add def and sample
This commit is contained in:
David O'Brien
Родитель
e23366bd8f
Коммит
2114331e72
|
|
@ -0,0 +1,124 @@
|
|||
{
|
||||
"id": "ARGOSCloudSecurity",
|
||||
"title": "ARGOS Cloud Security",
|
||||
"publisher": "ARGOS Cloud Security",
|
||||
"descriptionMarkdown": "The ARGOS Cloud Security integration for Microsoft Sentinel allows you to have all your important cloud security events in one place. This enables you to easily create dashboards, alerts, and correlate events across multiple systems. Overall this will improve your organization's security posture and security incident response.",
|
||||
"graphQueries": [
|
||||
{
|
||||
"metricName": "Total data received",
|
||||
"legend": "ARGOS_CL",
|
||||
"baseQuery": "ARGOS_CL"
|
||||
}
|
||||
],
|
||||
"sampleQueries": [
|
||||
{
|
||||
"description" : "Display all exploitable ARGOS Detections.",
|
||||
"query": "ARGOS_CL\n | where exploitable_b"
|
||||
},
|
||||
{
|
||||
"description" : "Display all open, exploitable ARGOS Detections on Azure.",
|
||||
"query": "ARGOS_CL\n | where exploitable_b and cloud_s == 'azure' and status_s == 'open'"
|
||||
},
|
||||
{
|
||||
"description" : "Display all open, exploitable ARGOS Detections on Azure.",
|
||||
"query": "ARGOS_CL\n | where exploitable_b and cloud_s == 'azure' and status_s == 'open'\n | sorty by "
|
||||
},
|
||||
{
|
||||
"description" : "Render a time chart with all open ARGOS Detections on Azure.",
|
||||
"query": "ARGOS_CL | where cloud_s == 'azure' and status_s == 'open'\n | summarize count() by TimeGenerated\n | render timechart "
|
||||
},
|
||||
{
|
||||
"description": "Display Top 10, open, exploitable ARGOS Detections on Azure.",
|
||||
"query": "ARGOS_CL | where cloud_s == 'azure' and status_s == 'open' and exploitable_b\n | summarize count() by ruleId_s\n | top 10 by count_"
|
||||
}
|
||||
],
|
||||
"dataTypes": [
|
||||
{
|
||||
"name": "ARGOS_CL",
|
||||
"lastDataReceivedQuery": "ARGOS_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)"
|
||||
}
|
||||
],
|
||||
"connectivityCriterias": [
|
||||
{
|
||||
"type": "IsConnectedQuery",
|
||||
"value": [
|
||||
"ARGOS_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)"
|
||||
]
|
||||
}
|
||||
],
|
||||
"availability": {
|
||||
"status": 1,
|
||||
"isPreview": true
|
||||
},
|
||||
"permissions": {
|
||||
"resourceProvider": [
|
||||
{
|
||||
"provider": "Microsoft.OperationalInsights/workspaces",
|
||||
"permissionsDisplayText": "read and write permissions are required.",
|
||||
"providerDisplayName": "Workspace",
|
||||
"scope": "Workspace",
|
||||
"requiredPermissions": {
|
||||
"write": true,
|
||||
"read": true,
|
||||
"delete": true
|
||||
}
|
||||
},
|
||||
{
|
||||
"provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
|
||||
"permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
|
||||
"providerDisplayName": "Keys",
|
||||
"scope": "Workspace",
|
||||
"requiredPermissions": {
|
||||
"action": true
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"instructionSteps": [
|
||||
{
|
||||
"title": "1. Subscribe to ARGOS",
|
||||
"description": "Ensure you already own an ARGOS Subscription. If not, browse to [ARGOS Cloud Security](https://argos-security.io) and sign up to ARGOS.\n\nAlternatively, you can also purchase ARGOS via the [Azure Marketplace](https://azuremarketplace.microsoft.com/en-au/marketplace/apps/argoscloudsecurity1605618416175.argoscloudsecurity?tab=Overview)."
|
||||
},
|
||||
{
|
||||
"title": "2. Configure Sentinel integration from ARGOS",
|
||||
"description": "Configure ARGOS to forward any new detections to your Sentinel workspace by providing ARGOS with your Workspace ID and Primary Key.\n\nThere is **no need to deploy any custom infrastructure**.\n\nEnter the information into the [ARGOS Sentinel](https://app.argos-security.io/account/sentinel) configuration page.\n\nNew detections will automatically be forwarded.\n\n[Learn more about the integration](https://www.argos-security.io/resources#integrations)",
|
||||
"instructions": [
|
||||
{
|
||||
"parameters": {
|
||||
"fillWith": [
|
||||
"WorkspaceId"
|
||||
],
|
||||
"label": "Workspace ID"
|
||||
},
|
||||
"type": "CopyableLabel"
|
||||
},
|
||||
{
|
||||
"parameters": {
|
||||
"fillWith": [
|
||||
"PrimaryKey"
|
||||
],
|
||||
"label": "Primary Key"
|
||||
},
|
||||
"type": "CopyableLabel"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"metadata": {
|
||||
"id": "e14ac0f5-771f-492e-87fd-cbdca9c2b16e",
|
||||
"version": "1.0.0",
|
||||
"kind": "dataConnector",
|
||||
"source": {
|
||||
"kind": "community"
|
||||
},
|
||||
"author": {
|
||||
"name": "ARGOS Cloud Security"
|
||||
},
|
||||
"support": {
|
||||
"tier": "developer",
|
||||
"name": "ARGOS Cloud Security",
|
||||
"email": "support@argos-security.io",
|
||||
"link":"https://www.argos-security.io/contact-us/#"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,379 @@
|
|||
[
|
||||
{
|
||||
"TenantId": "04320225-9274-4d17-a4c0-5e35abd3cb68",
|
||||
"SourceSystem": "RestAPI",
|
||||
"MG": "",
|
||||
"ManagementGroupName": "",
|
||||
"TimeGenerated [UTC]": "16/11/2021, 9:07:56.643 pm",
|
||||
"Computer": "",
|
||||
"RawData": "",
|
||||
"inventoryId_g": "",
|
||||
"url_s": "",
|
||||
"id_s": "yetanotherbad2:storageAccounts_secureTransferRequired",
|
||||
"ruleId_s": "storageAccounts_secureTransferRequired",
|
||||
"ruleServiceId_s": "storageAccounts",
|
||||
"customerId_s": "argos-test-tenant",
|
||||
"connectionId_g": "a9f5a81b-d5e1-416d-8a19-521abe499cda",
|
||||
"cloud_s": "azure",
|
||||
"status_s": "open",
|
||||
"exploitable_b": "true",
|
||||
"name_s": "yetanotherbad2",
|
||||
"type_s": "microsoft.storage/storageaccounts",
|
||||
"inventoryId_s": ":subscriptions:a9f5a81b-d5e1-416d-8a19-521abe499cda:resourcegroups:argos-dev-rg:providers:microsoft.storage:storageaccounts:yetanotherbad2",
|
||||
"ResourceId": "/subscriptions/a9f5a81b-d5e1-416d-8a19-521abe499cda/resourceGroups/argos-dev-rg/providers/Microsoft.Storage/storageAccounts/yetanotherbad2",
|
||||
"ResourceGroup": "argos-dev-rg",
|
||||
"itsmTickets_s": "[]",
|
||||
"auditLog_s": "[\r\n {\r\n \"event\": \"open\",\r\n \"reason\": null,\r\n \"utc\": \"2021-11-16T21:07:56.6439315Z\",\r\n \"userId\": \"ARGOS\"\r\n }\r\n]",
|
||||
"metadata_id_s": "yetanotherbad2",
|
||||
"Type": "ARGOS_CL",
|
||||
"_ResourceId": ""
|
||||
},
|
||||
{
|
||||
"TenantId": "04320225-9274-4d17-a4c0-5e35abd3cb68",
|
||||
"SourceSystem": "RestAPI",
|
||||
"MG": "",
|
||||
"ManagementGroupName": "",
|
||||
"TimeGenerated [UTC]": "16/11/2021, 9:16:49.228 pm",
|
||||
"Computer": "",
|
||||
"RawData": "",
|
||||
"inventoryId_g": "",
|
||||
"url_s": "",
|
||||
"id_s": "yetanotherbad2:storageAccounts_defaultNetworkAccessDenied",
|
||||
"ruleId_s": "storageAccounts_defaultNetworkAccessDenied",
|
||||
"ruleServiceId_s": "storageAccounts",
|
||||
"customerId_s": "argos-test-tenant",
|
||||
"connectionId_g": "a9f5a81b-d5e1-416d-8a19-521abe499cda",
|
||||
"cloud_s": "azure",
|
||||
"status_s": "open",
|
||||
"exploitable_b": "true",
|
||||
"name_s": "yetanotherbad2",
|
||||
"type_s": "Microsoft.Storage/storageAccounts",
|
||||
"inventoryId_s": ":subscriptions:a9f5a81b-d5e1-416d-8a19-521abe499cda:resourcegroups:argos-dev-rg:providers:microsoft.storage:storageaccounts:yetanotherbad2",
|
||||
"ResourceId": "/subscriptions/a9f5a81b-d5e1-416d-8a19-521abe499cda/resourceGroups/argos-dev-rg/providers/Microsoft.Storage/storageAccounts/yetanotherbad2",
|
||||
"ResourceGroup": "argos-dev-rg",
|
||||
"itsmTickets_s": "[]",
|
||||
"auditLog_s": "[\r\n {\r\n \"event\": \"open\",\r\n \"reason\": null,\r\n \"utc\": \"2021-11-16T21:16:49.2284064Z\",\r\n \"userId\": \"ARGOS\"\r\n }\r\n]",
|
||||
"metadata_id_s": "",
|
||||
"Type": "ARGOS_CL",
|
||||
"_ResourceId": ""
|
||||
},
|
||||
{
|
||||
"TenantId": "04320225-9274-4d17-a4c0-5e35abd3cb68",
|
||||
"SourceSystem": "RestAPI",
|
||||
"MG": "",
|
||||
"ManagementGroupName": "",
|
||||
"TimeGenerated [UTC]": "21/11/2021, 10:58:45.977 am",
|
||||
"Computer": "",
|
||||
"RawData": "",
|
||||
"inventoryId_g": "",
|
||||
"url_s": "https://app.argos-security.io/detections/testscanfunction:appServices_appServicesFunctionsWithoutCert",
|
||||
"id_s": "testscanfunction:appServices_appServicesFunctionsWithoutCert",
|
||||
"ruleId_s": "appServices_appServicesFunctionsWithoutCert",
|
||||
"ruleServiceId_s": "appServices",
|
||||
"customerId_s": "argos-test-tenant",
|
||||
"connectionId_g": "a9f5a81b-d5e1-416d-8a19-521abe499cda",
|
||||
"cloud_s": "azure",
|
||||
"status_s": "open",
|
||||
"exploitable_b": "false",
|
||||
"name_s": "testscanfunction",
|
||||
"type_s": "microsoft.web/sites",
|
||||
"inventoryId_s": ":subscriptions:a9f5a81b-d5e1-416d-8a19-521abe499cda:resourcegroups:argos-dev-rg:providers:microsoft.web:sites:testscanfunction",
|
||||
"ResourceId": "/subscriptions/a9f5a81b-d5e1-416d-8a19-521abe499cda/resourceGroups/argos-dev-rg/providers/Microsoft.Web/sites/testscanfunction",
|
||||
"ResourceGroup": "argos-dev-rg",
|
||||
"itsmTickets_s": "[]",
|
||||
"auditLog_s": "[\r\n {\r\n \"event\": \"open\",\r\n \"reason\": null,\r\n \"utc\": \"2021-07-30T03:11:41.9447549Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"close\",\r\n \"reason\": null,\r\n \"utc\": \"2021-08-27T11:37:55.3310094Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"reopen\",\r\n \"reason\": null,\r\n \"utc\": \"2021-08-27T11:42:26.8581673Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"close\",\r\n \"reason\": null,\r\n \"utc\": \"2021-09-03T10:28:31.7180973Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"reopen\",\r\n \"reason\": null,\r\n \"utc\": \"2021-09-03T10:51:55.2377213Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"close\",\r\n \"reason\": null,\r\n \"utc\": \"2021-09-05T00:36:57.3089611Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"reopen\",\r\n \"reason\": null,\r\n \"utc\": \"2021-09-05T00:41:38.760647Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"close\",\r\n \"reason\": null,\r\n \"utc\": \"2021-09-07T23:58:27.4774176Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"reopen\",\r\n \"reason\": null,\r\n \"utc\": \"2021-09-08T00:22:05.9875784Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"close\",\r\n \"reason\": null,\r\n \"utc\": \"2021-09-08T07:47:46.7330448Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"reopen\",\r\n \"reason\": null,\r\n \"utc\": \"2021-09-08T08:02:19.6935986Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"close\",\r\n \"reason\": null,\r\n \"utc\": \"2021-09-09T10:16:10.2765444Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"reopen\",\r\n \"reason\": null,\r\n \"utc\": \"2021-09-09T10:37:06.3645285Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"close\",\r\n \"reason\": null,\r\n \"utc\": \"2021-09-12T21:03:31.5484191Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"reopen\",\r\n \"reason\": null,\r\n \"utc\": \"2021-09-12T21:26:42.5648878Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"close\",\r\n \"reason\": null,\r\n \"utc\": \"2021-09-17T09:50:41.2901167Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"reopen\",\r\n \"reason\": null,\r\n \"utc\": \"2021-09-17T10:03:45.6890122Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"close\",\r\n \"reason\": null,\r\n \"utc\": \"2021-11-11T09:22:08.5419769Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"reopen\",\r\n \"reason\": null,\r\n \"utc\": \"2021-11-11T09:38:50.3125863Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"close\",\r\n \"reason\": null,\r\n \"utc\": \"2021-11-21T10:48:06.5923113Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"reopen\",\r\n \"reason\": null,\r\n \"utc\": \"2021-11-21T10:58:45.9774568Z\",\r\n \"userId\": \"ARGOS\"\r\n }\r\n]",
|
||||
"metadata_id_s": "",
|
||||
"Type": "ARGOS_CL",
|
||||
"_ResourceId": ""
|
||||
},
|
||||
{
|
||||
"TenantId": "04320225-9274-4d17-a4c0-5e35abd3cb68",
|
||||
"SourceSystem": "RestAPI",
|
||||
"MG": "",
|
||||
"ManagementGroupName": "",
|
||||
"TimeGenerated [UTC]": "21/11/2021, 10:58:45.977 am",
|
||||
"Computer": "",
|
||||
"RawData": "",
|
||||
"inventoryId_g": "",
|
||||
"url_s": "https://app.argos-security.io/detections/yetanothertestfunction:appServices_appServicesFunctionsWithoutCert",
|
||||
"id_s": "yetanothertestfunction:appServices_appServicesFunctionsWithoutCert",
|
||||
"ruleId_s": "appServices_appServicesFunctionsWithoutCert",
|
||||
"ruleServiceId_s": "appServices",
|
||||
"customerId_s": "argos-test-tenant",
|
||||
"connectionId_g": "a9f5a81b-d5e1-416d-8a19-521abe499cda",
|
||||
"cloud_s": "azure",
|
||||
"status_s": "open",
|
||||
"exploitable_b": "true",
|
||||
"name_s": "yetanothertestfunction",
|
||||
"type_s": "microsoft.web/sites",
|
||||
"inventoryId_s": ":subscriptions:a9f5a81b-d5e1-416d-8a19-521abe499cda:resourcegroups:argos-dev-rg:providers:microsoft.web:sites:yetanothertestfunction",
|
||||
"ResourceId": "/subscriptions/a9f5a81b-d5e1-416d-8a19-521abe499cda/resourceGroups/argos-dev-rg/providers/Microsoft.Web/sites/yetanothertestfunction",
|
||||
"ResourceGroup": "argos-dev-rg",
|
||||
"itsmTickets_s": "[]",
|
||||
"auditLog_s": "[\r\n {\r\n \"event\": \"open\",\r\n \"reason\": null,\r\n \"utc\": \"2021-07-30T03:11:41.9447549Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"close\",\r\n \"reason\": null,\r\n \"utc\": \"2021-08-09T23:40:58.6739131Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"reopen\",\r\n \"reason\": null,\r\n \"utc\": \"2021-08-10T00:03:34.1738856Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"close\",\r\n \"reason\": null,\r\n \"utc\": \"2021-08-27T11:37:55.3310104Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"reopen\",\r\n \"reason\": null,\r\n \"utc\": \"2021-08-27T11:42:26.8581673Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"close\",\r\n \"reason\": null,\r\n \"utc\": \"2021-09-03T10:28:31.7181009Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"reopen\",\r\n \"reason\": null,\r\n \"utc\": \"2021-09-03T10:51:55.2377213Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"close\",\r\n \"reason\": null,\r\n \"utc\": \"2021-09-05T00:36:57.3089621Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"reopen\",\r\n \"reason\": null,\r\n \"utc\": \"2021-09-05T00:41:38.760647Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"close\",\r\n \"reason\": null,\r\n \"utc\": \"2021-09-07T23:58:27.4774303Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"reopen\",\r\n \"reason\": null,\r\n \"utc\": \"2021-09-08T00:22:05.9875784Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"close\",\r\n \"reason\": null,\r\n \"utc\": \"2021-09-08T07:47:46.7330459Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"reopen\",\r\n \"reason\": null,\r\n \"utc\": \"2021-09-08T08:02:19.6935986Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"close\",\r\n \"reason\": null,\r\n \"utc\": \"2021-09-09T10:16:10.2765452Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"reopen\",\r\n \"reason\": null,\r\n \"utc\": \"2021-09-09T10:37:06.3645285Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"close\",\r\n \"reason\": null,\r\n \"utc\": \"2021-09-12T21:03:31.5484199Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"reopen\",\r\n \"reason\": null,\r\n \"utc\": \"2021-09-12T21:26:42.5648878Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"close\",\r\n \"reason\": null,\r\n \"utc\": \"2021-09-17T09:50:41.2901181Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"reopen\",\r\n \"reason\": null,\r\n \"utc\": \"2021-09-17T10:03:45.6890122Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"close\",\r\n \"reason\": null,\r\n \"utc\": \"2021-11-11T09:22:08.541978Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"reopen\",\r\n \"reason\": null,\r\n \"utc\": \"2021-11-11T09:38:50.3125863Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"close\",\r\n \"reason\": null,\r\n \"utc\": \"2021-11-21T10:48:06.5923118Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"reopen\",\r\n \"reason\": null,\r\n \"utc\": \"2021-11-21T10:58:45.9774568Z\",\r\n \"userId\": \"ARGOS\"\r\n }\r\n]",
|
||||
"metadata_id_s": "",
|
||||
"Type": "ARGOS_CL",
|
||||
"_ResourceId": ""
|
||||
},
|
||||
{
|
||||
"TenantId": "04320225-9274-4d17-a4c0-5e35abd3cb68",
|
||||
"SourceSystem": "RestAPI",
|
||||
"MG": "",
|
||||
"ManagementGroupName": "",
|
||||
"TimeGenerated [UTC]": "21/11/2021, 10:58:45.977 am",
|
||||
"Computer": "",
|
||||
"RawData": "",
|
||||
"inventoryId_g": "",
|
||||
"url_s": "https://app.argos-security.io/detections/testfunctionvnetargos:appServices_appServicesFunctionsWithoutCert",
|
||||
"id_s": "testfunctionvnetargos:appServices_appServicesFunctionsWithoutCert",
|
||||
"ruleId_s": "appServices_appServicesFunctionsWithoutCert",
|
||||
"ruleServiceId_s": "appServices",
|
||||
"customerId_s": "argos-test-tenant",
|
||||
"connectionId_g": "a9f5a81b-d5e1-416d-8a19-521abe499cda",
|
||||
"cloud_s": "azure",
|
||||
"status_s": "open",
|
||||
"exploitable_b": "false",
|
||||
"name_s": "testfunctionvnetargos",
|
||||
"type_s": "Microsoft.Web/sites",
|
||||
"inventoryId_s": ":subscriptions:a9f5a81b-d5e1-416d-8a19-521abe499cda:resourcegroups:functions-vnet-test:providers:microsoft.web:sites:testfunctionvnetargos",
|
||||
"ResourceId": ":subscriptions:a9f5a81b-d5e1-416d-8a19-521abe499cda:resourcegroups:functions-vnet-test:providers:microsoft.web:sites:testfunctionvnetargos",
|
||||
"ResourceGroup": "functions-vnet-test",
|
||||
"itsmTickets_s": "[]",
|
||||
"auditLog_s": "[\r\n {\r\n \"event\": \"open\",\r\n \"reason\": null,\r\n \"utc\": \"2021-09-14T05:20:08.2845391Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"close\",\r\n \"reason\": null,\r\n \"utc\": \"2021-09-17T09:50:41.290121Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"reopen\",\r\n \"reason\": null,\r\n \"utc\": \"2021-09-17T10:03:45.6890122Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"close\",\r\n \"reason\": null,\r\n \"utc\": \"2021-11-11T09:22:08.5419783Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"reopen\",\r\n \"reason\": null,\r\n \"utc\": \"2021-11-11T09:38:50.3125863Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"close\",\r\n \"reason\": null,\r\n \"utc\": \"2021-11-21T10:48:06.5923121Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"reopen\",\r\n \"reason\": null,\r\n \"utc\": \"2021-11-21T10:58:45.9774568Z\",\r\n \"userId\": \"ARGOS\"\r\n }\r\n]",
|
||||
"metadata_id_s": "",
|
||||
"Type": "ARGOS_CL",
|
||||
"_ResourceId": ""
|
||||
},
|
||||
{
|
||||
"TenantId": "04320225-9274-4d17-a4c0-5e35abd3cb68",
|
||||
"SourceSystem": "RestAPI",
|
||||
"MG": "",
|
||||
"ManagementGroupName": "",
|
||||
"TimeGenerated [UTC]": "21/11/2021, 10:58:46.646 am",
|
||||
"Computer": "",
|
||||
"RawData": "",
|
||||
"inventoryId_g": "",
|
||||
"url_s": "https://app.argos-security.io/detections/argostest:appServices_AppServicesPublic",
|
||||
"id_s": "argostest:appServices_AppServicesPublic",
|
||||
"ruleId_s": "appServices_AppServicesPublic",
|
||||
"ruleServiceId_s": "appServices",
|
||||
"customerId_s": "argos-test-tenant",
|
||||
"connectionId_g": "a9f5a81b-d5e1-416d-8a19-521abe499cda",
|
||||
"cloud_s": "azure",
|
||||
"status_s": "open",
|
||||
"exploitable_b": "true",
|
||||
"name_s": "argostest",
|
||||
"type_s": "Microsoft.Web/sites",
|
||||
"inventoryId_s": ":subscriptions:a9f5a81b-d5e1-416d-8a19-521abe499cda:resourcegroups:argos-dev-rg:providers:microsoft.web:sites:argostest",
|
||||
"ResourceId": ":subscriptions:a9f5a81b-d5e1-416d-8a19-521abe499cda:resourcegroups:argos-dev-rg:providers:microsoft.web:sites:argostest",
|
||||
"ResourceGroup": "argos-dev-rg",
|
||||
"itsmTickets_s": "[]",
|
||||
"auditLog_s": "[\r\n {\r\n \"event\": \"open\",\r\n \"reason\": null,\r\n \"utc\": \"2021-09-14T04:08:09.2283183Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"close\",\r\n \"reason\": null,\r\n \"utc\": \"2021-09-17T09:50:42.056033Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"reopen\",\r\n \"reason\": null,\r\n \"utc\": \"2021-09-17T10:03:48.5474186Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"close\",\r\n \"reason\": null,\r\n \"utc\": \"2021-11-11T09:22:09.1917281Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"reopen\",\r\n \"reason\": null,\r\n \"utc\": \"2021-11-11T09:38:50.2701212Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"close\",\r\n \"reason\": null,\r\n \"utc\": \"2021-11-21T10:48:04.2414345Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"reopen\",\r\n \"reason\": null,\r\n \"utc\": \"2021-11-21T10:58:46.6468509Z\",\r\n \"userId\": \"ARGOS\"\r\n }\r\n]",
|
||||
"metadata_id_s": "",
|
||||
"Type": "ARGOS_CL",
|
||||
"_ResourceId": ""
|
||||
},
|
||||
{
|
||||
"TenantId": "04320225-9274-4d17-a4c0-5e35abd3cb68",
|
||||
"SourceSystem": "RestAPI",
|
||||
"MG": "",
|
||||
"ManagementGroupName": "",
|
||||
"TimeGenerated [UTC]": "21/11/2021, 10:58:46.646 am",
|
||||
"Computer": "",
|
||||
"RawData": "",
|
||||
"inventoryId_g": "",
|
||||
"url_s": "https://app.argos-security.io/detections/yetanothertestfunction:appServices_AppServicesPublic",
|
||||
"id_s": "yetanothertestfunction:appServices_AppServicesPublic",
|
||||
"ruleId_s": "appServices_AppServicesPublic",
|
||||
"ruleServiceId_s": "appServices",
|
||||
"customerId_s": "argos-test-tenant",
|
||||
"connectionId_g": "a9f5a81b-d5e1-416d-8a19-521abe499cda",
|
||||
"cloud_s": "azure",
|
||||
"status_s": "open",
|
||||
"exploitable_b": "true",
|
||||
"name_s": "yetanothertestfunction",
|
||||
"type_s": "microsoft.web/sites",
|
||||
"inventoryId_s": ":subscriptions:a9f5a81b-d5e1-416d-8a19-521abe499cda:resourcegroups:argos-dev-rg:providers:microsoft.web:sites:yetanothertestfunction",
|
||||
"ResourceId": "/subscriptions/a9f5a81b-d5e1-416d-8a19-521abe499cda/resourceGroups/argos-dev-rg/providers/Microsoft.Web/sites/yetanothertestfunction",
|
||||
"ResourceGroup": "argos-dev-rg",
|
||||
"itsmTickets_s": "[]",
|
||||
"auditLog_s": "[\r\n {\r\n \"event\": \"open\",\r\n \"reason\": null,\r\n \"utc\": \"2021-07-01T05:49:01.1218428Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"close\",\r\n \"reason\": null,\r\n \"utc\": \"2021-08-27T11:37:55.49539Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"reopen\",\r\n \"reason\": null,\r\n \"utc\": \"2021-08-27T11:42:23.5250063Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"close\",\r\n \"reason\": null,\r\n \"utc\": \"2021-09-03T10:28:31.983199Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"reopen\",\r\n \"reason\": null,\r\n \"utc\": \"2021-09-03T10:51:55.4360811Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"close\",\r\n \"reason\": null,\r\n \"utc\": \"2021-09-05T00:36:57.4972446Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"reopen\",\r\n \"reason\": null,\r\n \"utc\": \"2021-09-05T00:41:39.5034862Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"close\",\r\n \"reason\": null,\r\n \"utc\": \"2021-09-07T23:58:27.5815263Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"reopen\",\r\n \"reason\": null,\r\n \"utc\": \"2021-09-08T00:22:05.505388Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"close\",\r\n \"reason\": null,\r\n \"utc\": \"2021-09-08T20:19:40.5676618Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"reopen\",\r\n \"reason\": null,\r\n \"utc\": \"2021-09-08T20:25:39.6976854Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"close\",\r\n \"reason\": null,\r\n \"utc\": \"2021-09-12T21:03:32.2311722Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"reopen\",\r\n \"reason\": null,\r\n \"utc\": \"2021-09-12T21:26:51.4681918Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"close\",\r\n \"reason\": null,\r\n \"utc\": \"2021-09-17T09:50:42.0560327Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"reopen\",\r\n \"reason\": null,\r\n \"utc\": \"2021-09-17T10:03:48.5474186Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"close\",\r\n \"reason\": null,\r\n \"utc\": \"2021-11-11T09:22:09.1917279Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"reopen\",\r\n \"reason\": null,\r\n \"utc\": \"2021-11-11T09:38:50.2701212Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"close\",\r\n \"reason\": null,\r\n \"utc\": \"2021-11-21T10:48:04.2414338Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"reopen\",\r\n \"reason\": null,\r\n \"utc\": \"2021-11-21T10:58:46.6468509Z\",\r\n \"userId\": \"ARGOS\"\r\n }\r\n]",
|
||||
"metadata_id_s": "",
|
||||
"Type": "ARGOS_CL",
|
||||
"_ResourceId": ""
|
||||
},
|
||||
{
|
||||
"TenantId": "04320225-9274-4d17-a4c0-5e35abd3cb68",
|
||||
"SourceSystem": "RestAPI",
|
||||
"MG": "",
|
||||
"ManagementGroupName": "",
|
||||
"TimeGenerated [UTC]": "21/11/2021, 10:58:50.869 am",
|
||||
"Computer": "",
|
||||
"RawData": "",
|
||||
"inventoryId_g": "",
|
||||
"url_s": "https://app.argos-security.io/detections/argostest:appServices_appServicesFunctionsMinTlsVersionSet",
|
||||
"id_s": "argostest:appServices_appServicesFunctionsMinTlsVersionSet",
|
||||
"ruleId_s": "appServices_appServicesFunctionsMinTlsVersionSet",
|
||||
"ruleServiceId_s": "appServices",
|
||||
"customerId_s": "argos-test-tenant",
|
||||
"connectionId_g": "a9f5a81b-d5e1-416d-8a19-521abe499cda",
|
||||
"cloud_s": "azure",
|
||||
"status_s": "open",
|
||||
"exploitable_b": "true",
|
||||
"name_s": "argostest",
|
||||
"type_s": "microsoft.web/sites",
|
||||
"inventoryId_s": ":subscriptions:a9f5a81b-d5e1-416d-8a19-521abe499cda:resourcegroups:argos-dev-rg:providers:microsoft.web:sites:argostest",
|
||||
"ResourceId": "/subscriptions/a9f5a81b-d5e1-416d-8a19-521abe499cda/resourceGroups/argos-dev-rg/providers/Microsoft.Web/sites/argostest",
|
||||
"ResourceGroup": "argos-dev-rg",
|
||||
"itsmTickets_s": "[]",
|
||||
"auditLog_s": "[\r\n {\r\n \"event\": \"open\",\r\n \"reason\": null,\r\n \"utc\": \"2021-06-29T03:33:08.9514987Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"close\",\r\n \"reason\": null,\r\n \"utc\": \"2021-08-29T03:49:06.4604192Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"reopen\",\r\n \"reason\": null,\r\n \"utc\": \"2021-08-29T03:53:29.6839808Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"close\",\r\n \"reason\": null,\r\n \"utc\": \"2021-09-07T23:58:04.9259446Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"reopen\",\r\n \"reason\": null,\r\n \"utc\": \"2021-09-08T00:21:53.0996134Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"close\",\r\n \"reason\": null,\r\n \"utc\": \"2021-09-08T07:47:14.2755092Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"reopen\",\r\n \"reason\": null,\r\n \"utc\": \"2021-09-08T08:01:50.5070212Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"close\",\r\n \"reason\": null,\r\n \"utc\": \"2021-09-09T10:15:28.9884285Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"reopen\",\r\n \"reason\": null,\r\n \"utc\": \"2021-09-09T11:01:31.7443214Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"close\",\r\n \"reason\": null,\r\n \"utc\": \"2021-09-12T21:03:02.1948704Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"reopen\",\r\n \"reason\": null,\r\n \"utc\": \"2021-09-12T21:30:13.2175526Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"close\",\r\n \"reason\": null,\r\n \"utc\": \"2021-09-17T09:50:02.1346832Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"reopen\",\r\n \"reason\": null,\r\n \"utc\": \"2021-09-17T10:03:18.2181322Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"close\",\r\n \"reason\": null,\r\n \"utc\": \"2021-11-11T09:21:34.4970121Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"reopen\",\r\n \"reason\": null,\r\n \"utc\": \"2021-11-11T09:42:35.7224634Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"close\",\r\n \"reason\": null,\r\n \"utc\": \"2021-11-21T10:48:05.1345064Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"reopen\",\r\n \"reason\": null,\r\n \"utc\": \"2021-11-21T10:58:50.8696618Z\",\r\n \"userId\": \"ARGOS\"\r\n }\r\n]",
|
||||
"metadata_id_s": "",
|
||||
"Type": "ARGOS_CL",
|
||||
"_ResourceId": ""
|
||||
},
|
||||
{
|
||||
"TenantId": "04320225-9274-4d17-a4c0-5e35abd3cb68",
|
||||
"SourceSystem": "RestAPI",
|
||||
"MG": "",
|
||||
"ManagementGroupName": "",
|
||||
"TimeGenerated [UTC]": "21/11/2021, 10:58:50.869 am",
|
||||
"Computer": "",
|
||||
"RawData": "",
|
||||
"inventoryId_g": "",
|
||||
"url_s": "https://app.argos-security.io/detections/testscanfunction:appServices_appServicesFunctionsMinTlsVersionSet",
|
||||
"id_s": "testscanfunction:appServices_appServicesFunctionsMinTlsVersionSet",
|
||||
"ruleId_s": "appServices_appServicesFunctionsMinTlsVersionSet",
|
||||
"ruleServiceId_s": "appServices",
|
||||
"customerId_s": "argos-test-tenant",
|
||||
"connectionId_g": "a9f5a81b-d5e1-416d-8a19-521abe499cda",
|
||||
"cloud_s": "azure",
|
||||
"status_s": "open",
|
||||
"exploitable_b": "false",
|
||||
"name_s": "testscanfunction",
|
||||
"type_s": "microsoft.web/sites",
|
||||
"inventoryId_s": ":subscriptions:a9f5a81b-d5e1-416d-8a19-521abe499cda:resourcegroups:argos-dev-rg:providers:microsoft.web:sites:testscanfunction",
|
||||
"ResourceId": "/subscriptions/a9f5a81b-d5e1-416d-8a19-521abe499cda/resourceGroups/argos-dev-rg/providers/Microsoft.Web/sites/testscanfunction",
|
||||
"ResourceGroup": "argos-dev-rg",
|
||||
"itsmTickets_s": "[]",
|
||||
"auditLog_s": "[\r\n {\r\n \"event\": \"open\",\r\n \"reason\": null,\r\n \"utc\": \"2021-06-29T03:33:08.9514987Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"close\",\r\n \"reason\": null,\r\n \"utc\": \"2021-08-29T03:49:06.46042Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"reopen\",\r\n \"reason\": null,\r\n \"utc\": \"2021-08-29T03:53:29.6839808Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"close\",\r\n \"reason\": null,\r\n \"utc\": \"2021-09-07T23:58:04.9259457Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"reopen\",\r\n \"reason\": null,\r\n \"utc\": \"2021-09-08T00:21:53.0996134Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"close\",\r\n \"reason\": null,\r\n \"utc\": \"2021-09-08T07:47:14.27551Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"reopen\",\r\n \"reason\": null,\r\n \"utc\": \"2021-09-08T08:01:50.5070212Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"close\",\r\n \"reason\": null,\r\n \"utc\": \"2021-09-09T10:15:28.9884299Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"reopen\",\r\n \"reason\": null,\r\n \"utc\": \"2021-09-09T11:01:31.7443214Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"close\",\r\n \"reason\": null,\r\n \"utc\": \"2021-09-12T21:03:02.1948713Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"reopen\",\r\n \"reason\": null,\r\n \"utc\": \"2021-09-12T21:30:13.2175526Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"close\",\r\n \"reason\": null,\r\n \"utc\": \"2021-09-17T09:50:02.1346849Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"reopen\",\r\n \"reason\": null,\r\n \"utc\": \"2021-09-17T10:03:18.2181322Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"close\",\r\n \"reason\": null,\r\n \"utc\": \"2021-11-11T09:21:34.497013Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"reopen\",\r\n \"reason\": null,\r\n \"utc\": \"2021-11-11T09:42:35.7224634Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"close\",\r\n \"reason\": null,\r\n \"utc\": \"2021-11-21T10:48:05.1345074Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"reopen\",\r\n \"reason\": null,\r\n \"utc\": \"2021-11-21T10:58:50.8696618Z\",\r\n \"userId\": \"ARGOS\"\r\n }\r\n]",
|
||||
"metadata_id_s": "",
|
||||
"Type": "ARGOS_CL",
|
||||
"_ResourceId": ""
|
||||
},
|
||||
{
|
||||
"TenantId": "04320225-9274-4d17-a4c0-5e35abd3cb68",
|
||||
"SourceSystem": "RestAPI",
|
||||
"MG": "",
|
||||
"ManagementGroupName": "",
|
||||
"TimeGenerated [UTC]": "18/11/2021, 11:37:33.673 pm",
|
||||
"Computer": "",
|
||||
"RawData": "",
|
||||
"inventoryId_g": "",
|
||||
"url_s": "https://app.argos-security.io/detections/vdxfvsdfsdfv:storageAccounts_secureTransferRequired",
|
||||
"id_s": "vdxfvsdfsdfv:storageAccounts_secureTransferRequired",
|
||||
"ruleId_s": "storageAccounts_secureTransferRequired",
|
||||
"ruleServiceId_s": "storageAccounts",
|
||||
"customerId_s": "argos-test-tenant",
|
||||
"connectionId_g": "a9f5a81b-d5e1-416d-8a19-521abe499cda",
|
||||
"cloud_s": "azure",
|
||||
"status_s": "open",
|
||||
"exploitable_b": "true",
|
||||
"name_s": "vdxfvsdfsdfv",
|
||||
"type_s": "microsoft.storage/storageaccounts",
|
||||
"inventoryId_s": ":subscriptions:a9f5a81b-d5e1-416d-8a19-521abe499cda:resourcegroups:argos-dev-rg:providers:microsoft.storage:storageaccounts:vdxfvsdfsdfv",
|
||||
"ResourceId": "/subscriptions/a9f5a81b-d5e1-416d-8a19-521abe499cda/resourceGroups/argos-dev-rg/providers/Microsoft.Storage/storageAccounts/vdxfvsdfsdfv",
|
||||
"ResourceGroup": "argos-dev-rg",
|
||||
"itsmTickets_s": "[]",
|
||||
"auditLog_s": "[\r\n {\r\n \"event\": \"open\",\r\n \"reason\": null,\r\n \"utc\": \"2021-11-18T23:37:33.6734382Z\",\r\n \"userId\": \"ARGOS\"\r\n }\r\n]",
|
||||
"metadata_id_s": "vdxfvsdfsdfv",
|
||||
"Type": "ARGOS_CL",
|
||||
"_ResourceId": ""
|
||||
},
|
||||
{
|
||||
"TenantId": "04320225-9274-4d17-a4c0-5e35abd3cb68",
|
||||
"SourceSystem": "RestAPI",
|
||||
"MG": "",
|
||||
"ManagementGroupName": "",
|
||||
"TimeGenerated [UTC]": "18/11/2021, 11:37:41.440 pm",
|
||||
"Computer": "",
|
||||
"RawData": "",
|
||||
"inventoryId_g": "",
|
||||
"url_s": "https://app.argos-security.io/detections/vdxfvsdfsdfv:storageAccounts_defaultNetworkAccessDenied",
|
||||
"id_s": "vdxfvsdfsdfv:storageAccounts_defaultNetworkAccessDenied",
|
||||
"ruleId_s": "storageAccounts_defaultNetworkAccessDenied",
|
||||
"ruleServiceId_s": "storageAccounts",
|
||||
"customerId_s": "argos-test-tenant",
|
||||
"connectionId_g": "a9f5a81b-d5e1-416d-8a19-521abe499cda",
|
||||
"cloud_s": "azure",
|
||||
"status_s": "open",
|
||||
"exploitable_b": "true",
|
||||
"name_s": "vdxfvsdfsdfv",
|
||||
"type_s": "Microsoft.Storage/storageAccounts",
|
||||
"inventoryId_s": ":subscriptions:a9f5a81b-d5e1-416d-8a19-521abe499cda:resourcegroups:argos-dev-rg:providers:microsoft.storage:storageaccounts:vdxfvsdfsdfv",
|
||||
"ResourceId": "/subscriptions/a9f5a81b-d5e1-416d-8a19-521abe499cda/resourceGroups/argos-dev-rg/providers/Microsoft.Storage/storageAccounts/vdxfvsdfsdfv",
|
||||
"ResourceGroup": "argos-dev-rg",
|
||||
"itsmTickets_s": "[]",
|
||||
"auditLog_s": "[\r\n {\r\n \"event\": \"open\",\r\n \"reason\": null,\r\n \"utc\": \"2021-11-18T23:37:41.4402951Z\",\r\n \"userId\": \"ARGOS\"\r\n }\r\n]",
|
||||
"metadata_id_s": "",
|
||||
"Type": "ARGOS_CL",
|
||||
"_ResourceId": ""
|
||||
},
|
||||
{
|
||||
"TenantId": "04320225-9274-4d17-a4c0-5e35abd3cb68",
|
||||
"SourceSystem": "RestAPI",
|
||||
"MG": "",
|
||||
"ManagementGroupName": "",
|
||||
"TimeGenerated [UTC]": "19/11/2021, 10:57:38.318 pm",
|
||||
"Computer": "",
|
||||
"RawData": "",
|
||||
"inventoryId_g": "a9f5a81b-d5e1-416d-8a19-521abe499cda",
|
||||
"url_s": "https://app.argos-security.io/detections/a9f5a81b-d5e1-416d-8a19-521abe499cda:monitoring_activityLogsConnectedToLogAnalytics",
|
||||
"id_s": "a9f5a81b-d5e1-416d-8a19-521abe499cda:monitoring_activityLogsConnectedToLogAnalytics",
|
||||
"ruleId_s": "monitoring_activityLogsConnectedToLogAnalytics",
|
||||
"ruleServiceId_s": "monitoring",
|
||||
"customerId_s": "argos-test-tenant",
|
||||
"connectionId_g": "a9f5a81b-d5e1-416d-8a19-521abe499cda",
|
||||
"cloud_s": "azure",
|
||||
"status_s": "open",
|
||||
"exploitable_b": "",
|
||||
"name_s": "argos-dev",
|
||||
"type_s": "Microsoft.Subscription",
|
||||
"inventoryId_s": "",
|
||||
"ResourceId": "a9f5a81b-d5e1-416d-8a19-521abe499cda",
|
||||
"ResourceGroup": "",
|
||||
"itsmTickets_s": "[]",
|
||||
"auditLog_s": "[\r\n {\r\n \"event\": \"open\",\r\n \"reason\": null,\r\n \"utc\": \"2021-08-01T23:11:52.1643262Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"close\",\r\n \"reason\": null,\r\n \"utc\": \"2021-08-27T11:37:55.2584374Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"reopen\",\r\n \"reason\": null,\r\n \"utc\": \"2021-08-27T11:42:16.6280632Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"close\",\r\n \"reason\": null,\r\n \"utc\": \"2021-09-03T10:28:31.7207605Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"reopen\",\r\n \"reason\": null,\r\n \"utc\": \"2021-09-03T10:51:47.6782713Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"close\",\r\n \"reason\": null,\r\n \"utc\": \"2021-09-05T00:36:57.2645402Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"reopen\",\r\n \"reason\": null,\r\n \"utc\": \"2021-09-05T00:41:31.0945852Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"close\",\r\n \"reason\": null,\r\n \"utc\": \"2021-09-07T23:58:27.391787Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"reopen\",\r\n \"reason\": null,\r\n \"utc\": \"2021-09-08T00:22:00.9912123Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"close\",\r\n \"reason\": null,\r\n \"utc\": \"2021-09-08T20:19:39.657845Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"reopen\",\r\n \"reason\": null,\r\n \"utc\": \"2021-09-08T20:25:31.706882Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"close\",\r\n \"reason\": null,\r\n \"utc\": \"2021-09-10T18:03:59.2790549Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"reopen\",\r\n \"reason\": null,\r\n \"utc\": \"2021-09-10T18:27:28.9493416Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"close\",\r\n \"reason\": null,\r\n \"utc\": \"2021-09-12T13:37:38.5045343Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"reopen\",\r\n \"reason\": null,\r\n \"utc\": \"2021-09-12T13:43:00.923868Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"close\",\r\n \"reason\": null,\r\n \"utc\": \"2021-09-12T16:34:49.6727192Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"reopen\",\r\n \"reason\": null,\r\n \"utc\": \"2021-09-12T16:39:58.4115057Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"close\",\r\n \"reason\": null,\r\n \"utc\": \"2021-09-13T01:10:39.0000367Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"reopen\",\r\n \"reason\": null,\r\n \"utc\": \"2021-09-13T01:22:35.7727502Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"close\",\r\n \"reason\": null,\r\n \"utc\": \"2021-09-19T21:11:51.3345717Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"reopen\",\r\n \"reason\": null,\r\n \"utc\": \"2021-09-19T21:16:11.5647829Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"close\",\r\n \"reason\": null,\r\n \"utc\": \"2021-10-03T09:36:16.0602775Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"reopen\",\r\n \"reason\": null,\r\n \"utc\": \"2021-10-03T09:40:29.3707095Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"close\",\r\n \"reason\": null,\r\n \"utc\": \"2021-11-07T00:35:35.3813317Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"reopen\",\r\n \"reason\": null,\r\n \"utc\": \"2021-11-07T00:39:55.504419Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"close\",\r\n \"reason\": null,\r\n \"utc\": \"2021-11-19T22:52:19.2600253Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"reopen\",\r\n \"reason\": null,\r\n \"utc\": \"2021-11-19T22:57:38.3182799Z\",\r\n \"userId\": \"ARGOS\"\r\n }\r\n]",
|
||||
"metadata_id_s": "",
|
||||
"Type": "ARGOS_CL",
|
||||
"_ResourceId": ""
|
||||
},
|
||||
{
|
||||
"TenantId": "04320225-9274-4d17-a4c0-5e35abd3cb68",
|
||||
"SourceSystem": "RestAPI",
|
||||
"MG": "",
|
||||
"ManagementGroupName": "",
|
||||
"TimeGenerated [UTC]": "19/11/2021, 10:57:14.093 pm",
|
||||
"Computer": "",
|
||||
"RawData": "",
|
||||
"inventoryId_g": "",
|
||||
"url_s": "https://app.argos-security.io/detections/omigodahhhhhhhhhh:virtualMachines_endpointProtectionInstalled",
|
||||
"id_s": "omigodahhhhhhhhhh:virtualMachines_endpointProtectionInstalled",
|
||||
"ruleId_s": "virtualMachines_endpointProtectionInstalled",
|
||||
"ruleServiceId_s": "virtualMachines",
|
||||
"customerId_s": "argos-test-tenant",
|
||||
"connectionId_g": "a9f5a81b-d5e1-416d-8a19-521abe499cda",
|
||||
"cloud_s": "azure",
|
||||
"status_s": "open",
|
||||
"exploitable_b": "",
|
||||
"name_s": "omigodahhhhhhhhhh",
|
||||
"type_s": "Microsoft.Compute/virtualmachines",
|
||||
"inventoryId_s": ":subscriptions:a9f5a81b-d5e1-416d-8a19-521abe499cda:resourcegroups:argos-dev-rg:providers:microsoft.compute:virtualmachines:omigodahhhhhhhhhh",
|
||||
"ResourceId": "/subscriptions/a9f5a81b-d5e1-416d-8a19-521abe499cda/resourceGroups/ARGOS-DEV-RG/providers/Microsoft.Compute/virtualMachines/omigodahhhhhhhhhh",
|
||||
"ResourceGroup": "ARGOS-DEV-RG",
|
||||
"itsmTickets_s": "[]",
|
||||
"auditLog_s": "[\r\n {\r\n \"event\": \"open\",\r\n \"reason\": null,\r\n \"utc\": \"2021-11-10T04:30:29.831781Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"close\",\r\n \"reason\": null,\r\n \"utc\": \"2021-11-19T22:51:27.2448624Z\",\r\n \"userId\": \"ARGOS\"\r\n },\r\n {\r\n \"event\": \"reopen\",\r\n \"reason\": null,\r\n \"utc\": \"2021-11-19T22:57:14.0930391Z\",\r\n \"userId\": \"ARGOS\"\r\n }\r\n]",
|
||||
"metadata_id_s": "",
|
||||
"Type": "ARGOS_CL",
|
||||
"_ResourceId": ""
|
||||
}
|
||||
]
|
||||
Загрузка…
Ссылка в новой задаче