Justin Ibarra
48e85439e0
* [New Hunt] Initial add of Windows hunt queries * Add markdown files * Added license to schema and md generation * add hunt index; minor tweaks to script * minor tweaks from feedback Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com> Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com> Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com> * Update hunting/macos/queries/suspicious_network_connections_by_unsigned_macho.toml Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com> * convert integrations to list * Update script to generate integration links * validate generated integrations links * Update hunting/windows/docs/execution_via_remote_services_by_client_address.md * Update hunting/windows/queries/execution_via_network_logon_by_occurrence_frequency_by_top_source_ip.toml * Update hunting/windows/queries/execution_via_remote_services_by_client_address.toml * Update hunting/windows/docs/execution_via_network_logon_by_occurrence_frequency_by_top_source_ip.md * Update hunting/windows/queries/execution_via_network_logon_by_occurrence_frequency.toml * Update hunting/windows/docs/execution_via_network_logon_by_occurrence_frequency.md * update docs with naming information * Create suspicious_base64_encoded_powershell_commands.toml * Create scheduled_task_creation_by_action_via_registry.toml * Create suspicious_base64_encoded_powershell_commands.md * Create scheduled_task_creation_by_action_via_registry.md * Update index.md --------- Co-authored-by: brokensound77 <brokensound77@users.noreply.github.com> Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com> Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com> Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>