T1562.004

May 27, 2026

Hunting Query: Rootkit Network Evasion Detection via Firewall-EDR Telemetry Delta

New hunting query detects kernel-level rootkits bypassing EDR network telemetry by comparing perimeter firewall logs against Microsoft Defender for Endpoint data streams. Read More →

May 18, 2026

AWS Content Quality Overhaul: Standardized Detection Rules and Improved Entity Mappings

Comprehensive quality improvements to 61 AWS Analytic Rules and 35 Hunting Queries with standardized naming conventions, normalized MITRE technique mappings, and updated entity field references from legacy AccountCustomEntity to UserIdentityUserName. Read More →

Auto-generated content based on the Azure-Sentinel GitHub repo.

Microsoft Sentinel is a trademark of Microsoft Corporation.