azure / Azure-Sentinel
File Change Frequency

File change frequency (churn) shows the distribution of file updates (days with at least one commit).

Overview
File Change Frequency Overall
  • There are 6,161 files with 393,808 lines of code.
    • 606 files changed more than 100 times (47,087 lines of code)
    • 1,838 files changed 51-100 times (105,612 lines of code)
    • 2,778 files changed 21-50 times (170,063 lines of code)
    • 921 files changed 6-20 times (69,996 lines of code)
    • 18 files changed 1-5 times (1,050 lines of code)
11% | 26% | 43% | 17% | <1%
Legend:
101+
51-100
21-50
6-20
1-5

explore: grouped by folders | grouped by update frequency | data
Contributors Count Frequency Overall
  • There are 6,161 files with 393,808 lines of code.
    • 3,940 files changed by more than 25 contributors (249,014 lines of code)
    • 2,011 files changed by 11-25 contributors (127,350 lines of code)
    • 197 files changed by 6-10 contributors (16,240 lines of code)
    • 13 files changed by 2-5 contributors (1,204 lines of code)
    • 0 files changed by 1 contributor (0 lines of code)
63% | 32% | 4% | <1% | 0%
Legend:
26+
11-25
6-10
2-5
1

explore: grouped by folders | grouped by contributors count | data
File Change Frequency per File Extension
json, yaml, md, py, svg, txt, ps1, cs, ts, psd1, pyi, rb, sh, csproj, gitignore, js, tf, go, 01, csl, xml, ipynb, h, spec, psm1, gemspec, ini, 02, 03, mod, 04, 05, 06, 07, html, gitattributes, rst, cfg, liquid, properties
File Change Frequency per Extension
The number of recorded file updates
101+
51-100
21-50
6-20
1-5
yaml12% | 32% | 41% | 13% | <1%
ps128% | 8% | 28% | 34% | 0%
py5% | 18% | 53% | 22% | 0%
tf16% | 0% | 21% | 62% | 0%
rb<1% | 30% | 27% | 41% | 0%
cs0% | 10% | 48% | 41% | 0%
csl0% | 10% | 21% | 67% | 0%
ts0% | 27% | 72% | 0% | 0%
gemspec0% | 51% | 0% | 48% | 0%
go0% | 0% | 87% | 12% | 0%
js0% | 0% | 98% | 1% | 0%
psm10% | 0% | 100% | 0% | 0%
psd10% | 0% | 73% | 26% | 0%
html0% | 0% | 100% | 0% | 0%
liquid0% | 0% | 100% | 0% | 0%
spec0% | 0% | 100% | 0% | 0%
xml0% | 0% | 10% | 89% | 0%
File Change Frequency per Logical Decomposition
primary
primary (file change frequency)
The number of recorded file updates
101+
51-100
21-50
6-20
1-5
Solutions5% | 28% | 45% | 20% | <1%
Parsers16% | 27% | 42% | 14% | 0%
Detections63% | 35% | 1% | <1% | 0%
Tools51% | 5% | 20% | 22% | 0%
DataConnectors26% | 13% | 31% | 28% | 0%
Hunting Queries4% | 26% | 63% | 5% | 0%
ASIM4% | 46% | 44% | 4% | 0%
Exploration Queries0% | 27% | 61% | 10% | 0%
Playbooks0% | 6% | 42% | 51% | 0%
Watchlists0% | 0% | 95% | 4% | 0%
Tutorials0% | 0% | 0% | 100% | 0%
Summary rules0% | 0% | 0% | 100% | 0%
Most Frequently Changed Files (Top 50)

See data for all files...

File# lines# unitscreatedlast modified# changes
(days)		# contributorsfirst
contributor		latest
contributor
ASimNetworkSession.yaml
in Parsers/ASimNetworkSession/Parsers
 103 - 2022-01-12 2025-03-10 316 155 87809732+niktripathi@users.... idoshabi@microsoft.com
imNetworkSession.yaml
in Parsers/ASimNetworkSession/Parsers
 140 - 2022-01-12 2025-03-10 313 158 87809732+niktripathi@users.... idoshabi@microsoft.com
commonFunctions.ps1
in Tools/Create-Azure-Sentinel-Solution/common
 3350 - 2023-06-28 2025-04-29 280 133 demehra@microsoft.com v-atulyadav@microsoft.com
createSolutionV2.ps1
in Tools/Create-Azure-Sentinel-Solution/V2
 2512 - 2022-05-26 2024-07-18 255 137 tichandr@microsoft.com 164491672+shishirdw@users.n...
ASimAuthentication.yaml
in Parsers/ASimAuthentication/Parsers
 86 - 2022-06-13 2025-03-11 252 124 github@shezaf.com v-atulyadav@microsoft.com
ASimWebSession.yaml
in Parsers/ASimWebSession/Parsers
 64 - 2021-12-01 2025-01-21 251 144 github@shezaf.com 128674128+v1managedservices...
imAuthentication.yaml
in Parsers/ASimAuthentication/Parsers
 115 - 2022-06-13 2025-03-11 249 115 github@shezaf.com v-atulyadav@microsoft.com
imWebSession.yaml
in Parsers/ASimWebSession/Parsers
 105 - 2021-12-01 2025-01-21 244 143 github@shezaf.com 128674128+v1managedservices...
UserAccountAddedToPrivlegeGroup_1h.yaml
in Detections/SecurityEvent
 112 - 2019-08-13 2024-08-19 234 155 sagamzu@microsoft.com v-prasadboke@microsoft.com
AADHostLoginCorrelation.yaml
in Detections/MultipleDataSources
 128 - 2019-08-19 2025-03-10 226 144 peter.bryan@microsoft.com idoshabi@microsoft.com
gte_6_FailedLogons_10m.yaml
in Detections/SecurityEvent
 140 - 2019-08-13 2024-07-18 226 159 sagamzu@microsoft.com 164491672+shishirdw@users.n...
MultiplePasswordresetsbyUser.yaml
in Detections/MultipleDataSources
 136 - 2019-10-29 2024-08-19 223 152 45466083+shainw@users.norep... v-prasadboke@microsoft.com
main.py
in Solutions/Cloudflare/Data Connectors/AzureFunctionCloudflare
 160 3 2021-03-23 2025-03-10 220 153 tj@senserva.com idoshabi@microsoft.com
BariumIPIOC112020.yaml
in Detections/MultipleDataSources
 5 - 2020-11-11 2024-07-18 206 144 peter.bryan@microsoft.com 164491672+shishirdw@users.n...
MalformedUserAgents.yaml
in Detections/MultipleDataSources
 109 - 2019-08-13 2024-08-19 203 144 sagamzu@microsoft.com v-prasadboke@microsoft.com
GroupCreatedAddedToPrivlegeGroup_1h.yaml
in Detections/SecurityEvent
 150 - 2019-08-13 2024-08-19 202 140 sagamzu@microsoft.com v-prasadboke@microsoft.com
SigninFirewallCorrelation.yaml
in Detections/MultipleDataSources
 67 - 2019-08-13 2024-08-19 201 140 sagamzu@microsoft.com v-prasadboke@microsoft.com
ExchangeServerVulnerabilitiesMarch2021IoCs.yaml
in Detections/MultipleDataSources
 5 - 2021-03-06 2024-07-18 199 145 peter.bryan@microsoft.com 164491672+shishirdw@users.n...
RDP_Nesting.yaml
in Detections/SecurityEvent
 159 - 2019-10-21 2025-01-21 199 141 shainw@microsoft.com 128674128+v1managedservices...
UserAccountEnabledDisabled_10m.yaml
in Detections/SecurityEvent
 149 - 2020-04-05 2024-08-19 198 142 samik.n.roy@gmail.com v-prasadboke@microsoft.com
SolarWinds_TEARDROP_Process-IOCs.yaml
in Detections/DeviceEvents
 5 - 2020-12-16 2024-07-18 196 136 andesreedhar@gmail.com 164491672+shishirdw@users.n...
AnomalousIPUsageFollowedByTeamsAction.yaml
in Detections/MultipleDataSources
 128 - 2020-07-23 2025-03-11 196 140 45466083+shainw@users.norep... v-atulyadav@microsoft.com
main.py
in Solutions/Oracle Cloud Infrastructure/Data Connectors/AzureFunctionOCILogs
 163 10 2022-06-08 2025-03-11 194 122 104008048+v-atulyadav@users... v-atulyadav@microsoft.com
BariumDomainIOC112020.yaml
in Detections/MultipleDataSources
 5 - 2020-11-11 2024-07-18 193 142 peter.bryan@microsoft.com 164491672+shishirdw@users.n...
ASimAuditEvent.yaml
in Parsers/ASimAuditEvent/Parsers
 63 - 2022-12-19 2025-03-11 193 104 github@shezaf.com v-atulyadav@microsoft.com
password_never_expires.yaml
in Detections/SecurityEvent
 107 - 2019-08-13 2024-08-12 193 137 sagamzu@microsoft.com 62938807+haim-na@users.nore...
PHOSPHORUSMarch2019IOCs.yaml
in Detections/MultipleDataSources
 5 - 2020-10-20 2024-07-18 192 141 peter.bryan@microsoft.com 164491672+shishirdw@users.n...
RareRunCommandPowerShellScript.yaml
in Detections/AzureActivity
 80 - 2021-10-25 2024-08-19 192 127 peter.bryan@microsoft.com v-prasadboke@microsoft.com
createSolutionV3.ps1
in Tools/Create-Azure-Sentinel-Solution/V3
 292 - 2023-06-28 2025-03-11 192 111 demehra@microsoft.com v-atulyadav@microsoft.com
UseraddedtoPrivilgedGroups.yaml
in Detections/AuditLogs
 5 - 2020-07-15 2024-07-18 191 142 ashwinpatil@outlook.com 164491672+shishirdw@users.n...
SigninBruteForce-AzurePortal.yaml
in Detections/SigninLogs
 5 - 2019-08-13 2024-07-18 191 137 sagamzu@microsoft.com 164491672+shishirdw@users.n...
HostAADCorrelation.yaml
in Detections/MultipleDataSources
 102 - 2019-08-19 2024-07-18 191 127 peter.bryan@microsoft.com 164491672+shishirdw@users.n...
AWSConsoleAADCorrelation.yaml
in Detections/MultipleDataSources
 69 - 2019-08-19 2024-07-18 190 133 peter.bryan@microsoft.com 164491672+shishirdw@users.n...
UserAccountCreatedDeleted_10m.yaml
in Detections/SecurityEvent
 148 - 2019-08-13 2024-08-19 190 141 sagamzu@microsoft.com v-prasadboke@microsoft.com
PotentialKerberoast.yaml
in Detections/SecurityEvent
 118 - 2019-08-13 2024-08-19 188 137 sagamzu@microsoft.com v-prasadboke@microsoft.com
123 - 2019-08-13 2024-08-19 188 139 sagamzu@microsoft.com v-prasadboke@microsoft.com
RunCommandUEBABreach.yaml
in Detections/MultipleDataSources
 79 - 2021-10-25 2024-08-19 187 129 peter.bryan@microsoft.com v-prasadboke@microsoft.com
Solorigate-Network-Beacon.yaml
in Detections/MultipleDataSources
 5 - 2020-12-22 2024-07-18 185 138 peter.bryan@microsoft.com 164491672+shishirdw@users.n...
imAuditEvent.yaml
in Parsers/ASimAuditEvent/Parsers
 93 - 2022-12-20 2025-03-11 185 96 39997089+oshezaf@users.nore... v-atulyadav@microsoft.com
FileHashEntity_SecurityEvent.yaml
in Detections/ThreatIntelligenceIndicator
 5 - 2019-08-30 2024-07-18 184 128 shainw@microsoft.com 164491672+shishirdw@users.n...
SolarWinds_SUNBURST_Network-IOCs.yaml
in Detections/DeviceNetworkEvents
 5 - 2020-12-16 2024-07-18 179 133 andesreedhar@gmail.com 164491672+shishirdw@users.n...
5 - 2020-12-20 2024-07-18 179 137 45466083+shainw@users.norep... 164491672+shishirdw@users.n...
FailedLogonToAzurePortal.yaml
in Detections/SigninLogs
 5 - 2019-08-13 2024-07-18 178 135 sagamzu@microsoft.com 164491672+shishirdw@users.n...
RareOfficeOperations.yaml
in Detections/OfficeActivity
 5 - 2019-08-13 2024-07-18 177 128 sagamzu@microsoft.com 164491672+shishirdw@users.n...
ExplicitMFADeny.yaml
in Detections/SigninLogs
 5 - 2020-10-14 2025-01-21 177 136 57229057+secops-and-hops@us... 128674128+v1managedservices...
powershell_empire.yaml
in Detections/SecurityEvent
 5 - 2019-08-13 2024-07-18 176 131 sagamzu@microsoft.com 164491672+shishirdw@users.n...
5 - 2020-12-16 2024-07-18 175 132 andesreedhar@gmail.com 164491672+shishirdw@users.n...
58 - 2020-04-24 2024-08-19 175 128 peter.bryan@microsoft.com v-prasadboke@microsoft.com
5 - 2020-12-01 2024-07-18 174 134 nicholas.b.carr@gmail.com 164491672+shishirdw@users.n...
KeyvaultMassSecretRetrieval.yaml
in Detections/AzureDiagnostics
 5 - 2019-08-13 2024-07-18 174 125 sagamzu@microsoft.com 164491672+shishirdw@users.n...
Files With Most Contributors (Top 50)
Based on the number of unique email addresses found in commits.

See data for all files...

File# lines# unitscreatedlast modified# changes
(days)		# contributorsfirst
contributor		latest
contributor
gte_6_FailedLogons_10m.yaml
in Detections/SecurityEvent
 140 - 2019-08-13 2024-07-18 226 159 sagamzu@microsoft.com 164491672+shishirdw@users.n...
imNetworkSession.yaml
in Parsers/ASimNetworkSession/Parsers
 140 - 2022-01-12 2025-03-10 313 158 87809732+niktripathi@users.... idoshabi@microsoft.com
ASimNetworkSession.yaml
in Parsers/ASimNetworkSession/Parsers
 103 - 2022-01-12 2025-03-10 316 155 87809732+niktripathi@users.... idoshabi@microsoft.com
UserAccountAddedToPrivlegeGroup_1h.yaml
in Detections/SecurityEvent
 112 - 2019-08-13 2024-08-19 234 155 sagamzu@microsoft.com v-prasadboke@microsoft.com
main.py
in Solutions/Cloudflare/Data Connectors/AzureFunctionCloudflare
 160 3 2021-03-23 2025-03-10 220 153 tj@senserva.com idoshabi@microsoft.com
MultiplePasswordresetsbyUser.yaml
in Detections/MultipleDataSources
 136 - 2019-10-29 2024-08-19 223 152 45466083+shainw@users.norep... v-prasadboke@microsoft.com
ExchangeServerVulnerabilitiesMarch2021IoCs.yaml
in Detections/MultipleDataSources
 5 - 2021-03-06 2024-07-18 199 145 peter.bryan@microsoft.com 164491672+shishirdw@users.n...
ASimWebSession.yaml
in Parsers/ASimWebSession/Parsers
 64 - 2021-12-01 2025-01-21 251 144 github@shezaf.com 128674128+v1managedservices...
AADHostLoginCorrelation.yaml
in Detections/MultipleDataSources
 128 - 2019-08-19 2025-03-10 226 144 peter.bryan@microsoft.com idoshabi@microsoft.com
BariumIPIOC112020.yaml
in Detections/MultipleDataSources
 5 - 2020-11-11 2024-07-18 206 144 peter.bryan@microsoft.com 164491672+shishirdw@users.n...
MalformedUserAgents.yaml
in Detections/MultipleDataSources
 109 - 2019-08-13 2024-08-19 203 144 sagamzu@microsoft.com v-prasadboke@microsoft.com
imWebSession.yaml
in Parsers/ASimWebSession/Parsers
 105 - 2021-12-01 2025-01-21 244 143 github@shezaf.com 128674128+v1managedservices...
UserAccountEnabledDisabled_10m.yaml
in Detections/SecurityEvent
 149 - 2020-04-05 2024-08-19 198 142 samik.n.roy@gmail.com v-prasadboke@microsoft.com
BariumDomainIOC112020.yaml
in Detections/MultipleDataSources
 5 - 2020-11-11 2024-07-18 193 142 peter.bryan@microsoft.com 164491672+shishirdw@users.n...
UseraddedtoPrivilgedGroups.yaml
in Detections/AuditLogs
 5 - 2020-07-15 2024-07-18 191 142 ashwinpatil@outlook.com 164491672+shishirdw@users.n...
RDP_Nesting.yaml
in Detections/SecurityEvent
 159 - 2019-10-21 2025-01-21 199 141 shainw@microsoft.com 128674128+v1managedservices...
PHOSPHORUSMarch2019IOCs.yaml
in Detections/MultipleDataSources
 5 - 2020-10-20 2024-07-18 192 141 peter.bryan@microsoft.com 164491672+shishirdw@users.n...
UserAccountCreatedDeleted_10m.yaml
in Detections/SecurityEvent
 148 - 2019-08-13 2024-08-19 190 141 sagamzu@microsoft.com v-prasadboke@microsoft.com
GroupCreatedAddedToPrivlegeGroup_1h.yaml
in Detections/SecurityEvent
 150 - 2019-08-13 2024-08-19 202 140 sagamzu@microsoft.com v-prasadboke@microsoft.com
SigninFirewallCorrelation.yaml
in Detections/MultipleDataSources
 67 - 2019-08-13 2024-08-19 201 140 sagamzu@microsoft.com v-prasadboke@microsoft.com
AnomalousIPUsageFollowedByTeamsAction.yaml
in Detections/MultipleDataSources
 128 - 2020-07-23 2025-03-11 196 140 45466083+shainw@users.norep... v-atulyadav@microsoft.com
123 - 2019-08-13 2024-08-19 188 139 sagamzu@microsoft.com v-prasadboke@microsoft.com
Solorigate-Network-Beacon.yaml
in Detections/MultipleDataSources
 5 - 2020-12-22 2024-07-18 185 138 peter.bryan@microsoft.com 164491672+shishirdw@users.n...
createSolutionV2.ps1
in Tools/Create-Azure-Sentinel-Solution/V2
 2512 - 2022-05-26 2024-07-18 255 137 tichandr@microsoft.com 164491672+shishirdw@users.n...
password_never_expires.yaml
in Detections/SecurityEvent
 107 - 2019-08-13 2024-08-12 193 137 sagamzu@microsoft.com 62938807+haim-na@users.nore...
SigninBruteForce-AzurePortal.yaml
in Detections/SigninLogs
 5 - 2019-08-13 2024-07-18 191 137 sagamzu@microsoft.com 164491672+shishirdw@users.n...
PotentialKerberoast.yaml
in Detections/SecurityEvent
 118 - 2019-08-13 2024-08-19 188 137 sagamzu@microsoft.com v-prasadboke@microsoft.com
5 - 2020-12-20 2024-07-18 179 137 45466083+shainw@users.norep... 164491672+shishirdw@users.n...
SolarWinds_TEARDROP_Process-IOCs.yaml
in Detections/DeviceEvents
 5 - 2020-12-16 2024-07-18 196 136 andesreedhar@gmail.com 164491672+shishirdw@users.n...
ExplicitMFADeny.yaml
in Detections/SigninLogs
 5 - 2020-10-14 2025-01-21 177 136 57229057+secops-and-hops@us... 128674128+v1managedservices...
CriticalSeverityDetection.yaml
in Solutions/CrowdStrike Falcon Endpoint Protection/Analytic Rules
 45 - 2021-02-19 2025-03-10 167 136 ndicola@microsoft.com idoshabi@microsoft.com
CriticalOrHighSeverityDetectionsByUser.yaml
in Solutions/CrowdStrike Falcon Endpoint Protection/Analytic Rules
 19 - 2021-02-19 2025-03-10 167 136 ndicola@microsoft.com idoshabi@microsoft.com
FailedLogonToAzurePortal.yaml
in Detections/SigninLogs
 5 - 2019-08-13 2024-07-18 178 135 sagamzu@microsoft.com 164491672+shishirdw@users.n...
5 - 2020-12-01 2024-07-18 174 134 nicholas.b.carr@gmail.com 164491672+shishirdw@users.n...
commonFunctions.ps1
in Tools/Create-Azure-Sentinel-Solution/common
 3350 - 2023-06-28 2025-04-29 280 133 demehra@microsoft.com v-atulyadav@microsoft.com
AWSConsoleAADCorrelation.yaml
in Detections/MultipleDataSources
 69 - 2019-08-19 2024-07-18 190 133 peter.bryan@microsoft.com 164491672+shishirdw@users.n...
SolarWinds_SUNBURST_Network-IOCs.yaml
in Detections/DeviceNetworkEvents
 5 - 2020-12-16 2024-07-18 179 133 andesreedhar@gmail.com 164491672+shishirdw@users.n...
AzureAADPowerShellAnomaly.yaml
in Detections/SigninLogs
 5 - 2020-12-11 2024-07-18 170 133 andesreedhar@gmail.com 164491672+shishirdw@users.n...
5 - 2020-12-16 2024-07-18 175 132 andesreedhar@gmail.com 164491672+shishirdw@users.n...
Supernovawebshell.yaml
in Detections/W3CIISLog
 6 - 2021-01-07 2024-07-18 167 132 45466083+shainw@users.norep... 164491672+shishirdw@users.n...
powershell_empire.yaml
in Detections/SecurityEvent
 5 - 2019-08-13 2024-07-18 176 131 sagamzu@microsoft.com 164491672+shishirdw@users.n...
UserAccountAdd-Removed.yaml
in Detections/SecurityEvent
 129 - 2019-08-13 2024-07-18 174 131 sagamzu@microsoft.com 164491672+shishirdw@users.n...
MFADisable.yaml
in Detections/MultipleDataSources
 5 - 2019-12-16 2024-07-18 173 131 45466083+shainw@users.norep... 164491672+shishirdw@users.n...
RareApplicationConsent.yaml
in Detections/AuditLogs
 5 - 2019-09-12 2024-07-18 173 131 42559062+juliango2100@users... 164491672+shishirdw@users.n...
ADFSDomainTrustMods.yaml
in Detections/AuditLogs
 5 - 2020-12-11 2024-07-18 172 131 andesreedhar@gmail.com 164491672+shishirdw@users.n...
RunCommandUEBABreach.yaml
in Detections/MultipleDataSources
 79 - 2021-10-25 2024-08-19 187 129 peter.bryan@microsoft.com v-prasadboke@microsoft.com
FileHashEntity_SecurityEvent.yaml
in Detections/ThreatIntelligenceIndicator
 5 - 2019-08-30 2024-07-18 184 128 shainw@microsoft.com 164491672+shishirdw@users.n...
RareOfficeOperations.yaml
in Detections/OfficeActivity
 5 - 2019-08-13 2024-07-18 177 128 sagamzu@microsoft.com 164491672+shishirdw@users.n...
58 - 2020-04-24 2024-08-19 175 128 peter.bryan@microsoft.com v-prasadboke@microsoft.com
96 - 2019-10-21 2024-07-18 170 128 shainw@microsoft.com 164491672+shishirdw@users.n...
Files With Least Contributors (Top 50)
Based on the number of unique email addresses found in commits.

See data for all files...

File# lines# unitscreatedlast modified# changes
(days)		# contributorsfirst
contributor		latest
contributor
JamfProtectTelemetry.yaml
in Solutions/Jamf Protect/Parsers
 740 - 2025-04-03 2025-04-24 7 4 thijsxhaflaire31@hotmail.com v-prasadboke@microsoft.com
JamfProtectThreatEvents.yaml
in Solutions/Jamf Protect/Parsers
 65 - 2025-04-03 2025-04-24 7 4 thijsxhaflaire31@hotmail.com v-prasadboke@microsoft.com
JamfProtectNetworkTraffic.yaml
in Solutions/Jamf Protect/Parsers
 61 - 2025-04-03 2025-04-24 7 4 thijsxhaflaire31@hotmail.com v-prasadboke@microsoft.com
JamfProtectAlerts.yaml
in Solutions/Jamf Protect/Parsers
 20 - 2025-04-03 2025-04-24 7 4 thijsxhaflaire31@hotmail.com v-prasadboke@microsoft.com
JamfProtectUnifiedLogs.yaml
in Solutions/Jamf Protect/Parsers
 11 - 2025-04-03 2025-04-24 7 4 thijsxhaflaire31@hotmail.com v-prasadboke@microsoft.com
Write-OMSLogfile.ps1
in DataConnectors/O365 Data/O365APItoAS-Template/TimerTrigger/modules
 126 - 2020-01-04 2023-10-09 8 5 ndicola@microsoft.com mrudula.oruganti@gigamon.com
run.ps1
in Tools/UploadToBlobLookupTables/UploadToBlobLookupTables/UploadToBlobLookupTables
 83 - 2020-06-10 2023-10-09 6 5 ashwinpatil@outlook.com mrudula.oruganti@gigamon.com
AppConfig.cs
in Tools/Sample-Data-Ingest-Tool/SampleDataIngestTool
 33 2 2020-06-10 2023-10-09 6 5 hello.tayta@gmail.com mrudula.oruganti@gigamon.com
profile.ps1
in DataConnectors/O365 Data/O365APItoAS-Template
 18 - 2020-01-04 2023-10-09 8 5 ndicola@microsoft.com mrudula.oruganti@gigamon.com
profile.ps1
in Tools/UploadToBlobLookupTables/UploadToBlobLookupTables
 18 - 2020-06-10 2023-10-09 6 5 ashwinpatil@outlook.com mrudula.oruganti@gigamon.com
ADOAuditLogs.yaml
in Solutions/AzureDevOpsAuditing/Parsers
 17 - 2025-04-08 2025-04-29 6 5 r.greatlove@gmail.com v-atulyadav@microsoft.com
requirements.psd1
in DataConnectors/O365 Data/O365APItoAS-Template
 6 - 2020-01-04 2023-10-09 8 5 ndicola@microsoft.com mrudula.oruganti@gigamon.com
requirements.psd1
in Tools/UploadToBlobLookupTables/UploadToBlobLookupTables
 6 - 2020-06-10 2023-10-09 6 5 ashwinpatil@outlook.com mrudula.oruganti@gigamon.com
parser_cef-as.rb
in DataConnectors/Fluentd-VMSS/plugin
 203 9 2020-03-23 2023-10-09 8 6 ndicola@microsoft.com mrudula.oruganti@gigamon.com
cef_version_0_keys.yaml
in DataConnectors/Fluentd-VMSS/plugin
 166 - 2020-03-23 2023-10-09 8 6 ndicola@microsoft.com mrudula.oruganti@gigamon.com
out_remote_syslog-as.rb
in DataConnectors/Fluentd-VMSS/plugin
 132 7 2020-03-23 2023-10-09 8 6 ndicola@microsoft.com mrudula.oruganti@gigamon.com
DomainEntity_PaloAlto.yaml
in Solutions/Threat Intelligence (NEW)/Analytic Rules
 108 - 2025-04-15 2025-04-29 5 6 v-shukore@microsoft.com v-atulyadav@microsoft.com
URLEntity_PaloAlto.yaml
in Solutions/Threat Intelligence (NEW)/Analytic Rules
 79 - 2025-04-15 2025-04-29 5 6 v-shukore@microsoft.com v-atulyadav@microsoft.com
Program.cs
in Tools/Sample Code/HttpDataCollectorAPI/HttpDataCollectorAPI
 74 3 2020-07-08 2023-10-09 7 6 hello.tayta@gmail.com mrudula.oruganti@gigamon.com
DomainEntity_SecurityAlert.yaml
in Solutions/Threat Intelligence (NEW)/Analytic Rules
 67 - 2025-04-15 2025-04-29 5 6 v-shukore@microsoft.com v-atulyadav@microsoft.com
DomainEntity_EmailUrlInfo_Updated.yaml
in Solutions/Threat Intelligence (NEW)/Analytic Rules
 66 - 2025-04-15 2025-04-29 5 6 v-shukore@microsoft.com v-atulyadav@microsoft.com
URLEntity_EmailUrlInfo_Updated.yaml
in Solutions/Threat Intelligence (NEW)/Analytic Rules
 62 - 2025-04-15 2025-04-29 5 6 v-shukore@microsoft.com v-atulyadav@microsoft.com
URLEntity_AuditLogs.yaml
in Solutions/Threat Intelligence (NEW)/Analytic Rules
 61 - 2025-04-15 2025-04-29 5 6 v-shukore@microsoft.com v-atulyadav@microsoft.com
DomainEntity_EmailEvents_Updated.yaml
in Solutions/Threat Intelligence (NEW)/Analytic Rules
 52 - 2025-04-15 2025-04-29 5 6 v-shukore@microsoft.com v-atulyadav@microsoft.com
ThreatIntelIndicatorsv2.yaml
in Solutions/Threat Intelligence (NEW)/Parsers
 51 - 2025-04-15 2025-04-29 5 6 v-shukore@microsoft.com v-atulyadav@microsoft.com
DomainEntity_CommonSecurityLog.yaml
in Solutions/Threat Intelligence (NEW)/Analytic Rules
 50 - 2025-04-15 2025-04-29 5 6 v-shukore@microsoft.com v-atulyadav@microsoft.com
FileEntity_SecurityEvent.yaml
in Solutions/Threat Intelligence (NEW)/Hunting Queries
 49 - 2025-04-15 2025-04-29 5 6 v-shukore@microsoft.com v-atulyadav@microsoft.com
FileEntity_Syslog.yaml
in Solutions/Threat Intelligence (NEW)/Hunting Queries
 48 - 2025-04-15 2025-04-29 5 6 v-shukore@microsoft.com v-atulyadav@microsoft.com
FileEntity_VMConnection.yaml
in Solutions/Threat Intelligence (NEW)/Hunting Queries
 48 - 2025-04-15 2025-04-29 5 6 v-shukore@microsoft.com v-atulyadav@microsoft.com
FileEntity_OfficeActivity.yaml
in Solutions/Threat Intelligence (NEW)/Hunting Queries
 47 - 2025-04-15 2025-04-29 5 6 v-shukore@microsoft.com v-atulyadav@microsoft.com
FileEntity_WireData.yaml
in Solutions/Threat Intelligence (NEW)/Hunting Queries
 40 - 2025-04-15 2025-04-29 5 6 v-shukore@microsoft.com v-atulyadav@microsoft.com
FileHashEntity_DeviceFileEvents_Updated.yaml
in Solutions/Threat Intelligence (NEW)/Analytic Rules
 38 - 2025-04-15 2025-04-29 5 6 v-shukore@microsoft.com v-atulyadav@microsoft.com
URLEntity_Syslog.yaml
in Solutions/Threat Intelligence (NEW)/Analytic Rules
 31 - 2025-04-15 2025-04-29 5 6 v-shukore@microsoft.com v-atulyadav@microsoft.com
SampleDataPath.cs
in Tools/Sample-Data-Ingest-Tool/SampleDataIngestTool
 26 2 2020-06-10 2023-10-09 8 6 hello.tayta@gmail.com mrudula.oruganti@gigamon.com
profile.ps1
in DataConnectors/Templates/Connector_REST_API_AzureFunctionApp_template/Template_REST_API_AzureFunction_App_Code/Template_REST_API_Function_App_Power...
 18 - 2020-07-13 2023-10-09 7 6 59736871+chicduong@users.no... mrudula.oruganti@gigamon.com
profile.ps1
in DataConnectors/Zoom
 18 - 2020-04-20 2023-10-09 8 6 peter.bryan@microsoft.com mrudula.oruganti@gigamon.com
requirements.psd1
in DataConnectors/Templates/Connector_REST_API_AzureFunctionApp_template/Template_REST_API_AzureFunction_App_Code/Template_REST_API_Function_App_Power...
 7 - 2020-07-13 2023-10-09 7 6 59736871+chicduong@users.no... mrudula.oruganti@gigamon.com
requirements.psd1
in DataConnectors/Zoom
 6 - 2020-04-20 2023-10-09 8 6 peter.bryan@microsoft.com mrudula.oruganti@gigamon.com
corelight_corelight_metrics_disk.yaml
in Solutions/Corelight/Parsers
 968 - 2025-03-05 2025-04-24 9 7 dhwani.shah@crestdatasys.com v-prasadboke@microsoft.com
Processor.cs
in DataConnectors/O365 DataCSharp/Teams.CustomConnector.Processor
 201 5 2020-04-22 2023-10-09 8 7 mabadola@microsoft.com mrudula.oruganti@gigamon.com
Convert-SnapshotsToVHD.ps1
in Playbooks/Isolate-AzVM
 195 - 2025-03-17 2025-04-24 10 7 aaron.lightle@microsoft.com v-prasadboke@microsoft.com
corelight_corelight_metrics_iface.yaml
in Solutions/Corelight/Parsers
 164 - 2025-03-05 2025-04-24 9 7 dhwani.shah@crestdatasys.com v-prasadboke@microsoft.com
Add-PlaybooksToSentinel.ps1
in Tools/PowerShell/Add-PlaybooksToSentinel
 136 - 2020-08-20 2023-10-09 8 7 tlilly@netrixllc.com mrudula.oruganti@gigamon.com
IPEntity_imNetworkSession.yaml
in Solutions/Threat Intelligence (NEW)/Analytic Rules
 106 - 2025-04-15 2025-04-29 5 7 v-shukore@microsoft.com v-atulyadav@microsoft.com
EgressTeamsLogs.cs
in DataConnectors/O365 DataCSharp/Teams.CustomConnector.Serverless
 102 1 2020-04-22 2023-10-09 8 7 mabadola@microsoft.com mrudula.oruganti@gigamon.com
Set-ManagedIdentity.ps1
in Playbooks/Isolate-AzVM
 92 - 2025-03-17 2025-04-24 10 7 aaron.lightle@microsoft.com v-prasadboke@microsoft.com
imDns_IPEntity_DnsEvents.yaml
in Solutions/Threat Intelligence (NEW)/Analytic Rules
 80 - 2025-04-15 2025-04-29 8 7 v-shukore@microsoft.com v-atulyadav@microsoft.com
LogDownloader.cs
in DataConnectors/AzureStorage
 77 3 2020-04-17 2023-10-09 8 7 ross.bevington@microsoft.com mrudula.oruganti@gigamon.com
DomainEntity_DnsEvents.yaml
in Solutions/Threat Intelligence (NEW)/Analytic Rules
 74 - 2025-04-15 2025-04-29 9 7 v-shukore@microsoft.com v-atulyadav@microsoft.com
DomainEntity_Syslog.yaml
in Solutions/Threat Intelligence (NEW)/Analytic Rules
 73 - 2025-04-15 2025-04-29 9 7 v-shukore@microsoft.com v-atulyadav@microsoft.com
Correlations

File Size vs. Number of Changes: 6180 points

Solutions/Threat Intelligence (NEW)/Analytic Rules/DomainEntity_CloudAppEvents_Updated.yaml x: 72 lines of code y: 7 # changes Solutions/Threat Intelligence (NEW)/Analytic Rules/DomainEntity_DeviceNetworkEvents_Updated.yaml x: 55 lines of code y: 7 # changes Solutions/Threat Intelligence (NEW)/Analytic Rules/EmailEntity_AzureActivity.yaml x: 55 lines of code y: 10 # changes Solutions/Threat Intelligence (NEW)/Analytic Rules/EmailEntity_CloudAppEvents_Updated.yaml x: 45 lines of code y: 7 # changes Solutions/Threat Intelligence (NEW)/Analytic Rules/EmailEntity_OfficeActivity.yaml x: 58 lines of code y: 10 # changes Solutions/Threat Intelligence (NEW)/Analytic Rules/EmailEntity_SecurityEvent.yaml x: 75 lines of code y: 10 # changes Solutions/Threat Intelligence (NEW)/Analytic Rules/EmailEntity_SigninLogs.yaml x: 66 lines of code y: 10 # changes Solutions/Threat Intelligence (NEW)/Analytic Rules/IPEntity_AzureFirewall.yaml x: 69 lines of code y: 7 # changes Solutions/Threat Intelligence (NEW)/Analytic Rules/IPEntity_AzureKeyVault.yaml x: 61 lines of code y: 7 # changes Solutions/Threat Intelligence (NEW)/Analytic Rules/IPEntity_CloudAppEvents_Updated.yaml x: 4 lines of code y: 7 # changes Solutions/Threat Intelligence (NEW)/Analytic Rules/IPEntity_CustomSecurityLog.yaml x: 42 lines of code y: 7 # changes Solutions/Threat Intelligence (NEW)/Analytic Rules/imDns_DomainEntity_DnsEvents.yaml x: 83 lines of code y: 9 # changes Solutions/CiscoASA/Analytic Rules/CiscoASA-AvgAttackDetectRateIncrease.yaml x: 78 lines of code y: 67 # changes Solutions/CiscoASA/Analytic Rules/CiscoASA-ThreatDetectionMessage.yaml x: 39 lines of code y: 67 # changes DataConnectors/AWS-S3/Utils/CommonAwsPolicies.ps1 x: 224 lines of code y: 100 # changes Solutions/AtlassianConfluenceAudit/Parsers/ConfluenceAudit.yaml x: 76 lines of code y: 40 # changes Solutions/AzureDevOpsAuditing/Analytic Rules/ADOAgentPoolCreatedDeleted.yaml x: 57 lines of code y: 89 # changes Solutions/AzureDevOpsAuditing/Analytic Rules/ADOAuditStreamDisabled.yaml x: 37 lines of code y: 89 # changes Solutions/AzureDevOpsAuditing/Analytic Rules/ADOMaliciousToolingDetections1.yaml x: 36 lines of code y: 65 # changes Solutions/AzureDevOpsAuditing/Analytic Rules/ADONewExtensionAdded.yaml x: 41 lines of code y: 75 # changes Solutions/AzureDevOpsAuditing/Analytic Rules/ADOPATUsedWithBrowser.yaml x: 38 lines of code y: 96 # changes Solutions/AzureDevOpsAuditing/Analytic Rules/ADOPipelineModifiedbyNewUser.yaml x: 65 lines of code y: 107 # changes Solutions/AzureDevOpsAuditing/Analytic Rules/ADOVariableModifiedByNewUser.yaml x: 53 lines of code y: 97 # changes Solutions/AzureDevOpsAuditing/Analytic Rules/AzDOAdminGroupAdditions.yaml x: 47 lines of code y: 89 # changes Solutions/AzureDevOpsAuditing/Analytic Rules/AzDOHistoricPrPolicyBypassing.yaml x: 52 lines of code y: 107 # changes Solutions/AzureDevOpsAuditing/Analytic Rules/AzDOHistoricServiceConnectionAdds.yaml x: 67 lines of code y: 103 # changes Solutions/AzureDevOpsAuditing/Analytic Rules/AzDOPipelineCreatedDeletedOneDay.yaml x: 69 lines of code y: 89 # changes Solutions/AzureDevOpsAuditing/Analytic Rules/AzDOServiceConnectionUsage.yaml x: 38 lines of code y: 108 # changes Solutions/AzureDevOpsAuditing/Analytic Rules/ExternalUpstreamSourceAddedtoAzureDevOpsFeed.yaml x: 55 lines of code y: 75 # changes Solutions/AzureDevOpsAuditing/Analytic Rules/NewAgentAddedToPoolbyNewUserorofNewOS.yaml x: 72 lines of code y: 97 # changes Solutions/AzureDevOpsAuditing/Analytic Rules/NewPAPCAPCASaddedtoADO.yaml x: 54 lines of code y: 100 # changes Solutions/AzureDevOpsAuditing/Hunting Queries/ADOBuildCheckDeleted.yaml x: 27 lines of code y: 83 # changes Solutions/AzureDevOpsAuditing/Hunting Queries/ADOBuildDeletedAfterPipelineMod.yaml x: 19 lines of code y: 56 # changes Solutions/AzureDevOpsAuditing/Hunting Queries/ADOInternalUpstreamPacakgeFeedAdded.yaml x: 67 lines of code y: 83 # changes Solutions/AzureDevOpsAuditing/Hunting Queries/ADONewAgentPoolCreated.yaml x: 6 lines of code y: 56 # changes Solutions/AzureDevOpsAuditing/Hunting Queries/ADONewPATOperation.yaml x: 33 lines of code y: 56 # changes Solutions/AzureDevOpsAuditing/Hunting Queries/ADONewPackageFeedCreated.yaml x: 34 lines of code y: 83 # changes Solutions/AzureDevOpsAuditing/Hunting Queries/ADONewReleaseApprover.yaml x: 42 lines of code y: 56 # changes Solutions/AzureDevOpsAuditing/Hunting Queries/ADOReleasePipelineCreated.yaml x: 51 lines of code y: 57 # changes Solutions/AzureDevOpsAuditing/Hunting Queries/Addtional Org Admin Added.yaml x: 30 lines of code y: 31 # changes Solutions/AzureDevOpsAuditing/Hunting Queries/AzDODisplayNameSwapping.yaml x: 25 lines of code y: 31 # changes Solutions/AzureDevOpsAuditing/Hunting Queries/EntraID Conditional Access Disabled.yaml x: 29 lines of code y: 34 # changes Solutions/AzureDevOpsAuditing/Parsers/ADOAuditLogs.yaml x: 17 lines of code y: 6 # changes Solutions/ImpervaCloudWAF/Data Connectors/ImpervaWAFCloudSentinelConnector/__init__.py x: 221 lines of code y: 113 # changes Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - Audit logging disabled.yaml x: 68 lines of code y: 22 # changes Solutions/Microsoft Entra ID/Analytic Rules/AnomalousUserAppSigninLocationIncrease-detection.yaml x: 38 lines of code y: 71 # changes Solutions/Microsoft Entra ID/Analytic Rules/DistribPassCrackAttempt.yaml x: 60 lines of code y: 51 # changes Solutions/Network Session Essentials/Analytic Rules/NetworkPortSweepFromExternalNetwork.yaml x: 91 lines of code y: 86 # changes Solutions/QualysVM/Data Connectors/AzureFunctionQualysVM_V2/run.ps1 x: 285 lines of code y: 34 # changes Solutions/QualysVM/Parsers/QualysHostDetection.yaml x: 88 lines of code y: 39 # changes Solutions/SAP ETD Cloud/Analytic Rules/SAPETD-LoginFromUnexpectedNetwork.yaml x: 65 lines of code y: 26 # changes Solutions/SAP ETD Cloud/Analytic Rules/SAPETD-SynchAlerts.yaml x: 59 lines of code y: 25 # changes Solutions/Samsung Knox Asset Intelligence/Analytic Rules/SamsungKnoxApplicationPrivilegeEscalationOrChange.yaml x: 30 lines of code y: 27 # changes Solutions/Samsung Knox Asset Intelligence/Analytic Rules/SamsungKnoxPeripheralAccessDetectionWithMic.yaml x: 34 lines of code y: 27 # changes Solutions/Semperis Directory Services Protector/Analytic Rules/SemperisDSP_EvidenceOfMimikatzDCShadowAttack.yaml x: 23 lines of code y: 76 # changes Solutions/Semperis Directory Services Protector/Analytic Rules/SemperisDSP_KerberoskrbtgtAccount.yaml x: 32 lines of code y: 91 # changes Solutions/Semperis Directory Services Protector/Analytic Rules/SemperisDSP_WellKnownPrivilegedSIDsInsIDHistory.yaml x: 33 lines of code y: 76 # changes Solutions/Semperis Directory Services Protector/Analytic Rules/Semperis_DSP_Failed_Logons.yaml x: 53 lines of code y: 86 # changes Solutions/Semperis Directory Services Protector/Analytic Rules/Semperis_DSP_RBAC_Changes.yaml x: 61 lines of code y: 86 # changes Solutions/Semperis Directory Services Protector/Parsers/dsp_parser.yaml x: 44 lines of code y: 49 # changes Solutions/Threat Intelligence (NEW)/Analytic Rules/DomainEntity_CommonSecurityLog.yaml x: 50 lines of code y: 5 # changes Solutions/Threat Intelligence (NEW)/Analytic Rules/DomainEntity_DnsEvents.yaml x: 74 lines of code y: 9 # changes Solutions/Threat Intelligence (NEW)/Analytic Rules/DomainEntity_EmailEvents_Updated.yaml x: 52 lines of code y: 5 # changes Solutions/Threat Intelligence (NEW)/Analytic Rules/DomainEntity_EmailUrlInfo_Updated.yaml x: 66 lines of code y: 5 # changes Solutions/Threat Intelligence (NEW)/Analytic Rules/DomainEntity_PaloAlto.yaml x: 108 lines of code y: 5 # changes Solutions/Threat Intelligence (NEW)/Analytic Rules/DomainEntity_imWebSession.yaml x: 57 lines of code y: 9 # changes Solutions/Threat Intelligence (NEW)/Analytic Rules/EmailEntity_SecurityAlert.yaml x: 65 lines of code y: 9 # changes Solutions/Threat Intelligence (NEW)/Analytic Rules/FileHashEntity_CommonSecurityLog.yaml x: 63 lines of code y: 9 # changes Solutions/Threat Intelligence (NEW)/Analytic Rules/FileHashEntity_DeviceFileEvents_Updated.yaml x: 38 lines of code y: 5 # changes Solutions/Threat Intelligence (NEW)/Analytic Rules/URLEntity_AuditLogs.yaml x: 61 lines of code y: 5 # changes Solutions/Threat Intelligence (NEW)/Analytic Rules/URLEntity_PaloAlto.yaml x: 79 lines of code y: 5 # changes Solutions/Threat Intelligence (NEW)/Analytic Rules/URLEntity_Syslog.yaml x: 31 lines of code y: 5 # changes Solutions/Threat Intelligence (NEW)/Analytic Rules/imDns_IPEntity_DnsEvents.yaml x: 80 lines of code y: 8 # changes Solutions/Threat Intelligence (NEW)/Hunting Queries/FileEntity_WireData.yaml x: 40 lines of code y: 5 # changes Solutions/Threat Intelligence/Analytic Rules/IPEntity_CustomSecurityLog.yaml x: 69 lines of code y: 135 # changes Solutions/Threat Intelligence/Analytic Rules/IPEntity_imWebSession.yaml x: 39 lines of code y: 139 # changes Solutions/WithSecureElementsViaFunction/Data Connectors/WithSecureElementsAzureFunction/function_app.py x: 80 lines of code y: 32 # changes Solutions/WithSecureElementsViaFunction/Data Connectors/WithSecureElementsAzureFunction/lib/message_factory.py x: 526 lines of code y: 32 # changes Solutions/WithSecureElementsViaFunction/Data Connectors/WithSecureElementsAzureFunction/lib/withsecure_client.py x: 146 lines of code y: 33 # changes Tools/Create-Azure-Sentinel-Solution/arm-ttk/run-arm-ttk-in-automation.ps1 x: 45 lines of code y: 27 # changes Tools/Create-Azure-Sentinel-Solution/common/commonFunctions.ps1 x: 3350 lines of code y: 280 # changes Tools/Create-Azure-Sentinel-Solution/common/createCCPConnector.ps1 x: 921 lines of code y: 104 # changes DataConnectors/AWS-S3/ConfigCloudTrailDataConnector.ps1 x: 299 lines of code y: 105 # changes DataConnectors/AWS-S3/ConfigCloudWatchDataConnector.ps1 x: 97 lines of code y: 86 # changes DataConnectors/AWS-S3/ConfigGuardDutyDataConnector.ps1 x: 270 lines of code y: 116 # changes DataConnectors/AWS-S3/Utils/AwsPoliciesUpdate.ps1 x: 125 lines of code y: 40 # changes DataConnectors/AWS-S3/Utils/AwsResourceCreator.ps1 x: 268 lines of code y: 115 # changes DataConnectors/AWS-S3/Utils/AwsSentinelTag.ps1 x: 15 lines of code y: 32 # changes DataConnectors/GCP/Terraform/sentinel_resources_creation/GCPCDNLogsSetup/GCPCDNLogSetup.tf x: 86 lines of code y: 11 # changes DataConnectors/GCP/Terraform/sentinel_resources_creation/GCPCloudIDSLogSetup/GCPCloudIDSLogSetup.tf x: 86 lines of code y: 12 # changes DataConnectors/GCP/Terraform/sentinel_resources_creation/GCPDNS_CCPLogsSetup/GCPDNSLogSetup.tf x: 82 lines of code y: 15 # changes DataConnectors/GCP/Terraform/sentinel_resources_creation/GCPIAMCCPLogsSetup/GCPIAMLOGS.tf x: 82 lines of code y: 13 # changes Detections/ASimProcess/SdeletedeployedviaGPOandrunrecursively(ASIMVersion).yaml x: 35 lines of code y: 109 # changes Hunting Queries/Microsoft 365 Defender/Defense evasion/suspicious-base64-encoded-registry-keys.yaml x: 26 lines of code y: 16 # changes Hunting Queries/Microsoft 365 Defender/Defense evasion/suspicious-keywords-in-registry.yaml x: 21 lines of code y: 16 # changes Hunting Queries/Microsoft 365 Defender/Email Queries/General/Email sender IP address Geo location information.yaml x: 20 lines of code y: 11 # changes Hunting Queries/Microsoft 365 Defender/Email Queries/Hunting/Automated email notifications and suspicious sign-in activity.yaml x: 26 lines of code y: 11 # changes Hunting Queries/Microsoft 365 Defender/Email Queries/Hunting/BEC - File sharing tactics - OneDrive or SharePoint.yaml x: 38 lines of code y: 11 # changes Hunting Queries/Microsoft 365 Defender/Email Queries/Hunting/Email bombing.yaml x: 12 lines of code y: 11 # changes Hunting Queries/Microsoft 365 Defender/Email Queries/Phish/Possible device code phishing attempts.yaml x: 47 lines of code y: 11 # changes Playbooks/Isolate-AzVM/Convert-SnapshotsToVHD.ps1 x: 195 lines of code y: 10 # changes Playbooks/Isolate-AzVM/Set-ManagedIdentity.ps1 x: 92 lines of code y: 10 # changes Solutions/AIShield AI Security Monitoring/Analytic Rules/BIIDetectionVulDetection.yaml x: 41 lines of code y: 12 # changes Solutions/AIShield AI Security Monitoring/Parsers/Guardian.yaml x: 27 lines of code y: 14 # changes Solutions/Armis/Data Connectors/ArmisDevice/ArmisDeviceSentinelConnector/__init__.py x: 456 lines of code y: 88 # changes Solutions/AtlassianConfluenceAudit/Data Connectors/AtlassianConfluenceAuditDataConnector/ConfluenceAuditAPISentinelConnector/__init__.py x: 115 lines of code y: 15 # changes Solutions/AtlassianConfluenceAudit/Data Connectors/AtlassianConfluenceAuditDataConnector/ConfluenceAuditAPISentinelConnector/state_manager.py x: 18 lines of code y: 15 # changes Solutions/Azure Activity/Analytic Rules/Machine_Learning_Creation.yaml x: 53 lines of code y: 19 # changes Solutions/Commvault Security IQ/Analytic Rules/CommvaultSecurityIQ_Alert.yaml x: 35 lines of code y: 38 # changes Solutions/Commvault Security IQ/Analytic Rules/Data_Alert.yaml x: 33 lines of code y: 44 # changes Solutions/Commvault Security IQ/Analytic Rules/IDP_Alert.yaml x: 31 lines of code y: 44 # changes Solutions/Commvault Security IQ/Analytic Rules/User_Alert.yaml x: 35 lines of code y: 46 # changes Solutions/Commvault Security IQ/Data Connectors/AzureFunctionCommvaultSecurityIQ/main.py x: 467 lines of code y: 75 # changes Solutions/Commvault Security IQ/Playbooks/Runbooks/Commvault_Disable_Data_Aging.py x: 78 lines of code y: 31 # changes Solutions/Commvault Security IQ/Playbooks/Runbooks/Commvault_Disable_IDP.py x: 50 lines of code y: 31 # changes Solutions/Commvault Security IQ/Playbooks/Runbooks/Commvault_Disable_User.py x: 53 lines of code y: 31 # changes Solutions/Commvault Security IQ/Tools/AssignLogicAppRoles.ps1 x: 67 lines of code y: 12 # changes Solutions/Commvault Security IQ/Tools/Setup-CommvaultAutomation.ps1 x: 222 lines of code y: 12 # changes Solutions/Corelight/Parsers/corelight_corelight_metrics_disk.yaml x: 968 lines of code y: 9 # changes Solutions/Corelight/Parsers/corelight_corelight_metrics_iface.yaml x: 164 lines of code y: 9 # changes Solutions/Corelight/Parsers/corelight_files.yaml x: 137 lines of code y: 57 # changes Solutions/Corelight/Parsers/corelight_http.yaml x: 205 lines of code y: 58 # changes Solutions/Corelight/Parsers/corelight_intel.yaml x: 101 lines of code y: 34 # changes Solutions/Corelight/Parsers/corelight_mysql.yaml x: 87 lines of code y: 34 # changes Solutions/Corelight/Parsers/corelight_notice.yaml x: 146 lines of code y: 34 # changes Solutions/Corelight/Parsers/corelight_smb_files.yaml x: 125 lines of code y: 34 # changes Solutions/Corelight/Parsers/corelight_smtp.yaml x: 129 lines of code y: 34 # changes Solutions/Corelight/Parsers/corelight_software.yaml x: 74 lines of code y: 34 # changes Solutions/Corelight/Parsers/corelight_ssl.yaml x: 133 lines of code y: 57 # changes Solutions/Corelight/Parsers/corelight_suricata_corelight.yaml x: 207 lines of code y: 35 # changes Solutions/CyberArkAudit/Data Connectors/CyberArkAuditConnector/exporter.py x: 45 lines of code y: 42 # changes Solutions/ExtraHop/Analytic Rules/ExtraHopSentinelAlerts.yaml x: 64 lines of code y: 13 # changes Solutions/ExtraHop/Data Connectors/ExtraHopDataConnector/ExtraHopDetectionsOrchestrator/__init__.py x: 11 lines of code y: 9 # changes Solutions/ExtraHop/Data Connectors/ExtraHopDataConnector/ExtraHopSentinelActivity/__init__.py x: 22 lines of code y: 9 # changes Solutions/ExtraHop/Data Connectors/ExtraHopDataConnector/ExtraHopSentinelActivity/sentinel.py x: 197 lines of code y: 9 # changes Solutions/ExtraHop/Data Connectors/ExtraHopDataConnector/SharedCode/__init__.py x: 1 lines of code y: 9 # changes Solutions/ForescoutHostPropertyMonitor/Analytic Rules/ForeScout-DNSSniffEventMonitor.yaml x: 35 lines of code y: 73 # changes Solutions/Google Apigee/Parsers/ApigeeXV2.yaml x: 43 lines of code y: 14 # changes Solutions/Google Apigee/Parsers/Unified_ApigeeX.yaml x: 82 lines of code y: 14 # changes Solutions/GoogleCloudPlatformDNS/Parsers/GCPCloudDNS.yaml x: 131 lines of code y: 50 # changes Solutions/Jamf Protect/Analytic Rules/JamfProtectAlerts.yaml x: 81 lines of code y: 97 # changes Solutions/Jamf Protect/Analytic Rules/JamfProtectNetworkThreats.yaml x: 4 lines of code y: 98 # changes Solutions/Jamf Protect/Analytic Rules/JamfProtectUnifiedLogs.yaml x: 52 lines of code y: 78 # changes Solutions/Jamf Protect/Parsers/JamfProtectAlerts.yaml x: 20 lines of code y: 7 # changes Solutions/Jamf Protect/Parsers/JamfProtectTelemetry.yaml x: 740 lines of code y: 7 # changes Solutions/Jamf Protect/Parsers/JamfProtectUnifiedLogs.yaml x: 11 lines of code y: 7 # changes Solutions/Microsoft Entra ID/Analytic Rules/SuspiciousServicePrincipalcreationactivity.yaml x: 97 lines of code y: 57 # changes Solutions/Microsoft Exchange Security - Exchange On-Premises/# - General Content/Solutions/ESICollector/OnlineDeployment/CollectExchSecIns.ps1 x: 3543 lines of code y: 12 # changes Solutions/Microsoft Exchange Security - Exchange On-Premises/Parsers/ExchangeAdminAuditLogs.yaml x: 65 lines of code y: 71 # changes Solutions/Mimecast/Analytic Rules/MimecastAudit/Mimecast_Audit.yaml x: 53 lines of code y: 37 # changes Solutions/MimecastSEG/Analytic Rules/MimecastSIEM_AV.yaml x: 56 lines of code y: 38 # changes Solutions/MimecastSEG/Analytic Rules/MimecastSIEM_Impersonation.yaml x: 60 lines of code y: 38 # changes Solutions/MimecastSEG/Analytic Rules/MimecastSIEM_Spam_Event.yaml x: 46 lines of code y: 39 # changes Solutions/Salesforce Service Cloud/Analytic Rules/Salesforce-PasswordSpray.yaml x: 34 lines of code y: 61 # changes Solutions/Salesforce Service Cloud/Analytic Rules/Salesforce-SigninsMultipleCountries.yaml x: 41 lines of code y: 61 # changes Solutions/SecurityBridge App/Analytical Rules/CriticalEventTriggered.yaml x: 36 lines of code y: 94 # changes Solutions/SecurityBridge App/Parsers/SecurityBridgeLogs.yaml x: 33 lines of code y: 49 # changes Solutions/Team Cymru Scout/Parsers/CymruScoutIP.yaml x: 92 lines of code y: 34 # changes Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/shared_code/configurations.py x: 117 lines of code y: 103 # changes Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/timer_trigger/__init__.py x: 104 lines of code y: 85 # changes Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/timer_trigger_oat/__init__.py x: 105 lines of code y: 108 # changes DataConnectors/Syslog/Forwarder_AMA_installer.py x: 248 lines of code y: 130 # changes Solutions/Azure Web Application Firewall (WAF)/Analytic Rules/App-GW-WAF-SQLiDetection.yaml x: 56 lines of code y: 33 # changes Solutions/ESET Protect Platform/Data Connectors/integration/main.py x: 147 lines of code y: 41 # changes Solutions/ESET Protect Platform/Data Connectors/integration/models.py x: 86 lines of code y: 38 # changes Solutions/ESET Protect Platform/Data Connectors/integration/utils.py x: 276 lines of code y: 47 # changes Solutions/IPinfo/Data Connectors/ASN/AzureFunctionIPinfoASN/main.py x: 78 lines of code y: 11 # changes Solutions/IPinfo/Data Connectors/ASN/AzureFunctionIPinfoASN/utils.py x: 153 lines of code y: 11 # changes Solutions/IPinfo/Data Connectors/RIRWHOIS/AzureFunctionIPinfoRIRWHOIS/constants.py x: 99 lines of code y: 11 # changes Solutions/Microsoft 365/Analytic Rules/MailItemsAccessedTimeSeries.yaml x: 80 lines of code y: 109 # changes Solutions/Microsoft Entra ID/Analytic Rules/NRT_AuthenticationMethodsChangedforVIPUsers.yaml x: 66 lines of code y: 59 # changes Solutions/ProofPointTap/Analytic Rules/MalwareLinkClicked.yaml x: 52 lines of code y: 144 # changes Solutions/Proofpoint On demand(POD) Email Security/Data Connectors/ProofpointSentinelConnector/__init__.py x: 165 lines of code y: 79 # changes Solutions/Salesforce Service Cloud/Analytic Rules/Salesforce-BruteForce.yaml x: 52 lines of code y: 73 # changes DataConnectors/AWS-S3/CloudWatchPushBasedLambdaFunction.py x: 48 lines of code y: 8 # changes DataConnectors/M365Defender-VulnerabilityManagement/maintenance/deployLatestFunctionPackage.ps1 x: 7 lines of code y: 44 # changes Detections/MultipleDataSources/AnomalousIPUsageFollowedByTeamsAction.yaml x: 128 lines of code y: 196 # changes Hunting Queries/AzureStorage/AzureStorageFileCreatedQuicklyDeleted.yaml x: 39 lines of code y: 50 # changes Hunting Queries/Microsoft 365 Defender/Email Queries/Attachment/ATP policy status check.yaml x: 27 lines of code y: 52 # changes Hunting Queries/Microsoft 365 Defender/Email Queries/Attachment/JNLP attachment.yaml x: 18 lines of code y: 50 # changes Hunting Queries/Microsoft 365 Defender/Email Queries/Attachment/Safe attachment detection.yaml x: 23 lines of code y: 51 # changes Hunting Queries/Microsoft 365 Defender/Email Queries/Authentication/Spoof attempts with auth failure.yaml x: 22 lines of code y: 52 # changes Hunting Queries/Microsoft 365 Defender/Email Queries/General/MDO daily detection summary report.yaml x: 65 lines of code y: 52 # changes Hunting Queries/Microsoft 365 Defender/Email Queries/Hunting/Emails containing links to IP addresses.yaml x: 18 lines of code y: 30 # changes Hunting Queries/Microsoft 365 Defender/Email Queries/Hunting/Hunt for email conversation take over attempts.yaml x: 40 lines of code y: 48 # changes Hunting Queries/Microsoft 365 Defender/Email Queries/Hunting/Hunt for malicious URLs using external IOC source.yaml x: 28 lines of code y: 51 # changes Hunting Queries/Microsoft 365 Defender/Email Queries/Mailflow/Detections by detection methods.yaml x: 46 lines of code y: 51 # changes Hunting Queries/Microsoft 365 Defender/Email Queries/Mailflow/Sender recipient contact establishment.yaml x: 35 lines of code y: 50 # changes Hunting Queries/Microsoft 365 Defender/Email Queries/Malware/Email containing malware accessed on a unmanaged device.yaml x: 30 lines of code y: 49 # changes Hunting Queries/Microsoft 365 Defender/Email Queries/Malware/Malware detections by detection methods.yaml x: 32 lines of code y: 52 # changes Hunting Queries/Microsoft 365 Defender/Email Queries/Quarantine/High Confidence Phish Released.yaml x: 27 lines of code y: 42 # changes Hunting Queries/Microsoft 365 Defender/Email Queries/URL Click/URLClick details based on malicious URL click alert.yaml x: 22 lines of code y: 49 # changes Hunting Queries/Microsoft 365 Defender/Email Queries/URL/Phishing Email Url Redirector.yaml x: 6 lines of code y: 50 # changes Parsers/ASimAuditEvent/Parsers/ASimAuditEvent.yaml x: 63 lines of code y: 193 # changes Parsers/ASimAuditEvent/Parsers/ASimAuditEventNative.yaml x: 44 lines of code y: 18 # changes Parsers/ASimAuditEvent/Parsers/imAuditEvent.yaml x: 93 lines of code y: 185 # changes Parsers/ASimAuditEvent/Parsers/vimAuditEventNative.yaml x: 103 lines of code y: 21 # changes Parsers/ASimAuthentication/Parsers/ASimAuthentication.yaml x: 86 lines of code y: 252 # changes Parsers/ASimAuthentication/Parsers/imAuthentication.yaml x: 115 lines of code y: 249 # changes Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionCiscoASA.yaml x: 461 lines of code y: 46 # changes Parsers/ASimNetworkSession/Parsers/vimNetworkSessionCiscoASA.yaml x: 590 lines of code y: 40 # changes Solutions/AbnormalSecurity/Data Connectors/SentinelFunctionsOrchestrator/soar_connector_async.py x: 193 lines of code y: 138 # changes Solutions/AbnormalSecurity/Data Connectors/SentinelFunctionsOrchestrator/soar_connector_async_v2.py x: 230 lines of code y: 44 # changes Solutions/AbnormalSecurity/Data Connectors/SentinelFunctionsOrchestrator/utils.py x: 135 lines of code y: 42 # changes Solutions/Amazon Web Services/Analytic Rules/AWS_LogTampering.yaml x: 49 lines of code y: 98 # changes Solutions/Apache Log4j Vulnerability Detection/Analytic Rules/UserAgentSearch_log4j.yaml x: 101 lines of code y: 114 # changes Solutions/AristaAwakeSecurity/Analytic Rules/HighMatchCountsByDevice.yaml x: 63 lines of code y: 83 # changes Solutions/Azure Cloud NGFW by Palo Alto Networks/Analytic Rules/CloudNGFW-PortScanning.yaml x: 60 lines of code y: 73 # changes Solutions/Azure Cloud NGFW by Palo Alto Networks/Analytic Rules/CloudNGFW-UnusualThreatSignatures.yaml x: 59 lines of code y: 53 # changes Solutions/Azure Cloud NGFW by Palo Alto Networks/Hunting Queries/CloudNGFW-HighRiskPorts.yaml x: 114 lines of code y: 41 # changes Solutions/BloodHound Enterprise/Analytic Rules/BloodHoundEnterpriseCriticalAttackPaths.yaml x: 30 lines of code y: 78 # changes Solutions/BloodHound Enterprise/Data Connectors/handler.go x: 172 lines of code y: 25 # changes Solutions/BloodHound Enterprise/Data Connectors/pkg/bloodhound/client.go x: 200 lines of code y: 26 # changes Solutions/BloodHound Enterprise/Data Connectors/pkg/connector/main.go x: 597 lines of code y: 28 # changes Solutions/CTERA/Analytic Rules/InfectedFileDetected.yaml x: 49 lines of code y: 13 # changes Solutions/CTERA/Analytic Rules/MassAccessDenied.yaml x: 65 lines of code y: 14 # changes Solutions/CTERA/Analytic Rules/RansomwareDetected.yaml x: 48 lines of code y: 34 # changes Solutions/CTERA/Hunting Queries/BatchDeletions.yaml x: 40 lines of code y: 13 # changes Solutions/CiscoWSA/Analytic Rules/CiscoWSAAccessToUnwantedSite.yaml x: 31 lines of code y: 81 # changes Solutions/CiscoWSA/Analytic Rules/CiscoWSADataExfiltration.yaml x: 36 lines of code y: 81 # changes Solutions/CiscoWSA/Analytic Rules/CiscoWSAMultipleErrorsToUnwantedCategory.yaml x: 40 lines of code y: 70 # changes Solutions/CiscoWSA/Analytic Rules/CiscoWSAMultipleErrorsToUrl.yaml x: 36 lines of code y: 70 # changes Solutions/CiscoWSA/Analytic Rules/CiscoWSAMultipleInfectedFiles.yaml x: 36 lines of code y: 69 # changes Solutions/CiscoWSA/Analytic Rules/CiscoWSAPublicIPSource.yaml x: 30 lines of code y: 70 # changes Solutions/CiscoWSA/Hunting Queries/CiscoWSABlockedFiles.yaml x: 24 lines of code y: 40 # changes Solutions/CiscoWSA/Hunting Queries/CiscoWSARareApplications.yaml x: 26 lines of code y: 40 # changes Solutions/CiscoWSA/Hunting Queries/CiscoWSAUncategorizedResources.yaml x: 32 lines of code y: 40 # changes Solutions/CrowdStrike Falcon Endpoint Protection/Data Connectors/CrowdstrikeReplicator/CrowdstrikeFalconAPISentinelConnector/__init__.py x: 195 lines of code y: 99 # changes Solutions/CrowdStrike Falcon Endpoint Protection/Data Connectors/CrowdstrikeReplicatorCLv2/CrowdstrikeFalconAPISentinelConn/QueueTriggerCS/__init__.py x: 284 lines of code y: 75 # changes Solutions/CyberArkAudit/Data Connectors/CyberArkAuditConnector/audit.py x: 165 lines of code y: 34 # changes Solutions/CyberArkEPM/DataConnectors/CyberArkEPMSentinelConnector/__init__.py x: 160 lines of code y: 56 # changes Solutions/Digital Guardian Data Loss Prevention/Analytic Rules/DigitalGuardianClassifiedDataInsecureTransfer.yaml x: 35 lines of code y: 24 # changes Solutions/Digital Guardian Data Loss Prevention/Analytic Rules/DigitalGuardianExfiltrationOverDNS.yaml x: 29 lines of code y: 24 # changes Solutions/Digital Guardian Data Loss Prevention/Hunting Queries/DigitalGuardianFilesSentByUsers.yaml x: 24 lines of code y: 24 # changes Solutions/Dragos/Analytic Rules/DragosNotifiction.yaml x: 63 lines of code y: 17 # changes Solutions/Dragos/Parsers/DragosPullNotificationsToSentinel.yaml x: 46 lines of code y: 17 # changes Solutions/Dragos/Parsers/DragosPushNotificationsToSentinel.yaml x: 41 lines of code y: 10 # changes Solutions/Dragos/Parsers/DragosSeverityToSentinelSeverity.yaml x: 19 lines of code y: 10 # changes Solutions/Fortinet FortiWeb Cloud WAF-as-a-Service connector for Microsoft Sentinel/Analytic Rules/Fortiweb - WAF Allowed threat.yaml x: 31 lines of code y: 65 # changes Solutions/GitLab/Analytic Rules/GitLab_BruteForce.yaml x: 48 lines of code y: 58 # changes Solutions/GitLab/Analytic Rules/GitLab_Impersonation.yaml x: 48 lines of code y: 78 # changes Solutions/GitLab/Analytic Rules/GitLab_MaliciousIP.yaml x: 49 lines of code y: 87 # changes Solutions/GitLab/Analytic Rules/GitLab_RepoVisibilityChange.yaml x: 39 lines of code y: 58 # changes Solutions/GitLab/Analytic Rules/GitLab_Repo_Deletion.yaml x: 52 lines of code y: 57 # changes Solutions/Global Secure Access/Analytic Rules/Identity - AfterHoursActivity.yaml x: 41 lines of code y: 52 # changes Solutions/Global Secure Access/Analytic Rules/SWG - Abnormal Deny Rate.yaml x: 58 lines of code y: 52 # changes Solutions/Global Secure Access/Analytic Rules/SWG - Abnormal Port to Protocol.yaml x: 54 lines of code y: 52 # changes Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Clone_Detection_Query.yaml x: 41 lines of code y: 35 # changes Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Deactivated_Query.yaml x: 50 lines of code y: 35 # changes Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Enforcement_Change_Detection_Query.yaml x: 58 lines of code y: 39 # changes Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Firewall_Tampering_Detection_Query.yaml x: 47 lines of code y: 33 # changes Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Offline_Detection_Query.yaml x: 44 lines of code y: 39 # changes Solutions/IllumioSaaS/Data Connectors/OnPremHealthFunctionApp/onprem_health_api.py x: 33 lines of code y: 13 # changes Solutions/IllumioSaaS/Data Connectors/TimedApiFunctionApp/api_response.py x: 179 lines of code y: 54 # changes Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-DataExfiltrationAttack.yaml x: 66 lines of code y: 75 # changes Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-HighThreatLevelQueryNotBlockedDetected.yaml x: 67 lines of code y: 139 # changes Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-ManyHighThreatLevelQueriesFromSingleHostDetected.yaml x: 51 lines of code y: 75 # changes Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-ManyHighThreatLevelSingleQueryDetected.yaml x: 51 lines of code y: 76 # changes Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-TI-CommonSecurityLogMatchFound-MalwareC2.yaml x: 67 lines of code y: 76 # changes Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-TI-InfobloxCDCMatchFound-LookalikeDomains.yaml x: 79 lines of code y: 77 # changes Solutions/Infoblox NIOS/Analytic Rules/ExcessiveNXDOMAINDNSQueries.yaml x: 37 lines of code y: 110 # changes Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTDenialofService.yaml x: 76 lines of code y: 154 # changes Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTExcessiveLoginAttempts.yaml x: 76 lines of code y: 145 # changes Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTFirmwareUpdates.yaml x: 76 lines of code y: 144 # changes Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTINoSensorTrafficDetected.yaml x: 76 lines of code y: 116 # changes Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTMalware.yaml x: 77 lines of code y: 144 # changes Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTPLCStopCommand.yaml x: 77 lines of code y: 154 # changes Solutions/McAfee ePolicy Orchestrator/Analytic Rules/McAfeeEPOAlertError.yaml x: 30 lines of code y: 56 # changes Solutions/McAfee ePolicy Orchestrator/Hunting Queries/McAfeeEPOAgentErrors.yaml x: 35 lines of code y: 55 # changes Solutions/McAfee ePolicy Orchestrator/Hunting Queries/McAfeeEPOApplicationsBlocked.yaml x: 28 lines of code y: 55 # changes Solutions/McAfee ePolicy Orchestrator/Hunting Queries/McAfeeEPOEmailThreats.yaml x: 39 lines of code y: 55 # changes Solutions/McAfee ePolicy Orchestrator/Hunting Queries/McAfeeEPOInfectedFiles.yaml x: 25 lines of code y: 55 # changes Solutions/Microsoft Defender XDR/Analytic Rules/Persistence/LocalAdminGroupChanges.yaml x: 83 lines of code y: 46 # changes Solutions/Microsoft Defender XDR/Analytic Rules/PossibleWebpBufferOverflow.yaml x: 87 lines of code y: 67 # changes Solutions/Microsoft Entra ID/Analytic Rules/AzureRBAC.yaml x: 57 lines of code y: 12 # changes Solutions/Microsoft Entra ID/Analytic Rules/MFARejectedbyUser.yaml x: 85 lines of code y: 80 # changes Solutions/NGINX HTTP Server/Analytic Rules/NGINXCommandsInRequest.yaml x: 31 lines of code y: 59 # changes Solutions/NGINX HTTP Server/Analytic Rules/NGINXDifferentUAsFromSingleIP.yaml x: 33 lines of code y: 59 # changes Solutions/NGINX HTTP Server/Analytic Rules/NGINXPutAndGetFileFromSameIP.yaml x: 44 lines of code y: 59 # changes Solutions/NGINX HTTP Server/Hunting Queries/NGINXRareURLsRequested.yaml x: 25 lines of code y: 59 # changes Solutions/Nasuni/Analytic Rules/RansomwareAttackDetected.yaml x: 50 lines of code y: 66 # changes Solutions/Nasuni/Hunting Queries/FileDeleteEvents.yaml x: 71 lines of code y: 66 # changes Solutions/Okta Single Sign-On/Analytic Rules/FailedLoginsFromUnknownOrInvalidUser.yaml x: 44 lines of code y: 104 # changes Solutions/Okta Single Sign-On/Analytic Rules/LoginfromUsersfromDifferentCountrieswithin3hours.yaml x: 37 lines of code y: 104 # changes Solutions/Oracle Cloud Infrastructure/Data Connectors/AzureFunctionOCILogs/main.py x: 163 lines of code y: 194 # changes Solutions/OracleDatabaseAudit/Analytic Rules/OracleDBAuditConnectFromExternalIp.yaml x: 43 lines of code y: 97 # changes Solutions/OracleDatabaseAudit/Analytic Rules/OracleDBAuditNewIpForUser.yaml x: 46 lines of code y: 97 # changes Solutions/OracleDatabaseAudit/Analytic Rules/OracleDBAuditQueryOnSensitiveTable.yaml x: 35 lines of code y: 103 # changes Solutions/OracleDatabaseAudit/Hunting Queries/OracleDBAuditActiveUsers.yaml x: 25 lines of code y: 46 # changes Solutions/OracleDatabaseAudit/Hunting Queries/OracleDBAuditDbConnectNonOperationalTime.yaml x: 39 lines of code y: 74 # changes Solutions/OracleDatabaseAudit/Hunting Queries/OracleDBAuditDroppedTables.yaml x: 27 lines of code y: 46 # changes Solutions/OracleDatabaseAudit/Hunting Queries/OracleDBAuditLargeQueries.yaml x: 34 lines of code y: 64 # changes Solutions/OracleDatabaseAudit/Hunting Queries/OracleDBAuditListOfTablesQueried.yaml x: 29 lines of code y: 63 # changes Solutions/OracleWebLogicServer/Analytic Rules/OracleWebLogicCommandInURI.yaml x: 30 lines of code y: 85 # changes Solutions/OracleWebLogicServer/Analytic Rules/OracleWebLogicDifferentUAsFromSingleIP.yaml x: 33 lines of code y: 85 # changes Solutions/OracleWebLogicServer/Analytic Rules/OracleWebLogicExploitCVE-2021-2109.yaml x: 30 lines of code y: 94 # changes Solutions/OracleWebLogicServer/Analytic Rules/OracleWebLogicMultipleClientErrorsFromSingleIP.yaml x: 33 lines of code y: 87 # changes Solutions/OracleWebLogicServer/Analytic Rules/OracleWebLogicPutSuspiciousFiles.yaml x: 43 lines of code y: 85 # changes Solutions/OracleWebLogicServer/Hunting Queries/OracleWebLogic403RequestsFiles.yaml x: 25 lines of code y: 85 # changes Solutions/OracleWebLogicServer/Hunting Queries/OracleWebLogicErrors.yaml x: 22 lines of code y: 67 # changes Solutions/OracleWebLogicServer/Hunting Queries/OracleWebLogicFilesErrorRequests.yaml x: 28 lines of code y: 66 # changes Solutions/OracleWebLogicServer/Hunting Queries/OracleWebLogicRareURLsRequested.yaml x: 25 lines of code y: 44 # changes Solutions/PaloAlto-PAN-OS/Analytic Rules/PaloAlto-NetworkBeaconing.yaml x: 65 lines of code y: 128 # changes Solutions/PaloAlto-PAN-OS/Analytic Rules/PaloAlto-PortScanning.yaml x: 65 lines of code y: 149 # changes Solutions/Recorded Future/Analytic Rules/RecordedFutureDomainMalwareC2inSyslogEvents.yaml x: 49 lines of code y: 112 # changes Solutions/SAP BTP/Analytic Rules/BTP - Failed access attempts across multiple BAS subaccounts.yaml x: 47 lines of code y: 15 # changes Solutions/SAP BTP/Analytic Rules/BTP - Malware detected in BAS dev space.yaml x: 69 lines of code y: 15 # changes Solutions/SAP BTP/Analytic Rules/BTP - Mass user deletion in a sub account.yaml x: 55 lines of code y: 15 # changes Solutions/SAP BTP/Analytic Rules/BTP - Trust and authorization Identity Provider monitor.yaml x: 74 lines of code y: 15 # changes Solutions/Salesforce Service Cloud/Data Connectors/SalesforceSentinelConnector/__init__.py x: 239 lines of code y: 87 # changes Solutions/SentinelOne/Analytic Rules/SentinelOneAgentUninstalled.yaml x: 30 lines of code y: 61 # changes Solutions/SentinelOne/Parsers/SentinelOne.yaml x: 651 lines of code y: 51 # changes Solutions/Symantec Endpoint Protection/Analytic Rules/ExcessiveBlockedTrafficGeneratedbyUser.yaml x: 54 lines of code y: 136 # changes Solutions/Symantec Endpoint Protection/Analytic Rules/MalwareDetected.yaml x: 39 lines of code y: 140 # changes Solutions/Symantec VIP/Analytic Rules/ClientDeniedAccess.yaml x: 42 lines of code y: 73 # changes Solutions/SymantecProxySG/Analytic Rules/UserAccessedSuspiciousURLCategories.yaml x: 40 lines of code y: 107 # changes Solutions/Threat Intelligence/Analytic Rules/Threat Intel Matches to GitHub Audit Logs.yaml x: 28 lines of code y: 104 # changes Tools/Create-Azure-Sentinel-Solution/V3/createSolutionV3.ps1 x: 292 lines of code y: 192 # changes Tools/Create-Azure-Sentinel-Solution/common/get-ccp-details.ps1 x: 362 lines of code y: 50 # changes Tools/Create-Azure-Sentinel-Solution/common/standardLogStreams.ps1 x: 106 lines of code y: 11 # changes ASIM/dev/ASimYaml2ARM/KqlFuncYaml2Arm.py x: 219 lines of code y: 90 # changes ASIM/dev/Parser YAML templates/ASimAlertEventTemplate.yaml x: 30 lines of code y: 17 # changes ASIM/dev/Parser YAML templates/ASimAuditEventTemplate.yaml x: 30 lines of code y: 47 # changes ASIM/dev/Parser YAML templates/ASimDhcpEventTemplate.yaml x: 30 lines of code y: 37 # changes ASIM/dev/Parser YAML templates/ASimFileEventTemplate.yaml x: 30 lines of code y: 76 # changes ASIM/dev/Parser YAML templates/vimAlertEventTemplate.yaml x: 82 lines of code y: 17 # changes ASIM/dev/Parser YAML templates/vimAuditEventTemplate.yaml x: 77 lines of code y: 48 # changes ASIM/dev/Parser YAML templates/vimAuthenticationTemplate.yaml x: 95 lines of code y: 62 # changes ASIM/dev/Parser YAML templates/vimDhcpEventTemplate.yaml x: 62 lines of code y: 37 # changes ASIM/dev/Parser YAML templates/vimDnsTemplate.yaml x: 72 lines of code y: 62 # changes ASIM/dev/Parser YAML templates/vimFileEventTemplate.yaml x: 77 lines of code y: 47 # changes ASIM/dev/Parser YAML templates/vimNetworkSessionTemplate.yaml x: 77 lines of code y: 62 # changes ASIM/dev/Parser YAML templates/vimProcessEventTemplate.yaml x: 97 lines of code y: 47 # changes ASIM/dev/Parser YAML templates/vimRegistryEventTemplate.yaml x: 72 lines of code y: 47 # changes ASIM/dev/Parser YAML templates/vimUserManagementTemplate.yaml x: 62 lines of code y: 46 # changes ASIM/lib/functions/ASIM_FillNull.yaml x: 26 lines of code y: 20 # changes DataConnectors/AWS-S3/CloudWatchLambdaFunction.py x: 47 lines of code y: 63 # changes DataConnectors/AWS-SecurityHubFindings/AzFunAWSSecurityHubIngestion/__init__.py x: 334 lines of code y: 143 # changes DataConnectors/GCP/Terraform/sentinel_resources_creation/GCPFirewallLogsSetup/GCPFirewallLogSetup.tf x: 82 lines of code y: 24 # changes DataConnectors/O365 Data/O365APItoAS-Template/TimerTrigger/run.ps1 x: 276 lines of code y: 106 # changes DataConnectors/microsoft-sentinel-log-analytics-logstash-output-plugin/lib/logstash/sentinel_la/logStashEventsBatcher.rb x: 115 lines of code y: 56 # changes DataConnectors/microsoft-sentinel-log-analytics-logstash-output-plugin/lib/logstash/sentinel_la/version.rb x: 9 lines of code y: 104 # changes DataConnectors/microsoft-sentinel-log-analytics-logstash-output-plugin/microsoft-sentinel-log-analytics-logstash-output-plugin.gemspec x: 19 lines of code y: 54 # changes Detections/CommonSecurityLog/MultiVendor-PossibleDGAContacts.yaml x: 132 lines of code y: 164 # changes Detections/MultipleDataSources/AADHostLoginCorrelation.yaml x: 128 lines of code y: 226 # changes Detections/MultipleDataSources/MailBoxTampering.yaml x: 89 lines of code y: 89 # changes Detections/MultipleDataSources/powershell_MangoSandstorm.yaml x: 79 lines of code y: 72 # changes Detections/SecurityAlert/AVSpringShell.yaml x: 5 lines of code y: 124 # changes Hunting Queries/BehaviorAnalytics/Anomalous AAD Account Manipulation.yaml x: 4 lines of code y: 125 # changes Hunting Queries/DeviceProcess/VScodeExtensionofanUser.yaml x: 45 lines of code y: 18 # changes Hunting Queries/Microsoft 365 Defender/Persistence/rare_sch_task_launch.yaml x: 45 lines of code y: 23 # changes Hunting Queries/Microsoft 365 Defender/Persistence/rare_sch_task_with_activity.yaml x: 28 lines of code y: 23 # changes Parsers/ASimAlertEvent/Parsers/ASimAlertEvent.yaml x: 36 lines of code y: 17 # changes Parsers/ASimAlertEvent/Parsers/ASimAlertEventMicrosoftDefenderXDR.yaml x: 174 lines of code y: 17 # changes Parsers/ASimAlertEvent/Parsers/ASimAlertEventSentinelOneSingularity.yaml x: 113 lines of code y: 17 # changes Parsers/ASimAlertEvent/Parsers/vimAlertEventEmpty.yaml x: 129 lines of code y: 17 # changes Parsers/ASimAlertEvent/Parsers/vimAlertEventMicrosoftDefenderXDR.yaml x: 228 lines of code y: 17 # changes Parsers/ASimAuditEvent/Parsers/ASimAuditEventIllumioSaaSCore.yaml x: 375 lines of code y: 28 # changes Parsers/ASimAuditEvent/Parsers/ASimAuditEventInfobloxBloxOne.yaml x: 143 lines of code y: 30 # changes Parsers/ASimAuditEvent/Parsers/vimAuditEventIllumioSaaSCore.yaml x: 434 lines of code y: 28 # changes Parsers/ASimAuditEvent/Parsers/vimAuditEventInfobloxBloxOne.yaml x: 179 lines of code y: 31 # changes Parsers/ASimAuthentication/Parsers/ASimAuthenticationIllumioSaaSCore.yaml x: 87 lines of code y: 23 # changes Parsers/ASimAuthentication/Parsers/ASimAuthenticationMicrosoftWindowsEvent.yaml x: 214 lines of code y: 141 # changes Parsers/ASimAuthentication/Parsers/vimAuthenticationIllumioSaaSCore.yaml x: 147 lines of code y: 24 # changes Parsers/ASimAuthentication/Parsers/vimAuthenticationMicrosoftWindowsEvent.yaml x: 396 lines of code y: 144 # changes Parsers/ASimDhcpEvent/Parsers/ASimDhcpEvent.yaml x: 36 lines of code y: 47 # changes Parsers/ASimDhcpEvent/Parsers/ASimDhcpEventInfobloxBloxOne.yaml x: 135 lines of code y: 29 # changes Parsers/ASimDhcpEvent/Parsers/imDhcpEvent.yaml x: 65 lines of code y: 46 # changes Parsers/ASimDhcpEvent/Parsers/vimDhcpEventInfobloxBloxOne.yaml x: 175 lines of code y: 29 # changes Parsers/ASimDns/Parsers/ASimDns.yaml x: 59 lines of code y: 139 # changes Parsers/ASimDns/Parsers/ASimDnsInfobloxBloxOne.yaml x: 229 lines of code y: 30 # changes Parsers/ASimDns/Parsers/imDns.yaml x: 86 lines of code y: 128 # changes Parsers/ASimDns/Parsers/vimDnsInfobloxBloxOne.yaml x: 285 lines of code y: 30 # changes Parsers/ASimNetworkSession/Parsers/ASimNetworkSession.yaml x: 103 lines of code y: 316 # changes Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionIllumioSaaSCore.yaml x: 306 lines of code y: 29 # changes Parsers/ASimNetworkSession/Parsers/imNetworkSession.yaml x: 140 lines of code y: 313 # changes Parsers/ASimNetworkSession/Parsers/vimNetworkSessionIllumioSaaSCore.yaml x: 385 lines of code y: 29 # changes Playbooks/MDTI-Actor-Lookup/function_app.py x: 104 lines of code y: 30 # changes Solutions/AbnormalSecurity/Data Connectors/SentinelFunctionsOrchestrator/__init__.py x: 143 lines of code y: 93 # changes Solutions/AbnormalSecurity/Data Connectors/SentinelFunctionsOrchestrator/soar_connector_async_v2_local_run.py x: 75 lines of code y: 24 # changes Solutions/Amazon Web Services/Analytic Rules/AWS_OverlyPermessiveKMS.yaml x: 47 lines of code y: 84 # changes Solutions/ApacheHTTPServer/Analytic Rules/ApacheRequestFromPrivateIP.yaml x: 32 lines of code y: 75 # changes Solutions/ApacheHTTPServer/Hunting Queries/ApacheRareUAWithClientErrors.yaml x: 26 lines of code y: 74 # changes Solutions/ApacheHTTPServer/Hunting Queries/ApacheRareURLsRequested.yaml x: 26 lines of code y: 68 # changes Solutions/Armis/Data Connectors/ArmisAlertsActivities/ArmisAlertActivitySentinelConnector/__init__.py x: 340 lines of code y: 30 # changes Solutions/Armis/Data Connectors/ArmisAlertsActivities/ArmisAlertActivitySentinelConnector/consts.py x: 30 lines of code y: 29 # changes Solutions/Armis/Data Connectors/ArmisAlertsActivities/ArmisAlertActivitySentinelConnector/exports_store.py x: 74 lines of code y: 17 # changes Solutions/Armis/Data Connectors/ArmisAlertsActivities/ArmisAlertActivitySentinelConnector/state_manager.py x: 33 lines of code y: 28 # changes Solutions/Armis/Data Connectors/ArmisAlertsActivities/ArmisAlertActivitySentinelConnector/utils.py x: 205 lines of code y: 33 # changes Solutions/Armis/Data Connectors/ArmisDevice/Exceptions/ArmisExceptions.py x: 6 lines of code y: 40 # changes Solutions/Azure Cloud NGFW by Palo Alto Networks/Analytic Rules/CloudNGFW-NetworkBeaconing.yaml x: 67 lines of code y: 54 # changes Solutions/BitSight/Data Connectors/BitSightDataConnector/AlertsGraphStatisticsDetails/bitsight_statistics.py x: 473 lines of code y: 57 # changes Solutions/BitSight/Data Connectors/BitSightDataConnector/BreachesDetails/bitsight_breaches.py x: 189 lines of code y: 78 # changes Solutions/BitSight/Data Connectors/BitSightDataConnector/CompaniesDetails/bitsight_companies.py x: 248 lines of code y: 77 # changes Solutions/BitSight/Data Connectors/BitSightDataConnector/FindingsSummaryDetails/bitsight_findings_summary.py x: 226 lines of code y: 78 # changes Solutions/BitSight/Data Connectors/BitSightDataConnector/SharedCode/bitsight_client.py x: 153 lines of code y: 57 # changes Solutions/BitSight/Data Connectors/BitSightDataConnector/SharedCode/utils.py x: 201 lines of code y: 53 # changes Solutions/BloodHound Enterprise/Data Connectors/pkg/azure/client.go x: 12 lines of code y: 12 # changes Solutions/BloodHound Enterprise/Data Connectors/pkg/control/http_control.go x: 45 lines of code y: 12 # changes Solutions/BloodHound Enterprise/Data Connectors/pkg/model/model.go x: 36 lines of code y: 12 # changes Solutions/Box/Parsers/BoxEvents.yaml x: 320 lines of code y: 48 # changes Solutions/Cisco ISE/Analytic Rules/CiscoISEAdminPasswordReset.yaml x: 38 lines of code y: 106 # changes Solutions/Cisco ISE/Analytic Rules/CiscoISEAttempDeleteLocalStoreLogs.yaml x: 42 lines of code y: 106 # changes Solutions/Cisco ISE/Analytic Rules/CiscoISECmdExecutionWithHighestPrivilegesNewIP.yaml x: 51 lines of code y: 132 # changes Solutions/Cisco ISE/Analytic Rules/CiscoISEDeviceChangedIP.yaml x: 45 lines of code y: 106 # changes Solutions/Cisco ISE/Hunting Queries/CiscoISEAuthenticationToSuspendedAccount.yaml x: 16 lines of code y: 48 # changes Solutions/Cisco ISE/Hunting Queries/CiscoISEGuestAuthenticationSuccess.yaml x: 20 lines of code y: 48 # changes Solutions/CiscoSEG/Analytic Rules/CiscoSEGDLPViolation.yaml x: 32 lines of code y: 101 # changes Solutions/CiscoSEG/Analytic Rules/CiscoSEGSuspiciousSenderDomain.yaml x: 39 lines of code y: 101 # changes Solutions/CiscoSEG/Hunting Queries/CiscoSEGDroppedInMails.yaml x: 25 lines of code y: 74 # changes Solutions/CiscoSEG/Hunting Queries/CiscoSEGDroppedOutMails.yaml x: 25 lines of code y: 71 # changes Solutions/CiscoSEG/Hunting Queries/CiscoSEGFailedDKIMFailure.yaml x: 25 lines of code y: 70 # changes Solutions/CiscoSEG/Hunting Queries/CiscoSEGInsecureProtocol.yaml x: 25 lines of code y: 96 # changes Solutions/CiscoSEG/Hunting Queries/CiscoSEGSpamMails.yaml x: 27 lines of code y: 97 # changes Solutions/CiscoSEG/Hunting Queries/CiscoSEGUsersReceivedSpam.yaml x: 27 lines of code y: 126 # changes Solutions/CiscoSEG/Parsers/CiscoSEGEvent.yaml x: 47 lines of code y: 46 # changes Solutions/Claroty/Analytic Rules/ClarotyAssetDown.yaml x: 30 lines of code y: 107 # changes Solutions/Claroty/Analytic Rules/ClarotyLoginToUncommonSite.yaml x: 44 lines of code y: 125 # changes Solutions/Claroty/Analytic Rules/ClarotyMultipleFailedLoginsSameDst.yaml x: 37 lines of code y: 125 # changes Solutions/Claroty/Hunting Queries/ClarotyBaselineDeviation.yaml x: 24 lines of code y: 78 # changes Solutions/Claroty/Hunting Queries/ClarotyUnapprovedAccess.yaml x: 24 lines of code y: 79 # changes Solutions/Cloudflare/Data Connectors/AzureFunctionCloudflare/main.py x: 160 lines of code y: 220 # changes Solutions/Cloudflare/Data Connectors/AzureFunctionCloudflare/sentinel_connector_async.py x: 94 lines of code y: 77 # changes Solutions/CohesitySecurity/Data Connectors/Helios2Sentinel/IncidentProducer/IncidentProducer.cs x: 376 lines of code y: 83 # changes Solutions/Corelight/Parsers/corelight_conn.yaml x: 198 lines of code y: 48 # changes Solutions/Corelight/Parsers/corelight_dns.yaml x: 167 lines of code y: 48 # changes Solutions/Corelight/Parsers/corelight_etc_viz.yaml x: 111 lines of code y: 48 # changes Solutions/Corelight/Parsers/corelight_ftp.yaml x: 107 lines of code y: 48 # changes Solutions/Corelight/Parsers/corelight_rdp.yaml x: 117 lines of code y: 48 # changes Solutions/Corelight/Parsers/corelight_ssh.yaml x: 162 lines of code y: 48 # changes Solutions/Corelight/Parsers/corelight_vpn.yaml x: 177 lines of code y: 48 # changes Solutions/CrowdStrike Falcon Endpoint Protection/Analytic Rules/CriticalOrHighSeverityDetectionsByUser.yaml x: 19 lines of code y: 167 # changes Solutions/CrowdStrike Falcon Endpoint Protection/Analytic Rules/CriticalSeverityDetection.yaml x: 45 lines of code y: 167 # changes Solutions/CrowdStrike Falcon Endpoint Protection/Data Connectors/CrowdstrikeReplicatorCLv2/CrowdstrikeFalconAPISentinelConn/Replicator/main_aws_queue.py x: 157 lines of code y: 95 # changes Solutions/DNS Essentials/Analytic Rules/MultipleErrorsReportedForSameDNSQueryStaticThresholdBased.yaml x: 74 lines of code y: 85 # changes Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/DomainRiskScore/__init__.py x: 70 lines of code y: 27 # changes Solutions/ESET Protect Platform/Data Connectors/function_app.py x: 17 lines of code y: 22 # changes Solutions/ESET Protect Platform/Data Connectors/integration/__init__.py x: 1 lines of code y: 21 # changes Solutions/ESET Protect Platform/Data Connectors/integration/exceptions.py x: 29 lines of code y: 22 # changes Solutions/ESET Protect Platform/Data Connectors/integration/models_detections.py x: 96 lines of code y: 27 # changes Solutions/ESET Protect Platform/Parsers/ESETProtectPlatform.yaml x: 54 lines of code y: 14 # changes Solutions/Endpoint Threat Protection Essentials/Analytic Rules/MacroInvokingShellBrowserWindowCOMObjects.yaml x: 48 lines of code y: 99 # changes Solutions/FalconFriday/Analytic Rules/MatchLegitimateNameOrLocation.yaml x: 62 lines of code y: 70 # changes Solutions/FalconFriday/Analytic Rules/PasswordSprayingWithMDE.yaml x: 47 lines of code y: 70 # changes Solutions/Global Secure Access/Analytic Rules/Office 365 - External User added to Team and immediately uploads file.yaml x: 125 lines of code y: 50 # changes Solutions/Global Secure Access/Analytic Rules/Office 365 - ExternalUserAddedRemovedInTeams.yaml x: 94 lines of code y: 42 # changes Solutions/Global Secure Access/Analytic Rules/Office 365 - Mail_redirect_via_ExO_transport_rule.yaml x: 119 lines of code y: 50 # changes Solutions/Global Secure Access/Analytic Rules/Office 365 - Malicious_Inbox_Rule.yaml x: 76 lines of code y: 42 # changes Solutions/Global Secure Access/Analytic Rules/Office 365 - MultipleTeamsDeletes.yaml x: 58 lines of code y: 42 # changes Solutions/Global Secure Access/Analytic Rules/Office 365 - Office_Uploaded_Executables.yaml x: 85 lines of code y: 42 # changes Solutions/Global Secure Access/Analytic Rules/Office 365 - SharePoint_Downloads_byNewUserAgent.yaml x: 116 lines of code y: 42 # changes Solutions/Global Secure Access/Analytic Rules/Office 365 - office_policytampering.yaml x: 100 lines of code y: 42 # changes Solutions/Global Secure Access/Analytic Rules/Office 365 - sharepoint_file_transfer_above_threshold.yaml x: 87 lines of code y: 43 # changes Solutions/Global Secure Access/Hunting Queries/AnomolousUserAccessingOtherUsersMailbox.yaml x: 110 lines of code y: 43 # changes Solutions/Global Secure Access/Hunting Queries/ExternalUserFromNewOrgAddedToTeams.yaml x: 15 lines of code y: 35 # changes Solutions/Global Secure Access/Hunting Queries/Mail_redirect_via_ExO_transport_rule_hunting.yaml x: 73 lines of code y: 35 # changes Solutions/Global Secure Access/Hunting Queries/MultiTeamBot.yaml x: 58 lines of code y: 35 # changes Solutions/Global Secure Access/Hunting Queries/MultipleTeamsDeletes.yaml x: 65 lines of code y: 35 # changes Solutions/IllumioSaaS/Data Connectors/CommonCode/__init__.py x: 1 lines of code y: 22 # changes Solutions/IllumioSaaS/Data Connectors/CommonCode/azure_storage_queue.py x: 32 lines of code y: 22 # changes Solutions/IllumioSaaS/Data Connectors/CommonCode/helper.py x: 21 lines of code y: 22 # changes Solutions/IllumioSaaS/Data Connectors/CommonCode/sentinel_connector.py x: 48 lines of code y: 22 # changes Solutions/IllumioSaaS/Data Connectors/QueueTriggerFuncApp/azure_queue_trigger.py x: 161 lines of code y: 59 # changes Solutions/IllumioSaaS/Data Connectors/TimedSQSFunctionApp/aws_queue.py x: 250 lines of code y: 60 # changes Solutions/Malware Protection Essentials/Analytic Rules/SuspiciousProcessCreation.yaml x: 95 lines of code y: 49 # changes Solutions/Microsoft 365/Analytic Rules/sharepoint_file_transfer_above_threshold.yaml x: 59 lines of code y: 124 # changes Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - Anomalous application user activity.yaml x: 96 lines of code y: 17 # changes Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - Audit log data deletion.yaml x: 61 lines of code y: 16 # changes Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - Guest user exfiltration following Power Platform defense impairment.yaml x: 126 lines of code y: 18 # changes Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - Hierarchy security manipulation.yaml x: 99 lines of code y: 16 # changes Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - Malware found in SharePoint document management site.yaml x: 90 lines of code y: 16 # changes Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - Mass export of records to Excel.yaml x: 90 lines of code y: 17 # changes Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - Mass record updates.yaml x: 85 lines of code y: 16 # changes Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - TI map IP to DataverseActivity.yaml x: 118 lines of code y: 17 # changes Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - TI map URL to DataverseActivity.yaml x: 123 lines of code y: 17 # changes Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - Terminated employee exfiltration over email.yaml x: 106 lines of code y: 16 # changes Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - Unusual sign-in following disabled IP address-based cookie binding protection.yaml x: 108 lines of code y: 17 # changes Solutions/Microsoft Business Applications/Analytic Rules/F&O - Bank account change following network alias reassignment.yaml x: 87 lines of code y: 17 # changes Solutions/Microsoft Business Applications/Analytic Rules/F&O - Reverted bank account number modifications.yaml x: 67 lines of code y: 17 # changes Solutions/Microsoft Business Applications/Analytic Rules/Power Apps - App activity from unauthorized geo.yaml x: 94 lines of code y: 18 # changes Solutions/Microsoft Business Applications/Analytic Rules/Power Apps - Bulk sharing of Power Apps to newly created guest users.yaml x: 110 lines of code y: 18 # changes Solutions/Microsoft Business Applications/Analytic Rules/Power Apps - Multiple users access a malicious link after launching new app.yaml x: 203 lines of code y: 18 # changes Solutions/Microsoft Business Applications/Hunting Queries/Dataverse - Identity management activity outside of privileged directory role membership.yaml x: 36 lines of code y: 16 # changes Solutions/Microsoft Business Applications/Parsers/MSBizAppsNetworkAddresses.yaml x: 33 lines of code y: 18 # changes Solutions/Microsoft Business Applications/Parsers/MSBizAppsOrgSettings.yaml x: 478 lines of code y: 18 # changes Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Hunting/BEC - File sharing tactics - OneDrive or SharePoint.yaml x: 38 lines of code y: 23 # changes Solutions/Microsoft Entra ID/Analytic Rules/PrivlegedRoleAssignedOutsidePIM.yaml x: 69 lines of code y: 68 # changes Solutions/Microsoft Exchange Security - Exchange On-Premises/Parsers/MESCompareDataOnPMRA.yaml x: 183 lines of code y: 25 # changes Solutions/Microsoft Exchange Security - Exchange Online/Parsers/MESCompareDataMRA.yaml x: 187 lines of code y: 54 # changes Solutions/Mimecast/Analytic Rules/MimecastSEG/MimecastCG_AV.yaml x: 45 lines of code y: 25 # changes Solutions/Mimecast/Analytic Rules/MimecastSEG/MimecastCG_Attachment.yaml x: 55 lines of code y: 25 # changes Solutions/Mimecast/Analytic Rules/MimecastSEG/MimecastDLP_Notifications.yaml x: 44 lines of code y: 24 # changes Solutions/Mimecast/Data Connectors/MimecastAT/PerformanceDetails/__init__.py x: 15 lines of code y: 24 # changes Solutions/Mimecast/Data Connectors/MimecastAT/PerformanceDetails/mimecast_performance_details_to_sentinel.py x: 216 lines of code y: 24 # changes Solutions/Mimecast/Data Connectors/MimecastAT/SharedCode/__init__.py x: 1 lines of code y: 24 # changes Solutions/Mimecast/Data Connectors/MimecastAT/SharedCode/consts.py x: 58 lines of code y: 24 # changes Solutions/Mimecast/Data Connectors/MimecastAT/SharedCode/sentinel.py x: 249 lines of code y: 25 # changes Solutions/Mimecast/Data Connectors/MimecastAT/SharedCode/utils.py x: 751 lines of code y: 25 # changes Solutions/Mimecast/Data Connectors/MimecastAT/UserData/mimecast_user_data_to_sentinel.py x: 233 lines of code y: 24 # changes Solutions/Mimecast/Data Connectors/MimecastAudit/MimecastAudit/__init__.py x: 47 lines of code y: 24 # changes Solutions/Mimecast/Data Connectors/MimecastAudit/MimecastAudit/mimecast_audit_to_sentinel.py x: 474 lines of code y: 25 # changes Solutions/Mimecast/Data Connectors/MimecastAudit/SharedCode/consts.py x: 54 lines of code y: 24 # changes Solutions/Mimecast/Data Connectors/MimecastAudit/SharedCode/sentinel.py x: 256 lines of code y: 25 # changes Solutions/Mimecast/Data Connectors/MimecastAudit/SharedCode/utils.py x: 565 lines of code y: 25 # changes Solutions/Mimecast/Data Connectors/MimecastCloudIntegrated/MimecastCI/mimecast_ci_to_sentinel.py x: 553 lines of code y: 24 # changes Solutions/Mimecast/Data Connectors/MimecastCloudIntegrated/SharedCode/sentinel.py x: 318 lines of code y: 26 # changes Solutions/Mimecast/Data Connectors/MimecastCloudIntegrated/SharedCode/utils.py x: 628 lines of code y: 25 # changes Solutions/Mimecast/Data Connectors/MimecastSEG/MimecastDLP/mimecast_dlp_to_sentinel.py x: 342 lines of code y: 24 # changes Solutions/Mimecast/Data Connectors/MimecastSEG/SharedCode/consts.py x: 69 lines of code y: 24 # changes Solutions/Mimecast/Data Connectors/MimecastSEG/SharedCode/sentinel.py x: 386 lines of code y: 25 # changes Solutions/Mimecast/Data Connectors/MimecastSEG/SharedCode/utils.py x: 625 lines of code y: 25 # changes Solutions/Mimecast/Data Connectors/MimecastTTP/MimecastTTPAttachment/mimecast_ttp_attachment.py x: 222 lines of code y: 24 # changes Solutions/Mimecast/Data Connectors/MimecastTTP/MimecastTTPImpersonation/mimecast_ttp_impersonation.py x: 224 lines of code y: 24 # changes Solutions/Mimecast/Data Connectors/MimecastTTP/SharedCode/utils.py x: 733 lines of code y: 25 # changes Solutions/Mimecast/Parsers/MimecastSEG/Mimecast_SEG_CG.yaml x: 195 lines of code y: 24 # changes Solutions/Mimecast/Parsers/MimecastTTP/Mimecast_TTP_Url.yaml x: 99 lines of code y: 24 # changes Solutions/Okta Single Sign-On/Analytic Rules/DeviceRegistrationMaliciousIP.yaml x: 50 lines of code y: 79 # changes Solutions/Okta Single Sign-On/Analytic Rules/NewDeviceLocationCriticalOperation.yaml x: 61 lines of code y: 77 # changes Solutions/Okta Single Sign-On/Parsers/OktaSSO.yaml x: 157 lines of code y: 65 # changes Solutions/PaloAlto-PAN-OS/Analytic Rules/FileHashEntity_Covid19_CommonSecurityLog.yaml x: 70 lines of code y: 122 # changes Solutions/PaloAlto-PAN-OS/Hunting Queries/Palo Alto - potential beaconing detected.yaml x: 61 lines of code y: 109 # changes Solutions/PaloAlto-PAN-OS/Hunting Queries/PaloAlto-HighRiskPorts.yaml x: 112 lines of code y: 100 # changes Solutions/PaloAltoCDL/Analytic Rules/PaloAltoCDLConflictingMacAddress.yaml x: 39 lines of code y: 103 # changes Solutions/PaloAltoCDL/Analytic Rules/PaloAltoCDLInboundRiskPorts.yaml x: 33 lines of code y: 100 # changes Solutions/PaloAltoCDL/Hunting Queries/PaloAltoCDLCriticalEventResult.yaml x: 28 lines of code y: 73 # changes Solutions/PaloAltoCDL/Hunting Queries/PaloAltoCDLFilePermissionWithPutRequest.yaml x: 26 lines of code y: 72 # changes Solutions/PaloAltoCDL/Hunting Queries/PaloAltoCDLOutdatedConfigVersions.yaml x: 27 lines of code y: 101 # changes Solutions/PingFederate/Analytic Rules/PingFederateAbnormalPasswordResetsAttempts.yaml x: 32 lines of code y: 129 # changes Solutions/PingFederate/Analytic Rules/PingFederateAuthFromNewSource.yaml x: 42 lines of code y: 129 # changes Solutions/PingFederate/Analytic Rules/PingFederateForbiddenCountry.yaml x: 36 lines of code y: 131 # changes Solutions/PingFederate/Hunting Queries/PingFederateUnusualCountry.yaml x: 34 lines of code y: 78 # changes Solutions/Pure Storage/Analytic Rules/FB-FabricModuleUnhealthy.yaml x: 44 lines of code y: 20 # changes Solutions/Pure Storage/Parsers/PureStorageFlashArrayParser.yaml x: 20 lines of code y: 20 # changes Solutions/RubrikSecurityCloud/Data Connectors/RubrikWebhookEvents/RubrikAnomalyOrchestrator/__init__.py x: 14 lines of code y: 39 # changes Solutions/RubrikSecurityCloud/Data Connectors/RubrikWebhookEvents/RubrikHttpStarter/__init__.py x: 55 lines of code y: 39 # changes Solutions/RubrikSecurityCloud/Data Connectors/RubrikWebhookEvents/shared_code/consts.py x: 10 lines of code y: 39 # changes Solutions/Team Cymru Scout/Data Connectors/TeamCymruScout/AccountUsageDataCollector/__init__.py x: 17 lines of code y: 23 # changes Solutions/Team Cymru Scout/Data Connectors/TeamCymruScout/DomainDataCollector/__init__.py x: 12 lines of code y: 23 # changes Solutions/Team Cymru Scout/Data Connectors/TeamCymruScout/IPDataCollector/ip_collector.py x: 252 lines of code y: 23 # changes Solutions/Team Cymru Scout/Data Connectors/TeamCymruScout/SharedCode/get_logs_data.py x: 52 lines of code y: 23 # changes Solutions/Team Cymru Scout/Data Connectors/TeamCymruScout/SharedCode/teamcymruscout_client.py x: 173 lines of code y: 24 # changes Solutions/Team Cymru Scout/Data Connectors/TeamCymruScout/SharedCode/utils.py x: 147 lines of code y: 25 # changes Solutions/Team Cymru Scout/Parsers/CymruScoutDomain.yaml x: 43 lines of code y: 23 # changes Solutions/Team Cymru Scout/Parsers/CymruScoutWhois.yaml x: 110 lines of code y: 23 # changes Solutions/Tenable App/Data Connectors/TenableVM/TenableAssetExportOrchestrator/__init__.py x: 71 lines of code y: 38 # changes Solutions/Tenable App/Data Connectors/TenableVM/TenableAssetExportStatusAndSendChunks/__init__.py x: 75 lines of code y: 37 # changes Solutions/Tenable App/Data Connectors/TenableVM/TenableCleanTables/__init__.py x: 41 lines of code y: 37 # changes Solutions/Tenable App/Data Connectors/TenableVM/TenableCleanUpOrchestrator/__init__.py x: 13 lines of code y: 37 # changes Solutions/Tenable App/Data Connectors/TenableVM/TenableComplianceExportOrchestrator/__init__.py x: 87 lines of code y: 21 # changes Solutions/Tenable App/Data Connectors/TenableVM/TenableComplianceExportStatusAndSendChunks/__init__.py x: 90 lines of code y: 21 # changes Solutions/Tenable App/Data Connectors/TenableVM/TenableExportStarter/__init__.py x: 134 lines of code y: 37 # changes Solutions/Tenable App/Data Connectors/TenableVM/TenableExportsOrchestrator/__init__.py x: 176 lines of code y: 37 # changes Solutions/Tenable App/Data Connectors/TenableVM/TenableGenerateJobStats/__init__.py x: 142 lines of code y: 37 # changes Solutions/Tenable App/Data Connectors/TenableVM/TenableProcessAssetChunkFromQueue/__init__.py x: 82 lines of code y: 37 # changes Solutions/Tenable App/Data Connectors/TenableVM/TenableProcessComplianceChunkFromQueue/__init__.py x: 125 lines of code y: 21 # changes Solutions/Tenable App/Data Connectors/TenableVM/TenableProcessFailedAssetChunkFromQueue/__init__.py x: 35 lines of code y: 37 # changes Solutions/Tenable App/Data Connectors/TenableVM/TenableProcessFailedComplianceChunkFromQueue/__init__.py x: 45 lines of code y: 21 # changes Solutions/Tenable App/Data Connectors/TenableVM/TenableProcessVulnChunkFromQueue/__init__.py x: 87 lines of code y: 37 # changes Solutions/Tenable App/Data Connectors/TenableVM/TenableStartAssetExportJob/__init__.py x: 11 lines of code y: 37 # changes Solutions/Tenable App/Data Connectors/TenableVM/exports_queue.py x: 30 lines of code y: 38 # changes Solutions/Tenable App/Data Connectors/TenableVM/exports_store.py x: 138 lines of code y: 38 # changes Solutions/Threat Intelligence/Analytic Rules/DomainEntity_EmailUrlInfo.yaml x: 74 lines of code y: 69 # changes Solutions/Threat Intelligence/Analytic Rules/IPEntity_CloudAppEvents.yaml x: 4 lines of code y: 59 # changes Solutions/Threat Intelligence/Analytic Rules/imDns_DomainEntity_DnsEvents.yaml x: 109 lines of code y: 149 # changes Solutions/Tomcat/Analytic Rules/TomcatServerErrorsAfterMultipleRequestsFromSameIP.yaml x: 46 lines of code y: 72 # changes Solutions/Tomcat/Hunting Queries/TomcatERRORs.yaml x: 24 lines of code y: 47 # changes Solutions/TransmitSecurity/Data Connectors/TransmitSecurityConnector/__init__.py x: 126 lines of code y: 29 # changes Solutions/Trend Micro Apex One/Analytic Rules/TMApexOneDvcAccessPermissionWasChanged.yaml x: 46 lines of code y: 105 # changes Solutions/Trend Micro Apex One/Analytic Rules/TMApexOnePossibleExploitOrExecuteOperation.yaml x: 36 lines of code y: 122 # changes Solutions/Trend Micro Apex One/Hunting Queries/TMApexOneDataLossPreventionAction.yaml x: 69 lines of code y: 84 # changes Solutions/Trend Micro Apex One/Hunting Queries/TMApexOneRareAppProtocolByIP.yaml x: 148 lines of code y: 100 # changes Solutions/Trend Micro Apex One/Hunting Queries/TMApexOneTopSources.yaml x: 39 lines of code y: 72 # changes Solutions/Ubiquiti UniFi/Hunting Queries/UbiquitiTopBlockedExternalServices.yaml x: 47 lines of code y: 59 # changes Solutions/Ubiquiti UniFi/Hunting Queries/UbiquitiUnusualSubdomains.yaml x: 29 lines of code y: 84 # changes Solutions/VMWareESXi/Analytic Rules/ESXiDormantVMStarted.yaml x: 57 lines of code y: 110 # changes Solutions/VMWareESXi/Analytic Rules/ESXiMultipleNewVM.yaml x: 46 lines of code y: 109 # changes Solutions/VMWareESXi/Analytic Rules/ESXiMultipleVMStopped.yaml x: 43 lines of code y: 109 # changes Solutions/VMWareESXi/Analytic Rules/ESXiNewVM.yaml x: 39 lines of code y: 77 # changes Solutions/VMWareESXi/Analytic Rules/ESXiRootLogin.yaml x: 40 lines of code y: 86 # changes Solutions/VMWareESXi/Analytic Rules/ESXiUnexpectedDiskImage.yaml x: 39 lines of code y: 78 # changes Solutions/VMWareESXi/Hunting Queries/ESXiDormantUsers.yaml x: 25 lines of code y: 39 # changes Solutions/VMWareESXi/Hunting Queries/ESXiUnusedVMs.yaml x: 57 lines of code y: 67 # changes Solutions/VMWareESXi/Hunting Queries/ESXiVMHighLoad.yaml x: 28 lines of code y: 39 # changes Solutions/VMware vCenter/Parsers/vCenter.yaml x: 31 lines of code y: 48 # changes Solutions/Vectra AI Detect/Analytic Rules/VectraDetect-Account-Detections.yaml x: 94 lines of code y: 95 # changes Solutions/Vectra AI Detect/Analytic Rules/VectraDetect-Account-by-Severity.yaml x: 37 lines of code y: 141 # changes Solutions/Vectra AI Detect/Analytic Rules/VectraDetect-HighSeverityDetection-by-Tactics.yaml x: 114 lines of code y: 141 # changes Solutions/Vectra AI Detect/Analytic Rules/VectraDetect-Host-Detections.yaml x: 87 lines of code y: 95 # changes Solutions/Vectra AI Detect/Analytic Rules/VectraDetect-Host-by-Severity.yaml x: 87 lines of code y: 141 # changes Solutions/Vectra AI Detect/Analytic Rules/VectraDetect-NewCampaign.yaml x: 62 lines of code y: 158 # changes Solutions/Vectra AI Detect/Analytic Rules/VectraDetect-Suspected-Behavior-by-Tactics.yaml x: 100 lines of code y: 141 # changes Solutions/Vectra AI Stream/Parsers/vectra_match.yaml x: 17 lines of code y: 18 # changes Solutions/Vectra AI Stream/Parsers/vectra_stream.yaml x: 13 lines of code y: 33 # changes Solutions/Windows Security Events/Hunting Queries/ServiceInstallationFromUsersWritableDirectory.yaml x: 38 lines of code y: 48 # changes Solutions/ZeroNetworks/Parsers/ZNSegmentAudit.yaml x: 208 lines of code y: 57 # changes Solutions/Zscaler Internet Access/Analytic Rules/DiscordCDNRiskyDownload.yaml x: 50 lines of code y: 88 # changes Solutions/Zscaler Internet Access/Analytic Rules/Zscaler-LowVolumeDomainRequests.yaml x: 53 lines of code y: 103 # changes Solutions/Zscaler Private Access (ZPA)/Analytic Rules/ZscalerSharedZPASession.yaml x: 54 lines of code y: 91 # changes Solutions/Zscaler Private Access (ZPA)/Analytic Rules/ZscalerUnexpectedCountEventResult.yaml x: 33 lines of code y: 90 # changes Solutions/Zscaler Private Access (ZPA)/Analytic Rules/ZscalerUnexpectedCountries.yaml x: 36 lines of code y: 88 # changes Solutions/Zscaler Private Access (ZPA)/Analytic Rules/ZscalerZPAConnectionsOutsideOperationalHours.yaml x: 33 lines of code y: 74 # changes Solutions/Zscaler Private Access (ZPA)/Hunting Queries/ZscalerApplicationByUsers.yaml x: 24 lines of code y: 43 # changes Solutions/Zscaler Private Access (ZPA)/Hunting Queries/ZscalerIPsByPorts.yaml x: 24 lines of code y: 68 # changes Solutions/Zscaler Private Access (ZPA)/Hunting Queries/ZscalerTopConnectors.yaml x: 26 lines of code y: 43 # changes Solutions/Zscaler Private Access (ZPA)/Hunting Queries/ZscalerTopSourceIP.yaml x: 25 lines of code y: 42 # changes DataConnectors/microsoft-sentinel-log-analytics-logstash-output-plugin/lib/logstash/sentinel_la/logAnalyticsAadTokenProvider.rb x: 71 lines of code y: 92 # changes DataConnectors/microsoft-sentinel-log-analytics-logstash-output-plugin/lib/logstash/sentinel_la/logAnalyticsClient.rb x: 102 lines of code y: 96 # changes Detections/CommonSecurityLog/TimeSeriesAnomaly-MultiVendor_NetworkTraffic.yaml x: 92 lines of code y: 154 # changes Detections/MultipleDataSources/StarBlizzardDomainsAugust2022.yaml x: 117 lines of code y: 79 # changes Detections/SecurityEvent/RDP_Nesting.yaml x: 159 lines of code y: 199 # changes Detections/SigninLogs/ExplicitMFADeny.yaml x: 5 lines of code y: 177 # changes Detections/ZoomLogs/SupiciousLinkSharing.yaml x: 46 lines of code y: 168 # changes Hunting Queries/Microsoft 365 Defender/Discovery/MDI_Find_deleted_accounts_and_by_whom.yaml x: 27 lines of code y: 12 # changes Hunting Queries/MultipleDataSources/HighRiskSignInAroundAuthMethodOrDeviceRegistration.yaml x: 61 lines of code y: 14 # changes Parsers/ASimAuditEvent/Parsers/ASimAuditEventBarracudaCEF.yaml x: 160 lines of code y: 11 # changes Parsers/ASimAuditEvent/Parsers/ASimAuditEventBarracudaWAF.yaml x: 159 lines of code y: 52 # changes Parsers/ASimAuditEvent/Parsers/ASimAuditEventCiscoMeraki.yaml x: 219 lines of code y: 47 # changes Parsers/ASimAuditEvent/Parsers/ASimAuditEventCiscoMerakiSyslog.yaml x: 225 lines of code y: 10 # changes Parsers/ASimAuditEvent/Parsers/ASimAuditEventMicrosoftEvent.yaml x: 184 lines of code y: 11 # changes Parsers/ASimAuditEvent/Parsers/ASimAuditEventMicrosoftSecurityEvents.yaml x: 201 lines of code y: 11 # changes Parsers/ASimAuditEvent/Parsers/ASimAuditEventMicrosoftWindowsEvents.yaml x: 196 lines of code y: 108 # changes Parsers/ASimAuditEvent/Parsers/vimAuditEventBarracudaCEF.yaml x: 205 lines of code y: 12 # changes Parsers/ASimAuditEvent/Parsers/vimAuditEventBarracudaWAF.yaml x: 205 lines of code y: 53 # changes Parsers/ASimAuditEvent/Parsers/vimAuditEventCiscoMeraki.yaml x: 257 lines of code y: 47 # changes Parsers/ASimAuditEvent/Parsers/vimAuditEventCiscoMerakiSyslog.yaml x: 263 lines of code y: 10 # changes Parsers/ASimAuditEvent/Parsers/vimAuditEventMicrosoftEvent.yaml x: 260 lines of code y: 12 # changes Parsers/ASimAuditEvent/Parsers/vimAuditEventMicrosoftSecurityEvents.yaml x: 288 lines of code y: 11 # changes Parsers/ASimAuditEvent/Parsers/vimAuditEventMicrosoftWindowsEvents.yaml x: 282 lines of code y: 103 # changes Parsers/ASimAuthentication/Parsers/ASimAuthenticationCiscoMeraki.yaml x: 146 lines of code y: 64 # changes Parsers/ASimAuthentication/Parsers/ASimAuthenticationCiscoMerakiSyslog.yaml x: 155 lines of code y: 12 # changes Parsers/ASimAuthentication/Parsers/ASimAuthenticationOktaOSS.yaml x: 113 lines of code y: 160 # changes Parsers/ASimAuthentication/Parsers/ASimAuthenticationOktaV2.yaml x: 165 lines of code y: 13 # changes Parsers/ASimAuthentication/Parsers/vimAuthenticationCiscoMeraki.yaml x: 224 lines of code y: 75 # changes Parsers/ASimAuthentication/Parsers/vimAuthenticationCiscoMerakiSyslog.yaml x: 232 lines of code y: 11 # changes Parsers/ASimAuthentication/Parsers/vimAuthenticationOktaOSS.yaml x: 189 lines of code y: 155 # changes Parsers/ASimAuthentication/Parsers/vimAuthenticationOktaV2.yaml x: 279 lines of code y: 12 # changes Parsers/ASimDns/Parsers/ASimDnsMicrosoftSysmon.yaml x: 118 lines of code y: 94 # changes Parsers/ASimDns/Parsers/ASimDnsMicrosoftSysmonWindowsEvent.yaml x: 109 lines of code y: 12 # changes Parsers/ASimDns/Parsers/vimDnsMicrosoftSysmon.yaml x: 180 lines of code y: 66 # changes Parsers/ASimDns/Parsers/vimDnsMicrosoftSysmonWindowsEvent.yaml x: 165 lines of code y: 12 # changes Parsers/ASimFileEvent/Parsers/ASimFileEvent.yaml x: 64 lines of code y: 92 # changes Parsers/ASimFileEvent/Parsers/ASimFileEventMicrosoftSysmon.yaml x: 104 lines of code y: 39 # changes Parsers/ASimFileEvent/Parsers/ASimFileEventMicrosoftSysmonWindowsEvent.yaml x: 96 lines of code y: 14 # changes Parsers/ASimFileEvent/Parsers/imFileEvent.yaml x: 109 lines of code y: 143 # changes Parsers/ASimFileEvent/Parsers/vimFileEventMicrosoftSecurityEvents.yaml x: 184 lines of code y: 14 # changes Parsers/ASimFileEvent/Parsers/vimFileEventMicrosoftSysmon.yaml x: 178 lines of code y: 68 # changes Parsers/ASimFileEvent/Parsers/vimFileEventMicrosoftSysmonWindowsEvent.yaml x: 169 lines of code y: 13 # changes Parsers/ASimFileEvent/Parsers/vimFileEventMicrosoftWindowsEvents.yaml x: 190 lines of code y: 67 # changes Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionBarracudaCEF.yaml x: 158 lines of code y: 11 # changes Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionBarracudaWAF.yaml x: 132 lines of code y: 55 # changes Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionCiscoMeraki.yaml x: 382 lines of code y: 128 # changes Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionCiscoMerakiSyslog.yaml x: 386 lines of code y: 11 # changes Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionMicrosoftSecurityEventFirewall.yaml x: 173 lines of code y: 12 # changes Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionMicrosoftSysmon.yaml x: 126 lines of code y: 56 # changes Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionMicrosoftSysmonWindowsEvent.yaml x: 121 lines of code y: 11 # changes Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionMicrosoftWindowsEventFirewall.yaml x: 135 lines of code y: 155 # changes Parsers/ASimNetworkSession/Parsers/vimNetworkSessionBarracudaCEF.yaml x: 205 lines of code y: 10 # changes Parsers/ASimNetworkSession/Parsers/vimNetworkSessionBarracudaWAF.yaml x: 204 lines of code y: 55 # changes Parsers/ASimNetworkSession/Parsers/vimNetworkSessionCiscoMeraki.yaml x: 450 lines of code y: 129 # changes Parsers/ASimNetworkSession/Parsers/vimNetworkSessionCiscoMerakiSyslog.yaml x: 454 lines of code y: 11 # changes Parsers/ASimNetworkSession/Parsers/vimNetworkSessionMicrosoftSecurityEventFirewall.yaml x: 295 lines of code y: 18 # changes Parsers/ASimNetworkSession/Parsers/vimNetworkSessionMicrosoftSysmon.yaml x: 204 lines of code y: 13 # changes Parsers/ASimNetworkSession/Parsers/vimNetworkSessionMicrosoftSysmonWindowsEvent.yaml x: 195 lines of code y: 12 # changes Parsers/ASimNetworkSession/Parsers/vimNetworkSessionMicrosoftWindowsEventFirewall.yaml x: 196 lines of code y: 174 # changes Parsers/ASimProcessEvent/Parsers/ASimProcessCreateMicrosoftSysmon.yaml x: 131 lines of code y: 94 # changes Parsers/ASimProcessEvent/Parsers/ASimProcessCreateMicrosoftSysmonWindowsEvent.yaml x: 114 lines of code y: 13 # changes Parsers/ASimProcessEvent/Parsers/ASimProcessEvent.yaml x: 59 lines of code y: 136 # changes Parsers/ASimProcessEvent/Parsers/ASimProcessTerminateMicrosoftSysmon.yaml x: 83 lines of code y: 89 # changes Parsers/ASimProcessEvent/Parsers/imProcessEvent.yaml x: 106 lines of code y: 93 # changes Parsers/ASimProcessEvent/Parsers/vimProcessCreateMicrosoftSysmon.yaml x: 215 lines of code y: 110 # changes Parsers/ASimProcessEvent/Parsers/vimProcessCreateMicrosoftSysmonWidowsEvent.yaml x: 200 lines of code y: 12 # changes Parsers/ASimProcessEvent/Parsers/vimProcessTerminateMicrosoftSysmon.yaml x: 146 lines of code y: 109 # changes Parsers/ASimRegistryEvent/Parsers/ASimRegistryEventMicrosoftSysmon.yaml x: 141 lines of code y: 39 # changes Parsers/ASimRegistryEvent/Parsers/ASimRegistryEventMicrosoftWindowsEvent.yaml x: 40 lines of code y: 40 # changes Parsers/ASimRegistryEvent/Parsers/vimRegistryEventMicrosoftSysmon.yaml x: 173 lines of code y: 74 # changes Parsers/ASimRegistryEvent/Parsers/vimRegistryEventMicrosoftSysmonWindowsEvent.yaml x: 160 lines of code y: 15 # changes Parsers/ASimRegistryEvent/Parsers/vimRegistryEventMicrosoftWindowsEvent.yaml x: 176 lines of code y: 103 # changes Parsers/ASimUserManagement/Parsers/ASimUserManagementMicrosoftSecurityEvent.yaml x: 205 lines of code y: 46 # changes Parsers/ASimUserManagement/Parsers/imUserManagement.yaml x: 81 lines of code y: 80 # changes Parsers/ASimUserManagement/Parsers/vimUserManagementMicrosoftSecurityEvent.yaml x: 257 lines of code y: 64 # changes Parsers/ASimUserManagement/Parsers/vimUserManagementMicrosoftWindowsEvent.yaml x: 243 lines of code y: 12 # changes Parsers/ASimWebSession/Parsers/ASimWebSession.yaml x: 64 lines of code y: 251 # changes Parsers/ASimWebSession/Parsers/ASimWebSessionBarracudaWAF.yaml x: 195 lines of code y: 55 # changes Parsers/ASimWebSession/Parsers/imWebSession.yaml x: 105 lines of code y: 244 # changes Parsers/ASimWebSession/Parsers/vimWebSessionBarracudaCEF.yaml x: 246 lines of code y: 15 # changes Parsers/ASimWebSession/Parsers/vimWebSessionBarracudaWAF.yaml x: 262 lines of code y: 55 # changes Solutions/Armis/Data Connectors/ArmisAlertsActivities/ArmisAlertActivitySentinelConnector/sentinel.py x: 150 lines of code y: 15 # changes Solutions/Armis/Data Connectors/ArmisAlertsActivities/Exceptions/ArmisExceptions.py x: 4 lines of code y: 18 # changes Solutions/Cisco UCS/Parsers/CiscoUCS.yaml x: 55 lines of code y: 44 # changes Solutions/CiscoMeraki/Parsers/CiscoMeraki.yaml x: 246 lines of code y: 60 # changes Solutions/DNS Essentials/Hunting Queries/AnomalousIncreaseInDNSActivityByClients.yaml x: 119 lines of code y: 54 # changes Solutions/DNS Essentials/Hunting Queries/ConnectionToUnpopularWebsiteDetected.yaml x: 118 lines of code y: 53 # changes Solutions/DNS Essentials/Hunting Queries/PossibleDNSTunnelingOrDataExfiltrationActivity.yaml x: 17 lines of code y: 44 # changes Solutions/DNS Essentials/Hunting Queries/Sources(Clients)WithHighNumberOfErrors.yaml x: 27 lines of code y: 53 # changes Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/ClassicReverseIP/__init__.py x: 74 lines of code y: 12 # changes Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/EnrichDomain/__init__.py x: 306 lines of code y: 12 # changes Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/InvestigateDomain/__init__.py x: 458 lines of code y: 12 # changes Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/PivotByMXIP/__init__.py x: 95 lines of code y: 12 # changes Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/ReverseWhois/__init__.py x: 83 lines of code y: 12 # changes Solutions/ESETPROTECT/Analytic Rules/ESETThreatDetected.yaml x: 45 lines of code y: 91 # changes Solutions/Fortinet FortiNDR Cloud/Data Connectors/fortinetFortiNdrCloudDataConn/FetchAndSendDetectionsHistory/__init__.py x: 101 lines of code y: 44 # changes Solutions/Fortinet FortiNDR Cloud/Data Connectors/fortinetFortiNdrCloudDataConn/OrchestratorWatchdog/__init__.py x: 150 lines of code y: 66 # changes Solutions/Fortinet FortiNDR Cloud/Parsers/Fortinet_FortiNDR_Cloud.yaml x: 357 lines of code y: 65 # changes Solutions/Global Secure Access/Hunting Queries/double_file_ext_exes.yaml x: 52 lines of code y: 18 # changes Solutions/Illusive Platform/Analytic Rules/Illusive_Detection_Query.yaml x: 67 lines of code y: 90 # changes Solutions/Infoblox NIOS/Parsers/Infoblox_allotherdhcpdTypes.yaml x: 17 lines of code y: 43 # changes Solutions/Infoblox NIOS/Parsers/Infoblox_dnsclient.yaml x: 67 lines of code y: 43 # changes Solutions/Infoblox/Data Connectors/InfobloxCloudDataConnector/AzureStorageToIndicators/create_indicator.py x: 167 lines of code y: 15 # changes Solutions/Infoblox/Data Connectors/InfobloxCloudDataConnector/InfobloxCurrentToAzureStorage/infoblox_to_azure_storage.py x: 519 lines of code y: 15 # changes Solutions/Infoblox/Data Connectors/InfobloxCloudDataConnector/InfobloxDossierRequiredSource/list_of_sources.py x: 143 lines of code y: 15 # changes Solutions/Infoblox/Data Connectors/InfobloxCloudDataConnector/InfobloxHistoricalToAzureStorage/infoblox_to_azure_storage.py x: 538 lines of code y: 15 # changes Solutions/Infoblox/Data Connectors/InfobloxCloudDataConnector/InfobloxParseRawIndicators/parse_json_files.py x: 372 lines of code y: 15 # changes Solutions/Infoblox/Data Connectors/InfobloxCloudDataConnector/SharedCode/__init__.py x: 1 lines of code y: 15 # changes Solutions/Infoblox/Data Connectors/InfobloxCloudDataConnector/SharedCode/utils.py x: 948 lines of code y: 16 # changes Solutions/Infoblox/Parsers/InfobloxCDC_SOCInsights.yaml x: 43 lines of code y: 16 # changes Solutions/Microsoft 365/Analytic Rules/sharepoint_file_transfer_folders_above_threshold.yaml x: 59 lines of code y: 118 # changes Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Attachment/JNLP attachment.yaml x: 18 lines of code y: 17 # changes Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Attachment/Safe attachment detection.yaml x: 23 lines of code y: 17 # changes Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/General/Audit Email Preview-Download action.yaml x: 29 lines of code y: 18 # changes Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/General/MDO daily detection summary report.yaml x: 65 lines of code y: 18 # changes Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/General/Malicious email senders.yaml x: 22 lines of code y: 18 # changes Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Hunting/Hunt for email conversation take over attempts.yaml x: 40 lines of code y: 17 # changes Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/URL/Phishing Email Url Redirector.yaml x: 6 lines of code y: 17 # changes Solutions/Microsoft Entra ID/Analytic Rules/NRT_PIMElevationRequestRejected.yaml x: 71 lines of code y: 60 # changes Solutions/Microsoft Entra ID/Analytic Rules/SuccessThenFail_DiffIP_SameUserandApp.yaml x: 107 lines of code y: 96 # changes Solutions/MicrosoftDefenderForEndpoint/Analytic Rules/AquaBlizzardAVHits.yaml x: 58 lines of code y: 47 # changes Solutions/Recorded Future/Analytic Rules/RecordedFutureDomainMalwareC2inDNSEvents.yaml x: 59 lines of code y: 100 # changes Solutions/Recorded Future/Analytic Rules/RecordedFutureIPMalwareC2inAzureActivityEvents.yaml x: 24 lines of code y: 69 # changes Solutions/SonraiSecurity/Analytic Rules/SonraiNewTicket.yaml x: 64 lines of code y: 94 # changes Solutions/SonraiSecurity/Analytic Rules/SonraiTicketRiskAccepted.yaml x: 5 lines of code y: 94 # changes Solutions/Sophos XG Firewall/Parsers/SophosXGFirewall.yaml x: 77 lines of code y: 49 # changes Solutions/Symantec Endpoint Protection/Parsers/SymantecEndpointProtection.yaml x: 186 lines of code y: 60 # changes Solutions/Symantec VIP/Parsers/SymantecVIP.yaml x: 37 lines of code y: 43 # changes Solutions/SymantecProxySG/Parsers/SymantecProxySG.yaml x: 22 lines of code y: 64 # changes Solutions/Syslog/Analytic Rules/squid_tor_proxies.yaml x: 62 lines of code y: 79 # changes Solutions/Syslog/Workspace Functions/SyslogConnectorsOverallStatus.yaml x: 61 lines of code y: 29 # changes Solutions/Theom/Analytic Rules/TRIS0007-10_TRIS0014_Critical_data_in_API_headers_or_body.yaml x: 39 lines of code y: 69 # changes Solutions/Theom/Analytic Rules/TheomRisksCritical.yaml x: 58 lines of code y: 69 # changes Solutions/Threat Intelligence/Analytic Rules/URLEntity_AuditLogs.yaml x: 77 lines of code y: 148 # changes Solutions/Threat Intelligence/Analytic Rules/URLEntity_CloudAppEvents.yaml x: 4 lines of code y: 49 # changes Solutions/Threat Intelligence/Analytic Rules/URLEntity_OfficeActivity.yaml x: 53 lines of code y: 150 # changes Solutions/UEBA Essentials/Hunting Queries/Anomalous Sign-in Activity.yaml x: 8 lines of code y: 97 # changes Solutions/VMWareESXi/Parsers/VMwareESXi.yaml x: 23 lines of code y: 60 # changes Solutions/Vectra XDR/Data Connectors/VectraDataConnector/Health/health_collector.py x: 20 lines of code y: 56 # changes Solutions/Vectra XDR/Data Connectors/VectraDataConnector/SharedCode/collector.py x: 1099 lines of code y: 76 # changes Solutions/Vectra XDR/Data Connectors/VectraDataConnector/SharedCode/consts.py x: 65 lines of code y: 74 # changes Solutions/Vectra XDR/Parsers/VectraDetections.yaml x: 71 lines of code y: 50 # changes Solutions/Veritas NetBackup/Analytic Rules/NetBackup_many_Anomalies.yaml x: 38 lines of code y: 42 # changes Solutions/ZeroFox/Data Connectors/CTI/AzureFunctionZeroFoxCTI/advanced_dark_web_connector/__init__.py x: 54 lines of code y: 28 # changes Solutions/ZeroFox/Data Connectors/CTI/AzureFunctionZeroFoxCTI/connections/sentinel.py x: 136 lines of code y: 26 # changes Solutions/ZeroFox/Data Connectors/CTI/AzureFunctionZeroFoxCTI/connections/zerofox.py x: 79 lines of code y: 26 # changes Tools/AzureDataExplorer/CreateTables_ADX_ScriptFile/Create-LA-Tables-ADX-ScriptFile.ps1 x: 392 lines of code y: 11 # changes Tools/Copy-AzOperationalInsightsTable/Copy-AzOperationalInsightsTable.ps1 x: 123 lines of code y: 11 # changes Tools/Create-Azure-Sentinel-Solution/pipeline/createSolutionV4.ps1 x: 305 lines of code y: 143 # changes Tools/Sentinel-All-In-One/v2/Scripts/Create-NewSolutionAndRulesFromList.ps1 x: 187 lines of code y: 87 # changes Parsers/ASimAuthentication/Parsers/ASimAuthenticationBarracudaWAF.yaml x: 215 lines of code y: 46 # changes Parsers/ASimAuthentication/Parsers/vimAuthenticationBarracudaWAF.yaml x: 315 lines of code y: 65 # changes Parsers/ASimWebSession/Parsers/ASimWebSessionCiscoMeraki.yaml x: 186 lines of code y: 38 # changes Parsers/ASimWebSession/Parsers/vimWebSessionCiscoMeraki.yaml x: 248 lines of code y: 38 # changes Parsers/ASimDns/Parsers/ASimDnsNative.yaml x: 58 lines of code y: 108 # changes Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/shared_code/models/workbench.py x: 36 lines of code y: 33 # changes Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/shared_code/services/workbench_service.py x: 219 lines of code y: 110 # changes Solutions/Microsoft 365/Analytic Rules/External User added to Team and immediately uploads file.yaml x: 88 lines of code y: 107 # changes DataConnectors/M365Defender-VulnerabilityManagement/functionPackage/GetMDVMData/run.ps1 x: 243 lines of code y: 94 # changes DataConnectors/M365Defender-VulnerabilityManagement/functionPackage/requirements.psd1 x: 10 lines of code y: 45 # changes DataConnectors/microsoft-sentinel-log-analytics-logstash-output-plugin/lib/logstash/outputs/microsoft-sentinel-log-analytics-logstash-output-plugin.rb x: 56 lines of code y: 83 # changes DataConnectors/microsoft-sentinel-log-analytics-logstash-output-plugin/lib/logstash/sentinel_la/logstashLoganalyticsConfiguration.rb x: 193 lines of code y: 82 # changes Detections/ASimProcess/imProcess_SolarWinds_SUNBURST_Process-IOCs.yaml x: 34 lines of code y: 130 # changes Detections/ASimWebSession/UnusualUACryptoMiners.yaml x: 71 lines of code y: 109 # changes Detections/ASimWebSession/UnusualUAHackTool.yaml x: 82 lines of code y: 132 # changes Detections/ASimWebSession/UnusualUAPowershell.yaml x: 76 lines of code y: 110 # changes Detections/CommonSecurityLog/Wazuh-Large_Number_of_Web_errors_from_an_IP.yaml x: 44 lines of code y: 79 # changes Detections/Heartbeat/OMI_vulnerability_detection.yaml x: 56 lines of code y: 116 # changes Detections/MultipleDataSources/RiskyUserIn3Pnetworkactivity.yaml x: 98 lines of code y: 99 # changes Detections/MultipleDataSources/SecurityServiceRegistryACLModification.yaml x: 142 lines of code y: 144 # changes Detections/SigninLogs/AnomalousSingleFactorSignin.yaml x: 73 lines of code y: 18 # changes Solutions/1Password/Analytics Rules/1Password - Changes to SSO configuration.yaml x: 51 lines of code y: 29 # changes Solutions/1Password/Analytics Rules/1Password - Log Ingestion Failure.yaml x: 39 lines of code y: 25 # changes Solutions/1Password/Analytics Rules/1Password - Secret Extraction Post Vault Access Change By Administrator.yaml x: 78 lines of code y: 27 # changes Solutions/1Password/Analytics Rules/1Password - Vault Export Post Account Creation.yaml x: 63 lines of code y: 27 # changes Solutions/1Password/Analytics Rules/1Password - Vault export prior to account suspension or deletion.yaml x: 71 lines of code y: 27 # changes Solutions/1Password/Data Connectors/Modules/HelperFunctions/HelperFunctions.psm1 x: 351 lines of code y: 23 # changes Solutions/1Password/Data Connectors/function/run.ps1 x: 61 lines of code y: 23 # changes Solutions/42Crunch API Protection/Analytic Rules/APIInvalidHostAccess.yaml x: 42 lines of code y: 38 # changes Solutions/ARGOSCloudSecurity/Analytic Rules/ExploitableSecurityIssues.yaml x: 45 lines of code y: 69 # changes Solutions/Amazon Web Services/Analytic Rules/AWS_FullAdminPolicyAttachedToRolesUsersGroups.yaml x: 87 lines of code y: 102 # changes Solutions/Apache Log4j Vulnerability Detection/Analytic Rules/Log4J_IPIOC_Dec112021.yaml x: 219 lines of code y: 114 # changes Solutions/Authomize/Analytic Rules/Chain_of_3_or_more_roles.yaml x: 58 lines of code y: 64 # changes Solutions/Authomize/Analytic Rules/New_service_account_gained_access_to_IaaS_resource.yaml x: 57 lines of code y: 64 # changes Solutions/Azure Firewall/Analytic Rules/Azure Firewall - Abnormal Deny Rate for Source IP.yaml x: 86 lines of code y: 97 # changes Solutions/Azure Firewall/Analytic Rules/Azure Firewall - Abnormal Port to Protocol.yaml x: 82 lines of code y: 81 # changes Solutions/BitSight/Analytic Rules/BitSightCompromisedSystemsDetected.yaml x: 46 lines of code y: 47 # changes Solutions/CTM360/Analytic Rules/AutoGeneratedPage.yaml x: 40 lines of code y: 60 # changes Solutions/CTM360/Analytic Rules/BrandAbuse.yaml x: 47 lines of code y: 60 # changes Solutions/CTM360/Analytic Rules/CookiesSamesiteFlagNotUsed.yaml x: 49 lines of code y: 61 # changes Solutions/CTM360/Analytic Rules/ExposedEmailAddress.yaml x: 41 lines of code y: 63 # changes Solutions/CTM360/Analytic Rules/LeakedCredential.yaml x: 38 lines of code y: 60 # changes Solutions/CTM360/Analytic Rules/TLSCertificateUsingWeakCipherInformational.yaml x: 53 lines of code y: 61 # changes Solutions/CTM360/Analytic Rules/Tlsv11InUseMedium.yaml x: 60 lines of code y: 61 # changes Solutions/Cisco SD-WAN/Analytic Rules/CiscoSDWANSentinelMalwareEvents.yaml x: 55 lines of code y: 48 # changes Solutions/CiscoUmbrella/Analytic Rules/CiscoUmbrellaConnectionToUnpopularWebsiteDetected.yaml x: 44 lines of code y: 115 # changes Solutions/CiscoUmbrella/Analytic Rules/CiscoUmbrellaEmptyUserAgentDetected.yaml x: 35 lines of code y: 115 # changes Solutions/CiscoUmbrella/Analytic Rules/CiscoUmbrellaHackToolUserAgentDetected.yaml x: 93 lines of code y: 115 # changes Solutions/CiscoUmbrella/Analytic Rules/CiscoUmbrellaRequestBlocklistedFileType.yaml x: 40 lines of code y: 88 # changes Solutions/Cloud Identity Threat Protection Essentials/Hunting Queries/Signins-From-VPS-Providers.yaml x: 8 lines of code y: 148 # changes Solutions/CofenseTriage/Data Connectors/CofenseTriageDataConnector/CofenseBasedIndicatorCreator/cofense_to_sentinel_mapping.py x: 323 lines of code y: 62 # changes Solutions/CofenseTriage/Data Connectors/CofenseTriageDataConnector/CofenseBasedIndicatorCreator/sentinel.py x: 193 lines of code y: 62 # changes Solutions/CofenseTriage/Data Connectors/CofenseTriageDataConnector/RetryFailedIndicators/retry_failed_indicators.py x: 270 lines of code y: 16 # changes Solutions/CofenseTriage/Data Connectors/CofenseTriageDataConnector/RetryFailedIndicators/sentinel.py x: 193 lines of code y: 16 # changes Solutions/CofenseTriage/Data Connectors/CofenseTriageDataConnector/SharedCode/consts.py x: 66 lines of code y: 42 # changes Solutions/Corelight/Analytic Rules/CorelightC2RepetitiveFailures.yaml x: 35 lines of code y: 138 # changes Solutions/Dev 0270 Detection and Hunting/Analytic Rules/Dev-0270PowershellSep2022.yaml x: 45 lines of code y: 94 # changes Solutions/Dev 0270 Detection and Hunting/Analytic Rules/Dev-0270WMICDiscoverySep2022.yaml x: 41 lines of code y: 94 # changes Solutions/Dynatrace/Analytic Rules/DynatraceApplicationSecurity_CodeLevelVulnerabilityDetection.yaml x: 70 lines of code y: 101 # changes Solutions/Dynatrace/Analytic Rules/DynatraceApplicationSecurity_NonCriticalVulnerabilityDetection.yaml x: 65 lines of code y: 99 # changes Solutions/Dynatrace/Analytic Rules/DynatraceApplicationSecurity_ThirdPartyVulnerabilityDetection.yaml x: 71 lines of code y: 100 # changes Solutions/Dynatrace/Analytic Rules/Dynatrace_ProblemDetection.yaml x: 54 lines of code y: 85 # changes Solutions/Endpoint Threat Protection Essentials/Analytic Rules/DumpingLSASSProcessIntoaFile.yaml x: 48 lines of code y: 82 # changes Solutions/Endpoint Threat Protection Essentials/Analytic Rules/WDigestDowngradeAttack.yaml x: 44 lines of code y: 82 # changes Solutions/Endpoint Threat Protection Essentials/Analytic Rules/WindowsBinariesExecutedfromNon-DefaultDirectory.yaml x: 50 lines of code y: 83 # changes Solutions/Endpoint Threat Protection Essentials/Analytic Rules/malware_in_recyclebin.yaml x: 71 lines of code y: 94 # changes Solutions/Endpoint Threat Protection Essentials/Hunting Queries/RemoteScheduledTaskCreationUpdateUsingATSVCNamedPipe.yaml x: 49 lines of code y: 90 # changes Solutions/Endpoint Threat Protection Essentials/Hunting Queries/SignedBinaryProxyExecutionRundll32.yaml x: 52 lines of code y: 68 # changes Solutions/FalconFriday/Analytic Rules/ExcessiveSharePermissions.yaml x: 95 lines of code y: 57 # changes Solutions/GreyNoiseThreatIntelligence/Analytic Rules/GreyNoise_IPEntity_DnsEvents.yaml x: 79 lines of code y: 52 # changes Solutions/GreyNoiseThreatIntelligence/Analytic Rules/GreyNoise_IPEntity_OfficeActivity.yaml x: 80 lines of code y: 38 # changes Solutions/GreyNoiseThreatIntelligence/Analytic Rules/GreyNoise_IPEntity_SigninLogs.yaml x: 65 lines of code y: 39 # changes Solutions/GreyNoiseThreatIntelligence/Analytic Rules/GreyNoise_IPEntity_imNetworkSession.yaml x: 130 lines of code y: 64 # changes Solutions/IPinfo/Data Connectors/Company/AzureFunctionIPinfoCompany/utils.py x: 153 lines of code y: 13 # changes Solutions/IPinfo/Data Connectors/Privacy/AzureFunctionIPinfoPrivacy/constants.py x: 73 lines of code y: 13 # changes Solutions/Legacy IOC based Threat Protection/Deprecated Analytic Rules/Manganese_VPN-IOCs.yaml x: 4 lines of code y: 43 # changes Solutions/Microsoft Defender XDR/Analytic Rules/PossiblePhishingwithCSL&NetworkSession.yaml x: 147 lines of code y: 63 # changes Solutions/Microsoft Entra ID/Analytic Rules/ADFSDomainTrustMods.yaml x: 91 lines of code y: 66 # changes Solutions/Microsoft Entra ID/Analytic Rules/AccountCreatedDeletedByNonApprovedUser.yaml x: 61 lines of code y: 57 # changes Solutions/Microsoft Entra ID/Analytic Rules/CredentialAddedAfterAdminConsent.yaml x: 153 lines of code y: 54 # changes Solutions/ProofPointTap/Analytic Rules/MalwareAttachmentDelivered.yaml x: 52 lines of code y: 130 # changes Solutions/Radiflow/Analytic Rules/RadiflowNetworkScanningDetected.yaml x: 42 lines of code y: 22 # changes Solutions/Radiflow/Analytic Rules/RadiflowNewActivityDetected.yaml x: 37 lines of code y: 20 # changes Solutions/Radiflow/Analytic Rules/RadiflowSuspiciousMaliciousActivityDetected.yaml x: 37 lines of code y: 19 # changes Solutions/Radiflow/Analytic Rules/RadiflowUnauthorizedInternetAccess.yaml x: 23 lines of code y: 19 # changes Solutions/Radiflow/Parsers/RadiflowEvent.yaml x: 78 lines of code y: 18 # changes Solutions/Recorded Future/Analytic Rules/ThreatHunting/RecordedFutureThreatHuntingDomainAllActors.yaml x: 65 lines of code y: 65 # changes Solutions/Red Canary/Analytic Rules/RedCanaryThreatDetection.yaml x: 132 lines of code y: 29 # changes Solutions/RidgeSecurity/Analytic Rules/RidgeSecurity_Risks.yaml x: 42 lines of code y: 43 # changes Solutions/SonicWall Firewall/Analytic Rules/AllowedInboundSSHTelnetRDPConnections.yaml x: 66 lines of code y: 34 # changes Solutions/SpyCloud Enterprise Protection/Analytic Rules/SpyCloudEnterpriseProtectionMalwareRule.yaml x: 68 lines of code y: 44 # changes Solutions/Tenable App/Parsers/TenableVMVulnerabilities.yaml x: 220 lines of code y: 17 # changes Solutions/Tenable App/Parsers/afad_parser.yaml x: 117 lines of code y: 18 # changes Solutions/Threat Intelligence/Analytic Rules/DomainEntity_CommonSecurityLog.yaml x: 40 lines of code y: 124 # changes Solutions/Threat Intelligence/Analytic Rules/DomainEntity_DeviceNetworkEvents.yaml x: 74 lines of code y: 39 # changes Solutions/Threat Intelligence/Analytic Rules/DomainEntity_DnsEvents.yaml x: 89 lines of code y: 146 # changes Solutions/Threat Intelligence/Analytic Rules/DomainEntity_PaloAlto.yaml x: 65 lines of code y: 133 # changes Solutions/Threat Intelligence/Analytic Rules/DomainEntity_SecurityAlert.yaml x: 79 lines of code y: 151 # changes Solutions/Threat Intelligence/Analytic Rules/DomainEntity_Syslog.yaml x: 91 lines of code y: 146 # changes Solutions/Threat Intelligence/Analytic Rules/DomainEntity_imWebSession.yaml x: 50 lines of code y: 140 # changes Solutions/Threat Intelligence/Analytic Rules/EmailEntity_AzureActivity.yaml x: 70 lines of code y: 137 # changes Solutions/Threat Intelligence/Analytic Rules/EmailEntity_EmailEvents.yaml x: 58 lines of code y: 55 # changes Solutions/Threat Intelligence/Analytic Rules/EmailEntity_PaloAlto.yaml x: 67 lines of code y: 121 # changes Solutions/Threat Intelligence/Analytic Rules/EmailEntity_SecurityAlert.yaml x: 75 lines of code y: 137 # changes Solutions/Threat Intelligence/Analytic Rules/EmailEntity_SecurityEvent.yaml x: 91 lines of code y: 122 # changes Solutions/Threat Intelligence/Analytic Rules/EmailEntity_SigninLogs.yaml x: 77 lines of code y: 136 # changes Solutions/Threat Intelligence/Analytic Rules/FileHashEntity_CommonSecurityLog.yaml x: 85 lines of code y: 135 # changes Solutions/Threat Intelligence/Analytic Rules/FileHashEntity_DeviceFileEvents.yaml x: 66 lines of code y: 40 # changes Solutions/Threat Intelligence/Analytic Rules/FileHashEntity_SecurityEvent.yaml x: 91 lines of code y: 135 # changes Solutions/Threat Intelligence/Analytic Rules/IPEntity_AWSCloudTrail.yaml x: 76 lines of code y: 131 # changes Solutions/Threat Intelligence/Analytic Rules/IPEntity_AppServiceHTTPLogs.yaml x: 92 lines of code y: 148 # changes Solutions/Threat Intelligence/Analytic Rules/IPEntity_AzureActivity.yaml x: 86 lines of code y: 164 # changes Solutions/Threat Intelligence/Analytic Rules/IPEntity_AzureFirewall.yaml x: 78 lines of code y: 131 # changes Solutions/Threat Intelligence/Analytic Rules/IPEntity_AzureKeyVault.yaml x: 70 lines of code y: 143 # changes Solutions/Threat Intelligence/Analytic Rules/IPEntity_AzureNetworkAnalytics.yaml x: 79 lines of code y: 146 # changes Solutions/Threat Intelligence/Analytic Rules/IPEntity_AzureSQL.yaml x: 70 lines of code y: 131 # changes Solutions/Threat Intelligence/Analytic Rules/IPEntity_DuoSecurity.yaml x: 54 lines of code y: 127 # changes Solutions/Threat Intelligence/Analytic Rules/IPEntity_OfficeActivity.yaml x: 75 lines of code y: 152 # changes Solutions/Threat Intelligence/Analytic Rules/IPEntity_SigninLogs.yaml x: 75 lines of code y: 81 # changes Solutions/Threat Intelligence/Analytic Rules/IPEntity_VMConnection.yaml x: 73 lines of code y: 130 # changes Solutions/Threat Intelligence/Analytic Rules/IPEntity_W3CIISLog.yaml x: 77 lines of code y: 130 # changes Solutions/Threat Intelligence/Analytic Rules/IPEntity_imNetworkSession.yaml x: 122 lines of code y: 93 # changes Solutions/Threat Intelligence/Analytic Rules/URLEntity_DeviceNetworkEvents.yaml x: 73 lines of code y: 52 # changes Solutions/Threat Intelligence/Analytic Rules/URLEntity_PaloAlto.yaml x: 49 lines of code y: 121 # changes Solutions/Threat Intelligence/Analytic Rules/URLEntity_SecurityAlerts.yaml x: 71 lines of code y: 124 # changes Solutions/Threat Intelligence/Analytic Rules/URLEntity_Syslog.yaml x: 31 lines of code y: 121 # changes Solutions/Threat Intelligence/Analytic Rules/URLEntity_UrlClickEvents.yaml x: 72 lines of code y: 54 # changes Solutions/Threat Intelligence/Analytic Rules/imDns_IPEntity_DnsEvents.yaml x: 103 lines of code y: 114 # changes Solutions/ThreatConnect/Analytic Rules/ThreatConnect_DomainEntity_DnsEvents.yaml x: 92 lines of code y: 45 # changes Solutions/ThreatConnect/Analytic Rules/ThreatConnect_EmailEntity_OfficeActivity.yaml x: 68 lines of code y: 37 # changes Solutions/ThreatConnect/Analytic Rules/ThreatConnect_IPEntity_NetworkSessions.yaml x: 80 lines of code y: 53 # changes Solutions/Trend Micro Vision One/Analytic Rules/Create Incident for XDR Alerts.yaml x: 89 lines of code y: 69 # changes Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/queue_trigger_wb/__init__.py x: 113 lines of code y: 95 # changes Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/shared_code/transform_utils.py x: 293 lines of code y: 81 # changes Solutions/VaronisSaaS/Data Connectors/VaronisSaaSFunction/Varonis.Sentinel.Functions/Constants.cs x: 13 lines of code y: 14 # changes Solutions/VaronisSaaS/Data Connectors/VaronisSaaSFunction/Varonis.Sentinel.Functions/FetchDataFunction.cs x: 72 lines of code y: 43 # changes Solutions/VaronisSaaS/Data Connectors/VaronisSaaSFunction/Varonis.Sentinel.Functions/Helpers/SearchAlertObjectMapper.cs x: 104 lines of code y: 41 # changes Solutions/VaronisSaaS/Data Connectors/VaronisSaaSFunction/Varonis.Sentinel.Functions/Search/AlertSearchQueryBuilder.cs x: 158 lines of code y: 40 # changes Solutions/VaronisSaaS/Data Connectors/VaronisSaaSFunction/Varonis.Sentinel.Functions/Search/Model/AlertAttributes.cs x: 86 lines of code y: 40 # changes Solutions/Web Shells Threat Protection/Analytic Rules/PotentialMercury_Webshell.yaml x: 64 lines of code y: 67 # changes Solutions/Windows Security Events/Analytic Rules/NRT_execute_base64_decodedpayload.yaml x: 52 lines of code y: 59 # changes Solutions/ZeroFox/Data Connectors/CTI/AzureFunctionZeroFoxCTI/connections/exceptions.py x: 12 lines of code y: 17 # changes Detections/ASimAuthentication/imAuthBruteForce.yaml x: 75 lines of code y: 162 # changes Detections/ASimDNS/imDns_HighNXDomainCount_detection.yaml x: 83 lines of code y: 135 # changes Detections/ASimWebSession/ExcessiveNetworkFailuresFromSource.yaml x: 62 lines of code y: 126 # changes Detections/ASimWebSession/PossibleDGAContacts.yaml x: 57 lines of code y: 152 # changes Detections/AzureActivity/RareRunCommandPowerShellScript.yaml x: 80 lines of code y: 192 # changes Detections/CommonSecurityLog/Fortinet-NetworkBeaconPattern.yaml x: 85 lines of code y: 138 # changes Detections/LAQueryLogs/UserSearchingForVIPUserActivity.yaml x: 50 lines of code y: 156 # changes Detections/MultipleDataSources/AAD_PAVPN_Correlation.yaml x: 86 lines of code y: 156 # changes Detections/MultipleDataSources/B64IPInURLFromMDE.yaml x: 72 lines of code y: 72 # changes Detections/MultipleDataSources/ExchangeWorkerProcessMakingRemoteCall.yaml x: 70 lines of code y: 110 # changes Detections/MultipleDataSources/MalformedUserAgents.yaml x: 109 lines of code y: 203 # changes Detections/MultipleDataSources/MultiplePasswordresetsbyUser.yaml x: 136 lines of code y: 223 # changes Detections/MultipleDataSources/PrestigeRansomwareIOCsOct22.yaml x: 124 lines of code y: 103 # changes Detections/MultipleDataSources/RunCommandUEBABreach.yaml x: 79 lines of code y: 187 # changes Detections/MultipleDataSources/SigninFirewallCorrelation.yaml x: 67 lines of code y: 201 # changes Detections/MultipleDataSources/SuspiciousModificationofGlobalAdminProperties.yaml x: 88 lines of code y: 126 # changes Detections/MultipleDataSources/SuspiciousVMInstanceCreationActivity.yaml x: 141 lines of code y: 77 # changes Detections/MultipleDataSources/TimeSeriesAnomaly-MultiVendor_DataExfiltration.yaml x: 123 lines of code y: 188 # changes Detections/SecurityAlert/HiveRansomwareAVHits.yaml x: 59 lines of code y: 116 # changes Detections/SecurityAlert/MDE_hitsforADFandAzureSynapsePipelines.yaml x: 61 lines of code y: 110 # changes Detections/SecurityEvent/AccessibilityFeaturesModification.yaml x: 74 lines of code y: 86 # changes Detections/SecurityEvent/GroupCreatedAddedToPrivlegeGroup_1h.yaml x: 150 lines of code y: 202 # changes Detections/SecurityEvent/PotentialKerberoast.yaml x: 118 lines of code y: 188 # changes Detections/SecurityEvent/UserAccountAddedToPrivlegeGroup_1h.yaml x: 112 lines of code y: 234 # changes Detections/SecurityEvent/UserAccountCreatedDeleted_10m.yaml x: 148 lines of code y: 190 # changes Detections/SecurityEvent/UserAccountEnabledDisabled_10m.yaml x: 149 lines of code y: 198 # changes Detections/W3CIISLog/HighFailedLogonCountByClientIP.yaml x: 92 lines of code y: 156 # changes Detections/W3CIISLog/HighPortCountByClientIP.yaml x: 80 lines of code y: 139 # changes Detections/ZoomLogs/E2EEDisbaled.yaml x: 42 lines of code y: 145 # changes Detections/ZoomLogs/ExternalUserAccess.yaml x: 51 lines of code y: 164 # changes Detections/ZoomLogs/JoiningMeetingFromAnotherTimeZone.yaml x: 58 lines of code y: 175 # changes Detections/http_proxy_oab_CL/ExchagngeSuspiciousFileDownloads.yaml x: 48 lines of code y: 68 # changes Detections/http_proxy_oab_CL/SilkTyphoonSuspiciousFileDownloads.yaml x: 46 lines of code y: 54 # changes Hunting Queries/CloudAppEvents/SetPolicyConfigInCloudAppEvents.yaml x: 35 lines of code y: 25 # changes Hunting Queries/Microsoft 365 Defender/Protection events/ExploitGuardAsrDescriptions.yaml x: 55 lines of code y: 46 # changes Parsers/ASimAuthentication/Parsers/ASimAuthenticationPostgreSQL.yaml x: 187 lines of code y: 92 # changes Parsers/ASimAuthentication/Parsers/ASimAuthenticationSentinelOne.yaml x: 227 lines of code y: 50 # changes Parsers/ASimAuthentication/Parsers/vimAuthenticationAWSCloudTrail.yaml x: 223 lines of code y: 119 # changes Parsers/ASimAuthentication/Parsers/vimAuthenticationCiscoASA.yaml x: 351 lines of code y: 67 # changes Parsers/ASimAuthentication/Parsers/vimAuthenticationCiscoISE.yaml x: 352 lines of code y: 68 # changes Parsers/ASimAuthentication/Parsers/vimAuthenticationCrowdStrikeFalconHost.yaml x: 182 lines of code y: 40 # changes Parsers/ASimAuthentication/Parsers/vimAuthenticationPaloAltoCortexDataLake.yaml x: 253 lines of code y: 42 # changes Parsers/ASimAuthentication/Parsers/vimAuthenticationPostgreSQL.yaml x: 494 lines of code y: 127 # changes Parsers/ASimAuthentication/Parsers/vimAuthenticationSentinelOne.yaml x: 323 lines of code y: 53 # changes Parsers/ASimAuthentication/Parsers/vimAuthenticationSshd.yaml x: 337 lines of code y: 94 # changes Parsers/ASimAuthentication/Parsers/vimAuthenticationSudo.yaml x: 258 lines of code y: 20 # changes Parsers/ASimAuthentication/Parsers/vimAuthenticationVMwareCarbonBlackCloud.yaml x: 155 lines of code y: 47 # changes Parsers/ASimAuthentication/Parsers/vimAuthenticationVectraXDRAudit.yaml x: 136 lines of code y: 59 # changes Parsers/ASimWebSession/Parsers/ASimWebSessionSonicWallFirewall.yaml x: 407 lines of code y: 23 # changes Parsers/ASimWebSession/Parsers/vimWebSessionSonicWallFirewall.yaml x: 457 lines of code y: 24 # changes Solutions/Amazon Web Services/Analytic Rules/AWS_ConsoleLogonWithoutMFA.yaml x: 55 lines of code y: 105 # changes Solutions/AtlassianJiraAudit/Data Connectors/JiraAuditAPISentinelConnector/__init__.py x: 118 lines of code y: 76 # changes Solutions/AtlassianJiraAudit/Parsers/JiraAudit.yaml x: 55 lines of code y: 21 # changes Solutions/AtlassianJiraAudit/Playbooks/Sync-CommentsFunctionApp/Sync-Comment.ps1 x: 87 lines of code y: 46 # changes Solutions/Auth0/Data Connectors/Auth0Connector/main.py x: 321 lines of code y: 131 # changes Solutions/Azure Activity/Hunting Queries/AnalyticsRulesAdministrativeOperations.yaml x: 37 lines of code y: 66 # changes Solutions/Azure Key Vault/Analytic Rules/KeyvaultMassSecretRetrieval.yaml x: 80 lines of code y: 111 # changes Solutions/Azure SQL Database solution for sentinel/Analytic Rules/Detection-VolumeAffectedRowsStatefulAnomalyOnDatabase.yaml x: 84 lines of code y: 71 # changes Solutions/Azure Web Application Firewall (WAF)/Analytic Rules/MaliciousWAFSessions.yaml x: 63 lines of code y: 88 # changes Solutions/BitSight/Parsers/BitSightCompanyDetails.yaml x: 115 lines of code y: 51 # changes Solutions/Bitwarden/Parsers/BitwardenEventLogs.yaml x: 129 lines of code y: 22 # changes Solutions/Business Email Compromise - Financial Fraud/Analytic Rules/SuspiciousAccessOfBECRelatedDocuments.yaml x: 88 lines of code y: 98 # changes Solutions/Business Email Compromise - Financial Fraud/Analytic Rules/SuspiciousAccessOfBECRelatedDocumentsInAWSS3Buckets.yaml x: 72 lines of code y: 76 # changes Solutions/CiscoWSA/Parsers/CiscoWSAEvent.yaml x: 141 lines of code y: 53 # changes Solutions/Cloud Identity Threat Protection Essentials/Analytic Rules/NewExtUserGrantedAdmin.yaml x: 87 lines of code y: 87 # changes Solutions/CrowdStrike Falcon Endpoint Protection/Data Connectors/CrowdStrikeFalconAdversaryIntelligence/CrowdStrikeFalconThreatIntelConnector/__init__.py x: 187 lines of code y: 23 # changes Solutions/CrowdStrike Falcon Endpoint Protection/Data Connectors/CrowdStrikeFalconAdversaryIntelligence/CrowdStrikeFalconThreatIntelConnector/utils.py x: 107 lines of code y: 23 # changes Solutions/CyberArkAudit/Data Connectors/CyberArkAuditConnector/main.py x: 15 lines of code y: 19 # changes Solutions/Cybersixgill-Actionable-Alerts/Data Connectors/CybersixgillAlerts/__init__.py x: 192 lines of code y: 69 # changes Solutions/FalconFriday/Analytic Rules/DisableOrModifyWindowsDefender.yaml x: 5 lines of code y: 73 # changes Solutions/FalconFriday/Analytic Rules/RecognizingBeaconingTraffic.yaml x: 79 lines of code y: 73 # changes Solutions/FalconFriday/Analytic Rules/SuspiciousParentProcessRelationship.yaml x: 23 lines of code y: 73 # changes Solutions/Fortinet FortiNDR Cloud/Data Connectors/fortinetFortiNdrCloudDataConn/FetchAndSendEvents/__init__.py x: 86 lines of code y: 33 # changes Solutions/Fortinet FortiNDR Cloud/Data Connectors/fortinetFortiNdrCloudDataConn/FetchAndSendEventsHistory/__init__.py x: 76 lines of code y: 33 # changes Solutions/Fortinet FortiNDR Cloud/Data Connectors/fortinetFortiNdrCloudDataConn/SingletonEternalOrchestrator/__init__.py x: 145 lines of code y: 48 # changes Solutions/Fortinet FortiNDR Cloud/Data Connectors/fortinetFortiNdrCloudDataConn/errors.py x: 10 lines of code y: 21 # changes Solutions/Fortinet FortiNDR Cloud/Data Connectors/fortinetFortiNdrCloudDataConn/globalVariables.py x: 4 lines of code y: 44 # changes Solutions/HYAS Protect/Data Connectors/HyasProtect/__init__.py x: 184 lines of code y: 44 # changes Solutions/HolmSecurity/Data Connectors/AzureFunctionHolmSecurityAssetsConn/__init__.py x: 103 lines of code y: 42 # changes Solutions/Infoblox SOC Insights/Parsers/InfobloxInsightIndicators.yaml x: 39 lines of code y: 19 # changes Solutions/Legacy IOC based Threat Protection/Hunting Queries/ForestBlizzard_IOC_RetroHunt.yaml x: 45 lines of code y: 80 # changes Solutions/Microsoft 365/Analytic Rules/ExternalUserAddedRemovedInTeams.yaml x: 71 lines of code y: 104 # changes Solutions/Microsoft 365/Analytic Rules/Mail_redirect_via_ExO_transport_rule.yaml x: 52 lines of code y: 104 # changes Solutions/Microsoft 365/Analytic Rules/exchange_auditlogdisabled.yaml x: 50 lines of code y: 114 # changes Solutions/Microsoft Defender XDR/Analytic Rules/AVSpringShell.yaml x: 53 lines of code y: 40 # changes Solutions/Microsoft Defender XDR/Analytic Rules/Impact/AnomalousVoulmeOfFileDeletion.yaml x: 79 lines of code y: 35 # changes Solutions/Microsoft Defender XDR/Analytic Rules/SolarWinds_SUNBURST_&_SUPERNOVA_File-IOCs.yaml x: 58 lines of code y: 40 # changes Solutions/Microsoft Entra ID Protection/Analytic Rules/CorrelateIPC_Unfamiliar-Atypical.yaml x: 122 lines of code y: 47 # changes Solutions/Microsoft Entra ID/Analytic Rules/AdminPromoAfterRoleMgmtAppPermissionGrant.yaml x: 133 lines of code y: 41 # changes Solutions/Microsoft Entra ID/Analytic Rules/Brute Force Attack against GitHub Account.yaml x: 48 lines of code y: 41 # changes Solutions/Microsoft Entra ID/Analytic Rules/BulkChangestoPrivilegedAccountPermissions.yaml x: 88 lines of code y: 57 # changes Solutions/Microsoft Entra ID/Analytic Rules/Cross-tenantAccessSettingsOrganizationAdded.yaml x: 69 lines of code y: 57 # changes Solutions/Microsoft Entra ID/Analytic Rules/Cross-tenantAccessSettingsOrganizationInboundCollaborationSettingsChanged.yaml x: 71 lines of code y: 56 # changes Solutions/Microsoft Entra ID/Analytic Rules/ExchangeFullAccessGrantedToApp.yaml x: 96 lines of code y: 64 # changes Solutions/Microsoft Entra ID/Analytic Rules/FailedLogonToAzurePortal.yaml x: 106 lines of code y: 64 # changes Solutions/Microsoft Entra ID/Analytic Rules/SigninPasswordSpray.yaml x: 86 lines of code y: 55 # changes Solutions/Microsoft Exchange Security - Exchange Online/Parsers/ExchangeConfiguration.yaml x: 330 lines of code y: 93 # changes Solutions/MicrosoftPurviewInsiderRiskManagement/Analytic Rules/InsiderRiskyAccessByApplication.yaml x: 51 lines of code y: 100 # changes Solutions/Multi Cloud Attack Coverage Essentials - Resource Abuse/Analytic Rules/BrutforceAttemptOnAzurePortalAndAWSConsolAtSameTime.yaml x: 104 lines of code y: 46 # changes Solutions/Multi Cloud Attack Coverage Essentials - Resource Abuse/Analytic Rules/Cross-CloudSuspiciousComputeResourcecreationinGCP.yaml x: 179 lines of code y: 56 # changes Solutions/Multi Cloud Attack Coverage Essentials - Resource Abuse/Analytic Rules/CrossCloudUnauthorizedCredentialsAccessDetection.yaml x: 147 lines of code y: 56 # changes Solutions/Multi Cloud Attack Coverage Essentials - Resource Abuse/Analytic Rules/SuccessfulAWSConsoleLoginfromIPAddressObservedConductingPasswordSpray.yaml x: 125 lines of code y: 45 # changes Solutions/Multi Cloud Attack Coverage Essentials - Resource Abuse/Analytic Rules/SuspiciousAWSConsolLoginByCredentialAceessAlerts.yaml x: 130 lines of code y: 45 # changes Solutions/Netskopev2/Data Connectors/NetskopeDataConnector/NetskopeToAzureStorage/netskope_api_async.py x: 164 lines of code y: 24 # changes Solutions/Netskopev2/Data Connectors/NetskopeDataConnector/NetskopeToAzureStorage/netskope_to_azure_storage.py x: 699 lines of code y: 24 # changes Solutions/Netskopev2/Data Connectors/NetskopeDataConnector/StorageToSentinel/netskope_azure_storage_to_sentinel.py x: 320 lines of code y: 24 # changes Solutions/Netskopev2/Data Connectors/NetskopeDataConnector/StorageToSentinel/remove_duplicates_in_azure_storage.py x: 411 lines of code y: 24 # changes Solutions/Netskopev2/Data Connectors/NetskopeDataConnector/StorageToSentinel/sentinel.py x: 93 lines of code y: 24 # changes Solutions/Netskopev2/Data Connectors/NetskopeDataConnector/WebTxMetrics/__init__.py x: 10 lines of code y: 24 # changes Solutions/Netskopev2/Data Connectors/NetskopeDataConnector/WebTxMetrics/ingest_message.py x: 125 lines of code y: 25 # changes Solutions/Netskopev2/Parsers/AlertsCtep.yaml x: 153 lines of code y: 24 # changes Solutions/Netskopev2/Parsers/AlertsDLP.yaml x: 319 lines of code y: 24 # changes Solutions/Netskopev2/Parsers/AlertsMalsite.yaml x: 261 lines of code y: 24 # changes Solutions/Netskopev2/Parsers/AlertsMalware.yaml x: 289 lines of code y: 24 # changes Solutions/Netskopev2/Parsers/AlertsPolicy.yaml x: 447 lines of code y: 24 # changes Solutions/Netskopev2/Parsers/AlertsQuarantine.yaml x: 157 lines of code y: 24 # changes Solutions/Netskopev2/Parsers/AlertsRemediation.yaml x: 205 lines of code y: 24 # changes Solutions/Netskopev2/Parsers/AlertsSecurityAssessment.yaml x: 129 lines of code y: 24 # changes Solutions/Netskopev2/Parsers/EventsPage.yaml x: 203 lines of code y: 24 # changes Solutions/Netskopev2/Parsers/NetskopeWebTransactions.yaml x: 333 lines of code y: 24 # changes Solutions/Network Session Essentials/Analytic Rules/AnomalyFoundInNetworkSessionTraffic.yaml x: 192 lines of code y: 51 # changes Solutions/Network Session Essentials/Analytic Rules/DetectPortMisuseByAnomalyBasedDetection.yaml x: 192 lines of code y: 75 # changes Solutions/Network Session Essentials/Analytic Rules/DetectPortMisuseByStaticThreshold.yaml x: 151 lines of code y: 51 # changes Solutions/Network Session Essentials/Analytic Rules/ExcessiveHTTPFailuresFromSource.yaml x: 94 lines of code y: 79 # changes Solutions/Network Session Essentials/Analytic Rules/PortScan.yaml x: 95 lines of code y: 58 # changes Solutions/Network Session Essentials/Analytic Rules/PossibleBeaconingActivity.yaml x: 107 lines of code y: 100 # changes Solutions/Network Session Essentials/Hunting Queries/MismatchBetweenDestinationAppNameAndDestinationPort.yaml x: 86 lines of code y: 51 # changes Solutions/Network Threat Protection Essentials/Analytic Rules/NetworkEndpointCorrelation.yaml x: 49 lines of code y: 73 # changes Solutions/Proofpoint On demand(POD) Email Security/Parsers/ProofpointPOD.yaml x: 317 lines of code y: 55 # changes Solutions/SecurityThreatEssentialSolution/Analytic Rules/Threat_Essentials_TimeSeriesAnomaly-MultiVendor_DataExfiltration.yaml x: 121 lines of code y: 98 # changes Solutions/SecurityThreatEssentialSolution/Analytic Rules/Threat_Essentials_TimeSeriesAnomaly_Mass_Cloud_Resource_Deletions.yaml x: 59 lines of code y: 84 # changes Solutions/SenservaPro/Analytic Rules/PasswordAgePolicyNew.yaml x: 24 lines of code y: 104 # changes Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/shared_code/models/oat.py x: 411 lines of code y: 67 # changes Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/shared_code/services/oat_service.py x: 284 lines of code y: 89 # changes Solutions/Web Session Essentials/Analytic Rules/CommandInURL.yaml x: 81 lines of code y: 55 # changes Solutions/Web Session Essentials/Analytic Rules/DataExfiltrationTimeSeriesAnomaly.yaml x: 245 lines of code y: 55 # changes Solutions/Web Session Essentials/Analytic Rules/PossibleMaliciousDoubleExtension.yaml x: 88 lines of code y: 54 # changes Solutions/Web Session Essentials/Analytic Rules/RarelyRequestedResources.yaml x: 101 lines of code y: 78 # changes Solutions/Web Shells Threat Protection/Analytic Rules/MaliciousAlertLinkedWebRequests.yaml x: 85 lines of code y: 63 # changes Solutions/Windows Forwarded Events/Analytic Rules/ChiaCryptoMining_WindowsEvent.yaml x: 38 lines of code y: 63 # changes Solutions/Windows Forwarded Events/Analytic Rules/moveit_file_transfer_above_threshold.yaml x: 62 lines of code y: 44 # changes Solutions/Windows Security Events/Analytic Rules/ADFSDBNamedPipeConnection.yaml x: 77 lines of code y: 43 # changes Solutions/Windows Security Events/Analytic Rules/ADFSRemoteAuthSyncConnection.yaml x: 89 lines of code y: 65 # changes Solutions/Windows Security Events/Analytic Rules/ExcessiveLogonFailures.yaml x: 91 lines of code y: 75 # changes Solutions/Windows Security Events/Analytic Rules/LocalDeviceJoinInfoAndTransportKeyRegKeysAccess.yaml x: 106 lines of code y: 101 # changes Solutions/Windows Security Events/Analytic Rules/NRT_base64_encoded_pefile.yaml x: 45 lines of code y: 64 # changes Solutions/Windows Security Events/Analytic Rules/SdeletedeployedviaGPOandrunrecursively.yaml x: 41 lines of code y: 44 # changes Solutions/Windows Security Events/Analytic Rules/StartStopHealthService.yaml x: 45 lines of code y: 43 # changes Solutions/Windows Security Events/Analytic Rules/password_not_set.yaml x: 74 lines of code y: 93 # changes Solutions/Windows Server DNS/Analytic Rules/DNS_HighNXDomainCount_detection.yaml x: 39 lines of code y: 84 # changes Solutions/Zinc Open Source/Analytic Rules/ZincOctober2022_IP_Domain_Hash_IOC.yaml x: 195 lines of code y: 116 # changes Tools/ConvertYamlToJson/ConvertSentinelRuleFrom-Yaml.ps1 x: 177 lines of code y: 84 # changes ASIM/schemas/entities/ASimApp.yaml x: 31 lines of code y: 111 # changes DataConnectors/AWS-S3/ConfigVpcFlowLogs.ps1 x: 27 lines of code y: 54 # changes DataConnectors/GCP/Terraform/sentinel_resources_creation/GCPInitialAuthenticationSetup/GCPInitialAuthenticationSetup.tf x: 114 lines of code y: 112 # changes DataConnectors/GCP/Terraform/sentinel_resources_creation_gov/GCPAuditLogsSetup/GCPAuditLogsSetup.tf x: 74 lines of code y: 25 # changes DataConnectors/GCP/Terraform/sentinel_resources_creation_gov/GCPInitialAuthenticationSetupGov/GCPInitialAuthenticationSetupGov.tf x: 96 lines of code y: 25 # changes DataConnectors/Syslog/Sentinel_AMA_troubleshoot.py x: 673 lines of code y: 123 # changes Detections/ASimProcess/imProcess_AdFind_Usage.yaml x: 35 lines of code y: 142 # changes Detections/AuditLogs/ServicePrincipalAssignedPrivilegedRole.yaml x: 84 lines of code y: 100 # changes Detections/MultipleDataSources/Accountcreatedfromnon-approvedsources.yaml x: 103 lines of code y: 120 # changes Detections/SecurityEvent/MidnightBlizzard_SuspiciousRundll32Exec.yaml x: 84 lines of code y: 77 # changes Detections/SecurityEvent/password_never_expires.yaml x: 107 lines of code y: 193 # changes Hunting Queries/Microsoft 365 Defender/Defense evasion/regsvr32-rundll32-image-loads-abnormal-extension.yaml x: 29 lines of code y: 25 # changes Hunting Queries/Microsoft 365 Defender/Discovery/ConnectedNetworkDeviceDiscovery.yaml x: 17 lines of code y: 28 # changes Hunting Queries/SigninLogs/MFAUserBlocked.yaml x: 101 lines of code y: 133 # changes Parsers/ASimAuditEvent/Parsers/ASimAuditEventVMwareCarbonBlackCloud.yaml x: 316 lines of code y: 46 # changes Parsers/ASimAuditEvent/Parsers/vimAuditEventEmpty.yaml x: 146 lines of code y: 78 # changes Parsers/ASimAuditEvent/Parsers/vimAuditEventVMwareCarbonBlackCloud.yaml x: 375 lines of code y: 47 # changes Parsers/ASimAuthentication/Parsers/ASimAuthenticationAADManagedIdentity.yaml x: 98 lines of code y: 129 # changes Parsers/ASimAuthentication/Parsers/ASimAuthenticationAADNonInteractive.yaml x: 103 lines of code y: 134 # changes Parsers/ASimAuthentication/Parsers/ASimAuthenticationAADServicePrincipalSignInLogs.yaml x: 133 lines of code y: 127 # changes Parsers/ASimAuthentication/Parsers/ASimAuthenticationAADSigninLogs.yaml x: 111 lines of code y: 134 # changes Parsers/ASimAuthentication/Parsers/ASimAuthenticationGoogleWorkspace.yaml x: 153 lines of code y: 27 # changes Parsers/ASimAuthentication/Parsers/ASimAuthenticationPaloAltoCortexDataLake.yaml x: 172 lines of code y: 29 # changes Parsers/ASimAuthentication/Parsers/ASimAuthenticationSalesforceSC.yaml x: 347 lines of code y: 38 # changes Parsers/ASimAuthentication/Parsers/ASimAuthenticationSu.yaml x: 110 lines of code y: 90 # changes Parsers/ASimAuthentication/Parsers/vimAuthenticationAADManagedIdentity.yaml x: 188 lines of code y: 122 # changes Parsers/ASimAuthentication/Parsers/vimAuthenticationAADNonInteractive.yaml x: 194 lines of code y: 117 # changes Parsers/ASimAuthentication/Parsers/vimAuthenticationAADServicePrincipalSignInLogs.yaml x: 260 lines of code y: 121 # changes Parsers/ASimAuthentication/Parsers/vimAuthenticationAADSigninLogs.yaml x: 203 lines of code y: 117 # changes Parsers/ASimAuthentication/Parsers/vimAuthenticationEmpty.yaml x: 153 lines of code y: 116 # changes Parsers/ASimAuthentication/Parsers/vimAuthenticationGoogleWorkspace.yaml x: 235 lines of code y: 37 # changes Parsers/ASimAuthentication/Parsers/vimAuthenticationM365Defender.yaml x: 386 lines of code y: 132 # changes Parsers/ASimAuthentication/Parsers/vimAuthenticationSalesforceSC.yaml x: 446 lines of code y: 43 # changes Parsers/ASimAuthentication/Parsers/vimAuthenticationSu.yaml x: 222 lines of code y: 68 # changes Parsers/ASimDhcpEvent/Parsers/vimDhcpEventEmpty.yaml x: 132 lines of code y: 20 # changes Parsers/ASimDns/Parsers/vimDnsFortinetFortigate.yaml x: 273 lines of code y: 42 # changes Parsers/ASimFileEvent/Parsers/ASimFileEventGoogleWorkspace.yaml x: 285 lines of code y: 26 # changes Parsers/ASimFileEvent/Parsers/vimFileEventEmpty.yaml x: 161 lines of code y: 99 # changes Parsers/ASimFileEvent/Parsers/vimFileEventGoogleWorkspace.yaml x: 343 lines of code y: 26 # changes Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionPaloAltoCEF.yaml x: 131 lines of code y: 124 # changes Parsers/ASimNetworkSession/Parsers/vimNetworkSessionAWSVPC.yaml x: 292 lines of code y: 100 # changes Parsers/ASimNetworkSession/Parsers/vimNetworkSessionPaloAltoCEF.yaml x: 180 lines of code y: 132 # changes Parsers/ASimNetworkSession/Parsers/vimNetworkSessionSonicWallFirewall.yaml x: 435 lines of code y: 26 # changes Parsers/ASimNetworkSession/Parsers/vimNetworkSessionVMConnection.yaml x: 260 lines of code y: 114 # changes Parsers/ASimNetworkSession/Parsers/vimNetworkSessionWatchGuardFirewareOS.yaml x: 207 lines of code y: 52 # changes Parsers/ASimProcessEvent/Parsers/ASimProcessEventCreate.yaml x: 45 lines of code y: 103 # changes Parsers/ASimProcessEvent/Parsers/ASimProcessEventTerminate.yaml x: 41 lines of code y: 91 # changes Parsers/ASimProcessEvent/Parsers/imProcessCreate.yaml x: 88 lines of code y: 154 # changes Parsers/ASimProcessEvent/Parsers/imProcessTerminate.yaml x: 79 lines of code y: 116 # changes Parsers/ASimRegistryEvent/Parsers/vimRegistryEventEmpty.yaml x: 117 lines of code y: 60 # changes Parsers/ASimUserManagement/Parsers/ASimUserManagementCiscoISE.yaml x: 130 lines of code y: 52 # changes Parsers/ASimUserManagement/Parsers/ASimUserManagementLinuxAuthpriv.yaml x: 318 lines of code y: 48 # changes Parsers/ASimUserManagement/Parsers/ASimUserManagementSentinelOne.yaml x: 178 lines of code y: 52 # changes Parsers/ASimUserManagement/Parsers/vimUserManagementEmpty.yaml x: 146 lines of code y: 71 # changes Parsers/ASimUserManagement/Parsers/vimUserManagementLinuxAuthpriv.yaml x: 411 lines of code y: 48 # changes Parsers/ASimUserManagement/Parsers/vimUserManagementSentinelOne.yaml x: 221 lines of code y: 51 # changes Solutions/Amazon Web Services/Analytic Rules/AWS_CredentialHijack.yaml x: 52 lines of code y: 82 # changes Solutions/Amazon Web Services/Analytic Rules/AWS_GuardDuty_template.yaml x: 151 lines of code y: 107 # changes Solutions/Armis/Data Connectors/ArmisActivities/ArmisActivitySentinelConnector/__init__.py x: 367 lines of code y: 74 # changes Solutions/Azure Activity/Analytic Rules/AADHybridHealthADFSSuspApp.yaml x: 52 lines of code y: 98 # changes Solutions/Azure Activity/Analytic Rules/Creating_Anomalous_Number_Of_Resources_detection.yaml x: 64 lines of code y: 85 # changes Solutions/Azure Activity/Analytic Rules/NRT-AADHybridHealthADFSNewServer.yaml x: 42 lines of code y: 93 # changes Solutions/Azure Activity/Analytic Rules/New-CloudShell-User.yaml x: 49 lines of code y: 74 # changes Solutions/Azure Activity/Analytic Rules/SubscriptionMigration.yaml x: 63 lines of code y: 65 # changes Solutions/Azure Activity/Analytic Rules/TimeSeriesAnomaly_Mass_Cloud_Resource_Deletions.yaml x: 59 lines of code y: 91 # changes Solutions/Azure Firewall/Analytic Rules/SeveralDenyActionsRegistered.yaml x: 70 lines of code y: 95 # changes Solutions/BitSight/Data Connectors/BitSightDataConnector/FindingsDetails/__init__.py x: 14 lines of code y: 53 # changes Solutions/BitSight/Data Connectors/BitSightDataConnector/PortFolioCompanies/__init__.py x: 19 lines of code y: 27 # changes Solutions/BitSight/Data Connectors/BitSightDataConnector/SharedCode/azure_sentinel.py x: 85 lines of code y: 53 # changes Solutions/Business Email Compromise - Financial Fraud/Analytic Rules/AccountElevatedtoNewRole.yaml x: 87 lines of code y: 91 # changes Solutions/Business Email Compromise - Financial Fraud/Analytic Rules/AuthenticationMethodChangedforPrivilegedAccount.yaml x: 71 lines of code y: 102 # changes Solutions/Business Email Compromise - Financial Fraud/Hunting Queries/UserAccounts-UnusualLogonTimes.yaml x: 76 lines of code y: 89 # changes Solutions/Business Email Compromise - Financial Fraud/Hunting Queries/UserLoginIPAddressTeleportation.yaml x: 112 lines of code y: 89 # changes Solutions/Business Email Compromise - Financial Fraud/Hunting Queries/riskSignInWithNewMFAMethod.yaml x: 94 lines of code y: 89 # changes Solutions/Cisco ETD/Data Connectors/CiscoETDAzureSentinelConnector/__init__.py x: 199 lines of code y: 21 # changes Solutions/CiscoDuoSecurity/Parsers/CiscoDuo.yaml x: 97 lines of code y: 58 # changes Solutions/CiscoUmbrella/Data Connectors/ciscoUmbrellaDataConn/__init__.py x: 543 lines of code y: 98 # changes Solutions/Cloud Identity Threat Protection Essentials/Hunting Queries/DisabledAccountSigninAttempts.yaml x: 43 lines of code y: 119 # changes Solutions/Cloud Identity Threat Protection Essentials/Hunting Queries/Signins-from-NordVPN-Providers.yaml x: 72 lines of code y: 134 # changes Solutions/Cloud Identity Threat Protection Essentials/Hunting Queries/SuspiciousSignintoPrivilegedAccount.yaml x: 92 lines of code y: 129 # changes Solutions/Cloud Service Threat Protection Essentials/Hunting Queries/AzureResourceAssignedPublicIP.yaml x: 77 lines of code y: 79 # changes Solutions/Endpoint Threat Protection Essentials/Analytic Rules/SecurityEventLogCleared.yaml x: 59 lines of code y: 71 # changes Solutions/Endpoint Threat Protection Essentials/Analytic Rules/execute_base64_decodedpayload.yaml x: 73 lines of code y: 68 # changes Solutions/Endpoint Threat Protection Essentials/Hunting Queries/DownloadOfNewFileUsingCurl.yaml x: 60 lines of code y: 21 # changes Solutions/Endpoint Threat Protection Essentials/Hunting Queries/WindowsFirewallUpdateUsingNetsh.yaml x: 147 lines of code y: 21 # changes Solutions/Fortinet FortiNDR Cloud/Data Connectors/fortinetFortiNdrCloudDataConn/sentinel/__init__.py x: 1 lines of code y: 27 # changes Solutions/GoogleWorkspaceReports/Data Connectors/GWorkspaceReportsAPISentinelConn/GWorkspaceReports-QueueTrigger/__init__.py x: 273 lines of code y: 36 # changes Solutions/GoogleWorkspaceReports/Data Connectors/GWorkspaceReportsAPISentinelConn/GWorkspaceReports-TimeTrigger/__init__.py x: 207 lines of code y: 25 # changes Solutions/GoogleWorkspaceReports/Data Connectors/get_google_pickle_string.py x: 12 lines of code y: 53 # changes Solutions/Microsoft Defender XDR/Analytic Rules/Campaign/Jupyter-Solarmaker/DeimosComponentExecution.yaml x: 45 lines of code y: 19 # changes Solutions/Microsoft Defender XDR/Analytic Rules/Campaign/Macaw Ransomware/ImminentRansomware.yaml x: 63 lines of code y: 19 # changes Solutions/Microsoft Defender XDR/Analytic Rules/Command and Control/C2-NamedPipe.yaml x: 82 lines of code y: 19 # changes Solutions/Microsoft Defender XDR/Analytic Rules/Execution/BITSAdminActivity.yaml x: 69 lines of code y: 19 # changes Solutions/Microsoft Defender XDR/Analytic Rules/Lateral Movement/ServiceAccountsPerformingRemotePS.yaml x: 72 lines of code y: 19 # changes Solutions/Microsoft Defender XDR/Analytic Rules/Persistence/RareProcessAsService.yaml x: 85 lines of code y: 19 # changes Solutions/Microsoft Defender XDR/Hunting Queries/Campaigns/Jupyter-Solarmaker/DeimosComponentExecution.yaml x: 22 lines of code y: 27 # changes Solutions/Microsoft Defender XDR/Hunting Queries/Campaigns/Log4j/DeviceWithLog4jAlerts.yaml x: 42 lines of code y: 27 # changes Solutions/Microsoft Defender XDR/Hunting Queries/Campaigns/Sysrv-botnet/MaliciousCMDExecutionByJava.yaml x: 19 lines of code y: 21 # changes Solutions/Microsoft Defender XDR/Hunting Queries/Execution/PowerShellDownloads.yaml x: 27 lines of code y: 28 # changes Solutions/Microsoft Defender XDR/Hunting Queries/Exploits/PrintNightmareUsageDetection-CVE-2021-1675.yaml x: 8 lines of code y: 27 # changes Solutions/Microsoft Defender XDR/Hunting Queries/General Queries/MITRESuspiciousEvents.yaml x: 72 lines of code y: 21 # changes Solutions/Microsoft Defender XDR/Hunting Queries/Ransomware/DetectMultipleSignsOfRamsomwareActivity.yaml x: 90 lines of code y: 27 # changes Solutions/Microsoft Defender XDR/Hunting Queries/Ransomware/MultiProcessKillWithTaskKill.yaml x: 20 lines of code y: 37 # changes Solutions/Microsoft Entra ID/Analytic Rules/NRT_NewAppOrServicePrincipalCredential.yaml x: 84 lines of code y: 70 # changes Solutions/Microsoft Entra ID/Analytic Rules/PossibleSignInfromAzureBackdoor.yaml x: 4 lines of code y: 26 # changes Solutions/Microsoft Entra ID/Analytic Rules/SuspiciousAADJoinedDeviceUpdate.yaml x: 102 lines of code y: 66 # changes Solutions/Microsoft Entra ID/Analytic Rules/UserAccounts-CABlockedSigninSpikes.yaml x: 114 lines of code y: 67 # changes Solutions/Network Threat Protection Essentials/Hunting Queries/B64IPInURL.yaml x: 73 lines of code y: 73 # changes Solutions/Sophos Endpoint Protection/Data Connectors/AzureFunctionSophos/main.py x: 140 lines of code y: 52 # changes Solutions/Sophos Endpoint Protection/Data Connectors/AzureFunctionSophos/sentinel_connector.py x: 90 lines of code y: 52 # changes Solutions/Sophos Endpoint Protection/Data Connectors/AzureFunctionSophos/state_manager.py x: 18 lines of code y: 52 # changes Solutions/Sophos Endpoint Protection/Parsers/SophosEPEvent.yaml x: 71 lines of code y: 59 # changes Solutions/Syslog/Analytic Rules/NRT_squid_events_for_mining_pools.yaml x: 57 lines of code y: 55 # changes Solutions/Syslog/Hunting Queries/SchedTaskAggregation.yaml x: 9 lines of code y: 55 # changes Solutions/VMware Carbon Black Cloud/Data Connectors/AzureFunctionVMwareCarbonBlack/AlertsApiTimer/run.ps1 x: 307 lines of code y: 27 # changes Solutions/VMware Carbon Black Cloud/Data Connectors/AzureFunctionVMwareCarbonBlack/AuditEventsAlertsTimer/run.ps1 x: 375 lines of code y: 27 # changes Solutions/VMware SD-WAN and SASE/Analytic Rules/vmw-sdwan-idps-alert-syslog.yaml x: 86 lines of code y: 22 # changes Solutions/VMware SD-WAN and SASE/Data Connectors/Function App Connector/vmw_sdwan_sase_funcapp/cws_dlplogs/__init__.py x: 283 lines of code y: 20 # changes Solutions/VMware SD-WAN and SASE/Data Connectors/Function App Connector/vmw_sdwan_sase_funcapp/cws_healthcheck/__init__.py x: 179 lines of code y: 20 # changes Solutions/VMware SD-WAN and SASE/Data Connectors/Function App Connector/vmw_sdwan_sase_funcapp/cws_weblogs/__init__.py x: 248 lines of code y: 20 # changes Solutions/VMware SD-WAN and SASE/Data Connectors/Function App Connector/vmw_sdwan_sase_funcapp/sdwan_auditlogs/__init__.py x: 291 lines of code y: 20 # changes Solutions/VMware SD-WAN and SASE/Data Connectors/Function App Connector/vmw_sdwan_sase_funcapp/sdwan_efslogs/__init__.py x: 547 lines of code y: 20 # changes Solutions/VaronisSaaS/Data Connectors/VaronisSaaSFunction/Varonis.Sentinel.Functions/DatAlert/IDatAlertClient.cs x: 10 lines of code y: 26 # changes Solutions/VaronisSaaS/Data Connectors/VaronisSaaSFunction/Varonis.Sentinel.Functions/Helpers/AlertExtensions.cs x: 24 lines of code y: 26 # changes Solutions/VaronisSaaS/Data Connectors/VaronisSaaSFunction/Varonis.Sentinel.Functions/Helpers/BaseMapper.cs x: 13 lines of code y: 26 # changes Solutions/Veritas NetBackup/Analytic Rules/NetBackup_many_login_fail.yaml x: 38 lines of code y: 29 # changes Solutions/Windows Security Events/Hunting Queries/CommandsexecutedbyWMIonnewhosts-potentialImpacket.yaml x: 55 lines of code y: 72 # changes Solutions/Windows Security Events/Hunting Queries/ProcessEntropy.yaml x: 150 lines of code y: 71 # changes Solutions/Windows Security Events/Hunting Queries/Suspicious_Windows_Login_outside_normal_hours.yaml x: 123 lines of code y: 71 # changes Solutions/Windows Security Events/Hunting Queries/persistence_create_account.yaml x: 39 lines of code y: 53 # changes Solutions/Windows Security Events/Hunting Queries/uncommon_processes.yaml x: 57 lines of code y: 69 # changes Solutions/WithSecureElementsViaFunction/Data Connectors/WithSecureElementsAzureFunction/__init__.py x: 1 lines of code y: 23 # changes Tools/PowerShell/SentinelAnalyticRulesManagementScript.ps1 x: 1107 lines of code y: 19 # changes Parsers/ASimRegistryEvent/Parsers/VimRegistryEventMicrosoftSecurityEvent.yaml x: 172 lines of code y: 3 # changes ASIM/dev/ASimTester/filteringTest/ASimFilteringTest.py x: 484 lines of code y: 45 # changes ASIM/lib/functions/ASIM_GetUserType.yaml x: 45 lines of code y: 37 # changes ASIM/schemas/ASimAuthentication.yaml x: 106 lines of code y: 90 # changes ASIM/schemas/ASimDHCPEvent.yaml x: 110 lines of code y: 34 # changes ASIM/schemas/ASimDns.yaml x: 256 lines of code y: 90 # changes ASIM/schemas/ASimFileEvent.yaml x: 232 lines of code y: 110 # changes ASIM/schemas/ASimNotification.yaml x: 74 lines of code y: 44 # changes ASIM/schemas/common/ASimEnumerations.yaml x: 112 lines of code y: 88 # changes ASIM/schemas/common/ASimEventFields.yaml x: 120 lines of code y: 73 # changes ASIM/schemas/entities/ASimDvc.yaml x: 91 lines of code y: 73 # changes ASIM/schemas/entities/ASimExtendedProcess.yaml x: 10 lines of code y: 75 # changes ASIM/schemas/entities/ASimProcess.yaml x: 10 lines of code y: 78 # changes DataConnectors/CEF/cef_installer.py x: 554 lines of code y: 129 # changes DataConnectors/CEF/cef_troubleshoot.py x: 653 lines of code y: 145 # changes DataConnectors/DocuSign-SecurityEvents/AzureFunctionDocuSignMonitor/DocuSignMonitorTimerTrigger/run.ps1 x: 381 lines of code y: 62 # changes DataConnectors/Templates/Connector_REST_API_AzureFunctionApp_template/Template_REST_API_AzureFunction_App_Code/Template_REST_API_Function_App_C#/Template_REST_API_Function_App_C#.cs x: 237 lines of code y: 28 # changes DataConnectors/Zoom/ZoomLogs/run.ps1 x: 165 lines of code y: 35 # changes DataConnectors/microsoft-sentinel-log-analytics-logstash-output-plugin/lib/logstash/sentinel_la/customSizeBasedBuffer.rb x: 137 lines of code y: 28 # changes DataConnectors/microsoft-sentinel-log-analytics-logstash-output-plugin/lib/logstash/sentinel_la/eventsHandler.rb x: 43 lines of code y: 28 # changes DataConnectors/microsoft-sentinel-log-analytics-logstash-output-plugin/lib/logstash/sentinel_la/logStashAutoResizeBuffer.rb x: 104 lines of code y: 28 # changes DataConnectors/microsoft-sentinel-log-analytics-logstash-output-plugin/lib/logstash/sentinel_la/sampleFileCreator.rb x: 50 lines of code y: 28 # changes Detections/ASimAuthentication/imAuthPasswordSpray.yaml x: 46 lines of code y: 108 # changes Detections/ASimDNS/imDNS_Miners.yaml x: 89 lines of code y: 148 # changes Detections/ASimDNS/imDns_DomainEntity_DnsEvents.yaml x: 4 lines of code y: 93 # changes Detections/ASimDNS/imDns_IPEntity_DnsEvents.yaml x: 4 lines of code y: 121 # changes Detections/ASimFileEvent/imFileESolarWindsSunburstSupernova.yaml x: 31 lines of code y: 141 # changes Detections/ASimNetworkSession/ExcessiveHTTPFailuresFromSource.yaml x: 4 lines of code y: 80 # changes Detections/ASimNetworkSession/IPEntity_imNetworkSession.yaml x: 4 lines of code y: 78 # changes Detections/ASimNetworkSession/PortScan.yaml x: 4 lines of code y: 72 # changes Detections/ASimProcess/NewEXEdeployedviaDefaultDomainorDefaultDomainControllerPolicies(ASIMVersion).yaml x: 57 lines of code y: 94 # changes Detections/ASimProcess/Potentialre-namedsdeleteusage(ASIMVersion).yaml x: 24 lines of code y: 100 # changes Detections/ASimProcess/imProcess_base64_encoded_pefile.yaml x: 30 lines of code y: 117 # changes Detections/ASimProcess/imProcess_malware_in_recyclebin.yaml x: 30 lines of code y: 132 # changes Detections/ASimWebSession/DiscordCDNRiskyFileDownload_ASim.yaml x: 63 lines of code y: 89 # changes Detections/ASimWebSession/PotentiallyHarmfulFileTypes.yaml x: 85 lines of code y: 115 # changes Detections/AWSCloudTrail/AWS_ChangeToRDSDatabase.yaml x: 5 lines of code y: 135 # changes Detections/AWSCloudTrail/AWS_ChangeToVPC.yaml x: 5 lines of code y: 150 # changes Detections/AWSCloudTrail/AWS_ClearStopChangeTrailLogs.yaml x: 5 lines of code y: 138 # changes Detections/AWSCloudTrail/AWS_FullAdminPolicyAttachedToRolesUsersGroups.yaml x: 5 lines of code y: 116 # changes Detections/AWSCloudTrail/NRT_AWS_ConsoleLogonWithoutMFA.yaml x: 5 lines of code y: 67 # changes Detections/AWSCloudTrail/SuspiciousAccessOfBECRelatedDocumentsInAWSS3Buckets.yaml x: 5 lines of code y: 69 # changes Detections/AWSGuardDuty/AWS_GuardDuty_template.yaml x: 4 lines of code y: 84 # changes Detections/AuditLogs/ADFSDomainTrustMods.yaml x: 5 lines of code y: 172 # changes Detections/AuditLogs/AccountCreatedDeletedByNonApprovedUser.yaml x: 5 lines of code y: 113 # changes Detections/AuditLogs/AccountCreatedandDeletedinShortTimeframe.yaml x: 5 lines of code y: 115 # changes Detections/AuditLogs/AccountElevatedtoNewRole.yaml x: 5 lines of code y: 79 # changes Detections/AuditLogs/AdditionofaTemporaryAccessPasstoaPrivilegedAccount.yaml x: 82 lines of code y: 122 # changes Detections/AuditLogs/ApplicationIDURIChanged.yaml x: 77 lines of code y: 98 # changes Detections/AuditLogs/ChangestoApplicationOwnership.yaml x: 78 lines of code y: 105 # changes Detections/AuditLogs/ChangestoPIMSettings.yaml x: 58 lines of code y: 98 # changes Detections/AuditLogs/ConditionalAccessPolicyModifiedbyNewUser.yaml x: 79 lines of code y: 125 # changes Detections/AuditLogs/CredentialAddedAfterAdminConsent.yaml x: 5 lines of code y: 152 # changes Detections/AuditLogs/Cross-tenantAccessSettingsOrganizationAdded.yaml x: 6 lines of code y: 76 # changes Detections/AuditLogs/FirstAppOrServicePrincipalCredential.yaml x: 5 lines of code y: 179 # changes Detections/AuditLogs/GuestAccountsAddedinAADGroupsOtherThanTheOnesSpecified.yaml x: 6 lines of code y: 99 # changes Detections/AuditLogs/MailPermissionsAddedToApplication.yaml x: 5 lines of code y: 149 # changes Detections/AuditLogs/MaliciousOAuthApp_O365AttackToolkit.yaml x: 5 lines of code y: 143 # changes Detections/AuditLogs/MultipleAdmin_membership_removals_from_NewAdmin.yaml x: 5 lines of code y: 91 # changes Detections/AuditLogs/NRT_AuthenticationMethodsChangedforVIPUsers.yaml x: 6 lines of code y: 83 # changes Detections/AuditLogs/NRT_UseraddedtoPrivilgedGroups.yaml x: 5 lines of code y: 103 # changes Detections/AuditLogs/NewAppOrServicePrincipalCredential.yaml x: 5 lines of code y: 174 # changes Detections/AuditLogs/NewExtUserGrantedAdmin.yaml x: 5 lines of code y: 75 # changes Detections/AuditLogs/ServicePrincipalAssignedAppRoleWithSensitiveAccess.yaml x: 93 lines of code y: 112 # changes Detections/AuditLogs/SuspiciousLinkingofExternalIdtoExistingUsers.yaml x: 82 lines of code y: 100 # changes Detections/AuditLogs/SuspiciousOAuthApp_OfflineAccess.yaml x: 5 lines of code y: 141 # changes Detections/AuditLogs/SuspiciousServicePrincipalcreationactivity.yaml x: 5 lines of code y: 127 # changes Detections/AuditLogs/URLAddedtoApplicationfromUnknownDomain.yaml x: 101 lines of code y: 134 # changes Detections/AuditLogs/UserAssignedPrivilegedRole.yaml x: 5 lines of code y: 126 # changes Detections/AuditLogs/Useraccountcreatedwithoutexpectedattributesdefined.yaml x: 95 lines of code y: 108 # changes Detections/AuditLogs/UseraddedtoPrivilgedGroups.yaml x: 5 lines of code y: 191 # changes Detections/AzureActivity/AADHybridHealthADFSServiceDelete.yaml x: 4 lines of code y: 105 # changes Detections/AzureActivity/AADHybridHealthADFSSuspApp.yaml x: 4 lines of code y: 104 # changes Detections/AzureActivity/Granting_Permissions_To_Account_detection.yaml x: 4 lines of code y: 169 # changes Detections/AzureActivity/NRT_Creation_of_Expensive_Computes_in_Azure.yaml x: 4 lines of code y: 61 # changes Detections/AzureActivity/RareOperations.yaml x: 4 lines of code y: 130 # changes Detections/AzureActivity/TimeSeriesAnomaly_Mass_Cloud_Resource_Deletions.yaml x: 4 lines of code y: 58 # changes Detections/AzureAppServices/AVScan_Failure.yaml x: 31 lines of code y: 122 # changes Detections/AzureAppServices/AVScan_Infected_Files_Found.yaml x: 31 lines of code y: 113 # changes Detections/AzureDiagnostics/AzureWAFmatching_log4j_vuln.yaml x: 5 lines of code y: 82 # changes Detections/AzureDiagnostics/KeyVaultSensitiveOperations.yaml x: 5 lines of code y: 146 # changes Detections/AzureDiagnostics/TimeSeriesKeyvaultAccessAnomaly.yaml x: 5 lines of code y: 145 # changes Detections/AzureFirewall/SeveralDenyActionsRegistered.yaml x: 5 lines of code y: 156 # changes Detections/AzureWAF/AFD-Premium-WAF-SQLiDetection.yaml x: 4 lines of code y: 52 # changes Detections/BehaviorAnalytics/SuspiciousSigninByAADConnectAccount.yaml x: 66 lines of code y: 98 # changes Detections/CiscoUmbrella/CiscoUmbrellaConnectionToUnpopularWebsiteDetected.yaml x: 43 lines of code y: 113 # changes Detections/CiscoUmbrella/CiscoUmbrellaCryptoMinerUserAgentDetected.yaml x: 34 lines of code y: 113 # changes Detections/CiscoUmbrella/CiscoUmbrellaHackToolUserAgentDetected.yaml x: 82 lines of code y: 113 # changes Detections/CiscoUmbrella/CiscoUmbrellaURIContainsIPAddress.yaml x: 34 lines of code y: 98 # changes Detections/CommonSecurityLog/CiscoASA-AvgAttackDetectRateIncrease.yaml x: 5 lines of code y: 90 # changes Detections/CommonSecurityLog/CiscoASA-ThreatDetectionMessage.yaml x: 5 lines of code y: 100 # changes Detections/CommonSecurityLog/PaloAlto-NetworkBeaconing.yaml x: 5 lines of code y: 107 # changes Detections/CommonSecurityLog/PaloAlto-PortScanning.yaml x: 5 lines of code y: 118 # changes Detections/DeviceEvents/SolarWinds_TEARDROP_Process-IOCs.yaml x: 5 lines of code y: 196 # changes Detections/DeviceFileEvents/SolarWinds_SUNBURST_&_SUPERNOVA_File-IOCs.yaml x: 5 lines of code y: 175 # changes Detections/DeviceProcessEvents/SolarWinds_SUNBURST_Process-IOCs.yaml x: 61 lines of code y: 160 # changes Detections/DnsEvents/DNS_HighNXDomainCount_detection.yaml x: 5 lines of code y: 134 # changes Detections/DnsEvents/DNS_Miners.yaml x: 5 lines of code y: 136 # changes Detections/DnsEvents/NRT_DNS_Related_To_Mining_Pools.yaml x: 5 lines of code y: 70 # changes Detections/GitHub/(Preview) GitHub - Activities from Infrequent Country.yaml x: 5 lines of code y: 29 # changes Detections/GitHub/Security Vulnerability in Repo.yaml x: 6 lines of code y: 109 # changes Detections/MultipleDataSources/AADAWSConsoleCorrelation.yaml x: 84 lines of code y: 173 # changes Detections/MultipleDataSources/ADFS-DKM-MasterKey-Export.yaml x: 98 lines of code y: 170 # changes Detections/MultipleDataSources/AWSConsoleAADCorrelation.yaml x: 69 lines of code y: 190 # changes Detections/MultipleDataSources/AuthenticationMethodsChangedforPrivilegedAccount.yaml x: 5 lines of code y: 155 # changes Detections/MultipleDataSources/BariumDomainIOC112020.yaml x: 5 lines of code y: 193 # changes Detections/MultipleDataSources/BariumIPIOC112020.yaml x: 5 lines of code y: 206 # changes Detections/MultipleDataSources/Cross-CloudSuspiciousComputeResourcecreationinGCP.yaml x: 3 lines of code y: 46 # changes Detections/MultipleDataSources/CrossCloudUnauthorizedCredentialsAccessDetection.yaml x: 3 lines of code y: 60 # changes Detections/MultipleDataSources/Dev-0228FilePathHashesNovember2021.yaml x: 77 lines of code y: 126 # changes Detections/MultipleDataSources/Dev-0270NewUserSep2022.yaml x: 4 lines of code y: 53 # changes Detections/MultipleDataSources/Dev-0530_FileExtRename.yaml x: 60 lines of code y: 106 # changes Detections/MultipleDataSources/DisabledAccIPSigninWithRareRiskyOps.yaml x: 115 lines of code y: 46 # changes Detections/MultipleDataSources/EUROPIUM _September2022.yaml x: 159 lines of code y: 107 # changes Detections/MultipleDataSources/EmailAccessviaActiveSync.yaml x: 88 lines of code y: 158 # changes Detections/MultipleDataSources/ExchangeServerVulnerabilitiesMarch2021IoCs.yaml x: 5 lines of code y: 199 # changes Detections/MultipleDataSources/GainCodeExecutionADFSviaWMI.yaml x: 171 lines of code y: 126 # changes Detections/MultipleDataSources/HiveRansomwareJuly2022.yaml x: 5 lines of code y: 102 # changes Detections/MultipleDataSources/HostAADCorrelation.yaml x: 102 lines of code y: 191 # changes Detections/MultipleDataSources/Mercury_Log4j_August2022.yaml x: 244 lines of code y: 102 # changes Detections/MultipleDataSources/NetworkEndpointCorrelation.yaml x: 5 lines of code y: 171 # changes Detections/MultipleDataSources/PHOSPHORUSMarch2019IOCs.yaml x: 5 lines of code y: 192 # changes Detections/MultipleDataSources/PhishinglinkExecutionObserved.yaml x: 112 lines of code y: 81 # changes Detections/MultipleDataSources/SUNSPOTHashes.yaml x: 5 lines of code y: 132 # changes Detections/MultipleDataSources/Solorigate-Network-Beacon.yaml x: 5 lines of code y: 185 # changes Detections/MultipleDataSources/SuccessfulAWSConsoleLoginfromIPAddressObservedConductingPasswordSpray.yaml x: 3 lines of code y: 55 # changes Detections/MultipleDataSources/SucessfullSiginFromPhingLink.yaml x: 138 lines of code y: 102 # changes Detections/MultipleDataSources/TarraskHashIoC.yaml x: 5 lines of code y: 87 # changes Detections/OfficeActivity/BEC_MailboxRule.yaml x: 5 lines of code y: 47 # changes Detections/OfficeActivity/ExternalUserAddedRemovedInTeams.yaml x: 5 lines of code y: 163 # changes Detections/OfficeActivity/ForestBlizzardCredHarvesting.yaml x: 5 lines of code y: 34 # changes Detections/OfficeActivity/SharePoint_Downloads_byNewUserAgent.yaml x: 5 lines of code y: 129 # changes Detections/OfficeActivity/exchange_auditlogdisabled.yaml x: 5 lines of code y: 131 # changes Detections/ProofpointPOD/ProofpointPODEmailSenderIPinTIList.yaml x: 6 lines of code y: 122 # changes Detections/ProofpointPOD/ProofpointPODMultipleProtectedEmailsToUnknownRecipient.yaml x: 4 lines of code y: 139 # changes Detections/SecurityAlert/CorrelateIPC_Unfamiliar-Atypical.yaml x: 5 lines of code y: 160 # changes Detections/SecurityAlert/DetectPIMAlertDisablingActivity.yaml x: 61 lines of code y: 95 # changes Detections/SecurityAlert/Massdownload_USBFileCopy.yaml x: 131 lines of code y: 92 # changes Detections/SecurityAlert/Solorigate-Defender-Detections.yaml x: 60 lines of code y: 151 # changes Detections/SecurityEvent/AADHealthMonAgentRegKeyAccess.yaml x: 139 lines of code y: 134 # changes Detections/SecurityEvent/AADHealthSvcAgentRegKeyAccess.yaml x: 137 lines of code y: 119 # changes Detections/SecurityEvent/COMEventSystemLoadingNewDLL.yaml x: 117 lines of code y: 78 # changes Detections/SecurityEvent/MidnightBlizzard_SuspiciousScriptRegistryWrite.yaml x: 91 lines of code y: 64 # changes Detections/SecurityEvent/NewEXEdeployedviaDefaultDomainorDefaultDomainControllerPolicies.yaml x: 5 lines of code y: 89 # changes Detections/SecurityEvent/PotentialBuildProcessCompromise.yaml x: 121 lines of code y: 142 # changes Detections/SecurityEvent/PotentialFodhelperUACBypass.yaml x: 5 lines of code y: 88 # changes Detections/SecurityEvent/PotentialRemoteDesktopTunneling.yaml x: 5 lines of code y: 64 # changes Detections/SecurityEvent/RDP_RareConnection.yaml x: 103 lines of code y: 158 # changes Detections/SecurityEvent/SecurityEventLogCleared.yaml x: 5 lines of code y: 162 # changes Detections/SecurityEvent/SolorigateNamedPipe.yaml x: 95 lines of code y: 168 # changes Detections/SecurityEvent/TimeSeriesAnomaly-ProcessExecutions.yaml x: 5 lines of code y: 151 # changes Detections/SecurityEvent/UserAccountAdd-Removed.yaml x: 129 lines of code y: 174 # changes Detections/SecurityEvent/UserCreatedAddedToBuiltinAdmins_1d.yaml x: 141 lines of code y: 164 # changes Detections/SecurityEvent/UserPrincipalNameAssignedToUserAccount.yaml x: 63 lines of code y: 82 # changes Detections/SecurityEvent/WindowsBinariesExecutedfromNon-DefaultDirectory.yaml x: 5 lines of code y: 65 # changes Detections/SecurityEvent/gte_6_FailedLogons_10m.yaml x: 140 lines of code y: 226 # changes Detections/SecurityEvent/powershell_empire.yaml x: 5 lines of code y: 176 # changes Detections/SigninLogs/ADFSSignInLogsPasswordSpray.yaml x: 5 lines of code y: 97 # changes Detections/SigninLogs/AuthenticationAttemptfromNewCountry.yaml x: 107 lines of code y: 121 # changes Detections/SigninLogs/AzureAADPowerShellAnomaly.yaml x: 5 lines of code y: 170 # changes Detections/SigninLogs/BruteForceCloudPC.yaml x: 5 lines of code y: 110 # changes Detections/SigninLogs/BypassCondAccessRule.yaml x: 5 lines of code y: 159 # changes Detections/SigninLogs/DisabledAccountSigninsAcrossManyApplications.yaml x: 5 lines of code y: 157 # changes Detections/SigninLogs/DistribPassCrackAttempt.yaml x: 5 lines of code y: 166 # changes Detections/SigninLogs/MFARejectedbyUser.yaml x: 5 lines of code y: 144 # changes Detections/SigninLogs/NewCountryValidCreds.yaml x: 80 lines of code y: 84 # changes Detections/SigninLogs/PrivilegedUserLogonfromnewASN.yaml x: 66 lines of code y: 152 # changes Detections/SigninLogs/SigninAttemptsByIPviaDisabledAccounts.yaml x: 5 lines of code y: 165 # changes Detections/ThreatIntelligenceIndicator/DomainEntity_DnsEvents.yaml x: 5 lines of code y: 154 # changes Detections/ThreatIntelligenceIndicator/FileHashEntity_SecurityEvent.yaml x: 5 lines of code y: 184 # changes Detections/ThreatIntelligenceIndicator/IPEntity_AWSCloudTrail.yaml x: 5 lines of code y: 140 # changes Detections/ThreatIntelligenceIndicator/IPEntity_AzureNetworkAnalytics.yaml x: 5 lines of code y: 147 # changes Detections/ThreatIntelligenceIndicator/IPEntity_AzureSQL.yaml x: 5 lines of code y: 111 # changes Detections/ThreatIntelligenceIndicator/IPEntity_DnsEvents.yaml x: 5 lines of code y: 167 # changes Detections/W3CIISLog/AnomomlousUserAgentConnection.yaml x: 63 lines of code y: 133 # changes Exploration Queries/InputEntity_Account/Acc2IP_rareIPLocation.yaml x: 79 lines of code y: 94 # changes Exploration Queries/InputEntity_IP/IP2Account_byLeastActiveAccounts.yaml x: 53 lines of code y: 29 # changes Hunting Queries/ASimProcess/imProcess_ProcessEntropy.yaml x: 146 lines of code y: 69 # changes Hunting Queries/ASimProcess/imProcess_SolarWindsInventory.yaml x: 19 lines of code y: 68 # changes Hunting Queries/ASimProcess/imProcess_powershell_downloads.yaml x: 18 lines of code y: 89 # changes Hunting Queries/AuditLogs/ConsentToApplicationDiscovery.yaml x: 99 lines of code y: 92 # changes Hunting Queries/AuditLogs/NonredeemedGuesUserInvites.yaml x: 53 lines of code y: 60 # changes Hunting Queries/AzureDiagnostics/SpringshellWebshellUsage.yaml x: 4 lines of code y: 54 # changes Hunting Queries/Microsoft 365 Defender/ASR rules/ASR-rules-categorized-detection-graph.yaml x: 25 lines of code y: 34 # changes Hunting Queries/Microsoft 365 Defender/Campaigns/Abuse.ch Recent Threat Feed.yaml x: 66 lines of code y: 50 # changes Hunting Queries/Microsoft 365 Defender/Campaigns/redmenshen-bpfdoor-backdoor.yaml x: 21 lines of code y: 62 # changes Hunting Queries/Microsoft 365 Defender/Cloud Apps/aad-role-adds.yaml x: 34 lines of code y: 53 # changes Hunting Queries/Microsoft 365 Defender/Command and Control/EncodedDomainURL [Nobelium].yaml x: 74 lines of code y: 53 # changes Hunting Queries/Microsoft 365 Defender/Defense evasion/ADFSDomainTrustMods[Nobelium].yaml x: 45 lines of code y: 53 # changes Hunting Queries/Microsoft 365 Defender/Defense evasion/Discovering potentially tampered devices [Nobelium].yaml x: 9 lines of code y: 54 # changes Hunting Queries/Microsoft 365 Defender/Exfiltration/MailItemsAccessed Throttling [Nobelium].yaml x: 24 lines of code y: 54 # changes Hunting Queries/Microsoft 365 Defender/General queries/Endpoint Agent Health Status Report.yaml x: 106 lines of code y: 76 # changes Hunting Queries/Microsoft 365 Defender/General queries/wifikeys.yaml x: 17 lines of code y: 49 # changes Hunting Queries/Microsoft 365 Defender/Initial access/SuspiciousUrlClicked.yaml x: 18 lines of code y: 86 # changes Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_Addigy_netconn.yaml x: 35 lines of code y: 30 # changes Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_AnyViewer_createproc.yaml x: 21 lines of code y: 29 # changes Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_ZohoAssist_netconn.yaml x: 42 lines of code y: 29 # changes Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm__all_netconn.yaml x: 185 lines of code y: 29 # changes Hunting Queries/Microsoft 365 Defender/TVM/devices_with_vuln_and_users_received_payload.yaml x: 36 lines of code y: 54 # changes Hunting Queries/MultipleDataSources/AzureResourceCreationWithNetworkActivity.yaml x: 115 lines of code y: 99 # changes Hunting Queries/MultipleDataSources/CriticalOperationsWithSystemrestore.yaml x: 103 lines of code y: 63 # changes Hunting Queries/MultipleDataSources/FailedSigninsWithAuditDetails.yaml x: 83 lines of code y: 74 # changes Hunting Queries/MultipleDataSources/FirewallRuleChanges_using_netsh.yaml x: 145 lines of code y: 70 # changes Hunting Queries/MultipleDataSources/MailForwardingActivityFromNewLocation.yaml x: 75 lines of code y: 58 # changes Hunting Queries/MultipleDataSources/PermutationsOnLogonNames.yaml x: 124 lines of code y: 92 # changes Hunting Queries/MultipleDataSources/PossibleCommandInjectionagainstAzureIR.yaml x: 89 lines of code y: 61 # changes Hunting Queries/MultipleDataSources/PrivilegedAccountPasswordChanges.yaml x: 34 lines of code y: 68 # changes Hunting Queries/MultipleDataSources/RareDNSLookupWithDataTransfer.yaml x: 113 lines of code y: 128 # changes Hunting Queries/MultipleDataSources/TrackingPrivAccounts.yaml x: 187 lines of code y: 116 # changes Hunting Queries/SigninLogs/AnomalousUserAppSigninLocationIncrease.yaml x: 9 lines of code y: 119 # changes Hunting Queries/SigninLogs/InactiveAccounts.yaml x: 93 lines of code y: 111 # changes Hunting Queries/W3CIISLog/ClientIPwithManyUserAgents.yaml x: 38 lines of code y: 114 # changes Hunting Queries/W3CIISLog/Potential_IIS_BF.yaml x: 83 lines of code y: 99 # changes Hunting Queries/W3CIISLog/Potential_IIS_CodeInject.yaml x: 94 lines of code y: 128 # changes Hunting Queries/W3CIISLog/RareClientFileAccess.yaml x: 52 lines of code y: 156 # changes Hunting Queries/W3CIISLog/SuspectedMailBoxExportHostonOWA.yaml x: 26 lines of code y: 129 # changes Hunting Queries/WireData/WireDataBeacon.yaml x: 54 lines of code y: 119 # changes Parsers/ASimAuditEvent/Parsers/ASimAuditEventCiscoISE.yaml x: 295 lines of code y: 32 # changes Parsers/ASimAuditEvent/Parsers/ASimAuditEventCrowdStrikeFalconHost.yaml x: 160 lines of code y: 25 # changes Parsers/ASimAuditEvent/Parsers/ASimAuditEventVectraXDRAudit.yaml x: 54 lines of code y: 76 # changes Parsers/ASimAuditEvent/Parsers/vimAuditEventCiscoISE.yaml x: 360 lines of code y: 33 # changes Parsers/ASimAuditEvent/Parsers/vimAuditEventCrowdStrikeFalconHost.yaml x: 217 lines of code y: 25 # changes Parsers/ASimAuthentication/Parsers/ASimAuthenticationAWSCloudTrail.yaml x: 112 lines of code y: 103 # changes Parsers/ASimAuthentication/Parsers/ASimAuthenticationCiscoISE.yaml x: 257 lines of code y: 51 # changes Parsers/ASimAuthentication/Parsers/ASimAuthenticationCrowdStrikeFalconHost.yaml x: 109 lines of code y: 24 # changes Parsers/ASimAuthentication/Parsers/ASimAuthenticationM365Defender.yaml x: 186 lines of code y: 118 # changes Parsers/ASimAuthentication/Parsers/ASimAuthenticationSshd.yaml x: 210 lines of code y: 69 # changes Parsers/ASimAuthentication/Parsers/ASimAuthenticationSudo.yaml x: 119 lines of code y: 71 # changes Parsers/ASimAuthentication/Parsers/ASimAuthenticationVMwareCarbonBlackCloud.yaml x: 81 lines of code y: 28 # changes Parsers/ASimDns/Parsers/ASimDnsFortinetFortigate.yaml x: 214 lines of code y: 27 # changes Parsers/ASimDns/Parsers/ASimDnsInfobloxNIOS.yaml x: 92 lines of code y: 110 # changes Parsers/ASimDns/Parsers/ASimDnsMicrosoftNXlog.yaml x: 280 lines of code y: 73 # changes Parsers/ASimDns/Parsers/ASimDnsSentinelOne.yaml x: 196 lines of code y: 32 # changes Parsers/ASimDns/Parsers/vimDnsInfobloxNIOS.yaml x: 209 lines of code y: 130 # changes Parsers/ASimDns/Parsers/vimDnsMicrosoftNXlog.yaml x: 335 lines of code y: 65 # changes Parsers/ASimDns/Parsers/vimDnsSentinelOne.yaml x: 248 lines of code y: 32 # changes Parsers/ASimFileEvent/Parsers/ASimFileEventAzureBlobStorage.yaml x: 85 lines of code y: 26 # changes Parsers/ASimFileEvent/Parsers/ASimFileEventLinuxSysmonFileDeleted.yaml x: 94 lines of code y: 26 # changes Parsers/ASimFileEvent/Parsers/ASimFileEventMicrosoft365D.yaml x: 130 lines of code y: 26 # changes Parsers/ASimFileEvent/Parsers/ASimFileEventSentinelOne.yaml x: 125 lines of code y: 49 # changes Parsers/ASimFileEvent/Parsers/ASimFileEventVMwareCarbonBlackCloud.yaml x: 154 lines of code y: 32 # changes Parsers/ASimFileEvent/Parsers/vimFileEventAzureTableStorage.yaml x: 156 lines of code y: 53 # changes Parsers/ASimFileEvent/Parsers/vimFileEventLinuxSysmonFileCreated.yaml x: 151 lines of code y: 52 # changes Parsers/ASimFileEvent/Parsers/vimFileEventM365D.yaml x: 207 lines of code y: 109 # changes Parsers/ASimFileEvent/Parsers/vimFileEventMicrosoftSharePoint.yaml x: 232 lines of code y: 86 # changes Parsers/ASimFileEvent/Parsers/vimFileEventSentinelOne.yaml x: 172 lines of code y: 51 # changes Parsers/ASimFileEvent/Parsers/vimFileEventVMwareCarbonBlackCloud.yaml x: 211 lines of code y: 34 # changes Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionCiscoFirepower.yaml x: 242 lines of code y: 31 # changes Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionCrowdStrikeFalconHost.yaml x: 296 lines of code y: 28 # changes Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionForcePointFirewall.yaml x: 341 lines of code y: 44 # changes Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionFortinetFortiGate.yaml x: 120 lines of code y: 121 # changes Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionMicrosoft365Defender.yaml x: 194 lines of code y: 106 # changes Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionSentinelOne.yaml x: 153 lines of code y: 32 # changes Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionVMwareCarbonBlackCloud.yaml x: 250 lines of code y: 35 # changes Parsers/ASimNetworkSession/Parsers/vimNetworkSessionCiscoFirepower.yaml x: 318 lines of code y: 31 # changes Parsers/ASimNetworkSession/Parsers/vimNetworkSessionCiscoISE.yaml x: 226 lines of code y: 53 # changes Parsers/ASimNetworkSession/Parsers/vimNetworkSessionCrowdStrikeFalconHost.yaml x: 393 lines of code y: 28 # changes Parsers/ASimNetworkSession/Parsers/vimNetworkSessionForcePointFirewall.yaml x: 416 lines of code y: 40 # changes Parsers/ASimNetworkSession/Parsers/vimNetworkSessionFortinetFortiGate.yaml x: 176 lines of code y: 122 # changes Parsers/ASimNetworkSession/Parsers/vimNetworkSessionMicrosoft365Defender.yaml x: 274 lines of code y: 123 # changes Parsers/ASimNetworkSession/Parsers/vimNetworkSessionSentinelOne.yaml x: 228 lines of code y: 32 # changes Parsers/ASimNetworkSession/Parsers/vimNetworkSessionVMwareCarbonBlackCloud.yaml x: 331 lines of code y: 36 # changes Parsers/ASimProcessEvent/Parsers/ASimProcessCreateSentinelOne.yaml x: 153 lines of code y: 30 # changes Parsers/ASimProcessEvent/Parsers/ASimProcessCreateVMwareCarbonBlackCloud.yaml x: 250 lines of code y: 34 # changes Parsers/ASimProcessEvent/Parsers/ASimProcessTerminateLinuxSysmon.yaml x: 58 lines of code y: 59 # changes Parsers/ASimProcessEvent/Parsers/ASimProcessTerminateMicrosoftSecurityEvents.yaml x: 67 lines of code y: 63 # changes Parsers/ASimProcessEvent/Parsers/ASimProcessTerminateMicrosoftWindowsEvents.yaml x: 58 lines of code y: 80 # changes Parsers/ASimProcessEvent/Parsers/ASimProcessTerminateVMwareCarbonBlackCloud.yaml x: 112 lines of code y: 31 # changes Parsers/ASimProcessEvent/Parsers/vimProcessCreateMicrosoftWindowsEvents.yaml x: 148 lines of code y: 98 # changes Parsers/ASimProcessEvent/Parsers/vimProcessCreateSentinelOne.yaml x: 234 lines of code y: 31 # changes Parsers/ASimProcessEvent/Parsers/vimProcessCreateVMwareCarbonBlackCloud.yaml x: 331 lines of code y: 34 # changes Parsers/ASimProcessEvent/Parsers/vimProcessEmpty.yaml x: 177 lines of code y: 89 # changes Parsers/ASimProcessEvent/Parsers/vimProcessTerminateMicrosoftWindowsEvents.yaml x: 133 lines of code y: 96 # changes Parsers/ASimProcessEvent/Parsers/vimProcessTerminateVMwareCarbonBlackCloud.yaml x: 187 lines of code y: 32 # changes Parsers/ASimRegistryEvent/Parsers/ASimRegistryEventMicrosoft365D.yaml x: 108 lines of code y: 26 # changes Parsers/ASimRegistryEvent/Parsers/ASimRegistryEventSentinelOne.yaml x: 117 lines of code y: 29 # changes Parsers/ASimRegistryEvent/Parsers/ASimRegistryEventTrendMicroVisionOne.yaml x: 72 lines of code y: 29 # changes Parsers/ASimRegistryEvent/Parsers/vimRegistryEventMicrosoft365D.yaml x: 158 lines of code y: 43 # changes Parsers/ASimRegistryEvent/Parsers/vimRegistryEventSentinelOne.yaml x: 160 lines of code y: 52 # changes Parsers/ASimRegistryEvent/Parsers/vimRegistryEventTrendMicroVisionOne.yaml x: 100 lines of code y: 31 # changes Parsers/ASimRegistryEvent/Parsers/vimRegistryEventVMwareCarbonBlackCloud.yaml x: 127 lines of code y: 37 # changes Parsers/ASimWebSession/Parsers/ASimWebSessionCiscoFirepower.yaml x: 204 lines of code y: 31 # changes Parsers/ASimWebSession/Parsers/ASimWebSessionCitrixNetScaler.yaml x: 154 lines of code y: 30 # changes Parsers/ASimWebSession/Parsers/ASimWebSessionFortinetFortiGate.yaml x: 151 lines of code y: 59 # changes Parsers/ASimWebSession/Parsers/ASimWebSessionIIS.yaml x: 87 lines of code y: 32 # changes Parsers/ASimWebSession/Parsers/vimWebSessionApacheHTTPServer.yaml x: 135 lines of code y: 53 # changes Parsers/ASimWebSession/Parsers/vimWebSessionCiscoFirepower.yaml x: 268 lines of code y: 31 # changes Parsers/ASimWebSession/Parsers/vimWebSessionCitrixNetScaler.yaml x: 219 lines of code y: 30 # changes Parsers/ASimWebSession/Parsers/vimWebSessionFortinetFortiGate.yaml x: 212 lines of code y: 59 # changes Playbooks/AS-Make-GitHub-Repository-Private/CreateJWT-Function/CreateJWT.js x: 25 lines of code y: 32 # changes Playbooks/AS-Sign-Out-Google-User/CreateGoogleJWT/__init__.py x: 37 lines of code y: 32 # changes Playbooks/AzureMonitor-ManagedId/azuremonitor.liquid x: 15 lines of code y: 34 # changes Solutions/AWS Systems Manager/Playbooks/CustomConnector/AWS_SSM_FunctionAppConnector/CreateDocument/__init__.py x: 128 lines of code y: 38 # changes Solutions/AWS Systems Manager/Playbooks/CustomConnector/AWS_SSM_FunctionAppConnector/DeleteDocument/__init__.py x: 92 lines of code y: 38 # changes Solutions/AWS Systems Manager/Playbooks/CustomConnector/AWS_SSM_FunctionAppConnector/DescribeInstanceInformation/__init__.py x: 97 lines of code y: 38 # changes Solutions/AWS Systems Manager/Playbooks/CustomConnector/AWS_SSM_FunctionAppConnector/GetInventory/__init__.py x: 96 lines of code y: 37 # changes Solutions/AbnormalSecurity/Data Connectors/SentinelTimerTrigger/__init__.py x: 13 lines of code y: 60 # changes Solutions/Alsid For AD/Analytic Rules/IndicatorsOfAttack.yaml x: 39 lines of code y: 46 # changes Solutions/Alsid For AD/Analytic Rules/PasswordIssues.yaml x: 40 lines of code y: 47 # changes Solutions/Amazon Web Services/Analytic Rules/AWS_APIfromTor.yaml x: 46 lines of code y: 52 # changes Solutions/Amazon Web Services/Analytic Rules/AWS_CreatedCloudFormationPolicytoPrivilegeEscalation.yaml x: 77 lines of code y: 95 # changes Solutions/Amazon Web Services/Analytic Rules/AWS_PrivilegeEscalationAdminManagedPolicy.yaml x: 44 lines of code y: 54 # changes Solutions/Amazon Web Services/Analytic Rules/AWS_S3BruteForce.yaml x: 64 lines of code y: 53 # changes Solutions/Apache Log4j Vulnerability Detection/Hunting Queries/NetworkConnectionldap_log4j.yaml x: 57 lines of code y: 93 # changes Solutions/ApacheHTTPServer/Parsers/ApacheHTTPServer.yaml x: 58 lines of code y: 34 # changes Solutions/Armis/Data Connectors/ArmisAlerts/ArmisAlertSentinelConnector/__init__.py x: 361 lines of code y: 49 # changes Solutions/Armis/Parsers/ArmisAlerts.yaml x: 38 lines of code y: 34 # changes Solutions/Attacker Tools Threat Protection Essentials/Analytic Rules/powershell_empire.yaml x: 146 lines of code y: 61 # changes Solutions/Authomize/Analytic Rules/AWS_role_with_admin_privileges.yaml x: 57 lines of code y: 49 # changes Solutions/Authomize/Analytic Rules/AWS_role_with_shadow_admin_privileges.yaml x: 58 lines of code y: 49 # changes Solutions/Authomize/Data Connectors/AuthomizeSentinelConnector/__init__.py x: 123 lines of code y: 28 # changes Solutions/Authomize/Hunting queries/Admin_SaaS_account_detected.yaml x: 4 lines of code y: 28 # changes Solutions/Azure SQL Database solution for sentinel/Analytic Rules/Detection-ErrorsCredentialStatefulAnomalyOnDatabase.yaml x: 86 lines of code y: 52 # changes Solutions/Azure SQL Database solution for sentinel/Hunting Queries/HuntingQuery-PrevalenceBasedQuerySizeAnomaly.yaml x: 81 lines of code y: 51 # changes Solutions/Azure Web Application Firewall (WAF)/Analytic Rules/AFD-Premium-WAF-SQLiDetection.yaml x: 53 lines of code y: 58 # changes Solutions/BitSight/Data Connectors/BitSightDataConnector/SharedCode/state_manager.py x: 18 lines of code y: 29 # changes Solutions/BitSight/Parsers/BitSightAlerts.yaml x: 43 lines of code y: 34 # changes Solutions/Box/Data Connectors/AzureFunctionBox/main.py x: 158 lines of code y: 96 # changes Solutions/Cisco SD-WAN/Parsers/CiscoSDWANNetflow.yaml x: 243 lines of code y: 34 # changes Solutions/CiscoDuoSecurity/Data Connectors/AzureFunctionCiscoDuo/main.py x: 373 lines of code y: 147 # changes Solutions/CiscoUmbrella/Parsers/Cisco_Umbrella.yaml x: 156 lines of code y: 34 # changes Solutions/Citrix ADC/Parsers/CitrixADCEventOld.yaml x: 168 lines of code y: 34 # changes Solutions/Cloud Identity Threat Protection Essentials/Analytic Rules/MFADisable.yaml x: 58 lines of code y: 75 # changes Solutions/Cloudflare/Parsers/Cloudflare.yaml x: 221 lines of code y: 34 # changes Solutions/CofenseIntelligence/Data Connectors/CofenseIntelligenceDataConnector/CofenseIntelligenceMalware/cofense_malware_data_to_sentinel.py x: 391 lines of code y: 36 # changes Solutions/CofenseIntelligence/Data Connectors/CofenseIntelligenceDataConnector/CofenseToSentinel/sentinel.py x: 126 lines of code y: 36 # changes Solutions/CofenseIntelligence/Data Connectors/CofenseIntelligenceDataConnector/DownloadThreatReports/__init__.py x: 149 lines of code y: 35 # changes Solutions/CofenseIntelligence/Data Connectors/CofenseIntelligenceDataConnector/RetryFailedIndicators/__init__.py x: 12 lines of code y: 35 # changes Solutions/CofenseIntelligence/Data Connectors/CofenseIntelligenceDataConnector/RetryFailedIndicators/sentinel.py x: 111 lines of code y: 36 # changes Solutions/CofenseIntelligence/Data Connectors/CofenseIntelligenceDataConnector/SentinelToDefender/__init__.py x: 34 lines of code y: 35 # changes Solutions/CofenseIntelligence/Data Connectors/CofenseIntelligenceDataConnector/SentinelToDefender/defender.py x: 283 lines of code y: 35 # changes Solutions/CofenseIntelligence/Data Connectors/CofenseIntelligenceDataConnector/SentinelToDefender/sentinel.py x: 711 lines of code y: 36 # changes Solutions/CofenseIntelligence/Data Connectors/CofenseIntelligenceDataConnector/SharedCode/__init__.py x: 1 lines of code y: 35 # changes Solutions/CofenseIntelligence/Data Connectors/CofenseIntelligenceDataConnector/SharedCode/logger.py x: 25 lines of code y: 35 # changes Solutions/CofenseIntelligence/Data Connectors/CofenseIntelligenceDataConnector/SharedCode/sentinel.py x: 117 lines of code y: 35 # changes Solutions/CofenseIntelligence/Data Connectors/CofenseIntelligenceDataConnector/SharedCode/utils.py x: 433 lines of code y: 36 # changes Solutions/CofenseTriage/Data Connectors/CofenseTriageDataConnector/CofenseBasedIndicatorCreator/cofense.py x: 86 lines of code y: 27 # changes Solutions/CofenseTriage/Data Connectors/CofenseTriageDataConnector/IndicatorCreatorToDefender/defender.py x: 281 lines of code y: 27 # changes Solutions/CofenseTriage/Data Connectors/CofenseTriageDataConnector/IndicatorCreatorToDefender/sentinel.py x: 751 lines of code y: 27 # changes Solutions/CofenseTriage/Data Connectors/CofenseTriageDataConnector/IndicatorCreatorToDefender/sentinel_to_defender_mapping.py x: 168 lines of code y: 27 # changes Solutions/CofenseTriage/Data Connectors/CofenseTriageDataConnector/NonCofenseBasedIndicatorCreatorToCofense/cofense.py x: 330 lines of code y: 27 # changes Solutions/CofenseTriage/Data Connectors/CofenseTriageDataConnector/NonCofenseBasedIndicatorCreatorToCofense/sentinel.py x: 727 lines of code y: 27 # changes Solutions/CofenseTriage/Data Connectors/CofenseTriageDataConnector/SharedCode/utils.py x: 444 lines of code y: 27 # changes Solutions/CognyteLuminar/Data Connectors/Cognyte Luminar/__init__.py x: 403 lines of code y: 26 # changes Solutions/Commvault Security IQ/Playbooks/Runbooks/Commvault_Cycle_Token.ps1 x: 69 lines of code y: 30 # changes Solutions/Corelight/Analytic Rules/CorelightForcedExternalOutboundSMB.yaml x: 33 lines of code y: 111 # changes Solutions/Corelight/Analytic Rules/CorelightMultipleFilesSentOverHTTPAbnormalRequests.yaml x: 35 lines of code y: 124 # changes Solutions/Corelight/Analytic Rules/CorelightPossibleWebshellRarePOST.yaml x: 36 lines of code y: 127 # changes Solutions/Corelight/Hunting Queries/CorelightMultipleRemoteSMBConnectionsFromSingleIP.yaml x: 26 lines of code y: 60 # changes Solutions/CrowdStrike Falcon Endpoint Protection/Data Connectors/CrowdstrikeReplicatorCLv2/CrowdstrikeFalconAPISentinelConn/QueueTriggerCS/sentinel_connector_clv2_async.py x: 95 lines of code y: 63 # changes Solutions/CrowdStrike Falcon Endpoint Protection/Data Connectors/CrowdstrikeReplicatorCLv2/Data Collection Rules/Transformations/ASimProcessEventCrowdStrikeFalcon.yaml x: 86 lines of code y: 28 # changes Solutions/CrowdStrike Falcon Endpoint Protection/Parsers/CrowdStrikeReplicator.yaml x: 1074 lines of code y: 40 # changes Solutions/CrowdStrike Falcon Endpoint Protection/Parsers/CrowdStrikeReplicatorV2.yaml x: 155 lines of code y: 50 # changes Solutions/CrowdStrike Falcon Endpoint Protection/Parsers/CrowdStrikeReplicator_future.yaml x: 1123 lines of code y: 36 # changes Solutions/CyberArkEPM/DataConnectors/CyberArkEPMSentinelConnector/pyepm.py x: 184 lines of code y: 50 # changes Solutions/Cynerio/Parsers/CynerioEvent_NetworkSession.yaml x: 177 lines of code y: 34 # changes Solutions/DNS Essentials/Analytic Rules/MultipleErrorsReportedForSameDNSQueryAnomalyBased.yaml x: 121 lines of code y: 43 # changes Solutions/DNS Essentials/Analytic Rules/PotentialDGADetectedviaRepetitiveFailuresAnomalyBased.yaml x: 144 lines of code y: 43 # changes Solutions/DNS Essentials/Analytic Rules/RareClientObservedWithHighReverseDNSLookupCountAnomalyBased.yaml x: 60 lines of code y: 43 # changes Solutions/Darktrace/Analytic Rules/CreateAlertFromSystemStatus.yaml x: 56 lines of code y: 95 # changes Solutions/Darktrace/Analytic Rules/CreateIncidentFromAIAnalystIncident.yaml x: 65 lines of code y: 97 # changes Solutions/Dataminr Pulse/Data Connectors/DataminrPulseAlerts/DataminrPulseAlertsManualActivity/dataminrpulse_integration_settings.py x: 341 lines of code y: 52 # changes Solutions/Dataminr Pulse/Data Connectors/DataminrPulseAlerts/DataminrPulseAlertsSentinelActivity/__init__.py x: 20 lines of code y: 28 # changes Solutions/Dataminr Pulse/Data Connectors/DataminrPulseAlerts/DataminrPulseAlertsSentinelActivity/dataminr_pulse.py x: 288 lines of code y: 29 # changes Solutions/Dataminr Pulse/Data Connectors/DataminrPulseAlerts/DataminrPulseAlertsSentinelActivity/sentinel.py x: 94 lines of code y: 28 # changes Solutions/Dataminr Pulse/Data Connectors/DataminrPulseAlerts/DataminrPulseAlertsSentinelOrchestrator/__init__.py x: 10 lines of code y: 28 # changes Solutions/Dataminr Pulse/Data Connectors/DataminrPulseAlerts/DataminrPulseThreatIntelligence/dataminr_pulse_threat_intelligence.py x: 235 lines of code y: 34 # changes Solutions/Dataminr Pulse/Data Connectors/DataminrPulseAlerts/DataminrPulseThreatIntelligence/dataminr_pulse_to_threat_intelligence_mapping.py x: 118 lines of code y: 33 # changes Solutions/Dataminr Pulse/Data Connectors/DataminrPulseAlerts/DataminrPulseThreatIntelligence/get_logs_data.py x: 64 lines of code y: 28 # changes Solutions/Dataminr Pulse/Data Connectors/DataminrPulseAlerts/DataminrPulseThreatIntelligence/sentinel.py x: 193 lines of code y: 30 # changes Solutions/Dataminr Pulse/Data Connectors/DataminrPulseAlerts/RetryFailedIndicators/post_to_log_analytics.py x: 115 lines of code y: 28 # changes Solutions/Dataminr Pulse/Data Connectors/DataminrPulseAlerts/RetryFailedIndicators/retry_failed_indicators.py x: 271 lines of code y: 29 # changes Solutions/Dataminr Pulse/Parsers/DataminrPulseAlerts.yaml x: 102 lines of code y: 28 # changes Solutions/Digital Shadows/Analytic Rules/Digital_Shadows_incident_creation_exclude.yaml x: 70 lines of code y: 87 # changes Solutions/Digital Shadows/Data Connectors/Digital Shadows/DigitalShadowsConnectorAzureFunction/DS_api.py x: 98 lines of code y: 73 # changes Solutions/Digital Shadows/Data Connectors/Digital Shadows/DigitalShadowsConnectorAzureFunction/DS_poller.py x: 140 lines of code y: 90 # changes Solutions/Dynatrace/Parsers/DynatraceProblems.yaml x: 30 lines of code y: 36 # changes Solutions/ESETPROTECT/Parsers/ESETPROTECT.yaml x: 138 lines of code y: 34 # changes Solutions/Endpoint Threat Protection Essentials/Hunting Queries/PotentialMicrosoftSecurityServicesTampering.yaml x: 117 lines of code y: 49 # changes Solutions/Exabeam Advanced Analytics/Parsers/ExabeamEvent.yaml x: 104 lines of code y: 34 # changes Solutions/FalconFriday/Analytic Rules/AzureADRareUserAgentAppSignin.yaml x: 107 lines of code y: 79 # changes Solutions/FalconFriday/Analytic Rules/AzureADUserAgentOSmissmatch.yaml x: 70 lines of code y: 79 # changes Solutions/Feedly/Data Connectors/FeedlySentinelConnector/__init__.py x: 7 lines of code y: 33 # changes Solutions/Feedly/Data Connectors/FeedlySentinelConnector/config.py x: 29 lines of code y: 33 # changes Solutions/Feedly/Data Connectors/FeedlySentinelConnector/sentinel_api.py x: 42 lines of code y: 33 # changes Solutions/ForgeRock Common Audit for CEF/Parsers/ForgeRockParser.yaml x: 12 lines of code y: 34 # changes Solutions/Fortinet FortiWeb Cloud WAF-as-a-Service connector for Microsoft Sentinel/Parsers/Fortiweb.yaml x: 55 lines of code y: 34 # changes Solutions/GitHub/Data Connectors/GithubWebhook/GithubWebhookConnector/__init__.py x: 99 lines of code y: 83 # changes Solutions/GoogleCloudPlatformDNS/Data Connectors/AzureFunctionGCPDNS/main.py x: 99 lines of code y: 48 # changes Solutions/GoogleCloudPlatformIAM/Data Connectors/AzureFunctionGCPIAM/main.py x: 97 lines of code y: 71 # changes Solutions/GoogleWorkspaceReports/Parsers/GWorkspaceActivityReports.yaml x: 204 lines of code y: 34 # changes Solutions/GreyNoiseThreatIntelligence/Data Connectors/GreyNoiseAPISentinelConnector/main.py x: 300 lines of code y: 53 # changes Solutions/IONIX/Analytic Rules/HighUrgencyActionItems.yaml x: 42 lines of code y: 30 # changes Solutions/Illumio Core/Parsers/IllumioCoreEvent.yaml x: 194 lines of code y: 34 # changes Solutions/Legacy IOC based Threat Protection/Deprecated Analytic Rules/BariumDomainIOC112020.yaml x: 153 lines of code y: 26 # changes Solutions/Legacy IOC based Threat Protection/Deprecated Analytic Rules/BariumIPIOC112020.yaml x: 174 lines of code y: 26 # changes Solutions/Legacy IOC based Threat Protection/Deprecated Analytic Rules/CadetBlizzard_Jan2022_IOC.yaml x: 75 lines of code y: 28 # changes Solutions/Legacy IOC based Threat Protection/Deprecated Analytic Rules/ChiaCryptoMining.yaml x: 225 lines of code y: 26 # changes Solutions/Legacy IOC based Threat Protection/Deprecated Analytic Rules/PHOSPHORUSMarch2019IOCs.yaml x: 113 lines of code y: 26 # changes Solutions/Legacy IOC based Threat Protection/Hunting Queries/Dev-0322FileDropActivityNovember2021(ASIMVersion).yaml x: 9 lines of code y: 49 # changes Solutions/Legacy IOC based Threat Protection/Hunting Queries/NetworkConnectiontoOMIPorts.yaml x: 63 lines of code y: 85 # changes Solutions/Legacy IOC based Threat Protection/Hunting Queries/NylonTyphoonCommandLineActivity-Nov2021.yaml x: 91 lines of code y: 70 # changes Solutions/Legacy IOC based Threat Protection/Hunting Queries/NylonTyphoonRegIOCPatterns.yaml x: 91 lines of code y: 47 # changes Solutions/Lookout Cloud Security Platform for Microsoft Sentinel/Data Connectors/LookoutCSConnector/LookoutCloudSecurityAnamolies/__init__.py x: 340 lines of code y: 60 # changes Solutions/Malware Protection Essentials/Analytic Rules/BackupDeletionDetected.yaml x: 97 lines of code y: 29 # changes Solutions/McAfee ePolicy Orchestrator/Parsers/McAfeeEPOEvent.yaml x: 200 lines of code y: 58 # changes Solutions/Microsoft 365/Hunting Queries/AnomolousUserAccessingOtherUsersMailbox.yaml x: 22 lines of code y: 53 # changes Solutions/Microsoft 365/Hunting Queries/OfficeMailForwarding_hunting.yaml x: 43 lines of code y: 83 # changes Solutions/Microsoft 365/Hunting Queries/new_adminaccountactivity.yaml x: 57 lines of code y: 53 # changes Solutions/Microsoft Defender for Cloud/Analytic Rules/CoreBackupDeletionwithSecurityAlert.yaml x: 69 lines of code y: 73 # changes Solutions/Microsoft Entra ID/Analytic Rules/DisabledAccountSigninsAcrossManyApplications.yaml x: 53 lines of code y: 47 # changes Solutions/Microsoft Entra ID/Analytic Rules/FirstAppOrServicePrincipalCredential.yaml x: 88 lines of code y: 47 # changes Solutions/Microsoft Entra ID/Analytic Rules/GuestAccountsAddedinAADGroupsOtherThanTheOnesSpecified.yaml x: 92 lines of code y: 60 # changes Solutions/Microsoft Entra ID/Analytic Rules/MaliciousOAuthApp_PwnAuth.yaml x: 116 lines of code y: 46 # changes Solutions/Microsoft Entra ID/Analytic Rules/NewOnmicrosoftDomainAdded.yaml x: 69 lines of code y: 48 # changes Solutions/Microsoft Entra ID/Analytic Rules/PIMElevationRequestRejected.yaml x: 74 lines of code y: 46 # changes Solutions/Microsoft Entra ID/Analytic Rules/RareApplicationConsent.yaml x: 96 lines of code y: 46 # changes Solutions/Microsoft Entra ID/Analytic Rules/SuspiciousSignInFollowedByMFAModification.yaml x: 85 lines of code y: 48 # changes Solutions/Microsoft Exchange Security - Exchange On-Premises/Analytic Rules/ServerOrientedWithUserOrientedAdministration.yaml x: 77 lines of code y: 87 # changes Solutions/MicrosoftPurviewInsiderRiskManagement/Analytic Rules/InsiderRiskHighUserAlertsCorrelation.yaml x: 101 lines of code y: 94 # changes Solutions/MicrosoftPurviewInsiderRiskManagement/Analytic Rules/InsiderRiskHighUserIncidentsCorrelation.yaml x: 96 lines of code y: 77 # changes Solutions/MicrosoftPurviewInsiderRiskManagement/Analytic Rules/InsiderRiskSensitiveDataAccessOutsideOrgGeo.yaml x: 57 lines of code y: 99 # changes Solutions/MimecastAudit/Data Connectors/Models/Enum/mimecast_response_codes.py x: 10 lines of code y: 29 # changes Solutions/MimecastSEG/Data Connectors/Helpers/request_helper.py x: 106 lines of code y: 27 # changes Solutions/MimecastSEG/Data Connectors/TransformData/siem_parser.py x: 146 lines of code y: 27 # changes Solutions/MimecastTIRegional/Data Connectors/Helpers/threat_intel_feed_request_helper.py x: 171 lines of code y: 49 # changes Solutions/MimecastTIRegional/Data Connectors/Helpers/threat_intel_feed_response_helper.py x: 104 lines of code y: 29 # changes Solutions/MimecastTTP/Analytic Rules/MimecastTTPAttachment.yaml x: 47 lines of code y: 32 # changes Solutions/MimecastTTP/Analytic Rules/MimecastTTPImpersonation.yaml x: 43 lines of code y: 32 # changes Solutions/MimecastTTP/Data Connectors/Helpers/request_helper.py x: 117 lines of code y: 31 # changes Solutions/MimecastTTP/Data Connectors/Models/Enum/__init__.py x: 1 lines of code y: 31 # changes Solutions/MimecastTTP/Data Connectors/Models/Enum/mimecast_response_codes.py x: 10 lines of code y: 31 # changes Solutions/Netskope/Data Connectors/Netskope/AzureFunctionNetskope/run.ps1 x: 388 lines of code y: 69 # changes Solutions/Netskope/Parsers/Netskope.yaml x: 288 lines of code y: 34 # changes Solutions/Okta Single Sign-On/Data Connectors/OktaSingleSign-On/AzureFunctionOktaSSO_V2/AzureFunctionOktaSSO/run.ps1 x: 167 lines of code y: 24 # changes Solutions/Okta Single Sign-On/Hunting Queries/AdminPrivilegeGrant.yaml x: 37 lines of code y: 80 # changes Solutions/Okta Single Sign-On/Hunting Queries/LoginFromMultipleLocations.yaml x: 68 lines of code y: 60 # changes Solutions/Okta Single Sign-On/Hunting Queries/RareMFAOperation.yaml x: 42 lines of code y: 80 # changes Solutions/OneLoginIAM/Parsers/OneLogin.yaml x: 589 lines of code y: 46 # changes Solutions/OracleWebLogicServer/Parsers/OracleWebLogicServerEvent.yaml x: 79 lines of code y: 58 # changes Solutions/PDNS Block Data Connector/DataConnectors/block-data-connector/__init__.py x: 101 lines of code y: 36 # changes Solutions/ProofPointTap/Data Connectors/AzureFunctionProofpointTAP/run.ps1 x: 155 lines of code y: 54 # changes Solutions/Proofpoint On demand(POD) Email Security/Analytic Rules/ProofpointPODEmailSenderIPinTIList.yaml x: 60 lines of code y: 28 # changes Solutions/Qualys VM Knowledgebase/Data Connectors/AzureFunctionQualysKB/run.ps1 x: 262 lines of code y: 86 # changes Solutions/Rapid7InsightVM/Data Connectors/InsightVMCloudAPISentinelConnector/__init__.py x: 218 lines of code y: 92 # changes Solutions/Salesforce Service Cloud/Parsers/SalesforceServiceCloud.yaml x: 227 lines of code y: 34 # changes Solutions/SecurityThreatEssentialSolution/Analytic Rules/PossibleAiTMPhishingAttemptAgainstAAD.yaml x: 65 lines of code y: 93 # changes Solutions/SecurityThreatEssentialSolution/Analytic Rules/Threat_Essentials_MultipleAdmin_membership_removals_from_NewAdmin.yaml x: 72 lines of code y: 65 # changes Solutions/TenableAD/Parsers/afad_parser.yaml x: 117 lines of code y: 34 # changes Solutions/Threat Intelligence/Hunting Queries/FileEntity_OfficeActivity.yaml x: 63 lines of code y: 103 # changes Solutions/Threat Intelligence/Hunting Queries/FileEntity_SecurityEvent.yaml x: 74 lines of code y: 103 # changes Solutions/Training/Azure-Sentinel-Training-Lab/Artifacts/Scripts/IngestCSV.ps1 x: 181 lines of code y: 56 # changes Solutions/Trend Micro Apex One/Parsers/TMApexOneEvent.yaml x: 79 lines of code y: 34 # changes Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/shared_code/utils.py x: 71 lines of code y: 70 # changes Solutions/UEBA Essentials/Hunting Queries/Anomalous Failed Logon.yaml x: 46 lines of code y: 55 # changes Solutions/UEBA Essentials/Hunting Queries/newAccountAddedToAdminGroup.yaml x: 22 lines of code y: 88 # changes Solutions/Ubiquiti UniFi/Parsers/UbiquitiAuditEvent.yaml x: 183 lines of code y: 34 # changes Solutions/Vectra AI Stream/Parsers/VectraStream_function.yaml x: 460 lines of code y: 34 # changes Solutions/Vectra XDR/Data Connectors/VectraDataConnector/EntityScoring/__init__.py x: 79 lines of code y: 41 # changes Solutions/Vectra XDR/Data Connectors/VectraDataConnector/SharedCode/logger.py x: 12 lines of code y: 40 # changes Solutions/Web Session Essentials/Analytic Rules/DiscordCDNRiskyFileDownload.yaml x: 90 lines of code y: 40 # changes Solutions/Web Session Essentials/Analytic Rules/ThreatInfoFoundInWebRequests.yaml x: 90 lines of code y: 35 # changes Solutions/Web Session Essentials/Hunting Queries/EmptyUserAgent.yaml x: 65 lines of code y: 38 # changes Solutions/Web Session Essentials/Hunting Queries/IPAddressInURL.yaml x: 55 lines of code y: 35 # changes Solutions/Windows Security Events/Hunting Queries/CustomUserList_FailedLogons.yaml x: 95 lines of code y: 44 # changes Solutions/Windows Security Events/Hunting Queries/DecoyUserAccountAuthenticationAttempt.yaml x: 41 lines of code y: 68 # changes Solutions/Windows Security Events/Hunting Queries/powershell_newencodedscipts.yaml x: 64 lines of code y: 47 # changes Solutions/Windows Server DNS/Analytic Rules/DNS_HighReverseDNSCount_detection.yaml x: 31 lines of code y: 64 # changes Solutions/Windows Server DNS/Hunting Queries/DNS_HighPercentNXDomainCount.yaml x: 100 lines of code y: 62 # changes Solutions/ZeroNetworks/Playbooks/ZeroNetworksConnector/ZeroNetworks-swagger.yaml x: 379 lines of code y: 28 # changes Solutions/ZoomReports/Data Connectors/ZoomSentinelConnector/__init__.py x: 299 lines of code y: 58 # changes Tools/Archive-Log-Tool/ArchiveLogsTool-PowerShell/Configure-Long-Term-Retention.ps1 x: 510 lines of code y: 114 # changes Tools/Create-Azure-Sentinel-Solution/V2/createSolutionV2.ps1 x: 2512 lines of code y: 255 # changes Tools/Playbook-ARM-Template-Generator/src/Playbook_ARM_Template_Generator.ps1 x: 526 lines of code y: 40 # changes Tools/Sentinel-All-In-One/v1/Powershell/SentinelallInOne.ps1 x: 383 lines of code y: 27 # changes Tools/Sentinel-All-In-One/v2/Scripts/EnableRules.ps1 x: 276 lines of code y: 44 # changes Hunting Queries/Microsoft 365 Defender/Email Queries/ZAP/Total ZAP Count.yaml x: 20 lines of code y: 1 # changes Solutions/Radiflow/Analytic Rules/RadiflowUnauthorizedCommandInOperationalDevice.yaml x: 33 lines of code y: 1 # changes Tools/Create-Azure-Sentinel-Solution/createSolution.ps1 x: 1314 lines of code y: 162 # changes ASIM/lib/functions/ASIM_Enrich_IdentityInfo.yaml x: 100 lines of code y: 39 # changes Hunting Queries/AzureActivity/Anomalous_Listing_Of_Storage_Keys.yaml x: 3 lines of code y: 114 # changes Hunting Queries/DnsEvents/DNS_FullNameAnomalousLookupIncrease.yaml x: 4 lines of code y: 95 # changes Hunting Queries/MultipleDataSources/Dev-0056CommandLineActivityNovember2021.yaml x: 4 lines of code y: 68 # changes Hunting Queries/MultipleDataSources/SolarWindsInventory.yaml x: 4 lines of code y: 120 # changes Hunting Queries/SecurityEvent/DecoyUserAccountAuthenticationAttempt.yaml x: 4 lines of code y: 63 # changes Hunting Queries/SecurityEvent/RareProcessWithCmdLine.yaml x: 4 lines of code y: 74 # changes Hunting Queries/Syslog/Apache_log4j_Vulnerability.yaml x: 4 lines of code y: 85 # changes Hunting Queries/Syslog/SCXExecuteRunAsProviders.yaml x: 4 lines of code y: 42 # changes Parsers/ASimAuditEvent/Parsers/ASimAuditEventAzureAdminActivity.yaml x: 155 lines of code y: 49 # changes Parsers/ASimAuditEvent/Parsers/vimAuditEventMicrosoftExchangeAdmin365.yaml x: 191 lines of code y: 46 # changes Parsers/ASimDns/Parsers/vimDnsNative.yaml x: 103 lines of code y: 109 # changes Parsers/ASimDns/Parsers/vimDnsZscalerZIA.yaml x: 132 lines of code y: 66 # changes Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionAppGateSDP.yaml x: 158 lines of code y: 78 # changes Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionCheckPointFirewall.yaml x: 268 lines of code y: 71 # changes Parsers/ASimNetworkSession/Parsers/vimNetworkSessionCheckPointFirewall.yaml x: 325 lines of code y: 70 # changes Parsers/ASimNetworkSession/Parsers/vimNetworkSessionMicrosoftLinuxSysmon.yaml x: 204 lines of code y: 130 # changes Parsers/ASimNetworkSession/Parsers/vimNetworkSessionzScalerZIA.yaml x: 168 lines of code y: 117 # changes Parsers/ASimWebSession/Parsers/ASimWebSessionzScalerZIA.yaml x: 123 lines of code y: 118 # changes Parsers/ASimWebSession/Parsers/vimWebSessionEmpty.yaml x: 179 lines of code y: 110 # changes Parsers/ASimWebSession/Parsers/vimWebSessionzScalerZIA.yaml x: 194 lines of code y: 126 # changes Solutions/Amazon Web Services/Hunting Queries/AWS_ModificationofSubnetAttributes.yaml x: 19 lines of code y: 42 # changes Solutions/Cloudflare/Analytic Rules/CloudflareUnexpectedRequest.yaml x: 32 lines of code y: 99 # changes Solutions/CohesitySecurity/build_one_solution.ps1 x: 1315 lines of code y: 30 # changes Solutions/1Password/Analytics Rules/1Password - Manual Account Creation.yaml x: 55 lines of code y: 1 # changes ASIM/lib/functions/ASIM_GetDisabledParsers.yaml x: 22 lines of code y: 38 # changes ASIM/lib/functions/ASIM_LookupDnsQueryType.yaml x: 117 lines of code y: 38 # changes ASIM/lib/functions/ASIM_LookupDnsResponseCode.yaml x: 50 lines of code y: 38 # changes ASIM/lib/functions/ASIM_LookupNetworkProtocol.yaml x: 176 lines of code y: 38 # changes ASIM/lib/functions/ASIM_ResolveDnsQueryType.yaml x: 120 lines of code y: 69 # changes ASIM/lib/functions/ASIM_ResolveDstFQDN.yaml x: 26 lines of code y: 69 # changes ASIM/lib/functions/ASIM_ResolveICMPType.yaml x: 78 lines of code y: 69 # changes ASIM/lib/functions/ASIM_ResolveNetworkProtocol.yaml x: 179 lines of code y: 69 # changes DataConnectors/AADUserInfo/AADUserInfo/run.ps1 x: 78 lines of code y: 22 # changes DataConnectors/AADUserInfo/requirements.psd1 x: 7 lines of code y: 22 # changes DataConnectors/AWS-CloudTrail-AzureFunction/AzFunAWSCloudTrailLogsIngestion/__init__.py x: 378 lines of code y: 18 # changes DataConnectors/AWS-CloudTrail-Ingestion-Lambda/SNS-Lambda-Trigger/IngestCloudTrailEventsToSentinel.ps1 x: 314 lines of code y: 23 # changes DataConnectors/AWS-S3-AzureFunction/AzFun-AWS-S3-Ingestion/__init__.py x: 512 lines of code y: 34 # changes DataConnectors/AWS-S3/Utils/HelperFunctions.ps1 x: 227 lines of code y: 40 # changes DataConnectors/AzureStorage/GetAzureStorageLogsFunction.cs x: 327 lines of code y: 10 # changes DataConnectors/DocuSign-SecurityEvents/Application_Consent.ps1 x: 63 lines of code y: 22 # changes DataConnectors/Duo Security/AzureFunctionDuoSecurity/run.ps1 x: 250 lines of code y: 38 # changes DataConnectors/Fluentd-VMSS/plugin/cef_version_0_keys.yaml x: 166 lines of code y: 8 # changes DataConnectors/Fluentd-VMSS/plugin/out_remote_syslog-as.rb x: 132 lines of code y: 8 # changes DataConnectors/Fluentd-VMSS/plugin/parser_cef-as.rb x: 203 lines of code y: 8 # changes DataConnectors/GithubFunction/AzureFunctionGitHub/requirements.psd1 x: 6 lines of code y: 19 # changes DataConnectors/JSON-Import/dotnet_loganalytics_json_import/Program.cs x: 43 lines of code y: 8 # changes DataConnectors/JumpCloud Single Sign On/AzureFunctionJumpCloud/JCQueueTrigger1/run.ps1 x: 133 lines of code y: 14 # changes DataConnectors/JumpCloud Single Sign On/AzureFunctionJumpCloud/JCTimerTrigger/run.ps1 x: 36 lines of code y: 14 # changes DataConnectors/JumpCloud Single Sign On/AzureFunctionJumpCloud/requirements.psd1 x: 8 lines of code y: 14 # changes DataConnectors/MCASActivityFunction/AzureFunctionMCASActivity/MCASActivityTimerTrigger/run.ps1 x: 304 lines of code y: 47 # changes DataConnectors/MCASActivityFunction/AzureFunctionMCASActivity/requirements.psd1 x: 7 lines of code y: 42 # changes DataConnectors/O365 Data/O365APItoAS-Template/TimerTrigger/modules/Write-OMSLogfile.ps1 x: 126 lines of code y: 8 # changes DataConnectors/O365 Data/O365APItoAS-Template/profile.ps1 x: 18 lines of code y: 8 # changes DataConnectors/O365 Data/O365APItoAS-Template/requirements.psd1 x: 6 lines of code y: 8 # changes DataConnectors/O365 DataCSharp/Teams.CustomConnector.Common/Constants.cs x: 57 lines of code y: 8 # changes DataConnectors/O365 DataCSharp/Teams.CustomConnector.Common/ExponentialBackoff.cs x: 35 lines of code y: 8 # changes DataConnectors/O365 DataCSharp/Teams.CustomConnector.Models/Errors.cs x: 12 lines of code y: 8 # changes DataConnectors/O365 DataCSharp/Teams.CustomConnector.Sentinel/AzureLogAnalyticsConnector.cs x: 67 lines of code y: 8 # changes DataConnectors/O365 DataCSharp/Teams.CustomConnector.Serverless/EgressTeamsLogs.cs x: 102 lines of code y: 8 # changes DataConnectors/Okta Single Sign-On/AzureFunctionOktaSSO_V2/AzureFunctionOktaSSO/run.ps1 x: 167 lines of code y: 42 # changes DataConnectors/Okta Single Sign-On/AzureFunctionOktaSSO_V2/profile.ps1 x: 18 lines of code y: 13 # changes DataConnectors/Okta Single Sign-On/AzureFunctionOktaSSO_V2/requirements.psd1 x: 8 lines of code y: 13 # changes DataConnectors/OneLogin/profile.ps1 x: 18 lines of code y: 7 # changes DataConnectors/Qualys VM/AzureFunctionQualysVM/run.ps1 x: 212 lines of code y: 50 # changes DataConnectors/S3-Lambda/S3toSentinel.ps1 x: 227 lines of code y: 15 # changes DataConnectors/Templates/Connector_REST_API_AzureFunctionApp_template/Template_REST_API_AzureFunction_App_Code/Template_REST_API_Function_App_PowerShell/Template_REST_API_Function_App_PowerShell.ps1 x: 119 lines of code y: 37 # changes DataConnectors/microsoft-logstash-output-azure-loganalytics/lib/logstash/logAnalyticsClient/logstashLoganalyticsConfiguration.rb x: 115 lines of code y: 10 # changes Detections/AzureDevOpsAuditing/ADOPipelineModifiedbyNewUser.yaml x: 4 lines of code y: 119 # changes Detections/AzureDevOpsAuditing/ADORetentionReduced.yaml x: 4 lines of code y: 38 # changes Exploration Queries/InputEntity_Account/Acc2Host_HostWithMostFails.yaml x: 83 lines of code y: 91 # changes Hunting Queries/AuditLogs/UserGrantedAccess_AllAuditActivity.yaml x: 90 lines of code y: 65 # changes Hunting Queries/GitHub/Oauth App Restrictions Disabled.yaml x: 15 lines of code y: 63 # changes Hunting Queries/GitHub/Org Repositories Default Permissions Change.yaml x: 15 lines of code y: 40 # changes Hunting Queries/GitHub/Repository Permission Switched to Public.yaml x: 15 lines of code y: 58 # changes Hunting Queries/Microsoft 365 Defender/Campaigns/KNOTWEED/KNOTWEED-AVDetections.yaml x: 18 lines of code y: 55 # changes Hunting Queries/Microsoft 365 Defender/Campaigns/fireeye-red-team-tools-HASHs [Nobelium].yaml x: 335 lines of code y: 25 # changes Hunting Queries/Microsoft 365 Defender/Execution/detect-office-apps-spawn-msdt-CVE-2022-30190.yaml x: 23 lines of code y: 33 # changes Hunting Queries/Microsoft 365 Defender/Ransomware/ASR--Rule-Ransomware-triggered.yaml x: 31 lines of code y: 32 # changes Hunting Queries/MultipleDataSources/SQLAlertCorrelationwithCommonSecurityLogsandAuditLogs.yaml x: 56 lines of code y: 17 # changes Hunting Queries/MultipleDataSources/StorageAccountKeyEnumerationWithSigninandAuditlogs.yaml x: 58 lines of code y: 31 # changes Hunting Queries/SigninLogs/SmartLockouts.yaml x: 26 lines of code y: 19 # changes Hunting Queries/SigninLogs/UserAccountsMeasurableincreaseofsuccessfulsignins.yaml x: 66 lines of code y: 33 # changes Hunting Queries/ZoomLogs/HighCPURoom.yaml x: 35 lines of code y: 79 # changes Parsers/ASimDns/Parsers/ASimDnsAzureFirewall.yaml x: 110 lines of code y: 33 # changes Parsers/ASimDns/Parsers/ASimDnsCorelightZeek.yaml x: 204 lines of code y: 65 # changes Parsers/ASimDns/Parsers/ASimDnsMicrosoftOMS.yaml x: 206 lines of code y: 59 # changes Parsers/ASimDns/Parsers/vimDnsAzureFirewall.yaml x: 189 lines of code y: 33 # changes Parsers/ASimDns/Parsers/vimDnsCiscoUmbrella.yaml x: 108 lines of code y: 35 # changes Parsers/ASimDns/Parsers/vimDnsCorelightZeek.yaml x: 256 lines of code y: 65 # changes Parsers/ASimDns/Parsers/vimDnsEmpty.yaml x: 173 lines of code y: 66 # changes Parsers/ASimDns/Parsers/vimDnsMicrosoftOMS.yaml x: 256 lines of code y: 59 # changes Parsers/ASimNetworkSession/ASimNetworkSessionV1/ProductParsers/NetworkSessionCiscoASA.yaml x: 37 lines of code y: 39 # changes Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionAWSVPC.yaml x: 230 lines of code y: 68 # changes Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionAzureFirewall.yaml x: 99 lines of code y: 54 # changes Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionCorelightZeek.yaml x: 129 lines of code y: 48 # changes Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionMicrosoftLinuxSysmon.yaml x: 120 lines of code y: 97 # changes Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionVMConnection.yaml x: 153 lines of code y: 83 # changes Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionVectraAI.yaml x: 134 lines of code y: 39 # changes Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionWatchGuardFirewareOS.yaml x: 130 lines of code y: 31 # changes Parsers/ASimNetworkSession/Parsers/vimNetworkSessionAzureNSG.yaml x: 155 lines of code y: 76 # changes Parsers/ASimNetworkSession/Parsers/vimNetworkSessionEmpty.yaml x: 164 lines of code y: 71 # changes Parsers/ASimNetworkSession/Parsers/vimNetworkSessionMD4IoTSensor.yaml x: 137 lines of code y: 24 # changes Parsers/ASimNetworkSession/Parsers/vimNetworkSessionVectraAI.yaml x: 196 lines of code y: 39 # changes Parsers/ASimProcessEvent/Parsers/ASimProcessCreateMicrosoftSecurityEvents.yaml x: 106 lines of code y: 51 # changes Parsers/ASimProcessEvent/Parsers/ASimProcessEventMicrosoft365D.yaml x: 93 lines of code y: 71 # changes Parsers/ASimProcessEvent/Parsers/vimProcessCreateMD4IoT.yaml x: 123 lines of code y: 38 # changes Parsers/ASimProcessEvent/Parsers/vimProcessCreateMicrosoftSecurityEvents.yaml x: 184 lines of code y: 65 # changes Parsers/ASimProcessEvent/Parsers/vimProcessEventMD4IoT.yaml x: 122 lines of code y: 54 # changes Parsers/ASimProcessEvent/Parsers/vimProcessTerminateLinuxSysmon.yaml x: 117 lines of code y: 52 # changes Parsers/ASimWebSession/Parsers/vimWebSessionSquidProxy.yaml x: 141 lines of code y: 101 # changes Parsers/PAN_Parser.csl x: 78 lines of code y: 63 # changes Playbooks/PaloAlto-Wildfire/XMLResponse.xml x: 9 lines of code y: 16 # changes Playbooks/Resolve-McasInfrequentCountryAlerts/Deploy.ps1 x: 5 lines of code y: 10 # changes Solutions/AWSAthena/Playbooks/CustomConnector/AWSAthena_FunctionAppConnector/GetQueryResults/__init__.py x: 78 lines of code y: 29 # changes Solutions/AWSAthena/Playbooks/CustomConnector/AWSAthena_FunctionAppConnector/ListDatabases/__init__.py x: 68 lines of code y: 29 # changes Solutions/AbnormalSecurity/Data Connectors/SentinelFunctionsOrchestrator/sentinel_connector_async.py x: 96 lines of code y: 18 # changes Solutions/Agari/Data Connectors/AzureFunctionAgari/run.ps1 x: 451 lines of code y: 18 # changes Solutions/Agari/Data Connectors/requirements.psd1 x: 7 lines of code y: 18 # changes Solutions/Alibaba Cloud/DataConnectors/AliCloudSentinelConnector/__init__.py x: 145 lines of code y: 51 # changes Solutions/Auth0/Data Connectors/Auth0Connector/sentinel_connector.py x: 90 lines of code y: 31 # changes Solutions/Bitglass/Data Connectors/BitglassSentinelConnector/__init__.py x: 194 lines of code y: 19 # changes Solutions/Box/Analytic Rules/BoxAbnormalUserActivity.yaml x: 54 lines of code y: 74 # changes Solutions/Box/Data Connectors/AzureFunctionBox/sentinel_connector.py x: 98 lines of code y: 20 # changes Solutions/Cisco Secure Endpoint/Data Connectors/AzureFunctionCiscoSecureEndpoint/sentinel_connector.py x: 100 lines of code y: 33 # changes Solutions/CiscoUmbrella/Hunting Queries/CiscoUmbrellaPossibleConnectionC2.yaml x: 18 lines of code y: 38 # changes Solutions/EatonForeseer/Analytic Rules/EatonUnautorizedLogins.yaml x: 57 lines of code y: 43 # changes Solutions/GoogleWorkspaceReports/Analytic Rules/GWorkspaceApiAccessToNewClient.yaml x: 30 lines of code y: 58 # changes Solutions/ImpervaCloudWAF/Analytic Rules/ImpervaMaliciousClient.yaml x: 35 lines of code y: 58 # changes Solutions/IronNet IronDefense/Analytic Rules/IronDefense_Detection_Query.yaml x: 63 lines of code y: 67 # changes Solutions/LastPass/Analytic Rules/HighlySensitivePasswordAccessed.yaml x: 44 lines of code y: 65 # changes Solutions/Lookout/Data Connectors/LookoutAPISentinelConnector/__init__.py x: 92 lines of code y: 37 # changes Solutions/MaturityModelForEventLogManagementM2131/Analytic Rules/M2131RecommendedDatatableUnhealthy.yaml x: 90 lines of code y: 68 # changes Solutions/MaturityModelForEventLogManagementM2131/Hunting Queries/M2131RecommendedDatatableNotLoggedEL0.yaml x: 90 lines of code y: 50 # changes Solutions/Neustar IP GeoPoint/Playbooks/NeustarIPGeoPoint_FunctionAppConnector/GetIPGeoInfo/__init__.py x: 71 lines of code y: 30 # changes Solutions/PaloAltoPrismaCloud/Data Connectors/AzureFunctionPrismaCloud/main.py x: 193 lines of code y: 57 # changes Solutions/PaloAltoPrismaCloud/Hunting Queries/PaloAltoPrismaCloudTopResources.yaml x: 25 lines of code y: 23 # changes Solutions/SecurityScorecard Cybersecurity Ratings/Data Connectors/SecurityScorecardFactor/SecurityScorecardFactorSentinelConnector/__init__.py x: 202 lines of code y: 27 # changes Solutions/SecurityScorecard Cybersecurity Ratings/Data Connectors/SecurityScorecardFactor/SecurityScorecardFactorSentinelConnector/writers.py x: 188 lines of code y: 27 # changes Solutions/SecurityScorecard Cybersecurity Ratings/Data Connectors/SecurityScorecardIssue/SecurityScorecardIssueSentinelConnector/__init__.py x: 184 lines of code y: 27 # changes Solutions/SecurityScorecard Cybersecurity Ratings/Data Connectors/SecurityScorecardIssue/SecurityScorecardIssueSentinelConnector/writers.py x: 177 lines of code y: 27 # changes Solutions/SentinelOne/Data Connectors/SentinelOneSentinelConnector/__init__.py x: 173 lines of code y: 33 # changes Solutions/SlackAudit/Analytic Rules/SlackAuditEmptyUA.yaml x: 29 lines of code y: 75 # changes Solutions/SlackAudit/Data Connectors/SlackAuditAPISentinelConnector/__init__.py x: 278 lines of code y: 20 # changes Solutions/Snowflake/Data Connectors/AzureFunctionSnowflake/main.py x: 187 lines of code y: 19 # changes Solutions/Synack/Integrations/AzureFunctionSynack/azure-service.js x: 173 lines of code y: 44 # changes Solutions/Synack/Integrations/AzureFunctionSynack/synack-service.js x: 111 lines of code y: 44 # changes Solutions/Synack/Integrations/AzureFunctionSynack/sync-service.js x: 220 lines of code y: 44 # changes Solutions/TenableIO/Data Connectors/TenableExportStarter/__init__.py x: 117 lines of code y: 16 # changes Solutions/TenableIO/Data Connectors/TenableGenerateJobStats/__init__.py x: 136 lines of code y: 16 # changes Solutions/TenableIO/Data Connectors/TenableProcessAssetChunkFromQueue/__init__.py x: 68 lines of code y: 32 # changes Solutions/TenableIO/Data Connectors/TenableProcessVulnChunkFromQueue/__init__.py x: 71 lines of code y: 32 # changes Solutions/TenableIO/Data Connectors/TenableStartVulnExportJob/__init__.py x: 11 lines of code y: 32 # changes Solutions/TenableIO/Data Connectors/tenable_helper.py x: 87 lines of code y: 58 # changes Solutions/TheHive/Data Connectors/TheHiveWebhooksTrigger/__init__.py x: 80 lines of code y: 20 # changes Solutions/Trend Micro Cloud App Security/Data Connectors/TrendMicroCASSentinelConnector/__init__.py x: 183 lines of code y: 21 # changes Tools/Az.SecurityInsights-Samples/Alert Rules/Import Analytics Rules/importAzureSentinelRules.ps1 x: 164 lines of code y: 32 # changes Tools/Az.SecurityInsights-Samples/Alert Rules/Import GitHub YAML rules/ImportGitHubYAMLrules.ps1 x: 158 lines of code y: 23 # changes Tools/AzureDataExplorer/CreateTables_ADX/Create-LA-Tables-ADX.ps1 x: 318 lines of code y: 16 # changes Tools/AzureDataExplorer/Migrate-LA-to-ADX.ps1 x: 613 lines of code y: 56 # changes Tools/AzureDataExplorer/Pipeline/Migrate-LA-to-ADX-Pipeline.ps1 x: 611 lines of code y: 17 # changes Tools/Create-Azure-Sentinel-Solution/arm-ttk/download-arm-ttk.ps1 x: 15 lines of code y: 47 # changes Tools/ParameterizedFunction/AuditEventDataLookup_Func.ps1 x: 136 lines of code y: 10 # changes Tools/PowerShell/Add-PlaybooksToSentinel/Add-PlaybooksToSentinel.ps1 x: 136 lines of code y: 8 # changes Tools/RDAP/RDAPQuery/RDAPQuery/LogAnalytics.cs x: 159 lines of code y: 20 # changes Tools/RDAP/RDAPQuery/RDAPQuery/QueryEngine.cs x: 206 lines of code y: 20 # changes Tools/Sample-Data-Ingest-Tool/SampleDataIngestTool/SampleDataPath.cs x: 26 lines of code y: 8 # changes Tools/UploadToBlobLookupTables/UploadToBlobLookupTables/requirements.psd1 x: 6 lines of code y: 6 # changes Tutorials/Microsoft 365 Defender/Webcasts/Airlift 2021 - Lets Invoke.csl x: 415 lines of code y: 19 # changes Watchlists/UpdateCloudIPs/AzureFunctionUpdateCloudIPs/UpdateCloudIPs/run.ps1 x: 529 lines of code y: 23 # changes Watchlists/UpdateCloudIPs/AzureFunctionUpdateCloudIPs/requirements.psd1 x: 8 lines of code y: 19 # changes Parsers/ASimAuthentication/Parsers/ASimAuthenticationCiscoIse.yaml x: 257 lines of code y: 4 # changes Parsers/ASimAuthentication/Parsers/vimAuthenticationCiscoIse.yaml x: 352 lines of code y: 4 # changes Solutions/Bitglass/Analytic Rules/BitglassUserLoginNewGeoLocation.yaml x: 39 lines of code y: 42 # changes Solutions/AtlassianJiraAudit/Hunting Queries/JiraBlockedTasks.yaml x: 25 lines of code y: 14 # changes Solutions/Lookout/Data Connectors/LookoutAPISentinelConnector/mes_request.py x: 186 lines of code y: 29 # changes Solutions/Digital Shadows/Data Connectors/Digital shadows/DigitalShadowsConnectorAzureFunction/AS_api.py x: 39 lines of code y: 1 # changes Solutions/Digital Shadows/Data Connectors/Digital shadows/DigitalShadowsConnectorAzureFunction/AS_poller.py x: 2 lines of code y: 1 # changes Solutions/Digital Shadows/Data Connectors/Digital shadows/DigitalShadowsConnectorAzureFunction/DS_api.py x: 98 lines of code y: 1 # changes Solutions/Digital Shadows/Data Connectors/Digital shadows/DigitalShadowsConnectorAzureFunction/DS_poller.py x: 140 lines of code y: 1 # changes Solutions/Digital Shadows/Data Connectors/Digital shadows/DigitalShadowsConnectorAzureFunction/__init__.py x: 27 lines of code y: 1 # changes Solutions/Digital Shadows/Data Connectors/Digital shadows/DigitalShadowsConnectorAzureFunction/state_serializer.py x: 73 lines of code y: 1 # changes Detections/OfficeActivity/External User Added to Team and Immediately Uploads File.yaml x: 5 lines of code y: 3 # changes Detections/AWSGuardDuty/AWS_GuardDuty_template.YAML x: 4 lines of code y: 2 # changes
316.0
# changes
  min: 1.0
  average: 50.18
  25th percentile: 25.0
  median: 38.0
  75th percentile: 67.0
  max: 316.0
0 3543.0
lines of code
min: 1.0 | average: 63.97 | 25th percentile: 23.0 | median: 37.0 | 75th percentile: 69.0 | max: 3543.0

Number of Contributors vs. Number of Changes: 6180 points

Solutions/Threat Intelligence (NEW)/Analytic Rules/DomainEntity_CloudAppEvents_Updated.yaml x: 7 # contributors y: 7 # changes Solutions/Threat Intelligence (NEW)/Analytic Rules/EmailEntity_AzureActivity.yaml x: 8 # contributors y: 10 # changes Solutions/Threat Intelligence (NEW)/Analytic Rules/imDns_DomainEntity_DnsEvents.yaml x: 8 # contributors y: 9 # changes Solutions/CiscoASA/Analytic Rules/CiscoASA-AvgAttackDetectRateIncrease.yaml x: 53 # contributors y: 67 # changes DataConnectors/AWS-S3/Utils/CommonAwsPolicies.ps1 x: 86 # contributors y: 100 # changes Solutions/AtlassianConfluenceAudit/Parsers/ConfluenceAudit.yaml x: 36 # contributors y: 40 # changes Solutions/AzureDevOpsAuditing/Analytic Rules/ADOAgentPoolCreatedDeleted.yaml x: 65 # contributors y: 89 # changes Solutions/AzureDevOpsAuditing/Analytic Rules/ADOMaliciousToolingDetections1.yaml x: 43 # contributors y: 65 # changes Solutions/AzureDevOpsAuditing/Analytic Rules/ADONewExtensionAdded.yaml x: 62 # contributors y: 75 # changes Solutions/AzureDevOpsAuditing/Analytic Rules/ADOPATUsedWithBrowser.yaml x: 75 # contributors y: 96 # changes Solutions/AzureDevOpsAuditing/Analytic Rules/ADOPipelineModifiedbyNewUser.yaml x: 75 # contributors y: 107 # changes Solutions/AzureDevOpsAuditing/Analytic Rules/ADOVariableModifiedByNewUser.yaml x: 73 # contributors y: 97 # changes Solutions/AzureDevOpsAuditing/Analytic Rules/AzDOAdminGroupAdditions.yaml x: 71 # contributors y: 89 # changes Solutions/AzureDevOpsAuditing/Analytic Rules/AzDOHistoricPrPolicyBypassing.yaml x: 77 # contributors y: 107 # changes Solutions/AzureDevOpsAuditing/Analytic Rules/AzDOHistoricServiceConnectionAdds.yaml x: 73 # contributors y: 103 # changes Solutions/AzureDevOpsAuditing/Analytic Rules/AzDOPatSessionMisuse.yaml x: 70 # contributors y: 89 # changes Solutions/AzureDevOpsAuditing/Analytic Rules/AzDOPipelineCreatedDeletedOneDay.yaml x: 64 # contributors y: 89 # changes Solutions/AzureDevOpsAuditing/Analytic Rules/ExternalUpstreamSourceAddedtoAzureDevOpsFeed.yaml x: 61 # contributors y: 75 # changes Solutions/AzureDevOpsAuditing/Analytic Rules/NewAgentAddedToPoolbyNewUserorofNewOS.yaml x: 72 # contributors y: 97 # changes Solutions/AzureDevOpsAuditing/Analytic Rules/NewPAPCAPCASaddedtoADO.yaml x: 67 # contributors y: 100 # changes Solutions/AzureDevOpsAuditing/Hunting Queries/ADOBuildCheckDeleted.yaml x: 65 # contributors y: 83 # changes Solutions/AzureDevOpsAuditing/Hunting Queries/ADOBuildDeletedAfterPipelineMod.yaml x: 48 # contributors y: 56 # changes Solutions/AzureDevOpsAuditing/Hunting Queries/Addtional Org Admin Added.yaml x: 33 # contributors y: 31 # changes Solutions/AzureDevOpsAuditing/Hunting Queries/EntraID Conditional Access Disabled.yaml x: 33 # contributors y: 34 # changes Solutions/AzureDevOpsAuditing/Parsers/ADOAuditLogs.yaml x: 5 # contributors y: 6 # changes Solutions/ImpervaCloudWAF/Data Connectors/ImpervaWAFCloudSentinelConnector/__init__.py x: 91 # contributors y: 113 # changes Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - Audit logging disabled.yaml x: 13 # contributors y: 22 # changes Solutions/Microsoft Entra ID/Analytic Rules/AnomalousUserAppSigninLocationIncrease-detection.yaml x: 47 # contributors y: 71 # changes Solutions/Microsoft Entra ID/Analytic Rules/DistribPassCrackAttempt.yaml x: 42 # contributors y: 51 # changes Solutions/Network Session Essentials/Analytic Rules/NetworkPortSweepFromExternalNetwork.yaml x: 75 # contributors y: 86 # changes Solutions/QualysVM/Data Connectors/AzureFunctionQualysVM_V2/run.ps1 x: 31 # contributors y: 34 # changes Solutions/QualysVM/Parsers/QualysHostDetection.yaml x: 35 # contributors y: 39 # changes Solutions/SAP ETD Cloud/Analytic Rules/SAPETD-LoginFromUnexpectedNetwork.yaml x: 19 # contributors y: 26 # changes Solutions/Samsung Knox Asset Intelligence/Analytic Rules/SamsungKnoxApplicationPrivilegeEscalationOrChange.yaml x: 23 # contributors y: 27 # changes Solutions/Semperis Directory Services Protector/Analytic Rules/SemperisDSP_EvidenceOfMimikatzDCShadowAttack.yaml x: 57 # contributors y: 76 # changes Solutions/Semperis Directory Services Protector/Analytic Rules/SemperisDSP_KerberoskrbtgtAccount.yaml x: 65 # contributors y: 91 # changes Solutions/Semperis Directory Services Protector/Analytic Rules/SemperisDSP_RecentsIDHistoryChangesOnADObjects.yaml x: 66 # contributors y: 91 # changes Solutions/Semperis Directory Services Protector/Analytic Rules/Semperis_DSP_Failed_Logons.yaml x: 67 # contributors y: 86 # changes Solutions/Semperis Directory Services Protector/Parsers/dsp_parser.yaml x: 43 # contributors y: 49 # changes Solutions/Threat Intelligence (NEW)/Analytic Rules/DomainEntity_CommonSecurityLog.yaml x: 6 # contributors y: 5 # changes Solutions/Threat Intelligence (NEW)/Analytic Rules/DomainEntity_DnsEvents.yaml x: 7 # contributors y: 9 # changes Solutions/Threat Intelligence (NEW)/Analytic Rules/IPEntity_imNetworkSession.yaml x: 7 # contributors y: 5 # changes Solutions/Threat Intelligence (NEW)/Analytic Rules/imDns_IPEntity_DnsEvents.yaml x: 7 # contributors y: 8 # changes Solutions/Threat Intelligence/Analytic Rules/IPEntity_CustomSecurityLog.yaml x: 102 # contributors y: 135 # changes Solutions/Threat Intelligence/Analytic Rules/IPEntity_imWebSession.yaml x: 105 # contributors y: 139 # changes Solutions/WithSecureElementsViaFunction/Data Connectors/WithSecureElementsAzureFunction/function_app.py x: 29 # contributors y: 32 # changes Solutions/WithSecureElementsViaFunction/Data Connectors/WithSecureElementsAzureFunction/lib/withsecure_client.py x: 29 # contributors y: 33 # changes Tools/Create-Azure-Sentinel-Solution/arm-ttk/run-arm-ttk-in-automation.ps1 x: 30 # contributors y: 27 # changes Tools/Create-Azure-Sentinel-Solution/common/commonFunctions.ps1 x: 133 # contributors y: 280 # changes Tools/Create-Azure-Sentinel-Solution/common/createCCPConnector.ps1 x: 50 # contributors y: 104 # changes DataConnectors/AWS-S3/ConfigCloudTrailDataConnector.ps1 x: 89 # contributors y: 105 # changes DataConnectors/AWS-S3/ConfigCloudWatchDataConnector.ps1 x: 65 # contributors y: 86 # changes DataConnectors/AWS-S3/ConfigGuardDutyDataConnector.ps1 x: 100 # contributors y: 116 # changes DataConnectors/AWS-S3/Utils/AwsPoliciesUpdate.ps1 x: 32 # contributors y: 40 # changes DataConnectors/AWS-S3/Utils/AwsResourceCreator.ps1 x: 91 # contributors y: 115 # changes DataConnectors/AWS-S3/Utils/AwsSentinelTag.ps1 x: 26 # contributors y: 32 # changes DataConnectors/GCP/Terraform/sentinel_resources_creation/GCPCDNLogsSetup/GCPCDNLogSetup.tf x: 9 # contributors y: 11 # changes DataConnectors/GCP/Terraform/sentinel_resources_creation/GCPCloudIDSLogSetup/GCPCloudIDSLogSetup.tf x: 8 # contributors y: 12 # changes DataConnectors/GCP/Terraform/sentinel_resources_creation/GCPDNS_CCPLogsSetup/GCPDNSLogSetup.tf x: 13 # contributors y: 15 # changes DataConnectors/GCP/Terraform/sentinel_resources_creation/GCPIAMCCPLogsSetup/GCPIAMLOGS.tf x: 12 # contributors y: 13 # changes DataConnectors/GCP/Terraform/sentinel_resources_creation/GCPVPCFlowLogsSetup/GCPVPCFlowLogSetup.tf x: 12 # contributors y: 15 # changes Detections/ASimProcess/SdeletedeployedviaGPOandrunrecursively(ASIMVersion).yaml x: 82 # contributors y: 109 # changes Hunting Queries/Microsoft 365 Defender/Defense evasion/suspicious-base64-encoded-registry-keys.yaml x: 11 # contributors y: 16 # changes Hunting Queries/Microsoft 365 Defender/Email Queries/General/Email sender IP address Geo location information.yaml x: 13 # contributors y: 11 # changes Playbooks/Isolate-AzVM/Convert-SnapshotsToVHD.ps1 x: 7 # contributors y: 10 # changes Solutions/AIShield AI Security Monitoring/Analytic Rules/BIIDetectionVulDetection.yaml x: 14 # contributors y: 12 # changes Solutions/AIShield AI Security Monitoring/Parsers/Guardian.yaml x: 14 # contributors y: 14 # changes Solutions/Armis/Data Connectors/ArmisDevice/ArmisDeviceSentinelConnector/__init__.py x: 68 # contributors y: 88 # changes Solutions/AtlassianConfluenceAudit/Data Connectors/AtlassianConfluenceAuditDataConnector/ConfluenceAuditAPISentinelConnector/__init__.py x: 9 # contributors y: 15 # changes Solutions/Azure Activity/Analytic Rules/Machine_Learning_Creation.yaml x: 11 # contributors y: 19 # changes Solutions/Commvault Security IQ/Analytic Rules/CommvaultSecurityIQ_Alert.yaml x: 30 # contributors y: 38 # changes Solutions/Commvault Security IQ/Analytic Rules/Data_Alert.yaml x: 38 # contributors y: 44 # changes Solutions/Commvault Security IQ/Analytic Rules/User_Alert.yaml x: 38 # contributors y: 46 # changes Solutions/Commvault Security IQ/Data Connectors/AzureFunctionCommvaultSecurityIQ/main.py x: 43 # contributors y: 75 # changes Solutions/Commvault Security IQ/Playbooks/Runbooks/Commvault_Disable_Data_Aging.py x: 26 # contributors y: 31 # changes Solutions/Commvault Security IQ/Tools/AssignLogicAppRoles.ps1 x: 9 # contributors y: 12 # changes Solutions/Corelight/Parsers/corelight_files.yaml x: 34 # contributors y: 57 # changes Solutions/Corelight/Parsers/corelight_http.yaml x: 34 # contributors y: 58 # changes Solutions/Corelight/Parsers/corelight_intel.yaml x: 27 # contributors y: 34 # changes Solutions/Corelight/Parsers/corelight_suricata_corelight.yaml x: 27 # contributors y: 35 # changes Solutions/CyberArkAudit/Data Connectors/CyberArkAuditConnector/exporter.py x: 27 # contributors y: 42 # changes Solutions/ExtraHop/Analytic Rules/ExtraHopSentinelAlerts.yaml x: 10 # contributors y: 13 # changes Solutions/ExtraHop/Data Connectors/ExtraHopDataConnector/ExtraHopDetectionsOrchestrator/__init__.py x: 9 # contributors y: 9 # changes Solutions/ForescoutHostPropertyMonitor/Analytic Rules/ForeScout-DNSSniffEventMonitor.yaml x: 54 # contributors y: 73 # changes Solutions/Google Apigee/Parsers/ApigeeXV2.yaml x: 11 # contributors y: 14 # changes Solutions/GoogleCloudPlatformDNS/Parsers/GCPCloudDNS.yaml x: 43 # contributors y: 50 # changes Solutions/IllumioSaaS/Data Connectors/CommonCode/constants.py x: 21 # contributors y: 42 # changes Solutions/Jamf Protect/Analytic Rules/JamfProtectAlerts.yaml x: 65 # contributors y: 97 # changes Solutions/Jamf Protect/Analytic Rules/JamfProtectNetworkThreats.yaml x: 67 # contributors y: 98 # changes Solutions/Jamf Protect/Analytic Rules/JamfProtectUnifiedLogs.yaml x: 57 # contributors y: 78 # changes Solutions/Jamf Protect/Parsers/JamfProtectAlerts.yaml x: 4 # contributors y: 7 # changes Solutions/Microsoft Exchange Security - Exchange On-Premises/Parsers/ExchangeAdminAuditLogs.yaml x: 61 # contributors y: 71 # changes Solutions/Mimecast/Analytic Rules/MimecastAudit/Mimecast_Audit.yaml x: 19 # contributors y: 37 # changes Solutions/MimecastSEG/Analytic Rules/MimecastSIEM_AV.yaml x: 32 # contributors y: 38 # changes Solutions/MimecastSEG/Analytic Rules/MimecastSIEM_Spam_Event.yaml x: 33 # contributors y: 39 # changes Solutions/Salesforce Service Cloud/Analytic Rules/Salesforce-PasswordSpray.yaml x: 41 # contributors y: 61 # changes Solutions/SecurityBridge App/Analytical Rules/CriticalEventTriggered.yaml x: 63 # contributors y: 94 # changes Solutions/SecurityBridge App/Parsers/SecurityBridgeLogs.yaml x: 40 # contributors y: 49 # changes Solutions/Team Cymru Scout/Parsers/CymruScoutIP.yaml x: 16 # contributors y: 34 # changes Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/shared_code/configurations.py x: 83 # contributors y: 103 # changes Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/timer_trigger/__init__.py x: 63 # contributors y: 85 # changes Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/timer_trigger_oat/__init__.py x: 87 # contributors y: 108 # changes DataConnectors/Syslog/Forwarder_AMA_installer.py x: 86 # contributors y: 130 # changes Solutions/Azure Web Application Firewall (WAF)/Analytic Rules/App-GW-WAF-SQLiDetection.yaml x: 28 # contributors y: 33 # changes Solutions/ESET Protect Platform/Data Connectors/integration/main.py x: 24 # contributors y: 41 # changes Solutions/ESET Protect Platform/Data Connectors/integration/models.py x: 24 # contributors y: 38 # changes Solutions/ESET Protect Platform/Data Connectors/integration/utils.py x: 30 # contributors y: 47 # changes Solutions/IPinfo/Data Connectors/ASN/AzureFunctionIPinfoASN/constants.py x: 11 # contributors y: 11 # changes Solutions/Microsoft 365/Analytic Rules/MailItemsAccessedTimeSeries.yaml x: 75 # contributors y: 109 # changes Solutions/Microsoft Entra ID/Analytic Rules/NRT_AuthenticationMethodsChangedforVIPUsers.yaml x: 47 # contributors y: 59 # changes Solutions/ProofPointTap/Analytic Rules/MalwareLinkClicked.yaml x: 104 # contributors y: 144 # changes Solutions/Proofpoint On demand(POD) Email Security/Data Connectors/ProofpointSentinelConnector/__init__.py x: 61 # contributors y: 79 # changes Solutions/Salesforce Service Cloud/Analytic Rules/Salesforce-BruteForce.yaml x: 52 # contributors y: 73 # changes DataConnectors/AWS-S3/CloudWatchPushBasedLambdaFunction.py x: 10 # contributors y: 8 # changes DataConnectors/M365Defender-VulnerabilityManagement/maintenance/deployLatestFunctionPackage.ps1 x: 43 # contributors y: 44 # changes Detections/MultipleDataSources/AnomalousIPUsageFollowedByTeamsAction.yaml x: 140 # contributors y: 196 # changes Hunting Queries/AzureStorage/AzureStorageFileCreatedQuicklyDeleted.yaml x: 49 # contributors y: 50 # changes Hunting Queries/Microsoft 365 Defender/Email Queries/Attachment/ATP policy status check.yaml x: 37 # contributors y: 52 # changes Hunting Queries/Microsoft 365 Defender/Email Queries/Attachment/JNLP attachment.yaml x: 37 # contributors y: 50 # changes Hunting Queries/Microsoft 365 Defender/Email Queries/General/Audit Email Preview-Download action.yaml x: 35 # contributors y: 52 # changes Hunting Queries/Microsoft 365 Defender/Email Queries/General/Hunt for TABL changes.yaml x: 35 # contributors y: 51 # changes Hunting Queries/Microsoft 365 Defender/Email Queries/General/New TABL Items.yaml x: 35 # contributors y: 44 # changes Hunting Queries/Microsoft 365 Defender/Email Queries/Hunting/Emails containing links to IP addresses.yaml x: 24 # contributors y: 30 # changes Hunting Queries/Microsoft 365 Defender/Email Queries/Hunting/Hunt for email conversation take over attempts.yaml x: 37 # contributors y: 48 # changes Hunting Queries/Microsoft 365 Defender/Email Queries/Malware/Email containing malware accessed on a unmanaged device.yaml x: 37 # contributors y: 49 # changes Hunting Queries/Microsoft 365 Defender/Email Queries/Malware/Email containing malware sent by an internal sender.yaml x: 39 # contributors y: 51 # changes Hunting Queries/Microsoft 365 Defender/Email Queries/Phish/PhishDetectionByDetectionMethod.yaml x: 38 # contributors y: 49 # changes Hunting Queries/Microsoft 365 Defender/Email Queries/QR code/Campaign with randomly named attachments.yaml x: 36 # contributors y: 51 # changes Hunting Queries/Microsoft 365 Defender/Email Queries/QR code/Emails delivered having URLs from QR codes.yaml x: 38 # contributors y: 51 # changes Hunting Queries/Microsoft 365 Defender/Email Queries/Quarantine/High Confidence Phish Released.yaml x: 33 # contributors y: 42 # changes Hunting Queries/Microsoft 365 Defender/Email Queries/URL Click/URL click on ZAP Email.yaml x: 39 # contributors y: 52 # changes Parsers/ASimAuditEvent/Parsers/ASimAuditEvent.yaml x: 104 # contributors y: 193 # changes Parsers/ASimAuditEvent/Parsers/ASimAuditEventNative.yaml x: 10 # contributors y: 18 # changes Parsers/ASimAuditEvent/Parsers/imAuditEvent.yaml x: 96 # contributors y: 185 # changes Parsers/ASimAuditEvent/Parsers/vimAuditEventNative.yaml x: 11 # contributors y: 21 # changes Parsers/ASimAuthentication/Parsers/ASimAuthentication.yaml x: 124 # contributors y: 252 # changes Parsers/ASimAuthentication/Parsers/imAuthentication.yaml x: 115 # contributors y: 249 # changes Parsers/ASimNetworkSession/Parsers/vimNetworkSessionCiscoASA.yaml x: 34 # contributors y: 40 # changes Solutions/AbnormalSecurity/Data Connectors/SentinelFunctionsOrchestrator/soar_connector_async.py x: 91 # contributors y: 138 # changes Solutions/AbnormalSecurity/Data Connectors/SentinelFunctionsOrchestrator/soar_connector_async_v2.py x: 23 # contributors y: 44 # changes Solutions/AbnormalSecurity/Data Connectors/SentinelFunctionsOrchestrator/utils.py x: 22 # contributors y: 42 # changes Solutions/Amazon Web Services/Analytic Rules/AWS_LogTampering.yaml x: 70 # contributors y: 98 # changes Solutions/Apache Log4j Vulnerability Detection/Analytic Rules/UserAgentSearch_log4j.yaml x: 96 # contributors y: 114 # changes Solutions/AristaAwakeSecurity/Analytic Rules/HighMatchCountsByDevice.yaml x: 69 # contributors y: 83 # changes Solutions/Azure Cloud NGFW by Palo Alto Networks/Analytic Rules/CloudNGFW-PortScanning.yaml x: 44 # contributors y: 73 # changes Solutions/Azure Cloud NGFW by Palo Alto Networks/Analytic Rules/CloudNGFW-UnusualThreatSignatures.yaml x: 36 # contributors y: 53 # changes Solutions/BloodHound Enterprise/Analytic Rules/BloodHoundEnterpriseCriticalAttackPaths.yaml x: 65 # contributors y: 78 # changes Solutions/BloodHound Enterprise/Data Connectors/pkg/bloodhound/client.go x: 18 # contributors y: 26 # changes Solutions/BloodHound Enterprise/Data Connectors/pkg/connector/main.go x: 18 # contributors y: 28 # changes Solutions/CTERA/Analytic Rules/InfectedFileDetected.yaml x: 14 # contributors y: 13 # changes Solutions/CTERA/Analytic Rules/RansomwareDetected.yaml x: 19 # contributors y: 34 # changes Solutions/CiscoWSA/Analytic Rules/CiscoWSAAccessToUnwantedSite.yaml x: 65 # contributors y: 81 # changes Solutions/CiscoWSA/Analytic Rules/CiscoWSAMultipleErrorsToUnwantedCategory.yaml x: 56 # contributors y: 70 # changes Solutions/CiscoWSA/Analytic Rules/CiscoWSAMultipleInfectedFiles.yaml x: 59 # contributors y: 69 # changes Solutions/CiscoWSA/Analytic Rules/CiscoWSAUnscannableFile.yaml x: 56 # contributors y: 71 # changes Solutions/CrowdStrike Falcon Endpoint Protection/Data Connectors/CrowdstrikeReplicator/CrowdstrikeFalconAPISentinelConnector/__init__.py x: 69 # contributors y: 99 # changes Solutions/CrowdStrike Falcon Endpoint Protection/Data Connectors/CrowdstrikeReplicatorCLv2/CrowdstrikeFalconAPISentinelConn/QueueTriggerCS/__init__.py x: 64 # contributors y: 75 # changes Solutions/CrowdStrike Falcon Endpoint Protection/Parsers/CrowdStrikeFalconEventStream.yaml x: 11 # contributors y: 12 # changes Solutions/CyberArkAudit/Data Connectors/CyberArkAuditConnector/audit.py x: 25 # contributors y: 34 # changes Solutions/CyberArkEPM/DataConnectors/CyberArkEPMSentinelConnector/__init__.py x: 57 # contributors y: 56 # changes Solutions/Digital Guardian Data Loss Prevention/Analytic Rules/DigitalGuardianClassifiedDataInsecureTransfer.yaml x: 22 # contributors y: 24 # changes Solutions/Dragos/Analytic Rules/DragosNotifiction.yaml x: 20 # contributors y: 17 # changes Solutions/Dragos/Parsers/DragosNotificationsToSentinel.yaml x: 20 # contributors y: 16 # changes Solutions/Fortinet FortiWeb Cloud WAF-as-a-Service connector for Microsoft Sentinel/Analytic Rules/Fortiweb - WAF Allowed threat.yaml x: 60 # contributors y: 65 # changes Solutions/GitLab/Analytic Rules/GitLab_BruteForce.yaml x: 49 # contributors y: 58 # changes Solutions/GitLab/Analytic Rules/GitLab_Impersonation.yaml x: 62 # contributors y: 78 # changes Solutions/GitLab/Analytic Rules/GitLab_LocalAuthNoMFA.yaml x: 49 # contributors y: 57 # changes Solutions/Global Secure Access/Analytic Rules/Identity - AfterHoursActivity.yaml x: 32 # contributors y: 52 # changes Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Clone_Detection_Query.yaml x: 18 # contributors y: 35 # changes Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Enforcement_Change_Detection_Query.yaml x: 21 # contributors y: 39 # changes Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Firewall_Tampering_Detection_Query.yaml x: 18 # contributors y: 33 # changes Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Suspend_Query.yaml x: 18 # contributors y: 34 # changes Solutions/IllumioSaaS/Data Connectors/OnPremHealthFunctionApp/onprem_health_api.py x: 13 # contributors y: 13 # changes Solutions/IllumioSaaS/Data Connectors/TimedApiFunctionApp/api_response.py x: 27 # contributors y: 54 # changes Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-DataExfiltrationAttack.yaml x: 53 # contributors y: 75 # changes Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-HighThreatLevelQueryNotBlockedDetected.yaml x: 95 # contributors y: 139 # changes Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-ManyHighThreatLevelSingleQueryDetected.yaml x: 54 # contributors y: 76 # changes Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-TI-CommonSecurityLogMatchFound-MalwareC2.yaml x: 53 # contributors y: 76 # changes Solutions/Infoblox NIOS/Analytic Rules/ExcessiveNXDOMAINDNSQueries.yaml x: 80 # contributors y: 110 # changes Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTDenialofService.yaml x: 109 # contributors y: 154 # changes Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTExcessiveLoginAttempts.yaml x: 102 # contributors y: 145 # changes Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTFirmwareUpdates.yaml x: 102 # contributors y: 144 # changes Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTINoSensorTrafficDetected.yaml x: 83 # contributors y: 116 # changes Solutions/McAfee ePolicy Orchestrator/Analytic Rules/McAfeeEPOAgentHandlerDown.yaml x: 42 # contributors y: 56 # changes Solutions/McAfee ePolicy Orchestrator/Hunting Queries/McAfeeEPOAgentErrors.yaml x: 42 # contributors y: 55 # changes Solutions/Microsoft Defender XDR/Analytic Rules/Persistence/LocalAdminGroupChanges.yaml x: 37 # contributors y: 46 # changes Solutions/Microsoft Defender XDR/Analytic Rules/PossibleWebpBufferOverflow.yaml x: 50 # contributors y: 67 # changes Solutions/Microsoft Entra ID/Analytic Rules/AzureRBAC.yaml x: 13 # contributors y: 12 # changes Solutions/Microsoft Entra ID/Analytic Rules/MFARejectedbyUser.yaml x: 57 # contributors y: 80 # changes Solutions/NGINX HTTP Server/Analytic Rules/NGINXCommandsInRequest.yaml x: 45 # contributors y: 59 # changes Solutions/Nasuni/Analytic Rules/RansomwareAttackDetected.yaml x: 55 # contributors y: 66 # changes Solutions/NetClean ProActive/Analytic Rules/NetClean_Sentinel_analytic_rule.yaml x: 52 # contributors y: 50 # changes Solutions/Okta Single Sign-On/Analytic Rules/FailedLoginsFromUnknownOrInvalidUser.yaml x: 76 # contributors y: 104 # changes Solutions/Oracle Cloud Infrastructure/Data Connectors/AzureFunctionOCILogs/main.py x: 122 # contributors y: 194 # changes Solutions/OracleDatabaseAudit/Analytic Rules/OracleDBAuditConnectFromExternalIp.yaml x: 82 # contributors y: 97 # changes Solutions/OracleDatabaseAudit/Analytic Rules/OracleDBAuditQueryOnSensitiveTable.yaml x: 85 # contributors y: 103 # changes Solutions/OracleDatabaseAudit/Hunting Queries/OracleDBAuditActionsByIp.yaml x: 46 # contributors y: 46 # changes Solutions/OracleDatabaseAudit/Hunting Queries/OracleDBAuditDbConnectNonOperationalTime.yaml x: 72 # contributors y: 74 # changes Solutions/OracleDatabaseAudit/Hunting Queries/OracleDBAuditLargeQueries.yaml x: 63 # contributors y: 64 # changes Solutions/OracleDatabaseAudit/Hunting Queries/OracleDBAuditListOfTablesQueried.yaml x: 63 # contributors y: 63 # changes Solutions/OracleDatabaseAudit/Hunting Queries/OracleDBAuditUsersNewPrivilegesAdded.yaml x: 73 # contributors y: 82 # changes Solutions/OracleWebLogicServer/Analytic Rules/OracleWebLogicCommandInURI.yaml x: 60 # contributors y: 85 # changes Solutions/OracleWebLogicServer/Analytic Rules/OracleWebLogicExploitCVE-2021-2109.yaml x: 69 # contributors y: 94 # changes Solutions/OracleWebLogicServer/Analytic Rules/OracleWebLogicMultipleClientErrorsFromSingleIP.yaml x: 60 # contributors y: 87 # changes Solutions/OracleWebLogicServer/Analytic Rules/OracleWebLogicPutAndGetFileFromSameIP.yaml x: 56 # contributors y: 74 # changes Solutions/OracleWebLogicServer/Hunting Queries/OracleWebLogicAbnormalRequestSize.yaml x: 34 # contributors y: 44 # changes Solutions/OracleWebLogicServer/Hunting Queries/OracleWebLogicCriticalEventSeverity.yaml x: 34 # contributors y: 45 # changes Solutions/OracleWebLogicServer/Hunting Queries/OracleWebLogicErrors.yaml x: 44 # contributors y: 67 # changes Solutions/PaloAlto-PAN-OS/Analytic Rules/PaloAlto-NetworkBeaconing.yaml x: 84 # contributors y: 128 # changes Solutions/PaloAlto-PAN-OS/Analytic Rules/PaloAlto-PortScanning.yaml x: 89 # contributors y: 149 # changes Solutions/Pulse Connect Secure/Analytic Rules/PulseConnectSecureVPN-BruteForce.yaml x: 60 # contributors y: 70 # changes Solutions/QualysVM/Analytic Rules/HighNumberofVulnDetectedV2.yaml x: 49 # contributors y: 62 # changes Solutions/Recorded Future/Analytic Rules/RecordedFutureDomainMalwareC2inSyslogEvents.yaml x: 77 # contributors y: 112 # changes Solutions/Salesforce Service Cloud/Data Connectors/SalesforceSentinelConnector/__init__.py x: 81 # contributors y: 87 # changes Solutions/SentinelOne/Analytic Rules/SentinelOneAgentUninstalled.yaml x: 48 # contributors y: 61 # changes Solutions/Symantec Endpoint Protection/Analytic Rules/ExcessiveBlockedTrafficGeneratedbyUser.yaml x: 101 # contributors y: 136 # changes Solutions/Symantec Endpoint Protection/Analytic Rules/MalwareDetected.yaml x: 103 # contributors y: 140 # changes Solutions/Symantec VIP/Analytic Rules/ClientDeniedAccess.yaml x: 62 # contributors y: 73 # changes Solutions/SymantecProxySG/Analytic Rules/ExcessiveDeniedProxyTraffic.yaml x: 76 # contributors y: 107 # changes Solutions/Threat Intelligence/Analytic Rules/Threat Intel Matches to GitHub Audit Logs.yaml x: 82 # contributors y: 104 # changes Tools/Create-Azure-Sentinel-Solution/V3/createSolutionV3.ps1 x: 111 # contributors y: 192 # changes Tools/Create-Azure-Sentinel-Solution/common/get-ccp-details.ps1 x: 34 # contributors y: 50 # changes ASIM/dev/ASimYaml2ARM/KqlFuncYaml2Arm.py x: 59 # contributors y: 90 # changes ASIM/dev/Parser YAML templates/ASimAlertEventTemplate.yaml x: 15 # contributors y: 17 # changes ASIM/dev/Parser YAML templates/ASimAuditEventTemplate.yaml x: 38 # contributors y: 47 # changes ASIM/dev/Parser YAML templates/ASimAuthenticationTemplate.yaml x: 52 # contributors y: 62 # changes ASIM/dev/Parser YAML templates/ASimDhcpEventTemplate.yaml x: 35 # contributors y: 37 # changes ASIM/dev/Parser YAML templates/ASimFileEventTemplate.yaml x: 63 # contributors y: 76 # changes ASIM/dev/Parser YAML templates/vimAuditEventTemplate.yaml x: 38 # contributors y: 48 # changes ASIM/lib/functions/ASIM_FillNull.yaml x: 12 # contributors y: 20 # changes DataConnectors/AWS-S3/CloudWatchLambdaFunction.py x: 40 # contributors y: 63 # changes DataConnectors/AWS-SecurityHubFindings/AzFunAWSSecurityHubIngestion/__init__.py x: 105 # contributors y: 143 # changes DataConnectors/GCP/Terraform/sentinel_resources_creation/GCPFirewallLogsSetup/GCPFirewallLogSetup.tf x: 11 # contributors y: 24 # changes DataConnectors/O365 Data/O365APItoAS-Template/TimerTrigger/run.ps1 x: 78 # contributors y: 106 # changes DataConnectors/microsoft-sentinel-log-analytics-logstash-output-plugin/lib/logstash/sentinel_la/version.rb x: 71 # contributors y: 104 # changes DataConnectors/microsoft-sentinel-log-analytics-logstash-output-plugin/microsoft-sentinel-log-analytics-logstash-output-plugin.gemspec x: 49 # contributors y: 54 # changes Detections/CommonSecurityLog/MultiVendor-PossibleDGAContacts.yaml x: 111 # contributors y: 164 # changes Detections/MultipleDataSources/AADHostLoginCorrelation.yaml x: 144 # contributors y: 226 # changes Detections/MultipleDataSources/MailBoxTampering.yaml x: 75 # contributors y: 89 # changes Detections/MultipleDataSources/powershell_MangoSandstorm.yaml x: 64 # contributors y: 72 # changes Detections/SecurityAlert/AVSpringShell.yaml x: 79 # contributors y: 124 # changes Exploration Queries/InputEntity_Account/UserAccount_ScreenshotHosts.yaml x: 48 # contributors y: 50 # changes Hunting Queries/BehaviorAnalytics/Anomalous AAD Account Manipulation.yaml x: 96 # contributors y: 125 # changes Hunting Queries/DeviceProcess/VScodeExtensionofanUser.yaml x: 12 # contributors y: 18 # changes Hunting Queries/Microsoft 365 Defender/Persistence/rare_sch_task_launch.yaml x: 11 # contributors y: 23 # changes Parsers/ASimAuditEvent/Parsers/ASimAuditEventIllumioSaaSCore.yaml x: 9 # contributors y: 28 # changes Parsers/ASimAuditEvent/Parsers/ASimAuditEventInfobloxBloxOne.yaml x: 12 # contributors y: 30 # changes Parsers/ASimAuthentication/Parsers/ASimAuthenticationIllumioSaaSCore.yaml x: 9 # contributors y: 23 # changes Parsers/ASimAuthentication/Parsers/ASimAuthenticationMicrosoftWindowsEvent.yaml x: 87 # contributors y: 141 # changes Parsers/ASimAuthentication/Parsers/vimAuthenticationIllumioSaaSCore.yaml x: 9 # contributors y: 24 # changes Parsers/ASimAuthentication/Parsers/vimAuthenticationMicrosoftWindowsEvent.yaml x: 86 # contributors y: 144 # changes Parsers/ASimDhcpEvent/Parsers/ASimDhcpEvent.yaml x: 32 # contributors y: 47 # changes Parsers/ASimDhcpEvent/Parsers/ASimDhcpEventInfobloxBloxOne.yaml x: 12 # contributors y: 29 # changes Parsers/ASimDhcpEvent/Parsers/imDhcpEvent.yaml x: 32 # contributors y: 46 # changes Parsers/ASimDns/Parsers/ASimDns.yaml x: 89 # contributors y: 139 # changes Parsers/ASimDns/Parsers/imDns.yaml x: 83 # contributors y: 128 # changes Parsers/ASimNetworkSession/Parsers/ASimNetworkSession.yaml x: 155 # contributors y: 316 # changes Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionIllumioSaaSCore.yaml x: 9 # contributors y: 29 # changes Parsers/ASimNetworkSession/Parsers/imNetworkSession.yaml x: 158 # contributors y: 313 # changes Playbooks/MDTI-Actor-Lookup/function_app.py x: 17 # contributors y: 30 # changes Solutions/AbnormalSecurity/Data Connectors/SentinelFunctionsOrchestrator/__init__.py x: 71 # contributors y: 93 # changes Solutions/AbnormalSecurity/Data Connectors/SentinelFunctionsOrchestrator/soar_connector_async_v2_local_run.py x: 12 # contributors y: 24 # changes Solutions/Amazon Web Services/Analytic Rules/AWS_OverlyPermessiveKMS.yaml x: 66 # contributors y: 84 # changes Solutions/ApacheHTTPServer/Analytic Rules/ApacheCVE-2021-41773.yaml x: 64 # contributors y: 81 # changes Solutions/ApacheHTTPServer/Analytic Rules/ApachePutSuspiciousFiles.yaml x: 59 # contributors y: 75 # changes Solutions/ApacheHTTPServer/Hunting Queries/ApacheFilesErrorRequests.yaml x: 41 # contributors y: 47 # changes Solutions/ApacheHTTPServer/Hunting Queries/ApacheRareUAWithClientErrors.yaml x: 59 # contributors y: 74 # changes Solutions/ApacheHTTPServer/Hunting Queries/ApacheRareURLsRequested.yaml x: 53 # contributors y: 68 # changes Solutions/Armis/Data Connectors/ArmisAlertsActivities/ArmisAlertActivitySentinelConnector/consts.py x: 24 # contributors y: 29 # changes Solutions/Armis/Data Connectors/ArmisAlertsActivities/ArmisAlertActivitySentinelConnector/exports_store.py x: 13 # contributors y: 17 # changes Solutions/Armis/Data Connectors/ArmisAlertsActivities/ArmisAlertActivitySentinelConnector/state_manager.py x: 24 # contributors y: 28 # changes Solutions/Armis/Data Connectors/ArmisAlertsActivities/ArmisAlertActivitySentinelConnector/utils.py x: 26 # contributors y: 33 # changes Solutions/Azure Cloud NGFW by Palo Alto Networks/Analytic Rules/CloudNGFW-NetworkBeaconing.yaml x: 36 # contributors y: 54 # changes Solutions/BitSight/Data Connectors/BitSightDataConnector/AlertsGraphStatisticsDetails/bitsight_statistics.py x: 38 # contributors y: 57 # changes Solutions/BitSight/Data Connectors/BitSightDataConnector/BreachesDetails/bitsight_breaches.py x: 52 # contributors y: 78 # changes Solutions/BitSight/Data Connectors/BitSightDataConnector/CompaniesDetails/bitsight_companies.py x: 52 # contributors y: 77 # changes Solutions/BitSight/Data Connectors/BitSightDataConnector/PortFolioCompanies/bitsight_portfolio.py x: 31 # contributors y: 51 # changes Solutions/BitSight/Data Connectors/BitSightDataConnector/SharedCode/bitsight_client.py x: 39 # contributors y: 57 # changes Solutions/BitSight/Data Connectors/BitSightDataConnector/SharedCode/utils.py x: 32 # contributors y: 53 # changes Solutions/Box/Parsers/BoxEvents.yaml x: 43 # contributors y: 48 # changes Solutions/Cisco ISE/Analytic Rules/CiscoISEAdminPasswordReset.yaml x: 92 # contributors y: 106 # changes Solutions/Cisco ISE/Analytic Rules/CiscoISECmdExecutionWithHighestPrivilegesNewIP.yaml x: 119 # contributors y: 132 # changes Solutions/Cisco ISE/Hunting Queries/CiscoISEAuthenticationToSuspendedAccount.yaml x: 45 # contributors y: 48 # changes Solutions/CiscoSEG/Analytic Rules/CiscoSEGDLPViolation.yaml x: 76 # contributors y: 101 # changes Solutions/CiscoSEG/Hunting Queries/CiscoSEGDroppedOutMails.yaml x: 55 # contributors y: 71 # changes Solutions/CiscoSEG/Hunting Queries/CiscoSEGFailedDKIMFailure.yaml x: 55 # contributors y: 70 # changes Solutions/CiscoSEG/Hunting Queries/CiscoSEGInsecureProtocol.yaml x: 69 # contributors y: 96 # changes Solutions/CiscoSEG/Hunting Queries/CiscoSEGSpamMails.yaml x: 71 # contributors y: 97 # changes Solutions/CiscoSEG/Hunting Queries/CiscoSEGUsersReceivedSpam.yaml x: 87 # contributors y: 126 # changes Solutions/Claroty/Analytic Rules/ClarotyAssetDown.yaml x: 82 # contributors y: 107 # changes Solutions/Claroty/Analytic Rules/ClarotyLoginToUncommonSite.yaml x: 91 # contributors y: 125 # changes Solutions/Claroty/Hunting Queries/ClarotyUnapprovedAccess.yaml x: 65 # contributors y: 79 # changes Solutions/Cloudflare/Data Connectors/AzureFunctionCloudflare/main.py x: 153 # contributors y: 220 # changes Solutions/Cloudflare/Data Connectors/AzureFunctionCloudflare/sentinel_connector_async.py x: 60 # contributors y: 77 # changes Solutions/CohesitySecurity/Data Connectors/Helios2Sentinel/IncidentProducer/IncidentProducer.cs x: 59 # contributors y: 83 # changes Solutions/Corelight/Parsers/corelight_conn.yaml x: 30 # contributors y: 48 # changes Solutions/Cortex XDR/Parsers/PaloAltoCortexXDR.yaml x: 9 # contributors y: 14 # changes Solutions/CrowdStrike Falcon Endpoint Protection/Analytic Rules/CriticalOrHighSeverityDetectionsByUser.yaml x: 136 # contributors y: 167 # changes Solutions/CrowdStrike Falcon Endpoint Protection/Data Connectors/CrowdstrikeReplicatorCLv2/CrowdstrikeFalconAPISentinelConn/Replicator/main_aws_queue.py x: 67 # contributors y: 95 # changes Solutions/DNS Essentials/Analytic Rules/MultipleErrorsReportedForSameDNSQueryStaticThresholdBased.yaml x: 68 # contributors y: 85 # changes Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/DomainRiskScore/__init__.py x: 24 # contributors y: 27 # changes Solutions/ESET Protect Platform/Data Connectors/function_app.py x: 15 # contributors y: 22 # changes Solutions/ESET Protect Platform/Data Connectors/integration/__init__.py x: 14 # contributors y: 21 # changes Solutions/ESET Protect Platform/Data Connectors/integration/models_detections.py x: 18 # contributors y: 27 # changes Solutions/ESET Protect Platform/Parsers/ESETProtectPlatform.yaml x: 12 # contributors y: 14 # changes Solutions/Endpoint Threat Protection Essentials/Analytic Rules/MacroInvokingShellBrowserWindowCOMObjects.yaml x: 73 # contributors y: 99 # changes Solutions/Global Secure Access/Analytic Rules/Office 365 - External User added to Team and immediately uploads file.yaml x: 30 # contributors y: 50 # changes Solutions/Global Secure Access/Analytic Rules/Office 365 - ExternalUserAddedRemovedInTeams.yaml x: 23 # contributors y: 42 # changes Solutions/Global Secure Access/Analytic Rules/Office 365 - sharepoint_file_transfer_above_threshold.yaml x: 23 # contributors y: 43 # changes Solutions/Global Secure Access/Hunting Queries/AnomolousUserAccessingOtherUsersMailbox.yaml x: 26 # contributors y: 43 # changes Solutions/Global Secure Access/Hunting Queries/ExternalUserFromNewOrgAddedToTeams.yaml x: 19 # contributors y: 35 # changes Solutions/IllumioSaaS/Data Connectors/CommonCode/__init__.py x: 9 # contributors y: 22 # changes Solutions/IllumioSaaS/Data Connectors/QueueManagerFunctionApp/queue_manager.py x: 26 # contributors y: 56 # changes Solutions/IllumioSaaS/Data Connectors/QueueTriggerFuncApp/azure_queue_trigger.py x: 26 # contributors y: 59 # changes Solutions/IllumioSaaS/Data Connectors/TimedSQSFunctionApp/aws_queue.py x: 26 # contributors y: 60 # changes Solutions/Malware Protection Essentials/Analytic Rules/SuspiciousProcessCreation.yaml x: 29 # contributors y: 49 # changes Solutions/Microsoft 365/Analytic Rules/sharepoint_file_transfer_above_threshold.yaml x: 69 # contributors y: 124 # changes Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - Anomalous application user activity.yaml x: 9 # contributors y: 17 # changes Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - Guest user exfiltration following Power Platform defense impairment.yaml x: 9 # contributors y: 18 # changes Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Hunting/Automated email notifications and suspicious sign-in activity.yaml x: 16 # contributors y: 23 # changes Solutions/Microsoft Entra ID/Analytic Rules/PrivlegedRoleAssignedOutsidePIM.yaml x: 47 # contributors y: 68 # changes Solutions/Microsoft Exchange Security - Exchange On-Premises/Parsers/MESCompareDataOnPMRA.yaml x: 15 # contributors y: 25 # changes Solutions/Microsoft Exchange Security - Exchange Online/Parsers/MESCompareDataMRA.yaml x: 31 # contributors y: 54 # changes Solutions/Mimecast/Analytic Rules/MimecastSEG/MimecastCG_AV.yaml x: 11 # contributors y: 25 # changes Solutions/Mimecast/Data Connectors/MimecastAT/SharedCode/sentinel.py x: 12 # contributors y: 25 # changes Solutions/Okta Single Sign-On/Analytic Rules/HighRiskAdminActivity.yaml x: 62 # contributors y: 77 # changes Solutions/Okta Single Sign-On/Analytic Rules/MFAFatigue.yaml x: 61 # contributors y: 77 # changes Solutions/Okta Single Sign-On/Parsers/OktaSSO.yaml x: 49 # contributors y: 65 # changes Solutions/PaloAlto-PAN-OS/Analytic Rules/FileHashEntity_Covid19_CommonSecurityLog.yaml x: 80 # contributors y: 122 # changes Solutions/PaloAlto-PAN-OS/Analytic Rules/PaloAlto-UnusualThreatSignatures.yaml x: 70 # contributors y: 100 # changes Solutions/PaloAlto-PAN-OS/Hunting Queries/Palo Alto - potential beaconing detected.yaml x: 72 # contributors y: 109 # changes Solutions/PaloAltoCDL/Analytic Rules/PaloAltoCDLConflictingMacAddress.yaml x: 77 # contributors y: 103 # changes Solutions/PaloAltoCDL/Analytic Rules/PaloAltoCDLFileTypeWasChanged.yaml x: 77 # contributors y: 101 # changes Solutions/PaloAltoCDL/Analytic Rules/PaloAltoCDLInboundRiskPorts.yaml x: 77 # contributors y: 100 # changes Solutions/PaloAltoCDL/Hunting Queries/PaloAltoCDLCriticalEventResult.yaml x: 58 # contributors y: 73 # changes Solutions/PaloAltoCDL/Hunting Queries/PaloAltoCDLFilePermissionWithPutRequest.yaml x: 58 # contributors y: 72 # changes Solutions/PaloAltoCDL/Hunting Queries/PaloAltoCDLRarePortsbyUser.yaml x: 67 # contributors y: 94 # changes Solutions/PingFederate/Analytic Rules/PingFederateAbnormalPasswordResetsAttempts.yaml x: 99 # contributors y: 129 # changes Solutions/PingFederate/Analytic Rules/PingFederateForbiddenCountry.yaml x: 99 # contributors y: 131 # changes Solutions/PingFederate/Hunting Queries/PingFederateAuthUrls.yaml x: 67 # contributors y: 78 # changes Solutions/PingFederate/Hunting Queries/PingFederateUnusualSources.yaml x: 84 # contributors y: 108 # changes Solutions/Pure Storage/Analytic Rules/FB-FabricModuleUnhealthy.yaml x: 15 # contributors y: 20 # changes Solutions/RubrikSecurityCloud/Data Connectors/RubrikWebhookEvents/RubrikAnomalyOrchestrator/__init__.py x: 38 # contributors y: 39 # changes Solutions/SonicWall Firewall/Analytic Rules/CaptureATPMaliciousFileDetection.yaml x: 31 # contributors y: 45 # changes Solutions/Sophos XG Firewall/Analytic Rules/ExcessiveAmountofDeniedConnectionsfromASingleSource.yaml x: 58 # contributors y: 82 # changes Solutions/Team Cymru Scout/Data Connectors/TeamCymruScout/AccountUsageDataCollector/__init__.py x: 14 # contributors y: 23 # changes Solutions/Team Cymru Scout/Data Connectors/TeamCymruScout/SharedCode/checkpoint_manager.py x: 14 # contributors y: 24 # changes Solutions/Team Cymru Scout/Data Connectors/TeamCymruScout/SharedCode/utils.py x: 14 # contributors y: 25 # changes Solutions/Team Cymru Scout/Parsers/CymruScoutCorrelate.yaml x: 13 # contributors y: 24 # changes Solutions/Team Cymru Scout/Parsers/CymruScoutDomain.yaml x: 13 # contributors y: 23 # changes Solutions/Tenable App/Data Connectors/TenableVM/TenableAssetExportOrchestrator/__init__.py x: 29 # contributors y: 38 # changes Solutions/Tenable App/Data Connectors/TenableVM/TenableAssetExportStatusAndSendChunks/__init__.py x: 29 # contributors y: 37 # changes Solutions/Threat Intelligence/Analytic Rules/DomainEntity_EmailUrlInfo.yaml x: 50 # contributors y: 69 # changes Solutions/Threat Intelligence/Analytic Rules/EmailEntity_CloudAppEvents.yaml x: 32 # contributors y: 61 # changes Solutions/Threat Intelligence/Analytic Rules/IPEntity_CloudAppEvents.yaml x: 32 # contributors y: 59 # changes Solutions/Threat Intelligence/Analytic Rules/IPEntity_Workday.yaml x: 13 # contributors y: 14 # changes Solutions/Threat Intelligence/Analytic Rules/imDns_DomainEntity_DnsEvents.yaml x: 96 # contributors y: 149 # changes Solutions/Tomcat/Analytic Rules/TomcatCommandsinRequest.yaml x: 51 # contributors y: 73 # changes Solutions/Tomcat/Analytic Rules/TomcatMultipleEmptyRequestsFromSameIP.yaml x: 51 # contributors y: 72 # changes Solutions/Tomcat/Analytic Rules/TomcatPutAndGetFileFromSameIP.yaml x: 51 # contributors y: 70 # changes Solutions/Tomcat/Hunting Queries/TomcatERRORs.yaml x: 37 # contributors y: 47 # changes Solutions/Trend Micro Apex One/Analytic Rules/TMApexOneCommandLineSuspiciousRequests.yaml x: 75 # contributors y: 100 # changes Solutions/Trend Micro Apex One/Analytic Rules/TMApexOneDvcAccessPermissionWasChanged.yaml x: 77 # contributors y: 105 # changes Solutions/Trend Micro Apex One/Analytic Rules/TMApexOneInboundRemoteAccess.yaml x: 75 # contributors y: 101 # changes Solutions/Trend Micro Apex One/Analytic Rules/TMApexOnePossibleExploitOrExecuteOperation.yaml x: 85 # contributors y: 122 # changes Solutions/Trend Micro Apex One/Hunting Queries/TMApexOneBehaviorMonitoringTranslatedOperation.yaml x: 67 # contributors y: 97 # changes Solutions/Trend Micro Apex One/Hunting Queries/TMApexOneDataLossPreventionAction.yaml x: 64 # contributors y: 84 # changes Solutions/Ubiquiti UniFi/Analytic Rules/UbiquitiCryptominer.yaml x: 46 # contributors y: 59 # changes Solutions/Ubiquiti UniFi/Hunting Queries/UbiquitiUnusualSubdomains.yaml x: 63 # contributors y: 84 # changes Solutions/VMWareESXi/Analytic Rules/ESXiDormantVMStarted.yaml x: 94 # contributors y: 110 # changes Solutions/VMWareESXi/Analytic Rules/ESXiLowPatchDiskSpace.yaml x: 65 # contributors y: 77 # changes Solutions/VMWareESXi/Analytic Rules/ESXiMultipleNewVM.yaml x: 98 # contributors y: 109 # changes Solutions/VMWareESXi/Analytic Rules/ESXiRootLogin.yaml x: 69 # contributors y: 86 # changes Solutions/VMWareESXi/Analytic Rules/ESXiSharedOrStolenRootAccount.yaml x: 69 # contributors y: 85 # changes Solutions/VMWareESXi/Hunting Queries/ESXiDormantUsers.yaml x: 37 # contributors y: 39 # changes Solutions/VMware vCenter/Analytic Rules/vCenter-Root impersonation.yaml x: 49 # contributors y: 55 # changes Solutions/VMware vCenter/Analytic Rules/vCenterRootLogin.yaml x: 50 # contributors y: 55 # changes Solutions/VMware vCenter/Parsers/vCenter.yaml x: 40 # contributors y: 48 # changes Solutions/Vectra AI Detect/Analytic Rules/VectraDetect-Account-Detections.yaml x: 66 # contributors y: 95 # changes Solutions/Vectra AI Detect/Analytic Rules/VectraDetect-Account-by-Severity.yaml x: 90 # contributors y: 141 # changes Solutions/Vectra AI Detect/Analytic Rules/VectraDetect-NewCampaign.yaml x: 100 # contributors y: 158 # changes Solutions/Vectra AI Stream/Parsers/vectra_stream.yaml x: 25 # contributors y: 33 # changes Solutions/Windows Security Events/Hunting Queries/ServiceInstallationFromUsersWritableDirectory.yaml x: 35 # contributors y: 48 # changes Solutions/ZeroNetworks/Parsers/ZNSegmentAudit.yaml x: 41 # contributors y: 57 # changes Solutions/Zscaler Internet Access/Analytic Rules/DiscordCDNRiskyDownload.yaml x: 57 # contributors y: 88 # changes Solutions/Zscaler Internet Access/Analytic Rules/Zscaler-LowVolumeDomainRequests.yaml x: 69 # contributors y: 103 # changes Solutions/Zscaler Private Access (ZPA)/Analytic Rules/ZscalerSharedZPASession.yaml x: 69 # contributors y: 91 # changes Solutions/Zscaler Private Access (ZPA)/Analytic Rules/ZscalerUnexpectedCountEventResult.yaml x: 69 # contributors y: 90 # changes Solutions/Zscaler Private Access (ZPA)/Analytic Rules/ZscalerUnexpectedCountries.yaml x: 69 # contributors y: 88 # changes Solutions/Zscaler Private Access (ZPA)/Analytic Rules/ZscalerUnexpectedUpdateOperation.yaml x: 63 # contributors y: 73 # changes Solutions/Zscaler Private Access (ZPA)/Analytic Rules/ZscalerZPAConnectionsFromNewIP.yaml x: 63 # contributors y: 74 # changes Solutions/Zscaler Private Access (ZPA)/Analytic Rules/ZscalerZPAUnexpectedSessionDuration.yaml x: 63 # contributors y: 75 # changes Solutions/Zscaler Private Access (ZPA)/Hunting Queries/ZscalerAbnormalTotalBytesSize.yaml x: 37 # contributors y: 44 # changes Solutions/Zscaler Private Access (ZPA)/Hunting Queries/ZscalerApplicationByUsers.yaml x: 37 # contributors y: 43 # changes Solutions/Zscaler Private Access (ZPA)/Hunting Queries/ZscalerIPsByPorts.yaml x: 62 # contributors y: 68 # changes Solutions/Zscaler Private Access (ZPA)/Hunting Queries/ZscalerTopSourceIP.yaml x: 37 # contributors y: 42 # changes Detections/CommonSecurityLog/TimeSeriesAnomaly-MultiVendor_NetworkTraffic.yaml x: 111 # contributors y: 154 # changes Detections/MultipleDataSources/StarBlizzardDomainsAugust2022.yaml x: 60 # contributors y: 79 # changes Detections/SecurityEvent/RDP_Nesting.yaml x: 141 # contributors y: 199 # changes Detections/SigninLogs/ExplicitMFADeny.yaml x: 136 # contributors y: 177 # changes Detections/ZoomLogs/SupiciousLinkSharing.yaml x: 122 # contributors y: 168 # changes Hunting Queries/Microsoft 365 Defender/Discovery/MultipleSensitiveLdaps.yaml x: 35 # contributors y: 38 # changes Parsers/ASimAuditEvent/Parsers/ASimAuditEventBarracudaWAF.yaml x: 43 # contributors y: 52 # changes Parsers/ASimAuditEvent/Parsers/ASimAuditEventCiscoMeraki.yaml x: 39 # contributors y: 47 # changes Parsers/ASimAuditEvent/Parsers/ASimAuditEventCiscoMerakiSyslog.yaml x: 14 # contributors y: 10 # changes Parsers/ASimAuditEvent/Parsers/ASimAuditEventMicrosoftWindowsEvents.yaml x: 85 # contributors y: 108 # changes Parsers/ASimAuditEvent/Parsers/vimAuditEventBarracudaWAF.yaml x: 43 # contributors y: 53 # changes Parsers/ASimAuthentication/Parsers/ASimAuthenticationCiscoMeraki.yaml x: 48 # contributors y: 64 # changes Parsers/ASimAuthentication/Parsers/ASimAuthenticationOktaOSS.yaml x: 101 # contributors y: 160 # changes Parsers/ASimAuthentication/Parsers/vimAuthenticationCiscoMeraki.yaml x: 51 # contributors y: 75 # changes Parsers/ASimAuthentication/Parsers/vimAuthenticationOktaOSS.yaml x: 95 # contributors y: 155 # changes Parsers/ASimDns/Parsers/ASimDnsMicrosoftSysmon.yaml x: 74 # contributors y: 94 # changes Parsers/ASimDns/Parsers/vimDnsMicrosoftSysmon.yaml x: 54 # contributors y: 66 # changes Parsers/ASimFileEvent/Parsers/ASimFileEvent.yaml x: 58 # contributors y: 92 # changes Parsers/ASimFileEvent/Parsers/ASimFileEventMicrosoftSecurityEvents.yaml x: 13 # contributors y: 9 # changes Parsers/ASimFileEvent/Parsers/ASimFileEventMicrosoftSysmon.yaml x: 34 # contributors y: 39 # changes Parsers/ASimFileEvent/Parsers/ASimFileEventMicrosoftWindowsEvents.yaml x: 34 # contributors y: 42 # changes Parsers/ASimFileEvent/Parsers/imFileEvent.yaml x: 84 # contributors y: 143 # changes Parsers/ASimFileEvent/Parsers/vimFileEventMicrosoftSysmon.yaml x: 51 # contributors y: 68 # changes Parsers/ASimFileEvent/Parsers/vimFileEventMicrosoftWindowsEvents.yaml x: 52 # contributors y: 67 # changes Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionCiscoMeraki.yaml x: 85 # contributors y: 128 # changes Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionMicrosoftSysmon.yaml x: 44 # contributors y: 56 # changes Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionMicrosoftSysmonWindowsEvent.yaml x: 12 # contributors y: 11 # changes Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionMicrosoftWindowsEventFirewall.yaml x: 99 # contributors y: 155 # changes Parsers/ASimNetworkSession/Parsers/vimNetworkSessionCiscoMeraki.yaml x: 85 # contributors y: 129 # changes Parsers/ASimNetworkSession/Parsers/vimNetworkSessionMicrosoftSecurityEventFirewall.yaml x: 15 # contributors y: 18 # changes Parsers/ASimNetworkSession/Parsers/vimNetworkSessionMicrosoftSysmonWindowsEvent.yaml x: 12 # contributors y: 12 # changes Parsers/ASimNetworkSession/Parsers/vimNetworkSessionMicrosoftWindowsEventFirewall.yaml x: 109 # contributors y: 174 # changes Parsers/ASimProcessEvent/Parsers/ASimProcessCreateMicrosoftSysmon.yaml x: 60 # contributors y: 94 # changes Parsers/ASimProcessEvent/Parsers/ASimProcessEvent.yaml x: 88 # contributors y: 136 # changes Parsers/ASimProcessEvent/Parsers/ASimProcessTerminateMicrosoftSysmon.yaml x: 60 # contributors y: 89 # changes Parsers/ASimProcessEvent/Parsers/imProcessEvent.yaml x: 58 # contributors y: 93 # changes Parsers/ASimProcessEvent/Parsers/vimProcessCreateMicrosoftSysmon.yaml x: 71 # contributors y: 110 # changes Parsers/ASimRegistryEvent/Parsers/ASimRegistryEvent.yaml x: 15 # contributors y: 11 # changes Parsers/ASimRegistryEvent/Parsers/vimRegistryEventMicrosoftSecurityEvent.yaml x: 28 # contributors y: 25 # changes Parsers/ASimRegistryEvent/Parsers/vimRegistryEventMicrosoftWindowsEvent.yaml x: 82 # contributors y: 103 # changes Parsers/ASimUserManagement/Parsers/ASimUserManagement.yaml x: 47 # contributors y: 75 # changes Parsers/ASimUserManagement/Parsers/imUserManagement.yaml x: 50 # contributors y: 80 # changes Parsers/ASimUserManagement/Parsers/vimUserManagementMicrosoftSecurityEvent.yaml x: 45 # contributors y: 64 # changes Parsers/ASimWebSession/Parsers/ASimWebSession.yaml x: 144 # contributors y: 251 # changes Parsers/ASimWebSession/Parsers/imWebSession.yaml x: 143 # contributors y: 244 # changes Solutions/Armis/Data Connectors/ArmisAlertsActivities/ArmisAlertActivitySentinelConnector/sentinel.py x: 17 # contributors y: 15 # changes Solutions/Armis/Data Connectors/ArmisAlertsActivities/Exceptions/ArmisExceptions.py x: 18 # contributors y: 18 # changes Solutions/Armis/Parsers/ArmisActivities.yaml x: 44 # contributors y: 49 # changes Solutions/Cisco UCS/Parsers/CiscoUCS.yaml x: 39 # contributors y: 44 # changes Solutions/CiscoMeraki/Parsers/CiscoMeraki.yaml x: 50 # contributors y: 60 # changes Solutions/Cribl/Parsers/CriblAccess.yaml x: 15 # contributors y: 15 # changes Solutions/DNS Essentials/Hunting Queries/AnomalousIncreaseInDNSActivityByClients.yaml x: 51 # contributors y: 54 # changes Solutions/DNS Essentials/Hunting Queries/CVE-2020-1350 (SIGRED)ExploitationPattern.yaml x: 51 # contributors y: 52 # changes Solutions/DNS Essentials/Hunting Queries/ConnectionToUnpopularWebsiteDetected.yaml x: 51 # contributors y: 53 # changes Solutions/DNS Essentials/Hunting Queries/DNSQueryWithFailuresInLast24Hours.yaml x: 51 # contributors y: 55 # changes Solutions/DNS Essentials/Hunting Queries/PossibleDNSTunnelingOrDataExfiltrationActivity.yaml x: 45 # contributors y: 44 # changes Solutions/Digital Guardian Data Loss Prevention/Parsers/DigitalGuardianDLPEvent.yaml x: 15 # contributors y: 12 # changes Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/ClassicReverseIP/__init__.py x: 16 # contributors y: 12 # changes Solutions/ESETPROTECT/Analytic Rules/ESETThreatDetected.yaml x: 90 # contributors y: 91 # changes Solutions/ESETPROTECT/Analytic Rules/ESETWebsiteBlocked.yaml x: 71 # contributors y: 76 # changes Solutions/Fortinet FortiNDR Cloud/Data Connectors/fortinetFortiNdrCloudDataConn/FetchAndSendDetections/__init__.py x: 28 # contributors y: 42 # changes Solutions/Fortinet FortiNDR Cloud/Data Connectors/fortinetFortiNdrCloudDataConn/FetchAndSendDetectionsHistory/__init__.py x: 30 # contributors y: 44 # changes Solutions/Fortinet FortiNDR Cloud/Data Connectors/fortinetFortiNdrCloudDataConn/FncRestClient.py x: 14 # contributors y: 17 # changes Solutions/Fortinet FortiNDR Cloud/Data Connectors/fortinetFortiNdrCloudDataConn/OrchestratorWatchdog/__init__.py x: 39 # contributors y: 66 # changes Solutions/Fortinet FortiNDR Cloud/Parsers/Fortinet_FortiNDR_Cloud.yaml x: 38 # contributors y: 65 # changes Solutions/Global Secure Access/Hunting Queries/ExternalUserAddedRemovedInTeams_HuntVersion.yaml x: 16 # contributors y: 18 # changes Solutions/Illusive Platform/Analytic Rules/Illusive_Detection_Query.yaml x: 63 # contributors y: 90 # changes Solutions/Infoblox NIOS/Parsers/Infoblox_allotherdhcpdTypes.yaml x: 39 # contributors y: 43 # changes Solutions/Infoblox/Analytic Rules/Infoblox-SOCInsight-Detected-APISource.yaml x: 16 # contributors y: 15 # changes Solutions/LastPass/Analytic Rules/TIMapIPEntityToLastPass.yaml x: 66 # contributors y: 70 # changes Solutions/Microsoft 365/Analytic Rules/sharepoint_file_transfer_folders_above_threshold.yaml x: 72 # contributors y: 118 # changes Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/General/Audit Email Preview-Download action.yaml x: 14 # contributors y: 18 # changes Solutions/Microsoft Entra ID/Analytic Rules/ExplicitMFADeny.yaml x: 57 # contributors y: 86 # changes Solutions/Microsoft Entra ID/Analytic Rules/NRT_PIMElevationRequestRejected.yaml x: 55 # contributors y: 60 # changes Solutions/MicrosoftDefenderForEndpoint/Analytic Rules/AquaBlizzardAVHits.yaml x: 48 # contributors y: 47 # changes Solutions/Recorded Future/Analytic Rules/RecordedFutureDomainMalwareC2inDNSEvents.yaml x: 73 # contributors y: 100 # changes Solutions/Recorded Future/Analytic Rules/RecordedFutureIPMalwareC2inAzureActivityEvents.yaml x: 56 # contributors y: 69 # changes Solutions/Silverfort/Analytic Rules/Log4Shell.yaml x: 13 # contributors y: 18 # changes Solutions/SonraiSecurity/Analytic Rules/SonraiNewTicket.yaml x: 73 # contributors y: 94 # changes Solutions/Sophos XG Firewall/Parsers/SophosXGFirewall.yaml x: 42 # contributors y: 49 # changes Solutions/Symantec Endpoint Protection/Parsers/SymantecEndpointProtection.yaml x: 46 # contributors y: 60 # changes Solutions/SymantecProxySG/Parsers/SymantecProxySG.yaml x: 55 # contributors y: 64 # changes Solutions/Syslog/Analytic Rules/squid_cryptomining_pools.yaml x: 61 # contributors y: 89 # changes Solutions/Syslog/Analytic Rules/squid_tor_proxies.yaml x: 59 # contributors y: 79 # changes Solutions/Syslog/Workspace Functions/SyslogConnectorsOverallStatus.yaml x: 28 # contributors y: 29 # changes Solutions/Theom/Analytic Rules/TRIS0001_Dev_secrets_unencrypted.yaml x: 54 # contributors y: 69 # changes Solutions/Threat Intelligence/Analytic Rules/URLEntity_AuditLogs.yaml x: 105 # contributors y: 148 # changes Solutions/Threat Intelligence/Analytic Rules/URLEntity_CloudAppEvents.yaml x: 35 # contributors y: 49 # changes Solutions/Threat Intelligence/Analytic Rules/URLEntity_OfficeActivity.yaml x: 107 # contributors y: 150 # changes Solutions/Vectra XDR/Data Connectors/VectraDataConnector/Audits/audits_collector.py x: 45 # contributors y: 56 # changes Solutions/Vectra XDR/Data Connectors/VectraDataConnector/SharedCode/consts.py x: 52 # contributors y: 74 # changes Solutions/Vectra XDR/Data Connectors/VectraDataConnector/SharedCode/keyvault_secrets_management.py x: 16 # contributors y: 17 # changes Solutions/Vectra XDR/Parsers/VectraDetections.yaml x: 40 # contributors y: 50 # changes Solutions/Veritas NetBackup/Analytic Rules/NetBackup_many_Anomalies.yaml x: 30 # contributors y: 42 # changes Solutions/ZeroFox/Data Connectors/CTI/AzureFunctionZeroFoxCTI/connections/sentinel.py x: 24 # contributors y: 26 # changes Tools/Create-Azure-Sentinel-Solution/pipeline/createSolutionV4.ps1 x: 91 # contributors y: 143 # changes Tools/Sentinel-All-In-One/v2/Scripts/Create-NewSolutionAndRulesFromList.ps1 x: 79 # contributors y: 87 # changes Parsers/ASimAuthentication/Parsers/ASimAuthenticationBarracudaWAF.yaml x: 35 # contributors y: 46 # changes Parsers/ASimAuthentication/Parsers/vimAuthenticationBarracudaWAF.yaml x: 45 # contributors y: 65 # changes Solutions/CrowdStrike Falcon Endpoint Protection/Parsers/CrowdstrikeFalconEventStream.yaml x: 32 # contributors y: 35 # changes Parsers/ASimDns/Parsers/ASimDnsNative.yaml x: 69 # contributors y: 108 # changes Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/shared_code/services/workbench_service.py x: 84 # contributors y: 110 # changes Solutions/Microsoft 365/Analytic Rules/External User added to Team and immediately uploads file.yaml x: 67 # contributors y: 107 # changes DataConnectors/M365Defender-VulnerabilityManagement/functionPackage/GetMDVMData/run.ps1 x: 57 # contributors y: 94 # changes DataConnectors/microsoft-sentinel-log-analytics-logstash-output-plugin/lib/logstash/outputs/microsoft-sentinel-log-analytics-logstash-output-plugin.rb x: 60 # contributors y: 83 # changes DataConnectors/microsoft-sentinel-log-analytics-logstash-output-plugin/lib/logstash/sentinel_la/logstashLoganalyticsConfiguration.rb x: 60 # contributors y: 82 # changes Detections/ASimAuthentication/imAuthSigninsMultipleCountries.yaml x: 115 # contributors y: 149 # changes Detections/ASimProcess/imProcess_SolarWinds_SUNBURST_Process-IOCs.yaml x: 95 # contributors y: 130 # changes Detections/ASimWebSession/UnusualUACryptoMiners.yaml x: 88 # contributors y: 109 # changes Detections/ASimWebSession/UnusualUAHackTool.yaml x: 99 # contributors y: 132 # changes Detections/ASimWebSession/UnusualUAPowershell.yaml x: 88 # contributors y: 110 # changes Detections/CommonSecurityLog/Wazuh-Large_Number_of_Web_errors_from_an_IP.yaml x: 57 # contributors y: 79 # changes Detections/Heartbeat/MissingDCHearbeat.yaml x: 66 # contributors y: 78 # changes Detections/Heartbeat/OMI_vulnerability_detection.yaml x: 87 # contributors y: 116 # changes Detections/MultipleDataSources/RiskyUserIn3Pnetworkactivity.yaml x: 79 # contributors y: 99 # changes Detections/MultipleDataSources/SecurityServiceRegistryACLModification.yaml x: 116 # contributors y: 144 # changes Detections/SigninLogs/AnomalousSingleFactorSignin.yaml x: 22 # contributors y: 18 # changes Solutions/1Password/Analytics Rules/1Password - Changes to SSO configuration.yaml x: 27 # contributors y: 29 # changes Solutions/1Password/Analytics Rules/1Password - Changes to firewall rules.yaml x: 23 # contributors y: 25 # changes Solutions/1Password/Data Connectors/Modules/HelperFunctions/HelperFunctions.psm1 x: 21 # contributors y: 23 # changes Solutions/42Crunch API Protection/Analytic Rules/APIInvalidHostAccess.yaml x: 38 # contributors y: 38 # changes Solutions/ARGOSCloudSecurity/Analytic Rules/ExploitableSecurityIssues.yaml x: 63 # contributors y: 69 # changes Solutions/Amazon Web Services/Analytic Rules/AWS_ClearStopChangeTrailLogs.yaml x: 69 # contributors y: 100 # changes Solutions/Amazon Web Services/Analytic Rules/AWS_FullAdminPolicyAttachedToRolesUsersGroups.yaml x: 86 # contributors y: 102 # changes Solutions/Apache Log4j Vulnerability Detection/Analytic Rules/Log4J_IPIOC_Dec112021.yaml x: 79 # contributors y: 114 # changes Solutions/Authomize/Analytic Rules/Chain_of_3_or_more_roles.yaml x: 47 # contributors y: 64 # changes Solutions/Azure Firewall/Analytic Rules/Azure Firewall - Abnormal Deny Rate for Source IP.yaml x: 81 # contributors y: 97 # changes Solutions/Azure Firewall/Analytic Rules/Azure Firewall - Abnormal Port to Protocol.yaml x: 76 # contributors y: 81 # changes Solutions/Azure Firewall/Analytic Rules/Azure Firewall - Multiple Sources Affected by the Same TI Destination.yaml x: 84 # contributors y: 109 # changes Solutions/BitSight/Analytic Rules/BitSightNewAlertFound.yaml x: 40 # contributors y: 47 # changes Solutions/CTM360/Analytic Rules/AutoGeneratedPage.yaml x: 40 # contributors y: 60 # changes Solutions/CTM360/Analytic Rules/CookiesSamesiteFlagNotUsed.yaml x: 40 # contributors y: 61 # changes Solutions/CTM360/Analytic Rules/ExposedEmailAddress.yaml x: 42 # contributors y: 63 # changes Solutions/Cisco SD-WAN/Analytic Rules/CiscoSDWANSentinelIPSEventThreshold.yaml x: 49 # contributors y: 47 # changes Solutions/Cisco SD-WAN/Analytic Rules/CiscoSDWANSentinelMalwareEvents.yaml x: 49 # contributors y: 48 # changes Solutions/CiscoUmbrella/Analytic Rules/CiscoUmbrellaConnectionNon-CorporatePrivateNetwork.yaml x: 91 # contributors y: 123 # changes Solutions/CiscoUmbrella/Analytic Rules/CiscoUmbrellaConnectionToUnpopularWebsiteDetected.yaml x: 94 # contributors y: 115 # changes Solutions/CiscoUmbrella/Analytic Rules/CiscoUmbrellaRequestBlocklistedFileType.yaml x: 76 # contributors y: 88 # changes Solutions/Cloud Identity Threat Protection Essentials/Hunting Queries/Signins-From-VPS-Providers.yaml x: 97 # contributors y: 148 # changes Solutions/CofenseTriage/Data Connectors/CofenseTriageDataConnector/CofenseBasedIndicatorCreator/cofense_to_sentinel_mapping.py x: 62 # contributors y: 62 # changes Solutions/CofenseTriage/Data Connectors/CofenseTriageDataConnector/RetryFailedIndicators/__init__.py x: 18 # contributors y: 16 # changes Solutions/CofenseTriage/Data Connectors/CofenseTriageDataConnector/SharedCode/consts.py x: 44 # contributors y: 42 # changes Solutions/Contrast Protect/Analytic Rules/ContrastBlocks.yaml x: 54 # contributors y: 72 # changes Solutions/Corelight/Analytic Rules/CorelightC2RepetitiveFailures.yaml x: 103 # contributors y: 138 # changes Solutions/Cyware/Hunting queries/DetectingSuspiciousPowerShellCommandExecutions.yaml x: 18 # contributors y: 17 # changes Solutions/Dev 0270 Detection and Hunting/Analytic Rules/Dev-0270NewUserSep2022.yaml x: 47 # contributors y: 57 # changes Solutions/Dev 0270 Detection and Hunting/Analytic Rules/Dev-0270RegistryIOCSep2022.yaml x: 60 # contributors y: 78 # changes Solutions/Dynatrace/Analytic Rules/DynatraceApplicationSecurity_CodeLevelVulnerabilityDetection.yaml x: 60 # contributors y: 101 # changes Solutions/Dynatrace/Analytic Rules/DynatraceApplicationSecurity_NonCriticalVulnerabilityDetection.yaml x: 60 # contributors y: 99 # changes Solutions/Dynatrace/Analytic Rules/DynatraceApplicationSecurity_ThirdPartyVulnerabilityDetection.yaml x: 60 # contributors y: 100 # changes Solutions/Dynatrace/Analytic Rules/Dynatrace_ProblemDetection.yaml x: 57 # contributors y: 85 # changes Solutions/Endpoint Threat Protection Essentials/Analytic Rules/PotentialRemoteDesktopTunneling.yaml x: 65 # contributors y: 84 # changes Solutions/Endpoint Threat Protection Essentials/Analytic Rules/WindowsBinariesExecutedfromNon-DefaultDirectory.yaml x: 64 # contributors y: 83 # changes Solutions/Endpoint Threat Protection Essentials/Hunting Queries/RemoteLoginPerformedwithWMI.yaml x: 59 # contributors y: 67 # changes Solutions/Endpoint Threat Protection Essentials/Hunting Queries/RemoteScheduledTaskCreationUpdateUsingATSVCNamedPipe.yaml x: 68 # contributors y: 90 # changes Solutions/Endpoint Threat Protection Essentials/Hunting Queries/SignedBinaryProxyExecutionRundll32.yaml x: 59 # contributors y: 68 # changes Solutions/Eset Security Management Center/Analytic Rules/eset-sites-blocked.yaml x: 33 # contributors y: 35 # changes Solutions/FalconFriday/Analytic Rules/CertifiedPreOwned-TGTs-requested.yaml x: 51 # contributors y: 57 # changes Solutions/GreyNoiseThreatIntelligence/Analytic Rules/GreyNoise_IPEntity_CustomSecurityLog.yaml x: 38 # contributors y: 54 # changes Solutions/GreyNoiseThreatIntelligence/Analytic Rules/GreyNoise_IPEntity_DnsEvents.yaml x: 38 # contributors y: 52 # changes Solutions/GreyNoiseThreatIntelligence/Analytic Rules/GreyNoise_IPEntity_SigninLogs.yaml x: 32 # contributors y: 39 # changes Solutions/GreyNoiseThreatIntelligence/Analytic Rules/GreyNoise_IPEntity_imNetworkSession.yaml x: 40 # contributors y: 64 # changes Solutions/IPinfo/Data Connectors/Company/AzureFunctionIPinfoCompany/constants.py x: 18 # contributors y: 13 # changes Solutions/Infoblox SOC Insights/Analytic Rules/Infoblox-SOCInsightDetected-CDCSource.yaml x: 23 # contributors y: 30 # changes Solutions/Legacy IOC based Threat Protection/Deprecated Analytic Rules/Manganese_VPN-IOCs.yaml x: 38 # contributors y: 43 # changes Solutions/Microsoft Defender XDR/Analytic Rules/PossiblePhishingwithCSL&NetworkSession.yaml x: 44 # contributors y: 63 # changes Solutions/Microsoft Entra ID/Analytic Rules/ADFSDomainTrustMods.yaml x: 45 # contributors y: 66 # changes Solutions/Microsoft Entra ID/Analytic Rules/AccountCreatedDeletedByNonApprovedUser.yaml x: 43 # contributors y: 57 # changes Solutions/Microsoft Entra ID/Analytic Rules/CredentialAddedAfterAdminConsent.yaml x: 40 # contributors y: 54 # changes Solutions/Microsoft Entra ID/Analytic Rules/NRT_ADFSDomainTrustMods.yaml x: 46 # contributors y: 61 # changes Solutions/MicrosoftDefenderForEndpoint/Hunting Queries/MDE_Process-IOCs.yaml x: 53 # contributors y: 62 # changes Solutions/ProofPointTap/Analytic Rules/MalwareAttachmentDelivered.yaml x: 98 # contributors y: 130 # changes Solutions/Radiflow/Analytic Rules/RadiflowExploitDetected.yaml x: 18 # contributors y: 20 # changes Solutions/Radiflow/Analytic Rules/RadiflowNetworkScanningDetected.yaml x: 18 # contributors y: 22 # changes Solutions/Radiflow/Analytic Rules/RadiflowPolicyViolationDetected.yaml x: 18 # contributors y: 24 # changes Solutions/Radiflow/Analytic Rules/RadiflowSuspiciousMaliciousActivityDetected.yaml x: 18 # contributors y: 19 # changes Solutions/Recorded Future/Analytic Rules/ThreatHunting/RecordedFutureThreatHuntingDomainAllActors.yaml x: 41 # contributors y: 65 # changes Solutions/Recorded Future/Analytic Rules/ThreatHunting/RecordedFutureThreatHuntingIPAllActors.yaml x: 41 # contributors y: 64 # changes Solutions/RidgeSecurity/Analytic Rules/RidgeSecurity_Risks.yaml x: 36 # contributors y: 43 # changes Solutions/SlackAudit/Analytic Rules/SlackAuditUnknownUA.yaml x: 89 # contributors y: 104 # changes Solutions/Snowflake/Analytic Rules/SnowflakeDiscoveryActivity.yaml x: 54 # contributors y: 62 # changes Solutions/SonicWall Firewall/Analytic Rules/AllowedInboundSSHTelnetRDPConnections.yaml x: 23 # contributors y: 34 # changes Solutions/SpyCloud Enterprise Protection/Analytic Rules/SpyCloudEnterpriseProtectionMalwareRule.yaml x: 36 # contributors y: 44 # changes Solutions/Syslog/Workspace Functions/SyslogConnectorsEventVolumebyDeviceProduct.yaml x: 17 # contributors y: 14 # changes Solutions/Threat Intelligence/Analytic Rules/DomainEntity_CommonSecurityLog.yaml x: 99 # contributors y: 124 # changes Solutions/Threat Intelligence/Analytic Rules/DomainEntity_DeviceNetworkEvents.yaml x: 36 # contributors y: 39 # changes Solutions/Threat Intelligence/Analytic Rules/DomainEntity_DnsEvents.yaml x: 106 # contributors y: 146 # changes Solutions/Threat Intelligence/Analytic Rules/DomainEntity_EmailEvents.yaml x: 46 # contributors y: 70 # changes Solutions/Threat Intelligence/Analytic Rules/DomainEntity_PaloAlto.yaml x: 102 # contributors y: 133 # changes Solutions/Threat Intelligence/Analytic Rules/DomainEntity_SecurityAlert.yaml x: 107 # contributors y: 151 # changes Solutions/Threat Intelligence/Analytic Rules/DomainEntity_imWebSession.yaml x: 99 # contributors y: 140 # changes Solutions/Threat Intelligence/Analytic Rules/EmailEntity_AzureActivity.yaml x: 100 # contributors y: 137 # changes Solutions/Threat Intelligence/Analytic Rules/EmailEntity_EmailEvents.yaml x: 43 # contributors y: 55 # changes Solutions/Threat Intelligence/Analytic Rules/EmailEntity_PaloAlto.yaml x: 92 # contributors y: 121 # changes Solutions/Threat Intelligence/Analytic Rules/EmailEntity_SecurityEvent.yaml x: 93 # contributors y: 122 # changes Solutions/Threat Intelligence/Analytic Rules/EmailEntity_SigninLogs.yaml x: 99 # contributors y: 136 # changes Solutions/Threat Intelligence/Analytic Rules/FileHashEntity_CommonSecurityLog.yaml x: 99 # contributors y: 135 # changes Solutions/Threat Intelligence/Analytic Rules/IPEntity_AWSCloudTrail.yaml x: 100 # contributors y: 131 # changes Solutions/Threat Intelligence/Analytic Rules/IPEntity_AppServiceHTTPLogs.yaml x: 107 # contributors y: 148 # changes Solutions/Threat Intelligence/Analytic Rules/IPEntity_AzureActivity.yaml x: 112 # contributors y: 164 # changes Solutions/Threat Intelligence/Analytic Rules/IPEntity_AzureKeyVault.yaml x: 103 # contributors y: 143 # changes Solutions/Threat Intelligence/Analytic Rules/IPEntity_AzureNetworkAnalytics.yaml x: 107 # contributors y: 146 # changes Solutions/Threat Intelligence/Analytic Rules/IPEntity_DeviceNetworkEvents.yaml x: 37 # contributors y: 41 # changes Solutions/Threat Intelligence/Analytic Rules/IPEntity_DuoSecurity.yaml x: 97 # contributors y: 127 # changes Solutions/Threat Intelligence/Analytic Rules/IPEntity_OfficeActivity.yaml x: 109 # contributors y: 152 # changes Solutions/Threat Intelligence/Analytic Rules/IPEntity_SigninLogs.yaml x: 71 # contributors y: 81 # changes Solutions/Threat Intelligence/Analytic Rules/IPEntity_VMConnection.yaml x: 99 # contributors y: 130 # changes Solutions/Threat Intelligence/Analytic Rules/IPEntity_imNetworkSession.yaml x: 78 # contributors y: 93 # changes Solutions/Threat Intelligence/Analytic Rules/URLEntity_EmailUrlInfo.yaml x: 43 # contributors y: 54 # changes Solutions/Threat Intelligence/Analytic Rules/URLEntity_SecurityAlerts.yaml x: 94 # contributors y: 124 # changes Solutions/Threat Intelligence/Analytic Rules/imDns_IPEntity_DnsEvents.yaml x: 84 # contributors y: 114 # changes Solutions/ThreatConnect/Analytic Rules/ThreatConnect_DomainEntity_DnsEvents.yaml x: 40 # contributors y: 45 # changes Solutions/ThreatConnect/Analytic Rules/ThreatConnect_IPEntity_NetworkSessions.yaml x: 41 # contributors y: 53 # changes Solutions/Trend Micro Vision One/Analytic Rules/Create Incident for XDR Alerts.yaml x: 61 # contributors y: 69 # changes Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/queue_trigger_wb/__init__.py x: 69 # contributors y: 95 # changes Solutions/VaronisSaaS/Data Connectors/VaronisSaaSFunction/Varonis.Sentinel.Functions/Constants.cs x: 16 # contributors y: 14 # changes Solutions/VaronisSaaS/Data Connectors/VaronisSaaSFunction/Varonis.Sentinel.Functions/DatAlert/DatAlertClient.cs x: 31 # contributors y: 40 # changes Solutions/VaronisSaaS/Data Connectors/VaronisSaaSFunction/Varonis.Sentinel.Functions/DatAlert/DatAlertParams.cs x: 31 # contributors y: 39 # changes Solutions/VaronisSaaS/Data Connectors/VaronisSaaSFunction/Varonis.Sentinel.Functions/FetchDataFunction.cs x: 32 # contributors y: 43 # changes Solutions/Web Shells Threat Protection/Analytic Rules/PotentialMercury_Webshell.yaml x: 63 # contributors y: 67 # changes Solutions/vArmour Application Controller/Analytic Rules/vArmourApplicationControllerSMBRealmTraversal.yaml x: 54 # contributors y: 74 # changes DataConnectors/AWS-S3/Enviornment/EnviornmentConstants.ps1 x: 40 # contributors y: 56 # changes Detections/ASimAuthentication/imAuthBruteForce.yaml x: 111 # contributors y: 162 # changes Detections/ASimDNS/imDns_HighNXDomainCount_detection.yaml x: 97 # contributors y: 135 # changes Detections/ASimWebSession/ExcessiveNetworkFailuresFromSource.yaml x: 94 # contributors y: 126 # changes Detections/ASimWebSession/PossibleDGAContacts.yaml x: 110 # contributors y: 152 # changes Detections/AzureActivity/RareRunCommandPowerShellScript.yaml x: 127 # contributors y: 192 # changes Detections/CommonSecurityLog/Fortinet-NetworkBeaconPattern.yaml x: 110 # contributors y: 138 # changes Detections/LAQueryLogs/UserSearchingForVIPUserActivity.yaml x: 117 # contributors y: 156 # changes Detections/MultipleDataSources/AAD_PAVPN_Correlation.yaml x: 115 # contributors y: 156 # changes Detections/MultipleDataSources/AuditPolicyManipulation_using_auditpol.yaml x: 109 # contributors y: 146 # changes Detections/MultipleDataSources/ExchangeWorkerProcessMakingRemoteCall.yaml x: 81 # contributors y: 110 # changes Detections/MultipleDataSources/MalformedUserAgents.yaml x: 144 # contributors y: 203 # changes Detections/MultipleDataSources/MultiplePasswordresetsbyUser.yaml x: 152 # contributors y: 223 # changes Detections/MultipleDataSources/RunCommandUEBABreach.yaml x: 129 # contributors y: 187 # changes Detections/MultipleDataSources/SigninFirewallCorrelation.yaml x: 140 # contributors y: 201 # changes Detections/MultipleDataSources/SuspiciousModificationofGlobalAdminProperties.yaml x: 93 # contributors y: 126 # changes Detections/MultipleDataSources/SuspiciousVMInstanceCreationActivity.yaml x: 55 # contributors y: 77 # changes Detections/MultipleDataSources/TimeSeriesAnomaly-MultiVendor_DataExfiltration.yaml x: 139 # contributors y: 188 # changes Detections/PulseConnectSecure/PulseConnectSecureVPN-CVE_2021_22893_Exploit.yaml x: 56 # contributors y: 77 # changes Detections/SecurityAlert/Dev-0530AVHits.yaml x: 84 # contributors y: 118 # changes Detections/SecurityAlert/EuropiumAVHits.yaml x: 73 # contributors y: 108 # changes Detections/SecurityAlert/HiveRansomwareAVHits.yaml x: 85 # contributors y: 116 # changes Detections/SecurityAlert/MDE_hitsforADFandAzureSynapsePipelines.yaml x: 73 # contributors y: 110 # changes Detections/SecurityEvent/GroupCreatedAddedToPrivlegeGroup_1h.yaml x: 140 # contributors y: 202 # changes Detections/SecurityEvent/PotentialKerberoast.yaml x: 137 # contributors y: 188 # changes Detections/SecurityEvent/UserAccountAddedToPrivlegeGroup_1h.yaml x: 155 # contributors y: 234 # changes Detections/SecurityEvent/UserAccountCreatedDeleted_10m.yaml x: 141 # contributors y: 190 # changes Detections/SecurityEvent/UserAccountEnabledDisabled_10m.yaml x: 142 # contributors y: 198 # changes Detections/SecurityNestedRecommendation/OMIGODVulnerableMachines.yaml x: 70 # contributors y: 88 # changes Detections/W3CIISLog/HighFailedLogonCountByClientIP.yaml x: 116 # contributors y: 156 # changes Detections/W3CIISLog/HighPortCountByClientIP.yaml x: 104 # contributors y: 139 # changes Detections/ZoomLogs/E2EEDisbaled.yaml x: 106 # contributors y: 145 # changes Detections/ZoomLogs/ExternalUserAccess.yaml x: 123 # contributors y: 164 # changes Detections/ZoomLogs/JoiningMeetingFromAnotherTimeZone.yaml x: 128 # contributors y: 175 # changes Hunting Queries/CloudAppEvents/SetPolicyConfigInCloudAppEvents.yaml x: 20 # contributors y: 25 # changes Hunting Queries/Microsoft 365 Defender/Credential Access/Attempts to request Kerberos service ticket using the AS service.yaml x: 19 # contributors y: 21 # changes Hunting Queries/Microsoft 365 Defender/Execution/detect-impacket-atexec.yaml x: 21 # contributors y: 20 # changes Hunting Queries/Microsoft 365 Defender/Execution/detect-impacket-psexec-module.yaml x: 20 # contributors y: 22 # changes Hunting Queries/Microsoft 365 Defender/Initial access/ActiveDirectory_Account_lockout_and_unlocks.yaml x: 32 # contributors y: 42 # changes Parsers/ASimAuthentication/Parsers/ASimAuthenticationPostgreSQL.yaml x: 60 # contributors y: 92 # changes Parsers/ASimAuthentication/Parsers/vimAuthenticationAWSCloudTrail.yaml x: 79 # contributors y: 119 # changes Parsers/ASimAuthentication/Parsers/vimAuthenticationCiscoASA.yaml x: 46 # contributors y: 67 # changes Parsers/ASimAuthentication/Parsers/vimAuthenticationCiscoISE.yaml x: 49 # contributors y: 68 # changes Parsers/ASimAuthentication/Parsers/vimAuthenticationCrowdStrikeFalconHost.yaml x: 33 # contributors y: 40 # changes Parsers/ASimAuthentication/Parsers/vimAuthenticationMicrosoftMD4IoT.yaml x: 51 # contributors y: 76 # changes Parsers/ASimAuthentication/Parsers/vimAuthenticationPaloAltoCortexDataLake.yaml x: 31 # contributors y: 42 # changes Parsers/ASimAuthentication/Parsers/vimAuthenticationPostgreSQL.yaml x: 79 # contributors y: 127 # changes Parsers/ASimAuthentication/Parsers/vimAuthenticationSentinelOne.yaml x: 31 # contributors y: 53 # changes Parsers/ASimAuthentication/Parsers/vimAuthenticationSshd.yaml x: 59 # contributors y: 94 # changes Parsers/ASimAuthentication/Parsers/vimAuthenticationVMwareCarbonBlackCloud.yaml x: 33 # contributors y: 47 # changes Parsers/ASimAuthentication/Parsers/vimAuthenticationVectraXDRAudit.yaml x: 43 # contributors y: 59 # changes Parsers/ASimWebSession/Parsers/ASimWebSessionSonicWallFirewall.yaml x: 15 # contributors y: 23 # changes Parsers/ASimWebSession/Parsers/vimWebSessionSonicWallFirewall.yaml x: 16 # contributors y: 24 # changes Solutions/Amazon Web Services/Analytic Rules/NRT_AWS_ConsoleLogonWithoutMFA.yaml x: 61 # contributors y: 88 # changes Solutions/Amazon Web Services/Hunting Queries/AWS_FailedBruteForceS3Bucket.yaml x: 41 # contributors y: 44 # changes Solutions/Apache Log4j Vulnerability Detection/Analytic Rules/AzureWAFmatching_log4j_vuln.yaml x: 68 # contributors y: 84 # changes Solutions/Apache Log4j Vulnerability Detection/Analytic Rules/Log4jVulnerableMachines.yaml x: 70 # contributors y: 82 # changes Solutions/AtlassianJiraAudit/Playbooks/Sync-CommentsFunctionApp/Sync-Comment.ps1 x: 41 # contributors y: 46 # changes Solutions/Attacker Tools Threat Protection Essentials/Analytic Rules/CredentialDumpingServiceInstallation.yaml x: 61 # contributors y: 66 # changes Solutions/Attacker Tools Threat Protection Essentials/Hunting Queries/CobaltDNSBeacon.yaml x: 73 # contributors y: 102 # changes Solutions/Auth0/Data Connectors/Auth0Connector/main.py x: 78 # contributors y: 131 # changes Solutions/Azure Activity/Hunting Queries/AnalyticsRulesAdministrativeOperations.yaml x: 56 # contributors y: 66 # changes Solutions/Azure Key Vault/Analytic Rules/KeyvaultMassSecretRetrieval.yaml x: 77 # contributors y: 111 # changes Solutions/Azure Web Application Firewall (WAF)/Analytic Rules/MaliciousWAFSessions.yaml x: 65 # contributors y: 88 # changes Solutions/Bitwarden/Parsers/BitwardenEventLogs.yaml x: 19 # contributors y: 22 # changes Solutions/Business Email Compromise - Financial Fraud/Analytic Rules/PrivilegedAccountPermissionsChanged.yaml x: 69 # contributors y: 111 # changes Solutions/Business Email Compromise - Financial Fraud/Analytic Rules/SuspiciousAccessOfBECRelatedDocuments.yaml x: 60 # contributors y: 98 # changes Solutions/Business Email Compromise - Financial Fraud/Analytic Rules/SuspiciousAccessOfBECRelatedDocumentsInAWSS3Buckets.yaml x: 49 # contributors y: 76 # changes Solutions/CrowdStrike Falcon Endpoint Protection/Data Connectors/CrowdStrikeFalconAdversaryIntelligence/CrowdStrikeFalconThreatIntelConnector/__init__.py x: 19 # contributors y: 23 # changes Solutions/CyberArkAudit/Data Connectors/CyberArkAuditConnector/main.py x: 15 # contributors y: 19 # changes Solutions/Cybersixgill-Actionable-Alerts/Data Connectors/CybersixgillAlerts/__init__.py x: 65 # contributors y: 69 # changes Solutions/FalconFriday/Analytic Rules/DisableOrModifyWindowsDefender.yaml x: 57 # contributors y: 73 # changes Solutions/FalconFriday/Analytic Rules/OfficeProcessInjection.yaml x: 57 # contributors y: 74 # changes Solutions/Fortinet FortiNDR Cloud/Data Connectors/fortinetFortiNdrCloudDataConn/FetchAndSendEvents/__init__.py x: 23 # contributors y: 33 # changes Solutions/GitHub/Analytic Rules/(Preview) GitHub - Two Factor Authentication Disabled in GitHub.yaml x: 51 # contributors y: 59 # changes Solutions/GitHub/Analytic Rules/(Preview) GitHub - User was invited to the repository.yaml x: 40 # contributors y: 44 # changes Solutions/HolmSecurity/Data Connectors/AzureFunctionHolmSecurityAssetsConn/__init__.py x: 38 # contributors y: 42 # changes Solutions/Legacy IOC based Threat Protection/Hunting Queries/ForestBlizzard_IOC_RetroHunt.yaml x: 64 # contributors y: 80 # changes Solutions/Microsoft 365/Analytic Rules/ExternalUserAddedRemovedInTeams.yaml x: 68 # contributors y: 104 # changes Solutions/Microsoft 365/Analytic Rules/Mail_redirect_via_ExO_transport_rule.yaml x: 64 # contributors y: 104 # changes Solutions/Microsoft 365/Analytic Rules/SharePoint_Downloads_byNewUserAgent.yaml x: 88 # contributors y: 131 # changes Solutions/Microsoft 365/Analytic Rules/exchange_auditlogdisabled.yaml x: 73 # contributors y: 114 # changes Solutions/Microsoft Defender XDR/Analytic Rules/Impact/AnomalousVoulmeOfFileDeletion.yaml x: 25 # contributors y: 35 # changes Solutions/Microsoft Defender XDR/Analytic Rules/Ransomware/PotentialCobaltStrikeRansomwareActivity.yaml x: 23 # contributors y: 36 # changes Solutions/Microsoft Defender XDR/Hunting Queries/Impact/AnomalousVoulmeOfFileDeletion.yaml x: 35 # contributors y: 43 # changes Solutions/Microsoft Entra ID/Analytic Rules/AccountCreatedandDeletedinShortTimeframe.yaml x: 35 # contributors y: 41 # changes Solutions/Microsoft Entra ID/Analytic Rules/AuthenticationMethodsChangedforPrivilegedAccount.yaml x: 44 # contributors y: 61 # changes Solutions/Microsoft Entra ID/Analytic Rules/AzureAADPowerShellAnomaly.yaml x: 35 # contributors y: 42 # changes Solutions/Microsoft Entra ID/Analytic Rules/AzurePortalSigninfromanotherAzureTenant.yaml x: 40 # contributors y: 52 # changes Solutions/Microsoft Entra ID/Analytic Rules/MFASpammingfollowedbySuccessfullogin.yaml x: 47 # contributors y: 63 # changes Solutions/Microsoft Entra ID/Analytic Rules/UnusualGuestActivity.yaml x: 52 # contributors y: 80 # changes Solutions/Microsoft Exchange Security - Exchange On-Premises/Parsers/ExchangeConfiguration.yaml x: 57 # contributors y: 89 # changes Solutions/Microsoft Exchange Security - Exchange Online/Parsers/ExchangeConfiguration.yaml x: 60 # contributors y: 93 # changes Solutions/Microsoft Exchange Security - Exchange Online/Parsers/ExchangeEnvironmentList.yaml x: 46 # contributors y: 65 # changes Solutions/Microsoft Exchange Security - Exchange Online/Parsers/MESCheckOnlineVIP.yaml x: 19 # contributors y: 30 # changes Solutions/Multi Cloud Attack Coverage Essentials - Resource Abuse/Analytic Rules/BrutforceAttemptOnAzurePortalAndAWSConsolAtSameTime.yaml x: 36 # contributors y: 46 # changes Solutions/Netskopev2/Analytic Rules/NetskopeWebTxErrors.yaml x: 20 # contributors y: 24 # changes Solutions/Network Session Essentials/Analytic Rules/AnomalyFoundInNetworkSessionTraffic.yaml x: 45 # contributors y: 51 # changes Solutions/Network Session Essentials/Analytic Rules/DetectPortMisuseByAnomalyBasedDetection.yaml x: 54 # contributors y: 75 # changes Solutions/Network Session Essentials/Analytic Rules/ExcessiveHTTPFailuresFromSource.yaml x: 58 # contributors y: 79 # changes Solutions/Network Session Essentials/Analytic Rules/PortScan.yaml x: 47 # contributors y: 58 # changes Solutions/Network Threat Protection Essentials/Analytic Rules/NetworkEndpointCorrelation.yaml x: 61 # contributors y: 73 # changes Solutions/Network Threat Protection Essentials/Analytic Rules/NewUserAgentLast24h.yaml x: 63 # contributors y: 80 # changes Solutions/Proofpoint On demand(POD) Email Security/Parsers/ProofpointPOD.yaml x: 44 # contributors y: 55 # changes Solutions/SecurityThreatEssentialSolution/Analytic Rules/Threat_Essentials_TimeSeriesAnomaly-MultiVendor_DataExfiltration.yaml x: 84 # contributors y: 98 # changes Solutions/SecurityThreatEssentialSolution/Analytic Rules/Threat_Essentials_TimeSeriesAnomaly_Mass_Cloud_Resource_Deletions.yaml x: 77 # contributors y: 84 # changes Solutions/SenservaPro/Analytic Rules/AdminMFA.yaml x: 80 # contributors y: 104 # changes Solutions/Syslog/Analytic Rules/FailedLogonAttempts_UnknownUser.yaml x: 65 # contributors y: 100 # changes Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/shared_code/models/oat.py x: 65 # contributors y: 67 # changes Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/shared_code/models/rca.py x: 22 # contributors y: 22 # changes Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/shared_code/services/oat_service.py x: 79 # contributors y: 89 # changes Solutions/Web Session Essentials/Analytic Rules/CommandInURL.yaml x: 48 # contributors y: 55 # changes Solutions/Web Session Essentials/Analytic Rules/MultipleUAsFromSingleIP.yaml x: 48 # contributors y: 53 # changes Solutions/Web Session Essentials/Analytic Rules/RareUserAgentDetected.yaml x: 48 # contributors y: 54 # changes Solutions/Web Session Essentials/Analytic Rules/RarelyRequestedResources.yaml x: 56 # contributors y: 78 # changes Solutions/Web Shells Threat Protection/Analytic Rules/MaliciousAlertLinkedWebRequests.yaml x: 58 # contributors y: 63 # changes Solutions/Web Shells Threat Protection/Analytic Rules/Supernovawebshell.yaml x: 54 # contributors y: 56 # changes Solutions/Windows Forwarded Events/Analytic Rules/ChiaCryptoMining_WindowsEvent.yaml x: 50 # contributors y: 63 # changes Solutions/Windows Security Events/Analytic Rules/ADFSRemoteAuthSyncConnection.yaml x: 48 # contributors y: 65 # changes Solutions/Windows Security Events/Analytic Rules/ExcessiveLogonFailures.yaml x: 65 # contributors y: 75 # changes Solutions/Windows Security Events/Analytic Rules/ExchangeOABVirtualDirectoryAttributeContainingPotentialWebshell.yaml x: 70 # contributors y: 96 # changes Solutions/Windows Security Events/Analytic Rules/NRT_base64_encoded_pefile.yaml x: 59 # contributors y: 64 # changes Solutions/Windows Security Events/Analytic Rules/TimeSeriesAnomaly-ProcessExecutions.yaml x: 70 # contributors y: 87 # changes Solutions/Windows Security Events/Analytic Rules/password_not_set.yaml x: 67 # contributors y: 93 # changes Solutions/Windows Server DNS/Analytic Rules/DNS_Miners.yaml x: 62 # contributors y: 82 # changes Solutions/Windows Server DNS/Analytic Rules/NRT_DNS_Related_To_Mining_Pools.yaml x: 57 # contributors y: 71 # changes Solutions/Zinc Open Source/Analytic Rules/ZincOctober2022_AVHits_IOC.yaml x: 67 # contributors y: 72 # changes Solutions/Zinc Open Source/Analytic Rules/ZincOctober2022_IP_Domain_Hash_IOC.yaml x: 92 # contributors y: 116 # changes Tools/ConvertYamlToJson/ConvertSentinelRuleFrom-Yaml.ps1 x: 60 # contributors y: 84 # changes ASIM/schemas/ASimAuditEvent.yaml x: 74 # contributors y: 98 # changes ASIM/schemas/entities/ASimApp.yaml x: 81 # contributors y: 111 # changes DataConnectors/AWS-S3/ConfigAwsConnector.ps1 x: 81 # contributors y: 92 # changes DataConnectors/AWS-S3/ConfigCustomLogDataConnector.ps1 x: 56 # contributors y: 57 # changes DataConnectors/GCP/Terraform/sentinel_resources_creation/GCPAuditLogsSetup/GCPAuditLogsSetup.tf x: 77 # contributors y: 109 # changes DataConnectors/GCP/Terraform/sentinel_resources_creation/GCPInitialAuthenticationSetup/GCPInitialAuthenticationSetup.tf x: 78 # contributors y: 112 # changes DataConnectors/M365Defender-VulnerabilityManagement/functionPackage/Modules/AzMon.Ingestion/AzMon.Ingestion.psd1 x: 22 # contributors y: 25 # changes DataConnectors/M365Defender-VulnerabilityManagement/maintenance/buildFiles.ps1 x: 50 # contributors y: 57 # changes DataConnectors/Syslog/Sentinel_AMA_troubleshoot.py x: 82 # contributors y: 123 # changes DataConnectors/Templates/Connector_REST_API_AzureFunctionApp_template/Template_REST_API_AzureFunction_App_Code/Template_REST_API_Function_App_Python/Template_REST_API_Function_App_Python.py x: 52 # contributors y: 56 # changes Detections/ASimProcess/imFileEvent_Dev-0228FilePathHashesNovember2021(ASIMVersion).yaml x: 53 # contributors y: 71 # changes Detections/AuditLogs/ServicePrincipalAssignedPrivilegedRole.yaml x: 66 # contributors y: 100 # changes Detections/MultipleDataSources/Accountcreatedfromnon-approvedsources.yaml x: 73 # contributors y: 120 # changes Detections/SecurityEvent/password_never_expires.yaml x: 137 # contributors y: 193 # changes Hunting Queries/Microsoft 365 Defender/Defense evasion/regsvr32-rundll32-image-loads-abnormal-extension.yaml x: 21 # contributors y: 25 # changes Hunting Queries/Microsoft 365 Defender/Discovery/ConnectedNetworkDeviceDiscovery.yaml x: 22 # contributors y: 28 # changes Hunting Queries/SigninLogs/MFASpamming.yaml x: 23 # contributors y: 24 # changes Hunting Queries/SigninLogs/MFAUserBlocked.yaml x: 107 # contributors y: 133 # changes Parsers/ASimAuthentication/Parsers/ASimAuthenticationAADManagedIdentity.yaml x: 84 # contributors y: 129 # changes Parsers/ASimAuthentication/Parsers/ASimAuthenticationAADNonInteractive.yaml x: 94 # contributors y: 134 # changes Parsers/ASimAuthentication/Parsers/ASimAuthenticationGoogleWorkspace.yaml x: 25 # contributors y: 27 # changes Parsers/ASimAuthentication/Parsers/ASimAuthenticationSalesforceSC.yaml x: 26 # contributors y: 38 # changes Parsers/ASimAuthentication/Parsers/vimAuthenticationAADManagedIdentity.yaml x: 78 # contributors y: 122 # changes Parsers/ASimAuthentication/Parsers/vimAuthenticationAADNonInteractive.yaml x: 80 # contributors y: 117 # changes Parsers/ASimAuthentication/Parsers/vimAuthenticationAADServicePrincipalSignInLogs.yaml x: 78 # contributors y: 121 # changes Parsers/ASimAuthentication/Parsers/vimAuthenticationEmpty.yaml x: 76 # contributors y: 116 # changes Parsers/ASimAuthentication/Parsers/vimAuthenticationGoogleWorkspace.yaml x: 28 # contributors y: 37 # changes Parsers/ASimAuthentication/Parsers/vimAuthenticationM365Defender.yaml x: 86 # contributors y: 132 # changes Parsers/ASimAuthentication/Parsers/vimAuthenticationSalesforceSC.yaml x: 29 # contributors y: 43 # changes Parsers/ASimDhcpEvent/Parsers/ASimDhcpEventNative.yaml x: 23 # contributors y: 20 # changes Parsers/ASimFileEvent/Parsers/ASimFileEventGoogleWorkspace.yaml x: 25 # contributors y: 26 # changes Parsers/ASimFileEvent/Parsers/vimFileEventEmpty.yaml x: 63 # contributors y: 99 # changes Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionPaloAltoCEF.yaml x: 86 # contributors y: 124 # changes Parsers/ASimNetworkSession/Parsers/vimNetworkSessionCorelightZeek.yaml x: 51 # contributors y: 66 # changes Parsers/ASimNetworkSession/Parsers/vimNetworkSessionPaloAltoCEF.yaml x: 91 # contributors y: 132 # changes Parsers/ASimNetworkSession/Parsers/vimNetworkSessionVMConnection.yaml x: 81 # contributors y: 114 # changes Parsers/ASimNetworkSession/Parsers/vimNetworkSessionWatchGuardFirewareOS.yaml x: 47 # contributors y: 52 # changes Parsers/ASimProcessEvent/Parsers/ASimProcessEventCreate.yaml x: 66 # contributors y: 103 # changes Parsers/ASimProcessEvent/Parsers/ASimProcessEventTerminate.yaml x: 61 # contributors y: 91 # changes Parsers/ASimProcessEvent/Parsers/imProcessCreate.yaml x: 98 # contributors y: 154 # changes Parsers/ASimProcessEvent/Parsers/imProcessTerminate.yaml x: 75 # contributors y: 116 # changes Parsers/ASimRegistryEvent/Parsers/vimRegistryEventEmpty.yaml x: 53 # contributors y: 60 # changes Parsers/ASimUserManagement/Parsers/ASimUserManagementCiscoISE.yaml x: 46 # contributors y: 52 # changes Parsers/ASimUserManagement/Parsers/ASimUserManagementNative.yaml x: 22 # contributors y: 20 # changes Parsers/ASimUserManagement/Parsers/ASimUserManagementSentinelOne.yaml x: 36 # contributors y: 52 # changes Parsers/ASimUserManagement/Parsers/vimUserManagementEmpty.yaml x: 48 # contributors y: 71 # changes Solutions/Armis/Data Connectors/ArmisActivities/ArmisActivitySentinelConnector/__init__.py x: 62 # contributors y: 74 # changes Solutions/Azure Activity/Analytic Rules/AADHybridHealthADFSNewServer.yaml x: 72 # contributors y: 98 # changes Solutions/Azure Activity/Analytic Rules/Creating_Anomalous_Number_Of_Resources_detection.yaml x: 62 # contributors y: 85 # changes Solutions/Azure Activity/Analytic Rules/NRT-AADHybridHealthADFSNewServer.yaml x: 72 # contributors y: 93 # changes Solutions/Azure Activity/Analytic Rules/NRT_Creation_of_Expensive_Computes_in_Azure.yaml x: 71 # contributors y: 92 # changes Solutions/Azure Firewall/Analytic Rules/SeveralDenyActionsRegistered.yaml x: 84 # contributors y: 95 # changes Solutions/Azure Key Vault/Analytic Rules/KeyVaultSensitiveOperations.yaml x: 68 # contributors y: 89 # changes Solutions/BitSight/Data Connectors/BitSightDataConnector/AlertsGraphStatisticsDetails/__init__.py x: 44 # contributors y: 53 # changes Solutions/Business Email Compromise - Financial Fraud/Analytic Rules/AccountElevatedtoNewRole.yaml x: 59 # contributors y: 91 # changes Solutions/Business Email Compromise - Financial Fraud/Analytic Rules/AuthenticationMethodChangedforPrivilegedAccount.yaml x: 64 # contributors y: 102 # changes Solutions/Business Email Compromise - Financial Fraud/Analytic Rules/BEC_MailboxRule.yaml x: 47 # contributors y: 67 # changes Solutions/Business Email Compromise - Financial Fraud/Hunting Queries/LegacyAuthAttempt.yaml x: 64 # contributors y: 91 # changes Solutions/CiscoDuoSecurity/Parsers/CiscoDuo.yaml x: 46 # contributors y: 58 # changes Solutions/Cloud Identity Threat Protection Essentials/Hunting Queries/DisabledAccountSigninAttempts.yaml x: 84 # contributors y: 119 # changes Solutions/Cloud Identity Threat Protection Essentials/Hunting Queries/Signins-from-NordVPN-Providers.yaml x: 89 # contributors y: 134 # changes Solutions/Cloud Identity Threat Protection Essentials/Hunting Queries/SuspiciousSignintoPrivilegedAccount.yaml x: 88 # contributors y: 129 # changes Solutions/Cloud Service Threat Protection Essentials/Hunting Queries/AzureResourceAssignedPublicIP.yaml x: 67 # contributors y: 79 # changes Solutions/Corelight/Hunting Queries/CorelightRepetitiveDnsFailures.yaml x: 67 # contributors y: 82 # changes Solutions/DNS Essentials/Analytic Rules/NgrokReverseProxyOnNetwork.yaml x: 24 # contributors y: 22 # changes Solutions/Endpoint Threat Protection Essentials/Analytic Rules/SuspiciousPowerShellCommandExecuted.yaml x: 30 # contributors y: 34 # changes Solutions/Endpoint Threat Protection Essentials/Analytic Rules/base64_encoded_pefile.yaml x: 60 # contributors y: 71 # changes Solutions/Endpoint Threat Protection Essentials/Analytic Rules/execute_base64_decodedpayload.yaml x: 57 # contributors y: 68 # changes Solutions/Endpoint Threat Protection Essentials/Hunting Queries/ASimProcess_CertutilLoLBins.yaml x: 24 # contributors y: 21 # changes Solutions/Endpoint Threat Protection Essentials/Hunting Queries/BackupDeletion.yaml x: 56 # contributors y: 75 # changes Solutions/Endpoint Threat Protection Essentials/Hunting Queries/PersistViaIFEORegistryKey.yaml x: 59 # contributors y: 77 # changes Solutions/Endpoint Threat Protection Essentials/Hunting Queries/SuspiciousPowerShellCommandExecution.yaml x: 25 # contributors y: 28 # changes Solutions/GitHub/Analytic Rules/(Preview) GitHub - A payment method was removed.yaml x: 45 # contributors y: 47 # changes Solutions/GoogleWorkspaceReports/Data Connectors/GWorkspaceReportsAPISentinelConn/GWorkspaceReports-QueueTrigger/__init__.py x: 30 # contributors y: 36 # changes Solutions/Microsoft 365/Analytic Rules/Office_MailForwarding.yaml x: 62 # contributors y: 92 # changes Solutions/Microsoft 365/Analytic Rules/Office_Uploaded_Executables.yaml x: 68 # contributors y: 97 # changes Solutions/Microsoft 365/Analytic Rules/SharePoint_Downloads_byNewIP.yaml x: 70 # contributors y: 94 # changes Solutions/Microsoft Defender XDR/Analytic Rules/Campaign/Jupyter-Solarmaker/DeimosComponentExecution.yaml x: 17 # contributors y: 19 # changes Solutions/Microsoft Defender XDR/Analytic Rules/Discovery/SuspiciousCommandInitiatedByWebServerProcess.yaml x: 17 # contributors y: 20 # changes Solutions/Microsoft Defender XDR/Hunting Queries/Campaigns/JudgementPandaExfilActivity.yaml x: 28 # contributors y: 27 # changes Solutions/Microsoft Defender XDR/Hunting Queries/Discovery/SuspiciousCommandInitiatedByWebServerProcess.yaml x: 32 # contributors y: 33 # changes Solutions/Microsoft Defender XDR/Hunting Queries/Execution/PowerShellDownloads.yaml x: 28 # contributors y: 28 # changes Solutions/Microsoft Entra ID/Analytic Rules/NRT_NewAppOrServicePrincipalCredential.yaml x: 50 # contributors y: 70 # changes Solutions/Microsoft Entra ID/Analytic Rules/NRT_UseraddedtoPrivilgedGroups.yaml x: 48 # contributors y: 66 # changes Solutions/Microsoft Windows SQL Server Database Audit/Hunting Queries/SQL-Failed SQL Logons.yaml x: 66 # contributors y: 66 # changes Solutions/Network Session Essentials/Hunting Queries/Detect Outbound LDAP Traffic(ASIM Network Session schema).yaml x: 21 # contributors y: 24 # changes Solutions/Network Session Essentials/Hunting Queries/Protocols passing authentication in cleartext (ASIM Network Session schema).yaml x: 21 # contributors y: 22 # changes Solutions/Prancer PenSuiteAI Integration/Analytic Rules/Disks_High_Severity.yaml x: 45 # contributors y: 61 # changes Solutions/Prancer PenSuiteAI Integration/Analytic Rules/Flow_Logs_High_Severity.yaml x: 50 # contributors y: 61 # changes Solutions/Sophos Endpoint Protection/Data Connectors/AzureFunctionSophos/main.py x: 41 # contributors y: 52 # changes Solutions/Syslog/Hunting Queries/CryptoCurrencyMiners.yaml x: 48 # contributors y: 70 # changes Solutions/Syslog/Hunting Queries/SCXExecuteRunAsProviders.yaml x: 48 # contributors y: 68 # changes Solutions/VMware Carbon Black Cloud/Data Connectors/AzureFunctionVMwareCarbonBlack/AlertsApiTimer/run.ps1 x: 22 # contributors y: 27 # changes Solutions/VMware SD-WAN and SASE/Analytic Rules/vmw-sdwan-device-congestion.yaml x: 22 # contributors y: 23 # changes Solutions/Veritas NetBackup/Analytic Rules/NetBackup_many_login_fail.yaml x: 22 # contributors y: 29 # changes Solutions/Windows Security Events/Hunting Queries/CommandsexecutedbyWMIonnewhosts-potentialImpacket.yaml x: 62 # contributors y: 72 # changes Solutions/Windows Security Events/Hunting Queries/CreateDCInstallationMedia.yaml x: 57 # contributors y: 63 # changes Solutions/Windows Security Events/Hunting Queries/WindowsSystemTimeChange.yaml x: 61 # contributors y: 70 # changes Solutions/WithSecureElementsViaFunction/Data Connectors/WithSecureElementsAzureFunction/__init__.py x: 23 # contributors y: 23 # changes Parsers/ASimRegistryEvent/Parsers/VimRegistryEventMicrosoftSecurityEvent.yaml x: 1 # contributors y: 3 # changes ASIM/dev/ASimTester/Validate-ASimCsv/Validate-ASimCsv.ps1 x: 26 # contributors y: 29 # changes ASIM/lib/functions/ASIM_GetUserType.yaml x: 38 # contributors y: 37 # changes ASIM/lib/functions/ASIM_GetWindowsUserType.yaml x: 52 # contributors y: 64 # changes ASIM/schemas/ASimAuthentication.yaml x: 71 # contributors y: 90 # changes ASIM/schemas/ASimDns.yaml x: 72 # contributors y: 90 # changes ASIM/schemas/ASimFileEvent.yaml x: 78 # contributors y: 110 # changes ASIM/schemas/ASimNotification.yaml x: 48 # contributors y: 44 # changes ASIM/schemas/ASimRegistryEvent.yaml x: 27 # contributors y: 33 # changes ASIM/schemas/common/ASimEventFields.yaml x: 56 # contributors y: 73 # changes ASIM/schemas/common/ASimInspectionFields.yaml x: 59 # contributors y: 70 # changes ASIM/schemas/entities/ASimProcess.yaml x: 63 # contributors y: 78 # changes ASIM/schemas/entities/ASimSystem.yaml x: 70 # contributors y: 90 # changes ASIM/schemas/entities/ASimUser.yaml x: 53 # contributors y: 59 # changes DataConnectors/CEF/cef_installer.py x: 94 # contributors y: 129 # changes DataConnectors/CEF/cef_troubleshoot.py x: 101 # contributors y: 145 # changes DataConnectors/DocuSign-SecurityEvents/AzureFunctionDocuSignMonitor/DocuSignMonitorTimerTrigger/run.ps1 x: 57 # contributors y: 62 # changes DataConnectors/M365Defender-VulnerabilityManagement/functionPackage/profile.ps1 x: 35 # contributors y: 32 # changes DataConnectors/Templates/Connector_REST_API_AzureFunctionApp_template/Template_REST_API_AzureFunction_App_Code/Template_REST_API_Function_App_C#/Template_REST_API_Function_App_C#.cs x: 32 # contributors y: 28 # changes DataConnectors/microsoft-sentinel-log-analytics-logstash-output-plugin/lib/logstash/sentinel_la/customSizeBasedBuffer.rb x: 29 # contributors y: 28 # changes Detections/ASimAuthentication/imSigninAttemptsByIPviaDisabledAccounts.yaml x: 79 # contributors y: 97 # changes Detections/ASimDNS/imDNS_Miners.yaml x: 113 # contributors y: 148 # changes Detections/ASimDNS/imDNS_TorProxies.yaml x: 105 # contributors y: 136 # changes Detections/ASimDNS/imDns_DomainEntity_DnsEvents.yaml x: 74 # contributors y: 93 # changes Detections/ASimDNS/imDns_ExcessiveNXDOMAINDNSQueries.yaml x: 107 # contributors y: 139 # changes Detections/ASimDNS/imDns_IPEntity_DnsEvents.yaml x: 96 # contributors y: 121 # changes Detections/ASimFileEvent/SuspiciousAccessOfBECRelatedDocuments.yaml x: 44 # contributors y: 51 # changes Detections/ASimFileEvent/imFileESolarWindsSunburstSupernova.yaml x: 100 # contributors y: 141 # changes Detections/ASimNetworkSession/ExcessiveHTTPFailuresFromSource.yaml x: 67 # contributors y: 80 # changes Detections/ASimProcess/imProcess_MidnightBlizzard_SuspiciousRundll32Exec.yaml x: 69 # contributors y: 84 # changes Detections/ASimProcess/imProcess_base64_encoded_pefile.yaml x: 88 # contributors y: 117 # changes Detections/ASimProcess/imProcess_malware_in_recyclebin.yaml x: 96 # contributors y: 132 # changes Detections/ASimWebSession/DiscordCDNRiskyFileDownload_ASim.yaml x: 66 # contributors y: 89 # changes Detections/ASimWebSession/PotentiallyHarmfulFileTypes.yaml x: 102 # contributors y: 115 # changes Detections/AWSCloudTrail/AWS_ChangeToRDSDatabase.yaml x: 109 # contributors y: 135 # changes Detections/AWSCloudTrail/AWS_ChangeToVPC.yaml x: 117 # contributors y: 150 # changes Detections/AWSCloudTrail/AWS_ClearStopChangeTrailLogs.yaml x: 111 # contributors y: 138 # changes Detections/AWSCloudTrail/AWS_ConsoleLogonWithoutMFA.yaml x: 101 # contributors y: 124 # changes Detections/AWSCloudTrail/AWS_FullAdminPolicyAttachedToRolesUsersGroups.yaml x: 97 # contributors y: 116 # changes Detections/AWSCloudTrail/AWS_IngressEgressSecurityGroupChange.yaml x: 101 # contributors y: 125 # changes Detections/AWSGuardDuty/AWS_GuardDuty_template.yaml x: 81 # contributors y: 84 # changes Detections/Anomalies/SignInAnomaly.yaml x: 58 # contributors y: 64 # changes Detections/AuditLogs/ADFSDomainTrustMods.yaml x: 131 # contributors y: 172 # changes Detections/AuditLogs/AccountCreatedDeletedByNonApprovedUser.yaml x: 85 # contributors y: 113 # changes Detections/AuditLogs/AdminPromoAfterRoleMgmtAppPermissionGrant.yaml x: 98 # contributors y: 125 # changes Detections/AuditLogs/ApplicationIDURIChanged.yaml x: 65 # contributors y: 98 # changes Detections/AuditLogs/BulkChangestoPrivilegedAccountPermissions.yaml x: 84 # contributors y: 116 # changes Detections/AuditLogs/ChangestoApplicationOwnership.yaml x: 69 # contributors y: 105 # changes Detections/AuditLogs/ConditionalAccessPolicyModifiedbyNewUser.yaml x: 79 # contributors y: 125 # changes Detections/AuditLogs/CredentialAddedAfterAdminConsent.yaml x: 120 # contributors y: 152 # changes Detections/AuditLogs/FirstAppOrServicePrincipalCredential.yaml x: 137 # contributors y: 179 # changes Detections/AuditLogs/GuestAccountsAddedinAADGroupsOtherThanTheOnesSpecified.yaml x: 72 # contributors y: 99 # changes Detections/AuditLogs/MailPermissionsAddedToApplication.yaml x: 117 # contributors y: 149 # changes Detections/AuditLogs/MaliciousOAuthApp_O365AttackToolkit.yaml x: 118 # contributors y: 143 # changes Detections/AuditLogs/MultipleAdmin_membership_removals_from_NewAdmin.yaml x: 77 # contributors y: 91 # changes Detections/AuditLogs/NRT_ADFSDomainTrustMods.yaml x: 86 # contributors y: 99 # changes Detections/AuditLogs/NRT_PrivlegedRoleAssignedOutsidePIM.yaml x: 77 # contributors y: 93 # changes Detections/AuditLogs/NRT_UseraddedtoPrivilgedGroups.yaml x: 88 # contributors y: 103 # changes Detections/AuditLogs/NewAppOrServicePrincipalCredential.yaml x: 134 # contributors y: 174 # changes Detections/AuditLogs/PrivilegedAccountPermissionsChanged.yaml x: 58 # contributors y: 80 # changes Detections/AuditLogs/PrivlegedRoleAssignedOutsidePIM.yaml x: 95 # contributors y: 115 # changes Detections/AuditLogs/RareApplicationConsent.yaml x: 131 # contributors y: 173 # changes Detections/AuditLogs/ServicePrincipalAssignedAppRoleWithSensitiveAccess.yaml x: 71 # contributors y: 112 # changes Detections/AuditLogs/SuspiciousLinkingofExternalIdtoExistingUsers.yaml x: 68 # contributors y: 100 # changes Detections/AuditLogs/SuspiciousOAuthApp_OfflineAccess.yaml x: 115 # contributors y: 141 # changes Detections/AuditLogs/SuspiciousServicePrincipalcreationactivity.yaml x: 100 # contributors y: 127 # changes Detections/AuditLogs/URLAddedtoApplicationfromUnknownDomain.yaml x: 92 # contributors y: 134 # changes Detections/AuditLogs/UserAccountCreatedUsingIncorrectNamingFormat.yaml x: 56 # contributors y: 80 # changes Detections/AuditLogs/UserAssignedPrivilegedRole.yaml x: 92 # contributors y: 126 # changes Detections/AuditLogs/UseraddedtoPrivilgedGroups.yaml x: 142 # contributors y: 191 # changes Detections/AzureActivity/AADHybridHealthADFSNewServer.yaml x: 84 # contributors y: 103 # changes Detections/AzureActivity/AADHybridHealthADFSServiceDelete.yaml x: 85 # contributors y: 105 # changes Detections/AzureActivity/AADHybridHealthADFSSuspApp.yaml x: 84 # contributors y: 104 # changes Detections/AzureActivity/AzDiagSettingsDeleted.yaml x: 71 # contributors y: 95 # changes Detections/AzureActivity/Creating_Anomalous_Number_Of_Resources_detection.yaml x: 101 # contributors y: 126 # changes Detections/AzureActivity/NRT_Creation_of_Expensive_Computes_in_Azure.yaml x: 56 # contributors y: 61 # changes Detections/AzureActivity/New-CloudShell-User.yaml x: 94 # contributors y: 112 # changes Detections/AzureActivity/NewResourceGroupsDeployedTo.yaml x: 108 # contributors y: 137 # changes Detections/AzureActivity/RareOperations.yaml x: 104 # contributors y: 130 # changes Detections/AzureActivity/TimeSeriesAnomaly_Mass_Cloud_Resource_Deletions.yaml x: 53 # contributors y: 58 # changes Detections/AzureAppServices/AVScan_Failure.yaml x: 95 # contributors y: 122 # changes Detections/AzureDiagnostics/KeyVaultSensitiveOperations.yaml x: 119 # contributors y: 146 # changes Detections/AzureDiagnostics/KeyvaultMassSecretRetrieval.yaml x: 125 # contributors y: 174 # changes Detections/AzureDiagnostics/MaliciousWAFSessions.yaml x: 98 # contributors y: 137 # changes Detections/AzureDiagnostics/NRT_KeyVaultSensitiveOperations.yaml x: 66 # contributors y: 69 # changes Detections/AzureDiagnostics/TimeSeriesKeyvaultAccessAnomaly.yaml x: 117 # contributors y: 145 # changes Detections/AzureFirewall/SeveralDenyActionsRegistered.yaml x: 121 # contributors y: 156 # changes Detections/BehaviorAnalytics/SuspiciousSigninByAADConnectAccount.yaml x: 71 # contributors y: 98 # changes Detections/CiscoUmbrella/CiscoUmbrellaConnectionNon-CorporatePrivateNetwork.yaml x: 82 # contributors y: 100 # changes Detections/CiscoUmbrella/CiscoUmbrellaConnectionToUnpopularWebsiteDetected.yaml x: 92 # contributors y: 113 # changes Detections/CiscoUmbrella/CiscoUmbrellaRequestAllowedHarmfulMaliciousURICategory.yaml x: 82 # contributors y: 98 # changes Detections/CiscoUmbrella/CiscoUmbrellaRequestBlocklistedFileType.yaml x: 72 # contributors y: 86 # changes Detections/CommonSecurityLog/CiscoASA-AvgAttackDetectRateIncrease.yaml x: 83 # contributors y: 90 # changes Detections/CommonSecurityLog/CiscoASA-ThreatDetectionMessage.yaml x: 88 # contributors y: 100 # changes Detections/CommonSecurityLog/PaloAlto-NetworkBeaconing.yaml x: 98 # contributors y: 107 # changes Detections/CommonSecurityLog/PaloAlto-PortScanning.yaml x: 102 # contributors y: 118 # changes Detections/CommonSecurityLog/PaloAlto-UnusualThreatSignatures.yaml x: 40 # contributors y: 40 # changes Detections/DeviceEvents/SolarWinds_TEARDROP_Process-IOCs.yaml x: 136 # contributors y: 196 # changes Detections/DeviceFileEvents/SolarWinds_SUNBURST_&_SUPERNOVA_File-IOCs.yaml x: 132 # contributors y: 175 # changes Detections/DeviceNetworkEvents/SolarWinds_SUNBURST_Network-IOCs.yaml x: 133 # contributors y: 179 # changes Detections/DeviceProcessEvents/AdFind_Usage.yaml x: 95 # contributors y: 107 # changes Detections/DeviceProcessEvents/SolarWinds_SUNBURST_Process-IOCs.yaml x: 128 # contributors y: 160 # changes Detections/DnsEvents/DNS_HighNXDomainCount_detection.yaml x: 105 # contributors y: 134 # changes Detections/DnsEvents/DNS_Miners.yaml x: 108 # contributors y: 136 # changes Detections/DnsEvents/DNS_TorProxies.yaml x: 106 # contributors y: 135 # changes Detections/DnsEvents/NRT_DNS_Related_To_Mining_Pools.yaml x: 65 # contributors y: 70 # changes Detections/GitHub/(Preview) GitHub - Activities from Infrequent Country.yaml x: 30 # contributors y: 29 # changes Detections/GitHub/Security Vulnerability in Repo.yaml x: 90 # contributors y: 109 # changes Detections/GitHub/Threat Intel Matches to GitHub Audit Logs.yaml x: 94 # contributors y: 117 # changes Detections/MultipleDataSources/AADAWSConsoleCorrelation.yaml x: 119 # contributors y: 173 # changes Detections/MultipleDataSources/ADFS-DKM-MasterKey-Export.yaml x: 126 # contributors y: 170 # changes Detections/MultipleDataSources/AWSConsoleAADCorrelation.yaml x: 133 # contributors y: 190 # changes Detections/MultipleDataSources/AdditionalFilesUploadedByActor.yaml x: 104 # contributors y: 126 # changes Detections/MultipleDataSources/AquaBlizzardFeb2022.yaml x: 55 # contributors y: 57 # changes Detections/MultipleDataSources/AuthenticationMethodsChangedforPrivilegedAccount.yaml x: 115 # contributors y: 155 # changes Detections/MultipleDataSources/BariumDomainIOC112020.yaml x: 142 # contributors y: 193 # changes Detections/MultipleDataSources/BariumIPIOC112020.yaml x: 144 # contributors y: 206 # changes Detections/MultipleDataSources/COMRegistryKeyModifiedtoPointtoFileinColorDrivers.yaml x: 67 # contributors y: 101 # changes Detections/MultipleDataSources/ChiaCryptoMining.yaml x: 98 # contributors y: 116 # changes Detections/MultipleDataSources/CrossCloudUnauthorizedCredentialsAccessDetection.yaml x: 47 # contributors y: 60 # changes Detections/MultipleDataSources/DEV-0322_SolarWinds_Serv-U_IOC.yaml x: 98 # contributors y: 117 # changes Detections/MultipleDataSources/Dev-0228FilePathHashesNovember2021.yaml x: 98 # contributors y: 126 # changes Detections/MultipleDataSources/Dev-0270NewUserSep2022.yaml x: 47 # contributors y: 53 # changes Detections/MultipleDataSources/Dev-0530_FileExtRename.yaml x: 76 # contributors y: 106 # changes Detections/MultipleDataSources/EUROPIUM _September2022.yaml x: 74 # contributors y: 107 # changes Detections/MultipleDataSources/EmailAccessviaActiveSync.yaml x: 116 # contributors y: 158 # changes Detections/MultipleDataSources/ExchangeServerVulnerabilitiesMarch2021IoCs.yaml x: 145 # contributors y: 199 # changes Detections/MultipleDataSources/GainCodeExecutionADFSviaWMI.yaml x: 102 # contributors y: 126 # changes Detections/MultipleDataSources/HostAADCorrelation.yaml x: 127 # contributors y: 191 # changes Detections/MultipleDataSources/Mercury_Log4j_August2022.yaml x: 71 # contributors y: 102 # changes Detections/MultipleDataSources/NetworkEndpointCorrelation.yaml x: 120 # contributors y: 171 # changes Detections/MultipleDataSources/NewUserAgentLast24h.yaml x: 107 # contributors y: 143 # changes Detections/MultipleDataSources/PHOSPHORUSMarch2019IOCs.yaml x: 141 # contributors y: 192 # changes Detections/MultipleDataSources/PhishinglinkExecutionObserved.yaml x: 68 # contributors y: 81 # changes Detections/MultipleDataSources/PotentialBuildProcessCompromiseMDE.yaml x: 105 # contributors y: 141 # changes Detections/MultipleDataSources/SUNSPOTHashes.yaml x: 100 # contributors y: 132 # changes Detections/MultipleDataSources/SUNSPOTLogFile.yaml x: 113 # contributors y: 150 # changes Detections/MultipleDataSources/Solorigate-Network-Beacon.yaml x: 138 # contributors y: 185 # changes Detections/MultipleDataSources/Solorigate-VM-Network.yaml x: 100 # contributors y: 124 # changes Detections/MultipleDataSources/SucessfullSiginFromPhingLink.yaml x: 79 # contributors y: 102 # changes Detections/MultipleDataSources/UnusualGuestActivity.yaml x: 98 # contributors y: 141 # changes Detections/MultipleDataSources/UserAgentSearch_log4j.yaml x: 70 # contributors y: 83 # changes Detections/MultipleDataSources/WSLMalwareCorrelation.yaml x: 103 # contributors y: 149 # changes Detections/OfficeActivity/BEC_MailboxRule.yaml x: 50 # contributors y: 47 # changes Detections/OfficeActivity/ExternalUserAddedRemovedInTeams.yaml x: 114 # contributors y: 163 # changes Detections/OfficeActivity/ForestBlizzardCredHarvesting.yaml x: 37 # contributors y: 34 # changes Detections/OfficeActivity/Malicious_Inbox_Rule.yaml x: 100 # contributors y: 125 # changes Detections/OfficeActivity/MultipleTeamsDeletes.yaml x: 97 # contributors y: 121 # changes Detections/OfficeActivity/Office_MailForwarding.yaml x: 117 # contributors y: 169 # changes Detections/OfficeActivity/Office_Uploaded_Executables.yaml x: 88 # contributors y: 105 # changes Detections/OfficeActivity/RareOfficeOperations.yaml x: 128 # contributors y: 177 # changes Detections/OfficeActivity/SharePoint_Downloads_byNewIP.yaml x: 93 # contributors y: 118 # changes Detections/OfficeActivity/SharePoint_Downloads_byNewUserAgent.yaml x: 98 # contributors y: 129 # changes Detections/OfficeActivity/exchange_auditlogdisabled.yaml x: 105 # contributors y: 131 # changes Detections/OfficeActivity/office_policytampering.yaml x: 112 # contributors y: 143 # changes Detections/ProofpointPOD/ProofpointPODBinaryInAttachment.yaml x: 91 # contributors y: 128 # changes Detections/ProofpointPOD/ProofpointPODEmailSenderIPinTIList.yaml x: 100 # contributors y: 122 # changes Detections/ProofpointPOD/ProofpointPODEmailSenderInTIList.yaml x: 104 # contributors y: 133 # changes Detections/ProofpointPOD/ProofpointPODHighRiskNotDiscarded.yaml x: 91 # contributors y: 129 # changes Detections/ProofpointPOD/ProofpointPODMultipleProtectedEmailsToUnknownRecipient.yaml x: 100 # contributors y: 139 # changes Detections/ProofpointPOD/ProofpointPODWeakCiphers.yaml x: 96 # contributors y: 138 # changes Detections/QualysVM/NewHighSeverityVulnDetectedAcrossMulitpleHosts.yaml x: 93 # contributors y: 121 # changes Detections/QualysVMV2/HighNumberofVulnDetectedV2.yaml x: 74 # contributors y: 86 # changes Detections/SecurityAlert/AVTarrask.yaml x: 73 # contributors y: 98 # changes Detections/SecurityAlert/AVdetectionsrelatedtoUkrainebasedthreats.yaml x: 79 # contributors y: 103 # changes Detections/SecurityAlert/CorrelateIPC_Unfamiliar-Atypical.yaml x: 125 # contributors y: 160 # changes Detections/SecurityAlert/DetectPIMAlertDisablingActivity.yaml x: 70 # contributors y: 95 # changes Detections/SecurityAlert/Massdownload_USBFileCopy.yaml x: 67 # contributors y: 92 # changes Detections/SecurityAlert/Solorigate-Defender-Detections.yaml x: 116 # contributors y: 151 # changes Detections/SecurityEvent/AADHealthMonAgentRegKeyAccess.yaml x: 97 # contributors y: 134 # changes Detections/SecurityEvent/AADHealthSvcAgentRegKeyAccess.yaml x: 88 # contributors y: 119 # changes Detections/SecurityEvent/ADFSDBNamedPipeConnection.yaml x: 76 # contributors y: 90 # changes Detections/SecurityEvent/AdminSDHolder_Modifications.yaml x: 63 # contributors y: 72 # changes Detections/SecurityEvent/COMEventSystemLoadingNewDLL.yaml x: 71 # contributors y: 78 # changes Detections/SecurityEvent/CredentialDumpingServiceInstallation.yaml x: 63 # contributors y: 82 # changes Detections/SecurityEvent/DSRMAccountAbuse.yaml x: 58 # contributors y: 67 # changes Detections/SecurityEvent/ExchangeOABVirtualDirectoryAttributeContainingPotentialWebshell.yaml x: 85 # contributors y: 109 # changes Detections/SecurityEvent/GainCodeExecutionADFSViaSMB.yaml x: 102 # contributors y: 125 # changes Detections/SecurityEvent/MidnightBlizzard_SuspiciousScriptRegistryWrite.yaml x: 57 # contributors y: 64 # changes Detections/SecurityEvent/MultipleFailedFollowedBySuccess.yaml x: 88 # contributors y: 107 # changes Detections/SecurityEvent/NRT_SecurityEventLogCleared.yaml x: 60 # contributors y: 66 # changes Detections/SecurityEvent/NonDCActiveDirectoryReplication.yaml x: 67 # contributors y: 83 # changes Detections/SecurityEvent/PotentialBuildProcessCompromise.yaml x: 110 # contributors y: 142 # changes Detections/SecurityEvent/PotentialFodhelperUACBypass.yaml x: 66 # contributors y: 88 # changes Detections/SecurityEvent/Potentialre-namedsdeleteusage.yaml x: 66 # contributors y: 90 # changes Detections/SecurityEvent/RDP_MultipleConnectionsFromSingleSystem.yaml x: 128 # contributors y: 170 # changes Detections/SecurityEvent/RDP_RareConnection.yaml x: 117 # contributors y: 158 # changes Detections/SecurityEvent/RegistryPersistenceViaAppInt_DLLsModification.yaml x: 50 # contributors y: 59 # changes Detections/SecurityEvent/SdeletedeployedviaGPOandrunrecursively.yaml x: 67 # contributors y: 89 # changes Detections/SecurityEvent/SecurityEventLogCleared.yaml x: 120 # contributors y: 162 # changes Detections/SecurityEvent/SilkTyphoonNewUMServiceChildProcess.yaml x: 58 # contributors y: 62 # changes Detections/SecurityEvent/SolorigateNamedPipe.yaml x: 124 # contributors y: 168 # changes Detections/SecurityEvent/TimeSeriesAnomaly-ProcessExecutions.yaml x: 120 # contributors y: 151 # changes Detections/SecurityEvent/UserCreatedAddedToBuiltinAdmins_1d.yaml x: 126 # contributors y: 164 # changes Detections/SecurityEvent/WindowsBinariesExecutedfromNon-DefaultDirectory.yaml x: 58 # contributors y: 65 # changes Detections/SecurityEvent/base64_encoded_pefile.yaml x: 108 # contributors y: 142 # changes Detections/SecurityEvent/gte_6_FailedLogons_10m.yaml x: 159 # contributors y: 226 # changes Detections/SecurityEvent/malware_in_recyclebin.yaml x: 113 # contributors y: 155 # changes Detections/SecurityEvent/password_not_set.yaml x: 106 # contributors y: 134 # changes Detections/SecurityEvent/powershell_empire.yaml x: 131 # contributors y: 176 # changes Detections/SecurityNestedRecommendation/Log4jVulnerableMachines.yaml x: 59 # contributors y: 65 # changes Detections/SigninLogs/ADFSSignInLogsPasswordSpray.yaml x: 76 # contributors y: 97 # changes Detections/SigninLogs/AnomalousUserAppSigninLocationIncrease-detection.yaml x: 116 # contributors y: 143 # changes Detections/SigninLogs/AuthenticationAttemptfromNewCountry.yaml x: 90 # contributors y: 121 # changes Detections/SigninLogs/AuthenticationsofPrivilegedAccountsOutsideofExpectedControls.yaml x: 59 # contributors y: 84 # changes Detections/SigninLogs/AzureAADPowerShellAnomaly.yaml x: 133 # contributors y: 170 # changes Detections/SigninLogs/AzurePortalSigninfromanotherAzureTenant.yaml x: 109 # contributors y: 139 # changes Detections/SigninLogs/BruteForceCloudPC.yaml x: 85 # contributors y: 110 # changes Detections/SigninLogs/BypassCondAccessRule.yaml x: 124 # contributors y: 159 # changes Detections/SigninLogs/DisabledAccountSigninsAcrossManyApplications.yaml x: 123 # contributors y: 157 # changes Detections/SigninLogs/DistribPassCrackAttempt.yaml x: 126 # contributors y: 166 # changes Detections/SigninLogs/FailedLogonToAzurePortal.yaml x: 135 # contributors y: 178 # changes Detections/SigninLogs/MFARejectedbyUser.yaml x: 109 # contributors y: 144 # changes Detections/SigninLogs/PrivilegedUserLogonfromnewASN.yaml x: 99 # contributors y: 152 # changes Detections/SigninLogs/SeamlessSSOPasswordSpray.yaml x: 76 # contributors y: 91 # changes Detections/SigninLogs/Sign-in Burst from Multiple Locations.yaml x: 103 # contributors y: 129 # changes Detections/SigninLogs/SigninAttemptsByIPviaDisabledAccounts.yaml x: 126 # contributors y: 165 # changes Detections/SigninLogs/SigninBruteForce-AzurePortal.yaml x: 137 # contributors y: 191 # changes Detections/SigninLogs/SigninPasswordSpray.yaml x: 127 # contributors y: 164 # changes Detections/SigninLogs/SuccessThenFail_DiffIP_SameUserandApp.yaml x: 123 # contributors y: 160 # changes Detections/Syslog/NRT_squid_events_for_mining_pools.yaml x: 58 # contributors y: 69 # changes Detections/Syslog/squid_cryptomining_pools.yaml x: 100 # contributors y: 130 # changes Detections/Syslog/ssh_potentialBruteForce.yaml x: 107 # contributors y: 144 # changes Detections/ThreatIntelligenceIndicator/DomainEntity_CommonSecurityLog.yaml x: 105 # contributors y: 138 # changes Detections/ThreatIntelligenceIndicator/DomainEntity_DnsEvents.yaml x: 117 # contributors y: 154 # changes Detections/ThreatIntelligenceIndicator/DomainEntity_PaloAlto.yaml x: 108 # contributors y: 149 # changes Detections/ThreatIntelligenceIndicator/DomainEntity_SecurityAlert.yaml x: 117 # contributors y: 155 # changes Detections/ThreatIntelligenceIndicator/DomainEntity_Syslog.yaml x: 110 # contributors y: 144 # changes Detections/ThreatIntelligenceIndicator/EmailEntity_AzureActivity.yaml x: 116 # contributors y: 152 # changes Detections/ThreatIntelligenceIndicator/EmailEntity_OfficeActivity.yaml x: 112 # contributors y: 144 # changes Detections/ThreatIntelligenceIndicator/EmailEntity_SecurityAlert.yaml x: 112 # contributors y: 145 # changes Detections/ThreatIntelligenceIndicator/EmailEntity_SecurityEvent.yaml x: 122 # contributors y: 163 # changes Detections/ThreatIntelligenceIndicator/FileHashEntity_CommonSecurityLog.yaml x: 120 # contributors y: 169 # changes Detections/ThreatIntelligenceIndicator/FileHashEntity_SecurityEvent.yaml x: 128 # contributors y: 184 # changes Detections/ThreatIntelligenceIndicator/IPEntity_AWSCloudTrail.yaml x: 110 # contributors y: 140 # changes Detections/ThreatIntelligenceIndicator/IPEntity_AppServiceHTTPLogs.yaml x: 114 # contributors y: 145 # changes Detections/ThreatIntelligenceIndicator/IPEntity_AzureActivity.yaml x: 114 # contributors y: 151 # changes Detections/ThreatIntelligenceIndicator/IPEntity_AzureKeyVault.yaml x: 87 # contributors y: 115 # changes Detections/ThreatIntelligenceIndicator/IPEntity_AzureNetworkAnalytics.yaml x: 115 # contributors y: 147 # changes Detections/ThreatIntelligenceIndicator/IPEntity_AzureSQL.yaml x: 83 # contributors y: 111 # changes Detections/ThreatIntelligenceIndicator/IPEntity_DnsEvents.yaml x: 117 # contributors y: 167 # changes Detections/ThreatIntelligenceIndicator/IPEntity_W3CIISLog.yaml x: 121 # contributors y: 158 # changes Detections/ThreatIntelligenceIndicator/IPEntity_imWebSession.yaml x: 64 # contributors y: 77 # changes Detections/ThreatIntelligenceIndicator/IPentity_SigninLogs.yaml x: 110 # contributors y: 145 # changes Detections/ThreatIntelligenceIndicator/URLEntity_AuditLogs.yaml x: 110 # contributors y: 141 # changes Detections/ThreatIntelligenceIndicator/URLEntity_PaloAlto.yaml x: 109 # contributors y: 145 # changes Detections/ThreatIntelligenceIndicator/URLEntity_Syslog.yaml x: 110 # contributors y: 139 # changes Detections/W3CIISLog/AnomomlousUserAgentConnection.yaml x: 106 # contributors y: 133 # changes Detections/W3CIISLog/HighFailedLogonCountByUser.yaml x: 107 # contributors y: 141 # changes Detections/W3CIISLog/MaliciousAlertLinkedWebRequests.yaml x: 118 # contributors y: 137 # changes Detections/W3CIISLog/Supernovawebshell.yaml x: 132 # contributors y: 167 # changes Exploration Queries/InputEntity_Account/Acc2IP_rareIPLocation.yaml x: 78 # contributors y: 94 # changes Exploration Queries/InputEntity_Account/LeastPrevProcess_ByAccount.yaml x: 46 # contributors y: 50 # changes Exploration Queries/InputEntity_Account/UserAccount_LogonsFromIPAddress.yaml x: 55 # contributors y: 59 # changes Exploration Queries/InputEntity_Account/UserAccount_NewInteractiveLogon.yaml x: 50 # contributors y: 58 # changes Exploration Queries/InputEntity_Account/UserAccount_Peers.yaml x: 71 # contributors y: 73 # changes Exploration Queries/InputEntity_Host/ParentProcessesOnHost.yaml x: 40 # contributors y: 43 # changes Exploration Queries/InputEntity_Host/UsersConnectedByHost.yaml x: 40 # contributors y: 39 # changes Exploration Queries/InputEntity_Process/WinHosts_WithThisProcess.yaml x: 66 # contributors y: 71 # changes Hunting Queries/ASimProcess/Discorddownloadinvokedfromcmdline(ASIMVersion).yaml x: 76 # contributors y: 66 # changes Hunting Queries/ASimProcess/imProcess_Dev-0056CommandLineActivityNovember2021(ASIMVersion).yaml x: 63 # contributors y: 49 # changes Hunting Queries/ASimProcess/imProcess_ProcessEntropy.yaml x: 77 # contributors y: 69 # changes Hunting Queries/ASimProcess/imProcess_SolarWindsInventory.yaml x: 76 # contributors y: 68 # changes Hunting Queries/ASimProcess/imProcess_powershell_downloads.yaml x: 85 # contributors y: 89 # changes Hunting Queries/AuditLogs/AccountMFAModifications.yaml x: 26 # contributors y: 25 # changes Hunting Queries/AuditLogs/ConsentToApplicationDiscovery.yaml x: 95 # contributors y: 92 # changes Hunting Queries/AuditLogs/NonredeemedGuesUserInvites.yaml x: 48 # contributors y: 60 # changes Hunting Queries/AuditLogs/RareAuditActivityByApp.yaml x: 82 # contributors y: 94 # changes Hunting Queries/AuditLogs/RareAuditActivityByUser.yaml x: 82 # contributors y: 93 # changes Hunting Queries/AzureActivity/Azure-CloudShell-Usage.yaml x: 93 # contributors y: 87 # changes Hunting Queries/AzureDiagnostics/SpringshellWebshellUsage.yaml x: 61 # contributors y: 54 # changes Hunting Queries/AzureStorage/AzureStorageFileOnEndpoint.yaml x: 78 # contributors y: 79 # changes Hunting Queries/BehaviorAnalytics/Anomalous Account Creation.yaml x: 77 # contributors y: 99 # changes Hunting Queries/GitHub/Suspicious Fork Activity.yaml x: 73 # contributors y: 76 # changes Hunting Queries/GitHub/Unusual Number of Repository Clones.yaml x: 79 # contributors y: 100 # changes Hunting Queries/Microsoft 365 Defender/ASR rules/ASR-rules-categorized-detection-graph.yaml x: 32 # contributors y: 34 # changes Hunting Queries/Microsoft 365 Defender/Campaigns/Abuse.ch Recent Threat Feed.yaml x: 61 # contributors y: 50 # changes Hunting Queries/Microsoft 365 Defender/Campaigns/redmenshen-bpfdoor-backdoor.yaml x: 47 # contributors y: 62 # changes Hunting Queries/Microsoft 365 Defender/Cloud Apps/aad-group-adds.yaml x: 42 # contributors y: 53 # changes Hunting Queries/Microsoft 365 Defender/Cloud Apps/file-download-events.yaml x: 30 # contributors y: 39 # changes Hunting Queries/Microsoft 365 Defender/Cloud Apps/mass-downloads.yaml x: 28 # contributors y: 31 # changes Hunting Queries/Microsoft 365 Defender/Command and Control/EncodedDomainURL [Nobelium].yaml x: 49 # contributors y: 53 # changes Hunting Queries/Microsoft 365 Defender/Credential Access/Active Directory Sensitive Group Modifications.yaml x: 52 # contributors y: 54 # changes Hunting Queries/Microsoft 365 Defender/Execution/exchange-iis-worker-dropping-webshell.yaml x: 61 # contributors y: 60 # changes Hunting Queries/Microsoft 365 Defender/Exfiltration/Files copied to USB drives.yaml x: 50 # contributors y: 53 # changes Hunting Queries/Microsoft 365 Defender/General queries/Endpoint Agent Health Status Report.yaml x: 67 # contributors y: 76 # changes Hunting Queries/Microsoft 365 Defender/Impact/unusual-volume-of-file-deletion.yaml x: 61 # contributors y: 52 # changes Hunting Queries/Microsoft 365 Defender/Initial access/SuspiciousUrlClicked.yaml x: 88 # contributors y: 86 # changes Hunting Queries/Microsoft 365 Defender/Lateral Movement/ImpersonatedUserFootprint.yaml x: 62 # contributors y: 50 # changes Hunting Queries/Microsoft 365 Defender/Persistence/LocalAdminGroupChanges.yaml x: 64 # contributors y: 54 # changes Hunting Queries/Microsoft 365 Defender/Persistence/multipleAADAdminsRemovals.yaml x: 42 # contributors y: 42 # changes Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_Action1_createproc.yaml x: 29 # contributors y: 30 # changes Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm_AnyViewer_createproc.yaml x: 29 # contributors y: 29 # changes Hunting Queries/Microsoft 365 Defender/TVM/devices_with_vuln_and_users_received_payload.yaml x: 65 # contributors y: 54 # changes Hunting Queries/MultipleDataSources/AADPrivilegedAccountsFailedMFA.yaml x: 42 # contributors y: 48 # changes Hunting Queries/MultipleDataSources/AzureResourceCreationWithNetworkActivity.yaml x: 84 # contributors y: 99 # changes Hunting Queries/MultipleDataSources/CriticalOperationsWithSystemrestore.yaml x: 52 # contributors y: 63 # changes Hunting Queries/MultipleDataSources/FailedSigninsWithAuditDetails.yaml x: 65 # contributors y: 74 # changes Hunting Queries/MultipleDataSources/FirewallRuleChanges_using_netsh.yaml x: 64 # contributors y: 70 # changes Hunting Queries/MultipleDataSources/LogonwithExpiredAccount.yaml x: 76 # contributors y: 79 # changes Hunting Queries/MultipleDataSources/PermutationsOnLogonNames.yaml x: 80 # contributors y: 92 # changes Hunting Queries/MultipleDataSources/PossibleCommandInjectionagainstAzureIR.yaml x: 68 # contributors y: 61 # changes Hunting Queries/MultipleDataSources/PotentialSSHTunneltoAADConnectHost.yaml x: 30 # contributors y: 30 # changes Hunting Queries/MultipleDataSources/RareDNSLookupWithDataTransfer.yaml x: 106 # contributors y: 128 # changes Hunting Queries/MultipleDataSources/RareDomainsInCloudLogs.yaml x: 92 # contributors y: 107 # changes Hunting Queries/MultipleDataSources/TrackingPasswordChanges.yaml x: 85 # contributors y: 98 # changes Hunting Queries/MultipleDataSources/TrackingPrivAccounts.yaml x: 96 # contributors y: 116 # changes Hunting Queries/MultipleDataSources/UnfamiliarsignincorrelationwithPortalSigninandAuditlogs.yaml x: 65 # contributors y: 61 # changes Hunting Queries/OfficeActivity/MultipleUsersEmailForwardedToSameDestination.yaml x: 33 # contributors y: 29 # changes Hunting Queries/SecurityAlert/AlertsOnHost.yaml x: 52 # contributors y: 52 # changes Hunting Queries/SecurityEvent/PotentialProcessDoppelganging.yaml x: 53 # contributors y: 49 # changes Hunting Queries/SecurityEvent/hunt_LOLBins.yaml x: 57 # contributors y: 59 # changes Hunting Queries/SigninLogs/AnomalousUserAppSigninLocationIncrease.yaml x: 98 # contributors y: 119 # changes Hunting Queries/SigninLogs/InactiveAccounts.yaml x: 91 # contributors y: 111 # changes Hunting Queries/SigninLogs/LoginSpikeWithIncreaseFailureRate.yaml x: 83 # contributors y: 92 # changes Hunting Queries/SigninLogs/SuccessThenFail_SameUserDiffApp.yaml x: 83 # contributors y: 83 # changes Hunting Queries/SigninLogs/UserAccounts-BlockedAccounts.yaml x: 50 # contributors y: 51 # changes Hunting Queries/SigninLogs/signinBurstFromMultipleLocations.yaml x: 96 # contributors y: 101 # changes Hunting Queries/Syslog/disabled_account_squid_usage.yaml x: 69 # contributors y: 81 # changes Hunting Queries/W3CIISLog/ClientIPwithManyUserAgents.yaml x: 98 # contributors y: 114 # changes Hunting Queries/W3CIISLog/PotentialWebshell.yaml x: 102 # contributors y: 111 # changes Hunting Queries/W3CIISLog/Potential_IIS_BF.yaml x: 87 # contributors y: 99 # changes Hunting Queries/W3CIISLog/Potential_IIS_CodeInject.yaml x: 98 # contributors y: 128 # changes Hunting Queries/W3CIISLog/RareClientFileAccess.yaml x: 125 # contributors y: 156 # changes Hunting Queries/W3CIISLog/SuspectedMailBoxExportHostonOWA.yaml x: 104 # contributors y: 129 # changes Hunting Queries/W3CIISLog/WebShellActivity.yaml x: 84 # contributors y: 82 # changes Hunting Queries/WireData/WireDataBeacon.yaml x: 102 # contributors y: 119 # changes Parsers/AS-StealthDefend/AS-StealthDefend.yaml x: 27 # contributors y: 26 # changes Parsers/ASimAuditEvent/Parsers/ASimAuditEventCiscoISE.yaml x: 30 # contributors y: 32 # changes Parsers/ASimAuditEvent/Parsers/vimAuditEventCiscoISE.yaml x: 30 # contributors y: 33 # changes Parsers/ASimAuthentication/Parsers/ASimAuthenticationAWSCloudTrail.yaml x: 75 # contributors y: 103 # changes Parsers/ASimAuthentication/Parsers/ASimAuthenticationCiscoISE.yaml x: 41 # contributors y: 51 # changes Parsers/ASimAuthentication/Parsers/ASimAuthenticationCrowdStrikeFalconHost.yaml x: 25 # contributors y: 24 # changes Parsers/ASimAuthentication/Parsers/ASimAuthenticationSshd.yaml x: 48 # contributors y: 69 # changes Parsers/ASimAuthentication/Parsers/ASimAuthenticationVMwareCarbonBlackCloud.yaml x: 23 # contributors y: 28 # changes Parsers/ASimDns/Parsers/ASimDnsMicrosoftNXlog.yaml x: 55 # contributors y: 73 # changes Parsers/ASimDns/Parsers/ASimDnsSentinelOne.yaml x: 24 # contributors y: 32 # changes Parsers/ASimDns/Parsers/vimDnsInfobloxNIOS.yaml x: 85 # contributors y: 130 # changes Parsers/ASimDns/Parsers/vimDnsMicrosoftNXlog.yaml x: 52 # contributors y: 65 # changes Parsers/ASimFileEvent/Parsers/ASimFileEventAzureFileStorage.yaml x: 26 # contributors y: 27 # changes Parsers/ASimFileEvent/Parsers/vimFileEventAzureFileStorage.yaml x: 44 # contributors y: 54 # changes Parsers/ASimFileEvent/Parsers/vimFileEventLinuxSysmonFileCreated.yaml x: 44 # contributors y: 52 # changes Parsers/ASimFileEvent/Parsers/vimFileEventMicrosoftSharePoint.yaml x: 58 # contributors y: 86 # changes Parsers/ASimFileEvent/Parsers/vimFileEventNative.yaml x: 57 # contributors y: 67 # changes Parsers/ASimFileEvent/Parsers/vimFileEventVMwareCarbonBlackCloud.yaml x: 26 # contributors y: 34 # changes Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionCiscoFirepower.yaml x: 27 # contributors y: 31 # changes Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionFortinetFortiGate.yaml x: 75 # contributors y: 121 # changes Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionMicrosoft365Defender.yaml x: 82 # contributors y: 106 # changes Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionVMwareCarbonBlackCloud.yaml x: 26 # contributors y: 35 # changes Parsers/ASimNetworkSession/Parsers/vimNetworkSessionForcePointFirewall.yaml x: 38 # contributors y: 40 # changes Parsers/ASimNetworkSession/Parsers/vimNetworkSessionFortinetFortiGate.yaml x: 75 # contributors y: 122 # changes Parsers/ASimNetworkSession/Parsers/vimNetworkSessionMicrosoft365Defender.yaml x: 90 # contributors y: 123 # changes Parsers/ASimProcessEvent/Parsers/ASimProcessCreateSentinelOne.yaml x: 25 # contributors y: 30 # changes Parsers/ASimProcessEvent/Parsers/ASimProcessTerminateLinuxSysmon.yaml x: 44 # contributors y: 59 # changes Parsers/ASimProcessEvent/Parsers/ASimProcessTerminateMicrosoftSecurityEvents.yaml x: 53 # contributors y: 63 # changes Parsers/ASimProcessEvent/Parsers/ASimProcessTerminateMicrosoftWindowsEvents.yaml x: 65 # contributors y: 80 # changes Parsers/ASimProcessEvent/Parsers/vimProcessCreateMicrosoftWindowsEvents.yaml x: 76 # contributors y: 98 # changes Parsers/ASimProcessEvent/Parsers/vimProcessTerminateMicrosoftSecurityEvents.yaml x: 64 # contributors y: 79 # changes Parsers/ASimRegistryEvent/Parsers/ASimRegistryEventVMwareCarbonBlackCloud.yaml x: 28 # contributors y: 34 # changes Parsers/ASimWebSession/Parsers/ASimWebSessionApacheHTTPServer.yaml x: 33 # contributors y: 38 # changes Parsers/ASimWebSession/Parsers/ASimWebSessionFortinetFortiGate.yaml x: 48 # contributors y: 59 # changes Parsers/ASimWebSession/Parsers/ASimWebSessionIIS.yaml x: 34 # contributors y: 32 # changes Parsers/ASimWebSession/Parsers/vimWebSessionApacheHTTPServer.yaml x: 40 # contributors y: 53 # changes Parsers/ASimWebSession/Parsers/vimWebSessionIIS.yaml x: 52 # contributors y: 42 # changes Playbooks/AS-Block-GitHub-User/CreateJWT-Function/CreateJWT.js x: 34 # contributors y: 31 # changes Playbooks/AzureMonitor-ManagedId/azuremonitor.liquid x: 36 # contributors y: 34 # changes Solutions/AIShield AI Security Monitoring/Parsers/AIShield.yaml x: 45 # contributors y: 55 # changes Solutions/AWS Systems Manager/Playbooks/CustomConnector/AWS_SSM_FunctionAppConnector/AddTagsToResource/__init__.py x: 44 # contributors y: 38 # changes Solutions/AWS Systems Manager/Playbooks/CustomConnector/AWS_SSM_FunctionAppConnector/GetInventory/__init__.py x: 44 # contributors y: 37 # changes Solutions/Alsid For AD/Analytic Rules/DCShadow.yaml x: 42 # contributors y: 46 # changes Solutions/Alsid For AD/Analytic Rules/PasswordIssues.yaml x: 42 # contributors y: 47 # changes Solutions/Amazon Web Services/Analytic Rules/AWS_APIfromTor.yaml x: 45 # contributors y: 52 # changes Solutions/Amazon Web Services/Analytic Rules/AWS_CreatedCloudFormationPolicytoPrivilegeEscalation.yaml x: 78 # contributors y: 95 # changes Solutions/Amazon Web Services/Analytic Rules/AWS_ECRImageScanningDisabled.yaml x: 45 # contributors y: 53 # changes Solutions/Amazon Web Services/Analytic Rules/AWS_NetworkACLOpenToAllPorts.yaml x: 71 # contributors y: 72 # changes Solutions/Amazon Web Services/Analytic Rules/AWS_PrivilegeEscalationAdminManagedPolicy.yaml x: 45 # contributors y: 54 # changes Solutions/Apache Log4j Vulnerability Detection/Hunting Queries/Apache_log4j_Vulnerability.yaml x: 66 # contributors y: 76 # changes Solutions/Armis/Data Connectors/ArmisAlerts/ArmisAlertSentinelConnector/__init__.py x: 46 # contributors y: 49 # changes Solutions/Armorblox/Analytic Rules/ArmorbloxNeedsReviewAlert.yaml x: 74 # contributors y: 82 # changes Solutions/AtlassianJiraAudit/Hunting Queries/JiraUserIPs.yaml x: 43 # contributors y: 46 # changes Solutions/Attacker Tools Threat Protection Essentials/Analytic Rules/AdFind_Usage.yaml x: 53 # contributors y: 53 # changes Solutions/Authomize/Analytic Rules/AWS_role_with_admin_privileges.yaml x: 41 # contributors y: 49 # changes Solutions/Azure Firewall/Analytic Rules/Azure Firewall - Port Scan.yaml x: 82 # contributors y: 90 # changes Solutions/Azure Firewall/Analytic Rules/Azure Firewall - Port Sweep.yaml x: 77 # contributors y: 88 # changes Solutions/Azure Firewall/Hunting Queries/Azure Firewall - First Time Source IP to Destination Using Port.yaml x: 64 # contributors y: 63 # changes Solutions/Azure Firewall/Hunting Queries/Azure Firewall - Uncommon Port for Organization.yaml x: 64 # contributors y: 62 # changes Solutions/Azure SQL Database solution for sentinel/Analytic Rules/Detection-ErrorsCredentialStatefulAnomalyOnDatabase.yaml x: 48 # contributors y: 52 # changes Solutions/Azure SQL Database solution for sentinel/Hunting Queries/HuntingQuery-BooleanBlindSQLi.yaml x: 69 # contributors y: 67 # changes Solutions/Azure Web Application Firewall (WAF)/Analytic Rules/AFD-Premium-WAF-SQLiDetection.yaml x: 52 # contributors y: 58 # changes Solutions/Box/Data Connectors/AzureFunctionBox/main.py x: 89 # contributors y: 96 # changes Solutions/Business Email Compromise - Financial Fraud/Hunting Queries/AWSBucketAPILogs-SuspiciousDataAccessToS3BucketsfromUnknownIP.yaml x: 55 # contributors y: 79 # changes Solutions/Cisco Secure Endpoint/Hunting Queries/CiscoSEMaliciousFiles.yaml x: 74 # contributors y: 96 # changes Solutions/Cisco Secure Endpoint/Hunting Queries/CiscoSEModifiedAgent.yaml x: 60 # contributors y: 69 # changes Solutions/Cisco Secure Endpoint/Hunting Queries/CiscoSEVulnerableApplications.yaml x: 60 # contributors y: 68 # changes Solutions/CiscoDuoSecurity/Data Connectors/AzureFunctionCiscoDuo/main.py x: 114 # contributors y: 147 # changes Solutions/CiscoUmbrella/Data Connectors/ciscoUmbrellaDataConn/state_manager.py x: 32 # contributors y: 31 # changes Solutions/CiscoUmbrella/Hunting Queries/CiscoUmbrellaHighValuesOfUploadedData.yaml x: 56 # contributors y: 48 # changes Solutions/Cloud Identity Threat Protection Essentials/Hunting Queries/StsRefreshTokenModification.yaml x: 74 # contributors y: 95 # changes Solutions/Cloudflare/Hunting Queries/CloudflareClientErrors.yaml x: 55 # contributors y: 48 # changes Solutions/CofenseTriage/Data Connectors/CofenseTriageDataConnector/CofenseBasedIndicatorCreator/__init__.py x: 31 # contributors y: 27 # changes Solutions/Corelight/Analytic Rules/CorelightExternalProxyDetected.yaml x: 81 # contributors y: 102 # changes Solutions/Corelight/Analytic Rules/CorelightForcedExternalOutboundSMB.yaml x: 85 # contributors y: 111 # changes Solutions/Corelight/Analytic Rules/CorelightMultipleFilesSentOverHTTPAbnormalRequests.yaml x: 96 # contributors y: 124 # changes Solutions/Corelight/Analytic Rules/CorelightNetworkServiceScanning.yaml x: 86 # contributors y: 109 # changes Solutions/Corelight/Analytic Rules/CorelightPossibleWebshell.yaml x: 95 # contributors y: 124 # changes Solutions/Corelight/Analytic Rules/CorelightSMTPEmailSubjectNonAsciiCharacters.yaml x: 81 # contributors y: 103 # changes Solutions/Corelight/Hunting Queries/CorelightMultipleRemoteSMBConnectionsFromSingleIP.yaml x: 54 # contributors y: 60 # changes Solutions/Corelight/Hunting Queries/CorelightRarePOST.yaml x: 66 # contributors y: 73 # changes Solutions/CrowdStrike Falcon Endpoint Protection/Data Connectors/CrowdstrikeReplicatorCLv2/CrowdstrikeFalconAPISentinelConn/QueueTriggerCS/sentinel_connector_clv2_async.py x: 56 # contributors y: 63 # changes Solutions/CrowdStrike Falcon Endpoint Protection/Parsers/CrowdStrikeReplicatorV2.yaml x: 47 # contributors y: 50 # changes Solutions/Cyborg Security HUNTER/Hunting Queries/Attempted VBScript Stored in Non-Run CurrentVersion Registry Key Value.yaml x: 29 # contributors y: 26 # changes Solutions/Cyborg Security HUNTER/Hunting Queries/Prohibited Applications Spawning cmd.exe or powershell.exe.yaml x: 29 # contributors y: 27 # changes Solutions/Cynerio/Analytic Rules/IoTDefaultPasswords.yaml x: 35 # contributors y: 31 # changes Solutions/DNS Essentials/Analytic Rules/ExcessiveNXDOMAINDNSQueriesAnomalyBased.yaml x: 41 # contributors y: 43 # changes Solutions/Darktrace/Analytic Rules/CreateAlertFromModelBreach.yaml x: 61 # contributors y: 96 # changes Solutions/Darktrace/Analytic Rules/CreateAlertFromSystemStatus.yaml x: 61 # contributors y: 95 # changes Solutions/Dataminr Pulse/Data Connectors/DataminrPulseAlerts/DataminrPulseAlertsSentinelActivity/dataminr_pulse.py x: 25 # contributors y: 29 # changes Solutions/Digital Shadows/Analytic Rules/Digital_Shadows_incident_creation_exclude.yaml x: 61 # contributors y: 87 # changes Solutions/Egress Defend/Hunting Queries/DangerousLinksClicked.yaml x: 29 # contributors y: 36 # changes Solutions/Endpoint Threat Protection Essentials/Hunting Queries/PotentialMicrosoftSecurityServicesTampering.yaml x: 45 # contributors y: 49 # changes Solutions/Flare/Analytic Rules/FlareCloudBucket.yaml x: 39 # contributors y: 36 # changes Solutions/GitHub/Data Connectors/GithubWebhook/GithubWebhookConnector/__init__.py x: 71 # contributors y: 83 # changes Solutions/GitLab/Analytic Rules/GitLab_SignInBurst.yaml x: 63 # contributors y: 70 # changes Solutions/GoogleCloudPlatformDNS/Hunting Queries/GCPDNSRareDomains.yaml x: 52 # contributors y: 46 # changes Solutions/GoogleCloudPlatformIAM/Data Connectors/AzureFunctionGCPIAM/main.py x: 65 # contributors y: 71 # changes Solutions/GoogleWorkspaceReports/Hunting Queries/GWorkspaceDocumentCopiedToPrivateDrive.yaml x: 44 # contributors y: 30 # changes Solutions/GoogleWorkspaceReports/Hunting Queries/GWorkspaceRareDocType.yaml x: 49 # contributors y: 46 # changes Solutions/GreyNoiseThreatIntelligence/Data Connectors/GreyNoiseAPISentinelConnector/main.py x: 37 # contributors y: 53 # changes Solutions/ImpervaCloudWAF/Hunting Queries/ImpervaRareDstPorts.yaml x: 45 # contributors y: 41 # changes Solutions/Juniper SRX/Parsers/JuniperSRX.yaml x: 36 # contributors y: 38 # changes Solutions/LastPass/Analytic Rules/FailedSigninDueToMFA.yaml x: 75 # contributors y: 85 # changes Solutions/Legacy IOC based Threat Protection/Hunting Queries/Dev-0322CommandLineActivityNovember2021(ASIMVersion).yaml x: 69 # contributors y: 71 # changes Solutions/Legacy IOC based Threat Protection/Hunting Queries/Dev-0322CommandLineActivityNovember2021.yaml x: 56 # contributors y: 65 # changes Solutions/Legacy IOC based Threat Protection/Hunting Queries/NetworkConnectiontoOMIPorts.yaml x: 76 # contributors y: 85 # changes Solutions/Legacy IOC based Threat Protection/Hunting Queries/NylonTyphoonCommandLineActivity-Nov2021.yaml x: 68 # contributors y: 70 # changes Solutions/Legacy IOC based Threat Protection/Hunting Queries/NylonTyphoonRegIOCPatterns.yaml x: 54 # contributors y: 47 # changes Solutions/MailRisk/Data Connectors/MailRiskSentinelIntegration/__init__.py x: 51 # contributors y: 47 # changes Solutions/MailRisk/Data Connectors/models/email.py x: 51 # contributors y: 48 # changes Solutions/Malware Protection Essentials/Analytic Rules/BackupDeletionDetected.yaml x: 23 # contributors y: 29 # changes Solutions/McAfee ePolicy Orchestrator/Parsers/McAfeeEPOEvent.yaml x: 51 # contributors y: 58 # changes Solutions/Microsoft 365/Analytic Rules/ForestBlizzardCredHarvesting.yaml x: 56 # contributors y: 60 # changes Solutions/Microsoft Defender for Office 365/Playbooks/CustomConnector/O365_Defender_FunctionAppConnector/BlockMalwareFileExtension/run.ps1 x: 40 # contributors y: 28 # changes Solutions/Microsoft Exchange Security - Exchange On-Premises/Analytic Rules/CriticalCmdletsUsageDetection.yaml x: 68 # contributors y: 86 # changes Solutions/MicrosoftPurviewInsiderRiskManagement/Analytic Rules/InsiderRiskM365IRMAlertObserved.yaml x: 76 # contributors y: 95 # changes Solutions/MimecastSEG/Analytic Rules/MimecastDLP.yaml x: 27 # contributors y: 28 # changes Solutions/MimecastTTP/Analytic Rules/MimecastTTPAttachment.yaml x: 27 # contributors y: 32 # changes Solutions/MimecastTTP/Data Connectors/GetTTPAttachment/__init__.py x: 39 # contributors y: 53 # changes Solutions/Okta Single Sign-On/Analytic Rules/PhishingDetection.yaml x: 55 # contributors y: 63 # changes Solutions/Okta Single Sign-On/Hunting Queries/AdminPrivilegeGrant.yaml x: 60 # contributors y: 80 # changes Solutions/Okta Single Sign-On/Hunting Queries/CreateAPIToken.yaml x: 40 # contributors y: 42 # changes Solutions/Okta Single Sign-On/Hunting Queries/ImpersonationSession.yaml x: 49 # contributors y: 59 # changes Solutions/Oracle Cloud Infrastructure/Hunting Queries/OCIDestinationsOut.yaml x: 45 # contributors y: 60 # changes Solutions/OracleWebLogicServer/Parsers/OracleWebLogicServerEvent.yaml x: 45 # contributors y: 58 # changes Solutions/PDNS Block Data Connector/DataConnectors/block-data-connector/__init__.py x: 35 # contributors y: 36 # changes Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudAclAccessKeysNotRotated.yaml x: 69 # contributors y: 73 # changes Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudAnomalousApiKeyActivity.yaml x: 74 # contributors y: 80 # changes Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudHighRiskScoreAlert.yaml x: 69 # contributors y: 74 # changes Solutions/ProofPointTap/Data Connectors/AzureFunctionProofpointTAP/run.ps1 x: 47 # contributors y: 54 # changes Solutions/Proofpoint On demand(POD) Email Security/Analytic Rules/ProofpointPODBinaryInAttachment.yaml x: 60 # contributors y: 56 # changes Solutions/Proofpoint On demand(POD) Email Security/Analytic Rules/ProofpointPODEmailSenderIPinTIList.yaml x: 31 # contributors y: 28 # changes Solutions/Proofpoint On demand(POD) Email Security/Hunting Queries/ProofpointPODLargeOutboundEmails.yaml x: 42 # contributors y: 44 # changes Solutions/Qualys VM Knowledgebase/Data Connectors/AzureFunctionQualysKB/run.ps1 x: 77 # contributors y: 86 # changes Solutions/Rapid7InsightVM/Data Connectors/InsightVMCloudAPISentinelConnector/__init__.py x: 85 # contributors y: 92 # changes Solutions/Rapid7InsightVM/Data Connectors/InsightVMCloudAPISentinelConnector/sentinel_connector_async.py x: 44 # contributors y: 45 # changes Solutions/RubrikSecurityCloud/Data Connectors/RubrikWebhookEvents/RubrikActivity/__init__.py x: 29 # contributors y: 24 # changes Solutions/SecurityThreatEssentialSolution/Analytic Rules/Threat_Essentials_MultipleAdmin_membership_removals_from_NewAdmin.yaml x: 67 # contributors y: 65 # changes Solutions/SecurityThreatEssentialSolution/Hunting Queries/Signins-From-VPS-Providers.yaml x: 49 # contributors y: 44 # changes Solutions/SenservaPro/Analytic Rules/SelfServicePasswordReset.yaml x: 89 # contributors y: 112 # changes Solutions/SenservaPro/Hunting Queries/AzureSecureScoreSelfServicePasswordReset.yaml x: 49 # contributors y: 52 # changes Solutions/Snowflake/Hunting Queries/SnowflakeHighCreditConsumingQueries.yaml x: 61 # contributors y: 68 # changes Solutions/TenableIO/Data Connectors/TenableAssetExportOrchestrator/__init__.py x: 48 # contributors y: 45 # changes Solutions/Threat Intelligence/Hunting Queries/FileEntity_OfficeActivity.yaml x: 72 # contributors y: 103 # changes Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/oat_pipeline_file_poison_qt/__init__.py x: 33 # contributors y: 28 # changes Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/shared_code/data_collector.py x: 47 # contributors y: 46 # changes Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/shared_code/trace_utils/trace/trace_manager.py x: 50 # contributors y: 46 # changes Solutions/UEBA Essentials/Hunting Queries/loginActivityFromBotnet.yaml x: 58 # contributors y: 60 # changes Solutions/UEBA Essentials/Hunting Queries/newAccountAddedToAdminGroup.yaml x: 78 # contributors y: 88 # changes Solutions/Web Session Essentials/Analytic Rules/LocalFileInclusion-LFI.yaml x: 35 # contributors y: 34 # changes Solutions/Web Session Essentials/Analytic Rules/MultipleClientErrorsWithinShortTime.yaml x: 36 # contributors y: 37 # changes Solutions/Web Shells Threat Protection/Hunting Queries/Possible webshell drop.yaml x: 54 # contributors y: 52 # changes Solutions/Web Shells Threat Protection/Hunting Queries/PotentialWebshell.yaml x: 70 # contributors y: 74 # changes Solutions/Windows Security Events/Hunting Queries/CustomUserList_FailedLogons.yaml x: 47 # contributors y: 44 # changes Solutions/Windows Security Events/Hunting Queries/DecoyUserAccountAuthenticationAttempt.yaml x: 63 # contributors y: 68 # changes Solutions/Windows Security Events/Hunting Queries/InternalProxies.yaml x: 43 # contributors y: 39 # changes Solutions/Windows Server DNS/Analytic Rules/DNS_HighReverseDNSCount_detection.yaml x: 51 # contributors y: 64 # changes Solutions/Windows Server DNS/Hunting Queries/DNS_CommonlyAbusedTLDs.yaml x: 46 # contributors y: 53 # changes Solutions/Zinc Open Source/Analytic Rules/ZincOctober2022_Filename_Commandline_IOC.yaml x: 78 # contributors y: 82 # changes Tools/Archive-Log-Tool/ArchiveLogsTool-PowerShell/Configure-Long-Term-Retention.ps1 x: 97 # contributors y: 114 # changes Tools/Create-Azure-Sentinel-Solution/V2/createSolutionV2.ps1 x: 137 # contributors y: 255 # changes Tools/Create-Azure-Sentinel-Solution/common/LogAppInsights.ps1 x: 39 # contributors y: 29 # changes Tools/Create-Azure-Sentinel-Solution/common/templating/SolutionAutomationInput.ts x: 39 # contributors y: 27 # changes Tools/Playbook-ARM-Template-Generator/src/Playbook_ARM_Template_Generator.ps1 x: 42 # contributors y: 40 # changes Tools/Sentinel-All-In-One/v2/Scripts/EnableRules.ps1 x: 46 # contributors y: 44 # changes Hunting Queries/Microsoft 365 Defender/Email Queries/ZAP/Total ZAP Count.yaml x: 1 # contributors y: 1 # changes Tools/Create-Azure-Sentinel-Solution/createSolution.ps1 x: 104 # contributors y: 162 # changes Hunting Queries/ASimProcess/imProcess_Invoke-PowerShellTcpOneLine.yaml x: 34 # contributors y: 38 # changes ASIM/lib/functions/ASIM_Enrich_IdentityInfo.yaml x: 29 # contributors y: 39 # changes Hunting Queries/AuditLogs/UserGrantedAccess_GrantsOthersAccess.yaml x: 84 # contributors y: 100 # changes Hunting Queries/AzureActivity/AnomalousAzureOperationModel.yaml x: 64 # contributors y: 69 # changes Hunting Queries/AzureActivity/Anomalous_Listing_Of_Storage_Keys.yaml x: 91 # contributors y: 114 # changes Hunting Queries/AzureActivity/AzureAdministrationFromVPS.yaml x: 80 # contributors y: 97 # changes Hunting Queries/AzureActivity/AzureSentinelConnectors_AdministrativeOperations.yaml x: 86 # contributors y: 103 # changes Hunting Queries/AzureActivity/Creating_Anomalous_Number_Of_Resources.yaml x: 91 # contributors y: 117 # changes Hunting Queries/AzureActivity/PortOpenedForAzureResource.yaml x: 84 # contributors y: 102 # changes Hunting Queries/AzureDiagnostics/AzureKeyVaultAccessManipulation.yaml x: 62 # contributors y: 66 # changes Hunting Queries/CommonSecurityLog/B64IPInURL.yaml x: 52 # contributors y: 71 # changes Hunting Queries/DnsEvents/DNS_CommonlyAbusedTLDs.yaml x: 93 # contributors y: 115 # changes Hunting Queries/DnsEvents/DNS_FullNameAnomalousLookupIncrease.yaml x: 75 # contributors y: 95 # changes Hunting Queries/DnsEvents/DNS_HighReverseDNSCount.yaml x: 85 # contributors y: 104 # changes Hunting Queries/DnsEvents/DNS_LongURILookup.yaml x: 94 # contributors y: 111 # changes Hunting Queries/DnsEvents/DNS_WannaCry.yaml x: 89 # contributors y: 108 # changes Hunting Queries/DnsEvents/Solorigate-DNS-Pattern.yaml x: 92 # contributors y: 111 # changes Hunting Queries/GitHub/Mass Deletion of Repositories .yaml x: 50 # contributors y: 64 # changes Hunting Queries/MultipleDataSources/AzureResourceAssignedPublicIP.yaml x: 87 # contributors y: 109 # changes Hunting Queries/MultipleDataSources/BackupDeletion.yaml x: 49 # contributors y: 72 # changes Hunting Queries/MultipleDataSources/NetworkConnectionldap_log4j.yaml x: 72 # contributors y: 82 # changes Hunting Queries/MultipleDataSources/PersistViaIFEORegistryKey.yaml x: 76 # contributors y: 89 # changes Hunting Queries/MultipleDataSources/PotentialMicrosoftSecurityServicesTampering.yaml x: 87 # contributors y: 102 # changes Hunting Queries/MultipleDataSources/SolarWindsInventory.yaml x: 98 # contributors y: 120 # changes Hunting Queries/MultipleDataSources/UnicodeObfuscationInCommandLine.yaml x: 58 # contributors y: 70 # changes Hunting Queries/OfficeActivity/ExternalUserAddedRemovedInTeams_HuntVersion.yaml x: 73 # contributors y: 86 # changes Hunting Queries/OfficeActivity/ExternalUserFromNewOrgAddedToTeams.yaml x: 68 # contributors y: 83 # changes Hunting Queries/OfficeActivity/MultiTeamBot.yaml x: 78 # contributors y: 97 # changes Hunting Queries/OfficeActivity/New_WindowsReservedFileNamesOnOfficeFileServices.yaml x: 73 # contributors y: 90 # changes Hunting Queries/OfficeActivity/OfficeMailForwarding_hunting.yaml x: 92 # contributors y: 109 # changes Hunting Queries/OfficeActivity/new_sharepoint_downloads_by_IP.yaml x: 80 # contributors y: 100 # changes Hunting Queries/SQLServer/SQL-MultipleFailedLogon_FromSameIP.yaml x: 80 # contributors y: 90 # changes Hunting Queries/SecurityEvent/Crashdumpdisabledonhost.yaml x: 59 # contributors y: 62 # changes Hunting Queries/SecurityEvent/DecoyUserAccountAuthenticationAttempt.yaml x: 54 # contributors y: 63 # changes Hunting Queries/SecurityEvent/HostExportingMailboxAndRemovingExport.yaml x: 74 # contributors y: 84 # changes Hunting Queries/SecurityEvent/PotentialImpacketExecution.yaml x: 55 # contributors y: 62 # changes Hunting Queries/SecurityEvent/RareProcbyServiceAccount.yaml x: 70 # contributors y: 77 # changes Hunting Queries/SecurityEvent/RemoteLoginPerformedwithWMI.yaml x: 54 # contributors y: 64 # changes Hunting Queries/SecurityEvent/SignedBinaryProxyExecutionRundll32.yaml x: 72 # contributors y: 89 # changes Hunting Queries/SecurityEvent/UserAccountAddedToPrivlegeGroup.yaml x: 69 # contributors y: 76 # changes Hunting Queries/SecurityEvent/WindowsSystemTimeChange.yaml x: 51 # contributors y: 61 # changes Hunting Queries/SecurityEvent/cscript_summary.yaml x: 76 # contributors y: 84 # changes Hunting Queries/SecurityEvent/new_processes.yaml x: 68 # contributors y: 71 # changes Hunting Queries/SecurityEvent/powershell_newencodedscipts.yaml x: 77 # contributors y: 96 # changes Hunting Queries/SigninLogs/DisabledAccountSigninAttemptsByIP.yaml x: 78 # contributors y: 91 # changes Hunting Queries/SigninLogs/Signins-From-VPS-Providers.yaml x: 101 # contributors y: 133 # changes Hunting Queries/SigninLogs/Signins-from-NordVPN-Providers.yaml x: 57 # contributors y: 70 # changes Hunting Queries/SigninLogs/SuspiciousSignintoPrivilegedAccount.yaml x: 57 # contributors y: 65 # changes Hunting Queries/Syslog/CryptoThreatActivity.yaml x: 39 # contributors y: 59 # changes Hunting Queries/Syslog/Firewall_Disable_Activity.yaml x: 59 # contributors y: 73 # changes Hunting Queries/Syslog/Linux_Toolkit_Detected.yaml x: 59 # contributors y: 72 # changes Hunting Queries/Syslog/squid_abused_tlds.yaml x: 74 # contributors y: 99 # changes Hunting Queries/ThreatIntelligenceIndicator/FileEntity_OfficeActivity.yaml x: 87 # contributors y: 105 # changes Parsers/ASimAuditEvent/Parsers/ASimAuditEventMicrosoftExchangeAdmin365.yaml x: 39 # contributors y: 46 # changes Parsers/ASimDns/Parsers/vimDnsNative.yaml x: 73 # contributors y: 109 # changes Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionAppGateSDP.yaml x: 55 # contributors y: 78 # changes Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionzScalerZIA.yaml x: 73 # contributors y: 112 # changes Parsers/ASimNetworkSession/Parsers/vimNetworkSessionMicrosoftLinuxSysmon.yaml x: 84 # contributors y: 130 # changes Parsers/ASimNetworkSession/Parsers/vimNetworkSessionNative.yaml x: 42 # contributors y: 52 # changes Parsers/ASimNetworkSession/Parsers/vimNetworkSessionzScalerZIA.yaml x: 76 # contributors y: 117 # changes Parsers/ASimWebSession/Parsers/ASimWebSessionNative.yaml x: 28 # contributors y: 35 # changes Parsers/ASimWebSession/Parsers/ASimWebSessionzScalerZIA.yaml x: 77 # contributors y: 118 # changes Parsers/ASimWebSession/Parsers/vimWebSessionEmpty.yaml x: 79 # contributors y: 110 # changes Parsers/ASimWebSession/Parsers/vimWebSessionzScalerZIA.yaml x: 79 # contributors y: 126 # changes Solutions/Azure DDoS Protection/Analytic Rules/AttackSourcesPPSThreshold.yaml x: 55 # contributors y: 65 # changes Solutions/Cloudflare/Analytic Rules/CloudflareUnexpectedRequest.yaml x: 85 # contributors y: 99 # changes ASIM/dev/Delete-SentinelFunction/Delete-SentinelFunction.ps1 x: 21 # contributors y: 18 # changes ASIM/lib/functions/ASIM_ResolveDnsQueryType.yaml x: 43 # contributors y: 69 # changes ASIM/lib/functions/ASIM_ResolveFQDN.yaml x: 48 # contributors y: 80 # changes DataConnectors/AWS-CloudTrail-Ingestion-Lambda/SNS-Lambda-Trigger/IngestCloudTrailEventsToSentinel.ps1 x: 27 # contributors y: 23 # changes DataConnectors/AWS-S3/Utils/HelperFunctions.ps1 x: 39 # contributors y: 40 # changes DataConnectors/DocuSign-SecurityEvents/AzureFunctionDocuSignMonitor/profile.ps1 x: 20 # contributors y: 20 # changes DataConnectors/Duo Security/AzureFunctionDuoSecurity/run.ps1 x: 41 # contributors y: 38 # changes DataConnectors/Fluentd-VMSS/plugin/cef_version_0_keys.yaml x: 6 # contributors y: 8 # changes DataConnectors/GithubFunction/AzureFunctionGitHub/profile.ps1 x: 19 # contributors y: 19 # changes DataConnectors/JumpCloud Single Sign On/AzureFunctionJumpCloud/JCQueueTrigger1/run.ps1 x: 15 # contributors y: 14 # changes DataConnectors/MCASActivityFunction/AzureFunctionMCASActivity/profile.ps1 x: 27 # contributors y: 24 # changes DataConnectors/MCASActivityFunction/AzureFunctionMCASActivity/requirements.psd1 x: 47 # contributors y: 42 # changes DataConnectors/O365 Data/O365APItoAS-Template/TimerTrigger/modules/Write-OMSLogfile.ps1 x: 5 # contributors y: 8 # changes DataConnectors/Okta Single Sign-On/AzureFunctionOktaSSO_V2/profile.ps1 x: 11 # contributors y: 13 # changes DataConnectors/OneLogin/requirements.psd1 x: 25 # contributors y: 22 # changes DataConnectors/Templates/Connector_REST_API_AzureFunctionApp_template/Template_REST_API_AzureFunction_App_Code/Template_REST_API_Function_App_PowerShell/Template_REST_API_Function_App_PowerShell.ps1 x: 37 # contributors y: 37 # changes DataConnectors/Templates/Connector_REST_API_AzureFunctionApp_template/Template_REST_API_AzureFunction_App_Code/Template_REST_API_Function_App_PowerShell/profile.ps1 x: 6 # contributors y: 7 # changes Detections/AzureDevOpsAuditing/ADOAgentPoolCreatedDeleted.yaml x: 72 # contributors y: 80 # changes Detections/AzureDevOpsAuditing/ADONewExtensionAdded.yaml x: 72 # contributors y: 78 # changes Detections/AzureDevOpsAuditing/ADOPATUsedWithBrowser.yaml x: 82 # contributors y: 92 # changes Detections/AzureDevOpsAuditing/ADOSecretNotSecured.yaml x: 72 # contributors y: 79 # changes Detections/AzureDevOpsAuditing/AzDOAdminGroupAdditions.yaml x: 84 # contributors y: 97 # changes Detections/AzureDevOpsAuditing/AzDOHistoricPrPolicyBypassing.yaml x: 78 # contributors y: 89 # changes Detections/AzureDevOpsAuditing/AzDOPatSessionMisuse.yaml x: 109 # contributors y: 138 # changes Detections/AzureDevOpsAuditing/AzDOPipelineCreatedDeletedOneDay.yaml x: 72 # contributors y: 77 # changes Detections/SecurityAlert/CoreBackupDeletionwithSecurityAlert.yaml x: 40 # contributors y: 38 # changes Detections/SigninLogs/ServicePrincipalAuthenticationAttemptfromNewCountry.yaml x: 38 # contributors y: 55 # changes Exploration Queries/InputEntity_Account/Acc2Host_HostWithMostFails.yaml x: 68 # contributors y: 91 # changes Exploration Queries/InputEntity_File/HostwithFile.yaml x: 20 # contributors y: 28 # changes Exploration Queries/InputEntity_Host/ConnectionData_DefenderForIoT_GetHost2IoTDevice.yaml x: 32 # contributors y: 37 # changes Exploration Queries/InputEntity_Host/Host2Acc_PossibleSuccessfulBruteForce.yaml x: 34 # contributors y: 48 # changes Exploration Queries/InputEntity_Host/ProcessesOnHost.yaml x: 13 # contributors y: 21 # changes Exploration Queries/InputEntity_Host/ServiceCreatedOnHost.yaml x: 14 # contributors y: 19 # changes Exploration Queries/InputEntity_Host/UserAccount_CreatedDeleted.yaml x: 14 # contributors y: 16 # changes Exploration Queries/InputEntity_Host/UsersTriggeringAppCon.yaml x: 24 # contributors y: 24 # changes Exploration Queries/InputEntity_IP/IP2Host_HostByTrafficFromIPLeast.yaml x: 15 # contributors y: 24 # changes Exploration Queries/InputEntity_IP/IP2IP_IPsWithMostDROPs.yaml x: 33 # contributors y: 46 # changes Exploration Queries/InputEntity_Process/File_UnsignedLoadBlocked.yaml x: 37 # contributors y: 36 # changes Exploration Queries/IoT/ConnectionData_DefenderForIoT_GetIoTDevice2Host.yaml x: 31 # contributors y: 35 # changes Hunting Queries/ASimProcess/imProcess_ExchangePowerShellSnapin.yaml x: 34 # contributors y: 37 # changes Hunting Queries/ASimProcess/imProcess_cscript_summary.yaml x: 34 # contributors y: 36 # changes Hunting Queries/ASimRegistry/Crashdumpdisabledonhost(ASIMVersion).yaml x: 41 # contributors y: 41 # changes Hunting Queries/AuditLogs/AccountAddedtoPrivilegedPIMGroup.yaml x: 33 # contributors y: 33 # changes Hunting Queries/AuditLogs/UserGrantedAccess_AllAuditActivity.yaml x: 64 # contributors y: 65 # changes Hunting Queries/AzureDevOpsAuditing/ADOBuildCheckDeleted.yaml x: 51 # contributors y: 46 # changes Hunting Queries/AzureDevOpsAuditing/ADOInternalUpstreamPacakgeFeedAdded.yaml x: 57 # contributors y: 54 # changes Hunting Queries/AzureDevOpsAuditing/ADONewPATOperation.yaml x: 57 # contributors y: 53 # changes Hunting Queries/AzureDevOpsAuditing/ADONewPackageFeedCreated.yaml x: 74 # contributors y: 73 # changes Hunting Queries/AzureDevOpsAuditing/ADOVariableCreatedDeleted.yaml x: 64 # contributors y: 60 # changes Hunting Queries/AzureDevOpsAuditing/Addtional Org Admin Added.yaml x: 62 # contributors y: 58 # changes Hunting Queries/AzureDevOpsAuditing/AzDODisplayNameSwapping.yaml x: 55 # contributors y: 49 # changes Hunting Queries/AzureDevOpsAuditing/Project visibility changed to public.yaml x: 57 # contributors y: 52 # changes Hunting Queries/AzureDiagnostics/SpringShellExploitationAttempt.yaml x: 22 # contributors y: 19 # changes Hunting Queries/BehaviorAnalytics/Anomalous Password Reset.yaml x: 53 # contributors y: 65 # changes Hunting Queries/GitHub/First Time User Invite and Add Member to Org.yaml x: 39 # contributors y: 49 # changes Hunting Queries/LAQueryLogs/CrossServiceADXQueries.yaml x: 31 # contributors y: 43 # changes Hunting Queries/Microsoft 365 Defender/Device Inventory/Find Software By Name and Version.yaml x: 43 # contributors y: 47 # changes Hunting Queries/Microsoft 365 Defender/Discovery/DetectTorRelayConnectivity.yaml x: 42 # contributors y: 54 # changes Hunting Queries/Microsoft 365 Defender/Exploits/CVE-2022-26134-Confluence.yaml x: 25 # contributors y: 32 # changes Hunting Queries/Microsoft 365 Defender/Ransomware/ASR--Rule-Ransomware-triggered.yaml x: 31 # contributors y: 32 # changes Hunting Queries/Microsoft 365 Defender/Ransomware/DEV-0270/Add malicious user to Admins and RDP users group via PowerShell.yaml x: 31 # contributors y: 31 # changes Hunting Queries/MultipleDataSources/AzureRunCommandMDELinked.yaml x: 19 # contributors y: 18 # changes Hunting Queries/MultipleDataSources/ExchangeServersAssociatedSecurityAlerts.yaml x: 23 # contributors y: 22 # changes Hunting Queries/MultipleDataSources/UserGrantedAccess_CreatesResources.yaml x: 41 # contributors y: 42 # changes Hunting Queries/SecurityEvent/RemoteScheduledTaskCreationUpdateviaSchtasks.yaml x: 24 # contributors y: 23 # changes Hunting Queries/SigninLogs/SpikeInFailedSignInAttempts.yaml x: 34 # contributors y: 34 # changes Hunting Queries/SigninLogs/UnauthUser_AzurePortal.yaml x: 61 # contributors y: 63 # changes Hunting Queries/W3CIISLog/RareUserAgentStrings.yaml x: 72 # contributors y: 75 # changes Hunting Queries/W3CIISLog/SuspectedProxyTokenExploitation.yaml x: 33 # contributors y: 32 # changes Hunting Queries/ZoomLogs/HighCPURoom.yaml x: 68 # contributors y: 79 # changes Parsers/ASimDns/Parsers/ASimDnsAzureFirewall.yaml x: 31 # contributors y: 33 # changes Parsers/ASimDns/Parsers/vimDnsEmpty.yaml x: 49 # contributors y: 66 # changes Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionMicrosoftLinuxSysmon.yaml x: 66 # contributors y: 97 # changes Parsers/ASimProcessEvent/Parsers/ASimProcessCreateLinuxSysmon.yaml x: 24 # contributors y: 34 # changes Parsers/ASimProcessEvent/Parsers/ASimProcessEventMicrosoft365D.yaml x: 50 # contributors y: 71 # changes Parsers/ASimProcessEvent/Parsers/vimProcessEventMD4IoT.yaml x: 37 # contributors y: 54 # changes Parsers/ASimProcessEvent/Parsers/vimProcessEventMicrosoft365D.yaml x: 63 # contributors y: 89 # changes Parsers/ASimWebSession/Parsers/ASimWebSessionSquidProxy.yaml x: 62 # contributors y: 95 # changes Parsers/ASimWebSession/Parsers/vimWebSessionSquidProxy.yaml x: 66 # contributors y: 101 # changes Parsers/Epic_Parser.csl x: 29 # contributors y: 40 # changes Playbooks/Add-IP-Entity-To-Named-Location/AddApiPermissions.ps1 x: 32 # contributors y: 29 # changes Playbooks/Get-AlertEntitiesEnrichment/Deploy.ps1 x: 27 # contributors y: 27 # changes Playbooks/Resolve-McasInfrequentCountryAlerts/Deploy.ps1 x: 10 # contributors y: 10 # changes Solutions/ALC-WebCTRL/Data Connectors/TaskSetup/ALC-WebCTRL-AuditPull.ps1 x: 25 # contributors y: 20 # changes Solutions/AWSAthena/Playbooks/CustomConnector/AWSAthena_FunctionAppConnector/GetQueryExecution/__init__.py x: 21 # contributors y: 29 # changes Solutions/Armorblox/Data Connectors/ArmorbloxAzureSentinelConnector/state_manager.py x: 16 # contributors y: 19 # changes Solutions/Azure kubernetes Service/Hunting Queries/AKS-clusterrolebinding.yaml x: 21 # contributors y: 31 # changes Solutions/Box/Analytic Rules/BoxAbnormalUserActivity.yaml x: 71 # contributors y: 74 # changes Solutions/CiscoUmbrella/Hunting Queries/CiscoUmbrellaBlockedUserAgents.yaml x: 40 # contributors y: 35 # changes Solutions/CiscoUmbrella/Hunting Queries/CiscoUmbrellaDNSErrors.yaml x: 26 # contributors y: 23 # changes Solutions/CiscoUmbrella/Hunting Queries/CiscoUmbrellaHighCountsOfTheSameBytesInSize.yaml x: 51 # contributors y: 50 # changes Solutions/CiscoUmbrella/Hunting Queries/CiscoUmbrellaPossibleConnectionC2.yaml x: 42 # contributors y: 38 # changes Solutions/ContinuousDiagnostics&Mitigation/Analytic Rules/ContinuousDiagnostics&MitigationPostureChanged.yaml x: 36 # contributors y: 48 # changes Solutions/CyberArkEPM/DataConnectors/CyberArkEPMSentinelConnector/state_manager.py x: 21 # contributors y: 19 # changes Solutions/ESET Inspect/Data Connectors/InspectGetDetections/__init__.py x: 29 # contributors y: 34 # changes Solutions/GitHub/Hunting Queries/First Time User Invite and Add Member to Org.yaml x: 43 # contributors y: 40 # changes Solutions/GitHub/Hunting Queries/Inactive or New Account Usage.yaml x: 20 # contributors y: 19 # changes Solutions/GoogleWorkspaceReports/Analytic Rules/GWorkspaceApiAccessToNewClient.yaml x: 48 # contributors y: 58 # changes Solutions/ImpervaCloudWAF/Data Connectors/ImpervaWAFCloudSentinelConnector/state_manager.py x: 17 # contributors y: 17 # changes Solutions/Lookout/Analytic Rules/LookoutThreatEvent.yaml x: 51 # contributors y: 63 # changes Solutions/MicrosoftPurviewInsiderRiskManagement/Hunting Queries/InsiderEntityAnomalyFollowedByIRMAlert.yaml x: 21 # contributors y: 28 # changes Solutions/PaloAltoPrismaCloud/Data Connectors/AzureFunctionPrismaCloud/sentinel_connector_async.py x: 42 # contributors y: 36 # changes Solutions/PaloAltoPrismaCloud/Hunting Queries/PaloAltoPrismaCloudUpdatedResources.yaml x: 25 # contributors y: 23 # changes Solutions/SenservaPro/Analytic Rules/AppsNoClientCredentials.yaml x: 67 # contributors y: 84 # changes Solutions/SlackAudit/Analytic Rules/SlackAuditEmptyUA.yaml x: 69 # contributors y: 75 # changes Solutions/Snowflake/Data Connectors/AzureFunctionSnowflake/sentinel_connector.py x: 39 # contributors y: 42 # changes Solutions/Tanium/Analytic Rules/TaniumThreatResponseAlerts.yaml x: 39 # contributors y: 48 # changes Solutions/ZeroTrust(TIC3.0)/Analytic Rules/Zero_Trust_TIC3.0_ControlAssessmentPostureChange.yaml x: 45 # contributors y: 45 # changes Tools/Az.SecurityInsights-Samples/Alert Rules/Import Analytics Rules/importAzureSentinelRules.ps1 x: 32 # contributors y: 32 # changes Tools/Create-Azure-Sentinel-Solution/arm-ttk/download-arm-ttk.ps1 x: 46 # contributors y: 47 # changes Tools/PowerShell/Create-AnalyticsRulesFromTemplates/Create-AnalyticsRulesFromTemplates.ps1 x: 44 # contributors y: 48 # changes Solutions/AtlassianJiraAudit/Analytic Rules/JiraGlobalPermissionAdded.yaml x: 43 # contributors y: 38 # changes Solutions/CiscoDuoSecurity/Analytic Rules/CiscoDuoADSyncFailed.yaml x: 42 # contributors y: 43 # changes Solutions/Threat Intelligence/Analytic Rules/IPentity_SigninLogs.yaml x: 54 # contributors y: 68 # changes Parsers/ASimAuthentication/Parsers/ASimAuthenticationCiscoIse.yaml x: 1 # contributors y: 4 # changes Parsers/ASimWebSession/Parsers/ASIMWebSessionIIS.yaml x: 16 # contributors y: 20 # changes Solutions/Bitglass/Analytic Rules/BitglassNewDevice.yaml x: 36 # contributors y: 42 # changes Solutions/Bitglass/Analytic Rules/BitglassNewRiskyUser.yaml x: 41 # contributors y: 54 # changes Solutions/Snowflake/Analytic Rules/SnowflakeUserAddAdminPrivileges.yaml x: 34 # contributors y: 43 # changes Solutions/Trend Micro Cloud App Security/Analytic Rules/TrendMicroCASDLPViolation.yaml x: 42 # contributors y: 59 # changes Solutions/Trend Micro Cloud App Security/Analytic Rules/TrendMicroCASRansomwareOutbreak.yaml x: 42 # contributors y: 58 # changes Detections/AWSGuardDuty/AWS_GuardDuty_template.YAML x: 3 # contributors y: 2 # changes
316.0
# changes
  min: 1.0
  average: 50.18
  25th percentile: 25.0
  median: 38.0
  75th percentile: 67.0
  max: 316.0
0 159.0
# contributors
min: 1.0 | average: 41.06 | 25th percentile: 22.0 | median: 34.0 | 75th percentile: 55.0 | max: 159.0

Number of Contributors vs. File Size: 6180 points

Solutions/Threat Intelligence (NEW)/Analytic Rules/DomainEntity_CloudAppEvents_Updated.yaml x: 7 # contributors y: 72 lines of code Solutions/Threat Intelligence (NEW)/Analytic Rules/DomainEntity_DeviceNetworkEvents_Updated.yaml x: 7 # contributors y: 55 lines of code Solutions/Threat Intelligence (NEW)/Analytic Rules/EmailEntity_AzureActivity.yaml x: 8 # contributors y: 55 lines of code Solutions/Threat Intelligence (NEW)/Analytic Rules/EmailEntity_OfficeActivity.yaml x: 8 # contributors y: 58 lines of code Solutions/Threat Intelligence (NEW)/Analytic Rules/EmailEntity_SecurityEvent.yaml x: 8 # contributors y: 75 lines of code Solutions/Threat Intelligence (NEW)/Analytic Rules/IPEntity_AzureFirewall.yaml x: 7 # contributors y: 69 lines of code Solutions/Threat Intelligence (NEW)/Analytic Rules/IPEntity_CloudAppEvents_Updated.yaml x: 7 # contributors y: 4 lines of code Solutions/CiscoASA/Analytic Rules/CiscoASA-AvgAttackDetectRateIncrease.yaml x: 53 # contributors y: 78 lines of code Solutions/CiscoASA/Analytic Rules/CiscoASA-ThreatDetectionMessage.yaml x: 53 # contributors y: 39 lines of code DataConnectors/AWS-S3/Utils/CommonAwsPolicies.ps1 x: 86 # contributors y: 224 lines of code Solutions/AtlassianConfluenceAudit/Parsers/ConfluenceAudit.yaml x: 36 # contributors y: 76 lines of code Solutions/AzureDevOpsAuditing/Analytic Rules/ADOAgentPoolCreatedDeleted.yaml x: 65 # contributors y: 57 lines of code Solutions/AzureDevOpsAuditing/Analytic Rules/ADOAuditStreamDisabled.yaml x: 65 # contributors y: 37 lines of code Solutions/AzureDevOpsAuditing/Analytic Rules/ADOMaliciousToolingDetections1.yaml x: 43 # contributors y: 36 lines of code Solutions/AzureDevOpsAuditing/Analytic Rules/ADONewExtensionAdded.yaml x: 62 # contributors y: 41 lines of code Solutions/AzureDevOpsAuditing/Analytic Rules/ADOPATUsedWithBrowser.yaml x: 75 # contributors y: 38 lines of code Solutions/AzureDevOpsAuditing/Analytic Rules/ADOPipelineModifiedbyNewUser.yaml x: 75 # contributors y: 65 lines of code Solutions/AzureDevOpsAuditing/Analytic Rules/ADOSecretNotSecured.yaml x: 62 # contributors y: 44 lines of code Solutions/AzureDevOpsAuditing/Analytic Rules/ADOVariableModifiedByNewUser.yaml x: 73 # contributors y: 53 lines of code Solutions/AzureDevOpsAuditing/Analytic Rules/AzDOAdminGroupAdditions.yaml x: 71 # contributors y: 47 lines of code Solutions/AzureDevOpsAuditing/Analytic Rules/AzDOHistoricPrPolicyBypassing.yaml x: 77 # contributors y: 52 lines of code Solutions/AzureDevOpsAuditing/Analytic Rules/AzDOHistoricServiceConnectionAdds.yaml x: 73 # contributors y: 67 lines of code Solutions/AzureDevOpsAuditing/Analytic Rules/AzDOPatSessionMisuse.yaml x: 70 # contributors y: 50 lines of code Solutions/AzureDevOpsAuditing/Analytic Rules/AzDOPipelineCreatedDeletedOneDay.yaml x: 64 # contributors y: 69 lines of code Solutions/AzureDevOpsAuditing/Analytic Rules/ExternalUpstreamSourceAddedtoAzureDevOpsFeed.yaml x: 61 # contributors y: 55 lines of code Solutions/AzureDevOpsAuditing/Analytic Rules/NRT_ADOAuditStreamDisabled.yaml x: 64 # contributors y: 33 lines of code Solutions/AzureDevOpsAuditing/Analytic Rules/NewAgentAddedToPoolbyNewUserorofNewOS.yaml x: 72 # contributors y: 72 lines of code Solutions/AzureDevOpsAuditing/Analytic Rules/NewPAPCAPCASaddedtoADO.yaml x: 67 # contributors y: 54 lines of code Solutions/AzureDevOpsAuditing/Hunting Queries/ADOBuildCheckDeleted.yaml x: 65 # contributors y: 27 lines of code Solutions/AzureDevOpsAuditing/Hunting Queries/ADOBuildDeletedAfterPipelineMod.yaml x: 48 # contributors y: 19 lines of code Solutions/AzureDevOpsAuditing/Hunting Queries/ADONewAgentPoolCreated.yaml x: 48 # contributors y: 6 lines of code Solutions/AzureDevOpsAuditing/Hunting Queries/ADONewPATOperation.yaml x: 48 # contributors y: 33 lines of code Solutions/AzureDevOpsAuditing/Hunting Queries/ADONewReleaseApprover.yaml x: 48 # contributors y: 42 lines of code Solutions/AzureDevOpsAuditing/Hunting Queries/Addtional Org Admin Added.yaml x: 33 # contributors y: 30 lines of code Solutions/AzureDevOpsAuditing/Hunting Queries/AzDODisplayNameSwapping.yaml x: 33 # contributors y: 25 lines of code Solutions/AzureDevOpsAuditing/Parsers/ADOAuditLogs.yaml x: 5 # contributors y: 17 lines of code Solutions/ImpervaCloudWAF/Data Connectors/ImpervaWAFCloudSentinelConnector/__init__.py x: 91 # contributors y: 221 lines of code Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - Audit logging disabled.yaml x: 13 # contributors y: 68 lines of code Solutions/Microsoft Entra ID/Analytic Rules/AnomalousUserAppSigninLocationIncrease-detection.yaml x: 47 # contributors y: 38 lines of code Solutions/Microsoft Entra ID/Analytic Rules/DistribPassCrackAttempt.yaml x: 42 # contributors y: 60 lines of code Solutions/Network Session Essentials/Analytic Rules/NetworkPortSweepFromExternalNetwork.yaml x: 75 # contributors y: 91 lines of code Solutions/QualysVM/Data Connectors/AzureFunctionQualysVM_V2/run.ps1 x: 31 # contributors y: 285 lines of code Solutions/QualysVM/Parsers/QualysHostDetection.yaml x: 35 # contributors y: 88 lines of code Solutions/SAP ETD Cloud/Analytic Rules/SAPETD-LoginFromUnexpectedNetwork.yaml x: 19 # contributors y: 65 lines of code Solutions/Samsung Knox Asset Intelligence/Analytic Rules/SamsungKnoxApplicationPrivilegeEscalationOrChange.yaml x: 23 # contributors y: 30 lines of code Solutions/Semperis Directory Services Protector/Analytic Rules/SemperisDSP_EvidenceOfMimikatzDCShadowAttack.yaml x: 57 # contributors y: 23 lines of code Solutions/Semperis Directory Services Protector/Analytic Rules/SemperisDSP_RecentsIDHistoryChangesOnADObjects.yaml x: 66 # contributors y: 33 lines of code Solutions/Semperis Directory Services Protector/Analytic Rules/SemperisDSP_WellKnownPrivilegedSIDsInsIDHistory.yaml x: 57 # contributors y: 33 lines of code Solutions/Semperis Directory Services Protector/Analytic Rules/Semperis_DSP_RBAC_Changes.yaml x: 67 # contributors y: 61 lines of code Solutions/Semperis Directory Services Protector/Parsers/dsp_parser.yaml x: 43 # contributors y: 44 lines of code Solutions/Threat Intelligence (NEW)/Analytic Rules/DomainEntity_CommonSecurityLog.yaml x: 6 # contributors y: 50 lines of code Solutions/Threat Intelligence (NEW)/Analytic Rules/DomainEntity_EmailUrlInfo_Updated.yaml x: 6 # contributors y: 66 lines of code Solutions/Threat Intelligence (NEW)/Analytic Rules/DomainEntity_PaloAlto.yaml x: 6 # contributors y: 108 lines of code Solutions/Threat Intelligence (NEW)/Analytic Rules/FileHashEntity_DeviceFileEvents_Updated.yaml x: 6 # contributors y: 38 lines of code Solutions/Threat Intelligence (NEW)/Analytic Rules/IPEntity_imNetworkSession.yaml x: 7 # contributors y: 106 lines of code Solutions/Threat Intelligence (NEW)/Analytic Rules/URLEntity_PaloAlto.yaml x: 6 # contributors y: 79 lines of code Solutions/Threat Intelligence/Analytic Rules/IPEntity_CustomSecurityLog.yaml x: 102 # contributors y: 69 lines of code Solutions/Threat Intelligence/Analytic Rules/IPEntity_imWebSession.yaml x: 105 # contributors y: 39 lines of code Solutions/WithSecureElementsViaFunction/Data Connectors/WithSecureElementsAzureFunction/function_app.py x: 29 # contributors y: 80 lines of code Solutions/WithSecureElementsViaFunction/Data Connectors/WithSecureElementsAzureFunction/lib/message_factory.py x: 29 # contributors y: 526 lines of code Solutions/WithSecureElementsViaFunction/Data Connectors/WithSecureElementsAzureFunction/lib/withsecure_client.py x: 29 # contributors y: 146 lines of code Tools/Create-Azure-Sentinel-Solution/arm-ttk/run-arm-ttk-in-automation.ps1 x: 30 # contributors y: 45 lines of code Tools/Create-Azure-Sentinel-Solution/common/commonFunctions.ps1 x: 133 # contributors y: 3350 lines of code Tools/Create-Azure-Sentinel-Solution/common/createCCPConnector.ps1 x: 50 # contributors y: 921 lines of code DataConnectors/AWS-S3/ConfigCloudTrailDataConnector.ps1 x: 89 # contributors y: 299 lines of code DataConnectors/AWS-S3/ConfigCloudWatchDataConnector.ps1 x: 65 # contributors y: 97 lines of code DataConnectors/AWS-S3/ConfigGuardDutyDataConnector.ps1 x: 100 # contributors y: 270 lines of code DataConnectors/AWS-S3/Utils/AwsPoliciesUpdate.ps1 x: 32 # contributors y: 125 lines of code DataConnectors/AWS-S3/Utils/AwsResourceCreator.ps1 x: 91 # contributors y: 268 lines of code DataConnectors/AWS-S3/Utils/AwsSentinelTag.ps1 x: 26 # contributors y: 15 lines of code DataConnectors/GCP/Terraform/sentinel_resources_creation/GCPCDNLogsSetup/GCPCDNLogSetup.tf x: 9 # contributors y: 86 lines of code DataConnectors/GCP/Terraform/sentinel_resources_creation/GCPCloudIDSLogSetup/GCPCloudIDSLogSetup.tf x: 8 # contributors y: 86 lines of code DataConnectors/GCP/Terraform/sentinel_resources_creation/GCPDNS_CCPLogsSetup/GCPDNSLogSetup.tf x: 13 # contributors y: 82 lines of code DataConnectors/GCP/Terraform/sentinel_resources_creation/GCPIAMCCPLogsSetup/GCPIAMLOGS.tf x: 12 # contributors y: 82 lines of code Detections/ASimProcess/SdeletedeployedviaGPOandrunrecursively(ASIMVersion).yaml x: 82 # contributors y: 35 lines of code Hunting Queries/Microsoft 365 Defender/Defense evasion/suspicious-base64-encoded-registry-keys.yaml x: 11 # contributors y: 26 lines of code Hunting Queries/Microsoft 365 Defender/Email Queries/General/Email sender IP address Geo location information.yaml x: 13 # contributors y: 20 lines of code Hunting Queries/Microsoft 365 Defender/Email Queries/Hunting/BEC - File sharing tactics - Dropbox.yaml x: 13 # contributors y: 30 lines of code Hunting Queries/Microsoft 365 Defender/Email Queries/Hunting/Email bombing.yaml x: 13 # contributors y: 12 lines of code Hunting Queries/Microsoft 365 Defender/Email Queries/Phish/Possible device code phishing attempts.yaml x: 13 # contributors y: 47 lines of code Playbooks/Isolate-AzVM/Convert-SnapshotsToVHD.ps1 x: 7 # contributors y: 195 lines of code Playbooks/Isolate-AzVM/Set-ManagedIdentity.ps1 x: 7 # contributors y: 92 lines of code Solutions/AIShield AI Security Monitoring/Analytic Rules/BIIDetectionVulDetection.yaml x: 14 # contributors y: 41 lines of code Solutions/AIShield AI Security Monitoring/Parsers/Guardian.yaml x: 14 # contributors y: 27 lines of code Solutions/Armis/Data Connectors/ArmisDevice/ArmisDeviceSentinelConnector/__init__.py x: 68 # contributors y: 456 lines of code Solutions/AtlassianConfluenceAudit/Data Connectors/AtlassianConfluenceAuditDataConnector/ConfluenceAuditAPISentinelConnector/__init__.py x: 9 # contributors y: 115 lines of code Solutions/AtlassianConfluenceAudit/Data Connectors/AtlassianConfluenceAuditDataConnector/ConfluenceAuditAPISentinelConnector/state_manager.py x: 9 # contributors y: 18 lines of code Solutions/Azure Activity/Analytic Rules/Machine_Learning_Creation.yaml x: 11 # contributors y: 53 lines of code Solutions/Commvault Security IQ/Analytic Rules/CommvaultSecurityIQ_Alert.yaml x: 30 # contributors y: 35 lines of code Solutions/Commvault Security IQ/Analytic Rules/Data_Alert.yaml x: 38 # contributors y: 33 lines of code Solutions/Commvault Security IQ/Data Connectors/AzureFunctionCommvaultSecurityIQ/main.py x: 43 # contributors y: 467 lines of code Solutions/Commvault Security IQ/Playbooks/Runbooks/Commvault_Disable_Data_Aging.py x: 26 # contributors y: 78 lines of code Solutions/Commvault Security IQ/Playbooks/Runbooks/Commvault_Disable_IDP.py x: 26 # contributors y: 50 lines of code Solutions/Commvault Security IQ/Tools/AssignLogicAppRoles.ps1 x: 9 # contributors y: 67 lines of code Solutions/Commvault Security IQ/Tools/Setup-CommvaultAutomation.ps1 x: 9 # contributors y: 222 lines of code Solutions/Corelight/Parsers/corelight_corelight_metrics_disk.yaml x: 7 # contributors y: 968 lines of code Solutions/Corelight/Parsers/corelight_corelight_metrics_iface.yaml x: 7 # contributors y: 164 lines of code Solutions/Corelight/Parsers/corelight_files.yaml x: 34 # contributors y: 137 lines of code Solutions/Corelight/Parsers/corelight_http.yaml x: 34 # contributors y: 205 lines of code Solutions/Corelight/Parsers/corelight_intel.yaml x: 27 # contributors y: 101 lines of code Solutions/Corelight/Parsers/corelight_mysql.yaml x: 27 # contributors y: 87 lines of code Solutions/Corelight/Parsers/corelight_notice.yaml x: 27 # contributors y: 146 lines of code Solutions/Corelight/Parsers/corelight_smb_files.yaml x: 27 # contributors y: 125 lines of code Solutions/Corelight/Parsers/corelight_smtp.yaml x: 27 # contributors y: 129 lines of code Solutions/Corelight/Parsers/corelight_software.yaml x: 27 # contributors y: 74 lines of code Solutions/Corelight/Parsers/corelight_suricata_corelight.yaml x: 27 # contributors y: 207 lines of code Solutions/CyberArkAudit/Data Connectors/CyberArkAuditConnector/exporter.py x: 27 # contributors y: 45 lines of code Solutions/ExtraHop/Analytic Rules/ExtraHopSentinelAlerts.yaml x: 10 # contributors y: 64 lines of code Solutions/ExtraHop/Data Connectors/ExtraHopDataConnector/ExtraHopDetectionsOrchestrator/__init__.py x: 9 # contributors y: 11 lines of code Solutions/ExtraHop/Data Connectors/ExtraHopDataConnector/ExtraHopSentinelActivity/sentinel.py x: 9 # contributors y: 197 lines of code Solutions/ForescoutHostPropertyMonitor/Analytic Rules/ForeScout-DNSSniffEventMonitor.yaml x: 54 # contributors y: 35 lines of code Solutions/Google Apigee/Parsers/Unified_ApigeeX.yaml x: 11 # contributors y: 82 lines of code Solutions/GoogleCloudPlatformDNS/Parsers/GCPCloudDNS.yaml x: 43 # contributors y: 131 lines of code Solutions/IllumioSaaS/Data Connectors/CommonCode/constants.py x: 21 # contributors y: 45 lines of code Solutions/Jamf Protect/Analytic Rules/JamfProtectAlerts.yaml x: 65 # contributors y: 81 lines of code Solutions/Jamf Protect/Analytic Rules/JamfProtectNetworkThreats.yaml x: 67 # contributors y: 4 lines of code Solutions/Jamf Protect/Analytic Rules/JamfProtectUnifiedLogs.yaml x: 57 # contributors y: 52 lines of code Solutions/Jamf Protect/Parsers/JamfProtectAlerts.yaml x: 4 # contributors y: 20 lines of code Solutions/Jamf Protect/Parsers/JamfProtectNetworkTraffic.yaml x: 4 # contributors y: 61 lines of code Solutions/Jamf Protect/Parsers/JamfProtectTelemetry.yaml x: 4 # contributors y: 740 lines of code Solutions/Jamf Protect/Parsers/JamfProtectUnifiedLogs.yaml x: 4 # contributors y: 11 lines of code Solutions/Microsoft Entra ID/Analytic Rules/SuspiciousServicePrincipalcreationactivity.yaml x: 48 # contributors y: 97 lines of code Solutions/Microsoft Exchange Security - Exchange On-Premises/# - General Content/Solutions/ESICollector/OnlineDeployment/CollectExchSecIns.ps1 x: 14 # contributors y: 3543 lines of code Solutions/Microsoft Exchange Security - Exchange On-Premises/Parsers/ExchangeAdminAuditLogs.yaml x: 61 # contributors y: 65 lines of code Solutions/Mimecast/Analytic Rules/MimecastAudit/Mimecast_Audit.yaml x: 19 # contributors y: 53 lines of code Solutions/MimecastSEG/Analytic Rules/MimecastSIEM_AV.yaml x: 32 # contributors y: 56 lines of code Solutions/MimecastSEG/Analytic Rules/MimecastSIEM_Attachment.yaml x: 32 # contributors y: 54 lines of code Solutions/MimecastSEG/Analytic Rules/MimecastSIEM_Spam_Event.yaml x: 33 # contributors y: 46 lines of code Solutions/Salesforce Service Cloud/Analytic Rules/Salesforce-PasswordSpray.yaml x: 41 # contributors y: 34 lines of code Solutions/SecurityBridge App/Analytical Rules/CriticalEventTriggered.yaml x: 63 # contributors y: 36 lines of code Solutions/SecurityBridge App/Parsers/SecurityBridgeLogs.yaml x: 40 # contributors y: 33 lines of code Solutions/Team Cymru Scout/Parsers/CymruScoutIP.yaml x: 16 # contributors y: 92 lines of code Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/shared_code/configurations.py x: 83 # contributors y: 117 lines of code Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/timer_trigger/__init__.py x: 63 # contributors y: 104 lines of code Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/timer_trigger_oat/__init__.py x: 87 # contributors y: 105 lines of code DataConnectors/Syslog/Forwarder_AMA_installer.py x: 86 # contributors y: 248 lines of code Solutions/Azure Web Application Firewall (WAF)/Analytic Rules/App-GW-WAF-SQLiDetection.yaml x: 28 # contributors y: 56 lines of code Solutions/Azure Web Application Firewall (WAF)/Analytic Rules/App-GW-WAF-XSSDetection.yaml x: 28 # contributors y: 53 lines of code Solutions/ESET Protect Platform/Data Connectors/integration/main.py x: 24 # contributors y: 147 lines of code Solutions/ESET Protect Platform/Data Connectors/integration/models.py x: 24 # contributors y: 86 lines of code Solutions/ESET Protect Platform/Data Connectors/integration/utils.py x: 30 # contributors y: 276 lines of code Solutions/IPinfo/Data Connectors/ASN/AzureFunctionIPinfoASN/utils.py x: 11 # contributors y: 153 lines of code Solutions/IPinfo/Data Connectors/Domain/AzureFunctionIPinfoDomain/constants.py x: 11 # contributors y: 65 lines of code Solutions/IPinfo/Data Connectors/Iplocation Extended/AzureFunctionIPinfoIplocationExtended/main.py x: 11 # contributors y: 84 lines of code Solutions/IPinfo/Data Connectors/RIRWHOIS/AzureFunctionIPinfoRIRWHOIS/constants.py x: 11 # contributors y: 99 lines of code Solutions/Microsoft 365/Analytic Rules/MailItemsAccessedTimeSeries.yaml x: 75 # contributors y: 80 lines of code Solutions/Microsoft Entra ID/Analytic Rules/NRT_AuthenticationMethodsChangedforVIPUsers.yaml x: 47 # contributors y: 66 lines of code Solutions/ProofPointTap/Analytic Rules/MalwareLinkClicked.yaml x: 104 # contributors y: 52 lines of code Solutions/Proofpoint On demand(POD) Email Security/Data Connectors/ProofpointSentinelConnector/__init__.py x: 61 # contributors y: 165 lines of code Solutions/Salesforce Service Cloud/Analytic Rules/Salesforce-BruteForce.yaml x: 52 # contributors y: 52 lines of code DataConnectors/AWS-S3/CloudWatchPushBasedLambdaFunction.py x: 10 # contributors y: 48 lines of code DataConnectors/M365Defender-VulnerabilityManagement/maintenance/deployLatestFunctionPackage.ps1 x: 43 # contributors y: 7 lines of code Detections/MultipleDataSources/AnomalousIPUsageFollowedByTeamsAction.yaml x: 140 # contributors y: 128 lines of code Hunting Queries/AzureStorage/AzureStorageFileCreatedQuicklyDeleted.yaml x: 49 # contributors y: 39 lines of code Hunting Queries/Microsoft 365 Defender/Email Queries/Attachment/ATP policy status check.yaml x: 37 # contributors y: 27 lines of code Hunting Queries/Microsoft 365 Defender/Email Queries/General/Audit Email Preview-Download action.yaml x: 35 # contributors y: 29 lines of code Hunting Queries/Microsoft 365 Defender/Email Queries/General/Hunt for TABL changes.yaml x: 35 # contributors y: 20 lines of code Hunting Queries/Microsoft 365 Defender/Email Queries/General/MDO daily detection summary report.yaml x: 35 # contributors y: 65 lines of code Hunting Queries/Microsoft 365 Defender/Email Queries/Hunting/Emails containing links to IP addresses.yaml x: 24 # contributors y: 18 lines of code Hunting Queries/Microsoft 365 Defender/Email Queries/Hunting/Good emails from senders with bad patterns.yaml x: 24 # contributors y: 30 lines of code Hunting Queries/Microsoft 365 Defender/Email Queries/Hunting/Hunt for email conversation take over attempts.yaml x: 37 # contributors y: 40 lines of code Hunting Queries/Microsoft 365 Defender/Email Queries/Mailflow/Detections by detection methods.yaml x: 37 # contributors y: 46 lines of code Hunting Queries/Microsoft 365 Defender/Email Queries/Malware/Email containing malware sent by an internal sender.yaml x: 39 # contributors y: 20 lines of code Hunting Queries/Microsoft 365 Defender/Email Queries/QR code/Campaign with randomly named attachments.yaml x: 36 # contributors y: 24 lines of code Hunting Queries/Microsoft 365 Defender/Email Queries/QR code/Custom detection-Emails with QR from non-prevalent senders.yaml x: 39 # contributors y: 51 lines of code Hunting Queries/Microsoft 365 Defender/Email Queries/QR code/Emails delivered having URLs from QR codes.yaml x: 38 # contributors y: 25 lines of code Hunting Queries/Microsoft 365 Defender/Email Queries/QR code/Hunting for sender patterns.yaml x: 36 # contributors y: 47 lines of code Hunting Queries/Microsoft 365 Defender/Email Queries/QR code/Risky sign-in attempt from a non-managed device.yaml x: 36 # contributors y: 31 lines of code Hunting Queries/Microsoft 365 Defender/Email Queries/URL/Phishing Email Url Redirector.yaml x: 37 # contributors y: 6 lines of code Parsers/ASimAuditEvent/Parsers/ASimAuditEvent.yaml x: 104 # contributors y: 63 lines of code Parsers/ASimAuditEvent/Parsers/imAuditEvent.yaml x: 96 # contributors y: 93 lines of code Parsers/ASimAuthentication/Parsers/ASimAuthentication.yaml x: 124 # contributors y: 86 lines of code Parsers/ASimAuthentication/Parsers/imAuthentication.yaml x: 115 # contributors y: 115 lines of code Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionCiscoASA.yaml x: 38 # contributors y: 461 lines of code Parsers/ASimNetworkSession/Parsers/vimNetworkSessionCiscoASA.yaml x: 34 # contributors y: 590 lines of code Solutions/AbnormalSecurity/Data Connectors/SentinelFunctionsOrchestrator/soar_connector_async.py x: 91 # contributors y: 193 lines of code Solutions/AbnormalSecurity/Data Connectors/SentinelFunctionsOrchestrator/soar_connector_async_v2.py x: 23 # contributors y: 230 lines of code Solutions/AbnormalSecurity/Data Connectors/SentinelFunctionsOrchestrator/utils.py x: 22 # contributors y: 135 lines of code Solutions/Apache Log4j Vulnerability Detection/Analytic Rules/UserAgentSearch_log4j.yaml x: 96 # contributors y: 101 lines of code Solutions/AristaAwakeSecurity/Analytic Rules/HighMatchCountsByDevice.yaml x: 69 # contributors y: 63 lines of code Solutions/Azure Cloud NGFW by Palo Alto Networks/Analytic Rules/CloudNGFW-PortScanning.yaml x: 44 # contributors y: 60 lines of code Solutions/Azure Cloud NGFW by Palo Alto Networks/Analytic Rules/CloudNGFW-UnusualThreatSignatures.yaml x: 36 # contributors y: 59 lines of code Solutions/BloodHound Enterprise/Data Connectors/handler.go x: 19 # contributors y: 172 lines of code Solutions/BloodHound Enterprise/Data Connectors/pkg/bloodhound/client.go x: 18 # contributors y: 200 lines of code Solutions/BloodHound Enterprise/Data Connectors/pkg/connector/main.go x: 18 # contributors y: 597 lines of code Solutions/CTERA/Analytic Rules/InfectedFileDetected.yaml x: 14 # contributors y: 49 lines of code Solutions/CTERA/Analytic Rules/MassAccessDenied.yaml x: 14 # contributors y: 65 lines of code Solutions/CiscoWSA/Analytic Rules/CiscoWSAMultipleErrorsToUnwantedCategory.yaml x: 56 # contributors y: 40 lines of code Solutions/CiscoWSA/Analytic Rules/CiscoWSAMultipleInfectedFiles.yaml x: 59 # contributors y: 36 lines of code Solutions/CrowdStrike Falcon Endpoint Protection/Data Connectors/CrowdstrikeReplicator/CrowdstrikeFalconAPISentinelConnector/__init__.py x: 69 # contributors y: 195 lines of code Solutions/CrowdStrike Falcon Endpoint Protection/Data Connectors/CrowdstrikeReplicatorCLv2/CrowdstrikeFalconAPISentinelConn/QueueTriggerCS/__init__.py x: 64 # contributors y: 284 lines of code Solutions/CyberArkAudit/Data Connectors/CyberArkAuditConnector/audit.py x: 25 # contributors y: 165 lines of code Solutions/CyberArkEPM/DataConnectors/CyberArkEPMSentinelConnector/__init__.py x: 57 # contributors y: 160 lines of code Solutions/Digital Guardian Data Loss Prevention/Analytic Rules/DigitalGuardianClassifiedDataInsecureTransfer.yaml x: 22 # contributors y: 35 lines of code Solutions/Digital Guardian Data Loss Prevention/Hunting Queries/DigitalGuardianDomains.yaml x: 22 # contributors y: 26 lines of code Solutions/Dragos/Analytic Rules/DragosNotifiction.yaml x: 20 # contributors y: 63 lines of code Solutions/Dragos/Parsers/DragosNotificationsToSentinel.yaml x: 20 # contributors y: 18 lines of code Solutions/Dragos/Parsers/DragosPullNotificationsToSentinel.yaml x: 20 # contributors y: 46 lines of code Solutions/Dragos/Parsers/DragosPushNotificationsToSentinel.yaml x: 11 # contributors y: 41 lines of code Solutions/Fortinet FortiWeb Cloud WAF-as-a-Service connector for Microsoft Sentinel/Analytic Rules/Fortiweb - WAF Allowed threat.yaml x: 60 # contributors y: 31 lines of code Solutions/Fortinet FortiWeb Cloud WAF-as-a-Service connector for Microsoft Sentinel/Hunting Queries/Unexpected Countries.yaml x: 60 # contributors y: 27 lines of code Solutions/GitLab/Analytic Rules/GitLab_BruteForce.yaml x: 49 # contributors y: 48 lines of code Solutions/GitLab/Analytic Rules/GitLab_MaliciousIP.yaml x: 75 # contributors y: 49 lines of code Solutions/Global Secure Access/Analytic Rules/Identity - AfterHoursActivity.yaml x: 32 # contributors y: 41 lines of code Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Clone_Detection_Query.yaml x: 18 # contributors y: 41 lines of code Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Deactivated_Query.yaml x: 18 # contributors y: 50 lines of code Solutions/IllumioSaaS/Analytic Rules/Illumio_VEN_Enforcement_Change_Detection_Query.yaml x: 21 # contributors y: 58 lines of code Solutions/IllumioSaaS/Data Connectors/TimedApiFunctionApp/api_response.py x: 27 # contributors y: 179 lines of code Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-DataExfiltrationAttack.yaml x: 53 # contributors y: 66 lines of code Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-HighThreatLevelQueryNotBlockedDetected.yaml x: 95 # contributors y: 67 lines of code Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-ManyHighThreatLevelQueriesFromSingleHostDetected.yaml x: 53 # contributors y: 51 lines of code Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-ManyHighThreatLevelSingleQueryDetected.yaml x: 54 # contributors y: 51 lines of code Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-TI-InfobloxCDCMatchFound-LookalikeDomains.yaml x: 54 # contributors y: 79 lines of code Solutions/Infoblox NIOS/Analytic Rules/ExcessiveNXDOMAINDNSQueries.yaml x: 80 # contributors y: 37 lines of code Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTDenialofService.yaml x: 109 # contributors y: 76 lines of code Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTExcessiveLoginAttempts.yaml x: 102 # contributors y: 76 lines of code Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTINoSensorTrafficDetected.yaml x: 83 # contributors y: 76 lines of code Solutions/McAfee ePolicy Orchestrator/Analytic Rules/McAfeeEPOAgentHandlerDown.yaml x: 42 # contributors y: 33 lines of code Solutions/McAfee ePolicy Orchestrator/Hunting Queries/McAfeeEPOInfectedFiles.yaml x: 42 # contributors y: 25 lines of code Solutions/Microsoft Defender XDR/Analytic Rules/Persistence/LocalAdminGroupChanges.yaml x: 37 # contributors y: 83 lines of code Solutions/Microsoft Defender XDR/Analytic Rules/PossibleWebpBufferOverflow.yaml x: 50 # contributors y: 87 lines of code Solutions/Microsoft Entra ID/Analytic Rules/MFARejectedbyUser.yaml x: 57 # contributors y: 85 lines of code Solutions/NGINX HTTP Server/Analytic Rules/NGINXCommandsInRequest.yaml x: 45 # contributors y: 31 lines of code Solutions/NGINX HTTP Server/Analytic Rules/NGINXPutAndGetFileFromSameIP.yaml x: 45 # contributors y: 44 lines of code Solutions/NGINX HTTP Server/Hunting Queries/NGINXRareFilesRequested.yaml x: 45 # contributors y: 27 lines of code Solutions/Nasuni/Analytic Rules/RansomwareAttackDetected.yaml x: 55 # contributors y: 50 lines of code Solutions/Nasuni/Hunting Queries/FileDeleteEvents.yaml x: 55 # contributors y: 71 lines of code Solutions/Okta Single Sign-On/Analytic Rules/FailedLoginsFromUnknownOrInvalidUser.yaml x: 76 # contributors y: 44 lines of code Solutions/Okta Single Sign-On/Analytic Rules/LoginfromUsersfromDifferentCountrieswithin3hours.yaml x: 76 # contributors y: 37 lines of code Solutions/Oracle Cloud Infrastructure/Data Connectors/AzureFunctionOCILogs/main.py x: 122 # contributors y: 163 lines of code Solutions/OracleDatabaseAudit/Analytic Rules/OracleDBAuditConnectFromExternalIp.yaml x: 82 # contributors y: 43 lines of code Solutions/OracleDatabaseAudit/Analytic Rules/OracleDBAuditQueryOnSensitiveTable.yaml x: 85 # contributors y: 35 lines of code Solutions/OracleDatabaseAudit/Hunting Queries/OracleDBAuditActionsByIp.yaml x: 46 # contributors y: 35 lines of code Solutions/OracleDatabaseAudit/Hunting Queries/OracleDBAuditActiveUsers.yaml x: 46 # contributors y: 25 lines of code Solutions/OracleDatabaseAudit/Hunting Queries/OracleDBAuditDbConnectNonOperationalTime.yaml x: 72 # contributors y: 39 lines of code Solutions/OracleDatabaseAudit/Hunting Queries/OracleDBAuditUsersNewPrivilegesAdded.yaml x: 73 # contributors y: 33 lines of code Solutions/OracleDatabaseAudit/Hunting Queries/OracleDBAuditUsersPrivilegesReview.yaml x: 63 # contributors y: 26 lines of code Solutions/OracleWebLogicServer/Analytic Rules/OracleWebLogicExploitCVE-2021-2109.yaml x: 69 # contributors y: 30 lines of code Solutions/OracleWebLogicServer/Analytic Rules/OracleWebLogicPutAndGetFileFromSameIP.yaml x: 56 # contributors y: 44 lines of code Solutions/OracleWebLogicServer/Analytic Rules/OracleWebLogicPutSuspiciousFiles.yaml x: 60 # contributors y: 43 lines of code Solutions/OracleWebLogicServer/Hunting Queries/OracleWebLogicAbnormalRequestSize.yaml x: 34 # contributors y: 32 lines of code Solutions/OracleWebLogicServer/Hunting Queries/OracleWebLogicErrors.yaml x: 44 # contributors y: 22 lines of code Solutions/OracleWebLogicServer/Hunting Queries/OracleWebLogicFilesErrorRequests.yaml x: 44 # contributors y: 28 lines of code Solutions/OracleWebLogicServer/Hunting Queries/OracleWebLogicRareURLsRequested.yaml x: 34 # contributors y: 25 lines of code Solutions/PaloAlto-PAN-OS/Analytic Rules/PaloAlto-NetworkBeaconing.yaml x: 84 # contributors y: 65 lines of code Solutions/PaloAlto-PAN-OS/Analytic Rules/PaloAlto-PortScanning.yaml x: 89 # contributors y: 65 lines of code Solutions/Salesforce Service Cloud/Data Connectors/SalesforceSentinelConnector/__init__.py x: 81 # contributors y: 239 lines of code Solutions/SentinelOne/Parsers/SentinelOne.yaml x: 43 # contributors y: 651 lines of code Solutions/Symantec Endpoint Protection/Analytic Rules/ExcessiveBlockedTrafficGeneratedbyUser.yaml x: 101 # contributors y: 54 lines of code Solutions/Symantec Endpoint Protection/Analytic Rules/MalwareDetected.yaml x: 103 # contributors y: 39 lines of code Tools/Create-Azure-Sentinel-Solution/V3/createSolutionV3.ps1 x: 111 # contributors y: 292 lines of code Tools/Create-Azure-Sentinel-Solution/common/get-ccp-details.ps1 x: 34 # contributors y: 362 lines of code Tools/Create-Azure-Sentinel-Solution/common/standardLogStreams.ps1 x: 13 # contributors y: 106 lines of code ASIM/dev/ASimYaml2ARM/KqlFuncYaml2Arm.py x: 59 # contributors y: 219 lines of code ASIM/dev/Parser YAML templates/ASimAlertEventTemplate.yaml x: 15 # contributors y: 30 lines of code ASIM/dev/Parser YAML templates/ASimAuthenticationTemplate.yaml x: 52 # contributors y: 30 lines of code ASIM/dev/Parser YAML templates/vimAlertEventTemplate.yaml x: 15 # contributors y: 82 lines of code ASIM/dev/Parser YAML templates/vimAuditEventTemplate.yaml x: 38 # contributors y: 77 lines of code ASIM/dev/Parser YAML templates/vimAuthenticationTemplate.yaml x: 52 # contributors y: 95 lines of code ASIM/dev/Parser YAML templates/vimDnsTemplate.yaml x: 52 # contributors y: 72 lines of code ASIM/dev/Parser YAML templates/vimProcessEventTemplate.yaml x: 38 # contributors y: 97 lines of code ASIM/dev/Parser YAML templates/vimUserManagementTemplate.yaml x: 38 # contributors y: 62 lines of code ASIM/lib/functions/ASIM_FillNull.yaml x: 12 # contributors y: 26 lines of code DataConnectors/AWS-S3/CloudWatchLambdaFunction.py x: 40 # contributors y: 47 lines of code DataConnectors/AWS-SecurityHubFindings/AzFunAWSSecurityHubIngestion/__init__.py x: 105 # contributors y: 334 lines of code DataConnectors/O365 Data/O365APItoAS-Template/TimerTrigger/run.ps1 x: 78 # contributors y: 276 lines of code DataConnectors/microsoft-sentinel-log-analytics-logstash-output-plugin/lib/logstash/sentinel_la/logStashEventsBatcher.rb x: 49 # contributors y: 115 lines of code DataConnectors/microsoft-sentinel-log-analytics-logstash-output-plugin/lib/logstash/sentinel_la/version.rb x: 71 # contributors y: 9 lines of code DataConnectors/microsoft-sentinel-log-analytics-logstash-output-plugin/microsoft-sentinel-log-analytics-logstash-output-plugin.gemspec x: 49 # contributors y: 19 lines of code Detections/CommonSecurityLog/MultiVendor-PossibleDGAContacts.yaml x: 111 # contributors y: 132 lines of code Detections/MultipleDataSources/AADHostLoginCorrelation.yaml x: 144 # contributors y: 128 lines of code Detections/MultipleDataSources/powershell_MangoSandstorm.yaml x: 64 # contributors y: 79 lines of code Detections/SecurityAlert/AVSpringShell.yaml x: 79 # contributors y: 5 lines of code Hunting Queries/BehaviorAnalytics/Anomalous AAD Account Manipulation.yaml x: 96 # contributors y: 4 lines of code Hunting Queries/DeviceProcess/VScodeExtensionofanUser.yaml x: 12 # contributors y: 45 lines of code Parsers/ASimAlertEvent/Parsers/ASimAlertEventMicrosoftDefenderXDR.yaml x: 15 # contributors y: 174 lines of code Parsers/ASimAlertEvent/Parsers/ASimAlertEventSentinelOneSingularity.yaml x: 15 # contributors y: 113 lines of code Parsers/ASimAlertEvent/Parsers/vimAlertEventEmpty.yaml x: 15 # contributors y: 129 lines of code Parsers/ASimAlertEvent/Parsers/vimAlertEventMicrosoftDefenderXDR.yaml x: 15 # contributors y: 228 lines of code Parsers/ASimAuditEvent/Parsers/ASimAuditEventIllumioSaaSCore.yaml x: 9 # contributors y: 375 lines of code Parsers/ASimAuditEvent/Parsers/ASimAuditEventInfobloxBloxOne.yaml x: 12 # contributors y: 143 lines of code Parsers/ASimAuditEvent/Parsers/vimAuditEventIllumioSaaSCore.yaml x: 9 # contributors y: 434 lines of code Parsers/ASimAuditEvent/Parsers/vimAuditEventInfobloxBloxOne.yaml x: 12 # contributors y: 179 lines of code Parsers/ASimAuthentication/Parsers/ASimAuthenticationMicrosoftWindowsEvent.yaml x: 87 # contributors y: 214 lines of code Parsers/ASimAuthentication/Parsers/vimAuthenticationIllumioSaaSCore.yaml x: 9 # contributors y: 147 lines of code Parsers/ASimAuthentication/Parsers/vimAuthenticationMicrosoftWindowsEvent.yaml x: 86 # contributors y: 396 lines of code Parsers/ASimDhcpEvent/Parsers/ASimDhcpEventInfobloxBloxOne.yaml x: 12 # contributors y: 135 lines of code Parsers/ASimDns/Parsers/ASimDnsInfobloxBloxOne.yaml x: 12 # contributors y: 229 lines of code Parsers/ASimDns/Parsers/imDns.yaml x: 83 # contributors y: 86 lines of code Parsers/ASimDns/Parsers/vimDnsInfobloxBloxOne.yaml x: 12 # contributors y: 285 lines of code Parsers/ASimNetworkSession/Parsers/ASimNetworkSession.yaml x: 155 # contributors y: 103 lines of code Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionIllumioSaaSCore.yaml x: 9 # contributors y: 306 lines of code Parsers/ASimNetworkSession/Parsers/imNetworkSession.yaml x: 158 # contributors y: 140 lines of code Parsers/ASimNetworkSession/Parsers/vimNetworkSessionIllumioSaaSCore.yaml x: 9 # contributors y: 385 lines of code Playbooks/MDTI-Actor-Lookup/function_app.py x: 17 # contributors y: 104 lines of code Solutions/AbnormalSecurity/Data Connectors/SentinelFunctionsOrchestrator/__init__.py x: 71 # contributors y: 143 lines of code Solutions/Amazon Web Services/Analytic Rules/AWS_OverlyPermessiveKMS.yaml x: 66 # contributors y: 47 lines of code Solutions/ApacheHTTPServer/Analytic Rules/ApacheRequestToRareFile.yaml x: 59 # contributors y: 42 lines of code Solutions/ApacheHTTPServer/Hunting Queries/ApacheFilesRequested.yaml x: 41 # contributors y: 27 lines of code Solutions/ApacheHTTPServer/Hunting Queries/ApacheRareUAWithClientErrors.yaml x: 59 # contributors y: 26 lines of code Solutions/ApacheHTTPServer/Hunting Queries/ApacheRareURLsRequested.yaml x: 53 # contributors y: 26 lines of code Solutions/Armis/Data Connectors/ArmisAlertsActivities/ArmisAlertActivitySentinelConnector/__init__.py x: 24 # contributors y: 340 lines of code Solutions/Armis/Data Connectors/ArmisAlertsActivities/ArmisAlertActivitySentinelConnector/utils.py x: 26 # contributors y: 205 lines of code Solutions/Armis/Data Connectors/ArmisDevice/Exceptions/ArmisExceptions.py x: 36 # contributors y: 6 lines of code Solutions/BitSight/Data Connectors/BitSightDataConnector/BreachesDetails/bitsight_breaches.py x: 52 # contributors y: 189 lines of code Solutions/BitSight/Data Connectors/BitSightDataConnector/CompaniesDetails/bitsight_companies.py x: 52 # contributors y: 248 lines of code Solutions/BitSight/Data Connectors/BitSightDataConnector/FindingsSummaryDetails/bitsight_findings_summary.py x: 52 # contributors y: 226 lines of code Solutions/BitSight/Data Connectors/BitSightDataConnector/PortFolioCompanies/bitsight_portfolio.py x: 31 # contributors y: 134 lines of code Solutions/BitSight/Data Connectors/BitSightDataConnector/SharedCode/bitsight_client.py x: 39 # contributors y: 153 lines of code Solutions/BitSight/Data Connectors/BitSightDataConnector/SharedCode/utils.py x: 32 # contributors y: 201 lines of code Solutions/BloodHound Enterprise/Data Connectors/pkg/azure/client.go x: 11 # contributors y: 12 lines of code Solutions/Box/Parsers/BoxEvents.yaml x: 43 # contributors y: 320 lines of code Solutions/Cisco ISE/Analytic Rules/CiscoISEAdminPasswordReset.yaml x: 92 # contributors y: 38 lines of code Solutions/Cisco ISE/Analytic Rules/CiscoISEAttempDeleteLocalStoreLogs.yaml x: 92 # contributors y: 42 lines of code Solutions/Cisco ISE/Analytic Rules/CiscoISECmdExecutionWithHighestPrivilegesNewIP.yaml x: 119 # contributors y: 51 lines of code Solutions/Cisco ISE/Hunting Queries/CiscoISEExpiredCertInClientCertChain.yaml x: 45 # contributors y: 13 lines of code Solutions/CiscoSEG/Hunting Queries/CiscoSEGDroppedInMails.yaml x: 56 # contributors y: 25 lines of code Solutions/CiscoSEG/Hunting Queries/CiscoSEGDroppedOutMails.yaml x: 55 # contributors y: 25 lines of code Solutions/CiscoSEG/Hunting Queries/CiscoSEGInsecureProtocol.yaml x: 69 # contributors y: 25 lines of code Solutions/CiscoSEG/Hunting Queries/CiscoSEGSpamMails.yaml x: 71 # contributors y: 27 lines of code Solutions/CiscoSEG/Hunting Queries/CiscoSEGUsersReceivedSpam.yaml x: 87 # contributors y: 27 lines of code Solutions/CiscoSEG/Parsers/CiscoSEGEvent.yaml x: 38 # contributors y: 47 lines of code Solutions/Claroty/Analytic Rules/ClarotyLoginToUncommonSite.yaml x: 91 # contributors y: 44 lines of code Solutions/Claroty/Analytic Rules/ClarotyMultipleFailedLoginsSameDst.yaml x: 91 # contributors y: 37 lines of code Solutions/Cloudflare/Data Connectors/AzureFunctionCloudflare/main.py x: 153 # contributors y: 160 lines of code Solutions/Cloudflare/Data Connectors/AzureFunctionCloudflare/sentinel_connector_async.py x: 60 # contributors y: 94 lines of code Solutions/CohesitySecurity/Data Connectors/Helios2Sentinel/IncidentProducer/IncidentProducer.cs x: 59 # contributors y: 376 lines of code Solutions/Corelight/Parsers/corelight_conn.yaml x: 30 # contributors y: 198 lines of code Solutions/Corelight/Parsers/corelight_dns.yaml x: 30 # contributors y: 167 lines of code Solutions/Corelight/Parsers/corelight_etc_viz.yaml x: 30 # contributors y: 111 lines of code Solutions/Corelight/Parsers/corelight_rdp.yaml x: 30 # contributors y: 117 lines of code Solutions/Corelight/Parsers/corelight_vpn.yaml x: 30 # contributors y: 177 lines of code Solutions/Cortex XDR/Parsers/PaloAltoCortexXDR.yaml x: 9 # contributors y: 41 lines of code Solutions/CrowdStrike Falcon Endpoint Protection/Analytic Rules/CriticalOrHighSeverityDetectionsByUser.yaml x: 136 # contributors y: 19 lines of code Solutions/CrowdStrike Falcon Endpoint Protection/Analytic Rules/CriticalSeverityDetection.yaml x: 136 # contributors y: 45 lines of code Solutions/CrowdStrike Falcon Endpoint Protection/Data Connectors/CrowdstrikeReplicatorCLv2/CrowdstrikeFalconAPISentinelConn/Replicator/main_aws_queue.py x: 67 # contributors y: 157 lines of code Solutions/DNS Essentials/Analytic Rules/MultipleErrorsReportedForSameDNSQueryStaticThresholdBased.yaml x: 68 # contributors y: 74 lines of code Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/DomainRiskScore/__init__.py x: 24 # contributors y: 70 lines of code Solutions/ESET Protect Platform/Data Connectors/function_app.py x: 15 # contributors y: 17 lines of code Solutions/ESET Protect Platform/Data Connectors/integration/__init__.py x: 14 # contributors y: 1 lines of code Solutions/ESET Protect Platform/Data Connectors/integration/models_detections.py x: 18 # contributors y: 96 lines of code Solutions/FalconFriday/Analytic Rules/MatchLegitimateNameOrLocation.yaml x: 55 # contributors y: 62 lines of code Solutions/Global Secure Access/Analytic Rules/Office 365 - ExternalUserAddedRemovedInTeams.yaml x: 23 # contributors y: 94 lines of code Solutions/Global Secure Access/Analytic Rules/Office 365 - Malicious_Inbox_Rule.yaml x: 23 # contributors y: 76 lines of code Solutions/Global Secure Access/Analytic Rules/Office 365 - MultipleTeamsDeletes.yaml x: 23 # contributors y: 58 lines of code Solutions/Global Secure Access/Analytic Rules/Office 365 - SharePoint_Downloads_byNewUserAgent.yaml x: 23 # contributors y: 116 lines of code Solutions/Global Secure Access/Analytic Rules/Office 365 - office_policytampering.yaml x: 23 # contributors y: 100 lines of code Solutions/Global Secure Access/Hunting Queries/AnomolousUserAccessingOtherUsersMailbox.yaml x: 26 # contributors y: 110 lines of code Solutions/Global Secure Access/Hunting Queries/ExternalUserFromNewOrgAddedToTeams.yaml x: 19 # contributors y: 15 lines of code Solutions/Global Secure Access/Hunting Queries/Mail_redirect_via_ExO_transport_rule_hunting.yaml x: 19 # contributors y: 73 lines of code Solutions/IllumioSaaS/Data Connectors/CommonCode/sentinel_connector.py x: 9 # contributors y: 48 lines of code Solutions/IllumioSaaS/Data Connectors/QueueTriggerFuncApp/azure_queue_trigger.py x: 26 # contributors y: 161 lines of code Solutions/IllumioSaaS/Data Connectors/TimedSQSFunctionApp/aws_queue.py x: 26 # contributors y: 250 lines of code Solutions/Malware Protection Essentials/Analytic Rules/SuspiciousProcessCreation.yaml x: 29 # contributors y: 95 lines of code Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - Bulk record ownership re-assignment or sharing.yaml x: 9 # contributors y: 72 lines of code Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - Guest user exfiltration following Power Platform defense impairment.yaml x: 9 # contributors y: 126 lines of code Solutions/Microsoft Business Applications/Analytic Rules/Dataverse - Hierarchy security manipulation.yaml x: 9 # contributors y: 99 lines of code Solutions/Microsoft Business Applications/Parsers/MSBizAppsOrgSettings.yaml x: 9 # contributors y: 478 lines of code Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Hunting/Automated email notifications and suspicious sign-in activity.yaml x: 16 # contributors y: 26 lines of code Solutions/Microsoft Defender XDR/Hunting Queries/Email Queries/Hunting/BEC - File sharing tactics - Dropbox.yaml x: 16 # contributors y: 30 lines of code Solutions/Microsoft Exchange Security - Exchange On-Premises/Parsers/MESCompareDataOnPMRA.yaml x: 15 # contributors y: 183 lines of code Solutions/Microsoft Exchange Security - Exchange Online/Parsers/MESCompareDataMRA.yaml x: 31 # contributors y: 187 lines of code Solutions/Mimecast/Data Connectors/MimecastAT/PerformanceDetails/mimecast_performance_details_to_sentinel.py x: 11 # contributors y: 216 lines of code Solutions/Mimecast/Data Connectors/MimecastAT/SharedCode/sentinel.py x: 12 # contributors y: 249 lines of code Solutions/Mimecast/Data Connectors/MimecastAT/SharedCode/utils.py x: 11 # contributors y: 751 lines of code Solutions/Mimecast/Data Connectors/MimecastAT/UserData/mimecast_user_data_to_sentinel.py x: 11 # contributors y: 233 lines of code Solutions/Mimecast/Data Connectors/MimecastAudit/MimecastAudit/mimecast_audit_to_sentinel.py x: 12 # contributors y: 474 lines of code Solutions/Mimecast/Data Connectors/MimecastAudit/SharedCode/sentinel.py x: 12 # contributors y: 256 lines of code Solutions/Mimecast/Data Connectors/MimecastAudit/SharedCode/utils.py x: 11 # contributors y: 565 lines of code Solutions/Mimecast/Data Connectors/MimecastCloudIntegrated/MimecastCI/mimecast_ci_to_sentinel.py x: 11 # contributors y: 553 lines of code Solutions/Mimecast/Data Connectors/MimecastCloudIntegrated/SharedCode/sentinel.py x: 12 # contributors y: 318 lines of code Solutions/Mimecast/Data Connectors/MimecastCloudIntegrated/SharedCode/utils.py x: 11 # contributors y: 628 lines of code Solutions/Mimecast/Data Connectors/MimecastSEG/MimecastDLP/mimecast_dlp_to_sentinel.py x: 11 # contributors y: 342 lines of code Solutions/Mimecast/Data Connectors/MimecastSEG/SharedCode/sentinel.py x: 12 # contributors y: 386 lines of code Solutions/Mimecast/Data Connectors/MimecastSEG/SharedCode/utils.py x: 11 # contributors y: 625 lines of code Solutions/Mimecast/Data Connectors/MimecastTTP/SharedCode/utils.py x: 11 # contributors y: 733 lines of code Solutions/Mimecast/Parsers/MimecastSEG/Mimecast_SEG_CG.yaml x: 11 # contributors y: 195 lines of code Solutions/Okta Single Sign-On/Analytic Rules/NewDeviceLocationCriticalOperation.yaml x: 62 # contributors y: 61 lines of code Solutions/Okta Single Sign-On/Parsers/OktaSSO.yaml x: 49 # contributors y: 157 lines of code Solutions/PaloAlto-PAN-OS/Analytic Rules/FileHashEntity_Covid19_CommonSecurityLog.yaml x: 80 # contributors y: 70 lines of code Solutions/PaloAlto-PAN-OS/Analytic Rules/PaloAlto-UnusualThreatSignatures.yaml x: 70 # contributors y: 57 lines of code Solutions/PaloAlto-PAN-OS/Hunting Queries/Palo Alto - potential beaconing detected.yaml x: 72 # contributors y: 61 lines of code Solutions/PaloAlto-PAN-OS/Hunting Queries/PaloAlto-HighRiskPorts.yaml x: 70 # contributors y: 112 lines of code Solutions/PaloAltoCDL/Analytic Rules/PaloAltoCDLConflictingMacAddress.yaml x: 77 # contributors y: 39 lines of code Solutions/PaloAltoCDL/Hunting Queries/PaloAltoCDLCriticalEventResult.yaml x: 58 # contributors y: 28 lines of code Solutions/PaloAltoCDL/Hunting Queries/PaloAltoCDLFilePermissionWithPutRequest.yaml x: 58 # contributors y: 26 lines of code Solutions/PaloAltoCDL/Hunting Queries/PaloAltoCDLOutdatedConfigVersions.yaml x: 77 # contributors y: 27 lines of code Solutions/PaloAltoCDL/Hunting Queries/PaloAltoCDLRarePortsbyUser.yaml x: 67 # contributors y: 30 lines of code Solutions/PingFederate/Analytic Rules/PingFederateAbnormalPasswordResetsAttempts.yaml x: 99 # contributors y: 32 lines of code Solutions/PingFederate/Analytic Rules/PingFederateAuthFromNewSource.yaml x: 99 # contributors y: 42 lines of code Solutions/PingFederate/Hunting Queries/PingFederateAuthUrls.yaml x: 67 # contributors y: 25 lines of code Solutions/PingFederate/Hunting Queries/PingFederateUnusualSources.yaml x: 84 # contributors y: 29 lines of code Solutions/Pure Storage/Analytic Rules/FB-FabricModuleUnhealthy.yaml x: 15 # contributors y: 44 lines of code Solutions/RubrikSecurityCloud/Data Connectors/RubrikWebhookEvents/shared_code/consts.py x: 38 # contributors y: 10 lines of code Solutions/SonicWall Firewall/Analytic Rules/CaptureATPMaliciousFileDetection.yaml x: 31 # contributors y: 60 lines of code Solutions/SonicWall Firewall/Hunting Queries/OutboundSSHConnections.yaml x: 31 # contributors y: 34 lines of code Solutions/Team Cymru Scout/Data Connectors/TeamCymruScout/DomainDataCollector/domain_collector.py x: 14 # contributors y: 87 lines of code Solutions/Team Cymru Scout/Data Connectors/TeamCymruScout/IPDataCollector/ip_collector.py x: 14 # contributors y: 252 lines of code Solutions/Team Cymru Scout/Data Connectors/TeamCymruScout/SharedCode/sentinel.py x: 14 # contributors y: 197 lines of code Solutions/Team Cymru Scout/Data Connectors/TeamCymruScout/SharedCode/teamcymruscout_client.py x: 14 # contributors y: 173 lines of code Solutions/Team Cymru Scout/Data Connectors/TeamCymruScout/SharedCode/utils.py x: 14 # contributors y: 147 lines of code Solutions/Tenable App/Data Connectors/TenableVM/TenableCleanTables/__init__.py x: 29 # contributors y: 41 lines of code Solutions/Tenable App/Data Connectors/TenableVM/TenableCleanUpOrchestrator/__init__.py x: 29 # contributors y: 13 lines of code Solutions/Tenable App/Data Connectors/TenableVM/TenableComplianceExportOrchestrator/__init__.py x: 15 # contributors y: 87 lines of code Solutions/Tenable App/Data Connectors/TenableVM/TenableExportStarter/__init__.py x: 29 # contributors y: 134 lines of code Solutions/Tenable App/Data Connectors/TenableVM/TenableExportsOrchestrator/__init__.py x: 29 # contributors y: 176 lines of code Solutions/Tenable App/Data Connectors/TenableVM/azure_sentinel.py x: 29 # contributors y: 58 lines of code Solutions/Threat Intelligence/Analytic Rules/DomainEntity_EmailUrlInfo.yaml x: 50 # contributors y: 74 lines of code Solutions/Threat Intelligence/Analytic Rules/IPEntity_CloudAppEvents.yaml x: 32 # contributors y: 4 lines of code Solutions/Tomcat/Analytic Rules/TomcatCommandsinRequest.yaml x: 51 # contributors y: 31 lines of code Solutions/Tomcat/Analytic Rules/TomcatPutAndGetFileFromSameIP.yaml x: 51 # contributors y: 44 lines of code Solutions/TransmitSecurity/Data Connectors/TransmitSecurityConnector/__init__.py x: 24 # contributors y: 126 lines of code Solutions/Trend Micro Apex One/Hunting Queries/TMApexOneChannelType.yaml x: 67 # contributors y: 75 lines of code Solutions/Trend Micro Apex One/Hunting Queries/TMApexOneRareAppProtocolByIP.yaml x: 75 # contributors y: 148 lines of code Solutions/Ubiquiti UniFi/Analytic Rules/UbiquitiL2RFTP.yaml x: 55 # contributors y: 36 lines of code Solutions/Ubiquiti UniFi/Analytic Rules/UbiquitiL2RLargeIcmp.yaml x: 46 # contributors y: 43 lines of code Solutions/VMWareESXi/Analytic Rules/ESXiDormantVMStarted.yaml x: 94 # contributors y: 57 lines of code Solutions/VMWareESXi/Analytic Rules/ESXiMultipleNewVM.yaml x: 98 # contributors y: 46 lines of code Solutions/VMware vCenter/Analytic Rules/vCenterRootLogin.yaml x: 50 # contributors y: 37 lines of code Solutions/Vectra AI Detect/Analytic Rules/VectraDetect-Account-Detections.yaml x: 66 # contributors y: 94 lines of code Solutions/Vectra AI Detect/Analytic Rules/VectraDetect-Account-by-Severity.yaml x: 90 # contributors y: 37 lines of code Solutions/Vectra AI Detect/Analytic Rules/VectraDetect-HighSeverityDetection-by-Tactics.yaml x: 90 # contributors y: 114 lines of code Solutions/Vectra AI Detect/Analytic Rules/VectraDetect-Host-by-Severity.yaml x: 90 # contributors y: 87 lines of code Solutions/Vectra AI Detect/Analytic Rules/VectraDetect-NewCampaign.yaml x: 100 # contributors y: 62 lines of code Solutions/Vectra AI Detect/Analytic Rules/VectraDetect-Suspected-Behavior-by-Tactics.yaml x: 90 # contributors y: 100 lines of code Solutions/Vectra AI Stream/Parsers/vectra_match.yaml x: 10 # contributors y: 17 lines of code Solutions/Vectra AI Stream/Parsers/vectra_stream.yaml x: 25 # contributors y: 13 lines of code Solutions/ZeroNetworks/Parsers/ZNSegmentAudit.yaml x: 41 # contributors y: 208 lines of code Solutions/Zscaler Internet Access/Analytic Rules/Zscaler-LowVolumeDomainRequests.yaml x: 69 # contributors y: 53 lines of code Solutions/Zscaler Private Access (ZPA)/Analytic Rules/ZscalerZPAConnectionsFromNewIP.yaml x: 63 # contributors y: 43 lines of code Solutions/Zscaler Private Access (ZPA)/Hunting Queries/ZscalerIPsByPorts.yaml x: 62 # contributors y: 24 lines of code DataConnectors/microsoft-sentinel-log-analytics-logstash-output-plugin/lib/logstash/sentinel_la/logAnalyticsClient.rb x: 65 # contributors y: 102 lines of code Detections/CommonSecurityLog/TimeSeriesAnomaly-MultiVendor_NetworkTraffic.yaml x: 111 # contributors y: 92 lines of code Detections/MultipleDataSources/StarBlizzardDomainsAugust2022.yaml x: 60 # contributors y: 117 lines of code Detections/SecurityEvent/RDP_Nesting.yaml x: 141 # contributors y: 159 lines of code Detections/SigninLogs/ExplicitMFADeny.yaml x: 136 # contributors y: 5 lines of code Detections/ZoomLogs/SupiciousLinkSharing.yaml x: 122 # contributors y: 46 lines of code Parsers/ASimAuditEvent/Parsers/ASimAuditEventBarracudaCEF.yaml x: 13 # contributors y: 160 lines of code Parsers/ASimAuditEvent/Parsers/ASimAuditEventBarracudaWAF.yaml x: 43 # contributors y: 159 lines of code Parsers/ASimAuditEvent/Parsers/ASimAuditEventCiscoMeraki.yaml x: 39 # contributors y: 219 lines of code Parsers/ASimAuditEvent/Parsers/ASimAuditEventCiscoMerakiSyslog.yaml x: 14 # contributors y: 225 lines of code Parsers/ASimAuditEvent/Parsers/ASimAuditEventMicrosoftEvent.yaml x: 13 # contributors y: 184 lines of code Parsers/ASimAuditEvent/Parsers/ASimAuditEventMicrosoftSecurityEvents.yaml x: 13 # contributors y: 201 lines of code Parsers/ASimAuditEvent/Parsers/ASimAuditEventMicrosoftWindowsEvents.yaml x: 85 # contributors y: 196 lines of code Parsers/ASimAuditEvent/Parsers/vimAuditEventBarracudaWAF.yaml x: 43 # contributors y: 205 lines of code Parsers/ASimAuditEvent/Parsers/vimAuditEventCiscoMeraki.yaml x: 39 # contributors y: 257 lines of code Parsers/ASimAuditEvent/Parsers/vimAuditEventMicrosoftEvent.yaml x: 13 # contributors y: 260 lines of code Parsers/ASimAuditEvent/Parsers/vimAuditEventMicrosoftSecurityEvents.yaml x: 13 # contributors y: 288 lines of code Parsers/ASimAuditEvent/Parsers/vimAuditEventMicrosoftWindowsEvents.yaml x: 85 # contributors y: 282 lines of code Parsers/ASimAuthentication/Parsers/ASimAuthenticationCiscoMeraki.yaml x: 48 # contributors y: 146 lines of code Parsers/ASimAuthentication/Parsers/ASimAuthenticationCiscoMerakiSyslog.yaml x: 14 # contributors y: 155 lines of code Parsers/ASimAuthentication/Parsers/ASimAuthenticationOktaOSS.yaml x: 101 # contributors y: 113 lines of code Parsers/ASimAuthentication/Parsers/vimAuthenticationCiscoMeraki.yaml x: 51 # contributors y: 224 lines of code Parsers/ASimAuthentication/Parsers/vimAuthenticationOktaOSS.yaml x: 95 # contributors y: 189 lines of code Parsers/ASimDns/Parsers/ASimDnsMicrosoftSysmon.yaml x: 74 # contributors y: 118 lines of code Parsers/ASimDns/Parsers/vimDnsMicrosoftSysmon.yaml x: 54 # contributors y: 180 lines of code Parsers/ASimFileEvent/Parsers/ASimFileEvent.yaml x: 58 # contributors y: 64 lines of code Parsers/ASimFileEvent/Parsers/ASimFileEventMicrosoftSysmon.yaml x: 34 # contributors y: 104 lines of code Parsers/ASimFileEvent/Parsers/ASimFileEventMicrosoftSysmonWindowsEvent.yaml x: 13 # contributors y: 96 lines of code Parsers/ASimFileEvent/Parsers/ASimFileEventMicrosoftWindowsEvents.yaml x: 34 # contributors y: 91 lines of code Parsers/ASimFileEvent/Parsers/imFileEvent.yaml x: 84 # contributors y: 109 lines of code Parsers/ASimFileEvent/Parsers/vimFileEventMicrosoftSysmon.yaml x: 51 # contributors y: 178 lines of code Parsers/ASimFileEvent/Parsers/vimFileEventMicrosoftSysmonWindowsEvent.yaml x: 13 # contributors y: 169 lines of code Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionBarracudaWAF.yaml x: 42 # contributors y: 132 lines of code Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionCiscoMeraki.yaml x: 85 # contributors y: 382 lines of code Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionCiscoMerakiSyslog.yaml x: 14 # contributors y: 386 lines of code Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionMicrosoftSysmon.yaml x: 44 # contributors y: 126 lines of code Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionMicrosoftSysmonWindowsEvent.yaml x: 12 # contributors y: 121 lines of code Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionMicrosoftWindowsEventFirewall.yaml x: 99 # contributors y: 135 lines of code Parsers/ASimNetworkSession/Parsers/vimNetworkSessionBarracudaWAF.yaml x: 42 # contributors y: 204 lines of code Parsers/ASimNetworkSession/Parsers/vimNetworkSessionCiscoMeraki.yaml x: 85 # contributors y: 450 lines of code Parsers/ASimNetworkSession/Parsers/vimNetworkSessionCiscoMerakiSyslog.yaml x: 14 # contributors y: 454 lines of code Parsers/ASimNetworkSession/Parsers/vimNetworkSessionMicrosoftSecurityEventFirewall.yaml x: 15 # contributors y: 295 lines of code Parsers/ASimNetworkSession/Parsers/vimNetworkSessionMicrosoftSysmon.yaml x: 12 # contributors y: 204 lines of code Parsers/ASimNetworkSession/Parsers/vimNetworkSessionMicrosoftSysmonWindowsEvent.yaml x: 12 # contributors y: 195 lines of code Parsers/ASimNetworkSession/Parsers/vimNetworkSessionMicrosoftWindowsEventFirewall.yaml x: 109 # contributors y: 196 lines of code Parsers/ASimProcessEvent/Parsers/ASimProcessCreateMicrosoftSysmon.yaml x: 60 # contributors y: 131 lines of code Parsers/ASimProcessEvent/Parsers/ASimProcessCreateMicrosoftSysmonWindowsEvent.yaml x: 13 # contributors y: 114 lines of code Parsers/ASimProcessEvent/Parsers/ASimProcessEvent.yaml x: 88 # contributors y: 59 lines of code Parsers/ASimProcessEvent/Parsers/ASimProcessTerminateMicrosoftSysmon.yaml x: 60 # contributors y: 83 lines of code Parsers/ASimProcessEvent/Parsers/ASimProcessTerminateMicrosoftSysmonWindowsEvent.yaml x: 12 # contributors y: 59 lines of code Parsers/ASimProcessEvent/Parsers/imProcessEvent.yaml x: 58 # contributors y: 106 lines of code Parsers/ASimProcessEvent/Parsers/vimProcessCreateMicrosoftSysmon.yaml x: 71 # contributors y: 215 lines of code Parsers/ASimProcessEvent/Parsers/vimProcessTerminateMicrosoftSysmon.yaml x: 72 # contributors y: 146 lines of code Parsers/ASimProcessEvent/Parsers/vimProcessTerminateMicrosoftSysmonWindowsEvent.yaml x: 12 # contributors y: 161 lines of code Parsers/ASimRegistryEvent/Parsers/ASimRegistryEventMicrosoftSysmon.yaml x: 34 # contributors y: 141 lines of code Parsers/ASimRegistryEvent/Parsers/vimRegistryEventMicrosoftSecurityEvent.yaml x: 28 # contributors y: 172 lines of code Parsers/ASimRegistryEvent/Parsers/vimRegistryEventMicrosoftSysmon.yaml x: 63 # contributors y: 173 lines of code Parsers/ASimRegistryEvent/Parsers/vimRegistryEventMicrosoftWindowsEvent.yaml x: 82 # contributors y: 176 lines of code Parsers/ASimUserManagement/Parsers/ASimUserManagement.yaml x: 47 # contributors y: 51 lines of code Parsers/ASimUserManagement/Parsers/vimUserManagementMicrosoftSecurityEvent.yaml x: 45 # contributors y: 257 lines of code Parsers/ASimUserManagement/Parsers/vimUserManagementMicrosoftWindowsEvent.yaml x: 13 # contributors y: 243 lines of code Parsers/ASimWebSession/Parsers/ASimWebSession.yaml x: 144 # contributors y: 64 lines of code Parsers/ASimWebSession/Parsers/ASimWebSessionBarracudaWAF.yaml x: 42 # contributors y: 195 lines of code Parsers/ASimWebSession/Parsers/imWebSession.yaml x: 143 # contributors y: 105 lines of code Parsers/ASimWebSession/Parsers/vimWebSessionBarracudaWAF.yaml x: 42 # contributors y: 262 lines of code Solutions/Armis/Data Connectors/ArmisAlertsActivities/ArmisAlertActivitySentinelConnector/sentinel.py x: 17 # contributors y: 150 lines of code Solutions/Armis/Data Connectors/ArmisAlertsActivities/Exceptions/ArmisExceptions.py x: 18 # contributors y: 4 lines of code Solutions/CiscoMeraki/Parsers/CiscoMeraki.yaml x: 50 # contributors y: 246 lines of code Solutions/DNS Essentials/Hunting Queries/AnomalousIncreaseInDNSActivityByClients.yaml x: 51 # contributors y: 119 lines of code Solutions/DNS Essentials/Hunting Queries/DNSQueryWithFailuresInLast24Hours.yaml x: 51 # contributors y: 26 lines of code Solutions/DNS Essentials/Hunting Queries/IncreaseInDNSRequestsByClientThanTheDailyAverageCount.yaml x: 51 # contributors y: 63 lines of code Solutions/DomainTools/Parsers/DomainToolsDNS.yaml x: 17 # contributors y: 37 lines of code Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/ClassicReverseIP/__init__.py x: 16 # contributors y: 74 lines of code Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/DomainSearch/__init__.py x: 16 # contributors y: 113 lines of code Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/EnrichDomain/__init__.py x: 16 # contributors y: 306 lines of code Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/InvestigateDomain/__init__.py x: 16 # contributors y: 458 lines of code Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/ParsedWhois/__init__.py x: 16 # contributors y: 111 lines of code Solutions/ESETPROTECT/Analytic Rules/ESETThreatDetected.yaml x: 90 # contributors y: 45 lines of code Solutions/Fortinet FortiNDR Cloud/Data Connectors/fortinetFortiNdrCloudDataConn/FetchAndSendDetections/__init__.py x: 28 # contributors y: 86 lines of code Solutions/Fortinet FortiNDR Cloud/Parsers/Fortinet_FortiNDR_Cloud.yaml x: 38 # contributors y: 357 lines of code Solutions/Global Secure Access/Hunting Queries/ExternalUserAddedRemovedInTeams_HuntVersion.yaml x: 16 # contributors y: 42 lines of code Solutions/Illusive Platform/Analytic Rules/Illusive_Detection_Query.yaml x: 63 # contributors y: 67 lines of code Solutions/Infoblox NIOS/Parsers/Infoblox_dhcpoffer.yaml x: 39 # contributors y: 29 lines of code Solutions/Infoblox NIOS/Parsers/Infoblox_dnsclient.yaml x: 39 # contributors y: 67 lines of code Solutions/Infoblox/Data Connectors/InfobloxCloudDataConnector/AzureStorageToIndicators/create_indicator.py x: 16 # contributors y: 167 lines of code Solutions/Infoblox/Data Connectors/InfobloxCloudDataConnector/AzureStorageToIndicators/indicator_mapping.py x: 16 # contributors y: 149 lines of code Solutions/Infoblox/Data Connectors/InfobloxCloudDataConnector/InfobloxCurrentToAzureStorage/infoblox_to_azure_storage.py x: 16 # contributors y: 519 lines of code Solutions/Infoblox/Data Connectors/InfobloxCloudDataConnector/InfobloxDossierHttpStarter/__init__.py x: 16 # contributors y: 65 lines of code Solutions/Infoblox/Data Connectors/InfobloxCloudDataConnector/InfobloxDossierJobResult/get_dossier_result.py x: 16 # contributors y: 170 lines of code Solutions/Infoblox/Data Connectors/InfobloxCloudDataConnector/InfobloxHistoricalToAzureStorage/infoblox_to_azure_storage.py x: 16 # contributors y: 538 lines of code Solutions/Infoblox/Data Connectors/InfobloxCloudDataConnector/InfobloxParseRawIndicators/parse_json_files.py x: 16 # contributors y: 372 lines of code Solutions/Infoblox/Data Connectors/InfobloxCloudDataConnector/RetryFailedIndicators/__init__.py x: 16 # contributors y: 13 lines of code Solutions/Infoblox/Data Connectors/InfobloxCloudDataConnector/SharedCode/utils.py x: 16 # contributors y: 948 lines of code Solutions/MicrosoftDefenderForEndpoint/Analytic Rules/AquaBlizzardAVHits.yaml x: 48 # contributors y: 58 lines of code Solutions/SonraiSecurity/Analytic Rules/SonraiTicketRiskAccepted.yaml x: 73 # contributors y: 5 lines of code Solutions/Sophos XG Firewall/Parsers/SophosXGFirewall.yaml x: 42 # contributors y: 77 lines of code Solutions/Symantec Endpoint Protection/Parsers/SymantecEndpointProtection.yaml x: 46 # contributors y: 186 lines of code Solutions/Syslog/Analytic Rules/squid_tor_proxies.yaml x: 59 # contributors y: 62 lines of code Solutions/Theom/Analytic Rules/TheomRisksCritical.yaml x: 54 # contributors y: 58 lines of code Solutions/Threat Intelligence/Analytic Rules/DomainEntity_CloudAppEvents.yaml x: 34 # contributors y: 48 lines of code Solutions/Threat Intelligence/Analytic Rules/URLEntity_AuditLogs.yaml x: 105 # contributors y: 77 lines of code Solutions/Threat Intelligence/Analytic Rules/URLEntity_CloudAppEvents.yaml x: 35 # contributors y: 4 lines of code Solutions/Threat Intelligence/Analytic Rules/URLEntity_OfficeActivity.yaml x: 107 # contributors y: 53 lines of code Solutions/UEBA Essentials/Hunting Queries/Anomalous Sign-in Activity.yaml x: 82 # contributors y: 8 lines of code Solutions/Vectra XDR/Data Connectors/VectraDataConnector/SharedCode/collector.py x: 52 # contributors y: 1099 lines of code Solutions/Vectra XDR/Data Connectors/VectraDataConnector/SharedCode/consts.py x: 52 # contributors y: 65 lines of code Solutions/Vectra XDR/Parsers/VectraDetections.yaml x: 40 # contributors y: 71 lines of code Solutions/Vectra XDR/Parsers/VectraEntityScoring.yaml x: 40 # contributors y: 59 lines of code Solutions/ZeroFox/Data Connectors/CTI/AzureFunctionZeroFoxCTI/advanced_dark_web_connector/__init__.py x: 24 # contributors y: 54 lines of code Solutions/ZeroFox/Data Connectors/CTI/AzureFunctionZeroFoxCTI/botnet_compromised_credentials_connector/__init__.py x: 24 # contributors y: 56 lines of code Solutions/iboss/Parsers/ibossUrlEvent.yaml x: 42 # contributors y: 42 lines of code Tools/AzureDataExplorer/CreateTables_ADX_ScriptFile/Create-LA-Tables-ADX-ScriptFile.ps1 x: 14 # contributors y: 392 lines of code Tools/Copy-AzOperationalInsightsTable/Copy-AzOperationalInsightsTable.ps1 x: 14 # contributors y: 123 lines of code Tools/Create-Azure-Sentinel-Solution/pipeline/createSolutionV4.ps1 x: 91 # contributors y: 305 lines of code Tools/Sentinel-All-In-One/v2/Scripts/Create-NewSolutionAndRulesFromList.ps1 x: 79 # contributors y: 187 lines of code Parsers/ASimAuthentication/Parsers/ASimAuthenticationBarracudaWAF.yaml x: 35 # contributors y: 215 lines of code Parsers/ASimAuthentication/Parsers/vimAuthenticationBarracudaWAF.yaml x: 45 # contributors y: 315 lines of code Parsers/ASimWebSession/Parsers/ASimWebSessionCiscoMeraki.yaml x: 30 # contributors y: 186 lines of code Parsers/ASimWebSession/Parsers/vimWebSessionCiscoMeraki.yaml x: 30 # contributors y: 248 lines of code Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/shared_code/models/workbench.py x: 28 # contributors y: 36 lines of code Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/shared_code/services/workbench_service.py x: 84 # contributors y: 219 lines of code Solutions/Microsoft 365/Analytic Rules/External User added to Team and immediately uploads file.yaml x: 67 # contributors y: 88 lines of code DataConnectors/M365Defender-VulnerabilityManagement/functionPackage/GetMDVMData/run.ps1 x: 57 # contributors y: 243 lines of code DataConnectors/M365Defender-VulnerabilityManagement/functionPackage/requirements.psd1 x: 46 # contributors y: 10 lines of code DataConnectors/microsoft-sentinel-log-analytics-logstash-output-plugin/lib/logstash/outputs/microsoft-sentinel-log-analytics-logstash-output-plugin.rb x: 60 # contributors y: 56 lines of code DataConnectors/microsoft-sentinel-log-analytics-logstash-output-plugin/lib/logstash/sentinel_la/logstashLoganalyticsConfiguration.rb x: 60 # contributors y: 193 lines of code Detections/ASimAuthentication/imAuthSigninsMultipleCountries.yaml x: 115 # contributors y: 69 lines of code Detections/ASimProcess/imProcess_SolarWinds_SUNBURST_Process-IOCs.yaml x: 95 # contributors y: 34 lines of code Detections/ASimWebSession/UnusualUACryptoMiners.yaml x: 88 # contributors y: 71 lines of code Detections/ASimWebSession/UnusualUAHackTool.yaml x: 99 # contributors y: 82 lines of code Detections/Heartbeat/OMI_vulnerability_detection.yaml x: 87 # contributors y: 56 lines of code Detections/MultipleDataSources/RiskyUserIn3Pnetworkactivity.yaml x: 79 # contributors y: 98 lines of code Detections/MultipleDataSources/SecurityServiceRegistryACLModification.yaml x: 116 # contributors y: 142 lines of code Detections/SigninLogs/AnomalousSingleFactorSignin.yaml x: 22 # contributors y: 73 lines of code Solutions/1Password/Analytics Rules/1Password - Changes to firewall rules.yaml x: 23 # contributors y: 51 lines of code Solutions/1Password/Data Connectors/Modules/HelperFunctions/HelperFunctions.psm1 x: 21 # contributors y: 351 lines of code Solutions/1Password/Data Connectors/profile.ps1 x: 21 # contributors y: 19 lines of code Solutions/1Password/Data Connectors/requirements.psd1 x: 21 # contributors y: 9 lines of code Solutions/Amazon Web Services/Analytic Rules/AWS_FullAdminPolicyAttachedToRolesUsersGroups.yaml x: 86 # contributors y: 87 lines of code Solutions/Apache Log4j Vulnerability Detection/Analytic Rules/Log4J_IPIOC_Dec112021.yaml x: 79 # contributors y: 219 lines of code Solutions/Azure Firewall/Analytic Rules/Azure Firewall - Abnormal Deny Rate for Source IP.yaml x: 81 # contributors y: 86 lines of code Solutions/Azure Firewall/Analytic Rules/Azure Firewall - Abnormal Port to Protocol.yaml x: 76 # contributors y: 82 lines of code Solutions/Azure Firewall/Analytic Rules/Azure Firewall - Multiple Sources Affected by the Same TI Destination.yaml x: 84 # contributors y: 51 lines of code Solutions/CiscoUmbrella/Analytic Rules/CiscoUmbrellaConnectionToUnpopularWebsiteDetected.yaml x: 94 # contributors y: 44 lines of code Solutions/CiscoUmbrella/Analytic Rules/CiscoUmbrellaCryptoMinerUserAgentDetected.yaml x: 94 # contributors y: 39 lines of code Solutions/CiscoUmbrella/Analytic Rules/CiscoUmbrellaHackToolUserAgentDetected.yaml x: 94 # contributors y: 93 lines of code Solutions/CiscoUmbrella/Analytic Rules/CiscoUmbrellaRequestAllowedHarmfulMaliciousURICategory.yaml x: 86 # contributors y: 54 lines of code Solutions/CiscoUmbrella/Analytic Rules/CiscoUmbrellaURIContainsIPAddress.yaml x: 86 # contributors y: 37 lines of code Solutions/Cloud Identity Threat Protection Essentials/Hunting Queries/Signins-From-VPS-Providers.yaml x: 97 # contributors y: 8 lines of code Solutions/CofenseTriage/Data Connectors/CofenseTriageDataConnector/CofenseBasedIndicatorCreator/cofense_to_sentinel_mapping.py x: 62 # contributors y: 323 lines of code Solutions/CofenseTriage/Data Connectors/CofenseTriageDataConnector/CofenseBasedIndicatorCreator/sentinel.py x: 62 # contributors y: 193 lines of code Solutions/CofenseTriage/Data Connectors/CofenseTriageDataConnector/RetryFailedIndicators/retry_failed_indicators.py x: 18 # contributors y: 270 lines of code Solutions/CofenseTriage/Data Connectors/CofenseTriageDataConnector/RetryFailedIndicators/sentinel.py x: 18 # contributors y: 193 lines of code Solutions/Cyware/Hunting queries/MatchCywareIntelWatchlistItemsWithCommonLogs.yaml x: 18 # contributors y: 20 lines of code Solutions/Endpoint Threat Protection Essentials/Analytic Rules/DumpingLSASSProcessIntoaFile.yaml x: 64 # contributors y: 48 lines of code Solutions/Endpoint Threat Protection Essentials/Analytic Rules/PotentialRemoteDesktopTunneling.yaml x: 65 # contributors y: 49 lines of code Solutions/Endpoint Threat Protection Essentials/Analytic Rules/malware_in_recyclebin.yaml x: 69 # contributors y: 71 lines of code Solutions/Endpoint Threat Protection Essentials/Hunting Queries/RemoteScheduledTaskCreationUpdateUsingATSVCNamedPipe.yaml x: 68 # contributors y: 49 lines of code Solutions/FalconFriday/Analytic Rules/ExcessiveSharePermissions.yaml x: 51 # contributors y: 95 lines of code Solutions/Forescout (Legacy)/Parsers/ForescoutEvent.yaml x: 17 # contributors y: 23 lines of code Solutions/GreyNoiseThreatIntelligence/Analytic Rules/GreyNoise_IPEntity_OfficeActivity.yaml x: 32 # contributors y: 80 lines of code Solutions/GreyNoiseThreatIntelligence/Analytic Rules/GreyNoise_IPEntity_imNetworkSession.yaml x: 40 # contributors y: 130 lines of code Solutions/IPinfo/Data Connectors/Company/AzureFunctionIPinfoCompany/constants.py x: 18 # contributors y: 77 lines of code Solutions/IPinfo/Data Connectors/Company/AzureFunctionIPinfoCompany/utils.py x: 18 # contributors y: 153 lines of code Solutions/Microsoft Defender XDR/Analytic Rules/PossiblePhishingwithCSL&NetworkSession.yaml x: 44 # contributors y: 147 lines of code Solutions/Microsoft Entra ID/Analytic Rules/ADFSDomainTrustMods.yaml x: 45 # contributors y: 91 lines of code Solutions/Microsoft Entra ID/Analytic Rules/AccountCreatedDeletedByNonApprovedUser.yaml x: 43 # contributors y: 61 lines of code Solutions/Microsoft Entra ID/Analytic Rules/CredentialAddedAfterAdminConsent.yaml x: 40 # contributors y: 153 lines of code Solutions/Microsoft Entra ID/Analytic Rules/NRT_ADFSDomainTrustMods.yaml x: 46 # contributors y: 72 lines of code Solutions/Recorded Future/Analytic Rules/ThreatHunting/RecordedFutureThreatHuntingDomainAllActors.yaml x: 41 # contributors y: 65 lines of code Solutions/SlackAudit/Analytic Rules/SlackAuditUnknownUA.yaml x: 89 # contributors y: 34 lines of code Solutions/Syslog/Workspace Functions/SyslogConnectorsEventVolumebyDeviceProduct.yaml x: 17 # contributors y: 56 lines of code Solutions/Tenable App/Parsers/TenableVMAssets.yaml x: 18 # contributors y: 129 lines of code Solutions/Tenable App/Parsers/TenableVMVulnerabilities.yaml x: 18 # contributors y: 220 lines of code Solutions/Tenable App/Parsers/afad_parser.yaml x: 18 # contributors y: 117 lines of code Solutions/Threat Intelligence/Analytic Rules/DomainEntity_DnsEvents.yaml x: 106 # contributors y: 89 lines of code Solutions/Threat Intelligence/Analytic Rules/DomainEntity_EmailEvents.yaml x: 46 # contributors y: 59 lines of code Solutions/Threat Intelligence/Analytic Rules/DomainEntity_SecurityAlert.yaml x: 107 # contributors y: 79 lines of code Solutions/Threat Intelligence/Analytic Rules/EmailEntity_AzureActivity.yaml x: 100 # contributors y: 70 lines of code Solutions/Threat Intelligence/Analytic Rules/EmailEntity_PaloAlto.yaml x: 92 # contributors y: 67 lines of code Solutions/Threat Intelligence/Analytic Rules/EmailEntity_SecurityEvent.yaml x: 93 # contributors y: 91 lines of code Solutions/Threat Intelligence/Analytic Rules/FileHashEntity_CommonSecurityLog.yaml x: 99 # contributors y: 85 lines of code Solutions/Threat Intelligence/Analytic Rules/IPEntity_AppServiceHTTPLogs.yaml x: 107 # contributors y: 92 lines of code Solutions/Threat Intelligence/Analytic Rules/IPEntity_AzureActivity.yaml x: 112 # contributors y: 86 lines of code Solutions/Threat Intelligence/Analytic Rules/IPEntity_AzureKeyVault.yaml x: 103 # contributors y: 70 lines of code Solutions/Threat Intelligence/Analytic Rules/IPEntity_DeviceNetworkEvents.yaml x: 37 # contributors y: 69 lines of code Solutions/Threat Intelligence/Analytic Rules/IPEntity_DuoSecurity.yaml x: 97 # contributors y: 54 lines of code Solutions/Threat Intelligence/Analytic Rules/IPEntity_SigninLogs.yaml x: 71 # contributors y: 75 lines of code Solutions/Threat Intelligence/Analytic Rules/IPEntity_imNetworkSession.yaml x: 78 # contributors y: 122 lines of code Solutions/Threat Intelligence/Analytic Rules/URLEntity_DeviceNetworkEvents.yaml x: 43 # contributors y: 73 lines of code Solutions/Threat Intelligence/Analytic Rules/URLEntity_SecurityAlerts.yaml x: 94 # contributors y: 71 lines of code Solutions/ThreatConnect/Analytic Rules/ThreatConnect_DomainEntity_DnsEvents.yaml x: 40 # contributors y: 92 lines of code Solutions/ThreatConnect/Analytic Rules/ThreatConnect_EmailEntity_SigninLogs.yaml x: 35 # contributors y: 83 lines of code Solutions/ThreatConnect/Analytic Rules/ThreatConnect_IPEntity_NetworkSessions.yaml x: 41 # contributors y: 80 lines of code Solutions/ThreatConnect/Analytic Rules/ThreatConnect_URLEntity_OfficeActivity.yaml x: 35 # contributors y: 54 lines of code Solutions/Trend Micro Vision One/Analytic Rules/Create Incident for XDR Alerts.yaml x: 61 # contributors y: 89 lines of code Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/queue_trigger_rca/__init__.py x: 49 # contributors y: 63 lines of code Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/queue_trigger_wb/__init__.py x: 69 # contributors y: 113 lines of code Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/shared_code/transform_utils.py x: 71 # contributors y: 293 lines of code Solutions/VaronisSaaS/Data Connectors/VaronisSaaSFunction/Varonis.Sentinel.Functions/DatAlert/DatAlertClient.cs x: 31 # contributors y: 143 lines of code Solutions/VaronisSaaS/Data Connectors/VaronisSaaSFunction/Varonis.Sentinel.Functions/DatAlert/DatAlertParams.cs x: 31 # contributors y: 13 lines of code Solutions/VaronisSaaS/Data Connectors/VaronisSaaSFunction/Varonis.Sentinel.Functions/Helpers/CustomParser.cs x: 32 # contributors y: 25 lines of code Solutions/VaronisSaaS/Data Connectors/VaronisSaaSFunction/Varonis.Sentinel.Functions/Helpers/SearchAlertObjectMapper.cs x: 32 # contributors y: 104 lines of code Solutions/VaronisSaaS/Data Connectors/VaronisSaaSFunction/Varonis.Sentinel.Functions/Search/AlertSearchQueryBuilder.cs x: 32 # contributors y: 158 lines of code Solutions/VaronisSaaS/Data Connectors/VaronisSaaSFunction/Varonis.Sentinel.Functions/Search/Model/AlertAttributes.cs x: 32 # contributors y: 86 lines of code DataConnectors/AWS-S3/Enviornment/EnviornmentConstants.ps1 x: 40 # contributors y: 20 lines of code Detections/ASimAuthentication/imAuthBruteForce.yaml x: 111 # contributors y: 75 lines of code Detections/ASimDNS/imDns_HighNXDomainCount_detection.yaml x: 97 # contributors y: 83 lines of code Detections/ASimWebSession/PossibleDGAContacts.yaml x: 110 # contributors y: 57 lines of code Detections/AzureActivity/RareRunCommandPowerShellScript.yaml x: 127 # contributors y: 80 lines of code Detections/CommonSecurityLog/Fortinet-NetworkBeaconPattern.yaml x: 110 # contributors y: 85 lines of code Detections/LAQueryLogs/UserSearchingForVIPUserActivity.yaml x: 117 # contributors y: 50 lines of code Detections/MultipleDataSources/AAD_PAVPN_Correlation.yaml x: 115 # contributors y: 86 lines of code Detections/MultipleDataSources/B64IPInURLFromMDE.yaml x: 51 # contributors y: 72 lines of code Detections/MultipleDataSources/ExchangeWorkerProcessMakingRemoteCall.yaml x: 81 # contributors y: 70 lines of code Detections/MultipleDataSources/MalformedUserAgents.yaml x: 144 # contributors y: 109 lines of code Detections/MultipleDataSources/MultiplePasswordresetsbyUser.yaml x: 152 # contributors y: 136 lines of code Detections/MultipleDataSources/PrestigeRansomwareIOCsOct22.yaml x: 85 # contributors y: 124 lines of code Detections/MultipleDataSources/RunCommandUEBABreach.yaml x: 129 # contributors y: 79 lines of code Detections/MultipleDataSources/SigninFirewallCorrelation.yaml x: 140 # contributors y: 67 lines of code Detections/MultipleDataSources/SuspiciousVMInstanceCreationActivity.yaml x: 55 # contributors y: 141 lines of code Detections/MultipleDataSources/TimeSeriesAnomaly-MultiVendor_DataExfiltration.yaml x: 139 # contributors y: 123 lines of code Detections/SecurityAlert/HiveRansomwareAVHits.yaml x: 85 # contributors y: 59 lines of code Detections/SecurityEvent/GroupCreatedAddedToPrivlegeGroup_1h.yaml x: 140 # contributors y: 150 lines of code Detections/SecurityEvent/PotentialKerberoast.yaml x: 137 # contributors y: 118 lines of code Detections/SecurityEvent/UserAccountAddedToPrivlegeGroup_1h.yaml x: 155 # contributors y: 112 lines of code Detections/SecurityEvent/UserAccountCreatedDeleted_10m.yaml x: 141 # contributors y: 148 lines of code Detections/SecurityEvent/UserAccountEnabledDisabled_10m.yaml x: 142 # contributors y: 149 lines of code Detections/W3CIISLog/HighFailedLogonCountByClientIP.yaml x: 116 # contributors y: 92 lines of code Detections/W3CIISLog/HighPortCountByClientIP.yaml x: 104 # contributors y: 80 lines of code Detections/W3CIISLog/ProxyShellPwn2Own.yaml x: 74 # contributors y: 65 lines of code Detections/ZoomLogs/E2EEDisbaled.yaml x: 106 # contributors y: 42 lines of code Detections/ZoomLogs/ExternalUserAccess.yaml x: 123 # contributors y: 51 lines of code Detections/ZoomLogs/JoiningMeetingFromAnotherTimeZone.yaml x: 128 # contributors y: 58 lines of code Hunting Queries/CloudAppEvents/SetPolicyConfigInCloudAppEvents.yaml x: 20 # contributors y: 35 lines of code Hunting Queries/Microsoft 365 Defender/Credential Access/Attempts to request Kerberos service ticket using the AS service.yaml x: 19 # contributors y: 34 lines of code Hunting Queries/Microsoft 365 Defender/Execution/detect-impacket-atexec.yaml x: 21 # contributors y: 36 lines of code Parsers/ASimAuthentication/Parsers/ASimAuthenticationSentinelOne.yaml x: 31 # contributors y: 227 lines of code Parsers/ASimAuthentication/Parsers/vimAuthenticationCiscoASA.yaml x: 46 # contributors y: 351 lines of code Parsers/ASimAuthentication/Parsers/vimAuthenticationCiscoISE.yaml x: 49 # contributors y: 352 lines of code Parsers/ASimAuthentication/Parsers/vimAuthenticationCrowdStrikeFalconHost.yaml x: 33 # contributors y: 182 lines of code Parsers/ASimAuthentication/Parsers/vimAuthenticationMicrosoftMD4IoT.yaml x: 51 # contributors y: 144 lines of code Parsers/ASimAuthentication/Parsers/vimAuthenticationPaloAltoCortexDataLake.yaml x: 31 # contributors y: 253 lines of code Parsers/ASimAuthentication/Parsers/vimAuthenticationPostgreSQL.yaml x: 79 # contributors y: 494 lines of code Parsers/ASimAuthentication/Parsers/vimAuthenticationSentinelOne.yaml x: 31 # contributors y: 323 lines of code Parsers/ASimAuthentication/Parsers/vimAuthenticationSshd.yaml x: 59 # contributors y: 337 lines of code Parsers/ASimAuthentication/Parsers/vimAuthenticationSudo.yaml x: 19 # contributors y: 258 lines of code Parsers/ASimAuthentication/Parsers/vimAuthenticationVMwareCarbonBlackCloud.yaml x: 33 # contributors y: 155 lines of code Parsers/ASimWebSession/Parsers/ASimWebSessionSonicWallFirewall.yaml x: 15 # contributors y: 407 lines of code Solutions/Apache Log4j Vulnerability Detection/Analytic Rules/Log4jVulnerableMachines.yaml x: 70 # contributors y: 38 lines of code Solutions/AtlassianJiraAudit/Data Connectors/JiraAuditAPISentinelConnector/__init__.py x: 61 # contributors y: 118 lines of code Solutions/AtlassianJiraAudit/Playbooks/Sync-CommentsFunctionApp/Sync-Comment.ps1 x: 41 # contributors y: 87 lines of code Solutions/Auth0/Data Connectors/Auth0Connector/main.py x: 78 # contributors y: 321 lines of code Solutions/Azure Key Vault/Analytic Rules/KeyvaultMassSecretRetrieval.yaml x: 77 # contributors y: 80 lines of code Solutions/Azure Key Vault/Analytic Rules/TimeSeriesKeyvaultAccessAnomaly.yaml x: 73 # contributors y: 85 lines of code Solutions/Azure SQL Database solution for sentinel/Analytic Rules/Detection-VolumeResponseRowsStatefulAnomalyOnDatabase.yaml x: 61 # contributors y: 83 lines of code Solutions/BitSight/Parsers/BitSightCompanyDetails.yaml x: 40 # contributors y: 115 lines of code Solutions/Bitwarden/Parsers/BitwardenEventLogs.yaml x: 19 # contributors y: 129 lines of code Solutions/Business Email Compromise - Financial Fraud/Analytic Rules/SuspiciousAccessOfBECRelatedDocumentsInAWSS3Buckets.yaml x: 49 # contributors y: 72 lines of code Solutions/CiscoWSA/Parsers/CiscoWSAEvent.yaml x: 43 # contributors y: 141 lines of code Solutions/Cloud Identity Threat Protection Essentials/Analytic Rules/NewExtUserGrantedAdmin.yaml x: 69 # contributors y: 87 lines of code Solutions/CrowdStrike Falcon Endpoint Protection/Data Connectors/CrowdStrikeFalconAdversaryIntelligence/CrowdStrikeFalconThreatIntelConnector/__init__.py x: 19 # contributors y: 187 lines of code Solutions/CrowdStrike Falcon Endpoint Protection/Data Connectors/CrowdStrikeFalconAdversaryIntelligence/CrowdStrikeFalconThreatIntelConnector/utils.py x: 19 # contributors y: 107 lines of code Solutions/Cybersixgill-Actionable-Alerts/Data Connectors/CybersixgillAlerts/__init__.py x: 65 # contributors y: 192 lines of code Solutions/FalconFriday/Analytic Rules/DisableOrModifyWindowsDefender.yaml x: 57 # contributors y: 5 lines of code Solutions/FalconFriday/Analytic Rules/RecognizingBeaconingTraffic.yaml x: 57 # contributors y: 79 lines of code Solutions/Fortinet FortiNDR Cloud/Data Connectors/fortinetFortiNdrCloudDataConn/SingletonEternalOrchestrator/__init__.py x: 30 # contributors y: 145 lines of code Solutions/Fortinet FortiNDR Cloud/Data Connectors/fortinetFortiNdrCloudDataConn/globalVariables.py x: 30 # contributors y: 4 lines of code Solutions/HYAS Protect/Data Connectors/HyasProtect/__init__.py x: 35 # contributors y: 184 lines of code Solutions/HolmSecurity/Data Connectors/AzureFunctionHolmSecurityAssetsConn/__init__.py x: 38 # contributors y: 103 lines of code Solutions/Microsoft Defender XDR/Analytic Rules/Impact/AnomalousVoulmeOfFileDeletion.yaml x: 25 # contributors y: 79 lines of code Solutions/Microsoft Defender XDR/Analytic Rules/PotentialBuildProcessCompromiseMDE.yaml x: 34 # contributors y: 71 lines of code Solutions/Microsoft Defender XDR/Analytic Rules/SolarWinds_SUNBURST_&_SUPERNOVA_File-IOCs.yaml x: 34 # contributors y: 58 lines of code Solutions/Microsoft Entra ID Protection/Analytic Rules/CorrelateIPC_Unfamiliar-Atypical.yaml x: 38 # contributors y: 122 lines of code Solutions/Microsoft Entra ID/Analytic Rules/AccountCreatedandDeletedinShortTimeframe.yaml x: 35 # contributors y: 105 lines of code Solutions/Microsoft Entra ID/Analytic Rules/AdminPromoAfterRoleMgmtAppPermissionGrant.yaml x: 35 # contributors y: 133 lines of code Solutions/Microsoft Entra ID/Analytic Rules/AuthenticationMethodsChangedforPrivilegedAccount.yaml x: 44 # contributors y: 81 lines of code Solutions/Microsoft Entra ID/Analytic Rules/ExchangeFullAccessGrantedToApp.yaml x: 47 # contributors y: 96 lines of code Solutions/Microsoft Entra ID/Analytic Rules/FailedLogonToAzurePortal.yaml x: 47 # contributors y: 106 lines of code Solutions/Microsoft Entra ID/Analytic Rules/SigninPasswordSpray.yaml x: 43 # contributors y: 86 lines of code Solutions/Microsoft Exchange Security - Exchange Online/Parsers/ExchangeConfiguration.yaml x: 60 # contributors y: 330 lines of code Solutions/Multi Cloud Attack Coverage Essentials - Resource Abuse/Analytic Rules/BrutforceAttemptOnAzurePortalAndAWSConsolAtSameTime.yaml x: 36 # contributors y: 104 lines of code Solutions/Multi Cloud Attack Coverage Essentials - Resource Abuse/Analytic Rules/Cross-CloudSuspiciousComputeResourcecreationinGCP.yaml x: 41 # contributors y: 179 lines of code Solutions/Multi Cloud Attack Coverage Essentials - Resource Abuse/Analytic Rules/CrossCloudSuspiciousUserActivityObservedInGCPEnvourment.yaml x: 41 # contributors y: 151 lines of code Solutions/Multi Cloud Attack Coverage Essentials - Resource Abuse/Analytic Rules/SuccessfulAWSConsoleLoginfromIPAddressObservedConductingPasswordSpray.yaml x: 36 # contributors y: 125 lines of code Solutions/Multi Cloud Attack Coverage Essentials - Resource Abuse/Analytic Rules/SuspiciousAWSConsolLoginByCredentialAceessAlerts.yaml x: 36 # contributors y: 130 lines of code Solutions/Netskopev2/Data Connectors/NetskopeDataConnector/NetskopeToAzureStorage/netskope_api_async.py x: 20 # contributors y: 164 lines of code Solutions/Netskopev2/Data Connectors/NetskopeDataConnector/NetskopeToAzureStorage/netskope_to_azure_storage.py x: 20 # contributors y: 699 lines of code Solutions/Netskopev2/Data Connectors/NetskopeDataConnector/SharedCode/__init__.py x: 20 # contributors y: 1 lines of code Solutions/Netskopev2/Data Connectors/NetskopeDataConnector/StorageToSentinel/netskope_azure_storage_to_sentinel.py x: 20 # contributors y: 320 lines of code Solutions/Netskopev2/Data Connectors/NetskopeDataConnector/StorageToSentinel/remove_duplicates_in_azure_storage.py x: 20 # contributors y: 411 lines of code Solutions/Netskopev2/Data Connectors/NetskopeDataConnector/StorageToSentinel/sentinel.py x: 20 # contributors y: 93 lines of code Solutions/Netskopev2/Data Connectors/NetskopeDataConnector/WebTxMetrics/ingest_message.py x: 20 # contributors y: 125 lines of code Solutions/Netskopev2/Parsers/AlertsCompromisedCredential.yaml x: 20 # contributors y: 102 lines of code Solutions/Netskopev2/Parsers/AlertsCtep.yaml x: 20 # contributors y: 153 lines of code Solutions/Netskopev2/Parsers/AlertsMalsite.yaml x: 20 # contributors y: 261 lines of code Solutions/Netskopev2/Parsers/AlertsMalware.yaml x: 20 # contributors y: 289 lines of code Solutions/Netskopev2/Parsers/AlertsPolicy.yaml x: 20 # contributors y: 447 lines of code Solutions/Netskopev2/Parsers/AlertsRemediation.yaml x: 20 # contributors y: 205 lines of code Solutions/Netskopev2/Parsers/AlertsSecurityAssessment.yaml x: 20 # contributors y: 129 lines of code Solutions/Netskopev2/Parsers/AlertsUba.yaml x: 20 # contributors y: 326 lines of code Solutions/Network Session Essentials/Analytic Rules/AnomalyFoundInNetworkSessionTraffic.yaml x: 45 # contributors y: 192 lines of code Solutions/Network Session Essentials/Analytic Rules/DetectPortMisuseByAnomalyBasedDetection.yaml x: 54 # contributors y: 192 lines of code Solutions/Network Session Essentials/Analytic Rules/DetectPortMisuseByStaticThreshold.yaml x: 45 # contributors y: 151 lines of code Solutions/Network Session Essentials/Analytic Rules/ExcessiveHTTPFailuresFromSource.yaml x: 58 # contributors y: 94 lines of code Solutions/Network Session Essentials/Analytic Rules/PossibleBeaconingActivity.yaml x: 67 # contributors y: 107 lines of code Solutions/Network Session Essentials/Hunting Queries/DetectPortMisuseByAnomalyHunting.yaml x: 56 # contributors y: 173 lines of code Solutions/Network Session Essentials/Hunting Queries/DetectPortMisuseByStaticThresholdHunting.yaml x: 45 # contributors y: 131 lines of code Solutions/Network Session Essentials/Hunting Queries/DetectsSeveralUsersWithTheSameMACAddress.yaml x: 45 # contributors y: 72 lines of code Solutions/Network Threat Protection Essentials/Analytic Rules/NewUserAgentLast24h.yaml x: 63 # contributors y: 84 lines of code Solutions/Proofpoint On demand(POD) Email Security/Parsers/ProofpointPOD.yaml x: 44 # contributors y: 317 lines of code Solutions/SecurityThreatEssentialSolution/Analytic Rules/Threat_Essentials_TimeSeriesAnomaly-MultiVendor_DataExfiltration.yaml x: 84 # contributors y: 121 lines of code Solutions/SecurityThreatEssentialSolution/Analytic Rules/Threat_Essentials_TimeSeriesAnomaly_Mass_Cloud_Resource_Deletions.yaml x: 77 # contributors y: 59 lines of code Solutions/SenservaPro/Analytic Rules/BlockLegacyAuthentication.yaml x: 80 # contributors y: 44 lines of code Solutions/SenservaPro/Analytic Rules/PasswordAgePolicyNew.yaml x: 80 # contributors y: 24 lines of code Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/shared_code/models/oat.py x: 65 # contributors y: 411 lines of code Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/shared_code/models/rca.py x: 22 # contributors y: 1 lines of code Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/shared_code/services/oat_service.py x: 79 # contributors y: 284 lines of code Solutions/Web Session Essentials/Analytic Rules/CommandInURL.yaml x: 48 # contributors y: 81 lines of code Solutions/Web Session Essentials/Analytic Rules/DataExfiltrationTimeSeriesAnomaly.yaml x: 49 # contributors y: 245 lines of code Solutions/Web Session Essentials/Analytic Rules/PossibleMaliciousDoubleExtension.yaml x: 49 # contributors y: 88 lines of code Solutions/Web Session Essentials/Analytic Rules/PrivateIPInURL.yaml x: 48 # contributors y: 110 lines of code Solutions/Web Session Essentials/Analytic Rules/RarelyRequestedResources.yaml x: 56 # contributors y: 101 lines of code Solutions/Windows Security Events/Analytic Rules/LocalDeviceJoinInfoAndTransportKeyRegKeysAccess.yaml x: 77 # contributors y: 106 lines of code Solutions/Windows Security Events/Analytic Rules/MultipleFailedFollowedBySuccess.yaml x: 74 # contributors y: 74 lines of code Solutions/Zinc Open Source/Analytic Rules/ZincOctober2022_IP_Domain_Hash_IOC.yaml x: 92 # contributors y: 195 lines of code Tools/ConvertYamlToJson/ConvertSentinelRuleFrom-Yaml.ps1 x: 60 # contributors y: 177 lines of code ASIM/schemas/entities/ASimApp.yaml x: 81 # contributors y: 31 lines of code DataConnectors/M365Defender-VulnerabilityManagement/maintenance/buildFiles.ps1 x: 50 # contributors y: 2 lines of code DataConnectors/Syslog/Sentinel_AMA_troubleshoot.py x: 82 # contributors y: 673 lines of code Detections/MultipleDataSources/Accountcreatedfromnon-approvedsources.yaml x: 73 # contributors y: 103 lines of code Detections/SecurityEvent/password_never_expires.yaml x: 137 # contributors y: 107 lines of code Hunting Queries/SigninLogs/MFAUserBlocked.yaml x: 107 # contributors y: 101 lines of code Parsers/ASimAuditEvent/Parsers/ASimAuditEventVMwareCarbonBlackCloud.yaml x: 38 # contributors y: 316 lines of code Parsers/ASimAuditEvent/Parsers/vimAuditEventEmpty.yaml x: 57 # contributors y: 146 lines of code Parsers/ASimAuditEvent/Parsers/vimAuditEventVMwareCarbonBlackCloud.yaml x: 38 # contributors y: 375 lines of code Parsers/ASimAuthentication/Parsers/ASimAuthenticationAADNonInteractive.yaml x: 94 # contributors y: 103 lines of code Parsers/ASimAuthentication/Parsers/ASimAuthenticationAADServicePrincipalSignInLogs.yaml x: 84 # contributors y: 133 lines of code Parsers/ASimAuthentication/Parsers/ASimAuthenticationGoogleWorkspace.yaml x: 25 # contributors y: 153 lines of code Parsers/ASimAuthentication/Parsers/ASimAuthenticationPaloAltoCortexDataLake.yaml x: 24 # contributors y: 172 lines of code Parsers/ASimAuthentication/Parsers/ASimAuthenticationSalesforceSC.yaml x: 26 # contributors y: 347 lines of code Parsers/ASimAuthentication/Parsers/vimAuthenticationAADManagedIdentity.yaml x: 78 # contributors y: 188 lines of code Parsers/ASimAuthentication/Parsers/vimAuthenticationAADNonInteractive.yaml x: 80 # contributors y: 194 lines of code Parsers/ASimAuthentication/Parsers/vimAuthenticationAADServicePrincipalSignInLogs.yaml x: 78 # contributors y: 260 lines of code Parsers/ASimAuthentication/Parsers/vimAuthenticationAADSigninLogs.yaml x: 80 # contributors y: 203 lines of code Parsers/ASimAuthentication/Parsers/vimAuthenticationEmpty.yaml x: 76 # contributors y: 153 lines of code Parsers/ASimAuthentication/Parsers/vimAuthenticationGoogleWorkspace.yaml x: 28 # contributors y: 235 lines of code Parsers/ASimAuthentication/Parsers/vimAuthenticationM365Defender.yaml x: 86 # contributors y: 386 lines of code Parsers/ASimAuthentication/Parsers/vimAuthenticationSalesforceSC.yaml x: 29 # contributors y: 446 lines of code Parsers/ASimAuthentication/Parsers/vimAuthenticationSu.yaml x: 47 # contributors y: 222 lines of code Parsers/ASimDhcpEvent/Parsers/vimDhcpEventEmpty.yaml x: 23 # contributors y: 132 lines of code Parsers/ASimDns/Parsers/vimDnsFortinetFortigate.yaml x: 33 # contributors y: 273 lines of code Parsers/ASimFileEvent/Parsers/ASimFileEventGoogleWorkspace.yaml x: 25 # contributors y: 285 lines of code Parsers/ASimFileEvent/Parsers/vimFileEventEmpty.yaml x: 63 # contributors y: 161 lines of code Parsers/ASimFileEvent/Parsers/vimFileEventGoogleWorkspace.yaml x: 25 # contributors y: 343 lines of code Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionPaloAltoCEF.yaml x: 86 # contributors y: 131 lines of code Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionSonicWallFirewall.yaml x: 21 # contributors y: 385 lines of code Parsers/ASimNetworkSession/Parsers/vimNetworkSessionAWSVPC.yaml x: 73 # contributors y: 292 lines of code Parsers/ASimNetworkSession/Parsers/vimNetworkSessionCorelightZeek.yaml x: 51 # contributors y: 190 lines of code Parsers/ASimNetworkSession/Parsers/vimNetworkSessionPaloAltoCEF.yaml x: 91 # contributors y: 180 lines of code Parsers/ASimNetworkSession/Parsers/vimNetworkSessionSonicWallFirewall.yaml x: 21 # contributors y: 435 lines of code Parsers/ASimNetworkSession/Parsers/vimNetworkSessionVMConnection.yaml x: 81 # contributors y: 260 lines of code Parsers/ASimNetworkSession/Parsers/vimNetworkSessionWatchGuardFirewareOS.yaml x: 47 # contributors y: 207 lines of code Parsers/ASimProcessEvent/Parsers/ASimProcessEventTerminate.yaml x: 61 # contributors y: 41 lines of code Parsers/ASimProcessEvent/Parsers/imProcessCreate.yaml x: 98 # contributors y: 88 lines of code Parsers/ASimRegistryEvent/Parsers/vimRegistryEventEmpty.yaml x: 53 # contributors y: 117 lines of code Parsers/ASimUserManagement/Parsers/ASimUserManagementCiscoISE.yaml x: 46 # contributors y: 130 lines of code Parsers/ASimUserManagement/Parsers/ASimUserManagementLinuxAuthpriv.yaml x: 35 # contributors y: 318 lines of code Parsers/ASimUserManagement/Parsers/ASimUserManagementNative.yaml x: 22 # contributors y: 52 lines of code Parsers/ASimUserManagement/Parsers/ASimUserManagementSentinelOne.yaml x: 36 # contributors y: 178 lines of code Parsers/ASimUserManagement/Parsers/vimUserManagementCiscoISE.yaml x: 50 # contributors y: 173 lines of code Parsers/ASimUserManagement/Parsers/vimUserManagementLinuxAuthpriv.yaml x: 35 # contributors y: 411 lines of code Parsers/ASimUserManagement/Parsers/vimUserManagementNative.yaml x: 22 # contributors y: 90 lines of code Parsers/ASimUserManagement/Parsers/vimUserManagementSentinelOne.yaml x: 36 # contributors y: 221 lines of code Solutions/Amazon Web Services/Analytic Rules/AWS_GuardDuty_template.yaml x: 82 # contributors y: 151 lines of code Solutions/Armis/Data Connectors/ArmisActivities/ArmisActivitySentinelConnector/__init__.py x: 62 # contributors y: 367 lines of code Solutions/Azure Activity/Analytic Rules/AADHybridHealthADFSNewServer.yaml x: 72 # contributors y: 46 lines of code Solutions/Azure Activity/Analytic Rules/Granting_Permissions_To_Account_detection.yaml x: 56 # contributors y: 65 lines of code Solutions/Azure Activity/Analytic Rules/TimeSeriesAnomaly_Mass_Cloud_Resource_Deletions.yaml x: 66 # contributors y: 59 lines of code Solutions/Azure Firewall/Analytic Rules/SeveralDenyActionsRegistered.yaml x: 84 # contributors y: 70 lines of code Solutions/BitSight/Data Connectors/BitSightDataConnector/PortFolioCompanies/__init__.py x: 23 # contributors y: 19 lines of code Solutions/BitSight/Data Connectors/BitSightDataConnector/SharedCode/azure_sentinel.py x: 44 # contributors y: 85 lines of code Solutions/Business Email Compromise - Financial Fraud/Analytic Rules/AccountElevatedtoNewRole.yaml x: 59 # contributors y: 87 lines of code Solutions/Business Email Compromise - Financial Fraud/Hunting Queries/UserLoginIPAddressTeleportation.yaml x: 64 # contributors y: 112 lines of code Solutions/Business Email Compromise - Financial Fraud/Hunting Queries/riskSignInWithNewMFAMethod.yaml x: 64 # contributors y: 94 lines of code Solutions/Cisco ETD/Data Connectors/CiscoETDAzureSentinelConnector/__init__.py x: 21 # contributors y: 199 lines of code Solutions/CiscoDuoSecurity/Parsers/CiscoDuo.yaml x: 46 # contributors y: 97 lines of code Solutions/CiscoUmbrella/Data Connectors/ciscoUmbrellaDataConn/__init__.py x: 70 # contributors y: 543 lines of code Solutions/Cloud Identity Threat Protection Essentials/Hunting Queries/Signins-from-NordVPN-Providers.yaml x: 89 # contributors y: 72 lines of code Solutions/Cloud Identity Threat Protection Essentials/Hunting Queries/SuspiciousSignintoPrivilegedAccount.yaml x: 88 # contributors y: 92 lines of code Solutions/Endpoint Threat Protection Essentials/Analytic Rules/SuspiciousPowerShellCommandExecuted.yaml x: 30 # contributors y: 69 lines of code Solutions/Endpoint Threat Protection Essentials/Hunting Queries/BackupDeletion.yaml x: 56 # contributors y: 90 lines of code Solutions/Endpoint Threat Protection Essentials/Hunting Queries/SuspiciousPowerShellCommandExecution.yaml x: 25 # contributors y: 57 lines of code Solutions/Fortinet FortiNDR Cloud/Data Connectors/fortinetFortiNdrCloudDataConn/sentinel/__init__.py x: 23 # contributors y: 1 lines of code Solutions/GoogleWorkspaceReports/Data Connectors/GWorkspaceReportsAPISentinelConn/GWorkspaceReports-TimeTrigger/__init__.py x: 23 # contributors y: 207 lines of code Solutions/GoogleWorkspaceReports/Data Connectors/get_google_pickle_string.py x: 44 # contributors y: 12 lines of code Solutions/Microsoft 365/Analytic Rules/SharePoint_Downloads_byNewIP.yaml x: 70 # contributors y: 71 lines of code Solutions/Microsoft Defender XDR/Analytic Rules/Campaign/Jupyter-Solarmaker/DeimosComponentExecution.yaml x: 17 # contributors y: 45 lines of code Solutions/Microsoft Defender XDR/Analytic Rules/Command and Control/C2-NamedPipe.yaml x: 17 # contributors y: 82 lines of code Solutions/Microsoft Defender XDR/Analytic Rules/Persistence/RareProcessAsService.yaml x: 17 # contributors y: 85 lines of code Solutions/Microsoft Defender XDR/Hunting Queries/Campaigns/Bazacall/PayloadDropUsingCertUtil.yaml x: 24 # contributors y: 4 lines of code Solutions/Microsoft Defender XDR/Hunting Queries/Campaigns/Jupyter-Solarmaker/DeimosComponentExecution.yaml x: 28 # contributors y: 22 lines of code Solutions/Microsoft Defender XDR/Hunting Queries/Exploits/PrintNightmareUsageDetection-CVE-2021-1675.yaml x: 28 # contributors y: 8 lines of code Solutions/Microsoft Defender XDR/Hunting Queries/Ransomware/MultiProcessKillWithTaskKill.yaml x: 29 # contributors y: 20 lines of code Solutions/Microsoft Entra ID/Analytic Rules/SuspiciousAADJoinedDeviceUpdate.yaml x: 45 # contributors y: 102 lines of code Solutions/Microsoft Entra ID/Analytic Rules/UserAccounts-CABlockedSigninSpikes.yaml x: 50 # contributors y: 114 lines of code Solutions/Network Threat Protection Essentials/Hunting Queries/B64IPInURL.yaml x: 63 # contributors y: 73 lines of code Solutions/Network Threat Protection Essentials/Hunting Queries/RiskyCommandB64EncodedInUrl.yaml x: 62 # contributors y: 73 lines of code Solutions/Prancer PenSuiteAI Integration/Analytic Rules/Flow_Logs_High_Severity.yaml x: 50 # contributors y: 52 lines of code Solutions/Prancer PenSuiteAI Integration/Analytic Rules/PAC_High_Severity.yaml x: 45 # contributors y: 60 lines of code Solutions/Syslog/Hunting Queries/SchedTaskAggregation.yaml x: 42 # contributors y: 9 lines of code Solutions/VMware Carbon Black Cloud/Data Connectors/AzureFunctionVMwareCarbonBlack/AlertsApiTimer/run.ps1 x: 22 # contributors y: 307 lines of code Solutions/VMware Carbon Black Cloud/Data Connectors/AzureFunctionVMwareCarbonBlack/AuditEventsAlertsTimer/run.ps1 x: 22 # contributors y: 375 lines of code Solutions/VMware SD-WAN and SASE/Analytic Rules/vmw-sdwan-ipfrag-attempt.yaml x: 22 # contributors y: 67 lines of code Solutions/VMware SD-WAN and SASE/Data Connectors/Function App Connector/vmw_sdwan_sase_funcapp/cws_dlplogs/__init__.py x: 22 # contributors y: 283 lines of code Solutions/VMware SD-WAN and SASE/Data Connectors/Function App Connector/vmw_sdwan_sase_funcapp/cws_healthcheck/__init__.py x: 22 # contributors y: 179 lines of code Solutions/VMware SD-WAN and SASE/Data Connectors/Function App Connector/vmw_sdwan_sase_funcapp/cws_weblogs/__init__.py x: 22 # contributors y: 248 lines of code Solutions/VMware SD-WAN and SASE/Data Connectors/Function App Connector/vmw_sdwan_sase_funcapp/sdwan_efslogs/__init__.py x: 22 # contributors y: 547 lines of code Solutions/Windows Security Events/Hunting Queries/ProcessEntropy.yaml x: 62 # contributors y: 150 lines of code Solutions/Windows Security Events/Hunting Queries/Suspicious_Windows_Login_outside_normal_hours.yaml x: 62 # contributors y: 123 lines of code Tools/PowerShell/SentinelAnalyticRulesManagementScript.ps1 x: 17 # contributors y: 1107 lines of code Parsers/ASimRegistryEvent/Parsers/VimRegistryEventMicrosoftSecurityEvent.yaml x: 1 # contributors y: 172 lines of code ASIM/dev/ASimTester/filteringTest/ASimFilteringTest.py x: 41 # contributors y: 484 lines of code ASIM/schemas/ASimAuthentication.yaml x: 71 # contributors y: 106 lines of code ASIM/schemas/ASimDns.yaml x: 72 # contributors y: 256 lines of code ASIM/schemas/ASimFileEvent.yaml x: 78 # contributors y: 232 lines of code ASIM/schemas/ASimUserManagement.yaml x: 36 # contributors y: 95 lines of code ASIM/schemas/common/ASimEnumerations.yaml x: 68 # contributors y: 112 lines of code ASIM/schemas/common/ASimEventFields.yaml x: 56 # contributors y: 120 lines of code ASIM/schemas/entities/ASimExtendedProcess.yaml x: 61 # contributors y: 10 lines of code ASIM/schemas/entities/ASimProcess.yaml x: 63 # contributors y: 10 lines of code ASIM/schemas/entities/ASimSystem.yaml x: 70 # contributors y: 107 lines of code DataConnectors/CEF/cef_installer.py x: 94 # contributors y: 554 lines of code DataConnectors/CEF/cef_troubleshoot.py x: 101 # contributors y: 653 lines of code DataConnectors/DocuSign-SecurityEvents/AzureFunctionDocuSignMonitor/DocuSignMonitorTimerTrigger/run.ps1 x: 57 # contributors y: 381 lines of code DataConnectors/Templates/Connector_REST_API_AzureFunctionApp_template/Template_REST_API_AzureFunction_App_Code/Template_REST_API_Function_App_C#/Template_REST_API_Function_App_C#.cs x: 32 # contributors y: 237 lines of code DataConnectors/microsoft-sentinel-log-analytics-logstash-output-plugin/lib/logstash/sentinel_la/eventsHandler.rb x: 29 # contributors y: 43 lines of code DataConnectors/microsoft-sentinel-log-analytics-logstash-output-plugin/lib/logstash/sentinel_la/logStashAutoResizeBuffer.rb x: 29 # contributors y: 104 lines of code Detections/ASimAuthentication/imAuthPasswordSpray.yaml x: 85 # contributors y: 46 lines of code Detections/ASimAuthentication/imSigninAttemptsByIPviaDisabledAccounts.yaml x: 79 # contributors y: 54 lines of code Detections/ASimDNS/imDNS_Miners.yaml x: 113 # contributors y: 89 lines of code Detections/ASimDNS/imDns_DomainEntity_DnsEvents.yaml x: 74 # contributors y: 4 lines of code Detections/ASimFileEvent/imFileESolarWindsSunburstSupernova.yaml x: 100 # contributors y: 31 lines of code Detections/ASimNetworkSession/IPEntity_imNetworkSession.yaml x: 66 # contributors y: 4 lines of code Detections/ASimNetworkSession/PortScan.yaml x: 64 # contributors y: 4 lines of code Detections/ASimProcess/imProcess_base64_encoded_pefile.yaml x: 88 # contributors y: 30 lines of code Detections/ASimProcess/imProcess_malware_in_recyclebin.yaml x: 96 # contributors y: 30 lines of code Detections/ASimWebSession/PotentiallyHarmfulFileTypes.yaml x: 102 # contributors y: 85 lines of code Detections/AWSCloudTrail/AWS_ChangeToRDSDatabase.yaml x: 109 # contributors y: 5 lines of code Detections/AWSCloudTrail/AWS_ChangeToVPC.yaml x: 117 # contributors y: 5 lines of code Detections/AWSCloudTrail/AWS_ClearStopChangeTrailLogs.yaml x: 111 # contributors y: 5 lines of code Detections/AWSCloudTrail/AWS_ConsoleLogonWithoutMFA.yaml x: 101 # contributors y: 5 lines of code Detections/AWSCloudTrail/SuspiciousAccessOfBECRelatedDocumentsInAWSS3Buckets.yaml x: 56 # contributors y: 5 lines of code Detections/AWSGuardDuty/AWS_GuardDuty_template.yaml x: 81 # contributors y: 4 lines of code Detections/AuditLogs/ADFSDomainTrustMods.yaml x: 131 # contributors y: 5 lines of code Detections/AuditLogs/AccountCreatedDeletedByNonApprovedUser.yaml x: 85 # contributors y: 5 lines of code Detections/AuditLogs/AccountCreatedandDeletedinShortTimeframe.yaml x: 91 # contributors y: 5 lines of code Detections/AuditLogs/AccountElevatedtoNewRole.yaml x: 58 # contributors y: 5 lines of code Detections/AuditLogs/AdditionofaTemporaryAccessPasstoaPrivilegedAccount.yaml x: 78 # contributors y: 82 lines of code Detections/AuditLogs/AdminPromoAfterRoleMgmtAppPermissionGrant.yaml x: 98 # contributors y: 5 lines of code Detections/AuditLogs/BulkChangestoPrivilegedAccountPermissions.yaml x: 84 # contributors y: 5 lines of code Detections/AuditLogs/ConditionalAccessPolicyModifiedbyNewUser.yaml x: 79 # contributors y: 79 lines of code Detections/AuditLogs/CredentialAddedAfterAdminConsent.yaml x: 120 # contributors y: 5 lines of code Detections/AuditLogs/Cross-tenantAccessSettingsOrganizationAdded.yaml x: 62 # contributors y: 6 lines of code Detections/AuditLogs/FirstAppOrServicePrincipalCredential.yaml x: 137 # contributors y: 5 lines of code Detections/AuditLogs/GuestAccountsAddedinAADGroupsOtherThanTheOnesSpecified.yaml x: 72 # contributors y: 6 lines of code Detections/AuditLogs/MaliciousOAuthApp_O365AttackToolkit.yaml x: 118 # contributors y: 5 lines of code Detections/AuditLogs/MultipleAdmin_membership_removals_from_NewAdmin.yaml x: 77 # contributors y: 5 lines of code Detections/AuditLogs/NRT_ADFSDomainTrustMods.yaml x: 86 # contributors y: 5 lines of code Detections/AuditLogs/NRT_AuthenticationMethodsChangedforVIPUsers.yaml x: 65 # contributors y: 6 lines of code Detections/AuditLogs/NRT_UseraddedtoPrivilgedGroups.yaml x: 88 # contributors y: 5 lines of code Detections/AuditLogs/NewAppOrServicePrincipalCredential.yaml x: 134 # contributors y: 5 lines of code Detections/AuditLogs/NewExtUserGrantedAdmin.yaml x: 53 # contributors y: 5 lines of code Detections/AuditLogs/PrivlegedRoleAssignedOutsidePIM.yaml x: 95 # contributors y: 5 lines of code Detections/AuditLogs/ServicePrincipalAssignedAppRoleWithSensitiveAccess.yaml x: 71 # contributors y: 93 lines of code Detections/AuditLogs/SuspiciousOAuthApp_OfflineAccess.yaml x: 115 # contributors y: 5 lines of code Detections/AuditLogs/SuspiciousServicePrincipalcreationactivity.yaml x: 100 # contributors y: 5 lines of code Detections/AuditLogs/URLAddedtoApplicationfromUnknownDomain.yaml x: 92 # contributors y: 101 lines of code Detections/AuditLogs/UserAccountCreatedUsingIncorrectNamingFormat.yaml x: 56 # contributors y: 82 lines of code Detections/AuditLogs/UserAssignedPrivilegedRole.yaml x: 92 # contributors y: 5 lines of code Detections/AuditLogs/UseraddedtoPrivilgedGroups.yaml x: 142 # contributors y: 5 lines of code Detections/AzureActivity/AzDiagSettingsDeleted.yaml x: 71 # contributors y: 67 lines of code Detections/AzureActivity/Creation_of_Expensive_Computes_in_Azure.yaml x: 60 # contributors y: 4 lines of code Detections/AzureActivity/Granting_Permissions_To_Account_detection.yaml x: 122 # contributors y: 4 lines of code Detections/AzureActivity/New-CloudShell-User.yaml x: 94 # contributors y: 4 lines of code Detections/AzureActivity/NewResourceGroupsDeployedTo.yaml x: 108 # contributors y: 4 lines of code Detections/AzureActivity/RareOperations.yaml x: 104 # contributors y: 4 lines of code Detections/AzureDiagnostics/AzureWAFmatching_log4j_vuln.yaml x: 70 # contributors y: 5 lines of code Detections/AzureDiagnostics/KeyVaultSensitiveOperations.yaml x: 119 # contributors y: 5 lines of code Detections/AzureDiagnostics/KeyvaultMassSecretRetrieval.yaml x: 125 # contributors y: 5 lines of code Detections/AzureFirewall/SeveralDenyActionsRegistered.yaml x: 121 # contributors y: 5 lines of code Detections/CiscoUmbrella/CiscoUmbrellaHackToolUserAgentDetected.yaml x: 92 # contributors y: 82 lines of code Detections/CommonSecurityLog/CiscoASA-AvgAttackDetectRateIncrease.yaml x: 83 # contributors y: 5 lines of code Detections/CommonSecurityLog/PaloAlto-PortScanning.yaml x: 102 # contributors y: 5 lines of code Detections/CommonSecurityLog/PaloAlto-UnusualThreatSignatures.yaml x: 40 # contributors y: 5 lines of code Detections/DeviceFileEvents/SolarWinds_SUNBURST_&_SUPERNOVA_File-IOCs.yaml x: 132 # contributors y: 5 lines of code Detections/DeviceNetworkEvents/SolarWinds_SUNBURST_Network-IOCs.yaml x: 133 # contributors y: 5 lines of code Detections/DnsEvents/DNS_HighNXDomainCount_detection.yaml x: 105 # contributors y: 5 lines of code Detections/DnsEvents/DNS_TorProxies.yaml x: 106 # contributors y: 5 lines of code Detections/DuoSecurity/IPEntity_DuoSecurity.yaml x: 59 # contributors y: 5 lines of code Detections/GitHub/Security Vulnerability in Repo.yaml x: 90 # contributors y: 6 lines of code Detections/MultipleDataSources/AADAWSConsoleCorrelation.yaml x: 119 # contributors y: 84 lines of code Detections/MultipleDataSources/ADFS-DKM-MasterKey-Export.yaml x: 126 # contributors y: 98 lines of code Detections/MultipleDataSources/AWSConsoleAADCorrelation.yaml x: 133 # contributors y: 69 lines of code Detections/MultipleDataSources/AquaBlizzardFeb2022.yaml x: 55 # contributors y: 5 lines of code Detections/MultipleDataSources/BariumIPIOC112020.yaml x: 144 # contributors y: 5 lines of code Detections/MultipleDataSources/CrossCloudUnauthorizedCredentialsAccessDetection.yaml x: 47 # contributors y: 3 lines of code Detections/MultipleDataSources/Dev-0228FilePathHashesNovember2021.yaml x: 98 # contributors y: 77 lines of code Detections/MultipleDataSources/Dev-0530_FileExtRename.yaml x: 76 # contributors y: 60 lines of code Detections/MultipleDataSources/Dev-0530_July2022.yaml x: 75 # contributors y: 5 lines of code Detections/MultipleDataSources/EUROPIUM _September2022.yaml x: 74 # contributors y: 159 lines of code Detections/MultipleDataSources/ExchangeServerVulnerabilitiesMarch2021IoCs.yaml x: 145 # contributors y: 5 lines of code Detections/MultipleDataSources/GainCodeExecutionADFSviaWMI.yaml x: 102 # contributors y: 171 lines of code Detections/MultipleDataSources/HostAADCorrelation.yaml x: 127 # contributors y: 102 lines of code Detections/MultipleDataSources/Mercury_Log4j_August2022.yaml x: 71 # contributors y: 244 lines of code Detections/MultipleDataSources/NewUserAgentLast24h.yaml x: 107 # contributors y: 5 lines of code Detections/MultipleDataSources/PHOSPHORUSMarch2019IOCs.yaml x: 141 # contributors y: 5 lines of code Detections/MultipleDataSources/SUNSPOTLogFile.yaml x: 113 # contributors y: 5 lines of code Detections/MultipleDataSources/Solorigate-Network-Beacon.yaml x: 138 # contributors y: 5 lines of code Detections/MultipleDataSources/SucessfullSiginFromPhingLink.yaml x: 79 # contributors y: 138 lines of code Detections/MultipleDataSources/WSLMalwareCorrelation.yaml x: 103 # contributors y: 5 lines of code Detections/MultipleDataSources/ZincOctober2022_AVHits_IOC.yaml x: 39 # contributors y: 5 lines of code Detections/OfficeActivity/ExternalUserAddedRemovedInTeams.yaml x: 114 # contributors y: 5 lines of code Detections/OfficeActivity/RareOfficeOperations.yaml x: 128 # contributors y: 5 lines of code Detections/OfficeActivity/SharePoint_Downloads_byNewIP.yaml x: 93 # contributors y: 5 lines of code Detections/OfficeActivity/office_policytampering.yaml x: 112 # contributors y: 5 lines of code Detections/SecurityAlert/Massdownload_USBFileCopy.yaml x: 67 # contributors y: 131 lines of code Detections/SecurityAlert/Solorigate-Defender-Detections.yaml x: 116 # contributors y: 60 lines of code Detections/SecurityAlert/Suspicious_WorkSpaceDeletion_Attempt.yaml x: 91 # contributors y: 90 lines of code Detections/SecurityEvent/AADHealthMonAgentRegKeyAccess.yaml x: 97 # contributors y: 139 lines of code Detections/SecurityEvent/AADHealthSvcAgentRegKeyAccess.yaml x: 88 # contributors y: 137 lines of code Detections/SecurityEvent/ADFSDBNamedPipeConnection.yaml x: 76 # contributors y: 5 lines of code Detections/SecurityEvent/COMEventSystemLoadingNewDLL.yaml x: 71 # contributors y: 117 lines of code Detections/SecurityEvent/DSRMAccountAbuse.yaml x: 58 # contributors y: 72 lines of code Detections/SecurityEvent/PotentialBuildProcessCompromise.yaml x: 110 # contributors y: 121 lines of code Detections/SecurityEvent/RDP_MultipleConnectionsFromSingleSystem.yaml x: 128 # contributors y: 96 lines of code Detections/SecurityEvent/RDP_RareConnection.yaml x: 117 # contributors y: 103 lines of code Detections/SecurityEvent/SilkTyphoonSuspiciousUMServiceError.yaml x: 58 # contributors y: 45 lines of code Detections/SecurityEvent/UserAccountAdd-Removed.yaml x: 131 # contributors y: 129 lines of code Detections/SecurityEvent/UserCreatedAddedToBuiltinAdmins_1d.yaml x: 126 # contributors y: 141 lines of code Detections/SecurityEvent/WDigestDowngradeAttack.yaml x: 51 # contributors y: 5 lines of code Detections/SecurityEvent/gte_6_FailedLogons_10m.yaml x: 159 # contributors y: 140 lines of code Detections/SigninLogs/AnomalousUserAppSigninLocationIncrease-detection.yaml x: 116 # contributors y: 5 lines of code Detections/SigninLogs/BypassCondAccessRule.yaml x: 124 # contributors y: 5 lines of code Detections/SigninLogs/DisabledAccountSigninsAcrossManyApplications.yaml x: 123 # contributors y: 5 lines of code Detections/SigninLogs/DistribPassCrackAttempt.yaml x: 126 # contributors y: 5 lines of code Detections/SigninLogs/FailedLogonToAzurePortal.yaml x: 135 # contributors y: 5 lines of code Detections/SigninLogs/PrivilegedUserLogonfromnewASN.yaml x: 99 # contributors y: 66 lines of code Detections/SigninLogs/SigninPasswordSpray.yaml x: 127 # contributors y: 5 lines of code Detections/ThreatIntelligenceIndicator/DomainEntity_Syslog.yaml x: 110 # contributors y: 5 lines of code Detections/ThreatIntelligenceIndicator/IPEntity_AzureKeyVault.yaml x: 87 # contributors y: 5 lines of code Detections/W3CIISLog/AnomomlousUserAgentConnection.yaml x: 106 # contributors y: 63 lines of code Hunting Queries/ASimProcess/imProcess_ProcessEntropy.yaml x: 77 # contributors y: 146 lines of code Hunting Queries/ASimProcess/imProcess_SolarWindsInventory.yaml x: 76 # contributors y: 19 lines of code Hunting Queries/ASimProcess/imProcess_powershell_downloads.yaml x: 85 # contributors y: 18 lines of code Hunting Queries/AuditLogs/AccountMFAModifications.yaml x: 26 # contributors y: 36 lines of code Hunting Queries/AuditLogs/ConsentToApplicationDiscovery.yaml x: 95 # contributors y: 99 lines of code Hunting Queries/AuditLogs/RareAuditActivityByApp.yaml x: 82 # contributors y: 79 lines of code Hunting Queries/AzureActivity/Azure-CloudShell-Usage.yaml x: 93 # contributors y: 42 lines of code Hunting Queries/AzureStorage/AzureStorageFileOnEndpoint.yaml x: 78 # contributors y: 24 lines of code Hunting Queries/GitHub/Unusual Number of Repository Clones.yaml x: 79 # contributors y: 32 lines of code Hunting Queries/Microsoft 365 Defender/Campaigns/redmenshen-bpfdoor-backdoor.yaml x: 47 # contributors y: 21 lines of code Hunting Queries/Microsoft 365 Defender/Defense evasion/Discovering potentially tampered devices [Nobelium].yaml x: 49 # contributors y: 9 lines of code Hunting Queries/Microsoft 365 Defender/Initial access/SuspiciousUrlClicked.yaml x: 88 # contributors y: 18 lines of code Hunting Queries/Microsoft 365 Defender/RemoteManagementMonitoring/rmm__all_netconn.yaml x: 29 # contributors y: 185 lines of code Hunting Queries/MultipleDataSources/CriticalOperationsWithSystemrestore.yaml x: 52 # contributors y: 103 lines of code Hunting Queries/MultipleDataSources/FirewallRuleChanges_using_netsh.yaml x: 64 # contributors y: 145 lines of code Hunting Queries/MultipleDataSources/PermutationsOnLogonNames.yaml x: 80 # contributors y: 124 lines of code Hunting Queries/MultipleDataSources/PossibleCommandInjectionagainstAzureIR.yaml x: 68 # contributors y: 89 lines of code Hunting Queries/MultipleDataSources/RareDNSLookupWithDataTransfer.yaml x: 106 # contributors y: 113 lines of code Hunting Queries/MultipleDataSources/TrackingPasswordChanges.yaml x: 85 # contributors y: 87 lines of code Hunting Queries/MultipleDataSources/TrackingPrivAccounts.yaml x: 96 # contributors y: 187 lines of code Hunting Queries/OfficeActivity/MultipleUsersEmailForwardedToSameDestination.yaml x: 33 # contributors y: 4 lines of code Hunting Queries/SigninLogs/SuccessThenFail_SameUserDiffApp.yaml x: 83 # contributors y: 65 lines of code Hunting Queries/SigninLogs/anomalous_app_azuread_signin.yaml x: 83 # contributors y: 54 lines of code Hunting Queries/SigninLogs/signinBurstFromMultipleLocations.yaml x: 96 # contributors y: 70 lines of code Hunting Queries/W3CIISLog/ClientIPwithManyUserAgents.yaml x: 98 # contributors y: 38 lines of code Hunting Queries/W3CIISLog/Potential_IIS_BF.yaml x: 87 # contributors y: 83 lines of code Hunting Queries/W3CIISLog/RareClientFileAccess.yaml x: 125 # contributors y: 52 lines of code Hunting Queries/W3CIISLog/SuspectedMailBoxExportHostonOWA.yaml x: 104 # contributors y: 26 lines of code Hunting Queries/WireData/WireDataBeacon.yaml x: 102 # contributors y: 54 lines of code Hunting Queries/ZoomLogs/MultipleRegistrationDenies.yaml x: 88 # contributors y: 46 lines of code Parsers/AS-StealthDefend/AS-StealthDefend.yaml x: 27 # contributors y: 20 lines of code Parsers/ASimAuditEvent/Parsers/ASimAuditEventCiscoISE.yaml x: 30 # contributors y: 295 lines of code Parsers/ASimAuditEvent/Parsers/ASimAuditEventCrowdStrikeFalconHost.yaml x: 22 # contributors y: 160 lines of code Parsers/ASimAuditEvent/Parsers/vimAuditEventCiscoISE.yaml x: 30 # contributors y: 360 lines of code Parsers/ASimAuditEvent/Parsers/vimAuditEventCrowdStrikeFalconHost.yaml x: 22 # contributors y: 217 lines of code Parsers/ASimAuthentication/Parsers/ASimAuthenticationAWSCloudTrail.yaml x: 75 # contributors y: 112 lines of code Parsers/ASimAuthentication/Parsers/ASimAuthenticationCiscoASA.yaml x: 29 # contributors y: 226 lines of code Parsers/ASimAuthentication/Parsers/ASimAuthenticationCiscoISE.yaml x: 41 # contributors y: 257 lines of code Parsers/ASimAuthentication/Parsers/ASimAuthenticationCrowdStrikeFalconHost.yaml x: 25 # contributors y: 109 lines of code Parsers/ASimAuthentication/Parsers/ASimAuthenticationM365Defender.yaml x: 84 # contributors y: 186 lines of code Parsers/ASimAuthentication/Parsers/ASimAuthenticationSshd.yaml x: 48 # contributors y: 210 lines of code Parsers/ASimDns/Parsers/ASimDnsFortinetFortigate.yaml x: 23 # contributors y: 214 lines of code Parsers/ASimDns/Parsers/ASimDnsInfobloxNIOS.yaml x: 78 # contributors y: 92 lines of code Parsers/ASimDns/Parsers/ASimDnsMicrosoftNXlog.yaml x: 55 # contributors y: 280 lines of code Parsers/ASimDns/Parsers/ASimDnsSentinelOne.yaml x: 24 # contributors y: 196 lines of code Parsers/ASimDns/Parsers/vimDnsMicrosoftNXlog.yaml x: 52 # contributors y: 335 lines of code Parsers/ASimDns/Parsers/vimDnsSentinelOne.yaml x: 24 # contributors y: 248 lines of code Parsers/ASimFileEvent/Parsers/ASimFileEventAzureBlobStorage.yaml x: 26 # contributors y: 85 lines of code Parsers/ASimFileEvent/Parsers/ASimFileEventAzureFileStorage.yaml x: 26 # contributors y: 69 lines of code Parsers/ASimFileEvent/Parsers/ASimFileEventMicrosoft365D.yaml x: 26 # contributors y: 130 lines of code Parsers/ASimFileEvent/Parsers/ASimFileEventMicrosoftSharePoint.yaml x: 26 # contributors y: 147 lines of code Parsers/ASimFileEvent/Parsers/vimFileEventAzureTableStorage.yaml x: 44 # contributors y: 156 lines of code Parsers/ASimFileEvent/Parsers/vimFileEventM365D.yaml x: 77 # contributors y: 207 lines of code Parsers/ASimFileEvent/Parsers/vimFileEventMicrosoftSharePoint.yaml x: 58 # contributors y: 232 lines of code Parsers/ASimFileEvent/Parsers/vimFileEventNative.yaml x: 57 # contributors y: 111 lines of code Parsers/ASimFileEvent/Parsers/vimFileEventSentinelOne.yaml x: 38 # contributors y: 172 lines of code Parsers/ASimFileEvent/Parsers/vimFileEventVMwareCarbonBlackCloud.yaml x: 26 # contributors y: 211 lines of code Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionCiscoFirepower.yaml x: 27 # contributors y: 242 lines of code Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionCiscoISE.yaml x: 41 # contributors y: 159 lines of code Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionCrowdStrikeFalconHost.yaml x: 23 # contributors y: 296 lines of code Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionForcePointFirewall.yaml x: 38 # contributors y: 341 lines of code Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionMicrosoft365Defender.yaml x: 82 # contributors y: 194 lines of code Parsers/ASimNetworkSession/Parsers/vimNetworkSessionCiscoFirepower.yaml x: 27 # contributors y: 318 lines of code Parsers/ASimNetworkSession/Parsers/vimNetworkSessionCiscoISE.yaml x: 41 # contributors y: 226 lines of code Parsers/ASimNetworkSession/Parsers/vimNetworkSessionCrowdStrikeFalconHost.yaml x: 23 # contributors y: 393 lines of code Parsers/ASimNetworkSession/Parsers/vimNetworkSessionForcePointFirewall.yaml x: 38 # contributors y: 416 lines of code Parsers/ASimNetworkSession/Parsers/vimNetworkSessionFortinetFortiGate.yaml x: 75 # contributors y: 176 lines of code Parsers/ASimNetworkSession/Parsers/vimNetworkSessionMicrosoft365Defender.yaml x: 90 # contributors y: 274 lines of code Parsers/ASimNetworkSession/Parsers/vimNetworkSessionSentinelOne.yaml x: 24 # contributors y: 228 lines of code Parsers/ASimNetworkSession/Parsers/vimNetworkSessionVMwareCarbonBlackCloud.yaml x: 26 # contributors y: 331 lines of code Parsers/ASimProcessEvent/Parsers/ASimProcessTerminateVMwareCarbonBlackCloud.yaml x: 24 # contributors y: 112 lines of code Parsers/ASimProcessEvent/Parsers/vimProcessCreateSentinelOne.yaml x: 26 # contributors y: 234 lines of code Parsers/ASimProcessEvent/Parsers/vimProcessCreateTrendMicroVisionOne.yaml x: 22 # contributors y: 200 lines of code Parsers/ASimProcessEvent/Parsers/vimProcessEmpty.yaml x: 66 # contributors y: 177 lines of code Parsers/ASimProcessEvent/Parsers/vimProcessEventNative.yaml x: 28 # contributors y: 137 lines of code Parsers/ASimProcessEvent/Parsers/vimProcessTerminateMicrosoftWindowsEvents.yaml x: 76 # contributors y: 133 lines of code Parsers/ASimProcessEvent/Parsers/vimProcessTerminateVMwareCarbonBlackCloud.yaml x: 24 # contributors y: 187 lines of code Parsers/ASimRegistryEvent/Parsers/vimRegistryEventMicrosoft365D.yaml x: 37 # contributors y: 158 lines of code Parsers/ASimRegistryEvent/Parsers/vimRegistryEventNative.yaml x: 28 # contributors y: 99 lines of code Parsers/ASimRegistryEvent/Parsers/vimRegistryEventTrendMicroVisionOne.yaml x: 24 # contributors y: 100 lines of code Parsers/ASimWebSession/Parsers/ASimWebSessionApacheHTTPServer.yaml x: 33 # contributors y: 71 lines of code Parsers/ASimWebSession/Parsers/vimWebSessionCiscoFirepower.yaml x: 27 # contributors y: 268 lines of code Parsers/ASimWebSession/Parsers/vimWebSessionIIS.yaml x: 52 # contributors y: 139 lines of code Solutions/Akamai Security Events/Parsers/AkamaiSIEMEvent.yaml x: 31 # contributors y: 96 lines of code Solutions/Alibaba Cloud/Parsers/AliCloud.yaml x: 31 # contributors y: 24 lines of code Solutions/Alsid For AD/Parsers/afad_parser.yaml x: 31 # contributors y: 113 lines of code Solutions/Amazon Web Services/Analytic Rules/AWS_CreatedCRUDDyanmoDBPolicytoPrivilegeEscalation.yaml x: 73 # contributors y: 77 lines of code Solutions/Amazon Web Services/Analytic Rules/SuspiciousAWSEC2ComputeResourceDeployments.yaml x: 41 # contributors y: 48 lines of code Solutions/Armorblox/Analytic Rules/ArmorbloxNeedsReviewAlert.yaml x: 74 # contributors y: 40 lines of code Solutions/AtlassianJiraAudit/Hunting Queries/JiraUserIPs.yaml x: 43 # contributors y: 25 lines of code Solutions/Authomize/Data Connectors/AuthomizeSentinelConnector/__init__.py x: 29 # contributors y: 123 lines of code Solutions/Azure Activity/Hunting Queries/AnomalousAzureOperationModel.yaml x: 48 # contributors y: 121 lines of code Solutions/Azure SQL Database solution for sentinel/Hunting Queries/HuntingQuery-SuspiciousStoredProcedures.yaml x: 44 # contributors y: 51 lines of code Solutions/BitSight/Parsers/BitSightAlerts.yaml x: 31 # contributors y: 43 lines of code Solutions/Bitglass/Parsers/Bitglass.yaml x: 31 # contributors y: 160 lines of code Solutions/Box/Data Connectors/AzureFunctionBox/main.py x: 89 # contributors y: 158 lines of code Solutions/CTM360/Data Connectors/CBS/AzureFunctionCTM360_CBS/__init__.py x: 22 # contributors y: 149 lines of code Solutions/Cisco SD-WAN/Parsers/CiscoSDWANNetflow.yaml x: 31 # contributors y: 243 lines of code Solutions/CiscoDuoSecurity/Data Connectors/AzureFunctionCiscoDuo/main.py x: 114 # contributors y: 373 lines of code Solutions/Citrix ADC/Parsers/CitrixADCEventOld.yaml x: 31 # contributors y: 168 lines of code Solutions/Cloud Identity Threat Protection Essentials/Hunting Queries/UserGrantedAccess_GrantsOthersAccess.yaml x: 47 # contributors y: 76 lines of code Solutions/Cloudflare/Parsers/Cloudflare.yaml x: 31 # contributors y: 221 lines of code Solutions/CofenseIntelligence/Data Connectors/CofenseIntelligenceDataConnector/CofenseIntelligenceMalware/__init__.py x: 27 # contributors y: 13 lines of code Solutions/CofenseIntelligence/Data Connectors/CofenseIntelligenceDataConnector/CofenseIntelligenceMalware/cofense_malware_data_to_sentinel.py x: 27 # contributors y: 391 lines of code Solutions/CofenseIntelligence/Data Connectors/CofenseIntelligenceDataConnector/CofenseToSentinel/cofense_to_sentinel_mapping.py x: 27 # contributors y: 60 lines of code Solutions/CofenseIntelligence/Data Connectors/CofenseIntelligenceDataConnector/SentinelToDefender/__init__.py x: 27 # contributors y: 34 lines of code Solutions/CofenseIntelligence/Data Connectors/CofenseIntelligenceDataConnector/SentinelToDefender/defender.py x: 27 # contributors y: 283 lines of code Solutions/CofenseIntelligence/Data Connectors/CofenseIntelligenceDataConnector/SentinelToDefender/sentinel.py x: 27 # contributors y: 711 lines of code Solutions/CofenseIntelligence/Data Connectors/CofenseIntelligenceDataConnector/SharedCode/utils.py x: 27 # contributors y: 433 lines of code Solutions/CofenseTriage/Data Connectors/CofenseTriageDataConnector/IndicatorCreatorToDefender/sentinel.py x: 31 # contributors y: 751 lines of code Solutions/CofenseTriage/Data Connectors/CofenseTriageDataConnector/NonCofenseBasedIndicatorCreatorToCofense/sentinel.py x: 31 # contributors y: 727 lines of code Solutions/CofenseTriage/Data Connectors/CofenseTriageDataConnector/SharedCode/utils.py x: 31 # contributors y: 444 lines of code Solutions/CognyteLuminar/Data Connectors/Cognyte Luminar/__init__.py x: 24 # contributors y: 403 lines of code Solutions/Corelight/Hunting Queries/CorelightDataTransferedByIp.yaml x: 50 # contributors y: 25 lines of code Solutions/Corelight/Hunting Queries/CorelightMultipleRemoteSMBConnectionsFromSingleIP.yaml x: 54 # contributors y: 26 lines of code Solutions/CrowdStrike Falcon Endpoint Protection/Parsers/CrowdStrikeReplicator.yaml x: 35 # contributors y: 1074 lines of code Solutions/CrowdStrike Falcon Endpoint Protection/Parsers/CrowdStrikeReplicatorV2.yaml x: 47 # contributors y: 155 lines of code Solutions/CrowdStrike Falcon Endpoint Protection/Parsers/CrowdStrikeReplicator_future.yaml x: 32 # contributors y: 1123 lines of code Solutions/CyberArkEPM/DataConnectors/CyberArkEPMSentinelConnector/pyepm.py x: 49 # contributors y: 184 lines of code Solutions/DNS Essentials/Analytic Rules/MultipleErrorsReportedForSameDNSQueryAnomalyBased.yaml x: 41 # contributors y: 121 lines of code Solutions/Dataminr Pulse/Analytic Rules/DataminrSentinelAlerts.yaml x: 25 # contributors y: 36 lines of code Solutions/Dataminr Pulse/Data Connectors/DataminrPulseAlerts/DataminrPulseAlertsManualActivity/__init__.py x: 25 # contributors y: 17 lines of code Solutions/Dataminr Pulse/Data Connectors/DataminrPulseAlerts/DataminrPulseAlertsManualActivity/dataminrpulse_integration_settings.py x: 37 # contributors y: 341 lines of code Solutions/Dataminr Pulse/Data Connectors/DataminrPulseAlerts/DataminrPulseAlertsSentinelActivity/sentinel.py x: 25 # contributors y: 94 lines of code Solutions/Dataminr Pulse/Data Connectors/DataminrPulseAlerts/DataminrPulseThreatIntelligence/dataminr_pulse_to_threat_intelligence_mapping.py x: 28 # contributors y: 118 lines of code Solutions/Dataminr Pulse/Data Connectors/DataminrPulseAlerts/DataminrPulseThreatIntelligence/sentinel.py x: 25 # contributors y: 193 lines of code Solutions/Dataminr Pulse/Data Connectors/DataminrPulseAlerts/RetryFailedIndicators/post_to_log_analytics.py x: 25 # contributors y: 115 lines of code Solutions/Dataminr Pulse/Data Connectors/DataminrPulseAlerts/RetryFailedIndicators/retry_failed_indicators.py x: 25 # contributors y: 271 lines of code Solutions/Dataminr Pulse/Data Connectors/DataminrPulseAlerts/shared_code/validate_params.py x: 25 # contributors y: 46 lines of code Solutions/Digital Shadows/Data Connectors/Digital Shadows/DigitalShadowsConnectorAzureFunction/DS_api.py x: 66 # contributors y: 98 lines of code Solutions/Digital Shadows/Data Connectors/Digital Shadows/DigitalShadowsConnectorAzureFunction/__init__.py x: 66 # contributors y: 27 lines of code Solutions/Digital Shadows/Data Connectors/Digital Shadows/DigitalShadowsConnectorAzureFunction/state_serializer.py x: 66 # contributors y: 73 lines of code Solutions/Endpoint Threat Protection Essentials/Hunting Queries/PotentialMicrosoftSecurityServicesTampering.yaml x: 45 # contributors y: 117 lines of code Solutions/Exabeam Advanced Analytics/Parsers/ExabeamEvent.yaml x: 31 # contributors y: 104 lines of code Solutions/FalconFriday/Analytic Rules/DLLSideLoading.yaml x: 68 # contributors y: 5 lines of code Solutions/Feedly/Data Connectors/FeedlySentinelConnector/feedly_downloader.py x: 30 # contributors y: 19 lines of code Solutions/Feedly/Data Connectors/FeedlySentinelConnector/worker.py x: 30 # contributors y: 74 lines of code Solutions/FireEye Network Security/Parsers/FireEyeNXEvent.yaml x: 31 # contributors y: 70 lines of code Solutions/GoogleCloudPlatformDNS/Hunting Queries/GCPDNSRareDomains.yaml x: 52 # contributors y: 25 lines of code Solutions/GoogleWorkspaceReports/Parsers/GWorkspaceActivityReports.yaml x: 31 # contributors y: 204 lines of code Solutions/GreyNoiseThreatIntelligence/Data Connectors/GreyNoiseAPISentinelConnector/main.py x: 37 # contributors y: 300 lines of code Solutions/Legacy IOC based Threat Protection/Deprecated Analytic Rules/Dev-0530_July2022.yaml x: 24 # contributors y: 164 lines of code Solutions/Legacy IOC based Threat Protection/Hunting Queries/Dev-0322FileDropActivityNovember2021(ASIMVersion).yaml x: 41 # contributors y: 9 lines of code Solutions/Legacy IOC based Threat Protection/Hunting Queries/NylonTyphoonRegIOCPatterns.yaml x: 54 # contributors y: 91 lines of code Solutions/Lookout Cloud Security Platform for Microsoft Sentinel/Data Connectors/LookoutCSConnector/LookoutCloudSecurityAnamolies/__init__.py x: 50 # contributors y: 340 lines of code Solutions/MailRisk/Data Connectors/models/email.py x: 51 # contributors y: 104 lines of code Solutions/McAfee ePolicy Orchestrator/Parsers/McAfeeEPOEvent.yaml x: 51 # contributors y: 200 lines of code Solutions/MicrosoftPurviewInsiderRiskManagement/Analytic Rules/InsiderRiskSensitiveDataAccessOutsideOrgGeo.yaml x: 79 # contributors y: 57 lines of code Solutions/MimecastSEG/Data Connectors/Models/Enum/__init__.py x: 26 # contributors y: 1 lines of code Solutions/MimecastTTP/Data Connectors/GetTTPAttachment/__init__.py x: 39 # contributors y: 78 lines of code Solutions/MimecastTTP/Data Connectors/Helpers/request_helper.py x: 26 # contributors y: 117 lines of code Solutions/Netskope/Data Connectors/Netskope/AzureFunctionNetskope/run.ps1 x: 60 # contributors y: 388 lines of code Solutions/Okta Single Sign-On/Data Connectors/OktaSingleSign-On/AzureFunctionOktaSSO_V2/AzureFunctionOktaSSO/run.ps1 x: 21 # contributors y: 167 lines of code Solutions/OneLoginIAM/Parsers/OneLogin.yaml x: 38 # contributors y: 589 lines of code Solutions/Qualys VM Knowledgebase/Data Connectors/AzureFunctionQualysKB/run.ps1 x: 77 # contributors y: 262 lines of code Solutions/Rapid7InsightVM/Data Connectors/InsightVMCloudAPISentinelConnector/__init__.py x: 85 # contributors y: 218 lines of code Solutions/Snowflake/Hunting Queries/SnowflakeHighCreditConsumingQueries.yaml x: 61 # contributors y: 26 lines of code Solutions/Vectra AI Stream/Parsers/VectraStream_function.yaml x: 31 # contributors y: 460 lines of code Solutions/Web Session Essentials/Analytic Rules/RequestToPotentiallyHarmfulFileTypes.yaml x: 35 # contributors y: 112 lines of code Solutions/Windows Server DNS/Hunting Queries/DNS_HighPercentNXDomainCount.yaml x: 53 # contributors y: 100 lines of code Solutions/ZeroNetworks/Playbooks/ZeroNetworksConnector/ZeroNetworks-swagger.yaml x: 31 # contributors y: 379 lines of code Solutions/ZoomReports/Data Connectors/ZoomSentinelConnector/__init__.py x: 47 # contributors y: 299 lines of code Tools/Archive-Log-Tool/ArchiveLogsTool-PowerShell/Configure-Long-Term-Retention.ps1 x: 97 # contributors y: 510 lines of code Tools/Create-Azure-Sentinel-Solution/V2/createSolutionV2.ps1 x: 137 # contributors y: 2512 lines of code Tools/Create-Azure-Sentinel-Solution/common/LogAppInsights.ps1 x: 39 # contributors y: 387 lines of code Tools/Playbook-ARM-Template-Generator/src/Playbook_ARM_Template_Generator.ps1 x: 42 # contributors y: 526 lines of code Tools/Sentinel-All-In-One/v2/Scripts/EnableRules.ps1 x: 46 # contributors y: 276 lines of code Hunting Queries/Microsoft 365 Defender/Email Queries/ZAP/Total ZAP Count.yaml x: 1 # contributors y: 20 lines of code Solutions/Radiflow/Analytic Rules/RadiflowUnauthorizedCommandInOperationalDevice.yaml x: 1 # contributors y: 33 lines of code Tools/Create-Azure-Sentinel-Solution/createSolution.ps1 x: 104 # contributors y: 1314 lines of code Hunting Queries/AzureActivity/AzureAdministrationFromVPS.yaml x: 80 # contributors y: 3 lines of code Hunting Queries/AzureActivity/Common_Deployed_Resources.yaml x: 89 # contributors y: 3 lines of code Hunting Queries/AzureActivity/Rare_Custom_Script_Extension.yaml x: 69 # contributors y: 3 lines of code Hunting Queries/CommonSecurityLog/B64IPInURL.yaml x: 52 # contributors y: 4 lines of code Hunting Queries/OfficeActivity/MultiTeamBot.yaml x: 78 # contributors y: 4 lines of code Hunting Queries/SecurityEvent/DecoyUserAccountAuthenticationAttempt.yaml x: 54 # contributors y: 4 lines of code Parsers/ASimAuditEvent/Parsers/ASimAuditEventMicrosoftExchangeAdmin365.yaml x: 39 # contributors y: 122 lines of code Parsers/ASimAuditEvent/Parsers/vimAuditEventAzureAdminActivity.yaml x: 37 # contributors y: 216 lines of code Parsers/ASimAuditEvent/Parsers/vimAuditEventMicrosoftExchangeAdmin365.yaml x: 39 # contributors y: 191 lines of code Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionAppGateSDP.yaml x: 55 # contributors y: 158 lines of code Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionCheckPointFirewall.yaml x: 52 # contributors y: 268 lines of code Parsers/ASimNetworkSession/Parsers/vimNetworkSessionAppGateSDP.yaml x: 60 # contributors y: 232 lines of code Parsers/ASimNetworkSession/Parsers/vimNetworkSessionCheckPointFirewall.yaml x: 50 # contributors y: 325 lines of code Parsers/ASimNetworkSession/Parsers/vimNetworkSessionMicrosoftLinuxSysmon.yaml x: 84 # contributors y: 204 lines of code Parsers/ASimNetworkSession/Parsers/vimNetworkSessionzScalerZIA.yaml x: 76 # contributors y: 168 lines of code Parsers/ASimWebSession/Parsers/ASimWebSessionNative.yaml x: 28 # contributors y: 73 lines of code Parsers/ASimWebSession/Parsers/ASimWebSessionzScalerZIA.yaml x: 77 # contributors y: 123 lines of code Parsers/ASimWebSession/Parsers/vimWebSessionEmpty.yaml x: 79 # contributors y: 179 lines of code Solutions/CohesitySecurity/Tools/Cohesity_Playbook_ARM_Template_Generator.ps1 x: 26 # contributors y: 445 lines of code Solutions/CohesitySecurity/build_one_solution.ps1 x: 27 # contributors y: 1315 lines of code Solutions/1Password/Analytics Rules/1Password - Manual Account Creation.yaml x: 1 # contributors y: 55 lines of code ASIM/dev/Delete-SentinelFunction/Delete-SentinelFunction.ps1 x: 21 # contributors y: 92 lines of code ASIM/lib/functions/ASIM_LookupDnsQueryType.yaml x: 33 # contributors y: 117 lines of code ASIM/lib/functions/ASIM_LookupHTTPStatusCode.yaml x: 36 # contributors y: 228 lines of code ASIM/lib/functions/ASIM_LookupNetworkProtocol.yaml x: 33 # contributors y: 176 lines of code ASIM/lib/functions/ASIM_ResolveDnsQueryType.yaml x: 43 # contributors y: 120 lines of code ASIM/lib/functions/ASIM_ResolveNetworkProtocol.yaml x: 43 # contributors y: 179 lines of code DataConnectors/AWS-CloudTrail-AzureFunction/AzFunAWSCloudTrailLogsIngestion/__init__.py x: 18 # contributors y: 378 lines of code DataConnectors/AWS-S3-AzureFunction/AzFun-AWS-S3-Ingestion/__init__.py x: 31 # contributors y: 512 lines of code DataConnectors/AWS-S3/Utils/HelperFunctions.ps1 x: 39 # contributors y: 227 lines of code DataConnectors/AzureStorage/GetAzureStorageLogsFunction.cs x: 9 # contributors y: 327 lines of code DataConnectors/Duo Security/AzureFunctionDuoSecurity/run.ps1 x: 41 # contributors y: 250 lines of code DataConnectors/Fluentd-VMSS/plugin/cef_version_0_keys.yaml x: 6 # contributors y: 166 lines of code DataConnectors/Fluentd-VMSS/plugin/out_remote_syslog-as.rb x: 6 # contributors y: 132 lines of code DataConnectors/Fluentd-VMSS/plugin/parser_cef-as.rb x: 6 # contributors y: 203 lines of code DataConnectors/GithubFunction/AzureFunctionGitHub/requirements.psd1 x: 19 # contributors y: 6 lines of code DataConnectors/JumpCloud Single Sign On/AzureFunctionJumpCloud/requirements.psd1 x: 15 # contributors y: 8 lines of code DataConnectors/MCASActivityFunction/AzureFunctionMCASActivity/MCASActivityTimerTrigger/run.ps1 x: 50 # contributors y: 304 lines of code DataConnectors/O365 Data/O365APItoAS-Template/TimerTrigger/modules/Write-OMSLogfile.ps1 x: 5 # contributors y: 126 lines of code DataConnectors/O365 Data/O365APItoAS-Template/requirements.psd1 x: 5 # contributors y: 6 lines of code DataConnectors/O365 DataCSharp/Teams.CustomConnector.Common/ExponentialBackoff.cs x: 7 # contributors y: 35 lines of code DataConnectors/O365 DataCSharp/Teams.CustomConnector.Models/AuditInitialReport.cs x: 7 # contributors y: 17 lines of code DataConnectors/O365 DataCSharp/Teams.CustomConnector.Processor/Processor.cs x: 7 # contributors y: 201 lines of code DataConnectors/O365 DataCSharp/Teams.CustomConnector.StorageHandler/StorageHandler.cs x: 22 # contributors y: 113 lines of code DataConnectors/Okta Single Sign-On/AzureFunctionOktaSSO_V2/AzureFunctionOktaSSO/run.ps1 x: 38 # contributors y: 167 lines of code DataConnectors/Qualys VM/AzureFunctionQualysVM/run.ps1 x: 43 # contributors y: 212 lines of code DataConnectors/S3-Lambda/S3toSentinel.ps1 x: 13 # contributors y: 227 lines of code DataConnectors/Templates/Connector_REST_API_AzureFunctionApp_template/Template_REST_API_AzureFunction_App_Code/Template_REST_API_Function_App_PowerShell/Template_REST_API_Function_App_PowerShell.ps1 x: 37 # contributors y: 119 lines of code DataConnectors/Templates/Connector_REST_API_AzureFunctionApp_template/Template_REST_API_AzureFunction_App_Code/Template_REST_API_Function_App_PowerShell/profile.ps1 x: 6 # contributors y: 18 lines of code DataConnectors/Templates/Connector_REST_API_AzureFunctionApp_template/Template_REST_API_AzureFunction_App_Code/Template_REST_API_Function_App_PowerShell/requirements.psd1 x: 6 # contributors y: 7 lines of code Hunting Queries/Microsoft 365 Defender/Campaigns/fireeye-red-team-tools-HASHs [Nobelium].yaml x: 22 # contributors y: 335 lines of code Hunting Queries/Microsoft 365 Defender/Campaigns/oceanlotus-apt32-files.yaml x: 22 # contributors y: 98 lines of code Hunting Queries/Microsoft 365 Defender/General queries/Baseline Comparison.yaml x: 22 # contributors y: 257 lines of code Hunting Queries/MultipleDataSources/DownloadofNewFileUsingCurl.yaml x: 33 # contributors y: 57 lines of code Hunting Queries/ZoomLogs/HighCPURoom.yaml x: 68 # contributors y: 35 lines of code Parsers/ASimDns/Parsers/ASimDnsCorelightZeek.yaml x: 52 # contributors y: 204 lines of code Parsers/ASimDns/Parsers/vimDnsCiscoUmbrella.yaml x: 37 # contributors y: 108 lines of code Parsers/ASimDns/Parsers/vimDnsCorelightZeek.yaml x: 52 # contributors y: 256 lines of code Parsers/ASimDns/Parsers/vimDnsEmpty.yaml x: 49 # contributors y: 173 lines of code Parsers/ASimDns/Parsers/vimDnsMicrosoftOMS.yaml x: 47 # contributors y: 256 lines of code Parsers/ASimDns/Parsers/vimDnsVectraAI.yaml x: 36 # contributors y: 144 lines of code Parsers/ASimNetworkSession/ASimNetworkSessionV1/NetworkSessionEmpty.yaml x: 33 # contributors y: 143 lines of code Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionAzureFirewall.yaml x: 44 # contributors y: 99 lines of code Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionCorelightZeek.yaml x: 38 # contributors y: 129 lines of code Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionMicrosoftLinuxSysmon.yaml x: 66 # contributors y: 120 lines of code Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionVMConnection.yaml x: 59 # contributors y: 153 lines of code Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionVectraAI.yaml x: 33 # contributors y: 134 lines of code Parsers/ASimNetworkSession/Parsers/vimNetworkSessionAzureNSG.yaml x: 52 # contributors y: 155 lines of code Parsers/ASimNetworkSession/Parsers/vimNetworkSessionEmpty.yaml x: 53 # contributors y: 164 lines of code Parsers/ASimNetworkSession/Parsers/vimNetworkSessionVectraAI.yaml x: 33 # contributors y: 196 lines of code Parsers/ASimProcessEvent/Parsers/vimProcessCreateLinuxSysmon.yaml x: 35 # contributors y: 171 lines of code Parsers/ASimProcessEvent/Parsers/vimProcessCreateMicrosoftSecurityEvents.yaml x: 48 # contributors y: 184 lines of code Parsers/ASimWebSession/Parsers/vimWebSessionSquidProxy.yaml x: 66 # contributors y: 141 lines of code Parsers/ASimWebSession/Parsers/vimWebSessionVectraAI.yaml x: 44 # contributors y: 196 lines of code Playbooks/Resolve-McasInfrequentCountryAlerts/Deploy.ps1 x: 10 # contributors y: 5 lines of code Solutions/AWSAthena/Playbooks/CustomConnector/AWSAthena_FunctionAppConnector/GetQueryResults/__init__.py x: 21 # contributors y: 78 lines of code Solutions/AbnormalSecurity/Data Connectors/SentinelFunctionsOrchestrator/sentinel_connector_async.py x: 19 # contributors y: 96 lines of code Solutions/Box/Analytic Rules/BoxBinaryFile.yaml x: 71 # contributors y: 29 lines of code Solutions/CrowdStrike Falcon Endpoint Protection/Data Connectors/CrowdstrikeReplicator/CrowdstrikeFalconAPISentinelConnector/sentinel_connector_async.py x: 33 # contributors y: 95 lines of code Solutions/PaloAltoPrismaCloud/Data Connectors/AzureFunctionPrismaCloud/main.py x: 55 # contributors y: 193 lines of code Solutions/PaloAltoPrismaCloud/Data Connectors/AzureFunctionPrismaCloud/sentinel_connector_async.py x: 42 # contributors y: 101 lines of code Solutions/SAP/template/loggingconfig_DEV.yaml x: 43 # contributors y: 195 lines of code Solutions/SailPointIdentityNow/Data Connectors/SearchEvent/__init__.py x: 34 # contributors y: 179 lines of code Solutions/SecurityScorecard Cybersecurity Ratings/Data Connectors/SecurityScorecardFactor/SecurityScorecardFactorSentinelConnector/writers.py x: 22 # contributors y: 188 lines of code Solutions/SentinelOne/Data Connectors/SentinelOneSentinelConnector/__init__.py x: 25 # contributors y: 173 lines of code Solutions/SlackAudit/Data Connectors/SlackAuditAPISentinelConnector/__init__.py x: 22 # contributors y: 278 lines of code Solutions/Snowflake/Data Connectors/AzureFunctionSnowflake/sentinel_connector.py x: 39 # contributors y: 103 lines of code Solutions/Synack/Integrations/AzureFunctionSynack/synack-service.js x: 41 # contributors y: 111 lines of code Solutions/Synack/Integrations/AzureFunctionSynack/sync-service.js x: 41 # contributors y: 220 lines of code Solutions/TenableIO/Data Connectors/TenableGenerateJobStats/__init__.py x: 16 # contributors y: 136 lines of code Tools/ArcSight-Data-Migration/lacat-opt.py x: 23 # contributors y: 152 lines of code Tools/Az.SecurityInsights-Samples/Alert Rules/Import GitHub YAML rules/ImportGitHubYAMLrules.ps1 x: 27 # contributors y: 158 lines of code Tools/AzureDataExplorer/CreateTables_ADX/Create-LA-Tables-ADX.ps1 x: 16 # contributors y: 318 lines of code Tools/AzureDataExplorer/Migrate-LA-to-ADX.ps1 x: 48 # contributors y: 613 lines of code Tools/AzureDataExplorer/Pipeline/Migrate-LA-to-ADX-Pipeline.ps1 x: 16 # contributors y: 611 lines of code Tools/CustomLogsIngestion-DCE-DCR/src/Send-AzMonitorCustomLogs.ps1 x: 28 # contributors y: 190 lines of code Tools/ParameterizedFunction/AuditEventDataLookup_Func.ps1 x: 10 # contributors y: 136 lines of code Tools/PowerShell/Add-PlaybooksToSentinel/Add-PlaybooksToSentinel.ps1 x: 7 # contributors y: 136 lines of code Tools/RDAP/RDAPQuery/RDAPQuery/LogAnalytics.cs x: 18 # contributors y: 159 lines of code Tools/SIEM-Data-Migration/installTools.ps1 x: 17 # contributors y: 7 lines of code Tools/Sample-Data-Ingest-Tool/SampleDataIngestTool/AppConfig.cs x: 5 # contributors y: 33 lines of code Tools/UploadToBlobLookupTables/UploadToBlobLookupTables/UploadToBlobLookupTables/run.ps1 x: 5 # contributors y: 83 lines of code Tutorials/Microsoft 365 Defender/Webcasts/Airlift 2021 - Lets Invoke.csl x: 19 # contributors y: 415 lines of code Watchlists/UpdateCloudIPs/AzureFunctionUpdateCloudIPs/UpdateCloudIPs/run.ps1 x: 21 # contributors y: 529 lines of code Parsers/ASimAuthentication/Parsers/ASimAuthenticationCiscoIse.yaml x: 1 # contributors y: 257 lines of code Parsers/ASimAuthentication/Parsers/vimAuthenticationCiscoIse.yaml x: 1 # contributors y: 352 lines of code Solutions/Digital Shadows/Data Connectors/Digital shadows/DigitalShadowsConnectorAzureFunction/AS_poller.py x: 1 # contributors y: 2 lines of code Solutions/Digital Shadows/Data Connectors/Digital shadows/DigitalShadowsConnectorAzureFunction/DS_api.py x: 1 # contributors y: 98 lines of code Solutions/Digital Shadows/Data Connectors/Digital shadows/DigitalShadowsConnectorAzureFunction/DS_poller.py x: 1 # contributors y: 140 lines of code Solutions/Digital Shadows/Data Connectors/Digital shadows/DigitalShadowsConnectorAzureFunction/state_serializer.py x: 1 # contributors y: 73 lines of code Detections/AWSGuardDuty/AWS_GuardDuty_template.YAML x: 3 # contributors y: 4 lines of code
3543.0
lines of code
  min: 1.0
  average: 63.97
  25th percentile: 23.0
  median: 37.0
  75th percentile: 69.0
  max: 3543.0
0 159.0
# contributors
min: 1.0 | average: 41.06 | 25th percentile: 22.0 | median: 34.0 | 75th percentile: 55.0 | max: 159.0