Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Solution added SVG name changed

This commit is contained in:
Liu 2024-07-19 15:36:02 +08:00
Родитель 3e74b54d32 224c220841
Коммит 5925b6cbe2
4 изменённых файлов: 75 добавлений и 69 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

134
.script/tests/KqlvalidationsTests/CustomTables/SINECSecurityGuard_CL.json
Просмотреть файл

@ -1,69 +1,69 @@
{
"Name": "SINECSecurityGuard_CL",
"Properties": [
{
"name": "destination_ip",
"type": "string"
},
{
"name": "destination_port",
"type": "int"
},
{
"name": "detected_at",
"type": "datetime"
},
{
"name": "evidence",
"type": "dynamic"
},
{
"name": "protocol",
"type": "string"
},
{
"name": "sensor_id",
"type": "string"
},
{
"name": "severity",
"type": "string"
},
{
"name": "signature_category",
"type": "string"
},
{
"name": "signature_details",
"type": "string"
},
{
"name": "signature_id",
"type": "int"
},
{
"name": "signature_name",
"type": "string"
},
{
"name": "source_ip",
"type": "string"
},
{
"name": "source_port",
"type": "int"
},
{
"name": "tenant_id",
"type": "string"
},
{
"name": "TimeGenerated",
"type": "datetime"
},
{
"name": "sensor_name",
"type": "string"
}
]
"Name": "SINECSecurityGuard_CL",
"Properties": [
{
"Name": "destination_ip",
"type": "string"
},
{
"Name": "destination_port",
"type": "int"
},
{
"Name": "detected_at",
"type": "datetime"
},
{
"Name": "evidence",
"type": "dynamic"
},
{
"Name": "protocol",
"type": "string"
},
{
"Name": "sensor_id",
"type": "string"
},
{
"Name": "severity",
"type": "string"
},
{
"Name": "signature_category",
"type": "string"
},
{
"Name": "signature_details",
"type": "string"
},
{
"Name": "signature_id",
"type": "int"
},
{
"Name": "signature_name",
"type": "string"
},
{
"Name": "source_ip",
"type": "string"
},
{
"Name": "source_port",
"type": "int"
},
{
"Name": "tenant_id",
"type": "string"
},
{
"Name": "TimeGenerated",
"type": "datetime"
},
{
"Name": "sensor_name",
"type": "string"
}
]
}

5
Solutions/Sinec Security Guard/Analytic Rules/SSG_Azure_Sentinel_analytic_rule.yaml
Просмотреть файл

@ -4,7 +4,10 @@ version: 1.0.0
kind: NRT
description: The security analytic rule is designed to scrutinize network activity involving private IP addresses within an organization's internal network. By filtering log entries to include only those where either the source or the destination IP is private, the rule focuses on internal communications that could indicate unauthorized access, internal threats, or other security anomalies.
severity: HIGH
query: SINECSecurityGuard_CL\r\n| where ipv4_is_private(source_ip) or ipv4_is_private(destination_ip)\r\n| project source_ip, destination_ip, signature_id, signature_name\r\n
query: |
SINECSecurityGuard_CL
| where ipv4_is_private(source_ip) or ipv4_is_private(destination_ip)
| project source_ip, destination_ip, signature_id, signature_name
suppressionEnabled: false
eventGroupingSettings:
aggregationKind: AlertPerResult

2
Solutions/Sinec Security Guard/Data/Solution_Sinec Security Guard.json
Просмотреть файл

@ -1,6 +1,6 @@
{
"Name": "Sinec Security Guard",
"Author": "xifeng.liu@siemens.com",
"Author": "Siemens AG",
"Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/SSG.svg\" width=\"75px\" height=\"75px\">",
"Description": "The Sinec Security Guard solution for Microsoft Sentinel allows you to ingest security events of your industrial networks from the (SINEC Security Guard)[https://siemens.com/sinec-security-guard] into Azure Sentinel",
"Analytic Rules": [

3
Solutions/Sinec Security Guard/ReleaseNotes.md Normal file
Просмотреть файл

@ -0,0 +1,3 @@
| **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** |
|-------------|--------------------------------|-----------------------------------|
| 3.0.0 | 19-07-2024 | Initial Solution Release |