Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Update ASimTester.csv

This commit is contained in:
Ofer Shezaf 2022-05-24 18:45:03 +03:00 коммит произвёл GitHub
Родитель 1d76b656ec
Коммит 4bed20ece3
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 4AEE18F83AFDEB23
1 изменённых файлов: 14 добавлений и 14 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

28
ASIM/dev/ASimTester/ASimTester.csv
Просмотреть файл

@ -16,9 +16,9 @@ EventOriginalSeverity,string,Optional,NetworkSession,,,
EventOriginalUid,string,Optional,NetworkSession,,,
EventOriginalType,string,Optional,NetworkSession,,,
EventOriginalSubType,string,Optional,NetworkSession,,,
EventProduct,string,Mandatory,NetworkSession,Enumerated,Vectra Stream|NSGFlow|Fireware|VPC|Azure Defender for IoT|Azure Firewall|M365 Defender for Endpoint|Sysmon|Sysmon for Linux|Windows Firewall|WireData|ZIA Firewall|CDL|PanOS|VMConnection|Meraki MX,
EventProduct,string,Mandatory,NetworkSession,Enumerated,SDP|Vectra Stream|NSGFlow|Fireware|VPC|Azure Defender for IoT|Azure Firewall|M365 Defender for Endpoint|Sysmon|Sysmon for Linux|Windows Firewall|WireData|ZIA Firewall|CDL|PanOS|VMConnection|Meraki MX,
EventProductVersion,string,Optional,NetworkSession,,,
EventVendor,string,Mandatory,NetworkSession,Enumerated,Palo Alto|Microsoft|Zscaler|AWS|Vectra AI|WatchGuard|Cisco,
EventVendor,string,Mandatory,NetworkSession,Enumerated,AppGate|Palo Alto|Microsoft|Zscaler|AWS|Vectra AI|WatchGuard|Cisco,
EventSchema,string,Mandatory,NetworkSession,Enumerated,NetworkSession,
EventSchemaVersion,string,Mandatory,NetworkSession,SchemaVersion,,
EventReportUrl,string,Optional,NetworkSession,URL,,
@ -29,7 +29,7 @@ DvcDomain,string,Recommended,NetworkSession,Domain,,
DvcDomainType,string,Conditional,NetworkSession,Enumerated,Windows|FQDN|ResourceGroup,DvcDomain
DvcFQDN,string,Optional,NetworkSession,FQDN,,
DvcId,string,Optional,NetworkSession,,,
DvcIdType,string,Conditional,NetworkSession,Enumerated,AzureResourceId|MDEid|MD4IoTid|VMConnectionId|AwsVpcId|VectraId|Other,DvcId
DvcIdType,string,Conditional,NetworkSession,Enumerated,AzureResourceId|MDEid|MD4IoTid|VMConnectionId|AwsVpcId|VectraId|AppGateId|Other,DvcId
DvcMacAddr,string,Optional,NetworkSession,MAC address,,
DvcZone,string,Optional,NetworkSession,,,
DvcDescription,string,Optional,NetworkSession,,,
@ -45,7 +45,7 @@ DstDomain,string,Recommended,NetworkSession,Domain,,
DstDomainType,string,Conditional,NetworkSession,Enumerated,Windows|FQDN|ResourceGroup,DstDomain
DstFQDN,string,Optional,NetworkSession,FQDN,,
DstDvcId,string,Optional,NetworkSession,,,
DstDvcIdType,string,Conditional,NetworkSession,Enumerated,AzureResourceId|MDEid|MD4IoTid|VMConnectionId|AwsVpcId|VectraId|Other,DstDvcId
DstDvcIdType,string,Conditional,NetworkSession,Enumerated,AzureResourceId|MDEid|MD4IoTid|VMConnectionId|AwsVpcId|VectraId|AppGateId|Other,DstDvcId
DstDeviceType,string,Optional,NetworkSession,Enumerated,Computer|Mobile Device|IOT Device|Other,
DstUserId,string,Optional,NetworkSession,,,
DstUserIdType,string,Conditional,NetworkSession,Enumerated,SID|UID|AADID|OktaId|AWSId,DstUserId
@ -74,7 +74,7 @@ SrcDomain,string,Recommended,NetworkSession,Domain,,
SrcDomainType,string,Conditional,NetworkSession,Enumerated,Windows|FQDN|ResourceGroup,SrcDomain
SrcFQDN,string,Optional,NetworkSession,FQDN,,
SrcDvcId,string,Optional,NetworkSession,,,
SrcDvcIdType,string,Conditional,NetworkSession,Enumerated,AzureResourceId|MDEid|MD4IoTid|VMConnectionId|AwsVpcId|VectraId|Other,SrcDvcId
SrcDvcIdType,string,Conditional,NetworkSession,Enumerated,AzureResourceId|MDEid|MD4IoTid|VMConnectionId|AwsVpcId|VectraId|AppGateId|Other,SrcDvcId
SrcDeviceType,string,Optional,NetworkSession,Enumerated,Computer|Mobile Device|IOT Device|Other,
SrcUserId,string,Optional,NetworkSession,,,
SrcUserIdType,string,Conditional,NetworkSession,Enumerated,SID|UID|AADID|OktaId|AWSId,SrcUserId
@ -160,7 +160,7 @@ DstDeviceType,string,Optional,Dns,Enumerated,Computer|Mobile Device|IOT Device|O
DstDomain,string,Optional,Dns,Domain,,
DstDomainType,string,Conditional,Dns,Enumerated,Windows|FQDN|ResourceGroup,DstDomain
DstDvcId,string,Optional,Dns,,,
DstDvcIdType,string,Conditional,Dns,Enumerated,AzureResourceId|MDEid|MD4IoTid|VMConnectionId|AwsVpcId|VectraId|Other,DstDvcId
DstDvcIdType,string,Conditional,Dns,Enumerated,AzureResourceId|MDEid|MD4IoTid|VMConnectionId|AwsVpcId|VectraId|AppGateId|Other,DstDvcId
DstFQDN,string,Optional,Dns,FQDN,,
DstGeoCity,string,Optional,Dns,City,,
DstGeoCountry,string,Optional,Dns,Country,,
@ -214,7 +214,7 @@ SrcDeviceType,string,Optional,Dns,Enumerated,Computer|Mobile Device|IOT Device|O
SrcDomain,string,Recommended,Dns,Domain,,
SrcDomainType,string,Conditional,Dns,Enumerated,Windows|FQDN|ResourceGroup,SrcDomain
SrcDvcId,string,Optional,Dns,,,
SrcDvcIdType,string,Conditional,Dns,Enumerated,AzureResourceId|MDEid|MD4IoTid|VMConnectionId|AwsVpcId|VectraId|Other,SrcDvcId
SrcDvcIdType,string,Conditional,Dns,Enumerated,AzureResourceId|MDEid|MD4IoTid|VMConnectionId|AwsVpcId|VectraId|AppGateId|Other,SrcDvcId
SrcFQDN,string,Optional,Dns,FQDN,,
SrcGeoCity,string,Optional,Dns,City,,
SrcGeoCountry,string,Optional,Dns,Country,,
@ -272,7 +272,7 @@ DvcDomain,string,Recommended,WebSession,Domain,,
DvcDomainType,string,Conditional,WebSession,Enumerated,Windows|FQDN|ResourceGroup,DvcDomain
DvcFQDN,string,Optional,WebSession,FQDN,,
DvcId,string,Optional,WebSession,,,
DvcIdType,string,Conditional,WebSession,Enumerated,AzureResourceId|MDEid|MD4IoTid|VMConnectionId|AwsVpcId|VectraId|Other,DvcId
DvcIdType,string,Conditional,WebSession,Enumerated,AzureResourceId|MDEid|MD4IoTid|VMConnectionId|AwsVpcId|VectraId|AppGateId|Other,DvcId
DvcMacAddr,string,Optional,WebSession,MAC address,,
DvcZone,string,Optional,WebSession,,,
DvcDescription,string,Optional,WebSession,,,
@ -287,7 +287,7 @@ DstDomain,string,Optional,WebSession,Domain,,
DstDomainType,string,Conditional,WebSession,Enumerated,Windows|FQDN|ResourceGroup,DstDomain
DstFQDN,string,Optional,WebSession,FQDN,,
DstDvcId,string,Optional,WebSession,,,
DstDvcIdType,string,Conditional,WebSession,Enumerated,AzureResourceId|MDEid|MD4IoTid|VMConnectionId|AwsVpcId|VectraId|Other,DstDvcId
DstDvcIdType,string,Conditional,WebSession,Enumerated,AzureResourceId|MDEid|MD4IoTid|VMConnectionId|AwsVpcId|VectraId|AppGateId|Other,DstDvcId
DstDeviceType,string,Optional,WebSession,Enumerated,Computer|Mobile Device|IOT Device|Other,
DstUserId,string,Optional,WebSession,,,
DstUserIdType,string,Conditional,WebSession,Enumerated,SID|UIS|AADID|OktaId|AWSId,DstUserId
@ -316,7 +316,7 @@ SrcDomain,string,Recommended,WebSession,Domain,,
SrcDomainType,string,Conditional,WebSession,Enumerated,Windows|FQDN|ResourceGroup,SrcDomain
SrcFQDN,string,Optional,WebSession,FQDN,,
SrcDvcId,string,Optional,WebSession,,,
SrcDvcIdType,string,Conditional,WebSession,Enumerated,AzureResourceId|MDEid|MD4IoTid|VMConnectionId|AwsVpcId|VectraId|Other,SrcDvcId
SrcDvcIdType,string,Conditional,WebSession,Enumerated,AzureResourceId|MDEid|MD4IoTid|VMConnectionId|AwsVpcId|VectraId|AppGateId|Other,SrcDvcId
SrcDeviceType,string,Optional,WebSession,Enumerated,Computer|Mobile Device|IOT Device|Other,
SrcUserId,string,Optional,WebSession,,,
SrcUserIdType,string,Conditional,WebSession,Enumerated,SID|UIS|AADID|OktaId|AWSId|MD4IoTid,SrcUserId
@ -419,7 +419,7 @@ DvcDomainType,string,Recommended,Authentication,Enumerated,Windows|FQDN|Resource
DvcFQDN,string,Optional,Authentication,FQDN,,
DvcHostname,string,Recommended,Authentication,Hostname,,
DvcId,string,Optional,Authentication,,,
DvcIdType,string,Optional,Authentication,Enumerated,AzureResourceId|MDEid|MD4IoTid|VMConnectionId|AwsVpcId|VectraId|Other,
DvcIdType,string,Optional,Authentication,Enumerated,AzureResourceId|MDEid|MD4IoTid|VMConnectionId|AwsVpcId|VectraId|AppGateId|Other,
DvcInterface,string,Optional,Authentication,,,
DvcIpAddr,string,Recommended,Authentication,IP Address,,
DvcMacAddr,string,Optional,Authentication,MAC address,,
@ -455,7 +455,7 @@ LogonTarget,string,Optional,Authentication,,,
SrcDomain,string,Optional,Authentication,Domain,,
SrcDomainType,string,Conditional,Authentication,Enumerated,Windows|FQDN|ResourceGroup,SrcDomain
SrcDvcId,string,Optional,Authentication,,,
SrcDvcIdType,string,Conditional,Authentication,Enumerated,AzureResourceId|MDEid|MD4IoTid|VMConnectionId|AwsVpcId|VectraId|Other,SrcDvcId
SrcDvcIdType,string,Conditional,Authentication,Enumerated,AzureResourceId|MDEid|MD4IoTid|VMConnectionId|AwsVpcId|VectraId|AppGateId|Other,SrcDvcId
SrcDvcOs,string,Optional,Authentication,,,
SrcDvcType,string,Optional,Authentication,Enumerated,Computer|Mobile Device|IOT Device|Other,
SrcFQDN,string,Optional,Authentication,FQDN,,
@ -473,7 +473,7 @@ TargetAppType,string,Optional,Authentication,Enumerated,Process|Service|Resource
TargetDomain,string,Recommended,Authentication,,,
TargetDomainType,string,Conditional,Authentication,Enumerated,Windows|FQDN|ResourceGroup,TargetDomain
TargetDvcId,string,Optional,Authentication,,,
TargetDvcIdType,string,Conditional,Authentication,Enumerated,AzureResourceId|MDEid|MD4IoTid|VMConnectionId|AwsVpcId|VectraId|Other,TargetDvcId
TargetDvcIdType,string,Conditional,Authentication,Enumerated,AzureResourceId|MDEid|MD4IoTid|VMConnectionId|AwsVpcId|VectraId|AppGateId|Other,TargetDvcId
TargetDvcOs,string,Optional,Authentication,,,
TargetDvcType,string,Optional,Authentication,Enumerated,Computer|Mobile Device|IOT Device|Other,
TargetFQDN,string,Optional,Authentication,FQDN,,
@ -600,7 +600,7 @@ DvcFQDN,string,Optional,ProcessEvent,FQDN,,
DvcHostname,string,Recommended,ProcessEvent,Hostname,,
DvcHostname,string,Recommended,ProcessEvent,Hostname,,
DvcId,string,Optional,ProcessEvent,,,
DvcIdType,string,Optional,ProcessEvent,Enumerated,AzureResourceId|MDEid|MD4IoTid|VMConnectionId|AwsVpcId|VectraId|Other,
DvcIdType,string,Optional,ProcessEvent,Enumerated,AzureResourceId|MDEid|MD4IoTid|VMConnectionId|AwsVpcId|VectraId|AppGateId|Other,
DvcInterface,string,Optional,ProcessEvent,,,
DvcIpAddr,string,Recommended,ProcessEvent,IP Address,,
DvcMacAddr,string,Optional,ProcessEvent,MAC address,,

1 ColumnName ColumnType Class Schema LogicalType ListOfValues Aliased
16 EventOriginalUid string Optional NetworkSession
17 EventOriginalType string Optional NetworkSession
18 EventOriginalSubType string Optional NetworkSession
19 EventProduct string Mandatory NetworkSession Enumerated Vectra Stream|NSGFlow|Fireware|VPC|Azure Defender for IoT|Azure Firewall|M365 Defender for Endpoint|Sysmon|Sysmon for Linux|Windows Firewall|WireData|ZIA Firewall|CDL|PanOS|VMConnection|Meraki MX SDP|Vectra Stream|NSGFlow|Fireware|VPC|Azure Defender for IoT|Azure Firewall|M365 Defender for Endpoint|Sysmon|Sysmon for Linux|Windows Firewall|WireData|ZIA Firewall|CDL|PanOS|VMConnection|Meraki MX
20 EventProductVersion string Optional NetworkSession
21 EventVendor string Mandatory NetworkSession Enumerated Palo Alto|Microsoft|Zscaler|AWS|Vectra AI|WatchGuard|Cisco AppGate|Palo Alto|Microsoft|Zscaler|AWS|Vectra AI|WatchGuard|Cisco
22 EventSchema string Mandatory NetworkSession Enumerated NetworkSession
23 EventSchemaVersion string Mandatory NetworkSession SchemaVersion
24 EventReportUrl string Optional NetworkSession URL
29 DvcDomainType string Conditional NetworkSession Enumerated Windows|FQDN|ResourceGroup DvcDomain
30 DvcFQDN string Optional NetworkSession FQDN
31 DvcId string Optional NetworkSession
32 DvcIdType string Conditional NetworkSession Enumerated AzureResourceId|MDEid|MD4IoTid|VMConnectionId|AwsVpcId|VectraId|Other AzureResourceId|MDEid|MD4IoTid|VMConnectionId|AwsVpcId|VectraId|AppGateId|Other DvcId
33 DvcMacAddr string Optional NetworkSession MAC address
34 DvcZone string Optional NetworkSession
35 DvcDescription string Optional NetworkSession
45 DstDomainType string Conditional NetworkSession Enumerated Windows|FQDN|ResourceGroup DstDomain
46 DstFQDN string Optional NetworkSession FQDN
47 DstDvcId string Optional NetworkSession
48 DstDvcIdType string Conditional NetworkSession Enumerated AzureResourceId|MDEid|MD4IoTid|VMConnectionId|AwsVpcId|VectraId|Other AzureResourceId|MDEid|MD4IoTid|VMConnectionId|AwsVpcId|VectraId|AppGateId|Other DstDvcId
49 DstDeviceType string Optional NetworkSession Enumerated Computer|Mobile Device|IOT Device|Other
50 DstUserId string Optional NetworkSession
51 DstUserIdType string Conditional NetworkSession Enumerated SID|UID|AADID|OktaId|AWSId DstUserId
74 SrcDomainType string Conditional NetworkSession Enumerated Windows|FQDN|ResourceGroup SrcDomain
75 SrcFQDN string Optional NetworkSession FQDN
76 SrcDvcId string Optional NetworkSession
77 SrcDvcIdType string Conditional NetworkSession Enumerated AzureResourceId|MDEid|MD4IoTid|VMConnectionId|AwsVpcId|VectraId|Other AzureResourceId|MDEid|MD4IoTid|VMConnectionId|AwsVpcId|VectraId|AppGateId|Other SrcDvcId
78 SrcDeviceType string Optional NetworkSession Enumerated Computer|Mobile Device|IOT Device|Other
79 SrcUserId string Optional NetworkSession
80 SrcUserIdType string Conditional NetworkSession Enumerated SID|UID|AADID|OktaId|AWSId SrcUserId
160 DstDomain string Optional Dns Domain
161 DstDomainType string Conditional Dns Enumerated Windows|FQDN|ResourceGroup DstDomain
162 DstDvcId string Optional Dns
163 DstDvcIdType string Conditional Dns Enumerated AzureResourceId|MDEid|MD4IoTid|VMConnectionId|AwsVpcId|VectraId|Other AzureResourceId|MDEid|MD4IoTid|VMConnectionId|AwsVpcId|VectraId|AppGateId|Other DstDvcId
164 DstFQDN string Optional Dns FQDN
165 DstGeoCity string Optional Dns City
166 DstGeoCountry string Optional Dns Country
214 SrcDomain string Recommended Dns Domain
215 SrcDomainType string Conditional Dns Enumerated Windows|FQDN|ResourceGroup SrcDomain
216 SrcDvcId string Optional Dns
217 SrcDvcIdType string Conditional Dns Enumerated AzureResourceId|MDEid|MD4IoTid|VMConnectionId|AwsVpcId|VectraId|Other AzureResourceId|MDEid|MD4IoTid|VMConnectionId|AwsVpcId|VectraId|AppGateId|Other SrcDvcId
218 SrcFQDN string Optional Dns FQDN
219 SrcGeoCity string Optional Dns City
220 SrcGeoCountry string Optional Dns Country
272 DvcDomainType string Conditional WebSession Enumerated Windows|FQDN|ResourceGroup DvcDomain
273 DvcFQDN string Optional WebSession FQDN
274 DvcId string Optional WebSession
275 DvcIdType string Conditional WebSession Enumerated AzureResourceId|MDEid|MD4IoTid|VMConnectionId|AwsVpcId|VectraId|Other AzureResourceId|MDEid|MD4IoTid|VMConnectionId|AwsVpcId|VectraId|AppGateId|Other DvcId
276 DvcMacAddr string Optional WebSession MAC address
277 DvcZone string Optional WebSession
278 DvcDescription string Optional WebSession
287 DstDomainType string Conditional WebSession Enumerated Windows|FQDN|ResourceGroup DstDomain
288 DstFQDN string Optional WebSession FQDN
289 DstDvcId string Optional WebSession
290 DstDvcIdType string Conditional WebSession Enumerated AzureResourceId|MDEid|MD4IoTid|VMConnectionId|AwsVpcId|VectraId|Other AzureResourceId|MDEid|MD4IoTid|VMConnectionId|AwsVpcId|VectraId|AppGateId|Other DstDvcId
291 DstDeviceType string Optional WebSession Enumerated Computer|Mobile Device|IOT Device|Other
292 DstUserId string Optional WebSession
293 DstUserIdType string Conditional WebSession Enumerated SID|UIS|AADID|OktaId|AWSId DstUserId
316 SrcDomainType string Conditional WebSession Enumerated Windows|FQDN|ResourceGroup SrcDomain
317 SrcFQDN string Optional WebSession FQDN
318 SrcDvcId string Optional WebSession
319 SrcDvcIdType string Conditional WebSession Enumerated AzureResourceId|MDEid|MD4IoTid|VMConnectionId|AwsVpcId|VectraId|Other AzureResourceId|MDEid|MD4IoTid|VMConnectionId|AwsVpcId|VectraId|AppGateId|Other SrcDvcId
320 SrcDeviceType string Optional WebSession Enumerated Computer|Mobile Device|IOT Device|Other
321 SrcUserId string Optional WebSession
322 SrcUserIdType string Conditional WebSession Enumerated SID|UIS|AADID|OktaId|AWSId|MD4IoTid SrcUserId
419 DvcFQDN string Optional Authentication FQDN
420 DvcHostname string Recommended Authentication Hostname
421 DvcId string Optional Authentication
422 DvcIdType string Optional Authentication Enumerated AzureResourceId|MDEid|MD4IoTid|VMConnectionId|AwsVpcId|VectraId|Other AzureResourceId|MDEid|MD4IoTid|VMConnectionId|AwsVpcId|VectraId|AppGateId|Other
423 DvcInterface string Optional Authentication
424 DvcIpAddr string Recommended Authentication IP Address
425 DvcMacAddr string Optional Authentication MAC address
455 SrcDomain string Optional Authentication Domain
456 SrcDomainType string Conditional Authentication Enumerated Windows|FQDN|ResourceGroup SrcDomain
457 SrcDvcId string Optional Authentication
458 SrcDvcIdType string Conditional Authentication Enumerated AzureResourceId|MDEid|MD4IoTid|VMConnectionId|AwsVpcId|VectraId|Other AzureResourceId|MDEid|MD4IoTid|VMConnectionId|AwsVpcId|VectraId|AppGateId|Other SrcDvcId
459 SrcDvcOs string Optional Authentication
460 SrcDvcType string Optional Authentication Enumerated Computer|Mobile Device|IOT Device|Other
461 SrcFQDN string Optional Authentication FQDN
473 TargetDomain string Recommended Authentication
474 TargetDomainType string Conditional Authentication Enumerated Windows|FQDN|ResourceGroup TargetDomain
475 TargetDvcId string Optional Authentication
476 TargetDvcIdType string Conditional Authentication Enumerated AzureResourceId|MDEid|MD4IoTid|VMConnectionId|AwsVpcId|VectraId|Other AzureResourceId|MDEid|MD4IoTid|VMConnectionId|AwsVpcId|VectraId|AppGateId|Other TargetDvcId
477 TargetDvcOs string Optional Authentication
478 TargetDvcType string Optional Authentication Enumerated Computer|Mobile Device|IOT Device|Other
479 TargetFQDN string Optional Authentication FQDN
600 DvcHostname string Recommended ProcessEvent Hostname
601 DvcHostname string Recommended ProcessEvent Hostname
602 DvcId string Optional ProcessEvent
603 DvcIdType string Optional ProcessEvent Enumerated AzureResourceId|MDEid|MD4IoTid|VMConnectionId|AwsVpcId|VectraId|Other AzureResourceId|MDEid|MD4IoTid|VMConnectionId|AwsVpcId|VectraId|AppGateId|Other
604 DvcInterface string Optional ProcessEvent
605 DvcIpAddr string Recommended ProcessEvent IP Address
606 DvcMacAddr string Optional ProcessEvent MAC address