Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Ent name added into parser and sample data

This commit is contained in:
Rajendra Khabiya 2021-07-16 17:05:26 +05:30
Родитель 72a5a98729
Коммит 10f7707991
2 изменённых файлов: 95 добавлений и 0 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

93
Sample Data/Custom/Lookout_CL.json
Просмотреть файл

@ -1,6 +1,7 @@
[
{
"type": "AUDIT",
"enterprise_name_s" : "Lookout",
"id": "128354255",
"eventTime": "2021-02-15T12:38:12.000Z",
"changeType": "UPDATED",
@ -24,6 +25,7 @@
},
{
"type": "AUDIT",
"enterprise_name_s" : "Lookout",
"id": "128354256",
"eventTime": "2021-02-15T12:38:12.000Z",
"changeType": "UPDATED",
@ -47,6 +49,7 @@
},
{
"type": "AUDIT",
"enterprise_name_s" : "Lookout",
"id": "128354257",
"eventTime": "2021-02-15T12:38:12.000Z",
"changeType": "UPDATED",
@ -70,6 +73,7 @@
},
{
"type": "AUDIT",
"enterprise_name_s" : "Lookout",
"id": "128354258",
"eventTime": "2021-02-15T12:38:12.000Z",
"changeType": "UPDATED",
@ -93,6 +97,7 @@
},
{
"type": "AUDIT",
"enterprise_name_s" : "Lookout",
"id": "128354259",
"eventTime": "2021-02-15T12:38:12.000Z",
"changeType": "UPDATED",
@ -116,6 +121,7 @@
},
{
"type": "AUDIT",
"enterprise_name_s" : "Lookout",
"id": "128354260",
"eventTime": "2021-02-15T12:38:12.000Z",
"changeType": "UPDATED",
@ -139,6 +145,7 @@
},
{
"type": "AUDIT",
"enterprise_name_s" : "Lookout",
"id": "128354261",
"eventTime": "2021-02-15T12:38:12.000Z",
"changeType": "UPDATED",
@ -162,6 +169,7 @@
},
{
"type": "AUDIT",
"enterprise_name_s" : "Lookout",
"id": "128354262",
"eventTime": "2021-02-15T12:38:12.000Z",
"changeType": "UPDATED",
@ -185,6 +193,7 @@
},
{
"type": "AUDIT",
"enterprise_name_s" : "Lookout",
"id": "128354263",
"eventTime": "2021-02-15T12:38:12.000Z",
"changeType": "UPDATED",
@ -208,6 +217,7 @@
},
{
"type": "AUDIT",
"enterprise_name_s" : "Lookout",
"id": "128354264",
"eventTime": "2021-02-15T12:38:12.000Z",
"changeType": "UPDATED",
@ -231,6 +241,7 @@
},
{
"type": "AUDIT",
"enterprise_name_s" : "Lookout",
"id": "128354265",
"eventTime": "2021-02-15T12:38:12.000Z",
"changeType": "UPDATED",
@ -254,6 +265,7 @@
},
{
"type": "AUDIT",
"enterprise_name_s" : "Lookout",
"id": "128354266",
"eventTime": "2021-02-15T12:38:12.000Z",
"changeType": "UPDATED",
@ -277,6 +289,7 @@
},
{
"type": "AUDIT",
"enterprise_name_s" : "Lookout",
"id": "128354267",
"eventTime": "2021-02-15T12:38:13.000Z",
"changeType": "UPDATED",
@ -300,6 +313,7 @@
},
{
"type": "AUDIT",
"enterprise_name_s" : "Lookout",
"id": "128354268",
"eventTime": "2021-02-15T12:38:13.000Z",
"changeType": "UPDATED",
@ -323,6 +337,7 @@
},
{
"type": "AUDIT",
"enterprise_name_s" : "Lookout",
"id": "128354269",
"eventTime": "2021-02-15T12:38:13.000Z",
"changeType": "UPDATED",
@ -346,6 +361,7 @@
},
{
"type": "AUDIT",
"enterprise_name_s" : "Lookout",
"id": "128354270",
"eventTime": "2021-02-15T12:38:13.000Z",
"changeType": "UPDATED",
@ -369,6 +385,7 @@
},
{
"type": "AUDIT",
"enterprise_name_s" : "Lookout",
"id": "128354271",
"eventTime": "2021-02-15T12:38:13.000Z",
"changeType": "UPDATED",
@ -392,6 +409,7 @@
},
{
"type": "AUDIT",
"enterprise_name_s" : "Lookout",
"id": "128354272",
"eventTime": "2021-02-15T12:38:13.000Z",
"changeType": "UPDATED",
@ -415,6 +433,7 @@
},
{
"type": "AUDIT",
"enterprise_name_s" : "Lookout",
"id": "128354273",
"eventTime": "2021-02-15T12:38:13.000Z",
"changeType": "UPDATED",
@ -438,6 +457,7 @@
},
{
"type": "AUDIT",
"enterprise_name_s" : "Lookout",
"id": "128354274",
"eventTime": "2021-02-15T12:38:13.000Z",
"changeType": "UPDATED",
@ -461,6 +481,7 @@
},
{
"type": "AUDIT",
"enterprise_name_s" : "Lookout",
"id": "128354275",
"eventTime": "2021-02-15T12:38:13.000Z",
"changeType": "UPDATED",
@ -484,6 +505,7 @@
},
{
"type": "AUDIT",
"enterprise_name_s" : "Lookout",
"id": "128354276",
"eventTime": "2021-02-15T12:38:13.000Z",
"changeType": "UPDATED",
@ -507,6 +529,7 @@
},
{
"type": "AUDIT",
"enterprise_name_s" : "Lookout",
"id": "128354277",
"eventTime": "2021-02-15T12:38:13.000Z",
"changeType": "UPDATED",
@ -530,6 +553,7 @@
},
{
"type": "AUDIT",
"enterprise_name_s" : "Lookout",
"id": "128354278",
"eventTime": "2021-02-15T12:38:13.000Z",
"changeType": "UPDATED",
@ -553,6 +577,7 @@
},
{
"type": "AUDIT",
"enterprise_name_s" : "Lookout",
"id": "128354279",
"eventTime": "2021-02-15T12:38:13.000Z",
"changeType": "UPDATED",
@ -576,6 +601,7 @@
},
{
"type": "AUDIT",
"enterprise_name_s" : "Lookout",
"id": "128354280",
"eventTime": "2021-02-15T12:38:13.000Z",
"changeType": "UPDATED",
@ -599,6 +625,7 @@
},
{
"type": "AUDIT",
"enterprise_name_s" : "Lookout",
"id": "128354281",
"eventTime": "2021-02-15T12:38:13.000Z",
"changeType": "UPDATED",
@ -622,6 +649,7 @@
},
{
"type": "AUDIT",
"enterprise_name_s" : "Lookout",
"id": "128354282",
"eventTime": "2021-02-15T12:38:13.000Z",
"changeType": "UPDATED",
@ -645,6 +673,7 @@
},
{
"type": "AUDIT",
"enterprise_name_s" : "Lookout",
"id": "128354283",
"eventTime": "2021-02-15T12:38:13.000Z",
"changeType": "UPDATED",
@ -668,6 +697,7 @@
},
{
"type": "AUDIT",
"enterprise_name_s" : "Lookout",
"id": "128354284",
"eventTime": "2021-02-15T12:38:13.000Z",
"changeType": "UPDATED",
@ -691,6 +721,7 @@
},
{
"type": "AUDIT",
"enterprise_name_s" : "Lookout",
"id": "128354285",
"eventTime": "2021-02-15T12:38:13.000Z",
"changeType": "UPDATED",
@ -714,6 +745,7 @@
},
{
"type": "AUDIT",
"enterprise_name_s" : "Lookout",
"id": "128354286",
"eventTime": "2021-02-15T12:38:13.000Z",
"changeType": "UPDATED",
@ -737,6 +769,7 @@
},
{
"type": "AUDIT",
"enterprise_name_s" : "Lookout",
"id": "128354287",
"eventTime": "2021-02-15T12:38:13.000Z",
"changeType": "UPDATED",
@ -760,6 +793,7 @@
},
{
"type": "AUDIT",
"enterprise_name_s" : "Lookout",
"id": "128354288",
"eventTime": "2021-02-15T12:38:13.000Z",
"changeType": "CREATED",
@ -851,6 +885,7 @@
},
{
"type": "AUDIT",
"enterprise_name_s" : "Lookout",
"id": "128354289",
"eventTime": "2021-02-15T12:38:53.000Z",
"changeType": "CREATED",
@ -874,6 +909,7 @@
},
{
"type": "AUDIT",
"enterprise_name_s" : "Lookout",
"id": "128354290",
"eventTime": "2021-02-15T12:39:27.000Z",
"changeType": "CREATED",
@ -896,6 +932,7 @@
},
{
"type": "AUDIT",
"enterprise_name_s" : "Lookout",
"id": "128354291",
"eventTime": "2021-02-15T12:40:10.000Z",
"changeType": "CREATED",
@ -927,6 +964,7 @@
},
{
"type": "AUDIT",
"enterprise_name_s" : "Lookout",
"id": "128354292",
"eventTime": "2021-02-15T12:41:00.000Z",
"changeType": "CREATED",
@ -958,6 +996,7 @@
},
{
"type": "AUDIT",
"enterprise_name_s" : "Lookout",
"id": "128354293",
"eventTime": "2021-02-15T12:42:28.000Z",
"changeType": "UPDATED",
@ -982,6 +1021,7 @@
},
{
"type": "AUDIT",
"enterprise_name_s" : "Lookout",
"id": "128354294",
"eventTime": "2021-02-15T12:42:28.000Z",
"changeType": "UPDATED",
@ -1012,6 +1052,7 @@
},
{
"type": "AUDIT",
"enterprise_name_s" : "Lookout",
"id": "128354295",
"eventTime": "2021-02-15T12:42:28.000Z",
"changeType": "UPDATED",
@ -1042,6 +1083,7 @@
},
{
"type": "AUDIT",
"enterprise_name_s" : "Lookout",
"id": "128354296",
"eventTime": "2021-02-15T12:42:28.000Z",
"changeType": "UPDATED",
@ -1072,6 +1114,7 @@
},
{
"type": "AUDIT",
"enterprise_name_s" : "Lookout",
"id": "128354297",
"eventTime": "2021-02-15T12:42:28.000Z",
"changeType": "UPDATED",
@ -1102,6 +1145,7 @@
},
{
"type": "AUDIT",
"enterprise_name_s" : "Lookout",
"id": "128354298",
"eventTime": "2021-02-15T12:42:28.000Z",
"changeType": "UPDATED",
@ -1132,6 +1176,7 @@
},
{
"type": "AUDIT",
"enterprise_name_s" : "Lookout",
"id": "128354299",
"eventTime": "2021-02-15T12:43:00.000Z",
"changeType": "UPDATED",
@ -1162,6 +1207,7 @@
},
{
"type": "AUDIT",
"enterprise_name_s" : "Lookout",
"id": "128354300",
"eventTime": "2021-02-15T12:43:23.000Z",
"changeType": "UPDATED",
@ -1186,6 +1232,7 @@
},
{
"type": "AUDIT",
"enterprise_name_s" : "Lookout",
"id": "128354301",
"eventTime": "2021-02-15T12:44:06.000Z",
"changeType": "UPDATED",
@ -1221,6 +1268,7 @@
},
{
"type": "AUDIT",
"enterprise_name_s" : "Lookout",
"id": "128354302",
"eventTime": "2021-02-15T12:44:06.000Z",
"changeType": "UPDATED",
@ -1256,6 +1304,7 @@
},
{
"type": "AUDIT",
"enterprise_name_s" : "Lookout",
"id": "128354303",
"eventTime": "2021-02-15T12:44:22.000Z",
"changeType": "UPDATED",
@ -1285,6 +1334,7 @@
},
{
"type": "AUDIT",
"enterprise_name_s" : "Lookout",
"id": "128354304",
"eventTime": "2021-02-15T12:44:22.000Z",
"changeType": "UPDATED",
@ -1344,6 +1394,7 @@
},
{
"type": "THREAT",
"enterprise_name_s" : "Lookout",
"id": "128356222",
"eventTime": "2021-02-15T12:51:09.000Z",
"changeType": "CREATED",
@ -1379,6 +1430,7 @@
},
{
"type": "AUDIT",
"enterprise_name_s" : "Lookout",
"id": "128356726",
"eventTime": "2021-02-15T12:52:47.000Z",
"changeType": "UPDATED",
@ -1429,6 +1481,7 @@
},
{
"type": "THREAT",
"enterprise_name_s" : "Lookout",
"id": "128357133",
"eventTime": "2021-02-15T12:53:59.000Z",
"changeType": "CREATED",
@ -1474,6 +1527,7 @@
},
{
"type": "AUDIT",
"enterprise_name_s" : "Lookout",
"id": "128357224",
"eventTime": "2021-02-15T12:54:18.000Z",
"changeType": "UPDATED",
@ -1498,6 +1552,7 @@
},
{
"type": "AUDIT",
"enterprise_name_s" : "Lookout",
"id": "128357230",
"eventTime": "2021-02-15T12:54:30.000Z",
"changeType": "UPDATED",
@ -1522,6 +1577,7 @@
},
{
"type": "AUDIT",
"enterprise_name_s" : "Lookout",
"id": "128357288",
"eventTime": "2021-02-15T12:55:08.000Z",
"changeType": "UPDATED",
@ -1546,6 +1602,7 @@
},
{
"type": "AUDIT",
"enterprise_name_s" : "Lookout",
"id": "128357369",
"eventTime": "2021-02-15T12:55:29.000Z",
"changeType": "UPDATED",
@ -1586,6 +1643,7 @@
},
{
"type": "AUDIT",
"enterprise_name_s" : "Lookout",
"id": "128357370",
"eventTime": "2021-02-15T12:55:29.000Z",
"changeType": "UPDATED",
@ -1626,6 +1684,7 @@
},
{
"type": "THREAT",
"enterprise_name_s" : "Lookout",
"id": "128357517",
"eventTime": "2021-02-15T12:56:04.000Z",
"changeType": "CREATED",
@ -1661,6 +1720,7 @@
},
{
"type": "THREAT",
"enterprise_name_s" : "Lookout",
"id": "128358058",
"eventTime": "2021-02-15T12:57:36.000Z",
"changeType": "CREATED",
@ -1706,6 +1766,7 @@
},
{
"type": "AUDIT",
"enterprise_name_s" : "Lookout",
"id": "128358159",
"eventTime": "2021-02-15T12:57:51.000Z",
"changeType": "UPDATED",
@ -1730,6 +1791,7 @@
},
{
"type": "AUDIT",
"enterprise_name_s" : "Lookout",
"id": "128358582",
"eventTime": "2021-02-15T12:59:05.000Z",
"changeType": "UPDATED",
@ -1765,6 +1827,7 @@
},
{
"type": "AUDIT",
"enterprise_name_s" : "Lookout",
"id": "128358672",
"eventTime": "2021-02-15T12:59:17.000Z",
"changeType": "UPDATED",
@ -1800,6 +1863,7 @@
},
{
"type": "AUDIT",
"enterprise_name_s" : "Lookout",
"id": "128358819",
"eventTime": "2021-02-15T12:59:45.000Z",
"changeType": "UPDATED",
@ -1835,6 +1899,7 @@
},
{
"type": "AUDIT",
"enterprise_name_s" : "Lookout",
"id": "128358959",
"eventTime": "2021-02-15T13:00:07.000Z",
"changeType": "UPDATED",
@ -1859,6 +1924,7 @@
},
{
"type": "THREAT",
"enterprise_name_s" : "Lookout",
"id": "128359203",
"eventTime": "2021-02-15T13:00:42.000Z",
"changeType": "CREATED",
@ -1894,6 +1960,7 @@
},
{
"type": "AUDIT",
"enterprise_name_s" : "Lookout",
"id": "128360116",
"eventTime": "2021-02-15T13:04:33.000Z",
"changeType": "UPDATED",
@ -1917,6 +1984,7 @@
},
{
"type": "AUDIT",
"enterprise_name_s" : "Lookout",
"id": "128360277",
"eventTime": "2021-02-15T13:05:52.000Z",
"changeType": "UPDATED",
@ -1940,6 +2008,7 @@
},
{
"type": "AUDIT",
"enterprise_name_s" : "Lookout",
"id": "128360412",
"eventTime": "2021-02-15T13:06:22.000Z",
"changeType": "UPDATED",
@ -1963,6 +2032,7 @@
},
{
"type": "AUDIT",
"enterprise_name_s" : "Lookout",
"id": "128360424",
"eventTime": "2021-02-15T13:06:43.000Z",
"changeType": "UPDATED",
@ -1993,6 +2063,7 @@
},
{
"type": "AUDIT",
"enterprise_name_s" : "Lookout",
"id": "128360471",
"eventTime": "2021-02-15T13:06:56.000Z",
"changeType": "UPDATED",
@ -2033,6 +2104,7 @@
},
{
"type": "AUDIT",
"enterprise_name_s" : "Lookout",
"id": "128360618",
"eventTime": "2021-02-15T13:07:58.000Z",
"changeType": "UPDATED",
@ -2099,6 +2171,7 @@
},
{
"type": "THREAT",
"enterprise_name_s" : "Lookout",
"id": "128360673",
"eventTime": "2021-02-15T13:08:39.000Z",
"changeType": "CREATED",
@ -2139,6 +2212,7 @@
},
{
"type": "AUDIT",
"enterprise_name_s" : "Lookout",
"id": "128360814",
"eventTime": "2021-02-15T13:09:20.000Z",
"changeType": "UPDATED",
@ -2179,6 +2253,7 @@
},
{
"type": "THREAT",
"enterprise_name_s" : "Lookout",
"id": "128360824",
"eventTime": "2021-02-15T13:09:32.000Z",
"changeType": "UPDATED",
@ -2244,6 +2319,7 @@
},
{
"type": "AUDIT",
"enterprise_name_s" : "Lookout",
"id": "128360827",
"eventTime": "2021-02-15T13:09:35.000Z",
"changeType": "UPDATED",
@ -2274,6 +2350,7 @@
},
{
"type": "THREAT",
"enterprise_name_s" : "Lookout",
"id": "128361422",
"eventTime": "2021-02-15T13:14:19.000Z",
"changeType": "UPDATED",
@ -2314,6 +2391,7 @@
},
{
"type": "THREAT",
"enterprise_name_s" : "Lookout",
"id": "128361428",
"eventTime": "2021-02-15T13:14:34.000Z",
"changeType": "CREATED",
@ -2354,6 +2432,7 @@
},
{
"type": "THREAT",
"enterprise_name_s" : "Lookout",
"id": "128361479",
"eventTime": "2021-02-15T13:15:12.000Z",
"changeType": "CREATED",
@ -2394,6 +2473,7 @@
},
{
"type": "AUDIT",
"enterprise_name_s" : "Lookout",
"id": "128361519",
"eventTime": "2021-02-15T13:15:24.000Z",
"changeType": "UPDATED",
@ -2424,6 +2504,7 @@
},
{
"type": "AUDIT",
"enterprise_name_s" : "Lookout",
"id": "128361571",
"eventTime": "2021-02-15T13:15:51.000Z",
"changeType": "UPDATED",
@ -2454,6 +2535,7 @@
},
{
"type": "THREAT",
"enterprise_name_s" : "Lookout",
"id": "128361580",
"eventTime": "2021-02-15T13:16:08.000Z",
"changeType": "UPDATED",
@ -2494,6 +2576,7 @@
},
{
"type": "AUDIT",
"enterprise_name_s" : "Lookout",
"id": "128361619",
"eventTime": "2021-02-15T13:16:15.000Z",
"changeType": "UPDATED",
@ -2524,6 +2607,7 @@
},
{
"type": "AUDIT",
"enterprise_name_s" : "Lookout",
"id": "128361624",
"eventTime": "2021-02-15T13:16:28.000Z",
"changeType": "UPDATED",
@ -2554,6 +2638,7 @@
},
{
"type": "THREAT",
"enterprise_name_s" : "Lookout",
"id": "128361833",
"eventTime": "2021-02-15T13:19:03.000Z",
"changeType": "UPDATED",
@ -2594,6 +2679,7 @@
},
{
"type": "THREAT",
"enterprise_name_s" : "Lookout",
"id": "128361834",
"eventTime": "2021-02-15T13:19:29.000Z",
"changeType": "CREATED",
@ -2634,6 +2720,7 @@
},
{
"type": "THREAT",
"enterprise_name_s" : "Lookout",
"id": "128361835",
"eventTime": "2021-02-15T13:20:06.000Z",
"changeType": "CREATED",
@ -2674,6 +2761,7 @@
},
{
"type": "THREAT",
"enterprise_name_s" : "Lookout",
"id": "128361836",
"eventTime": "2021-02-15T13:20:40.000Z",
"changeType": "UPDATED",
@ -2714,6 +2802,7 @@
},
{
"type": "THREAT",
"enterprise_name_s" : "Lookout",
"id": "128361837",
"eventTime": "2021-02-15T13:20:47.000Z",
"changeType": "UPDATED",
@ -2783,6 +2872,7 @@
},
{
"type": "AUDIT",
"enterprise_name_s" : "Lookout",
"id": "128626624",
"eventTime": "2021-02-18T04:29:49.000Z",
"changeType": "CREATED",
@ -2860,6 +2950,7 @@
},
{
"type": "THREAT",
"enterprise_name_s" : "Lookout",
"id": "128626627",
"eventTime": "2021-02-18T04:31:47.000Z",
"changeType": "CREATED",
@ -2900,6 +2991,7 @@
},
{
"type": "THREAT",
"enterprise_name_s" : "Lookout",
"id": "128626628",
"eventTime": "2021-02-18T04:32:42.000Z",
"changeType": "CREATED",
@ -2940,6 +3032,7 @@
},
{
"type": "THREAT",
"enterprise_name_s" : "Lookout",
"id": "128626629",
"eventTime": "2021-02-18T04:34:09.000Z",
"changeType": "CREATED",

2
Solutions/Lookout/Parsers/LookoutEvents.txt
Просмотреть файл

@ -10,6 +10,7 @@ let LookoutEvents_view = view () {
| extend
EventVendor="Lookout",
EventProduct="Lookout Sentinel",
EnterpriseName=column_ifexists('enterprise_name_s', ''),
DetailsActivationStatus=column_ifexists('details_activationStatus_s', ''),
DetailsSecurityStatus=column_ifexists('details_securityStatus_s', ''),
DetailsProtectionStatus=column_ifexists('details_protectionStatus_s', ''),
@ -45,6 +46,7 @@ let LookoutEvents_view = view () {
| project
TimeGenerated,
Type,
EnterpriseName,
ID,
EventTime,
ChangeType,