Skip to content

Adding queries to look for abnormal sch task creation and launch#11224

Merged
v-atulyadav merged 1 commit into
Azure:masterfrom
JouniMi:Scheduled_tasks
Oct 8, 2024
Merged

Adding queries to look for abnormal sch task creation and launch#11224
v-atulyadav merged 1 commit into
Azure:masterfrom
JouniMi:Scheduled_tasks

Conversation

@JouniMi
Copy link
Copy Markdown
Contributor

@JouniMi JouniMi commented Oct 6, 2024

Required items, please complete

Change(s):

  • Added three different queries for scheduled task hunting purposes.
  • Hunting Queries/Microsoft 365 Defender/Persistence/rare_sch_task_launch.yaml
  • Hunting Queries/Microsoft 365 Defender/Persistence/rare_sch_task_with_activity.yaml
  • Hunting Queries/Microsoft 365 Defender/Persistence/sch_task_creation.yaml

Reason for Change(s):

  • Additional threat hunting queries to look for rare scheduled task creation and execution.

@JouniMi JouniMi requested review from a team as code owners October 6, 2024 12:00
@v-prasadboke v-prasadboke self-assigned this Oct 7, 2024
@v-prasadboke v-prasadboke added Solution Solution specialty review needed Hunting Hunting specialty review needed labels Oct 7, 2024
@v-shukore
Copy link
Copy Markdown
Contributor

v-shukore commented Oct 7, 2024

Hello @JouniMi, Thanks for raising this PR. This PR will be investigated, and we will update you about the same before 09-Oct-2024. Thanks...!!

@v-atulyadav v-atulyadav merged commit 6adb982 into Azure:master Oct 8, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@v-atulyadav v-atulyadav v-atulyadav approved these changes

@v-shukore v-shukore v-shukore approved these changes

Assignees

@v-shukore v-shukore

Labels

Hunting Hunting specialty review needed Solution Solution specialty review needed

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@JouniMi @v-shukore @v-atulyadav @v-prasadboke