T1204 on sentinelchangelog.net

T1204 on sentinelchangelog.nethttp://sentinelchangelog.net/tags/t1204/Recent content in T1204 on sentinelchangelog.netHugo -- 0.157.0enMon, 01 Jun 2026 04:39:34 +0000Slack Audit Solution: Enhanced Detection Logic and Alert Enrichmenthttp://sentinelchangelog.net/posts/2026-06-01-pr-14245/Mon, 01 Jun 2026 04:39:34 +0000http://sentinelchangelog.net/posts/2026-06-01-pr-14245/Slack Audit analytic rules, hunting queries, and workbook upgraded with improved KQL logic, custom alert details, and enhanced entity mappings for stronger workspace monitoring.LockBit Hunting Query: ActiveMQ Exploit IoC Detection Addedhttp://sentinelchangelog.net/posts/2026-05-29-pr-14350/Fri, 29 May 2026 05:32:22 +0000http://sentinelchangelog.net/posts/2026-05-29-pr-14350/New hunting query provides hash-based detection for LockBit ransomware artifacts deployed via Apache ActiveMQ CVE-2023-46604 exploitation.AWS Content Quality Overhaul: Standardized Detection Rules and Improved Entity Mappingshttp://sentinelchangelog.net/posts/2026-05-18-pr-14101/Mon, 18 May 2026 07:30:57 +0000http://sentinelchangelog.net/posts/2026-05-18-pr-14101/Comprehensive quality improvements to 61 AWS Analytic Rules and 35 Hunting Queries with standardized naming conventions, normalized MITRE technique mappings, and updated entity field references from legacy AccountCustomEntity to UserIdentityUserName.Microsoft Entra ID Table Rename: Hunting Queries Updated for Current Schemahttp://sentinelchangelog.net/posts/2026-05-18-pr-14186/Mon, 18 May 2026 05:36:36 +0000http://sentinelchangelog.net/posts/2026-05-18-pr-14186/12 hunting queries updated to use EntraIdSignInEvents and EntraIdSpnSignInEvents tables, replacing deprecated AADSignInEventsBeta and AADSpnSignInEventsBeta references.Microsoft Sentinel Training Lab: Comprehensive Hands-On Security Operations Environment Now Availablehttp://sentinelchangelog.net/posts/2026-04-10-pr-13848/Fri, 10 Apr 2026 15:05:24 +0000http://sentinelchangelog.net/posts/2026-04-10-pr-13848/New deployment-ready training lab delivers 14 guided exercises with pre-recorded telemetry, detection rules, and automation workflows for practical Microsoft Sentinel skill development.Visa Threat Intelligence Solution: Initial Package Release with IOC Detection Ruleshttp://sentinelchangelog.net/posts/2026-02-13-pr-13616/Fri, 13 Feb 2026 21:02:02 +0000http://sentinelchangelog.net/posts/2026-02-13-pr-13616/New Visa Threat Intelligence (VTI) solution providing IOC feeds via DCR connector with high-severity detection rules for domains and file hashes.Azure Firewall: Five New IDPS Analytic Rules for Advanced Threat Detectionhttp://sentinelchangelog.net/posts/2026-02-13-pr-13591/Fri, 13 Feb 2026 08:19:01 +0000http://sentinelchangelog.net/posts/2026-02-13-pr-13591/Azure Firewall solution expanded with 5 new analytic rules targeting high/medium severity threats, DDoS attacks, web application attacks, and privilege escalation attempts.VMware ESXi SSH Brute Force Detection Plus Multi-Solution Updateshttp://sentinelchangelog.net/posts/2025-11-10-pr-13063/Mon, 10 Nov 2025 06:23:07 +0000http://sentinelchangelog.net/posts/2025-11-10-pr-13063/New VMware ESXi detection for multiple failed SSH login attempts, plus comprehensive solution updates across 15+ vendor solutions.