293 54 28 2023-02-20 2024-07-18 jayesh.prajapati@cdsys.local 164491672+shishirdw@users.noreply.github.com Solutions/BitSight/Data Connectors/BitSightDataConnector/SharedCode/logger.py 22 29 807 293 54 28 2023-02-20 2024-07-18 jayesh.prajapati@cdsys.local 164491672+shishirdw@users.noreply.github.com Solutions/BitSight/Data Connectors/BitSightDataConnector/CompaniesDetails/__init__.py 29 53 807 268 88 44 2023-02-20 2024-08-12 jayesh.prajapati@cdsys.local 62938807+haim-na@users.noreply.github.com Solutions/BitSight/Data Connectors/BitSightDataConnector/CompaniesDetails/bitsight_companies.py 248 77 807 58 115 52 2023-02-20 2025-03-10 jayesh.prajapati@cdsys.local idoshabi@microsoft.com Solutions/BitSight/Data Connectors/BitSightDataConnector/AlertsGraphStatisticsDetails/__init__.py 29 53 807 268 88 44 2023-02-20 2024-08-12 jayesh.prajapati@cdsys.local 62938807+haim-na@users.noreply.github.com Solutions/BitSight/Data Connectors/BitSightDataConnector/AlertsGraphStatisticsDetails/bitsight_statistics.py 473 57 481 58 81 38 2024-01-12 2025-03-10 jayesh.prajapati@cdsys.local idoshabi@microsoft.com Solutions/MaturityModelForEventLogManagementM2131/Hunting Queries/M2131RecommendedDatatableNotLoggedEL3.yaml 90 50 1260 576 92 50 2021-11-24 2023-10-09 54327442+thbanasi@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/MaturityModelForEventLogManagementM2131/Hunting Queries/M2131RecommendedDatatableNotLoggedEL2.yaml 90 50 1260 576 91 50 2021-11-24 2023-10-09 54327442+thbanasi@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/MaturityModelForEventLogManagementM2131/Hunting Queries/M2131RecommendedDatatableNotLoggedEL1.yaml 90 50 1260 576 91 50 2021-11-24 2023-10-09 54327442+thbanasi@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/MaturityModelForEventLogManagementM2131/Hunting Queries/M2131RecommendedDatatableNotLoggedEL0.yaml 90 50 1260 576 91 50 2021-11-24 2023-10-09 54327442+thbanasi@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/MaturityModelForEventLogManagementM2131/Analytic Rules/M2131EventLogManagementPostureChangedEL1.yaml 40 67 1260 576 118 59 2021-11-24 2023-10-09 54327442+thbanasi@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/MaturityModelForEventLogManagementM2131/Analytic Rules/M2131EventLogManagementPostureChangedEL3.yaml 40 67 1260 576 118 59 2021-11-24 2023-10-09 54327442+thbanasi@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/MaturityModelForEventLogManagementM2131/Analytic Rules/M2131AssetStoppedLogging.yaml 34 66 1260 576 116 59 2021-11-24 2023-10-09 54327442+thbanasi@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/MaturityModelForEventLogManagementM2131/Analytic Rules/M2131DataConnectorAddedChangedRemoved.yaml 29 66 1260 576 116 59 2021-11-24 2023-10-09 54327442+thbanasi@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/MaturityModelForEventLogManagementM2131/Analytic Rules/M2131LogRetentionLessThan1Year.yaml 37 66 1260 576 117 59 2021-11-24 2023-10-09 54327442+thbanasi@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/MaturityModelForEventLogManagementM2131/Analytic Rules/M2131EventLogManagementPostureChangedEL2.yaml 40 67 1260 576 118 59 2021-11-24 2023-10-09 54327442+thbanasi@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/MaturityModelForEventLogManagementM2131/Analytic Rules/M2131RecommendedDatatableUnhealthy.yaml 90 68 1260 576 121 63 2021-11-24 2023-10-09 54327442+thbanasi@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/MaturityModelForEventLogManagementM2131/Analytic Rules/M2131EventLogManagementPostureChangedEL0.yaml 40 67 1260 576 118 59 2021-11-24 2023-10-09 54327442+thbanasi@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Vectra XDR/Parsers/VectraLockdown.yaml 36 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Vectra XDR/Parsers/VectraDetections.yaml 71 50 624 106 89 40 2023-08-22 2025-01-21 mkchiliveri@gmail.com 128674128+v1managedservices@users.noreply.github.com Solutions/Vectra XDR/Parsers/VectraEntityScoring.yaml 59 50 624 106 89 40 2023-08-22 2025-01-21 mkchiliveri@gmail.com 128674128+v1managedservices@users.noreply.github.com Solutions/Vectra XDR/Parsers/VectraHealth.yaml 51 50 624 106 89 40 2023-08-22 2025-01-21 mkchiliveri@gmail.com 128674128+v1managedservices@users.noreply.github.com Solutions/Vectra XDR/Parsers/VectraAudits.yaml 48 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Vectra XDR/Analytic Rules/Detection_Account.yaml 61 16 279 106 20 16 2024-08-01 2025-01-21 nirali.shah@crestdatasys.com 128674128+v1managedservices@users.noreply.github.com Solutions/Vectra XDR/Analytic Rules/Detection_Host.yaml 61 16 279 106 20 16 2024-08-01 2025-01-21 nirali.shah@crestdatasys.com 128674128+v1managedservices@users.noreply.github.com Solutions/Vectra XDR/Analytic Rules/Create_Incident_Based_On_Tag_For_Host_Entity.yaml 56 16 279 106 20 16 2024-08-01 2025-01-21 nirali.shah@crestdatasys.com 128674128+v1managedservices@users.noreply.github.com Solutions/Vectra XDR/Analytic Rules/Create_Incident_Based_On_Tag_For_Account_Entity.yaml 53 16 279 106 20 16 2024-08-01 2025-01-21 nirali.shah@crestdatasys.com 128674128+v1managedservices@users.noreply.github.com Solutions/Vectra XDR/Analytic Rules/Priority_Account.yaml 52 16 279 106 20 16 2024-08-01 2025-01-21 nirali.shah@crestdatasys.com 128674128+v1managedservices@users.noreply.github.com Solutions/Vectra XDR/Analytic Rules/Priority_Host.yaml 52 16 279 106 20 16 2024-08-01 2025-01-21 nirali.shah@crestdatasys.com 128674128+v1managedservices@users.noreply.github.com Solutions/Vectra XDR/Data Connectors/VectraDataConnector/AccountEntities/__init__.py 57 16 279 106 20 16 2024-08-01 2025-01-21 nirali.shah@crestdatasys.com 128674128+v1managedservices@users.noreply.github.com Solutions/Vectra XDR/Data Connectors/VectraDataConnector/AccountEntities/account_entity_collector.py 47 16 279 106 20 16 2024-08-01 2025-01-21 nirali.shah@crestdatasys.com 128674128+v1managedservices@users.noreply.github.com Solutions/Vectra XDR/Data Connectors/VectraDataConnector/Detections/detections_collector.py 19 56 671 106 80 45 2023-07-06 2025-01-21 dhruvil.bhatt@crestdatasys.com 128674128+v1managedservices@users.noreply.github.com Solutions/Vectra XDR/Data Connectors/VectraDataConnector/Detections/__init__.py 75 41 671 293 61 33 2023-07-06 2024-07-18 dhruvil.bhatt@crestdatasys.com 164491672+shishirdw@users.noreply.github.com Solutions/Vectra XDR/Data Connectors/VectraDataConnector/HostEntities/__init__.py 57 16 279 106 20 16 2024-08-01 2025-01-21 nirali.shah@crestdatasys.com 128674128+v1managedservices@users.noreply.github.com Solutions/Vectra XDR/Data Connectors/VectraDataConnector/HostEntities/host_entity_collector.py 46 16 279 106 20 16 2024-08-01 2025-01-21 nirali.shah@crestdatasys.com 128674128+v1managedservices@users.noreply.github.com Solutions/Vectra XDR/Data Connectors/VectraDataConnector/SharedCode/keyvault_secrets_management.py 32 17 279 106 21 16 2024-08-01 2025-01-21 nirali.shah@crestdatasys.com 128674128+v1managedservices@users.noreply.github.com Solutions/Vectra XDR/Data Connectors/VectraDataConnector/SharedCode/__init__.py 1 40 671 293 60 33 2023-07-06 2024-07-18 dhruvil.bhatt@crestdatasys.com 164491672+shishirdw@users.noreply.github.com Solutions/Vectra XDR/Data Connectors/VectraDataConnector/SharedCode/azure_sentinel.py 83 40 671 293 60 33 2023-07-06 2024-07-18 dhruvil.bhatt@crestdatasys.com 164491672+shishirdw@users.noreply.github.com Solutions/Vectra XDR/Data Connectors/VectraDataConnector/SharedCode/state_manager.py 22 40 671 293 60 33 2023-07-06 2024-07-18 dhruvil.bhatt@crestdatasys.com 164491672+shishirdw@users.noreply.github.com Solutions/Vectra XDR/Data Connectors/VectraDataConnector/SharedCode/consts.py 65 74 671 106 133 52 2023-07-06 2025-01-21 dhruvil.bhatt@crestdatasys.com 128674128+v1managedservices@users.noreply.github.com Solutions/Vectra XDR/Data Connectors/VectraDataConnector/SharedCode/collector.py 1099 76 671 106 135 52 2023-07-06 2025-01-21 dhruvil.bhatt@crestdatasys.com 128674128+v1managedservices@users.noreply.github.com Solutions/Vectra XDR/Data Connectors/VectraDataConnector/SharedCode/logger.py 12 40 671 293 60 33 2023-07-06 2024-07-18 dhruvil.bhatt@crestdatasys.com 164491672+shishirdw@users.noreply.github.com Solutions/Vectra XDR/Data Connectors/VectraDataConnector/Audits/__init__.py 74 41 671 293 61 33 2023-07-06 2024-07-18 dhruvil.bhatt@crestdatasys.com 164491672+shishirdw@users.noreply.github.com Solutions/Vectra XDR/Data Connectors/VectraDataConnector/Audits/audits_collector.py 17 56 671 106 80 45 2023-07-06 2025-01-21 dhruvil.bhatt@crestdatasys.com 128674128+v1managedservices@users.noreply.github.com Solutions/Vectra XDR/Data Connectors/VectraDataConnector/Health/__init__.py 74 40 671 293 60 33 2023-07-06 2024-07-18 dhruvil.bhatt@crestdatasys.com 164491672+shishirdw@users.noreply.github.com Solutions/Vectra XDR/Data Connectors/VectraDataConnector/Health/health_collector.py 20 56 671 106 80 45 2023-07-06 2025-01-21 dhruvil.bhatt@crestdatasys.com 128674128+v1managedservices@users.noreply.github.com Solutions/Vectra XDR/Data Connectors/VectraDataConnector/Lockdown/__init__.py 76 41 671 293 61 33 2023-07-06 2024-07-18 dhruvil.bhatt@crestdatasys.com 164491672+shishirdw@users.noreply.github.com Solutions/Vectra XDR/Data Connectors/VectraDataConnector/Lockdown/lockdown_collector.py 20 56 671 106 80 45 2023-07-06 2025-01-21 dhruvil.bhatt@crestdatasys.com 128674128+v1managedservices@users.noreply.github.com Solutions/Vectra XDR/Data Connectors/VectraDataConnector/EntityScoring/__init__.py 79 41 671 293 61 33 2023-07-06 2024-07-18 dhruvil.bhatt@crestdatasys.com 164491672+shishirdw@users.noreply.github.com Solutions/Vectra XDR/Data Connectors/VectraDataConnector/EntityScoring/entity_scoring_collector.py 48 56 671 106 80 45 2023-07-06 2025-01-21 dhruvil.bhatt@crestdatasys.com 128674128+v1managedservices@users.noreply.github.com Solutions/Alsid For AD/Parsers/afad_parser.yaml 113 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Alsid For AD/Analytic Rules/PasswordGuessing.yaml 31 46 1099 293 80 42 2022-05-04 2024-07-18 101796244+v-spadarthi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Alsid For AD/Analytic Rules/IndicatorsOfExposures.yaml 39 46 1099 293 77 42 2022-05-04 2024-07-18 101796244+v-spadarthi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Alsid For AD/Analytic Rules/ADAttacksPathways.yaml 40 48 1099 293 80 42 2022-05-04 2024-07-18 101796244+v-spadarthi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Alsid For AD/Analytic Rules/PrivilegedAccountIssues.yaml 40 46 1099 293 78 42 2022-05-04 2024-07-18 101796244+v-spadarthi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Alsid For AD/Analytic Rules/PasswordSpraying.yaml 31 47 1099 293 81 42 2022-05-04 2024-07-18 101796244+v-spadarthi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Alsid For AD/Analytic Rules/GoldenTicket.yaml 31 46 1099 293 79 42 2022-05-04 2024-07-18 101796244+v-spadarthi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Alsid For AD/Analytic Rules/UserAccountIssues.yaml 40 46 1099 293 78 42 2022-05-04 2024-07-18 101796244+v-spadarthi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Alsid For AD/Analytic Rules/LSASSMemory.yaml 31 46 1099 293 79 42 2022-05-04 2024-07-18 101796244+v-spadarthi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Alsid For AD/Analytic Rules/DCShadow.yaml 31 46 1099 293 80 42 2022-05-04 2024-07-18 101796244+v-spadarthi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Alsid For AD/Analytic Rules/DCSync.yaml 31 46 1099 293 79 42 2022-05-04 2024-07-18 101796244+v-spadarthi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Alsid For AD/Analytic Rules/PasswordIssues.yaml 40 47 1099 293 79 42 2022-05-04 2024-07-18 101796244+v-spadarthi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Alsid For AD/Analytic Rules/IndicatorsOfAttack.yaml 39 46 1099 293 79 42 2022-05-04 2024-07-18 101796244+v-spadarthi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Microsoft Purview/Analytic Rules/MicrosoftPurviewSensitiveDataDiscovered.yaml 46 25 910 576 29 22 2022-11-09 2023-10-09 v-rucdu@microsoft.com mrudula.oruganti@gigamon.com Solutions/Microsoft Purview/Analytic Rules/MicrosoftPurviewSensitiveDataDiscoveredCustom.yaml 48 25 910 576 29 22 2022-11-09 2023-10-09 v-rucdu@microsoft.com mrudula.oruganti@gigamon.com Solutions/OneIdentity/Parsers/OneIdentity_Safeguard.yaml 45 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Dynatrace/Parsers/DynatraceSecurityProblems.yaml 40 36 624 293 71 32 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Dynatrace/Parsers/DynatraceAttacks.yaml 41 56 624 293 120 44 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Dynatrace/Parsers/DynatraceAuditLogs.yaml 23 36 624 293 71 32 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Dynatrace/Parsers/DynatraceProblems.yaml 30 36 624 293 71 32 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Dynatrace/Analytic Rules/DynatraceApplicationSecurity_AttackDetection.yaml 61 73 925 261 118 51 2022-10-25 2024-08-19 gareth.emslie@dynatrace.com v-prasadboke@microsoft.com Solutions/Dynatrace/Analytic Rules/DynatraceApplicationSecurity_ThirdPartyVulnerabilityDetection.yaml 71 100 925 259 200 60 2022-10-25 2024-08-21 gareth.emslie@dynatrace.com nilepagn@microsoft.com Solutions/Dynatrace/Analytic Rules/DynatraceApplicationSecurity_NonCriticalVulnerabilityDetection.yaml 65 99 925 259 197 60 2022-10-25 2024-08-21 gareth.emslie@dynatrace.com nilepagn@microsoft.com Solutions/Dynatrace/Analytic Rules/Dynatrace_ProblemDetection.yaml 54 85 925 259 154 57 2022-10-25 2024-08-21 gareth.emslie@dynatrace.com nilepagn@microsoft.com Solutions/Dynatrace/Analytic Rules/DynatraceApplicationSecurity_CodeLevelVulnerabilityDetection.yaml 70 101 925 259 200 60 2022-10-25 2024-08-21 gareth.emslie@dynatrace.com nilepagn@microsoft.com Solutions/Darktrace/Analytic Rules/CreateAlertFromModelBreach.yaml 75 96 1051 293 149 61 2022-06-21 2024-07-18 justas.zaborovskis@darktrace.com 164491672+shishirdw@users.noreply.github.com Solutions/Darktrace/Analytic Rules/CreateAlertFromSystemStatus.yaml 56 95 1051 293 150 61 2022-06-21 2024-07-18 justas.zaborovskis@darktrace.com 164491672+shishirdw@users.noreply.github.com Solutions/Darktrace/Analytic Rules/CreateIncidentFromAIAnalystIncident.yaml 65 97 1051 293 152 61 2022-06-21 2024-07-18 justas.zaborovskis@darktrace.com 164491672+shishirdw@users.noreply.github.com Solutions/Eset Security Management Center/Analytic Rules/eset-threats.yaml 41 35 1092 259 64 33 2022-05-11 2024-08-21 90677907+vmanojreddy@users.noreply.github.com nilepagn@microsoft.com Solutions/Eset Security Management Center/Analytic Rules/eset-sites-blocked.yaml 45 35 1092 259 64 33 2022-05-11 2024-08-21 90677907+vmanojreddy@users.noreply.github.com nilepagn@microsoft.com Solutions/SpyCloud Enterprise Protection/Analytic Rules/SpyCloudEnterpriseProtectionBreachRule.yaml 53 30 606 293 73 28 2023-09-09 2024-07-18 81212299+loginsoft-integrations@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/SpyCloud Enterprise Protection/Analytic Rules/SpyCloudEnterpriseProtectionMalwareRule.yaml 68 44 606 259 116 36 2023-09-09 2024-08-21 81212299+loginsoft-integrations@users.noreply.github.com nilepagn@microsoft.com Solutions/Symantec Endpoint Protection/Parsers/SymantecEndpointProtection.yaml 186 60 624 106 114 46 2023-08-22 2025-01-21 mkchiliveri@gmail.com 128674128+v1managedservices@users.noreply.github.com Solutions/Symantec Endpoint Protection/Analytic Rules/MalwareDetected.yaml 39 140 1538 57 218 103 2021-02-19 2025-03-11 ndicola@microsoft.com v-atulyadav@microsoft.com Solutions/Symantec Endpoint Protection/Analytic Rules/ExcessiveBlockedTrafficGeneratedbyUser.yaml 54 136 1538 57 207 101 2021-02-19 2025-03-11 ndicola@microsoft.com v-atulyadav@microsoft.com Solutions/Prancer PenSuiteAI Integration/Hunting Queries/CSPM_query.yaml 36 43 553 268 74 35 2023-11-01 2024-08-12 62938807+haim-na@users.noreply.github.com Solutions/Prancer PenSuiteAI Integration/Hunting Queries/PAC_high_severity_query.yaml 39 43 553 268 74 35 2023-11-01 2024-08-12 62938807+haim-na@users.noreply.github.com Solutions/Prancer PenSuiteAI Integration/Analytic Rules/Virtual_Networks_High_Severity.yaml 52 61 553 268 119 45 2023-11-01 2024-08-12 62938807+haim-na@users.noreply.github.com Solutions/Prancer PenSuiteAI Integration/Analytic Rules/Storage_Accounts_High_Severity.yaml 52 61 553 268 118 45 2023-11-01 2024-08-12 62938807+haim-na@users.noreply.github.com Solutions/Prancer PenSuiteAI Integration/Analytic Rules/PAC_High_Severity.yaml 60 61 553 268 118 45 2023-11-01 2024-08-12 62938807+haim-na@users.noreply.github.com Solutions/Prancer PenSuiteAI Integration/Analytic Rules/Flow_Logs_High_Severity.yaml 52 61 553 268 142 50 2023-11-01 2024-08-12 62938807+haim-na@users.noreply.github.com Solutions/Prancer PenSuiteAI Integration/Analytic Rules/Sites_High_Severity.yaml 52 61 553 268 118 45 2023-11-01 2024-08-12 62938807+haim-na@users.noreply.github.com Solutions/Prancer PenSuiteAI Integration/Analytic Rules/Disks_High_Severity.yaml 52 61 553 268 118 45 2023-11-01 2024-08-12 62938807+haim-na@users.noreply.github.com Solutions/Prancer PenSuiteAI Integration/Analytic Rules/Vaults_High_Severity.yaml 52 61 553 268 118 45 2023-11-01 2024-08-12 62938807+haim-na@users.noreply.github.com Solutions/Prancer PenSuiteAI Integration/Analytic Rules/Registries_High_Severity.yaml 52 61 553 268 118 45 2023-11-01 2024-08-12 62938807+haim-na@users.noreply.github.com Solutions/Prancer PenSuiteAI Integration/Analytic Rules/Network_Security_Groups_High_Severity.yaml 52 61 553 268 118 45 2023-11-01 2024-08-12 62938807+haim-na@users.noreply.github.com Solutions/Prancer PenSuiteAI Integration/Analytic Rules/VM_High_Severity.yaml 52 61 553 268 118 45 2023-11-01 2024-08-12 62938807+haim-na@users.noreply.github.com Solutions/Prancer PenSuiteAI Integration/Analytic Rules/Subnets_High_Severity.yaml 52 61 553 268 118 45 2023-11-01 2024-08-12 62938807+haim-na@users.noreply.github.com Solutions/NXLogDnsLogs/Parsers/ASimDnsMicrosoftNXLog.yaml 11 46 624 293 107 38 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Authomize/Hunting queries/Privileged_Machines_Exposed_to_the_Internet.yaml 24 29 656 293 58 29 2023-07-21 2024-07-18 108295864+sriley0975@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Authomize/Hunting queries/IaaS_admin_detected.yaml 24 29 656 293 58 29 2023-07-21 2024-07-18 108295864+sriley0975@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Authomize/Hunting queries/Admin_SaaS_account_detected.yaml 4 28 554 293 57 28 2023-10-31 2024-07-18 104008048+v-atulyadav@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Authomize/Hunting queries/IaaS_shadow_admin_detected.yaml 24 29 656 293 58 29 2023-07-21 2024-07-18 108295864+sriley0975@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Authomize/Hunting queries/Chain_of_3_or_more_roles.yaml 24 29 656 293 58 29 2023-07-21 2024-07-18 108295864+sriley0975@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Authomize/Hunting queries/Password_Exfiltration_over_SCIM_application.yaml 28 29 656 293 58 29 2023-07-21 2024-07-18 108295864+sriley0975@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Authomize/Analytic Rules/Privileged_Machines_Exposed_to_the_Internet.yaml 58 49 656 293 96 41 2023-07-21 2024-07-18 108295864+sriley0975@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Authomize/Analytic Rules/IaaS_admin_detected.yaml 58 49 656 293 96 41 2023-07-21 2024-07-18 108295864+sriley0975@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Authomize/Analytic Rules/Detect_AWS_IAM_Users.yaml 57 49 656 293 96 41 2023-07-21 2024-07-18 108295864+sriley0975@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Authomize/Analytic Rules/Stale_IAAS_policy_attachment_to_role.yaml 58 64 656 259 137 47 2023-07-21 2024-08-21 108295864+sriley0975@users.noreply.github.com nilepagn@microsoft.com Solutions/Authomize/Analytic Rules/New_direct_access_policy_was_granted.yaml 60 49 656 293 96 41 2023-07-21 2024-07-18 108295864+sriley0975@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Authomize/Analytic Rules/Admin_SaaS_account_detected.yaml 59 49 656 293 96 41 2023-07-21 2024-07-18 108295864+sriley0975@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Authomize/Analytic Rules/Admin_password_wasnt_updated.yaml 44 49 656 293 96 41 2023-07-21 2024-07-18 108295864+sriley0975@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Authomize/Analytic Rules/IaaS_shadow_admin_detected.yaml 58 49 656 293 96 41 2023-07-21 2024-07-18 108295864+sriley0975@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Authomize/Analytic Rules/Empty_group_with_entitlements.yaml 58 64 656 259 136 47 2023-07-21 2024-08-21 108295864+sriley0975@users.noreply.github.com nilepagn@microsoft.com Solutions/Authomize/Analytic Rules/AWS_role_with_admin_privileges.yaml 57 49 656 293 96 41 2023-07-21 2024-07-18 108295864+sriley0975@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Authomize/Analytic Rules/Password_Exfiltration_over_SCIM.yaml 60 49 656 293 96 41 2023-07-21 2024-07-18 108295864+sriley0975@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Authomize/Analytic Rules/User_without_MFA.yaml 58 49 656 293 96 41 2023-07-21 2024-07-18 108295864+sriley0975@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Authomize/Analytic Rules/AWS_role_with_shadow_admin_privileges.yaml 58 49 656 293 96 41 2023-07-21 2024-07-18 108295864+sriley0975@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Authomize/Analytic Rules/Stale_AWS_policy_attachment_to_identity.yaml 58 49 656 293 96 41 2023-07-21 2024-07-18 108295864+sriley0975@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Authomize/Analytic Rules/Refactor_AWS_policy_based_on_activities.yaml 57 49 656 293 96 41 2023-07-21 2024-07-18 108295864+sriley0975@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Authomize/Analytic Rules/User_assigned_to_a_default_admin_role.yaml 58 49 656 293 96 41 2023-07-21 2024-07-18 108295864+sriley0975@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Authomize/Analytic Rules/Chain_of_3_or_more_roles.yaml 58 64 656 259 136 47 2023-07-21 2024-08-21 108295864+sriley0975@users.noreply.github.com nilepagn@microsoft.com Solutions/Authomize/Analytic Rules/Unused_IaaS_Policy.yaml 61 49 656 293 96 41 2023-07-21 2024-07-18 108295864+sriley0975@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Authomize/Analytic Rules/IaaS_policy_not_attached_to_any_identity.yaml 58 64 656 259 136 47 2023-07-21 2024-08-21 108295864+sriley0975@users.noreply.github.com nilepagn@microsoft.com Solutions/Authomize/Analytic Rules/New_service_account_gained_access_to_IaaS_resource.yaml 57 64 656 259 136 47 2023-07-21 2024-08-21 108295864+sriley0975@users.noreply.github.com nilepagn@microsoft.com Solutions/Authomize/Analytic Rules/Access_to_AWS_without_MFA.yaml 58 49 656 293 96 41 2023-07-21 2024-07-18 108295864+sriley0975@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Authomize/Data Connectors/AuthomizeSentinelConnector/__init__.py 123 28 656 293 57 29 2023-07-21 2024-07-18 108295864+sriley0975@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Authomize/Data Connectors/AuthomizeSentinelConnector/azureworker.py 43 28 656 293 57 29 2023-07-21 2024-07-18 108295864+sriley0975@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Symantec VIP/Parsers/SymantecVIP.yaml 37 43 624 106 91 39 2023-08-22 2025-01-21 mkchiliveri@gmail.com 128674128+v1managedservices@users.noreply.github.com Solutions/Symantec VIP/Analytic Rules/ExcessiveFailedAuthenticationsfromInvalidInputs.yaml 36 73 789 57 127 62 2023-03-10 2025-03-11 v-prasadboke@microsoft.com v-atulyadav@microsoft.com Solutions/Symantec VIP/Analytic Rules/ClientDeniedAccess.yaml 42 73 789 57 127 62 2023-03-10 2025-03-11 v-prasadboke@microsoft.com v-atulyadav@microsoft.com Solutions/Rapid7InsightVM/Parsers/InsightVMVulnerabilities.yaml 67 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Rapid7InsightVM/Parsers/InsightVMAssets.yaml 48 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Rapid7InsightVM/Data Connectors/InsightVMCloudAPISentinelConnector/__init__.py 218 92 1420 293 150 85 2021-06-17 2024-07-18 ov@socprime.com 164491672+shishirdw@users.noreply.github.com Solutions/Rapid7InsightVM/Data Connectors/InsightVMCloudAPISentinelConnector/sentinel_connector_async.py 80 45 1139 293 74 44 2022-03-25 2024-07-18 vu@socprime.com 164491672+shishirdw@users.noreply.github.com Solutions/Rapid7InsightVM/Data Connectors/InsightVMCloudAPISentinelConnector/state_manager_async.py 58 57 1139 293 82 56 2022-03-25 2024-07-18 vu@socprime.com 164491672+shishirdw@users.noreply.github.com Solutions/Cognni/Analytic Rules/CognniMediumRiskLegalIncidents.yaml 33 19 1094 576 23 17 2022-05-09 2023-10-09 v-sabiraj@microsoft.com mrudula.oruganti@gigamon.com Solutions/Cognni/Analytic Rules/CognniLowRiskGovernanceIncidents.yaml 33 19 1094 576 23 17 2022-05-09 2023-10-09 v-sabiraj@microsoft.com mrudula.oruganti@gigamon.com Solutions/Cognni/Analytic Rules/CognniHighRiskGovernanceIncidents.yaml 33 19 1094 576 23 17 2022-05-09 2023-10-09 v-sabiraj@microsoft.com mrudula.oruganti@gigamon.com Solutions/Cognni/Analytic Rules/CognniHighRiskBusinessIncidents.yaml 33 19 1094 576 23 17 2022-05-09 2023-10-09 v-sabiraj@microsoft.com mrudula.oruganti@gigamon.com Solutions/Cognni/Analytic Rules/CognniMediumRiskGovernanceIncidents.yaml 33 19 1094 576 23 17 2022-05-09 2023-10-09 v-sabiraj@microsoft.com mrudula.oruganti@gigamon.com Solutions/Cognni/Analytic Rules/CognniMediumRiskFinancialIncidents.yaml 33 19 1094 576 23 17 2022-05-09 2023-10-09 v-sabiraj@microsoft.com mrudula.oruganti@gigamon.com Solutions/Cognni/Analytic Rules/CognniMediumRiskBusinessIncidents.yaml 33 19 1094 576 23 17 2022-05-09 2023-10-09 v-sabiraj@microsoft.com mrudula.oruganti@gigamon.com Solutions/Cognni/Analytic Rules/CognniHighRiskFinancialIncidents.yaml 33 19 1094 576 23 17 2022-05-09 2023-10-09 v-sabiraj@microsoft.com mrudula.oruganti@gigamon.com Solutions/Cognni/Analytic Rules/CognniLowRiskFinancialIncidents.yaml 33 19 1094 576 23 17 2022-05-09 2023-10-09 v-sabiraj@microsoft.com mrudula.oruganti@gigamon.com Solutions/Cognni/Analytic Rules/CognniLowRiskHRIncidents.yaml 33 19 1094 576 23 17 2022-05-09 2023-10-09 v-sabiraj@microsoft.com mrudula.oruganti@gigamon.com Solutions/Cognni/Analytic Rules/CognniHighRiskLegalIncidents.yaml 33 19 1094 576 23 17 2022-05-09 2023-10-09 v-sabiraj@microsoft.com mrudula.oruganti@gigamon.com Solutions/Cognni/Analytic Rules/CognniLowRiskBusinessIncidents.yaml 33 19 1094 576 23 17 2022-05-09 2023-10-09 v-sabiraj@microsoft.com mrudula.oruganti@gigamon.com Solutions/Cognni/Analytic Rules/CognniLowRiskLegalIncidents.yaml 33 19 1094 576 23 17 2022-05-09 2023-10-09 v-sabiraj@microsoft.com mrudula.oruganti@gigamon.com Solutions/Cognni/Analytic Rules/CognniMediumRiskHRIncidents.yaml 33 19 1094 576 23 17 2022-05-09 2023-10-09 v-sabiraj@microsoft.com mrudula.oruganti@gigamon.com Solutions/Cognni/Analytic Rules/CognniHighRiskHRIncidents.yaml 33 19 1094 576 23 17 2022-05-09 2023-10-09 v-sabiraj@microsoft.com mrudula.oruganti@gigamon.com Solutions/CyberArkEPM/DataConnectors/CyberArkEPMSentinelConnector/__init__.py 160 56 1153 57 73 57 2022-03-11 2025-03-11 ov@socprime.com v-atulyadav@microsoft.com Solutions/CyberArkEPM/DataConnectors/CyberArkEPMSentinelConnector/pyepm.py 184 50 1153 293 63 49 2022-03-11 2024-07-18 ov@socprime.com 164491672+shishirdw@users.noreply.github.com Solutions/CyberArkEPM/DataConnectors/CyberArkEPMSentinelConnector/state_manager.py 18 19 1153 576 23 21 2022-03-11 2023-10-09 ov@socprime.com mrudula.oruganti@gigamon.com Solutions/CyberArkEPM/Hunting Queries/CyberArkEPMPowershellDownloads.yaml 25 15 1121 845 17 16 2022-04-12 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/CyberArkEPM/Hunting Queries/CyberArkEPMScriptsExecuted.yaml 28 15 1121 845 17 16 2022-04-12 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/CyberArkEPM/Hunting Queries/CyberArkEPMSuspiciousActivityAttempts.yaml 23 15 1121 845 17 16 2022-04-12 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/CyberArkEPM/Hunting Queries/CyberArkEPMPowershellExecutionParameters.yaml 25 15 1121 845 17 16 2022-04-12 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/CyberArkEPM/Hunting Queries/CyberArkEPMRareProcVendors.yaml 25 15 1121 845 17 16 2022-04-12 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/CyberArkEPM/Hunting Queries/CyberArkEPMProcessesAccessedInternet.yaml 24 15 1121 845 17 16 2022-04-12 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/CyberArkEPM/Hunting Queries/CyberArkEPMProcessesRunAsAdmin.yaml 26 15 1121 845 17 16 2022-04-12 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/CyberArkEPM/Hunting Queries/CyberArkEPMProcessNewHash.yaml 25 15 1121 845 17 16 2022-04-12 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/CyberArkEPM/Hunting Queries/CyberArkEPMRareProcessesRunByUsers.yaml 25 15 1121 845 17 16 2022-04-12 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/CyberArkEPM/Hunting Queries/CyberArkEPMElevationRequests.yaml 25 15 1121 845 17 16 2022-04-12 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/CyberArkEPM/Parsers/CyberArkEPM.yaml 96 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/CyberArkEPM/Analytic Rules/CyberArkEPMUnexpectedExecutableLocation.yaml 23 15 1121 845 17 16 2022-04-12 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/CyberArkEPM/Analytic Rules/CyberArkEPMMultipleAttackAttempts.yaml 30 15 1121 845 17 16 2022-04-12 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/CyberArkEPM/Analytic Rules/CyberArkEPMRenamedWindowsBinary.yaml 23 15 1121 845 17 16 2022-04-12 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/CyberArkEPM/Analytic Rules/CyberArkEPMMSBuildLOLBin.yaml 30 15 1121 845 17 16 2022-04-12 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/CyberArkEPM/Analytic Rules/CyberArkEPMUnexpectedExecutableExtension.yaml 24 15 1121 845 17 16 2022-04-12 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/CyberArkEPM/Analytic Rules/CyberArkEPMNewProcessStartetFromSystem.yaml 33 15 1121 845 17 16 2022-04-12 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/CyberArkEPM/Analytic Rules/CyberArkEPMRareProcInternetAccess.yaml 41 15 1121 845 17 16 2022-04-12 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/CyberArkEPM/Analytic Rules/CyberArkEPMAttackAttemptNotBlocked.yaml 30 15 1121 845 17 16 2022-04-12 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/CyberArkEPM/Analytic Rules/CyberArkEPMProcessChangedStartLocation.yaml 33 15 1121 845 17 16 2022-04-12 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/CyberArkEPM/Analytic Rules/CyberArkEPMPossibleExecutionOfPowershellEmpire.yaml 29 15 1121 845 17 16 2022-04-12 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/ElasticAgent/Parsers/ElasticAgentEvent.yaml 168 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Microsoft Entra ID/Analytic Rules/AzureRBAC.yaml 57 12 99 57 18 13 2025-01-28 2025-03-11 v-prasadboke@microsoft.com v-atulyadav@microsoft.com Solutions/Microsoft Entra ID/Analytic Rules/MFASpammingfollowedbySuccessfullogin.yaml 46 63 555 261 118 47 2023-10-30 2024-08-19 v-rusraut@microsoft.com v-prasadboke@microsoft.com Solutions/Microsoft Entra ID/Analytic Rules/SuspiciousAADJoinedDeviceUpdate.yaml 102 66 555 268 135 45 2023-10-30 2024-08-12 v-rusraut@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Entra ID/Analytic Rules/DistribPassCrackAttempt.yaml 60 51 555 8 98 42 2023-10-30 2025-04-29 v-rusraut@microsoft.com v-atulyadav@microsoft.com Solutions/Microsoft Entra ID/Analytic Rules/Cross-tenantAccessSettingsOrganizationDeleted.yaml 66 56 555 261 117 43 2023-10-30 2024-08-19 v-rusraut@microsoft.com v-prasadboke@microsoft.com Solutions/Microsoft Entra ID/Analytic Rules/SigninBruteForce-AzurePortal.yaml 101 48 555 293 93 38 2023-10-30 2024-07-18 v-rusraut@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Microsoft Entra ID/Analytic Rules/MultipleAdmin_membership_removals_from_NewAdmin.yaml 109 46 555 293 92 38 2023-10-30 2024-07-18 v-rusraut@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Microsoft Entra ID/Analytic Rules/AzureAADPowerShellAnomaly.yaml 60 42 555 261 81 35 2023-10-30 2024-08-19 v-rusraut@microsoft.com v-prasadboke@microsoft.com Solutions/Microsoft Entra ID/Analytic Rules/MaliciousOAuthApp_PwnAuth.yaml 116 46 555 293 91 38 2023-10-30 2024-07-18 v-rusraut@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Microsoft Entra ID/Analytic Rules/SuspiciousOAuthApp_OfflineAccess.yaml 112 46 555 293 91 38 2023-10-30 2024-07-18 v-rusraut@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Microsoft Entra ID/Analytic Rules/GuestAccountsAddedinAADGroupsOtherThanTheOnesSpecified.yaml 92 60 555 293 135 47 2023-10-30 2024-07-18 v-rusraut@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Microsoft Entra ID/Analytic Rules/Brute Force Attack against GitHub Account.yaml 48 41 555 261 80 35 2023-10-30 2024-08-19 v-rusraut@microsoft.com v-prasadboke@microsoft.com Solutions/Microsoft Entra ID/Analytic Rules/NRT_PIMElevationRequestRejected.yaml 71 60 555 106 121 55 2023-10-30 2025-01-21 v-rusraut@microsoft.com 128674128+v1managedservices@users.noreply.github.com Solutions/Microsoft Entra ID/Analytic Rules/Cross-tenantAccessSettingsOrganizationOutboundDirectSettingsChanged.yaml 71 56 555 261 116 43 2023-10-30 2024-08-19 v-rusraut@microsoft.com v-prasadboke@microsoft.com Solutions/Microsoft Entra ID/Analytic Rules/SigninAttemptsByIPviaDisabledAccounts.yaml 87 26 555 293 56 28 2023-10-30 2024-07-18 v-rusraut@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Microsoft Entra ID/Analytic Rules/AccountCreatedDeletedByNonApprovedUser.yaml 61 57 555 259 116 43 2023-10-30 2024-08-21 v-rusraut@microsoft.com nilepagn@microsoft.com Solutions/Microsoft Entra ID/Analytic Rules/BypassCondAccessRule.yaml 77 52 555 261 102 40 2023-10-30 2024-08-19 v-rusraut@microsoft.com v-prasadboke@microsoft.com Solutions/Microsoft Entra ID/Analytic Rules/PossibleSignInfromAzureBackdoor.yaml 4 26 460 268 39 22 2024-02-02 2024-08-12 juan_sebastian13@hotmail.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Entra ID/Analytic Rules/NewAppOrServicePrincipalCredential.yaml 86 46 555 293 91 38 2023-10-30 2024-07-18 v-rusraut@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Microsoft Entra ID/Analytic Rules/PrivilegedAccountsSigninFailureSpikes.yaml 87 57 555 293 127 45 2023-10-30 2024-07-18 v-rusraut@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Microsoft Entra ID/Analytic Rules/nrt_FirstAppOrServicePrincipalCredential.yaml 90 62 555 268 122 48 2023-10-30 2024-08-12 v-rusraut@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Entra ID/Analytic Rules/NRT_NewAppOrServicePrincipalCredential.yaml 84 70 555 268 147 50 2023-10-30 2024-08-12 v-rusraut@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Entra ID/Analytic Rules/DisabledAccountSigninsAcrossManyApplications.yaml 53 47 555 293 91 38 2023-10-30 2024-07-18 v-rusraut@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Microsoft Entra ID/Analytic Rules/SuspiciousSignInFollowedByMFAModification.yaml 85 48 555 293 93 38 2023-10-30 2024-07-18 v-rusraut@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Microsoft Entra ID/Analytic Rules/NRT_UseraddedtoPrivilgedGroups.yaml 53 66 555 268 129 48 2023-10-30 2024-08-12 v-rusraut@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Entra ID/Analytic Rules/UserAccounts-CABlockedSigninSpikes.yaml 114 67 555 268 136 50 2023-10-30 2024-08-12 v-rusraut@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Entra ID/Analytic Rules/RareApplicationConsent.yaml 96 46 555 293 90 38 2023-10-30 2024-07-18 v-rusraut@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Microsoft Entra ID/Analytic Rules/NewOnmicrosoftDomainAdded.yaml 69 48 555 293 93 38 2023-10-30 2024-07-18 v-rusraut@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Microsoft Entra ID/Analytic Rules/Cross-tenantAccessSettingsOrganizationAdded.yaml 69 57 555 261 119 43 2023-10-30 2024-08-19 v-rusraut@microsoft.com v-prasadboke@microsoft.com Solutions/Microsoft Entra ID/Analytic Rules/UserAssignedNewPrivilegedRole.yaml 85 46 551 293 91 38 2023-11-03 2024-07-18 v-rusraut@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Microsoft Entra ID/Analytic Rules/PrivlegedRoleAssignedOutsidePIM.yaml 69 68 555 58 121 47 2023-10-30 2025-03-10 v-rusraut@microsoft.com idoshabi@microsoft.com Solutions/Microsoft Entra ID/Analytic Rules/MailPermissionsAddedToApplication.yaml 87 47 555 293 91 38 2023-10-30 2024-07-18 v-rusraut@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Microsoft Entra ID/Analytic Rules/AdminPromoAfterRoleMgmtAppPermissionGrant.yaml 133 41 555 261 79 35 2023-10-30 2024-08-19 v-rusraut@microsoft.com v-prasadboke@microsoft.com Solutions/Microsoft Entra ID/Analytic Rules/ExchangeFullAccessGrantedToApp.yaml 96 64 555 261 119 47 2023-10-30 2024-08-19 v-rusraut@microsoft.com v-prasadboke@microsoft.com Solutions/Microsoft Entra ID/Analytic Rules/PIMElevationRequestRejected.yaml 74 46 555 293 91 38 2023-10-30 2024-07-18 v-rusraut@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Microsoft Entra ID/Analytic Rules/AnomalousUserAppSigninLocationIncrease-detection.yaml 38 71 555 8 133 47 2023-10-30 2025-04-29 v-rusraut@microsoft.com v-atulyadav@microsoft.com Solutions/Microsoft Entra ID/Analytic Rules/NRT_PrivlegedRoleAssignedOutsidePIM.yaml 63 46 555 293 91 38 2023-10-30 2024-07-18 v-rusraut@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Microsoft Entra ID/Analytic Rules/Cross-tenantAccessSettingsOrganizationOutboundCollaborationSettingsChanged.yaml 71 56 555 261 116 43 2023-10-30 2024-08-19 v-rusraut@microsoft.com v-prasadboke@microsoft.com Solutions/Microsoft Entra ID/Analytic Rules/NRT_ADFSDomainTrustMods.yaml 72 61 555 259 132 46 2023-10-30 2024-08-21 v-rusraut@microsoft.com nilepagn@microsoft.com Solutions/Microsoft Entra ID/Analytic Rules/FirstAppOrServicePrincipalCredential.yaml 88 47 555 293 91 38 2023-10-30 2024-07-18 v-rusraut@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Microsoft Entra ID/Analytic Rules/ADFSDomainTrustMods.yaml 91 66 555 259 148 45 2023-10-30 2024-08-21 v-rusraut@microsoft.com nilepagn@microsoft.com Solutions/Microsoft Entra ID/Analytic Rules/MaliciousOAuthApp_O365AttackToolkit.yaml 123 46 555 293 91 38 2023-10-30 2024-07-18 v-rusraut@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Microsoft Entra ID/Analytic Rules/AuthenticationMethodsChangedforPrivilegedAccount.yaml 81 61 555 261 119 44 2023-10-30 2024-08-19 v-rusraut@microsoft.com v-prasadboke@microsoft.com Solutions/Microsoft Entra ID/Analytic Rules/SuspiciousServicePrincipalcreationactivity.yaml 97 57 555 13 106 48 2023-10-30 2025-04-24 v-rusraut@microsoft.com v-prasadboke@microsoft.com Solutions/Microsoft Entra ID/Analytic Rules/NRT_AuthenticationMethodsChangedforVIPUsers.yaml 66 59 555 26 107 47 2023-10-30 2025-04-11 v-rusraut@microsoft.com bartleyriley@gmail.com Solutions/Microsoft Entra ID/Analytic Rules/UnusualGuestActivity.yaml 78 80 555 261 150 52 2023-10-30 2024-08-19 v-rusraut@microsoft.com v-prasadboke@microsoft.com Solutions/Microsoft Entra ID/Analytic Rules/AccountCreatedandDeletedinShortTimeframe.yaml 105 41 555 261 78 35 2023-10-30 2024-08-19 v-rusraut@microsoft.com v-prasadboke@microsoft.com Solutions/Microsoft Entra ID/Analytic Rules/FailedLogonToAzurePortal.yaml 106 64 555 261 120 47 2023-10-30 2024-08-19 v-rusraut@microsoft.com v-prasadboke@microsoft.com Solutions/Microsoft Entra ID/Analytic Rules/BulkChangestoPrivilegedAccountPermissions.yaml 88 57 555 261 113 41 2023-10-30 2024-08-19 v-rusraut@microsoft.com v-prasadboke@microsoft.com Solutions/Microsoft Entra ID/Analytic Rules/BruteForceCloudPC.yaml 70 41 555 261 79 35 2023-10-30 2024-08-19 v-rusraut@microsoft.com v-prasadboke@microsoft.com Solutions/Microsoft Entra ID/Analytic Rules/Cross-tenantAccessSettingsOrganizationInboundDirectSettingsChanged.yaml 71 56 555 261 116 43 2023-10-30 2024-08-19 v-rusraut@microsoft.com v-prasadboke@microsoft.com Solutions/Microsoft Entra ID/Analytic Rules/Cross-tenantAccessSettingsOrganizationInboundCollaborationSettingsChanged.yaml 71 56 555 261 116 43 2023-10-30 2024-08-19 v-rusraut@microsoft.com v-prasadboke@microsoft.com Solutions/Microsoft Entra ID/Analytic Rules/UserAssignedPrivilegedRole.yaml 64 72 555 268 144 48 2023-10-30 2024-08-12 v-rusraut@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Entra ID/Analytic Rules/MFARejectedbyUser.yaml 85 80 555 57 155 57 2023-10-30 2025-03-11 v-rusraut@microsoft.com v-atulyadav@microsoft.com Solutions/Microsoft Entra ID/Analytic Rules/UseraddedtoPrivilgedGroups.yaml 57 46 555 293 92 38 2023-10-30 2024-07-18 v-rusraut@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Microsoft Entra ID/Analytic Rules/SuccessThenFail_DiffIP_SameUserandApp.yaml 107 96 555 106 189 65 2023-10-30 2025-01-21 v-rusraut@microsoft.com 128674128+v1managedservices@users.noreply.github.com Solutions/Microsoft Entra ID/Analytic Rules/Sign-in Burst from Multiple Locations.yaml 47 47 555 293 92 38 2023-10-30 2024-07-18 v-rusraut@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Microsoft Entra ID/Analytic Rules/ExplicitMFADeny.yaml 35 86 555 106 180 57 2023-10-30 2025-01-21 v-rusraut@microsoft.com 128674128+v1managedservices@users.noreply.github.com Solutions/Microsoft Entra ID/Analytic Rules/SigninPasswordSpray.yaml 86 55 555 261 111 43 2023-10-30 2024-08-19 v-rusraut@microsoft.com v-prasadboke@microsoft.com Solutions/Microsoft Entra ID/Analytic Rules/SeamlessSSOPasswordSpray.yaml 54 46 555 293 91 38 2023-10-30 2024-07-18 v-rusraut@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Microsoft Entra ID/Analytic Rules/ADFSSignInLogsPasswordSpray.yaml 44 26 555 293 56 28 2023-10-30 2024-07-18 v-rusraut@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Microsoft Entra ID/Analytic Rules/AzureADRoleManagementPermissionGrant.yaml 58 57 555 259 117 43 2023-10-30 2024-08-21 v-rusraut@microsoft.com nilepagn@microsoft.com Solutions/Microsoft Entra ID/Analytic Rules/AzurePortalSigninfromanotherAzureTenant.yaml 77 52 555 261 100 40 2023-10-30 2024-08-19 v-rusraut@microsoft.com v-prasadboke@microsoft.com Solutions/Microsoft Entra ID/Analytic Rules/CredentialAddedAfterAdminConsent.yaml 153 54 555 259 116 40 2023-10-30 2024-08-21 v-rusraut@microsoft.com nilepagn@microsoft.com Solutions/Pulse Connect Secure/Parsers/PulseConnectSecure.yaml 36 44 624 106 92 39 2023-08-22 2025-01-21 mkchiliveri@gmail.com 128674128+v1managedservices@users.noreply.github.com Solutions/Pulse Connect Secure/Analytic Rules/PulseConnectSecureVPN-DistinctFailedUserLogin.yaml 31 70 1080 57 105 60 2022-05-23 2025-03-11 104008048+v-atulyadav@users.noreply.github.com v-atulyadav@microsoft.com Solutions/Pulse Connect Secure/Analytic Rules/PulseConnectSecureVPN-BruteForce.yaml 35 70 1080 57 105 60 2022-05-23 2025-03-11 104008048+v-atulyadav@users.noreply.github.com v-atulyadav@microsoft.com Solutions/Windows Security Events/Hunting Queries/UserCreatedByUnauthorizedUser.yaml 47 45 1077 293 68 47 2022-05-26 2024-07-18 v-sabiraj@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Windows Security Events/Hunting Queries/Invoke-PowerShellTcpOneLine.yaml 46 47 1077 293 72 49 2022-05-26 2024-07-18 v-sabiraj@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Windows Security Events/Hunting Queries/Discorddownloadinvokedfromcmdline.yaml 45 47 1077 293 72 48 2022-05-26 2024-07-18 v-sabiraj@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Windows Security Events/Hunting Queries/masquerading_files.yaml 47 71 1077 268 107 62 2022-05-26 2024-08-12 v-sabiraj@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Windows Security Events/Hunting Queries/InternalProxies.yaml 51 39 714 293 59 43 2023-05-24 2024-07-18 peter.bryan@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Windows Security Events/Hunting Queries/RareProcess_forWinHost.yaml 49 46 1077 293 71 48 2022-05-26 2024-07-18 v-sabiraj@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Windows Security Events/Hunting Queries/UserAdd_RemToGroupByUnauthorizedUser.yaml 46 45 1077 293 68 47 2022-05-26 2024-07-18 v-sabiraj@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Windows Security Events/Hunting Queries/KrbRelayUpServiceCreation.yaml 37 21 436 268 37 24 2024-02-26 2024-08-12 r.greatlove@gmail.com 62938807+haim-na@users.noreply.github.com Solutions/Windows Security Events/Hunting Queries/RemoteScheduledTaskCreationUpdateviaSchtasks.yaml 22 21 436 268 37 24 2024-02-26 2024-08-12 r.greatlove@gmail.com 62938807+haim-na@users.noreply.github.com Solutions/Windows Security Events/Hunting Queries/Least_Common_Parent_Child_Process.yaml 35 45 1077 293 66 49 2022-05-26 2024-07-18 v-sabiraj@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Windows Security Events/Hunting Queries/MultipleExplicitCredentialUsage4648Events.yaml 76 71 1077 268 104 62 2022-05-26 2024-08-12 v-sabiraj@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Windows Security Events/Hunting Queries/SuspiciousCommandlineTokenLolbas.yaml 40 21 436 268 37 24 2024-02-26 2024-08-12 r.greatlove@gmail.com 62938807+haim-na@users.noreply.github.com Solutions/Windows Security Events/Hunting Queries/RareProcbyServiceAccount.yaml 84 46 1077 293 70 48 2022-05-26 2024-07-18 v-sabiraj@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Windows Security Events/Hunting Queries/Suspicious_Windows_Login_outside_normal_hours.yaml 123 71 1077 268 105 62 2022-05-26 2024-08-12 v-sabiraj@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Windows Security Events/Hunting Queries/Least_Common_Process_Command_Lines.yaml 32 45 1077 293 66 49 2022-05-26 2024-07-18 v-sabiraj@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Windows Security Events/Hunting Queries/UserAccountAddedToPrivlegeGroup.yaml 51 57 1077 106 84 57 2022-05-26 2025-01-21 v-sabiraj@microsoft.com 128674128+v1managedservices@users.noreply.github.com Solutions/Windows Security Events/Hunting Queries/ADAccountLockouts.yaml 20 21 427 268 37 24 2024-03-06 2024-08-12 r.greatlove@gmail.com 62938807+haim-na@users.noreply.github.com Solutions/Windows Security Events/Hunting Queries/ServiceInstallationFromUsersWritableDirectory.yaml 38 48 1077 58 59 35 2022-05-26 2025-03-10 v-sabiraj@microsoft.com idoshabi@microsoft.com Solutions/Windows Security Events/Hunting Queries/GroupAddedToPrivlegeGroup.yaml 70 46 1077 293 74 48 2022-05-26 2024-07-18 v-sabiraj@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Windows Security Events/Hunting Queries/DecoyUserAccountAuthenticationAttempt.yaml 41 68 1077 293 112 63 2022-05-26 2024-07-18 v-sabiraj@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Windows Security Events/Hunting Queries/powershell_downloads.yaml 48 47 1077 293 73 48 2022-05-26 2024-07-18 v-sabiraj@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Windows Security Events/Hunting Queries/NewChildProcessOfW3WP.yaml 48 50 1077 268 68 42 2022-05-26 2024-08-12 v-sabiraj@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Windows Security Events/Hunting Queries/HostExportingMailboxAndRemovingExport.yaml 57 72 1077 268 106 62 2022-05-26 2024-08-12 v-sabiraj@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Windows Security Events/Hunting Queries/powershell_newencodedscipts.yaml 64 47 1077 293 74 48 2022-05-26 2024-07-18 v-sabiraj@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Windows Security Events/Hunting Queries/FailedUserLogons.yaml 37 44 1077 293 65 47 2022-05-26 2024-07-18 v-sabiraj@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Windows Security Events/Hunting Queries/PowerCatDownload.yaml 30 23 1077 576 33 24 2022-05-26 2023-10-09 v-sabiraj@microsoft.com mrudula.oruganti@gigamon.com Solutions/Windows Security Events/Hunting Queries/CreateDCInstallationMedia.yaml 50 63 714 268 92 57 2023-05-24 2024-08-12 peter.bryan@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Windows Security Events/Hunting Queries/Crashdumpdisabledonhost.yaml 44 47 1077 293 72 48 2022-05-26 2024-07-18 v-sabiraj@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Windows Security Events/Hunting Queries/ProcessEntropy.yaml 150 71 1077 268 104 62 2022-05-26 2024-08-12 v-sabiraj@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Windows Security Events/Hunting Queries/persistence_create_account.yaml 39 53 1077 268 73 44 2022-05-26 2024-08-12 v-sabiraj@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Windows Security Events/Hunting Queries/CustomUserList_FailedLogons.yaml 95 44 1077 293 65 47 2022-05-26 2024-07-18 v-sabiraj@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Windows Security Events/Hunting Queries/uncommon_processes.yaml 57 69 1077 268 101 61 2022-05-26 2024-08-12 v-sabiraj@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Windows Security Events/Hunting Queries/MSRPRN_Printer_Bug_Exploitation.yaml 45 69 1077 268 99 61 2022-05-26 2024-08-12 v-sabiraj@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Windows Security Events/Hunting Queries/ExchangePowerShellSnapin.yaml 43 47 1077 293 72 48 2022-05-26 2024-07-18 v-sabiraj@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Windows Security Events/Hunting Queries/CommandsexecutedbyWMIonnewhosts-potentialImpacket.yaml 55 72 1077 268 108 62 2022-05-26 2024-08-12 v-sabiraj@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Windows Security Events/Hunting Queries/UserAccountCreatedDeleted.yaml 58 45 1077 293 68 47 2022-05-26 2024-07-18 v-sabiraj@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Windows Security Events/Hunting Queries/VIPAccountFailedLogons.yaml 37 45 1077 293 68 47 2022-05-26 2024-07-18 v-sabiraj@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Windows Security Events/Hunting Queries/cscript_summary.yaml 38 46 1077 293 74 48 2022-05-26 2024-07-18 v-sabiraj@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Windows Security Events/Hunting Queries/new_processes.yaml 47 71 1077 268 107 62 2022-05-26 2024-08-12 v-sabiraj@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Windows Security Events/Hunting Queries/RareProcessPath.yaml 88 46 1077 293 70 48 2022-05-26 2024-07-18 v-sabiraj@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Windows Security Events/Hunting Queries/Least_Common_Process_With_Depth.yaml 30 45 1077 293 66 49 2022-05-26 2024-07-18 v-sabiraj@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Windows Security Events/Hunting Queries/SuspectedLSASSDump.yaml 33 50 1077 268 68 42 2022-05-26 2024-08-12 v-sabiraj@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Windows Security Events/Hunting Queries/RareProcessWithCmdLine.yaml 51 46 1077 293 71 48 2022-05-26 2024-07-18 v-sabiraj@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Windows Security Events/Hunting Queries/WindowsSystemShutdownReboot.yaml 39 21 436 268 37 24 2024-02-26 2024-08-12 r.greatlove@gmail.com 62938807+haim-na@users.noreply.github.com Solutions/Windows Security Events/Hunting Queries/NishangReverseTCPShellBase64.yaml 44 47 1077 293 71 48 2022-05-26 2024-07-18 v-sabiraj@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Windows Security Events/Hunting Queries/WindowsSystemTimeChange.yaml 42 70 1077 268 102 61 2022-05-26 2024-08-12 v-sabiraj@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Windows Security Events/Hunting Queries/User Logons By Logon Type.yaml 23 23 1077 576 32 24 2022-05-26 2023-10-09 v-sabiraj@microsoft.com mrudula.oruganti@gigamon.com Solutions/Windows Security Events/Hunting Queries/enumeration_user_and_group.yaml 46 46 1077 293 75 48 2022-05-26 2024-07-18 v-sabiraj@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Windows Security Events/Hunting Queries/HostsWithNewLogons.yaml 66 71 1077 268 105 62 2022-05-26 2024-08-12 v-sabiraj@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Windows Security Events/Hunting Queries/Suspicious_enumeration_using_adfind.yaml 65 71 1077 268 105 62 2022-05-26 2024-08-12 v-sabiraj@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Windows Security Events/Analytic Rules/PotentialFodhelperUACBypass.yaml 37 44 1077 261 58 38 2022-05-26 2024-08-19 v-sabiraj@microsoft.com v-prasadboke@microsoft.com Solutions/Windows Security Events/Analytic Rules/NRT_execute_base64_decodedpayload.yaml 52 59 1077 259 94 46 2022-05-26 2024-08-21 v-sabiraj@microsoft.com nilepagn@microsoft.com Solutions/Windows Security Events/Analytic Rules/LocalDeviceJoinInfoAndTransportKeyRegKeysAccess.yaml 106 101 1077 261 170 77 2022-05-26 2024-08-19 v-sabiraj@microsoft.com v-prasadboke@microsoft.com Solutions/Windows Security Events/Analytic Rules/NonDCActiveDirectoryReplication.yaml 70 72 1077 268 129 53 2022-05-26 2024-08-12 v-sabiraj@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Windows Security Events/Analytic Rules/GainCodeExecutionADFSViaSMB.yaml 65 43 1077 261 55 38 2022-05-26 2024-08-19 v-sabiraj@microsoft.com v-prasadboke@microsoft.com Solutions/Windows Security Events/Analytic Rules/StartStopHealthService.yaml 45 43 1077 261 55 38 2022-05-26 2024-08-19 v-sabiraj@microsoft.com v-prasadboke@microsoft.com Solutions/Windows Security Events/Analytic Rules/NRT_SecurityEventLogCleared.yaml 25 43 1077 261 57 38 2022-05-26 2024-08-19 v-sabiraj@microsoft.com v-prasadboke@microsoft.com Solutions/Windows Security Events/Analytic Rules/NewEXEdeployedviaDefaultDomainorDefaultDomainControllerPolicies.yaml 53 44 1077 261 58 38 2022-05-26 2024-08-19 v-sabiraj@microsoft.com v-prasadboke@microsoft.com Solutions/Windows Security Events/Analytic Rules/SdeletedeployedviaGPOandrunrecursively.yaml 41 44 1077 261 58 38 2022-05-26 2024-08-19 v-sabiraj@microsoft.com v-prasadboke@microsoft.com Solutions/Windows Security Events/Analytic Rules/ADFSRemoteHTTPNetworkConnection.yaml 76 54 1077 261 77 43 2022-05-26 2024-08-19 v-sabiraj@microsoft.com v-prasadboke@microsoft.com Solutions/Windows Security Events/Analytic Rules/ADFSDBNamedPipeConnection.yaml 77 43 1077 261 55 38 2022-05-26 2024-08-19 v-sabiraj@microsoft.com v-prasadboke@microsoft.com Solutions/Windows Security Events/Analytic Rules/NRT_base64_encoded_pefile.yaml 45 64 1077 261 90 59 2022-05-26 2024-08-19 v-sabiraj@microsoft.com v-prasadboke@microsoft.com Solutions/Windows Security Events/Analytic Rules/TimeSeriesAnomaly-ProcessExecutions.yaml 57 87 1077 261 134 70 2022-05-26 2024-08-19 v-sabiraj@microsoft.com v-prasadboke@microsoft.com Solutions/Windows Security Events/Analytic Rules/password_not_set.yaml 74 93 1077 261 138 67 2022-05-26 2024-08-19 v-sabiraj@microsoft.com v-prasadboke@microsoft.com Solutions/Windows Security Events/Analytic Rules/MultipleFailedFollowedBySuccess.yaml 74 94 1077 261 152 74 2022-05-26 2024-08-19 v-sabiraj@microsoft.com v-prasadboke@microsoft.com Solutions/Windows Security Events/Analytic Rules/ADFSRemoteAuthSyncConnection.yaml 89 65 1077 261 108 48 2022-05-26 2024-08-19 v-sabiraj@microsoft.com v-prasadboke@microsoft.com Solutions/Windows Security Events/Analytic Rules/ExcessiveLogonFailures.yaml 91 75 1077 261 108 65 2022-05-26 2024-08-19 v-sabiraj@microsoft.com v-prasadboke@microsoft.com Solutions/Windows Security Events/Analytic Rules/ExchangeOABVirtualDirectoryAttributeContainingPotentialWebshell.yaml 47 96 1077 261 162 70 2022-05-26 2024-08-19 v-sabiraj@microsoft.com v-prasadboke@microsoft.com Solutions/Windows Security Events/Analytic Rules/Potentialre-namedsdeleteusage.yaml 33 44 1077 261 58 38 2022-05-26 2024-08-19 v-sabiraj@microsoft.com v-prasadboke@microsoft.com Solutions/Windows Security Events/Analytic Rules/ScheduleTaskHide.yaml 39 43 1077 261 55 38 2022-05-26 2024-08-19 v-sabiraj@microsoft.com v-prasadboke@microsoft.com Solutions/ZeroFox/Analytic Rules/ZF_Alerts_MediumSeverityRule.yaml 33 31 646 293 60 27 2023-07-31 2024-07-18 dnrr2808@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/ZeroFox/Analytic Rules/ZF_Alerts_HighSeverityRule.yaml 33 31 646 293 60 27 2023-07-31 2024-07-18 dnrr2808@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/ZeroFox/Analytic Rules/ZF_Alerts_LowSeverityRule.yaml 33 31 646 293 60 27 2023-07-31 2024-07-18 dnrr2808@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/ZeroFox/Analytic Rules/ZF_Alerts_InformationalSeverityRule.yaml 33 31 646 293 60 27 2023-07-31 2024-07-18 dnrr2808@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/ZeroFox/Data Connectors/CTI/AzureFunctionZeroFoxCTI/disruption_connector/__init__.py 54 28 373 106 79 24 2024-04-29 2025-01-21 dramirez@zerofox.com 128674128+v1managedservices@users.noreply.github.com Solutions/ZeroFox/Data Connectors/CTI/AzureFunctionZeroFoxCTI/breaches_connector/__init__.py 54 28 373 106 79 24 2024-04-29 2025-01-21 dramirez@zerofox.com 128674128+v1managedservices@users.noreply.github.com Solutions/ZeroFox/Data Connectors/CTI/AzureFunctionZeroFoxCTI/botnet_connector/__init__.py 54 28 373 106 79 24 2024-04-29 2025-01-21 dramirez@zerofox.com 128674128+v1managedservices@users.noreply.github.com Solutions/ZeroFox/Data Connectors/CTI/AzureFunctionZeroFoxCTI/phishing_connector/__init__.py 54 28 373 106 79 24 2024-04-29 2025-01-21 dramirez@zerofox.com 128674128+v1managedservices@users.noreply.github.com Solutions/ZeroFox/Data Connectors/CTI/AzureFunctionZeroFoxCTI/vulnerabilities_connector/__init__.py 54 28 373 106 79 24 2024-04-29 2025-01-21 dramirez@zerofox.com 128674128+v1managedservices@users.noreply.github.com Solutions/ZeroFox/Data Connectors/CTI/AzureFunctionZeroFoxCTI/national_ids_connector/__init__.py 54 28 373 106 79 24 2024-04-29 2025-01-21 dramirez@zerofox.com 128674128+v1managedservices@users.noreply.github.com Solutions/ZeroFox/Data Connectors/CTI/AzureFunctionZeroFoxCTI/malware_connector/__init__.py 54 28 373 106 79 24 2024-04-29 2025-01-21 dramirez@zerofox.com 128674128+v1managedservices@users.noreply.github.com Solutions/ZeroFox/Data Connectors/CTI/AzureFunctionZeroFoxCTI/compromised_credentials_connector/__init__.py 54 28 373 106 79 24 2024-04-29 2025-01-21 dramirez@zerofox.com 128674128+v1managedservices@users.noreply.github.com Solutions/ZeroFox/Data Connectors/CTI/AzureFunctionZeroFoxCTI/discord_connector/__init__.py 54 28 373 106 79 24 2024-04-29 2025-01-21 dramirez@zerofox.com 128674128+v1managedservices@users.noreply.github.com Solutions/ZeroFox/Data Connectors/CTI/AzureFunctionZeroFoxCTI/email_addresses_connector/__init__.py 54 28 373 106 79 24 2024-04-29 2025-01-21 dramirez@zerofox.com 128674128+v1managedservices@users.noreply.github.com Solutions/ZeroFox/Data Connectors/CTI/AzureFunctionZeroFoxCTI/threat_actors_connector/__init__.py 54 28 373 106 79 24 2024-04-29 2025-01-21 dramirez@zerofox.com 128674128+v1managedservices@users.noreply.github.com Solutions/ZeroFox/Data Connectors/CTI/AzureFunctionZeroFoxCTI/dark_web_connector/__init__.py 54 28 373 106 79 24 2024-04-29 2025-01-21 dramirez@zerofox.com 128674128+v1managedservices@users.noreply.github.com Solutions/ZeroFox/Data Connectors/CTI/AzureFunctionZeroFoxCTI/ransomware_connector/__init__.py 54 28 373 106 79 24 2024-04-29 2025-01-21 dramirez@zerofox.com 128674128+v1managedservices@users.noreply.github.com Solutions/ZeroFox/Data Connectors/CTI/AzureFunctionZeroFoxCTI/irc_connector/__init__.py 54 28 373 106 79 24 2024-04-29 2025-01-21 dramirez@zerofox.com 128674128+v1managedservices@users.noreply.github.com Solutions/ZeroFox/Data Connectors/CTI/AzureFunctionZeroFoxCTI/exploits_connector/__init__.py 54 28 373 106 79 24 2024-04-29 2025-01-21 dramirez@zerofox.com 128674128+v1managedservices@users.noreply.github.com Solutions/ZeroFox/Data Connectors/CTI/AzureFunctionZeroFoxCTI/telegram_connector/__init__.py 54 28 373 106 79 24 2024-04-29 2025-01-21 dramirez@zerofox.com 128674128+v1managedservices@users.noreply.github.com Solutions/ZeroFox/Data Connectors/CTI/AzureFunctionZeroFoxCTI/c2_domains_connector/__init__.py 54 28 373 106 79 24 2024-04-29 2025-01-21 dramirez@zerofox.com 128674128+v1managedservices@users.noreply.github.com Solutions/ZeroFox/Data Connectors/CTI/AzureFunctionZeroFoxCTI/advanced_dark_web_connector/__init__.py 54 28 373 106 79 24 2024-04-29 2025-01-21 dramirez@zerofox.com 128674128+v1managedservices@users.noreply.github.com Solutions/ZeroFox/Data Connectors/CTI/AzureFunctionZeroFoxCTI/connections/sentinel.py 136 26 373 106 76 24 2024-04-29 2025-01-21 dramirez@zerofox.com 128674128+v1managedservices@users.noreply.github.com Solutions/ZeroFox/Data Connectors/CTI/AzureFunctionZeroFoxCTI/connections/__init__.py 1 17 373 259 44 18 2024-04-29 2024-08-21 dramirez@zerofox.com nilepagn@microsoft.com Solutions/ZeroFox/Data Connectors/CTI/AzureFunctionZeroFoxCTI/connections/exceptions.py 12 17 357 259 44 18 2024-05-15 2024-08-21 dramirez@zerofox.com nilepagn@microsoft.com Solutions/ZeroFox/Data Connectors/CTI/AzureFunctionZeroFoxCTI/connections/zerofox.py 79 26 373 106 74 24 2024-04-29 2025-01-21 dramirez@zerofox.com 128674128+v1managedservices@users.noreply.github.com Solutions/ZeroFox/Data Connectors/CTI/AzureFunctionZeroFoxCTI/botnet_compromised_credentials_connector/__init__.py 56 28 373 106 79 24 2024-04-29 2025-01-21 dramirez@zerofox.com 128674128+v1managedservices@users.noreply.github.com Solutions/ZeroFox/Data Connectors/CTI/AzureFunctionZeroFoxCTI/credit_cards_connector/__init__.py 54 28 373 106 79 24 2024-04-29 2025-01-21 dramirez@zerofox.com 128674128+v1managedservices@users.noreply.github.com Solutions/ZeroFox/Data Connectors/CTI/AzureFunctionZeroFoxCTI/phone_numbers_connector/__init__.py 54 28 373 106 79 24 2024-04-29 2025-01-21 dramirez@zerofox.com 128674128+v1managedservices@users.noreply.github.com Solutions/Azure kubernetes Service/Hunting Queries/AKS-clusterrolebinding.yaml 3 31 929 576 36 21 2022-10-21 2023-10-09 rushriva@microsoft.com mrudula.oruganti@gigamon.com Solutions/Azure kubernetes Service/Hunting Queries/AKS-Rbac.yaml 3 29 929 576 34 21 2022-10-21 2023-10-09 rushriva@microsoft.com mrudula.oruganti@gigamon.com Solutions/Integration for Atlassian Beacon/Analytic Rules/AtlassianBeacon_High.yaml 29 20 421 268 25 19 2024-03-12 2024-08-12 debac.manikandan@defend.co.nz 62938807+haim-na@users.noreply.github.com Solutions/MongoDBAudit/Parsers/MongoDBAudit.yaml 31 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Silverfort/Analytic Rules/User_Brute_Force.yaml 31 18 275 106 24 13 2024-08-05 2025-01-21 frank.gasparovic@gmail.com 128674128+v1managedservices@users.noreply.github.com Solutions/Silverfort/Analytic Rules/Certifried.yaml 31 17 266 106 23 13 2024-08-14 2025-01-21 frank.gasparovic@gmail.com 128674128+v1managedservices@users.noreply.github.com Solutions/Silverfort/Analytic Rules/NoPac_Breach.yaml 32 18 275 106 24 13 2024-08-05 2025-01-21 frank.gasparovic@gmail.com 128674128+v1managedservices@users.noreply.github.com Solutions/Silverfort/Analytic Rules/Log4Shell.yaml 31 18 275 106 24 13 2024-08-05 2025-01-21 frank.gasparovic@gmail.com 128674128+v1managedservices@users.noreply.github.com Solutions/PaloAltoPrismaCloud/Hunting Queries/PaloAltoPrismaCloudFailedLoginsUsers.yaml 26 22 1491 576 26 24 2021-04-07 2023-10-09 v-maudan@microsoft.com mrudula.oruganti@gigamon.com Solutions/PaloAltoPrismaCloud/Hunting Queries/PaloAltoPrismaCloudUpdatedResources.yaml 23 23 1491 576 29 25 2021-04-07 2023-10-09 v-maudan@microsoft.com mrudula.oruganti@gigamon.com Solutions/PaloAltoPrismaCloud/Hunting Queries/PaloAltoPrismaCloudHighSeverityAlerts.yaml 24 22 1491 576 26 24 2021-04-07 2023-10-09 v-maudan@microsoft.com mrudula.oruganti@gigamon.com Solutions/PaloAltoPrismaCloud/Hunting Queries/PaloAltoPrismaCloudAccessKeysUsed.yaml 30 22 1491 576 26 24 2021-04-07 2023-10-09 v-maudan@microsoft.com mrudula.oruganti@gigamon.com Solutions/PaloAltoPrismaCloud/Hunting Queries/PaloAltoPrismaCloudFailedLoginsSources.yaml 26 22 1491 576 26 24 2021-04-07 2023-10-09 v-maudan@microsoft.com mrudula.oruganti@gigamon.com Solutions/PaloAltoPrismaCloud/Hunting Queries/PaloAltoPrismaCloudNewUsers.yaml 31 22 1491 576 26 24 2021-04-07 2023-10-09 v-maudan@microsoft.com mrudula.oruganti@gigamon.com Solutions/PaloAltoPrismaCloud/Hunting Queries/PaloAltoPrismaCloudTopResources.yaml 25 23 1491 576 34 27 2021-04-07 2023-10-09 v-maudan@microsoft.com mrudula.oruganti@gigamon.com Solutions/PaloAltoPrismaCloud/Hunting Queries/PaloAltoPrismaCloudOpenedAlerts.yaml 24 22 1491 576 26 24 2021-04-07 2023-10-09 v-maudan@microsoft.com mrudula.oruganti@gigamon.com Solutions/PaloAltoPrismaCloud/Hunting Queries/PaloAltoPrismaCloudHighRiskScoreOpenedAlerts.yaml 27 22 1491 576 26 24 2021-04-07 2023-10-09 v-maudan@microsoft.com mrudula.oruganti@gigamon.com Solutions/PaloAltoPrismaCloud/Parsers/PaloAltoPrismaCloud.yaml 168 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudHighRiskScoreAlert.yaml 33 74 1491 293 122 69 2021-04-07 2024-07-18 v-maudan@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudAclInAllowAll.yaml 31 73 1491 293 119 69 2021-04-07 2024-07-18 v-maudan@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudAclAllowAllOut.yaml 31 73 1491 293 119 69 2021-04-07 2024-07-18 v-maudan@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudAclAllowInToAdminPort.yaml 31 73 1491 293 119 69 2021-04-07 2024-07-18 v-maudan@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudMaxRiskScoreAlert.yaml 31 73 1491 293 119 69 2021-04-07 2024-07-18 v-maudan@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudAnomalousApiKeyActivity.yaml 34 80 1491 293 129 74 2021-04-07 2024-07-18 v-maudan@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudIamAdminGroup.yaml 31 73 1491 293 119 69 2021-04-07 2024-07-18 v-maudan@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudInactiveUser.yaml 30 73 1491 293 119 69 2021-04-07 2024-07-18 v-maudan@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudHighSeverityAlertOpenedForXDays.yaml 40 94 1491 293 151 82 2021-04-07 2024-07-18 v-maudan@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudAclAccessKeysNotRotated.yaml 31 73 1491 293 119 69 2021-04-07 2024-07-18 v-maudan@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudMultipleFailedLoginsUser.yaml 34 80 1491 293 129 74 2021-04-07 2024-07-18 v-maudan@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/PaloAltoPrismaCloud/Data Connectors/AzureFunctionPrismaCloud/sentinel_connector_async.py 101 36 1491 576 45 42 2021-04-07 2023-10-09 v-maudan@microsoft.com mrudula.oruganti@gigamon.com Solutions/PaloAltoPrismaCloud/Data Connectors/AzureFunctionPrismaCloud/main.py 193 57 1491 576 74 55 2021-04-07 2023-10-09 v-maudan@microsoft.com mrudula.oruganti@gigamon.com Solutions/PaloAltoPrismaCloud/Data Connectors/AzureFunctionPrismaCloud/state_manager_async.py 34 22 1491 576 26 24 2021-04-07 2023-10-09 v-maudan@microsoft.com mrudula.oruganti@gigamon.com Solutions/Sophos Endpoint Protection/Parsers/SophosEPEvent.yaml 71 59 624 268 113 43 2023-08-22 2024-08-12 mkchiliveri@gmail.com 62938807+haim-na@users.noreply.github.com Solutions/Sophos Endpoint Protection/Data Connectors/AzureFunctionSophos/main.py 140 52 1052 268 80 41 2022-06-20 2024-08-12 v-sabiraj@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Sophos Endpoint Protection/Data Connectors/AzureFunctionSophos/state_manager.py 18 52 1052 268 80 41 2022-06-20 2024-08-12 v-sabiraj@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Sophos Endpoint Protection/Data Connectors/AzureFunctionSophos/sentinel_connector.py 90 52 1052 268 80 41 2022-06-20 2024-08-12 v-sabiraj@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/TheHive/Parsers/TheHive.yaml 84 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/TheHive/Data Connectors/TheHiveWebhooksTrigger/__init__.py 80 20 1311 576 23 19 2021-10-04 2023-10-09 ov@socprime.com mrudula.oruganti@gigamon.com Solutions/Azure SQL Database solution for sentinel/Hunting Queries/HuntingQuery-PrevalenceBasedQuerySizeAnomaly.yaml 81 51 891 293 75 44 2022-11-28 2024-07-18 101796244+v-spadarthi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Azure SQL Database solution for sentinel/Hunting Queries/HuntingQuery-VolumeResponseRowsStatefulAnomalyOnDatabase.yaml 82 51 891 293 75 44 2022-11-28 2024-07-18 101796244+v-spadarthi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Azure SQL Database solution for sentinel/Hunting Queries/HuntingQuery-BooleanBlindSQLi.yaml 88 67 891 293 126 69 2022-11-28 2024-07-18 101796244+v-spadarthi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Azure SQL Database solution for sentinel/Hunting Queries/HuntingQuery-SuspiciousStoredProcedures.yaml 51 51 891 293 75 44 2022-11-28 2024-07-18 101796244+v-spadarthi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Azure SQL Database solution for sentinel/Hunting Queries/HuntingQuery-ExecutionTimeAnomaly.yaml 86 51 891 293 75 44 2022-11-28 2024-07-18 101796244+v-spadarthi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Azure SQL Database solution for sentinel/Hunting Queries/HuntingQuery-TimeBasedQuerySizeAnomaly.yaml 83 51 891 293 75 44 2022-11-28 2024-07-18 101796244+v-spadarthi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Azure SQL Database solution for sentinel/Hunting Queries/HuntingQuery-AffectedRowAnomaly.yaml 66 51 891 293 75 44 2022-11-28 2024-07-18 101796244+v-spadarthi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Azure SQL Database solution for sentinel/Hunting Queries/HuntingQuery-VolumeAffectedRowsStatefulAnomalyOnDatabase.yaml 89 51 891 293 74 44 2022-11-28 2024-07-18 101796244+v-spadarthi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Azure SQL Database solution for sentinel/Analytic Rules/Detection-VolumeResponseRowsStatefulAnomalyOnDatabase.yaml 83 71 891 261 117 61 2022-11-28 2024-08-19 101796244+v-spadarthi@users.noreply.github.com v-prasadboke@microsoft.com Solutions/Azure SQL Database solution for sentinel/Analytic Rules/Detection-ErrorsFirewallStatefulAnomalyOnDatabase.yaml 86 52 891 293 85 48 2022-11-28 2024-07-18 101796244+v-spadarthi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Azure SQL Database solution for sentinel/Analytic Rules/Detection-HotwordsFirewallRuleStatefulAnomalyOnDatabase.yaml 93 52 891 293 87 48 2022-11-28 2024-07-18 101796244+v-spadarthi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Azure SQL Database solution for sentinel/Analytic Rules/Detection-HotwordsOLEObjectStatefulAnomalyOnDatabase.yaml 93 52 891 293 85 48 2022-11-28 2024-07-18 101796244+v-spadarthi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Azure SQL Database solution for sentinel/Analytic Rules/Detection-HotwordsExecutionStatefulAnomalyOnDatabase.yaml 93 52 891 293 85 48 2022-11-28 2024-07-18 101796244+v-spadarthi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Azure SQL Database solution for sentinel/Analytic Rules/Detection-HotwordsDropStatefulAnomalyOnDatabase.yaml 93 52 891 293 85 48 2022-11-28 2024-07-18 101796244+v-spadarthi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Azure SQL Database solution for sentinel/Analytic Rules/Detection-ErrorsSyntaxStatefulAnomalyOnDatabase.yaml 86 52 891 293 85 48 2022-11-28 2024-07-18 101796244+v-spadarthi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Azure SQL Database solution for sentinel/Analytic Rules/Detection-HotwordsOutgoingStatefulAnomalyOnDatabase.yaml 93 52 891 293 85 48 2022-11-28 2024-07-18 101796244+v-spadarthi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Azure SQL Database solution for sentinel/Analytic Rules/Detection-ErrorsCredentialStatefulAnomalyOnDatabase.yaml 86 52 891 293 85 48 2022-11-28 2024-07-18 101796244+v-spadarthi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Azure SQL Database solution for sentinel/Analytic Rules/Detection-VolumeAffectedRowsStatefulAnomalyOnDatabase.yaml 84 71 891 261 117 61 2022-11-28 2024-08-19 101796244+v-spadarthi@users.noreply.github.com v-prasadboke@microsoft.com Solutions/MimecastSEG/Analytic Rules/MimecastSIEM_AV.yaml 56 38 623 13 65 32 2023-08-23 2025-04-24 71869847+nipun-crestdatasystem@users.noreply.github.com v-prasadboke@microsoft.com Solutions/MimecastSEG/Analytic Rules/MimecastSIEM_Attachment.yaml 54 38 623 13 65 32 2023-08-23 2025-04-24 71869847+nipun-crestdatasystem@users.noreply.github.com v-prasadboke@microsoft.com Solutions/MimecastSEG/Analytic Rules/MimecastDLP.yaml 41 28 623 293 55 27 2023-08-23 2024-07-18 71869847+nipun-crestdatasystem@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/MimecastSEG/Analytic Rules/MimecastSIEM_Virus.yaml 54 38 623 13 65 32 2023-08-23 2025-04-24 71869847+nipun-crestdatasystem@users.noreply.github.com v-prasadboke@microsoft.com Solutions/MimecastSEG/Analytic Rules/MimecastSIEM_Spam_Event.yaml 46 39 623 13 66 33 2023-08-23 2025-04-24 71869847+nipun-crestdatasystem@users.noreply.github.com v-prasadboke@microsoft.com Solutions/MimecastSEG/Analytic Rules/MimecastSIEM_Url_Protect.yaml 52 38 623 13 65 32 2023-08-23 2025-04-24 71869847+nipun-crestdatasystem@users.noreply.github.com v-prasadboke@microsoft.com Solutions/MimecastSEG/Analytic Rules/MimecastSIEM_Internal_Mail_Protect.yaml 52 29 623 293 56 28 2023-08-23 2024-07-18 71869847+nipun-crestdatasystem@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/MimecastSEG/Analytic Rules/MimecastDLP_Hold.yaml 40 28 623 293 55 27 2023-08-23 2024-07-18 71869847+nipun-crestdatasystem@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/MimecastSEG/Analytic Rules/MimecastSIEM_Impersonation.yaml 60 38 623 13 65 32 2023-08-23 2025-04-24 71869847+nipun-crestdatasystem@users.noreply.github.com v-prasadboke@microsoft.com Solutions/MimecastSEG/Data Connectors/Models/Request/get_data_leak_protection_logs.py 18 27 623 293 54 26 2023-08-23 2024-07-18 71869847+nipun-crestdatasystem@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/MimecastSEG/Data Connectors/Models/Request/__init__.py 1 27 623 293 54 26 2023-08-23 2024-07-18 71869847+nipun-crestdatasystem@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/MimecastSEG/Data Connectors/Models/Request/refresh_access_key.py 5 27 623 293 54 26 2023-08-23 2024-07-18 71869847+nipun-crestdatasystem@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/MimecastSEG/Data Connectors/Models/Request/get_siem_logs.py 13 27 623 293 54 26 2023-08-23 2024-07-18 71869847+nipun-crestdatasystem@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/MimecastSEG/Data Connectors/Models/Error/errors.py 14 27 623 293 54 26 2023-08-23 2024-07-18 71869847+nipun-crestdatasystem@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/MimecastSEG/Data Connectors/Models/Error/__init__.py 1 27 623 293 54 26 2023-08-23 2024-07-18 71869847+nipun-crestdatasystem@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/MimecastSEG/Data Connectors/Models/Enum/mimecast_response_codes.py 10 27 623 293 54 26 2023-08-23 2024-07-18 71869847+nipun-crestdatasystem@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/MimecastSEG/Data Connectors/Models/Enum/mimecast_endpoints.py 3 27 623 293 54 26 2023-08-23 2024-07-18 71869847+nipun-crestdatasystem@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/MimecastSEG/Data Connectors/Models/Enum/__init__.py 1 27 623 293 54 26 2023-08-23 2024-07-18 71869847+nipun-crestdatasystem@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/MimecastSEG/Data Connectors/Models/Enum/siem_types.py 11 27 623 293 54 26 2023-08-23 2024-07-18 71869847+nipun-crestdatasystem@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/MimecastSEG/Data Connectors/GetSIEMLogs/__init__.py 70 50 623 293 88 40 2023-08-23 2024-07-18 71869847+nipun-crestdatasystem@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/MimecastSEG/Data Connectors/Helpers/date_helper.py 20 27 623 293 54 26 2023-08-23 2024-07-18 71869847+nipun-crestdatasystem@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/MimecastSEG/Data Connectors/Helpers/response_helper.py 49 27 623 293 54 26 2023-08-23 2024-07-18 71869847+nipun-crestdatasystem@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/MimecastSEG/Data Connectors/Helpers/request_helper.py 106 27 623 293 54 26 2023-08-23 2024-07-18 71869847+nipun-crestdatasystem@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/MimecastSEG/Data Connectors/Helpers/siem_response_helper.py 89 27 623 293 54 26 2023-08-23 2024-07-18 71869847+nipun-crestdatasystem@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/MimecastSEG/Data Connectors/Helpers/azure_monitor_collector.py 40 27 623 293 54 26 2023-08-23 2024-07-18 71869847+nipun-crestdatasystem@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/MimecastSEG/Data Connectors/TransformData/dlp_parser.py 11 27 621 293 54 26 2023-08-25 2024-07-18 71869847+nipun-crestdatasystem@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/MimecastSEG/Data Connectors/TransformData/siem_parser.py 146 27 621 293 54 26 2023-08-25 2024-07-18 71869847+nipun-crestdatasystem@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/MimecastSEG/Data Connectors/GetDLPLogs/__init__.py 73 50 623 293 88 40 2023-08-23 2024-07-18 71869847+nipun-crestdatasystem@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Amazon Web Services/Hunting Queries/AWS_CreateLoginProfile.yaml 29 24 1001 576 33 24 2022-08-10 2023-10-09 101796244+v-spadarthi@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Amazon Web Services/Hunting Queries/AWS_LambdaLayerImportedExternalAccount.yaml 34 23 1001 576 32 24 2022-08-10 2023-10-09 101796244+v-spadarthi@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Amazon Web Services/Hunting Queries/AWS_STStoECS.yaml 67 24 1001 576 33 24 2022-08-10 2023-10-09 101796244+v-spadarthi@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Amazon Web Services/Hunting Queries/AWS_FailedBruteForceWithoutMFA.yaml 30 23 1001 576 32 24 2022-08-10 2023-10-09 101796244+v-spadarthi@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Amazon Web Services/Hunting Queries/AWS_Unused_UnsupportedCloudRegions.yaml 51 23 1077 576 32 24 2022-05-26 2023-10-09 101796244+v-spadarthi@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Amazon Web Services/Hunting Queries/AWS_NewRootAccessKey.yaml 29 24 1001 576 33 24 2022-08-10 2023-10-09 101796244+v-spadarthi@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Amazon Web Services/Hunting Queries/AWS_LoginProfileUpdated.yaml 29 24 1001 576 33 24 2022-08-10 2023-10-09 101796244+v-spadarthi@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Amazon Web Services/Hunting Queries/AWS_S3BucketEncryptionModified.yaml 29 23 1001 576 32 24 2022-08-10 2023-10-09 101796244+v-spadarthi@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Amazon Web Services/Hunting Queries/AWS_AssumeRoleBruteForce.yaml 29 23 1001 576 32 24 2022-08-10 2023-10-09 101796244+v-spadarthi@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Amazon Web Services/Hunting Queries/AWS_RiskyRoleName.yaml 35 42 1001 457 53 35 2022-08-10 2024-02-05 101796244+v-spadarthi@users.noreply.github.com 86425481+seanmacdonald8@users.noreply.github.com Solutions/Amazon Web Services/Hunting Queries/AWS_ECRContainerMedium.yaml 31 23 1001 576 32 24 2022-08-10 2023-10-09 101796244+v-spadarthi@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Amazon Web Services/Hunting Queries/AWS_FailedBruteForceS3Bucket.yaml 31 44 1001 261 65 41 2022-08-10 2024-08-19 101796244+v-spadarthi@users.noreply.github.com v-prasadboke@microsoft.com Solutions/Amazon Web Services/Hunting Queries/AWS_STStoKWN.yaml 67 24 1001 576 33 24 2022-08-10 2023-10-09 101796244+v-spadarthi@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Amazon Web Services/Hunting Queries/AWS_S3BucketDeleted.yaml 29 42 1001 457 53 35 2022-08-10 2024-02-05 101796244+v-spadarthi@users.noreply.github.com 86425481+seanmacdonald8@users.noreply.github.com Solutions/Amazon Web Services/Hunting Queries/AWS_STStoGlue.yaml 60 24 1001 576 33 24 2022-08-10 2023-10-09 101796244+v-spadarthi@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Amazon Web Services/Hunting Queries/AWS_SuspiciousCredentialTokenAccessOfValid_IAM_Roles.yaml 48 23 1077 576 32 24 2022-05-26 2023-10-09 101796244+v-spadarthi@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Amazon Web Services/Hunting Queries/AWS_RDSMasterPasswordChanged.yaml 28 23 1001 576 32 24 2022-08-10 2023-10-09 101796244+v-spadarthi@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Amazon Web Services/Hunting Queries/AWS_LambdaFunctionThrottled.yaml 30 24 1001 576 33 24 2022-08-10 2023-10-09 101796244+v-spadarthi@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Amazon Web Services/Hunting Queries/AWS_IAM_PolicyChange.yaml 35 41 1077 457 53 35 2022-05-26 2024-02-05 101796244+v-spadarthi@users.noreply.github.com 86425481+seanmacdonald8@users.noreply.github.com Solutions/Amazon Web Services/Hunting Queries/AWS_ECRContainerLow.yaml 31 23 1001 576 32 24 2022-08-10 2023-10-09 101796244+v-spadarthi@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Amazon Web Services/Hunting Queries/AWS_IAMUserGroupChanges.yaml 31 23 1001 576 32 24 2022-08-10 2023-10-09 101796244+v-spadarthi@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Amazon Web Services/Hunting Queries/AWS_IAMAccsesDeniedDiscoveryEvents.yaml 28 23 1001 576 32 24 2022-08-10 2023-10-09 101796244+v-spadarthi@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Amazon Web Services/Hunting Queries/AWS_PrivilegedRoleAttachedToInstance.yaml 49 41 1077 268 57 37 2022-05-26 2024-08-12 101796244+v-spadarthi@users.noreply.github.com 62938807+haim-na@users.noreply.github.com Solutions/Amazon Web Services/Hunting Queries/AWS_ModificationofRouteTableAttributes.yaml 19 24 1001 576 33 24 2022-08-10 2023-10-09 101796244+v-spadarthi@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Amazon Web Services/Hunting Queries/AWS_STStoLambda.yaml 60 24 1001 576 33 24 2022-08-10 2023-10-09 101796244+v-spadarthi@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Amazon Web Services/Hunting Queries/AWS_BucketVersioningSuspended.yaml 29 23 1001 576 32 24 2022-08-10 2023-10-09 101796244+v-spadarthi@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Amazon Web Services/Hunting Queries/AWS_STStoEC2.yaml 67 24 1001 576 33 24 2022-08-10 2023-10-09 101796244+v-spadarthi@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Amazon Web Services/Hunting Queries/AWS_PolicywithExcessivePermissions.yaml 35 23 1001 576 32 24 2022-08-10 2023-10-09 101796244+v-spadarthi@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Amazon Web Services/Hunting Queries/AWS_ModificationofVPCAttributes.yaml 19 24 1001 576 33 24 2022-08-10 2023-10-09 101796244+v-spadarthi@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Amazon Web Services/Hunting Queries/AWS_EC2_WithoutKeyPair.yaml 31 23 1001 576 32 24 2022-08-10 2023-10-09 101796244+v-spadarthi@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Amazon Web Services/Hunting Queries/AWS_NetworkACLDeleted.yaml 29 23 1001 576 32 24 2022-08-10 2023-10-09 101796244+v-spadarthi@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Amazon Web Services/Hunting Queries/AWS_ModificationofSubnetAttributes.yaml 19 42 1001 457 53 35 2022-08-10 2024-02-05 101796244+v-spadarthi@users.noreply.github.com 86425481+seanmacdonald8@users.noreply.github.com Solutions/Amazon Web Services/Hunting Queries/AWS_ExcessiveExecutionofDiscoveryEvents.yaml 30 23 1001 576 32 24 2022-08-10 2023-10-09 101796244+v-spadarthi@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Amazon Web Services/Hunting Queries/AWS_IAM_PrivilegeEscalationbyAttachment.yaml 52 41 1077 268 57 37 2022-05-26 2024-08-12 101796244+v-spadarthi@users.noreply.github.com 62938807+haim-na@users.noreply.github.com Solutions/Amazon Web Services/Hunting Queries/AWS_LambdaUpdateFunctionCode.yaml 27 23 1001 576 32 24 2022-08-10 2023-10-09 101796244+v-spadarthi@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Amazon Web Services/Hunting Queries/AWS_CreateAccessKey.yaml 29 24 1001 576 33 24 2022-08-10 2023-10-09 101796244+v-spadarthi@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Amazon Web Services/Analytic Rules/AWS_S3Ransomware.yaml 63 53 1001 293 92 45 2022-08-10 2024-07-18 101796244+v-spadarthi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Amazon Web Services/Analytic Rules/AWS_ChangeToVPC.yaml 53 96 1077 261 161 65 2022-05-26 2024-08-19 101796244+v-spadarthi@users.noreply.github.com v-prasadboke@microsoft.com Solutions/Amazon Web Services/Analytic Rules/AWS_CredentialHijack.yaml 52 82 1077 268 136 60 2022-05-26 2024-08-12 101796244+v-spadarthi@users.noreply.github.com 62938807+haim-na@users.noreply.github.com Solutions/Amazon Web Services/Analytic Rules/AWS_CreatedCURDLambdaPolicytoPrivilegEscalation.yaml 77 81 1001 293 186 76 2022-08-10 2024-07-18 101796244+v-spadarthi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Amazon Web Services/Analytic Rules/AWS_SuspiciousCommandEC2.yaml 58 53 1001 293 92 45 2022-08-10 2024-07-18 101796244+v-spadarthi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Amazon Web Services/Analytic Rules/AWS_PrivilegeEscalationViaCRUDS3Policy.yaml 49 53 1001 293 92 45 2022-08-10 2024-07-18 101796244+v-spadarthi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Amazon Web Services/Analytic Rules/AWS_PrivilegeEscalationViaCRUDIAMPolicy.yaml 49 53 1001 293 92 45 2022-08-10 2024-07-18 101796244+v-spadarthi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Amazon Web Services/Analytic Rules/AWS_S3BucketAccessPointExposed.yaml 48 52 1001 293 91 45 2022-08-10 2024-07-18 101796244+v-spadarthi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Amazon Web Services/Analytic Rules/AWS_CreatedEC2PolicytoPrivilegeEscalation.yaml 77 95 1001 293 181 78 2022-08-10 2024-07-18 101796244+v-spadarthi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Amazon Web Services/Analytic Rules/AWS_GuardDuty_template.yaml 151 107 1077 268 210 82 2022-05-26 2024-08-12 101796244+v-spadarthi@users.noreply.github.com 62938807+haim-na@users.noreply.github.com Solutions/Amazon Web Services/Analytic Rules/AWS_SAMLUpdateIdentity.yaml 42 52 1001 293 91 45 2022-08-10 2024-07-18 101796244+v-spadarthi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Amazon Web Services/Analytic Rules/AWS_CreatedCloudFormationPolicytoPrivilegeEscalation.yaml 77 95 1001 293 180 78 2022-08-10 2024-07-18 101796244+v-spadarthi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Amazon Web Services/Analytic Rules/AWS_PrivilegeEscalationViaCloudFormationPolicy.yaml 49 53 1001 293 92 45 2022-08-10 2024-07-18 101796244+v-spadarthi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Amazon Web Services/Analytic Rules/NRT_AWS_ConsoleLogonWithoutMFA.yaml 50 88 1077 261 141 61 2022-05-26 2024-08-19 101796244+v-spadarthi@users.noreply.github.com v-prasadboke@microsoft.com Solutions/Amazon Web Services/Analytic Rules/AWS_NetworkACLOpenToAllPorts.yaml 48 72 1001 293 141 71 2022-08-10 2024-07-18 101796244+v-spadarthi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Amazon Web Services/Analytic Rules/AWS_PrivilegeEscalationViaCRUDKMSPolicy.yaml 49 53 1001 293 92 45 2022-08-10 2024-07-18 101796244+v-spadarthi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Amazon Web Services/Analytic Rules/SuspiciousAWSCLICommandExecution.yaml 67 53 607 293 109 41 2023-09-08 2024-07-18 arjuntrivedi42@yahoo.com 164491672+shishirdw@users.noreply.github.com Solutions/Amazon Web Services/Analytic Rules/AWS_CreatedSSMPolicytoPrivilegeEscalation.yaml 77 76 1001 293 159 73 2022-08-10 2024-07-18 101796244+v-spadarthi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Amazon Web Services/Analytic Rules/AWS_PrivilegeEscalationViaEC2Policy.yaml 49 53 1001 293 92 45 2022-08-10 2024-07-18 101796244+v-spadarthi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Amazon Web Services/Analytic Rules/AWS_PrivilegeEscalationFullAccessManagedPolicy.yaml 44 54 1001 293 94 45 2022-08-10 2024-07-18 101796244+v-spadarthi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Amazon Web Services/Analytic Rules/AWS_S3BucketExposedviaPolicy.yaml 48 52 1001 293 91 45 2022-08-10 2024-07-18 101796244+v-spadarthi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Amazon Web Services/Analytic Rules/AWS_CreatedDataPipelinePolicytoPrivilegeEscalation.yaml 77 95 1001 293 180 78 2022-08-10 2024-07-18 101796244+v-spadarthi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Amazon Web Services/Analytic Rules/AWS_PrivilegeEscalationViaDataPipeline.yaml 49 53 1001 293 92 45 2022-08-10 2024-07-18 101796244+v-spadarthi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Amazon Web Services/Analytic Rules/AWS_PrivilegeEscalationAdminManagedPolicy.yaml 44 54 1001 293 94 45 2022-08-10 2024-07-18 101796244+v-spadarthi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Amazon Web Services/Analytic Rules/AWS_IngressEgressSecurityGroupChange.yaml 51 82 1077 268 136 60 2022-05-26 2024-08-12 101796244+v-spadarthi@users.noreply.github.com 62938807+haim-na@users.noreply.github.com Solutions/Amazon Web Services/Analytic Rules/AWS_CreatedCRUDDyanmoDBPolicytoPrivilegeEscalation.yaml 77 76 1001 293 159 73 2022-08-10 2024-07-18 101796244+v-spadarthi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Amazon Web Services/Analytic Rules/AWS_PrivilegeEscalationViaGluePolicy.yaml 49 53 1001 293 92 45 2022-08-10 2024-07-18 101796244+v-spadarthi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Amazon Web Services/Analytic Rules/AWS_CreatedGluePolicytoPrivilegeEscalation.yaml 77 95 1001 293 180 78 2022-08-10 2024-07-18 101796244+v-spadarthi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Amazon Web Services/Analytic Rules/AWS_PrivilegeEscalationviaCRUDDynamoDB.yaml 49 54 1001 293 93 45 2022-08-10 2024-07-18 101796244+v-spadarthi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Amazon Web Services/Analytic Rules/AWS_APIfromTor.yaml 46 52 1001 293 91 45 2022-08-10 2024-07-18 101796244+v-spadarthi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Amazon Web Services/Analytic Rules/AWS_ECRImageScanningDisabled.yaml 45 53 1001 293 92 45 2022-08-10 2024-07-18 101796244+v-spadarthi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Amazon Web Services/Analytic Rules/AWS_PrivilegeEscalationAdministratorAccessManagedPolicy.yaml 44 54 1001 293 94 45 2022-08-10 2024-07-18 101796244+v-spadarthi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Amazon Web Services/Analytic Rules/AWS_CreatedCRUDS3PolicytoPrivilegeEscalation.yaml 77 76 1001 293 159 73 2022-08-10 2024-07-18 101796244+v-spadarthi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Amazon Web Services/Analytic Rules/AWS_LoadBalancerSecGroupChange.yaml 52 82 1077 268 136 60 2022-05-26 2024-08-12 101796244+v-spadarthi@users.noreply.github.com 62938807+haim-na@users.noreply.github.com Solutions/Amazon Web Services/Analytic Rules/AWS_GuardDutyDisabled.yaml 42 53 1001 293 92 45 2022-08-10 2024-07-18 101796244+v-spadarthi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Amazon Web Services/Analytic Rules/AWS_RDSInstancePubliclyExposed.yaml 43 71 1001 293 141 71 2022-08-10 2024-07-18 101796244+v-spadarthi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Amazon Web Services/Analytic Rules/AWS_PrivilegeEscalationViaCRUDLambdaPolicy.yaml 49 53 1001 293 92 45 2022-08-10 2024-07-18 101796244+v-spadarthi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Amazon Web Services/Analytic Rules/AWS_S3BruteForce.yaml 64 53 1001 293 92 45 2022-08-10 2024-07-18 101796244+v-spadarthi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Amazon Web Services/Analytic Rules/AWS_OverlyPermessiveKMS.yaml 47 84 1001 58 158 66 2022-08-10 2025-03-10 101796244+v-spadarthi@users.noreply.github.com idoshabi@microsoft.com Solutions/Amazon Web Services/Analytic Rules/AWS_FullAdminPolicyAttachedToRolesUsersGroups.yaml 87 102 1077 259 219 86 2022-05-26 2024-08-21 101796244+v-spadarthi@users.noreply.github.com nilepagn@microsoft.com Solutions/Amazon Web Services/Analytic Rules/AWS_ClearStopChangeTrailLogs.yaml 52 100 1077 259 183 69 2022-05-26 2024-08-21 101796244+v-spadarthi@users.noreply.github.com nilepagn@microsoft.com Solutions/Amazon Web Services/Analytic Rules/SuspiciousAWSEC2ComputeResourceDeployments.yaml 48 53 607 293 109 41 2023-09-08 2024-07-18 arjuntrivedi42@yahoo.com 164491672+shishirdw@users.noreply.github.com Solutions/Amazon Web Services/Analytic Rules/AWS_PrivilegeEscalationViaSSM.yaml 49 53 1001 293 92 45 2022-08-10 2024-07-18 101796244+v-spadarthi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Amazon Web Services/Analytic Rules/AWS_S3ObjectPubliclyExposed.yaml 32 52 1001 293 91 45 2022-08-10 2024-07-18 101796244+v-spadarthi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Amazon Web Services/Analytic Rules/AWS_ChangeToRDSDatabase.yaml 51 82 1077 268 136 60 2022-05-26 2024-08-12 101796244+v-spadarthi@users.noreply.github.com 62938807+haim-na@users.noreply.github.com Solutions/Amazon Web Services/Analytic Rules/AWS_SSMPubliclyExposed.yaml 44 54 1001 293 93 45 2022-08-10 2024-07-18 101796244+v-spadarthi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Amazon Web Services/Analytic Rules/AWS_CreatedCRUDIAMtoPrivilegeEscalation.yaml 77 76 1001 293 159 73 2022-08-10 2024-07-18 101796244+v-spadarthi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Amazon Web Services/Analytic Rules/AWS_ConsoleLogonWithoutMFA.yaml 55 105 1077 261 179 77 2022-05-26 2024-08-19 101796244+v-spadarthi@users.noreply.github.com v-prasadboke@microsoft.com Solutions/Amazon Web Services/Analytic Rules/AWS_ConfigServiceResourceDeletion.yaml 49 25 504 293 43 22 2023-12-20 2024-07-18 99244859+praveenthepro@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Amazon Web Services/Analytic Rules/AWS_S3BucketExposedviaACL.yaml 48 52 1001 293 91 45 2022-08-10 2024-07-18 101796244+v-spadarthi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Amazon Web Services/Analytic Rules/AWS_LogTampering.yaml 49 98 1001 57 180 70 2022-08-10 2025-03-11 101796244+v-spadarthi@users.noreply.github.com v-atulyadav@microsoft.com Solutions/Amazon Web Services/Analytic Rules/AWS_ECRContainerHigh.yaml 47 71 1001 293 112 54 2022-08-10 2024-07-18 101796244+v-spadarthi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Amazon Web Services/Analytic Rules/AWS_SetDefaulyPolicyVersion.yaml 42 53 1001 293 92 45 2022-08-10 2024-07-18 101796244+v-spadarthi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Amazon Web Services/Analytic Rules/AWS_CreatedCRUDKMSPolicytoPrivilegeEscalation.yaml 77 76 1001 293 159 73 2022-08-10 2024-07-18 101796244+v-spadarthi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Amazon Web Services/Analytic Rules/AWS_CreationofEncryptKeysWithoutMFA.yaml 52 52 1001 293 91 45 2022-08-10 2024-07-18 101796244+v-spadarthi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/42Crunch API Protection/Analytic Rules/APIAccountTakeover.yaml 45 28 961 576 33 24 2022-09-19 2023-10-09 colin.domoney@42crunch.com mrudula.oruganti@gigamon.com Solutions/42Crunch API Protection/Analytic Rules/APIPasswordCracking.yaml 45 28 961 576 33 24 2022-09-19 2023-10-09 colin.domoney@42crunch.com mrudula.oruganti@gigamon.com Solutions/42Crunch API Protection/Analytic Rules/APIKiterunnerDetection.yaml 47 39 961 259 72 38 2022-09-19 2024-08-21 colin.domoney@42crunch.com nilepagn@microsoft.com Solutions/42Crunch API Protection/Analytic Rules/APIInvalidHostAccess.yaml 42 38 961 259 70 38 2022-09-19 2024-08-21 colin.domoney@42crunch.com nilepagn@microsoft.com Solutions/42Crunch API Protection/Analytic Rules/APIJWTValidation.yaml 44 38 961 259 70 38 2022-09-19 2024-08-21 colin.domoney@42crunch.com nilepagn@microsoft.com Solutions/42Crunch API Protection/Analytic Rules/APIAnomalyDetection.yaml 48 39 961 259 71 38 2022-09-19 2024-08-21 colin.domoney@42crunch.com nilepagn@microsoft.com Solutions/42Crunch API Protection/Analytic Rules/APIAPIScaping.yaml 46 39 961 259 71 38 2022-09-19 2024-08-21 colin.domoney@42crunch.com nilepagn@microsoft.com Solutions/42Crunch API Protection/Analytic Rules/APIBOLA.yaml 56 39 961 259 71 38 2022-09-19 2024-08-21 colin.domoney@42crunch.com nilepagn@microsoft.com Solutions/42Crunch API Protection/Analytic Rules/APIFirstTimeAccess.yaml 51 39 961 259 71 38 2022-09-19 2024-08-21 colin.domoney@42crunch.com nilepagn@microsoft.com Solutions/42Crunch API Protection/Analytic Rules/APIRateLimiting.yaml 44 39 961 259 71 38 2022-09-19 2024-08-21 colin.domoney@42crunch.com nilepagn@microsoft.com Solutions/42Crunch API Protection/Analytic Rules/APISuspiciousLogin.yaml 47 39 961 259 71 38 2022-09-19 2024-08-21 colin.domoney@42crunch.com nilepagn@microsoft.com Solutions/ApacheHTTPServer/Hunting Queries/ApacheRareURLsRequested.yaml 26 68 1276 58 91 53 2021-11-08 2025-03-10 vu@socprime.com idoshabi@microsoft.com Solutions/ApacheHTTPServer/Hunting Queries/ApacheRequestsToUnexistingFiles.yaml 26 47 1276 58 60 41 2021-11-08 2025-03-10 vu@socprime.com idoshabi@microsoft.com Solutions/ApacheHTTPServer/Hunting Queries/ApacheUrlClienterrors.yaml 28 47 1276 58 60 41 2021-11-08 2025-03-10 vu@socprime.com idoshabi@microsoft.com Solutions/ApacheHTTPServer/Hunting Queries/ApacheUrlServerErrors.yaml 28 47 1276 58 60 41 2021-11-08 2025-03-10 vu@socprime.com idoshabi@microsoft.com Solutions/ApacheHTTPServer/Hunting Queries/ApacheFilesErrorRequests.yaml 28 47 1276 58 60 41 2021-11-08 2025-03-10 vu@socprime.com idoshabi@microsoft.com Solutions/ApacheHTTPServer/Hunting Queries/ApacheFilesRequested.yaml 27 47 1276 58 60 41 2021-11-08 2025-03-10 vu@socprime.com idoshabi@microsoft.com Solutions/ApacheHTTPServer/Hunting Queries/ApacheRareFilesRequested.yaml 27 47 1276 58 60 41 2021-11-08 2025-03-10 vu@socprime.com idoshabi@microsoft.com Solutions/ApacheHTTPServer/Hunting Queries/ApacheRareUserAgents.yaml 26 47 1276 58 60 41 2021-11-08 2025-03-10 vu@socprime.com idoshabi@microsoft.com Solutions/ApacheHTTPServer/Hunting Queries/ApacheUnexpectedPostRequests.yaml 27 47 1276 58 60 41 2021-11-08 2025-03-10 vu@socprime.com idoshabi@microsoft.com Solutions/ApacheHTTPServer/Hunting Queries/ApacheRareUAWithClientErrors.yaml 26 74 1276 58 101 59 2021-11-08 2025-03-10 vu@socprime.com idoshabi@microsoft.com Solutions/ApacheHTTPServer/Parsers/ApacheHTTPServer.yaml 58 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/ApacheHTTPServer/Analytic Rules/ApacheKnownMaliciousUserAgents.yaml 31 82 1276 58 118 64 2021-11-08 2025-03-10 vu@socprime.com idoshabi@microsoft.com Solutions/ApacheHTTPServer/Analytic Rules/ApacheRequestToRareFile.yaml 42 75 1276 58 102 59 2021-11-08 2025-03-10 vu@socprime.com idoshabi@microsoft.com Solutions/ApacheHTTPServer/Analytic Rules/ApacheCommandInURI.yaml 31 82 1276 58 118 64 2021-11-08 2025-03-10 vu@socprime.com idoshabi@microsoft.com Solutions/ApacheHTTPServer/Analytic Rules/ApachePutSuspiciousFiles.yaml 39 75 1276 58 102 59 2021-11-08 2025-03-10 vu@socprime.com idoshabi@microsoft.com Solutions/ApacheHTTPServer/Analytic Rules/ApacheMultipleServerErrorsRequestsFromSingleIP.yaml 35 81 1276 58 117 64 2021-11-08 2025-03-10 vu@socprime.com idoshabi@microsoft.com Solutions/ApacheHTTPServer/Analytic Rules/ApacheMultipleClientErrorsFromSingleIP.yaml 33 81 1276 58 117 64 2021-11-08 2025-03-10 vu@socprime.com idoshabi@microsoft.com Solutions/ApacheHTTPServer/Analytic Rules/ApacheCVE-2021-41773.yaml 34 81 1276 58 117 64 2021-11-08 2025-03-10 vu@socprime.com idoshabi@microsoft.com Solutions/ApacheHTTPServer/Analytic Rules/ApachePrivateIpInUrl.yaml 30 82 1276 58 118 64 2021-11-08 2025-03-10 vu@socprime.com idoshabi@microsoft.com Solutions/ApacheHTTPServer/Analytic Rules/ApacheRequestToSensitiveFiles.yaml 36 81 1276 58 118 64 2021-11-08 2025-03-10 vu@socprime.com idoshabi@microsoft.com Solutions/ApacheHTTPServer/Analytic Rules/ApacheRequestFromPrivateIP.yaml 32 75 1276 58 102 59 2021-11-08 2025-03-10 vu@socprime.com idoshabi@microsoft.com Solutions/Microsoft Defender for Cloud/Analytic Rules/CoreBackupDeletionwithSecurityAlert.yaml 69 73 952 293 128 62 2022-09-28 2024-07-18 103933805+v-dvedak@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/ISC Bind/Parsers/ISCBind.yaml 61 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Cisco Secure Cloud Analytics/Parsers/StealthwatchEvent.yaml 42 22 359 261 32 20 2024-05-13 2024-08-19 104008048+v-atulyadav@users.noreply.github.com v-prasadboke@microsoft.com Solutions/MarkLogicAudit/Parsers/MarkLogicAudit.yaml 65 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Recorded Future/Hunting Queries/RecordedFutureIPThreatActorHunt.yaml 29 29 559 293 46 25 2023-10-26 2024-07-18 oskar.borjesson@recordedfuture.com 164491672+shishirdw@users.noreply.github.com Solutions/Recorded Future/Hunting Queries/RecordedFutureDomainThreatActorHunt.yaml 35 29 559 293 47 25 2023-10-26 2024-07-18 oskar.borjesson@recordedfuture.com 164491672+shishirdw@users.noreply.github.com Solutions/Recorded Future/Hunting Queries/RecordedFutureHashThreatActorHunt.yaml 35 29 559 293 47 25 2023-10-26 2024-07-18 oskar.borjesson@recordedfuture.com 164491672+shishirdw@users.noreply.github.com Solutions/Recorded Future/Hunting Queries/RecordedFutureUrlThreatActorHunt.yaml 30 29 559 293 47 25 2023-10-26 2024-07-18 oskar.borjesson@recordedfuture.com 164491672+shishirdw@users.noreply.github.com Solutions/Recorded Future/Analytic Rules/RecordedFutureUrlReportedbyInsiktGroupinSyslogEvents.yaml 60 87 1323 57 159 65 2021-09-22 2025-03-11 68277560+adrianrecfut@users.noreply.github.com v-atulyadav@microsoft.com Solutions/Recorded Future/Analytic Rules/RecordedFutureDomainMalwareC2inDNSEvents.yaml 59 100 1323 106 210 73 2021-09-22 2025-01-21 68277560+adrianrecfut@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Recorded Future/Analytic Rules/RecordedFutureDomainMalwareC2inSyslogEvents.yaml 49 112 1323 57 216 77 2021-09-22 2025-03-11 68277560+adrianrecfut@users.noreply.github.com v-atulyadav@microsoft.com Solutions/Recorded Future/Analytic Rules/RecordedFutureIPMalwareC2inAzureActivityEvents.yaml 24 69 1323 106 125 56 2021-09-22 2025-01-21 68277560+adrianrecfut@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Recorded Future/Analytic Rules/RecordedFutureHashObservedInUndergroundinCommonSecurityLog.yaml 46 76 1323 106 145 61 2021-09-22 2025-01-21 68277560+adrianrecfut@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Recorded Future/Analytic Rules/RecordedFutureIPMalwareC2inDNSEvents.yaml 44 75 1323 106 153 61 2021-09-22 2025-01-21 68277560+adrianrecfut@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Recorded Future/Analytic Rules/ThreatHunting/RecordedFutureThreatHuntingUrlAllActors.yaml 64 65 559 259 123 41 2023-10-26 2024-08-21 oskar.borjesson@recordedfuture.com nilepagn@microsoft.com Solutions/Recorded Future/Analytic Rules/ThreatHunting/RecordedFutureThreatHuntingIPAllActors.yaml 63 64 559 259 121 41 2023-10-26 2024-08-21 oskar.borjesson@recordedfuture.com nilepagn@microsoft.com Solutions/Recorded Future/Analytic Rules/ThreatHunting/RecordedFutureThreatHuntingHashAllActors.yaml 69 65 559 259 122 41 2023-10-26 2024-08-21 oskar.borjesson@recordedfuture.com nilepagn@microsoft.com Solutions/Recorded Future/Analytic Rules/ThreatHunting/RecordedFutureThreatHuntingDomainAllActors.yaml 65 65 559 259 122 41 2023-10-26 2024-08-21 oskar.borjesson@recordedfuture.com nilepagn@microsoft.com Solutions/Ubiquiti UniFi/Hunting Queries/UbiquitiTopFirewallRules.yaml 22 59 1059 58 83 46 2022-06-13 2025-03-10 104008048+v-atulyadav@users.noreply.github.com idoshabi@microsoft.com Solutions/Ubiquiti UniFi/Hunting Queries/UbiquitiInternalDnsServer.yaml 29 59 1059 58 83 46 2022-06-13 2025-03-10 104008048+v-atulyadav@users.noreply.github.com idoshabi@microsoft.com Solutions/Ubiquiti UniFi/Hunting Queries/UbiquitiRareInternalPorts.yaml 28 59 1059 58 83 46 2022-06-13 2025-03-10 104008048+v-atulyadav@users.noreply.github.com idoshabi@microsoft.com Solutions/Ubiquiti UniFi/Hunting Queries/UbiquitiTopBlockedDst.yaml 28 59 1059 58 83 46 2022-06-13 2025-03-10 104008048+v-atulyadav@users.noreply.github.com idoshabi@microsoft.com Solutions/Ubiquiti UniFi/Hunting Queries/UbiquitiUnusualSubdomains.yaml 29 84 1059 58 124 63 2022-06-13 2025-03-10 104008048+v-atulyadav@users.noreply.github.com idoshabi@microsoft.com Solutions/Ubiquiti UniFi/Hunting Queries/UbiquitiVulnerableDevices.yaml 24 59 1059 58 83 46 2022-06-13 2025-03-10 104008048+v-atulyadav@users.noreply.github.com idoshabi@microsoft.com Solutions/Ubiquiti UniFi/Hunting Queries/UbiquitiTopBlockedInternalServices.yaml 49 59 1059 58 83 46 2022-06-13 2025-03-10 104008048+v-atulyadav@users.noreply.github.com idoshabi@microsoft.com Solutions/Ubiquiti UniFi/Hunting Queries/UbiquitiTopBlockedSrc.yaml 29 59 1059 58 83 46 2022-06-13 2025-03-10 104008048+v-atulyadav@users.noreply.github.com idoshabi@microsoft.com Solutions/Ubiquiti UniFi/Hunting Queries/UbiquitiDnsTimeOut.yaml 27 59 1059 58 83 46 2022-06-13 2025-03-10 104008048+v-atulyadav@users.noreply.github.com idoshabi@microsoft.com Solutions/Ubiquiti UniFi/Hunting Queries/UbiquitiTopBlockedExternalServices.yaml 47 59 1059 58 83 46 2022-06-13 2025-03-10 104008048+v-atulyadav@users.noreply.github.com idoshabi@microsoft.com Solutions/Ubiquiti UniFi/Parsers/UbiquitiAuditEvent.yaml 183 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Ubiquiti UniFi/Analytic Rules/UbiquitiL2RLargeIcmp.yaml 43 59 1059 58 83 46 2022-06-13 2025-03-10 104008048+v-atulyadav@users.noreply.github.com idoshabi@microsoft.com Solutions/Ubiquiti UniFi/Analytic Rules/UbiquitiR2LDns.yaml 36 59 1059 58 83 46 2022-06-13 2025-03-10 104008048+v-atulyadav@users.noreply.github.com idoshabi@microsoft.com Solutions/Ubiquiti UniFi/Analytic Rules/UbiquitiR2LRDP.yaml 32 59 1059 58 83 46 2022-06-13 2025-03-10 104008048+v-atulyadav@users.noreply.github.com idoshabi@microsoft.com Solutions/Ubiquiti UniFi/Analytic Rules/UbiquitiNonCorpDns.yaml 33 59 1059 58 83 46 2022-06-13 2025-03-10 104008048+v-atulyadav@users.noreply.github.com idoshabi@microsoft.com Solutions/Ubiquiti UniFi/Analytic Rules/UbiquitiUnknownMacJoined.yaml 37 59 1059 58 84 46 2022-06-13 2025-03-10 104008048+v-atulyadav@users.noreply.github.com idoshabi@microsoft.com Solutions/Ubiquiti UniFi/Analytic Rules/UbiquitiCryptominer.yaml 34 59 1059 58 83 46 2022-06-13 2025-03-10 104008048+v-atulyadav@users.noreply.github.com idoshabi@microsoft.com Solutions/Ubiquiti UniFi/Analytic Rules/UbiquitiUnusualTraffic.yaml 31 71 1059 58 123 55 2022-06-13 2025-03-10 104008048+v-atulyadav@users.noreply.github.com idoshabi@microsoft.com Solutions/Ubiquiti UniFi/Analytic Rules/UbiquitiDestinationInTiList.yaml 40 59 1059 58 83 46 2022-06-13 2025-03-10 104008048+v-atulyadav@users.noreply.github.com idoshabi@microsoft.com Solutions/Ubiquiti UniFi/Analytic Rules/UbiquitiR2LSSH.yaml 32 59 1059 58 84 46 2022-06-13 2025-03-10 104008048+v-atulyadav@users.noreply.github.com idoshabi@microsoft.com Solutions/Ubiquiti UniFi/Analytic Rules/UbiquitiL2RFTP.yaml 36 71 1059 58 121 55 2022-06-13 2025-03-10 104008048+v-atulyadav@users.noreply.github.com idoshabi@microsoft.com Solutions/ESET Protect Platform/Parsers/ESETProtectPlatform.yaml 54 14 170 58 20 12 2024-11-18 2025-03-10 eset-enterpise-integration@eset.com idoshabi@microsoft.com Solutions/ESET Protect Platform/Data Connectors/function_app.py 17 22 196 58 40 15 2024-10-23 2025-03-10 v-prasadboke@microsoft.com idoshabi@microsoft.com Solutions/ESET Protect Platform/Data Connectors/integration/__init__.py 1 21 196 58 39 14 2024-10-23 2025-03-10 v-prasadboke@microsoft.com idoshabi@microsoft.com Solutions/ESET Protect Platform/Data Connectors/integration/models_detections.py 96 27 196 58 51 18 2024-10-23 2025-03-10 v-prasadboke@microsoft.com idoshabi@microsoft.com Solutions/ESET Protect Platform/Data Connectors/integration/exceptions.py 29 22 196 58 40 15 2024-10-23 2025-03-10 v-prasadboke@microsoft.com idoshabi@microsoft.com Solutions/ESET Protect Platform/Data Connectors/integration/main.py 147 41 196 26 71 24 2024-10-23 2025-04-11 v-prasadboke@microsoft.com bartleyriley@gmail.com Solutions/ESET Protect Platform/Data Connectors/integration/utils.py 276 47 196 26 81 30 2024-10-23 2025-04-11 v-prasadboke@microsoft.com bartleyriley@gmail.com Solutions/ESET Protect Platform/Data Connectors/integration/models.py 86 38 196 26 67 24 2024-10-23 2025-04-11 v-prasadboke@microsoft.com bartleyriley@gmail.com Solutions/Tanium/Analytic Rules/TaniumThreatResponseAlerts.yaml 36 48 1059 576 79 39 2022-06-13 2023-10-09 ian.hands@tanium.com mrudula.oruganti@gigamon.com Solutions/Radiflow/Parsers/RadiflowEvent.yaml 78 18 349 259 44 18 2024-05-23 2024-08-21 gilad@localhost.localdomain nilepagn@microsoft.com Solutions/Radiflow/Analytic Rules/RadiflowPlatformAlert.yaml 84 20 349 259 47 18 2024-05-23 2024-08-21 gilad@localhost.localdomain nilepagn@microsoft.com Solutions/Radiflow/Analytic Rules/RadiflowNetworkScanningDetected.yaml 42 22 349 259 48 18 2024-05-23 2024-08-21 gilad@localhost.localdomain nilepagn@microsoft.com Solutions/Radiflow/Analytic Rules/RadiflowPolicyViolationDetected.yaml 32 24 349 259 50 18 2024-05-23 2024-08-21 gilad@localhost.localdomain nilepagn@microsoft.com Solutions/Radiflow/Analytic Rules/RadiflowExploitDetected.yaml 44 20 349 259 46 18 2024-05-23 2024-08-21 gilad@localhost.localdomain nilepagn@microsoft.com Solutions/Radiflow/Analytic Rules/RadiflowSuspiciousMaliciousActivityDetected.yaml 37 19 346 259 45 18 2024-05-26 2024-08-21 gilad@localhost.localdomain nilepagn@microsoft.com Solutions/Radiflow/Analytic Rules/RadiflowNewActivityDetected.yaml 37 20 349 259 46 18 2024-05-23 2024-08-21 gilad@localhost.localdomain nilepagn@microsoft.com Solutions/Radiflow/Analytic Rules/RadiflowUnauthorizedCommandinOperationalDevice.yaml 33 19 346 259 45 18 2024-05-26 2024-08-21 gilad@localhost.localdomain nilepagn@microsoft.com Solutions/Radiflow/Analytic Rules/RadiflowUnauthorizedInternetAccess.yaml 23 19 346 259 45 18 2024-05-26 2024-08-21 gilad@localhost.localdomain nilepagn@microsoft.com Solutions/McAfee Network Security Platform/Parsers/McAfeeNSPEvent.yaml 36 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/SINEC Security Guard/Analytic Rules/SSG_Azure_Sentinel_analytic_rule.yaml 21 15 176 58 18 9 2024-11-12 2025-03-10 xifeng.liu@siemens.com idoshabi@microsoft.com Solutions/NGINX HTTP Server/Hunting Queries/NGINXUncommonUAsString.yaml 25 59 1062 57 85 45 2022-06-10 2025-03-11 105694882+v-laanjana@users.noreply.github.com v-atulyadav@microsoft.com Solutions/NGINX HTTP Server/Hunting Queries/NGINXRequestsToUnexistingFiles.yaml 26 59 1062 57 85 45 2022-06-10 2025-03-11 105694882+v-laanjana@users.noreply.github.com v-atulyadav@microsoft.com Solutions/NGINX HTTP Server/Hunting Queries/NGINXAbnormalRequestSize.yaml 32 59 1062 57 85 45 2022-06-10 2025-03-11 105694882+v-laanjana@users.noreply.github.com v-atulyadav@microsoft.com Solutions/NGINX HTTP Server/Hunting Queries/NGINXRequestsFromBotsCrawlers.yaml 23 59 1062 57 85 45 2022-06-10 2025-03-11 105694882+v-laanjana@users.noreply.github.com v-atulyadav@microsoft.com Solutions/NGINX HTTP Server/Hunting Queries/NGINXTopURLsClientErrors.yaml 28 59 1062 57 85 45 2022-06-10 2025-03-11 105694882+v-laanjana@users.noreply.github.com v-atulyadav@microsoft.com Solutions/NGINX HTTP Server/Hunting Queries/NGINXTopFilesWithErrorRequests.yaml 28 59 1062 57 85 45 2022-06-10 2025-03-11 105694882+v-laanjana@users.noreply.github.com v-atulyadav@microsoft.com Solutions/NGINX HTTP Server/Hunting Queries/NGINXTopURLsServerErrors.yaml 28 59 1062 57 85 45 2022-06-10 2025-03-11 105694882+v-laanjana@users.noreply.github.com v-atulyadav@microsoft.com Solutions/NGINX HTTP Server/Hunting Queries/NGINXRareFilesRequested.yaml 27 59 1062 57 85 45 2022-06-10 2025-03-11 105694882+v-laanjana@users.noreply.github.com v-atulyadav@microsoft.com Solutions/NGINX HTTP Server/Hunting Queries/NGINXTopFilesRequested.yaml 27 59 1062 57 85 45 2022-06-10 2025-03-11 105694882+v-laanjana@users.noreply.github.com v-atulyadav@microsoft.com Solutions/NGINX HTTP Server/Hunting Queries/NGINXRareURLsRequested.yaml 25 59 1062 57 85 45 2022-06-10 2025-03-11 105694882+v-laanjana@users.noreply.github.com v-atulyadav@microsoft.com Solutions/NGINX HTTP Server/Parsers/NGINXHTTPServer.yaml 60 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/NGINX HTTP Server/Analytic Rules/NGINXDifferentUAsFromSingleIP.yaml 33 59 1062 57 84 45 2022-06-10 2025-03-11 105694882+v-laanjana@users.noreply.github.com v-atulyadav@microsoft.com Solutions/NGINX HTTP Server/Analytic Rules/NGINXRequestToSensitiveFiles.yaml 35 59 1062 57 84 45 2022-06-10 2025-03-11 105694882+v-laanjana@users.noreply.github.com v-atulyadav@microsoft.com Solutions/NGINX HTTP Server/Analytic Rules/NGINXCommandsInRequest.yaml 31 59 1062 57 84 45 2022-06-10 2025-03-11 105694882+v-laanjana@users.noreply.github.com v-atulyadav@microsoft.com Solutions/NGINX HTTP Server/Analytic Rules/NGINXCoreDump.yaml 30 59 1062 57 84 45 2022-06-10 2025-03-11 105694882+v-laanjana@users.noreply.github.com v-atulyadav@microsoft.com Solutions/NGINX HTTP Server/Analytic Rules/NGINXSqlPattern.yaml 34 59 1062 57 84 45 2022-06-10 2025-03-11 105694882+v-laanjana@users.noreply.github.com v-atulyadav@microsoft.com Solutions/NGINX HTTP Server/Analytic Rules/NGINXMultipleServerErrorsFromSingleIP.yaml 35 59 1062 57 84 45 2022-06-10 2025-03-11 105694882+v-laanjana@users.noreply.github.com v-atulyadav@microsoft.com Solutions/NGINX HTTP Server/Analytic Rules/NGINXMultipleClientErrorsFromSingleIP.yaml 33 59 1062 57 84 45 2022-06-10 2025-03-11 105694882+v-laanjana@users.noreply.github.com v-atulyadav@microsoft.com Solutions/NGINX HTTP Server/Analytic Rules/NGINXPutAndGetFileFromSameIP.yaml 44 59 1062 57 84 45 2022-06-10 2025-03-11 105694882+v-laanjana@users.noreply.github.com v-atulyadav@microsoft.com Solutions/NGINX HTTP Server/Analytic Rules/NGINXPrivateIPinUrl.yaml 30 59 1062 57 84 45 2022-06-10 2025-03-11 105694882+v-laanjana@users.noreply.github.com v-atulyadav@microsoft.com Solutions/FalconFriday/Analytic Rules/AzureADRareUserAgentAppSignin.yaml 107 79 1384 293 132 65 2021-07-23 2024-07-18 henri@falconforce.nl 164491672+shishirdw@users.noreply.github.com Solutions/FalconFriday/Analytic Rules/DisableOrModifyWindowsDefender.yaml 5 73 1384 261 106 57 2021-07-23 2024-08-19 henri@falconforce.nl v-prasadboke@microsoft.com Solutions/FalconFriday/Analytic Rules/RemoteDesktopProtocol.yaml 49 53 1384 576 74 44 2021-07-23 2023-10-09 henri@falconforce.nl mrudula.oruganti@gigamon.com Solutions/FalconFriday/Analytic Rules/CertifiedPreOwned-TGTs-requested.yaml 50 57 1155 259 102 51 2022-03-09 2024-08-21 gijs@falconforce.nl nilepagn@microsoft.com Solutions/FalconFriday/Analytic Rules/UACBypass-3-changePK-SLUI-tampering.yaml 42 43 1155 576 60 38 2022-03-09 2023-10-09 gijs@falconforce.nl mrudula.oruganti@gigamon.com Solutions/FalconFriday/Analytic Rules/CertutilIngressToolTransfer.yaml 62 53 1384 576 74 44 2021-07-23 2023-10-09 henri@falconforce.nl mrudula.oruganti@gigamon.com Solutions/FalconFriday/Analytic Rules/TrustedDeveloperUtilitiesProxyExecution.yaml 48 51 1384 576 72 43 2021-07-23 2023-10-09 henri@falconforce.nl mrudula.oruganti@gigamon.com Solutions/FalconFriday/Analytic Rules/CreateProcessWithToken.yaml 64 53 1384 576 74 44 2021-07-23 2023-10-09 henri@falconforce.nl mrudula.oruganti@gigamon.com Solutions/FalconFriday/Analytic Rules/SuspiciousParentProcessRelationship.yaml 23 73 1384 261 105 57 2021-07-23 2024-08-19 henri@falconforce.nl v-prasadboke@microsoft.com Solutions/FalconFriday/Analytic Rules/MatchLegitimateNameOrLocation.yaml 62 70 1384 58 98 55 2021-07-23 2025-03-10 henri@falconforce.nl idoshabi@microsoft.com Solutions/FalconFriday/Analytic Rules/ASRBypassingWritingExecutableContent.yaml 26 43 1155 576 60 38 2022-03-09 2023-10-09 gijs@falconforce.nl mrudula.oruganti@gigamon.com Solutions/FalconFriday/Analytic Rules/PasswordSprayingWithMDE.yaml 47 70 1384 58 99 55 2021-07-23 2025-03-10 henri@falconforce.nl idoshabi@microsoft.com Solutions/FalconFriday/Analytic Rules/DLLSideLoading.yaml 5 82 1384 293 113 68 2021-07-23 2024-07-18 henri@falconforce.nl 164491672+shishirdw@users.noreply.github.com Solutions/FalconFriday/Analytic Rules/COMHijacking.yaml 25 53 1384 576 74 44 2021-07-23 2023-10-09 henri@falconforce.nl mrudula.oruganti@gigamon.com Solutions/FalconFriday/Analytic Rules/CertifiedPreOwned-backup-key-2.yaml 46 57 1155 259 102 51 2022-03-09 2024-08-21 gijs@falconforce.nl nilepagn@microsoft.com Solutions/FalconFriday/Analytic Rules/OracleSuspiciousCommandExecution.yaml 47 43 1155 576 60 38 2022-03-09 2023-10-09 gijs@falconforce.nl mrudula.oruganti@gigamon.com Solutions/FalconFriday/Analytic Rules/UACBypass-1-elevated-COM.yaml 42 43 1155 576 60 38 2022-03-09 2023-10-09 gijs@falconforce.nl mrudula.oruganti@gigamon.com Solutions/FalconFriday/Analytic Rules/DotNetToJScript.yaml 42 54 1394 576 75 43 2021-07-13 2023-10-09 henri@falconforce.nl mrudula.oruganti@gigamon.com Solutions/FalconFriday/Analytic Rules/ExcessiveSharePermissions.yaml 95 57 1155 259 102 51 2022-03-09 2024-08-21 gijs@falconforce.nl nilepagn@microsoft.com Solutions/FalconFriday/Analytic Rules/CertifiedPreOwned-backup-key-1.yaml 54 57 1155 259 102 51 2022-03-09 2024-08-21 gijs@falconforce.nl nilepagn@microsoft.com Solutions/FalconFriday/Analytic Rules/SuspiciousNamedPipes.yaml 68 44 1155 576 61 38 2022-03-09 2023-10-09 gijs@falconforce.nl mrudula.oruganti@gigamon.com Solutions/FalconFriday/Analytic Rules/DCOMLateralMovement.yaml 37 53 1384 576 74 44 2021-07-23 2023-10-09 henri@falconforce.nl mrudula.oruganti@gigamon.com Solutions/FalconFriday/Analytic Rules/OfficeProcessInjection.yaml 24 74 1394 261 107 57 2021-07-13 2024-08-19 henri@falconforce.nl v-prasadboke@microsoft.com Solutions/FalconFriday/Analytic Rules/UACBypass-2-modify-ms-store.yaml 41 43 1155 576 60 38 2022-03-09 2023-10-09 gijs@falconforce.nl mrudula.oruganti@gigamon.com Solutions/FalconFriday/Analytic Rules/OfficeASRFromBrowser.yaml 27 73 1384 261 105 57 2021-07-23 2024-08-19 henri@falconforce.nl v-prasadboke@microsoft.com Solutions/FalconFriday/Analytic Rules/ExpiredAccessCredentials.yaml 32 51 1384 576 72 43 2021-07-23 2023-10-09 henri@falconforce.nl mrudula.oruganti@gigamon.com Solutions/FalconFriday/Analytic Rules/RecognizingBeaconingTraffic.yaml 79 73 1384 261 105 57 2021-07-23 2024-08-19 henri@falconforce.nl v-prasadboke@microsoft.com Solutions/FalconFriday/Analytic Rules/AzureADUserAgentOSmissmatch.yaml 70 79 1384 293 132 65 2021-07-23 2024-07-18 henri@falconforce.nl 164491672+shishirdw@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/TVM/Detect_CISA_Alert_AA22-117A2021_Top_Routinely_Exploited_Vulnerabilities.yaml 59 27 440 268 43 28 2024-02-22 2024-08-12 anknar@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Check for spoofing attempts on the domain with Authentication failures.yaml 36 25 566 293 57 27 2023-10-19 2024-07-18 v-rusraut@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Persistence/LocalAdminGroupChanges.yaml 50 27 440 268 43 28 2024-02-22 2024-08-12 anknar@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Persistence/ScheduledTaskCreation.yaml 19 27 440 268 43 28 2024-02-22 2024-08-12 anknar@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Persistence/AccountCreation.yaml 32 21 426 268 37 24 2024-03-07 2024-08-12 r.greatlove@gmail.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Persistence/RareProcessAsService.yaml 63 21 426 268 37 24 2024-03-07 2024-08-12 r.greatlove@gmail.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Appspot Phishing Abuse.yaml 54 25 566 293 57 27 2023-10-19 2024-07-18 v-rusraut@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/EmailDelivered-ToInbox.yaml 36 25 566 293 57 27 2023-10-19 2024-07-18 v-rusraut@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Delivered Bad Emails from Top bad IPv4 addresses.yaml 42 25 566 293 57 27 2023-10-19 2024-07-18 v-rusraut@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Initial Access/DetectMailSniper.yaml 60 27 440 268 43 28 2024-02-22 2024-08-12 anknar@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Discovery/User&GroupEnumWithNetCommand.yaml 19 21 426 268 37 24 2024-03-07 2024-08-12 r.greatlove@gmail.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Discovery/SuspiciousCommandInitiatedByWebServerProcess.yaml 35 33 440 268 62 32 2024-02-22 2024-08-12 anknar@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/General Queries/MITRESuspiciousEvents.yaml 72 21 426 268 37 24 2024-03-07 2024-08-12 r.greatlove@gmail.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Execution/AnomalousPayloadDeliveredWithISOFile.yaml 37 27 440 268 43 28 2024-02-22 2024-08-12 anknar@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Execution/SuspiciousMshtaUsage.yaml 25 27 440 268 43 28 2024-02-22 2024-08-12 anknar@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Execution/PotentialKerberoastActivities.yaml 36 21 426 268 37 24 2024-03-07 2024-08-12 r.greatlove@gmail.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Execution/OfficeAppsLaunchingWscript.yaml 24 27 440 268 43 28 2024-02-22 2024-08-12 anknar@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Execution/SuspiciousAppExeutedByWebserver.yaml 21 21 426 268 37 24 2024-03-07 2024-08-12 r.greatlove@gmail.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Execution/BitsadminActivity.yaml 42 27 440 268 43 28 2024-02-22 2024-08-12 anknar@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Execution/MaliciousUseOfMsiExecMimikatz.yaml 26 27 440 268 43 28 2024-02-22 2024-08-12 anknar@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Execution/MaliciousUseOfMSIExec.yaml 26 27 440 268 43 28 2024-02-22 2024-08-12 anknar@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Execution/PowerShellDownloads.yaml 27 28 440 268 44 28 2024-02-22 2024-08-12 anknar@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Exfiltration/FilesCopiedToUSBDrives.yaml 35 27 440 268 43 28 2024-02-22 2024-08-12 anknar@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Ransomware/LogDeletionUsingWevtutil.yaml 20 27 440 268 43 28 2024-02-22 2024-08-12 anknar@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Ransomware/QakbotDiscoveryActivities.yaml 26 27 440 268 43 28 2024-02-22 2024-08-12 anknar@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Ransomware/ShadowCopyDeletion.yaml 46 27 440 268 43 28 2024-02-22 2024-08-12 anknar@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Ransomware/DetectMultipleSignsOfRamsomwareActivity.yaml 90 27 440 268 43 28 2024-02-22 2024-08-12 anknar@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Ransomware/TurningOffServicesWithSCCommad.yaml 20 27 440 268 43 28 2024-02-22 2024-08-12 anknar@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Ransomware/MultiProcessKillWithTaskKill.yaml 20 37 440 268 55 29 2024-02-22 2024-08-12 anknar@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Ransomware/DataDeletionOnMulipleDrivesUsingCipherExe.yaml 24 21 426 268 37 24 2024-03-07 2024-08-12 r.greatlove@gmail.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Ransomware/IcedIdSuspiciousImageLoad.yaml 18 27 440 268 43 28 2024-02-22 2024-08-12 anknar@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Ransomware/LaZagneCredTheft.yaml 18 21 426 268 37 24 2024-03-07 2024-08-12 r.greatlove@gmail.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Ransomware/PotentialCobaltStrikeRansomwareActivity.yaml 44 27 440 268 43 28 2024-02-22 2024-08-12 anknar@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Ransomware/DEV-0270/DisableSecurityServiceViaRegistry.yaml 17 21 426 268 37 24 2024-03-07 2024-08-12 r.greatlove@gmail.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Ransomware/DEV-0270/MDEExclusionUsingPowerShell.yaml 16 21 426 268 37 24 2024-03-07 2024-08-12 r.greatlove@gmail.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Ransomware/DEV-0270/DomainDiscoveryWMICwithDLLHostExe.yaml 17 21 426 268 37 24 2024-03-07 2024-08-12 r.greatlove@gmail.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Privilege Escalation/SAMNameChange_CVE-2021-42278.yaml 28 21 426 268 37 24 2024-03-07 2024-08-12 r.greatlove@gmail.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Impact/AnomalousVoulmeOfFileDeletion.yaml 76 43 440 261 70 35 2024-02-22 2024-08-19 anknar@microsoft.com v-prasadboke@microsoft.com Solutions/Microsoft Defender XDR/Hunting Queries/Campaigns/Sysrv-botnet/MaliciousCMDExecutionByJava.yaml 19 21 426 268 37 24 2024-03-07 2024-08-12 r.greatlove@gmail.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Campaigns/Log4j/DeviceWithLog4jAlerts.yaml 42 27 440 268 43 28 2024-02-22 2024-08-12 anknar@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Campaigns/Log4j/Log4jVulnRelatedAlerts.yaml 29 27 440 268 43 28 2024-02-22 2024-08-12 anknar@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Campaigns/Bazacall/PayloadDropUsingCertUtil.yaml 4 21 426 268 37 24 2024-03-07 2024-08-12 r.greatlove@gmail.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Campaigns/Jupyter-Solarmaker/DeimosComponentExecution.yaml 22 27 440 268 43 28 2024-02-22 2024-08-12 anknar@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Campaigns/Snip3MaliciousNetworkConnectivity.yaml 23 21 426 268 37 24 2024-03-07 2024-08-12 r.greatlove@gmail.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Campaigns/LemonDuck/LemonDuckRegistrationFunction.yaml 20 27 440 268 43 28 2024-02-22 2024-08-12 anknar@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Campaigns/RobbinhoodDriver.yaml 26 21 426 268 37 24 2024-03-07 2024-08-12 r.greatlove@gmail.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Campaigns/JudgementPandaExfilActivity.yaml 28 27 440 268 43 28 2024-02-22 2024-08-12 anknar@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Campaigns/Macaw Ransomware/MaliciousUseOfMSBuildAsLoLBin.yaml 17 27 440 268 43 28 2024-02-22 2024-08-12 anknar@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Campaigns/Macaw Ransomware/ImminentRansomware.yaml 41 21 426 268 37 24 2024-03-07 2024-08-12 r.greatlove@gmail.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Campaigns/Qakbot/QakbotReconActivities.yaml 21 27 440 268 43 28 2024-02-22 2024-08-12 anknar@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Remediation/Email remediation action list.yaml 25 18 238 106 24 14 2024-09-11 2025-01-21 45426291+damozes1@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Remediation/AIR investigation actions insight.yaml 35 11 58 13 15 13 2025-03-10 2025-04-24 45426291+damozes1@users.noreply.github.com v-prasadboke@microsoft.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/ZAP/Total ZAP count.yaml 20 17 238 106 23 14 2024-09-11 2025-01-21 45426291+damozes1@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Overrides/Top policies performing user overrides.yaml 20 17 238 106 23 14 2024-09-11 2025-01-21 45426291+damozes1@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Overrides/Top policies performing admin overrides.yaml 20 17 238 106 23 14 2024-09-11 2025-01-21 45426291+damozes1@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Overrides/User overrides.yaml 21 17 238 106 22 14 2024-09-11 2025-01-21 45426291+damozes1@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Overrides/Admin overrides.yaml 21 17 238 106 22 14 2024-09-11 2025-01-21 45426291+damozes1@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Mailflow/Top 100 senders.yaml 20 17 238 106 23 14 2024-09-11 2025-01-21 45426291+damozes1@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Mailflow/Zero day threats.yaml 20 17 238 106 23 14 2024-09-11 2025-01-21 45426291+damozes1@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Mailflow/Detections by detection methods.yaml 46 17 238 106 23 14 2024-09-11 2025-01-21 45426291+damozes1@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Mailflow/Mailflow by directionality.yaml 21 17 238 106 23 14 2024-09-11 2025-01-21 45426291+damozes1@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Mailflow/Top 100 malicious email senders.yaml 21 17 238 106 23 14 2024-09-11 2025-01-21 45426291+damozes1@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Mailflow/Sender recipient contact establishment.yaml 35 17 238 106 23 14 2024-09-11 2025-01-21 45426291+damozes1@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Mailflow/Malicious emails detected per day.yaml 29 17 238 106 23 14 2024-09-11 2025-01-21 45426291+damozes1@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Mailflow/Mail reply to new domain.yaml 40 17 238 106 23 14 2024-09-11 2025-01-21 45426291+damozes1@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Phish/Possible device code phishing attempts.yaml 47 11 58 13 15 13 2025-03-10 2025-04-24 45426291+damozes1@users.noreply.github.com v-prasadboke@microsoft.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Phish/Possible Teams phishing activity.yaml 34 11 58 13 15 13 2025-03-10 2025-04-24 45426291+damozes1@users.noreply.github.com v-prasadboke@microsoft.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Phish/Appspot phishing abuse.yaml 31 17 238 106 23 14 2024-09-11 2025-01-21 45426291+damozes1@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Phish/PhishDetectionByDetectionMethod.yaml 39 17 238 106 23 14 2024-09-11 2025-01-21 45426291+damozes1@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Hunting/Top outbound recipient domains sending inbound emails with threats.yaml 26 11 58 13 15 13 2025-03-10 2025-04-24 45426291+damozes1@users.noreply.github.com v-prasadboke@microsoft.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Hunting/BEC - File sharing tactics - Dropbox.yaml 30 23 196 58 34 16 2024-10-23 2025-03-10 45426291+damozes1@users.noreply.github.com idoshabi@microsoft.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Hunting/Email bombing.yaml 12 10 57 13 17 13 2025-03-11 2025-04-24 v-atulyadav@microsoft.com v-prasadboke@microsoft.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Hunting/Inbox rule change which forward-redirect email.yaml 21 17 238 106 22 14 2024-09-11 2025-01-21 45426291+damozes1@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Hunting/BEC - File sharing tactics - OneDrive or SharePoint.yaml 38 23 196 58 34 16 2024-10-23 2025-03-10 45426291+damozes1@users.noreply.github.com idoshabi@microsoft.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Hunting/Hunt for malicious URLs using external IOC source.yaml 28 17 238 106 22 14 2024-09-11 2025-01-21 45426291+damozes1@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Hunting/Emails containing links to IP addresses.yaml 18 18 238 106 23 14 2024-09-11 2025-01-21 45426291+damozes1@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Hunting/Good emails from senders with bad patterns.yaml 30 18 238 106 23 14 2024-09-11 2025-01-21 45426291+damozes1@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Hunting/Automated email notifications and suspicious sign-in activity.yaml 26 23 196 58 34 16 2024-10-23 2025-03-10 45426291+damozes1@users.noreply.github.com idoshabi@microsoft.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Hunting/Files share contents and suspicious sign-in activity.yaml 30 23 196 58 34 16 2024-10-23 2025-03-10 45426291+damozes1@users.noreply.github.com idoshabi@microsoft.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Hunting/Hunt for email conversation take over attempts.yaml 40 17 238 106 22 14 2024-09-11 2025-01-21 45426291+damozes1@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Hunting/Hunt for malicious attachments using external IOC source.yaml 27 17 238 106 22 14 2024-09-11 2025-01-21 45426291+damozes1@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Hunting/Hunt for email bombing attacks.yaml 25 11 58 13 15 13 2025-03-10 2025-04-24 45426291+damozes1@users.noreply.github.com v-prasadboke@microsoft.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/URL Click/User clicks on malicious inbound emails.yaml 28 17 238 106 23 14 2024-09-11 2025-01-21 45426291+damozes1@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/URL Click/URL click on ZAP Email.yaml 23 18 238 106 23 14 2024-09-11 2025-01-21 45426291+damozes1@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/URL Click/URLClick details based on malicious URL click alert.yaml 22 18 238 106 23 14 2024-09-11 2025-01-21 45426291+damozes1@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/URL Click/User clicked through events.yaml 20 17 238 106 23 14 2024-09-11 2025-01-21 45426291+damozes1@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/URL Click/URL click count by click action.yaml 22 17 238 106 23 14 2024-09-11 2025-01-21 45426291+damozes1@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/URL Click/URL clicks actions by URL.yaml 22 18 238 106 23 14 2024-09-11 2025-01-21 45426291+damozes1@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/URL Click/User clicks on phishing URLs in emails.yaml 21 18 238 106 24 14 2024-09-11 2025-01-21 45426291+damozes1@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/URL Click/End user malicious clicks.yaml 24 17 238 106 23 14 2024-09-11 2025-01-21 45426291+damozes1@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Attachment/Safe attachment detection.yaml 23 17 238 106 23 14 2024-09-11 2025-01-21 45426291+damozes1@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Attachment/ATP policy status check.yaml 27 17 238 106 22 14 2024-09-11 2025-01-21 45426291+damozes1@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Attachment/JNLP attachment.yaml 18 17 238 106 22 14 2024-09-11 2025-01-21 45426291+damozes1@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Authentication/Spoof attempts with auth failure.yaml 22 17 238 106 23 14 2024-09-11 2025-01-21 45426291+damozes1@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Authentication/Authentication failures.yaml 23 17 238 106 22 14 2024-09-11 2025-01-21 45426291+damozes1@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/QR code/Suspicious sign-in attempts from QR code phishing campaigns.yaml 47 17 238 106 22 14 2024-09-11 2025-01-21 45426291+damozes1@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/QR code/Personalized campaigns based on the first few keywords.yaml 25 17 238 106 22 14 2024-09-11 2025-01-21 45426291+damozes1@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/QR code/Emails with QR codes from non-prevalent sender.yaml 36 17 238 106 22 14 2024-09-11 2025-01-21 45426291+damozes1@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/QR code/Emails delivered having URLs from QR codes.yaml 25 17 238 106 22 14 2024-09-11 2025-01-21 45426291+damozes1@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/QR code/Inbound emails with QR code URLs.yaml 25 17 238 106 22 14 2024-09-11 2025-01-21 45426291+damozes1@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/QR code/Hunting for user signals-clusters.yaml 26 17 238 106 22 14 2024-09-11 2025-01-21 45426291+damozes1@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/QR code/Personalized campaigns based on the last few keywords.yaml 25 17 238 106 22 14 2024-09-11 2025-01-21 45426291+damozes1@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/QR code/Campaign with suspicious keywords.yaml 25 17 238 106 22 14 2024-09-11 2025-01-21 45426291+damozes1@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/QR code/Emails with QR codes and suspicious keywords in subject.yaml 27 17 238 106 22 14 2024-09-11 2025-01-21 45426291+damozes1@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/QR code/Risky sign-in attempt from a non-managed device.yaml 31 17 238 106 22 14 2024-09-11 2025-01-21 45426291+damozes1@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/QR code/Hunting for sender patterns.yaml 47 17 238 106 22 14 2024-09-11 2025-01-21 45426291+damozes1@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/QR code/Campaign with randomly named attachments.yaml 24 17 238 106 22 14 2024-09-11 2025-01-21 45426291+damozes1@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/QR code/Custom detection-Emails with QR from non-prevalent senders.yaml 51 17 238 106 22 14 2024-09-11 2025-01-21 45426291+damozes1@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Quarantine/Quarantine Release Email Details.yaml 27 17 238 106 22 14 2024-09-11 2025-01-21 45426291+damozes1@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Quarantine/Quarantine release trend.yaml 22 17 238 106 23 14 2024-09-11 2025-01-21 45426291+damozes1@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Quarantine/High Confidence Phish Released.yaml 27 17 238 106 22 14 2024-09-11 2025-01-21 45426291+damozes1@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Quarantine/Group quarantine release.yaml 24 17 238 106 23 14 2024-09-11 2025-01-21 45426291+damozes1@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Spoof and Impersonation/Spoof and impersonation phish detections.yaml 22 17 238 106 23 14 2024-09-11 2025-01-21 45426291+damozes1@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Spoof and Impersonation/Spoof and impersonation detections by sender IP.yaml 21 17 238 106 23 14 2024-09-11 2025-01-21 45426291+damozes1@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Spoof and Impersonation/Referral phish emails.yaml 27 17 238 106 23 14 2024-09-11 2025-01-21 45426291+damozes1@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Spoof and Impersonation/Display Name - Spoof and Impersonation.yaml 35 18 238 106 23 14 2024-09-11 2025-01-21 45426291+damozes1@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Spoof and Impersonation/User not covered under display name impersonation.yaml 28 17 238 106 23 14 2024-09-11 2025-01-21 45426291+damozes1@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Top Attacks/Attacked more than x times average.yaml 24 17 238 106 23 14 2024-09-11 2025-01-21 45426291+damozes1@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Top Attacks/Top external malicious senders.yaml 21 17 238 106 23 14 2024-09-11 2025-01-21 45426291+damozes1@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Top Attacks/Top targeted users.yaml 21 17 238 106 23 14 2024-09-11 2025-01-21 45426291+damozes1@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Top Attacks/Top 10 URL domains attacking organization.yaml 27 18 238 106 24 14 2024-09-11 2025-01-21 45426291+damozes1@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Top Attacks/Top 10 percent of most attacked users.yaml 25 17 238 106 23 14 2024-09-11 2025-01-21 45426291+damozes1@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Top Attacks/Malicious mails by sender IPs.yaml 21 17 238 106 23 14 2024-09-11 2025-01-21 45426291+damozes1@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Malware/Email containing malware accessed on a unmanaged device.yaml 30 18 238 106 23 14 2024-09-11 2025-01-21 45426291+damozes1@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Malware/Malware detections by detection methods.yaml 32 17 238 106 23 14 2024-09-11 2025-01-21 45426291+damozes1@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Malware/Email malware detection report.yaml 26 17 238 106 23 14 2024-09-11 2025-01-21 45426291+damozes1@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Malware/Email containing malware sent by an internal sender.yaml 20 18 238 106 23 14 2024-09-11 2025-01-21 45426291+damozes1@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Submissions/Status of submissions.yaml 25 17 238 106 22 14 2024-09-11 2025-01-21 45426291+damozes1@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Submissions/Admin reported submissions.yaml 22 17 238 106 24 14 2024-09-11 2025-01-21 45426291+damozes1@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Submissions/User reported submissions.yaml 22 17 238 106 23 14 2024-09-11 2025-01-21 45426291+damozes1@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Submissions/Top submitters of admin submissions.yaml 25 17 238 106 23 14 2024-09-11 2025-01-21 45426291+damozes1@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Submissions/Top submitters of user submissions.yaml 25 17 238 106 23 14 2024-09-11 2025-01-21 45426291+damozes1@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/General/New TABL Items.yaml 33 17 238 106 22 14 2024-09-11 2025-01-21 45426291+damozes1@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/General/MDO daily detection summary report.yaml 65 18 238 106 23 14 2024-09-11 2025-01-21 45426291+damozes1@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/General/Hunt for Admin email access.yaml 25 11 58 13 15 13 2025-03-10 2025-04-24 45426291+damozes1@users.noreply.github.com v-prasadboke@microsoft.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/General/Malicious email senders.yaml 22 18 238 106 24 14 2024-09-11 2025-01-21 45426291+damozes1@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/General/Hunt for TABL changes.yaml 20 17 238 106 22 14 2024-09-11 2025-01-21 45426291+damozes1@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/General/Mail item accessed.yaml 21 17 238 106 22 14 2024-09-11 2025-01-21 45426291+damozes1@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/General/Local time to UTC time conversion.yaml 20 17 238 106 23 14 2024-09-11 2025-01-21 45426291+damozes1@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/General/Email sender IP address Geo location information.yaml 20 11 58 13 15 13 2025-03-10 2025-04-24 45426291+damozes1@users.noreply.github.com v-prasadboke@microsoft.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/General/Audit Email Preview-Download action.yaml 29 18 238 106 23 14 2024-09-11 2025-01-21 45426291+damozes1@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/URL/Phishing Email Url Redirector.yaml 6 17 238 106 23 14 2024-09-11 2025-01-21 45426291+damozes1@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/URL/SafeLinks URL detections.yaml 23 17 238 106 23 14 2024-09-11 2025-01-21 45426291+damozes1@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Command and Control/ReconWithRundll.yaml 28 27 440 268 43 28 2024-02-22 2024-08-12 anknar@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Command and Control/C2-NamedPipe.yaml 65 27 440 268 43 28 2024-02-22 2024-08-12 anknar@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Credential Access/LSASSCredDumpProcdump.yaml 26 27 440 268 43 28 2024-02-22 2024-08-12 anknar@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Credential Access/DoppelPaymerProcdump.yaml 30 27 440 268 43 28 2024-02-22 2024-08-12 anknar@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Credential Access/LaZagne.yaml 32 27 440 268 43 28 2024-02-22 2024-08-12 anknar@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Lateral Movement/ServiceAccountsPerformingRemotePS.yaml 58 27 440 268 43 28 2024-02-22 2024-08-12 anknar@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Lateral Movement/AccountBruteForce.yaml 26 27 440 268 43 28 2024-02-22 2024-08-12 anknar@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Lateral Movement/RemoteFileCreationWithPsExec.yaml 41 21 426 268 37 24 2024-03-07 2024-08-12 r.greatlove@gmail.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Defense Evasion/Regsvr32Rundll32ImageLoadsAbnormalExtension.yaml 32 21 426 268 37 24 2024-03-07 2024-08-12 r.greatlove@gmail.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Defense Evasion/ClearSystemLogs.yaml 22 21 426 268 37 24 2024-03-07 2024-08-12 r.greatlove@gmail.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Defense Evasion/QakbotCampaignSelfDeletion.yaml 22 27 440 268 43 28 2024-02-22 2024-08-12 anknar@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Defense Evasion/DoppelpaymerStopServices.yaml 27 27 440 268 43 28 2024-02-22 2024-08-12 anknar@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Defense Evasion/Regsvr32Rundll32WithAnomalousParentProcess.yaml 33 21 426 268 37 24 2024-03-07 2024-08-12 r.greatlove@gmail.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Exploits/PrintNightmareUsageDetection-CVE-2021-1675.yaml 8 27 440 268 43 28 2024-02-22 2024-08-12 anknar@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Exploits/CVE-2022-26134-Confluence.yaml 26 27 440 268 43 28 2024-02-22 2024-08-12 anknar@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Exploits/SuspiciousFileCreationByPrintSpoolerService.yaml 25 21 426 268 37 24 2024-03-07 2024-08-12 r.greatlove@gmail.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Exploits/MosaicLoader.yaml 18 27 440 268 43 28 2024-02-22 2024-08-12 anknar@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Exploits/Print Spooler RCE/SpoolsvSpawningRundll32.yaml 20 21 426 268 37 24 2024-03-07 2024-08-12 r.greatlove@gmail.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Exploits/Print Spooler RCE/SuspiciousFilesInSpoolFolder.yaml 18 27 440 268 43 28 2024-02-22 2024-08-12 anknar@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Exploits/Print Spooler RCE/SuspiciousSpoolsvChildProcess.yaml 38 27 440 268 43 28 2024-02-22 2024-08-12 anknar@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Hunting Queries/Exploits/Print Spooler RCE/SuspiciousDLLInSpoolFolder.yaml 21 27 440 268 43 28 2024-02-22 2024-08-12 anknar@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Analytic Rules/SUNSPOTHashes.yaml 54 40 566 261 79 34 2023-10-19 2024-08-19 v-rusraut@microsoft.com v-prasadboke@microsoft.com Solutions/Microsoft Defender XDR/Analytic Rules/Persistence/LocalAdminGroupChanges.yaml 83 46 415 57 87 37 2024-03-18 2025-03-11 r.greatlove@gmail.com v-atulyadav@microsoft.com Solutions/Microsoft Defender XDR/Analytic Rules/Persistence/AccountCreation.yaml 45 19 415 268 22 17 2024-03-18 2024-08-12 r.greatlove@gmail.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Analytic Rules/Persistence/RareProcessAsService.yaml 85 19 415 268 25 17 2024-03-18 2024-08-12 r.greatlove@gmail.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Analytic Rules/AVdetectionsrelatedtoUkrainebasedthreats.yaml 38 40 566 261 79 34 2023-10-19 2024-08-19 v-rusraut@microsoft.com v-prasadboke@microsoft.com Solutions/Microsoft Defender XDR/Analytic Rules/AVTarrask.yaml 49 51 566 261 100 39 2023-10-19 2024-08-19 v-rusraut@microsoft.com v-prasadboke@microsoft.com Solutions/Microsoft Defender XDR/Analytic Rules/Discovery/SuspiciousCommandInitiatedByWebServerProcess.yaml 54 20 419 268 23 17 2024-03-14 2024-08-12 r.greatlove@gmail.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Analytic Rules/Execution/PotentialKerberoastActivities.yaml 62 19 418 268 23 17 2024-03-15 2024-08-12 r.greatlove@gmail.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Analytic Rules/Execution/OfficeAppsLaunchingWscript.yaml 54 19 418 268 23 17 2024-03-15 2024-08-12 r.greatlove@gmail.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Analytic Rules/Execution/BITSAdminActivity.yaml 69 19 418 268 23 17 2024-03-15 2024-08-12 r.greatlove@gmail.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Analytic Rules/Exfiltration/FilesCopiedToUSBDrives.yaml 66 19 418 268 23 17 2024-03-15 2024-08-12 r.greatlove@gmail.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Analytic Rules/SolarWinds_SUNBURST_Network-IOCs.yaml 66 40 566 261 79 34 2023-10-19 2024-08-19 v-rusraut@microsoft.com v-prasadboke@microsoft.com Solutions/Microsoft Defender XDR/Analytic Rules/Ransomware/LogDeletionUsingWevtutil.yaml 37 19 414 268 23 17 2024-03-19 2024-08-12 r.greatlove@gmail.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Analytic Rules/Ransomware/QakbotDiscoveryActivities.yaml 50 19 414 268 23 17 2024-03-19 2024-08-12 r.greatlove@gmail.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Analytic Rules/Ransomware/ShadowCopyDeletion.yaml 67 19 414 268 23 17 2024-03-19 2024-08-12 r.greatlove@gmail.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Analytic Rules/Ransomware/MultiProcessKillWithTaskKill.yaml 37 19 414 268 23 17 2024-03-19 2024-08-12 r.greatlove@gmail.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Analytic Rules/Ransomware/DataDeletionOnMulipleDrivesUsingCipherExe.yaml 40 19 415 268 22 17 2024-03-18 2024-08-12 r.greatlove@gmail.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Analytic Rules/Ransomware/LaZagneCredTheft.yaml 42 19 414 268 23 17 2024-03-19 2024-08-12 r.greatlove@gmail.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Analytic Rules/Ransomware/PotentialCobaltStrikeRansomwareActivity.yaml 80 36 414 261 45 23 2024-03-19 2024-08-19 r.greatlove@gmail.com v-prasadboke@microsoft.com Solutions/Microsoft Defender XDR/Analytic Rules/Ransomware/DEV-0270/DisableSecurityServiceViaRegistry.yaml 25 19 415 268 23 17 2024-03-18 2024-08-12 r.greatlove@gmail.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Analytic Rules/PossibleWebpBufferOverflow.yaml 87 67 566 57 137 50 2023-10-19 2025-03-11 v-rusraut@microsoft.com v-atulyadav@microsoft.com Solutions/Microsoft Defender XDR/Analytic Rules/AVSpringShell.yaml 53 40 566 261 79 34 2023-10-19 2024-08-19 v-rusraut@microsoft.com v-prasadboke@microsoft.com Solutions/Microsoft Defender XDR/Analytic Rules/Impact/AnomalousVoulmeOfFileDeletion.yaml 79 35 418 261 49 25 2024-03-15 2024-08-19 r.greatlove@gmail.com v-prasadboke@microsoft.com Solutions/Microsoft Defender XDR/Analytic Rules/PossiblePhishingwithCSL&NetworkSession.yaml 147 63 566 259 138 44 2023-10-19 2024-08-21 v-rusraut@microsoft.com nilepagn@microsoft.com Solutions/Microsoft Defender XDR/Analytic Rules/PotentialBuildProcessCompromiseMDE.yaml 71 40 566 261 79 34 2023-10-19 2024-08-19 v-rusraut@microsoft.com v-prasadboke@microsoft.com Solutions/Microsoft Defender XDR/Analytic Rules/Command and Control/C2-NamedPipe.yaml 82 19 419 268 26 17 2024-03-14 2024-08-12 r.greatlove@gmail.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Analytic Rules/Credential Access/LSASSCredDumpProcdump.yaml 50 19 419 268 23 17 2024-03-14 2024-08-12 r.greatlove@gmail.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Analytic Rules/Credential Access/DoppelPaymerProcDump.yaml 52 19 419 268 24 17 2024-03-14 2024-08-12 r.greatlove@gmail.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Analytic Rules/Campaign/Sysrv-botnet/MaliciousCMDExecutionByJava.yaml 40 19 419 268 23 17 2024-03-14 2024-08-12 r.greatlove@gmail.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Analytic Rules/Campaign/Jupyter-Solarmaker/DeimosComponentExecution.yaml 45 19 419 268 23 17 2024-03-14 2024-08-12 r.greatlove@gmail.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Analytic Rules/Campaign/Macaw Ransomware/ImminentRansomware.yaml 63 19 419 268 25 17 2024-03-14 2024-08-12 r.greatlove@gmail.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Analytic Rules/SolarWinds_TEARDROP_Process-IOCs.yaml 35 40 566 261 79 34 2023-10-19 2024-08-19 v-rusraut@microsoft.com v-prasadboke@microsoft.com Solutions/Microsoft Defender XDR/Analytic Rules/Lateral Movement/ServiceAccountsPerformingRemotePS.yaml 72 19 415 268 22 17 2024-03-18 2024-08-12 r.greatlove@gmail.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Analytic Rules/Lateral Movement/RemoteFileCreationWithPsExec.yaml 62 19 418 268 24 17 2024-03-15 2024-08-12 r.greatlove@gmail.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Analytic Rules/Defense Evasion/DoppelpaymerStopService.yaml 47 19 419 268 24 17 2024-03-14 2024-08-12 r.greatlove@gmail.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Analytic Rules/Defense Evasion/Regsvr32Rundll32ImageLoadsAbnormalExtension.yaml 63 19 419 268 25 17 2024-03-14 2024-08-12 r.greatlove@gmail.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Analytic Rules/Defense Evasion/QakbotCampaignSelfDeletion.yaml 45 19 419 268 24 17 2024-03-14 2024-08-12 r.greatlove@gmail.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Analytic Rules/Defense Evasion/Regsvr32Rundll32WithAnomalousParentProcess.yaml 63 19 419 268 25 17 2024-03-14 2024-08-12 r.greatlove@gmail.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Defender XDR/Analytic Rules/SolarWinds_SUNBURST_&_SUPERNOVA_File-IOCs.yaml 58 40 566 261 79 34 2023-10-19 2024-08-19 v-rusraut@microsoft.com v-prasadboke@microsoft.com Solutions/Microsoft Defender XDR/Analytic Rules/Exploits/MosaicLoader.yaml 45 20 418 268 26 17 2024-03-15 2024-08-12 r.greatlove@gmail.com 62938807+haim-na@users.noreply.github.com Solutions/TenableAD/Parsers/afad_parser.yaml 117 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/TenableAD/Analytic Rules/TenableAdDCShadow.yaml 33 51 1241 293 76 42 2021-12-13 2024-07-18 fihry@tenable.com 164491672+shishirdw@users.noreply.github.com Solutions/TenableAD/Analytic Rules/TenableAdADAttacksPathways.yaml 42 51 1241 293 76 42 2021-12-13 2024-07-18 fihry@tenable.com 164491672+shishirdw@users.noreply.github.com Solutions/TenableAD/Analytic Rules/TenableAdDCSync.yaml 33 51 1241 293 76 42 2021-12-13 2024-07-18 fihry@tenable.com 164491672+shishirdw@users.noreply.github.com Solutions/TenableAD/Analytic Rules/TenableAdLSASSMemory.yaml 33 51 1241 293 76 42 2021-12-13 2024-07-18 fihry@tenable.com 164491672+shishirdw@users.noreply.github.com Solutions/TenableAD/Analytic Rules/TenableAdPrivilegedAccountIssues.yaml 42 51 1241 293 76 42 2021-12-13 2024-07-18 fihry@tenable.com 164491672+shishirdw@users.noreply.github.com Solutions/TenableAD/Analytic Rules/TenableAdUserAccountIssues.yaml 42 51 1241 293 76 42 2021-12-13 2024-07-18 fihry@tenable.com 164491672+shishirdw@users.noreply.github.com Solutions/TenableAD/Analytic Rules/TenableAdPasswordGuessing.yaml 33 51 1241 293 76 42 2021-12-13 2024-07-18 fihry@tenable.com 164491672+shishirdw@users.noreply.github.com Solutions/TenableAD/Analytic Rules/TenableAdIndicatorsOfAttack.yaml 41 51 1241 293 76 42 2021-12-13 2024-07-18 fihry@tenable.com 164491672+shishirdw@users.noreply.github.com Solutions/TenableAD/Analytic Rules/TenableAdGoldenTicket.yaml 33 51 1241 293 76 42 2021-12-13 2024-07-18 fihry@tenable.com 164491672+shishirdw@users.noreply.github.com Solutions/TenableAD/Analytic Rules/TenableAdPasswordSpraying.yaml 33 51 1241 293 76 42 2021-12-13 2024-07-18 fihry@tenable.com 164491672+shishirdw@users.noreply.github.com Solutions/TenableAD/Analytic Rules/TenableAdIndicatorsOfExposures.yaml 41 51 1241 293 76 42 2021-12-13 2024-07-18 fihry@tenable.com 164491672+shishirdw@users.noreply.github.com Solutions/TenableAD/Analytic Rules/TenableAdPasswordIssues.yaml 42 51 1241 293 76 42 2021-12-13 2024-07-18 fihry@tenable.com 164491672+shishirdw@users.noreply.github.com Solutions/Azure Key Vault/Analytic Rules/KeyvaultMassSecretRetrieval.yaml 80 111 1085 261 185 77 2022-05-18 2024-08-19 104008048+v-atulyadav@users.noreply.github.com v-prasadboke@microsoft.com Solutions/Azure Key Vault/Analytic Rules/TimeSeriesKeyvaultAccessAnomaly.yaml 85 102 1085 261 165 73 2022-05-18 2024-08-19 104008048+v-atulyadav@users.noreply.github.com v-prasadboke@microsoft.com Solutions/Azure Key Vault/Analytic Rules/NRT_KeyVaultSensitiveOperations.yaml 45 78 1085 268 124 62 2022-05-18 2024-08-12 104008048+v-atulyadav@users.noreply.github.com 62938807+haim-na@users.noreply.github.com Solutions/Azure Key Vault/Analytic Rules/KeyVaultSensitiveOperations.yaml 49 89 1085 268 144 68 2022-05-18 2024-08-12 104008048+v-atulyadav@users.noreply.github.com 62938807+haim-na@users.noreply.github.com Solutions/Azure Web Application Firewall (WAF)/Analytic Rules/App-GW-WAF-SQLiDetection.yaml 56 33 342 26 56 28 2024-05-30 2025-04-11 104413086+shabaz-github@users.noreply.github.com bartleyriley@gmail.com Solutions/Azure Web Application Firewall (WAF)/Analytic Rules/MaliciousWAFSessions.yaml 63 88 869 261 135 65 2022-12-20 2024-08-19 v-sabiraj@microsoft.com v-prasadboke@microsoft.com Solutions/Azure Web Application Firewall (WAF)/Analytic Rules/AFD-Premium-WAF-SQLiDetection.yaml 53 58 778 293 95 52 2023-03-21 2024-07-18 v-prasadboke@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Azure Web Application Firewall (WAF)/Analytic Rules/App-GW-WAF-Code-Injection.yaml 53 57 632 293 109 45 2023-08-14 2024-07-18 104413086+shabaz-github@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Azure Web Application Firewall (WAF)/Analytic Rules/App-GW-WAF-Scanner-detection.yaml 56 57 632 293 109 45 2023-08-14 2024-07-18 104413086+shabaz-github@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Azure Web Application Firewall (WAF)/Analytic Rules/App-GW-WAF-Path-Traversal-Attack.yaml 55 57 632 293 109 45 2023-08-14 2024-07-18 104413086+shabaz-github@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Azure Web Application Firewall (WAF)/Analytic Rules/App-GW-WAF-XSSDetection.yaml 53 33 342 26 56 28 2024-05-30 2025-04-11 104413086+shabaz-github@users.noreply.github.com bartleyriley@gmail.com Solutions/Azure Web Application Firewall (WAF)/Analytic Rules/AFD-Premium-WAF-XSSDetection.yaml 50 58 778 293 95 52 2023-03-21 2024-07-18 v-prasadboke@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Azure Web Application Firewall (WAF)/Analytic Rules/AFD-WAF-Path-Traversal-Attack.yaml 55 33 632 293 67 29 2023-08-14 2024-07-18 104413086+shabaz-github@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Azure Web Application Firewall (WAF)/Analytic Rules/AFD-WAF-Code-Injection.yaml 53 33 632 293 66 29 2023-08-14 2024-07-18 104413086+shabaz-github@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Apache Log4j Vulnerability Detection/Hunting Queries/Apache_log4j_Vulnerability.yaml 53 76 975 293 128 66 2022-09-05 2024-07-18 164491672+shishirdw@users.noreply.github.com Solutions/Apache Log4j Vulnerability Detection/Hunting Queries/NetworkConnectionToNewExternalLDAPServer.yaml 65 94 975 261 161 74 2022-09-05 2024-08-19 v-prasadboke@microsoft.com Solutions/Apache Log4j Vulnerability Detection/Hunting Queries/Suspicious_ShellScript_Activity.yaml 48 76 975 293 123 65 2022-09-05 2024-07-18 164491672+shishirdw@users.noreply.github.com Solutions/Apache Log4j Vulnerability Detection/Hunting Queries/WAF_log4j_vulnerability.yaml 47 77 975 293 125 66 2022-09-05 2024-07-18 164491672+shishirdw@users.noreply.github.com Solutions/Apache Log4j Vulnerability Detection/Hunting Queries/Linux_Toolkit_Detected.yaml 46 77 975 293 130 66 2022-09-05 2024-07-18 164491672+shishirdw@users.noreply.github.com Solutions/Apache Log4j Vulnerability Detection/Hunting Queries/Process_Termination_Activity.yaml 46 76 975 293 123 65 2022-09-05 2024-07-18 164491672+shishirdw@users.noreply.github.com Solutions/Apache Log4j Vulnerability Detection/Hunting Queries/Firewall_Disable_Activity.yaml 45 77 975 293 130 66 2022-09-05 2024-07-18 164491672+shishirdw@users.noreply.github.com Solutions/Apache Log4j Vulnerability Detection/Hunting Queries/NetworkConnectionldap_log4j.yaml 57 93 975 293 156 72 2022-09-05 2024-07-18 164491672+shishirdw@users.noreply.github.com Solutions/Apache Log4j Vulnerability Detection/Hunting Queries/Base64_Download_Activity.yaml 50 76 975 293 129 66 2022-09-05 2024-07-18 164491672+shishirdw@users.noreply.github.com Solutions/Apache Log4j Vulnerability Detection/Hunting Queries/Container_Miner_Activity.yaml 47 77 975 293 129 66 2022-09-05 2024-07-18 164491672+shishirdw@users.noreply.github.com Solutions/Apache Log4j Vulnerability Detection/Analytic Rules/AzureWAFmatching_log4j_vuln.yaml 47 84 975 261 131 68 2022-09-05 2024-08-19 v-prasadboke@microsoft.com Solutions/Apache Log4j Vulnerability Detection/Analytic Rules/Log4jVulnerableMachines.yaml 38 82 975 261 130 70 2022-09-05 2024-08-19 v-prasadboke@microsoft.com Solutions/Apache Log4j Vulnerability Detection/Analytic Rules/UserAgentSearch_log4j.yaml 101 114 975 57 220 96 2022-09-05 2025-03-11 v-atulyadav@microsoft.com Solutions/Apache Log4j Vulnerability Detection/Analytic Rules/Log4J_IPIOC_Dec112021.yaml 219 114 975 259 207 79 2022-09-05 2024-08-21 nilepagn@microsoft.com Solutions/PDNS Block Data Connector/DataConnectors/block-data-connector/__init__.py 101 36 769 293 67 35 2023-03-30 2024-07-18 ted.while@softwire.com 164491672+shishirdw@users.noreply.github.com Solutions/PDNS Block Data Connector/DataConnectors/block-data-connector/fetch_data.py 75 37 769 293 69 35 2023-03-30 2024-07-18 ted.while@softwire.com 164491672+shishirdw@users.noreply.github.com Solutions/PDNS Block Data Connector/DataConnectors/block-data-connector/state_manager.py 16 35 769 293 66 35 2023-03-30 2024-07-18 ted.while@softwire.com 164491672+shishirdw@users.noreply.github.com Solutions/Fortinet FortiWeb Cloud WAF-as-a-Service connector for Microsoft Sentinel/Hunting Queries/Unexpected Countries.yaml 27 65 666 57 105 60 2023-07-11 2025-03-11 jonbagg@users.noreply.github.com v-atulyadav@microsoft.com Solutions/Fortinet FortiWeb Cloud WAF-as-a-Service connector for Microsoft Sentinel/Hunting Queries/owaspTop10-Threatsyaml.yaml 27 65 666 57 105 60 2023-07-11 2025-03-11 jonbagg@users.noreply.github.com v-atulyadav@microsoft.com Solutions/Fortinet FortiWeb Cloud WAF-as-a-Service connector for Microsoft Sentinel/Parsers/Fortiweb.yaml 55 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Fortinet FortiWeb Cloud WAF-as-a-Service connector for Microsoft Sentinel/Analytic Rules/Fortiweb - WAF Allowed threat.yaml 31 65 666 57 105 60 2023-07-11 2025-03-11 jonbagg@users.noreply.github.com v-atulyadav@microsoft.com Solutions/Box/Hunting Queries/BoxAdminIpAddress.yaml 25 47 1504 457 65 45 2021-03-25 2024-02-05 59487793+tj-senserva@users.noreply.github.com 86425481+seanmacdonald8@users.noreply.github.com Solutions/Box/Hunting Queries/BoxUserUploadsByVolume.yaml 28 20 1504 576 24 22 2021-03-25 2023-10-09 59487793+tj-senserva@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Box/Hunting Queries/BoxNewUsers.yaml 25 20 1504 576 24 22 2021-03-25 2023-10-09 59487793+tj-senserva@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Box/Hunting Queries/BoxUsersWithOwnerPermissions.yaml 25 20 1504 576 24 22 2021-03-25 2023-10-09 59487793+tj-senserva@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Box/Hunting Queries/BoxUserDownloadsByVolume.yaml 29 20 1504 576 24 22 2021-03-25 2023-10-09 59487793+tj-senserva@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Box/Hunting Queries/BoxUserGroupChanges.yaml 24 20 1504 576 24 22 2021-03-25 2023-10-09 59487793+tj-senserva@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Box/Hunting Queries/BoxDeletedUsers.yaml 24 20 1504 576 24 22 2021-03-25 2023-10-09 59487793+tj-senserva@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Box/Hunting Queries/BoxInactiveAdmins.yaml 36 20 1504 576 24 22 2021-03-25 2023-10-09 59487793+tj-senserva@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Box/Hunting Queries/BoxInactiveUsers.yaml 36 20 1504 576 24 22 2021-03-25 2023-10-09 59487793+tj-senserva@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Box/Parsers/BoxEvents.yaml 320 48 624 58 86 43 2023-08-22 2025-03-10 mkchiliveri@gmail.com idoshabi@microsoft.com Solutions/Box/Analytic Rules/BoxAbnormalUserActivity.yaml 54 74 1504 576 108 71 2021-03-25 2023-10-09 59487793+tj-senserva@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Box/Analytic Rules/BoxInactiveUserLogin.yaml 42 74 1504 576 108 71 2021-03-25 2023-10-09 59487793+tj-senserva@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Box/Analytic Rules/BoxUserLoginAsAdmin.yaml 41 74 1504 576 108 71 2021-03-25 2023-10-09 59487793+tj-senserva@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Box/Analytic Rules/BoxMultipleItemsDeletedByUser.yaml 32 74 1504 576 108 71 2021-03-25 2023-10-09 59487793+tj-senserva@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Box/Analytic Rules/BoxBinaryFile.yaml 29 74 1504 576 108 71 2021-03-25 2023-10-09 59487793+tj-senserva@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Box/Analytic Rules/BoxItemSharedToExternalUser.yaml 32 74 1504 576 108 71 2021-03-25 2023-10-09 59487793+tj-senserva@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Box/Analytic Rules/BoxUserRoleChangedToOwner.yaml 42 74 1504 576 108 71 2021-03-25 2023-10-09 59487793+tj-senserva@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Box/Analytic Rules/BoxDownloadForbiddenFiles.yaml 37 74 1504 576 108 71 2021-03-25 2023-10-09 59487793+tj-senserva@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Box/Analytic Rules/BoxNewExternalUser.yaml 38 74 1504 576 108 71 2021-03-25 2023-10-09 59487793+tj-senserva@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Box/Data Connectors/AzureFunctionBox/main.py 158 96 1504 293 173 89 2021-03-25 2024-07-18 59487793+tj-senserva@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Box/Data Connectors/AzureFunctionBox/state_manager.py 18 20 1504 576 24 22 2021-03-25 2023-10-09 59487793+tj-senserva@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Box/Data Connectors/AzureFunctionBox/sentinel_connector.py 98 20 1504 576 24 22 2021-03-25 2023-10-09 59487793+tj-senserva@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Digital Shadows/Analytic Rules/Digital_Shadows_incident_creation_include.yaml 70 87 1122 293 138 61 2022-04-11 2024-07-18 shikhin@metronlabs.com 164491672+shishirdw@users.noreply.github.com Solutions/Digital Shadows/Analytic Rules/Digital_Shadows_incident_creation_exclude.yaml 70 87 1122 293 138 61 2022-04-11 2024-07-18 shikhin@metronlabs.com 164491672+shishirdw@users.noreply.github.com Solutions/Digital Shadows/Data Connectors/Digital Shadows/DigitalShadowsConnectorAzureFunction/constant.py 6 70 1122 293 104 66 2022-04-11 2024-07-18 shikhin@metronlabs.com 164491672+shishirdw@users.noreply.github.com Solutions/Digital Shadows/Data Connectors/Digital Shadows/DigitalShadowsConnectorAzureFunction/__init__.py 27 71 1122 293 105 66 2022-04-11 2024-07-18 shikhin@metronlabs.com 164491672+shishirdw@users.noreply.github.com Solutions/Digital Shadows/Data Connectors/Digital Shadows/DigitalShadowsConnectorAzureFunction/DS_poller.py 140 90 1122 293 129 71 2022-04-11 2024-07-18 shikhin@metronlabs.com 164491672+shishirdw@users.noreply.github.com Solutions/Digital Shadows/Data Connectors/Digital Shadows/DigitalShadowsConnectorAzureFunction/AS_poller.py 2 56 1122 576 77 39 2022-04-11 2023-10-09 shikhin@metronlabs.com mrudula.oruganti@gigamon.com Solutions/Digital Shadows/Data Connectors/Digital Shadows/DigitalShadowsConnectorAzureFunction/AS_api.py 39 57 1122 576 78 39 2022-04-11 2023-10-09 shikhin@metronlabs.com mrudula.oruganti@gigamon.com Solutions/Digital Shadows/Data Connectors/Digital Shadows/DigitalShadowsConnectorAzureFunction/state_serializer.py 73 71 1122 293 105 66 2022-04-11 2024-07-18 shikhin@metronlabs.com 164491672+shishirdw@users.noreply.github.com Solutions/Digital Shadows/Data Connectors/Digital Shadows/DigitalShadowsConnectorAzureFunction/DS_api.py 98 73 1122 293 107 66 2022-04-11 2024-07-18 shikhin@metronlabs.com 164491672+shishirdw@users.noreply.github.com Solutions/Bitglass/Hunting Queries/BitglassUserDevices.yaml 25 15 1251 845 21 15 2021-12-03 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/Bitglass/Hunting Queries/BitglassPrivilegedLoginFailures.yaml 29 15 1251 845 21 15 2021-12-03 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/Bitglass/Hunting Queries/BitglassNewUsers.yaml 33 16 1251 845 23 15 2021-12-03 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/Bitglass/Hunting Queries/BitglassNewApplications.yaml 25 14 1251 845 20 15 2021-12-03 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/Bitglass/Hunting Queries/BitglassLoginFailures.yaml 29 15 1251 845 21 15 2021-12-03 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/Bitglass/Hunting Queries/BitglassRiskyUsers.yaml 24 14 1251 845 20 15 2021-12-03 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/Bitglass/Hunting Queries/BitglassApplications.yaml 24 14 1251 845 20 15 2021-12-03 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/Bitglass/Hunting Queries/BitglassUncategorizedResources.yaml 25 14 1251 845 20 15 2021-12-03 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/Bitglass/Hunting Queries/BitglassTopUsersWithBlocks.yaml 25 14 1251 845 20 15 2021-12-03 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/Bitglass/Hunting Queries/BitglassInsecureWebProtocol.yaml 28 14 1251 845 20 15 2021-12-03 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/Bitglass/Parsers/Bitglass.yaml 160 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Bitglass/Analytic Rules/BitglassNewDevice.yaml 35 42 1251 770 59 36 2021-12-03 2023-03-29 sp@socprime.com 63061287+noamlandress@users.noreply.github.com Solutions/Bitglass/Analytic Rules/BitglassImpossibleTravelDistance.yaml 30 44 1251 770 61 36 2021-12-03 2023-03-29 sp@socprime.com 63061287+noamlandress@users.noreply.github.com Solutions/Bitglass/Analytic Rules/BitglassSuspiciousFileUpload.yaml 33 53 1251 770 80 41 2021-12-03 2023-03-29 sp@socprime.com 63061287+noamlandress@users.noreply.github.com Solutions/Bitglass/Analytic Rules/BitglassUserLoginNewGeoLocation.yaml 39 42 1251 770 59 36 2021-12-03 2023-03-29 sp@socprime.com 63061287+noamlandress@users.noreply.github.com Solutions/Bitglass/Analytic Rules/BitglassUserUAChanged.yaml 35 42 1251 770 59 36 2021-12-03 2023-03-29 sp@socprime.com 63061287+noamlandress@users.noreply.github.com Solutions/Bitglass/Analytic Rules/BitglassSmartEdgeAgentUninstall.yaml 30 43 1251 770 60 36 2021-12-03 2023-03-29 sp@socprime.com 63061287+noamlandress@users.noreply.github.com Solutions/Bitglass/Analytic Rules/BitglassNewRiskyUser.yaml 30 54 1251 770 81 41 2021-12-03 2023-03-29 sp@socprime.com 63061287+noamlandress@users.noreply.github.com Solutions/Bitglass/Analytic Rules/BitglassMultipleFailedLogins.yaml 33 53 1251 770 80 41 2021-12-03 2023-03-29 sp@socprime.com 63061287+noamlandress@users.noreply.github.com Solutions/Bitglass/Analytic Rules/BitglassFilesSharedWithExternal.yaml 34 44 1251 770 61 36 2021-12-03 2023-03-29 sp@socprime.com 63061287+noamlandress@users.noreply.github.com Solutions/Bitglass/Analytic Rules/BitglassNewAdminUser.yaml 30 43 1251 770 61 36 2021-12-03 2023-03-29 sp@socprime.com 63061287+noamlandress@users.noreply.github.com Solutions/Bitglass/Data Connectors/BitglassSentinelConnector/__init__.py 194 19 1321 576 22 19 2021-09-24 2023-10-09 ov@socprime.com mrudula.oruganti@gigamon.com Solutions/Bitglass/Data Connectors/BitglassSentinelConnector/state_manager.py 18 19 1321 576 22 19 2021-09-24 2023-10-09 ov@socprime.com mrudula.oruganti@gigamon.com Solutions/Qualys VM Knowledgebase/Parsers/QualysKB.yaml 32 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Qualys VM Knowledgebase/Data Connectors/requirements.psd1 7 21 1086 576 25 18 2022-05-17 2023-10-09 101796244+v-spadarthi@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Qualys VM Knowledgebase/Data Connectors/AzureFunctionQualysKB/run.ps1 262 86 1086 293 159 77 2022-05-17 2024-07-18 101796244+v-spadarthi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Qualys VM Knowledgebase/Data Connectors/profile.ps1 19 21 1086 576 25 18 2022-05-17 2023-10-09 101796244+v-spadarthi@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Training/Azure-Sentinel-Training-Lab/Artifacts/Scripts/IngestCSV.ps1 181 56 1350 293 81 51 2021-08-26 2024-07-18 rrodri0622@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Bitwarden/Parsers/BitwardenEventLogs.yaml 129 22 356 261 41 19 2024-05-16 2024-08-19 mzieniuk@bitwarden.com v-prasadboke@microsoft.com Solutions/MimecastTIRegional/Data Connectors/Models/Request/__init__.py 6 29 623 293 55 25 2023-08-23 2024-07-18 71869847+nipun-crestdatasystem@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/MimecastTIRegional/Data Connectors/Models/Request/get_threat_intel_feed.py 7 29 623 293 55 25 2023-08-23 2024-07-18 71869847+nipun-crestdatasystem@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/MimecastTIRegional/Data Connectors/Models/Error/errors.py 14 29 623 293 55 25 2023-08-23 2024-07-18 71869847+nipun-crestdatasystem@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/MimecastTIRegional/Data Connectors/Models/Error/__init__.py 1 29 623 293 55 25 2023-08-23 2024-07-18 71869847+nipun-crestdatasystem@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/MimecastTIRegional/Data Connectors/Models/Enum/mimecast_response_codes.py 10 29 623 293 55 25 2023-08-23 2024-07-18 71869847+nipun-crestdatasystem@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/MimecastTIRegional/Data Connectors/Models/Enum/mimecast_endpoints.py 2 29 623 293 55 25 2023-08-23 2024-07-18 71869847+nipun-crestdatasystem@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/MimecastTIRegional/Data Connectors/Models/Enum/__init__.py 1 29 623 293 55 25 2023-08-23 2024-07-18 71869847+nipun-crestdatasystem@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/MimecastTIRegional/Data Connectors/Helpers/threat_intel_feed_response_helper.py 104 29 623 293 55 25 2023-08-23 2024-07-18 71869847+nipun-crestdatasystem@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/MimecastTIRegional/Data Connectors/Helpers/graph_api_collector.py 41 29 623 293 55 25 2023-08-23 2024-07-18 71869847+nipun-crestdatasystem@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/MimecastTIRegional/Data Connectors/Helpers/date_helper.py 25 29 623 293 55 25 2023-08-23 2024-07-18 71869847+nipun-crestdatasystem@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/MimecastTIRegional/Data Connectors/Helpers/property_mapper.py 28 29 623 293 55 25 2023-08-23 2024-07-18 71869847+nipun-crestdatasystem@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/MimecastTIRegional/Data Connectors/Helpers/threat_intel_feed_request_helper.py 171 49 623 293 86 38 2023-08-23 2024-07-18 71869847+nipun-crestdatasystem@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/MimecastTIRegional/Data Connectors/GetThreatIntelFeedRegional/__init__.py 38 49 623 293 86 38 2023-08-23 2024-07-18 71869847+nipun-crestdatasystem@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Threat Intelligence (NEW)/Hunting Queries/FileEntity_Syslog.yaml 48 5 22 8 12 6 2025-04-15 2025-04-29 v-shukore@microsoft.com v-atulyadav@microsoft.com Solutions/Threat Intelligence (NEW)/Hunting Queries/FileEntity_WireData.yaml 40 5 22 8 12 6 2025-04-15 2025-04-29 v-shukore@microsoft.com v-atulyadav@microsoft.com Solutions/Threat Intelligence (NEW)/Hunting Queries/FileEntity_SecurityEvent.yaml 49 5 22 8 12 6 2025-04-15 2025-04-29 v-shukore@microsoft.com v-atulyadav@microsoft.com Solutions/Threat Intelligence (NEW)/Hunting Queries/FileEntity_OfficeActivity.yaml 47 5 22 8 12 6 2025-04-15 2025-04-29 v-shukore@microsoft.com v-atulyadav@microsoft.com Solutions/Threat Intelligence (NEW)/Hunting Queries/FileEntity_VMConnection.yaml 48 5 22 8 12 6 2025-04-15 2025-04-29 v-shukore@microsoft.com v-atulyadav@microsoft.com Solutions/Threat Intelligence (NEW)/Parsers/ThreatIntelIndicatorsv2.yaml 51 5 22 8 12 6 2025-04-15 2025-04-29 v-shukore@microsoft.com v-atulyadav@microsoft.com Solutions/Threat Intelligence (NEW)/Analytic Rules/IPEntity_AzureSQL.yaml 66 7 22 7 14 7 2025-04-15 2025-04-30 v-shukore@microsoft.com v-atulyadav@microsoft.com Solutions/Threat Intelligence (NEW)/Analytic Rules/Threat Intel Matches to GitHub Audit Logs.yaml 50 7 22 7 14 7 2025-04-15 2025-04-30 v-shukore@microsoft.com v-atulyadav@microsoft.com Solutions/Threat Intelligence (NEW)/Analytic Rules/IPEntity_OfficeActivity.yaml 64 10 22 7 21 8 2025-04-15 2025-04-30 v-shukore@microsoft.com v-atulyadav@microsoft.com Solutions/Threat Intelligence (NEW)/Analytic Rules/IPEntity_DuoSecurity.yaml 57 7 22 7 15 7 2025-04-15 2025-04-30 v-shukore@microsoft.com v-atulyadav@microsoft.com Solutions/Threat Intelligence (NEW)/Analytic Rules/IPEntity_imWebSession.yaml 47 5 22 8 14 7 2025-04-15 2025-04-29 v-shukore@microsoft.com v-atulyadav@microsoft.com Solutions/Threat Intelligence (NEW)/Analytic Rules/IPEntity_AppServiceHTTPLogs.yaml 69 10 22 7 20 8 2025-04-15 2025-04-30 v-shukore@microsoft.com v-atulyadav@microsoft.com Solutions/Threat Intelligence (NEW)/Analytic Rules/IPEntity_DnsEvents.yaml 63 10 22 7 20 8 2025-04-15 2025-04-30 v-shukore@microsoft.com v-atulyadav@microsoft.com Solutions/Threat Intelligence (NEW)/Analytic Rules/EmailEntity_SecurityEvent.yaml 75 10 22 7 20 8 2025-04-15 2025-04-30 v-shukore@microsoft.com v-atulyadav@microsoft.com Solutions/Threat Intelligence (NEW)/Analytic Rules/EmailEntity_OfficeActivity.yaml 58 10 22 7 20 8 2025-04-15 2025-04-30 v-shukore@microsoft.com v-atulyadav@microsoft.com Solutions/Threat Intelligence (NEW)/Analytic Rules/DomainEntity_CommonSecurityLog.yaml 50 5 22 8 12 6 2025-04-15 2025-04-29 v-shukore@microsoft.com v-atulyadav@microsoft.com Solutions/Threat Intelligence (NEW)/Analytic Rules/URLEntity_EmailUrlInfo_Updated.yaml 62 5 22 8 12 6 2025-04-15 2025-04-29 v-shukore@microsoft.com v-atulyadav@microsoft.com Solutions/Threat Intelligence (NEW)/Analytic Rules/URLEntity_UrlClickEvents_Updated.yaml 62 7 22 7 14 7 2025-04-15 2025-04-30 v-shukore@microsoft.com v-atulyadav@microsoft.com Solutions/Threat Intelligence (NEW)/Analytic Rules/FileHashEntity_SecurityEvent.yaml 71 9 22 8 18 7 2025-04-15 2025-04-29 v-shukore@microsoft.com v-atulyadav@microsoft.com Solutions/Threat Intelligence (NEW)/Analytic Rules/DomainEntity_imWebSession.yaml 57 9 22 8 18 7 2025-04-15 2025-04-29 v-shukore@microsoft.com v-atulyadav@microsoft.com Solutions/Threat Intelligence (NEW)/Analytic Rules/IPEntity_AWSCloudTrail.yaml 64 10 22 7 20 8 2025-04-15 2025-04-30 v-shukore@microsoft.com v-atulyadav@microsoft.com Solutions/Threat Intelligence (NEW)/Analytic Rules/IPEntity_DeviceNetworkEvents_Updated.yaml 50 7 22 7 14 7 2025-04-15 2025-04-30 v-shukore@microsoft.com v-atulyadav@microsoft.com Solutions/Threat Intelligence (NEW)/Analytic Rules/DomainEntity_SecurityAlert.yaml 67 5 22 8 12 6 2025-04-15 2025-04-29 v-shukore@microsoft.com v-atulyadav@microsoft.com Solutions/Threat Intelligence (NEW)/Analytic Rules/EmailEntity_EmailEvents_Updated.yaml 50 7 22 7 14 7 2025-04-15 2025-04-30 v-shukore@microsoft.com v-atulyadav@microsoft.com Solutions/Threat Intelligence (NEW)/Analytic Rules/IPEntity_CloudAppEvents_Updated.yaml 4 7 22 7 14 7 2025-04-15 2025-04-30 v-shukore@microsoft.com v-atulyadav@microsoft.com Solutions/Threat Intelligence (NEW)/Analytic Rules/DomainEntity_EmailEvents_Updated.yaml 52 5 22 8 12 6 2025-04-15 2025-04-29 v-shukore@microsoft.com v-atulyadav@microsoft.com Solutions/Threat Intelligence (NEW)/Analytic Rules/FileHashEntity_CommonSecurityLog.yaml 63 9 22 8 18 7 2025-04-15 2025-04-29 v-shukore@microsoft.com v-atulyadav@microsoft.com Solutions/Threat Intelligence (NEW)/Analytic Rules/IPEntity_CustomSecurityLog.yaml 42 7 22 7 16 7 2025-04-15 2025-04-30 v-shukore@microsoft.com v-atulyadav@microsoft.com Solutions/Threat Intelligence (NEW)/Analytic Rules/URLEntity_PaloAlto.yaml 79 5 22 8 12 6 2025-04-15 2025-04-29 v-shukore@microsoft.com v-atulyadav@microsoft.com Solutions/Threat Intelligence (NEW)/Analytic Rules/DomainEntity_Syslog.yaml 73 9 22 8 19 7 2025-04-15 2025-04-29 v-shukore@microsoft.com v-atulyadav@microsoft.com Solutions/Threat Intelligence (NEW)/Analytic Rules/EmailEntity_CloudAppEvents_Updated.yaml 45 7 22 7 14 7 2025-04-15 2025-04-30 v-shukore@microsoft.com v-atulyadav@microsoft.com Solutions/Threat Intelligence (NEW)/Analytic Rules/FileHashEntity_DeviceFileEvents_Updated.yaml 38 5 22 8 12 6 2025-04-15 2025-04-29 v-shukore@microsoft.com v-atulyadav@microsoft.com Solutions/Threat Intelligence (NEW)/Analytic Rules/DomainEntity_PaloAlto.yaml 108 5 22 8 12 6 2025-04-15 2025-04-29 v-shukore@microsoft.com v-atulyadav@microsoft.com Solutions/Threat Intelligence (NEW)/Analytic Rules/URLEntity_Syslog.yaml 31 5 22 8 12 6 2025-04-15 2025-04-29 v-shukore@microsoft.com v-atulyadav@microsoft.com Solutions/Threat Intelligence (NEW)/Analytic Rules/EmailEntity_SigninLogs.yaml 66 10 22 7 20 8 2025-04-15 2025-04-30 v-shukore@microsoft.com v-atulyadav@microsoft.com Solutions/Threat Intelligence (NEW)/Analytic Rules/EmailEntity_SecurityAlert.yaml 65 9 22 8 18 7 2025-04-15 2025-04-29 v-shukore@microsoft.com v-atulyadav@microsoft.com Solutions/Threat Intelligence (NEW)/Analytic Rules/URLEntity_CloudAppEvents_Updated.yaml 4 7 22 7 14 7 2025-04-15 2025-04-30 v-shukore@microsoft.com v-atulyadav@microsoft.com Solutions/Threat Intelligence (NEW)/Analytic Rules/EmailEntity_PaloAlto.yaml 57 9 22 8 18 7 2025-04-15 2025-04-29 v-shukore@microsoft.com v-atulyadav@microsoft.com Solutions/Threat Intelligence (NEW)/Analytic Rules/IPEntity_AzureActivity.yaml 67 10 22 7 20 8 2025-04-15 2025-04-30 v-shukore@microsoft.com v-atulyadav@microsoft.com Solutions/Threat Intelligence (NEW)/Analytic Rules/IPEntity_SigninLogs_Updated.yaml 64 10 22 7 21 8 2025-04-15 2025-04-30 v-shukore@microsoft.com v-atulyadav@microsoft.com Solutions/Threat Intelligence (NEW)/Analytic Rules/IPEntity_AzureFirewall.yaml 69 7 22 7 14 7 2025-04-15 2025-04-30 v-shukore@microsoft.com v-atulyadav@microsoft.com Solutions/Threat Intelligence (NEW)/Analytic Rules/IPEntity_VMConnection.yaml 61 10 22 7 20 8 2025-04-15 2025-04-30 v-shukore@microsoft.com v-atulyadav@microsoft.com Solutions/Threat Intelligence (NEW)/Analytic Rules/IPEntity_Workday_Updated.yaml 53 7 22 7 15 7 2025-04-15 2025-04-30 v-shukore@microsoft.com v-atulyadav@microsoft.com Solutions/Threat Intelligence (NEW)/Analytic Rules/URLEntity_DeviceNetworkEvents_Updated.yaml 58 7 22 7 14 7 2025-04-15 2025-04-30 v-shukore@microsoft.com v-atulyadav@microsoft.com Solutions/Threat Intelligence (NEW)/Analytic Rules/IPEntity_W3CIISLog.yaml 63 10 22 7 20 8 2025-04-15 2025-04-30 v-shukore@microsoft.com v-atulyadav@microsoft.com Solutions/Threat Intelligence (NEW)/Analytic Rules/imDns_IPEntity_DnsEvents.yaml 80 8 22 8 18 7 2025-04-15 2025-04-29 v-shukore@microsoft.com v-atulyadav@microsoft.com Solutions/Threat Intelligence (NEW)/Analytic Rules/URLEntity_AuditLogs.yaml 61 5 22 8 12 6 2025-04-15 2025-04-29 v-shukore@microsoft.com v-atulyadav@microsoft.com Solutions/Threat Intelligence (NEW)/Analytic Rules/DomainEntity_DnsEvents.yaml 74 9 22 8 18 7 2025-04-15 2025-04-29 v-shukore@microsoft.com v-atulyadav@microsoft.com Solutions/Threat Intelligence (NEW)/Analytic Rules/URLEntity_SecurityAlerts.yaml 67 7 22 7 14 7 2025-04-15 2025-04-30 v-shukore@microsoft.com v-atulyadav@microsoft.com Solutions/Threat Intelligence (NEW)/Analytic Rules/DomainEntity_EmailUrlInfo_Updated.yaml 66 5 22 8 12 6 2025-04-15 2025-04-29 v-shukore@microsoft.com v-atulyadav@microsoft.com Solutions/Threat Intelligence (NEW)/Analytic Rules/IPEntity_AzureKeyVault.yaml 61 7 22 7 15 7 2025-04-15 2025-04-30 v-shukore@microsoft.com v-atulyadav@microsoft.com Solutions/Threat Intelligence (NEW)/Analytic Rules/DomainEntity_DeviceNetworkEvents_Updated.yaml 55 7 22 7 14 7 2025-04-15 2025-04-30 v-shukore@microsoft.com v-atulyadav@microsoft.com Solutions/Threat Intelligence (NEW)/Analytic Rules/EmailEntity_AzureActivity.yaml 55 10 22 7 20 8 2025-04-15 2025-04-30 v-shukore@microsoft.com v-atulyadav@microsoft.com Solutions/Threat Intelligence (NEW)/Analytic Rules/IPEntity_AzureNetworkAnalytics.yaml 62 7 22 7 14 7 2025-04-15 2025-04-30 v-shukore@microsoft.com v-atulyadav@microsoft.com Solutions/Threat Intelligence (NEW)/Analytic Rules/IPEntity_imNetworkSession.yaml 106 5 22 8 14 7 2025-04-15 2025-04-29 v-shukore@microsoft.com v-atulyadav@microsoft.com Solutions/Threat Intelligence (NEW)/Analytic Rules/DomainEntity_CloudAppEvents_Updated.yaml 72 7 22 7 15 7 2025-04-15 2025-04-30 v-shukore@microsoft.com v-atulyadav@microsoft.com Solutions/Threat Intelligence (NEW)/Analytic Rules/imDns_DomainEntity_DnsEvents.yaml 83 9 22 7 21 8 2025-04-15 2025-04-30 v-shukore@microsoft.com v-atulyadav@microsoft.com Solutions/OracleWebLogicServer/Hunting Queries/OracleWebLogicUrlServerErrors.yaml 28 67 1244 57 82 44 2021-12-10 2025-03-11 sp@socprime.com v-atulyadav@microsoft.com Solutions/OracleWebLogicServer/Hunting Queries/OracleWebLogicUncommonUserAgents.yaml 26 45 1244 57 54 34 2021-12-10 2025-03-11 sp@socprime.com v-atulyadav@microsoft.com Solutions/OracleWebLogicServer/Hunting Queries/OracleWebLogicAbnormalRequestSize.yaml 32 44 1244 57 53 34 2021-12-10 2025-03-11 sp@socprime.com v-atulyadav@microsoft.com Solutions/OracleWebLogicServer/Hunting Queries/OracleWebLogicCriticalEventSeverity.yaml 29 45 1244 57 54 34 2021-12-10 2025-03-11 sp@socprime.com v-atulyadav@microsoft.com Solutions/OracleWebLogicServer/Hunting Queries/OracleWebLogicRareURLsRequested.yaml 25 44 1244 57 53 34 2021-12-10 2025-03-11 sp@socprime.com v-atulyadav@microsoft.com Solutions/OracleWebLogicServer/Hunting Queries/OracleWebLogicUrlClienterrors.yaml 28 67 1244 57 82 44 2021-12-10 2025-03-11 sp@socprime.com v-atulyadav@microsoft.com Solutions/OracleWebLogicServer/Hunting Queries/OracleWebLogicFilesErrorRequests.yaml 28 66 1244 57 81 44 2021-12-10 2025-03-11 sp@socprime.com v-atulyadav@microsoft.com Solutions/OracleWebLogicServer/Hunting Queries/OracleWebLogicRareUAWithClientErrors.yaml 27 66 1244 57 81 44 2021-12-10 2025-03-11 sp@socprime.com v-atulyadav@microsoft.com Solutions/OracleWebLogicServer/Hunting Queries/OracleWebLogicErrors.yaml 22 67 1244 57 82 44 2021-12-10 2025-03-11 sp@socprime.com v-atulyadav@microsoft.com Solutions/OracleWebLogicServer/Hunting Queries/OracleWebLogic403RequestsFiles.yaml 25 85 1244 57 115 60 2021-12-10 2025-03-11 sp@socprime.com v-atulyadav@microsoft.com Solutions/OracleWebLogicServer/Parsers/OracleWebLogicServerEvent.yaml 79 58 624 293 109 45 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/OracleWebLogicServer/Analytic Rules/OracleWebLogicExploitCVE-2021-2109.yaml 30 94 1244 57 128 69 2021-12-10 2025-03-11 sp@socprime.com v-atulyadav@microsoft.com Solutions/OracleWebLogicServer/Analytic Rules/OracleWebLogicCommandInURI.yaml 30 85 1244 57 115 60 2021-12-10 2025-03-11 sp@socprime.com v-atulyadav@microsoft.com Solutions/OracleWebLogicServer/Analytic Rules/OracleWebLogicDifferentUAsFromSingleIP.yaml 33 85 1244 57 115 60 2021-12-10 2025-03-11 sp@socprime.com v-atulyadav@microsoft.com Solutions/OracleWebLogicServer/Analytic Rules/OracleWebLogicMultipleServerErrorsRequestsFromSingleIP.yaml 35 87 1244 57 119 60 2021-12-10 2025-03-11 sp@socprime.com v-atulyadav@microsoft.com Solutions/OracleWebLogicServer/Analytic Rules/OracleWebLogicPrivateIpInUrl.yaml 35 85 1244 57 115 60 2021-12-10 2025-03-11 sp@socprime.com v-atulyadav@microsoft.com Solutions/OracleWebLogicServer/Analytic Rules/OracleWebLogicPutAndGetFileFromSameIP.yaml 44 74 1244 57 99 56 2021-12-10 2025-03-11 sp@socprime.com v-atulyadav@microsoft.com Solutions/OracleWebLogicServer/Analytic Rules/OracleWebLogicRequestToSensitiveFiles.yaml 36 85 1244 57 115 60 2021-12-10 2025-03-11 sp@socprime.com v-atulyadav@microsoft.com Solutions/OracleWebLogicServer/Analytic Rules/OracleWebLogicMultipleClientErrorsFromSingleIP.yaml 33 87 1244 57 118 60 2021-12-10 2025-03-11 sp@socprime.com v-atulyadav@microsoft.com Solutions/OracleWebLogicServer/Analytic Rules/OracleWebLogicPutSuspiciousFiles.yaml 43 85 1244 57 115 60 2021-12-10 2025-03-11 sp@socprime.com v-atulyadav@microsoft.com Solutions/Commvault Security IQ/Tools/AssignLogicAppRoles.ps1 67 12 49 13 17 9 2025-03-19 2025-04-24 sean.mcclelland@samsung.com v-prasadboke@microsoft.com Solutions/Commvault Security IQ/Tools/Setup-CommvaultAutomation.ps1 222 12 49 13 17 9 2025-03-19 2025-04-24 sean.mcclelland@samsung.com v-prasadboke@microsoft.com Solutions/Commvault Security IQ/Playbooks/Runbooks/Commvault_Disable_IDP.py 50 31 405 13 49 26 2024-03-28 2025-04-24 svc.cv-securityiq@commvault.com v-prasadboke@microsoft.com Solutions/Commvault Security IQ/Playbooks/Runbooks/Commvault_Cycle_Token.ps1 69 30 616 293 62 28 2023-08-30 2024-07-18 svc.cv-securityiq@commvault.com 164491672+shishirdw@users.noreply.github.com Solutions/Commvault Security IQ/Playbooks/Runbooks/Commvault_Disable_Data_Aging.py 78 31 405 13 49 26 2024-03-28 2025-04-24 svc.cv-securityiq@commvault.com v-prasadboke@microsoft.com Solutions/Commvault Security IQ/Playbooks/Runbooks/Commvault_Disable_User.py 53 31 405 13 49 26 2024-03-28 2025-04-24 svc.cv-securityiq@commvault.com v-prasadboke@microsoft.com Solutions/Commvault Security IQ/Analytic Rules/CommvaultSecurityIQ_Alert.yaml 35 38 390 13 59 30 2024-04-12 2025-04-24 svc.cv-securityiq@commvault.com v-prasadboke@microsoft.com Solutions/Commvault Security IQ/Analytic Rules/User_Alert.yaml 35 46 616 13 84 38 2023-08-30 2025-04-24 svc.cv-securityiq@commvault.com v-prasadboke@microsoft.com Solutions/Commvault Security IQ/Analytic Rules/IDP_Alert.yaml 31 44 616 13 81 38 2023-08-30 2025-04-24 svc.cv-securityiq@commvault.com v-prasadboke@microsoft.com Solutions/Commvault Security IQ/Analytic Rules/Data_Alert.yaml 33 44 616 13 81 38 2023-08-30 2025-04-24 svc.cv-securityiq@commvault.com v-prasadboke@microsoft.com Solutions/Commvault Security IQ/Data Connectors/AzureFunctionCommvaultSecurityIQ/main.py 467 75 392 13 108 43 2024-04-10 2025-04-24 svc.cv-securityiq@commvault.com v-prasadboke@microsoft.com Solutions/Cortex XDR/Parsers/PaloAltoCortexXDR.yaml 41 14 168 58 18 9 2024-11-20 2025-03-10 idoshabi@microsoft.com idoshabi@microsoft.com Solutions/Cortex XDR/Analytic Rules/CortexXDR_Medium.yaml 51 40 681 293 74 35 2023-06-26 2024-07-18 137840403+l-tippayaratprontawee147@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Cortex XDR/Analytic Rules/CortexXDR_Low.yaml 51 40 681 293 74 35 2023-06-26 2024-07-18 137840403+l-tippayaratprontawee147@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Cortex XDR/Analytic Rules/CortexXDR_High.yaml 51 40 681 293 74 35 2023-06-26 2024-07-18 137840403+l-tippayaratprontawee147@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/FireEye Network Security/Parsers/FireEyeNXEvent.yaml 70 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Windows Server DNS/Hunting Queries/Solorigate-DNS-Pattern.yaml 45 52 1031 293 70 46 2022-07-11 2024-07-18 v-ntripathi@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Windows Server DNS/Hunting Queries/Solorigate-Encoded-Domain-URL.yaml 44 52 1031 293 70 46 2022-07-11 2024-07-18 v-ntripathi@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Windows Server DNS/Hunting Queries/DNS_WannaCry.yaml 45 52 1031 293 70 46 2022-07-11 2024-07-18 v-ntripathi@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Windows Server DNS/Hunting Queries/DNS_DomainAnomalousLookupIncrease.yaml 73 53 1031 293 73 46 2022-07-11 2024-07-18 v-ntripathi@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Windows Server DNS/Hunting Queries/DNS_HighPercentNXDomainCount.yaml 100 62 1031 293 94 53 2022-07-11 2024-07-18 v-ntripathi@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Windows Server DNS/Hunting Queries/DNS_CommonlyAbusedTLDs.yaml 7 53 1031 293 73 46 2022-07-11 2024-07-18 v-ntripathi@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Windows Server DNS/Hunting Queries/DNS_LongURILookup.yaml 57 53 1031 293 73 46 2022-07-11 2024-07-18 v-ntripathi@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Windows Server DNS/Hunting Queries/DNS_FullNameAnomalousLookupIncrease.yaml 69 53 1031 293 73 46 2022-07-11 2024-07-18 v-ntripathi@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Windows Server DNS/Hunting Queries/DNS_HighReverseDNSCount.yaml 24 53 1031 293 72 46 2022-07-11 2024-07-18 v-ntripathi@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Windows Server DNS/Analytic Rules/NRT_DNS_Related_To_Mining_Pools.yaml 43 71 1031 261 93 57 2022-07-11 2024-08-19 v-ntripathi@microsoft.com v-prasadboke@microsoft.com Solutions/Windows Server DNS/Analytic Rules/DNS_HighNXDomainCount_detection.yaml 39 84 1031 261 122 63 2022-07-11 2024-08-19 v-ntripathi@microsoft.com v-prasadboke@microsoft.com Solutions/Windows Server DNS/Analytic Rules/DNS_Miners.yaml 47 82 1031 261 112 62 2022-07-11 2024-08-19 v-ntripathi@microsoft.com v-prasadboke@microsoft.com Solutions/Windows Server DNS/Analytic Rules/DNS_HighReverseDNSCount_detection.yaml 31 64 1031 293 91 51 2022-07-11 2024-07-18 v-ntripathi@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Windows Server DNS/Analytic Rules/DNS_TorProxies.yaml 42 82 1031 261 112 62 2022-07-11 2024-08-19 v-ntripathi@microsoft.com v-prasadboke@microsoft.com Solutions/ZeroTrust(TIC3.0)/Analytic Rules/Zero_Trust_TIC3.0_ControlAssessmentPostureChange.yaml 48 45 1165 576 71 45 2022-02-27 2023-10-09 54327442+thbanasi@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/BloodHound Enterprise/Analytic Rules/BloodHoundEnterpriseTierZeroAssets.yaml 30 78 736 57 146 65 2023-05-02 2025-03-11 gwhite@specterops.io v-atulyadav@microsoft.com Solutions/BloodHound Enterprise/Analytic Rules/BloodHoundEnterpriseExposure.yaml 30 78 736 57 146 65 2023-05-02 2025-03-11 gwhite@specterops.io v-atulyadav@microsoft.com Solutions/BloodHound Enterprise/Analytic Rules/BloodHoundEnterpriseCriticalAttackPaths.yaml 30 78 736 57 146 65 2023-05-02 2025-03-11 gwhite@specterops.io v-atulyadav@microsoft.com Solutions/BloodHound Enterprise/Data Connectors/handler.go 172 25 194 57 33 19 2024-10-25 2025-03-11 ghodum@solutionstreet.com v-atulyadav@microsoft.com Solutions/BloodHound Enterprise/Data Connectors/pkg/bloodhound/client.go 200 26 188 57 35 18 2024-10-31 2025-03-11 ditkin@gmail.com v-atulyadav@microsoft.com Solutions/BloodHound Enterprise/Data Connectors/pkg/model/model.go 36 12 183 58 15 11 2024-11-05 2025-03-10 ditkin@gmail.com idoshabi@microsoft.com Solutions/BloodHound Enterprise/Data Connectors/pkg/connector/main.go 597 28 188 57 49 18 2024-10-31 2025-03-11 ditkin@gmail.com v-atulyadav@microsoft.com Solutions/BloodHound Enterprise/Data Connectors/pkg/connector/config.go 44 12 188 58 15 11 2024-10-31 2025-03-10 ditkin@gmail.com idoshabi@microsoft.com Solutions/BloodHound Enterprise/Data Connectors/pkg/control/http_control.go 45 12 188 58 15 11 2024-10-31 2025-03-10 ditkin@gmail.com idoshabi@microsoft.com Solutions/BloodHound Enterprise/Data Connectors/pkg/azure/client.go 12 12 188 58 15 11 2024-10-31 2025-03-10 ditkin@gmail.com idoshabi@microsoft.com Solutions/IllumioSaaS/Parsers/IllumioSyslogAuditEvents.yaml 27 11 107 57 16 13 2025-01-20 2025-03-11 ashwin.venkatesha@illumio.com v-atulyadav@microsoft.com Solutions/IllumioSaaS/Parsers/IllumioSyslogNetworkTrafficEvents.yaml 42 11 107 57 16 13 2025-01-20 2025-03-11 ashwin.venkatesha@illumio.com v-atulyadav@microsoft.com Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Firewall_Tampering_Detection_Query.yaml 47 33 212 57 43 18 2024-10-07 2025-03-11 ashwin.venkatesha@illumio.com v-atulyadav@microsoft.com Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Suspend_Query.yaml 46 34 215 57 44 18 2024-10-04 2025-03-11 ashwin.venkatesha@illumio.com v-atulyadav@microsoft.com Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Offline_Detection_Query.yaml 44 39 230 57 54 21 2024-09-19 2025-03-11 ashwin.venkatesha@illumio.com v-atulyadav@microsoft.com Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Enforcement_Change_Detection_Query.yaml 58 39 230 57 53 21 2024-09-19 2025-03-11 ashwin.venkatesha@illumio.com v-atulyadav@microsoft.com Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Deactivated_Query.yaml 50 35 215 57 45 18 2024-10-04 2025-03-11 ashwin.venkatesha@illumio.com v-atulyadav@microsoft.com Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Clone_Detection_Query.yaml 41 35 215 57 45 18 2024-10-04 2025-03-11 ashwin.venkatesha@illumio.com v-atulyadav@microsoft.com Solutions/IllumioSaaS/Data Connectors/QueueManagerFunctionApp/queue_manager.py 52 56 376 58 90 26 2024-04-26 2025-03-10 ashwin.venkatesha@illumio.com idoshabi@microsoft.com Solutions/IllumioSaaS/Data Connectors/CommonCode/__init__.py 1 22 203 58 26 9 2024-10-16 2025-03-10 ashwin.venkatesha@illumio.com idoshabi@microsoft.com Solutions/IllumioSaaS/Data Connectors/CommonCode/helper.py 21 22 203 58 26 9 2024-10-16 2025-03-10 ashwin.venkatesha@illumio.com idoshabi@microsoft.com Solutions/IllumioSaaS/Data Connectors/CommonCode/azure_storage_queue.py 32 22 203 58 26 9 2024-10-16 2025-03-10 ashwin.venkatesha@illumio.com idoshabi@microsoft.com Solutions/IllumioSaaS/Data Connectors/CommonCode/constants.py 45 42 203 13 54 21 2024-10-16 2025-04-24 ashwin.venkatesha@illumio.com v-prasadboke@microsoft.com Solutions/IllumioSaaS/Data Connectors/CommonCode/sentinel_connector.py 48 22 203 58 26 9 2024-10-16 2025-03-10 ashwin.venkatesha@illumio.com idoshabi@microsoft.com Solutions/IllumioSaaS/Data Connectors/QueueTriggerFuncApp/azure_queue_trigger.py 161 59 376 58 93 26 2024-04-26 2025-03-10 ashwin.venkatesha@illumio.com idoshabi@microsoft.com Solutions/IllumioSaaS/Data Connectors/OnPremHealthFunctionApp/onprem_health_api.py 33 13 111 57 18 13 2025-01-16 2025-03-11 ashwin.venkatesha@illumio.com v-atulyadav@microsoft.com Solutions/IllumioSaaS/Data Connectors/TimedApiFunctionApp/api_response.py 179 54 321 57 88 27 2024-06-20 2025-03-11 ashwin.venkatesha@illumio.com v-atulyadav@microsoft.com Solutions/IllumioSaaS/Data Connectors/TimedSQSFunctionApp/aws_queue.py 250 60 376 58 96 26 2024-04-26 2025-03-10 ashwin.venkatesha@illumio.com idoshabi@microsoft.com Solutions/ZoomReports/Parsers/Zoom.yaml 109 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/ZoomReports/Data Connectors/ZoomSentinelConnector/__init__.py 299 58 897 293 110 47 2022-11-22 2024-07-18 105694882+v-laanjana@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/ZoomReports/Data Connectors/ZoomSentinelConnector/state_manager.py 18 28 897 576 40 22 2022-11-22 2023-10-09 105694882+v-laanjana@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/GitHub/Hunting Queries/Inactive or New Account Usage.yaml 43 19 1164 576 25 20 2022-02-28 2023-10-09 kobymin@microsoft.com mrudula.oruganti@gigamon.com Solutions/GitHub/Hunting Queries/Mass Deletion of Repositories .yaml 33 19 1164 576 25 20 2022-02-28 2023-10-09 kobymin@microsoft.com mrudula.oruganti@gigamon.com Solutions/GitHub/Hunting Queries/Oauth App Restrictions Disabled.yaml 15 19 1164 576 25 20 2022-02-28 2023-10-09 kobymin@microsoft.com mrudula.oruganti@gigamon.com Solutions/GitHub/Hunting Queries/Repository Permission Switched to Public.yaml 14 19 1164 576 25 20 2022-02-28 2023-10-09 kobymin@microsoft.com mrudula.oruganti@gigamon.com Solutions/GitHub/Hunting Queries/User First Time Repository Delete Activity.yaml 24 19 1164 576 25 20 2022-02-28 2023-10-09 kobymin@microsoft.com mrudula.oruganti@gigamon.com Solutions/GitHub/Hunting Queries/Org Repositories Default Permissions Change.yaml 15 19 1164 576 25 20 2022-02-28 2023-10-09 kobymin@microsoft.com mrudula.oruganti@gigamon.com Solutions/GitHub/Hunting Queries/User Grant Access and Grants Other Access.yaml 25 46 1164 457 66 43 2022-02-28 2024-02-05 kobymin@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Solutions/GitHub/Hunting Queries/First Time User Invite and Add Member to Org.yaml 24 40 1164 576 61 43 2022-02-28 2023-10-09 kobymin@microsoft.com mrudula.oruganti@gigamon.com Solutions/GitHub/Parsers/GitHubSecretScanningData.yaml 43 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/GitHub/Parsers/GitHubAuditData.yaml 24 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/GitHub/Parsers/GitHubCodeScanningData.yaml 42 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/GitHub/Parsers/GitHubDependabotData.yaml 39 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/GitHub/Analytic Rules/(Preview) GitHub - A payment method was removed.yaml 30 47 1012 268 72 45 2022-07-30 2024-08-12 v-sabiraj@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/GitHub/Analytic Rules/(Preview) GitHub - Repository was destroyed.yaml 30 47 1012 268 72 45 2022-07-30 2024-08-12 v-sabiraj@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/GitHub/Analytic Rules/(Preview) GitHub - User was added to the organization.yaml 32 66 1012 261 114 63 2022-07-30 2024-08-19 v-sabiraj@microsoft.com v-prasadboke@microsoft.com Solutions/GitHub/Analytic Rules/(Preview) GitHub - Repository was created.yaml 30 47 1012 268 72 45 2022-07-30 2024-08-12 v-sabiraj@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/GitHub/Analytic Rules/(Preview) GitHub - Oauth application - a client secret was removed.yaml 30 47 1012 268 72 45 2022-07-30 2024-08-12 v-sabiraj@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/GitHub/Analytic Rules/(Preview) GitHub - pull request was created.yaml 31 47 1012 268 72 45 2022-07-30 2024-08-12 v-sabiraj@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/GitHub/Analytic Rules/(Preview) GitHub - Two Factor Authentication Disabled in GitHub.yaml 32 59 1012 261 87 51 2022-07-30 2024-08-19 v-sabiraj@microsoft.com v-prasadboke@microsoft.com Solutions/GitHub/Analytic Rules/(Preview) GitHub - User visibility Was changed.yaml 32 45 1012 261 66 41 2022-07-30 2024-08-19 v-sabiraj@microsoft.com v-prasadboke@microsoft.com Solutions/GitHub/Analytic Rules/(Preview) GitHub - User was blocked.yaml 32 45 1012 261 65 41 2022-07-30 2024-08-19 v-sabiraj@microsoft.com v-prasadboke@microsoft.com Solutions/GitHub/Analytic Rules/Security Vulnerability in Repo.yaml 35 70 770 106 116 56 2023-03-29 2025-01-21 v-vdixit@microsoft.com 128674128+v1managedservices@users.noreply.github.com Solutions/GitHub/Analytic Rules/(Preview) GitHub - Activities from Infrequent Country.yaml 45 47 1012 268 72 45 2022-07-30 2024-08-12 v-sabiraj@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/GitHub/Analytic Rules/(Preview) GitHub - User was invited to the repository.yaml 32 44 965 261 64 40 2022-09-15 2024-08-19 v-atulyadav@microsoft.com v-prasadboke@microsoft.com Solutions/GitHub/Analytic Rules/NRT Two Factor Authentication Disabled.yaml 31 49 770 261 58 40 2023-03-29 2024-08-19 v-vdixit@microsoft.com v-prasadboke@microsoft.com Solutions/GitHub/Analytic Rules/(Preview) GitHub - pull request was merged.yaml 31 47 1012 268 73 45 2022-07-30 2024-08-12 v-sabiraj@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/GitHub/Data Connectors/GithubWebhook/GithubWebhookConnector/__init__.py 99 83 1036 293 156 71 2022-07-06 2024-07-18 105280229+venkataprathibha@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Zscaler Private Access (ZPA)/Hunting Queries/ZscalerApplicationByUsers.yaml 24 43 1265 58 51 37 2021-11-19 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/Zscaler Private Access (ZPA)/Hunting Queries/ZscalerUrlhostname.yaml 25 42 1265 58 50 37 2021-11-19 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/Zscaler Private Access (ZPA)/Hunting Queries/ZscalerAbnormalTotalBytesSize.yaml 26 44 1265 58 52 37 2021-11-19 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/Zscaler Private Access (ZPA)/Hunting Queries/ZscalerUserAccessGroups.yaml 23 43 1265 58 51 37 2021-11-19 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/Zscaler Private Access (ZPA)/Hunting Queries/ZscalerConnectionCloseReason.yaml 31 44 1265 58 52 37 2021-11-19 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/Zscaler Private Access (ZPA)/Hunting Queries/ZscalerTopSourceIP.yaml 25 42 1265 58 50 37 2021-11-19 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/Zscaler Private Access (ZPA)/Hunting Queries/ZscalerUserServerErrors.yaml 25 44 1265 58 52 37 2021-11-19 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/Zscaler Private Access (ZPA)/Hunting Queries/ZscalerSourceLocation.yaml 24 43 1265 58 51 37 2021-11-19 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/Zscaler Private Access (ZPA)/Hunting Queries/ZscalerIPsByPorts.yaml 24 68 1265 58 92 62 2021-11-19 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/Zscaler Private Access (ZPA)/Hunting Queries/ZscalerTopConnectors.yaml 26 43 1265 58 51 37 2021-11-19 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/Zscaler Private Access (ZPA)/Analytic Rules/ZscalerUnexpectedUpdateOperation.yaml 37 73 1265 58 99 63 2021-11-19 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/Zscaler Private Access (ZPA)/Analytic Rules/ZscalerZPAConnectionsOutsideOperationalHours.yaml 33 74 1265 58 101 63 2021-11-19 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/Zscaler Private Access (ZPA)/Analytic Rules/ZscalerUnexpectedCountEventResult.yaml 33 90 1265 58 129 69 2021-11-19 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/Zscaler Private Access (ZPA)/Analytic Rules/ZscalerUnexpectedCountries.yaml 36 88 1265 58 127 69 2021-11-19 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/Zscaler Private Access (ZPA)/Analytic Rules/ZscalerSharedZPASession.yaml 54 91 1265 58 132 69 2021-11-19 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/Zscaler Private Access (ZPA)/Analytic Rules/ZscalerZPAConnectionsFromNewIP.yaml 43 74 1265 58 100 63 2021-11-19 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/Zscaler Private Access (ZPA)/Analytic Rules/ZscalerZPAUnexpectedSessionDuration.yaml 52 75 1265 58 102 63 2021-11-19 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/Zscaler Private Access (ZPA)/Analytic Rules/ZscalerZPAConnectionsFromNewCountry.yaml 39 73 1265 58 99 63 2021-11-19 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/Zscaler Private Access (ZPA)/Analytic Rules/ZscalerZPAConnectionsByDormantUser.yaml 38 88 1265 58 127 69 2021-11-19 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/Zscaler Private Access (ZPA)/Analytic Rules/ZscalerZPAConnectionsByNewUser.yaml 37 73 1265 58 99 63 2021-11-19 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/AristaAwakeSecurity/Analytic Rules/HighSeverityMatchesByDevice.yaml 61 83 1328 57 147 69 2021-09-17 2025-03-11 adarshb@arista.com v-atulyadav@microsoft.com Solutions/AristaAwakeSecurity/Analytic Rules/HighMatchCountsByDevice.yaml 63 83 1328 57 147 69 2021-09-17 2025-03-11 adarshb@arista.com v-atulyadav@microsoft.com Solutions/AristaAwakeSecurity/Analytic Rules/ModelMatchesWithMultipleDestinationsByDevice.yaml 61 83 1328 57 147 69 2021-09-17 2025-03-11 adarshb@arista.com v-atulyadav@microsoft.com Solutions/Red Canary/Analytic Rules/RedCanaryThreatDetection.yaml 132 29 1148 259 57 27 2022-03-16 2024-08-21 ian.woodley@redcanary.com nilepagn@microsoft.com Solutions/GoogleWorkspaceReports/Hunting Queries/GWorkspacePossibleSCAMSPAMorPhishingCalendar.yaml 31 21 1231 576 29 20 2021-12-23 2023-10-09 sp@socprime.com mrudula.oruganti@gigamon.com Solutions/GoogleWorkspaceReports/Hunting Queries/GWorkspaceDocumentSharedPublicilyWithLink.yaml 26 32 1231 576 45 29 2021-12-23 2023-10-09 sp@socprime.com mrudula.oruganti@gigamon.com Solutions/GoogleWorkspaceReports/Hunting Queries/GWorkspaceUserWithSeveralDevices.yaml 25 32 1231 576 45 29 2021-12-23 2023-10-09 sp@socprime.com mrudula.oruganti@gigamon.com Solutions/GoogleWorkspaceReports/Hunting Queries/GWorkspaceDocumentSharedPublicily.yaml 25 22 1231 576 31 20 2021-12-23 2023-10-09 sp@socprime.com mrudula.oruganti@gigamon.com Solutions/GoogleWorkspaceReports/Hunting Queries/GWorkspaceDocumentSharedExternally.yaml 26 32 1231 576 45 29 2021-12-23 2023-10-09 sp@socprime.com mrudula.oruganti@gigamon.com Solutions/GoogleWorkspaceReports/Hunting Queries/GWorkspaceUncommonUAsString.yaml 31 20 1231 576 28 20 2021-12-23 2023-10-09 sp@socprime.com mrudula.oruganti@gigamon.com Solutions/GoogleWorkspaceReports/Hunting Queries/GWorkspaceDocumentCopiedToPrivateDrive.yaml 37 30 693 293 67 44 2023-06-14 2024-07-18 r.greatlove@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/GoogleWorkspaceReports/Hunting Queries/GWorkspaceRareDocType.yaml 25 46 1231 293 70 49 2021-12-23 2024-07-18 sp@socprime.com 164491672+shishirdw@users.noreply.github.com Solutions/GoogleWorkspaceReports/Hunting Queries/GWorkspaceUnknownLoginType.yaml 27 33 1231 576 46 29 2021-12-23 2023-10-09 sp@socprime.com mrudula.oruganti@gigamon.com Solutions/GoogleWorkspaceReports/Hunting Queries/GWorkspaceUserReportedCalendarInviteAsSpam.yaml 23 22 1231 576 31 20 2021-12-23 2023-10-09 sp@socprime.com mrudula.oruganti@gigamon.com Solutions/GoogleWorkspaceReports/Hunting Queries/GWorkspaceSuspendedUsers.yaml 23 22 1224 576 31 20 2021-12-30 2023-10-09 sp@socprime.com mrudula.oruganti@gigamon.com Solutions/GoogleWorkspaceReports/Hunting Queries/GWorkspaceSharedPrivateDocument.yaml 25 22 1231 576 31 20 2021-12-23 2023-10-09 sp@socprime.com mrudula.oruganti@gigamon.com Solutions/GoogleWorkspaceReports/Hunting Queries/GWorkspaceLicenseRevokeAndAssignmentToUser.yaml 50 30 693 293 66 44 2023-06-14 2024-07-18 r.greatlove@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/GoogleWorkspaceReports/Hunting Queries/GWorkspaceMultiIPAddresses.yaml 25 32 1231 576 45 29 2021-12-23 2023-10-09 sp@socprime.com mrudula.oruganti@gigamon.com Solutions/GoogleWorkspaceReports/Parsers/GWorkspaceActivityReports.yaml 204 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/GoogleWorkspaceReports/Analytic Rules/GWorkspaceApiAccessToNewClient.yaml 30 58 1231 576 89 48 2021-12-23 2023-10-09 sp@socprime.com mrudula.oruganti@gigamon.com Solutions/GoogleWorkspaceReports/Analytic Rules/GWorkspaceTwoStepAuthenticationDisabledForUser.yaml 29 55 1231 576 86 48 2021-12-23 2023-10-09 sp@socprime.com mrudula.oruganti@gigamon.com Solutions/GoogleWorkspaceReports/Analytic Rules/GWorkspaceDifferentUAsFromSingleIP.yaml 34 55 1231 576 86 48 2021-12-23 2023-10-09 sp@socprime.com mrudula.oruganti@gigamon.com Solutions/GoogleWorkspaceReports/Analytic Rules/GWorkspacePossibleMaldocFileNamesInGDRIVE.yaml 34 55 1231 576 86 48 2021-12-23 2023-10-09 sp@socprime.com mrudula.oruganti@gigamon.com Solutions/GoogleWorkspaceReports/Analytic Rules/GWorkspacePossibleBruteForce.yaml 32 57 1231 576 88 48 2021-12-23 2023-10-09 sp@socprime.com mrudula.oruganti@gigamon.com Solutions/GoogleWorkspaceReports/Analytic Rules/GWorkspaceOutboundRelayAddedToSuiteDomain.yaml 29 57 1231 576 87 48 2021-12-23 2023-10-09 sp@socprime.com mrudula.oruganti@gigamon.com Solutions/GoogleWorkspaceReports/Analytic Rules/GWorkspaceChangedUserAccess.yaml 29 57 1231 576 88 48 2021-12-23 2023-10-09 sp@socprime.com mrudula.oruganti@gigamon.com Solutions/GoogleWorkspaceReports/Analytic Rules/GWorkspaceAlertEvents.yaml 30 57 1231 576 88 48 2021-12-23 2023-10-09 sp@socprime.com mrudula.oruganti@gigamon.com Solutions/GoogleWorkspaceReports/Analytic Rules/GWorkspaceAdminPermissionsGranted.yaml 29 56 1231 576 87 48 2021-12-23 2023-10-09 sp@socprime.com mrudula.oruganti@gigamon.com Solutions/GoogleWorkspaceReports/Analytic Rules/GWorkspaceUnexpectedOSUpdate.yaml 44 73 1231 259 133 63 2021-12-23 2024-08-21 sp@socprime.com nilepagn@microsoft.com Solutions/GoogleWorkspaceReports/Data Connectors/get_google_pickle_string.py 12 53 1004 268 88 44 2022-08-07 2024-08-12 v-marimanda@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/GoogleWorkspaceReports/Data Connectors/GWorkspaceReportsAPISentinelConn/GWorkspaceReports-QueueTrigger/__init__.py 273 36 460 268 61 30 2024-02-02 2024-08-12 40334679+azurekid@users.noreply.github.com 62938807+haim-na@users.noreply.github.com Solutions/GoogleWorkspaceReports/Data Connectors/GWorkspaceReportsAPISentinelConn/GWorkspaceReports-QueueTrigger/state_manager.py 99 25 460 268 37 23 2024-02-02 2024-08-12 40334679+azurekid@users.noreply.github.com 62938807+haim-na@users.noreply.github.com Solutions/GoogleWorkspaceReports/Data Connectors/GWorkspaceReportsAPISentinelConn/GWorkspaceReports-TimeTrigger/__init__.py 207 25 460 268 37 23 2024-02-02 2024-08-12 40334679+azurekid@users.noreply.github.com 62938807+haim-na@users.noreply.github.com Solutions/GoogleWorkspaceReports/Data Connectors/GWorkspaceReportsAPISentinelConn/GWorkspaceReports-TimeTrigger/state_manager.py 68 25 460 268 37 23 2024-02-02 2024-08-12 40334679+azurekid@users.noreply.github.com 62938807+haim-na@users.noreply.github.com Solutions/Cisco UCS/Parsers/CiscoUCS.yaml 55 44 624 106 92 39 2023-08-22 2025-01-21 mkchiliveri@gmail.com 128674128+v1managedservices@users.noreply.github.com Solutions/Cloud Service Threat Protection Essentials/Hunting Queries/AzureResourceAssignedPublicIP.yaml 77 79 903 268 128 67 2022-11-16 2024-08-12 v-sabiraj@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Cloud Service Threat Protection Essentials/Hunting Queries/AzureKeyVaultAccessManipulation.yaml 50 51 903 293 73 48 2022-11-16 2024-07-18 v-sabiraj@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/CrowdStrike Falcon Endpoint Protection/Parsers/CrowdStrikeReplicatorV2.yaml 155 50 651 293 108 47 2023-07-26 2024-07-18 137840403+ltipp147@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/CrowdStrike Falcon Endpoint Protection/Parsers/CrowdStrikeReplicator.yaml 1074 40 644 293 70 35 2023-08-02 2024-07-18 dnrr2808@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/CrowdStrike Falcon Endpoint Protection/Parsers/CrowdStrikeFalconEventStream.yaml 67 12 112 57 15 11 2025-01-15 2025-03-11 103933805+v-dvedak@users.noreply.github.com v-atulyadav@microsoft.com Solutions/CrowdStrike Falcon Endpoint Protection/Parsers/CrowdStrikeReplicator_future.yaml 1123 36 644 293 60 32 2023-08-02 2024-07-18 dnrr2808@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/CrowdStrike Falcon Endpoint Protection/Analytic Rules/CriticalSeverityDetection.yaml 45 167 1538 58 280 136 2021-02-19 2025-03-10 ndicola@microsoft.com idoshabi@microsoft.com Solutions/CrowdStrike Falcon Endpoint Protection/Analytic Rules/CriticalOrHighSeverityDetectionsByUser.yaml 19 167 1538 58 280 136 2021-02-19 2025-03-10 ndicola@microsoft.com idoshabi@microsoft.com Solutions/CrowdStrike Falcon Endpoint Protection/Data Connectors/CrowdStrikeFalconAdversaryIntelligence/CrowdStrikeFalconThreatIntelConnector/__init__.py 187 23 337 261 39 19 2024-06-04 2024-08-19 gax.theodorio@crowdstrike.com v-prasadboke@microsoft.com Solutions/CrowdStrike Falcon Endpoint Protection/Data Connectors/CrowdStrikeFalconAdversaryIntelligence/CrowdStrikeFalconThreatIntelConnector/utils.py 107 23 337 261 39 19 2024-06-04 2024-08-19 gax.theodorio@crowdstrike.com v-prasadboke@microsoft.com Solutions/CrowdStrike Falcon Endpoint Protection/Data Connectors/CrowdstrikeReplicatorCLv2/CrowdstrikeFalconAPISentinelConn/Replicator/main_aws_queue.py 157 95 646 58 197 67 2023-07-31 2025-03-10 97222872+vakohl@users.noreply.github.com idoshabi@microsoft.com Solutions/CrowdStrike Falcon Endpoint Protection/Data Connectors/CrowdstrikeReplicatorCLv2/CrowdstrikeFalconAPISentinelConn/QueueTriggerCS/__init__.py 284 75 646 57 165 64 2023-07-31 2025-03-11 97222872+vakohl@users.noreply.github.com v-atulyadav@microsoft.com Solutions/CrowdStrike Falcon Endpoint Protection/Data Connectors/CrowdstrikeReplicatorCLv2/CrowdstrikeFalconAPISentinelConn/QueueTriggerCS/sentinel_connector_clv2_async.py 95 63 646 293 149 56 2023-07-31 2024-07-18 97222872+vakohl@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/CrowdStrike Falcon Endpoint Protection/Data Connectors/CrowdstrikeReplicatorCLv2/Data Collection Rules/Transformations/ASimRegistryEventCrowdStrikeFalcon.yaml 57 28 651 293 54 29 2023-07-26 2024-07-18 137840403+ltipp147@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/CrowdStrike Falcon Endpoint Protection/Data Connectors/CrowdstrikeReplicatorCLv2/Data Collection Rules/Transformations/ASimUserManagementCrowdStrikeFalcon.yaml 54 28 651 293 54 29 2023-07-26 2024-07-18 137840403+ltipp147@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/CrowdStrike Falcon Endpoint Protection/Data Connectors/CrowdstrikeReplicatorCLv2/Data Collection Rules/Transformations/ASimAuthenticationEventCrowdStrikeFalcon.yaml 79 28 651 293 54 29 2023-07-26 2024-07-18 137840403+ltipp147@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/CrowdStrike Falcon Endpoint Protection/Data Connectors/CrowdstrikeReplicatorCLv2/Data Collection Rules/Transformations/ASimProcessEventCrowdStrikeFalcon.yaml 86 28 651 293 54 29 2023-07-26 2024-07-18 137840403+ltipp147@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/CrowdStrike Falcon Endpoint Protection/Data Connectors/CrowdstrikeReplicator/CrowdstrikeFalconAPISentinelConnector/__init__.py 195 99 1055 57 153 69 2022-06-17 2025-03-11 104008048+v-atulyadav@users.noreply.github.com v-atulyadav@microsoft.com Solutions/CrowdStrike Falcon Endpoint Protection/Data Connectors/CrowdstrikeReplicator/CrowdstrikeFalconAPISentinelConnector/sentinel_connector_async.py 95 34 1055 576 57 33 2022-06-17 2023-10-09 104008048+v-atulyadav@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/CrowdStrike Falcon Endpoint Protection/Data Connectors/CrowdstrikeReplicator/CrowdstrikeFalconAPISentinelConnector/state_manager.py 18 34 1055 576 57 33 2022-06-17 2023-10-09 104008048+v-atulyadav@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Valence Security/Analytic Rules/ValenceAlerts.yaml 34 28 534 293 57 28 2023-11-20 2024-07-18 shlomomatichin@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Microsoft 365/Hunting Queries/MultipleTeamsDeletes.yaml 38 53 887 293 77 43 2022-12-02 2024-07-18 105694882+v-laanjana@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Microsoft 365/Hunting Queries/ExternalUserFromNewOrgAddedToTeams.yaml 15 53 887 293 77 43 2022-12-02 2024-07-18 105694882+v-laanjana@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Microsoft 365/Hunting Queries/MultipleUsersEmailForwardedToSameDestination.yaml 60 53 779 293 82 49 2023-03-20 2024-07-18 v-rbajaj@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Microsoft 365/Hunting Queries/New_WindowsReservedFileNamesOnOfficeFileServices.yaml 49 83 887 293 124 60 2022-12-02 2024-07-18 105694882+v-laanjana@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Microsoft 365/Hunting Queries/powershell_or_nonbrowser_MailboxLogin.yaml 31 83 887 293 124 60 2022-12-02 2024-07-18 105694882+v-laanjana@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Microsoft 365/Hunting Queries/NewBotAddedToTeams.yaml 40 53 887 293 77 43 2022-12-02 2024-07-18 105694882+v-laanjana@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Microsoft 365/Hunting Queries/sharepoint_downloads.yaml 39 53 887 293 77 43 2022-12-02 2024-07-18 105694882+v-laanjana@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Microsoft 365/Hunting Queries/MultiTeamBot.yaml 38 53 887 293 77 43 2022-12-02 2024-07-18 105694882+v-laanjana@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Microsoft 365/Hunting Queries/double_file_ext_exes.yaml 41 53 887 293 77 43 2022-12-02 2024-07-18 105694882+v-laanjana@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Microsoft 365/Hunting Queries/ExternalUserAddedRemovedInTeams_HuntVersion.yaml 42 53 887 293 77 43 2022-12-02 2024-07-18 105694882+v-laanjana@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Microsoft 365/Hunting Queries/nonowner_MailboxLogin.yaml 44 83 887 293 124 60 2022-12-02 2024-07-18 105694882+v-laanjana@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Microsoft 365/Hunting Queries/new_sharepoint_downloads_by_IP.yaml 52 83 887 293 124 60 2022-12-02 2024-07-18 105694882+v-laanjana@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Microsoft 365/Hunting Queries/new_sharepoint_downloads_by_UserAgent.yaml 59 53 887 293 77 43 2022-12-02 2024-07-18 105694882+v-laanjana@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Microsoft 365/Hunting Queries/UserAddToTeamsAndUploadsFile.yaml 39 53 887 293 77 43 2022-12-02 2024-07-18 105694882+v-laanjana@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Microsoft 365/Hunting Queries/new_adminaccountactivity.yaml 57 53 887 293 77 43 2022-12-02 2024-07-18 105694882+v-laanjana@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Microsoft 365/Hunting Queries/Mail_redirect_via_ExO_transport_rule_hunting.yaml 45 53 887 293 77 43 2022-12-02 2024-07-18 105694882+v-laanjana@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Microsoft 365/Hunting Queries/WindowsReservedFileNamesOnOfficeFileServices.yaml 54 83 887 293 124 60 2022-12-02 2024-07-18 105694882+v-laanjana@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Microsoft 365/Hunting Queries/OfficeMailForwarding_hunting.yaml 43 83 887 293 124 60 2022-12-02 2024-07-18 105694882+v-laanjana@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Microsoft 365/Hunting Queries/MultiTeamOwner.yaml 43 53 887 293 77 43 2022-12-02 2024-07-18 105694882+v-laanjana@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Microsoft 365/Hunting Queries/AnomolousUserAccessingOtherUsersMailbox.yaml 22 53 887 293 77 43 2022-12-02 2024-07-18 105694882+v-laanjana@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Microsoft 365/Hunting Queries/TeamsFilesUploaded.yaml 45 53 887 293 77 43 2022-12-02 2024-07-18 105694882+v-laanjana@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Microsoft 365/Analytic Rules/Malicious_Inbox_Rule.yaml 38 97 887 268 176 65 2022-12-02 2024-08-12 105694882+v-laanjana@users.noreply.github.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft 365/Analytic Rules/MultipleTeamsDeletes.yaml 41 97 887 268 176 65 2022-12-02 2024-08-12 105694882+v-laanjana@users.noreply.github.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft 365/Analytic Rules/ExternalUserAddedRemovedInTeams.yaml 71 104 887 261 193 68 2022-12-02 2024-08-19 105694882+v-laanjana@users.noreply.github.com v-prasadboke@microsoft.com Solutions/Microsoft 365/Analytic Rules/SharePoint_Downloads_byNewIP.yaml 71 94 887 268 187 70 2022-12-02 2024-08-12 105694882+v-laanjana@users.noreply.github.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft 365/Analytic Rules/ForestBlizzardCredHarvesting.yaml 4 60 730 293 99 56 2023-05-08 2024-07-18 50784041+anders-alex@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Microsoft 365/Analytic Rules/sharepoint_file_transfer_above_threshold.yaml 59 124 585 58 246 69 2023-09-30 2025-03-10 juju4@users.noreply.github.com idoshabi@microsoft.com Solutions/Microsoft 365/Analytic Rules/RareOfficeOperations.yaml 45 100 887 268 185 67 2022-12-02 2024-08-12 105694882+v-laanjana@users.noreply.github.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft 365/Analytic Rules/Office_MailForwarding.yaml 59 92 887 268 162 62 2022-12-02 2024-08-12 105694882+v-laanjana@users.noreply.github.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft 365/Analytic Rules/Mail_redirect_via_ExO_transport_rule.yaml 52 104 887 261 182 64 2022-12-02 2024-08-19 105694882+v-laanjana@users.noreply.github.com v-prasadboke@microsoft.com Solutions/Microsoft 365/Analytic Rules/SharePoint_Downloads_byNewUserAgent.yaml 82 131 887 261 225 88 2022-12-02 2024-08-19 105694882+v-laanjana@users.noreply.github.com v-prasadboke@microsoft.com Solutions/Microsoft 365/Analytic Rules/office_policytampering.yaml 62 92 887 268 165 64 2022-12-02 2024-08-12 105694882+v-laanjana@users.noreply.github.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft 365/Analytic Rules/Office_Uploaded_Executables.yaml 78 97 887 268 181 68 2022-12-02 2024-08-12 105694882+v-laanjana@users.noreply.github.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft 365/Analytic Rules/External User added to Team and immediately uploads file.yaml 88 107 887 191 192 67 2022-12-02 2024-10-28 105694882+v-laanjana@users.noreply.github.com 131643892+moti-ba@users.noreply.github.com Solutions/Microsoft 365/Analytic Rules/exchange_auditlogdisabled.yaml 50 114 887 261 214 73 2022-12-02 2024-08-19 105694882+v-laanjana@users.noreply.github.com v-prasadboke@microsoft.com Solutions/Microsoft 365/Analytic Rules/sharepoint_file_transfer_folders_above_threshold.yaml 59 118 585 106 244 72 2023-09-30 2025-01-21 juju4@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Microsoft 365/Analytic Rules/MailItemsAccessedTimeSeries.yaml 80 109 887 26 193 75 2022-12-02 2025-04-11 105694882+v-laanjana@users.noreply.github.com bartleyriley@gmail.com Solutions/Vectra AI Detect/Analytic Rules/VectraDetect-Host-Detections.yaml 87 95 771 58 182 66 2023-03-28 2025-03-10 danymello@gmail.com idoshabi@microsoft.com Solutions/Vectra AI Detect/Analytic Rules/VectraDetect-NewCampaign.yaml 62 158 1079 58 309 100 2022-05-24 2025-03-10 90677907+vmanojreddy@users.noreply.github.com idoshabi@microsoft.com Solutions/Vectra AI Detect/Analytic Rules/VectraDetect-Account-Detections.yaml 94 95 771 58 182 66 2023-03-28 2025-03-10 danymello@gmail.com idoshabi@microsoft.com Solutions/Vectra AI Detect/Analytic Rules/VectraDetect-Host-by-Severity.yaml 87 141 1079 58 263 90 2022-05-24 2025-03-10 90677907+vmanojreddy@users.noreply.github.com idoshabi@microsoft.com Solutions/Vectra AI Detect/Analytic Rules/VectraDetect-Suspected-Behavior-by-Tactics.yaml 100 141 1079 58 265 90 2022-05-24 2025-03-10 90677907+vmanojreddy@users.noreply.github.com idoshabi@microsoft.com Solutions/Vectra AI Detect/Analytic Rules/VectraDetect-Account-by-Severity.yaml 37 141 1079 58 263 90 2022-05-24 2025-03-10 90677907+vmanojreddy@users.noreply.github.com idoshabi@microsoft.com Solutions/Vectra AI Detect/Analytic Rules/VectraDetect-HighSeverityDetection-by-Tactics.yaml 114 141 1079 58 263 90 2022-05-24 2025-03-10 90677907+vmanojreddy@users.noreply.github.com idoshabi@microsoft.com Solutions/PingFederate/Hunting Queries/PingFederateNewUsers.yaml 29 78 1483 58 151 67 2021-04-15 2025-03-10 vu@socprime.com idoshabi@microsoft.com Solutions/PingFederate/Hunting Queries/PingFederateUnusualSources.yaml 29 108 1483 58 196 84 2021-04-15 2025-03-10 vu@socprime.com idoshabi@microsoft.com Solutions/PingFederate/Hunting Queries/PingFederateFailedAuthentications.yaml 25 78 1483 58 151 67 2021-04-15 2025-03-10 vu@socprime.com idoshabi@microsoft.com Solutions/PingFederate/Hunting Queries/PingFederatePasswordResetRequests.yaml 30 78 1483 58 151 67 2021-04-15 2025-03-10 vu@socprime.com idoshabi@microsoft.com Solutions/PingFederate/Hunting Queries/PingFederateRareSources.yaml 25 78 1483 58 151 67 2021-04-15 2025-03-10 vu@socprime.com idoshabi@microsoft.com Solutions/PingFederate/Hunting Queries/PingFederateUsersPaswordsReset.yaml 25 78 1483 58 151 67 2021-04-15 2025-03-10 vu@socprime.com idoshabi@microsoft.com Solutions/PingFederate/Hunting Queries/PingFederateUnusualCountry.yaml 34 78 1483 58 151 67 2021-04-15 2025-03-10 vu@socprime.com idoshabi@microsoft.com Solutions/PingFederate/Hunting Queries/PingFederateTopSources.yaml 24 78 1483 58 151 67 2021-04-15 2025-03-10 vu@socprime.com idoshabi@microsoft.com Solutions/PingFederate/Hunting Queries/PingFederateSAMLSubjects.yaml 25 78 1483 58 151 67 2021-04-15 2025-03-10 vu@socprime.com idoshabi@microsoft.com Solutions/PingFederate/Hunting Queries/PingFederateAuthUrls.yaml 25 78 1483 58 151 67 2021-04-15 2025-03-10 vu@socprime.com idoshabi@microsoft.com Solutions/PingFederate/Parsers/PingFederateEvent.yaml 53 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/PingFederate/Analytic Rules/PingFederateSamlOld.yaml 38 129 1483 58 226 99 2021-04-15 2025-03-10 vu@socprime.com idoshabi@microsoft.com Solutions/PingFederate/Analytic Rules/PingFederateMultiplePasswordResetsForUser.yaml 36 129 1483 58 226 99 2021-04-15 2025-03-10 vu@socprime.com idoshabi@microsoft.com Solutions/PingFederate/Analytic Rules/PingFederateNewUserSSO.yaml 38 129 1483 58 228 99 2021-04-15 2025-03-10 vu@socprime.com idoshabi@microsoft.com Solutions/PingFederate/Analytic Rules/PingFederateForbiddenCountry.yaml 36 131 1483 58 229 99 2021-04-15 2025-03-10 vu@socprime.com idoshabi@microsoft.com Solutions/PingFederate/Analytic Rules/PingFederateAuthFromNewSource.yaml 42 129 1483 58 226 99 2021-04-15 2025-03-10 vu@socprime.com idoshabi@microsoft.com Solutions/PingFederate/Analytic Rules/PingFederateUnexpectedAuthUrl.yaml 44 129 1483 58 226 99 2021-04-15 2025-03-10 vu@socprime.com idoshabi@microsoft.com Solutions/PingFederate/Analytic Rules/PingFederateOauthOld.yaml 38 129 1483 58 226 99 2021-04-15 2025-03-10 vu@socprime.com idoshabi@microsoft.com Solutions/PingFederate/Analytic Rules/PingFederatePasswordRstReqUnexpectedSource.yaml 41 129 1483 58 226 99 2021-04-15 2025-03-10 vu@socprime.com idoshabi@microsoft.com Solutions/PingFederate/Analytic Rules/PingFederateUnusualMailDomain.yaml 44 129 1483 58 227 99 2021-04-15 2025-03-10 vu@socprime.com idoshabi@microsoft.com Solutions/PingFederate/Analytic Rules/PingFederateAbnormalPasswordResetsAttempts.yaml 32 129 1483 58 226 99 2021-04-15 2025-03-10 vu@socprime.com idoshabi@microsoft.com Solutions/PingFederate/Analytic Rules/PingFederateUnexpectedUserCountry.yaml 40 129 1483 58 226 99 2021-04-15 2025-03-10 vu@socprime.com idoshabi@microsoft.com Solutions/SonicWall Firewall/Hunting Queries/OutboundSSHConnections.yaml 34 45 512 58 81 31 2023-12-12 2025-03-10 42151366+jaimeesc@users.noreply.github.com idoshabi@microsoft.com Solutions/SonicWall Firewall/Analytic Rules/CaptureATPMaliciousFileDetection.yaml 60 45 512 58 82 31 2023-12-12 2025-03-10 42151366+jaimeesc@users.noreply.github.com idoshabi@microsoft.com Solutions/SonicWall Firewall/Analytic Rules/AllowedInboundSSHTelnetRDPConnections.yaml 66 34 512 259 66 23 2023-12-12 2024-08-21 42151366+jaimeesc@users.noreply.github.com nilepagn@microsoft.com Solutions/VaronisSaaS/Data Connectors/VaronisSaaSFunction/Varonis.Sentinel.Functions/Search/Model/FilterGroup.cs 12 26 488 268 36 23 2024-01-05 2024-08-12 vkorenkov@varonis.com 62938807+haim-na@users.noreply.github.com Solutions/VaronisSaaS/Data Connectors/VaronisSaaSFunction/Varonis.Sentinel.Functions/Search/Model/AlertItem.cs 39 41 488 259 74 32 2024-01-05 2024-08-21 vkorenkov@varonis.com nilepagn@microsoft.com Solutions/VaronisSaaS/Data Connectors/VaronisSaaSFunction/Varonis.Sentinel.Functions/Search/Model/Filter.cs 13 26 488 268 36 23 2024-01-05 2024-08-12 vkorenkov@varonis.com 62938807+haim-na@users.noreply.github.com Solutions/VaronisSaaS/Data Connectors/VaronisSaaSFunction/Varonis.Sentinel.Functions/Search/Model/RowDataRequest.cs 9 26 488 268 36 23 2024-01-05 2024-08-12 vkorenkov@varonis.com 62938807+haim-na@users.noreply.github.com Solutions/VaronisSaaS/Data Connectors/VaronisSaaSFunction/Varonis.Sentinel.Functions/Search/Model/FilterOperator.cs 8 26 488 268 36 23 2024-01-05 2024-08-12 vkorenkov@varonis.com 62938807+haim-na@users.noreply.github.com Solutions/VaronisSaaS/Data Connectors/VaronisSaaSFunction/Varonis.Sentinel.Functions/Search/Model/SearchRequest.cs 11 26 488 268 36 23 2024-01-05 2024-08-12 vkorenkov@varonis.com 62938807+haim-na@users.noreply.github.com Solutions/VaronisSaaS/Data Connectors/VaronisSaaSFunction/Varonis.Sentinel.Functions/Search/Model/AlertAttributes.cs 86 40 488 259 73 32 2024-01-05 2024-08-21 vkorenkov@varonis.com nilepagn@microsoft.com Solutions/VaronisSaaS/Data Connectors/VaronisSaaSFunction/Varonis.Sentinel.Functions/Search/Model/SearchRowsResponse.cs 8 26 488 268 36 23 2024-01-05 2024-08-12 vkorenkov@varonis.com 62938807+haim-na@users.noreply.github.com Solutions/VaronisSaaS/Data Connectors/VaronisSaaSFunction/Varonis.Sentinel.Functions/Search/Model/EmOperator.cs 25 26 488 268 36 23 2024-01-05 2024-08-12 vkorenkov@varonis.com 62938807+haim-na@users.noreply.github.com Solutions/VaronisSaaS/Data Connectors/VaronisSaaSFunction/Varonis.Sentinel.Functions/Search/Model/SearchQuery.cs 9 26 488 268 36 23 2024-01-05 2024-08-12 vkorenkov@varonis.com 62938807+haim-na@users.noreply.github.com Solutions/VaronisSaaS/Data Connectors/VaronisSaaSFunction/Varonis.Sentinel.Functions/Search/Model/Rule.cs 8 26 488 268 36 23 2024-01-05 2024-08-12 vkorenkov@varonis.com 62938807+haim-na@users.noreply.github.com Solutions/VaronisSaaS/Data Connectors/VaronisSaaSFunction/Varonis.Sentinel.Functions/Search/Model/SearchResultType.cs 16 26 488 268 36 23 2024-01-05 2024-08-12 vkorenkov@varonis.com 62938807+haim-na@users.noreply.github.com Solutions/VaronisSaaS/Data Connectors/VaronisSaaSFunction/Varonis.Sentinel.Functions/Search/Model/SearchResponseLink.cs 11 26 488 268 36 23 2024-01-05 2024-08-12 vkorenkov@varonis.com 62938807+haim-na@users.noreply.github.com Solutions/VaronisSaaS/Data Connectors/VaronisSaaSFunction/Varonis.Sentinel.Functions/Search/AlertSearchQueryBuilder.cs 158 40 488 259 73 32 2024-01-05 2024-08-21 vkorenkov@varonis.com nilepagn@microsoft.com Solutions/VaronisSaaS/Data Connectors/VaronisSaaSFunction/Varonis.Sentinel.Functions/Search/SearchRequestBuilder.cs 46 26 488 268 36 23 2024-01-05 2024-08-12 vkorenkov@varonis.com 62938807+haim-na@users.noreply.github.com Solutions/VaronisSaaS/Data Connectors/VaronisSaaSFunction/Varonis.Sentinel.Functions/Helpers/SearchConverter.cs 29 26 488 268 36 23 2024-01-05 2024-08-12 vkorenkov@varonis.com 62938807+haim-na@users.noreply.github.com Solutions/VaronisSaaS/Data Connectors/VaronisSaaSFunction/Varonis.Sentinel.Functions/Helpers/BaseMapper.cs 13 26 488 268 36 23 2024-01-05 2024-08-12 vkorenkov@varonis.com 62938807+haim-na@users.noreply.github.com Solutions/VaronisSaaS/Data Connectors/VaronisSaaSFunction/Varonis.Sentinel.Functions/Helpers/AlertExtensions.cs 24 26 488 268 36 23 2024-01-05 2024-08-12 vkorenkov@varonis.com 62938807+haim-na@users.noreply.github.com Solutions/VaronisSaaS/Data Connectors/VaronisSaaSFunction/Varonis.Sentinel.Functions/Helpers/CustomParser.cs 25 40 488 259 73 32 2024-01-05 2024-08-21 vkorenkov@varonis.com nilepagn@microsoft.com Solutions/VaronisSaaS/Data Connectors/VaronisSaaSFunction/Varonis.Sentinel.Functions/Helpers/ParametersToValuesConverter.cs 38 26 488 268 36 23 2024-01-05 2024-08-12 vkorenkov@varonis.com 62938807+haim-na@users.noreply.github.com Solutions/VaronisSaaS/Data Connectors/VaronisSaaSFunction/Varonis.Sentinel.Functions/Helpers/SearchAlertObjectMapper.cs 104 41 488 259 74 32 2024-01-05 2024-08-21 vkorenkov@varonis.com nilepagn@microsoft.com Solutions/VaronisSaaS/Data Connectors/VaronisSaaSFunction/Varonis.Sentinel.Functions/DatAlert/DatAlertClient.cs 143 40 488 259 74 31 2024-01-05 2024-08-21 vkorenkov@varonis.com nilepagn@microsoft.com Solutions/VaronisSaaS/Data Connectors/VaronisSaaSFunction/Varonis.Sentinel.Functions/DatAlert/DatAlertParams.cs 13 39 488 259 72 31 2024-01-05 2024-08-21 vkorenkov@varonis.com nilepagn@microsoft.com Solutions/VaronisSaaS/Data Connectors/VaronisSaaSFunction/Varonis.Sentinel.Functions/DatAlert/DatAlertClientFake.cs 57 26 488 268 36 23 2024-01-05 2024-08-12 vkorenkov@varonis.com 62938807+haim-na@users.noreply.github.com Solutions/VaronisSaaS/Data Connectors/VaronisSaaSFunction/Varonis.Sentinel.Functions/DatAlert/IDatAlertClient.cs 10 26 488 268 36 23 2024-01-05 2024-08-12 vkorenkov@varonis.com 62938807+haim-na@users.noreply.github.com Solutions/VaronisSaaS/Data Connectors/VaronisSaaSFunction/Varonis.Sentinel.Functions/Constants.cs 13 14 426 259 38 16 2024-03-07 2024-08-21 vkorenkov@varonis.com nilepagn@microsoft.com Solutions/VaronisSaaS/Data Connectors/VaronisSaaSFunction/Varonis.Sentinel.Functions/LogAnalytics/LogAnalyticsCollector.cs 25 26 488 268 36 23 2024-01-05 2024-08-12 vkorenkov@varonis.com 62938807+haim-na@users.noreply.github.com Solutions/VaronisSaaS/Data Connectors/VaronisSaaSFunction/Varonis.Sentinel.Functions/LogAnalytics/ILogAnalyticsStorage.cs 8 26 488 268 36 23 2024-01-05 2024-08-12 vkorenkov@varonis.com 62938807+haim-na@users.noreply.github.com Solutions/VaronisSaaS/Data Connectors/VaronisSaaSFunction/Varonis.Sentinel.Functions/LogAnalytics/LogAnalyticsMonitor.cs 12 26 488 268 36 23 2024-01-05 2024-08-12 vkorenkov@varonis.com 62938807+haim-na@users.noreply.github.com Solutions/VaronisSaaS/Data Connectors/VaronisSaaSFunction/Varonis.Sentinel.Functions/LogAnalytics/LogAnalyticsFake.cs 22 26 488 268 36 23 2024-01-05 2024-08-12 vkorenkov@varonis.com 62938807+haim-na@users.noreply.github.com Solutions/VaronisSaaS/Data Connectors/VaronisSaaSFunction/Varonis.Sentinel.Functions/FetchDataFunction.cs 72 43 488 259 77 32 2024-01-05 2024-08-21 vkorenkov@varonis.com nilepagn@microsoft.com Solutions/ESET Inspect/Data Connectors/esetinspect/__init__.py 5 34 1007 576 54 29 2022-08-04 2023-10-09 v-marimanda@microsoft.com mrudula.oruganti@gigamon.com Solutions/ESET Inspect/Data Connectors/esetinspect/eifunctions.py 5 34 1007 576 54 29 2022-08-04 2023-10-09 v-marimanda@microsoft.com mrudula.oruganti@gigamon.com Solutions/ESET Inspect/Data Connectors/esetinspect/inspect.py 142 34 1007 576 54 29 2022-08-04 2023-10-09 v-marimanda@microsoft.com mrudula.oruganti@gigamon.com Solutions/ESET Inspect/Data Connectors/datacollector/__init__.py 49 34 1007 576 54 29 2022-08-04 2023-10-09 v-marimanda@microsoft.com mrudula.oruganti@gigamon.com Solutions/ESET Inspect/Data Connectors/InspectGetDetections/__init__.py 69 34 1007 576 54 29 2022-08-04 2023-10-09 v-marimanda@microsoft.com mrudula.oruganti@gigamon.com Solutions/Microsoft Business Applications/Hunting Queries/Dataverse - Dataverse export copied to USB devices.yaml 61 16 173 58 19 9 2024-11-15 2025-03-10 5839248+kingwil@users.noreply.github.com idoshabi@microsoft.com Solutions/Microsoft Business Applications/Hunting Queries/Dataverse - Generic client app used to access production environments.yaml 56 16 173 58 19 9 2024-11-15 2025-03-10 5839248+kingwil@users.noreply.github.com idoshabi@microsoft.com Solutions/Microsoft Business Applications/Hunting Queries/Dataverse - Activity after failed logons.yaml 48 16 173 58 19 9 2024-11-15 2025-03-10 5839248+kingwil@users.noreply.github.com idoshabi@microsoft.com Solutions/Microsoft Business Applications/Hunting Queries/Power Apps - Anomalous bulk sharing of Power App to newly created guest users.yaml 89 17 173 58 22 9 2024-11-15 2025-03-10 5839248+kingwil@users.noreply.github.com idoshabi@microsoft.com Solutions/Microsoft Business Applications/Hunting Queries/Dataverse - Cross-environment data export activity.yaml 54 16 173 58 19 9 2024-11-15 2025-03-10 5839248+kingwil@users.noreply.github.com idoshabi@microsoft.com Solutions/Microsoft Business Applications/Hunting Queries/Dataverse - Activity after Microsoft Entra alerts.yaml 46 16 173 58 19 9 2024-11-15 2025-03-10 5839248+kingwil@users.noreply.github.com idoshabi@microsoft.com Solutions/Microsoft Business Applications/Hunting Queries/Dataverse - Identity management activity outside of privileged directory role membership.yaml 36 16 173 58 19 9 2024-11-15 2025-03-10 5839248+kingwil@users.noreply.github.com idoshabi@microsoft.com Solutions/Microsoft Business Applications/Hunting Queries/Dataverse - Identity management changes without MFA.yaml 54 16 173 58 19 9 2024-11-15 2025-03-10 5839248+kingwil@users.noreply.github.com idoshabi@microsoft.com Solutions/Microsoft Business Applications/Parsers/MSBizAppsNetworkAddresses.yaml 33 18 173 58 22 9 2024-11-15 2025-03-10 5839248+kingwil@users.noreply.github.com idoshabi@microsoft.com Solutions/Microsoft Business Applications/Parsers/MSBizAppsTerminatedEmployees.yaml 51 18 173 58 22 9 2024-11-15 2025-03-10 5839248+kingwil@users.noreply.github.com idoshabi@microsoft.com Solutions/Microsoft Business Applications/Parsers/DataverseSharePointSites.yaml 30 16 170 58 23 9 2024-11-18 2025-03-10 5839248+kingwil@users.noreply.github.com idoshabi@microsoft.com Solutions/Microsoft Business Applications/Parsers/MSBizAppsOrgSettings.yaml 478 18 173 58 23 9 2024-11-15 2025-03-10 5839248+kingwil@users.noreply.github.com idoshabi@microsoft.com Solutions/Microsoft Business Applications/Parsers/MSBizAppsVIPUsers.yaml 42 18 173 58 22 9 2024-11-15 2025-03-10 5839248+kingwil@users.noreply.github.com idoshabi@microsoft.com Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - Audit log data deletion.yaml 61 16 173 58 19 9 2024-11-15 2025-03-10 5839248+kingwil@users.noreply.github.com idoshabi@microsoft.com Solutions/Microsoft Business Applications/Analytic Rules/F&O - Unusual sign-in activity using single factor authentication.yaml 79 16 173 58 19 9 2024-11-15 2025-03-10 5839248+kingwil@users.noreply.github.com idoshabi@microsoft.com Solutions/Microsoft Business Applications/Analytic Rules/F&O - Mass update or deletion of user records.yaml 50 17 173 58 20 9 2024-11-15 2025-03-10 5839248+kingwil@users.noreply.github.com idoshabi@microsoft.com Solutions/Microsoft Business Applications/Analytic Rules/F&O - Reverted bank account number modifications.yaml 67 17 173 58 20 9 2024-11-15 2025-03-10 5839248+kingwil@users.noreply.github.com idoshabi@microsoft.com Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - Login from IP in the block list.yaml 75 16 173 58 19 9 2024-11-15 2025-03-10 5839248+kingwil@users.noreply.github.com idoshabi@microsoft.com Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - Anomalous application user activity.yaml 96 17 173 58 20 9 2024-11-15 2025-03-10 5839248+kingwil@users.noreply.github.com idoshabi@microsoft.com Solutions/Microsoft Business Applications/Analytic Rules/Power Automate - Departing employee flow activity.yaml 71 17 173 58 20 9 2024-11-15 2025-03-10 5839248+kingwil@users.noreply.github.com idoshabi@microsoft.com Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - Login from IP not in the allow list.yaml 77 16 173 58 19 9 2024-11-15 2025-03-10 5839248+kingwil@users.noreply.github.com idoshabi@microsoft.com Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - New non-interactive identity granted access.yaml 87 16 173 58 19 9 2024-11-15 2025-03-10 5839248+kingwil@users.noreply.github.com idoshabi@microsoft.com Solutions/Microsoft Business Applications/Analytic Rules/Power Platform - Possibly compromised user accesses Power Platform services.yaml 89 16 173 58 19 9 2024-11-15 2025-03-10 5839248+kingwil@users.noreply.github.com idoshabi@microsoft.com Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - Bulk record ownership re-assignment or sharing.yaml 72 16 173 58 19 9 2024-11-15 2025-03-10 5839248+kingwil@users.noreply.github.com idoshabi@microsoft.com Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - Suspicious security role modifications.yaml 100 16 173 58 19 9 2024-11-15 2025-03-10 5839248+kingwil@users.noreply.github.com idoshabi@microsoft.com Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - Terminated employee exfiltration over email.yaml 106 16 173 58 19 9 2024-11-15 2025-03-10 5839248+kingwil@users.noreply.github.com idoshabi@microsoft.com Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - TI map IP to DataverseActivity.yaml 118 17 173 58 20 9 2024-11-15 2025-03-10 5839248+kingwil@users.noreply.github.com idoshabi@microsoft.com Solutions/Microsoft Business Applications/Analytic Rules/Power Platform - Account added to privileged Microsoft Entra roles.yaml 79 16 173 58 19 9 2024-11-15 2025-03-10 5839248+kingwil@users.noreply.github.com idoshabi@microsoft.com Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - New sign-in from an unauthorized domain.yaml 82 16 173 58 19 9 2024-11-15 2025-03-10 5839248+kingwil@users.noreply.github.com idoshabi@microsoft.com Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - Executable uploaded to SharePoint document management site.yaml 83 16 173 58 19 9 2024-11-15 2025-03-10 5839248+kingwil@users.noreply.github.com idoshabi@microsoft.com Solutions/Microsoft Business Applications/Analytic Rules/F&O - Non-interactive account mapped to self or sensitive privileged user.yaml 75 17 173 58 20 9 2024-11-15 2025-03-10 5839248+kingwil@users.noreply.github.com idoshabi@microsoft.com Solutions/Microsoft Business Applications/Analytic Rules/Power Apps - App activity from unauthorized geo.yaml 94 18 173 58 22 9 2024-11-15 2025-03-10 5839248+kingwil@users.noreply.github.com idoshabi@microsoft.com Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - Mass download from SharePoint document management.yaml 79 16 173 58 19 9 2024-11-15 2025-03-10 5839248+kingwil@users.noreply.github.com idoshabi@microsoft.com Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - New user agent type that was not used with Office 365.yaml 81 16 173 58 19 9 2024-11-15 2025-03-10 5839248+kingwil@users.noreply.github.com idoshabi@microsoft.com Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - Guest user exfiltration following Power Platform defense impairment.yaml 126 18 173 58 21 9 2024-11-15 2025-03-10 5839248+kingwil@users.noreply.github.com idoshabi@microsoft.com Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - SharePoint document management site added or updated.yaml 79 16 173 58 19 9 2024-11-15 2025-03-10 5839248+kingwil@users.noreply.github.com idoshabi@microsoft.com Solutions/Microsoft Business Applications/Analytic Rules/Power Apps - Bulk sharing of Power Apps to newly created guest users.yaml 110 18 173 58 22 9 2024-11-15 2025-03-10 5839248+kingwil@users.noreply.github.com idoshabi@microsoft.com Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - Suspicious use of Web API.yaml 89 16 173 58 19 9 2024-11-15 2025-03-10 5839248+kingwil@users.noreply.github.com idoshabi@microsoft.com Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - Removal of blocked file extensions.yaml 65 16 173 58 19 9 2024-11-15 2025-03-10 5839248+kingwil@users.noreply.github.com idoshabi@microsoft.com Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - Suspicious use of TDS endpoint.yaml 101 16 173 58 19 9 2024-11-15 2025-03-10 5839248+kingwil@users.noreply.github.com idoshabi@microsoft.com Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - Mass export of records to Excel.yaml 90 17 173 58 20 9 2024-11-15 2025-03-10 5839248+kingwil@users.noreply.github.com idoshabi@microsoft.com Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - Terminated employee exfiltration to USB drive.yaml 86 16 173 58 19 9 2024-11-15 2025-03-10 5839248+kingwil@users.noreply.github.com idoshabi@microsoft.com Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - Unusual sign-in following disabled IP address-based cookie binding protection.yaml 108 17 173 58 20 9 2024-11-15 2025-03-10 5839248+kingwil@users.noreply.github.com idoshabi@microsoft.com Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - Hierarchy security manipulation.yaml 99 16 173 58 19 9 2024-11-15 2025-03-10 5839248+kingwil@users.noreply.github.com idoshabi@microsoft.com Solutions/Microsoft Business Applications/Analytic Rules/Power Automate - Unusual bulk deletion of flow resources.yaml 88 16 173 58 19 9 2024-11-15 2025-03-10 5839248+kingwil@users.noreply.github.com idoshabi@microsoft.com Solutions/Microsoft Business Applications/Analytic Rules/Power Platform - Connector added to a sensitive environment.yaml 41 18 173 58 22 9 2024-11-15 2025-03-10 5839248+kingwil@users.noreply.github.com idoshabi@microsoft.com Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - New user agent type that was not used before.yaml 91 16 173 58 19 9 2024-11-15 2025-03-10 5839248+kingwil@users.noreply.github.com idoshabi@microsoft.com Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - Mass deletion of records.yaml 83 16 173 58 19 9 2024-11-15 2025-03-10 5839248+kingwil@users.noreply.github.com idoshabi@microsoft.com Solutions/Microsoft Business Applications/Analytic Rules/Power Apps - Multiple users access a malicious link after launching new app.yaml 203 18 173 58 22 9 2024-11-15 2025-03-10 5839248+kingwil@users.noreply.github.com idoshabi@microsoft.com Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - Mass record updates.yaml 85 16 173 58 19 9 2024-11-15 2025-03-10 5839248+kingwil@users.noreply.github.com idoshabi@microsoft.com Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - New Dataverse application user activity type.yaml 77 16 173 58 19 9 2024-11-15 2025-03-10 5839248+kingwil@users.noreply.github.com idoshabi@microsoft.com Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - Export activity from terminated or notified employee.yaml 76 16 173 58 19 9 2024-11-15 2025-03-10 5839248+kingwil@users.noreply.github.com idoshabi@microsoft.com Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - TI map URL to DataverseActivity.yaml 123 17 173 58 20 9 2024-11-15 2025-03-10 5839248+kingwil@users.noreply.github.com idoshabi@microsoft.com Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - User bulk retrieval outside normal activity.yaml 97 16 173 58 19 9 2024-11-15 2025-03-10 5839248+kingwil@users.noreply.github.com idoshabi@microsoft.com Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - Malware found in SharePoint document management site.yaml 90 16 173 58 19 9 2024-11-15 2025-03-10 5839248+kingwil@users.noreply.github.com idoshabi@microsoft.com Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - Login by a sensitive privileged user.yaml 71 16 173 58 19 9 2024-11-15 2025-03-10 5839248+kingwil@users.noreply.github.com idoshabi@microsoft.com Solutions/Microsoft Business Applications/Analytic Rules/Power Platform - DLP policy updated or removed.yaml 87 17 173 58 20 9 2024-11-15 2025-03-10 5839248+kingwil@users.noreply.github.com idoshabi@microsoft.com Solutions/Microsoft Business Applications/Analytic Rules/F&O - Bank account change following network alias reassignment.yaml 87 17 173 58 20 9 2024-11-15 2025-03-10 5839248+kingwil@users.noreply.github.com idoshabi@microsoft.com Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - Honeypot instance activity.yaml 83 16 173 58 19 9 2024-11-15 2025-03-10 5839248+kingwil@users.noreply.github.com idoshabi@microsoft.com Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - Organization settings modified.yaml 68 16 173 58 19 9 2024-11-15 2025-03-10 5839248+kingwil@users.noreply.github.com idoshabi@microsoft.com Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - Audit logging disabled.yaml 68 22 173 8 32 13 2024-11-15 2025-04-29 5839248+kingwil@users.noreply.github.com v-atulyadav@microsoft.com Solutions/Microsoft Business Applications/Analytic Rules/Power Apps - Multiple apps deleted.yaml 82 17 173 58 21 9 2024-11-15 2025-03-10 5839248+kingwil@users.noreply.github.com idoshabi@microsoft.com Solutions/SecurityBridge App/Parsers/SecurityBridgeLogs.yaml 33 49 624 13 87 40 2023-08-22 2025-04-24 mkchiliveri@gmail.com v-prasadboke@microsoft.com Solutions/SecurityBridge App/Analytical Rules/CriticalEventTriggered.yaml 36 94 1058 13 174 63 2022-06-14 2025-04-24 v-sabiraj@microsoft.com v-prasadboke@microsoft.com Solutions/Barracuda CloudGen Firewall/Parsers/CGFWFirewallActivity.yaml 37 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Palo Alto - XDR (Cortex)/Detection Queries/WildFire Malware Detection.yaml 36 34 1087 576 67 33 2022-05-16 2023-10-09 c03vikas@gmail.com mrudula.oruganti@gigamon.com Solutions/Palo Alto - XDR (Cortex)/Detection Queries/Preventive Alerts.yaml 52 34 1087 576 68 33 2022-05-16 2023-10-09 c03vikas@gmail.com mrudula.oruganti@gigamon.com Solutions/SAP BTP/Analytic Rules/BTP - Malware detected in BAS dev space.yaml 69 15 160 57 17 13 2024-11-28 2025-03-11 5839248+kingwil@users.noreply.github.com v-atulyadav@microsoft.com Solutions/SAP BTP/Analytic Rules/BTP - Trust and authorization Identity Provider monitor.yaml 74 15 160 57 17 13 2024-11-28 2025-03-11 5839248+kingwil@users.noreply.github.com v-atulyadav@microsoft.com Solutions/SAP BTP/Analytic Rules/BTP - User added to sensitive privileged role collection.yaml 45 15 160 57 17 13 2024-11-28 2025-03-11 5839248+kingwil@users.noreply.github.com v-atulyadav@microsoft.com Solutions/SAP BTP/Analytic Rules/BTP - Failed access attempts across multiple BAS subaccounts.yaml 47 15 160 57 17 13 2024-11-28 2025-03-11 5839248+kingwil@users.noreply.github.com v-atulyadav@microsoft.com Solutions/SAP BTP/Analytic Rules/BTP - Mass user deletion in a sub account.yaml 55 15 160 57 17 13 2024-11-28 2025-03-11 5839248+kingwil@users.noreply.github.com v-atulyadav@microsoft.com Solutions/Synack/Integrations/AzureFunctionSynack/synack-service.js 111 44 1198 576 70 41 2022-01-25 2023-10-09 andriy.kozynets@gmail.com mrudula.oruganti@gigamon.com Solutions/Synack/Integrations/AzureFunctionSynack/sync-service.js 220 44 1198 576 70 41 2022-01-25 2023-10-09 andriy.kozynets@gmail.com mrudula.oruganti@gigamon.com Solutions/Synack/Integrations/AzureFunctionSynack/azure-service.js 173 44 1198 576 70 41 2022-01-25 2023-10-09 andriy.kozynets@gmail.com mrudula.oruganti@gigamon.com Solutions/Synack/Integrations/AzureFunctionSynack/index.js 7 17 1198 576 21 18 2022-01-25 2023-10-09 andriy.kozynets@gmail.com mrudula.oruganti@gigamon.com Solutions/Network Threat Protection Essentials/Hunting Queries/RiskyCommandB64EncodedInUrl.yaml 73 73 903 268 105 62 2022-11-16 2024-08-12 v-sabiraj@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Network Threat Protection Essentials/Hunting Queries/B64IPInURL.yaml 73 73 903 268 106 63 2022-11-16 2024-08-12 v-sabiraj@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Network Threat Protection Essentials/Analytic Rules/NewUserAgentLast24h.yaml 84 80 903 261 122 63 2022-11-16 2024-08-19 v-sabiraj@microsoft.com v-prasadboke@microsoft.com Solutions/Network Threat Protection Essentials/Analytic Rules/NetworkEndpointCorrelation.yaml 49 73 903 261 109 61 2022-11-16 2024-08-19 v-sabiraj@microsoft.com v-prasadboke@microsoft.com Solutions/Netwrix Auditor/Parsers/NetwrixAuditor.yaml 34 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/SAP ETD Cloud/Analytic Rules/SAPETD-SynchAlerts.yaml 59 25 79 8 45 19 2025-02-17 2025-04-29 mapankra@microsoft.com v-atulyadav@microsoft.com Solutions/SAP ETD Cloud/Analytic Rules/SAPETD-LoginFromUnexpectedNetwork.yaml 65 26 83 8 45 19 2025-02-13 2025-04-29 mapankra@microsoft.com v-atulyadav@microsoft.com Solutions/Zscaler Internet Access/Parsers/ZScalerWeb_Parser.csl 34 22 1078 576 34 20 2022-05-25 2023-10-09 anknar@microsoft.com mrudula.oruganti@gigamon.com Solutions/Zscaler Internet Access/Parsers/ZScalerFW_Parser.yaml 22 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Zscaler Internet Access/Parsers/ZScalerWeb_Parser.yaml 29 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Zscaler Internet Access/Parsers/ZScalerFW_Parser.csl 27 22 1078 576 34 20 2022-05-25 2023-10-09 anknar@microsoft.com mrudula.oruganti@gigamon.com Solutions/Zscaler Internet Access/Analytic Rules/Zscaler-LowVolumeDomainRequests.yaml 53 103 1078 58 189 69 2022-05-25 2025-03-10 anknar@microsoft.com idoshabi@microsoft.com Solutions/Zscaler Internet Access/Analytic Rules/DiscordCDNRiskyDownload.yaml 50 88 1078 58 157 57 2022-05-25 2025-03-10 anknar@microsoft.com idoshabi@microsoft.com Solutions/CiscoASA/Analytic Rules/CiscoASA-ThreatDetectionMessage.yaml 39 67 1002 8 100 53 2022-08-09 2025-04-29 105694882+v-laanjana@users.noreply.github.com v-atulyadav@microsoft.com Solutions/CiscoASA/Analytic Rules/CiscoASA-AvgAttackDetectRateIncrease.yaml 78 67 1002 8 100 53 2022-08-09 2025-04-29 105694882+v-laanjana@users.noreply.github.com v-atulyadav@microsoft.com Solutions/Microsoft Windows SQL Server Database Audit/Hunting Queries/SQL-UserAdded_to_SecurityAdmin.yaml 50 66 890 268 116 66 2022-11-29 2024-08-12 v-sabiraj@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Windows SQL Server Database Audit/Hunting Queries/SQL-MultipleFailedLogon_InShortSpan.yaml 50 66 890 268 116 66 2022-11-29 2024-08-12 v-sabiraj@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Windows SQL Server Database Audit/Hunting Queries/SQL-UserRoleChanged.yaml 49 66 890 268 116 66 2022-11-29 2024-08-12 v-sabiraj@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Windows SQL Server Database Audit/Hunting Queries/SQL-New_UserCreated.yaml 48 66 890 268 115 66 2022-11-29 2024-08-12 v-sabiraj@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Windows SQL Server Database Audit/Hunting Queries/SQL-UserDeletedFromDatabase.yaml 52 66 890 268 116 66 2022-11-29 2024-08-12 v-sabiraj@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Windows SQL Server Database Audit/Hunting Queries/SQL-Failed SQL Logons.yaml 44 66 890 268 115 66 2022-11-29 2024-08-12 v-sabiraj@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Windows SQL Server Database Audit/Hunting Queries/SQL-UserRemovedFromSecurityAdmin.yaml 52 66 890 268 116 66 2022-11-29 2024-08-12 v-sabiraj@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Windows SQL Server Database Audit/Hunting Queries/SQL-UserRemovedFromServerRole.yaml 51 66 890 268 116 66 2022-11-29 2024-08-12 v-sabiraj@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Microsoft Windows SQL Server Database Audit/Hunting Queries/SQL-MultipleFailedLogon_FromSameIP.yaml 50 67 890 268 117 66 2022-11-29 2024-08-12 v-sabiraj@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Cybersixgill-Actionable-Alerts/Hunting Queries/ActionableAlerts.yaml 11 24 973 576 34 24 2022-09-07 2023-10-09 sdawood@loginsoft.com mrudula.oruganti@gigamon.com Solutions/Cybersixgill-Actionable-Alerts/Data Connectors/CybersixgillAlerts/__init__.py 192 69 973 261 121 65 2022-09-07 2024-08-19 sdawood@loginsoft.com v-prasadboke@microsoft.com Solutions/Cybersixgill-Actionable-Alerts/Data Connectors/CybersixgillAlerts/state_manager.py 18 24 973 576 34 24 2022-09-07 2023-10-09 sdawood@loginsoft.com mrudula.oruganti@gigamon.com Solutions/Cybersixgill-Actionable-Alerts/Data Connectors/CybersixgillAlerts/utils.py 48 25 973 576 35 24 2022-09-07 2023-10-09 sdawood@loginsoft.com mrudula.oruganti@gigamon.com Solutions/AtlassianJiraAudit/Hunting Queries/JiraUpdatedWorkflows.yaml 24 14 1225 845 22 17 2021-12-29 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/AtlassianJiraAudit/Hunting Queries/JiraNewUsers.yaml 25 14 1225 845 22 17 2021-12-29 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/AtlassianJiraAudit/Hunting Queries/JiraUpdatedUsers.yaml 26 14 1225 845 22 17 2021-12-29 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/AtlassianJiraAudit/Hunting Queries/JiraUpdatedProjectVersions.yaml 24 14 1225 845 22 17 2021-12-29 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/AtlassianJiraAudit/Hunting Queries/JiraProjectVersionsReleased.yaml 24 14 1225 845 22 17 2021-12-29 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/AtlassianJiraAudit/Hunting Queries/JiraUserIPs.yaml 25 46 1225 293 72 43 2021-12-29 2024-07-18 sp@socprime.com 164491672+shishirdw@users.noreply.github.com Solutions/AtlassianJiraAudit/Hunting Queries/JiraUpdatedWorkflowSchemes.yaml 24 14 1225 845 22 17 2021-12-29 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/AtlassianJiraAudit/Hunting Queries/JiraWorkflowAddedToProject.yaml 24 14 1225 845 22 17 2021-12-29 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/AtlassianJiraAudit/Hunting Queries/JiraBlockedTasks.yaml 25 14 1225 845 22 17 2021-12-29 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/AtlassianJiraAudit/Hunting Queries/JiraUpdatedProjects.yaml 24 14 1225 845 22 17 2021-12-29 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/AtlassianJiraAudit/Parsers/JiraAudit.yaml 55 21 412 261 33 19 2024-03-21 2024-08-19 joamar@microsoft.com v-prasadboke@microsoft.com Solutions/AtlassianJiraAudit/Playbooks/Sync-CommentsFunctionApp/Sync-Comment.ps1 87 46 896 261 71 41 2022-11-23 2024-08-19 v-sabiraj@microsoft.com v-prasadboke@microsoft.com Solutions/AtlassianJiraAudit/Analytic Rules/JiraNewPrivilegedUser.yaml 32 59 1225 616 106 53 2021-12-29 2023-08-30 sp@socprime.com v-prasadboke@microsoft.com Solutions/AtlassianJiraAudit/Analytic Rules/JiraNewUser.yaml 31 38 1225 616 70 43 2021-12-29 2023-08-30 sp@socprime.com v-prasadboke@microsoft.com Solutions/AtlassianJiraAudit/Analytic Rules/JiraUserPasswordChange.yaml 36 59 1225 616 106 53 2021-12-29 2023-08-30 sp@socprime.com v-prasadboke@microsoft.com Solutions/AtlassianJiraAudit/Analytic Rules/JiraPermissionSchemeUpdated.yaml 34 38 1225 616 70 43 2021-12-29 2023-08-30 sp@socprime.com v-prasadboke@microsoft.com Solutions/AtlassianJiraAudit/Analytic Rules/JiraUserRemovedFromProject.yaml 31 38 1225 616 70 43 2021-12-29 2023-08-30 sp@socprime.com v-prasadboke@microsoft.com Solutions/AtlassianJiraAudit/Analytic Rules/JiraProjectRolesChanged.yaml 34 38 1225 616 70 43 2021-12-29 2023-08-30 sp@socprime.com v-prasadboke@microsoft.com Solutions/AtlassianJiraAudit/Analytic Rules/JiraPrivilegedUserPasswordChanged.yaml 37 59 1225 616 106 53 2021-12-29 2023-08-30 sp@socprime.com v-prasadboke@microsoft.com Solutions/AtlassianJiraAudit/Analytic Rules/JiraGlobalPermissionAdded.yaml 34 38 1225 616 71 43 2021-12-29 2023-08-30 sp@socprime.com v-prasadboke@microsoft.com Solutions/AtlassianJiraAudit/Analytic Rules/JiraWorkflowSchemeCopied.yaml 35 38 1225 616 70 43 2021-12-29 2023-08-30 sp@socprime.com v-prasadboke@microsoft.com Solutions/AtlassianJiraAudit/Analytic Rules/JiraUserRemovedFromGroup.yaml 31 38 1225 616 70 43 2021-12-29 2023-08-30 sp@socprime.com v-prasadboke@microsoft.com Solutions/AtlassianJiraAudit/Data Connectors/JiraAuditAPISentinelConnector/__init__.py 118 76 810 261 111 61 2023-02-17 2024-08-19 v-prasadboke@microsoft.com v-prasadboke@microsoft.com Solutions/AtlassianJiraAudit/Data Connectors/JiraAuditAPISentinelConnector/state_manager.py 18 50 810 261 73 40 2023-02-17 2024-08-19 v-prasadboke@microsoft.com v-prasadboke@microsoft.com Solutions/Cyware/Hunting queries/MatchCywareIntelWatchlistItemsWithCommonLogs.yaml 20 17 430 259 44 18 2024-03-03 2024-08-21 aashiq.r@cyware.com nilepagn@microsoft.com Solutions/Cyware/Hunting queries/UnusualNetworkConnectionsToRareExternalDomains.yaml 19 18 430 259 46 18 2024-03-03 2024-08-21 aashiq.r@cyware.com nilepagn@microsoft.com Solutions/Cyware/Hunting queries/DetectingSuspiciousPowerShellCommandExecutions.yaml 28 17 430 259 44 18 2024-03-03 2024-08-21 aashiq.r@cyware.com nilepagn@microsoft.com Solutions/Dev 0270 Detection and Hunting/Analytic Rules/Dev-0270NewUserSep2022.yaml 47 57 769 259 105 47 2023-03-30 2024-08-21 103933805+v-dvedak@users.noreply.github.com nilepagn@microsoft.com Solutions/Dev 0270 Detection and Hunting/Analytic Rules/Dev-0270RegistryIOCSep2022.yaml 42 78 890 259 135 60 2022-11-29 2024-08-21 v-sabiraj@microsoft.com nilepagn@microsoft.com Solutions/Dev 0270 Detection and Hunting/Analytic Rules/Dev-0270PowershellSep2022.yaml 45 94 890 259 164 67 2022-11-29 2024-08-21 v-sabiraj@microsoft.com nilepagn@microsoft.com Solutions/Dev 0270 Detection and Hunting/Analytic Rules/Dev-0270WMICDiscoverySep2022.yaml 41 94 890 259 165 67 2022-11-29 2024-08-21 v-sabiraj@microsoft.com nilepagn@microsoft.com Solutions/Tomcat/Hunting Queries/TomcatRareURLsRequested.yaml 25 45 1262 58 54 37 2021-11-22 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/Tomcat/Hunting Queries/TomcatUncommonUAsWithClientErrors.yaml 27 47 1262 58 56 37 2021-11-22 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/Tomcat/Hunting Queries/TomcatTopURLsServerErrors.yaml 28 47 1262 58 56 37 2021-11-22 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/Tomcat/Hunting Queries/TomcatERRORs.yaml 24 47 1262 58 56 37 2021-11-22 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/Tomcat/Hunting Queries/Tomcat403RequestsFiles.yaml 25 45 1262 58 54 37 2021-11-22 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/Tomcat/Hunting Queries/TomcatTopURLsClientErrors.yaml 28 47 1262 58 56 37 2021-11-22 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/Tomcat/Hunting Queries/TomcatAbnormalRequestSize.yaml 36 46 1262 58 55 37 2021-11-22 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/Tomcat/Hunting Queries/TomcatUncommonUAsWithServerErrors.yaml 27 47 1262 58 56 37 2021-11-22 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/Tomcat/Hunting Queries/TomcatUncommonUAs.yaml 25 46 1262 58 55 37 2021-11-22 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/Tomcat/Hunting Queries/TomcatRareFilesRequested.yaml 27 45 1262 58 54 37 2021-11-22 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/Tomcat/Hunting Queries/TomcatTopFilesWithErrorRequests.yaml 28 47 1262 58 56 37 2021-11-22 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/Tomcat/Parsers/TomcatEvent.yaml 67 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Tomcat/Analytic Rules/TomcatRequestSensitiveFiles.yaml 35 71 1262 58 93 51 2021-11-22 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/Tomcat/Analytic Rules/TomcatSQLiPattern.yaml 30 71 1262 58 94 51 2021-11-22 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/Tomcat/Analytic Rules/TomcatMultipleServerErrorsFromSingleIP.yaml 35 72 1262 58 94 51 2021-11-22 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/Tomcat/Analytic Rules/TomcatCommandsinRequest.yaml 31 73 1262 58 95 51 2021-11-22 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/Tomcat/Analytic Rules/TomcatPutAndGetFileFromSameIP.yaml 44 70 1262 58 92 51 2021-11-22 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/Tomcat/Analytic Rules/TomcatServerErrorsAfterMultipleRequestsFromSameIP.yaml 46 72 1262 58 95 51 2021-11-22 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/Tomcat/Analytic Rules/TomcatMultipleEmptyRequestsFromSameIP.yaml 35 72 1262 58 95 51 2021-11-22 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/Tomcat/Analytic Rules/TomcatMultipleClientErrorsFromSingleIP.yaml 33 73 1262 58 96 51 2021-11-22 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/Tomcat/Analytic Rules/TomcatRequestFromLocalhostIP.yaml 35 70 1262 58 92 51 2021-11-22 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/SecurityThreatEssentialSolution/Hunting Queries/Signins-from-NordVPN-Providers.yaml 38 44 1134 293 60 49 2022-03-30 2024-07-18 maniskumar@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/SecurityThreatEssentialSolution/Hunting Queries/Signins-From-VPS-Providers.yaml 43 44 1134 293 60 49 2022-03-30 2024-07-18 maniskumar@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/SecurityThreatEssentialSolution/Analytic Rules/PossibleAiTMPhishingAttemptAgainstAAD.yaml 65 93 790 293 188 72 2023-03-09 2024-07-18 peter.bryan@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/SecurityThreatEssentialSolution/Analytic Rules/Threat_Essentials_MultipleAdmin_membership_removals_from_NewAdmin.yaml 72 65 1132 293 97 67 2022-04-01 2024-07-18 87809732+niktripathi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/SecurityThreatEssentialSolution/Analytic Rules/Threat_Essentials_Mail_redirect_via_ExO_transport_rule.yaml 63 76 1132 293 117 73 2022-04-01 2024-07-18 87809732+niktripathi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/SecurityThreatEssentialSolution/Analytic Rules/Threat_Essentials_TimeSeriesAnomaly-MultiVendor_DataExfiltration.yaml 121 98 1132 261 158 84 2022-04-01 2024-08-19 87809732+niktripathi@users.noreply.github.com v-prasadboke@microsoft.com Solutions/SecurityThreatEssentialSolution/Analytic Rules/Threat_Essentials_TimeSeriesAnomaly_Mass_Cloud_Resource_Deletions.yaml 59 84 1132 261 127 77 2022-04-01 2024-08-19 87809732+niktripathi@users.noreply.github.com v-prasadboke@microsoft.com Solutions/SecurityThreatEssentialSolution/Analytic Rules/Threat_Essentials_NRT_UseraddedtoPrivilgedGroups.yaml 58 91 1132 293 155 85 2022-04-01 2024-07-18 87809732+niktripathi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/SecurityThreatEssentialSolution/Analytic Rules/Threat_Essentials_UserAssignedPrivilegedRole.yaml 53 83 1132 293 129 69 2022-04-01 2024-07-18 87809732+niktripathi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Netskope/Parsers/Netskope.yaml 288 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Netskope/Data Connectors/Netskope/requirements.psd1 7 45 1098 293 79 40 2022-05-05 2024-07-18 v-eliforbes@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Netskope/Data Connectors/Netskope/AzureFunctionNetskope/run.ps1 388 69 1098 293 122 60 2022-05-05 2024-07-18 v-eliforbes@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Netskope/Data Connectors/Netskope/profile.ps1 18 18 1098 576 21 16 2022-05-05 2023-10-09 v-eliforbes@microsoft.com mrudula.oruganti@gigamon.com Solutions/ALC-WebCTRL/Data Connectors/TaskSetup/ALC-WebCTRL-AuditPull.ps1 103 20 1266 576 32 25 2021-11-18 2023-10-09 v-ntripathi@microsoft.com mrudula.oruganti@gigamon.com Solutions/ALC-WebCTRL/Data Connectors/TaskSetup/ALC-WebCTRL-AuditPullTaskConfig.xml 50 20 1266 576 32 25 2021-11-18 2023-10-09 v-ntripathi@microsoft.com mrudula.oruganti@gigamon.com Solutions/Azure Cloud NGFW by Palo Alto Networks/Hunting Queries/CloudNGFW-HighRiskPorts.yaml 114 41 561 57 65 32 2023-10-24 2025-03-11 asegunlolu@hotmail.com v-atulyadav@microsoft.com Solutions/Azure Cloud NGFW by Palo Alto Networks/Hunting Queries/CloudNGFW-PotentialBeaconing.yaml 59 26 553 268 46 20 2023-11-01 2024-08-12 asegunlolu@hotmail.com 62938807+haim-na@users.noreply.github.com Solutions/Azure Cloud NGFW by Palo Alto Networks/Analytic Rules/CloudNGFW-UnusualThreatSignatures.yaml 59 53 553 57 82 36 2023-11-01 2025-03-11 asegunlolu@hotmail.com v-atulyadav@microsoft.com Solutions/Azure Cloud NGFW by Palo Alto Networks/Analytic Rules/CloudNGFW-PortScanning.yaml 60 73 561 57 122 44 2023-10-24 2025-03-11 asegunlolu@hotmail.com v-atulyadav@microsoft.com Solutions/Azure Cloud NGFW by Palo Alto Networks/Analytic Rules/CloudNGFW-NetworkBeaconing.yaml 67 54 553 58 90 36 2023-11-01 2025-03-10 asegunlolu@hotmail.com idoshabi@microsoft.com Solutions/Cloudflare/Hunting Queries/CloudflareTopWafRules.yaml 26 19 1498 576 24 22 2021-03-31 2023-10-09 v-elforb@microsoft.com mrudula.oruganti@gigamon.com Solutions/Cloudflare/Hunting Queries/CloudflareClientErrors.yaml 31 48 1498 293 85 55 2021-03-31 2024-07-18 v-elforb@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Cloudflare/Hunting Queries/CloudflareUnexpectedCountries.yaml 24 19 1498 576 24 22 2021-03-31 2023-10-09 v-elforb@microsoft.com mrudula.oruganti@gigamon.com Solutions/Cloudflare/Hunting Queries/CloudflareTopNetworkRules.yaml 26 19 1498 576 24 22 2021-03-31 2023-10-09 v-elforb@microsoft.com mrudula.oruganti@gigamon.com Solutions/Cloudflare/Hunting Queries/CloudflareRareUAs.yaml 25 19 1498 576 24 22 2021-03-31 2023-10-09 v-elforb@microsoft.com mrudula.oruganti@gigamon.com Solutions/Cloudflare/Hunting Queries/CloudflareFilesRequested.yaml 30 19 1498 576 24 22 2021-03-31 2023-10-09 v-elforb@microsoft.com mrudula.oruganti@gigamon.com Solutions/Cloudflare/Hunting Queries/CloudflareClientTlsErrors.yaml 32 19 1498 576 24 22 2021-03-31 2023-10-09 v-elforb@microsoft.com mrudula.oruganti@gigamon.com Solutions/Cloudflare/Hunting Queries/CloudflareServerTlsErrors.yaml 32 48 1498 576 67 45 2021-03-31 2023-10-09 v-elforb@microsoft.com mrudula.oruganti@gigamon.com Solutions/Cloudflare/Hunting Queries/CloudflareServerErrors.yaml 31 48 1498 293 85 55 2021-03-31 2024-07-18 v-elforb@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Cloudflare/Hunting Queries/CloudflareUnexpectedEdgeResponse.yaml 29 19 1498 576 24 22 2021-03-31 2023-10-09 v-elforb@microsoft.com mrudula.oruganti@gigamon.com Solutions/Cloudflare/Parsers/Cloudflare.yaml 221 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Cloudflare/Analytic Rules/CloudflareUnexpectedRequest.yaml 32 99 1498 457 137 85 2021-03-31 2024-02-05 v-elforb@microsoft.com 86425481+seanmacdonald8@users.noreply.github.com Solutions/Cloudflare/Analytic Rules/CloudflareMultipleUAs.yaml 33 70 1498 576 98 63 2021-03-31 2023-10-09 v-elforb@microsoft.com mrudula.oruganti@gigamon.com Solutions/Cloudflare/Analytic Rules/CloudflareXSSProbingPattern.yaml 38 70 1498 576 98 63 2021-03-31 2023-10-09 v-elforb@microsoft.com mrudula.oruganti@gigamon.com Solutions/Cloudflare/Analytic Rules/CloudflareUnexpectedPost.yaml 35 87 1498 576 122 74 2021-03-31 2023-10-09 v-elforb@microsoft.com mrudula.oruganti@gigamon.com Solutions/Cloudflare/Analytic Rules/CloudflareWafThreatAllowed.yaml 36 70 1498 576 98 63 2021-03-31 2023-10-09 v-elforb@microsoft.com mrudula.oruganti@gigamon.com Solutions/Cloudflare/Analytic Rules/CloudflareUnexpectedUrl.yaml 32 70 1498 576 98 63 2021-03-31 2023-10-09 v-elforb@microsoft.com mrudula.oruganti@gigamon.com Solutions/Cloudflare/Analytic Rules/CloudflareBadClientIp.yaml 36 70 1498 576 98 63 2021-03-31 2023-10-09 v-elforb@microsoft.com mrudula.oruganti@gigamon.com Solutions/Cloudflare/Analytic Rules/CloudflareUnexpectedCountry.yaml 36 70 1498 576 98 63 2021-03-31 2023-10-09 v-elforb@microsoft.com mrudula.oruganti@gigamon.com Solutions/Cloudflare/Analytic Rules/CloudflareEmptyUA.yaml 30 70 1498 576 98 63 2021-03-31 2023-10-09 v-elforb@microsoft.com mrudula.oruganti@gigamon.com Solutions/Cloudflare/Analytic Rules/CloudflareMultipleErrorsSource.yaml 33 70 1498 576 98 63 2021-03-31 2023-10-09 v-elforb@microsoft.com mrudula.oruganti@gigamon.com Solutions/Cloudflare/Data Connectors/AzureFunctionCloudflare/sentinel_connector_async.py 94 77 1506 58 101 60 2021-03-23 2025-03-10 tj@senserva.com idoshabi@microsoft.com Solutions/Cloudflare/Data Connectors/AzureFunctionCloudflare/main.py 160 220 1506 58 381 153 2021-03-23 2025-03-10 tj@senserva.com idoshabi@microsoft.com Solutions/Microsoft Entra ID Protection/Analytic Rules/CorrelateIPC_Unfamiliar-Atypical.yaml 122 47 546 261 91 38 2023-11-08 2024-08-19 v-rusraut@microsoft.com v-prasadboke@microsoft.com Solutions/HolmSecurity/Data Connectors/AzureFunctionHolmSecurityAssetsConn/__init__.py 103 42 1316 261 57 38 2021-09-29 2024-08-19 nikita.grunskii@holmsecurity.com v-prasadboke@microsoft.com Solutions/Aruba ClearPass/Parsers/ArubaClearPass.yaml 89 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Hunting Queries/CorelightFilesSeen.yaml 29 50 1498 293 86 42 2021-03-31 2024-07-18 v-elforb@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Hunting Queries/CorelightAbnormalEmailSubject.yaml 22 48 1498 293 82 42 2021-03-31 2024-07-18 v-elforb@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Hunting Queries/CorelightExternalServices.yaml 26 48 1498 293 82 42 2021-03-31 2024-07-18 v-elforb@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Hunting Queries/CorelightRarePOST.yaml 31 73 1498 293 144 66 2021-03-31 2024-07-18 v-elforb@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Hunting Queries/CorelightRepetitiveDnsFailures.yaml 27 82 1498 268 133 67 2021-03-31 2024-08-12 v-elforb@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Corelight/Hunting Queries/CorelightFilesTransferedByIp.yaml 28 49 1498 293 83 42 2021-03-31 2024-07-18 v-elforb@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Hunting Queries/CorelightObfuscatedBinary.yaml 25 48 1498 293 82 42 2021-03-31 2024-07-18 v-elforb@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Hunting Queries/CorelightDataTransferedByIp.yaml 25 56 1498 293 97 50 2021-03-31 2024-07-18 v-elforb@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Hunting Queries/CorelightCompressedFilesTransferredOverHTTP.yaml 26 48 1498 293 82 42 2021-03-31 2024-07-18 v-elforb@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Hunting Queries/CorelightMultipleRemoteSMBConnectionsFromSingleIP.yaml 26 60 1498 293 98 54 2021-03-31 2024-07-18 v-elforb@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_suri_aggregations.yaml 64 10 63 13 13 7 2025-03-05 2025-04-24 dhwani.shah@crestdatasys.com v-prasadboke@microsoft.com Solutions/Corelight/Parsers/corelight_capture_loss.yaml 28 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_http.yaml 205 58 590 13 91 34 2023-09-25 2025-04-24 eldon.koyle@corelight.com v-prasadboke@microsoft.com Solutions/Corelight/Parsers/corelight_corelight_metrics_iface.yaml 164 9 63 13 10 7 2025-03-05 2025-04-24 dhwani.shah@crestdatasys.com v-prasadboke@microsoft.com Solutions/Corelight/Parsers/corelight_stats.yaml 48 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_dnp3.yaml 31 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_zeek_doctor.yaml 30 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_ftp.yaml 107 48 590 58 80 30 2023-09-25 2025-03-10 eldon.koyle@corelight.com idoshabi@microsoft.com Solutions/Corelight/Parsers/corelight_http_red.yaml 53 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_bacnet.yaml 33 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_mqtt_subscribe.yaml 33 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_log4shell.yaml 35 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_sip.yaml 49 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_rfb.yaml 38 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_profinet_debug.yaml 29 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_smb_files.yaml 125 34 590 13 61 27 2023-09-25 2025-04-24 eldon.koyle@corelight.com v-prasadboke@microsoft.com Solutions/Corelight/Parsers/corelight_kerberos.yaml 42 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_known_services.yaml 35 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_corelight_metrics_zeek_doctor.yaml 67 9 63 13 10 7 2025-03-05 2025-04-24 dhwani.shah@crestdatasys.com v-prasadboke@microsoft.com Solutions/Corelight/Parsers/corelight_ocsp.yaml 33 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_intel.yaml 101 34 590 13 61 27 2023-09-25 2025-04-24 eldon.koyle@corelight.com v-prasadboke@microsoft.com Solutions/Corelight/Parsers/corelight_mqtt_connect.yaml 34 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_util_stats.yaml 24 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_rdp.yaml 117 48 590 58 80 30 2023-09-25 2025-03-10 eldon.koyle@corelight.com idoshabi@microsoft.com Solutions/Corelight/Parsers/corelight_suricata_corelight.yaml 207 35 590 13 62 27 2023-09-25 2025-04-24 eldon.koyle@corelight.com v-prasadboke@microsoft.com Solutions/Corelight/Parsers/corelight_profinet.yaml 33 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_radius.yaml 36 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_openflow.yaml 56 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_smb_mapping.yaml 97 34 590 13 61 27 2023-09-25 2025-04-24 eldon.koyle@corelight.com v-prasadboke@microsoft.com Solutions/Corelight/Parsers/corelight_packet_filter.yaml 27 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_corelight_metrics_disk.yaml 968 9 63 13 10 7 2025-03-05 2025-04-24 dhwani.shah@crestdatasys.com v-prasadboke@microsoft.com Solutions/Corelight/Parsers/corelight_suricata_eve.yaml 24 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_known_hosts.yaml 33 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_tunnel.yaml 30 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_stepping.yaml 35 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_cip.yaml 31 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_unknown_smartpcap.yaml 26 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_notice.yaml 146 34 590 13 61 27 2023-09-25 2025-04-24 eldon.koyle@corelight.com v-prasadboke@microsoft.com Solutions/Corelight/Parsers/corelight_known_users.yaml 33 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_dga.yaml 33 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_socks.yaml 38 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_mysql.yaml 87 34 590 13 61 27 2023-09-25 2025-04-24 eldon.koyle@corelight.com v-prasadboke@microsoft.com Solutions/Corelight/Parsers/corelight_ipsec.yaml 52 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_ssl_red.yaml 43 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_mqtt_publish.yaml 35 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_conn_red.yaml 64 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_corelight_burst.yaml 33 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_ntlm.yaml 35 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_weird.yaml 32 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_conn_long.yaml 64 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_traceroute.yaml 26 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_known_devices.yaml 33 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_dns.yaml 167 48 590 58 80 30 2023-09-25 2025-03-10 eldon.koyle@corelight.com idoshabi@microsoft.com Solutions/Corelight/Parsers/corelight_datared.yaml 41 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_local_subnets.yaml 31 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_conn.yaml 198 48 590 58 80 30 2023-09-25 2025-03-10 eldon.koyle@corelight.com idoshabi@microsoft.com Solutions/Corelight/Parsers/corelight_smartpcap_stats.yaml 44 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_iso_cotp.yaml 29 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_profinet_dce_rpc.yaml 35 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_enip.yaml 34 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_suricata_stats.yaml 24 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_weird_red.yaml 33 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_software.yaml 74 34 590 13 61 27 2023-09-25 2025-04-24 eldon.koyle@corelight.com v-prasadboke@microsoft.com Solutions/Corelight/Parsers/corelight_corelight_profiling.yaml 27 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_x509.yaml 171 48 590 58 80 30 2023-09-25 2025-03-10 eldon.koyle@corelight.com idoshabi@microsoft.com Solutions/Corelight/Parsers/corelight_weird_stats.yaml 25 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_known_remotes.yaml 28 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_corelight_overall_capture_loss.yaml 26 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_known_domains.yaml 32 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_smtp_links.yaml 31 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_files.yaml 137 57 590 13 90 34 2023-09-25 2025-04-24 eldon.koyle@corelight.com v-prasadboke@microsoft.com Solutions/Corelight/Parsers/corelight_local_subnets_graphs.yaml 28 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_syslog.yaml 32 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_vpn.yaml 177 48 590 58 80 30 2023-09-25 2025-03-10 eldon.koyle@corelight.com idoshabi@microsoft.com Solutions/Corelight/Parsers/corelight_x509_red.yaml 44 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_dpd.yaml 31 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_snmp.yaml 37 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_smtp.yaml 129 34 590 13 61 27 2023-09-25 2025-04-24 eldon.koyle@corelight.com v-prasadboke@microsoft.com Solutions/Corelight/Parsers/corelight_dns_red.yaml 33 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_suricata_zeek_stats.yaml 30 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_ssl.yaml 133 57 590 13 90 34 2023-09-25 2025-04-24 eldon.koyle@corelight.com v-prasadboke@microsoft.com Solutions/Corelight/Parsers/corelight_irc.yaml 37 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_known_certs.yaml 36 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_wireguard.yaml 31 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_corelight_metrics_memory.yaml 63 9 63 13 10 7 2025-03-05 2025-04-24 dhwani.shah@crestdatasys.com v-prasadboke@microsoft.com Solutions/Corelight/Parsers/corelight_tds_sql_batch.yaml 30 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_etc_viz.yaml 111 48 590 58 80 30 2023-09-25 2025-03-10 eldon.koyle@corelight.com idoshabi@microsoft.com Solutions/Corelight/Parsers/corelight_enip_debug.yaml 29 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_ntp.yaml 41 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_stun.yaml 35 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_reporter.yaml 26 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_generic_dns_tunnels.yaml 27 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_dce_rpc.yaml 32 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_s7comm.yaml 97 34 590 13 61 27 2023-09-25 2025-04-24 eldon.koyle@corelight.com v-prasadboke@microsoft.com Solutions/Corelight/Parsers/corelight_http2.yaml 46 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_encrypted_dns.yaml 29 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_dhcp.yaml 37 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_smartpcap.yaml 24 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_stun_nat.yaml 33 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_enip_list_identity.yaml 37 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_tds_rpc.yaml 30 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_generic_icmp_tunnels.yaml 32 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_pe.yaml 39 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_known_names.yaml 32 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_modbus.yaml 30 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_local_subnets_dj.yaml 28 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_corelight_metrics_system.yaml 61 9 63 13 10 7 2025-03-05 2025-04-24 dhwani.shah@crestdatasys.com v-prasadboke@microsoft.com Solutions/Corelight/Parsers/corelight_specific_dns_tunnels.yaml 32 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_signatures.yaml 34 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_files_red.yaml 47 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_ssh.yaml 162 48 590 58 80 30 2023-09-25 2025-03-10 eldon.koyle@corelight.com idoshabi@microsoft.com Solutions/Corelight/Parsers/corelight_tds.yaml 29 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Parsers/corelight_icmp_specific_tunnels.yaml 33 25 590 293 51 21 2023-09-25 2024-07-18 eldon.koyle@corelight.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Analytic Rules/CorelightMultipleCompressedFilesTransferredOverHTTP.yaml 34 138 1498 259 224 103 2021-03-31 2024-08-21 v-elforb@microsoft.com nilepagn@microsoft.com Solutions/Corelight/Analytic Rules/CorelightMultipleFilesSentOverHTTPAbnormalRequests.yaml 35 124 1498 293 187 96 2021-03-31 2024-07-18 v-elforb@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Analytic Rules/CorelightSMTPEmailSubjectNonAsciiCharacters.yaml 36 103 1498 293 158 81 2021-03-31 2024-07-18 v-elforb@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Analytic Rules/CorelightPossibleWebshellRarePOST.yaml 36 127 1498 293 191 98 2021-03-31 2024-07-18 v-elforb@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Analytic Rules/CorelightPossibleWebshell.yaml 33 124 1498 293 185 95 2021-03-31 2024-07-18 v-elforb@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Analytic Rules/CorelightExternalProxyDetected.yaml 31 102 1498 293 155 81 2021-03-31 2024-07-18 v-elforb@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Analytic Rules/CorelightC2RepetitiveFailures.yaml 35 138 1498 259 224 103 2021-03-31 2024-08-21 v-elforb@microsoft.com nilepagn@microsoft.com Solutions/Corelight/Analytic Rules/CorelightForcedExternalOutboundSMB.yaml 33 111 1498 293 169 85 2021-03-31 2024-07-18 v-elforb@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Analytic Rules/CorelightTypoSquattingOrPunycodePhishingHTTPRequest.yaml 31 102 1498 293 155 81 2021-03-31 2024-07-18 v-elforb@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Corelight/Analytic Rules/CorelightNetworkServiceScanning.yaml 37 109 1498 293 165 86 2021-03-31 2024-07-18 v-elforb@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Netskopev2/Parsers/EventsNetwork.yaml 165 24 399 261 29 20 2024-04-03 2024-08-19 nipun.brahmbhatt@crestdatasys.com v-prasadboke@microsoft.com Solutions/Netskopev2/Parsers/EventsConnection.yaml 131 24 399 261 29 20 2024-04-03 2024-08-19 nipun.brahmbhatt@crestdatasys.com v-prasadboke@microsoft.com Solutions/Netskopev2/Parsers/AlertsCtep.yaml 153 24 399 261 29 20 2024-04-03 2024-08-19 nipun.brahmbhatt@crestdatasys.com v-prasadboke@microsoft.com Solutions/Netskopev2/Parsers/AlertsQuarantine.yaml 157 24 399 261 29 20 2024-04-03 2024-08-19 nipun.brahmbhatt@crestdatasys.com v-prasadboke@microsoft.com Solutions/Netskopev2/Parsers/EventsApplication.yaml 323 24 399 261 29 20 2024-04-03 2024-08-19 nipun.brahmbhatt@crestdatasys.com v-prasadboke@microsoft.com Solutions/Netskopev2/Parsers/EventsAudit.yaml 63 24 399 261 29 20 2024-04-03 2024-08-19 nipun.brahmbhatt@crestdatasys.com v-prasadboke@microsoft.com Solutions/Netskopev2/Parsers/EventIncident.yaml 134 24 399 261 29 20 2024-04-03 2024-08-19 nipun.brahmbhatt@crestdatasys.com v-prasadboke@microsoft.com Solutions/Netskopev2/Parsers/AlertsPolicy.yaml 447 24 399 261 29 20 2024-04-03 2024-08-19 nipun.brahmbhatt@crestdatasys.com v-prasadboke@microsoft.com Solutions/Netskopev2/Parsers/AlertsUba.yaml 326 24 399 261 29 20 2024-04-03 2024-08-19 nipun.brahmbhatt@crestdatasys.com v-prasadboke@microsoft.com Solutions/Netskopev2/Parsers/AlertsSecurityAssessment.yaml 129 24 399 261 29 20 2024-04-03 2024-08-19 nipun.brahmbhatt@crestdatasys.com v-prasadboke@microsoft.com Solutions/Netskopev2/Parsers/AlertsDLP.yaml 319 24 399 261 29 20 2024-04-03 2024-08-19 nipun.brahmbhatt@crestdatasys.com v-prasadboke@microsoft.com Solutions/Netskopev2/Parsers/AlertsMalsite.yaml 261 24 399 261 29 20 2024-04-03 2024-08-19 nipun.brahmbhatt@crestdatasys.com v-prasadboke@microsoft.com Solutions/Netskopev2/Parsers/AlertsCompromisedCredential.yaml 102 24 399 261 29 20 2024-04-03 2024-08-19 nipun.brahmbhatt@crestdatasys.com v-prasadboke@microsoft.com Solutions/Netskopev2/Parsers/AlertsRemediation.yaml 205 24 399 261 29 20 2024-04-03 2024-08-19 nipun.brahmbhatt@crestdatasys.com v-prasadboke@microsoft.com Solutions/Netskopev2/Parsers/EventsPage.yaml 203 24 399 261 29 20 2024-04-03 2024-08-19 nipun.brahmbhatt@crestdatasys.com v-prasadboke@microsoft.com Solutions/Netskopev2/Parsers/NetskopeWebTransactions.yaml 333 24 399 261 29 20 2024-04-03 2024-08-19 nipun.brahmbhatt@crestdatasys.com v-prasadboke@microsoft.com Solutions/Netskopev2/Parsers/AlertsMalware.yaml 289 24 399 261 29 20 2024-04-03 2024-08-19 nipun.brahmbhatt@crestdatasys.com v-prasadboke@microsoft.com Solutions/Netskopev2/Analytic Rules/NetskopeWebTxErrors.yaml 38 24 399 261 29 20 2024-04-03 2024-08-19 nipun.brahmbhatt@crestdatasys.com v-prasadboke@microsoft.com Solutions/Netskopev2/Data Connectors/NetskopeDataConnector/WebTxMetrics/sentinel.py 93 24 399 261 29 20 2024-04-03 2024-08-19 nipun.brahmbhatt@crestdatasys.com v-prasadboke@microsoft.com Solutions/Netskopev2/Data Connectors/NetskopeDataConnector/WebTxMetrics/__init__.py 10 24 399 261 29 20 2024-04-03 2024-08-19 nipun.brahmbhatt@crestdatasys.com v-prasadboke@microsoft.com Solutions/Netskopev2/Data Connectors/NetskopeDataConnector/WebTxMetrics/ingest_message.py 125 25 399 261 30 20 2024-04-03 2024-08-19 nipun.brahmbhatt@crestdatasys.com v-prasadboke@microsoft.com Solutions/Netskopev2/Data Connectors/NetskopeDataConnector/SharedCode/__init__.py 1 24 399 261 29 20 2024-04-03 2024-08-19 nipun.brahmbhatt@crestdatasys.com v-prasadboke@microsoft.com Solutions/Netskopev2/Data Connectors/NetskopeDataConnector/SharedCode/netskope_exception.py 3 24 399 261 29 20 2024-04-03 2024-08-19 nipun.brahmbhatt@crestdatasys.com v-prasadboke@microsoft.com Solutions/Netskopev2/Data Connectors/NetskopeDataConnector/SharedCode/validate_params.py 53 24 399 261 29 20 2024-04-03 2024-08-19 nipun.brahmbhatt@crestdatasys.com v-prasadboke@microsoft.com Solutions/Netskopev2/Data Connectors/NetskopeDataConnector/SharedCode/state_manager.py 49 24 399 261 29 20 2024-04-03 2024-08-19 nipun.brahmbhatt@crestdatasys.com v-prasadboke@microsoft.com Solutions/Netskopev2/Data Connectors/NetskopeDataConnector/SharedCode/utils.py 20 24 399 261 29 20 2024-04-03 2024-08-19 nipun.brahmbhatt@crestdatasys.com v-prasadboke@microsoft.com Solutions/Netskopev2/Data Connectors/NetskopeDataConnector/SharedCode/consts.py 25 24 399 261 29 20 2024-04-03 2024-08-19 nipun.brahmbhatt@crestdatasys.com v-prasadboke@microsoft.com Solutions/Netskopev2/Data Connectors/NetskopeDataConnector/SharedCode/logger.py 21 24 399 261 29 20 2024-04-03 2024-08-19 nipun.brahmbhatt@crestdatasys.com v-prasadboke@microsoft.com Solutions/Netskopev2/Data Connectors/NetskopeDataConnector/NetskopeToAzureStorage/netskope_api_async.py 164 24 399 261 29 20 2024-04-03 2024-08-19 nipun.brahmbhatt@crestdatasys.com v-prasadboke@microsoft.com Solutions/Netskopev2/Data Connectors/NetskopeDataConnector/NetskopeToAzureStorage/__init__.py 15 24 399 261 29 20 2024-04-03 2024-08-19 nipun.brahmbhatt@crestdatasys.com v-prasadboke@microsoft.com Solutions/Netskopev2/Data Connectors/NetskopeDataConnector/NetskopeToAzureStorage/netskope_to_azure_storage.py 699 24 399 261 29 20 2024-04-03 2024-08-19 nipun.brahmbhatt@crestdatasys.com v-prasadboke@microsoft.com Solutions/Netskopev2/Data Connectors/NetskopeDataConnector/StorageToSentinel/sentinel.py 93 24 399 261 29 20 2024-04-03 2024-08-19 nipun.brahmbhatt@crestdatasys.com v-prasadboke@microsoft.com Solutions/Netskopev2/Data Connectors/NetskopeDataConnector/StorageToSentinel/netskope_azure_storage_to_sentinel.py 320 24 399 261 29 20 2024-04-03 2024-08-19 nipun.brahmbhatt@crestdatasys.com v-prasadboke@microsoft.com Solutions/Netskopev2/Data Connectors/NetskopeDataConnector/StorageToSentinel/__init__.py 43 24 399 261 29 20 2024-04-03 2024-08-19 nipun.brahmbhatt@crestdatasys.com v-prasadboke@microsoft.com Solutions/Netskopev2/Data Connectors/NetskopeDataConnector/StorageToSentinel/remove_duplicates_in_azure_storage.py 411 24 399 261 29 20 2024-04-03 2024-08-19 nipun.brahmbhatt@crestdatasys.com v-prasadboke@microsoft.com Solutions/vArmour Application Controller/Analytic Rules/vArmourApplicationControllerSMBRealmTraversal.yaml 43 74 1063 259 146 54 2022-06-09 2024-08-21 104008048+v-atulyadav@users.noreply.github.com nilepagn@microsoft.com Solutions/Zinc Open Source/Analytic Rules/ZincOctober2022_Filename_Commandline_IOC.yaml 76 82 950 293 137 78 2022-09-30 2024-07-18 nevermoe@nevermoes-macbook-pro.local 164491672+shishirdw@users.noreply.github.com Solutions/Zinc Open Source/Analytic Rules/ZincOctober2022_IP_Domain_Hash_IOC.yaml 195 116 950 261 210 92 2022-09-30 2024-08-19 nevermoe@nevermoes-macbook-pro.local v-prasadboke@microsoft.com Solutions/Zinc Open Source/Analytic Rules/ZincOctober2022_AVHits_IOC.yaml 49 72 950 261 107 67 2022-09-30 2024-08-19 nevermoe@nevermoes-macbook-pro.local v-prasadboke@microsoft.com Solutions/RubrikSecurityCloud/Data Connectors/RubrikWebhookEvents/RubrikEventsOrchestrator/__init__.py 14 15 169 58 21 11 2024-11-19 2025-03-10 dhwani.shah@crestdata.ai idoshabi@microsoft.com Solutions/RubrikSecurityCloud/Data Connectors/RubrikWebhookEvents/RubrikRansomwareOrchestrator/__init__.py 16 39 547 58 79 38 2023-11-07 2025-03-10 oskar.borjesson@recordedfuture.com idoshabi@microsoft.com Solutions/RubrikSecurityCloud/Data Connectors/RubrikWebhookEvents/RubrikActivity/sentinel.py 99 25 547 293 61 29 2023-11-07 2024-07-18 oskar.borjesson@recordedfuture.com 164491672+shishirdw@users.noreply.github.com Solutions/RubrikSecurityCloud/Data Connectors/RubrikWebhookEvents/RubrikActivity/__init__.py 34 24 547 293 58 29 2023-11-07 2024-07-18 oskar.borjesson@recordedfuture.com 164491672+shishirdw@users.noreply.github.com Solutions/RubrikSecurityCloud/Data Connectors/RubrikWebhookEvents/RubrikActivity/rubrik.py 70 24 547 293 58 29 2023-11-07 2024-07-18 oskar.borjesson@recordedfuture.com 164491672+shishirdw@users.noreply.github.com Solutions/RubrikSecurityCloud/Data Connectors/RubrikWebhookEvents/RubrikAnomalyOrchestrator/__init__.py 14 39 547 58 79 38 2023-11-07 2025-03-10 oskar.borjesson@recordedfuture.com idoshabi@microsoft.com Solutions/RubrikSecurityCloud/Data Connectors/RubrikWebhookEvents/RubrikThreathuntOrchestrator/__init__.py 16 39 547 58 79 38 2023-11-07 2025-03-10 oskar.borjesson@recordedfuture.com idoshabi@microsoft.com Solutions/RubrikSecurityCloud/Data Connectors/RubrikWebhookEvents/shared_code/consts.py 10 39 547 58 79 38 2023-11-07 2025-03-10 oskar.borjesson@recordedfuture.com idoshabi@microsoft.com Solutions/RubrikSecurityCloud/Data Connectors/RubrikWebhookEvents/shared_code/rubrik_exception.py 3 25 547 293 61 29 2023-11-07 2024-07-18 oskar.borjesson@recordedfuture.com 164491672+shishirdw@users.noreply.github.com Solutions/RubrikSecurityCloud/Data Connectors/RubrikWebhookEvents/shared_code/logger.py 12 24 547 293 58 29 2023-11-07 2024-07-18 oskar.borjesson@recordedfuture.com 164491672+shishirdw@users.noreply.github.com Solutions/RubrikSecurityCloud/Data Connectors/RubrikWebhookEvents/RubrikHttpStarter/__init__.py 55 39 547 58 79 38 2023-11-07 2025-03-10 oskar.borjesson@recordedfuture.com idoshabi@microsoft.com Solutions/SlackAudit/Hunting Queries/SlackAuditSuspiciousFilesDownloaded.yaml 32 53 1505 576 77 53 2021-03-24 2023-10-09 tj@senserva.com mrudula.oruganti@gigamon.com Solutions/SlackAudit/Hunting Queries/SlackAuditApplicationsInstalled.yaml 24 20 1505 576 25 22 2021-03-24 2023-10-09 tj@senserva.com mrudula.oruganti@gigamon.com Solutions/SlackAudit/Hunting Queries/SlackAuditUserPermissionsChanged.yaml 23 20 1505 576 25 22 2021-03-24 2023-10-09 tj@senserva.com mrudula.oruganti@gigamon.com Solutions/SlackAudit/Hunting Queries/SlackAuditUploadedFilesByUser.yaml 26 53 1505 576 77 53 2021-03-24 2023-10-09 tj@senserva.com mrudula.oruganti@gigamon.com Solutions/SlackAudit/Hunting Queries/SlackAuditDeactivatedUsers.yaml 24 20 1505 576 25 22 2021-03-24 2023-10-09 tj@senserva.com mrudula.oruganti@gigamon.com Solutions/SlackAudit/Hunting Queries/SlackAuditDownloadedFilesByUser.yaml 27 20 1505 576 25 22 2021-03-24 2023-10-09 tj@senserva.com mrudula.oruganti@gigamon.com Solutions/SlackAudit/Hunting Queries/SlackAuditNewUsers.yaml 28 20 1505 576 25 22 2021-03-24 2023-10-09 tj@senserva.com mrudula.oruganti@gigamon.com Solutions/SlackAudit/Hunting Queries/SlackAuditUserLoginsByIP.yaml 25 53 1505 576 77 53 2021-03-24 2023-10-09 tj@senserva.com mrudula.oruganti@gigamon.com Solutions/SlackAudit/Hunting Queries/SlackAuditUsersJoinedChannelsWithoutInvites.yaml 25 20 1505 576 25 22 2021-03-24 2023-10-09 tj@senserva.com mrudula.oruganti@gigamon.com Solutions/SlackAudit/Hunting Queries/SlackAuditFailedLoginsUnknownUsername.yaml 38 20 1505 576 25 22 2021-03-24 2023-10-09 tj@senserva.com mrudula.oruganti@gigamon.com Solutions/SlackAudit/Parsers/SlackAudit.yaml 170 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/SlackAudit/Analytic Rules/SlackAuditEmptyUA.yaml 29 75 1505 576 108 69 2021-03-24 2023-10-09 tj@senserva.com mrudula.oruganti@gigamon.com Solutions/SlackAudit/Analytic Rules/SlackAuditMultipleArchivedFilesUploadedInShortTimePeriod.yaml 34 75 1505 576 108 69 2021-03-24 2023-10-09 tj@senserva.com mrudula.oruganti@gigamon.com Solutions/SlackAudit/Analytic Rules/SlackAuditSensitiveFile.yaml 35 75 1505 576 108 69 2021-03-24 2023-10-09 tj@senserva.com mrudula.oruganti@gigamon.com Solutions/SlackAudit/Analytic Rules/SlackAuditUserEmailChanged.yaml 39 75 1505 576 108 69 2021-03-24 2023-10-09 tj@senserva.com mrudula.oruganti@gigamon.com Solutions/SlackAudit/Analytic Rules/SlackAuditUserChangedToAdminOrOwner.yaml 31 75 1505 576 108 69 2021-03-24 2023-10-09 tj@senserva.com mrudula.oruganti@gigamon.com Solutions/SlackAudit/Analytic Rules/SlackAuditMultipleFailedLoginsForUser.yaml 32 75 1505 576 108 69 2021-03-24 2023-10-09 tj@senserva.com mrudula.oruganti@gigamon.com Solutions/SlackAudit/Analytic Rules/SlackAuditUserLoginAfterDeactivated.yaml 44 75 1505 576 108 69 2021-03-24 2023-10-09 tj@senserva.com mrudula.oruganti@gigamon.com Solutions/SlackAudit/Analytic Rules/SlackAuditUnknownUA.yaml 34 104 1505 259 168 89 2021-03-24 2024-08-21 tj@senserva.com nilepagn@microsoft.com Solutions/SlackAudit/Analytic Rules/SlackAuditSuspiciousFileDownloaded.yaml 39 75 1505 576 108 69 2021-03-24 2023-10-09 tj@senserva.com mrudula.oruganti@gigamon.com Solutions/SlackAudit/Data Connectors/SlackAuditAPISentinelConnector/__init__.py 278 20 1505 576 25 22 2021-03-24 2023-10-09 tj@senserva.com mrudula.oruganti@gigamon.com Solutions/SlackAudit/Data Connectors/SlackAuditAPISentinelConnector/state_manager.py 18 20 1505 576 25 22 2021-03-24 2023-10-09 tj@senserva.com mrudula.oruganti@gigamon.com Solutions/MicrosoftDefenderForEndpoint/Hunting Queries/MDE_Process-IOCs.yaml 55 62 1135 259 120 53 2022-03-29 2024-08-21 maniskumar@microsoft.com nilepagn@microsoft.com Solutions/MicrosoftDefenderForEndpoint/Hunting Queries/MDE_Usage.yaml 58 47 1135 293 79 45 2022-03-29 2024-07-18 maniskumar@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/MicrosoftDefenderForEndpoint/Parsers/AssignedIPAddress.yaml 23 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/MicrosoftDefenderForEndpoint/Parsers/Devicefromip.yaml 22 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/MicrosoftDefenderForEndpoint/Analytic Rules/AquaBlizzardAVHits.yaml 58 47 730 106 78 48 2023-05-08 2025-01-21 50784041+anders-alex@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Citrix ADC/Parsers/CitrixADCEventOld.yaml 168 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/IronNet IronDefense/Analytic Rules/IronDefense_Detection_Query.yaml 63 67 1413 576 108 60 2021-06-24 2023-10-09 caroline_sacumen@outlook.com mrudula.oruganti@gigamon.com Solutions/CohesitySecurity/build.ps1 2 27 804 457 41 26 2023-02-23 2024-02-05 mkchiliveri@gmail.com 86425481+seanmacdonald8@users.noreply.github.com Solutions/CohesitySecurity/Tools/Cohesity_Playbook_ARM_Template_Generator.ps1 445 27 804 457 41 26 2023-02-23 2024-02-05 mkchiliveri@gmail.com 86425481+seanmacdonald8@users.noreply.github.com Solutions/CohesitySecurity/Data Connectors/Helios2Sentinel/IncidentConsumer/IncidentConsumer.cs 105 30 804 457 45 27 2023-02-23 2024-02-05 mkchiliveri@gmail.com 86425481+seanmacdonald8@users.noreply.github.com Solutions/CohesitySecurity/Data Connectors/Helios2Sentinel/remove.py 37 43 804 457 65 38 2023-02-23 2024-02-05 mkchiliveri@gmail.com 86425481+seanmacdonald8@users.noreply.github.com Solutions/CohesitySecurity/Data Connectors/Helios2Sentinel/deploy.py 20 42 804 457 64 37 2023-02-23 2024-02-05 mkchiliveri@gmail.com 86425481+seanmacdonald8@users.noreply.github.com Solutions/CohesitySecurity/Data Connectors/Helios2Sentinel/IncidentProducer/IncidentProducer.cs 376 83 804 58 138 59 2023-02-23 2025-03-10 mkchiliveri@gmail.com idoshabi@microsoft.com Solutions/CohesitySecurity/build_one_solution.ps1 1315 30 804 457 45 27 2023-02-23 2024-02-05 mkchiliveri@gmail.com 86425481+seanmacdonald8@users.noreply.github.com Solutions/Cloud Identity Threat Protection Essentials/Hunting Queries/DisabledAccountSigninAttempts.yaml 43 119 870 268 219 84 2022-12-19 2024-08-12 github@shezaf.com 62938807+haim-na@users.noreply.github.com Solutions/Cloud Identity Threat Protection Essentials/Hunting Queries/StsRefreshTokenModification.yaml 67 95 870 293 157 74 2022-12-19 2024-07-18 github@shezaf.com 164491672+shishirdw@users.noreply.github.com Solutions/Cloud Identity Threat Protection Essentials/Hunting Queries/DisabledAccountSigninAttemptsByIP.yaml 28 52 870 293 76 47 2022-12-19 2024-07-18 github@shezaf.com 164491672+shishirdw@users.noreply.github.com Solutions/Cloud Identity Threat Protection Essentials/Hunting Queries/Signins-from-NordVPN-Providers.yaml 72 134 870 268 248 89 2022-12-19 2024-08-12 github@shezaf.com 62938807+haim-na@users.noreply.github.com Solutions/Cloud Identity Threat Protection Essentials/Hunting Queries/ApplicationGrantedEWSPermissions.yaml 54 71 870 293 103 60 2022-12-19 2024-07-18 github@shezaf.com 164491672+shishirdw@users.noreply.github.com Solutions/Cloud Identity Threat Protection Essentials/Hunting Queries/SuspiciousSignintoPrivilegedAccount.yaml 92 129 870 268 240 88 2022-12-19 2024-08-12 github@shezaf.com 62938807+haim-na@users.noreply.github.com Solutions/Cloud Identity Threat Protection Essentials/Hunting Queries/Signins-From-VPS-Providers.yaml 8 148 870 259 292 97 2022-12-19 2024-08-21 github@shezaf.com nilepagn@microsoft.com Solutions/Cloud Identity Threat Protection Essentials/Hunting Queries/UserGrantedAccess_GrantsOthersAccess.yaml 76 52 870 293 76 47 2022-12-19 2024-07-18 github@shezaf.com 164491672+shishirdw@users.noreply.github.com Solutions/Cloud Identity Threat Protection Essentials/Analytic Rules/MFADisable.yaml 58 75 870 293 114 63 2022-12-19 2024-07-18 github@shezaf.com 164491672+shishirdw@users.noreply.github.com Solutions/Cloud Identity Threat Protection Essentials/Analytic Rules/NewExtUserGrantedAdmin.yaml 87 87 870 261 130 69 2022-12-19 2024-08-19 github@shezaf.com v-prasadboke@microsoft.com Solutions/Team Cymru Scout/Parsers/CymruScoutSummaryTopCerts.yaml 48 23 273 58 29 13 2024-08-07 2025-03-10 nirali.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Team Cymru Scout/Parsers/CymruScoutTopTagsByIP.yaml 32 23 273 58 29 13 2024-08-07 2025-03-10 nirali.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Team Cymru Scout/Parsers/CymruScoutTopServicesByIP.yaml 32 23 273 58 29 13 2024-08-07 2025-03-10 nirali.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Team Cymru Scout/Parsers/CymruScoutDomainData.yaml 26 23 273 58 29 13 2024-08-07 2025-03-10 nirali.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Team Cymru Scout/Parsers/CymruScoutSummaryTopFingerprints.yaml 32 23 273 58 29 13 2024-08-07 2025-03-10 nirali.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Team Cymru Scout/Parsers/CymruScoutIdentity.yaml 28 23 273 58 29 13 2024-08-07 2025-03-10 nirali.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Team Cymru Scout/Parsers/CymruScoutTopAsnsByIP.yaml 32 23 273 58 29 13 2024-08-07 2025-03-10 nirali.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Team Cymru Scout/Parsers/CymruScoutSummaryTopPdns.yaml 28 23 273 58 29 13 2024-08-07 2025-03-10 nirali.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Team Cymru Scout/Parsers/CymruScoutSummary.yaml 56 23 273 58 29 13 2024-08-07 2025-03-10 nirali.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Team Cymru Scout/Parsers/CymruScoutWhois.yaml 110 23 273 58 29 13 2024-08-07 2025-03-10 nirali.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Team Cymru Scout/Parsers/CymruScoutTopCountryCodesByIP.yaml 32 23 273 58 29 13 2024-08-07 2025-03-10 nirali.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Team Cymru Scout/Parsers/CymruScoutAccountUsage.yaml 16 22 273 58 28 13 2024-08-07 2025-03-10 nirali.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Team Cymru Scout/Parsers/CymruScoutSummaryTopOpenPorts.yaml 34 23 273 58 29 13 2024-08-07 2025-03-10 nirali.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Team Cymru Scout/Parsers/CymruScoutDomain.yaml 43 23 273 58 29 13 2024-08-07 2025-03-10 nirali.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Team Cymru Scout/Parsers/CymruScoutProtoByIP.yaml 34 23 273 58 29 13 2024-08-07 2025-03-10 nirali.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Team Cymru Scout/Parsers/CymruScoutCorrelate.yaml 70 24 273 58 30 13 2024-08-07 2025-03-10 nirali.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Team Cymru Scout/Parsers/CymruScoutIP.yaml 92 34 273 13 42 16 2024-08-07 2025-04-24 nirali.shah@crestdatasys.com v-prasadboke@microsoft.com Solutions/Team Cymru Scout/Data Connectors/TeamCymruScout/IPDataCollector/__init__.py 12 23 273 58 29 14 2024-08-07 2025-03-10 nirali.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Team Cymru Scout/Data Connectors/TeamCymruScout/IPDataCollector/ip_collector.py 252 23 273 58 29 14 2024-08-07 2025-03-10 nirali.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Team Cymru Scout/Data Connectors/TeamCymruScout/DomainDataCollector/__init__.py 12 23 273 58 29 14 2024-08-07 2025-03-10 nirali.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Team Cymru Scout/Data Connectors/TeamCymruScout/DomainDataCollector/domain_collector.py 87 23 273 58 29 14 2024-08-07 2025-03-10 nirali.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Team Cymru Scout/Data Connectors/TeamCymruScout/SharedCode/sentinel.py 197 24 273 58 30 14 2024-08-07 2025-03-10 nirali.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Team Cymru Scout/Data Connectors/TeamCymruScout/SharedCode/teamcymruscout_client.py 173 24 273 58 30 14 2024-08-07 2025-03-10 nirali.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Team Cymru Scout/Data Connectors/TeamCymruScout/SharedCode/__init__.py 1 22 273 58 28 13 2024-08-07 2025-03-10 nirali.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Team Cymru Scout/Data Connectors/TeamCymruScout/SharedCode/teamcymruscout_exception.py 9 23 273 58 29 14 2024-08-07 2025-03-10 nirali.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Team Cymru Scout/Data Connectors/TeamCymruScout/SharedCode/get_logs_data.py 52 23 273 58 29 14 2024-08-07 2025-03-10 nirali.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Team Cymru Scout/Data Connectors/TeamCymruScout/SharedCode/state_manager.py 18 24 273 58 30 14 2024-08-07 2025-03-10 nirali.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Team Cymru Scout/Data Connectors/TeamCymruScout/SharedCode/utils.py 147 25 273 58 31 14 2024-08-07 2025-03-10 nirali.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Team Cymru Scout/Data Connectors/TeamCymruScout/SharedCode/checkpoint_manager.py 32 24 273 58 30 14 2024-08-07 2025-03-10 nirali.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Team Cymru Scout/Data Connectors/TeamCymruScout/SharedCode/consts.py 48 23 273 58 29 14 2024-08-07 2025-03-10 nirali.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Team Cymru Scout/Data Connectors/TeamCymruScout/SharedCode/logger.py 12 23 273 58 29 14 2024-08-07 2025-03-10 nirali.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Team Cymru Scout/Data Connectors/TeamCymruScout/AccountUsageDataCollector/__init__.py 17 23 273 58 29 14 2024-08-07 2025-03-10 nirali.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Team Cymru Scout/Data Connectors/TeamCymruScout/AccountUsageDataCollector/account_usage_data.py 31 23 273 58 29 14 2024-08-07 2025-03-10 nirali.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Veritas NetBackup/Analytic Rules/NetBackup_many_login_fail.yaml 38 29 595 268 57 22 2023-09-20 2024-08-12 144793377+swapnildombaleveritas@users.noreply.github.com 62938807+haim-na@users.noreply.github.com Solutions/Veritas NetBackup/Analytic Rules/NetBackup_many_Anomalies.yaml 38 42 595 106 88 30 2023-09-20 2025-01-21 144793377+swapnildombaleveritas@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Mulesoft/Parsers/MuleSoftCloudhub.yaml 40 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Mulesoft/Data Connectors/MuleSoftCloudhubSentinelConnector/__init__.py 109 35 1030 576 51 28 2022-07-12 2023-10-09 v-atulyadav@microsoft.com mrudula.oruganti@gigamon.com Solutions/Mulesoft/Data Connectors/MuleSoftCloudhubSentinelConnector/rest_api.py 43 35 1030 576 51 28 2022-07-12 2023-10-09 v-atulyadav@microsoft.com mrudula.oruganti@gigamon.com Solutions/Mulesoft/Data Connectors/MuleSoftCloudhubSentinelConnector/state_manager.py 18 35 1030 576 51 28 2022-07-12 2023-10-09 v-atulyadav@microsoft.com mrudula.oruganti@gigamon.com Solutions/Alibaba Cloud/DataConnectors/AliCloudSentinelConnector/__init__.py 145 51 1045 576 89 41 2022-06-27 2023-10-09 v-amolpatil@microsoft.com mrudula.oruganti@gigamon.com Solutions/Alibaba Cloud/DataConnectors/AliCloudSentinelConnector/state_manager.py 18 32 1045 576 63 29 2022-06-27 2023-10-09 v-amolpatil@microsoft.com mrudula.oruganti@gigamon.com Solutions/Alibaba Cloud/Parsers/AliCloud.yaml 24 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/AtlassianConfluenceAudit/Parsers/ConfluenceAudit.yaml 76 40 624 8 80 36 2023-08-22 2025-04-29 mkchiliveri@gmail.com v-atulyadav@microsoft.com Solutions/AtlassianConfluenceAudit/Data Connectors/AtlassianConfluenceAuditDataConnector/ConfluenceAuditAPISentinelConnector/__init__.py 115 15 75 13 18 9 2025-02-21 2025-04-24 v-prasadboke@microsoft.com v-prasadboke@microsoft.com Solutions/AtlassianConfluenceAudit/Data Connectors/AtlassianConfluenceAuditDataConnector/ConfluenceAuditAPISentinelConnector/state_manager.py 18 15 75 13 18 9 2025-02-21 2025-04-24 v-prasadboke@microsoft.com v-prasadboke@microsoft.com Solutions/iboss/Parsers/ibossUrlEvent.yaml 42 50 624 106 91 42 2023-08-22 2025-01-21 mkchiliveri@gmail.com 128674128+v1managedservices@users.noreply.github.com Solutions/Flare/Analytic Rules/FlareHost.yaml 23 36 777 293 50 39 2023-03-22 2024-07-18 jc.taillandier@hotmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Flare/Analytic Rules/FlareCloudBucket.yaml 23 36 777 293 50 39 2023-03-22 2024-07-18 jc.taillandier@hotmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Flare/Analytic Rules/FlarePaste.yaml 23 36 777 293 50 39 2023-03-22 2024-07-18 jc.taillandier@hotmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Flare/Analytic Rules/FlareSSLcert.yaml 23 36 777 293 50 39 2023-03-22 2024-07-18 jc.taillandier@hotmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Flare/Analytic Rules/FlareSourceCode.yaml 23 36 777 293 50 39 2023-03-22 2024-07-18 jc.taillandier@hotmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Flare/Analytic Rules/FlareInfectedDevice.yaml 23 36 777 293 50 39 2023-03-22 2024-07-18 jc.taillandier@hotmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Flare/Analytic Rules/FlareDarkweb.yaml 23 36 777 293 50 39 2023-03-22 2024-07-18 jc.taillandier@hotmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Flare/Analytic Rules/FlareCredentialLeaks.yaml 23 55 821 293 86 48 2023-02-06 2024-07-18 v-sabiraj@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Flare/Analytic Rules/FlareDork.yaml 23 36 777 293 50 39 2023-03-22 2024-07-18 jc.taillandier@hotmail.com 164491672+shishirdw@users.noreply.github.com Solutions/GoogleCloudPlatformIAM/Hunting Queries/GCPIAMRareUA.yaml 33 20 1398 576 22 14 2021-07-09 2023-10-09 vu@socprime.com mrudula.oruganti@gigamon.com Solutions/GoogleCloudPlatformIAM/Hunting Queries/GCPIAMNewServiceAccountsKeys.yaml 30 20 1398 576 22 14 2021-07-09 2023-10-09 vu@socprime.com mrudula.oruganti@gigamon.com Solutions/GoogleCloudPlatformIAM/Hunting Queries/GCPIAMNewCustomRoles.yaml 30 20 1398 576 22 14 2021-07-09 2023-10-09 vu@socprime.com mrudula.oruganti@gigamon.com Solutions/GoogleCloudPlatformIAM/Hunting Queries/GCPIAMTopSrcIpAddrFailedActions.yaml 28 18 1398 576 20 14 2021-07-09 2023-10-09 vu@socprime.com mrudula.oruganti@gigamon.com Solutions/GoogleCloudPlatformIAM/Hunting Queries/GCPIAMRareActionUser.yaml 35 20 1398 576 22 14 2021-07-09 2023-10-09 vu@socprime.com mrudula.oruganti@gigamon.com Solutions/GoogleCloudPlatformIAM/Hunting Queries/GCPIAMDisabledServiceAccounts.yaml 30 20 1398 576 22 14 2021-07-09 2023-10-09 vu@socprime.com mrudula.oruganti@gigamon.com Solutions/GoogleCloudPlatformIAM/Hunting Queries/GCPIAMNewServiceAccounts.yaml 30 20 1398 576 22 14 2021-07-09 2023-10-09 vu@socprime.com mrudula.oruganti@gigamon.com Solutions/GoogleCloudPlatformIAM/Hunting Queries/GCPIAMDeletedServiceAccounts.yaml 30 20 1398 576 22 14 2021-07-09 2023-10-09 vu@socprime.com mrudula.oruganti@gigamon.com Solutions/GoogleCloudPlatformIAM/Hunting Queries/GCPIAMChangedRoles.yaml 19 20 1398 576 23 14 2021-07-09 2023-10-09 vu@socprime.com mrudula.oruganti@gigamon.com Solutions/GoogleCloudPlatformIAM/Hunting Queries/GCPIAMTopServiceAccountsFailedActions.yaml 27 18 1398 576 20 14 2021-07-09 2023-10-09 vu@socprime.com mrudula.oruganti@gigamon.com Solutions/GoogleCloudPlatformIAM/Analytic Rules/GCPIAMServiceAccountEnumeration.yaml 32 57 1398 576 81 43 2021-07-09 2023-10-09 vu@socprime.com mrudula.oruganti@gigamon.com Solutions/GoogleCloudPlatformIAM/Analytic Rules/GCPIAMNewServiceAccount.yaml 40 72 1398 106 116 55 2021-07-09 2025-01-21 vu@socprime.com 128674128+v1managedservices@users.noreply.github.com Solutions/GoogleCloudPlatformIAM/Analytic Rules/GCPIAMEmptyUA.yaml 37 72 1398 106 116 55 2021-07-09 2025-01-21 vu@socprime.com 128674128+v1managedservices@users.noreply.github.com Solutions/GoogleCloudPlatformIAM/Analytic Rules/GCPIAMDisableDataAccessLogging.yaml 39 79 1398 261 113 57 2021-07-09 2024-08-19 vu@socprime.com v-prasadboke@microsoft.com Solutions/GoogleCloudPlatformIAM/Analytic Rules/GCPIAMHighPrivilegedRoleAdded.yaml 43 72 1398 106 116 55 2021-07-09 2025-01-21 vu@socprime.com 128674128+v1managedservices@users.noreply.github.com Solutions/GoogleCloudPlatformIAM/Analytic Rules/GCPIAMPublicBucket.yaml 42 72 1398 106 116 55 2021-07-09 2025-01-21 vu@socprime.com 128674128+v1managedservices@users.noreply.github.com Solutions/GoogleCloudPlatformIAM/Analytic Rules/GCPIAMNewAuthenticationToken.yaml 41 72 1398 106 116 55 2021-07-09 2025-01-21 vu@socprime.com 128674128+v1managedservices@users.noreply.github.com Solutions/GoogleCloudPlatformIAM/Analytic Rules/GCPIAMServiceAccountKeysEnumeration.yaml 32 57 1398 576 81 43 2021-07-09 2023-10-09 vu@socprime.com mrudula.oruganti@gigamon.com Solutions/GoogleCloudPlatformIAM/Analytic Rules/GCPIAMPrivilegesEnumeration.yaml 32 57 1398 576 81 43 2021-07-09 2023-10-09 vu@socprime.com mrudula.oruganti@gigamon.com Solutions/GoogleCloudPlatformIAM/Analytic Rules/GCPIAMNewServiceAccountKey.yaml 41 72 1398 106 116 55 2021-07-09 2025-01-21 vu@socprime.com 128674128+v1managedservices@users.noreply.github.com Solutions/GoogleCloudPlatformIAM/Data Connectors/AzureFunctionGCPIAM/main.py 97 71 1442 293 112 65 2021-05-26 2024-07-18 vu@socprime.com 164491672+shishirdw@users.noreply.github.com Solutions/GoogleCloudPlatformIAM/Data Connectors/AzureFunctionGCPIAM/state_manager.py 18 20 1442 576 22 18 2021-05-26 2023-10-09 vu@socprime.com mrudula.oruganti@gigamon.com Solutions/GoogleCloudPlatformIAM/Data Connectors/AzureFunctionGCPIAM/sentinel_connector.py 90 40 1442 576 53 45 2021-05-26 2023-10-09 vu@socprime.com mrudula.oruganti@gigamon.com Solutions/Semperis Directory Services Protector/Parsers/dsp_parser.yaml 44 49 624 8 94 43 2023-08-22 2025-04-29 mkchiliveri@gmail.com v-atulyadav@microsoft.com Solutions/Semperis Directory Services Protector/Analytic Rules/Semperis_DSP_RBAC_Changes.yaml 61 86 777 8 161 67 2023-03-22 2025-04-29 aland@semperis.com v-atulyadav@microsoft.com Solutions/Semperis Directory Services Protector/Analytic Rules/Semperis_DSP_Failed_Logons.yaml 53 86 777 8 160 67 2023-03-22 2025-04-29 aland@semperis.com v-atulyadav@microsoft.com Solutions/Semperis Directory Services Protector/Analytic Rules/SemperisDSP_WellKnownPrivilegedSIDsInsIDHistory.yaml 33 76 1041 8 131 57 2022-07-01 2025-04-29 104008048+v-atulyadav@users.noreply.github.com v-atulyadav@microsoft.com Solutions/Semperis Directory Services Protector/Analytic Rules/SemperisDSP_RecentsIDHistoryChangesOnADObjects.yaml 33 91 1041 8 172 66 2022-07-01 2025-04-29 104008048+v-atulyadav@users.noreply.github.com v-atulyadav@microsoft.com Solutions/Semperis Directory Services Protector/Analytic Rules/SemperisDSP_ZerologonVulnerability.yaml 32 91 1041 8 171 65 2022-07-01 2025-04-29 104008048+v-atulyadav@users.noreply.github.com v-atulyadav@microsoft.com Solutions/Semperis Directory Services Protector/Analytic Rules/Semperis_DSP_Operations_Critical_Notifications_.yaml 55 87 777 8 162 67 2023-03-22 2025-04-29 aland@semperis.com v-atulyadav@microsoft.com Solutions/Semperis Directory Services Protector/Analytic Rules/SemperisDSP_EvidenceOfMimikatzDCShadowAttack.yaml 23 76 1041 8 131 57 2022-07-01 2025-04-29 104008048+v-atulyadav@users.noreply.github.com v-atulyadav@microsoft.com Solutions/Semperis Directory Services Protector/Analytic Rules/SemperisDSP_KerberoskrbtgtAccount.yaml 32 91 1041 8 171 65 2022-07-01 2025-04-29 104008048+v-atulyadav@users.noreply.github.com v-atulyadav@microsoft.com Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTUnauthorizedRemoteAccess.yaml 76 144 1290 57 257 102 2021-10-25 2025-03-11 54327442+thbanasi@users.noreply.github.com v-atulyadav@microsoft.com Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTPLCStopCommand.yaml 77 154 1290 57 274 109 2021-10-25 2025-03-11 54327442+thbanasi@users.noreply.github.com v-atulyadav@microsoft.com Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTNetworkScanning.yaml 76 144 1290 57 261 102 2021-10-25 2025-03-11 54327442+thbanasi@users.noreply.github.com v-atulyadav@microsoft.com Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTFirmwareUpdates.yaml 76 144 1290 57 261 102 2021-10-25 2025-03-11 54327442+thbanasi@users.noreply.github.com v-atulyadav@microsoft.com Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTUnauthorizedNetworkConfiguration.yaml 76 145 1290 57 259 102 2021-10-25 2025-03-11 54327442+thbanasi@users.noreply.github.com v-atulyadav@microsoft.com Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTHighBandwidth.yaml 76 154 1290 57 274 109 2021-10-25 2025-03-11 54327442+thbanasi@users.noreply.github.com v-atulyadav@microsoft.com Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTExcessiveLoginAttempts.yaml 76 145 1290 57 261 102 2021-10-25 2025-03-11 54327442+thbanasi@users.noreply.github.com v-atulyadav@microsoft.com Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTInternetAccess.yaml 76 144 1290 57 259 102 2021-10-25 2025-03-11 54327442+thbanasi@users.noreply.github.com v-atulyadav@microsoft.com Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTMalware.yaml 77 144 1290 57 261 102 2021-10-25 2025-03-11 54327442+thbanasi@users.noreply.github.com v-atulyadav@microsoft.com Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTDenialofService.yaml 76 154 1290 57 271 109 2021-10-25 2025-03-11 54327442+thbanasi@users.noreply.github.com v-atulyadav@microsoft.com Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTUnauthorizedDevice.yaml 76 145 1290 57 261 102 2021-10-25 2025-03-11 54327442+thbanasi@users.noreply.github.com v-atulyadav@microsoft.com Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTInsecurePLC.yaml 76 144 1290 57 260 102 2021-10-25 2025-03-11 54327442+thbanasi@users.noreply.github.com v-atulyadav@microsoft.com Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTINoSensorTrafficDetected.yaml 76 116 1065 57 210 83 2022-06-07 2025-03-11 cohenamit@microsoft.com v-atulyadav@microsoft.com Solutions/MailRisk/Data Connectors/mailrisk.py 79 47 768 293 80 51 2023-03-31 2024-07-18 37065507+ingin97@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/MailRisk/Data Connectors/models/link.py 14 28 768 293 39 28 2023-03-31 2024-07-18 37065507+ingin97@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/MailRisk/Data Connectors/models/__init__.py 14 28 768 293 39 28 2023-03-31 2024-07-18 37065507+ingin97@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/MailRisk/Data Connectors/models/assessment.py 19 28 768 293 39 28 2023-03-31 2024-07-18 37065507+ingin97@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/MailRisk/Data Connectors/models/event_types.py 8 28 768 293 39 28 2023-03-31 2024-07-18 37065507+ingin97@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/MailRisk/Data Connectors/models/event.py 16 28 768 293 39 28 2023-03-31 2024-07-18 37065507+ingin97@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/MailRisk/Data Connectors/models/risk_categories.py 8 28 768 293 39 28 2023-03-31 2024-07-18 37065507+ingin97@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/MailRisk/Data Connectors/models/email.py 104 48 768 293 80 51 2023-03-31 2024-07-18 37065507+ingin97@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/MailRisk/Data Connectors/models/attachment.py 34 28 768 293 39 28 2023-03-31 2024-07-18 37065507+ingin97@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/MailRisk/Data Connectors/models/risk_levels.py 3 28 768 293 39 28 2023-03-31 2024-07-18 37065507+ingin97@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/MailRisk/Data Connectors/models/header.py 12 28 768 293 39 28 2023-03-31 2024-07-18 37065507+ingin97@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/MailRisk/Data Connectors/models/model.py 11 28 768 293 39 28 2023-03-31 2024-07-18 37065507+ingin97@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/MailRisk/Data Connectors/sentinel_api.py 37 48 768 293 80 51 2023-03-31 2024-07-18 37065507+ingin97@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/MailRisk/Data Connectors/config.py 23 47 768 293 80 51 2023-03-31 2024-07-18 37065507+ingin97@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/MailRisk/Data Connectors/MailRiskSentinelIntegration/__init__.py 22 47 768 293 80 51 2023-03-31 2024-07-18 37065507+ingin97@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/MailRisk/Data Connectors/sentinel_integration.py 40 28 768 293 39 28 2023-03-31 2024-07-18 37065507+ingin97@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Pure Storage/Parsers/PureStorageFlashBladeParser.yaml 23 20 204 58 37 15 2024-10-15 2025-03-10 ksuresh@purestorage.com idoshabi@microsoft.com Solutions/Pure Storage/Parsers/PureStorageFlashArrayParser.yaml 20 20 204 58 37 15 2024-10-15 2025-03-10 ksuresh@purestorage.com idoshabi@microsoft.com Solutions/Pure Storage/Analytic Rules/PureFailedLogin.yaml 52 24 378 261 30 20 2024-04-24 2024-08-19 ksuresh@purestorage.com v-prasadboke@microsoft.com Solutions/Pure Storage/Analytic Rules/FB-FabricModuleUnhealthy.yaml 44 20 204 58 37 15 2024-10-15 2025-03-10 ksuresh@purestorage.com idoshabi@microsoft.com Solutions/Pure Storage/Analytic Rules/PureControllerFailed.yaml 43 24 378 261 31 20 2024-04-24 2024-08-19 ksuresh@purestorage.com v-prasadboke@microsoft.com Solutions/Claroty/Hunting Queries/ClarotyCriticalEvents.yaml 23 78 1265 58 147 65 2021-11-19 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/Claroty/Hunting Queries/ClarotySRAFailedLogins.yaml 26 78 1265 58 147 65 2021-11-19 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/Claroty/Hunting Queries/ClarotyScanSources.yaml 24 78 1265 58 147 65 2021-11-19 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/Claroty/Hunting Queries/ClarotyWriteExecuteOperations.yaml 24 78 1265 58 147 65 2021-11-19 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/Claroty/Hunting Queries/ClarotyScantargets.yaml 24 78 1265 58 147 65 2021-11-19 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/Claroty/Hunting Queries/ClarotyBaselineDeviation.yaml 24 78 1265 58 147 65 2021-11-19 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/Claroty/Hunting Queries/ClarotyConflictAssets.yaml 24 78 1265 58 147 65 2021-11-19 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/Claroty/Hunting Queries/ClarotyUnresolvedAlerts.yaml 24 78 1265 58 147 65 2021-11-19 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/Claroty/Hunting Queries/ClarotyPLCLogins.yaml 25 78 1265 58 147 65 2021-11-19 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/Claroty/Hunting Queries/ClarotyUnapprovedAccess.yaml 24 79 1265 58 148 65 2021-11-19 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/Claroty/Parsers/ClarotyEvent.yaml 89 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Claroty/Analytic Rules/ClarotyPolicyViolation.yaml 30 107 1205 58 199 82 2022-01-18 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/Claroty/Analytic Rules/ClarotyMultipleFailedLogin.yaml 35 107 1205 58 199 82 2022-01-18 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/Claroty/Analytic Rules/ClarotyAssetDown.yaml 30 107 1205 58 198 82 2022-01-18 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/Claroty/Analytic Rules/ClarotyTreat.yaml 36 107 1205 58 198 82 2022-01-18 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/Claroty/Analytic Rules/ClarotyCriticalBaselineDeviation.yaml 31 107 1205 58 198 82 2022-01-18 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/Claroty/Analytic Rules/ClarotySuspiciousActivity.yaml 30 107 1205 58 198 82 2022-01-18 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/Claroty/Analytic Rules/ClarotyLoginToUncommonSite.yaml 44 125 1205 58 229 91 2022-01-18 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/Claroty/Analytic Rules/ClarotySuspiciousFileTransfer.yaml 30 107 1205 58 198 82 2022-01-18 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/Claroty/Analytic Rules/ClarotyNewAsset.yaml 30 107 1205 58 199 82 2022-01-18 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/Claroty/Analytic Rules/ClarotyMultipleFailedLoginsSameDst.yaml 37 125 1205 58 229 91 2022-01-18 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/Syslog/Hunting Queries/SchedTaskEditViaCrontab.yaml 36 70 1080 268 101 48 2022-05-23 2024-08-12 101796244+v-spadarthi@users.noreply.github.com 62938807+haim-na@users.noreply.github.com Solutions/Syslog/Hunting Queries/CryptoThreatActivity.yaml 40 66 873 268 93 45 2022-12-16 2024-08-12 v-sabiraj@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Syslog/Hunting Queries/SCXExecuteRunAsProviders.yaml 67 68 1080 268 100 48 2022-05-23 2024-08-12 101796244+v-spadarthi@users.noreply.github.com 62938807+haim-na@users.noreply.github.com Solutions/Syslog/Hunting Queries/SchedTaskAggregation.yaml 9 55 1080 268 76 42 2022-05-23 2024-08-12 101796244+v-spadarthi@users.noreply.github.com 62938807+haim-na@users.noreply.github.com Solutions/Syslog/Hunting Queries/squid_volume_anomalies.yaml 46 70 1080 268 101 48 2022-05-23 2024-08-12 101796244+v-spadarthi@users.noreply.github.com 62938807+haim-na@users.noreply.github.com Solutions/Syslog/Hunting Queries/RareProcess_ForLxHost.yaml 40 55 1080 268 80 44 2022-05-23 2024-08-12 101796244+v-spadarthi@users.noreply.github.com 62938807+haim-na@users.noreply.github.com Solutions/Syslog/Hunting Queries/squid_abused_tlds.yaml 37 70 1080 268 101 48 2022-05-23 2024-08-12 101796244+v-spadarthi@users.noreply.github.com 62938807+haim-na@users.noreply.github.com Solutions/Syslog/Hunting Queries/squid_malformed_requests.yaml 38 70 1080 268 101 48 2022-05-23 2024-08-12 101796244+v-spadarthi@users.noreply.github.com 62938807+haim-na@users.noreply.github.com Solutions/Syslog/Hunting Queries/CryptoCurrencyMiners.yaml 38 70 1080 268 101 48 2022-05-23 2024-08-12 101796244+v-spadarthi@users.noreply.github.com 62938807+haim-na@users.noreply.github.com Solutions/Syslog/Analytic Rules/ssh_potentialBruteForce.yaml 36 108 1080 259 197 75 2022-05-23 2024-08-21 101796244+v-spadarthi@users.noreply.github.com nilepagn@microsoft.com Solutions/Syslog/Analytic Rules/sftp_file_transfer_above_threshold.yaml 74 67 585 261 123 46 2023-09-30 2024-08-19 juju4@users.noreply.github.com v-prasadboke@microsoft.com Solutions/Syslog/Analytic Rules/sftp_file_transfer_folders_above_threshold.yaml 75 67 585 261 123 46 2023-09-30 2024-08-19 juju4@users.noreply.github.com v-prasadboke@microsoft.com Solutions/Syslog/Analytic Rules/squid_cryptomining_pools.yaml 66 89 1080 106 173 61 2022-05-23 2025-01-21 101796244+v-spadarthi@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Syslog/Analytic Rules/NRT_squid_events_for_mining_pools.yaml 57 55 1080 268 81 44 2022-05-23 2024-08-12 101796244+v-spadarthi@users.noreply.github.com 62938807+haim-na@users.noreply.github.com Solutions/Syslog/Analytic Rules/FailedLogonAttempts_UnknownUser.yaml 57 100 1080 261 173 65 2022-05-23 2024-08-19 101796244+v-spadarthi@users.noreply.github.com v-prasadboke@microsoft.com Solutions/Syslog/Analytic Rules/squid_tor_proxies.yaml 62 79 1080 106 151 59 2022-05-23 2025-01-21 101796244+v-spadarthi@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/Syslog/Workspace Functions/SyslogConnectorsOverallStatus.yaml 61 29 300 106 66 28 2024-07-11 2025-01-21 anknar@microsoft.com 128674128+v1managedservices@users.noreply.github.com Solutions/Syslog/Workspace Functions/SyslogConnectorsEventVolumebyDeviceProduct.yaml 56 14 300 259 44 17 2024-07-11 2024-08-21 anknar@microsoft.com nilepagn@microsoft.com Solutions/SymantecProxySG/Parsers/SymantecProxySG.yaml 22 64 624 106 145 55 2023-08-22 2025-01-21 mkchiliveri@gmail.com 128674128+v1managedservices@users.noreply.github.com Solutions/SymantecProxySG/Analytic Rules/ExcessiveDeniedProxyTraffic.yaml 37 107 1163 57 170 76 2022-03-01 2025-03-11 v-siriti@microsoft.com v-atulyadav@microsoft.com Solutions/SymantecProxySG/Analytic Rules/UserAccessedSuspiciousURLCategories.yaml 40 107 1163 57 170 76 2022-03-01 2025-03-11 v-siriti@microsoft.com v-atulyadav@microsoft.com Solutions/Tenable App/Parsers/afad_parser.yaml 117 18 335 259 45 18 2024-06-06 2024-08-21 jayesh.prajapati@crestdatasys.com nilepagn@microsoft.com Solutions/Tenable App/Parsers/TenableVMVulnerabilities.yaml 220 17 335 259 44 18 2024-06-06 2024-08-21 jayesh.prajapati@crestdatasys.com nilepagn@microsoft.com Solutions/Tenable App/Parsers/TenableVMAssets.yaml 129 17 335 259 44 18 2024-06-06 2024-08-21 jayesh.prajapati@crestdatasys.com nilepagn@microsoft.com Solutions/Tenable App/Analytic Rules/TIEPasswordGuessing.yaml 33 17 335 259 44 18 2024-06-06 2024-08-21 jayesh.prajapati@crestdatasys.com nilepagn@microsoft.com Solutions/Tenable App/Analytic Rules/TIEPasswordIssues.yaml 42 17 335 259 44 18 2024-06-06 2024-08-21 jayesh.prajapati@crestdatasys.com nilepagn@microsoft.com Solutions/Tenable App/Analytic Rules/TIEGoldenTicket.yaml 33 17 335 259 44 18 2024-06-06 2024-08-21 jayesh.prajapati@crestdatasys.com nilepagn@microsoft.com Solutions/Tenable App/Analytic Rules/TIEIndicatorsOfAttack.yaml 41 17 335 259 44 18 2024-06-06 2024-08-21 jayesh.prajapati@crestdatasys.com nilepagn@microsoft.com Solutions/Tenable App/Analytic Rules/TIEDCShadow.yaml 33 17 335 259 44 18 2024-06-06 2024-08-21 jayesh.prajapati@crestdatasys.com nilepagn@microsoft.com Solutions/Tenable App/Analytic Rules/TIEDCSync.yaml 33 17 335 259 44 18 2024-06-06 2024-08-21 jayesh.prajapati@crestdatasys.com nilepagn@microsoft.com Solutions/Tenable App/Analytic Rules/TIEADAttacksPathways.yaml 42 17 335 259 44 18 2024-06-06 2024-08-21 jayesh.prajapati@crestdatasys.com nilepagn@microsoft.com Solutions/Tenable App/Analytic Rules/TIEUserAccountIssues.yaml 42 17 335 259 44 18 2024-06-06 2024-08-21 jayesh.prajapati@crestdatasys.com nilepagn@microsoft.com Solutions/Tenable App/Analytic Rules/TIEPrivilegedAccountIssues.yaml 42 17 335 259 44 18 2024-06-06 2024-08-21 jayesh.prajapati@crestdatasys.com nilepagn@microsoft.com Solutions/Tenable App/Analytic Rules/TIELSASSMemory.yaml 33 17 335 259 44 18 2024-06-06 2024-08-21 jayesh.prajapati@crestdatasys.com nilepagn@microsoft.com Solutions/Tenable App/Analytic Rules/TIEIndicatorsOfExposures.yaml 41 17 335 259 44 18 2024-06-06 2024-08-21 jayesh.prajapati@crestdatasys.com nilepagn@microsoft.com Solutions/Tenable App/Analytic Rules/TIEPasswordSpraying.yaml 33 17 335 259 44 18 2024-06-06 2024-08-21 jayesh.prajapati@crestdatasys.com nilepagn@microsoft.com Solutions/Tenable App/Data Connectors/TenableVM/TenableVulnExportStatusAndSendChunks/__init__.py 79 37 335 58 83 29 2024-06-06 2025-03-10 jayesh.prajapati@crestdatasys.com idoshabi@microsoft.com Solutions/Tenable App/Data Connectors/TenableVM/TenableAssetExportOrchestrator/__init__.py 71 38 335 58 84 29 2024-06-06 2025-03-10 jayesh.prajapati@crestdatasys.com idoshabi@microsoft.com Solutions/Tenable App/Data Connectors/TenableVM/TenableComplianceExportOrchestrator/__init__.py 87 21 197 58 40 15 2024-10-22 2025-03-10 nirali.shah@crestdata.ai idoshabi@microsoft.com Solutions/Tenable App/Data Connectors/TenableVM/TenableComplianceExportStatusAndSendChunks/__init__.py 90 21 197 58 40 15 2024-10-22 2025-03-10 nirali.shah@crestdata.ai idoshabi@microsoft.com Solutions/Tenable App/Data Connectors/TenableVM/TenableProcessFailedAssetChunkFromQueue/__init__.py 35 37 335 58 83 29 2024-06-06 2025-03-10 jayesh.prajapati@crestdatasys.com idoshabi@microsoft.com Solutions/Tenable App/Data Connectors/TenableVM/TenableProcessVulnChunkFromQueue/__init__.py 87 37 335 58 83 29 2024-06-06 2025-03-10 jayesh.prajapati@crestdatasys.com idoshabi@microsoft.com Solutions/Tenable App/Data Connectors/TenableVM/tenable_helper.py 84 37 335 58 83 29 2024-06-06 2025-03-10 jayesh.prajapati@crestdatasys.com idoshabi@microsoft.com Solutions/Tenable App/Data Connectors/TenableVM/exports_queue.py 30 38 335 58 84 29 2024-06-06 2025-03-10 jayesh.prajapati@crestdatasys.com idoshabi@microsoft.com Solutions/Tenable App/Data Connectors/TenableVM/exports_store.py 138 38 335 58 84 29 2024-06-06 2025-03-10 jayesh.prajapati@crestdatasys.com idoshabi@microsoft.com Solutions/Tenable App/Data Connectors/TenableVM/TenableProcessComplianceChunkFromQueue/__init__.py 125 21 197 58 40 15 2024-10-22 2025-03-10 nirali.shah@crestdata.ai idoshabi@microsoft.com Solutions/Tenable App/Data Connectors/TenableVM/TenableGenerateJobStats/__init__.py 142 37 335 58 83 29 2024-06-06 2025-03-10 jayesh.prajapati@crestdatasys.com idoshabi@microsoft.com Solutions/Tenable App/Data Connectors/TenableVM/TenableProcessAssetChunkFromQueue/__init__.py 82 37 335 58 83 29 2024-06-06 2025-03-10 jayesh.prajapati@crestdatasys.com idoshabi@microsoft.com Solutions/Tenable App/Data Connectors/TenableVM/TenableCleanTables/__init__.py 41 37 335 58 83 29 2024-06-06 2025-03-10 jayesh.prajapati@crestdatasys.com idoshabi@microsoft.com Solutions/Tenable App/Data Connectors/TenableVM/TenableAssetExportStatusAndSendChunks/__init__.py 75 37 335 58 83 29 2024-06-06 2025-03-10 jayesh.prajapati@crestdatasys.com idoshabi@microsoft.com Solutions/Tenable App/Data Connectors/TenableVM/TenableStartAssetExportJob/__init__.py 11 37 335 58 83 29 2024-06-06 2025-03-10 jayesh.prajapati@crestdatasys.com idoshabi@microsoft.com Solutions/Tenable App/Data Connectors/TenableVM/azure_sentinel.py 58 37 335 58 83 29 2024-06-06 2025-03-10 jayesh.prajapati@crestdatasys.com idoshabi@microsoft.com Solutions/Tenable App/Data Connectors/TenableVM/TenableStartComplianceExportJob/__init__.py 20 21 197 58 40 15 2024-10-22 2025-03-10 nirali.shah@crestdata.ai idoshabi@microsoft.com Solutions/Tenable App/Data Connectors/TenableVM/TenableExportStarter/__init__.py 134 37 335 58 83 29 2024-06-06 2025-03-10 jayesh.prajapati@crestdatasys.com idoshabi@microsoft.com Solutions/Tenable App/Data Connectors/TenableVM/TenableProcessFailedComplianceChunkFromQueue/__init__.py 45 21 197 58 40 15 2024-10-22 2025-03-10 nirali.shah@crestdata.ai idoshabi@microsoft.com Solutions/Tenable App/Data Connectors/TenableVM/TenableProcessFailedVulnChunkFromQueue/__init__.py 35 37 335 58 83 29 2024-06-06 2025-03-10 jayesh.prajapati@crestdatasys.com idoshabi@microsoft.com Solutions/Tenable App/Data Connectors/TenableVM/TenableStartVulnExportJob/__init__.py 36 37 335 58 83 29 2024-06-06 2025-03-10 jayesh.prajapati@crestdatasys.com idoshabi@microsoft.com Solutions/Tenable App/Data Connectors/TenableVM/TenableVulnExportOrchestrator/__init__.py 72 38 335 58 84 29 2024-06-06 2025-03-10 jayesh.prajapati@crestdatasys.com idoshabi@microsoft.com Solutions/Tenable App/Data Connectors/TenableVM/TenableCleanUpOrchestrator/__init__.py 13 37 335 58 83 29 2024-06-06 2025-03-10 jayesh.prajapati@crestdatasys.com idoshabi@microsoft.com Solutions/Tenable App/Data Connectors/TenableVM/TenableExportsOrchestrator/__init__.py 176 37 335 58 83 29 2024-06-06 2025-03-10 jayesh.prajapati@crestdatasys.com idoshabi@microsoft.com Solutions/VMware Carbon Black Cloud/Analytic Rules/CriticalThreatDetected.yaml 36 61 1009 57 87 48 2022-08-02 2025-03-11 v-marimanda@microsoft.com v-atulyadav@microsoft.com Solutions/VMware Carbon Black Cloud/Analytic Rules/KnownMalwareDetected.yaml 38 61 1009 57 87 48 2022-08-02 2025-03-11 v-marimanda@microsoft.com v-atulyadav@microsoft.com Solutions/VMware Carbon Black Cloud/Data Connectors/requirements.psd1 9 30 1009 576 44 27 2022-08-02 2023-10-09 v-marimanda@microsoft.com mrudula.oruganti@gigamon.com Solutions/VMware Carbon Black Cloud/Data Connectors/AzureFunctionVMwareCarbonBlack/AlertsApiTimer/run.ps1 307 27 454 268 47 22 2024-02-08 2024-08-12 139563098+v-muuppugund@users.noreply.github.com 62938807+haim-na@users.noreply.github.com Solutions/VMware Carbon Black Cloud/Data Connectors/AzureFunctionVMwareCarbonBlack/AuditEventsAlertsTimer/run.ps1 375 27 454 268 47 22 2024-02-08 2024-08-12 139563098+v-muuppugund@users.noreply.github.com 62938807+haim-na@users.noreply.github.com Solutions/VMware Carbon Black Cloud/Data Connectors/profile.ps1 18 30 1009 576 44 27 2022-08-02 2023-10-09 v-marimanda@microsoft.com mrudula.oruganti@gigamon.com Solutions/Threat Intelligence/Hunting Queries/FileEntity_Syslog.yaml 65 103 934 293 160 72 2022-10-16 2024-07-18 v-sabiraj@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Threat Intelligence/Hunting Queries/FileEntity_WireData.yaml 69 103 934 293 160 72 2022-10-16 2024-07-18 v-sabiraj@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Threat Intelligence/Hunting Queries/FileEntity_SecurityEvent.yaml 74 103 934 293 160 72 2022-10-16 2024-07-18 v-sabiraj@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Threat Intelligence/Hunting Queries/FileEntity_OfficeActivity.yaml 63 103 934 293 160 72 2022-10-16 2024-07-18 v-sabiraj@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Threat Intelligence/Hunting Queries/FileEntity_VMConnection.yaml 70 103 934 293 161 72 2022-10-16 2024-07-18 v-sabiraj@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Threat Intelligence/Analytic Rules/IPEntity_AzureSQL.yaml 70 131 934 259 246 100 2022-10-16 2024-08-21 v-sabiraj@microsoft.com nilepagn@microsoft.com Solutions/Threat Intelligence/Analytic Rules/Threat Intel Matches to GitHub Audit Logs.yaml 28 104 762 57 181 82 2023-04-06 2025-03-11 v-sabiraj@microsoft.com v-atulyadav@microsoft.com Solutions/Threat Intelligence/Analytic Rules/URLEntity_UrlClickEvents.yaml 72 54 531 259 102 43 2023-11-23 2024-08-21 blauwers@fmwb.org nilepagn@microsoft.com Solutions/Threat Intelligence/Analytic Rules/IPEntity_OfficeActivity.yaml 75 152 934 259 278 109 2022-10-16 2024-08-21 v-sabiraj@microsoft.com nilepagn@microsoft.com Solutions/Threat Intelligence/Analytic Rules/IPEntity_CloudAppEvents.yaml 4 59 435 58 105 32 2024-02-27 2025-03-10 jamie.huang@gmail.com idoshabi@microsoft.com Solutions/Threat Intelligence/Analytic Rules/IPEntity_DuoSecurity.yaml 54 127 894 259 218 97 2022-11-25 2024-08-21 v-sabiraj@microsoft.com nilepagn@microsoft.com Solutions/Threat Intelligence/Analytic Rules/IPEntity_imWebSession.yaml 39 139 934 8 294 105 2022-10-16 2025-04-29 v-sabiraj@microsoft.com v-atulyadav@microsoft.com Solutions/Threat Intelligence/Analytic Rules/IPEntity_AppServiceHTTPLogs.yaml 92 148 934 259 300 107 2022-10-16 2024-08-21 v-sabiraj@microsoft.com nilepagn@microsoft.com Solutions/Threat Intelligence/Analytic Rules/IPEntity_DnsEvents.yaml 77 146 934 259 264 107 2022-10-16 2024-08-21 v-sabiraj@microsoft.com nilepagn@microsoft.com Solutions/Threat Intelligence/Analytic Rules/URLEntity_CloudAppEvents.yaml 4 49 435 106 97 35 2024-02-27 2025-01-21 jamie.huang@gmail.com 128674128+v1managedservices@users.noreply.github.com Solutions/Threat Intelligence/Analytic Rules/IPEntity_SigninLogs.yaml 75 81 673 259 169 71 2023-07-04 2024-08-21 v-rbajaj@microsoft.com nilepagn@microsoft.com Solutions/Threat Intelligence/Analytic Rules/EmailEntity_SecurityEvent.yaml 91 122 934 259 210 93 2022-10-16 2024-08-21 v-sabiraj@microsoft.com nilepagn@microsoft.com Solutions/Threat Intelligence/Analytic Rules/EmailEntity_OfficeActivity.yaml 70 137 934 259 229 100 2022-10-16 2024-08-21 v-sabiraj@microsoft.com nilepagn@microsoft.com Solutions/Threat Intelligence/Analytic Rules/URLEntity_DeviceNetworkEvents.yaml 73 52 518 259 114 43 2023-12-06 2024-08-21 bart.lauwers@austintexas.gov nilepagn@microsoft.com Solutions/Threat Intelligence/Analytic Rules/DomainEntity_CommonSecurityLog.yaml 40 124 934 259 246 99 2022-10-16 2024-08-21 v-sabiraj@microsoft.com nilepagn@microsoft.com Solutions/Threat Intelligence/Analytic Rules/FileHashEntity_SecurityEvent.yaml 91 135 934 259 224 99 2022-10-16 2024-08-21 v-sabiraj@microsoft.com nilepagn@microsoft.com Solutions/Threat Intelligence/Analytic Rules/DomainEntity_imWebSession.yaml 50 140 934 259 245 99 2022-10-16 2024-08-21 v-sabiraj@microsoft.com nilepagn@microsoft.com Solutions/Threat Intelligence/Analytic Rules/IPEntity_AWSCloudTrail.yaml 76 131 934 259 247 100 2022-10-16 2024-08-21 v-sabiraj@microsoft.com nilepagn@microsoft.com Solutions/Threat Intelligence/Analytic Rules/DomainEntity_SecurityAlert.yaml 79 151 934 259 297 107 2022-10-16 2024-08-21 v-sabiraj@microsoft.com nilepagn@microsoft.com Solutions/Threat Intelligence/Analytic Rules/FileHashEntity_CommonSecurityLog.yaml 85 135 934 259 224 99 2022-10-16 2024-08-21 v-sabiraj@microsoft.com nilepagn@microsoft.com Solutions/Threat Intelligence/Analytic Rules/IPEntity_CustomSecurityLog.yaml 69 135 934 8 257 102 2022-10-16 2025-04-29 v-sabiraj@microsoft.com v-atulyadav@microsoft.com Solutions/Threat Intelligence/Analytic Rules/URLEntity_PaloAlto.yaml 49 121 934 259 207 92 2022-10-16 2024-08-21 v-sabiraj@microsoft.com nilepagn@microsoft.com Solutions/Threat Intelligence/Analytic Rules/DomainEntity_Syslog.yaml 91 146 934 259 264 106 2022-10-16 2024-08-21 v-sabiraj@microsoft.com nilepagn@microsoft.com Solutions/Threat Intelligence/Analytic Rules/DomainEntity_EmailUrlInfo.yaml 74 69 518 58 121 50 2023-12-06 2025-03-10 bart.lauwers@austintexas.gov idoshabi@microsoft.com Solutions/Threat Intelligence/Analytic Rules/IPEntity_Workday.yaml 80 14 149 58 16 13 2024-12-09 2025-03-10 120500937+msjosh@users.noreply.github.com idoshabi@microsoft.com Solutions/Threat Intelligence/Analytic Rules/IPEntity_DeviceNetworkEvents.yaml 69 41 531 259 86 37 2023-11-23 2024-08-21 blauwers@fmwb.org nilepagn@microsoft.com Solutions/Threat Intelligence/Analytic Rules/DomainEntity_PaloAlto.yaml 65 133 934 259 259 102 2022-10-16 2024-08-21 v-sabiraj@microsoft.com nilepagn@microsoft.com Solutions/Threat Intelligence/Analytic Rules/URLEntity_Syslog.yaml 31 121 934 259 207 92 2022-10-16 2024-08-21 v-sabiraj@microsoft.com nilepagn@microsoft.com Solutions/Threat Intelligence/Analytic Rules/EmailEntity_SigninLogs.yaml 77 136 934 259 226 99 2022-10-16 2024-08-21 v-sabiraj@microsoft.com nilepagn@microsoft.com Solutions/Threat Intelligence/Analytic Rules/URLEntity_OfficeActivity.yaml 53 150 934 106 247 107 2022-10-16 2025-01-21 v-sabiraj@microsoft.com 128674128+v1managedservices@users.noreply.github.com Solutions/Threat Intelligence/Analytic Rules/EmailEntity_SecurityAlert.yaml 75 137 934 259 228 100 2022-10-16 2024-08-21 v-sabiraj@microsoft.com nilepagn@microsoft.com Solutions/Threat Intelligence/Analytic Rules/EmailEntity_CloudAppEvents.yaml 38 61 435 58 104 32 2024-02-27 2025-03-10 jamie.huang@gmail.com idoshabi@microsoft.com Solutions/Threat Intelligence/Analytic Rules/URLEntity_EmailUrlInfo.yaml 69 54 531 259 102 43 2023-11-23 2024-08-21 blauwers@fmwb.org nilepagn@microsoft.com Solutions/Threat Intelligence/Analytic Rules/DomainEntity_EmailEvents.yaml 59 70 531 259 128 46 2023-11-23 2024-08-21 blauwers@fmwb.org nilepagn@microsoft.com Solutions/Threat Intelligence/Analytic Rules/EmailEntity_PaloAlto.yaml 67 121 934 259 207 92 2022-10-16 2024-08-21 v-sabiraj@microsoft.com nilepagn@microsoft.com Solutions/Threat Intelligence/Analytic Rules/IPEntity_AzureActivity.yaml 86 164 934 259 312 112 2022-10-16 2024-08-21 v-sabiraj@microsoft.com nilepagn@microsoft.com Solutions/Threat Intelligence/Analytic Rules/IPEntity_AzureFirewall.yaml 78 131 934 259 248 100 2022-10-16 2024-08-21 v-sabiraj@microsoft.com nilepagn@microsoft.com Solutions/Threat Intelligence/Analytic Rules/IPEntity_VMConnection.yaml 73 130 934 259 245 99 2022-10-16 2024-08-21 v-sabiraj@microsoft.com nilepagn@microsoft.com Solutions/Threat Intelligence/Analytic Rules/IPEntity_W3CIISLog.yaml 77 130 934 259 245 99 2022-10-16 2024-08-21 v-sabiraj@microsoft.com nilepagn@microsoft.com Solutions/Threat Intelligence/Analytic Rules/imDns_IPEntity_DnsEvents.yaml 103 114 762 259 212 84 2023-04-06 2024-08-21 v-sabiraj@microsoft.com nilepagn@microsoft.com Solutions/Threat Intelligence/Analytic Rules/URLEntity_AuditLogs.yaml 77 148 934 106 250 105 2022-10-16 2025-01-21 v-sabiraj@microsoft.com 128674128+v1managedservices@users.noreply.github.com Solutions/Threat Intelligence/Analytic Rules/DomainEntity_DnsEvents.yaml 89 146 934 259 263 106 2022-10-16 2024-08-21 v-sabiraj@microsoft.com nilepagn@microsoft.com Solutions/Threat Intelligence/Analytic Rules/URLEntity_SecurityAlerts.yaml 71 124 934 259 218 94 2022-10-16 2024-08-21 v-sabiraj@microsoft.com nilepagn@microsoft.com Solutions/Threat Intelligence/Analytic Rules/DomainEntity_DeviceNetworkEvents.yaml 74 39 518 259 84 36 2023-12-06 2024-08-21 bart.lauwers@austintexas.gov nilepagn@microsoft.com Solutions/Threat Intelligence/Analytic Rules/IPEntity_AzureKeyVault.yaml 70 143 934 259 293 103 2022-10-16 2024-08-21 v-sabiraj@microsoft.com nilepagn@microsoft.com Solutions/Threat Intelligence/Analytic Rules/FileHashEntity_DeviceFileEvents.yaml 66 40 531 259 85 36 2023-11-23 2024-08-21 blauwers@fmwb.org nilepagn@microsoft.com Solutions/Threat Intelligence/Analytic Rules/EmailEntity_EmailEvents.yaml 58 55 531 259 103 43 2023-11-23 2024-08-21 blauwers@fmwb.org nilepagn@microsoft.com Solutions/Threat Intelligence/Analytic Rules/DomainEntity_CloudAppEvents.yaml 48 51 435 106 97 34 2024-02-27 2025-01-21 jamie.huang@gmail.com 128674128+v1managedservices@users.noreply.github.com Solutions/Threat Intelligence/Analytic Rules/EmailEntity_AzureActivity.yaml 70 137 934 259 228 100 2022-10-16 2024-08-21 v-sabiraj@microsoft.com nilepagn@microsoft.com Solutions/Threat Intelligence/Analytic Rules/IPEntity_AzureNetworkAnalytics.yaml 79 146 934 259 266 107 2022-10-16 2024-08-21 v-sabiraj@microsoft.com nilepagn@microsoft.com Solutions/Threat Intelligence/Analytic Rules/IPEntity_imNetworkSession.yaml 122 93 762 259 172 78 2023-04-06 2024-08-21 v-sabiraj@microsoft.com nilepagn@microsoft.com Solutions/Threat Intelligence/Analytic Rules/imDns_DomainEntity_DnsEvents.yaml 109 149 762 58 257 96 2023-04-06 2025-03-10 v-sabiraj@microsoft.com idoshabi@microsoft.com Solutions/SecurityScorecard Cybersecurity Ratings/Data Connectors/SecurityScorecardRatings/SecurityScorecardRatingsSentinelConnector/scorecard.py 62 27 938 576 31 22 2022-10-12 2023-10-09 jayesh.prajapati@cdsys.local mrudula.oruganti@gigamon.com Solutions/SecurityScorecard Cybersecurity Ratings/Data Connectors/SecurityScorecardRatings/SecurityScorecardRatingsSentinelConnector/__init__.py 202 27 938 576 31 22 2022-10-12 2023-10-09 jayesh.prajapati@cdsys.local mrudula.oruganti@gigamon.com Solutions/SecurityScorecard Cybersecurity Ratings/Data Connectors/SecurityScorecardRatings/SecurityScorecardRatingsSentinelConnector/writers.py 190 27 938 576 31 22 2022-10-12 2023-10-09 jayesh.prajapati@cdsys.local mrudula.oruganti@gigamon.com Solutions/SecurityScorecard Cybersecurity Ratings/Data Connectors/SecurityScorecardRatings/SecurityScorecardRatingsSentinelConnector/state_manager.py 26 27 938 576 31 22 2022-10-12 2023-10-09 jayesh.prajapati@cdsys.local mrudula.oruganti@gigamon.com Solutions/SecurityScorecard Cybersecurity Ratings/Data Connectors/SecurityScorecardRatings/SecurityScorecardRatingsSentinelConnector/utils.py 13 27 938 576 31 22 2022-10-12 2023-10-09 jayesh.prajapati@cdsys.local mrudula.oruganti@gigamon.com Solutions/SecurityScorecard Cybersecurity Ratings/Data Connectors/SecurityScorecardRatings/SecurityScorecardRatingsSentinelConnector/scorecard_exceptions.py 10 27 938 576 31 22 2022-10-12 2023-10-09 jayesh.prajapati@cdsys.local mrudula.oruganti@gigamon.com Solutions/SecurityScorecard Cybersecurity Ratings/Data Connectors/SecurityScorecardFactor/SecurityScorecardFactorSentinelConnector/scorecard.py 82 27 938 576 31 22 2022-10-12 2023-10-09 jayesh.prajapati@cdsys.local mrudula.oruganti@gigamon.com Solutions/SecurityScorecard Cybersecurity Ratings/Data Connectors/SecurityScorecardFactor/SecurityScorecardFactorSentinelConnector/__init__.py 202 27 938 576 31 22 2022-10-12 2023-10-09 jayesh.prajapati@cdsys.local mrudula.oruganti@gigamon.com Solutions/SecurityScorecard Cybersecurity Ratings/Data Connectors/SecurityScorecardFactor/SecurityScorecardFactorSentinelConnector/writers.py 188 27 938 576 31 22 2022-10-12 2023-10-09 jayesh.prajapati@cdsys.local mrudula.oruganti@gigamon.com Solutions/SecurityScorecard Cybersecurity Ratings/Data Connectors/SecurityScorecardFactor/SecurityScorecardFactorSentinelConnector/state_manager.py 26 27 938 576 31 22 2022-10-12 2023-10-09 jayesh.prajapati@cdsys.local mrudula.oruganti@gigamon.com Solutions/SecurityScorecard Cybersecurity Ratings/Data Connectors/SecurityScorecardFactor/SecurityScorecardFactorSentinelConnector/utils.py 19 27 938 576 31 22 2022-10-12 2023-10-09 jayesh.prajapati@cdsys.local mrudula.oruganti@gigamon.com Solutions/SecurityScorecard Cybersecurity Ratings/Data Connectors/SecurityScorecardFactor/SecurityScorecardFactorSentinelConnector/scorecard_exceptions.py 10 27 938 576 31 22 2022-10-12 2023-10-09 jayesh.prajapati@cdsys.local mrudula.oruganti@gigamon.com Solutions/SecurityScorecard Cybersecurity Ratings/Data Connectors/SecurityScorecardIssue/SecurityScorecardIssueSentinelConnector/scorecard.py 89 27 938 576 31 22 2022-10-12 2023-10-09 jayesh.prajapati@cdsys.local mrudula.oruganti@gigamon.com Solutions/SecurityScorecard Cybersecurity Ratings/Data Connectors/SecurityScorecardIssue/SecurityScorecardIssueSentinelConnector/__init__.py 184 27 938 576 31 22 2022-10-12 2023-10-09 jayesh.prajapati@cdsys.local mrudula.oruganti@gigamon.com Solutions/SecurityScorecard Cybersecurity Ratings/Data Connectors/SecurityScorecardIssue/SecurityScorecardIssueSentinelConnector/writers.py 177 27 938 576 31 22 2022-10-12 2023-10-09 jayesh.prajapati@cdsys.local mrudula.oruganti@gigamon.com Solutions/SecurityScorecard Cybersecurity Ratings/Data Connectors/SecurityScorecardIssue/SecurityScorecardIssueSentinelConnector/state_manager.py 26 27 938 576 31 22 2022-10-12 2023-10-09 jayesh.prajapati@cdsys.local mrudula.oruganti@gigamon.com Solutions/SecurityScorecard Cybersecurity Ratings/Data Connectors/SecurityScorecardIssue/SecurityScorecardIssueSentinelConnector/utils.py 18 27 938 576 31 22 2022-10-12 2023-10-09 jayesh.prajapati@cdsys.local mrudula.oruganti@gigamon.com Solutions/SecurityScorecard Cybersecurity Ratings/Data Connectors/SecurityScorecardIssue/SecurityScorecardIssueSentinelConnector/scorecard_exceptions.py 10 27 938 576 31 22 2022-10-12 2023-10-09 jayesh.prajapati@cdsys.local mrudula.oruganti@gigamon.com Solutions/CiscoDuoSecurity/Hunting Queries/CiscoDuoAdmin2FAFailure.yaml 28 16 1262 845 23 16 2021-11-22 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/CiscoDuoSecurity/Hunting Queries/CiscoDuoAuthenticationErrorReasons.yaml 25 15 1262 845 22 16 2021-11-22 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/CiscoDuoSecurity/Hunting Queries/CiscoDuoUnsecuredDevices.yaml 29 15 1262 845 22 16 2021-11-22 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/CiscoDuoSecurity/Hunting Queries/CiscoDuoNewUsers.yaml 29 41 1262 616 68 42 2021-11-22 2023-08-30 sp@socprime.com v-prasadboke@microsoft.com Solutions/CiscoDuoSecurity/Hunting Queries/CiscoDuoAuthenticationErrorEvents.yaml 29 15 1262 845 22 16 2021-11-22 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/CiscoDuoSecurity/Hunting Queries/CiscoDuoAdminFailure.yaml 28 16 1262 845 23 16 2021-11-22 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/CiscoDuoSecurity/Hunting Queries/CiscoDuoUnpachedAccessDevices.yaml 30 16 1262 845 23 16 2021-11-22 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/CiscoDuoSecurity/Hunting Queries/CiscoDuoDeletedUsers.yaml 28 16 1262 845 23 16 2021-11-22 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/CiscoDuoSecurity/Hunting Queries/CiscoDuoFraudAuthentication.yaml 29 15 1262 845 22 16 2021-11-22 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/CiscoDuoSecurity/Hunting Queries/CiscoDuoAdminDeleteActions.yaml 28 41 1262 616 68 42 2021-11-22 2023-08-30 sp@socprime.com v-prasadboke@microsoft.com Solutions/CiscoDuoSecurity/Parsers/CiscoDuo.yaml 97 58 624 268 105 46 2023-08-22 2024-08-12 mkchiliveri@gmail.com 62938807+haim-na@users.noreply.github.com Solutions/CiscoDuoSecurity/Analytic Rules/CiscoDuoNewAccessDevice.yaml 40 45 1262 616 72 42 2021-11-22 2023-08-30 sp@socprime.com v-prasadboke@microsoft.com Solutions/CiscoDuoSecurity/Analytic Rules/CiscoDuoADSyncFailed.yaml 29 43 1262 616 70 42 2021-11-22 2023-08-30 sp@socprime.com v-prasadboke@microsoft.com Solutions/CiscoDuoSecurity/Analytic Rules/CiscoDuoUnexpectedAuthFactor.yaml 36 41 1262 616 68 42 2021-11-22 2023-08-30 sp@socprime.com v-prasadboke@microsoft.com Solutions/CiscoDuoSecurity/Analytic Rules/CiscoDuoMultipleUsersDeleted.yaml 31 42 1262 616 69 42 2021-11-22 2023-08-30 sp@socprime.com v-prasadboke@microsoft.com Solutions/CiscoDuoSecurity/Analytic Rules/CiscoDuoAdminDeleted.yaml 29 43 1262 616 70 42 2021-11-22 2023-08-30 sp@socprime.com v-prasadboke@microsoft.com Solutions/CiscoDuoSecurity/Analytic Rules/CiscoDuoAdminPasswordReset.yaml 4 42 1262 616 69 42 2021-11-22 2023-08-30 sp@socprime.com v-prasadboke@microsoft.com Solutions/CiscoDuoSecurity/Analytic Rules/CiscoDuoNewAuthDeviceLocation.yaml 40 43 1262 616 70 42 2021-11-22 2023-08-30 sp@socprime.com v-prasadboke@microsoft.com Solutions/CiscoDuoSecurity/Analytic Rules/CiscoDuoMultipleUserLoginFailures.yaml 33 52 1262 616 79 48 2021-11-22 2023-08-30 sp@socprime.com v-prasadboke@microsoft.com Solutions/CiscoDuoSecurity/Analytic Rules/CiscoDuoAdminMFAFailures.yaml 32 53 1262 616 80 48 2021-11-22 2023-08-30 sp@socprime.com v-prasadboke@microsoft.com Solutions/CiscoDuoSecurity/Analytic Rules/CiscoDuoNewAdmin.yaml 30 42 1262 616 69 42 2021-11-22 2023-08-30 sp@socprime.com v-prasadboke@microsoft.com Solutions/CiscoDuoSecurity/Data Connectors/AzureFunctionCiscoDuo/main.py 373 147 1415 293 294 114 2021-06-22 2024-07-18 vu@socprime.com 164491672+shishirdw@users.noreply.github.com Solutions/CiscoDuoSecurity/Data Connectors/AzureFunctionCiscoDuo/state_manager.py 18 18 1415 576 23 21 2021-06-22 2023-10-09 vu@socprime.com mrudula.oruganti@gigamon.com Solutions/CiscoDuoSecurity/Data Connectors/AzureFunctionCiscoDuo/sentinel_connector.py 90 18 1415 576 23 21 2021-06-22 2023-10-09 vu@socprime.com mrudula.oruganti@gigamon.com Solutions/Mimecast/Parsers/MimecastAT/Mimecast_AT_Performane_Detail.yaml 26 24 238 58 29 11 2024-09-11 2025-03-10 dhwani.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Mimecast/Parsers/MimecastAT/Mimecast_AT_Safe_Score.yaml 27 24 238 58 29 11 2024-09-11 2025-03-10 dhwani.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Mimecast/Parsers/MimecastAT/Mimecast_AT_User_Data.yaml 35 24 238 58 29 11 2024-09-11 2025-03-10 dhwani.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Mimecast/Parsers/MimecastAT/Mimecast_AT_Watchlist.yaml 23 24 238 58 29 11 2024-09-11 2025-03-10 dhwani.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Mimecast/Parsers/MimecastSEG/Mimecast_SEG_DLP.yaml 27 24 238 58 29 11 2024-09-11 2025-03-10 dhwani.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Mimecast/Parsers/MimecastSEG/Mimecast_SEG_CG.yaml 195 24 238 58 29 11 2024-09-11 2025-03-10 dhwani.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Mimecast/Parsers/MimecastCI/Mimecast_Cloud_Integrated.yaml 79 24 238 58 29 11 2024-09-11 2025-03-10 dhwani.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Mimecast/Parsers/MimecastTTP/Mimecast_TTP_Impersonation.yaml 37 24 238 58 29 11 2024-09-11 2025-03-10 dhwani.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Mimecast/Parsers/MimecastTTP/Mimecast_TTP_Attachment.yaml 35 24 238 58 29 11 2024-09-11 2025-03-10 dhwani.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Mimecast/Parsers/MimecastTTP/Mimecast_TTP_Url.yaml 99 24 238 58 29 11 2024-09-11 2025-03-10 dhwani.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Mimecast/Parsers/MimecastAudit/Mimecast_Audit.yaml 26 24 238 58 29 11 2024-09-11 2025-03-10 dhwani.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Mimecast/Analytic Rules/MimecastSEG/MimecastCG_Spam_Event.yaml 45 25 238 58 30 11 2024-09-11 2025-03-10 dhwani.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Mimecast/Analytic Rules/MimecastSEG/MimecastCG_Virus.yaml 45 25 238 58 30 11 2024-09-11 2025-03-10 dhwani.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Mimecast/Analytic Rules/MimecastSEG/MimecastCG_Internal_Mail_Protect.yaml 48 25 238 58 30 11 2024-09-11 2025-03-10 dhwani.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Mimecast/Analytic Rules/MimecastSEG/MimecastCG_Url_Protect.yaml 47 25 238 58 30 11 2024-09-11 2025-03-10 dhwani.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Mimecast/Analytic Rules/MimecastSEG/MimecastDLP_Notifications.yaml 44 24 238 58 29 11 2024-09-11 2025-03-10 dhwani.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Mimecast/Analytic Rules/MimecastSEG/MimecastDLP_hold.yaml 43 24 238 58 29 11 2024-09-11 2025-03-10 dhwani.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Mimecast/Analytic Rules/MimecastSEG/MimecastCG_AV.yaml 45 25 238 58 30 11 2024-09-11 2025-03-10 dhwani.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Mimecast/Analytic Rules/MimecastSEG/MimecastCG_Impersonation.yaml 47 25 238 58 31 11 2024-09-11 2025-03-10 dhwani.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Mimecast/Analytic Rules/MimecastSEG/MimecastCG_Attachment.yaml 55 25 238 58 30 11 2024-09-11 2025-03-10 dhwani.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Mimecast/Analytic Rules/MimecastTTP/Mimecast_TTP_Impersonation.yaml 48 25 238 58 30 11 2024-09-11 2025-03-10 dhwani.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Mimecast/Analytic Rules/MimecastTTP/Mimecast_TTP_Attachment.yaml 45 25 238 58 30 11 2024-09-11 2025-03-10 dhwani.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Mimecast/Analytic Rules/MimecastTTP/Mimecast_TTP_Url.yaml 53 25 238 58 30 11 2024-09-11 2025-03-10 dhwani.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Mimecast/Analytic Rules/MimecastAudit/Mimecast_Audit.yaml 53 37 238 13 46 19 2024-09-11 2025-04-24 dhwani.shah@crestdatasys.com v-prasadboke@microsoft.com Solutions/Mimecast/Data Connectors/MimecastAT/WatchlistDetails/__init__.py 15 24 238 58 29 11 2024-09-11 2025-03-10 dhwani.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Mimecast/Data Connectors/MimecastAT/WatchlistDetails/mimecast_watchlist_details_to_sentinel.py 213 24 238 58 29 11 2024-09-11 2025-03-10 dhwani.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Mimecast/Data Connectors/MimecastAT/UserData/__init__.py 15 24 238 58 29 11 2024-09-11 2025-03-10 dhwani.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Mimecast/Data Connectors/MimecastAT/UserData/mimecast_user_data_to_sentinel.py 233 24 238 58 29 11 2024-09-11 2025-03-10 dhwani.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Mimecast/Data Connectors/MimecastAT/SharedCode/sentinel.py 249 25 238 58 30 12 2024-09-11 2025-03-10 dhwani.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Mimecast/Data Connectors/MimecastAT/SharedCode/__init__.py 1 24 238 58 29 11 2024-09-11 2025-03-10 dhwani.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Mimecast/Data Connectors/MimecastAT/SharedCode/mimecast_exception.py 6 24 238 58 29 11 2024-09-11 2025-03-10 dhwani.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Mimecast/Data Connectors/MimecastAT/SharedCode/state_manager.py 30 24 238 58 29 11 2024-09-11 2025-03-10 dhwani.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Mimecast/Data Connectors/MimecastAT/SharedCode/utils.py 751 25 238 58 30 11 2024-09-11 2025-03-10 dhwani.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Mimecast/Data Connectors/MimecastAT/SharedCode/consts.py 58 24 238 58 29 11 2024-09-11 2025-03-10 dhwani.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Mimecast/Data Connectors/MimecastAT/SharedCode/logger.py 18 24 238 58 29 11 2024-09-11 2025-03-10 dhwani.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Mimecast/Data Connectors/MimecastAT/SafeScoreDetails/__init__.py 15 24 238 58 29 11 2024-09-11 2025-03-10 dhwani.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Mimecast/Data Connectors/MimecastAT/SafeScoreDetails/mimecast_safe_score_details_to_sentinel.py 213 24 238 58 29 11 2024-09-11 2025-03-10 dhwani.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Mimecast/Data Connectors/MimecastAT/PerformanceDetails/mimecast_performance_details_to_sentinel.py 216 24 238 58 29 11 2024-09-11 2025-03-10 dhwani.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Mimecast/Data Connectors/MimecastAT/PerformanceDetails/__init__.py 15 24 238 58 29 11 2024-09-11 2025-03-10 dhwani.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Mimecast/Data Connectors/MimecastCloudIntegrated/SharedCode/sentinel.py 318 26 238 58 31 12 2024-09-11 2025-03-10 dhwani.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Mimecast/Data Connectors/MimecastCloudIntegrated/SharedCode/__init__.py 1 24 238 58 29 11 2024-09-11 2025-03-10 dhwani.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Mimecast/Data Connectors/MimecastCloudIntegrated/SharedCode/mimecast_exception.py 6 24 238 58 29 11 2024-09-11 2025-03-10 dhwani.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Mimecast/Data Connectors/MimecastCloudIntegrated/SharedCode/state_manager.py 30 24 238 58 29 11 2024-09-11 2025-03-10 dhwani.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Mimecast/Data Connectors/MimecastCloudIntegrated/SharedCode/utils.py 628 25 238 58 30 11 2024-09-11 2025-03-10 dhwani.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Mimecast/Data Connectors/MimecastCloudIntegrated/SharedCode/consts.py 63 24 238 58 29 11 2024-09-11 2025-03-10 dhwani.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Mimecast/Data Connectors/MimecastCloudIntegrated/SharedCode/logger.py 18 24 238 58 29 11 2024-09-11 2025-03-10 dhwani.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Mimecast/Data Connectors/MimecastCloudIntegrated/MimecastCI/__init__.py 37 24 238 58 29 11 2024-09-11 2025-03-10 dhwani.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Mimecast/Data Connectors/MimecastCloudIntegrated/MimecastCI/mimecast_ci_to_sentinel.py 553 24 238 58 29 11 2024-09-11 2025-03-10 dhwani.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Mimecast/Data Connectors/MimecastSEG/MimecastDLP/__init__.py 37 24 238 58 29 11 2024-09-11 2025-03-10 dhwani.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Mimecast/Data Connectors/MimecastSEG/MimecastDLP/mimecast_dlp_to_sentinel.py 342 24 238 58 29 11 2024-09-11 2025-03-10 dhwani.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Mimecast/Data Connectors/MimecastSEG/SharedCode/sentinel.py 386 25 238 58 30 12 2024-09-11 2025-03-10 dhwani.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Mimecast/Data Connectors/MimecastSEG/SharedCode/__init__.py 1 24 238 58 29 11 2024-09-11 2025-03-10 dhwani.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Mimecast/Data Connectors/MimecastSEG/SharedCode/mimecast_exception.py 6 24 238 58 29 11 2024-09-11 2025-03-10 dhwani.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Mimecast/Data Connectors/MimecastSEG/SharedCode/state_manager.py 30 24 238 58 29 11 2024-09-11 2025-03-10 dhwani.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Mimecast/Data Connectors/MimecastSEG/SharedCode/utils.py 625 25 238 58 30 11 2024-09-11 2025-03-10 dhwani.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Mimecast/Data Connectors/MimecastSEG/SharedCode/consts.py 69 24 238 58 29 11 2024-09-11 2025-03-10 dhwani.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Mimecast/Data Connectors/MimecastSEG/SharedCode/logger.py 18 24 238 58 29 11 2024-09-11 2025-03-10 dhwani.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Mimecast/Data Connectors/MimecastSEG/MimecastCG/__init__.py 37 24 238 58 29 11 2024-09-11 2025-03-10 dhwani.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Mimecast/Data Connectors/MimecastSEG/MimecastCG/mimecast_cg_to_sentinel.py 555 24 238 58 29 11 2024-09-11 2025-03-10 dhwani.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Mimecast/Data Connectors/MimecastTTP/MimecastTTPUrl/__init__.py 38 24 238 58 29 11 2024-09-11 2025-03-10 dhwani.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Mimecast/Data Connectors/MimecastTTP/MimecastTTPUrl/mimecast_ttp_url.py 219 24 238 58 29 11 2024-09-11 2025-03-10 dhwani.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Mimecast/Data Connectors/MimecastTTP/MimecastTTPAttachment/mimecast_ttp_attachment.py 222 24 238 58 29 11 2024-09-11 2025-03-10 dhwani.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Mimecast/Data Connectors/MimecastTTP/MimecastTTPAttachment/__init__.py 38 24 238 58 29 11 2024-09-11 2025-03-10 dhwani.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Mimecast/Data Connectors/MimecastTTP/SharedCode/sentinel.py 249 26 238 58 31 12 2024-09-11 2025-03-10 dhwani.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Mimecast/Data Connectors/MimecastTTP/SharedCode/__init__.py 1 24 238 58 29 11 2024-09-11 2025-03-10 dhwani.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Mimecast/Data Connectors/MimecastTTP/SharedCode/mimecast_exception.py 6 24 238 58 29 11 2024-09-11 2025-03-10 dhwani.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Mimecast/Data Connectors/MimecastTTP/SharedCode/state_manager.py 30 24 238 58 29 11 2024-09-11 2025-03-10 dhwani.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Mimecast/Data Connectors/MimecastTTP/SharedCode/utils.py 733 25 238 58 30 11 2024-09-11 2025-03-10 dhwani.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Mimecast/Data Connectors/MimecastTTP/SharedCode/consts.py 58 24 238 58 29 11 2024-09-11 2025-03-10 dhwani.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Mimecast/Data Connectors/MimecastTTP/SharedCode/logger.py 18 24 238 58 29 11 2024-09-11 2025-03-10 dhwani.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Mimecast/Data Connectors/MimecastTTP/MimecastTTPImpersonation/__init__.py 38 24 238 58 29 11 2024-09-11 2025-03-10 dhwani.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Mimecast/Data Connectors/MimecastTTP/MimecastTTPImpersonation/mimecast_ttp_impersonation.py 224 24 238 58 29 11 2024-09-11 2025-03-10 dhwani.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Mimecast/Data Connectors/MimecastAudit/SharedCode/sentinel.py 256 25 238 58 30 12 2024-09-11 2025-03-10 dhwani.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Mimecast/Data Connectors/MimecastAudit/SharedCode/__init__.py 1 24 238 58 29 11 2024-09-11 2025-03-10 dhwani.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Mimecast/Data Connectors/MimecastAudit/SharedCode/mimecast_exception.py 6 24 238 58 29 11 2024-09-11 2025-03-10 dhwani.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Mimecast/Data Connectors/MimecastAudit/SharedCode/state_manager.py 30 24 238 58 29 11 2024-09-11 2025-03-10 dhwani.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Mimecast/Data Connectors/MimecastAudit/SharedCode/utils.py 565 25 238 58 30 11 2024-09-11 2025-03-10 dhwani.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Mimecast/Data Connectors/MimecastAudit/SharedCode/consts.py 54 24 238 58 29 11 2024-09-11 2025-03-10 dhwani.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Mimecast/Data Connectors/MimecastAudit/SharedCode/logger.py 18 24 238 58 29 11 2024-09-11 2025-03-10 dhwani.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Mimecast/Data Connectors/MimecastAudit/MimecastAudit/__init__.py 47 24 238 58 29 11 2024-09-11 2025-03-10 dhwani.shah@crestdatasys.com idoshabi@microsoft.com Solutions/Mimecast/Data Connectors/MimecastAudit/MimecastAudit/mimecast_audit_to_sentinel.py 474 25 238 58 30 12 2024-09-11 2025-03-10 dhwani.shah@crestdatasys.com idoshabi@microsoft.com Solutions/MicrosoftPurviewInsiderRiskManagement/Hunting Queries/InsiderEntityAnomalyFollowedByIRMAlert.yaml 41 28 1066 576 39 21 2022-06-06 2023-10-09 87809732+niktripathi@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/MicrosoftPurviewInsiderRiskManagement/Hunting Queries/InsiderMultipleEntityAnomalies.yaml 46 28 1066 576 39 21 2022-06-06 2023-10-09 87809732+niktripathi@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/MicrosoftPurviewInsiderRiskManagement/Hunting Queries/InsiderISPAnomalyCorrelatedToExfiltrationAlert.yaml 60 28 1066 576 39 21 2022-06-06 2023-10-09 87809732+niktripathi@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/MicrosoftPurviewInsiderRiskManagement/Hunting Queries/InsiderSignInRiskFollowedBySensitiveDataAccessyaml.yaml 43 28 1066 576 39 21 2022-06-06 2023-10-09 87809732+niktripathi@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/MicrosoftPurviewInsiderRiskManagement/Hunting Queries/InsiderPossibleSabotage.yaml 68 28 1066 576 39 21 2022-06-06 2023-10-09 87809732+niktripathi@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/MicrosoftPurviewInsiderRiskManagement/Analytic Rules/InsiderRiskHighUserAlertsCorrelation.yaml 101 94 1066 293 158 67 2022-06-06 2024-07-18 87809732+niktripathi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/MicrosoftPurviewInsiderRiskManagement/Analytic Rules/InsiderRiskyAccessByApplication.yaml 51 100 1066 261 183 77 2022-06-06 2024-08-19 87809732+niktripathi@users.noreply.github.com v-prasadboke@microsoft.com Solutions/MicrosoftPurviewInsiderRiskManagement/Analytic Rules/InsiderRiskHighUserIncidentsCorrelation.yaml 96 77 1066 293 130 67 2022-06-06 2024-07-18 87809732+niktripathi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/MicrosoftPurviewInsiderRiskManagement/Analytic Rules/InsiderRiskM365IRMAlertObserved.yaml 66 95 1066 293 154 76 2022-06-06 2024-07-18 87809732+niktripathi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/MicrosoftPurviewInsiderRiskManagement/Analytic Rules/InsiderRiskSensitiveDataAccessOutsideOrgGeo.yaml 57 99 1066 293 185 79 2022-06-06 2024-07-18 87809732+niktripathi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/AIShield AI Security Monitoring/Parsers/Guardian.yaml 27 14 77 13 23 14 2025-02-19 2025-04-24 mallikarjun.udanashiv@in.bosch.com v-prasadboke@microsoft.com Solutions/AIShield AI Security Monitoring/Parsers/AIShield.yaml 23 55 624 293 107 45 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/AIShield AI Security Monitoring/Analytic Rules/SecretsVulDetection.yaml 41 12 77 13 17 14 2025-02-19 2025-04-24 mallikarjun.udanashiv@in.bosch.com v-prasadboke@microsoft.com Solutions/AIShield AI Security Monitoring/Analytic Rules/TimeSeriesForecastingModelExtractionHighSuspiciousVulnDetection.yaml 43 25 503 293 42 22 2023-12-21 2024-07-18 mallikarjun.udanashiv@in.bosch.com 164491672+shishirdw@users.noreply.github.com Solutions/AIShield AI Security Monitoring/Analytic Rules/BlockSubstringVulDetection.yaml 41 12 77 13 17 14 2025-02-19 2025-04-24 mallikarjun.udanashiv@in.bosch.com v-prasadboke@microsoft.com Solutions/AIShield AI Security Monitoring/Analytic Rules/SentimentVulDetection.yaml 41 12 77 13 17 14 2025-02-19 2025-04-24 mallikarjun.udanashiv@in.bosch.com v-prasadboke@microsoft.com Solutions/AIShield AI Security Monitoring/Analytic Rules/BIIDetectionVulDetection.yaml 41 12 77 13 17 14 2025-02-19 2025-04-24 mallikarjun.udanashiv@in.bosch.com v-prasadboke@microsoft.com Solutions/AIShield AI Security Monitoring/Analytic Rules/NoLLMOutputVulDetection.yaml 41 12 77 13 17 14 2025-02-19 2025-04-24 mallikarjun.udanashiv@in.bosch.com v-prasadboke@microsoft.com Solutions/AIShield AI Security Monitoring/Analytic Rules/NotSafeForWorkVulDetection.yaml 41 12 77 13 17 14 2025-02-19 2025-04-24 mallikarjun.udanashiv@in.bosch.com v-prasadboke@microsoft.com Solutions/AIShield AI Security Monitoring/Analytic Rules/GenderBiasVulDetection.yaml 41 12 77 13 17 14 2025-02-19 2025-04-24 mallikarjun.udanashiv@in.bosch.com v-prasadboke@microsoft.com Solutions/AIShield AI Security Monitoring/Analytic Rules/BlockCompetitorVulDetection.yaml 41 12 77 13 17 14 2025-02-19 2025-04-24 mallikarjun.udanashiv@in.bosch.com v-prasadboke@microsoft.com Solutions/AIShield AI Security Monitoring/Analytic Rules/InvisibleTextVulDetection.yaml 41 12 77 13 17 14 2025-02-19 2025-04-24 mallikarjun.udanashiv@in.bosch.com v-prasadboke@microsoft.com Solutions/AIShield AI Security Monitoring/Analytic Rules/MaliciousURLDetectionVulDetection.yaml 41 12 77 13 17 14 2025-02-19 2025-04-24 mallikarjun.udanashiv@in.bosch.com v-prasadboke@microsoft.com Solutions/AIShield AI Security Monitoring/Analytic Rules/ContentAccessControlBlockedListVulDetection.yaml 41 12 77 13 17 14 2025-02-19 2025-04-24 mallikarjun.udanashiv@in.bosch.com v-prasadboke@microsoft.com Solutions/AIShield AI Security Monitoring/Analytic Rules/URLReachabilityVulDetection.yaml 41 12 77 13 17 14 2025-02-19 2025-04-24 mallikarjun.udanashiv@in.bosch.com v-prasadboke@microsoft.com Solutions/AIShield AI Security Monitoring/Analytic Rules/ContentSafetyToxicityVulDetection.yaml 41 12 77 13 17 14 2025-02-19 2025-04-24 mallikarjun.udanashiv@in.bosch.com v-prasadboke@microsoft.com Solutions/AIShield AI Security Monitoring/Analytic Rules/SecurityIntegrityChecksPIIVulDetection.yaml 40 12 77 13 17 14 2025-02-19 2025-04-24 mallikarjun.udanashiv@in.bosch.com v-prasadboke@microsoft.com Solutions/AIShield AI Security Monitoring/Analytic Rules/LanguageDetectionVulDetection.yaml 41 12 77 13 17 14 2025-02-19 2025-04-24 mallikarjun.udanashiv@in.bosch.com v-prasadboke@microsoft.com Solutions/AIShield AI Security Monitoring/Analytic Rules/TabularClassificationModelExtractionHighSuspiciousVulnDetection.yaml 43 25 503 293 42 22 2023-12-21 2024-07-18 mallikarjun.udanashiv@in.bosch.com 164491672+shishirdw@users.noreply.github.com Solutions/AIShield AI Security Monitoring/Analytic Rules/TabularClassificationModelEvasionHighSuspiciousVulnDetection.yaml 43 25 503 293 42 22 2023-12-21 2024-07-18 mallikarjun.udanashiv@in.bosch.com 164491672+shishirdw@users.noreply.github.com Solutions/AIShield AI Security Monitoring/Analytic Rules/ContentAccessControlAllowedListVulDetection.yaml 41 12 77 13 17 14 2025-02-19 2025-04-24 mallikarjun.udanashiv@in.bosch.com v-prasadboke@microsoft.com Solutions/AIShield AI Security Monitoring/Analytic Rules/NaturalLanguageProcessingModelExtractionHighSuspiciousVulDetection.yaml 22 25 503 293 42 22 2023-12-21 2024-07-18 mallikarjun.udanashiv@in.bosch.com 164491672+shishirdw@users.noreply.github.com Solutions/AIShield AI Security Monitoring/Analytic Rules/ImageClassficationModelEvasionLowSuspiciousVulnDetection.yaml 43 25 503 293 42 22 2023-12-21 2024-07-18 mallikarjun.udanashiv@in.bosch.com 164491672+shishirdw@users.noreply.github.com Solutions/AIShield AI Security Monitoring/Analytic Rules/BanTopicVulDetection.yaml 41 12 77 13 17 14 2025-02-19 2025-04-24 mallikarjun.udanashiv@in.bosch.com v-prasadboke@microsoft.com Solutions/AIShield AI Security Monitoring/Analytic Rules/CodeDetectionVulDetection.yaml 41 12 77 13 17 14 2025-02-19 2025-04-24 mallikarjun.udanashiv@in.bosch.com v-prasadboke@microsoft.com Solutions/AIShield AI Security Monitoring/Analytic Rules/ContentSafetyProfanityVulDetection.yaml 41 12 77 13 17 14 2025-02-19 2025-04-24 mallikarjun.udanashiv@in.bosch.com v-prasadboke@microsoft.com Solutions/AIShield AI Security Monitoring/Analytic Rules/JSONPolicyViolationVulDetection.yaml 41 12 77 13 17 14 2025-02-19 2025-04-24 mallikarjun.udanashiv@in.bosch.com v-prasadboke@microsoft.com Solutions/AIShield AI Security Monitoring/Analytic Rules/InputOutputRelevanceVulDetection.yaml 41 12 77 13 17 14 2025-02-19 2025-04-24 mallikarjun.udanashiv@in.bosch.com v-prasadboke@microsoft.com Solutions/AIShield AI Security Monitoring/Analytic Rules/ImageClassficationModelExtractionHighSuspiciousVulnDetection.yaml 43 25 503 293 42 22 2023-12-21 2024-07-18 mallikarjun.udanashiv@in.bosch.com 164491672+shishirdw@users.noreply.github.com Solutions/AIShield AI Security Monitoring/Analytic Rules/RacialBiasVulDetection.yaml 41 12 77 13 17 14 2025-02-19 2025-04-24 mallikarjun.udanashiv@in.bosch.com v-prasadboke@microsoft.com Solutions/AIShield AI Security Monitoring/Analytic Rules/SpecialPIIDetectionVulDetection.yaml 41 12 77 13 17 14 2025-02-19 2025-04-24 mallikarjun.udanashiv@in.bosch.com v-prasadboke@microsoft.com Solutions/AIShield AI Security Monitoring/Analytic Rules/SameInOpLanguageDetectionVulDetection.yaml 41 12 77 13 17 14 2025-02-19 2025-04-24 mallikarjun.udanashiv@in.bosch.com v-prasadboke@microsoft.com Solutions/AIShield AI Security Monitoring/Analytic Rules/ImageClassficationModelEvasionHighSuspiciousVulnDetection.yaml 43 25 503 293 42 22 2023-12-21 2024-07-18 mallikarjun.udanashiv@in.bosch.com 164491672+shishirdw@users.noreply.github.com Solutions/AIShield AI Security Monitoring/Analytic Rules/URLDetectionVulDetection.yaml 41 12 77 13 17 14 2025-02-19 2025-04-24 mallikarjun.udanashiv@in.bosch.com v-prasadboke@microsoft.com Solutions/AIShield AI Security Monitoring/Analytic Rules/PrivacyProtectionPIIVulDetection.yaml 41 12 77 13 17 14 2025-02-19 2025-04-24 mallikarjun.udanashiv@in.bosch.com v-prasadboke@microsoft.com Solutions/AIShield AI Security Monitoring/Analytic Rules/TokenLimitVulDetection.yaml 41 12 77 13 17 14 2025-02-19 2025-04-24 mallikarjun.udanashiv@in.bosch.com v-prasadboke@microsoft.com Solutions/AIShield AI Security Monitoring/Analytic Rules/TabularClassificationModelEvasionLowSuspiciousVulnDetection.yaml 43 25 503 293 42 22 2023-12-21 2024-07-18 mallikarjun.udanashiv@in.bosch.com 164491672+shishirdw@users.noreply.github.com Solutions/AIShield AI Security Monitoring/Analytic Rules/ImageSegmentationModelExtractionHighSuspiciousVulnDetection.yaml 43 25 503 293 42 22 2023-12-21 2024-07-18 mallikarjun.udanashiv@in.bosch.com 164491672+shishirdw@users.noreply.github.com Solutions/AIShield AI Security Monitoring/Analytic Rules/RegexVulDetection.yaml 41 12 77 13 17 14 2025-02-19 2025-04-24 mallikarjun.udanashiv@in.bosch.com v-prasadboke@microsoft.com Solutions/AIShield AI Security Monitoring/Analytic Rules/InputRateLimiterVulDetection.yaml 41 12 77 13 17 14 2025-02-19 2025-04-24 mallikarjun.udanashiv@in.bosch.com v-prasadboke@microsoft.com Solutions/Dataminr Pulse/Parsers/DataminrPulseAlerts.yaml 102 28 611 293 59 25 2023-09-04 2024-07-18 jayesh.prajapati@cdsys.local 164491672+shishirdw@users.noreply.github.com Solutions/Dataminr Pulse/Parsers/DataminrPulseCyberAlerts.yaml 105 28 611 293 59 25 2023-09-04 2024-07-18 jayesh.prajapati@cdsys.local 164491672+shishirdw@users.noreply.github.com Solutions/Dataminr Pulse/Analytic Rules/DataminrSentinelAlerts.yaml 36 28 701 293 59 25 2023-06-06 2024-07-18 jayesh.prajapati@cdsys.local 164491672+shishirdw@users.noreply.github.com Solutions/Dataminr Pulse/Data Connectors/DataminrPulseAlerts/DataminrPulseAlertsSentinelOrchestrator/__init__.py 10 28 756 293 59 25 2023-04-12 2024-07-18 jayesh.prajapati@cdsys.local 164491672+shishirdw@users.noreply.github.com Solutions/Dataminr Pulse/Data Connectors/DataminrPulseAlerts/DataminrPulseAlertsHttpStarter/__init__.py 104 28 756 293 59 25 2023-04-12 2024-07-18 jayesh.prajapati@cdsys.local 164491672+shishirdw@users.noreply.github.com Solutions/Dataminr Pulse/Data Connectors/DataminrPulseAlerts/DataminrPulseAlertsManualActivity/__init__.py 17 28 756 293 59 25 2023-04-12 2024-07-18 jayesh.prajapati@cdsys.local 164491672+shishirdw@users.noreply.github.com Solutions/Dataminr Pulse/Data Connectors/DataminrPulseAlerts/DataminrPulseAlertsManualActivity/dataminrpulse_integration_settings.py 341 52 756 293 100 37 2023-04-12 2024-07-18 jayesh.prajapati@cdsys.local 164491672+shishirdw@users.noreply.github.com Solutions/Dataminr Pulse/Data Connectors/DataminrPulseAlerts/RetryFailedIndicators/sentinel.py 193 30 701 293 61 25 2023-06-06 2024-07-18 jayesh.prajapati@cdsys.local 164491672+shishirdw@users.noreply.github.com Solutions/Dataminr Pulse/Data Connectors/DataminrPulseAlerts/RetryFailedIndicators/__init__.py 12 28 701 293 59 25 2023-06-06 2024-07-18 jayesh.prajapati@cdsys.local 164491672+shishirdw@users.noreply.github.com Solutions/Dataminr Pulse/Data Connectors/DataminrPulseAlerts/RetryFailedIndicators/retry_failed_indicators.py 271 29 701 293 60 25 2023-06-06 2024-07-18 jayesh.prajapati@cdsys.local 164491672+shishirdw@users.noreply.github.com Solutions/Dataminr Pulse/Data Connectors/DataminrPulseAlerts/RetryFailedIndicators/post_to_log_analytics.py 115 28 701 293 59 25 2023-06-06 2024-07-18 jayesh.prajapati@cdsys.local 164491672+shishirdw@users.noreply.github.com Solutions/Dataminr Pulse/Data Connectors/DataminrPulseAlerts/shared_code/dataminrpulse_exception.py 3 28 756 293 59 25 2023-04-12 2024-07-18 jayesh.prajapati@cdsys.local 164491672+shishirdw@users.noreply.github.com Solutions/Dataminr Pulse/Data Connectors/DataminrPulseAlerts/shared_code/validate_params.py 46 28 701 293 59 25 2023-06-06 2024-07-18 jayesh.prajapati@cdsys.local 164491672+shishirdw@users.noreply.github.com Solutions/Dataminr Pulse/Data Connectors/DataminrPulseAlerts/shared_code/state_manager.py 37 28 701 293 59 25 2023-06-06 2024-07-18 jayesh.prajapati@cdsys.local 164491672+shishirdw@users.noreply.github.com Solutions/Dataminr Pulse/Data Connectors/DataminrPulseAlerts/shared_code/consts.py 36 29 756 293 60 25 2023-04-12 2024-07-18 jayesh.prajapati@cdsys.local 164491672+shishirdw@users.noreply.github.com Solutions/Dataminr Pulse/Data Connectors/DataminrPulseAlerts/shared_code/logger.py 12 28 756 293 59 25 2023-04-12 2024-07-18 jayesh.prajapati@cdsys.local 164491672+shishirdw@users.noreply.github.com Solutions/Dataminr Pulse/Data Connectors/DataminrPulseAlerts/DataminrPulseAlertsSentinelActivity/sentinel.py 94 28 756 293 59 25 2023-04-12 2024-07-18 jayesh.prajapati@cdsys.local 164491672+shishirdw@users.noreply.github.com Solutions/Dataminr Pulse/Data Connectors/DataminrPulseAlerts/DataminrPulseAlertsSentinelActivity/__init__.py 20 28 756 293 59 25 2023-04-12 2024-07-18 jayesh.prajapati@cdsys.local 164491672+shishirdw@users.noreply.github.com Solutions/Dataminr Pulse/Data Connectors/DataminrPulseAlerts/DataminrPulseAlertsSentinelActivity/dataminr_pulse.py 288 29 756 293 60 25 2023-04-12 2024-07-18 jayesh.prajapati@cdsys.local 164491672+shishirdw@users.noreply.github.com Solutions/Dataminr Pulse/Data Connectors/DataminrPulseAlerts/DataminrPulseThreatIntelligence/sentinel.py 193 30 701 293 61 25 2023-06-06 2024-07-18 jayesh.prajapati@cdsys.local 164491672+shishirdw@users.noreply.github.com Solutions/Dataminr Pulse/Data Connectors/DataminrPulseAlerts/DataminrPulseThreatIntelligence/__init__.py 13 28 701 293 59 25 2023-06-06 2024-07-18 jayesh.prajapati@cdsys.local 164491672+shishirdw@users.noreply.github.com Solutions/Dataminr Pulse/Data Connectors/DataminrPulseAlerts/DataminrPulseThreatIntelligence/dataminr_pulse_threat_intelligence.py 235 34 701 293 71 28 2023-06-06 2024-07-18 jayesh.prajapati@cdsys.local 164491672+shishirdw@users.noreply.github.com Solutions/Dataminr Pulse/Data Connectors/DataminrPulseAlerts/DataminrPulseThreatIntelligence/get_logs_data.py 64 28 701 293 59 25 2023-06-06 2024-07-18 jayesh.prajapati@cdsys.local 164491672+shishirdw@users.noreply.github.com Solutions/Dataminr Pulse/Data Connectors/DataminrPulseAlerts/DataminrPulseThreatIntelligence/dataminr_pulse_to_threat_intelligence_mapping.py 118 33 701 293 70 28 2023-06-06 2024-07-18 jayesh.prajapati@cdsys.local 164491672+shishirdw@users.noreply.github.com Solutions/ESETPROTECT/Parsers/ESETPROTECT.yaml 138 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/ESETPROTECT/Analytic Rules/ESETThreatDetected.yaml 45 91 1444 106 165 90 2021-05-24 2025-01-21 donny@unauthorizedaccess.nl 128674128+v1managedservices@users.noreply.github.com Solutions/ESETPROTECT/Analytic Rules/ESETWebsiteBlocked.yaml 48 76 1444 106 117 71 2021-05-24 2025-01-21 donny@unauthorizedaccess.nl 128674128+v1managedservices@users.noreply.github.com Solutions/NXLogAixAudit/Parsers/NXLog_parsed_AIX_Audit_view.yaml 33 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Google Apigee/Parsers/ApigeeXV2.yaml 43 14 127 13 18 11 2024-12-31 2025-04-24 58700052+malowe101@users.noreply.github.com v-prasadboke@microsoft.com Solutions/Google Apigee/Parsers/Unified_ApigeeX.yaml 82 14 127 13 18 11 2024-12-31 2025-04-24 58700052+malowe101@users.noreply.github.com v-prasadboke@microsoft.com Solutions/Google Apigee/Parsers/ApigeeX.yaml 17 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Google Apigee/Data Connectors/AzureFunctionApigeeX/main.py 99 33 1064 576 58 29 2022-06-08 2023-10-09 104008048+v-atulyadav@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Google Apigee/Data Connectors/AzureFunctionApigeeX/state_manager.py 18 33 1064 576 58 29 2022-06-08 2023-10-09 104008048+v-atulyadav@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Google Apigee/Data Connectors/AzureFunctionApigeeX/sentinel_connector.py 100 33 1064 576 58 29 2022-06-08 2023-10-09 104008048+v-atulyadav@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/GreyNoiseThreatIntelligence/Analytic Rules/GreyNoise_IPEntity_CustomSecurityLog.yaml 66 54 609 259 133 38 2023-09-06 2024-08-21 jp@bluecycle.net nilepagn@microsoft.com Solutions/GreyNoiseThreatIntelligence/Analytic Rules/GreyNoise_IPEntity_OfficeActivity.yaml 80 38 587 259 99 32 2023-09-28 2024-08-21 jp@bluecycle.net nilepagn@microsoft.com Solutions/GreyNoiseThreatIntelligence/Analytic Rules/GreyNoise_IPEntity_imNetworkSession.yaml 130 64 587 259 151 40 2023-09-28 2024-08-21 jp@bluecycle.net nilepagn@microsoft.com Solutions/GreyNoiseThreatIntelligence/Analytic Rules/GreyNoise_IPEntity_DnsEvents.yaml 79 52 587 259 131 38 2023-09-28 2024-08-21 jp@bluecycle.net nilepagn@microsoft.com Solutions/GreyNoiseThreatIntelligence/Analytic Rules/GreyNoise_IPEntity_SigninLogs.yaml 65 39 587 259 100 32 2023-09-28 2024-08-21 jp@bluecycle.net nilepagn@microsoft.com Solutions/GreyNoiseThreatIntelligence/Data Connectors/GreyNoiseAPISentinelConnector/main.py 300 53 610 293 106 37 2023-09-05 2024-07-18 jp@bluecycle.net 164491672+shishirdw@users.noreply.github.com Solutions/GreyNoiseThreatIntelligence/Data Connectors/GreyNoiseAPISentinelConnector/stixGen.py 38 26 610 293 57 23 2023-09-05 2024-07-18 jp@bluecycle.net 164491672+shishirdw@users.noreply.github.com Solutions/MimecastTTP/Analytic Rules/MimecastTTPImpersonation.yaml 43 32 623 293 61 27 2023-08-23 2024-07-18 71869847+nipun-crestdatasystem@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/MimecastTTP/Analytic Rules/MimecastTTPUrl.yaml 50 32 623 293 61 27 2023-08-23 2024-07-18 71869847+nipun-crestdatasystem@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/MimecastTTP/Analytic Rules/MimecastTTPAttachment.yaml 47 32 623 293 61 27 2023-08-23 2024-07-18 71869847+nipun-crestdatasystem@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/MimecastTTP/Data Connectors/Models/Request/__init__.py 6 31 623 293 60 26 2023-08-23 2024-07-18 71869847+nipun-crestdatasystem@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/MimecastTTP/Data Connectors/Models/Request/refresh_access_key.py 5 31 623 293 60 26 2023-08-23 2024-07-18 71869847+nipun-crestdatasystem@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/MimecastTTP/Data Connectors/Models/Request/get_ttp_impersonation_logs.py 8 31 623 293 60 26 2023-08-23 2024-07-18 71869847+nipun-crestdatasystem@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/MimecastTTP/Data Connectors/Models/Request/get_ttp_url_logs.py 8 31 623 293 60 26 2023-08-23 2024-07-18 71869847+nipun-crestdatasystem@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/MimecastTTP/Data Connectors/Models/Request/get_ttp_attachment_logs.py 8 31 623 293 60 26 2023-08-23 2024-07-18 71869847+nipun-crestdatasystem@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/MimecastTTP/Data Connectors/Models/Error/errors.py 14 31 623 293 60 26 2023-08-23 2024-07-18 71869847+nipun-crestdatasystem@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/MimecastTTP/Data Connectors/Models/Error/__init__.py 1 31 623 293 60 26 2023-08-23 2024-07-18 71869847+nipun-crestdatasystem@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/MimecastTTP/Data Connectors/Models/Enum/mimecast_response_codes.py 10 31 623 293 60 26 2023-08-23 2024-07-18 71869847+nipun-crestdatasystem@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/MimecastTTP/Data Connectors/Models/Enum/mimecast_endpoints.py 5 31 623 293 60 26 2023-08-23 2024-07-18 71869847+nipun-crestdatasystem@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/MimecastTTP/Data Connectors/Models/Enum/__init__.py 1 31 623 293 60 26 2023-08-23 2024-07-18 71869847+nipun-crestdatasystem@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/MimecastTTP/Data Connectors/GetTTPAttachment/__init__.py 78 53 623 293 92 39 2023-08-23 2024-07-18 71869847+nipun-crestdatasystem@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/MimecastTTP/Data Connectors/GetTTPUrl/__init__.py 74 53 623 293 92 39 2023-08-23 2024-07-18 71869847+nipun-crestdatasystem@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/MimecastTTP/Data Connectors/Helpers/date_helper.py 25 31 623 293 60 26 2023-08-23 2024-07-18 71869847+nipun-crestdatasystem@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/MimecastTTP/Data Connectors/Helpers/response_helper.py 51 31 623 293 60 26 2023-08-23 2024-07-18 71869847+nipun-crestdatasystem@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/MimecastTTP/Data Connectors/Helpers/request_helper.py 117 31 623 293 60 26 2023-08-23 2024-07-18 71869847+nipun-crestdatasystem@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/MimecastTTP/Data Connectors/Helpers/azure_monitor_collector.py 44 31 623 293 60 26 2023-08-23 2024-07-18 71869847+nipun-crestdatasystem@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/MimecastTTP/Data Connectors/GetTTPImpersonation/__init__.py 78 53 623 293 92 39 2023-08-23 2024-07-18 71869847+nipun-crestdatasystem@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/MimecastTTP/Data Connectors/TransformData/ttp_attachment_parser.py 13 31 614 293 60 27 2023-09-01 2024-07-18 nipun.brahmbhatt@crestdatasys.com 164491672+shishirdw@users.noreply.github.com Solutions/MimecastTTP/Data Connectors/TransformData/ttp_url_parser.py 13 31 614 293 60 27 2023-09-01 2024-07-18 nipun.brahmbhatt@crestdatasys.com 164491672+shishirdw@users.noreply.github.com Solutions/MimecastTTP/Data Connectors/TransformData/ttp_impersonation_parser.py 13 31 614 293 60 27 2023-09-01 2024-07-18 nipun.brahmbhatt@crestdatasys.com 164491672+shishirdw@users.noreply.github.com Solutions/CofenseTriage/Data Connectors/CofenseTriageDataConnector/NonCofenseBasedIndicatorCreatorToCofense/sentinel.py 727 27 749 293 41 31 2023-04-19 2024-07-18 50784041+anders-alex@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/CofenseTriage/Data Connectors/CofenseTriageDataConnector/NonCofenseBasedIndicatorCreatorToCofense/sentinel_to_cofense_mapping.py 42 27 749 293 41 31 2023-04-19 2024-07-18 50784041+anders-alex@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/CofenseTriage/Data Connectors/CofenseTriageDataConnector/NonCofenseBasedIndicatorCreatorToCofense/__init__.py 23 27 749 293 41 31 2023-04-19 2024-07-18 50784041+anders-alex@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/CofenseTriage/Data Connectors/CofenseTriageDataConnector/NonCofenseBasedIndicatorCreatorToCofense/cofense.py 330 27 749 293 41 31 2023-04-19 2024-07-18 50784041+anders-alex@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/CofenseTriage/Data Connectors/CofenseTriageDataConnector/SharedCode/__init__.py 1 27 749 293 41 31 2023-04-19 2024-07-18 50784041+anders-alex@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/CofenseTriage/Data Connectors/CofenseTriageDataConnector/SharedCode/cofense_exception.py 3 27 749 293 41 31 2023-04-19 2024-07-18 50784041+anders-alex@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/CofenseTriage/Data Connectors/CofenseTriageDataConnector/SharedCode/state_manager.py 37 27 749 293 41 31 2023-04-19 2024-07-18 50784041+anders-alex@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/CofenseTriage/Data Connectors/CofenseTriageDataConnector/SharedCode/utils.py 444 27 749 293 41 31 2023-04-19 2024-07-18 50784041+anders-alex@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/CofenseTriage/Data Connectors/CofenseTriageDataConnector/SharedCode/consts.py 66 42 749 259 83 44 2023-04-19 2024-08-21 50784041+anders-alex@users.noreply.github.com nilepagn@microsoft.com Solutions/CofenseTriage/Data Connectors/CofenseTriageDataConnector/SharedCode/logger.py 22 27 749 293 41 31 2023-04-19 2024-07-18 50784041+anders-alex@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/CofenseTriage/Data Connectors/CofenseTriageDataConnector/RetryFailedIndicators/sentinel.py 193 16 316 259 43 18 2024-06-25 2024-08-21 jayesh.prajapati@crestdatasys.com nilepagn@microsoft.com Solutions/CofenseTriage/Data Connectors/CofenseTriageDataConnector/RetryFailedIndicators/__init__.py 13 16 316 259 43 18 2024-06-25 2024-08-21 jayesh.prajapati@crestdatasys.com nilepagn@microsoft.com Solutions/CofenseTriage/Data Connectors/CofenseTriageDataConnector/RetryFailedIndicators/retry_failed_indicators.py 270 16 316 259 43 18 2024-06-25 2024-08-21 jayesh.prajapati@crestdatasys.com nilepagn@microsoft.com Solutions/CofenseTriage/Data Connectors/CofenseTriageDataConnector/CofenseBasedIndicatorCreator/sentinel.py 193 62 749 259 134 62 2023-04-19 2024-08-21 50784041+anders-alex@users.noreply.github.com nilepagn@microsoft.com Solutions/CofenseTriage/Data Connectors/CofenseTriageDataConnector/CofenseBasedIndicatorCreator/__init__.py 22 27 749 293 41 31 2023-04-19 2024-07-18 50784041+anders-alex@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/CofenseTriage/Data Connectors/CofenseTriageDataConnector/CofenseBasedIndicatorCreator/cofense.py 86 27 749 293 41 31 2023-04-19 2024-07-18 50784041+anders-alex@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/CofenseTriage/Data Connectors/CofenseTriageDataConnector/CofenseBasedIndicatorCreator/cofense_to_sentinel_mapping.py 323 62 749 259 134 62 2023-04-19 2024-08-21 50784041+anders-alex@users.noreply.github.com nilepagn@microsoft.com Solutions/CofenseTriage/Data Connectors/CofenseTriageDataConnector/IndicatorCreatorToDefender/sentinel.py 751 27 749 293 41 31 2023-04-19 2024-07-18 50784041+anders-alex@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/CofenseTriage/Data Connectors/CofenseTriageDataConnector/IndicatorCreatorToDefender/__init__.py 23 27 749 293 41 31 2023-04-19 2024-07-18 50784041+anders-alex@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/CofenseTriage/Data Connectors/CofenseTriageDataConnector/IndicatorCreatorToDefender/sentinel_to_defender_mapping.py 168 27 749 293 41 31 2023-04-19 2024-07-18 50784041+anders-alex@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/CofenseTriage/Data Connectors/CofenseTriageDataConnector/IndicatorCreatorToDefender/defender.py 281 27 749 293 41 31 2023-04-19 2024-07-18 50784041+anders-alex@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/SailPointIdentityNow/Analytic Rules/SailPointIdentityNowAlertsForTriggers.yaml 32 45 1310 576 72 43 2021-10-05 2023-10-09 prashant.kagwad@sailpoint.com mrudula.oruganti@gigamon.com Solutions/SailPointIdentityNow/Analytic Rules/SailPointIdentityNowUserWithFailedEvents.yaml 34 46 1310 576 73 43 2021-10-05 2023-10-09 prashant.kagwad@sailpoint.com mrudula.oruganti@gigamon.com Solutions/SailPointIdentityNow/Analytic Rules/SailPointIdentityNowFailedEventsBasedOnTime.yaml 32 46 1310 576 73 43 2021-10-05 2023-10-09 prashant.kagwad@sailpoint.com mrudula.oruganti@gigamon.com Solutions/SailPointIdentityNow/Analytic Rules/SailPointIdentityNowEventType.yaml 32 46 1310 576 73 43 2021-10-05 2023-10-09 prashant.kagwad@sailpoint.com mrudula.oruganti@gigamon.com Solutions/SailPointIdentityNow/Analytic Rules/SailPointIdentityNowFailedEvents.yaml 30 46 1310 576 73 43 2021-10-05 2023-10-09 prashant.kagwad@sailpoint.com mrudula.oruganti@gigamon.com Solutions/SailPointIdentityNow/Analytic Rules/SailPointIdentityNowEventTypeTechnicalName.yaml 33 46 1310 576 73 43 2021-10-05 2023-10-09 prashant.kagwad@sailpoint.com mrudula.oruganti@gigamon.com Solutions/SailPointIdentityNow/Data Connectors/SearchEvent/__init__.py 179 34 1310 576 45 34 2021-10-05 2023-10-09 prashant.kagwad@sailpoint.com mrudula.oruganti@gigamon.com Solutions/Okta Single Sign-On/Hunting Queries/LegacyAuthentication.yaml 37 60 677 293 117 54 2023-06-30 2024-07-18 aprakash@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Okta Single Sign-On/Hunting Queries/LoginNordVPN.yaml 41 60 677 293 116 54 2023-06-30 2024-07-18 aprakash@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Okta Single Sign-On/Hunting Queries/CreateAPIToken.yaml 26 42 1140 293 75 40 2022-03-24 2024-07-18 87809732+niktripathi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Okta Single Sign-On/Hunting Queries/UserPasswordReset.yaml 30 62 1139 293 121 50 2022-03-25 2024-07-18 37783395+aprakash13@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Okta Single Sign-On/Hunting Queries/NewDeviceRegistration.yaml 51 60 677 293 116 54 2023-06-30 2024-07-18 aprakash@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Okta Single Sign-On/Hunting Queries/AdminPrivilegeGrant.yaml 37 80 1140 293 144 60 2022-03-24 2024-07-18 87809732+niktripathi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Okta Single Sign-On/Hunting Queries/RareMFAOperation.yaml 42 80 1140 293 144 60 2022-03-24 2024-07-18 87809732+niktripathi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Okta Single Sign-On/Hunting Queries/LoginFromMultipleLocations.yaml 68 60 677 293 116 54 2023-06-30 2024-07-18 aprakash@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Okta Single Sign-On/Hunting Queries/LoginsVPSProvider.yaml 41 60 677 293 116 54 2023-06-30 2024-07-18 aprakash@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Okta Single Sign-On/Hunting Queries/ImpersonationSession.yaml 31 59 1140 293 118 49 2022-03-24 2024-07-18 87809732+niktripathi@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Okta Single Sign-On/Parsers/OktaSSO.yaml 157 65 540 58 122 49 2023-11-14 2025-03-10 anknar@microsoft.com idoshabi@microsoft.com Solutions/Okta Single Sign-On/Analytic Rules/UserSessionImpersonation.yaml 46 25 477 293 38 23 2024-01-16 2024-07-18 v-prasadboke@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Okta Single Sign-On/Analytic Rules/LoginfromUsersfromDifferentCountrieswithin3hours.yaml 37 104 1140 57 163 76 2022-03-24 2025-03-11 87809732+niktripathi@users.noreply.github.com v-atulyadav@microsoft.com Solutions/Okta Single Sign-On/Analytic Rules/DeviceRegistrationMaliciousIP.yaml 50 79 670 58 141 61 2023-07-07 2025-03-10 aprakash@microsoft.com idoshabi@microsoft.com Solutions/Okta Single Sign-On/Analytic Rules/FailedLoginsFromUnknownOrInvalidUser.yaml 44 104 1140 57 162 76 2022-03-24 2025-03-11 87809732+niktripathi@users.noreply.github.com v-atulyadav@microsoft.com Solutions/Okta Single Sign-On/Analytic Rules/MFAFatigue.yaml 49 77 670 58 138 61 2023-07-07 2025-03-10 aprakash@microsoft.com idoshabi@microsoft.com Solutions/Okta Single Sign-On/Analytic Rules/HighRiskAdminActivity.yaml 51 77 670 58 139 62 2023-07-07 2025-03-10 aprakash@microsoft.com idoshabi@microsoft.com Solutions/Okta Single Sign-On/Analytic Rules/PhishingDetection.yaml 47 63 677 293 120 55 2023-06-30 2024-07-18 aprakash@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Okta Single Sign-On/Analytic Rules/PasswordSpray.yaml 40 104 1140 57 165 76 2022-03-24 2025-03-11 87809732+niktripathi@users.noreply.github.com v-atulyadav@microsoft.com Solutions/Okta Single Sign-On/Analytic Rules/NewDeviceLocationCriticalOperation.yaml 61 77 670 58 142 62 2023-07-07 2025-03-10 aprakash@microsoft.com idoshabi@microsoft.com Solutions/Okta Single Sign-On/Data Connectors/OktaSingleSign-On/AzureFunctionOktaSSO_V2/requirements.psd1 8 24 573 293 51 21 2023-10-12 2024-07-18 v-rusraut@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Okta Single Sign-On/Data Connectors/OktaSingleSign-On/AzureFunctionOktaSSO_V2/AzureFunctionOktaSSO/run.ps1 167 24 573 293 51 21 2023-10-12 2024-07-18 v-rusraut@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Okta Single Sign-On/Data Connectors/OktaSingleSign-On/AzureFunctionOktaSSO_V2/profile.ps1 18 24 573 293 51 21 2023-10-12 2024-07-18 v-rusraut@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Trend Micro Cloud App Security/Hunting Queries/TrendMicroCASInfectedFilesInEmails.yaml 26 15 1244 845 22 15 2021-12-10 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/Trend Micro Cloud App Security/Hunting Queries/TrendMicroCASSuspiciousFilesSharepoint.yaml 25 15 1244 845 22 15 2021-12-10 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/Trend Micro Cloud App Security/Hunting Queries/TrendMicroCASVAThreats.yaml 25 16 1244 845 24 15 2021-12-10 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/Trend Micro Cloud App Security/Hunting Queries/TrendMicroCASTopFilesRecievedViaEmail.yaml 25 15 1244 845 22 15 2021-12-10 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/Trend Micro Cloud App Security/Hunting Queries/TrendMicroCASUserDLPViolations.yaml 24 16 1244 845 23 15 2021-12-10 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/Trend Micro Cloud App Security/Hunting Queries/TrendMicroCASRiskyUsers.yaml 24 15 1244 845 22 15 2021-12-10 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/Trend Micro Cloud App Security/Hunting Queries/TrendMicroCASRansomwareThreats.yaml 24 15 1244 845 22 15 2021-12-10 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/Trend Micro Cloud App Security/Hunting Queries/TrendMicroCASScanDiscoveredThreats.yaml 29 15 1244 845 22 15 2021-12-10 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/Trend Micro Cloud App Security/Hunting Queries/TrendMicroCASRareFilesRecievedViaEmail.yaml 26 15 1244 845 22 15 2021-12-10 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/Trend Micro Cloud App Security/Hunting Queries/TrendMicroCASFilesOnShares.yaml 29 15 1244 845 22 15 2021-12-10 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/Trend Micro Cloud App Security/Parsers/TrendMicroCAS.yaml 78 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Trend Micro Cloud App Security/Analytic Rules/TrendMicroCASVAOutbreak.yaml 36 58 1244 770 89 42 2021-12-10 2023-03-29 sp@socprime.com 63061287+noamlandress@users.noreply.github.com Solutions/Trend Micro Cloud App Security/Analytic Rules/TrendMicroCASUnexpectedFileInMail.yaml 33 44 1244 770 64 36 2021-12-10 2023-03-29 sp@socprime.com 63061287+noamlandress@users.noreply.github.com Solutions/Trend Micro Cloud App Security/Analytic Rules/TrendMicroCASRansomwareOutbreak.yaml 31 58 1244 770 89 42 2021-12-10 2023-03-29 sp@socprime.com 63061287+noamlandress@users.noreply.github.com Solutions/Trend Micro Cloud App Security/Analytic Rules/TrendMicroCASPossiblePhishingMail.yaml 34 45 1244 770 65 36 2021-12-10 2023-03-29 sp@socprime.com 63061287+noamlandress@users.noreply.github.com Solutions/Trend Micro Cloud App Security/Analytic Rules/TrendMicroCASRansomwareOnHost.yaml 33 57 1244 770 88 42 2021-12-10 2023-03-29 sp@socprime.com 63061287+noamlandress@users.noreply.github.com Solutions/Trend Micro Cloud App Security/Analytic Rules/TrendMicroCASThreatNotBlocked.yaml 30 57 1244 770 88 42 2021-12-10 2023-03-29 sp@socprime.com 63061287+noamlandress@users.noreply.github.com Solutions/Trend Micro Cloud App Security/Analytic Rules/TrendMicroCASVAInfectedUser.yaml 34 58 1244 770 89 42 2021-12-10 2023-03-29 sp@socprime.com 63061287+noamlandress@users.noreply.github.com Solutions/Trend Micro Cloud App Security/Analytic Rules/TrendMicroCASSuspiciousFilename.yaml 30 45 1244 770 65 36 2021-12-10 2023-03-29 sp@socprime.com 63061287+noamlandress@users.noreply.github.com Solutions/Trend Micro Cloud App Security/Analytic Rules/TrendMicroCASDLPViolation.yaml 29 59 1244 770 91 42 2021-12-10 2023-03-29 sp@socprime.com 63061287+noamlandress@users.noreply.github.com Solutions/Trend Micro Cloud App Security/Analytic Rules/TrendMicroCASUnexpectedFileOnFileShare.yaml 33 44 1244 770 64 36 2021-12-10 2023-03-29 sp@socprime.com 63061287+noamlandress@users.noreply.github.com Solutions/Trend Micro Cloud App Security/Data Connectors/TrendMicroCASSentinelConnector/__init__.py 183 21 1329 576 25 19 2021-09-16 2023-10-09 ov@socprime.com mrudula.oruganti@gigamon.com Solutions/Trend Micro Cloud App Security/Data Connectors/TrendMicroCASSentinelConnector/state_manager.py 18 21 1329 576 25 19 2021-09-16 2023-10-09 ov@socprime.com mrudula.oruganti@gigamon.com Solutions/NozomiNetworks/Parsers/NozomiNetworksEvents.yaml 42 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Juniper SRX/Parsers/JuniperSRX.yaml 101 38 624 293 87 36 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/MimecastAudit/Analytic Rules/MimecastAudit.yaml 51 30 623 293 59 25 2023-08-23 2024-07-18 71869847+nipun-crestdatasystem@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/MimecastAudit/Data Connectors/GetAuditEvents/__init__.py 75 52 623 293 91 38 2023-08-23 2024-07-18 71869847+nipun-crestdatasystem@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/MimecastAudit/Data Connectors/Models/Request/__init__.py 1 29 623 293 58 24 2023-08-23 2024-07-18 71869847+nipun-crestdatasystem@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/MimecastAudit/Data Connectors/Models/Request/refresh_access_key.py 5 29 623 293 58 24 2023-08-23 2024-07-18 71869847+nipun-crestdatasystem@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/MimecastAudit/Data Connectors/Models/Request/get_audit_events.py 14 51 623 293 90 37 2023-08-23 2024-07-18 71869847+nipun-crestdatasystem@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/MimecastAudit/Data Connectors/Models/Error/errors.py 14 29 623 293 58 24 2023-08-23 2024-07-18 71869847+nipun-crestdatasystem@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/MimecastAudit/Data Connectors/Models/Error/__init__.py 1 29 623 293 58 24 2023-08-23 2024-07-18 71869847+nipun-crestdatasystem@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/MimecastAudit/Data Connectors/Models/Enum/mimecast_response_codes.py 10 29 623 293 58 24 2023-08-23 2024-07-18 71869847+nipun-crestdatasystem@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/MimecastAudit/Data Connectors/Models/Enum/mimecast_endpoints.py 3 29 623 293 58 24 2023-08-23 2024-07-18 71869847+nipun-crestdatasystem@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/MimecastAudit/Data Connectors/Models/Enum/__init__.py 1 29 623 293 58 24 2023-08-23 2024-07-18 71869847+nipun-crestdatasystem@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/MimecastAudit/Data Connectors/Helpers/date_helper.py 20 29 623 293 58 24 2023-08-23 2024-07-18 71869847+nipun-crestdatasystem@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/MimecastAudit/Data Connectors/Helpers/checkpoint_helper.py 43 25 488 293 35 23 2024-01-05 2024-07-18 smit.rathod@crestdatasys.com 164491672+shishirdw@users.noreply.github.com Solutions/MimecastAudit/Data Connectors/Helpers/response_helper.py 54 29 623 293 58 24 2023-08-23 2024-07-18 71869847+nipun-crestdatasystem@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/MimecastAudit/Data Connectors/Helpers/request_helper.py 121 29 623 293 58 24 2023-08-23 2024-07-18 71869847+nipun-crestdatasystem@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/MimecastAudit/Data Connectors/Helpers/azure_monitor_collector.py 38 29 623 293 58 24 2023-08-23 2024-07-18 71869847+nipun-crestdatasystem@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/MimecastAudit/Data Connectors/TransformData/audit_parser.py 27 29 614 293 58 25 2023-09-01 2024-07-18 nipun.brahmbhatt@crestdatasys.com 164491672+shishirdw@users.noreply.github.com Solutions/Proofpoint On demand(POD) Email Security/Hunting Queries/ProofpointPODHighScorePhishValue.yaml 16 25 883 576 35 23 2022-12-06 2023-10-09 105694882+v-laanjana@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Proofpoint On demand(POD) Email Security/Hunting Queries/ProofpointPODRecipientsHighNumberDiscardReject.yaml 19 25 883 576 35 23 2022-12-06 2023-10-09 105694882+v-laanjana@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Proofpoint On demand(POD) Email Security/Hunting Queries/ProofpointPODHighScoreMalwareValue.yaml 16 25 883 576 35 23 2022-12-06 2023-10-09 105694882+v-laanjana@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Proofpoint On demand(POD) Email Security/Hunting Queries/ProofpointPODHighScoreSuspectValue.yaml 16 25 883 576 35 23 2022-12-06 2023-10-09 105694882+v-laanjana@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Proofpoint On demand(POD) Email Security/Hunting Queries/ProofpointPODHighScoreAdultValue.yaml 16 25 883 576 35 23 2022-12-06 2023-10-09 105694882+v-laanjana@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Proofpoint On demand(POD) Email Security/Hunting Queries/ProofpointPODSendersLargeNumberOfCorruptedEmails.yaml 19 25 883 576 35 23 2022-12-06 2023-10-09 105694882+v-laanjana@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Proofpoint On demand(POD) Email Security/Hunting Queries/ProofpointPODLargeOutboundEmails.yaml 29 44 883 293 70 42 2022-12-06 2024-07-18 105694882+v-laanjana@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/Proofpoint On demand(POD) Email Security/Hunting Queries/ProofpointPODRecipientsLargeNumberOfCorruptedEmails.yaml 19 25 883 576 35 23 2022-12-06 2023-10-09 105694882+v-laanjana@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Proofpoint On demand(POD) Email Security/Hunting Queries/ProofpointPODHighScoreSpamValue.yaml 16 25 883 576 35 23 2022-12-06 2023-10-09 105694882+v-laanjana@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Proofpoint On demand(POD) Email Security/Hunting Queries/ProofpointPODSuspiciousFileTypesInAttachments.yaml 17 25 883 576 35 23 2022-12-06 2023-10-09 105694882+v-laanjana@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Proofpoint On demand(POD) Email Security/Parsers/ProofpointPOD.yaml 317 55 624 261 97 44 2023-08-22 2024-08-19 mkchiliveri@gmail.com v-prasadboke@microsoft.com Solutions/Proofpoint On demand(POD) Email Security/Analytic Rules/ProofpointPODMultipleArchivedAttachmentsToSameRecipient.yaml 38 31 903 576 44 28 2022-11-16 2023-10-09 pemontto@gmail.com mrudula.oruganti@gigamon.com Solutions/Proofpoint On demand(POD) Email Security/Analytic Rules/ProofpointPODSuspiciousAttachment.yaml 36 31 903 576 44 28 2022-11-16 2023-10-09 pemontto@gmail.com mrudula.oruganti@gigamon.com Solutions/Proofpoint On demand(POD) Email Security/Analytic Rules/ProofpointPODEmailSenderIPinTIList.yaml 60 28 771 293 40 31 2023-03-28 2024-07-18 164491672+shishirdw@users.noreply.github.com Solutions/Proofpoint On demand(POD) Email Security/Analytic Rules/ProofpointPODMultipleLargeEmailsToSameRecipient.yaml 37 25 883 576 35 23 2022-12-06 2023-10-09 105694882+v-laanjana@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Proofpoint On demand(POD) Email Security/Analytic Rules/ProofpointPODEmailSenderInTIList.yaml 52 28 771 293 40 31 2023-03-28 2024-07-18 164491672+shishirdw@users.noreply.github.com Solutions/Proofpoint On demand(POD) Email Security/Analytic Rules/ProofpointPODDataExfiltrationToPrivateEmail.yaml 40 25 883 576 35 23 2022-12-06 2023-10-09 105694882+v-laanjana@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Proofpoint On demand(POD) Email Security/Analytic Rules/ProofpointPODMultipleProtectedEmailsToUnknownRecipient.yaml 49 25 883 576 35 23 2022-12-06 2023-10-09 105694882+v-laanjana@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Proofpoint On demand(POD) Email Security/Analytic Rules/ProofpointPODHighRiskNotDiscarded.yaml 35 25 883 576 35 23 2022-12-06 2023-10-09 105694882+v-laanjana@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Proofpoint On demand(POD) Email Security/Analytic Rules/ProofpointPODWeakCiphers.yaml 32 26 883 576 37 23 2022-12-06 2023-10-09 105694882+v-laanjana@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Proofpoint On demand(POD) Email Security/Analytic Rules/ProofpointPODBinaryInAttachment.yaml 39 56 903 293 98 60 2022-11-16 2024-07-18 pemontto@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Proofpoint On demand(POD) Email Security/Data Connectors/ProofpointSentinelConnector/__init__.py 165 79 883 26 129 61 2022-12-06 2025-04-11 105694882+v-laanjana@users.noreply.github.com bartleyriley@gmail.com Solutions/Proofpoint On demand(POD) Email Security/Data Connectors/ProofpointSentinelConnector/sentinel_connector.py 100 26 883 576 36 23 2022-12-06 2023-10-09 105694882+v-laanjana@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Vectra AI Stream/Parsers/vectra_beacon.yaml 17 15 371 259 42 18 2024-05-01 2024-08-21 fguillot@vectra.ai nilepagn@microsoft.com Solutions/Vectra AI Stream/Parsers/vectra_match.yaml 17 18 173 58 20 10 2024-11-15 2025-03-10 fguillot@vectra.ai idoshabi@microsoft.com Solutions/Vectra AI Stream/Parsers/vectra_isession.yaml 17 15 371 259 42 18 2024-05-01 2024-08-21 fguillot@vectra.ai nilepagn@microsoft.com Solutions/Vectra AI Stream/Parsers/vectra_dns.yaml 17 15 371 259 42 18 2024-05-01 2024-08-21 fguillot@vectra.ai nilepagn@microsoft.com Solutions/Vectra AI Stream/Parsers/vectra_smtp.yaml 17 15 371 259 42 18 2024-05-01 2024-08-21 fguillot@vectra.ai nilepagn@microsoft.com Solutions/Vectra AI Stream/Parsers/vectra_ldap.yaml 17 15 371 259 42 18 2024-05-01 2024-08-21 fguillot@vectra.ai nilepagn@microsoft.com Solutions/Vectra AI Stream/Parsers/vectra_ssl.yaml 17 15 371 259 42 18 2024-05-01 2024-08-21 fguillot@vectra.ai nilepagn@microsoft.com Solutions/Vectra AI Stream/Parsers/VectraStream_function.yaml 460 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Vectra AI Stream/Parsers/vectra_x509.yaml 17 15 371 259 42 18 2024-05-01 2024-08-21 fguillot@vectra.ai nilepagn@microsoft.com Solutions/Vectra AI Stream/Parsers/vectra_stream.yaml 13 33 371 58 63 25 2024-05-01 2025-03-10 fguillot@vectra.ai idoshabi@microsoft.com Solutions/Vectra AI Stream/Parsers/vectra_ssh.yaml 17 15 371 259 42 18 2024-05-01 2024-08-21 fguillot@vectra.ai nilepagn@microsoft.com Solutions/Vectra AI Stream/Parsers/vectra_dhcp.yaml 17 15 371 259 42 18 2024-05-01 2024-08-21 fguillot@vectra.ai nilepagn@microsoft.com Solutions/Vectra AI Stream/Parsers/vectra_dcerpc.yaml 17 15 371 259 42 18 2024-05-01 2024-08-21 fguillot@vectra.ai nilepagn@microsoft.com Solutions/Vectra AI Stream/Parsers/vectra_http.yaml 17 15 371 259 42 18 2024-05-01 2024-08-21 fguillot@vectra.ai nilepagn@microsoft.com Solutions/Vectra AI Stream/Parsers/vectra_rdp.yaml 17 15 371 259 42 18 2024-05-01 2024-08-21 fguillot@vectra.ai nilepagn@microsoft.com Solutions/Vectra AI Stream/Parsers/vectra_smbmapping.yaml 17 15 371 259 42 18 2024-05-01 2024-08-21 fguillot@vectra.ai nilepagn@microsoft.com Solutions/Vectra AI Stream/Parsers/vectra_kerberos.yaml 17 15 371 259 42 18 2024-05-01 2024-08-21 fguillot@vectra.ai nilepagn@microsoft.com Solutions/Vectra AI Stream/Parsers/vectra_smbfiles.yaml 17 15 371 259 42 18 2024-05-01 2024-08-21 fguillot@vectra.ai nilepagn@microsoft.com Solutions/Vectra AI Stream/Parsers/vectra_radius.yaml 17 15 371 259 42 18 2024-05-01 2024-08-21 fguillot@vectra.ai nilepagn@microsoft.com Solutions/Vectra AI Stream/Parsers/vectra_ntlm.yaml 17 15 371 259 43 18 2024-05-01 2024-08-21 fguillot@vectra.ai nilepagn@microsoft.com Solutions/CybersecurityMaturityModelCertification(CMMC)2.0/Analytic Rules/CMMC2.0Level1FoundationalPosture.yaml 35 55 1239 576 87 51 2021-12-15 2023-10-09 54327442+thbanasi@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/CybersecurityMaturityModelCertification(CMMC)2.0/Analytic Rules/CMMC2.0Level2AdvancedPosture.yaml 35 55 1239 576 87 51 2021-12-15 2023-10-09 54327442+thbanasi@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Theom/Analytic Rules/TRIS0012_Dev_secrets_exposed.yaml 38 69 915 106 125 54 2022-11-04 2025-01-21 venkat@theom.ai 128674128+v1managedservices@users.noreply.github.com Solutions/Theom/Analytic Rules/TRIS0015_Healthcare_data_exposed.yaml 38 69 915 106 125 54 2022-11-04 2025-01-21 venkat@theom.ai 128674128+v1managedservices@users.noreply.github.com Solutions/Theom/Analytic Rules/TheomRisksLow.yaml 58 69 915 106 125 54 2022-11-04 2025-01-21 venkat@theom.ai 128674128+v1managedservices@users.noreply.github.com Solutions/Theom/Analytic Rules/TheomRisksMedium.yaml 58 69 915 106 125 54 2022-11-04 2025-01-21 venkat@theom.ai 128674128+v1managedservices@users.noreply.github.com Solutions/Theom/Analytic Rules/TheomRisksCritical.yaml 58 69 915 106 125 54 2022-11-04 2025-01-21 venkat@theom.ai 128674128+v1managedservices@users.noreply.github.com Solutions/Theom/Analytic Rules/TRIS0035_Shadow_DB_large_datastore_value.yaml 38 69 915 106 124 54 2022-11-04 2025-01-21 venkat@theom.ai 128674128+v1managedservices@users.noreply.github.com Solutions/Theom/Analytic Rules/TRIS0003_Financial_data_unencrypted.yaml 38 69 915 106 125 54 2022-11-04 2025-01-21 venkat@theom.ai 128674128+v1managedservices@users.noreply.github.com Solutions/Theom/Analytic Rules/TRIS0034_Overprovisioned_Roles_Shadow_DB.yaml 40 69 915 106 124 54 2022-11-04 2025-01-21 venkat@theom.ai 128674128+v1managedservices@users.noreply.github.com Solutions/Theom/Analytic Rules/TRIS0018_National_IDs_exposed.yaml 38 69 915 106 125 54 2022-11-04 2025-01-21 venkat@theom.ai 128674128+v1managedservices@users.noreply.github.com Solutions/Theom/Analytic Rules/TheomRisksInsights.yaml 58 69 915 106 125 54 2022-11-04 2025-01-21 venkat@theom.ai 128674128+v1managedservices@users.noreply.github.com Solutions/Theom/Analytic Rules/TRIS0007-10_TRIS0014_Critical_data_in_API_headers_or_body.yaml 39 69 915 106 125 54 2022-11-04 2025-01-21 venkat@theom.ai 128674128+v1managedservices@users.noreply.github.com Solutions/Theom/Analytic Rules/TRIS0026_Financial_data_exposed.yaml 38 69 915 106 125 54 2022-11-04 2025-01-21 venkat@theom.ai 128674128+v1managedservices@users.noreply.github.com Solutions/Theom/Analytic Rules/TRIS0005_Unencrypted_public_data_stores.yaml 38 69 915 106 125 54 2022-11-04 2025-01-21 venkat@theom.ai 128674128+v1managedservices@users.noreply.github.com Solutions/Theom/Analytic Rules/TRIS0002_National_IDs_unencrypted.yaml 38 69 915 106 125 54 2022-11-04 2025-01-21 venkat@theom.ai 128674128+v1managedservices@users.noreply.github.com Solutions/Theom/Analytic Rules/TRIS0032_Dark_Data_with_large_fin_value.yaml 38 69 915 106 125 54 2022-11-04 2025-01-21 venkat@theom.ai 128674128+v1managedservices@users.noreply.github.com Solutions/Theom/Analytic Rules/TRIS0036_Shadow_DB_with_atypical_accesses.yaml 40 69 915 106 124 54 2022-11-04 2025-01-21 venkat@theom.ai 128674128+v1managedservices@users.noreply.github.com Solutions/Theom/Analytic Rules/TRIS0001_Dev_secrets_unencrypted.yaml 37 69 915 106 125 54 2022-11-04 2025-01-21 venkat@theom.ai 128674128+v1managedservices@users.noreply.github.com Solutions/Theom/Analytic Rules/TRIS0033_Least_priv_large_value_shadow_DB.yaml 38 69 915 106 124 54 2022-11-04 2025-01-21 venkat@theom.ai 128674128+v1managedservices@users.noreply.github.com Solutions/Theom/Analytic Rules/TRIS0004_Healthcare_data_unencrypted.yaml 38 69 915 106 125 54 2022-11-04 2025-01-21 venkat@theom.ai 128674128+v1managedservices@users.noreply.github.com Solutions/Theom/Analytic Rules/TheomRisksHigh.yaml 58 69 915 106 125 54 2022-11-04 2025-01-21 venkat@theom.ai 128674128+v1managedservices@users.noreply.github.com Solutions/SonraiSecurity/Analytic Rules/SonraiTicketAssigned.yaml 66 94 1386 106 161 73 2021-07-21 2025-01-21 cameron.dahr@sonraisecurity.com 128674128+v1managedservices@users.noreply.github.com Solutions/SonraiSecurity/Analytic Rules/SonraiTicketClosed.yaml 65 94 1386 106 161 73 2021-07-21 2025-01-21 cameron.dahr@sonraisecurity.com 128674128+v1managedservices@users.noreply.github.com Solutions/SonraiSecurity/Analytic Rules/SonraiTicketUpdated.yaml 65 94 1386 106 161 73 2021-07-21 2025-01-21 cameron.dahr@sonraisecurity.com 128674128+v1managedservices@users.noreply.github.com Solutions/SonraiSecurity/Analytic Rules/SonraiNewTicket.yaml 64 94 1386 106 161 73 2021-07-21 2025-01-21 cameron.dahr@sonraisecurity.com 128674128+v1managedservices@users.noreply.github.com Solutions/SonraiSecurity/Analytic Rules/SonraiTicketRiskAccepted.yaml 5 94 1386 106 161 73 2021-07-21 2025-01-21 cameron.dahr@sonraisecurity.com 128674128+v1managedservices@users.noreply.github.com Solutions/SonraiSecurity/Analytic Rules/SonraiTicketReopened.yaml 66 94 1386 106 161 73 2021-07-21 2025-01-21 cameron.dahr@sonraisecurity.com 128674128+v1managedservices@users.noreply.github.com Solutions/SonraiSecurity/Analytic Rules/SonraiTicketSnoozed.yaml 65 94 1386 106 161 73 2021-07-21 2025-01-21 cameron.dahr@sonraisecurity.com 128674128+v1managedservices@users.noreply.github.com Solutions/SonraiSecurity/Analytic Rules/SonraiTicketEscalationExecuted.yaml 65 94 1386 106 161 73 2021-07-21 2025-01-21 cameron.dahr@sonraisecurity.com 128674128+v1managedservices@users.noreply.github.com Solutions/SonraiSecurity/Analytic Rules/SonraiTicketCommentAdded.yaml 65 94 1386 106 161 73 2021-07-21 2025-01-21 cameron.dahr@sonraisecurity.com 128674128+v1managedservices@users.noreply.github.com Solutions/SentinelOne/Hunting Queries/SentinelOneNewRules.yaml 25 15 1237 845 22 16 2021-12-17 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/SentinelOne/Hunting Queries/SentinelOneAlertTriggers.yaml 25 15 1237 845 22 16 2021-12-17 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/SentinelOne/Hunting Queries/SentinelOneAgentNotUpdated.yaml 26 28 1237 845 36 25 2021-12-17 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/SentinelOne/Hunting Queries/SentinelOneScannedHosts.yaml 25 15 1237 845 22 16 2021-12-17 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/SentinelOne/Hunting Queries/SentinelOneUsersByAlertCount.yaml 29 15 1237 845 22 16 2021-12-17 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/SentinelOne/Hunting Queries/SentinelOneRulesDeleted.yaml 25 27 1237 845 35 25 2021-12-17 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/SentinelOne/Hunting Queries/SentinelOneAgentStatus.yaml 25 15 1237 845 22 16 2021-12-17 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/SentinelOne/Hunting Queries/SentinelOneHostNotScanned.yaml 29 27 1237 845 35 25 2021-12-17 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/SentinelOne/Hunting Queries/SentinelOneSourcesByAlertCount.yaml 25 15 1237 845 22 16 2021-12-17 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/SentinelOne/Hunting Queries/SentinelOneUninstalledAgents.yaml 23 27 1237 845 35 25 2021-12-17 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/SentinelOne/Parsers/SentinelOne.yaml 651 51 624 57 102 43 2023-08-22 2025-03-11 mkchiliveri@gmail.com v-atulyadav@microsoft.com Solutions/SentinelOne/Analytic Rules/SentinelOneAlertFromCustomRule.yaml 31 76 1237 259 124 60 2021-12-17 2024-08-21 sp@socprime.com nilepagn@microsoft.com Solutions/SentinelOne/Analytic Rules/SentinelOneNewAdmin.yaml 29 44 1237 770 62 35 2021-12-17 2023-03-29 sp@socprime.com 63061287+noamlandress@users.noreply.github.com Solutions/SentinelOne/Analytic Rules/SentinelOneViewAgentPassphrase.yaml 33 44 1237 770 62 35 2021-12-17 2023-03-29 sp@socprime.com 63061287+noamlandress@users.noreply.github.com Solutions/SentinelOne/Analytic Rules/SentinelOneSameCustomRuleHitOnDiffHosts.yaml 35 76 1237 259 124 60 2021-12-17 2024-08-21 sp@socprime.com nilepagn@microsoft.com Solutions/SentinelOne/Analytic Rules/SentinelOneAgentUninstalled.yaml 30 61 1237 57 84 48 2021-12-17 2025-03-11 sp@socprime.com v-atulyadav@microsoft.com Solutions/SentinelOne/Analytic Rules/SentinelOneExclusionAdded.yaml 30 44 1237 770 62 35 2021-12-17 2023-03-29 sp@socprime.com 63061287+noamlandress@users.noreply.github.com Solutions/SentinelOne/Analytic Rules/SentinelOneRuleDisabled.yaml 30 43 1237 770 61 35 2021-12-17 2023-03-29 sp@socprime.com 63061287+noamlandress@users.noreply.github.com Solutions/SentinelOne/Analytic Rules/SentinelOneBlacklistHashDeleted.yaml 36 45 1237 770 63 35 2021-12-17 2023-03-29 sp@socprime.com 63061287+noamlandress@users.noreply.github.com Solutions/SentinelOne/Analytic Rules/SentinelOneRuleDeleted.yaml 30 43 1237 770 61 35 2021-12-17 2023-03-29 sp@socprime.com 63061287+noamlandress@users.noreply.github.com Solutions/SentinelOne/Analytic Rules/SentinelOneAdminLoginNewIP.yaml 47 53 1237 770 71 40 2021-12-17 2023-03-29 sp@socprime.com 63061287+noamlandress@users.noreply.github.com Solutions/SentinelOne/Analytic Rules/SentinelOneMultipleAlertsOnHost.yaml 33 77 1237 259 125 60 2021-12-17 2024-08-21 sp@socprime.com nilepagn@microsoft.com Solutions/SentinelOne/Data Connectors/SentinelOneSentinelConnector/__init__.py 173 33 1071 576 45 25 2022-06-01 2023-10-09 101796244+v-spadarthi@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/SentinelOne/Data Connectors/SentinelOneSentinelConnector/state_manager.py 18 33 1071 576 45 25 2022-06-01 2023-10-09 101796244+v-spadarthi@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/CiscoSEG/Hunting Queries/CiscoSEGDroppedOutMails.yaml 25 71 1237 58 133 55 2021-12-17 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/CiscoSEG/Hunting Queries/CiscoSEGUsersReceivedSpam.yaml 27 126 1237 58 221 87 2021-12-17 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/CiscoSEG/Hunting Queries/CiscoSEGFailedTLSIn.yaml 25 70 1237 58 132 55 2021-12-17 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/CiscoSEG/Hunting Queries/CiscoSEGFailedSPFFailure.yaml 25 70 1237 58 132 55 2021-12-17 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/CiscoSEG/Hunting Queries/CiscoSEGDroppedInMails.yaml 25 74 1237 58 137 56 2021-12-17 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/CiscoSEG/Hunting Queries/CiscoSEGFailedDKIMFailure.yaml 25 70 1237 58 132 55 2021-12-17 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/CiscoSEG/Hunting Queries/CiscoSEGSpamMails.yaml 27 97 1237 58 173 71 2021-12-17 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/CiscoSEG/Hunting Queries/CiscoSEGFailedTLSOut.yaml 25 70 1237 58 132 55 2021-12-17 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/CiscoSEG/Hunting Queries/CiscoSEGInsecureProtocol.yaml 25 96 1237 58 160 69 2021-12-17 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/CiscoSEG/Hunting Queries/CiscoSEGFailedDMARKFailure.yaml 25 70 1237 58 132 55 2021-12-17 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/CiscoSEG/Parsers/CiscoSEGEvent.yaml 47 46 624 58 88 38 2023-08-22 2025-03-10 mkchiliveri@gmail.com idoshabi@microsoft.com Solutions/CiscoSEG/Analytic Rules/CiscoSEGDLPViolation.yaml 32 101 1237 58 182 76 2021-12-17 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/CiscoSEG/Analytic Rules/CiscoSEGMaliciousAttachmentNotBlocked.yaml 33 101 1237 58 182 76 2021-12-17 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/CiscoSEG/Analytic Rules/CiscoSEGMultipleLargeEmails.yaml 37 101 1237 58 182 76 2021-12-17 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/CiscoSEG/Analytic Rules/CiscoSEGPossibleOutbreak.yaml 32 101 1237 58 182 76 2021-12-17 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/CiscoSEG/Analytic Rules/CiscoSEGSuspiciousLink.yaml 33 101 1237 58 183 76 2021-12-17 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/CiscoSEG/Analytic Rules/CiscoSEGMultipleSuspiciousEmails.yaml 34 101 1237 58 185 76 2021-12-17 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/CiscoSEG/Analytic Rules/CiscoSEGUnscannableAttachment.yaml 32 101 1237 58 182 76 2021-12-17 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/CiscoSEG/Analytic Rules/CiscoSEGUnexpextedAttachment.yaml 32 101 1237 58 182 76 2021-12-17 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/CiscoSEG/Analytic Rules/CiscoSEGSuspiciousSenderDomain.yaml 39 101 1237 58 182 76 2021-12-17 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/CiscoSEG/Analytic Rules/CiscoSEGPotentialLinkToMalwareDownload.yaml 33 101 1237 58 183 76 2021-12-17 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/CiscoSEG/Analytic Rules/CiscoSEGUnclassifiedLink.yaml 33 101 1237 58 183 76 2021-12-17 2025-03-10 sp@socprime.com idoshabi@microsoft.com Solutions/GoogleCloudPlatformDNS/Hunting Queries/GCPDNSIpLookup.yaml 28 19 1237 845 31 22 2021-12-17 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/GoogleCloudPlatformDNS/Hunting Queries/GCPDNSRequestToTOR.yaml 27 19 1237 845 31 22 2021-12-17 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/GoogleCloudPlatformDNS/Hunting Queries/GCPDNSSourceHighErrors.yaml 24 19 1237 845 31 22 2021-12-17 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/GoogleCloudPlatformDNS/Hunting Queries/GCPDNSErrors.yaml 27 19 1237 845 31 22 2021-12-17 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/GoogleCloudPlatformDNS/Hunting Queries/GCPDNSServerLatency.yaml 27 19 1237 845 31 22 2021-12-17 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/GoogleCloudPlatformDNS/Hunting Queries/GCPDNSUnexpectedTLD.yaml 24 19 1237 845 31 22 2021-12-17 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/GoogleCloudPlatformDNS/Hunting Queries/GCPDNSRareDomains.yaml 25 46 1237 293 75 52 2021-12-17 2024-07-18 sp@socprime.com 164491672+shishirdw@users.noreply.github.com Solutions/GoogleCloudPlatformDNS/Hunting Queries/GCPDNSOnlineShares.yaml 27 19 1237 845 31 22 2021-12-17 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/GoogleCloudPlatformDNS/Hunting Queries/GCPDNSUnusualTLD.yaml 33 19 1237 845 31 22 2021-12-17 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/GoogleCloudPlatformDNS/Hunting Queries/GCPDNSRareErrors.yaml 26 46 1237 293 75 52 2021-12-17 2024-07-18 sp@socprime.com 164491672+shishirdw@users.noreply.github.com Solutions/GoogleCloudPlatformDNS/Parsers/GCPCloudDNS.yaml 131 50 624 13 92 43 2023-08-22 2025-04-24 mkchiliveri@gmail.com v-prasadboke@microsoft.com Solutions/GoogleCloudPlatformDNS/Analytic Rules/GCPDNSDataExfiltration.yaml 32 19 1237 845 31 22 2021-12-17 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/GoogleCloudPlatformDNS/Analytic Rules/GCPDNSExchangeAutodiscoverAbuse.yaml 34 19 1237 845 31 22 2021-12-17 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/GoogleCloudPlatformDNS/Analytic Rules/GCPDNSUNC2452AptActivity.yaml 32 19 1237 845 31 22 2021-12-17 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/GoogleCloudPlatformDNS/Analytic Rules/GCPDNSMaliciousPythonPackages.yaml 32 19 1237 845 31 22 2021-12-17 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/GoogleCloudPlatformDNS/Analytic Rules/GCPDNSIpCheck.yaml 33 19 1237 845 31 22 2021-12-17 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/GoogleCloudPlatformDNS/Analytic Rules/GCPDNSCVE-2021-40444.yaml 32 19 1237 845 31 22 2021-12-17 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/GoogleCloudPlatformDNS/Analytic Rules/GCPDNSIpDynDns.yaml 33 19 1237 845 31 22 2021-12-17 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/GoogleCloudPlatformDNS/Analytic Rules/GCPDNSSIGREDPattern.yaml 32 19 1237 845 31 22 2021-12-17 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/GoogleCloudPlatformDNS/Analytic Rules/GCPDNSMultipleErrorsFromIp.yaml 32 20 1237 845 32 22 2021-12-17 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/GoogleCloudPlatformDNS/Analytic Rules/GCPDNSPrintNightmare.yaml 32 19 1237 845 31 22 2021-12-17 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/GoogleCloudPlatformDNS/Analytic Rules/GCPDNSMultipleErrorsQuery.yaml 36 20 1237 845 32 22 2021-12-17 2023-01-13 sp@socprime.com koos@lenswork.nl Solutions/GoogleCloudPlatformDNS/Data Connectors/AzureFunctionGCPDNS/main.py 99 48 1434 293 91 56 2021-06-03 2024-07-18 vu@socprime.com 164491672+shishirdw@users.noreply.github.com Solutions/GoogleCloudPlatformDNS/Data Connectors/AzureFunctionGCPDNS/state_manager.py 18 18 1434 576 21 18 2021-06-03 2023-10-09 vu@socprime.com mrudula.oruganti@gigamon.com Solutions/GoogleCloudPlatformDNS/Data Connectors/AzureFunctionGCPDNS/sentinel_connector.py 90 20 1434 576 23 19 2021-06-03 2023-10-09 vu@socprime.com mrudula.oruganti@gigamon.com Solutions/AWS Systems Manager/Playbooks/CustomConnector/AWS_SSM_FunctionAppConnector/DescribeInstancePatches/__init__.py 93 38 712 293 65 44 2023-05-26 2024-07-18 r.greatlove@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/AWS Systems Manager/Playbooks/CustomConnector/AWS_SSM_FunctionAppConnector/StopAutomationExecution/__init__.py 78 37 712 293 64 44 2023-05-26 2024-07-18 r.greatlove@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/AWS Systems Manager/Playbooks/CustomConnector/AWS_SSM_FunctionAppConnector/GetInventory/__init__.py 96 37 712 293 64 44 2023-05-26 2024-07-18 r.greatlove@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/AWS Systems Manager/Playbooks/CustomConnector/AWS_SSM_FunctionAppConnector/RemoveTagFromResource/__init__.py 82 38 712 293 65 44 2023-05-26 2024-07-18 r.greatlove@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/AWS Systems Manager/Playbooks/CustomConnector/AWS_SSM_FunctionAppConnector/DescribeInstanceInformation/__init__.py 97 38 712 293 65 44 2023-05-26 2024-07-18 r.greatlove@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/AWS Systems Manager/Playbooks/CustomConnector/AWS_SSM_FunctionAppConnector/AddTagsToResource/__init__.py 85 38 712 293 65 44 2023-05-26 2024-07-18 r.greatlove@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/AWS Systems Manager/Playbooks/CustomConnector/AWS_SSM_FunctionAppConnector/ListDocuments/__init__.py 80 38 712 293 65 44 2023-05-26 2024-07-18 r.greatlove@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/AWS Systems Manager/Playbooks/CustomConnector/AWS_SSM_FunctionAppConnector/GetAutomationExecution/__init__.py 81 38 712 293 65 44 2023-05-26 2024-07-18 r.greatlove@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/AWS Systems Manager/Playbooks/CustomConnector/AWS_SSM_FunctionAppConnector/CreateDocument/__init__.py 128 38 712 293 65 44 2023-05-26 2024-07-18 r.greatlove@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/AWS Systems Manager/Playbooks/CustomConnector/AWS_SSM_FunctionAppConnector/StartAutomationExecution/__init__.py 139 38 712 293 65 44 2023-05-26 2024-07-18 r.greatlove@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/AWS Systems Manager/Playbooks/CustomConnector/AWS_SSM_FunctionAppConnector/ListTagsForResource/__init__.py 76 38 712 293 65 44 2023-05-26 2024-07-18 r.greatlove@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/AWS Systems Manager/Playbooks/CustomConnector/AWS_SSM_FunctionAppConnector/DeleteDocument/__init__.py 92 38 712 293 65 44 2023-05-26 2024-07-18 r.greatlove@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/AWS Systems Manager/Playbooks/CustomConnector/AWS_SSM_FunctionAppConnector/DescribeDocument/__init__.py 85 38 712 293 65 44 2023-05-26 2024-07-18 r.greatlove@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/AWS Systems Manager/Playbooks/CustomConnector/AWS_SSM_FunctionAppConnector/GetDocument/__init__.py 89 38 712 293 65 44 2023-05-26 2024-07-18 r.greatlove@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Network Session Essentials/Hunting Queries/Remote Desktop Network Traffic(ASIM Network Session schema).yaml 30 23 436 268 37 21 2024-02-26 2024-08-12 v-prasadboke@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Network Session Essentials/Hunting Queries/MismatchBetweenDestinationAppNameAndDestinationPort.yaml 86 51 824 261 80 45 2023-02-03 2024-08-19 demehra@microsoft.com v-prasadboke@microsoft.com Solutions/Network Session Essentials/Hunting Queries/DetectPortMisuseByStaticThresholdHunting.yaml 131 51 824 261 80 45 2023-02-03 2024-08-19 demehra@microsoft.com v-prasadboke@microsoft.com Solutions/Network Session Essentials/Hunting Queries/DetectPortMisuseByAnomalyHunting.yaml 173 74 824 261 120 56 2023-02-03 2024-08-19 demehra@microsoft.com v-prasadboke@microsoft.com Solutions/Network Session Essentials/Hunting Queries/Detect Outbound LDAP Traffic(ASIM Network Session schema).yaml 26 24 436 268 38 21 2024-02-26 2024-08-12 v-prasadboke@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Network Session Essentials/Hunting Queries/Protocols passing authentication in cleartext (ASIM Network Session schema).yaml 35 22 440 268 35 21 2024-02-22 2024-08-12 v-prasadboke@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Network Session Essentials/Hunting Queries/DetectsSeveralUsersWithTheSameMACAddress.yaml 72 51 824 261 80 45 2023-02-03 2024-08-19 demehra@microsoft.com v-prasadboke@microsoft.com Solutions/Network Session Essentials/Analytic Rules/ExcessiveHTTPFailuresFromSource.yaml 94 79 824 261 136 58 2023-02-03 2024-08-19 demehra@microsoft.com v-prasadboke@microsoft.com Solutions/Network Session Essentials/Analytic Rules/DetectPortMisuseByStaticThreshold.yaml 151 51 824 261 80 45 2023-02-03 2024-08-19 demehra@microsoft.com v-prasadboke@microsoft.com Solutions/Network Session Essentials/Analytic Rules/AnomalyFoundInNetworkSessionTraffic.yaml 192 51 824 261 80 45 2023-02-03 2024-08-19 demehra@microsoft.com v-prasadboke@microsoft.com Solutions/Network Session Essentials/Analytic Rules/PortScan.yaml 95 58 824 261 97 47 2023-02-03 2024-08-19 demehra@microsoft.com v-prasadboke@microsoft.com Solutions/Network Session Essentials/Analytic Rules/NetworkPortSweepFromExternalNetwork.yaml 91 86 824 8 179 75 2023-02-03 2025-04-29 demehra@microsoft.com v-atulyadav@microsoft.com Solutions/Network Session Essentials/Analytic Rules/DetectPortMisuseByAnomalyBasedDetection.yaml 192 75 824 261 113 54 2023-02-03 2024-08-19 demehra@microsoft.com v-prasadboke@microsoft.com Solutions/Network Session Essentials/Analytic Rules/PossibleBeaconingActivity.yaml 107 100 824 261 195 67 2023-02-03 2024-08-19 demehra@microsoft.com v-prasadboke@microsoft.com Solutions/Network Session Essentials/Analytic Rules/Anomaly in SMB Traffic(ASIM Network Session schema).yaml 53 21 432 268 33 21 2024-03-01 2024-08-12 117061676+v-prasadboke@users.noreply.github.com 62938807+haim-na@users.noreply.github.com Solutions/Network Session Essentials/Analytic Rules/Remote Desktop Network Brute force (ASIM Network Session schema).yaml 39 20 426 268 31 21 2024-03-07 2024-08-12 99244859+praveenthepro@users.noreply.github.com 62938807+haim-na@users.noreply.github.com Solutions/AWS_IAM/Playbooks/AWS_IAM_FunctionAppConnector/ListAttachedUserPolicies/__init__.py 25 29 1049 576 51 25 2022-06-23 2023-10-09 vu@socprime.com mrudula.oruganti@gigamon.com Solutions/AWS_IAM/Playbooks/AWS_IAM_FunctionAppConnector/ListGroupsForUser/__init__.py 33 29 1049 576 50 25 2022-06-23 2023-10-09 vu@socprime.com mrudula.oruganti@gigamon.com Solutions/AWS_IAM/Playbooks/AWS_IAM_FunctionAppConnector/DeleteAccessKey/__init__.py 21 29 1049 576 51 25 2022-06-23 2023-10-09 vu@socprime.com mrudula.oruganti@gigamon.com Solutions/AWS_IAM/Playbooks/AWS_IAM_FunctionAppConnector/ListAccessKeys/__init__.py 25 29 1049 576 51 25 2022-06-23 2023-10-09 vu@socprime.com mrudula.oruganti@gigamon.com Solutions/AWS_IAM/Playbooks/AWS_IAM_FunctionAppConnector/DetachUserPolicy/__init__.py 22 29 1049 576 51 25 2022-06-23 2023-10-09 vu@socprime.com mrudula.oruganti@gigamon.com Solutions/AWS_IAM/Playbooks/AWS_IAM_FunctionAppConnector/DeleteUserPolicy/__init__.py 21 29 1049 576 51 25 2022-06-23 2023-10-09 vu@socprime.com mrudula.oruganti@gigamon.com Solutions/AWS_IAM/Playbooks/AWS_IAM_FunctionAppConnector/GetUser/__init__.py 28 29 1049 576 50 25 2022-06-23 2023-10-09 vu@socprime.com mrudula.oruganti@gigamon.com Solutions/AWS_IAM/Playbooks/AWS_IAM_FunctionAppConnector/ListUserPolicies/__init__.py 33 29 1049 576 50 25 2022-06-23 2023-10-09 vu@socprime.com mrudula.oruganti@gigamon.com Solutions/AWS_IAM/Playbooks/AWS_IAM_FunctionAppConnector/TagUser/__init__.py 31 29 1049 576 50 25 2022-06-23 2023-10-09 vu@socprime.com mrudula.oruganti@gigamon.com Solutions/CyberArkAudit/Data Connectors/CyberArkAuditConnector/exporter.py 45 42 419 13 55 27 2024-03-14 2025-04-24 153099157+nitsan-tzur@users.noreply.github.com v-prasadboke@microsoft.com Solutions/CyberArkAudit/Data Connectors/CyberArkAuditConnector/main.py 15 19 404 261 23 15 2024-03-29 2024-08-19 153099157+nitsan-tzur@users.noreply.github.com v-prasadboke@microsoft.com Solutions/CyberArkAudit/Data Connectors/CyberArkAuditConnector/audit.py 165 34 419 57 44 25 2024-03-14 2025-03-11 153099157+nitsan-tzur@users.noreply.github.com v-atulyadav@microsoft.com Solutions/CyberArkAudit/Data Connectors/CyberArkAuditConnector/storage.py 39 20 419 261 26 15 2024-03-14 2024-08-19 153099157+nitsan-tzur@users.noreply.github.com v-prasadboke@microsoft.com Solutions/SquidProxy/Parsers/SquidProxy.yaml 22 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/1Password/Data Connectors/requirements.psd1 9 23 330 259 46 21 2024-06-11 2024-08-21 v-prasadboke@microsoft.com nilepagn@microsoft.com Solutions/1Password/Data Connectors/function/run.ps1 61 23 330 259 46 21 2024-06-11 2024-08-21 v-prasadboke@microsoft.com nilepagn@microsoft.com Solutions/1Password/Data Connectors/Modules/HelperFunctions/HelperFunctions.psm1 351 23 330 259 46 21 2024-06-11 2024-08-21 v-prasadboke@microsoft.com nilepagn@microsoft.com Solutions/1Password/Data Connectors/profile.ps1 19 23 330 259 46 21 2024-06-11 2024-08-21 v-prasadboke@microsoft.com nilepagn@microsoft.com Solutions/1Password/Analytics Rules/1Password - New service account integration created.yaml 51 25 380 259 49 23 2024-04-22 2024-08-21 rogierdijkman@hotmail.com nilepagn@microsoft.com Solutions/1Password/Analytics Rules/1Password - User added to privileged group.yaml 69 25 380 259 49 23 2024-04-22 2024-08-21 rogierdijkman@hotmail.com nilepagn@microsoft.com Solutions/1Password/Analytics Rules/1Password - Non-privileged vault user permission change.yaml 65 25 380 259 49 23 2024-04-22 2024-08-21 rogierdijkman@hotmail.com nilepagn@microsoft.com Solutions/1Password/Analytics Rules/1Password - Vault Export.yaml 48 27 460 259 52 23 2024-02-02 2024-08-21 rogierdijkman@hotmail.com nilepagn@microsoft.com Solutions/1Password/Analytics Rules/1Password - Privileged vault permission change.yaml 66 25 380 259 49 23 2024-04-22 2024-08-21 rogierdijkman@hotmail.com nilepagn@microsoft.com Solutions/1Password/Analytics Rules/1Password - Disable MFA factor or type for all user accounts.yaml 49 25 380 259 49 23 2024-04-22 2024-08-21 rogierdijkman@hotmail.com nilepagn@microsoft.com Solutions/1Password/Analytics Rules/1Password - Changes to firewall rules.yaml 51 25 380 259 49 23 2024-04-22 2024-08-21 rogierdijkman@hotmail.com nilepagn@microsoft.com Solutions/1Password/Analytics Rules/1Password - User account MFA settings changed.yaml 50 25 380 259 49 23 2024-04-22 2024-08-21 rogierdijkman@hotmail.com nilepagn@microsoft.com Solutions/1Password/Analytics Rules/1Password - Changes to SSO configuration.yaml 51 29 380 259 68 27 2024-04-22 2024-08-21 rogierdijkman@hotmail.com nilepagn@microsoft.com Solutions/1Password/Analytics Rules/1Password - Potential insider privilege escalation via vault.yaml 57 25 380 259 49 23 2024-04-22 2024-08-21 rogierdijkman@hotmail.com nilepagn@microsoft.com Solutions/1Password/Analytics Rules/1Password - Log Ingestion Failure.yaml 39 25 380 259 49 23 2024-04-22 2024-08-21 rogierdijkman@hotmail.com nilepagn@microsoft.com Solutions/1Password/Analytics Rules/1Password - Service account integration token adjustment.yaml 51 25 380 259 49 23 2024-04-22 2024-08-21 rogierdijkman@hotmail.com nilepagn@microsoft.com Solutions/1Password/Analytics Rules/1Password - Vault Export Post Account Creation.yaml 63 27 460 259 52 23 2024-02-02 2024-08-21 rogierdijkman@hotmail.com nilepagn@microsoft.com Solutions/1Password/Analytics Rules/1Password - Manual account creation.yaml 55 25 380 259 49 23 2024-04-22 2024-08-21 rogierdijkman@hotmail.com nilepagn@microsoft.com Solutions/1Password/Analytics Rules/1Password - Vault export prior to account suspension or deletion.yaml 71 27 460 259 52 23 2024-02-02 2024-08-21 rogierdijkman@hotmail.com nilepagn@microsoft.com Solutions/1Password/Analytics Rules/1Password - Secret Extraction Post Vault Access Change By Administrator.yaml 78 27 460 259 52 23 2024-02-02 2024-08-21 rogierdijkman@hotmail.com nilepagn@microsoft.com Solutions/1Password/Analytics Rules/1Password - Successful anomalous sign-in.yaml 66 25 380 259 49 23 2024-04-22 2024-08-21 rogierdijkman@hotmail.com nilepagn@microsoft.com Solutions/1Password/Analytics Rules/1Password - Potential insider privilege escalation via group.yaml 62 25 380 259 49 23 2024-04-22 2024-08-21 rogierdijkman@hotmail.com nilepagn@microsoft.com Solutions/CTM360/Analytic Rules/Tlsv1InUseLow.yaml 53 61 518 259 121 40 2023-12-06 2024-08-21 sayedali@ctm360.com nilepagn@microsoft.com Solutions/CTM360/Analytic Rules/AutoGeneratedPage.yaml 40 60 518 259 120 40 2023-12-06 2024-08-21 sayedali@ctm360.com nilepagn@microsoft.com Solutions/CTM360/Analytic Rules/Tlsv11InUseMedium.yaml 60 61 518 259 121 40 2023-12-06 2024-08-21 sayedali@ctm360.com nilepagn@microsoft.com Solutions/CTM360/Analytic Rules/TLSCertificateUsingWeakCipherMedium.yaml 53 61 518 259 121 40 2023-12-06 2024-08-21 sayedali@ctm360.com nilepagn@microsoft.com Solutions/CTM360/Analytic Rules/ExposedEmailAddress.yaml 41 63 518 259 128 42 2023-12-06 2024-08-21 sayedali@ctm360.com nilepagn@microsoft.com Solutions/CTM360/Analytic Rules/Tlsv11InUseInfo.yaml 53 61 518 259 121 40 2023-12-06 2024-08-21 sayedali@ctm360.com nilepagn@microsoft.com Solutions/CTM360/Analytic Rules/TLSCertificateHostnameMismatch.yaml 50 61 518 259 121 40 2023-12-06 2024-08-21 sayedali@ctm360.com nilepagn@microsoft.com Solutions/CTM360/Analytic Rules/HeaderContentSecurityPolicyMissing.yaml 49 60 518 259 120 40 2023-12-06 2024-08-21 sayedali@ctm360.com nilepagn@microsoft.com Solutions/CTM360/Analytic Rules/LeakedCredential.yaml 38 60 518 259 120 40 2023-12-06 2024-08-21 sayedali@ctm360.com nilepagn@microsoft.com Solutions/CTM360/Analytic Rules/ExposedAdminLoginPage.yaml 50 60 518 259 120 40 2023-12-06 2024-08-21 sayedali@ctm360.com nilepagn@microsoft.com Solutions/CTM360/Analytic Rules/CodeRepository.yaml 41 60 518 259 120 40 2023-12-06 2024-08-21 sayedali@ctm360.com nilepagn@microsoft.com Solutions/CTM360/Analytic Rules/Phishing.yaml 43 60 518 259 120 40 2023-12-06 2024-08-21 sayedali@ctm360.com nilepagn@microsoft.com Solutions/CTM360/Analytic Rules/HeaderXFrameOptionsMissingLow.yaml 48 60 518 259 120 40 2023-12-06 2024-08-21 sayedali@ctm360.com nilepagn@microsoft.com Solutions/CTM360/Analytic Rules/HeaderXFrameOptionsMissingMedium.yaml 49 60 518 259 120 40 2023-12-06 2024-08-21 sayedali@ctm360.com nilepagn@microsoft.com Solutions/CTM360/Analytic Rules/CompromisedCards.yaml 41 60 518 259 120 40 2023-12-06 2024-08-21 sayedali@ctm360.com nilepagn@microsoft.com Solutions/CTM360/Analytic Rules/CookiesHttponlyFlagNotUsed.yaml 48 60 518 259 120 40 2023-12-06 2024-08-21 sayedali@ctm360.com nilepagn@microsoft.com Solutions/CTM360/Analytic Rules/DMARCNotConfigured.yaml 49 60 518 259 120 40 2023-12-06 2024-08-21 sayedali@ctm360.com nilepagn@microsoft.com Solutions/CTM360/Analytic Rules/TLSCertificateUsingWeakCipherInformational.yaml 53 61 518 259 121 40 2023-12-06 2024-08-21 sayedali@ctm360.com nilepagn@microsoft.com Solutions/CTM360/Analytic Rules/BrandImpersonationINFO.yaml 42 60 518 259 120 40 2023-12-06 2024-08-21 sayedali@ctm360.com nilepagn@microsoft.com Solutions/CTM360/Analytic Rules/SPFPolicySetToSoftFail.yaml 50 60 518 259 120 40 2023-12-06 2024-08-21 sayedali@ctm360.com nilepagn@microsoft.com Solutions/CTM360/Analytic Rules/HeaderReferrerPolicyMissing.yaml 49 60 518 259 120 40 2023-12-06 2024-08-21 sayedali@ctm360.com nilepagn@microsoft.com Solutions/CTM360/Analytic Rules/CookiesSecureFlagNotUsed.yaml 48 60 518 259 120 40 2023-12-06 2024-08-21 sayedali@ctm360.com nilepagn@microsoft.com Solutions/CTM360/Analytic Rules/ExposedUserList.yaml 48 60 518 259 120 40 2023-12-06 2024-08-21 sayedali@ctm360.com nilepagn@microsoft.com Solutions/CTM360/Analytic Rules/DomainInfringemen.yaml 43 60 518 259 120 40 2023-12-06 2024-08-21 sayedali@ctm360.com nilepagn@microsoft.com Solutions/CTM360/Analytic Rules/SubresourceIntegritySRINotImplemented.yaml 48 60 518 259 120 40 2023-12-06 2024-08-21 sayedali@ctm360.com nilepagn@microsoft.com Solutions/CTM360/Analytic Rules/SubdomainInfringement.yaml 44 60 518 259 120 40 2023-12-06 2024-08-21 sayedali@ctm360.com nilepagn@microsoft.com Solutions/CTM360/Analytic Rules/SPFNotConfigured.yaml 50 60 518 259 120 40 2023-12-06 2024-08-21 sayedali@ctm360.com nilepagn@microsoft.com Solutions/CTM360/Analytic Rules/HeaderXFrameOptionsMissingInformational.yaml 48 60 518 259 120 40 2023-12-06 2024-08-21 sayedali@ctm360.com nilepagn@microsoft.com Solutions/CTM360/Analytic Rules/HeaderXXSSProtectionMissing.yaml 48 60 518 259 120 40 2023-12-06 2024-08-21 sayedali@ctm360.com nilepagn@microsoft.com Solutions/CTM360/Analytic Rules/HeaderWebServerExposed.yaml 48 60 518 259 120 40 2023-12-06 2024-08-21 sayedali@ctm360.com nilepagn@microsoft.com Solutions/CTM360/Analytic Rules/SuspiciousMobileAppINFO.yaml 42 60 518 259 120 40 2023-12-06 2024-08-21 sayedali@ctm360.com nilepagn@microsoft.com Solutions/CTM360/Analytic Rules/CookiesSamesiteFlagNotUsed.yaml 49 61 518 259 121 40 2023-12-06 2024-08-21 sayedali@ctm360.com nilepagn@microsoft.com Solutions/CTM360/Analytic Rules/ExecutiveImpersonation.yaml 41 61 518 259 121 40 2023-12-06 2024-08-21 sayedali@ctm360.com nilepagn@microsoft.com Solutions/CTM360/Analytic Rules/BrandImpersonationHIGH.yaml 43 60 518 259 120 40 2023-12-06 2024-08-21 sayedali@ctm360.com nilepagn@microsoft.com Solutions/CTM360/Analytic Rules/HeaderHTTPStrictTransportSecurityMissing.yaml 49 60 518 259 120 40 2023-12-06 2024-08-21 sayedali@ctm360.com nilepagn@microsoft.com Solutions/CTM360/Analytic Rules/BrandAbuse.yaml 47 60 518 259 120 40 2023-12-06 2024-08-21 sayedali@ctm360.com nilepagn@microsoft.com Solutions/CTM360/Analytic Rules/Tlsv1InUseMedium.yaml 53 61 518 259 121 40 2023-12-06 2024-08-21 sayedali@ctm360.com nilepagn@microsoft.com Solutions/CTM360/Analytic Rules/SuspiciousMobileAppHigh.yaml 41 60 518 259 120 40 2023-12-06 2024-08-21 sayedali@ctm360.com nilepagn@microsoft.com Solutions/CTM360/Data Connectors/CBS/AzureFunctionCTM360_CBS/__init__.py 149 27 514 293 43 22 2023-12-10 2024-07-18 sayedali@ctm360.com 164491672+shishirdw@users.noreply.github.com Solutions/CTM360/Data Connectors/CBS/AzureFunctionCTM360_CBS/state_manager.py 18 25 497 293 40 22 2023-12-27 2024-07-18 sayedali@ctm360.com 164491672+shishirdw@users.noreply.github.com Solutions/CTM360/Data Connectors/HackerView/AzureFunctionCTM360_HV/__init__.py 150 27 514 293 43 22 2023-12-10 2024-07-18 sayedali@ctm360.com 164491672+shishirdw@users.noreply.github.com Solutions/CTM360/Data Connectors/HackerView/AzureFunctionCTM360_HV/state_manager.py 18 25 497 293 40 22 2023-12-27 2024-07-18 sayedali@ctm360.com 164491672+shishirdw@users.noreply.github.com Solutions/CiscoMeraki/Parsers/CiscoMeraki.yaml 246 60 624 106 127 50 2023-08-22 2025-01-21 mkchiliveri@gmail.com 128674128+v1managedservices@users.noreply.github.com Solutions/Business Email Compromise - Financial Fraud/Hunting Queries/UserDetectPrivilegeGroup.yaml 34 37 642 293 55 28 2023-08-04 2024-07-18 v-prasadboke@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Business Email Compromise - Financial Fraud/Hunting Queries/riskSignInWithNewMFAMethod.yaml 94 89 642 268 166 64 2023-08-04 2024-08-12 v-prasadboke@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Business Email Compromise - Financial Fraud/Hunting Queries/new_locations_azuread_signin.yaml 65 91 642 268 173 64 2023-08-04 2024-08-12 v-prasadboke@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Business Email Compromise - Financial Fraud/Hunting Queries/AWSBucketAPILogs-SuspiciousDataAccessToS3BucketsfromUnknownIP.yaml 49 79 642 293 141 55 2023-08-04 2024-07-18 v-prasadboke@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Business Email Compromise - Financial Fraud/Hunting Queries/UserLoginIPAddressTeleportation.yaml 112 89 642 268 166 64 2023-08-04 2024-08-12 v-prasadboke@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Business Email Compromise - Financial Fraud/Hunting Queries/OfficeMailRuleCreationWithMailMoveActivity.yaml 72 60 642 293 106 46 2023-08-04 2024-07-18 v-prasadboke@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Business Email Compromise - Financial Fraud/Hunting Queries/Emailforwarding_SAPdownload.yaml 76 60 642 293 106 46 2023-08-04 2024-07-18 v-prasadboke@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Business Email Compromise - Financial Fraud/Hunting Queries/LegacyAuthAttempt.yaml 42 91 642 268 170 64 2023-08-04 2024-08-12 v-prasadboke@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Business Email Compromise - Financial Fraud/Hunting Queries/UserAccounts-UnusualLogonTimes.yaml 76 89 642 268 166 64 2023-08-04 2024-08-12 v-prasadboke@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Business Email Compromise - Financial Fraud/Hunting Queries/AWSBucketAPILogs-S3BucketDataTransferTimeSeriesAnomaly.yaml 54 60 642 293 106 46 2023-08-04 2024-07-18 v-prasadboke@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Business Email Compromise - Financial Fraud/Hunting Queries/UserAccounts-NewSingleFactorAuth.yaml 67 71 642 293 133 53 2023-08-04 2024-07-18 v-prasadboke@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Business Email Compromise - Financial Fraud/Hunting Queries/SAP_HighdownloadfromPriviledgedaccount.yaml 56 60 642 293 106 46 2023-08-04 2024-07-18 v-prasadboke@microsoft.com 164491672+shishirdw@users.noreply.github.com Solutions/Business Email Compromise - Financial Fraud/Hunting Queries/SuccessfulSigninFromNon-CompliantDevice.yaml 67 89 642 268 166 64 2023-08-04 2024-08-12 v-prasadboke@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Business Email Compromise - Financial Fraud/Analytic Rules/AuthenticationMethodChangedforPrivilegedAccount.yaml 71 102 642 268 187 64 2023-08-04 2024-08-12 v-prasadboke@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Business Email Compromise - Financial Fraud/Analytic Rules/SuspiciousAccessOfBECRelatedDocumentsInAWSS3Buckets.yaml 72 76 642 261 135 49 2023-08-04 2024-08-19 v-prasadboke@microsoft.com v-prasadboke@microsoft.com Solutions/Business Email Compromise - Financial Fraud/Analytic Rules/AccountElevatedtoNewRole.yaml 87 91 642 268 163 59 2023-08-04 2024-08-12 v-prasadboke@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Business Email Compromise - Financial Fraud/Analytic Rules/BEC_MailboxRule.yaml 54 67 642 268 121 47 2023-08-04 2024-08-12 v-prasadboke@microsoft.com 62938807+haim-na@users.noreply.github.com Solutions/Business Email Compromise - Financial Fraud/Analytic Rules/SuspiciousAccessOfBECRelatedDocuments.yaml 88 98 642 261 189 60 2023-08-04 2024-08-19 v-prasadboke@microsoft.com v-prasadboke@microsoft.com Solutions/Business Email Compromise - Financial Fraud/Analytic Rules/PrivilegedAccountPermissionsChanged.yaml 79 111 642 261 213 69 2023-08-04 2024-08-19 v-prasadboke@microsoft.com v-prasadboke@microsoft.com Solutions/Business Email Compromise - Financial Fraud/Analytic Rules/UserAddedtoAdminRole.yaml 74 77 642 261 131 51 2023-08-04 2024-08-19 v-prasadboke@microsoft.com v-prasadboke@microsoft.com Solutions/LastPass/Hunting Queries/LoginIntoLastPassFromUnknownIP.yaml 24 28 1244 576 36 27 2021-12-10 2023-10-09 42153270+thijslecomte@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/LastPass/Hunting Queries/FailedSigninsDueToMFA.yaml 21 28 1244 576 36 27 2021-12-10 2023-10-09 42153270+thijslecomte@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/LastPass/Hunting Queries/PasswordMoveToSharedFolder.yaml 16 28 1244 576 36 27 2021-12-10 2023-10-09 42153270+thijslecomte@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/LastPass/Analytic Rules/FailedSigninDueToMFA.yaml 43 85 1244 293 145 75 2021-12-10 2024-07-18 42153270+thijslecomte@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Solutions/LastPass/Analytic Rules/UnusualVolumeOfPasswordsUpdatedOrRemoved.yaml 45 57 1244 576 85 54 2021-12-10 2023-10-09 42153270+thijslecomte@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/LastPass/Analytic Rules/HighlySensitivePasswordAccessed.yaml 44 65 1244 576 97 60 2021-12-10 2023-10-09 42153270+thijslecomte@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/LastPass/Analytic Rules/TIMapIPEntityToLastPass.yaml 30 70 1244 106 118 66 2021-12-10 2025-01-21 42153270+thijslecomte@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Solutions/LastPass/Analytic Rules/EmployeeAccountDeleted.yaml 36 57 1244 576 85 54 2021-12-10 2023-10-09 42153270+thijslecomte@users.noreply.github.com mrudula.oruganti@gigamon.com Solutions/Egress Defend/Hunting Queries/DangerousLinksClicked.yaml 16 36 652 293 60 29 2023-07-25 2024-07-18 glynn.merryweather@egress.com 164491672+shishirdw@users.noreply.github.com Solutions/Egress Defend/Parsers/DefendAuditData.yaml 26 34 624 293 69 31 2023-08-22 2024-07-18 mkchiliveri@gmail.com 164491672+shishirdw@users.noreply.github.com Solutions/Egress Defend/Analytic Rules/DangerousLinksClicked.yaml 51 37 652 293 62 29 2023-07-25 2024-07-18 glynn.merryweather@egress.com 164491672+shishirdw@users.noreply.github.com Solutions/Egress Defend/Analytic Rules/DangerousAttachmentReceived.yaml 55 37 652 293 62 29 2023-07-25 2024-07-18 glynn.merryweather@egress.com 164491672+shishirdw@users.noreply.github.com Tutorials/Microsoft 365 Defender/Webcasts/Airlift 2021 - Lets Invoke.csl 415 19 1204 576 24 19 2022-01-19 2023-10-09 63594865+tali-ash@users.noreply.github.com mrudula.oruganti@gigamon.com Tools/Azure-Sentinel-add-on/default/data/ui/views/home.xml 4 23 838 576 34 21 2023-01-20 2023-10-09 v-rucdu@microsoft.com mrudula.oruganti@gigamon.com Tools/Azure-Sentinel-add-on/default/data/ui/nav/default.xml 3 23 838 576 34 21 2023-01-20 2023-10-09 v-rucdu@microsoft.com mrudula.oruganti@gigamon.com Tools/Azure-Sentinel-add-on/default/data/ui/alerts/send_to_sentinel.html 33 23 838 576 34 21 2023-01-20 2023-10-09 v-rucdu@microsoft.com mrudula.oruganti@gigamon.com Tools/Azure-Sentinel-add-on/README/alert_actions.conf.spec 9 23 838 576 34 21 2023-01-20 2023-10-09 v-rucdu@microsoft.com mrudula.oruganti@gigamon.com Tools/Azure-Sentinel-add-on/README/addon_builder.conf.spec 4 23 838 576 34 21 2023-01-20 2023-10-09 v-rucdu@microsoft.com mrudula.oruganti@gigamon.com Tools/ConvertYamlToJson/ConvertSentinelRuleFrom-Yaml.ps1 177 84 1148 261 155 60 2022-03-16 2024-08-19 pkhabazi@outlook.com v-prasadboke@microsoft.com Tools/ArcSight-Data-Migration/lacat-opt.py 152 30 1085 576 41 23 2022-05-18 2023-10-09 105750188+diyadarsh@users.noreply.github.com mrudula.oruganti@gigamon.com Tools/Copy-AzOperationalInsightsTable/Copy-AzOperationalInsightsTable.ps1 123 11 329 106 28 14 2024-06-12 2025-01-21 45040511+thealistairross@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Tools/RDAP/RDAPQuery/RDAPQuery/QueryEngine.cs 206 20 1441 576 24 18 2021-05-27 2023-10-09 matt@chromeweb.com mrudula.oruganti@gigamon.com Tools/RDAP/RDAPQuery/RDAPQuery/LogAnalytics.cs 159 20 1441 576 24 18 2021-05-27 2023-10-09 matt@chromeweb.com mrudula.oruganti@gigamon.com Tools/Az.SecurityInsights-Samples/Alert Rules/Import GitHub YAML rules/ImportGitHubYAMLrules.ps1 158 23 1521 576 31 27 2021-03-08 2023-10-09 andesreedhar@gmail.com mrudula.oruganti@gigamon.com Tools/Az.SecurityInsights-Samples/Alert Rules/Import Analytics Rules/importAzureSentinelRules.ps1 164 32 1552 576 38 32 2021-02-05 2023-10-09 tiandert@microsoft.com mrudula.oruganti@gigamon.com Tools/Az.SecurityInsights-Samples/Alert Rules/Export Analytics Rules/exportAzureSentinelRules.ps1 91 34 1556 576 50 36 2021-02-01 2023-10-09 johnbilliris@users.noreply.github.com mrudula.oruganti@gigamon.com Tools/Az.SecurityInsights-Samples/Alert Rule Actions/Add Action to All Azure Sentinel Analytics Rules/addAzureSentinelAlertAction.ps1 97 16 1415 576 18 16 2021-06-22 2023-10-09 mburrough@gmail.com mrudula.oruganti@gigamon.com Tools/AzureDataExplorer/Pipeline/Migrate-LA-to-ADX-Pipeline.ps1 611 17 1345 576 20 16 2021-08-31 2023-10-09 alexandre@verkinderen.com mrudula.oruganti@gigamon.com Tools/AzureDataExplorer/CreateTables_ADX_ScriptFile/Create-LA-Tables-ADX-ScriptFile.ps1 392 11 316 106 28 14 2024-06-25 2025-01-21 45040511+thealistairross@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Tools/AzureDataExplorer/Migrate-LA-to-ADX.ps1 613 56 1422 576 90 48 2021-06-15 2023-10-09 andesreedhar@gmail.com mrudula.oruganti@gigamon.com Tools/AzureDataExplorer/CreateTables_ADX/Create-LA-Tables-ADX.ps1 318 16 1324 576 19 16 2021-09-21 2023-10-09 22670063+sreedharande@users.noreply.github.com mrudula.oruganti@gigamon.com Tools/Create-Azure-Sentinel-Solution/pipeline/createSolutionV4.ps1 305 143 677 106 371 91 2023-06-30 2025-01-21 v-amolpatil@microsoft.com 128674128+v1managedservices@users.noreply.github.com Tools/Create-Azure-Sentinel-Solution/createSolution.ps1 1314 162 1458 380 282 104 2021-05-10 2024-04-22 55556791+elforb@users.noreply.github.com rogierdijkman@hotmail.com Tools/Create-Azure-Sentinel-Solution/common/commonFunctions.ps1 3350 280 679 8 759 133 2023-06-28 2025-04-29 demehra@microsoft.com v-atulyadav@microsoft.com Tools/Create-Azure-Sentinel-Solution/common/standardLogStreams.ps1 106 11 114 57 15 13 2025-01-13 2025-03-11 v-amolpatil@microsoft.com v-atulyadav@microsoft.com Tools/Create-Azure-Sentinel-Solution/common/LogAppInsights.ps1 387 29 678 293 66 39 2023-06-29 2024-07-18 v-amolpatil@microsoft.com 164491672+shishirdw@users.noreply.github.com Tools/Create-Azure-Sentinel-Solution/common/createCCPConnector.ps1 921 104 550 8 175 50 2023-11-04 2025-04-29 v-amolpatil@microsoft.com v-shukore@microsoft.com Tools/Create-Azure-Sentinel-Solution/common/get-ccp-details.ps1 362 50 541 57 68 34 2023-11-13 2025-03-11 v-amolpatil@microsoft.com v-atulyadav@microsoft.com Tools/Create-Azure-Sentinel-Solution/common/templating/replacePlaybookParamNames.js 8 27 679 293 61 39 2023-06-28 2024-07-18 demehra@microsoft.com 164491672+shishirdw@users.noreply.github.com Tools/Create-Azure-Sentinel-Solution/common/templating/replacePlaybookVarNames.js 8 27 679 293 61 39 2023-06-28 2024-07-18 demehra@microsoft.com 164491672+shishirdw@users.noreply.github.com Tools/Create-Azure-Sentinel-Solution/common/templating/replaceLocationValue.js 8 27 679 293 61 39 2023-06-28 2024-07-18 demehra@microsoft.com 164491672+shishirdw@users.noreply.github.com Tools/Create-Azure-Sentinel-Solution/common/templating/SolutionAutomationInput.ts 26 27 679 293 61 39 2023-06-28 2024-07-18 demehra@microsoft.com 164491672+shishirdw@users.noreply.github.com Tools/Create-Azure-Sentinel-Solution/V3/createSolutionV3.ps1 292 192 679 57 467 111 2023-06-28 2025-03-11 demehra@microsoft.com v-atulyadav@microsoft.com Tools/Create-Azure-Sentinel-Solution/arm-ttk/download-arm-ttk.ps1 15 47 1458 576 74 46 2021-05-10 2023-10-09 55556791+elforb@users.noreply.github.com mrudula.oruganti@gigamon.com Tools/Create-Azure-Sentinel-Solution/arm-ttk/run-arm-ttk-in-automation.ps1 45 27 1458 8 36 30 2021-05-10 2025-04-29 55556791+elforb@users.noreply.github.com v-shukore@microsoft.com Tools/Create-Azure-Sentinel-Solution/V2/createSolutionV2.ps1 2512 255 1077 293 597 137 2022-05-26 2024-07-18 tichandr@microsoft.com 164491672+shishirdw@users.noreply.github.com Tools/Create-Azure-Sentinel-Solution/V2/templating/replacePlaybookParamNames.js 8 22 1077 576 34 20 2022-05-26 2023-10-09 v-sabiraj@microsoft.com mrudula.oruganti@gigamon.com Tools/Create-Azure-Sentinel-Solution/V2/templating/replacePlaybookVarNames.js 8 23 1093 576 35 21 2022-05-10 2023-10-09 v-dvedak@microsoft.com mrudula.oruganti@gigamon.com Tools/Create-Azure-Sentinel-Solution/V2/templating/replaceLocationValue.js 8 22 1077 576 34 20 2022-05-26 2023-10-09 v-sabiraj@microsoft.com mrudula.oruganti@gigamon.com Tools/Create-Azure-Sentinel-Solution/V2/templating/SolutionAutomationInput.ts 26 23 1093 576 35 21 2022-05-10 2023-10-09 v-dvedak@microsoft.com mrudula.oruganti@gigamon.com Tools/Create-Azure-Sentinel-Solution/templating/replacePlaybookParamNames.js 8 28 1458 576 37 29 2021-05-10 2023-10-09 55556791+elforb@users.noreply.github.com mrudula.oruganti@gigamon.com Tools/Create-Azure-Sentinel-Solution/templating/replacePlaybookVarNames.js 8 23 1458 576 30 24 2021-05-10 2023-10-09 55556791+elforb@users.noreply.github.com mrudula.oruganti@gigamon.com Tools/Create-Azure-Sentinel-Solution/templating/replaceLocationValue.js 8 23 1458 576 30 24 2021-05-10 2023-10-09 55556791+elforb@users.noreply.github.com mrudula.oruganti@gigamon.com Tools/Create-Azure-Sentinel-Solution/templating/SolutionAutomationInput.ts 20 62 1458 576 87 54 2021-05-10 2023-10-09 55556791+elforb@users.noreply.github.com mrudula.oruganti@gigamon.com Tools/SyncMSServiceTags/syncMSServiceTags.ps1 35 26 1111 576 31 25 2022-04-22 2023-10-09 samik.n.roy@gmail.com mrudula.oruganti@gigamon.com Tools/Sample-Data-Ingest-Tool/SampleDataIngestTool/AppConfig.cs 33 6 1792 576 7 5 2020-06-10 2023-10-09 hello.tayta@gmail.com mrudula.oruganti@gigamon.com Tools/Sample-Data-Ingest-Tool/SampleDataIngestTool/SampleDataPath.cs 26 8 1792 576 10 6 2020-06-10 2023-10-09 hello.tayta@gmail.com mrudula.oruganti@gigamon.com Tools/Sample-Data-Ingest-Tool/SampleDataIngestTool/LogAnalyticsCheck.cs 58 24 1792 576 31 25 2020-06-10 2023-10-09 hello.tayta@gmail.com mrudula.oruganti@gigamon.com Tools/Sample-Data-Ingest-Tool/SampleDataIngestTool/Program.cs 158 24 1792 576 31 25 2020-06-10 2023-10-09 hello.tayta@gmail.com mrudula.oruganti@gigamon.com Tools/validate-detections/action.ps1 45 25 931 576 30 22 2022-10-19 2023-10-09 40334679+azurekid@users.noreply.github.com mrudula.oruganti@gigamon.com Tools/Syslog-cef-data-replicator/syslog.py 44 14 1074 58 18 9 2022-05-29 2025-03-10 anknar@microsoft.com idoshabi@microsoft.com Tools/Syslog-cef-data-replicator/pysyslog.py 70 16 1074 58 21 9 2022-05-29 2025-03-10 anknar@microsoft.com idoshabi@microsoft.com Tools/Syslog-cef-data-replicator/pycef.py 63 15 1074 58 20 9 2022-05-29 2025-03-10 anknar@microsoft.com idoshabi@microsoft.com Tools/SIEM-Data-Migration/installTools.ps1 7 17 1097 576 21 17 2022-05-06 2023-10-09 22670063+sreedharande@users.noreply.github.com mrudula.oruganti@gigamon.com Tools/PowerShell/Create-AnalyticsRulesFromTemplates/Create-AnalyticsRulesFromTemplates.ps1 162 48 1543 576 66 44 2021-02-14 2023-10-09 mail@tobiaskritten.de mrudula.oruganti@gigamon.com Tools/PowerShell/Add-PlaybooksToSentinel/Add-PlaybooksToSentinel.ps1 136 8 1721 576 11 7 2020-08-20 2023-10-09 tlilly@netrixllc.com mrudula.oruganti@gigamon.com Tools/PowerShell/SentinelAnalyticRulesManagementScript.ps1 1107 19 430 268 22 17 2024-03-03 2024-08-12 58512303+stefanpems@users.noreply.github.com 62938807+haim-na@users.noreply.github.com Tools/ParameterizedFunction/AuditEventDataLookup_Func.ps1 136 10 1681 576 13 10 2020-09-29 2023-10-09 42559062+juliango2100@users.noreply.github.com mrudula.oruganti@gigamon.com Tools/ParameterizedFunction/EnrichAuditEvents_Func.ps1 60 10 1681 576 13 10 2020-09-29 2023-10-09 42559062+juliango2100@users.noreply.github.com mrudula.oruganti@gigamon.com Tools/Sample Code/HttpDataCollectorAPI/HttpDataCollectorAPI/Program.cs 74 7 1764 576 8 6 2020-07-08 2023-10-09 hello.tayta@gmail.com mrudula.oruganti@gigamon.com Tools/Playbook-ARM-Template-Generator/src/Playbook_ARM_Template_Generator.ps1 526 40 1118 293 79 42 2022-04-15 2024-07-18 84108246+seanstark@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Tools/CustomLogsIngestion-DCE-DCR/src/Send-AzMonitorCustomLogs.ps1 190 33 1101 576 47 28 2022-05-02 2023-10-09 andesreedhar@gmail.com mrudula.oruganti@gigamon.com Tools/externaldata/emailevents.yaml 5 17 1318 576 20 16 2021-09-27 2023-10-09 30509195+swiftsolves-msft@users.noreply.github.com mrudula.oruganti@gigamon.com Tools/externaldata/genstoragectxkql.ps1 88 17 1318 576 21 16 2021-09-27 2023-10-09 30509195+swiftsolves-msft@users.noreply.github.com mrudula.oruganti@gigamon.com Tools/externaldata/emailurlinfo.yaml 5 17 1318 576 20 16 2021-09-27 2023-10-09 30509195+swiftsolves-msft@users.noreply.github.com mrudula.oruganti@gigamon.com Tools/externaldata/dnsevents.yaml 5 17 1318 576 20 16 2021-09-27 2023-10-09 30509195+swiftsolves-msft@users.noreply.github.com mrudula.oruganti@gigamon.com Tools/externaldata/securityalert.yaml 5 17 1318 576 20 16 2021-09-27 2023-10-09 30509195+swiftsolves-msft@users.noreply.github.com mrudula.oruganti@gigamon.com Tools/externaldata/event.yaml 5 17 1318 576 20 16 2021-09-27 2023-10-09 30509195+swiftsolves-msft@users.noreply.github.com mrudula.oruganti@gigamon.com Tools/externaldata/emailattachmentinfo.yaml 5 17 1318 576 20 16 2021-09-27 2023-10-09 30509195+swiftsolves-msft@users.noreply.github.com mrudula.oruganti@gigamon.com Tools/externaldata/heartbeat.yaml 5 17 1318 576 20 16 2021-09-27 2023-10-09 30509195+swiftsolves-msft@users.noreply.github.com mrudula.oruganti@gigamon.com Tools/externaldata/appservicehttplogs.yaml 5 17 1318 576 20 16 2021-09-27 2023-10-09 30509195+swiftsolves-msft@users.noreply.github.com mrudula.oruganti@gigamon.com Tools/externaldata/auditlogs.yaml 5 17 1318 576 20 16 2021-09-27 2023-10-09 30509195+swiftsolves-msft@users.noreply.github.com mrudula.oruganti@gigamon.com Tools/Sentinel-All-In-One/v2/Scripts/EnableRules.ps1 276 44 749 293 67 46 2023-04-19 2024-07-18 50784041+anders-alex@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Tools/Sentinel-All-In-One/v2/Scripts/Create-NewSolutionAndRulesFromList.ps1 187 87 693 106 204 79 2023-06-14 2025-01-21 22670063+sreedharande@users.noreply.github.com 128674128+v1managedservices@users.noreply.github.com Tools/Sentinel-All-In-One/v1/ARMTemplates/Scripts/EnableRules.ps1 63 27 749 293 40 31 2023-04-19 2024-07-18 50784041+anders-alex@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Tools/Sentinel-All-In-One/v1/Powershell/DeleteConnectors.ps1 108 27 749 293 40 31 2023-04-19 2024-07-18 50784041+anders-alex@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Tools/Sentinel-All-In-One/v1/Powershell/SentinelallInOne.ps1 383 27 749 293 40 31 2023-04-19 2024-07-18 50784041+anders-alex@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Tools/Sentinel-All-In-One/v1/MSSPversion/Scripts/EnableRules.ps1 63 27 749 293 40 31 2023-04-19 2024-07-18 50784041+anders-alex@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Tools/MITREATT&CK-LayerGeneration-Notebook/msticpyconfig.yaml 4 23 1174 576 30 24 2022-02-18 2023-10-09 aspatil@microsoft.com mrudula.oruganti@gigamon.com Tools/UploadToBlobLookupTables/UploadToBlobLookupTables/requirements.psd1 6 6 1792 576 7 5 2020-06-10 2023-10-09 ashwinpatil@outlook.com mrudula.oruganti@gigamon.com Tools/UploadToBlobLookupTables/UploadToBlobLookupTables/profile.ps1 18 6 1792 576 7 5 2020-06-10 2023-10-09 ashwinpatil@outlook.com mrudula.oruganti@gigamon.com Tools/UploadToBlobLookupTables/UploadToBlobLookupTables/UploadToBlobLookupTables/run.ps1 83 6 1792 576 7 5 2020-06-10 2023-10-09 ashwinpatil@outlook.com mrudula.oruganti@gigamon.com Tools/Archive-Log-Tool/ArchiveLogsTool-PowerShell/Configure-Long-Term-Retention.ps1 510 114 1174 293 189 97 2022-02-18 2024-07-18 ep3p@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Playbooks/AzureMonitor-ManagedId/azuremonitor.liquid 15 34 730 293 45 36 2023-05-08 2024-07-18 50784041+anders-alex@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Playbooks/AS-Sign-Out-Google-User/CreateGoogleJWT/__init__.py 37 32 629 293 64 29 2023-08-17 2024-07-18 githubuser@accelerynt.com 164491672+shishirdw@users.noreply.github.com Playbooks/Isolate-AzVM/Convert-SnapshotsToVHD.ps1 195 10 51 13 11 7 2025-03-17 2025-04-24 aaron.lightle@microsoft.com v-prasadboke@microsoft.com Playbooks/Isolate-AzVM/Set-ManagedIdentity.ps1 92 10 51 13 11 7 2025-03-17 2025-04-24 aaron.lightle@microsoft.com v-prasadboke@microsoft.com Playbooks/Ingest-CanaryTokens/Detections/Canarytoken_triggered.yaml 31 18 1612 576 25 19 2020-12-07 2023-10-09 30509195+swiftsolves-msft@users.noreply.github.com mrudula.oruganti@gigamon.com Playbooks/PaloAlto-Wildfire/XMLResponse.xml 9 16 1365 576 18 16 2021-08-11 2023-10-09 javed.ahmad.khan@accenture.com mrudula.oruganti@gigamon.com Playbooks/AS-Microsoft-DCR-Log-Ingestion/Scripts/OfficeAuditSubscriptionEnable.ps1 26 16 167 58 24 13 2024-11-21 2025-03-10 v-prasadboke@microsoft.com idoshabi@microsoft.com Playbooks/Update-CVE-IPs-WatchListwithGreyNoise/ApplyPermissionsonLogicApp.ps1 8 25 885 576 34 23 2022-12-04 2023-10-09 naswif@microsoft.com mrudula.oruganti@gigamon.com Playbooks/Update-CVE-IPs-WatchListwithGreyNoise/NetworkSearchingForGreyNoiseIPbyCVEActivity.yaml 43 51 885 293 88 42 2022-12-04 2024-07-18 naswif@microsoft.com 164491672+shishirdw@users.noreply.github.com Playbooks/Get-AlertEntitiesEnrichment/Deploy.ps1 6 27 1682 576 35 27 2020-09-28 2023-10-09 tiandert@microsoft.com mrudula.oruganti@gigamon.com Playbooks/Block-ExchangeIP/Block-ExchangeIP.ps1 7 21 1900 576 24 20 2020-02-23 2023-10-09 42153270+lethijs@users.noreply.github.com mrudula.oruganti@gigamon.com Playbooks/Add-IP-Entity-To-Named-Location/AddApiPermissions.ps1 22 29 1364 576 42 32 2021-08-12 2023-10-09 68655382+briandelmsft@users.noreply.github.com mrudula.oruganti@gigamon.com Playbooks/Resolve-McasInfrequentCountryAlerts/Deploy.ps1 5 10 1701 576 12 10 2020-09-09 2023-10-09 sebmolendijk@gmail.com mrudula.oruganti@gigamon.com Playbooks/AS-Make-GitHub-Repository-Private/Encode-Private-Key/Encode-Private-Key.ps1 21 32 627 293 64 29 2023-08-19 2024-07-18 githubuser@accelerynt.com 164491672+shishirdw@users.noreply.github.com Playbooks/AS-Make-GitHub-Repository-Private/CreateJWT-Function/CreateJWT.js 25 32 627 293 64 29 2023-08-19 2024-07-18 githubuser@accelerynt.com 164491672+shishirdw@users.noreply.github.com Playbooks/AS-Block-GitHub-User/Encode-Private-Key/Encode-Private-Key.ps1 21 31 679 293 59 34 2023-06-28 2024-07-18 githubuser@accelerynt.com 164491672+shishirdw@users.noreply.github.com Playbooks/AS-Block-GitHub-User/CreateJWT-Function/CreateJWT.js 25 31 679 293 59 34 2023-06-28 2024-07-18 githubuser@accelerynt.com 164491672+shishirdw@users.noreply.github.com Playbooks/MDTI-Actor-Lookup/function_app.py 104 30 209 58 42 17 2024-10-10 2025-03-10 127972050+mrsharpbones@users.noreply.github.com idoshabi@microsoft.com Watchlists/ListofTCPUDPPorts/CSVtoRawContentConverterScript.ps1 37 23 1119 576 31 26 2022-04-14 2023-10-09 naswif@microsoft.com mrudula.oruganti@gigamon.com Watchlists/UpdateCloudIPs/AzureFunctionUpdateCloudIPs/requirements.psd1 8 19 1406 576 22 18 2021-07-01 2023-10-09 25964057+dicolanl@users.noreply.github.com mrudula.oruganti@gigamon.com Watchlists/UpdateCloudIPs/AzureFunctionUpdateCloudIPs/profile.ps1 19 18 1406 576 21 18 2021-07-01 2023-10-09 25964057+dicolanl@users.noreply.github.com mrudula.oruganti@gigamon.com Watchlists/UpdateCloudIPs/AzureFunctionUpdateCloudIPs/UpdateCloudIPs/run.ps1 529 23 1406 576 36 21 2021-07-01 2023-10-09 25964057+dicolanl@users.noreply.github.com mrudula.oruganti@gigamon.com Exploration Queries/InputEntity_Account/Acc2Host_HostWithMostFails.yaml 83 91 1954 576 126 68 2019-12-31 2023-10-09 t-momizr@microsoft.com mrudula.oruganti@gigamon.com Exploration Queries/InputEntity_Account/Acc2IP_rareIPLocation.yaml 79 94 1954 293 122 78 2019-12-31 2024-07-18 t-momizr@microsoft.com 164491672+shishirdw@users.noreply.github.com Exploration Queries/InputEntity_Account/HostsAppConTriggered.yaml 38 37 1540 576 48 37 2021-02-17 2023-10-09 yafruch@microsoft.com mrudula.oruganti@gigamon.com Exploration Queries/InputEntity_Account/UserAccount_LogonsFromIPAddress.yaml 32 59 1925 293 80 55 2020-01-29 2024-07-18 37285853+duzlov@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Exploration Queries/InputEntity_Account/UserAccount_NewResourceAccess.yaml 44 21 1773 576 34 17 2020-06-29 2023-10-09 guy.malul@microsoft.com mrudula.oruganti@gigamon.com Exploration Queries/InputEntity_Account/LeastPrevProcess_ByAccount.yaml 47 50 1925 293 70 46 2020-01-29 2024-07-18 37285853+duzlov@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Exploration Queries/InputEntity_Account/UserAccount_NewInteractiveLogon.yaml 44 58 1773 293 82 50 2020-06-29 2024-07-18 guy.malul@microsoft.com 164491672+shishirdw@users.noreply.github.com Exploration Queries/InputEntity_Account/UserAccount_FailedLogons.yaml 54 71 1925 293 95 67 2020-01-29 2024-07-18 37285853+duzlov@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Exploration Queries/InputEntity_Account/UserAccount_ResourceLogon.yaml 61 45 1925 293 63 41 2020-01-29 2024-07-18 37285853+duzlov@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Exploration Queries/InputEntity_Account/UserAccount_Peers.yaml 43 73 1563 293 100 71 2021-01-25 2024-07-18 yafruch@microsoft.com 164491672+shishirdw@users.noreply.github.com Exploration Queries/InputEntity_Account/UserAccount_ScreenshotHosts.yaml 25 50 1543 58 71 48 2021-02-14 2025-03-10 yafruch@microsoft.com idoshabi@microsoft.com Exploration Queries/InputEntity_Account/UserAccount_SuccessLogons.yaml 57 69 1925 293 99 65 2020-01-29 2024-07-18 37285853+duzlov@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Exploration Queries/IoT/ConnectionData_DefenderForIoT_GetIoTDevice2IoTDevice.yaml 51 37 1466 576 52 32 2021-05-02 2023-10-09 49263271+yaronfruchtmann@users.noreply.github.com mrudula.oruganti@gigamon.com Exploration Queries/IoT/Process_byIoTDevice.yaml 28 20 1941 576 30 13 2020-01-13 2023-10-09 t-momizr@microsoft.com mrudula.oruganti@gigamon.com Exploration Queries/IoT/ConnectionData_DefenderForIoT_GetIoTDevice2IP.yaml 50 35 1466 576 45 31 2021-05-02 2023-10-09 49263271+yaronfruchtmann@users.noreply.github.com mrudula.oruganti@gigamon.com Exploration Queries/IoT/ConnectionData_DefenderForIoT_GetIoTDevice2Host.yaml 52 35 1466 576 45 31 2021-05-02 2023-10-09 49263271+yaronfruchtmann@users.noreply.github.com mrudula.oruganti@gigamon.com Exploration Queries/InputEntity_Process/LeastPrevLxHosts_ByProcess.yaml 33 17 1925 576 24 13 2020-01-29 2023-10-09 37285853+duzlov@users.noreply.github.com mrudula.oruganti@gigamon.com Exploration Queries/InputEntity_Process/WinHosts_WithThisProcess.yaml 57 71 1925 293 99 66 2020-01-29 2024-07-18 37285853+duzlov@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Exploration Queries/InputEntity_Process/File_UnsignedLoadBlocked.yaml 27 36 1543 576 49 37 2021-02-14 2023-10-09 yafruch@microsoft.com mrudula.oruganti@gigamon.com Exploration Queries/InputEntity_Process/Process2Host_VMConfigChange.yaml 68 14 1750 576 22 11 2020-07-22 2023-10-09 yafruch@microsoft.com mrudula.oruganti@gigamon.com Exploration Queries/InputEntity_Process/LeastPrevOut_ByProcess.yaml 34 14 1925 576 19 13 2020-01-29 2023-10-09 37285853+duzlov@users.noreply.github.com mrudula.oruganti@gigamon.com Exploration Queries/InputEntity_Process/LeastPrevIn_ByProcess.yaml 34 56 1925 576 73 50 2020-01-29 2023-10-09 37285853+duzlov@users.noreply.github.com mrudula.oruganti@gigamon.com Exploration Queries/ExplorationQueryTemplate.yaml 16 15 1940 576 21 13 2020-01-14 2023-10-09 t-momizr@microsoft.com mrudula.oruganti@gigamon.com Exploration Queries/InputEntity_Host/ConnectionData_DefenderForIoT_GetHost2Host.yaml 52 34 1466 576 43 30 2021-05-02 2023-10-09 49263271+yaronfruchtmann@users.noreply.github.com mrudula.oruganti@gigamon.com Exploration Queries/InputEntity_Host/ProcessesOnHost.yaml 38 21 1925 576 29 13 2020-01-29 2023-10-09 37285853+duzlov@users.noreply.github.com mrudula.oruganti@gigamon.com Exploration Queries/InputEntity_Host/UsersConnectedByHost.yaml 57 39 1925 293 57 40 2020-01-29 2024-07-18 37285853+duzlov@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Exploration Queries/InputEntity_Host/ServiceCreatedOnHost.yaml 40 19 1925 576 30 14 2020-01-29 2023-10-09 37285853+duzlov@users.noreply.github.com mrudula.oruganti@gigamon.com Exploration Queries/InputEntity_Host/LeastPrevOut_ByHost.yaml 30 68 1925 293 92 62 2020-01-29 2024-07-18 37285853+duzlov@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Exploration Queries/InputEntity_Host/ProcessBlockedNonMS.yaml 25 37 1543 576 50 37 2021-02-14 2023-10-09 yafruch@microsoft.com mrudula.oruganti@gigamon.com Exploration Queries/InputEntity_Host/ConnectionData_DefenderForIoT_GetHost2IoTDevice.yaml 50 37 1466 576 53 32 2021-05-02 2023-10-09 49263271+yaronfruchtmann@users.noreply.github.com mrudula.oruganti@gigamon.com Exploration Queries/InputEntity_Host/MostPrevOut_ByHost.yaml 30 29 792 293 41 30 2023-03-07 2024-07-18 peter.bryan@microsoft.com 164491672+shishirdw@users.noreply.github.com Exploration Queries/InputEntity_Host/UserAccount_CreatedDeleted.yaml 31 16 1925 576 18 14 2020-01-29 2023-10-09 37285853+duzlov@users.noreply.github.com mrudula.oruganti@gigamon.com Exploration Queries/InputEntity_Host/Host2Acc_PossibleSuccessfulBruteForce.yaml 42 48 1954 576 62 34 2019-12-31 2023-10-09 t-momizr@microsoft.com mrudula.oruganti@gigamon.com Exploration Queries/InputEntity_Host/LeastPrevIn_ByHost.yaml 29 68 1925 293 92 62 2020-01-29 2024-07-18 37285853+duzlov@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Exploration Queries/InputEntity_Host/ParentProcessesOnHost.yaml 65 43 1925 293 60 40 2020-01-29 2024-07-18 37285853+duzlov@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Exploration Queries/InputEntity_Host/ConnectionData_DefenderForIoT_GetHost2IP.yaml 52 35 1466 576 45 30 2021-05-02 2023-10-09 49263271+yaronfruchtmann@users.noreply.github.com mrudula.oruganti@gigamon.com Exploration Queries/InputEntity_Host/LeastPrevProcess_ByHost.yaml 29 23 1925 576 33 19 2020-01-29 2023-10-09 37285853+duzlov@users.noreply.github.com mrudula.oruganti@gigamon.com Exploration Queries/InputEntity_Host/UsersTriggeringAppCon.yaml 37 24 1540 576 29 24 2021-02-17 2023-10-09 yafruch@microsoft.com mrudula.oruganti@gigamon.com Exploration Queries/InputEntity_Host/MostPrevIn_ByHost.yaml 29 29 792 293 42 30 2023-03-07 2024-07-18 peter.bryan@microsoft.com 164491672+shishirdw@users.noreply.github.com Exploration Queries/InputEntity_IP/LeastPrevClientIP-DNSNameQueryToIP.yaml 23 52 1925 576 67 45 2020-01-29 2023-10-09 37285853+duzlov@users.noreply.github.com mrudula.oruganti@gigamon.com Exploration Queries/InputEntity_IP/ConnectionData_DefenderForIoT_GetIP2IoTDevice.yaml 51 38 1466 576 53 32 2021-05-02 2023-10-09 49263271+yaronfruchtmann@users.noreply.github.com mrudula.oruganti@gigamon.com Exploration Queries/InputEntity_IP/IP2IP_SrcIPsWithMostDROP.yaml 28 22 1954 576 30 15 2019-12-31 2023-10-09 t-momizr@microsoft.com mrudula.oruganti@gigamon.com Exploration Queries/InputEntity_IP/IP2Account_byMostActiveAccounts.yaml 53 29 792 293 41 30 2023-03-07 2024-07-18 peter.bryan@microsoft.com 164491672+shishirdw@users.noreply.github.com Exploration Queries/InputEntity_IP/LeastPrevOut_ByIPAddress.yaml 32 41 1925 576 56 35 2020-01-29 2023-10-09 37285853+duzlov@users.noreply.github.com mrudula.oruganti@gigamon.com Exploration Queries/InputEntity_IP/IP2Host_HostByTrafficFromIPMost.yaml 27 22 1954 576 31 15 2019-12-31 2023-10-09 t-momizr@microsoft.com mrudula.oruganti@gigamon.com Exploration Queries/InputEntity_IP/MostPrevClientIP-DNSNameQueryToIP.yaml 23 52 1925 576 67 45 2020-01-29 2023-10-09 37285853+duzlov@users.noreply.github.com mrudula.oruganti@gigamon.com Exploration Queries/InputEntity_IP/ConnectionData_DefenderForIoT_GetIP2Host.yaml 52 34 1466 576 43 30 2021-05-02 2023-10-09 49263271+yaronfruchtmann@users.noreply.github.com mrudula.oruganti@gigamon.com Exploration Queries/InputEntity_IP/IP2IP_IPsWithMostDROPs.yaml 29 46 1954 576 57 33 2019-12-31 2023-10-09 t-momizr@microsoft.com mrudula.oruganti@gigamon.com Exploration Queries/InputEntity_IP/LeastPrevIn_ByIPAddress.yaml 32 41 1925 576 56 35 2020-01-29 2023-10-09 37285853+duzlov@users.noreply.github.com mrudula.oruganti@gigamon.com Exploration Queries/InputEntity_IP/MostPrevLxHosts_ByIP.yaml 32 69 1925 293 98 65 2020-01-29 2024-07-18 37285853+duzlov@users.noreply.github.com 164491672+shishirdw@users.noreply.github.com Exploration Queries/InputEntity_IP/ConnectionData_DefenderForIoT_GetIP2IP.yaml 50 35 1466 576 45 30 2021-05-02 2023-10-09 49263271+yaronfruchtmann@users.noreply.github.com mrudula.oruganti@gigamon.com Exploration Queries/InputEntity_IP/IP2Host_HostByTrafficFromIPLeast.yaml 27 24 1954 576 34 15 2019-12-31 2023-10-09 t-momizr@microsoft.com mrudula.oruganti@gigamon.com Exploration Queries/InputEntity_IP/IP2Host_HostByTrafficToIPLeast.yaml 26 22 1954 576 30 15 2019-12-31 2023-10-09 t-momizr@microsoft.com mrudula.oruganti@gigamon.com Exploration Queries/InputEntity_IP/IP2Host_HostByTrafficToIPMost.yaml 26 22 1954 576 30 15 2019-12-31 2023-10-09 t-momizr@microsoft.com mrudula.oruganti@gigamon.com Exploration Queries/InputEntity_IP/IP2Account_byLeastActiveAccounts.yaml 53 29 792 293 41 30 2023-03-07 2024-07-18 peter.bryan@microsoft.com 164491672+shishirdw@users.noreply.github.com Exploration Queries/InputEntity_File/HostwithFile.yaml 28 28 1785 576 41 20 2020-06-17 2023-10-09 yafruch@microsoft.com mrudula.oruganti@gigamon.com