Skip to content

Files

Detections

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
Jun 28, 2024
May 10, 2024
Dec 15, 2023
Apr 10, 2023
Jul 15, 2024
Jul 15, 2024
Nov 1, 2023
Feb 28, 2023
Dec 15, 2023
Feb 27, 2024
May 10, 2024
Sep 26, 2023
Sep 22, 2022
Feb 28, 2023
Feb 28, 2023
Mar 24, 2023
Dec 15, 2023
Dec 29, 2023
Oct 17, 2024
Nov 12, 2023
Nov 12, 2023
Nov 12, 2023
Sep 26, 2023
Feb 28, 2023
Jul 15, 2024
Jul 27, 2023
Jul 15, 2024
May 10, 2024
Dec 17, 2024
Nov 1, 2023
Mar 28, 2023
Apr 16, 2024
Nov 17, 2023
Mar 1, 2023
Oct 7, 2024
Sep 27, 2024
May 10, 2024
Jul 29, 2024
Mar 1, 2023
Mar 1, 2023
May 10, 2024
May 8, 2023
Jul 25, 2024
Apr 22, 2024
Oct 31, 2022

About

This folder contains Detections based on different types of data sources that you can leverage in order to create alerts and respond to threats in your environment. These detections are termed as Analytics Rule templates in Microsoft Sentinel.

Note: Many of these analytic rule templates are being delivered in Solutions for Microsoft Sentinel. You can discover and deploy those in Microsoft Sentinel Content Hub. These are available in this repository under Solutions folder. For example, Analytic rules for the McAfee ePolicy Orchestrator solution are found here.

For general information please start with the Wiki pages.

More Specific to Detections:

  • Contribute to Analytic Templates (Detections) and Hunting queries
  • Specifics on what is required for Detections and Hunting queries is in the Query Style Guide
  • These detections are written using KQL query langauge and will provide you a starting point to protect your environment and get familiar with the different data tables.
  • To enable these detections in your environment follow the out of the box guidance (Notice that after a detection is available in this GitHub, it might take up to 2 weeks before it is available in Microsoft Sentinel portal).
  • The rule created will run the query on the scheduled time that was defined, and trigger an alert that will be seen both in the SecurityAlert table and in a case in the Incidents tab
  • If you are contributing analytic rule templates as part of a solution, follow guidance for solutions to include those in the right folder paths. Do NOT include content to be packaged in solutions under the Detections folder.

Feedback

For questions or feedback, please contact AzureSentinel@microsoft.com