├── Functions
    └── AuidtD
    │   ├── GetAuditDEventsByParentProcessID
    │   └── SYCALLS_REF.csv
├── GeoIPDB
    ├── GeoLite2-ASN.mmdb
    ├── GeoLite2-City.mmdb
    └── GeoLite2-Country.mmdb
├── Guides
    ├── Microsoft Azure Sentinel 101 Linux Command Line Logging and Auditing Activity for Threats or Compromise using Snoopy.md
    └── Microsoft Azure Sentinel 101 Timechart with weekmonth over weekmonth overlay - find changes in log ingestion.md
├── Parsers
    ├── AuditD_KQL
    ├── AuditD_LAUREL_KQL
    └── LogStash
    │   └── OPNSense
    │       ├── ReadMe.md
    │       └── conf.d
    │           ├── 01-inputs.conf
    │           ├── 03-filter.conf
    │           ├── 05-apps.conf
    │           ├── 20-interfaces.conf
    │           ├── 30-geoip.conf
    │           ├── 49-cleanup.conf
    │           ├── 50-output.conf
    │           └── patterns
    │               └── pfelk.grok
├── Queries
    ├── AMAAgent.txt
    ├── AR-BreakGlassAccount.txt
    ├── AR-BruteForce.txt
    ├── AR-CloudShellExecution.txt
    ├── AR-NSGChanges
    ├── ARPPoisoning.txt
    ├── ASCIncidentClosure.txt
    ├── AZCopy.yaml
    ├── Account-Created-Addedto-LocalAdministrator.txt
    ├── ActiveIncidents.txt
    ├── ActiveUsers.txt
    ├── ActivityFromInfrequentCountry.txt
    ├── AddClientDataSource.txt
    ├── AddedorAssignedGlobalAdministratorroleperms.txt
    ├── AdminConsent.txt
    ├── AgentInfowithLocation.txt
    ├── AgentProblems.txt
    ├── AgentedDevicesnotADJoined.txt
    ├── AlertContextParser.txt
    ├── AlertIngestionTime.txt
    ├── AlertProviderCounts.txt
    ├── All_IPs_SecurityAlerts.yaml
    ├── Allexes.txt
    ├── AnalyticsRuleCreatedorModified.txt
    ├── AnalyticsRuleCreatedorModifiedwithDisplayName.txt
    ├── AnalyticsRuleDeleted.txt
    ├── AnalyticsRuleLastRun.txt
    ├── AnalyticsRulesRunbyTimes.txt
    ├── AnomalousAADAccountCreation.txt
    ├── AnomalousToken.txt
    ├── AutomationRuleCreation.yaml
    ├── AutomationRuleDelete.txt
    ├── AutomationRuleHasRun.txt
    ├── Azure Runbooks query with correlation.txt
    ├── AzurePortalLoginErrors.txt
    ├── Billable-Events-By-Computer.yaml
    ├── BillableDatabyDataType.txt
    ├── BillableDatavsNotBillableOver30Days.yaml
    ├── Billabledatavolumebydatatype.txt
    ├── Billabledatavolumebysolution.txt
    ├── BitLockerMaliciousEncrypt.txt
    ├── BookMarkUpdatedBy.txt
    ├── BookmarkUpdate.txt
    ├── BookmarksCreatedBy.txt
    ├── BrowserActivitybyGEO.txt
    ├── BuiltInFusionCreation.txt
    ├── CEFDevices.txt
    ├── CalculateSumofColumn.txt
    ├── CaseComments.txt
    ├── Check4LockedoutUser.txt
    ├── CheckPointLogs.txt
    ├── CloudShell.txt
    ├── CloudShellPart2.txt
    ├── Cloudshell2.txt
    ├── CommentDeleted.txt
    ├── CommonSecurityLogCostsbyVendor.txt
    ├── CommonSecurityLogThroughput.txt
    ├── CompareTotalRecordswithValuebyPercentage.txt
    ├── Conditional access changes new value and old value.txt
    ├── CostPerSubscription.txt
    ├── CostperEventID.txt
    ├── CountriesWhereAgentedComputersReportFrom.txt
    ├── Cross resource query.txt
    ├── DNSActivity_Attempts_Per_Device.txt
    ├── DailyCAPEffect.yaml
    ├── DailyCAPOverQuota.yaml
    ├── DailyCapChanges.yaml
    ├── DarkSideRansomware.txt
    ├── Data-Volume-By-Computer.yaml
    ├── Data-Volume-By-Events.yaml
    ├── Data-volume-by-solution.yaml
    ├── Data-volume-by-type.yaml
    ├── DataByProvider.txt
    ├── DataConnectorOpened.txt
    ├── DataConnectorReqsFailed.txt
    ├── DataConnectorReqsFailedbyCallerIPOperation.txt
    ├── DataIngestEstimation.txt
    ├── DataIngestionNotHappening.txt
    ├── DataPerComputer.txt
    ├── DataPerEvent.txt
    ├── DataPerSyslogServer.txt
    ├── DataRetentionChanges.txt
    ├── DataTypeUsagePieChart.txt
    ├── DayofWeek.txt
    ├── Debugging authentication sign-ins.txt
    ├── DefenderAVNotSuccessful.txt
    ├── DefenderExclusions.txt
    ├── DefenderLiveResponse.txt
    ├── DeviceStopsReporting.txt
    ├── DirectAgent.txt
    ├── DirectReport.txt
    ├── Does a table exist.txt
    ├── DomainAdminsEnterpriseAdmins.txt
    ├── DormantAccounts.txt
    ├── Duration of session.txt
    ├── EPSforM365AdvancedTables.txt
    ├── EmailForwarding.txt
    ├── Event-Volume-Per-Table.yaml
    ├── EventIDStorageinBytes.txt
    ├── EventIDs-BilledSize.yaml
    ├── EventIDs-by-Bytes.yaml
    ├── EventIDsinLastDay.txt
    ├── EventLogSources.txt
    ├── EventVolumePerTable.txt
    ├── ExecutedProcesses.txt
    ├── ExistingConditionalAccessPolicies.txt
    ├── ExpiredPassword.txt
    ├── ExternalAccess.txt
    ├── ExternalGEOforSecurityEvents.txt
    ├── FailedLoginsPerAccount.txt
    ├── FileExecutionOver5Times.txt
    ├── GEOIPLocation.txt
    ├── GetTags.txt
    ├── GreaterThanOneCity.txt
    ├── GuestAccountAdds.txt
    ├── GuestsAddedtoRoles.txt
    ├── Heartbeatnotreceivedinlast30min.txt
    ├── HighRiskUserSigninResourceGroupCreation.txt
    ├── HourMinute.txt
    ├── HowManyAlertsGeneratedByService.txt
    ├── HowManyHostLogons.txt
    ├── HowManyQueriesEachPersonRan.txt
    ├── HuntingBookmarkHealth.txt
    ├── HuntingQueriesAzureActivitySuccessandFailures.txt
    ├── ImpossibleTravelKQL.txt
    ├── ImpossibleTravelMCAS.txt
    ├── IncidentID2RuleName.txt
    ├── IncidentOwnerChange.txt
    ├── Incidents.txt
    ├── IncidentsBetweenTimeRange.yaml
    ├── IngestionDelay.txt
    ├── IngestionDelaySnippet.txt
    ├── IngestionPerHour.txt
    ├── Intune-AutoPilotFailedEnrollment1Day.txt
    ├── Intune-DeviceThreatLevelnotSecured.txt
    ├── Intune-Enrollmentsabandonedbytheuser.txt
    ├── IntuneActivityTypes.txt
    ├── IntuneAuditEvents.txt
    ├── IntuneAuditEventsTrend.txt
    ├── IntuneComplianceFailuresbyOperatingSystem.txt
    ├── IntuneComplianceFailuresbyReason.txt
    ├── IntuneCountofSuccessfulEnrollmentsbyOS.txt
    ├── IntuneDevicesNotSupported.txt
    ├── IntuneDevicesNotinCompliance.txt
    ├── IntuneEnrollmentEventsTrend.txt
    ├── IntuneEnrollmentFailurereasons.txt
    ├── IntuneEnrollmentFailuresbyEnrollmentType.txt
    ├── IntuneEnrollmentFailuresbyPlatform.txt
    ├── IntuneEnrollmentStatistics.txt
    ├── IntuneEnrollmentSuccessbyEnrollmentType.txt
    ├── IntuneNotCompliant.txt
    ├── IntuneNotCompliant2.txt
    ├── IntuneRecentEventsbyAccounts.txt
    ├── IntuneRemoteactionsbyactiontype.txt
    ├── IntuneRemoteactionstopusers.txt
    ├── IntuneSuccessfulSynchedDevice.txt
    ├── IntuneSummarizebyOperation.txt
    ├── IntuneTopuserswithauditedactions.txt
    ├── Intunecomputershutdowns.txt
    ├── IntuneisCompliantByOSandOSVersion.txt
    ├── KDCforKRBTGTPassword.txt
    ├── KaseyaREvil.txt
    ├── LAG analysis example.txt
    ├── Language demo just for fun and demo pattern replace.txt
    ├── LastLogin.txt
    ├── LastTimeDataReceived.txt
    ├── LastTimeMessageReceived.txt
    ├── Latency for a Log Analytics example with rolling percentiles.txt
    ├── LegacyAuthSignin.txt
    ├── LineNumbers-serialize.txt
    ├── LinksinTeamsMessages.txt
    ├── ListofDomains.txt
    ├── LogSources.txt
    ├── LoginFailureButPasswordChangeRequired.txt
    ├── LoginFailureUnknownUserNameorBadPassword.txt
    ├── LoginLocationNotInUS.txt
    ├── LoginsByAccountPerLocation.txt
    ├── LookbackQuery.txt
    ├── LookingforInstalledKBIDs.txt
    ├── MITRETacticIncident.txt
    ├── MV-EpandExample.txt
    ├── Make series to fill in gaps with default for bin by bucket.txt
    ├── Make-series for gaps.txt
    ├── MalwareEngShutdown.txt
    ├── MerakiConf2.txt
    ├── MerakiDenialofService.txt
    ├── MerakiDeviceChanges.txt
    ├── MerakiDeviceInformation.txt
    ├── MerakiPKIActivity.txt
    ├── MerakiParser.txt
    ├── MerakiSIGRED.txt
    ├── MimiKatzDetection.txt
    ├── MostGeneratedIncidents.txt
    ├── NRTFailed.kql
    ├── NSGChangesByUser.txt
    ├── NSGChangesbyUserandResource.txt
    ├── NetLogonPatchCompliance.txt
    ├── NewAdmins.txt
    ├── NewBruteForceAttacks.txt
    ├── NewYearChampagneGlass.txt
    ├── NoIncidentsClosedin90.txt
    ├── NoLogintoAADin90Days.txt
    ├── NoNewOpenIncidents24hrs.txt
    ├── NoTotalOpenIncidentsin90.txt
    ├── NoUnassignedIncidents.txt
    ├── NodesData24Hours.yaml
    ├── NodesReporting30days.yaml
    ├── NodesSendingAnyData.yaml
    ├── NotEqual.txt
    ├── NotLoggedIn.txt
    ├── NumberofEventsOveraSelectedTime.txt
    ├── OfficeIngestDelay.kql
    ├── OfficeUsertoAdminGroup.txt
    ├── OnlineOffline.txt
    ├── Overview_Queries.txt
    ├── PKEXEC.txt
    ├── PackAllExample.txt
    ├── PaloAltoEvents.kql
    ├── PaloAltoStops.kql
    ├── ParseAnomaliConfidenceScore.txt
    ├── ParseBetween.txt
    ├── PolicyCreation.txt
    ├── PolicyExemptions.txt
    ├── PoorPerfQuery.txt
    ├── Potentialmaliciouseventsmap.txt
    ├── PowerShellExecution.txt
    ├── PowerShellExecutionwithDownload.txt
    ├── PrintNightmare.txt
    ├── ProxyShell.txt
    ├── ProxyShellExchange.txt
    ├── QueriesEachPersonRan.txt
    ├── README.md
    ├── RegistryCredentialTheft.txt
    ├── RemoteLogon.txt
    ├── RemoteWorkspaceQuery.txt
    ├── ReportNoData.txt
    ├── RestartShutdownsLast7Days.txt
    ├── RetentionPerTable.txt
    ├── RulesRuninLast30d.txt
    ├── Running total aka cumulative sum.txt
    ├── SMA and EMA examples.txt
    ├── SQLServerAuditLogs.txt
    ├── SecurityChangePasswordResets.txt
    ├── SecurityIndicentsCreatedinLastDay.txt
    ├── SecurityLogFileCleared.txt
    ├── SentinelDataRetention.txt
    ├── SentinelIncidentURLs- ALL.txt
    ├── SharePointDownloads.txt
    ├── SignInbyLocation.txt
    ├── SignatureVersionPie.txt
    ├── SigninLogsByBrowserandLocation.txt
    ├── SigninLogsByDay - parsing UTC.txt
    ├── SigninLogsNow.txt
    ├── Size-of-ingested-data-per-computer.yaml
    ├── Solarwinds_ServerU_Vuln.txt
    ├── SolutionDataUsage.txt
    ├── SophosDisabled.txt
    ├── Sparkles.txt
    ├── StopPLCIoTDevice.txt
    ├── SuccessfulRoleAssignments.txt
    ├── SuspicousARMActivites.txt
    ├── SysLogDaemon.txt
    ├── Sysmon-Events-by-size.yaml
    ├── SysmonAMA.txt
    ├── SysmonEventsStorageSize.txt
    ├── SysmonParser.txt
    ├── SystemRestoreDisabled.txt
    ├── SystemsReportingtoSentinel.txt
    ├── SystemthatHaveUpdatedintheLast4Hours.txt
    ├── TableActivity.yaml
    ├── TableData.txt
    ├── TableExistence.txt
    ├── TableUsageandCost.txt
    ├── Tables-Sizes-Entries.yaml
    ├── TablesNotIngestingDatain3Days.txt
    ├── TeamsAADSigninLogsRelatedtoTeamOwners.txt
    ├── TeamsAADSigninsSuccessUnsuccess.txt
    ├── TeamsBotsorAppsAdded.txt
    ├── TeamsChannelDeleted.txt
    ├── TeamsExternalRareUserAccess.txt
    ├── TeamsExternalSuspiciousAccountsRevokedAccess.txt
    ├── TeamsKQL.zip
    ├── TeamsListFederatedUsers.txt
    ├── TeamsSingleUsersDeleteMultipleTeams.txt
    ├── TeamsSuspiciousElevationofPrivileges.txt
    ├── TeamsUserAddedtoTeamsChannel.txt
    ├── TeamsWasUserRoleChanged.txt
    ├── ThreatIntelligenceTableCosts.txt
    ├── ThreatStatus.txt
    ├── TieFighter.txt
    ├── TimeBetweenDates.txt
    ├── TimeRangeExample.txt
    ├── Top N by Group example via top-nested - option 2.txt
    ├── Top N by group example via LAG - option 1.txt
    ├── TotalGBCSecurityEvent.txt
    ├── TotalIncidentsInLast6Months.txt
    ├── Tracking Privileged Account Rare Activity without AWS.txt
    ├── TrendofRequests.txt
    ├── TrialExpiration.txt
    ├── UEBACosts.txt
    ├── UEBACosts.yaml
    ├── UEBA_IsDormant.txt
    ├── UnsuccessfulRulesinLast24.txt
    ├── UpdateComplianceBarChart.txt
    ├── UpdateDataConnectors.txt
    ├── UserAccountLockedAAD.txt
    ├── Usergrantedaccesstoanapp.txt
    ├── UsersConnectFromMultipleCity.txt
    ├── UsersIPsPorts.txt
    ├── Using-the-KQL-queries.md
    ├── Volume-by-RG.yaml
    ├── Volume-by-sub-yaml
    ├── WatchListAudit.txt
    ├── WatchListDelete.txt
    ├── WatchlistNOTin.txt
    ├── Watchlist_Basics
    ├── WatchlistsCosts.txt
    ├── WebshellPosts.txt
    ├── WhenUEBAwasEnabledByWho.txt
    ├── WhiteList-FindWhoAccessedAzureSentinelthatShouldNot.txt
    ├── WhoChangedConditionalAccessPolicy.txt
    ├── WhoChangedTheirAADPassword.txt
    ├── WhoDeletedAlertRule.txt
    ├── WhoModifiedAnalyticsRule.txt
    ├── Windows10LoggedInLast7Days.txt
    ├── WiresharkRSSTraffic.txt
    ├── WorkWeek.txt
    ├── WorkbookCreation.txt
    ├── WorkbookDeletion.txt
    ├── WorkspacesAndTables.txt
    ├── ZeroLogon_Ports.txt
    ├── acrossworkspaceforFunction.txt
    ├── adminskql.txt
    ├── allreportingcomputers.txt
    ├── computersendingmostsecurityalerts.txt
    ├── computersunhealthystate.txt
    ├── count-of-billable-events-ingested-per-computer.yaml
    ├── data volume by resource group.yaml
    ├── dataingestionthresholdlimits.txt
    ├── dataparser.txt
    ├── dataproviders.txt
    ├── devices.txt
    ├── excessivefailedlogins.txt
    ├── heartbeatforscomagent.txt
    ├── isempty.txt
    ├── meraki_GROK.txt
    ├── multipleLAworkspaces.txt
    ├── nodes as billed in the Per Node pricing.yaml
    ├── qualys.txt
    ├── scalarexpression.txt
    ├── serversenrolledinWDATP.txt
    ├── size of ingested data per Azure subscription.yaml
    └── size of ingested data per computer.yaml
├── README.md
├── TLP.md
├── Workbooks
    ├── Sentinel
    │   ├── Environment.EventSourceMonitoring
    │   │   ├── DataConnector.png
    │   │   ├── EndPoint.png
    │   │   ├── EventSource.png
    │   │   ├── GlobalOverview.png
    │   │   ├── Queries.png
    │   │   ├── dashboard.json
    │   │   └── readme.md
    │   ├── Sandfly_Monitoring_Dashboard_ArmTemplate
    │   ├── Sandfly_Monitoring_Dashboard_GalleryTemplate
    │   └── ThreatHunting.PurpleTeam
    │   │   ├── dashboard.ARM.json
    │   │   ├── dashboard.GALLERY.json
    │   │   └── readme.md
    └── Windows
    │   └── Enviornment.Event_Checking
    │       ├── Docs.png
    │       ├── EndPoint.png
    │       ├── EventID.png
    │       ├── GlobalOverview.png
    │       ├── dashboard.json
    │       ├── queries.png
    │       └── readme.md
├── error_code_azure_ad_entra.csv
├── images
    ├── 1-0.23.4.01.png
    ├── 2-0.23.4.01.png
    ├── header-blue.png
    ├── header.png
    └── sentinelcat.png
└── windows_eventids_descriptions.csv


/Functions/AuidtD/GetAuditDEventsByParentProcessID:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Functions/AuidtD/GetAuditDEventsByParentProcessID


--------------------------------------------------------------------------------
/Functions/AuidtD/SYCALLS_REF.csv:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Functions/AuidtD/SYCALLS_REF.csv


--------------------------------------------------------------------------------
/GeoIPDB/GeoLite2-ASN.mmdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/GeoIPDB/GeoLite2-ASN.mmdb


--------------------------------------------------------------------------------
/GeoIPDB/GeoLite2-City.mmdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/GeoIPDB/GeoLite2-City.mmdb


--------------------------------------------------------------------------------
/GeoIPDB/GeoLite2-Country.mmdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/GeoIPDB/GeoLite2-Country.mmdb


--------------------------------------------------------------------------------
/Guides/Microsoft Azure Sentinel 101 Linux Command Line Logging and Auditing Activity for Threats or Compromise using Snoopy.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Guides/Microsoft Azure Sentinel 101 Linux Command Line Logging and Auditing Activity for Threats or Compromise using Snoopy.md


--------------------------------------------------------------------------------
/Guides/Microsoft Azure Sentinel 101 Timechart with weekmonth over weekmonth overlay - find changes in log ingestion.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Guides/Microsoft Azure Sentinel 101 Timechart with weekmonth over weekmonth overlay - find changes in log ingestion.md


--------------------------------------------------------------------------------
/Parsers/AuditD_KQL:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Parsers/AuditD_KQL


--------------------------------------------------------------------------------
/Parsers/AuditD_LAUREL_KQL:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Parsers/AuditD_LAUREL_KQL


--------------------------------------------------------------------------------
/Parsers/LogStash/OPNSense/ReadMe.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Parsers/LogStash/OPNSense/ReadMe.md


--------------------------------------------------------------------------------
/Parsers/LogStash/OPNSense/conf.d/01-inputs.conf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Parsers/LogStash/OPNSense/conf.d/01-inputs.conf


--------------------------------------------------------------------------------
/Parsers/LogStash/OPNSense/conf.d/03-filter.conf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Parsers/LogStash/OPNSense/conf.d/03-filter.conf


--------------------------------------------------------------------------------
/Parsers/LogStash/OPNSense/conf.d/05-apps.conf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Parsers/LogStash/OPNSense/conf.d/05-apps.conf


--------------------------------------------------------------------------------
/Parsers/LogStash/OPNSense/conf.d/20-interfaces.conf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Parsers/LogStash/OPNSense/conf.d/20-interfaces.conf


--------------------------------------------------------------------------------
/Parsers/LogStash/OPNSense/conf.d/30-geoip.conf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Parsers/LogStash/OPNSense/conf.d/30-geoip.conf


--------------------------------------------------------------------------------
/Parsers/LogStash/OPNSense/conf.d/49-cleanup.conf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Parsers/LogStash/OPNSense/conf.d/49-cleanup.conf


--------------------------------------------------------------------------------
/Parsers/LogStash/OPNSense/conf.d/50-output.conf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Parsers/LogStash/OPNSense/conf.d/50-output.conf


--------------------------------------------------------------------------------
/Parsers/LogStash/OPNSense/conf.d/patterns/pfelk.grok:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Parsers/LogStash/OPNSense/conf.d/patterns/pfelk.grok


--------------------------------------------------------------------------------
/Queries/AMAAgent.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/AMAAgent.txt


--------------------------------------------------------------------------------
/Queries/AR-BreakGlassAccount.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/AR-BreakGlassAccount.txt


--------------------------------------------------------------------------------
/Queries/AR-BruteForce.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/AR-BruteForce.txt


--------------------------------------------------------------------------------
/Queries/AR-CloudShellExecution.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/AR-CloudShellExecution.txt


--------------------------------------------------------------------------------
/Queries/AR-NSGChanges:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/AR-NSGChanges


--------------------------------------------------------------------------------
/Queries/ARPPoisoning.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/ARPPoisoning.txt


--------------------------------------------------------------------------------
/Queries/ASCIncidentClosure.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/ASCIncidentClosure.txt


--------------------------------------------------------------------------------
/Queries/AZCopy.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/AZCopy.yaml


--------------------------------------------------------------------------------
/Queries/Account-Created-Addedto-LocalAdministrator.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/Account-Created-Addedto-LocalAdministrator.txt


--------------------------------------------------------------------------------
/Queries/ActiveIncidents.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/ActiveIncidents.txt


--------------------------------------------------------------------------------
/Queries/ActiveUsers.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/ActiveUsers.txt


--------------------------------------------------------------------------------
/Queries/ActivityFromInfrequentCountry.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/ActivityFromInfrequentCountry.txt


--------------------------------------------------------------------------------
/Queries/AddClientDataSource.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/AddClientDataSource.txt


--------------------------------------------------------------------------------
/Queries/AddedorAssignedGlobalAdministratorroleperms.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/AddedorAssignedGlobalAdministratorroleperms.txt


--------------------------------------------------------------------------------
/Queries/AdminConsent.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/AdminConsent.txt


--------------------------------------------------------------------------------
/Queries/AgentInfowithLocation.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/AgentInfowithLocation.txt


--------------------------------------------------------------------------------
/Queries/AgentProblems.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/AgentProblems.txt


--------------------------------------------------------------------------------
/Queries/AgentedDevicesnotADJoined.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/AgentedDevicesnotADJoined.txt


--------------------------------------------------------------------------------
/Queries/AlertContextParser.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/AlertContextParser.txt


--------------------------------------------------------------------------------
/Queries/AlertIngestionTime.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/AlertIngestionTime.txt


--------------------------------------------------------------------------------
/Queries/AlertProviderCounts.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/AlertProviderCounts.txt


--------------------------------------------------------------------------------
/Queries/All_IPs_SecurityAlerts.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/All_IPs_SecurityAlerts.yaml


--------------------------------------------------------------------------------
/Queries/Allexes.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/Allexes.txt


--------------------------------------------------------------------------------
/Queries/AnalyticsRuleCreatedorModified.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/AnalyticsRuleCreatedorModified.txt


--------------------------------------------------------------------------------
/Queries/AnalyticsRuleCreatedorModifiedwithDisplayName.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/AnalyticsRuleCreatedorModifiedwithDisplayName.txt


--------------------------------------------------------------------------------
/Queries/AnalyticsRuleDeleted.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/AnalyticsRuleDeleted.txt


--------------------------------------------------------------------------------
/Queries/AnalyticsRuleLastRun.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/AnalyticsRuleLastRun.txt


--------------------------------------------------------------------------------
/Queries/AnalyticsRulesRunbyTimes.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/AnalyticsRulesRunbyTimes.txt


--------------------------------------------------------------------------------
/Queries/AnomalousAADAccountCreation.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/AnomalousAADAccountCreation.txt


--------------------------------------------------------------------------------
/Queries/AnomalousToken.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/AnomalousToken.txt


--------------------------------------------------------------------------------
/Queries/AutomationRuleCreation.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/AutomationRuleCreation.yaml


--------------------------------------------------------------------------------
/Queries/AutomationRuleDelete.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/AutomationRuleDelete.txt


--------------------------------------------------------------------------------
/Queries/AutomationRuleHasRun.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/AutomationRuleHasRun.txt


--------------------------------------------------------------------------------
/Queries/Azure Runbooks query with correlation.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/Azure Runbooks query with correlation.txt


--------------------------------------------------------------------------------
/Queries/AzurePortalLoginErrors.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/AzurePortalLoginErrors.txt


--------------------------------------------------------------------------------
/Queries/Billable-Events-By-Computer.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/Billable-Events-By-Computer.yaml


--------------------------------------------------------------------------------
/Queries/BillableDatabyDataType.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/BillableDatabyDataType.txt


--------------------------------------------------------------------------------
/Queries/BillableDatavsNotBillableOver30Days.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/BillableDatavsNotBillableOver30Days.yaml


--------------------------------------------------------------------------------
/Queries/Billabledatavolumebydatatype.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/Billabledatavolumebydatatype.txt


--------------------------------------------------------------------------------
/Queries/Billabledatavolumebysolution.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/Billabledatavolumebysolution.txt


--------------------------------------------------------------------------------
/Queries/BitLockerMaliciousEncrypt.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/BitLockerMaliciousEncrypt.txt


--------------------------------------------------------------------------------
/Queries/BookMarkUpdatedBy.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/BookMarkUpdatedBy.txt


--------------------------------------------------------------------------------
/Queries/BookmarkUpdate.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/BookmarkUpdate.txt


--------------------------------------------------------------------------------
/Queries/BookmarksCreatedBy.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/BookmarksCreatedBy.txt


--------------------------------------------------------------------------------
/Queries/BrowserActivitybyGEO.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/BrowserActivitybyGEO.txt


--------------------------------------------------------------------------------
/Queries/BuiltInFusionCreation.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/BuiltInFusionCreation.txt


--------------------------------------------------------------------------------
/Queries/CEFDevices.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/CEFDevices.txt


--------------------------------------------------------------------------------
/Queries/CalculateSumofColumn.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/CalculateSumofColumn.txt


--------------------------------------------------------------------------------
/Queries/CaseComments.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/CaseComments.txt


--------------------------------------------------------------------------------
/Queries/Check4LockedoutUser.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/Check4LockedoutUser.txt


--------------------------------------------------------------------------------
/Queries/CheckPointLogs.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/CheckPointLogs.txt


--------------------------------------------------------------------------------
/Queries/CloudShell.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/CloudShell.txt


--------------------------------------------------------------------------------
/Queries/CloudShellPart2.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/CloudShellPart2.txt


--------------------------------------------------------------------------------
/Queries/Cloudshell2.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/Cloudshell2.txt


--------------------------------------------------------------------------------
/Queries/CommentDeleted.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/CommentDeleted.txt


--------------------------------------------------------------------------------
/Queries/CommonSecurityLogCostsbyVendor.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/CommonSecurityLogCostsbyVendor.txt


--------------------------------------------------------------------------------
/Queries/CommonSecurityLogThroughput.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/CommonSecurityLogThroughput.txt


--------------------------------------------------------------------------------
/Queries/CompareTotalRecordswithValuebyPercentage.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/CompareTotalRecordswithValuebyPercentage.txt


--------------------------------------------------------------------------------
/Queries/Conditional access changes new value and old value.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/Conditional access changes new value and old value.txt


--------------------------------------------------------------------------------
/Queries/CostPerSubscription.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/CostPerSubscription.txt


--------------------------------------------------------------------------------
/Queries/CostperEventID.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/CostperEventID.txt


--------------------------------------------------------------------------------
/Queries/CountriesWhereAgentedComputersReportFrom.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/CountriesWhereAgentedComputersReportFrom.txt


--------------------------------------------------------------------------------
/Queries/Cross resource query.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/Cross resource query.txt


--------------------------------------------------------------------------------
/Queries/DNSActivity_Attempts_Per_Device.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/DNSActivity_Attempts_Per_Device.txt


--------------------------------------------------------------------------------
/Queries/DailyCAPEffect.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/DailyCAPEffect.yaml


--------------------------------------------------------------------------------
/Queries/DailyCAPOverQuota.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/DailyCAPOverQuota.yaml


--------------------------------------------------------------------------------
/Queries/DailyCapChanges.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/DailyCapChanges.yaml


--------------------------------------------------------------------------------
/Queries/DarkSideRansomware.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/DarkSideRansomware.txt


--------------------------------------------------------------------------------
/Queries/Data-Volume-By-Computer.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/Data-Volume-By-Computer.yaml


--------------------------------------------------------------------------------
/Queries/Data-Volume-By-Events.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/Data-Volume-By-Events.yaml


--------------------------------------------------------------------------------
/Queries/Data-volume-by-solution.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/Data-volume-by-solution.yaml


--------------------------------------------------------------------------------
/Queries/Data-volume-by-type.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/Data-volume-by-type.yaml


--------------------------------------------------------------------------------
/Queries/DataByProvider.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/DataByProvider.txt


--------------------------------------------------------------------------------
/Queries/DataConnectorOpened.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/DataConnectorOpened.txt


--------------------------------------------------------------------------------
/Queries/DataConnectorReqsFailed.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/DataConnectorReqsFailed.txt


--------------------------------------------------------------------------------
/Queries/DataConnectorReqsFailedbyCallerIPOperation.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/DataConnectorReqsFailedbyCallerIPOperation.txt


--------------------------------------------------------------------------------
/Queries/DataIngestEstimation.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/DataIngestEstimation.txt


--------------------------------------------------------------------------------
/Queries/DataIngestionNotHappening.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/DataIngestionNotHappening.txt


--------------------------------------------------------------------------------
/Queries/DataPerComputer.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/DataPerComputer.txt


--------------------------------------------------------------------------------
/Queries/DataPerEvent.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/DataPerEvent.txt


--------------------------------------------------------------------------------
/Queries/DataPerSyslogServer.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/DataPerSyslogServer.txt


--------------------------------------------------------------------------------
/Queries/DataRetentionChanges.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/DataRetentionChanges.txt


--------------------------------------------------------------------------------
/Queries/DataTypeUsagePieChart.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/DataTypeUsagePieChart.txt


--------------------------------------------------------------------------------
/Queries/DayofWeek.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/DayofWeek.txt


--------------------------------------------------------------------------------
/Queries/Debugging authentication sign-ins.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/Debugging authentication sign-ins.txt


--------------------------------------------------------------------------------
/Queries/DefenderAVNotSuccessful.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/DefenderAVNotSuccessful.txt


--------------------------------------------------------------------------------
/Queries/DefenderExclusions.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/DefenderExclusions.txt


--------------------------------------------------------------------------------
/Queries/DefenderLiveResponse.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/DefenderLiveResponse.txt


--------------------------------------------------------------------------------
/Queries/DeviceStopsReporting.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/DeviceStopsReporting.txt


--------------------------------------------------------------------------------
/Queries/DirectAgent.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/DirectAgent.txt


--------------------------------------------------------------------------------
/Queries/DirectReport.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/DirectReport.txt


--------------------------------------------------------------------------------
/Queries/Does a table exist.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/Does a table exist.txt


--------------------------------------------------------------------------------
/Queries/DomainAdminsEnterpriseAdmins.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/DomainAdminsEnterpriseAdmins.txt


--------------------------------------------------------------------------------
/Queries/DormantAccounts.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/DormantAccounts.txt


--------------------------------------------------------------------------------
/Queries/Duration of session.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/Duration of session.txt


--------------------------------------------------------------------------------
/Queries/EPSforM365AdvancedTables.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/EPSforM365AdvancedTables.txt


--------------------------------------------------------------------------------
/Queries/EmailForwarding.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/EmailForwarding.txt


--------------------------------------------------------------------------------
/Queries/Event-Volume-Per-Table.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/Event-Volume-Per-Table.yaml


--------------------------------------------------------------------------------
/Queries/EventIDStorageinBytes.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/EventIDStorageinBytes.txt


--------------------------------------------------------------------------------
/Queries/EventIDs-BilledSize.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/EventIDs-BilledSize.yaml


--------------------------------------------------------------------------------
/Queries/EventIDs-by-Bytes.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/EventIDs-by-Bytes.yaml


--------------------------------------------------------------------------------
/Queries/EventIDsinLastDay.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/EventIDsinLastDay.txt


--------------------------------------------------------------------------------
/Queries/EventLogSources.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/EventLogSources.txt


--------------------------------------------------------------------------------
/Queries/EventVolumePerTable.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/EventVolumePerTable.txt


--------------------------------------------------------------------------------
/Queries/ExecutedProcesses.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/ExecutedProcesses.txt


--------------------------------------------------------------------------------
/Queries/ExistingConditionalAccessPolicies.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/ExistingConditionalAccessPolicies.txt


--------------------------------------------------------------------------------
/Queries/ExpiredPassword.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/ExpiredPassword.txt


--------------------------------------------------------------------------------
/Queries/ExternalAccess.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/ExternalAccess.txt


--------------------------------------------------------------------------------
/Queries/ExternalGEOforSecurityEvents.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/ExternalGEOforSecurityEvents.txt


--------------------------------------------------------------------------------
/Queries/FailedLoginsPerAccount.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/FailedLoginsPerAccount.txt


--------------------------------------------------------------------------------
/Queries/FileExecutionOver5Times.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/FileExecutionOver5Times.txt


--------------------------------------------------------------------------------
/Queries/GEOIPLocation.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/GEOIPLocation.txt


--------------------------------------------------------------------------------
/Queries/GetTags.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/GetTags.txt


--------------------------------------------------------------------------------
/Queries/GreaterThanOneCity.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/GreaterThanOneCity.txt


--------------------------------------------------------------------------------
/Queries/GuestAccountAdds.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/GuestAccountAdds.txt


--------------------------------------------------------------------------------
/Queries/GuestsAddedtoRoles.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/GuestsAddedtoRoles.txt


--------------------------------------------------------------------------------
/Queries/Heartbeatnotreceivedinlast30min.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/Heartbeatnotreceivedinlast30min.txt


--------------------------------------------------------------------------------
/Queries/HighRiskUserSigninResourceGroupCreation.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/HighRiskUserSigninResourceGroupCreation.txt


--------------------------------------------------------------------------------
/Queries/HourMinute.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/HourMinute.txt


--------------------------------------------------------------------------------
/Queries/HowManyAlertsGeneratedByService.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/HowManyAlertsGeneratedByService.txt


--------------------------------------------------------------------------------
/Queries/HowManyHostLogons.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/HowManyHostLogons.txt


--------------------------------------------------------------------------------
/Queries/HowManyQueriesEachPersonRan.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/HowManyQueriesEachPersonRan.txt


--------------------------------------------------------------------------------
/Queries/HuntingBookmarkHealth.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/HuntingBookmarkHealth.txt


--------------------------------------------------------------------------------
/Queries/HuntingQueriesAzureActivitySuccessandFailures.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/HuntingQueriesAzureActivitySuccessandFailures.txt


--------------------------------------------------------------------------------
/Queries/ImpossibleTravelKQL.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/ImpossibleTravelKQL.txt


--------------------------------------------------------------------------------
/Queries/ImpossibleTravelMCAS.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/ImpossibleTravelMCAS.txt


--------------------------------------------------------------------------------
/Queries/IncidentID2RuleName.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/IncidentID2RuleName.txt


--------------------------------------------------------------------------------
/Queries/IncidentOwnerChange.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/IncidentOwnerChange.txt


--------------------------------------------------------------------------------
/Queries/Incidents.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/Incidents.txt


--------------------------------------------------------------------------------
/Queries/IncidentsBetweenTimeRange.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/IncidentsBetweenTimeRange.yaml


--------------------------------------------------------------------------------
/Queries/IngestionDelay.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/IngestionDelay.txt


--------------------------------------------------------------------------------
/Queries/IngestionDelaySnippet.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/IngestionDelaySnippet.txt


--------------------------------------------------------------------------------
/Queries/IngestionPerHour.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/IngestionPerHour.txt


--------------------------------------------------------------------------------
/Queries/Intune-AutoPilotFailedEnrollment1Day.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/Intune-AutoPilotFailedEnrollment1Day.txt


--------------------------------------------------------------------------------
/Queries/Intune-DeviceThreatLevelnotSecured.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/Intune-DeviceThreatLevelnotSecured.txt


--------------------------------------------------------------------------------
/Queries/Intune-Enrollmentsabandonedbytheuser.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/Intune-Enrollmentsabandonedbytheuser.txt


--------------------------------------------------------------------------------
/Queries/IntuneActivityTypes.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/IntuneActivityTypes.txt


--------------------------------------------------------------------------------
/Queries/IntuneAuditEvents.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/IntuneAuditEvents.txt


--------------------------------------------------------------------------------
/Queries/IntuneAuditEventsTrend.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/IntuneAuditEventsTrend.txt


--------------------------------------------------------------------------------
/Queries/IntuneComplianceFailuresbyOperatingSystem.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/IntuneComplianceFailuresbyOperatingSystem.txt


--------------------------------------------------------------------------------
/Queries/IntuneComplianceFailuresbyReason.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/IntuneComplianceFailuresbyReason.txt


--------------------------------------------------------------------------------
/Queries/IntuneCountofSuccessfulEnrollmentsbyOS.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/IntuneCountofSuccessfulEnrollmentsbyOS.txt


--------------------------------------------------------------------------------
/Queries/IntuneDevicesNotSupported.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/IntuneDevicesNotSupported.txt


--------------------------------------------------------------------------------
/Queries/IntuneDevicesNotinCompliance.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/IntuneDevicesNotinCompliance.txt


--------------------------------------------------------------------------------
/Queries/IntuneEnrollmentEventsTrend.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/IntuneEnrollmentEventsTrend.txt


--------------------------------------------------------------------------------
/Queries/IntuneEnrollmentFailurereasons.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/IntuneEnrollmentFailurereasons.txt


--------------------------------------------------------------------------------
/Queries/IntuneEnrollmentFailuresbyEnrollmentType.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/IntuneEnrollmentFailuresbyEnrollmentType.txt


--------------------------------------------------------------------------------
/Queries/IntuneEnrollmentFailuresbyPlatform.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/IntuneEnrollmentFailuresbyPlatform.txt


--------------------------------------------------------------------------------
/Queries/IntuneEnrollmentStatistics.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/IntuneEnrollmentStatistics.txt


--------------------------------------------------------------------------------
/Queries/IntuneEnrollmentSuccessbyEnrollmentType.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/IntuneEnrollmentSuccessbyEnrollmentType.txt


--------------------------------------------------------------------------------
/Queries/IntuneNotCompliant.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/IntuneNotCompliant.txt


--------------------------------------------------------------------------------
/Queries/IntuneNotCompliant2.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/IntuneNotCompliant2.txt


--------------------------------------------------------------------------------
/Queries/IntuneRecentEventsbyAccounts.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/IntuneRecentEventsbyAccounts.txt


--------------------------------------------------------------------------------
/Queries/IntuneRemoteactionsbyactiontype.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/IntuneRemoteactionsbyactiontype.txt


--------------------------------------------------------------------------------
/Queries/IntuneRemoteactionstopusers.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/IntuneRemoteactionstopusers.txt


--------------------------------------------------------------------------------
/Queries/IntuneSuccessfulSynchedDevice.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/IntuneSuccessfulSynchedDevice.txt


--------------------------------------------------------------------------------
/Queries/IntuneSummarizebyOperation.txt:
--------------------------------------------------------------------------------
1 | IntuneAuditLogs 
2 | | summarize count() by OperationName


--------------------------------------------------------------------------------
/Queries/IntuneTopuserswithauditedactions.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/IntuneTopuserswithauditedactions.txt


--------------------------------------------------------------------------------
/Queries/Intunecomputershutdowns.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/Intunecomputershutdowns.txt


--------------------------------------------------------------------------------
/Queries/IntuneisCompliantByOSandOSVersion.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/IntuneisCompliantByOSandOSVersion.txt


--------------------------------------------------------------------------------
/Queries/KDCforKRBTGTPassword.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/KDCforKRBTGTPassword.txt


--------------------------------------------------------------------------------
/Queries/KaseyaREvil.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/KaseyaREvil.txt


--------------------------------------------------------------------------------
/Queries/LAG analysis example.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/LAG analysis example.txt


--------------------------------------------------------------------------------
/Queries/Language demo just for fun and demo pattern replace.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/Language demo just for fun and demo pattern replace.txt


--------------------------------------------------------------------------------
/Queries/LastLogin.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/LastLogin.txt


--------------------------------------------------------------------------------
/Queries/LastTimeDataReceived.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/LastTimeDataReceived.txt


--------------------------------------------------------------------------------
/Queries/LastTimeMessageReceived.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/LastTimeMessageReceived.txt


--------------------------------------------------------------------------------
/Queries/Latency for a Log Analytics example with rolling percentiles.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/Latency for a Log Analytics example with rolling percentiles.txt


--------------------------------------------------------------------------------
/Queries/LegacyAuthSignin.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/LegacyAuthSignin.txt


--------------------------------------------------------------------------------
/Queries/LineNumbers-serialize.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/LineNumbers-serialize.txt


--------------------------------------------------------------------------------
/Queries/LinksinTeamsMessages.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/LinksinTeamsMessages.txt


--------------------------------------------------------------------------------
/Queries/ListofDomains.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/ListofDomains.txt


--------------------------------------------------------------------------------
/Queries/LogSources.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/LogSources.txt


--------------------------------------------------------------------------------
/Queries/LoginFailureButPasswordChangeRequired.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/LoginFailureButPasswordChangeRequired.txt


--------------------------------------------------------------------------------
/Queries/LoginFailureUnknownUserNameorBadPassword.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/LoginFailureUnknownUserNameorBadPassword.txt


--------------------------------------------------------------------------------
/Queries/LoginLocationNotInUS.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/LoginLocationNotInUS.txt


--------------------------------------------------------------------------------
/Queries/LoginsByAccountPerLocation.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/LoginsByAccountPerLocation.txt


--------------------------------------------------------------------------------
/Queries/LookbackQuery.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/LookbackQuery.txt


--------------------------------------------------------------------------------
/Queries/LookingforInstalledKBIDs.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/LookingforInstalledKBIDs.txt


--------------------------------------------------------------------------------
/Queries/MITRETacticIncident.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/MITRETacticIncident.txt


--------------------------------------------------------------------------------
/Queries/MV-EpandExample.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/MV-EpandExample.txt


--------------------------------------------------------------------------------
/Queries/Make series to fill in gaps with default for bin by bucket.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/Make series to fill in gaps with default for bin by bucket.txt


--------------------------------------------------------------------------------
/Queries/Make-series for gaps.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/Make-series for gaps.txt


--------------------------------------------------------------------------------
/Queries/MalwareEngShutdown.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/MalwareEngShutdown.txt


--------------------------------------------------------------------------------
/Queries/MerakiConf2.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/MerakiConf2.txt


--------------------------------------------------------------------------------
/Queries/MerakiDenialofService.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/MerakiDenialofService.txt


--------------------------------------------------------------------------------
/Queries/MerakiDeviceChanges.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/MerakiDeviceChanges.txt


--------------------------------------------------------------------------------
/Queries/MerakiDeviceInformation.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/MerakiDeviceInformation.txt


--------------------------------------------------------------------------------
/Queries/MerakiPKIActivity.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/MerakiPKIActivity.txt


--------------------------------------------------------------------------------
/Queries/MerakiParser.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/MerakiParser.txt


--------------------------------------------------------------------------------
/Queries/MerakiSIGRED.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/MerakiSIGRED.txt


--------------------------------------------------------------------------------
/Queries/MimiKatzDetection.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/MimiKatzDetection.txt


--------------------------------------------------------------------------------
/Queries/MostGeneratedIncidents.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/MostGeneratedIncidents.txt


--------------------------------------------------------------------------------
/Queries/NRTFailed.kql:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/NRTFailed.kql


--------------------------------------------------------------------------------
/Queries/NSGChangesByUser.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/NSGChangesByUser.txt


--------------------------------------------------------------------------------
/Queries/NSGChangesbyUserandResource.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/NSGChangesbyUserandResource.txt


--------------------------------------------------------------------------------
/Queries/NetLogonPatchCompliance.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/NetLogonPatchCompliance.txt


--------------------------------------------------------------------------------
/Queries/NewAdmins.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/NewAdmins.txt


--------------------------------------------------------------------------------
/Queries/NewBruteForceAttacks.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/NewBruteForceAttacks.txt


--------------------------------------------------------------------------------
/Queries/NewYearChampagneGlass.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/NewYearChampagneGlass.txt


--------------------------------------------------------------------------------
/Queries/NoIncidentsClosedin90.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/NoIncidentsClosedin90.txt


--------------------------------------------------------------------------------
/Queries/NoLogintoAADin90Days.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/NoLogintoAADin90Days.txt


--------------------------------------------------------------------------------
/Queries/NoNewOpenIncidents24hrs.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/NoNewOpenIncidents24hrs.txt


--------------------------------------------------------------------------------
/Queries/NoTotalOpenIncidentsin90.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/NoTotalOpenIncidentsin90.txt


--------------------------------------------------------------------------------
/Queries/NoUnassignedIncidents.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/NoUnassignedIncidents.txt


--------------------------------------------------------------------------------
/Queries/NodesData24Hours.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/NodesData24Hours.yaml


--------------------------------------------------------------------------------
/Queries/NodesReporting30days.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/NodesReporting30days.yaml


--------------------------------------------------------------------------------
/Queries/NodesSendingAnyData.yaml:
--------------------------------------------------------------------------------
1 | //List of nodes sending any data
2 | 


--------------------------------------------------------------------------------
/Queries/NotEqual.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/NotEqual.txt


--------------------------------------------------------------------------------
/Queries/NotLoggedIn.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/NotLoggedIn.txt


--------------------------------------------------------------------------------
/Queries/NumberofEventsOveraSelectedTime.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/NumberofEventsOveraSelectedTime.txt


--------------------------------------------------------------------------------
/Queries/OfficeIngestDelay.kql:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/OfficeIngestDelay.kql


--------------------------------------------------------------------------------
/Queries/OfficeUsertoAdminGroup.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/OfficeUsertoAdminGroup.txt


--------------------------------------------------------------------------------
/Queries/OnlineOffline.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/OnlineOffline.txt


--------------------------------------------------------------------------------
/Queries/Overview_Queries.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/Overview_Queries.txt


--------------------------------------------------------------------------------
/Queries/PKEXEC.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/PKEXEC.txt


--------------------------------------------------------------------------------
/Queries/PackAllExample.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/PackAllExample.txt


--------------------------------------------------------------------------------
/Queries/PaloAltoEvents.kql:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/PaloAltoEvents.kql


--------------------------------------------------------------------------------
/Queries/PaloAltoStops.kql:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/PaloAltoStops.kql


--------------------------------------------------------------------------------
/Queries/ParseAnomaliConfidenceScore.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/ParseAnomaliConfidenceScore.txt


--------------------------------------------------------------------------------
/Queries/ParseBetween.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/ParseBetween.txt


--------------------------------------------------------------------------------
/Queries/PolicyCreation.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/PolicyCreation.txt


--------------------------------------------------------------------------------
/Queries/PolicyExemptions.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/PolicyExemptions.txt


--------------------------------------------------------------------------------
/Queries/PoorPerfQuery.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/PoorPerfQuery.txt


--------------------------------------------------------------------------------
/Queries/Potentialmaliciouseventsmap.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/Potentialmaliciouseventsmap.txt


--------------------------------------------------------------------------------
/Queries/PowerShellExecution.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/PowerShellExecution.txt


--------------------------------------------------------------------------------
/Queries/PowerShellExecutionwithDownload.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/PowerShellExecutionwithDownload.txt


--------------------------------------------------------------------------------
/Queries/PrintNightmare.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/PrintNightmare.txt


--------------------------------------------------------------------------------
/Queries/ProxyShell.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/ProxyShell.txt


--------------------------------------------------------------------------------
/Queries/ProxyShellExchange.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/ProxyShellExchange.txt


--------------------------------------------------------------------------------
/Queries/QueriesEachPersonRan.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/QueriesEachPersonRan.txt


--------------------------------------------------------------------------------
/Queries/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/README.md


--------------------------------------------------------------------------------
/Queries/RegistryCredentialTheft.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/RegistryCredentialTheft.txt


--------------------------------------------------------------------------------
/Queries/RemoteLogon.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/RemoteLogon.txt


--------------------------------------------------------------------------------
/Queries/RemoteWorkspaceQuery.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/RemoteWorkspaceQuery.txt


--------------------------------------------------------------------------------
/Queries/ReportNoData.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/ReportNoData.txt


--------------------------------------------------------------------------------
/Queries/RestartShutdownsLast7Days.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/RestartShutdownsLast7Days.txt


--------------------------------------------------------------------------------
/Queries/RetentionPerTable.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/RetentionPerTable.txt


--------------------------------------------------------------------------------
/Queries/RulesRuninLast30d.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/RulesRuninLast30d.txt


--------------------------------------------------------------------------------
/Queries/Running total aka cumulative sum.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/Running total aka cumulative sum.txt


--------------------------------------------------------------------------------
/Queries/SMA and EMA examples.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/SMA and EMA examples.txt


--------------------------------------------------------------------------------
/Queries/SQLServerAuditLogs.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/SQLServerAuditLogs.txt


--------------------------------------------------------------------------------
/Queries/SecurityChangePasswordResets.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/SecurityChangePasswordResets.txt


--------------------------------------------------------------------------------
/Queries/SecurityIndicentsCreatedinLastDay.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/SecurityIndicentsCreatedinLastDay.txt


--------------------------------------------------------------------------------
/Queries/SecurityLogFileCleared.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/SecurityLogFileCleared.txt


--------------------------------------------------------------------------------
/Queries/SentinelDataRetention.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/SentinelDataRetention.txt


--------------------------------------------------------------------------------
/Queries/SentinelIncidentURLs- ALL.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/SentinelIncidentURLs- ALL.txt


--------------------------------------------------------------------------------
/Queries/SharePointDownloads.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/SharePointDownloads.txt


--------------------------------------------------------------------------------
/Queries/SignInbyLocation.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/SignInbyLocation.txt


--------------------------------------------------------------------------------
/Queries/SignatureVersionPie.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/SignatureVersionPie.txt


--------------------------------------------------------------------------------
/Queries/SigninLogsByBrowserandLocation.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/SigninLogsByBrowserandLocation.txt


--------------------------------------------------------------------------------
/Queries/SigninLogsByDay - parsing UTC.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/SigninLogsByDay - parsing UTC.txt


--------------------------------------------------------------------------------
/Queries/SigninLogsNow.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/SigninLogsNow.txt


--------------------------------------------------------------------------------
/Queries/Size-of-ingested-data-per-computer.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/Size-of-ingested-data-per-computer.yaml


--------------------------------------------------------------------------------
/Queries/Solarwinds_ServerU_Vuln.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/Solarwinds_ServerU_Vuln.txt


--------------------------------------------------------------------------------
/Queries/SolutionDataUsage.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/SolutionDataUsage.txt


--------------------------------------------------------------------------------
/Queries/SophosDisabled.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/SophosDisabled.txt


--------------------------------------------------------------------------------
/Queries/Sparkles.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/Sparkles.txt


--------------------------------------------------------------------------------
/Queries/StopPLCIoTDevice.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/StopPLCIoTDevice.txt


--------------------------------------------------------------------------------
/Queries/SuccessfulRoleAssignments.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/SuccessfulRoleAssignments.txt


--------------------------------------------------------------------------------
/Queries/SuspicousARMActivites.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/SuspicousARMActivites.txt


--------------------------------------------------------------------------------
/Queries/SysLogDaemon.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/SysLogDaemon.txt


--------------------------------------------------------------------------------
/Queries/Sysmon-Events-by-size.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/Sysmon-Events-by-size.yaml


--------------------------------------------------------------------------------
/Queries/SysmonAMA.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/SysmonAMA.txt


--------------------------------------------------------------------------------
/Queries/SysmonEventsStorageSize.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/SysmonEventsStorageSize.txt


--------------------------------------------------------------------------------
/Queries/SysmonParser.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/SysmonParser.txt


--------------------------------------------------------------------------------
/Queries/SystemRestoreDisabled.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/SystemRestoreDisabled.txt


--------------------------------------------------------------------------------
/Queries/SystemsReportingtoSentinel.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/SystemsReportingtoSentinel.txt


--------------------------------------------------------------------------------
/Queries/SystemthatHaveUpdatedintheLast4Hours.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/SystemthatHaveUpdatedintheLast4Hours.txt


--------------------------------------------------------------------------------
/Queries/TableActivity.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/TableActivity.yaml


--------------------------------------------------------------------------------
/Queries/TableData.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/TableData.txt


--------------------------------------------------------------------------------
/Queries/TableExistence.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/TableExistence.txt


--------------------------------------------------------------------------------
/Queries/TableUsageandCost.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/TableUsageandCost.txt


--------------------------------------------------------------------------------
/Queries/Tables-Sizes-Entries.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/Tables-Sizes-Entries.yaml


--------------------------------------------------------------------------------
/Queries/TablesNotIngestingDatain3Days.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/TablesNotIngestingDatain3Days.txt


--------------------------------------------------------------------------------
/Queries/TeamsAADSigninLogsRelatedtoTeamOwners.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/TeamsAADSigninLogsRelatedtoTeamOwners.txt


--------------------------------------------------------------------------------
/Queries/TeamsAADSigninsSuccessUnsuccess.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/TeamsAADSigninsSuccessUnsuccess.txt


--------------------------------------------------------------------------------
/Queries/TeamsBotsorAppsAdded.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/TeamsBotsorAppsAdded.txt


--------------------------------------------------------------------------------
/Queries/TeamsChannelDeleted.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/TeamsChannelDeleted.txt


--------------------------------------------------------------------------------
/Queries/TeamsExternalRareUserAccess.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/TeamsExternalRareUserAccess.txt


--------------------------------------------------------------------------------
/Queries/TeamsExternalSuspiciousAccountsRevokedAccess.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/TeamsExternalSuspiciousAccountsRevokedAccess.txt


--------------------------------------------------------------------------------
/Queries/TeamsKQL.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/TeamsKQL.zip


--------------------------------------------------------------------------------
/Queries/TeamsListFederatedUsers.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/TeamsListFederatedUsers.txt


--------------------------------------------------------------------------------
/Queries/TeamsSingleUsersDeleteMultipleTeams.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/TeamsSingleUsersDeleteMultipleTeams.txt


--------------------------------------------------------------------------------
/Queries/TeamsSuspiciousElevationofPrivileges.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/TeamsSuspiciousElevationofPrivileges.txt


--------------------------------------------------------------------------------
/Queries/TeamsUserAddedtoTeamsChannel.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/TeamsUserAddedtoTeamsChannel.txt


--------------------------------------------------------------------------------
/Queries/TeamsWasUserRoleChanged.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/TeamsWasUserRoleChanged.txt


--------------------------------------------------------------------------------
/Queries/ThreatIntelligenceTableCosts.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/ThreatIntelligenceTableCosts.txt


--------------------------------------------------------------------------------
/Queries/ThreatStatus.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/ThreatStatus.txt


--------------------------------------------------------------------------------
/Queries/TieFighter.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/TieFighter.txt


--------------------------------------------------------------------------------
/Queries/TimeBetweenDates.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/TimeBetweenDates.txt


--------------------------------------------------------------------------------
/Queries/TimeRangeExample.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/TimeRangeExample.txt


--------------------------------------------------------------------------------
/Queries/Top N by Group example via top-nested - option 2.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/Top N by Group example via top-nested - option 2.txt


--------------------------------------------------------------------------------
/Queries/Top N by group example via LAG - option 1.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/Top N by group example via LAG - option 1.txt


--------------------------------------------------------------------------------
/Queries/TotalGBCSecurityEvent.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/TotalGBCSecurityEvent.txt


--------------------------------------------------------------------------------
/Queries/TotalIncidentsInLast6Months.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/TotalIncidentsInLast6Months.txt


--------------------------------------------------------------------------------
/Queries/Tracking Privileged Account Rare Activity without AWS.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/Tracking Privileged Account Rare Activity without AWS.txt


--------------------------------------------------------------------------------
/Queries/TrendofRequests.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/TrendofRequests.txt


--------------------------------------------------------------------------------
/Queries/TrialExpiration.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/TrialExpiration.txt


--------------------------------------------------------------------------------
/Queries/UEBACosts.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/UEBACosts.txt


--------------------------------------------------------------------------------
/Queries/UEBACosts.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/UEBACosts.yaml


--------------------------------------------------------------------------------
/Queries/UEBA_IsDormant.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/UEBA_IsDormant.txt


--------------------------------------------------------------------------------
/Queries/UnsuccessfulRulesinLast24.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/UnsuccessfulRulesinLast24.txt


--------------------------------------------------------------------------------
/Queries/UpdateComplianceBarChart.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/UpdateComplianceBarChart.txt


--------------------------------------------------------------------------------
/Queries/UpdateDataConnectors.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/UpdateDataConnectors.txt


--------------------------------------------------------------------------------
/Queries/UserAccountLockedAAD.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/UserAccountLockedAAD.txt


--------------------------------------------------------------------------------
/Queries/Usergrantedaccesstoanapp.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/Usergrantedaccesstoanapp.txt


--------------------------------------------------------------------------------
/Queries/UsersConnectFromMultipleCity.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/UsersConnectFromMultipleCity.txt


--------------------------------------------------------------------------------
/Queries/UsersIPsPorts.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/UsersIPsPorts.txt


--------------------------------------------------------------------------------
/Queries/Using-the-KQL-queries.md:
--------------------------------------------------------------------------------
1 | 
2 | 


--------------------------------------------------------------------------------
/Queries/Volume-by-RG.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/Volume-by-RG.yaml


--------------------------------------------------------------------------------
/Queries/Volume-by-sub-yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/Volume-by-sub-yaml


--------------------------------------------------------------------------------
/Queries/WatchListAudit.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/WatchListAudit.txt


--------------------------------------------------------------------------------
/Queries/WatchListDelete.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/WatchListDelete.txt


--------------------------------------------------------------------------------
/Queries/WatchlistNOTin.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/WatchlistNOTin.txt


--------------------------------------------------------------------------------
/Queries/Watchlist_Basics:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/Watchlist_Basics


--------------------------------------------------------------------------------
/Queries/WatchlistsCosts.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/WatchlistsCosts.txt


--------------------------------------------------------------------------------
/Queries/WebshellPosts.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/WebshellPosts.txt


--------------------------------------------------------------------------------
/Queries/WhenUEBAwasEnabledByWho.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/WhenUEBAwasEnabledByWho.txt


--------------------------------------------------------------------------------
/Queries/WhiteList-FindWhoAccessedAzureSentinelthatShouldNot.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/WhiteList-FindWhoAccessedAzureSentinelthatShouldNot.txt


--------------------------------------------------------------------------------
/Queries/WhoChangedConditionalAccessPolicy.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/WhoChangedConditionalAccessPolicy.txt


--------------------------------------------------------------------------------
/Queries/WhoChangedTheirAADPassword.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/WhoChangedTheirAADPassword.txt


--------------------------------------------------------------------------------
/Queries/WhoDeletedAlertRule.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/WhoDeletedAlertRule.txt


--------------------------------------------------------------------------------
/Queries/WhoModifiedAnalyticsRule.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/WhoModifiedAnalyticsRule.txt


--------------------------------------------------------------------------------
/Queries/Windows10LoggedInLast7Days.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/Windows10LoggedInLast7Days.txt


--------------------------------------------------------------------------------
/Queries/WiresharkRSSTraffic.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/WiresharkRSSTraffic.txt


--------------------------------------------------------------------------------
/Queries/WorkWeek.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/WorkWeek.txt


--------------------------------------------------------------------------------
/Queries/WorkbookCreation.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/WorkbookCreation.txt


--------------------------------------------------------------------------------
/Queries/WorkbookDeletion.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/WorkbookDeletion.txt


--------------------------------------------------------------------------------
/Queries/WorkspacesAndTables.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/WorkspacesAndTables.txt


--------------------------------------------------------------------------------
/Queries/ZeroLogon_Ports.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/ZeroLogon_Ports.txt


--------------------------------------------------------------------------------
/Queries/acrossworkspaceforFunction.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/acrossworkspaceforFunction.txt


--------------------------------------------------------------------------------
/Queries/adminskql.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/adminskql.txt


--------------------------------------------------------------------------------
/Queries/allreportingcomputers.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/allreportingcomputers.txt


--------------------------------------------------------------------------------
/Queries/computersendingmostsecurityalerts.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/computersendingmostsecurityalerts.txt


--------------------------------------------------------------------------------
/Queries/computersunhealthystate.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/computersunhealthystate.txt


--------------------------------------------------------------------------------
/Queries/count-of-billable-events-ingested-per-computer.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/count-of-billable-events-ingested-per-computer.yaml


--------------------------------------------------------------------------------
/Queries/data volume by resource group.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/data volume by resource group.yaml


--------------------------------------------------------------------------------
/Queries/dataingestionthresholdlimits.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/dataingestionthresholdlimits.txt


--------------------------------------------------------------------------------
/Queries/dataparser.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/dataparser.txt


--------------------------------------------------------------------------------
/Queries/dataproviders.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/dataproviders.txt


--------------------------------------------------------------------------------
/Queries/devices.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/devices.txt


--------------------------------------------------------------------------------
/Queries/excessivefailedlogins.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/excessivefailedlogins.txt


--------------------------------------------------------------------------------
/Queries/heartbeatforscomagent.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/heartbeatforscomagent.txt


--------------------------------------------------------------------------------
/Queries/isempty.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/isempty.txt


--------------------------------------------------------------------------------
/Queries/meraki_GROK.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/meraki_GROK.txt


--------------------------------------------------------------------------------
/Queries/multipleLAworkspaces.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/multipleLAworkspaces.txt


--------------------------------------------------------------------------------
/Queries/nodes as billed in the Per Node pricing.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/nodes as billed in the Per Node pricing.yaml


--------------------------------------------------------------------------------
/Queries/qualys.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/qualys.txt


--------------------------------------------------------------------------------
/Queries/scalarexpression.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/scalarexpression.txt


--------------------------------------------------------------------------------
/Queries/serversenrolledinWDATP.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/serversenrolledinWDATP.txt


--------------------------------------------------------------------------------
/Queries/size of ingested data per Azure subscription.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/size of ingested data per Azure subscription.yaml


--------------------------------------------------------------------------------
/Queries/size of ingested data per computer.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Queries/size of ingested data per computer.yaml


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/README.md


--------------------------------------------------------------------------------
/TLP.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/TLP.md


--------------------------------------------------------------------------------
/Workbooks/Sentinel/Environment.EventSourceMonitoring/DataConnector.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Workbooks/Sentinel/Environment.EventSourceMonitoring/DataConnector.png


--------------------------------------------------------------------------------
/Workbooks/Sentinel/Environment.EventSourceMonitoring/EndPoint.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Workbooks/Sentinel/Environment.EventSourceMonitoring/EndPoint.png


--------------------------------------------------------------------------------
/Workbooks/Sentinel/Environment.EventSourceMonitoring/EventSource.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Workbooks/Sentinel/Environment.EventSourceMonitoring/EventSource.png


--------------------------------------------------------------------------------
/Workbooks/Sentinel/Environment.EventSourceMonitoring/GlobalOverview.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Workbooks/Sentinel/Environment.EventSourceMonitoring/GlobalOverview.png


--------------------------------------------------------------------------------
/Workbooks/Sentinel/Environment.EventSourceMonitoring/Queries.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Workbooks/Sentinel/Environment.EventSourceMonitoring/Queries.png


--------------------------------------------------------------------------------
/Workbooks/Sentinel/Environment.EventSourceMonitoring/dashboard.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Workbooks/Sentinel/Environment.EventSourceMonitoring/dashboard.json


--------------------------------------------------------------------------------
/Workbooks/Sentinel/Environment.EventSourceMonitoring/readme.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Workbooks/Sentinel/Environment.EventSourceMonitoring/readme.md


--------------------------------------------------------------------------------
/Workbooks/Sentinel/Sandfly_Monitoring_Dashboard_ArmTemplate:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Workbooks/Sentinel/Sandfly_Monitoring_Dashboard_ArmTemplate


--------------------------------------------------------------------------------
/Workbooks/Sentinel/Sandfly_Monitoring_Dashboard_GalleryTemplate:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Workbooks/Sentinel/Sandfly_Monitoring_Dashboard_GalleryTemplate


--------------------------------------------------------------------------------
/Workbooks/Sentinel/ThreatHunting.PurpleTeam/dashboard.ARM.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Workbooks/Sentinel/ThreatHunting.PurpleTeam/dashboard.ARM.json


--------------------------------------------------------------------------------
/Workbooks/Sentinel/ThreatHunting.PurpleTeam/dashboard.GALLERY.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Workbooks/Sentinel/ThreatHunting.PurpleTeam/dashboard.GALLERY.json


--------------------------------------------------------------------------------
/Workbooks/Sentinel/ThreatHunting.PurpleTeam/readme.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Workbooks/Sentinel/ThreatHunting.PurpleTeam/readme.md


--------------------------------------------------------------------------------
/Workbooks/Windows/Enviornment.Event_Checking/Docs.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Workbooks/Windows/Enviornment.Event_Checking/Docs.png


--------------------------------------------------------------------------------
/Workbooks/Windows/Enviornment.Event_Checking/EndPoint.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Workbooks/Windows/Enviornment.Event_Checking/EndPoint.png


--------------------------------------------------------------------------------
/Workbooks/Windows/Enviornment.Event_Checking/EventID.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Workbooks/Windows/Enviornment.Event_Checking/EventID.png


--------------------------------------------------------------------------------
/Workbooks/Windows/Enviornment.Event_Checking/GlobalOverview.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Workbooks/Windows/Enviornment.Event_Checking/GlobalOverview.png


--------------------------------------------------------------------------------
/Workbooks/Windows/Enviornment.Event_Checking/dashboard.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Workbooks/Windows/Enviornment.Event_Checking/dashboard.json


--------------------------------------------------------------------------------
/Workbooks/Windows/Enviornment.Event_Checking/queries.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Workbooks/Windows/Enviornment.Event_Checking/queries.png


--------------------------------------------------------------------------------
/Workbooks/Windows/Enviornment.Event_Checking/readme.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/Workbooks/Windows/Enviornment.Event_Checking/readme.md


--------------------------------------------------------------------------------
/error_code_azure_ad_entra.csv:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/error_code_azure_ad_entra.csv


--------------------------------------------------------------------------------
/images/1-0.23.4.01.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/images/1-0.23.4.01.png


--------------------------------------------------------------------------------
/images/2-0.23.4.01.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/images/2-0.23.4.01.png


--------------------------------------------------------------------------------
/images/header-blue.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/images/header-blue.png


--------------------------------------------------------------------------------
/images/header.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/images/header.png


--------------------------------------------------------------------------------
/images/sentinelcat.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/images/sentinelcat.png


--------------------------------------------------------------------------------
/windows_eventids_descriptions.csv:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Truvis/Sentinel/HEAD/windows_eventids_descriptions.csv


--------------------------------------------------------------------------------