Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Merge pull request #5105 from Azure/asim/update-process-schema-tests 

Update ASimTester to align ProcessEvent to doc
This commit is contained in:
Ofer Shezaf 2022-05-25 11:47:14 +03:00 коммит произвёл GitHub
Родитель 7648423eed f4df34620d
Коммит 56c34f0131
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 4AEE18F83AFDEB23
1 изменённых файлов: 7 добавлений и 10 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

17
ASIM/dev/ASimTester/ASimTester.csv
Просмотреть файл

@ -580,25 +580,22 @@ ActingProcessSHA1,string,Optional,ProcessEvent,SHA1,,
ActingProcessSHA256,string,Optional,ProcessEvent,SHA256,,
ActingProcessSHA512,string,Optional,ProcessEvent,SHA521,,
ActingProcessTokenElevation,string,Optional,ProcessEvent,,,
ActorOriginalUserType,string,Optional,ProcessEvent,,,
ActorSessionId,string,Optional,ProcessEvent,,,
ActorUserId,string,Recommended,ProcessEvent,,,
ActorUserIdType,string,Conditional,ProcessEvent,Enumerated,SID|UIS|AADID|OktaId|AWSId|MD4IoTid,ActorUserId
ActorUsername,string,Mandatory,ProcessEvent,,,
ActorUsernameType,string,Conditional,ProcessEvent,Enumerated,UPN|Windows|DN|Simple,ActorUsername
ActorUserType,string,Optional,ProcessEvent,Enumerated,Regular|Machine|Admin|System|Application| Service Principal|Other,
ActorOriginalUserType,string,Optional,ProcessEvent,,,
AdditionalFields,dynamic,Optional,ProcessEvent,,,
CommandLine,string,Alias,ProcessEvent,,,TargetProcessCommandLine
Dvc,string,Mandatory,ProcessEvent,Hostname,,
DvcAction,string,Optional,ProcessEvent,,,
DvcDescription,string,Optional,ProcessEvent,,,
SrcDescription,string,Optional,ProcessEvent,,,
DstDescription,string,Optional,ProcessEvent,,,
DvcDomain,string,Recommended,ProcessEvent,Domain,,
DvcDomainType,string,Recommended,ProcessEvent,Enumerated,Windows|FQDN|ResourceGroup,
DvcFQDN,string,Optional,ProcessEvent,FQDN,,
DvcHostname,string,Recommended,ProcessEvent,Hostname,,
DvcHostname,string,Recommended,ProcessEvent,Hostname,,
DvcId,string,Optional,ProcessEvent,,,
DvcIdType,string,Optional,ProcessEvent,Enumerated,AzureResourceId|MDEid|MD4IoTid|VMConnectionId|AwsVpcId|VectraId|AppGateId|Other,
DvcInterface,string,Optional,ProcessEvent,,,
@ -613,7 +610,7 @@ EventCount,int,Mandatory,ProcessEvent,,,
EventEndTime,datetime,Mandatory,ProcessEvent,,,
EventMessage,string,Optional,ProcessEvent,,,
EventOriginalResultDetails,string,Optional,ProcessEvent,,,
EventOriginalResultDetails,string,Optional,ProcessEvent,,,
EventOriginalSeverity,string,Optional,ProcessEvent,,,
EventOriginalSubType,string,Optional,ProcessEvent,,,
EventOriginalType,string,Optional,ProcessEvent,,,
EventOriginalUid,string,Optional,ProcessEvent,,,
@ -622,8 +619,9 @@ EventProductVersion,string,Optional,ProcessEvent,,,
EventReportUrl,string,Optional,ProcessEvent,URL,,
EventResult,string,Mandatory,ProcessEvent,Enumerated,Success|Failure|Partial|NA,
EventResultDetails,string,Optional,ProcessEvent,,,
EventSchema,string,Mandatory,ProcessEvent,,ProcessEvent,
EventSchema,string,Recommended,ProcessEvent,,ProcessEvent,
EventSchemaVersion,string,Mandatory,ProcessEvent,SchemaVersion,,
EventSeverity,string,Optional,ProcessEvent,Enumerated,Informational|Low|Medium|High,
EventStartTime,datetime,Mandatory,ProcessEvent,,,
EventSubType,string,Optional,ProcessEvent,,,
EventType,string,Mandatory,ProcessEvent,Enumerated,ProcessCreated|ProcessTerminated,
@ -675,9 +673,8 @@ TargetUserIdType,string,Conditional,ProcessEvent,Enumerated,SID|UIS|AADID|OktaId
TargetUsername,string,Mandatory,ProcessEvent,,,
TargetUsernameType,string,Conditional,ProcessEvent,Enumerated,UPN|Windows|DN|Simple,TargetUsername
TargetUserSessionId,string,Optional,ProcessEvent,,,
TargetUserType,string,Optional,ProcessEvent,Enumerated,Regular|Machine|Admin|System|Application|Service Principal|Other,
TimeGenerated,datetime,Mandatory,ProcessEvent,,,
Type,string,Recommended,ProcessEvent,,,
User,string,Alias,ProcessEvent,Username,,TaregetUsername
TimeGenerated,datetime,Mandatory,RegistryEvent,,,
_ResourceId,string,Recommended,RegistryEvent,,,
Type,string,Recommended,RegistryEvent,,,
@ -726,5 +723,5 @@ RegistryValue,string,Recommended,RegistryEvent,,,
RegistryValueData,string,Recommended,RegistryEvent,,,
RegistryValueType,string,Recommended,RegistryEvent,,,
User,string,Alias,RegistryEvent,Username,,ActorUsername
ActorUserType,string,Optional,ProcessEvent,Enumerated,Regular|Machine|Admin|System|Application| Service Principal|Other,
ActorOriginalUserType,string,Optional,ProcessEvent,,,
Type,string,Recommended,ProcessEvent,,,
User,string,Alias,ProcessEvent,Username,,TaregetUsername

1 ColumnName ColumnType Class Schema LogicalType ListOfValues Aliased
580 ActingProcessSHA256 string Optional ProcessEvent SHA256
581 ActingProcessSHA512 string Optional ProcessEvent SHA521
582 ActingProcessTokenElevation string Optional ProcessEvent
583 ActorOriginalUserType string Optional ProcessEvent
584 ActorSessionId string Optional ProcessEvent
585 ActorUserId string Recommended ProcessEvent
586 ActorUserIdType string Conditional ProcessEvent Enumerated SID|UIS|AADID|OktaId|AWSId|MD4IoTid ActorUserId
587 ActorUsername string Mandatory ProcessEvent
588 ActorUsernameType string Conditional ProcessEvent Enumerated UPN|Windows|DN|Simple ActorUsername
589 ActorUserType string Optional ProcessEvent Enumerated Regular|Machine|Admin|System|Application| Service Principal|Other
ActorOriginalUserType string Optional ProcessEvent
590 AdditionalFields dynamic Optional ProcessEvent
591 CommandLine string Alias ProcessEvent TargetProcessCommandLine
592 Dvc string Mandatory ProcessEvent Hostname
593 DvcAction string Optional ProcessEvent
594 DvcDescription string Optional ProcessEvent
SrcDescription string Optional ProcessEvent
DstDescription string Optional ProcessEvent
595 DvcDomain string Recommended ProcessEvent Domain
596 DvcDomainType string Recommended ProcessEvent Enumerated Windows|FQDN|ResourceGroup
597 DvcFQDN string Optional ProcessEvent FQDN
598 DvcHostname string Recommended ProcessEvent Hostname
DvcHostname string Recommended ProcessEvent Hostname
599 DvcId string Optional ProcessEvent
600 DvcIdType string Optional ProcessEvent Enumerated AzureResourceId|MDEid|MD4IoTid|VMConnectionId|AwsVpcId|VectraId|AppGateId|Other
601 DvcInterface string Optional ProcessEvent
610 EventEndTime datetime Mandatory ProcessEvent
611 EventMessage string Optional ProcessEvent
612 EventOriginalResultDetails string Optional ProcessEvent
613 EventOriginalResultDetails EventOriginalSeverity string Optional ProcessEvent
614 EventOriginalSubType string Optional ProcessEvent
615 EventOriginalType string Optional ProcessEvent
616 EventOriginalUid string Optional ProcessEvent
619 EventReportUrl string Optional ProcessEvent URL
620 EventResult string Mandatory ProcessEvent Enumerated Success|Failure|Partial|NA
621 EventResultDetails string Optional ProcessEvent
622 EventSchema string Mandatory Recommended ProcessEvent ProcessEvent
623 EventSchemaVersion string Mandatory ProcessEvent SchemaVersion
624 EventSeverity string Optional ProcessEvent Enumerated Informational|Low|Medium|High
625 EventStartTime datetime Mandatory ProcessEvent
626 EventSubType string Optional ProcessEvent
627 EventType string Mandatory ProcessEvent Enumerated ProcessCreated|ProcessTerminated
673 TargetUsername string Mandatory ProcessEvent
674 TargetUsernameType string Conditional ProcessEvent Enumerated UPN|Windows|DN|Simple TargetUsername
675 TargetUserSessionId string Optional ProcessEvent
676 TargetUserType string Optional ProcessEvent Enumerated Regular|Machine|Admin|System|Application|Service Principal|Other
677 TimeGenerated datetime Mandatory ProcessEvent
Type string Recommended ProcessEvent
User string Alias ProcessEvent Username TaregetUsername
678 TimeGenerated datetime Mandatory RegistryEvent
679 _ResourceId string Recommended RegistryEvent
680 Type string Recommended RegistryEvent
723 RegistryValueData string Recommended RegistryEvent
724 RegistryValueType string Recommended RegistryEvent
725 User string Alias RegistryEvent Username ActorUsername
726 ActorUserType Type string Optional Recommended ProcessEvent Enumerated Regular|Machine|Admin|System|Application| Service Principal|Other
727 ActorOriginalUserType User string Optional Alias ProcessEvent Username TaregetUsername