diff --git a/Detections/ASimAuthentication/imAuthBruteForce.yaml b/Detections/ASimAuthentication/imAuthBruteForce.yaml index 6f635bc9a1..5b02a32cba 100644 --- a/Detections/ASimAuthentication/imAuthBruteForce.yaml +++ b/Detections/ASimAuthentication/imAuthBruteForce.yaml @@ -43,3 +43,4 @@ entityMappings: - identifier: Address columnName: IPCustomEntity version: 1.1.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/ASimAuthentication/imAuthPasswordSpray.yaml b/Detections/ASimAuthentication/imAuthPasswordSpray.yaml index f9c1751c93..cc6618d4c4 100644 --- a/Detections/ASimAuthentication/imAuthPasswordSpray.yaml +++ b/Detections/ASimAuthentication/imAuthPasswordSpray.yaml @@ -36,4 +36,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.1.0 \ No newline at end of file +version: 1.1.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/ASimAuthentication/imAuthSigninsMultipleCountries.yaml b/Detections/ASimAuthentication/imAuthSigninsMultipleCountries.yaml index ede07ce6b8..e9b6414f43 100644 --- a/Detections/ASimAuthentication/imAuthSigninsMultipleCountries.yaml +++ b/Detections/ASimAuthentication/imAuthSigninsMultipleCountries.yaml @@ -38,4 +38,4 @@ entityMappings: - identifier: FullName columnName: AccountCustomEntity version: 1.1.0 - +kind: scheduled \ No newline at end of file diff --git a/Detections/ASimAuthentication/imSigninAttemptsByIPviaDisabledAccounts.yaml b/Detections/ASimAuthentication/imSigninAttemptsByIPviaDisabledAccounts.yaml index 29bb2a8d52..8bc7abe997 100644 --- a/Detections/ASimAuthentication/imSigninAttemptsByIPviaDisabledAccounts.yaml +++ b/Detections/ASimAuthentication/imSigninAttemptsByIPviaDisabledAccounts.yaml @@ -50,3 +50,4 @@ entityMappings: - identifier: Address columnName: IPCustomEntity version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/ASimDNS/imDNS_Miners.yaml b/Detections/ASimDNS/imDNS_Miners.yaml index a358cb0ba4..ef267a93b8 100644 --- a/Detections/ASimDNS/imDNS_Miners.yaml +++ b/Detections/ASimDNS/imDNS_Miners.yaml @@ -39,4 +39,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.2.0 \ No newline at end of file +version: 1.2.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/ASimDNS/imDNS_TorProxies.yaml b/Detections/ASimDNS/imDNS_TorProxies.yaml index 567ee6fe0d..5fe10db6a3 100644 --- a/Detections/ASimDNS/imDNS_TorProxies.yaml +++ b/Detections/ASimDNS/imDNS_TorProxies.yaml @@ -34,4 +34,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.2.0 \ No newline at end of file +version: 1.2.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/ASimDNS/imDns_DomainEntity_DnsEvents.yaml b/Detections/ASimDNS/imDns_DomainEntity_DnsEvents.yaml index 84127b5b02..ae491d2432 100644 --- a/Detections/ASimDNS/imDns_DomainEntity_DnsEvents.yaml +++ b/Detections/ASimDNS/imDns_DomainEntity_DnsEvents.yaml @@ -66,3 +66,4 @@ customDetails: DnsQuery: DnsQuery QueryType: QueryType version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/ASimDNS/imDns_ExcessiveNXDOMAINDNSQueries.yaml b/Detections/ASimDNS/imDns_ExcessiveNXDOMAINDNSQueries.yaml index 6cccdb64b4..189a479f2b 100644 --- a/Detections/ASimDNS/imDns_ExcessiveNXDOMAINDNSQueries.yaml +++ b/Detections/ASimDNS/imDns_ExcessiveNXDOMAINDNSQueries.yaml @@ -34,4 +34,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.2.0 \ No newline at end of file +version: 1.2.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/ASimDNS/imDns_HighNXDomainCount_detection.yaml b/Detections/ASimDNS/imDns_HighNXDomainCount_detection.yaml index b102fc36dd..a5a10e6237 100644 --- a/Detections/ASimDNS/imDns_HighNXDomainCount_detection.yaml +++ b/Detections/ASimDNS/imDns_HighNXDomainCount_detection.yaml @@ -48,4 +48,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/ASimDNS/imDns_IPEntity_DnsEvents.yaml b/Detections/ASimDNS/imDns_IPEntity_DnsEvents.yaml index 4f87f8d07d..bffd6da48c 100644 --- a/Detections/ASimDNS/imDns_IPEntity_DnsEvents.yaml +++ b/Detections/ASimDNS/imDns_IPEntity_DnsEvents.yaml @@ -75,3 +75,4 @@ customDetails: SubType: SubType DnsQuery: DnsQuery version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/ASimFileEvent/imFileESolarWindsSunburstSupernova.yaml b/Detections/ASimFileEvent/imFileESolarWindsSunburstSupernova.yaml index 9cb7e27fdf..fc7e27efac 100644 --- a/Detections/ASimFileEvent/imFileESolarWindsSunburstSupernova.yaml +++ b/Detections/ASimFileEvent/imFileESolarWindsSunburstSupernova.yaml @@ -46,3 +46,4 @@ entityMappings: - identifier: Value columnName: FileHashCustomEntity version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/ASimProcess/imProcess_AdFind_Usage.yaml b/Detections/ASimProcess/imProcess_AdFind_Usage.yaml index 20d0e645c6..b382b964d5 100644 --- a/Detections/ASimProcess/imProcess_AdFind_Usage.yaml +++ b/Detections/ASimProcess/imProcess_AdFind_Usage.yaml @@ -53,3 +53,4 @@ entityMappings: - identifier: Value columnName: FileHashCustomEntity version: 1.1.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/ASimProcess/imProcess_NOBELIUM_SuspiciousRundll32Exec.yaml b/Detections/ASimProcess/imProcess_NOBELIUM_SuspiciousRundll32Exec.yaml index 5cfc6cbc4e..a67bcc74b5 100644 --- a/Detections/ASimProcess/imProcess_NOBELIUM_SuspiciousRundll32Exec.yaml +++ b/Detections/ASimProcess/imProcess_NOBELIUM_SuspiciousRundll32Exec.yaml @@ -36,4 +36,5 @@ entityMappings: fieldMappings: - identifier: FullName columnName: HostCustomEntity -version: 1.1.0 \ No newline at end of file +version: 1.1.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/ASimProcess/imProcess_SolarWinds_SUNBURST_Process-IOCs.yaml b/Detections/ASimProcess/imProcess_SolarWinds_SUNBURST_Process-IOCs.yaml index f618760e5e..40f54a4b33 100644 --- a/Detections/ASimProcess/imProcess_SolarWinds_SUNBURST_Process-IOCs.yaml +++ b/Detections/ASimProcess/imProcess_SolarWinds_SUNBURST_Process-IOCs.yaml @@ -50,4 +50,5 @@ entityMappings: columnName: MD5 - identifier: Value columnName: FileHashCustomEntity -version: 1.1.0 \ No newline at end of file +version: 1.1.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/ASimProcess/imProcess_base64_encoded_pefile.yaml b/Detections/ASimProcess/imProcess_base64_encoded_pefile.yaml index eba8c60bea..4dfe5577c3 100644 --- a/Detections/ASimProcess/imProcess_base64_encoded_pefile.yaml +++ b/Detections/ASimProcess/imProcess_base64_encoded_pefile.yaml @@ -38,4 +38,5 @@ entityMappings: fieldMappings: - identifier: FullName columnName: HostCustomEntity -version: 1.1.0 \ No newline at end of file +version: 1.1.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/ASimProcess/imProcess_malware_in_recyclebin.yaml b/Detections/ASimProcess/imProcess_malware_in_recyclebin.yaml index 62883711dc..8558ab516e 100644 --- a/Detections/ASimProcess/imProcess_malware_in_recyclebin.yaml +++ b/Detections/ASimProcess/imProcess_malware_in_recyclebin.yaml @@ -38,4 +38,5 @@ entityMappings: fieldMappings: - identifier: FullName columnName: HostCustomEntity -version: 1.1.0 \ No newline at end of file +version: 1.1.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/AWSCloudTrail/AWS_ChangeToRDSDatabase.yaml b/Detections/AWSCloudTrail/AWS_ChangeToRDSDatabase.yaml index 7a770254da..d86a4a053d 100644 --- a/Detections/AWSCloudTrail/AWS_ChangeToRDSDatabase.yaml +++ b/Detections/AWSCloudTrail/AWS_ChangeToRDSDatabase.yaml @@ -35,4 +35,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/AWSCloudTrail/AWS_ChangeToVPC.yaml b/Detections/AWSCloudTrail/AWS_ChangeToVPC.yaml index 3ce1605eb9..97dcbb3ca2 100644 --- a/Detections/AWSCloudTrail/AWS_ChangeToVPC.yaml +++ b/Detections/AWSCloudTrail/AWS_ChangeToVPC.yaml @@ -37,4 +37,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/AWSCloudTrail/AWS_ClearStopChangeTrailLogs.yaml b/Detections/AWSCloudTrail/AWS_ClearStopChangeTrailLogs.yaml index 12a9c61074..3107821938 100644 --- a/Detections/AWSCloudTrail/AWS_ClearStopChangeTrailLogs.yaml +++ b/Detections/AWSCloudTrail/AWS_ClearStopChangeTrailLogs.yaml @@ -36,4 +36,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/AWSCloudTrail/AWS_ConsoleLogonWithoutMFA.yaml b/Detections/AWSCloudTrail/AWS_ConsoleLogonWithoutMFA.yaml index 317ea3815c..5c6f94ba4c 100644 --- a/Detections/AWSCloudTrail/AWS_ConsoleLogonWithoutMFA.yaml +++ b/Detections/AWSCloudTrail/AWS_ConsoleLogonWithoutMFA.yaml @@ -39,4 +39,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/AWSCloudTrail/AWS_CredentialHijack.yaml b/Detections/AWSCloudTrail/AWS_CredentialHijack.yaml index 7f6c0374d7..254083baec 100644 --- a/Detections/AWSCloudTrail/AWS_CredentialHijack.yaml +++ b/Detections/AWSCloudTrail/AWS_CredentialHijack.yaml @@ -36,4 +36,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/AWSCloudTrail/AWS_FullAdminPolicyAttachedToRolesUsersGroups.yaml b/Detections/AWSCloudTrail/AWS_FullAdminPolicyAttachedToRolesUsersGroups.yaml index 612aab92b4..20c026bb6a 100644 --- a/Detections/AWSCloudTrail/AWS_FullAdminPolicyAttachedToRolesUsersGroups.yaml +++ b/Detections/AWSCloudTrail/AWS_FullAdminPolicyAttachedToRolesUsersGroups.yaml @@ -69,4 +69,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/AWSCloudTrail/AWS_IngressEgressSecurityGroupChange.yaml b/Detections/AWSCloudTrail/AWS_IngressEgressSecurityGroupChange.yaml index c06f2c5f85..d23266c950 100644 --- a/Detections/AWSCloudTrail/AWS_IngressEgressSecurityGroupChange.yaml +++ b/Detections/AWSCloudTrail/AWS_IngressEgressSecurityGroupChange.yaml @@ -36,4 +36,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/AWSCloudTrail/AWS_LoadBalancerSecGroupChange.yaml b/Detections/AWSCloudTrail/AWS_LoadBalancerSecGroupChange.yaml index 059c48a854..dbf9a99f8e 100644 --- a/Detections/AWSCloudTrail/AWS_LoadBalancerSecGroupChange.yaml +++ b/Detections/AWSCloudTrail/AWS_LoadBalancerSecGroupChange.yaml @@ -37,4 +37,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/AlsidForAD/ADAttacksPathways.yaml b/Detections/AlsidForAD/ADAttacksPathways.yaml index 8a41ef1985..6f67d7144e 100644 --- a/Detections/AlsidForAD/ADAttacksPathways.yaml +++ b/Detections/AlsidForAD/ADAttacksPathways.yaml @@ -27,4 +27,5 @@ query: | | where MessageType == 0 and Codename in~ (codeNameList) | lookup kind=leftouter SeverityTable on Severity | order by Level -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/AlsidForAD/DCShadow.yaml b/Detections/AlsidForAD/DCShadow.yaml index b2902aad32..df25b55374 100644 --- a/Detections/AlsidForAD/DCShadow.yaml +++ b/Detections/AlsidForAD/DCShadow.yaml @@ -18,4 +18,5 @@ relevantTechniques: query: | afad_parser | where MessageType == 2 and Codename == "DCShadow" -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/AlsidForAD/DCSync.yaml b/Detections/AlsidForAD/DCSync.yaml index d7cd7e03bf..51a2691ef2 100644 --- a/Detections/AlsidForAD/DCSync.yaml +++ b/Detections/AlsidForAD/DCSync.yaml @@ -18,4 +18,5 @@ relevantTechniques: query: | afad_parser | where MessageType == 2 and Codename == "DCSync" -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/AlsidForAD/GoldenTicket.yaml b/Detections/AlsidForAD/GoldenTicket.yaml index a9d7b99176..ddcd718cda 100644 --- a/Detections/AlsidForAD/GoldenTicket.yaml +++ b/Detections/AlsidForAD/GoldenTicket.yaml @@ -18,4 +18,5 @@ relevantTechniques: query: | afad_parser | where MessageType == 2 and Codename == "Golden Ticket" -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/AlsidForAD/IndicatorsOfAttack.yaml b/Detections/AlsidForAD/IndicatorsOfAttack.yaml index af7008d329..d4ee531b6e 100644 --- a/Detections/AlsidForAD/IndicatorsOfAttack.yaml +++ b/Detections/AlsidForAD/IndicatorsOfAttack.yaml @@ -26,4 +26,5 @@ query: | | where MessageType == 2 | lookup kind=leftouter SeverityTable on Severity | order by Level -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/AlsidForAD/IndicatorsOfExposures.yaml b/Detections/AlsidForAD/IndicatorsOfExposures.yaml index 8ea9b831ab..b884b7d476 100644 --- a/Detections/AlsidForAD/IndicatorsOfExposures.yaml +++ b/Detections/AlsidForAD/IndicatorsOfExposures.yaml @@ -26,4 +26,5 @@ query: | | where MessageType == 0 | lookup kind=leftouter SeverityTable on Severity | order by Level -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/AlsidForAD/LSASSMemory.yaml b/Detections/AlsidForAD/LSASSMemory.yaml index bd8641690c..31d34ac5f5 100644 --- a/Detections/AlsidForAD/LSASSMemory.yaml +++ b/Detections/AlsidForAD/LSASSMemory.yaml @@ -18,4 +18,5 @@ relevantTechniques: query: | afad_parser | where MessageType == 2 and Codename == "OS Credential Dumping: LSASS Memory" -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/AlsidForAD/PasswordGuessing.yaml b/Detections/AlsidForAD/PasswordGuessing.yaml index fe449679c1..8f7988e24d 100644 --- a/Detections/AlsidForAD/PasswordGuessing.yaml +++ b/Detections/AlsidForAD/PasswordGuessing.yaml @@ -18,4 +18,5 @@ relevantTechniques: query: | afad_parser | where MessageType == 2 and Codename == "Password Guessing" -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/AlsidForAD/PasswordIssues.yaml b/Detections/AlsidForAD/PasswordIssues.yaml index 82522bfb0d..4292c65a67 100644 --- a/Detections/AlsidForAD/PasswordIssues.yaml +++ b/Detections/AlsidForAD/PasswordIssues.yaml @@ -27,4 +27,5 @@ query: | | where MessageType == 0 and Codename in~ (codeNameList) | lookup kind=leftouter SeverityTable on Severity | order by Level -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/AlsidForAD/PasswordSpraying.yaml b/Detections/AlsidForAD/PasswordSpraying.yaml index 7465128d1d..324e709be1 100644 --- a/Detections/AlsidForAD/PasswordSpraying.yaml +++ b/Detections/AlsidForAD/PasswordSpraying.yaml @@ -18,4 +18,5 @@ relevantTechniques: query: | afad_parser | where MessageType == 2 and Codename == "Password Spraying" -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/AlsidForAD/PrivilegedAccountIssues.yaml b/Detections/AlsidForAD/PrivilegedAccountIssues.yaml index 251abc2dc8..5ed831afa9 100644 --- a/Detections/AlsidForAD/PrivilegedAccountIssues.yaml +++ b/Detections/AlsidForAD/PrivilegedAccountIssues.yaml @@ -27,4 +27,5 @@ query: | | where MessageType == 0 and Codename in~ (codeNameList) | lookup kind=leftouter SeverityTable on Severity | order by Level -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/AlsidForAD/UserAccountIssues.yaml b/Detections/AlsidForAD/UserAccountIssues.yaml index d8d0915a21..bff4fa86c8 100644 --- a/Detections/AlsidForAD/UserAccountIssues.yaml +++ b/Detections/AlsidForAD/UserAccountIssues.yaml @@ -27,4 +27,5 @@ query: | | where MessageType == 0 and Codename in~ (codeNameList) | lookup kind=leftouter SeverityTable on Severity | order by Level -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/AuditLogs/ADFSDomainTrustMods.yaml b/Detections/AuditLogs/ADFSDomainTrustMods.yaml index 42dd07e39b..a7d97caad0 100644 --- a/Detections/AuditLogs/ADFSDomainTrustMods.yaml +++ b/Detections/AuditLogs/ADFSDomainTrustMods.yaml @@ -57,4 +57,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/AuditLogs/CredentialAddedAfterAdminConsent.yaml b/Detections/AuditLogs/CredentialAddedAfterAdminConsent.yaml index e2ba3adf99..8ae42db00f 100644 --- a/Detections/AuditLogs/CredentialAddedAfterAdminConsent.yaml +++ b/Detections/AuditLogs/CredentialAddedAfterAdminConsent.yaml @@ -66,4 +66,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/AuditLogs/FirstAppOrServicePrincipalCredential.yaml b/Detections/AuditLogs/FirstAppOrServicePrincipalCredential.yaml index 17f897d0db..484cbaea80 100644 --- a/Detections/AuditLogs/FirstAppOrServicePrincipalCredential.yaml +++ b/Detections/AuditLogs/FirstAppOrServicePrincipalCredential.yaml @@ -55,4 +55,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/AuditLogs/MailPermissionsAddedToApplication.yaml b/Detections/AuditLogs/MailPermissionsAddedToApplication.yaml index a496863feb..361dd2f32b 100644 --- a/Detections/AuditLogs/MailPermissionsAddedToApplication.yaml +++ b/Detections/AuditLogs/MailPermissionsAddedToApplication.yaml @@ -54,4 +54,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/AuditLogs/MaliciousOAuthApp_O365AttackToolkit.yaml b/Detections/AuditLogs/MaliciousOAuthApp_O365AttackToolkit.yaml index 73b5671f98..747b2fd1e1 100644 --- a/Detections/AuditLogs/MaliciousOAuthApp_O365AttackToolkit.yaml +++ b/Detections/AuditLogs/MaliciousOAuthApp_O365AttackToolkit.yaml @@ -70,4 +70,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/AuditLogs/MaliciousOAuthApp_PwnAuth.yaml b/Detections/AuditLogs/MaliciousOAuthApp_PwnAuth.yaml index 2e739fa696..effa812d89 100644 --- a/Detections/AuditLogs/MaliciousOAuthApp_PwnAuth.yaml +++ b/Detections/AuditLogs/MaliciousOAuthApp_PwnAuth.yaml @@ -70,4 +70,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/AuditLogs/NewAppOrServicePrincipalCredential.yaml b/Detections/AuditLogs/NewAppOrServicePrincipalCredential.yaml index 80e7435fea..46a66fc8bb 100644 --- a/Detections/AuditLogs/NewAppOrServicePrincipalCredential.yaml +++ b/Detections/AuditLogs/NewAppOrServicePrincipalCredential.yaml @@ -57,4 +57,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/AuditLogs/RareApplicationConsent.yaml b/Detections/AuditLogs/RareApplicationConsent.yaml index 6f5fcdb47f..41f0cdba57 100644 --- a/Detections/AuditLogs/RareApplicationConsent.yaml +++ b/Detections/AuditLogs/RareApplicationConsent.yaml @@ -78,3 +78,4 @@ entityMappings: - identifier: Address columnName: IPCustomEntity version: 1.1.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/AuditLogs/SuspiciousOAuthApp_OfflineAccess.yaml b/Detections/AuditLogs/SuspiciousOAuthApp_OfflineAccess.yaml index 7bea0a45c8..906a526b43 100644 --- a/Detections/AuditLogs/SuspiciousOAuthApp_OfflineAccess.yaml +++ b/Detections/AuditLogs/SuspiciousOAuthApp_OfflineAccess.yaml @@ -68,4 +68,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/AuditLogs/UseraddedtoPrivilgedGroups.yaml b/Detections/AuditLogs/UseraddedtoPrivilgedGroups.yaml index 2d603a8880..fb9eb67775 100644 --- a/Detections/AuditLogs/UseraddedtoPrivilgedGroups.yaml +++ b/Detections/AuditLogs/UseraddedtoPrivilgedGroups.yaml @@ -58,3 +58,4 @@ entityMappings: - identifier: FullName columnName: TargetUserPrincipalName version: 1.0.1 +kind: scheduled \ No newline at end of file diff --git a/Detections/AzureActivity/AADHybridHealthADFSNewServer.yaml b/Detections/AzureActivity/AADHybridHealthADFSNewServer.yaml index 4f39befed8..ab8b4f60ec 100644 --- a/Detections/AzureActivity/AADHybridHealthADFSNewServer.yaml +++ b/Detections/AzureActivity/AADHybridHealthADFSNewServer.yaml @@ -39,4 +39,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/AzureActivity/AADHybridHealthADFSServiceDelete.yaml b/Detections/AzureActivity/AADHybridHealthADFSServiceDelete.yaml index fd12674e8d..5ba60a7acb 100644 --- a/Detections/AzureActivity/AADHybridHealthADFSServiceDelete.yaml +++ b/Detections/AzureActivity/AADHybridHealthADFSServiceDelete.yaml @@ -40,4 +40,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/AzureActivity/AADHybridHealthADFSSuspApp.yaml b/Detections/AzureActivity/AADHybridHealthADFSSuspApp.yaml index 3270112473..076a589ccc 100644 --- a/Detections/AzureActivity/AADHybridHealthADFSSuspApp.yaml +++ b/Detections/AzureActivity/AADHybridHealthADFSSuspApp.yaml @@ -45,4 +45,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/AzureActivity/Creating_Anomalous_Number_Of_Resources_detection.yaml b/Detections/AzureActivity/Creating_Anomalous_Number_Of_Resources_detection.yaml index 00cd751eaf..5dc0eacc1d 100644 --- a/Detections/AzureActivity/Creating_Anomalous_Number_Of_Resources_detection.yaml +++ b/Detections/AzureActivity/Creating_Anomalous_Number_Of_Resources_detection.yaml @@ -61,3 +61,4 @@ entityMappings: - identifier: Address columnName: IPCustomEntity version: 1.1.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/AzureActivity/Creation_of_Expensive_Computes_in_Azure.yaml b/Detections/AzureActivity/Creation_of_Expensive_Computes_in_Azure.yaml index 5fe40841b1..833fa6388c 100644 --- a/Detections/AzureActivity/Creation_of_Expensive_Computes_in_Azure.yaml +++ b/Detections/AzureActivity/Creation_of_Expensive_Computes_in_Azure.yaml @@ -43,3 +43,4 @@ entityMappings: - identifier: Address columnName: IPCustomEntity version: 1.1.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/AzureActivity/Granting_Permissions_To_Account_detection.yaml b/Detections/AzureActivity/Granting_Permissions_To_Account_detection.yaml index 63181486e9..b1adbc8e42 100644 --- a/Detections/AzureActivity/Granting_Permissions_To_Account_detection.yaml +++ b/Detections/AzureActivity/Granting_Permissions_To_Account_detection.yaml @@ -46,3 +46,4 @@ entityMappings: - identifier: Address columnName: IPCustomEntity version: 1.1.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/AzureActivity/New-CloudShell-User.yaml b/Detections/AzureActivity/New-CloudShell-User.yaml index b94e7eadeb..f4dd7dfee3 100644 --- a/Detections/AzureActivity/New-CloudShell-User.yaml +++ b/Detections/AzureActivity/New-CloudShell-User.yaml @@ -34,4 +34,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/AzureActivity/NewResourceGroupsDeployedTo.yaml b/Detections/AzureActivity/NewResourceGroupsDeployedTo.yaml index 6a78853ffa..9c9e69e8e4 100644 --- a/Detections/AzureActivity/NewResourceGroupsDeployedTo.yaml +++ b/Detections/AzureActivity/NewResourceGroupsDeployedTo.yaml @@ -46,4 +46,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/AzureActivity/RareOperations.yaml b/Detections/AzureActivity/RareOperations.yaml index 796e60bbc9..2de6b36f00 100644 --- a/Detections/AzureActivity/RareOperations.yaml +++ b/Detections/AzureActivity/RareOperations.yaml @@ -51,3 +51,4 @@ entityMappings: - identifier: Address columnName: IPCustomEntity version: 1.1.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/AzureAppServices/AVScan_Failure.yaml b/Detections/AzureAppServices/AVScan_Failure.yaml index 5273f40d9b..7d5602fd98 100644 --- a/Detections/AzureAppServices/AVScan_Failure.yaml +++ b/Detections/AzureAppServices/AVScan_Failure.yaml @@ -20,3 +20,4 @@ entityMappings: - identifier: FullName columnName: HostCustomEntity version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/AzureAppServices/AVScan_Infected_Files_Found.yaml b/Detections/AzureAppServices/AVScan_Infected_Files_Found.yaml index 406b3ff582..9a227473e8 100644 --- a/Detections/AzureAppServices/AVScan_Infected_Files_Found.yaml +++ b/Detections/AzureAppServices/AVScan_Infected_Files_Found.yaml @@ -19,4 +19,5 @@ entityMappings: fieldMappings: - identifier: FullName columnName: HostCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/AzureDevOpsAuditing/ADOAgentPoolCreatedDeleted.yaml b/Detections/AzureDevOpsAuditing/ADOAgentPoolCreatedDeleted.yaml index fd1b28e34e..207ad3103a 100644 --- a/Detections/AzureDevOpsAuditing/ADOAgentPoolCreatedDeleted.yaml +++ b/Detections/AzureDevOpsAuditing/ADOAgentPoolCreatedDeleted.yaml @@ -45,4 +45,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/AzureDevOpsAuditing/ADOAuditStreamDisabled.yaml b/Detections/AzureDevOpsAuditing/ADOAuditStreamDisabled.yaml index 10dc704ee9..d763fe68c6 100644 --- a/Detections/AzureDevOpsAuditing/ADOAuditStreamDisabled.yaml +++ b/Detections/AzureDevOpsAuditing/ADOAuditStreamDisabled.yaml @@ -27,4 +27,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/AzureDevOpsAuditing/ADONewExtensionAdded.yaml b/Detections/AzureDevOpsAuditing/ADONewExtensionAdded.yaml index 9f1219e9a3..1077b39de9 100644 --- a/Detections/AzureDevOpsAuditing/ADONewExtensionAdded.yaml +++ b/Detections/AzureDevOpsAuditing/ADONewExtensionAdded.yaml @@ -30,4 +30,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/AzureDevOpsAuditing/ADOPATUsedWithBrowser.yaml b/Detections/AzureDevOpsAuditing/ADOPATUsedWithBrowser.yaml index 06bf2f1670..75198de2f5 100644 --- a/Detections/AzureDevOpsAuditing/ADOPATUsedWithBrowser.yaml +++ b/Detections/AzureDevOpsAuditing/ADOPATUsedWithBrowser.yaml @@ -27,4 +27,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/AzureDevOpsAuditing/ADOPipelineModifiedbyNewUser.yaml b/Detections/AzureDevOpsAuditing/ADOPipelineModifiedbyNewUser.yaml index b7820b7e9f..278efc3971 100644 --- a/Detections/AzureDevOpsAuditing/ADOPipelineModifiedbyNewUser.yaml +++ b/Detections/AzureDevOpsAuditing/ADOPipelineModifiedbyNewUser.yaml @@ -54,4 +54,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/AzureDevOpsAuditing/ADORetentionReducedto0.yaml b/Detections/AzureDevOpsAuditing/ADORetentionReducedto0.yaml index 899236b7bf..a2ab86fec4 100644 --- a/Detections/AzureDevOpsAuditing/ADORetentionReducedto0.yaml +++ b/Detections/AzureDevOpsAuditing/ADORetentionReducedto0.yaml @@ -28,4 +28,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/AzureDevOpsAuditing/ADOSecretNotSecured.yaml b/Detections/AzureDevOpsAuditing/ADOSecretNotSecured.yaml index 6eef12b7fc..3a6099d397 100644 --- a/Detections/AzureDevOpsAuditing/ADOSecretNotSecured.yaml +++ b/Detections/AzureDevOpsAuditing/ADOSecretNotSecured.yaml @@ -33,4 +33,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/AzureDevOpsAuditing/ADOVariableModifiedByNewUser.yaml b/Detections/AzureDevOpsAuditing/ADOVariableModifiedByNewUser.yaml index 43d317078f..c17ddd6cc7 100644 --- a/Detections/AzureDevOpsAuditing/ADOVariableModifiedByNewUser.yaml +++ b/Detections/AzureDevOpsAuditing/ADOVariableModifiedByNewUser.yaml @@ -42,4 +42,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/AzureDevOpsAuditing/AzDOAdminGroupAdditions.yaml b/Detections/AzureDevOpsAuditing/AzDOAdminGroupAdditions.yaml index f0a27eb089..584fee5e2d 100644 --- a/Detections/AzureDevOpsAuditing/AzDOAdminGroupAdditions.yaml +++ b/Detections/AzureDevOpsAuditing/AzDOAdminGroupAdditions.yaml @@ -38,4 +38,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/AzureDevOpsAuditing/AzDOHistoricPrPolicyBypassing.yaml b/Detections/AzureDevOpsAuditing/AzDOHistoricPrPolicyBypassing.yaml index bede5e26dd..212d707040 100644 --- a/Detections/AzureDevOpsAuditing/AzDOHistoricPrPolicyBypassing.yaml +++ b/Detections/AzureDevOpsAuditing/AzDOHistoricPrPolicyBypassing.yaml @@ -39,4 +39,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/AzureDevOpsAuditing/AzDOHistoricServiceConnectionAdds.yaml b/Detections/AzureDevOpsAuditing/AzDOHistoricServiceConnectionAdds.yaml index d5934f4e27..8d0a47dc10 100644 --- a/Detections/AzureDevOpsAuditing/AzDOHistoricServiceConnectionAdds.yaml +++ b/Detections/AzureDevOpsAuditing/AzDOHistoricServiceConnectionAdds.yaml @@ -58,4 +58,5 @@ entityMappings: fieldMappings: - identifier: FullName columnName: AccountCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/AzureDevOpsAuditing/AzDOPatSessionMisuse.yaml b/Detections/AzureDevOpsAuditing/AzDOPatSessionMisuse.yaml index 3eed12d596..34086bd985 100644 --- a/Detections/AzureDevOpsAuditing/AzDOPatSessionMisuse.yaml +++ b/Detections/AzureDevOpsAuditing/AzDOPatSessionMisuse.yaml @@ -41,4 +41,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/AzureDevOpsAuditing/AzDOPipelineCreatedDeletedOneDay.yaml b/Detections/AzureDevOpsAuditing/AzDOPipelineCreatedDeletedOneDay.yaml index 0f67f029e4..ab6ef28947 100644 --- a/Detections/AzureDevOpsAuditing/AzDOPipelineCreatedDeletedOneDay.yaml +++ b/Detections/AzureDevOpsAuditing/AzDOPipelineCreatedDeletedOneDay.yaml @@ -56,4 +56,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: DeletingIP -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/AzureDevOpsAuditing/AzDOServiceConnectionUsage.yaml b/Detections/AzureDevOpsAuditing/AzDOServiceConnectionUsage.yaml index 3a20c4b4f6..537aa14172 100644 --- a/Detections/AzureDevOpsAuditing/AzDOServiceConnectionUsage.yaml +++ b/Detections/AzureDevOpsAuditing/AzDOServiceConnectionUsage.yaml @@ -38,4 +38,5 @@ query: | Type == "Build", strcat('https://dev.azure.com/', OrganizationName, '/', ProjectName, '/_build?definitionId=', DefId), strcat('https://dev.azure.com/', OrganizationName, '/', ProjectName, '/_release?_a=releases&view=mine&definitionId=', DefId)) | extend timestamp = StartTime -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/AzureDevOpsAuditing/ExternalUpstreamSourceAddedtoAzureDevOpsFeed.yaml b/Detections/AzureDevOpsAuditing/ExternalUpstreamSourceAddedtoAzureDevOpsFeed.yaml index a0893716d9..da8886962f 100644 --- a/Detections/AzureDevOpsAuditing/ExternalUpstreamSourceAddedtoAzureDevOpsFeed.yaml +++ b/Detections/AzureDevOpsAuditing/ExternalUpstreamSourceAddedtoAzureDevOpsFeed.yaml @@ -44,4 +44,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/AzureDevOpsAuditing/NewAgentAddedToPoolbyNewUserorofNewOS.yaml b/Detections/AzureDevOpsAuditing/NewAgentAddedToPoolbyNewUserorofNewOS.yaml index f746928d63..4df39a608e 100644 --- a/Detections/AzureDevOpsAuditing/NewAgentAddedToPoolbyNewUserorofNewOS.yaml +++ b/Detections/AzureDevOpsAuditing/NewAgentAddedToPoolbyNewUserorofNewOS.yaml @@ -61,4 +61,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/AzureDevOpsAuditing/NewPAPCAPCASaddedtoADO.yaml b/Detections/AzureDevOpsAuditing/NewPAPCAPCASaddedtoADO.yaml index 76610e9ae4..2834c92545 100644 --- a/Detections/AzureDevOpsAuditing/NewPAPCAPCASaddedtoADO.yaml +++ b/Detections/AzureDevOpsAuditing/NewPAPCAPCASaddedtoADO.yaml @@ -39,4 +39,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/AzureDiagnostics/KeyVaultSensitiveOperations.yaml b/Detections/AzureDiagnostics/KeyVaultSensitiveOperations.yaml index 4f5e4b18a2..83857b0bda 100644 --- a/Detections/AzureDiagnostics/KeyVaultSensitiveOperations.yaml +++ b/Detections/AzureDiagnostics/KeyVaultSensitiveOperations.yaml @@ -40,4 +40,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/AzureDiagnostics/KeyvaultMassSecretRetrieval.yaml b/Detections/AzureDiagnostics/KeyvaultMassSecretRetrieval.yaml index c506f03d99..f032f58e91 100644 --- a/Detections/AzureDiagnostics/KeyvaultMassSecretRetrieval.yaml +++ b/Detections/AzureDiagnostics/KeyvaultMassSecretRetrieval.yaml @@ -52,4 +52,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/AzureDiagnostics/MaliciousWAFSessions.yaml b/Detections/AzureDiagnostics/MaliciousWAFSessions.yaml index 971f7e95f0..12055bbabc 100644 --- a/Detections/AzureDiagnostics/MaliciousWAFSessions.yaml +++ b/Detections/AzureDiagnostics/MaliciousWAFSessions.yaml @@ -56,4 +56,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/AzureDiagnostics/TimeSeriesKeyvaultAccessAnomaly.yaml b/Detections/AzureDiagnostics/TimeSeriesKeyvaultAccessAnomaly.yaml index a971cad3ec..3ef02036f4 100644 --- a/Detections/AzureDiagnostics/TimeSeriesKeyvaultAccessAnomaly.yaml +++ b/Detections/AzureDiagnostics/TimeSeriesKeyvaultAccessAnomaly.yaml @@ -73,4 +73,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/AzureFirewall/SeveralDenyActionsRegistered.yaml b/Detections/AzureFirewall/SeveralDenyActionsRegistered.yaml index 19b6672c27..ca1e80b690 100644 --- a/Detections/AzureFirewall/SeveralDenyActionsRegistered.yaml +++ b/Detections/AzureFirewall/SeveralDenyActionsRegistered.yaml @@ -43,4 +43,5 @@ entityMappings: fieldMappings: - identifier: Url columnName: URLCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/CiscoUmbrella/CiscoUmbrellaConnectionNon-CorporatePrivateNetwork.yaml b/Detections/CiscoUmbrella/CiscoUmbrellaConnectionNon-CorporatePrivateNetwork.yaml index 8687101c0f..22736865eb 100644 --- a/Detections/CiscoUmbrella/CiscoUmbrellaConnectionNon-CorporatePrivateNetwork.yaml +++ b/Detections/CiscoUmbrella/CiscoUmbrellaConnectionNon-CorporatePrivateNetwork.yaml @@ -33,4 +33,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/CiscoUmbrella/CiscoUmbrellaConnectionToUnpopularWebsiteDetected.yaml b/Detections/CiscoUmbrella/CiscoUmbrellaConnectionToUnpopularWebsiteDetected.yaml index 78e3965f8d..7672621a09 100644 --- a/Detections/CiscoUmbrella/CiscoUmbrellaConnectionToUnpopularWebsiteDetected.yaml +++ b/Detections/CiscoUmbrella/CiscoUmbrellaConnectionToUnpopularWebsiteDetected.yaml @@ -40,4 +40,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/CiscoUmbrella/CiscoUmbrellaCryptoMinerUserAgentDetected.yaml b/Detections/CiscoUmbrella/CiscoUmbrellaCryptoMinerUserAgentDetected.yaml index bffd48cf50..f502c7f44f 100644 --- a/Detections/CiscoUmbrella/CiscoUmbrellaCryptoMinerUserAgentDetected.yaml +++ b/Detections/CiscoUmbrella/CiscoUmbrellaCryptoMinerUserAgentDetected.yaml @@ -31,4 +31,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/CiscoUmbrella/CiscoUmbrellaEmptyUserAgentDetected.yaml b/Detections/CiscoUmbrella/CiscoUmbrellaEmptyUserAgentDetected.yaml index 405194992c..ba7c465905 100644 --- a/Detections/CiscoUmbrella/CiscoUmbrellaEmptyUserAgentDetected.yaml +++ b/Detections/CiscoUmbrella/CiscoUmbrellaEmptyUserAgentDetected.yaml @@ -31,4 +31,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/CiscoUmbrella/CiscoUmbrellaHackToolUserAgentDetected.yaml b/Detections/CiscoUmbrella/CiscoUmbrellaHackToolUserAgentDetected.yaml index 355c9bbda2..da7f44e203 100644 --- a/Detections/CiscoUmbrella/CiscoUmbrellaHackToolUserAgentDetected.yaml +++ b/Detections/CiscoUmbrella/CiscoUmbrellaHackToolUserAgentDetected.yaml @@ -79,4 +79,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/CiscoUmbrella/CiscoUmbrellaPowershellUserAgentDetected.yaml b/Detections/CiscoUmbrella/CiscoUmbrellaPowershellUserAgentDetected.yaml index 2daad48e1d..8d5ba0ff62 100644 --- a/Detections/CiscoUmbrella/CiscoUmbrellaPowershellUserAgentDetected.yaml +++ b/Detections/CiscoUmbrella/CiscoUmbrellaPowershellUserAgentDetected.yaml @@ -32,4 +32,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/CiscoUmbrella/CiscoUmbrellaRareUserAgentDetected.yaml b/Detections/CiscoUmbrella/CiscoUmbrellaRareUserAgentDetected.yaml index d726eed30f..6734984eb5 100644 --- a/Detections/CiscoUmbrella/CiscoUmbrellaRareUserAgentDetected.yaml +++ b/Detections/CiscoUmbrella/CiscoUmbrellaRareUserAgentDetected.yaml @@ -37,4 +37,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/CiscoUmbrella/CiscoUmbrellaRequestAllowedHarmfulMaliciousURICategory.yaml b/Detections/CiscoUmbrella/CiscoUmbrellaRequestAllowedHarmfulMaliciousURICategory.yaml index b2e997fda4..dac6d7e132 100644 --- a/Detections/CiscoUmbrella/CiscoUmbrellaRequestAllowedHarmfulMaliciousURICategory.yaml +++ b/Detections/CiscoUmbrella/CiscoUmbrellaRequestAllowedHarmfulMaliciousURICategory.yaml @@ -50,4 +50,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/CiscoUmbrella/CiscoUmbrellaRequestBlocklistedFileType.yaml b/Detections/CiscoUmbrella/CiscoUmbrellaRequestBlocklistedFileType.yaml index 0374d1e812..9eb1b0f698 100644 --- a/Detections/CiscoUmbrella/CiscoUmbrellaRequestBlocklistedFileType.yaml +++ b/Detections/CiscoUmbrella/CiscoUmbrellaRequestBlocklistedFileType.yaml @@ -35,4 +35,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/CiscoUmbrella/CiscoUmbrellaURIContainsIPAddress.yaml b/Detections/CiscoUmbrella/CiscoUmbrellaURIContainsIPAddress.yaml index 541dfda811..9bea989a32 100644 --- a/Detections/CiscoUmbrella/CiscoUmbrellaURIContainsIPAddress.yaml +++ b/Detections/CiscoUmbrella/CiscoUmbrellaURIContainsIPAddress.yaml @@ -32,4 +32,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/Cognni/CognniHighRiskBusinessIncidents.yaml b/Detections/Cognni/CognniHighRiskBusinessIncidents.yaml index d15ca7ec31..58abe1f7bb 100644 --- a/Detections/Cognni/CognniHighRiskBusinessIncidents.yaml +++ b/Detections/Cognni/CognniHighRiskBusinessIncidents.yaml @@ -28,4 +28,5 @@ entityMappings: fieldMappings: - identifier: FullName columnName: AccountCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/Cognni/CognniHighRiskFinancialIncidents.yaml b/Detections/Cognni/CognniHighRiskFinancialIncidents.yaml index 9d9bbc8f86..e7f5350c32 100644 --- a/Detections/Cognni/CognniHighRiskFinancialIncidents.yaml +++ b/Detections/Cognni/CognniHighRiskFinancialIncidents.yaml @@ -28,4 +28,5 @@ entityMappings: fieldMappings: - identifier: FullName columnName: AccountCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/Cognni/CognniHighRiskGovernanceIncidents.yaml b/Detections/Cognni/CognniHighRiskGovernanceIncidents.yaml index dba9aeac36..48436b9c32 100644 --- a/Detections/Cognni/CognniHighRiskGovernanceIncidents.yaml +++ b/Detections/Cognni/CognniHighRiskGovernanceIncidents.yaml @@ -28,4 +28,5 @@ entityMappings: fieldMappings: - identifier: FullName columnName: AccountCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/Cognni/CognniHighRiskHRIncidents.yaml b/Detections/Cognni/CognniHighRiskHRIncidents.yaml index fa1572e3ba..a0eac42ff5 100644 --- a/Detections/Cognni/CognniHighRiskHRIncidents.yaml +++ b/Detections/Cognni/CognniHighRiskHRIncidents.yaml @@ -28,4 +28,5 @@ entityMappings: fieldMappings: - identifier: FullName columnName: AccountCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/Cognni/CognniHighRiskLegalIncidents.yaml b/Detections/Cognni/CognniHighRiskLegalIncidents.yaml index 143ce2bd71..9df54473b3 100644 --- a/Detections/Cognni/CognniHighRiskLegalIncidents.yaml +++ b/Detections/Cognni/CognniHighRiskLegalIncidents.yaml @@ -28,4 +28,5 @@ entityMappings: fieldMappings: - identifier: FullName columnName: AccountCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/Cognni/CognniLowRiskBusinessIncidents.yaml b/Detections/Cognni/CognniLowRiskBusinessIncidents.yaml index 6fc7af29d8..925f9c20d2 100644 --- a/Detections/Cognni/CognniLowRiskBusinessIncidents.yaml +++ b/Detections/Cognni/CognniLowRiskBusinessIncidents.yaml @@ -28,4 +28,5 @@ entityMappings: fieldMappings: - identifier: FullName columnName: AccountCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/Cognni/CognniLowRiskFinancialIncidents.yaml b/Detections/Cognni/CognniLowRiskFinancialIncidents.yaml index 1a524717ec..40e89a4ac3 100644 --- a/Detections/Cognni/CognniLowRiskFinancialIncidents.yaml +++ b/Detections/Cognni/CognniLowRiskFinancialIncidents.yaml @@ -28,4 +28,5 @@ entityMappings: fieldMappings: - identifier: FullName columnName: AccountCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/Cognni/CognniLowRiskGovernanceIncidents.yaml b/Detections/Cognni/CognniLowRiskGovernanceIncidents.yaml index 774c2af5b7..c5e957dd1b 100644 --- a/Detections/Cognni/CognniLowRiskGovernanceIncidents.yaml +++ b/Detections/Cognni/CognniLowRiskGovernanceIncidents.yaml @@ -28,4 +28,5 @@ entityMappings: fieldMappings: - identifier: FullName columnName: AccountCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/Cognni/CognniLowRiskHRIncidents.yaml b/Detections/Cognni/CognniLowRiskHRIncidents.yaml index 1f06744dbe..6f49ff48fe 100644 --- a/Detections/Cognni/CognniLowRiskHRIncidents.yaml +++ b/Detections/Cognni/CognniLowRiskHRIncidents.yaml @@ -28,4 +28,5 @@ entityMappings: fieldMappings: - identifier: FullName columnName: AccountCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/Cognni/CognniLowRiskLegalIncidents.yaml b/Detections/Cognni/CognniLowRiskLegalIncidents.yaml index 9f0a8a0dbb..51d713af26 100644 --- a/Detections/Cognni/CognniLowRiskLegalIncidents.yaml +++ b/Detections/Cognni/CognniLowRiskLegalIncidents.yaml @@ -28,4 +28,5 @@ entityMappings: fieldMappings: - identifier: FullName columnName: AccountCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/Cognni/CognniMediumRiskBusinessIncidents.yaml b/Detections/Cognni/CognniMediumRiskBusinessIncidents.yaml index 747380c85f..a1935c0c9e 100644 --- a/Detections/Cognni/CognniMediumRiskBusinessIncidents.yaml +++ b/Detections/Cognni/CognniMediumRiskBusinessIncidents.yaml @@ -28,4 +28,5 @@ entityMappings: fieldMappings: - identifier: FullName columnName: AccountCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/Cognni/CognniMediumRiskFinancialIncidents.yaml b/Detections/Cognni/CognniMediumRiskFinancialIncidents.yaml index 68dc1ffda9..e1a9731538 100644 --- a/Detections/Cognni/CognniMediumRiskFinancialIncidents.yaml +++ b/Detections/Cognni/CognniMediumRiskFinancialIncidents.yaml @@ -28,4 +28,5 @@ entityMappings: fieldMappings: - identifier: FullName columnName: AccountCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/Cognni/CognniMediumRiskGovernanceIncidents.yaml b/Detections/Cognni/CognniMediumRiskGovernanceIncidents.yaml index ac5dcb16c1..08ce5a0856 100644 --- a/Detections/Cognni/CognniMediumRiskGovernanceIncidents.yaml +++ b/Detections/Cognni/CognniMediumRiskGovernanceIncidents.yaml @@ -28,4 +28,5 @@ entityMappings: fieldMappings: - identifier: FullName columnName: AccountCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/Cognni/CognniMediumRiskHRIncidents.yaml b/Detections/Cognni/CognniMediumRiskHRIncidents.yaml index a18e811b3e..10b46b59b8 100644 --- a/Detections/Cognni/CognniMediumRiskHRIncidents.yaml +++ b/Detections/Cognni/CognniMediumRiskHRIncidents.yaml @@ -28,4 +28,5 @@ entityMappings: fieldMappings: - identifier: FullName columnName: AccountCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/Cognni/CognniMediumRiskLegalIncidents.yaml b/Detections/Cognni/CognniMediumRiskLegalIncidents.yaml index 280387dadb..00f2ceca74 100644 --- a/Detections/Cognni/CognniMediumRiskLegalIncidents.yaml +++ b/Detections/Cognni/CognniMediumRiskLegalIncidents.yaml @@ -28,4 +28,5 @@ entityMappings: fieldMappings: - identifier: FullName columnName: AccountCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/CommonSecurityLog/CiscoASA-AvgAttackDetectRateIncrease.yaml b/Detections/CommonSecurityLog/CiscoASA-AvgAttackDetectRateIncrease.yaml index 9180f80205..28a10352b2 100644 --- a/Detections/CommonSecurityLog/CiscoASA-AvgAttackDetectRateIncrease.yaml +++ b/Detections/CommonSecurityLog/CiscoASA-AvgAttackDetectRateIncrease.yaml @@ -69,4 +69,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/CommonSecurityLog/CiscoASA-ThreatDetectionMessage.yaml b/Detections/CommonSecurityLog/CiscoASA-ThreatDetectionMessage.yaml index beb3d3b5f5..2e86efd69d 100644 --- a/Detections/CommonSecurityLog/CiscoASA-ThreatDetectionMessage.yaml +++ b/Detections/CommonSecurityLog/CiscoASA-ThreatDetectionMessage.yaml @@ -34,4 +34,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/CommonSecurityLog/Fortinet-NetworkBeaconPattern.yaml b/Detections/CommonSecurityLog/Fortinet-NetworkBeaconPattern.yaml index eba6301e9a..836ee5952a 100644 --- a/Detections/CommonSecurityLog/Fortinet-NetworkBeaconPattern.yaml +++ b/Detections/CommonSecurityLog/Fortinet-NetworkBeaconPattern.yaml @@ -79,4 +79,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/CommonSecurityLog/MultiVendor-PossibleDGAContacts.yaml b/Detections/CommonSecurityLog/MultiVendor-PossibleDGAContacts.yaml index 5a769566a1..8cab8932bf 100644 --- a/Detections/CommonSecurityLog/MultiVendor-PossibleDGAContacts.yaml +++ b/Detections/CommonSecurityLog/MultiVendor-PossibleDGAContacts.yaml @@ -121,4 +121,5 @@ entityMappings: fieldMappings: - identifier: DomainName columnName: Name -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/CommonSecurityLog/PaloAlto-NetworkBeaconing.yaml b/Detections/CommonSecurityLog/PaloAlto-NetworkBeaconing.yaml index ccc1a4ba62..1e3722f67c 100644 --- a/Detections/CommonSecurityLog/PaloAlto-NetworkBeaconing.yaml +++ b/Detections/CommonSecurityLog/PaloAlto-NetworkBeaconing.yaml @@ -63,4 +63,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/CommonSecurityLog/PaloAlto-PortScanning.yaml b/Detections/CommonSecurityLog/PaloAlto-PortScanning.yaml index 36dcdd1bed..0a51cb9c09 100644 --- a/Detections/CommonSecurityLog/PaloAlto-PortScanning.yaml +++ b/Detections/CommonSecurityLog/PaloAlto-PortScanning.yaml @@ -58,4 +58,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/CommonSecurityLog/TimeSeriesAnomaly-MultiVendor_NetworkTraffic.yaml b/Detections/CommonSecurityLog/TimeSeriesAnomaly-MultiVendor_NetworkTraffic.yaml index a3e099a442..0588e724d5 100644 --- a/Detections/CommonSecurityLog/TimeSeriesAnomaly-MultiVendor_NetworkTraffic.yaml +++ b/Detections/CommonSecurityLog/TimeSeriesAnomaly-MultiVendor_NetworkTraffic.yaml @@ -82,4 +82,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/CommonSecurityLog/Wazuh-Large Number of Web errors from an IP.yaml b/Detections/CommonSecurityLog/Wazuh-Large Number of Web errors from an IP.yaml index 66f7392a88..c9d84643c0 100644 --- a/Detections/CommonSecurityLog/Wazuh-Large Number of Web errors from an IP.yaml +++ b/Detections/CommonSecurityLog/Wazuh-Large Number of Web errors from an IP.yaml @@ -32,4 +32,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/CommonSecurityLog/Zscaler-LowVolumeDomainRequests.yaml b/Detections/CommonSecurityLog/Zscaler-LowVolumeDomainRequests.yaml index 73d6a27e2d..80c5714d3e 100644 --- a/Detections/CommonSecurityLog/Zscaler-LowVolumeDomainRequests.yaml +++ b/Detections/CommonSecurityLog/Zscaler-LowVolumeDomainRequests.yaml @@ -50,4 +50,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/CyberpionSecurityLogs/HighUrgencyActionItems.yaml b/Detections/CyberpionSecurityLogs/HighUrgencyActionItems.yaml index 9b8387fba5..09c2eca86e 100644 --- a/Detections/CyberpionSecurityLogs/HighUrgencyActionItems.yaml +++ b/Detections/CyberpionSecurityLogs/HighUrgencyActionItems.yaml @@ -37,4 +37,5 @@ entityMappings: fieldMappings: - identifier: DomainName columnName: DNSCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/DeviceEvents/SolarWinds_TEARDROP_Process-IOCs.yaml b/Detections/DeviceEvents/SolarWinds_TEARDROP_Process-IOCs.yaml index 0c504bab4e..ebc22570e9 100644 --- a/Detections/DeviceEvents/SolarWinds_TEARDROP_Process-IOCs.yaml +++ b/Detections/DeviceEvents/SolarWinds_TEARDROP_Process-IOCs.yaml @@ -49,4 +49,5 @@ entityMappings: columnName: FileHashType - identifier: Value columnName: FileHashCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/DeviceFileEvents/SolarWinds_SUNBURST_&_SUPERNOVA_File-IOCs.yaml b/Detections/DeviceFileEvents/SolarWinds_SUNBURST_&_SUPERNOVA_File-IOCs.yaml index f866030ab0..40461b658e 100644 --- a/Detections/DeviceFileEvents/SolarWinds_SUNBURST_&_SUPERNOVA_File-IOCs.yaml +++ b/Detections/DeviceFileEvents/SolarWinds_SUNBURST_&_SUPERNOVA_File-IOCs.yaml @@ -45,4 +45,5 @@ entityMappings: columnName: MD5 - identifier: Value columnName: FileHashCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/DeviceNetworkEvents/SolarWinds_SUNBURST_Network-IOCs.yaml b/Detections/DeviceNetworkEvents/SolarWinds_SUNBURST_Network-IOCs.yaml index a30f10c074..2984073673 100644 --- a/Detections/DeviceNetworkEvents/SolarWinds_SUNBURST_Network-IOCs.yaml +++ b/Detections/DeviceNetworkEvents/SolarWinds_SUNBURST_Network-IOCs.yaml @@ -56,4 +56,5 @@ entityMappings: columnName: HashAlgorithm - identifier: Value columnName: FileHashCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/DeviceProcessEvents/AdFind_Usage.yaml b/Detections/DeviceProcessEvents/AdFind_Usage.yaml index fe6a792465..c385015651 100644 --- a/Detections/DeviceProcessEvents/AdFind_Usage.yaml +++ b/Detections/DeviceProcessEvents/AdFind_Usage.yaml @@ -48,3 +48,4 @@ entityMappings: - identifier: Value columnName: FileHashCustomEntity version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/DeviceProcessEvents/SolarWinds_SUNBURST_Process-IOCs.yaml b/Detections/DeviceProcessEvents/SolarWinds_SUNBURST_Process-IOCs.yaml index c3463fc5dd..d999b98751 100644 --- a/Detections/DeviceProcessEvents/SolarWinds_SUNBURST_Process-IOCs.yaml +++ b/Detections/DeviceProcessEvents/SolarWinds_SUNBURST_Process-IOCs.yaml @@ -48,4 +48,5 @@ entityMappings: columnName: MD5 - identifier: Value columnName: FileHashCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/DnsEvents/DNS_HighNXDomainCount_detection.yaml b/Detections/DnsEvents/DNS_HighNXDomainCount_detection.yaml index 105109ee04..81432c9b5a 100644 --- a/Detections/DnsEvents/DNS_HighNXDomainCount_detection.yaml +++ b/Detections/DnsEvents/DNS_HighNXDomainCount_detection.yaml @@ -49,4 +49,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/DnsEvents/DNS_HighReverseDNSCount_detection.yaml b/Detections/DnsEvents/DNS_HighReverseDNSCount_detection.yaml index 458478a4a6..02c94a99cd 100644 --- a/Detections/DnsEvents/DNS_HighReverseDNSCount_detection.yaml +++ b/Detections/DnsEvents/DNS_HighReverseDNSCount_detection.yaml @@ -40,4 +40,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/DnsEvents/DNS_Miners.yaml b/Detections/DnsEvents/DNS_Miners.yaml index 449e79b30c..efaf8f435f 100644 --- a/Detections/DnsEvents/DNS_Miners.yaml +++ b/Detections/DnsEvents/DNS_Miners.yaml @@ -38,4 +38,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/DnsEvents/DNS_TorProxies.yaml b/Detections/DnsEvents/DNS_TorProxies.yaml index e93f96c646..aaf79c86b3 100644 --- a/Detections/DnsEvents/DNS_TorProxies.yaml +++ b/Detections/DnsEvents/DNS_TorProxies.yaml @@ -33,4 +33,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/Duo Security/IPEntity_DuoSecurity.yaml b/Detections/Duo Security/IPEntity_DuoSecurity.yaml index 916795cbdf..aa8e040df8 100644 --- a/Detections/Duo Security/IPEntity_DuoSecurity.yaml +++ b/Detections/Duo Security/IPEntity_DuoSecurity.yaml @@ -52,3 +52,4 @@ entityMappings: - identifier: Address columnName: IPCustomEntity version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/Duo Security/TrustMonitorEvent.yaml b/Detections/Duo Security/TrustMonitorEvent.yaml index 90da76d13d..39633aab96 100644 --- a/Detections/Duo Security/TrustMonitorEvent.yaml +++ b/Detections/Duo Security/TrustMonitorEvent.yaml @@ -26,3 +26,4 @@ entityMappings: - identifier: Address columnName: IPCustomEntity version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/EsetSMC/eset-sites-blocked.yaml b/Detections/EsetSMC/eset-sites-blocked.yaml index 9142a0d22a..1e937b2fcf 100644 --- a/Detections/EsetSMC/eset-sites-blocked.yaml +++ b/Detections/EsetSMC/eset-sites-blocked.yaml @@ -36,4 +36,5 @@ entityMappings: fieldMappings: - identifier: Url columnName: URLCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/EsetSMC/eset-threats.yaml b/Detections/EsetSMC/eset-threats.yaml index 01867a7394..f0553fbc48 100644 --- a/Detections/EsetSMC/eset-threats.yaml +++ b/Detections/EsetSMC/eset-threats.yaml @@ -32,4 +32,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/GitHub/GitHub Activities from Infrequent Country.yaml b/Detections/GitHub/GitHub Activities from Infrequent Country.yaml index 3138d4abf8..b81c32dccb 100644 --- a/Detections/GitHub/GitHub Activities from Infrequent Country.yaml +++ b/Detections/GitHub/GitHub Activities from Infrequent Country.yaml @@ -35,4 +35,5 @@ entityMappings: fieldMappings: - identifier: FullName columnName: AccountCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/GitHub/Security Vulnerability in Repo.yaml b/Detections/GitHub/Security Vulnerability in Repo.yaml index b1efba0b3d..9f605908f7 100644 --- a/Detections/GitHub/Security Vulnerability in Repo.yaml +++ b/Detections/GitHub/Security Vulnerability in Repo.yaml @@ -13,4 +13,5 @@ query: | GitHubRepo | where Action == "vulnerabilityAlert" | project TimeGenerated, DismmisedAt, Reason, vulnerableManifestFilename, Description, Link, PublishedAt, Severity, Summary -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/GitHub/Threat Intel Matches to GitHub Audit Logs.yaml b/Detections/GitHub/Threat Intel Matches to GitHub Audit Logs.yaml index b466c667de..fb2a2ab0cb 100644 --- a/Detections/GitHub/Threat Intel Matches to GitHub Audit Logs.yaml +++ b/Detections/GitHub/Threat Intel Matches to GitHub Audit Logs.yaml @@ -43,4 +43,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/GitHub/Two Factor Authentication Disabled.yaml b/Detections/GitHub/Two Factor Authentication Disabled.yaml index f39f8ae6a7..dfeea67fa3 100644 --- a/Detections/GitHub/Two Factor Authentication Disabled.yaml +++ b/Detections/GitHub/Two Factor Authentication Disabled.yaml @@ -27,4 +27,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/Heartbeat/OMI_vulnerability_detection.yaml b/Detections/Heartbeat/OMI_vulnerability_detection.yaml index 9a7608930d..9363ab1d27 100644 --- a/Detections/Heartbeat/OMI_vulnerability_detection.yaml +++ b/Detections/Heartbeat/OMI_vulnerability_detection.yaml @@ -52,3 +52,4 @@ customDetails: HostIp: ComputerIP OSType: OSType OSName: OSName +kind: scheduled \ No newline at end of file diff --git a/Detections/InfobloxNIOS/ExcessiveNXDOMAINDNSQueries.yaml b/Detections/InfobloxNIOS/ExcessiveNXDOMAINDNSQueries.yaml index ad62c90d41..8293764d09 100644 --- a/Detections/InfobloxNIOS/ExcessiveNXDOMAINDNSQueries.yaml +++ b/Detections/InfobloxNIOS/ExcessiveNXDOMAINDNSQueries.yaml @@ -36,4 +36,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/InfobloxNIOS/PotentialDHCPStarvationAttack.yaml b/Detections/InfobloxNIOS/PotentialDHCPStarvationAttack.yaml index 3f433b3856..a6451f17da 100644 --- a/Detections/InfobloxNIOS/PotentialDHCPStarvationAttack.yaml +++ b/Detections/InfobloxNIOS/PotentialDHCPStarvationAttack.yaml @@ -31,4 +31,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/LAQueryLogs/UserSearchingForVIPUserActivity.yaml b/Detections/LAQueryLogs/UserSearchingForVIPUserActivity.yaml index b31bd60ae3..b02762fdd8 100644 --- a/Detections/LAQueryLogs/UserSearchingForVIPUserActivity.yaml +++ b/Detections/LAQueryLogs/UserSearchingForVIPUserActivity.yaml @@ -36,4 +36,5 @@ entityMappings: fieldMappings: - identifier: ResourceId columnName: RequestTarget -version: 1.1.0 \ No newline at end of file +version: 1.1.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/MultipleDataSources/AADAWSConsoleCorrelation.yaml b/Detections/MultipleDataSources/AADAWSConsoleCorrelation.yaml index b1566ff9ac..26c0744962 100644 --- a/Detections/MultipleDataSources/AADAWSConsoleCorrelation.yaml +++ b/Detections/MultipleDataSources/AADAWSConsoleCorrelation.yaml @@ -64,4 +64,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/MultipleDataSources/AADHostLoginCorrelation.yaml b/Detections/MultipleDataSources/AADHostLoginCorrelation.yaml index 1fdbf89d3a..2079727fbc 100644 --- a/Detections/MultipleDataSources/AADHostLoginCorrelation.yaml +++ b/Detections/MultipleDataSources/AADHostLoginCorrelation.yaml @@ -77,4 +77,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/MultipleDataSources/AAD_PAVPN_Correlation.yaml b/Detections/MultipleDataSources/AAD_PAVPN_Correlation.yaml index 1cc2359a2e..7d7d4ae033 100644 --- a/Detections/MultipleDataSources/AAD_PAVPN_Correlation.yaml +++ b/Detections/MultipleDataSources/AAD_PAVPN_Correlation.yaml @@ -75,4 +75,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/MultipleDataSources/ADFS-DKM-MasterKey-Export.yaml b/Detections/MultipleDataSources/ADFS-DKM-MasterKey-Export.yaml index 28540fedb3..0627cf026a 100644 --- a/Detections/MultipleDataSources/ADFS-DKM-MasterKey-Export.yaml +++ b/Detections/MultipleDataSources/ADFS-DKM-MasterKey-Export.yaml @@ -51,4 +51,5 @@ entityMappings: fieldMappings: - identifier: FullName columnName: HostCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/MultipleDataSources/AWSConsoleAADCorrelation.yaml b/Detections/MultipleDataSources/AWSConsoleAADCorrelation.yaml index 5d608a9831..0c010c03f9 100644 --- a/Detections/MultipleDataSources/AWSConsoleAADCorrelation.yaml +++ b/Detections/MultipleDataSources/AWSConsoleAADCorrelation.yaml @@ -50,4 +50,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/MultipleDataSources/AdditionalFilesUploadedByActor.yaml b/Detections/MultipleDataSources/AdditionalFilesUploadedByActor.yaml index d30265fa9c..01933e5fa8 100644 --- a/Detections/MultipleDataSources/AdditionalFilesUploadedByActor.yaml +++ b/Detections/MultipleDataSources/AdditionalFilesUploadedByActor.yaml @@ -89,4 +89,5 @@ entityMappings: columnName: HashAlgorithm - identifier: Value columnName: FileHashCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/MultipleDataSources/AnomalousIPUsageFollowedByTeamsAction.yaml b/Detections/MultipleDataSources/AnomalousIPUsageFollowedByTeamsAction.yaml index 5e7bef06e7..2d140eeda6 100644 --- a/Detections/MultipleDataSources/AnomalousIPUsageFollowedByTeamsAction.yaml +++ b/Detections/MultipleDataSources/AnomalousIPUsageFollowedByTeamsAction.yaml @@ -125,4 +125,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/MultipleDataSources/AuditPolicyManipulation_using_auditpol.yaml b/Detections/MultipleDataSources/AuditPolicyManipulation_using_auditpol.yaml index 49c2dfd132..cd64f1bc78 100644 --- a/Detections/MultipleDataSources/AuditPolicyManipulation_using_auditpol.yaml +++ b/Detections/MultipleDataSources/AuditPolicyManipulation_using_auditpol.yaml @@ -89,4 +89,5 @@ entityMappings: fieldMappings: - identifier: FullName columnName: HostCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/MultipleDataSources/BariumDomainIOC112020.yaml b/Detections/MultipleDataSources/BariumDomainIOC112020.yaml index 4afd12fdc6..1d7ac033b0 100644 --- a/Detections/MultipleDataSources/BariumDomainIOC112020.yaml +++ b/Detections/MultipleDataSources/BariumDomainIOC112020.yaml @@ -159,4 +159,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.3.0 \ No newline at end of file +version: 1.3.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/MultipleDataSources/BariumIPIOC112020.yaml b/Detections/MultipleDataSources/BariumIPIOC112020.yaml index 076ddbeecb..33d6ec7dc1 100644 --- a/Detections/MultipleDataSources/BariumIPIOC112020.yaml +++ b/Detections/MultipleDataSources/BariumIPIOC112020.yaml @@ -178,4 +178,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.1.0 \ No newline at end of file +version: 1.1.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/MultipleDataSources/CERIUMOct292020IOCs.yaml b/Detections/MultipleDataSources/CERIUMOct292020IOCs.yaml index 3a57fc9a02..76f117a97f 100644 --- a/Detections/MultipleDataSources/CERIUMOct292020IOCs.yaml +++ b/Detections/MultipleDataSources/CERIUMOct292020IOCs.yaml @@ -81,4 +81,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/MultipleDataSources/ChiaCryptoMining.yaml b/Detections/MultipleDataSources/ChiaCryptoMining.yaml index d7293d8f70..7bbccbb74c 100644 --- a/Detections/MultipleDataSources/ChiaCryptoMining.yaml +++ b/Detections/MultipleDataSources/ChiaCryptoMining.yaml @@ -199,3 +199,4 @@ entityMappings: - identifier: Value columnName: FileHashCustomEntity version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/MultipleDataSources/DEV-0322_SolarWinds_Serv-U_IOC.yaml b/Detections/MultipleDataSources/DEV-0322_SolarWinds_Serv-U_IOC.yaml index cf90c0bec0..d435fd86f6 100644 --- a/Detections/MultipleDataSources/DEV-0322_SolarWinds_Serv-U_IOC.yaml +++ b/Detections/MultipleDataSources/DEV-0322_SolarWinds_Serv-U_IOC.yaml @@ -191,3 +191,4 @@ entityMappings: - identifier: Value columnName: FileHashCustomEntity version: 1.0.1 +kind: scheduled \ No newline at end of file diff --git a/Detections/MultipleDataSources/EmailAccessviaActiveSync.yaml b/Detections/MultipleDataSources/EmailAccessviaActiveSync.yaml index a57cef5e68..78604b8750 100644 --- a/Detections/MultipleDataSources/EmailAccessviaActiveSync.yaml +++ b/Detections/MultipleDataSources/EmailAccessviaActiveSync.yaml @@ -70,4 +70,5 @@ entityMappings: fieldMappings: - identifier: FullName columnName: HostCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/MultipleDataSources/ExchangeServerVulnerabilitiesMarch2021IoCs.yaml b/Detections/MultipleDataSources/ExchangeServerVulnerabilitiesMarch2021IoCs.yaml index 8f3b396418..d33d278e59 100644 --- a/Detections/MultipleDataSources/ExchangeServerVulnerabilitiesMarch2021IoCs.yaml +++ b/Detections/MultipleDataSources/ExchangeServerVulnerabilitiesMarch2021IoCs.yaml @@ -165,3 +165,4 @@ entityMappings: - identifier: Address columnName: IPCustomEntity version: 1.4.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/MultipleDataSources/GainCodeExecutionADFSviaWMI.yaml b/Detections/MultipleDataSources/GainCodeExecutionADFSviaWMI.yaml index c55003de8a..e7fb1b7472 100644 --- a/Detections/MultipleDataSources/GainCodeExecutionADFSviaWMI.yaml +++ b/Detections/MultipleDataSources/GainCodeExecutionADFSviaWMI.yaml @@ -95,4 +95,5 @@ entityMappings: fieldMappings: - identifier: FullName columnName: HostCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/MultipleDataSources/GalliumIOCs.yaml b/Detections/MultipleDataSources/GalliumIOCs.yaml index 7fca198bb5..da3cef9d05 100644 --- a/Detections/MultipleDataSources/GalliumIOCs.yaml +++ b/Detections/MultipleDataSources/GalliumIOCs.yaml @@ -109,4 +109,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.3.0 \ No newline at end of file +version: 1.3.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/MultipleDataSources/HAFNIUMUmServiceSuspiciousFile.yaml b/Detections/MultipleDataSources/HAFNIUMUmServiceSuspiciousFile.yaml index 1f413dff69..1317e76401 100644 --- a/Detections/MultipleDataSources/HAFNIUMUmServiceSuspiciousFile.yaml +++ b/Detections/MultipleDataSources/HAFNIUMUmServiceSuspiciousFile.yaml @@ -66,4 +66,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.1.0 \ No newline at end of file +version: 1.1.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/MultipleDataSources/HostAADCorrelation.yaml b/Detections/MultipleDataSources/HostAADCorrelation.yaml index bec526e028..27feadc609 100644 --- a/Detections/MultipleDataSources/HostAADCorrelation.yaml +++ b/Detections/MultipleDataSources/HostAADCorrelation.yaml @@ -70,4 +70,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/MultipleDataSources/IridiumIOCs.yaml b/Detections/MultipleDataSources/IridiumIOCs.yaml index 5ce27ccdf9..01ee5792d1 100644 --- a/Detections/MultipleDataSources/IridiumIOCs.yaml +++ b/Detections/MultipleDataSources/IridiumIOCs.yaml @@ -149,4 +149,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.2.0 \ No newline at end of file +version: 1.2.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/MultipleDataSources/KnownPHOSPHORUSDomainsIP-October2020.yaml b/Detections/MultipleDataSources/KnownPHOSPHORUSDomainsIP-October2020.yaml index bcfc8cdca7..ae0829dbe2 100644 --- a/Detections/MultipleDataSources/KnownPHOSPHORUSDomainsIP-October2020.yaml +++ b/Detections/MultipleDataSources/KnownPHOSPHORUSDomainsIP-October2020.yaml @@ -95,4 +95,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/MultipleDataSources/MFADisable.yaml b/Detections/MultipleDataSources/MFADisable.yaml index 6cf780348b..35bd8cb989 100644 --- a/Detections/MultipleDataSources/MFADisable.yaml +++ b/Detections/MultipleDataSources/MFADisable.yaml @@ -47,4 +47,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/MultipleDataSources/MSHTMLVuln.yaml b/Detections/MultipleDataSources/MSHTMLVuln.yaml index 798f9f101a..665ad4e2b4 100644 --- a/Detections/MultipleDataSources/MSHTMLVuln.yaml +++ b/Detections/MultipleDataSources/MSHTMLVuln.yaml @@ -63,3 +63,4 @@ entityMappings: - identifier: FullName columnName: HostCustomEntity version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/MultipleDataSources/MalformedUserAgents.yaml b/Detections/MultipleDataSources/MalformedUserAgents.yaml index 598a5a14b2..652bcae743 100644 --- a/Detections/MultipleDataSources/MalformedUserAgents.yaml +++ b/Detections/MultipleDataSources/MalformedUserAgents.yaml @@ -95,4 +95,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/MultipleDataSources/Manganese_VPN-IOCs.yaml b/Detections/MultipleDataSources/Manganese_VPN-IOCs.yaml index afec5769db..98c12645ed 100644 --- a/Detections/MultipleDataSources/Manganese_VPN-IOCs.yaml +++ b/Detections/MultipleDataSources/Manganese_VPN-IOCs.yaml @@ -53,3 +53,4 @@ entityMappings: - identifier: Address columnName: IPCustomEntity version: 1.1.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/MultipleDataSources/MultiplePasswordresetsbyUser.yaml b/Detections/MultipleDataSources/MultiplePasswordresetsbyUser.yaml index d41fd5604b..bf96de162f 100644 --- a/Detections/MultipleDataSources/MultiplePasswordresetsbyUser.yaml +++ b/Detections/MultipleDataSources/MultiplePasswordresetsbyUser.yaml @@ -90,3 +90,4 @@ entityMappings: - identifier: FullName columnName: TargetUserName version: 2.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/MultipleDataSources/NOBELIUM_DomainIOCsMarch2021.yaml b/Detections/MultipleDataSources/NOBELIUM_DomainIOCsMarch2021.yaml index ed327ea4e9..7161e9b1f9 100644 --- a/Detections/MultipleDataSources/NOBELIUM_DomainIOCsMarch2021.yaml +++ b/Detections/MultipleDataSources/NOBELIUM_DomainIOCsMarch2021.yaml @@ -107,4 +107,5 @@ entityMappings: fieldMappings: - identifier: DomainName columnName: DNSName -version: 1.1.0 \ No newline at end of file +version: 1.1.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/MultipleDataSources/NOBELIUM_IOCsMay2021.yaml b/Detections/MultipleDataSources/NOBELIUM_IOCsMay2021.yaml index d6c956a252..b23c33fb94 100644 --- a/Detections/MultipleDataSources/NOBELIUM_IOCsMay2021.yaml +++ b/Detections/MultipleDataSources/NOBELIUM_IOCsMay2021.yaml @@ -173,3 +173,4 @@ entityMappings: - identifier: DomainName columnName: DNSName version: 1.3.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/MultipleDataSources/NetworkEndpointCorrelation.yaml b/Detections/MultipleDataSources/NetworkEndpointCorrelation.yaml index 83e236bab9..fe5b0398e2 100644 --- a/Detections/MultipleDataSources/NetworkEndpointCorrelation.yaml +++ b/Detections/MultipleDataSources/NetworkEndpointCorrelation.yaml @@ -52,4 +52,5 @@ entityMappings: fieldMappings: - identifier: Url columnName: URLCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/MultipleDataSources/NewUserAgentLast24h.yaml b/Detections/MultipleDataSources/NewUserAgentLast24h.yaml index 7ad138680c..d67b963584 100644 --- a/Detections/MultipleDataSources/NewUserAgentLast24h.yaml +++ b/Detections/MultipleDataSources/NewUserAgentLast24h.yaml @@ -81,4 +81,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/MultipleDataSources/Nobelium_FoggyWeb.yaml b/Detections/MultipleDataSources/Nobelium_FoggyWeb.yaml index 6dd8c38267..1a52e795cb 100644 --- a/Detections/MultipleDataSources/Nobelium_FoggyWeb.yaml +++ b/Detections/MultipleDataSources/Nobelium_FoggyWeb.yaml @@ -189,3 +189,4 @@ entityMappings: - identifier: ProcessId columnName: ProcessCustomEntity version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/MultipleDataSources/PHOSPHORUSMarch2019IOCs.yaml b/Detections/MultipleDataSources/PHOSPHORUSMarch2019IOCs.yaml index 9e6d776ee8..ef7adac1f4 100644 --- a/Detections/MultipleDataSources/PHOSPHORUSMarch2019IOCs.yaml +++ b/Detections/MultipleDataSources/PHOSPHORUSMarch2019IOCs.yaml @@ -114,4 +114,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.2.0 \ No newline at end of file +version: 1.2.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/MultipleDataSources/PotentialBuildProcessCompromiseMDE.yaml b/Detections/MultipleDataSources/PotentialBuildProcessCompromiseMDE.yaml index 5e74a0ecc1..0aaecd6079 100644 --- a/Detections/MultipleDataSources/PotentialBuildProcessCompromiseMDE.yaml +++ b/Detections/MultipleDataSources/PotentialBuildProcessCompromiseMDE.yaml @@ -53,4 +53,5 @@ entityMappings: fieldMappings: - identifier: FullName columnName: HostCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/MultipleDataSources/SOURGUM_IOC.yaml b/Detections/MultipleDataSources/SOURGUM_IOC.yaml index 4349442412..21ca441d3c 100644 --- a/Detections/MultipleDataSources/SOURGUM_IOC.yaml +++ b/Detections/MultipleDataSources/SOURGUM_IOC.yaml @@ -180,3 +180,4 @@ entityMappings: - identifier: Value columnName: FileHashCustomEntity version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/MultipleDataSources/STRONTIUMJuly2019IOCs.yaml b/Detections/MultipleDataSources/STRONTIUMJuly2019IOCs.yaml index 0ba5e6ff70..bc350e489d 100644 --- a/Detections/MultipleDataSources/STRONTIUMJuly2019IOCs.yaml +++ b/Detections/MultipleDataSources/STRONTIUMJuly2019IOCs.yaml @@ -75,4 +75,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.3.0 \ No newline at end of file +version: 1.3.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/MultipleDataSources/STRONTIUMOct292020IOCs.yaml b/Detections/MultipleDataSources/STRONTIUMOct292020IOCs.yaml index e18821e10e..c0d9b97a0b 100644 --- a/Detections/MultipleDataSources/STRONTIUMOct292020IOCs.yaml +++ b/Detections/MultipleDataSources/STRONTIUMOct292020IOCs.yaml @@ -33,4 +33,5 @@ query: | | where authAttempts > 500 | extend timestamp = firstAttempt | sort by uniqueAccounts -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/MultipleDataSources/SUNSPOTHashes.yaml b/Detections/MultipleDataSources/SUNSPOTHashes.yaml index 580071b943..087841c573 100644 --- a/Detections/MultipleDataSources/SUNSPOTHashes.yaml +++ b/Detections/MultipleDataSources/SUNSPOTHashes.yaml @@ -35,4 +35,5 @@ entityMappings: fieldMappings: - identifier: FullName columnName: HostCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/MultipleDataSources/SUNSPOTLogFile.yaml b/Detections/MultipleDataSources/SUNSPOTLogFile.yaml index f3a2f25ff2..5a2a95b7f7 100644 --- a/Detections/MultipleDataSources/SUNSPOTLogFile.yaml +++ b/Detections/MultipleDataSources/SUNSPOTLogFile.yaml @@ -47,4 +47,5 @@ entityMappings: columnName: HostCustomEntity -version: 1.1.0 \ No newline at end of file +version: 1.1.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/MultipleDataSources/SecurityServiceRegistryACLModification.yaml b/Detections/MultipleDataSources/SecurityServiceRegistryACLModification.yaml index 350183f113..39d881f91f 100644 --- a/Detections/MultipleDataSources/SecurityServiceRegistryACLModification.yaml +++ b/Detections/MultipleDataSources/SecurityServiceRegistryACLModification.yaml @@ -82,4 +82,5 @@ entityMappings: fieldMappings: - identifier: FullName columnName: HostCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/MultipleDataSources/SigninFirewallCorrelation.yaml b/Detections/MultipleDataSources/SigninFirewallCorrelation.yaml index 60e522c753..b4b0532713 100644 --- a/Detections/MultipleDataSources/SigninFirewallCorrelation.yaml +++ b/Detections/MultipleDataSources/SigninFirewallCorrelation.yaml @@ -54,4 +54,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/MultipleDataSources/Solorigate-Network-Beacon.yaml b/Detections/MultipleDataSources/Solorigate-Network-Beacon.yaml index 2b0b5ba5d7..298a6e964b 100644 --- a/Detections/MultipleDataSources/Solorigate-Network-Beacon.yaml +++ b/Detections/MultipleDataSources/Solorigate-Network-Beacon.yaml @@ -103,4 +103,5 @@ entityMappings: fieldMappings: - identifier: DomainName columnName: DNSName -version: 1.3.0 \ No newline at end of file +version: 1.3.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/MultipleDataSources/Solorigate-VM-Network.yaml b/Detections/MultipleDataSources/Solorigate-VM-Network.yaml index 558a8887e1..e73363201c 100644 --- a/Detections/MultipleDataSources/Solorigate-VM-Network.yaml +++ b/Detections/MultipleDataSources/Solorigate-VM-Network.yaml @@ -76,3 +76,4 @@ entityMappings: - identifier: Name columnName: Filename version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/MultipleDataSources/ThalliumIOCs.yaml b/Detections/MultipleDataSources/ThalliumIOCs.yaml index 882242dbf8..596495f0e0 100644 --- a/Detections/MultipleDataSources/ThalliumIOCs.yaml +++ b/Detections/MultipleDataSources/ThalliumIOCs.yaml @@ -88,4 +88,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.3.0 \ No newline at end of file +version: 1.3.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/MultipleDataSources/TimeSeriesAnomaly-MultiVendor_DataExfiltration.yaml b/Detections/MultipleDataSources/TimeSeriesAnomaly-MultiVendor_DataExfiltration.yaml index 1d7137d776..6ff45938e2 100644 --- a/Detections/MultipleDataSources/TimeSeriesAnomaly-MultiVendor_DataExfiltration.yaml +++ b/Detections/MultipleDataSources/TimeSeriesAnomaly-MultiVendor_DataExfiltration.yaml @@ -114,4 +114,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/MultipleDataSources/WSLMalwareCorrelation.yaml b/Detections/MultipleDataSources/WSLMalwareCorrelation.yaml index ae211ffd39..ca4457af55 100644 --- a/Detections/MultipleDataSources/WSLMalwareCorrelation.yaml +++ b/Detections/MultipleDataSources/WSLMalwareCorrelation.yaml @@ -142,4 +142,4 @@ entityMappings: - identifier: Value columnName: FileHashCustomEntity version: 1.0.0 - +kind: scheduled \ No newline at end of file diff --git a/Detections/MultipleDataSources/ZincJan272021IOCs.yaml b/Detections/MultipleDataSources/ZincJan272021IOCs.yaml index 8d70bb6ca1..5f81aa1343 100644 --- a/Detections/MultipleDataSources/ZincJan272021IOCs.yaml +++ b/Detections/MultipleDataSources/ZincJan272021IOCs.yaml @@ -151,4 +151,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.3.0 \ No newline at end of file +version: 1.3.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/MultipleDataSources/ZincOct292020IOCs.yaml b/Detections/MultipleDataSources/ZincOct292020IOCs.yaml index d78d798692..f9904f39b7 100644 --- a/Detections/MultipleDataSources/ZincOct292020IOCs.yaml +++ b/Detections/MultipleDataSources/ZincOct292020IOCs.yaml @@ -55,4 +55,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/OfficeActivity/ExternalUserAddedRemovedInTeams.yaml b/Detections/OfficeActivity/ExternalUserAddedRemovedInTeams.yaml index 3f91f8210e..24145fbdf8 100644 --- a/Detections/OfficeActivity/ExternalUserAddedRemovedInTeams.yaml +++ b/Detections/OfficeActivity/ExternalUserAddedRemovedInTeams.yaml @@ -39,4 +39,5 @@ entityMappings: fieldMappings: - identifier: FullName columnName: AccountCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/OfficeActivity/MailItemsAccessedTimeSeries.yaml b/Detections/OfficeActivity/MailItemsAccessedTimeSeries.yaml index 751b2f8bb9..7a53e49ada 100644 --- a/Detections/OfficeActivity/MailItemsAccessedTimeSeries.yaml +++ b/Detections/OfficeActivity/MailItemsAccessedTimeSeries.yaml @@ -64,4 +64,5 @@ entityMappings: fieldMappings: - identifier: FullName columnName: AccountCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/OfficeActivity/Mail_redirect_via_ExO_transport_rule.yaml b/Detections/OfficeActivity/Mail_redirect_via_ExO_transport_rule.yaml index 94f559a9f0..9bc4ee1dce 100644 --- a/Detections/OfficeActivity/Mail_redirect_via_ExO_transport_rule.yaml +++ b/Detections/OfficeActivity/Mail_redirect_via_ExO_transport_rule.yaml @@ -57,4 +57,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/OfficeActivity/Malicious_Inbox_Rule.yaml b/Detections/OfficeActivity/Malicious_Inbox_Rule.yaml index 6cdfb9825b..bb034baaf8 100644 --- a/Detections/OfficeActivity/Malicious_Inbox_Rule.yaml +++ b/Detections/OfficeActivity/Malicious_Inbox_Rule.yaml @@ -50,4 +50,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/OfficeActivity/MultipleTeamsDeletes.yaml b/Detections/OfficeActivity/MultipleTeamsDeletes.yaml index 77ced8d061..2c297bb65e 100644 --- a/Detections/OfficeActivity/MultipleTeamsDeletes.yaml +++ b/Detections/OfficeActivity/MultipleTeamsDeletes.yaml @@ -33,4 +33,5 @@ entityMappings: fieldMappings: - identifier: FullName columnName: AccountCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/OfficeActivity/Office_MailForwarding.yaml b/Detections/OfficeActivity/Office_MailForwarding.yaml index b68411e7e1..cd06f3b4f3 100644 --- a/Detections/OfficeActivity/Office_MailForwarding.yaml +++ b/Detections/OfficeActivity/Office_MailForwarding.yaml @@ -71,4 +71,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/OfficeActivity/Office_Uploaded_Executables.yaml b/Detections/OfficeActivity/Office_Uploaded_Executables.yaml index 61ffce6a01..4d5341d175 100644 --- a/Detections/OfficeActivity/Office_Uploaded_Executables.yaml +++ b/Detections/OfficeActivity/Office_Uploaded_Executables.yaml @@ -65,4 +65,5 @@ entityMappings: fieldMappings: - identifier: Url columnName: URLCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/OfficeActivity/RareOfficeOperations.yaml b/Detections/OfficeActivity/RareOfficeOperations.yaml index 037c26d474..39e6f0c1cf 100644 --- a/Detections/OfficeActivity/RareOfficeOperations.yaml +++ b/Detections/OfficeActivity/RareOfficeOperations.yaml @@ -33,4 +33,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/OfficeActivity/SharePoint_Downloads_byNewIP.yaml b/Detections/OfficeActivity/SharePoint_Downloads_byNewIP.yaml index 7800048cd6..05275c2d7b 100644 --- a/Detections/OfficeActivity/SharePoint_Downloads_byNewIP.yaml +++ b/Detections/OfficeActivity/SharePoint_Downloads_byNewIP.yaml @@ -60,4 +60,5 @@ entityMappings: fieldMappings: - identifier: Url columnName: URLCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/OfficeActivity/SharePoint_Downloads_byNewUserAgent.yaml b/Detections/OfficeActivity/SharePoint_Downloads_byNewUserAgent.yaml index 72d19ce69c..a3e597cce3 100644 --- a/Detections/OfficeActivity/SharePoint_Downloads_byNewUserAgent.yaml +++ b/Detections/OfficeActivity/SharePoint_Downloads_byNewUserAgent.yaml @@ -65,4 +65,5 @@ entityMappings: fieldMappings: - identifier: Url columnName: URLCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/OfficeActivity/StrontiumCredHarvesting.yaml b/Detections/OfficeActivity/StrontiumCredHarvesting.yaml index e39f94ed53..b3bd1c7e09 100644 --- a/Detections/OfficeActivity/StrontiumCredHarvesting.yaml +++ b/Detections/OfficeActivity/StrontiumCredHarvesting.yaml @@ -30,4 +30,5 @@ query: | | where authAttempts > 2500 | extend timestamp = firstAttempt | sort by uniqueAccounts -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/OfficeActivity/exchange_auditlogdisabled.yaml b/Detections/OfficeActivity/exchange_auditlogdisabled.yaml index f1588380ba..dbddfd0f41 100644 --- a/Detections/OfficeActivity/exchange_auditlogdisabled.yaml +++ b/Detections/OfficeActivity/exchange_auditlogdisabled.yaml @@ -35,4 +35,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/OfficeActivity/office_policytampering.yaml b/Detections/OfficeActivity/office_policytampering.yaml index 1a4359302e..5da5cff026 100644 --- a/Detections/OfficeActivity/office_policytampering.yaml +++ b/Detections/OfficeActivity/office_policytampering.yaml @@ -53,4 +53,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/OktaSSO/FailedLoginsFromUnknownOrInvalidUser.yaml b/Detections/OktaSSO/FailedLoginsFromUnknownOrInvalidUser.yaml index 63049db2da..a46b0823bf 100644 --- a/Detections/OktaSSO/FailedLoginsFromUnknownOrInvalidUser.yaml +++ b/Detections/OktaSSO/FailedLoginsFromUnknownOrInvalidUser.yaml @@ -39,4 +39,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/OktaSSO/LoginfromUsersfromDifferentCountrieswithin3hours.yaml b/Detections/OktaSSO/LoginfromUsersfromDifferentCountrieswithin3hours.yaml index 5ddcce6641..25ac823972 100644 --- a/Detections/OktaSSO/LoginfromUsersfromDifferentCountrieswithin3hours.yaml +++ b/Detections/OktaSSO/LoginfromUsersfromDifferentCountrieswithin3hours.yaml @@ -31,4 +31,5 @@ entityMappings: fieldMappings: - identifier: FullName columnName: AccountCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/OktaSSO/PasswordSpray.yaml b/Detections/OktaSSO/PasswordSpray.yaml index 43a8145f97..4e70408e21 100644 --- a/Detections/OktaSSO/PasswordSpray.yaml +++ b/Detections/OktaSSO/PasswordSpray.yaml @@ -35,4 +35,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/ProofpointPOD/ProofpointPODBinaryInAttachment.yaml b/Detections/ProofpointPOD/ProofpointPODBinaryInAttachment.yaml index 63100851ca..05792591f9 100644 --- a/Detections/ProofpointPOD/ProofpointPODBinaryInAttachment.yaml +++ b/Detections/ProofpointPOD/ProofpointPODBinaryInAttachment.yaml @@ -29,4 +29,5 @@ entityMappings: fieldMappings: - identifier: FullName columnName: AccountCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/ProofpointPOD/ProofpointPODDataExfiltrationToPrivateEmail.yaml b/Detections/ProofpointPOD/ProofpointPODDataExfiltrationToPrivateEmail.yaml index 28a70c0633..73c7effb82 100644 --- a/Detections/ProofpointPOD/ProofpointPODDataExfiltrationToPrivateEmail.yaml +++ b/Detections/ProofpointPOD/ProofpointPODDataExfiltrationToPrivateEmail.yaml @@ -33,4 +33,5 @@ entityMappings: fieldMappings: - identifier: FullName columnName: AccountCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/ProofpointPOD/ProofpointPODEmailSenderIPinTIList.yaml b/Detections/ProofpointPOD/ProofpointPODEmailSenderIPinTIList.yaml index e341e58011..65cad12d46 100644 --- a/Detections/ProofpointPOD/ProofpointPODEmailSenderIPinTIList.yaml +++ b/Detections/ProofpointPOD/ProofpointPODEmailSenderIPinTIList.yaml @@ -38,4 +38,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/ProofpointPOD/ProofpointPODEmailSenderInTIList.yaml b/Detections/ProofpointPOD/ProofpointPODEmailSenderInTIList.yaml index bdda0e02c1..5ebdf9bf6e 100644 --- a/Detections/ProofpointPOD/ProofpointPODEmailSenderInTIList.yaml +++ b/Detections/ProofpointPOD/ProofpointPODEmailSenderInTIList.yaml @@ -34,4 +34,5 @@ entityMappings: fieldMappings: - identifier: FullName columnName: AccountCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/ProofpointPOD/ProofpointPODHighRiskNotDiscarded.yaml b/Detections/ProofpointPOD/ProofpointPODHighRiskNotDiscarded.yaml index e1c37e4cc1..e9e7891246 100644 --- a/Detections/ProofpointPOD/ProofpointPODHighRiskNotDiscarded.yaml +++ b/Detections/ProofpointPOD/ProofpointPODHighRiskNotDiscarded.yaml @@ -28,4 +28,5 @@ entityMappings: fieldMappings: - identifier: FullName columnName: AccountCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/ProofpointPOD/ProofpointPODMultipleArchivedAttachmentsToSameRecipient.yaml b/Detections/ProofpointPOD/ProofpointPODMultipleArchivedAttachmentsToSameRecipient.yaml index 6f15cdd432..4fb3a9eb12 100644 --- a/Detections/ProofpointPOD/ProofpointPODMultipleArchivedAttachmentsToSameRecipient.yaml +++ b/Detections/ProofpointPOD/ProofpointPODMultipleArchivedAttachmentsToSameRecipient.yaml @@ -30,4 +30,5 @@ entityMappings: fieldMappings: - identifier: FullName columnName: AccountCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/ProofpointPOD/ProofpointPODMultipleLargeEmailsToSameRecipient.yaml b/Detections/ProofpointPOD/ProofpointPODMultipleLargeEmailsToSameRecipient.yaml index e0949e69f6..97b61f8138 100644 --- a/Detections/ProofpointPOD/ProofpointPODMultipleLargeEmailsToSameRecipient.yaml +++ b/Detections/ProofpointPOD/ProofpointPODMultipleLargeEmailsToSameRecipient.yaml @@ -30,4 +30,5 @@ entityMappings: fieldMappings: - identifier: FullName columnName: AccountCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/ProofpointPOD/ProofpointPODMultipleProtectedEmailsToUnknownRecipient.yaml b/Detections/ProofpointPOD/ProofpointPODMultipleProtectedEmailsToUnknownRecipient.yaml index b0dbb4190b..edf0c76595 100644 --- a/Detections/ProofpointPOD/ProofpointPODMultipleProtectedEmailsToUnknownRecipient.yaml +++ b/Detections/ProofpointPOD/ProofpointPODMultipleProtectedEmailsToUnknownRecipient.yaml @@ -42,4 +42,5 @@ entityMappings: fieldMappings: - identifier: FullName columnName: AccountCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/ProofpointPOD/ProofpointPODSuspiciousAttachment.yaml b/Detections/ProofpointPOD/ProofpointPODSuspiciousAttachment.yaml index aba1360dba..d73bc278ea 100644 --- a/Detections/ProofpointPOD/ProofpointPODSuspiciousAttachment.yaml +++ b/Detections/ProofpointPOD/ProofpointPODSuspiciousAttachment.yaml @@ -30,4 +30,5 @@ entityMappings: fieldMappings: - identifier: FullName columnName: AccountCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/ProofpointPOD/ProofpointPODWeakCiphers.yaml b/Detections/ProofpointPOD/ProofpointPODWeakCiphers.yaml index 9be4ac490a..bb4c8fcad7 100644 --- a/Detections/ProofpointPOD/ProofpointPODWeakCiphers.yaml +++ b/Detections/ProofpointPOD/ProofpointPODWeakCiphers.yaml @@ -23,4 +23,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/PulseConnectSecure/PulseConnectSecureVPN-BruteForce.yaml b/Detections/PulseConnectSecure/PulseConnectSecureVPN-BruteForce.yaml index d3a6423c8a..cd40c8f41e 100644 --- a/Detections/PulseConnectSecure/PulseConnectSecureVPN-BruteForce.yaml +++ b/Detections/PulseConnectSecure/PulseConnectSecureVPN-BruteForce.yaml @@ -32,4 +32,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/PulseConnectSecure/PulseConnectSecureVPN-DistinctFailedUserLogin.yaml b/Detections/PulseConnectSecure/PulseConnectSecureVPN-DistinctFailedUserLogin.yaml index 92e398c18e..7245db6d61 100644 --- a/Detections/PulseConnectSecure/PulseConnectSecureVPN-DistinctFailedUserLogin.yaml +++ b/Detections/PulseConnectSecure/PulseConnectSecureVPN-DistinctFailedUserLogin.yaml @@ -28,4 +28,5 @@ entityMappings: fieldMappings: - identifier: FullName columnName: HostCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/QualysVM/HighNumberofVulnDetected.yaml b/Detections/QualysVM/HighNumberofVulnDetected.yaml index dbd6df7b2f..baa99d977b 100644 --- a/Detections/QualysVM/HighNumberofVulnDetected.yaml +++ b/Detections/QualysVM/HighNumberofVulnDetected.yaml @@ -33,4 +33,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/QualysVM/NewHighSeverityVulnDetectedAcrossMulitpleHosts.yaml b/Detections/QualysVM/NewHighSeverityVulnDetectedAcrossMulitpleHosts.yaml index 753b4443b8..e1e13978fd 100644 --- a/Detections/QualysVM/NewHighSeverityVulnDetectedAcrossMulitpleHosts.yaml +++ b/Detections/QualysVM/NewHighSeverityVulnDetectedAcrossMulitpleHosts.yaml @@ -25,4 +25,5 @@ query: | | summarize StartTime = min(TimeGenerated), EndTime = max(TimeGenerated), dcount(NetBios_s) by tostring(Detections_s.QID) | where dcount_NetBios_s >= threshold | extend timestamp = StartTime -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/SecurityAlert/CorrelateIPC_Unfamiliar-Atypical.yaml b/Detections/SecurityAlert/CorrelateIPC_Unfamiliar-Atypical.yaml index 5c0a52124b..0e90a5b330 100644 --- a/Detections/SecurityAlert/CorrelateIPC_Unfamiliar-Atypical.yaml +++ b/Detections/SecurityAlert/CorrelateIPC_Unfamiliar-Atypical.yaml @@ -53,3 +53,4 @@ entityMappings: - identifier: Address columnName: IPCustomEntity version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/SecurityAlert/Solorigate-Defender-Detections.yaml b/Detections/SecurityAlert/Solorigate-Defender-Detections.yaml index f105e05653..b3622d2009 100644 --- a/Detections/SecurityAlert/Solorigate-Defender-Detections.yaml +++ b/Detections/SecurityAlert/Solorigate-Defender-Detections.yaml @@ -44,4 +44,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/SecurityEvent/AADHealthMonAgentRegKeyAccess.yaml b/Detections/SecurityEvent/AADHealthMonAgentRegKeyAccess.yaml index 14b17cda9c..206284e540 100644 --- a/Detections/SecurityEvent/AADHealthMonAgentRegKeyAccess.yaml +++ b/Detections/SecurityEvent/AADHealthMonAgentRegKeyAccess.yaml @@ -73,4 +73,5 @@ entityMappings: fieldMappings: - identifier: FullName columnName: HostCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/SecurityEvent/AADHealthSvcAgentRegKeyAccess.yaml b/Detections/SecurityEvent/AADHealthSvcAgentRegKeyAccess.yaml index 553e1a35a9..f25d6fc8b1 100644 --- a/Detections/SecurityEvent/AADHealthSvcAgentRegKeyAccess.yaml +++ b/Detections/SecurityEvent/AADHealthSvcAgentRegKeyAccess.yaml @@ -74,3 +74,4 @@ entityMappings: - identifier: FullName columnName: HostCustomEntity version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/SecurityEvent/ADFSDBNamedPipeConnection.yaml b/Detections/SecurityEvent/ADFSDBNamedPipeConnection.yaml index adf6bbc516..2fd4e1caa0 100644 --- a/Detections/SecurityEvent/ADFSDBNamedPipeConnection.yaml +++ b/Detections/SecurityEvent/ADFSDBNamedPipeConnection.yaml @@ -80,4 +80,5 @@ entityMappings: fieldMappings: - identifier: FullName columnName: HostCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/SecurityEvent/ADFSRemoteAuthSyncConnection.yaml b/Detections/SecurityEvent/ADFSRemoteAuthSyncConnection.yaml index 1fecbdf175..13dd48c405 100644 --- a/Detections/SecurityEvent/ADFSRemoteAuthSyncConnection.yaml +++ b/Detections/SecurityEvent/ADFSRemoteAuthSyncConnection.yaml @@ -97,3 +97,4 @@ entityMappings: - identifier: Address columnName: IPCustomEntity version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/SecurityEvent/ADFSRemoteHTTPNetworkConnection.yaml b/Detections/SecurityEvent/ADFSRemoteHTTPNetworkConnection.yaml index 2e1fbee779..90f78d5896 100644 --- a/Detections/SecurityEvent/ADFSRemoteHTTPNetworkConnection.yaml +++ b/Detections/SecurityEvent/ADFSRemoteHTTPNetworkConnection.yaml @@ -83,3 +83,4 @@ entityMappings: - identifier: Address columnName: IPCustomEntity version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/SecurityEvent/ExcessiveLogonFailures.yaml b/Detections/SecurityEvent/ExcessiveLogonFailures.yaml index 888e83cf86..4ec56e3220 100644 --- a/Detections/SecurityEvent/ExcessiveLogonFailures.yaml +++ b/Detections/SecurityEvent/ExcessiveLogonFailures.yaml @@ -80,3 +80,4 @@ entityMappings: - identifier: CommandLine columnName: Process version: 2.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/SecurityEvent/ExchangeOABVirtualDirectoryAttributeContainingPotentialWebshell.yaml b/Detections/SecurityEvent/ExchangeOABVirtualDirectoryAttributeContainingPotentialWebshell.yaml index 6b4d4dc8d4..ce8c8aed09 100644 --- a/Detections/SecurityEvent/ExchangeOABVirtualDirectoryAttributeContainingPotentialWebshell.yaml +++ b/Detections/SecurityEvent/ExchangeOABVirtualDirectoryAttributeContainingPotentialWebshell.yaml @@ -51,4 +51,5 @@ entityMappings: fieldMappings: - identifier: FullName columnName: HostCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/SecurityEvent/GainCodeExecutionADFSViaSMB.yaml b/Detections/SecurityEvent/GainCodeExecutionADFSViaSMB.yaml index 9a6bda8e94..dcc8575c93 100644 --- a/Detections/SecurityEvent/GainCodeExecutionADFSViaSMB.yaml +++ b/Detections/SecurityEvent/GainCodeExecutionADFSViaSMB.yaml @@ -68,4 +68,5 @@ entityMappings: fieldMappings: - identifier: FullName columnName: HostCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/SecurityEvent/GroupCreatedAddedToPrivlegeGroup_1h.yaml b/Detections/SecurityEvent/GroupCreatedAddedToPrivlegeGroup_1h.yaml index 20143a13cb..f3529104fd 100644 --- a/Detections/SecurityEvent/GroupCreatedAddedToPrivlegeGroup_1h.yaml +++ b/Detections/SecurityEvent/GroupCreatedAddedToPrivlegeGroup_1h.yaml @@ -60,4 +60,5 @@ entityMappings: fieldMappings: - identifier: FullName columnName: HostCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/SecurityEvent/HAFNIUMNewUMServiceChildProcess.yaml b/Detections/SecurityEvent/HAFNIUMNewUMServiceChildProcess.yaml index 7209ebf29b..7644a5621e 100644 --- a/Detections/SecurityEvent/HAFNIUMNewUMServiceChildProcess.yaml +++ b/Detections/SecurityEvent/HAFNIUMNewUMServiceChildProcess.yaml @@ -45,4 +45,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/SecurityEvent/HAFNIUMSuspiciousUMServiceError.yaml b/Detections/SecurityEvent/HAFNIUMSuspiciousUMServiceError.yaml index b34f68e946..60c963b4a0 100644 --- a/Detections/SecurityEvent/HAFNIUMSuspiciousUMServiceError.yaml +++ b/Detections/SecurityEvent/HAFNIUMSuspiciousUMServiceError.yaml @@ -26,4 +26,5 @@ entityMappings: fieldMappings: - identifier: FullName columnName: HostCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/SecurityEvent/MultipleFailedFollowedBySuccess.yaml b/Detections/SecurityEvent/MultipleFailedFollowedBySuccess.yaml index 30239adeb6..ea96aaf20d 100644 --- a/Detections/SecurityEvent/MultipleFailedFollowedBySuccess.yaml +++ b/Detections/SecurityEvent/MultipleFailedFollowedBySuccess.yaml @@ -65,4 +65,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/SecurityEvent/NOBELIUM_SuspiciousRundll32Exec.yaml b/Detections/SecurityEvent/NOBELIUM_SuspiciousRundll32Exec.yaml index 767ac14480..51001b4cd3 100644 --- a/Detections/SecurityEvent/NOBELIUM_SuspiciousRundll32Exec.yaml +++ b/Detections/SecurityEvent/NOBELIUM_SuspiciousRundll32Exec.yaml @@ -37,4 +37,5 @@ entityMappings: fieldMappings: - identifier: FullName columnName: HostCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/SecurityEvent/NOBELIUM_SuspiciousScriptRegistryWrite.yaml b/Detections/SecurityEvent/NOBELIUM_SuspiciousScriptRegistryWrite.yaml index 45ba44e7c5..54ae13267a 100644 --- a/Detections/SecurityEvent/NOBELIUM_SuspiciousScriptRegistryWrite.yaml +++ b/Detections/SecurityEvent/NOBELIUM_SuspiciousScriptRegistryWrite.yaml @@ -45,4 +45,5 @@ entityMappings: fieldMappings: - identifier: FullName columnName: HostCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/SecurityEvent/NonDCActiveDirectoryReplication.yaml b/Detections/SecurityEvent/NonDCActiveDirectoryReplication.yaml index 8614cfa56d..f8098b34c3 100644 --- a/Detections/SecurityEvent/NonDCActiveDirectoryReplication.yaml +++ b/Detections/SecurityEvent/NonDCActiveDirectoryReplication.yaml @@ -52,4 +52,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: SourceAddress -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/SecurityEvent/PotentialBuildProcessCompromise.yaml b/Detections/SecurityEvent/PotentialBuildProcessCompromise.yaml index c1b17b9ae5..b27abf4e53 100644 --- a/Detections/SecurityEvent/PotentialBuildProcessCompromise.yaml +++ b/Detections/SecurityEvent/PotentialBuildProcessCompromise.yaml @@ -59,4 +59,5 @@ entityMappings: fieldMappings: - identifier: FullName columnName: HostCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/SecurityEvent/PotentialKerberoast.yaml b/Detections/SecurityEvent/PotentialKerberoast.yaml index 645aabb50d..233d45f231 100644 --- a/Detections/SecurityEvent/PotentialKerberoast.yaml +++ b/Detections/SecurityEvent/PotentialKerberoast.yaml @@ -77,4 +77,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/SecurityEvent/RDP_MultipleConnectionsFromSingleSystem.yaml b/Detections/SecurityEvent/RDP_MultipleConnectionsFromSingleSystem.yaml index 653372d8bb..139402dcd0 100644 --- a/Detections/SecurityEvent/RDP_MultipleConnectionsFromSingleSystem.yaml +++ b/Detections/SecurityEvent/RDP_MultipleConnectionsFromSingleSystem.yaml @@ -50,4 +50,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/SecurityEvent/RDP_Nesting.yaml b/Detections/SecurityEvent/RDP_Nesting.yaml index 6e00f97f3f..85bc77d7fc 100644 --- a/Detections/SecurityEvent/RDP_Nesting.yaml +++ b/Detections/SecurityEvent/RDP_Nesting.yaml @@ -72,4 +72,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/SecurityEvent/RDP_RareConnection.yaml b/Detections/SecurityEvent/RDP_RareConnection.yaml index deb700161d..d55f3c91e1 100644 --- a/Detections/SecurityEvent/RDP_RareConnection.yaml +++ b/Detections/SecurityEvent/RDP_RareConnection.yaml @@ -51,4 +51,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/SecurityEvent/SecurityEventLogCleared.yaml b/Detections/SecurityEvent/SecurityEventLogCleared.yaml index 6582d563b4..89d72f502f 100644 --- a/Detections/SecurityEvent/SecurityEventLogCleared.yaml +++ b/Detections/SecurityEvent/SecurityEventLogCleared.yaml @@ -34,4 +34,5 @@ entityMappings: fieldMappings: - identifier: FullName columnName: HostCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/SecurityEvent/SolorigateNamedPipe.yaml b/Detections/SecurityEvent/SolorigateNamedPipe.yaml index c7f1aa2318..78a46b8f53 100644 --- a/Detections/SecurityEvent/SolorigateNamedPipe.yaml +++ b/Detections/SecurityEvent/SolorigateNamedPipe.yaml @@ -51,3 +51,4 @@ entityMappings: - identifier: FullName columnName: HostCustomEntity version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/SecurityEvent/StartStopHealthService.yaml b/Detections/SecurityEvent/StartStopHealthService.yaml index 02938d73f2..7b7aeca558 100644 --- a/Detections/SecurityEvent/StartStopHealthService.yaml +++ b/Detections/SecurityEvent/StartStopHealthService.yaml @@ -51,4 +51,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/SecurityEvent/TimeSeriesAnomaly-ProcessExecutions.yaml b/Detections/SecurityEvent/TimeSeriesAnomaly-ProcessExecutions.yaml index b637754212..ade56c89da 100644 --- a/Detections/SecurityEvent/TimeSeriesAnomaly-ProcessExecutions.yaml +++ b/Detections/SecurityEvent/TimeSeriesAnomaly-ProcessExecutions.yaml @@ -65,3 +65,4 @@ entityMappings: - identifier: FullName columnName: HostCustomEntity version: 1.0.1 +kind: scheduled \ No newline at end of file diff --git a/Detections/SecurityEvent/UserAccountAdd-Removed.yaml b/Detections/SecurityEvent/UserAccountAdd-Removed.yaml index ad80796428..b97ff00d9c 100644 --- a/Detections/SecurityEvent/UserAccountAdd-Removed.yaml +++ b/Detections/SecurityEvent/UserAccountAdd-Removed.yaml @@ -60,4 +60,5 @@ entityMappings: fieldMappings: - identifier: FullName columnName: HostCustomEntity -version: 1.0.1 \ No newline at end of file +version: 1.0.1 +kind: scheduled \ No newline at end of file diff --git a/Detections/SecurityEvent/UserAccountAddedToPrivlegeGroup_1h.yaml b/Detections/SecurityEvent/UserAccountAddedToPrivlegeGroup_1h.yaml index ccd1ac7e94..16bbcd8566 100644 --- a/Detections/SecurityEvent/UserAccountAddedToPrivlegeGroup_1h.yaml +++ b/Detections/SecurityEvent/UserAccountAddedToPrivlegeGroup_1h.yaml @@ -48,4 +48,5 @@ entityMappings: fieldMappings: - identifier: FullName columnName: HostCustomEntity -version: 1.0.1 \ No newline at end of file +version: 1.0.1 +kind: scheduled \ No newline at end of file diff --git a/Detections/SecurityEvent/UserAccountCreatedDeleted_10m.yaml b/Detections/SecurityEvent/UserAccountCreatedDeleted_10m.yaml index 06512b6e67..0ef5de7f8e 100644 --- a/Detections/SecurityEvent/UserAccountCreatedDeleted_10m.yaml +++ b/Detections/SecurityEvent/UserAccountCreatedDeleted_10m.yaml @@ -58,4 +58,5 @@ entityMappings: fieldMappings: - identifier: FullName columnName: HostCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/SecurityEvent/UserAccountEnabledDisabled_10m.yaml b/Detections/SecurityEvent/UserAccountEnabledDisabled_10m.yaml index f9e26f85f7..bfd2f35dd2 100644 --- a/Detections/SecurityEvent/UserAccountEnabledDisabled_10m.yaml +++ b/Detections/SecurityEvent/UserAccountEnabledDisabled_10m.yaml @@ -59,4 +59,5 @@ entityMappings: fieldMappings: - identifier: FullName columnName: HostCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/SecurityEvent/UserCreatedAddedToBuiltinAdmins_1d.yaml b/Detections/SecurityEvent/UserCreatedAddedToBuiltinAdmins_1d.yaml index 69ec30a814..e4fd9f458d 100644 --- a/Detections/SecurityEvent/UserCreatedAddedToBuiltinAdmins_1d.yaml +++ b/Detections/SecurityEvent/UserCreatedAddedToBuiltinAdmins_1d.yaml @@ -53,4 +53,5 @@ entityMappings: fieldMappings: - identifier: FullName columnName: HostCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/SecurityEvent/base64_encoded_pefile.yaml b/Detections/SecurityEvent/base64_encoded_pefile.yaml index 06d2fc7a31..d361800eaa 100644 --- a/Detections/SecurityEvent/base64_encoded_pefile.yaml +++ b/Detections/SecurityEvent/base64_encoded_pefile.yaml @@ -42,4 +42,5 @@ entityMappings: fieldMappings: - identifier: FullName columnName: HostCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/SecurityEvent/execute_base64_decodedpayload.yaml b/Detections/SecurityEvent/execute_base64_decodedpayload.yaml index 718474e95e..bc06c62cf5 100644 --- a/Detections/SecurityEvent/execute_base64_decodedpayload.yaml +++ b/Detections/SecurityEvent/execute_base64_decodedpayload.yaml @@ -49,4 +49,5 @@ entityMappings: fieldMappings: - identifier: FullName columnName: HostCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/SecurityEvent/gte_6_FailedLogons_10m.yaml b/Detections/SecurityEvent/gte_6_FailedLogons_10m.yaml index 7e2b88e830..509c351620 100644 --- a/Detections/SecurityEvent/gte_6_FailedLogons_10m.yaml +++ b/Detections/SecurityEvent/gte_6_FailedLogons_10m.yaml @@ -66,4 +66,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/SecurityEvent/malware_in_recyclebin.yaml b/Detections/SecurityEvent/malware_in_recyclebin.yaml index 5f740b5886..3db160d747 100644 --- a/Detections/SecurityEvent/malware_in_recyclebin.yaml +++ b/Detections/SecurityEvent/malware_in_recyclebin.yaml @@ -43,4 +43,5 @@ entityMappings: fieldMappings: - identifier: FullName columnName: HostCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/SecurityEvent/password_never_expires.yaml b/Detections/SecurityEvent/password_never_expires.yaml index 09111dc50c..b4faf36e41 100644 --- a/Detections/SecurityEvent/password_never_expires.yaml +++ b/Detections/SecurityEvent/password_never_expires.yaml @@ -45,4 +45,5 @@ entityMappings: fieldMappings: - identifier: FullName columnName: HostCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/SecurityEvent/password_not_set.yaml b/Detections/SecurityEvent/password_not_set.yaml index 505a5ffbbc..b5ad6ac098 100644 --- a/Detections/SecurityEvent/password_not_set.yaml +++ b/Detections/SecurityEvent/password_not_set.yaml @@ -56,4 +56,5 @@ entityMappings: fieldMappings: - identifier: FullName columnName: HostCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/SecurityEvent/powershell_empire.yaml b/Detections/SecurityEvent/powershell_empire.yaml index 406eb0214a..19ab9c443a 100644 --- a/Detections/SecurityEvent/powershell_empire.yaml +++ b/Detections/SecurityEvent/powershell_empire.yaml @@ -52,4 +52,5 @@ entityMappings: fieldMappings: - identifier: FullName columnName: HostCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/SecurityNestedRecommendation/OMIGODVulnerableMachines.yaml b/Detections/SecurityNestedRecommendation/OMIGODVulnerableMachines.yaml index b300a7424f..94d380988a 100644 --- a/Detections/SecurityNestedRecommendation/OMIGODVulnerableMachines.yaml +++ b/Detections/SecurityNestedRecommendation/OMIGODVulnerableMachines.yaml @@ -33,3 +33,4 @@ entityMappings: - identifier: FullName columnName: HostCustomEntity version: 1.0.1 +kind: scheduled \ No newline at end of file diff --git a/Detections/SigninLogs/AnomalousUserAppSigninLocationIncrease-detection.yaml b/Detections/SigninLogs/AnomalousUserAppSigninLocationIncrease-detection.yaml index 58cfed3c8b..1d2b947b0c 100644 --- a/Detections/SigninLogs/AnomalousUserAppSigninLocationIncrease-detection.yaml +++ b/Detections/SigninLogs/AnomalousUserAppSigninLocationIncrease-detection.yaml @@ -78,4 +78,5 @@ entityMappings: fieldMappings: - identifier: FullName columnName: AccountCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/SigninLogs/AzureAADPowerShellAnomaly.yaml b/Detections/SigninLogs/AzureAADPowerShellAnomaly.yaml index a4bf9b6dcb..c1bfd77010 100644 --- a/Detections/SigninLogs/AzureAADPowerShellAnomaly.yaml +++ b/Detections/SigninLogs/AzureAADPowerShellAnomaly.yaml @@ -48,4 +48,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/SigninLogs/Brute Force Attack against GitHub Account.yaml b/Detections/SigninLogs/Brute Force Attack against GitHub Account.yaml index 8f6a613975..6814071d70 100644 --- a/Detections/SigninLogs/Brute Force Attack against GitHub Account.yaml +++ b/Detections/SigninLogs/Brute Force Attack against GitHub Account.yaml @@ -52,4 +52,5 @@ entityMappings: fieldMappings: - identifier: FullName columnName: AccountCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/SigninLogs/BypassCondAccessRule.yaml b/Detections/SigninLogs/BypassCondAccessRule.yaml index ddb9cfab5e..888e7d0672 100644 --- a/Detections/SigninLogs/BypassCondAccessRule.yaml +++ b/Detections/SigninLogs/BypassCondAccessRule.yaml @@ -66,4 +66,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/SigninLogs/DisabledAccountSigninsAcrossManyApplications.yaml b/Detections/SigninLogs/DisabledAccountSigninsAcrossManyApplications.yaml index edf0881926..2e315e8ee4 100644 --- a/Detections/SigninLogs/DisabledAccountSigninsAcrossManyApplications.yaml +++ b/Detections/SigninLogs/DisabledAccountSigninsAcrossManyApplications.yaml @@ -45,4 +45,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/SigninLogs/DistribPassCrackAttempt.yaml b/Detections/SigninLogs/DistribPassCrackAttempt.yaml index 55dcb9a0fd..b51581ffe8 100644 --- a/Detections/SigninLogs/DistribPassCrackAttempt.yaml +++ b/Detections/SigninLogs/DistribPassCrackAttempt.yaml @@ -58,4 +58,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/SigninLogs/ExplicitMFADeny.yaml b/Detections/SigninLogs/ExplicitMFADeny.yaml index 14493ff4a8..4c9030725d 100644 --- a/Detections/SigninLogs/ExplicitMFADeny.yaml +++ b/Detections/SigninLogs/ExplicitMFADeny.yaml @@ -42,4 +42,5 @@ entityMappings: fieldMappings: - identifier: Url columnName: URLCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/SigninLogs/FailedLogonToAzurePortal.yaml b/Detections/SigninLogs/FailedLogonToAzurePortal.yaml index 4d470f43c5..6741db9d74 100644 --- a/Detections/SigninLogs/FailedLogonToAzurePortal.yaml +++ b/Detections/SigninLogs/FailedLogonToAzurePortal.yaml @@ -99,4 +99,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/SigninLogs/Sign-in Burst from Multiple Locations.yaml b/Detections/SigninLogs/Sign-in Burst from Multiple Locations.yaml index 24c077e954..2007deaa29 100644 --- a/Detections/SigninLogs/Sign-in Burst from Multiple Locations.yaml +++ b/Detections/SigninLogs/Sign-in Burst from Multiple Locations.yaml @@ -35,4 +35,5 @@ entityMappings: fieldMappings: - identifier: FullName columnName: AccountCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/SigninLogs/SigninAttemptsByIPviaDisabledAccounts.yaml b/Detections/SigninLogs/SigninAttemptsByIPviaDisabledAccounts.yaml index 39a9442b35..9efa6f34a3 100644 --- a/Detections/SigninLogs/SigninAttemptsByIPviaDisabledAccounts.yaml +++ b/Detections/SigninLogs/SigninAttemptsByIPviaDisabledAccounts.yaml @@ -56,3 +56,4 @@ entityMappings: - identifier: Address columnName: IPCustomEntity version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/SigninLogs/SigninBruteForce-AzurePortal.yaml b/Detections/SigninLogs/SigninBruteForce-AzurePortal.yaml index 9ca9f5a7f1..e0e1139462 100644 --- a/Detections/SigninLogs/SigninBruteForce-AzurePortal.yaml +++ b/Detections/SigninLogs/SigninBruteForce-AzurePortal.yaml @@ -56,4 +56,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/SigninLogs/SigninPasswordSpray.yaml b/Detections/SigninLogs/SigninPasswordSpray.yaml index 8d673640d1..e8b7b1d7a9 100644 --- a/Detections/SigninLogs/SigninPasswordSpray.yaml +++ b/Detections/SigninLogs/SigninPasswordSpray.yaml @@ -85,4 +85,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/SigninLogs/SuccessThenFail_DiffIP_SameUserandApp.yaml b/Detections/SigninLogs/SuccessThenFail_DiffIP_SameUserandApp.yaml index 7035120fc5..7012a59cea 100644 --- a/Detections/SigninLogs/SuccessThenFail_DiffIP_SameUserandApp.yaml +++ b/Detections/SigninLogs/SuccessThenFail_DiffIP_SameUserandApp.yaml @@ -57,3 +57,4 @@ entityMappings: - identifier: Address columnName: FailedIPAddress version: 1.1.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/SophosXGFirewall/ExcessiveAmountofDeniedConnectionsfromASingleSource.yaml b/Detections/SophosXGFirewall/ExcessiveAmountofDeniedConnectionsfromASingleSource.yaml index 79e0d75f3b..18e064cd89 100644 --- a/Detections/SophosXGFirewall/ExcessiveAmountofDeniedConnectionsfromASingleSource.yaml +++ b/Detections/SophosXGFirewall/ExcessiveAmountofDeniedConnectionsfromASingleSource.yaml @@ -28,4 +28,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/SophosXGFirewall/PortScanDetected.yaml b/Detections/SophosXGFirewall/PortScanDetected.yaml index 5fae9bb735..7da15dc727 100644 --- a/Detections/SophosXGFirewall/PortScanDetected.yaml +++ b/Detections/SophosXGFirewall/PortScanDetected.yaml @@ -29,4 +29,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/SymantecProxySG/ExcessiveDeniedProxyTraffic.yaml b/Detections/SymantecProxySG/ExcessiveDeniedProxyTraffic.yaml index c5267a14a7..7fda43717e 100644 --- a/Detections/SymantecProxySG/ExcessiveDeniedProxyTraffic.yaml +++ b/Detections/SymantecProxySG/ExcessiveDeniedProxyTraffic.yaml @@ -32,4 +32,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/SymantecProxySG/UserAccessedSuspiciousURLCategories.yaml b/Detections/SymantecProxySG/UserAccessedSuspiciousURLCategories.yaml index 55de2f8579..94f74fca20 100644 --- a/Detections/SymantecProxySG/UserAccessedSuspiciousURLCategories.yaml +++ b/Detections/SymantecProxySG/UserAccessedSuspiciousURLCategories.yaml @@ -35,4 +35,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/SymantecVIP/ClientDeniedAccess.yaml b/Detections/SymantecVIP/ClientDeniedAccess.yaml index a5892a9198..99f3aea178 100644 --- a/Detections/SymantecVIP/ClientDeniedAccess.yaml +++ b/Detections/SymantecVIP/ClientDeniedAccess.yaml @@ -39,4 +39,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/SymantecVIP/ExcessiveFailedAuthenticationsfromInvalidInputs.yaml b/Detections/SymantecVIP/ExcessiveFailedAuthenticationsfromInvalidInputs.yaml index 99c0ee099b..aa156c8add 100644 --- a/Detections/SymantecVIP/ExcessiveFailedAuthenticationsfromInvalidInputs.yaml +++ b/Detections/SymantecVIP/ExcessiveFailedAuthenticationsfromInvalidInputs.yaml @@ -33,4 +33,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/Syslog/FailedLogonAttempts_UnknownUser.yaml b/Detections/Syslog/FailedLogonAttempts_UnknownUser.yaml index 5b2ccc9a3d..2405885818 100644 --- a/Detections/Syslog/FailedLogonAttempts_UnknownUser.yaml +++ b/Detections/Syslog/FailedLogonAttempts_UnknownUser.yaml @@ -68,4 +68,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/Syslog/squid_cryptomining_pools.yaml b/Detections/Syslog/squid_cryptomining_pools.yaml index 9ab3c12123..563b366670 100644 --- a/Detections/Syslog/squid_cryptomining_pools.yaml +++ b/Detections/Syslog/squid_cryptomining_pools.yaml @@ -57,4 +57,5 @@ entityMappings: fieldMappings: - identifier: Url columnName: URLCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/Syslog/squid_tor_proxies.yaml b/Detections/Syslog/squid_tor_proxies.yaml index ca4dd0371c..8aa749b9d5 100644 --- a/Detections/Syslog/squid_tor_proxies.yaml +++ b/Detections/Syslog/squid_tor_proxies.yaml @@ -52,4 +52,5 @@ entityMappings: fieldMappings: - identifier: Url columnName: URLCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/Syslog/ssh_NewlyInternetExposed.yaml b/Detections/Syslog/ssh_NewlyInternetExposed.yaml index 391496aa56..fbc6f761c4 100644 --- a/Detections/Syslog/ssh_NewlyInternetExposed.yaml +++ b/Detections/Syslog/ssh_NewlyInternetExposed.yaml @@ -63,4 +63,5 @@ entityMappings: fieldMappings: - identifier: FullName columnName: HostCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/Syslog/ssh_potentialBruteForce.yaml b/Detections/Syslog/ssh_potentialBruteForce.yaml index 0cffc32031..997bd178cd 100644 --- a/Detections/Syslog/ssh_potentialBruteForce.yaml +++ b/Detections/Syslog/ssh_potentialBruteForce.yaml @@ -39,4 +39,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/ThreatIntelligenceIndicator/DomainEntity_CommonSecurityLog.yaml b/Detections/ThreatIntelligenceIndicator/DomainEntity_CommonSecurityLog.yaml index c0fe3555e9..8df8b7b248 100644 --- a/Detections/ThreatIntelligenceIndicator/DomainEntity_CommonSecurityLog.yaml +++ b/Detections/ThreatIntelligenceIndicator/DomainEntity_CommonSecurityLog.yaml @@ -71,4 +71,5 @@ entityMappings: fieldMappings: - identifier: Url columnName: URLCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/ThreatIntelligenceIndicator/DomainEntity_DnsEvents.yaml b/Detections/ThreatIntelligenceIndicator/DomainEntity_DnsEvents.yaml index c206f52b2a..06f78a4fcd 100644 --- a/Detections/ThreatIntelligenceIndicator/DomainEntity_DnsEvents.yaml +++ b/Detections/ThreatIntelligenceIndicator/DomainEntity_DnsEvents.yaml @@ -65,4 +65,5 @@ entityMappings: fieldMappings: - identifier: Url columnName: URLCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/ThreatIntelligenceIndicator/DomainEntity_PaloAlto.yaml b/Detections/ThreatIntelligenceIndicator/DomainEntity_PaloAlto.yaml index 56dc64b988..de33043f4f 100644 --- a/Detections/ThreatIntelligenceIndicator/DomainEntity_PaloAlto.yaml +++ b/Detections/ThreatIntelligenceIndicator/DomainEntity_PaloAlto.yaml @@ -76,4 +76,5 @@ entityMappings: fieldMappings: - identifier: Url columnName: URLCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/ThreatIntelligenceIndicator/DomainEntity_SecurityAlert.yaml b/Detections/ThreatIntelligenceIndicator/DomainEntity_SecurityAlert.yaml index d021a3ba6e..11abaae96f 100644 --- a/Detections/ThreatIntelligenceIndicator/DomainEntity_SecurityAlert.yaml +++ b/Detections/ThreatIntelligenceIndicator/DomainEntity_SecurityAlert.yaml @@ -76,4 +76,5 @@ entityMappings: fieldMappings: - identifier: Url columnName: URLCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/ThreatIntelligenceIndicator/DomainEntity_Syslog.yaml b/Detections/ThreatIntelligenceIndicator/DomainEntity_Syslog.yaml index c30af6af14..bb78e9f97b 100644 --- a/Detections/ThreatIntelligenceIndicator/DomainEntity_Syslog.yaml +++ b/Detections/ThreatIntelligenceIndicator/DomainEntity_Syslog.yaml @@ -66,4 +66,5 @@ entityMappings: fieldMappings: - identifier: Url columnName: URLCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/ThreatIntelligenceIndicator/EmailEntity_AzureActivity.yaml b/Detections/ThreatIntelligenceIndicator/EmailEntity_AzureActivity.yaml index 4d069b9cdd..459b6ef1f9 100644 --- a/Detections/ThreatIntelligenceIndicator/EmailEntity_AzureActivity.yaml +++ b/Detections/ThreatIntelligenceIndicator/EmailEntity_AzureActivity.yaml @@ -55,4 +55,5 @@ entityMappings: fieldMappings: - identifier: Url columnName: URLCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/ThreatIntelligenceIndicator/EmailEntity_OfficeActivity.yaml b/Detections/ThreatIntelligenceIndicator/EmailEntity_OfficeActivity.yaml index e853601028..f073316fe5 100644 --- a/Detections/ThreatIntelligenceIndicator/EmailEntity_OfficeActivity.yaml +++ b/Detections/ThreatIntelligenceIndicator/EmailEntity_OfficeActivity.yaml @@ -53,4 +53,5 @@ entityMappings: fieldMappings: - identifier: Url columnName: URLCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/ThreatIntelligenceIndicator/EmailEntity_PaloAlto.yaml b/Detections/ThreatIntelligenceIndicator/EmailEntity_PaloAlto.yaml index 2364df2451..dc5c308a72 100644 --- a/Detections/ThreatIntelligenceIndicator/EmailEntity_PaloAlto.yaml +++ b/Detections/ThreatIntelligenceIndicator/EmailEntity_PaloAlto.yaml @@ -57,4 +57,5 @@ entityMappings: fieldMappings: - identifier: Url columnName: URLCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/ThreatIntelligenceIndicator/EmailEntity_SecurityAlert.yaml b/Detections/ThreatIntelligenceIndicator/EmailEntity_SecurityAlert.yaml index 6c4dc74c61..53991198b8 100644 --- a/Detections/ThreatIntelligenceIndicator/EmailEntity_SecurityAlert.yaml +++ b/Detections/ThreatIntelligenceIndicator/EmailEntity_SecurityAlert.yaml @@ -57,4 +57,5 @@ entityMappings: fieldMappings: - identifier: Url columnName: URLCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/ThreatIntelligenceIndicator/EmailEntity_SecurityEvent.yaml b/Detections/ThreatIntelligenceIndicator/EmailEntity_SecurityEvent.yaml index d8d578777d..de8e5a4f6b 100644 --- a/Detections/ThreatIntelligenceIndicator/EmailEntity_SecurityEvent.yaml +++ b/Detections/ThreatIntelligenceIndicator/EmailEntity_SecurityEvent.yaml @@ -60,4 +60,5 @@ entityMappings: fieldMappings: - identifier: Url columnName: URLCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/ThreatIntelligenceIndicator/EmailEntity_SigninLogs.yaml b/Detections/ThreatIntelligenceIndicator/EmailEntity_SigninLogs.yaml index ee3f3642bd..6fb425ed66 100644 --- a/Detections/ThreatIntelligenceIndicator/EmailEntity_SigninLogs.yaml +++ b/Detections/ThreatIntelligenceIndicator/EmailEntity_SigninLogs.yaml @@ -68,4 +68,5 @@ entityMappings: fieldMappings: - identifier: Url columnName: URLCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/ThreatIntelligenceIndicator/FileHashEntity_CommonSecurityLog.yaml b/Detections/ThreatIntelligenceIndicator/FileHashEntity_CommonSecurityLog.yaml index 79ee41dbce..8de0e0b34c 100644 --- a/Detections/ThreatIntelligenceIndicator/FileHashEntity_CommonSecurityLog.yaml +++ b/Detections/ThreatIntelligenceIndicator/FileHashEntity_CommonSecurityLog.yaml @@ -59,4 +59,5 @@ entityMappings: fieldMappings: - identifier: Url columnName: URLCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/ThreatIntelligenceIndicator/FileHashEntity_Covid19_CommonSecurityLog.yaml b/Detections/ThreatIntelligenceIndicator/FileHashEntity_Covid19_CommonSecurityLog.yaml index e3dba62af7..fa16266def 100644 --- a/Detections/ThreatIntelligenceIndicator/FileHashEntity_Covid19_CommonSecurityLog.yaml +++ b/Detections/ThreatIntelligenceIndicator/FileHashEntity_Covid19_CommonSecurityLog.yaml @@ -47,4 +47,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/ThreatIntelligenceIndicator/FileHashEntity_SecurityEvent.yaml b/Detections/ThreatIntelligenceIndicator/FileHashEntity_SecurityEvent.yaml index d758cfb01d..67590e1d3c 100644 --- a/Detections/ThreatIntelligenceIndicator/FileHashEntity_SecurityEvent.yaml +++ b/Detections/ThreatIntelligenceIndicator/FileHashEntity_SecurityEvent.yaml @@ -52,4 +52,5 @@ entityMappings: fieldMappings: - identifier: Url columnName: URLCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/ThreatIntelligenceIndicator/IPEntity_AWSCloudTrail.yaml b/Detections/ThreatIntelligenceIndicator/IPEntity_AWSCloudTrail.yaml index 646dc2ca59..454010b952 100644 --- a/Detections/ThreatIntelligenceIndicator/IPEntity_AWSCloudTrail.yaml +++ b/Detections/ThreatIntelligenceIndicator/IPEntity_AWSCloudTrail.yaml @@ -58,4 +58,5 @@ entityMappings: fieldMappings: - identifier: Url columnName: URLCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/ThreatIntelligenceIndicator/IPEntity_AppServiceHTTPLogs.yaml b/Detections/ThreatIntelligenceIndicator/IPEntity_AppServiceHTTPLogs.yaml index 53df511de9..493f4a262c 100644 --- a/Detections/ThreatIntelligenceIndicator/IPEntity_AppServiceHTTPLogs.yaml +++ b/Detections/ThreatIntelligenceIndicator/IPEntity_AppServiceHTTPLogs.yaml @@ -58,4 +58,5 @@ entityMappings: fieldMappings: - identifier: Url columnName: URLCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/ThreatIntelligenceIndicator/IPEntity_AzureActivity.yaml b/Detections/ThreatIntelligenceIndicator/IPEntity_AzureActivity.yaml index 5dd6538a40..aef123c2a3 100644 --- a/Detections/ThreatIntelligenceIndicator/IPEntity_AzureActivity.yaml +++ b/Detections/ThreatIntelligenceIndicator/IPEntity_AzureActivity.yaml @@ -57,4 +57,5 @@ entityMappings: fieldMappings: - identifier: Url columnName: URLCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/ThreatIntelligenceIndicator/IPEntity_AzureNetworkAnalytics.yaml b/Detections/ThreatIntelligenceIndicator/IPEntity_AzureNetworkAnalytics.yaml index 55cbb2a9fa..0b63d190d2 100644 --- a/Detections/ThreatIntelligenceIndicator/IPEntity_AzureNetworkAnalytics.yaml +++ b/Detections/ThreatIntelligenceIndicator/IPEntity_AzureNetworkAnalytics.yaml @@ -60,4 +60,5 @@ entityMappings: fieldMappings: - identifier: Url columnName: URLCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/ThreatIntelligenceIndicator/IPEntity_DnsEvents.yaml b/Detections/ThreatIntelligenceIndicator/IPEntity_DnsEvents.yaml index 7f715e3399..792e1a0ef0 100644 --- a/Detections/ThreatIntelligenceIndicator/IPEntity_DnsEvents.yaml +++ b/Detections/ThreatIntelligenceIndicator/IPEntity_DnsEvents.yaml @@ -61,4 +61,5 @@ entityMappings: fieldMappings: - identifier: Url columnName: URLCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/ThreatIntelligenceIndicator/IPEntity_OfficeActivity.yaml b/Detections/ThreatIntelligenceIndicator/IPEntity_OfficeActivity.yaml index b12d099e85..fc9632748c 100644 --- a/Detections/ThreatIntelligenceIndicator/IPEntity_OfficeActivity.yaml +++ b/Detections/ThreatIntelligenceIndicator/IPEntity_OfficeActivity.yaml @@ -57,4 +57,5 @@ entityMappings: fieldMappings: - identifier: Url columnName: URLCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/ThreatIntelligenceIndicator/IPEntity_VMConnection.yaml b/Detections/ThreatIntelligenceIndicator/IPEntity_VMConnection.yaml index 47b0ef4ede..b895a180c7 100644 --- a/Detections/ThreatIntelligenceIndicator/IPEntity_VMConnection.yaml +++ b/Detections/ThreatIntelligenceIndicator/IPEntity_VMConnection.yaml @@ -58,4 +58,5 @@ entityMappings: fieldMappings: - identifier: Url columnName: URLCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/ThreatIntelligenceIndicator/IPEntity_W3CIISLog.yaml b/Detections/ThreatIntelligenceIndicator/IPEntity_W3CIISLog.yaml index df1cdaa65d..8374b111be 100644 --- a/Detections/ThreatIntelligenceIndicator/IPEntity_W3CIISLog.yaml +++ b/Detections/ThreatIntelligenceIndicator/IPEntity_W3CIISLog.yaml @@ -64,4 +64,5 @@ entityMappings: fieldMappings: - identifier: Url columnName: URLCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/ThreatIntelligenceIndicator/IPEntity_WireData.yaml b/Detections/ThreatIntelligenceIndicator/IPEntity_WireData.yaml index 3c0cfb4039..530115d6ff 100644 --- a/Detections/ThreatIntelligenceIndicator/IPEntity_WireData.yaml +++ b/Detections/ThreatIntelligenceIndicator/IPEntity_WireData.yaml @@ -58,4 +58,5 @@ entityMappings: fieldMappings: - identifier: Url columnName: URLCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/ThreatIntelligenceIndicator/IPentity_SigninLogs.yaml b/Detections/ThreatIntelligenceIndicator/IPentity_SigninLogs.yaml index 9f875e8bbc..ce6ff8ff03 100644 --- a/Detections/ThreatIntelligenceIndicator/IPentity_SigninLogs.yaml +++ b/Detections/ThreatIntelligenceIndicator/IPentity_SigninLogs.yaml @@ -68,4 +68,5 @@ entityMappings: fieldMappings: - identifier: Url columnName: URLCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/ThreatIntelligenceIndicator/URLEntity_AuditLogs.yaml b/Detections/ThreatIntelligenceIndicator/URLEntity_AuditLogs.yaml index fec89a1cd7..e05fc5e674 100644 --- a/Detections/ThreatIntelligenceIndicator/URLEntity_AuditLogs.yaml +++ b/Detections/ThreatIntelligenceIndicator/URLEntity_AuditLogs.yaml @@ -56,4 +56,5 @@ entityMappings: fieldMappings: - identifier: Url columnName: URLCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/ThreatIntelligenceIndicator/URLEntity_OfficeActivity.yaml b/Detections/ThreatIntelligenceIndicator/URLEntity_OfficeActivity.yaml index c08427fc11..62548a444f 100644 --- a/Detections/ThreatIntelligenceIndicator/URLEntity_OfficeActivity.yaml +++ b/Detections/ThreatIntelligenceIndicator/URLEntity_OfficeActivity.yaml @@ -51,4 +51,5 @@ entityMappings: fieldMappings: - identifier: Url columnName: URLCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/ThreatIntelligenceIndicator/URLEntity_PaloAlto.yaml b/Detections/ThreatIntelligenceIndicator/URLEntity_PaloAlto.yaml index a236de4dcb..081ccbcadb 100644 --- a/Detections/ThreatIntelligenceIndicator/URLEntity_PaloAlto.yaml +++ b/Detections/ThreatIntelligenceIndicator/URLEntity_PaloAlto.yaml @@ -61,4 +61,5 @@ entityMappings: fieldMappings: - identifier: Url columnName: URLCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/ThreatIntelligenceIndicator/URLEntity_SecurityAlerts.yaml b/Detections/ThreatIntelligenceIndicator/URLEntity_SecurityAlerts.yaml index 8c7872b25c..26f19df3a5 100644 --- a/Detections/ThreatIntelligenceIndicator/URLEntity_SecurityAlerts.yaml +++ b/Detections/ThreatIntelligenceIndicator/URLEntity_SecurityAlerts.yaml @@ -56,4 +56,5 @@ entityMappings: fieldMappings: - identifier: Url columnName: URLCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/ThreatIntelligenceIndicator/URLEntity_Syslog.yaml b/Detections/ThreatIntelligenceIndicator/URLEntity_Syslog.yaml index 85344077c0..a8573b99ee 100644 --- a/Detections/ThreatIntelligenceIndicator/URLEntity_Syslog.yaml +++ b/Detections/ThreatIntelligenceIndicator/URLEntity_Syslog.yaml @@ -53,4 +53,5 @@ entityMappings: fieldMappings: - identifier: Url columnName: URLCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/TrendMicroXDR/Create Incident for XDR Alerts (Critical & High).yaml b/Detections/TrendMicroXDR/Create Incident for XDR Alerts (Critical & High).yaml index 0189dac46c..faba50fc13 100644 --- a/Detections/TrendMicroXDR/Create Incident for XDR Alerts (Critical & High).yaml +++ b/Detections/TrendMicroXDR/Create Incident for XDR Alerts (Critical & High).yaml @@ -33,4 +33,5 @@ entityMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/TrendMicroXDR/Create Incident for XDR Alerts (Medium & Low).yaml b/Detections/TrendMicroXDR/Create Incident for XDR Alerts (Medium & Low).yaml index a863800da1..eaf917844f 100644 --- a/Detections/TrendMicroXDR/Create Incident for XDR Alerts (Medium & Low).yaml +++ b/Detections/TrendMicroXDR/Create Incident for XDR Alerts (Medium & Low).yaml @@ -33,4 +33,5 @@ entityMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/VMwareCarbonBlack/CriticalThreatDetected.yaml b/Detections/VMwareCarbonBlack/CriticalThreatDetected.yaml index bcceba8683..9e19c5206d 100644 --- a/Detections/VMwareCarbonBlack/CriticalThreatDetected.yaml +++ b/Detections/VMwareCarbonBlack/CriticalThreatDetected.yaml @@ -33,4 +33,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/VMwareCarbonBlack/KnownMalwareDetected.yaml b/Detections/VMwareCarbonBlack/KnownMalwareDetected.yaml index de07131452..e46e87b621 100644 --- a/Detections/VMwareCarbonBlack/KnownMalwareDetected.yaml +++ b/Detections/VMwareCarbonBlack/KnownMalwareDetected.yaml @@ -35,4 +35,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/VectraAI/VectraDetect-Account-Critical.yaml b/Detections/VectraAI/VectraDetect-Account-Critical.yaml index f4d9a805b5..d0bc9d3f4b 100644 --- a/Detections/VectraAI/VectraDetect-Account-Critical.yaml +++ b/Detections/VectraAI/VectraDetect-Account-Critical.yaml @@ -48,3 +48,4 @@ entityMappings: - identifier: FullName columnName: upn version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/VectraAI/VectraDetect-Account-High.yaml b/Detections/VectraAI/VectraDetect-Account-High.yaml index 18f67c6bff..adfcf2649b 100644 --- a/Detections/VectraAI/VectraDetect-Account-High.yaml +++ b/Detections/VectraAI/VectraDetect-Account-High.yaml @@ -47,3 +47,4 @@ entityMappings: - identifier: FullName columnName: upn version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/VectraAI/VectraDetect-Account-Low.yaml b/Detections/VectraAI/VectraDetect-Account-Low.yaml index 5ea7a94b7d..4fe83728dc 100644 --- a/Detections/VectraAI/VectraDetect-Account-Low.yaml +++ b/Detections/VectraAI/VectraDetect-Account-Low.yaml @@ -47,3 +47,4 @@ entityMappings: - identifier: FullName columnName: upn version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/VectraAI/VectraDetect-Account-Medium.yaml b/Detections/VectraAI/VectraDetect-Account-Medium.yaml index 5b83ff1f81..1d828a2bc3 100644 --- a/Detections/VectraAI/VectraDetect-Account-Medium.yaml +++ b/Detections/VectraAI/VectraDetect-Account-Medium.yaml @@ -46,3 +46,4 @@ entityMappings: - identifier: FullName columnName: upn version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/VectraAI/VectraDetect-Behavior-BotnetActivity.yaml b/Detections/VectraAI/VectraDetect-Behavior-BotnetActivity.yaml index 01d9d74e49..3d90ce43ea 100644 --- a/Detections/VectraAI/VectraDetect-Behavior-BotnetActivity.yaml +++ b/Detections/VectraAI/VectraDetect-Behavior-BotnetActivity.yaml @@ -38,3 +38,4 @@ entityMappings: - identifier: Address columnName: SourceIP version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/VectraAI/VectraDetect-Behavior-CommandAndControl.yaml b/Detections/VectraAI/VectraDetect-Behavior-CommandAndControl.yaml index 98adeea7b0..9ecb57da07 100644 --- a/Detections/VectraAI/VectraDetect-Behavior-CommandAndControl.yaml +++ b/Detections/VectraAI/VectraDetect-Behavior-CommandAndControl.yaml @@ -38,3 +38,4 @@ entityMappings: - identifier: Address columnName: SourceIP version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/VectraAI/VectraDetect-Behavior-Exfiltration.yaml b/Detections/VectraAI/VectraDetect-Behavior-Exfiltration.yaml index b91267d8d5..06979f79bc 100644 --- a/Detections/VectraAI/VectraDetect-Behavior-Exfiltration.yaml +++ b/Detections/VectraAI/VectraDetect-Behavior-Exfiltration.yaml @@ -38,3 +38,4 @@ entityMappings: - identifier: Address columnName: SourceIP version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/VectraAI/VectraDetect-Behavior-Insights.yaml b/Detections/VectraAI/VectraDetect-Behavior-Insights.yaml index f4b26dcc7b..047606d39a 100644 --- a/Detections/VectraAI/VectraDetect-Behavior-Insights.yaml +++ b/Detections/VectraAI/VectraDetect-Behavior-Insights.yaml @@ -38,3 +38,4 @@ entityMappings: - identifier: Address columnName: SourceIP version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/VectraAI/VectraDetect-Behavior-LateralMovement.yaml b/Detections/VectraAI/VectraDetect-Behavior-LateralMovement.yaml index 92a7537fbb..793a8be794 100644 --- a/Detections/VectraAI/VectraDetect-Behavior-LateralMovement.yaml +++ b/Detections/VectraAI/VectraDetect-Behavior-LateralMovement.yaml @@ -38,3 +38,4 @@ entityMappings: - identifier: Address columnName: SourceIP version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/VectraAI/VectraDetect-Behavior-Reconnaissance.yaml b/Detections/VectraAI/VectraDetect-Behavior-Reconnaissance.yaml index 5cc354066d..6d723109be 100644 --- a/Detections/VectraAI/VectraDetect-Behavior-Reconnaissance.yaml +++ b/Detections/VectraAI/VectraDetect-Behavior-Reconnaissance.yaml @@ -38,3 +38,4 @@ entityMappings: - identifier: Address columnName: SourceIP version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/VectraAI/VectraDetect-HighSeverityDetection-BotnetActivity.yaml b/Detections/VectraAI/VectraDetect-HighSeverityDetection-BotnetActivity.yaml index f51089fe17..a7a7cda052 100644 --- a/Detections/VectraAI/VectraDetect-HighSeverityDetection-BotnetActivity.yaml +++ b/Detections/VectraAI/VectraDetect-HighSeverityDetection-BotnetActivity.yaml @@ -38,3 +38,4 @@ entityMappings: - identifier: HostName columnName: SourceHostName version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/VectraAI/VectraDetect-HighSeverityDetection-CommandAndControl.yaml b/Detections/VectraAI/VectraDetect-HighSeverityDetection-CommandAndControl.yaml index 277a9b461d..c9a3c1f245 100644 --- a/Detections/VectraAI/VectraDetect-HighSeverityDetection-CommandAndControl.yaml +++ b/Detections/VectraAI/VectraDetect-HighSeverityDetection-CommandAndControl.yaml @@ -38,3 +38,4 @@ entityMappings: - identifier: HostName columnName: SourceHostName version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/VectraAI/VectraDetect-HighSeverityDetection-Exfiltration.yaml b/Detections/VectraAI/VectraDetect-HighSeverityDetection-Exfiltration.yaml index f868dec54b..b0a3396e9d 100644 --- a/Detections/VectraAI/VectraDetect-HighSeverityDetection-Exfiltration.yaml +++ b/Detections/VectraAI/VectraDetect-HighSeverityDetection-Exfiltration.yaml @@ -37,4 +37,5 @@ entityMappings: fieldMappings: - identifier: HostName columnName: SourceHostName -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/VectraAI/VectraDetect-HighSeverityDetection-LateralMovement.yaml b/Detections/VectraAI/VectraDetect-HighSeverityDetection-LateralMovement.yaml index 314b54fb7b..acd20b6ad6 100644 --- a/Detections/VectraAI/VectraDetect-HighSeverityDetection-LateralMovement.yaml +++ b/Detections/VectraAI/VectraDetect-HighSeverityDetection-LateralMovement.yaml @@ -38,3 +38,4 @@ entityMappings: - identifier: HostName columnName: SourceHostName version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/VectraAI/VectraDetect-HighSeverityDetection-Reconnaissance.yaml b/Detections/VectraAI/VectraDetect-HighSeverityDetection-Reconnaissance.yaml index b80f5b60e7..7452388d71 100644 --- a/Detections/VectraAI/VectraDetect-HighSeverityDetection-Reconnaissance.yaml +++ b/Detections/VectraAI/VectraDetect-HighSeverityDetection-Reconnaissance.yaml @@ -37,4 +37,5 @@ entityMappings: fieldMappings: - identifier: HostName columnName: SourceHostName -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/VectraAI/VectraDetect-Host-Critical.yaml b/Detections/VectraAI/VectraDetect-Host-Critical.yaml index e638f3a25d..a58da94d07 100644 --- a/Detections/VectraAI/VectraDetect-Host-Critical.yaml +++ b/Detections/VectraAI/VectraDetect-Host-Critical.yaml @@ -48,3 +48,4 @@ entityMappings: - identifier: Address columnName: SourceIP version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/VectraAI/VectraDetect-Host-High.yaml b/Detections/VectraAI/VectraDetect-Host-High.yaml index 931511ee38..0469a939c4 100644 --- a/Detections/VectraAI/VectraDetect-Host-High.yaml +++ b/Detections/VectraAI/VectraDetect-Host-High.yaml @@ -47,3 +47,4 @@ entityMappings: - identifier: Address columnName: SourceIP version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/VectraAI/VectraDetect-Host-Low.yaml b/Detections/VectraAI/VectraDetect-Host-Low.yaml index 09cbb67722..9eed30f87c 100644 --- a/Detections/VectraAI/VectraDetect-Host-Low.yaml +++ b/Detections/VectraAI/VectraDetect-Host-Low.yaml @@ -47,3 +47,4 @@ entityMappings: - identifier: Address columnName: SourceIP version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/VectraAI/VectraDetect-Host-Medium.yaml b/Detections/VectraAI/VectraDetect-Host-Medium.yaml index 4273da6315..0891af0b84 100644 --- a/Detections/VectraAI/VectraDetect-Host-Medium.yaml +++ b/Detections/VectraAI/VectraDetect-Host-Medium.yaml @@ -47,3 +47,4 @@ entityMappings: - identifier: Address columnName: SourceIP version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/VectraAI/VectraDetect-NewCampaign.yaml b/Detections/VectraAI/VectraDetect-NewCampaign.yaml index 5185741ac7..bc12070c03 100644 --- a/Detections/VectraAI/VectraDetect-NewCampaign.yaml +++ b/Detections/VectraAI/VectraDetect-NewCampaign.yaml @@ -30,3 +30,4 @@ entityMappings: - identifier: HostName columnName: SourceHostName version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/W3CIISLog/AnomomlousUserAgentConnection.yaml b/Detections/W3CIISLog/AnomomlousUserAgentConnection.yaml index ee52af9558..c69a5772f5 100644 --- a/Detections/W3CIISLog/AnomomlousUserAgentConnection.yaml +++ b/Detections/W3CIISLog/AnomomlousUserAgentConnection.yaml @@ -41,4 +41,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/W3CIISLog/HAFNIUMSuspiciousExchangeRequestPattern.yaml b/Detections/W3CIISLog/HAFNIUMSuspiciousExchangeRequestPattern.yaml index 4a57fe0228..46b0d7b9b6 100644 --- a/Detections/W3CIISLog/HAFNIUMSuspiciousExchangeRequestPattern.yaml +++ b/Detections/W3CIISLog/HAFNIUMSuspiciousExchangeRequestPattern.yaml @@ -42,4 +42,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/W3CIISLog/HighFailedLogonCountByClientIP.yaml b/Detections/W3CIISLog/HighFailedLogonCountByClientIP.yaml index 830fa0540d..96acbf6991 100644 --- a/Detections/W3CIISLog/HighFailedLogonCountByClientIP.yaml +++ b/Detections/W3CIISLog/HighFailedLogonCountByClientIP.yaml @@ -77,4 +77,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/W3CIISLog/HighFailedLogonCountByUser.yaml b/Detections/W3CIISLog/HighFailedLogonCountByUser.yaml index c97ab0100b..c94e30b356 100644 --- a/Detections/W3CIISLog/HighFailedLogonCountByUser.yaml +++ b/Detections/W3CIISLog/HighFailedLogonCountByUser.yaml @@ -77,4 +77,5 @@ entityMappings: fieldMappings: - identifier: FullName columnName: HostCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/W3CIISLog/HighPortCountByClientIP.yaml b/Detections/W3CIISLog/HighPortCountByClientIP.yaml index 153ed6196c..efe0ca04f6 100644 --- a/Detections/W3CIISLog/HighPortCountByClientIP.yaml +++ b/Detections/W3CIISLog/HighPortCountByClientIP.yaml @@ -69,4 +69,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/W3CIISLog/MaliciousAlertLinkedWebRequests.yaml b/Detections/W3CIISLog/MaliciousAlertLinkedWebRequests.yaml index 126283e5ae..c1f43a1a06 100644 --- a/Detections/W3CIISLog/MaliciousAlertLinkedWebRequests.yaml +++ b/Detections/W3CIISLog/MaliciousAlertLinkedWebRequests.yaml @@ -71,4 +71,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/W3CIISLog/ProxyShellPwn2Own.yaml b/Detections/W3CIISLog/ProxyShellPwn2Own.yaml index c226611eba..9ade4c9db1 100644 --- a/Detections/W3CIISLog/ProxyShellPwn2Own.yaml +++ b/Detections/W3CIISLog/ProxyShellPwn2Own.yaml @@ -48,4 +48,5 @@ entityMappings: fieldMappings: - identifier: ResourceId columnName: ResourceCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/W3CIISLog/Supernovawebshell.yaml b/Detections/W3CIISLog/Supernovawebshell.yaml index 988188df68..cbbd8222ef 100644 --- a/Detections/W3CIISLog/Supernovawebshell.yaml +++ b/Detections/W3CIISLog/Supernovawebshell.yaml @@ -40,4 +40,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/ZoomLogs/E2EEDisbaled.yaml b/Detections/ZoomLogs/E2EEDisbaled.yaml index cf94c2c55f..4ebd2c156d 100644 --- a/Detections/ZoomLogs/E2EEDisbaled.yaml +++ b/Detections/ZoomLogs/E2EEDisbaled.yaml @@ -26,4 +26,5 @@ entityMappings: fieldMappings: - identifier: FullName columnName: AccountCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/ZoomLogs/ExternalUserAccess.yaml b/Detections/ZoomLogs/ExternalUserAccess.yaml index 53d8154a6d..2eca3bfd6c 100644 --- a/Detections/ZoomLogs/ExternalUserAccess.yaml +++ b/Detections/ZoomLogs/ExternalUserAccess.yaml @@ -34,4 +34,5 @@ entityMappings: fieldMappings: - identifier: FullName columnName: AccountCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/ZoomLogs/JoiningMeetingFromAnotherTimeZone.yaml b/Detections/ZoomLogs/JoiningMeetingFromAnotherTimeZone.yaml index 78e86b132b..3350584213 100644 --- a/Detections/ZoomLogs/JoiningMeetingFromAnotherTimeZone.yaml +++ b/Detections/ZoomLogs/JoiningMeetingFromAnotherTimeZone.yaml @@ -41,4 +41,5 @@ entityMappings: fieldMappings: - identifier: FullName columnName: AccountCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/ZoomLogs/SupiciousLinkSharing.yaml b/Detections/ZoomLogs/SupiciousLinkSharing.yaml index b684e33584..d8f2da84ea 100644 --- a/Detections/ZoomLogs/SupiciousLinkSharing.yaml +++ b/Detections/ZoomLogs/SupiciousLinkSharing.yaml @@ -31,4 +31,5 @@ entityMappings: fieldMappings: - identifier: FullName columnName: AccountCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file diff --git a/Detections/http_proxy_oab_CL/HAFNIUMSuspiciousFileDownloads.yaml b/Detections/http_proxy_oab_CL/HAFNIUMSuspiciousFileDownloads.yaml index 972e4e67d8..d03a4879d7 100644 --- a/Detections/http_proxy_oab_CL/HAFNIUMSuspiciousFileDownloads.yaml +++ b/Detections/http_proxy_oab_CL/HAFNIUMSuspiciousFileDownloads.yaml @@ -29,4 +29,5 @@ entityMappings: fieldMappings: - identifier: FullName columnName: HostCustomEntity -version: 1.0.0 \ No newline at end of file +version: 1.0.0 +kind: scheduled \ No newline at end of file