Updates for Validation Tests

.script/tests/KqlvalidationsTests/CustomTables/AzureActivity.json

@@ -1,141 +0,0 @@
-{
-   "Name":"AzureActivity",
-  "Properties": [
-    {
-      "Name": "OperationName",
-      "Type": "string"
-    },
-    {
-        "Name": "OperationNameValue",
-        "Type": "string"
-    },
-    {
-        "Name": "Level",
-        "Type": "string"
-    },
-    {
-        "Name": "ActivityStatus",
-        "Type": "string"
-    },
-    {
-        "Name": "ActivityStatusValue",
-        "Type": "string"
-    },
-    {
-      "Name": "ActivitySubstatus",
-      "Type": "string"
-    },
-    {
-        "Name": "ActivitySubstatusValue",
-        "Type": "string"
-    },
-    {
-        "Name": "ResourceGroup",
-        "Type": "string"
-    },
-    {
-        "Name": "SubscriptionId",
-        "Type": "string"
-    },
-    {
-        "Name": "CorrelationId",
-        "Type": "string"
-    },
-    {
-      "Name": "Caller",
-      "Type": "string"
-    },
-    {
-      "Name": "CallerIpAddress",
-      "Type": "string"
-    },
-    {
-      "Name": "Category",
-      "Type": "string"
-    },
-    {
-      "Name": "CategoryValue",
-      "Type": "string"
-    },
-    {
-      "Name": "HTTPRequest",
-      "Type": "string"
-    },
-    {
-      "Name": "Properties",
-      "Type": "string"
-    },
-    {
-      "Name": "EventSubmissionTimestamp",
-      "Type": "datetime"
-    },
-    {
-      "Name": "Authorization",
-      "Type": "string"
-    },
-    {
-      "Name": "ResourceId",
-      "Type": "string"
-    },
-    {
-      "Name": "OperationId",
-      "Type": "string"
-    },
-    {
-      "Name": "ResourceProvider",
-      "Type": "string"
-    },
-    {
-      "Name": "ResourceProviderValue",
-      "Type": "string"
-    },
-    {
-      "Name": "Resource",
-      "Type": "string"
-    },
-        {
-      "Name": "EventDataId",
-      "Type": "string"
-    },
-    {
-      "Name": "TenantId",
-      "Type": "string"
-    },
-    {
-      "Name": "TimeGenerated",
-      "Type": "datetime"
-    },
-    {
-      "Name": "SourceSystem",
-      "Type": "string"
-    },
-    {
-      "Name": "Authorization_d",
-      "Type": "dynamic"
-    },
-    {
-      "Name": "Claims",
-      "Type": "string"
-    },
-    {
-      "Name": "Claims_d",
-      "Type": "dynamic"
-    },
-    {
-      "Name": "Properties_d",
-      "Type": "dynamic"
-    },
-    {
-      "Name": "Hierarchy",
-      "Type": "string"
-    },
-    {
-      "Name": "Type",
-      "Type": "string"
-    },
-    {
-      "Name": "_ResourceId",
-      "Type": "string"
-    }
-  ]
-}

Solutions/MaturityModelForEventLogManagement_M2131/Analytic Rules/M2131_AssetStoppedLogging.yaml

@@ -1,5 +1,5 @@
 id: 4be5b645-1d08-49e4-b58d-07294ff19223
-name: (Preview) M2131_Asset Stopped Logging (Heartbeat)
+name: (Preview)M2131_AssetStoppedLogging
 description: |
   'This alert is designed to monitor assets within the Maturity Model for Event Log Management (M-21-31) standard. The alert triggers when a monitored asset fails to provide a heartbeat within 24 hours.'
 severity: Medium

Solutions/MaturityModelForEventLogManagement_M2131/Analytic Rules/M2131_DataConnectorAddedChangedRemoved.yaml

@@ -1,5 +1,5 @@
 id: eeb11b6b-e626-4228-b74d-3e730dca8999
-name: (Preview) M2131_Data Connector added changed removed
+name: (Preview)M2131_DataConnectorAddedChangedRemoved
 description: |
   'This alert is designed to monitor data connector configurations. This alert is triggered when a data connector is added, updated, or deleted.'
 severity: Medium
@@ -16,7 +16,7 @@ query: |
   AzureActivity
   | where OperationNameValue contains "Microsoft.SecurityInsights/dataConnectors/"
   | where ActivityStatusValue == "Succeeded"
-  | project OperationName, Caller, CallerIpAddress, ActivityStatusValue, ActivitySubstatusValue, ResourceGroup, Properties, ResourceId, TimeGenerated
+  | project OperationNameValue, Caller, CallerIpAddress, ActivityStatusValue, ActivitySubstatusValue, ResourceGroup, Properties, ResourceId, TimeGenerated
   | sort by TimeGenerated desc
   | extend Account = Caller
 entityMappings:

Solutions/MaturityModelForEventLogManagement_M2131/Analytic Rules/M2131_EventLogManagementPostureChanged_EL0.yaml

@@ -1,5 +1,5 @@
 id: 1f8fcca5-47ed-409d-a8fa-d49ef821feaf
-name: (Preview) M2131_Event Log Management Posture Changed_EL0
+name: (Preview)M2131_EventLogManagementPostureChanged_EL0
 description: |
   'This alert is desinged to monitor Azure policies aligned with the Maturity Model for Event Log Management (M-21-31) standard. The alert triggers when EL0 policy compliance falls below 70% within a 1 week timeframe.'
 severity: Medium

Solutions/MaturityModelForEventLogManagement_M2131/Analytic Rules/M2131_EventLogManagementPostureChanged_EL1.yaml

@@ -1,5 +1,5 @@
 id: 036ce0a8-a1ff-4731-a078-02b3207fa4f3
-name: (Preview) M2131_Event Log Management Posture Changed_EL1
+name: (Preview)M2131_EventLogManagementPostureChanged_EL1
 description: |
   'This alert is desinged to monitor Azure policies aligned with the Maturity Model for Event Log Management (M-21-31) standard. The alert triggers when EL1 policy compliance falls below 70% within a 1 week timeframe.'
 severity: Medium

Solutions/MaturityModelForEventLogManagement_M2131/Analytic Rules/M2131_EventLogManagementPostureChanged_EL2.yaml

@@ -1,5 +1,5 @@
 id: e1bb07c4-066b-4069-9b8e-f5275c592b6d
-name: (Preview) M2131_Event Log Management Posture Changed_EL2
+name: (Preview)M2131_EventLogManagementPostureChanged_EL2
 description: |
   'This alert is desinged to monitor Azure policies aligned with the Maturity Model for Event Log Management (M-21-31) standard. The alert triggers when EL2 policy compliance falls below 70% within a 1 week timeframe.'
 severity: Medium

Solutions/MaturityModelForEventLogManagement_M2131/Analytic Rules/M2131_EventLogManagementPostureChanged_EL3.yaml

@@ -1,5 +1,5 @@
 id: 672bfd77-4542-4ef1-acf9-e006dcd70c51
-name: (Preview) M2131_Event Log Management Posture Changed_EL3
+name: (Preview)M2131_EventLogManagementPostureChanged_EL3
 description: |
   'This alert is desinged to monitor Azure policies aligned with the Maturity Model for Event Log Management (M-21-31) standard. The alert triggers when EL3 policy compliance falls below 70% within a 1 week timeframe.'
 severity: Medium

Solutions/MaturityModelForEventLogManagement_M2131/Analytic Rules/M2131_LogRetentionLessThan1Year.yaml

@@ -1,5 +1,5 @@
 id: 8178a514-1270-4e31-a1d9-aaafeb40122f
-name: (Preview) M2131_Log Retention Less than 1 Year
+name: (Preview)M2131_LogRetentionLessThan1Year
 description: |
   'This alert is designed to monitor log retention within the Maturity Model for Event Log Management (M-21-31) standard. The alert triggers when a log analytics workspace in active storage is configured for less than 1 year.'
 severity: Medium

Solutions/MaturityModelForEventLogManagement_M2131/Analytic Rules/M2131_RecommendedDatatableUnhealthy.yaml

@@ -1,5 +1,5 @@
 id: c61b167a-59ae-42af-bc98-36c78c5acb5c
-name: (Preview) M2131_Recommended Datatable is Unhealthy
+name: (Preview)M2131_RecommendedDatatableUnhealthy
 description: |
   'This alert is designed to monitor recommended data tables aligned to the Maturity Model for Event Log Management (M-21-31) standard. The alert triggers when a recommended data table hasn't been observed in over 48 hours.'
 severity: Medium

Solutions/MaturityModelForEventLogManagement_M2131/Hunting Queries/M2131_RecommendedDatatableNotLogged_EL0.yaml

@@ -1,5 +1,5 @@
 id: b3e0bfd4-52d2-4684-9514-716035cdbff2
-name: M2131_Recommended Datatable Not Logged_EL0
+name: M2131_RecommendedDatatableNotLogged_EL0
 description: |
   'This alert audits your logging architecture for recommended data tables aligned to Event Logging (EL0) of the Maturity Model for Event Log Management (M-21-31) standard. The alert triggers when recommended data tables in EL0 are not present.'
 severity: Medium

Solutions/MaturityModelForEventLogManagement_M2131/Hunting Queries/M2131_RecommendedDatatableNotLogged_EL1.yaml

@@ -1,5 +1,5 @@
 id: f9e0ae98-6828-4d5a-b596-7c4586bb14f6
-name: M2131_Recommended Datatable Not Logged_EL1
+name: M2131_RecommendedDatatableNotLogged_EL1
 description: |
   'This alert audits your logging architecture for recommended data tables aligned to Basic Event Logging (EL1) of the Maturity Model for Event Log Management (M-21-31) standard. The alert triggers when recommended data tables in EL1 are not present.'
 severity: Medium

Solutions/MaturityModelForEventLogManagement_M2131/Hunting Queries/M2131_RecommendedDatatableNotLogged_EL2.yaml

@@ -1,5 +1,5 @@
 id: 76326a24-1223-4066-88a3-3826e3768932
-name: M2131_Recommended Datatable Not Logged_EL2
+name: M2131_RecommendedDatatableNotLogged_EL2
 description: |
   'This alert audits your logging architecture for recommended data tables aligned to Intermediate Event Logging (EL2) of the Maturity Model for Event Log Management (M-21-31) standard. The alert triggers when recommended data tables in EL2 are not present.'
 severity: Medium

Solutions/MaturityModelForEventLogManagement_M2131/Hunting Queries/M2131_RecommendedDatatableNotLogged_EL3.yaml

@@ -1,5 +1,5 @@
 id: 8b415f2d-44c1-4edb-8ca6-ddf7d2d28b20
-name: M2131_Recommended Datatable Not Logged_EL3
+name: M2131_RecommendedDatatableNotLogged_EL3
 description: |
   'This alert audits your logging architecture for recommended data tables aligned to Advanced Event Logging (EL3) of the Maturity Model for Event Log Management (M-21-31) standard. The alert triggers when recommended data tables in EL3 are not present.'
 severity: Medium