Update AlertsForUser.txt
This commit is contained in:
juliango2100
GitHub
Родитель
b35d9edf45
Коммит
13ba1cdf02
|
|
@ -1,16 +1,12 @@
|
||||||
// Name: Alerts related to account
|
// Name: Alerts related to account
|
||||||
// Description: Any Alerts that fired related to a given account during the range of +6h and -3d
|
// Description: Any Alerts that fired related to a given account during the range of +6h and -3d
|
||||||
//
|
//
|
||||||
// Entity: User
|
|
||||||
// Input: Account, UserName
|
|
||||||
// Output: Alerts
|
|
||||||
//
|
|
||||||
// QueryPeriod: +6h and -3d default, change as needed
|
|
||||||
//
|
|
||||||
// Data Source: SecurityAlert
|
// Data Source: SecurityAlert
|
||||||
//
|
//
|
||||||
// Tactics: #Persistence, #Discovery, #LateralMovement, #Collection
|
// Tactics: #Persistence, #Discovery, #LateralMovement, #Collection
|
||||||
//
|
//
|
||||||
|
// Id: 3a72ba65-00fa-4bbc-b246-be1ff3f73ce1
|
||||||
|
//
|
||||||
let GetAllAlertsForUser = (suspiciousEventTime:datetime, v_User:string){
|
let GetAllAlertsForUser = (suspiciousEventTime:datetime, v_User:string){
|
||||||
//-3d and +6h as some alerts fire after accumulation of events
|
//-3d and +6h as some alerts fire after accumulation of events
|
||||||
let v_StartTime = suspiciousEventTime-3d;
|
let v_StartTime = suspiciousEventTime-3d;
|
||||||
|
|
|
||||||
Загрузка…
Ссылка в новой задаче