Microsoft-365-Defender-Hunting-Queries
Microsoft-365-Defender-Hunting-Queries copied to clipboard

Published 20 hours ago •

→

Metadata

Sample queries for Advanced hunting in Microsoft 365 Defender

Reame
Issues

Results 48 Microsoft-365-Defender-Hunting-Queries issues

Sort by recently updated

365 Hunting Query data refresh

1

comment

Adding Powerbi Report to powerbi webapp causes data refresh to break due to "dynamic data sources" no documentation online.

Create EarthBaku-APT-41-files-domains.txt

This is the files and network activities query for resurfaced Barium /APT41/DoubleDragon Group which has come up with new techniques like StealthMutant and StealthVector . The researchlink is in https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/earth-baku-returns?utm_source=trendmicroresearch&utm_medium=smk&utm_campaign=0821_EarthBaku1

Initial commit for rclone hunting queries

1

comment

Added a rule to detect rclone usages. The tool is often used for data exfiltration

Create Pulse Secure.md

@DulceMontemayor Can you please merge the pull request? @dreadphones Can you please approve it

ProxyShell.md

@dreadphones Can you please approve it

Create Processes Created from Files with Non-ASCII Characters.md

Create Ousaban Banking Trojan.md

@DulceMontemayor Can you please merge the pull request?

Create SolarWinds -CVE-2021-35211

Update Suspicious Spoolsv Child Process.md

Create Detect-PrintNightmare

1

comment

Sharing query to catch execution of PrintNightmare POC.

← Metadata

1.9k

Stars

509

Forks

Watchers

Owner

Metadata

Sample queries for Advanced hunting in Microsoft 365 Defender