Merge pull request #1245 from ehudk-msft/patch-2
Update Threat Intel Matches to GitHub Audit Logs.yaml
This commit is contained in:
Коммит
2f1f38dc6c
|
@ -32,7 +32,7 @@ query: |
|
|||
| where TimeGenerated >= ago(24h)
|
||||
| extend GitHubAudit_TimeGenerated = TimeGenerated
|
||||
)
|
||||
on on $left.TI_ipEntity == $right.IPaddress
|
||||
on $left.TI_ipEntity == $right.IPaddress
|
||||
| summarize LatestIndicatorTime = arg_max(TimeGenerated, *) by IndicatorId
|
||||
| project LatestIndicatorTime, Description, ActivityGroupNames, IndicatorId, ThreatType, Url, ExpirationDateTime, ConfidenceScore, GitHubAudit_TimeGenerated, TI_ipEntity, IPaddress, Actor, Action, Country, OperationType, NetworkIP, NetworkDestinationIP, NetworkSourceIP, EmailSourceIpAddress
|
||||
| extend timestamp = GitHubAudit_TimeGenerated, IPCustomEntity = IPaddress, AccountCustomEntity = Actor
|
||||
|
|
Загрузка…
Ссылка в новой задаче