Microsoft-365-Defender-Hunting-Queries
Microsoft-365-Defender-Hunting-Queries copied to clipboard
Sample queries for Advanced hunting in Microsoft 365 Defender
Adding Powerbi Report to powerbi webapp causes data refresh to break due to "dynamic data sources" no documentation online.
This is the files and network activities query for resurfaced Barium /APT41/DoubleDragon Group which has come up with new techniques like StealthMutant and StealthVector . The researchlink is in https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/earth-baku-returns?utm_source=trendmicroresearch&utm_medium=smk&utm_campaign=0821_EarthBaku1
Added a rule to detect rclone usages. The tool is often used for data exfiltration
@DulceMontemayor Can you please merge the pull request? @dreadphones Can you please approve it
@dreadphones Can you please approve it
@DulceMontemayor Can you please merge the pull request?
Sharing query to catch execution of PrintNightmare POC.