diff --git a/.script/tests/KqlvalidationsTests/CustomTables/CiscoDuo.json b/.script/tests/KqlvalidationsTests/CustomTables/CiscoDuo.json new file mode 100644 index 0000000000..7d7207b8bf --- /dev/null +++ b/.script/tests/KqlvalidationsTests/CustomTables/CiscoDuo.json @@ -0,0 +1,329 @@ +{ + "Name": "CiscoDuo_CL", + "Properties": [ + { + "Name": "AccessDvcBrowser", + "Type": "String" + }, + { + "Name": "AccessDvcBrowserVersion", + "Type": "String" + }, + { + "Name": "AccessDvcEncryptionEnabled", + "Type": "Boolean" + }, + { + "Name": "AccessDvcFirewallEnabled", + "Type": "Boolean" + }, + { + "Name": "AccessDvcFlashVersion", + "Type": "String" + }, + { + "Name": "AccessDvcIpAddr", + "Type": "String" + }, + { + "Name": "AccessDvcJavaVersion", + "Type": "String" + }, + { + "Name": "AccessDvcFlashVersion", + "Type": "String" + }, + { + "Name": "AccessDvcLocationState", + "Type": "String" + }, + { + "Name": "AccessDvcOsVersion", + "Type": "String" + }, + { + "Name": "AccessDvcPasswordSet", + "Type": "Boolean" + }, + { + "Name": "AccessDvcSecurityAgents", + "Type": "String" + }, + { + "Name": "Alias", + "Type": "String" + }, + { + "Name": "AuthDeviceCity", + "Type": "String" + }, + { + "Name": "AuthDeviceCountry", + "Type": "String" + }, + { + "Name": "AuthDeviceState", + "Type": "String" + }, + { + "Name": "AuthFactor", + "Type": "String" + }, + { + "Name": "Context", + "Type": "String" + }, + { + "Name": "Credits", + "Type": "Double" + }, + { + "Name": "description_s", + "Type": "String" + }, + { + "Name": "DstGeoRegion", + "Type": "String" + }, + { + "Name": "DstUserName", + "Type": "String" + }, + { + "Name": "DvcAction", + "Type": "String" + }, + { + "Name": "DvcHostname", + "Type": "String" + }, + { + "Name": "EventEndTime", + "Type": "String" + }, + { + "Name": "EventProduct", + "Type": "String" + }, + { + "Name": "EventResult", + "Type": "String" + }, + { + "Name": "EventResultDetails", + "Type": "String" + }, + { + "Name": "EventType", + "Type": "String" + }, + { + "Name": "EventUid", + "Type": "String" + }, + { + "Name": "EventVendor", + "Type": "String" + }, + { + "Name": "Explanations", + "Type": "String" + }, + { + "Name": "FromCommonNetblock", + "Type": "String" + }, + { + "Name": "FromNewUser", + "Type": "Boolean" + }, + { + "Name": "HttpUserAgentOriginal", + "Type": "Boolean" + }, + { + "Name": "IsoTimestamp", + "Type": "DateTime" + }, + { + "Name": "Phone", + "Type": "Boolean" + }, + { + "Name": "PriorityEvent", + "Type": "Boolean" + }, + { + "Name": "PriorityReasons", + "Type": "String" + }, + { + "Name": "Sekey", + "Type": "String" + }, + { + "Name": "SrcAppId", + "Type": "String" + }, + { + "Name": "SrcAppName", + "Type": "String" + }, + { + "Name": "SrcDomainType", + "Type": "String" + }, + { + "Name": "SrcDvcOs", + "Type": "String" + }, + { + "Name": "SrcDvcType", + "Type": "String" + }, + { + "Name": "SrcGeoCity", + "Type": "String" + }, + { + "Name": "SrcGeoCountry", + "Type": "String" + }, + { + "Name": "SrcHostname", + "Type": "String" + }, + { + "Name": "SrcIpAddr", + "Type": "String" + }, + { + "Name": "SrcRiskLevel", + "Type": "Boolean" + }, + { + "Name": "SrcUserId", + "Type": "String" + }, + { + "Name": "SrcUserName", + "Type": "String" + }, + { + "Name": "SurfacedAuthAccessDeviceBrowser", + "Type": "String" + }, + { + "Name": "SurfacedAuthAccessDeviceBrowserVersion", + "Type": "String" + }, + { + "Name": "SurfacedAuthAccessDeviceEncryptionEnabled", + "Type": "String" + }, + { + "Name": "SurfacedAuthAccessDeviceFirewallEnabled", + "Type": "String" + }, + { + "Name": "SurfacedAuthAccessDeviceIp", + "Type": "String" + }, + { + "Name": "SurfacedAuthAccessDeviceLocationCity", + "Type": "String" + }, + { + "Name": "SurfacedAuthAccessDeviceLocationCountry", + "Type": "String" + }, + { + "Name": "SurfacedAuthAccessDeviceLocationState", + "Type": "String" + }, + { + "Name": "SurfacedAuthAccessDeviceOs", + "Type": "String" + }, + { + "Name": "SurfacedAuthAccessDeviceOsVersion", + "Type": "String" + }, + { + "Name": "SurfacedAuthAccessDevicePasswordSet", + "Type": "String" + }, + { + "Name": "SurfacedAuthAccessDeviceSecurityAgents", + "Type": "String" + }, + { + "Name": "SurfacedAuthAlias", + "Type": "String" + }, + { + "Name": "SurfacedAuthApplicationKey", + "Type": "String" + }, + { + "Name": "SurfacedAuthApplicationName", + "Type": "Double" + }, + { + "Name": "SurfacedAuthEmail", + "Type": "String" + }, + { + "Name": "SurfacedAuthFactor", + "Type": "Boolean" + }, + { + "Name": "SurfacedAuthIsotimestamp", + "Type": "DateTime" + }, + { + "Name": "SurfacedAuthOodSoftware", + "Type": "String" + }, + { + "Name": "SurfacedAuthReason", + "Type": "String" + }, + { + "Name": "SurfacedAuthResult", + "Type": "String" + }, + { + "Name": "SurfacedAuthTimestamp", + "Type": "Double" + }, + { + "Name": "SurfacedAuthTransactionId", + "Type": "String" + }, + { + "Name": "SurfacedAuthUserGroups", + "Type": "String" + }, + { + "Name": "SurfacedAuthUserKey", + "Type": "String" + }, + { + "Name": "SurfacedAuthUserName", + "Type": "Double" + }, + { + "Name": "SurfacedTimestamp", + "Type": "Double" + }, + { + "Name": "TransactionId", + "Type": "String" + }, + { + "Name": "TriagedAsInteresting", + "Type": "Boolean" + } + ] +} \ No newline at end of file