sigma-rules/hunting/azure/queries at 1ce072a4e58238d94deae33ff8de25458ac129d5 - sigma-rules - GreySec Git

security-tools/sigma-rules

Files

T

History

Terrance DeJesus bfca0ea414 [New Hunt] Commvault Supply Chain Threat (#4748 )

* hunts for CommVault threat

* added lookback time to ESQL query

* updated query logic

2025-05-28 14:11:46 -04:00

..

entra_authentication_attempts_behind_rare_user_agents.toml

[New Hunt] Adding Hunting Queries for Azure Entra Sign-In Anomalies (#4527 )

2025-03-11 10:27:08 -04:00

entra_authentication_attempts_from_abused_hosting_service_providers.toml

new hunting queries for Azure device code (#4468 )

2025-02-21 11:00:34 -05:00

entra_device_code_authentication_from_unusual_principal.toml

new hunting queries for Azure device code (#4468 )

2025-02-21 11:00:34 -05:00

entra_excessive_non_interactive_sfa_sign_ins_across_users.toml

[New Hunt] Adding Hunting Queries for Azure Entra Sign-In Anomalies (#4527 )

2025-03-11 10:27:08 -04:00

entra_rare_actions_by_service_principal.toml

[New Hunt] Commvault Supply Chain Threat (#4748 )

2025-05-28 14:11:46 -04:00

entra_service_principal_credentials_added_to_rare_app.toml

[New Hunt] Commvault Supply Chain Threat (#4748 )

2025-05-28 14:11:46 -04:00

entra_suspicious_odata_client_requests.toml

new hunt 'Microsoft Entra Infrequent Suspicious OData Client Requests' (#4708 )

2025-05-09 22:14:42 -04:00

entra_unusual_client_app_auth_request_on_behalf_of_user.toml

[New Hunt] Adding Hunting Queries for Azure Entra Sign-In Anomalies (#4527 )

2025-03-11 10:27:08 -04:00