Note: Please refer to the following before installing the solution:

• Review the solution Release Notes.
  
• There may be known issues pertaining to this Solution.

Microsoft Security Research, based on ongoing trends and exploits creates content that help identify existence of known IOCs based on known prevalent attacks and threat actor tactics/techniques, such as Nobelium, Gallium, Solorigate, etc. This solution contains packaged content written on some legacy IOCs that have been prevalent in the past but may still be relevant.

Pre-requisites:

This is a domain solution and does not include any data connectors. The content in this solution supports the connectors listed below. Install one or more of the listed solutions, to unlock the value provided by this solution.

1. Squid Proxy

2. Microsoft Windows DNS

3. Cisco ASA

4. Palo Alto Networks

5. Microsoft Defender XDR

6. Azure Firewall

7. ZScaler Internet Access

8. Infoblox NIOS

9. Google Cloud Platform DNS

10. NXLog DNS

11. Cisco Umbrella

12. Corelight

13. Amazon Web Services

14. Windows Forwarded Events

15. Sysmon for Linux

16. Microsoft 365

17. Windows Security Events

18. Microsoft Entra ID

19. Azure Activity

20. F5 Advanced WAF

21. Fortinet FortiGate

22. Check Point

23. Common Event Format

24. Windows Firewall

Hunting Queries: 10

Learn more about Microsoft Sentinel | Learn more about Solutions