Azure-Sentinel icon indicating copy to clipboard operation
Azure-Sentinel copied to clipboard
verified publisher icon Azure

Add query for malicious SVG files in MDO

Open jonade opened this issue 7 months ago • 0 comments

Change(s):

  • Adding a new category/folder for Custom Detections, for queries which could be used as Custom Detection Rules (CDRs). Added one new example query to detect when .SVG files as attachments on emails are formatted to contain JavaScript, such as a redirection to a remote webserver.

image

Reason for Change(s):

  • Adding new community queries within Advanced Hunting for customers that do not use Sentinel. Based on queries that are included within the 'Defender for Office 365 Detections and Insights' workbook included with the Defender for Office 365 solution.

Version Updated:

  • Not Applicable

Testing Completed:

  • Tested in Advanced Hunting within test tenants

Checked that the validations are passing and have addressed any issues that are present:

  • Yes

jonade avatar Jun 23 '25 11:06 jonade