From 578920a1913f9ec809813832c7f1e04a830028e2 Mon Sep 17 00:00:00 2001
From: Ashwin Patil <ashwinpatil@outlook.com>
Date: Wed, 9 Sep 2020 11:25:14 -0700
Subject: [PATCH] corrected connnector for Keyvault

---
 Detections/AzureDiagnostics/KeyVaultSensitiveOperations.yaml    | 2 +-
 Detections/AzureDiagnostics/KeyvaultMassSecretRetrieval.yaml    | 2 +-
 .../AzureDiagnostics/TimeSeriesKeyvaultAccessAnomaly.yaml       | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/Detections/AzureDiagnostics/KeyVaultSensitiveOperations.yaml b/Detections/AzureDiagnostics/KeyVaultSensitiveOperations.yaml
index c02e4e408a..bb11c6581e 100644
--- a/Detections/AzureDiagnostics/KeyVaultSensitiveOperations.yaml
+++ b/Detections/AzureDiagnostics/KeyVaultSensitiveOperations.yaml
@@ -5,7 +5,7 @@ description: |
   Any Backup operations should match with expected scheduled backup activity.'
 severity: Low
 requiredDataConnectors:
-  - connectorId: WAF
+  - connectorId: AzureMonitor(Keyvault)
     dataTypes:
       - AzureDiagnostics
 queryFrequency: 1d
diff --git a/Detections/AzureDiagnostics/KeyvaultMassSecretRetrieval.yaml b/Detections/AzureDiagnostics/KeyvaultMassSecretRetrieval.yaml
index a5669a3e33..2ff345622f 100644
--- a/Detections/AzureDiagnostics/KeyvaultMassSecretRetrieval.yaml
+++ b/Detections/AzureDiagnostics/KeyvaultMassSecretRetrieval.yaml
@@ -7,7 +7,7 @@ description: |
   and also filter any known sources (IP/Account) and useragent combinations based on historical analysis to further reduce noise'
 severity: Low
 requiredDataConnectors:
-  - connectorId: WAF
+  - connectorId: AzureMonitor(Keyvault)
     dataTypes:
       - AzureDiagnostics
 queryFrequency: 1d
diff --git a/Detections/AzureDiagnostics/TimeSeriesKeyvaultAccessAnomaly.yaml b/Detections/AzureDiagnostics/TimeSeriesKeyvaultAccessAnomaly.yaml
index 562e5db19c..7b4e347b98 100644
--- a/Detections/AzureDiagnostics/TimeSeriesKeyvaultAccessAnomaly.yaml
+++ b/Detections/AzureDiagnostics/TimeSeriesKeyvaultAccessAnomaly.yaml
@@ -7,7 +7,7 @@ description: |
   TimeSeries Reference Blog: https://techcommunity.microsoft.com/t5/azure-sentinel/looking-for-unknown-anomalies-what-is-normal-time-series/ba-p/555052'
 severity: Low
 requiredDataConnectors:
-  - connectorId: WAF
+  - connectorId: AzureMonitor(Keyvault)
     dataTypes:
       - AzureDiagnostics
 queryFrequency: 1h