Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adding new MDO related queries from recent Microsoft Threat Intellige… #11316

Merged
merged 3 commits into from
Oct 25, 2024

Conversation

damozes1
Copy link
Contributor

Adding new MDO related hunting queries from the recent Microsoft Threat Intelligence blog- File hosting services misused for identity phishing.

https://www.microsoft.com/en-us/security/blog/2024/10/08/file-hosting-services-misused-for-identity-phishing/

Required items, please complete

Change(s):

  • Add 4 new hunting queries relevant to MDO to identify phishing attempts

Reason for Change(s):

  • New hunting content from Microsoft Threat Intelligence
Testing Completed:
  • Tested the queries in Defender XDR Advance hunting

Checked that the validations are passing and have addressed any issues that are present:

  • Yes

…nce blog - File hosting services misused for identity phishing
@damozes1 damozes1 requested review from a team as code owners October 23, 2024 09:43
@v-atulyadav v-atulyadav added Solution Solution specialty review needed Hunting Hunting specialty review needed labels Oct 23, 2024
@v-shukore
Copy link
Contributor

Hi @damozes1,

Please add the new hunting queries to the data file and repackage this solution using the V3 tool. You can refer to this https://github.com/Azure/Azure-Sentinel/blob/master/Tools/Create-Azure-Sentinel-Solution/V3/README.md. Thanks...!!

@v-atulyadav v-atulyadav merged commit 16ac457 into Azure:master Oct 25, 2024
32 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Hunting Hunting specialty review needed Solution Solution specialty review needed
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants