Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Beyond Security beSECURE patch (#745) 

* Beyond Security beSECURE Connector (Via RestAPI)

* beSECURE Sample Data

* Beyond Security Logo

* We have three tables, do a union of them

To correctly show the incoming data, we need to do a union of the three tables

* Add two sample queries for Audit and Events

* Add missing dataTypes

* No need for customs

* Bigger sample base

* More data

* More data samples, and more accurate structure

* Incorrect escape character

\b should be just \n

* Rephrase to be more clear

* No dependencies

* Empty

* No need for xlink
This commit is contained in:
Noam Rathaus 2020-07-02 02:48:34 +03:00 коммит произвёл GitHub
Родитель b4604a0356
Коммит 83f4d6407e
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 4AEE18F83AFDEB23
5 изменённых файлов: 1028 добавлений и 0 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

122
DataConnectors/Beyond Security beSECURE.json Normal file
Просмотреть файл

@ -0,0 +1,122 @@
{
"id": "BeyondSecuritybeSECURE",
"title": "Beyond Security beSECURE",
"publisher": "Beyond Security",
"descriptionMarkdown":
"The [Beyond Security beSECURE](https://beyondsecurity.com/) connector allows you to easily connect your Beyond Security beSECURE scan events, scan results and audit trail with Azure Sentinel, to view dashboards, create custom alerts, and improve investigation. This gives you more insight into your organization's network and improves your security operation capabilities.",
"graphQueries": [
{
"metricName": "Total data received",
"legend": "Beyond Security beSECURE",
"baseQuery": "union beSECURE_Audit_CL, beSECURE_ScanEvent_CL, beSECURE_ScanResults_CL"
}
],
"sampleQueries": [
{
"description" : "CVSS Score Aggregated",
"query": "beSECURE_ScanResults_CL | summarize count() by cvss_score_s"
},
{
"description" : "Risk Aggregated",
"query": "beSECURE_ScanResults_CL | summarize count() by risk_name_s"
},
{
"description": "Host Risk Aggregated",
"query": "beSECURE_ScanResults_CL | summarize count() by destination_host_s, risk_name_s"
},
{
"description" : "Top 10 most vulnerable Hosts",
"query": "beSECURE_ScanResults_CL | \n where (risk_value_s == 8 or risk_value_s == 4) | \n summarize count() by destination_host_s, risk_value_s | \n order by risk_value_s, count_ | \n limit 10"
},
{
"description" : "Failed login",
"query": "beSECURE_Audit_CL | \n where audit_event_s == 'Login failed' "
},
{
"description": "Completed Scans",
"query" : "beSECURE_ScanEvent_CL | \n where scan_event_s == 'Scan Complete' | \n summarize count()"
}
,
{
"description": "Failed to Complete Scans",
"query" : "beSECURE_ScanEvent_CL | \n where scan_event_s == 'Scan Failed' | \n summarize count()"
}
],
"dataTypes": [
{
"name": "beSECURE_ScanResults_CL",
"lastDataReceivedQuery": "beSECURE_ScanResults_CL \n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)"
},
{
"name": "beSECURE_ScanEvent_CL",
"lastDataReceivedQuery": "beSECURE_ScanEvent_CL \n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)"
},
{
"name": "beSECURE_Audit_CL",
"lastDataReceivedQuery": "beSECURE_Audit_CL \n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)"
}
],
"connectivityCriterias": [
{
"type": "IsConnectedQuery",
"value": [
"beSECURE_ScanResults_CL \n | summarize LastLogReceived = max(TimeGenerated) \n | project IsConnected = LastLogReceived > ago(30d)"
]
}
],
"availability": {
"status": 1
},
"permissions": {
"resourceProvider": [
{
"provider": "Microsoft.OperationalInsights/workspaces",
"permissionsDisplayText": "write permission is required.",
"providerDisplayName": "Workspace",
"scope": "Workspace",
"requiredPermissions": {
"write": true,
"delete": true
}
}
],
"customs": [
]
},
"instructionSteps": [
{
"title": "Configure beSECURE",
"description" : "Follow the steps below to configure your beSECURE solution to send out scan results, scan status and audit trail to Azure Sentinel.",
"innerSteps" : [
{
"title": "1. Access the Integration menu",
"description": "1.1 Click on the 'More' menu option\n\n1.2 Select Server\n\n1.3 Select Integration\n\n1.4 Enable Azure Sentinel"
},
{ "title": "2. Provide Azure Sentinel settings",
"description" : "Fill in the Workspace ID and Primary Key values, click 'Modify'",
"instructions": [ {
"parameters": {
"fillWith": [
"WorkspaceId"
],
"label": "Workspace ID"
},
"type": "CopyableLabel"
},
{
"parameters": {
"fillWith": [
"PrimaryKey"
],
"label": "Primary Key"
},
"type": "CopyableLabel"
}
]
}
]
}
]
}

102
Logos/Beyond Security Logo.svg Normal file
Просмотреть файл

@ -0,0 +1,102 @@
<?xml version="1.0" encoding="utf-8"?>
<!-- Generator: Adobe Illustrator 16.0.3, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" x="0px" y="0px"
width="1024px" height="361.539px" viewBox="0 0 1024 361.539" enable-background="new 0 0 1024 361.539" xml:space="preserve">
<g>
<path fill="#3DA0B7" d="M457.902,130.539c-2.17,8-4.61,17.834-7.318,27.655c-2.712,9.827-5.531,19.901-8.456,29.942
c-2.925,10.038-5.906,19.881-8.942,29.381c-3.036,9.504-5.966,18.174-8.78,25.946c-3.036-7.772-6.239-16.387-9.598-25.891
c-3.361-9.502-6.67-19.264-9.919-29.302c-3.255-10.041-6.346-20.253-9.271-30.078c-2.93-9.825-5.481-19.653-7.646-27.653h-51.171
c9.716,35,20.085,63.928,31.101,90.811c11.018,26.879,22.033,51.263,33.055,72.853c-3.243,8.201-7.186,14.695-11.832,19.341
c-4.645,4.641-11.283,6.997-19.921,6.997c-4.323,0-8.432-0.304-12.317-0.952c-3.887-0.647-8.315-1.829-13.284-3.553l-8.42,38.544
c4.109,1.726,9.35,3.292,15.726,4.699c6.375,1.401,13.355,2.106,20.926,2.106c9.078,0,17.022-1.027,23.833-3.076
c6.812-2.055,12.92-5.293,18.323-9.718c5.406-4.427,10.378-10.039,14.923-16.84c4.54-6.801,9.079-15.06,13.623-24.775
c12.556-26.987,24.138-55.128,34.746-83.847c10.605-28.713,20.777-59.59,30.519-92.59H457.902z"/>
<path fill="#3DA0B7" d="M645.826,146.978c-7.344-7.771-16.142-13.813-26.395-18.135c-10.259-4.316-21.538-6.478-33.846-6.478
c-12.092,0-23.268,2.162-33.519,6.478c-10.259,4.322-19.108,10.364-26.56,18.135c-7.446,7.772-13.276,17.165-17.487,28.178
c-4.209,11.01-6.314,23.21-6.314,36.596c0,13.388,2.05,25.64,6.154,36.759c4.098,11.122,9.821,20.62,17.165,28.499
c7.336,7.883,16.138,13.982,26.395,18.298c10.253,4.318,21.644,6.476,34.167,6.476c12.737,0,24.234-2.157,34.491-6.476
c10.253-4.315,19.054-10.415,26.397-18.298c7.336-7.879,12.953-17.377,16.839-28.499c3.888-11.119,5.832-23.371,5.832-36.759
c0-13.386-2.057-25.586-6.154-36.596C658.887,164.142,653.164,154.75,645.826,146.978z M611.01,247.215
c-5.941,8.742-14.41,13.116-25.424,13.116c-11.01,0-19.543-4.374-25.584-13.116c-6.048-8.745-9.068-20.565-9.068-35.463
s3.021-26.609,9.068-35.142c6.041-8.525,14.574-12.791,25.584-12.791c11.014,0,19.482,4.266,25.424,12.791
c5.937,8.533,8.907,20.244,8.907,35.142S616.946,238.47,611.01,247.215z"/>
<path fill="#3DA0B7" d="M819.081,144.711c-5.618-6.908-13.229-12.25-22.832-16.031c-9.61-3.775-21.649-5.667-36.112-5.667
c-14.25,0-27.648,1.026-40.603,3.076c-12.956,2.057-23.534,4.268-31.534,6.64v164.811h47V165.763c4-0.432,6.901-0.811,10.787-1.133
c3.886-0.325,7.766-0.488,11.225-0.488c11.223,0,18.311,3.238,22.416,9.718c4.099,6.476,5.572,17.488,5.572,33.033v90.646h49
v-96.476c0-11.66-0.877-22.236-3.25-31.739C828.371,159.826,824.692,151.623,819.081,144.711z"/>
<path fill="#3DA0B7" d="M186.386,183.748c3.088,4.267,6.007,8.283,8.54,12.31l2.9,4.602l4.037-3.654
c3.686-3.333,6.858-6.385,9.928-9.337c6.28-6.042,11.704-11.259,19.146-16.57c7.087-5.055,15.151-7.727,23.322-7.727
c10.773,0,20.862,4.734,27.679,12.99c0.348,0.422,0.661,0.864,0.99,1.294l-45.595,22.493l14.351,29.09l81.491-40.2l2.721-0.111
l-1.417-5.491c-4.871-18.873-14.329-34.326-27.351-45.426c-13.709-11.686-31.161-17.47-50.468-17.47h-0.128
c-35.333,0-57.399,17.353-79.66,43.906l-2.141,2.359l1.776,2.721C179.674,174.558,183.086,179.192,186.386,183.748z"/>
<path fill="#3DA0B7" d="M335.397,235.922l1.585-5.979l-6.181,0.237c-2.927,0.113-5.854,0.242-8.782,0.372
c-6.878,0.306-12.17,0.442-17.159,0.442c-5.614,0-10.661-0.181-15.43-0.553l-2.675-0.206l-1.486,2.231
c-7.115,10.694-18.62,16.827-31.565,16.827c-2.243,0-4.538-0.188-6.821-0.559c-10.758-1.744-20.215-7.247-28.108-16.356
c-11.682-13.482-22.49-27.213-32.126-40.809c-1.982-2.798-3.935-5.616-5.885-8.43c-10.514-15.179-21.386-30.869-36.844-42.792
c-18.026-13.905-37.224-20.953-57.061-20.953c-11.841,0-23.846,2.538-35.992,7.548c-2.064,0.852-3.867,1.797-5.867,2.802V1.525
L0.204,9.438L-0.15,216.183l0.563-1.367c0.489,5.592,1.438,11.247,2.923,16.915c9.874,37.666,41.004,62.002,79.321,62.002
c2.135,0,4.306-0.077,6.462-0.228c34.671-2.443,54.047-21.911,74.05-45.188l2.396-2.79l-25.193-33.505l-3.715,4.14
c-1.488,1.658-2.632,3.313-3.642,4.773c-1.137,1.645-2.12,3.063-3.301,4.086c-2.364,2.039-4.461,3.955-6.49,5.811
c-5.231,4.779-9.75,8.909-16.321,12.791c-6.571,3.886-13.871,5.938-21.11,5.938c-12.202,0-23.547-5.684-31.127-15.597
c-12.342-16.141-10.887-44.366,3.053-59.22c6.837-7.284,16.816-11.461,27.38-11.461c8.774,0,17.275,2.782,24.584,8.049
c7.534,5.425,15.032,12.89,23.598,23.486c7.464,9.238,14.64,19.035,21.58,28.507c4.564,6.234,9.286,12.679,14.067,18.937
c5.737,7.508,11.298,13.962,17,19.732c21.035,21.292,42.711,31.642,66.268,31.642c7.57,0,15.427-1.105,23.355-3.285l3.677-1.013
l-0.024-0.268C309.594,279.819,328.496,261.941,335.397,235.922z"/>
<path fill="#3DA0B7" d="M1022.999,7.731L980,1.525v128.207c-2-1.017-3.925-1.948-5.96-2.788
c-12.141-5.01-24.151-7.548-35.993-7.548c-19.836,0-39.079,7.048-57.105,20.953c-2.301,1.773-4.52,3.636-6.632,5.563
c0.034,0.15,0.059,0.297,0.091,0.446c-16.38,15.526-26.466,36.638-26.466,59.909c0,35.274,23.157,65.591,56.333,78.988
c9.06,4.453,19.306,7.394,31.427,8.25c2.158,0.15,4.326,0.228,6.462,0.228c38.316,0,69.44-24.336,79.314-62.002
c1.48-5.647,2.434-11.312,2.917-16.967l0.624,1.354L1022.999,7.731z M977.799,215.584c-1.168,6.807-3.698,13.214-7.647,18.38
c-6.216,8.13-14.971,13.409-24.649,15.048c-3.214,0.785-6.555,1.215-9.982,1.215c-23.521,0-43.147-19.63-43.147-43.151
c0-22.128,17.374-40.805,39.018-42.941c2.727-0.563,5.513-0.852,8.328-0.852c10.564,0,20.544,4.179,27.38,11.463
c6.569,6.997,10.363,16.964,11.25,27.237c0.204,1.677,0.32,3.373,0.32,5.093C978.668,209.98,978.367,212.826,977.799,215.584z"/>
</g>
<g>
<path fill="#333333" d="M483.053,355.854c2.667,0,4.609-0.451,5.826-1.354c1.216-0.902,1.824-2.178,1.824-3.825
c0-0.98-0.206-1.824-0.618-2.53s-1-1.344-1.766-1.912c-0.765-0.568-1.697-1.099-2.795-1.589c-1.099-0.49-2.354-0.972-3.766-1.442
c-1.412-0.509-2.776-1.068-4.09-1.677c-1.315-0.607-2.471-1.362-3.472-2.266c-1-0.902-1.805-1.98-2.413-3.236
c-0.609-1.255-0.912-2.766-0.912-4.531c0-3.687,1.274-6.58,3.825-8.68c2.55-2.098,6.021-3.148,10.416-3.148
c2.55,0,4.815,0.285,6.797,0.854c1.98,0.569,3.54,1.188,4.678,1.854l-2.295,6.002c-1.334-0.744-2.795-1.313-4.384-1.706
c-1.589-0.392-3.227-0.589-4.914-0.589c-2,0-3.56,0.412-4.678,1.236c-1.118,0.823-1.677,1.981-1.677,3.472
c0,0.903,0.186,1.677,0.559,2.324c0.372,0.647,0.902,1.227,1.588,1.736c0.686,0.51,1.491,0.98,2.413,1.412
c0.921,0.433,1.932,0.844,3.03,1.235c1.922,0.706,3.638,1.423,5.149,2.148c1.51,0.727,2.785,1.589,3.825,2.589
c1.039,1.001,1.833,2.178,2.383,3.531c0.549,1.354,0.824,2.991,0.824,4.913c0,3.688-1.305,6.542-3.913,8.563
c-2.61,2.021-6.424,3.03-11.446,3.03c-1.687,0-3.227-0.108-4.619-0.324c-1.393-0.216-2.629-0.48-3.708-0.794
c-1.079-0.313-2.011-0.638-2.795-0.971c-0.785-0.333-1.412-0.638-1.883-0.912l2.178-6.062c1.059,0.589,2.491,1.177,4.295,1.766
C478.326,355.559,480.503,355.854,483.053,355.854z"/>
<path fill="#333333" d="M528.481,361.385v-40.78h26.187v6.297h-18.771v10.063h16.712v6.179h-16.712v11.945h20.184v6.297H528.481z"
/>
<path fill="#333333" d="M603.157,362.268c-3.061,0-5.807-0.471-8.238-1.412c-2.434-0.941-4.493-2.324-6.179-4.148
c-1.688-1.824-2.982-4.051-3.884-6.68c-0.903-2.628-1.354-5.648-1.354-9.062s0.52-6.434,1.56-9.063
c1.038-2.628,2.461-4.854,4.266-6.679c1.804-1.824,3.923-3.207,6.355-4.148c2.432-0.942,5.04-1.413,7.826-1.413
c1.687,0,3.217,0.128,4.59,0.383c1.373,0.256,2.569,0.54,3.59,0.854c1.02,0.314,1.863,0.647,2.53,1
c0.667,0.354,1.138,0.608,1.412,0.765l-2.177,6.062c-0.941-0.589-2.286-1.147-4.031-1.677c-1.746-0.53-3.639-0.795-5.679-0.795
c-1.765,0-3.413,0.305-4.942,0.912c-1.53,0.608-2.854,1.521-3.973,2.736c-1.118,1.217-1.991,2.747-2.618,4.59
c-0.628,1.845-0.941,3.982-0.941,6.414c0,2.158,0.244,4.14,0.735,5.943c0.49,1.806,1.245,3.364,2.266,4.679
c1.02,1.314,2.314,2.334,3.884,3.06c1.568,0.727,3.451,1.089,5.649,1.089c2.627,0,4.766-0.265,6.414-0.794
c1.647-0.53,2.922-1.03,3.824-1.501l2.001,6.061c-0.471,0.314-1.108,0.629-1.912,0.942c-0.805,0.314-1.757,0.617-2.854,0.912
c-1.099,0.294-2.334,0.529-3.707,0.706C606.196,362.179,604.726,362.268,603.157,362.268z"/>
<path fill="#333333" d="M661.824,362.268c-2.786,0-5.178-0.403-7.179-1.206c-2.001-0.804-3.659-1.933-4.973-3.384
c-1.314-1.451-2.286-3.157-2.913-5.12c-0.628-1.961-0.941-4.119-0.941-6.473v-25.48h7.474v24.774c0,1.845,0.206,3.423,0.618,4.737
c0.411,1.314,1,2.383,1.765,3.207c0.766,0.823,1.667,1.433,2.707,1.824c1.039,0.393,2.207,0.588,3.501,0.588
c1.295,0,2.472-0.195,3.531-0.588c1.06-0.392,1.972-1.001,2.736-1.824c0.765-0.824,1.354-1.893,1.766-3.207
c0.411-1.314,0.617-2.893,0.617-4.737v-24.774h7.474v25.48c0,2.354-0.323,4.512-0.971,6.473c-0.647,1.963-1.629,3.669-2.942,5.12
c-1.314,1.451-2.992,2.58-5.031,3.384C667.022,361.864,664.609,362.268,661.824,362.268z"/>
<path fill="#333333" d="M722.259,320.193c5.884,0,10.386,1.079,13.505,3.236c3.118,2.158,4.678,5.453,4.678,9.886
c0,5.531-2.727,9.278-8.18,11.239c0.745,0.903,1.589,2.001,2.53,3.296c0.942,1.294,1.902,2.697,2.884,4.207
c0.98,1.511,1.922,3.061,2.824,4.649c0.902,1.588,1.707,3.147,2.413,4.678h-8.297c-0.746-1.412-1.551-2.834-2.413-4.267
c-0.863-1.432-1.735-2.824-2.618-4.178s-1.757-2.628-2.619-3.825c-0.863-1.196-1.668-2.266-2.412-3.207
c-0.55,0.04-1.021,0.059-1.413,0.059s-0.765,0-1.117,0h-3.59v15.418h-7.415v-40.191c1.805-0.392,3.727-0.656,5.768-0.794
C718.825,320.262,720.649,320.193,722.259,320.193z M722.788,326.607c-1.569,0-3.021,0.059-4.354,0.177v13.181h3.236
c1.804,0,3.393-0.098,4.767-0.294c1.373-0.196,2.521-0.549,3.442-1.06c0.921-0.509,1.618-1.196,2.089-2.06
c0.471-0.862,0.706-1.961,0.706-3.295c0-1.255-0.235-2.314-0.706-3.178c-0.471-0.862-1.147-1.55-2.03-2.06
s-1.933-0.873-3.148-1.089C725.573,326.716,724.239,326.607,722.788,326.607z"/>
<path fill="#333333" d="M772.218,320.604h7.415v40.78h-7.415V320.604z"/>
<path fill="#333333" d="M841.36,320.604v6.415h-12.534v34.365h-7.474V327.02h-12.534v-6.415H841.36z"/>
<path fill="#333333" d="M885.787,338.671c1.766-2.942,3.491-5.924,5.179-8.945c1.687-3.021,3.217-6.061,4.59-9.121h8.238
c-2.197,4.159-4.482,8.288-6.855,12.388c-2.374,4.1-4.913,8.229-7.62,12.387v16.006h-7.415v-15.889
c-2.706-4.197-5.257-8.355-7.649-12.475c-2.394-4.119-4.688-8.258-6.885-12.417h8.709c1.373,3.061,2.884,6.101,4.531,9.121
C882.257,332.747,883.982,335.729,885.787,338.671z"/>
</g>
</svg>
Режим "рядом"

После

Ширина:  |  Высота:  |  Размер: 10 KiB

202
Sample Data/Custom/beSECURE_Audit_CL.json Normal file
Просмотреть файл

@ -0,0 +1,202 @@
[
{
"additional_information": "",
"audit_code": "EF12B5DB-3EF2-391D-B9AF-311298D9F328",
"audit_id": "169",
"audit_name": "User logged out of the system",
"originator_ip": "192.168.15.254",
"triggered_by": "superadmin"
},
{
"additional_information": " Name changed from 'Agent Scanning - Updated' to 'Agent Scanning' ",
"audit_code": "EE6579AD-9C6C-35F1-97B4-7027297EEC0C",
"audit_id": "168",
"audit_name": "Record modified",
"originator_ip": "192.168.15.254",
"triggered_by": "superadmin"
},
{
"additional_information": " Name changed from 'Agent Scanning' to 'Agent Scanning - Updated' ",
"audit_code": "EE6579AD-9C6C-35F1-97B4-7027297EEC0C",
"audit_id": "167",
"audit_name": "Record modified",
"originator_ip": "192.168.15.254",
"triggered_by": "superadmin"
},
{
"additional_information": "192.168.15.254",
"audit_code": "1C0113B3-56C0-31E8-90B5-E32EF68EAF7C",
"audit_id": "166",
"audit_name": "User logged in to the system",
"originator_ip": "192.168.15.254",
"triggered_by": "superadmin"
},
{
"additional_information": "Login used: superadmin",
"audit_code": "157CBCC7-8FDF-32CF-AE0E-0608E0AB5A6B",
"audit_id": "165",
"audit_name": "An invalid username/password combination has been provided",
"originator_ip": "192.168.15.254",
"triggered_by": ""
},
{
"additional_information": "",
"audit_code": "EF12B5DB-3EF2-391D-B9AF-311298D9F328",
"audit_id": "164",
"audit_name": "User logged out of the system",
"originator_ip": "192.168.15.254",
"triggered_by": "superadmin"
},
{
"additional_information": "192.168.15.254",
"audit_code": "1C0113B3-56C0-31E8-90B5-E32EF68EAF7C",
"audit_id": "163",
"audit_name": "User logged in to the system",
"originator_ip": "192.168.15.254",
"triggered_by": "superadmin"
},
{
"additional_information": "",
"audit_code": "EF12B5DB-3EF2-391D-B9AF-311298D9F328",
"audit_id": "162",
"audit_name": "User logged out of the system",
"originator_ip": "192.168.15.254",
"triggered_by": "superadmin"
},
{
"additional_information": " Name changed from 'Agent Scanning2' to 'Agent Scanning' ",
"audit_code": "EE6579AD-9C6C-35F1-97B4-7027297EEC0C",
"audit_id": "161",
"audit_name": "Record modified",
"originator_ip": "192.168.15.254",
"triggered_by": "superadmin"
},
{
"additional_information": " Name changed from 'Agent Scanning' to 'Agent Scanning2' ",
"audit_code": "EE6579AD-9C6C-35F1-97B4-7027297EEC0C",
"audit_id": "160",
"audit_name": "Record modified",
"originator_ip": "192.168.15.254",
"triggered_by": "superadmin"
},
{
"additional_information": "192.168.15.254",
"audit_code": "1C0113B3-56C0-31E8-90B5-E32EF68EAF7C",
"audit_id": "159",
"audit_name": "User logged in to the system",
"originator_ip": "192.168.15.254",
"triggered_by": "superadmin"
},
{
"additional_information": "Login used: superadmin",
"audit_code": "157CBCC7-8FDF-32CF-AE0E-0608E0AB5A6B",
"audit_id": "158",
"audit_name": "An invalid username/password combination has been provided",
"originator_ip": "192.168.15.254",
"triggered_by": ""
},
{
"additional_information": "",
"audit_code": "EF12B5DB-3EF2-391D-B9AF-311298D9F328",
"audit_id": "157",
"audit_name": "User logged out of the system",
"originator_ip": "192.168.15.254",
"triggered_by": "superadmin"
},
{
"additional_information": "",
"audit_code": "EF12B5DB-3EF2-391D-B9AF-311298D9F328",
"audit_id": "156",
"audit_name": "User logged out of the system",
"originator_ip": "192.168.15.254",
"triggered_by": "superadmin"
},
{
"additional_information": "192.168.15.254",
"audit_code": "1C0113B3-56C0-31E8-90B5-E32EF68EAF7C",
"audit_id": "155",
"audit_name": "User logged in to the system",
"originator_ip": "192.168.15.254",
"triggered_by": "superadmin"
},
{
"additional_information": "",
"audit_code": "EF12B5DB-3EF2-391D-B9AF-311298D9F328",
"audit_id": "154",
"audit_name": "User logged out of the system",
"originator_ip": "192.168.15.254",
"triggered_by": "superadmin"
},
{
"additional_information": "192.168.15.254",
"audit_code": "1C0113B3-56C0-31E8-90B5-E32EF68EAF7C",
"audit_id": "153",
"audit_name": "User logged in to the system",
"originator_ip": "192.168.15.254",
"triggered_by": "superadmin"
},
{
"additional_information": "",
"audit_code": "EF12B5DB-3EF2-391D-B9AF-311298D9F328",
"audit_id": "152",
"audit_name": "User logged out of the system",
"originator_ip": "192.168.15.254",
"triggered_by": "superadmin"
},
{
"additional_information": "192.168.15.254",
"audit_code": "1C0113B3-56C0-31E8-90B5-E32EF68EAF7C",
"audit_id": "151",
"audit_name": "User logged in to the system",
"originator_ip": "192.168.15.254",
"triggered_by": "superadmin"
},
{
"additional_information": "Login used: superadmin",
"audit_code": "157CBCC7-8FDF-32CF-AE0E-0608E0AB5A6B",
"audit_id": "150",
"audit_name": "An invalid username/password combination has been provided",
"originator_ip": "192.168.15.254",
"triggered_by": ""
},
{
"additional_information": "",
"audit_code": "80B52FAD-E720-3C00-A54A-270005B406F1",
"audit_id": "139",
"audit_name": "User session timed out. Account logged out of the system",
"originator_ip": "192.168.15.254",
"triggered_by": "superadmin"
},
{
"additional_information": "No changes have been detected<!-- NoChange -->",
"audit_code": "EE6579AD-9C6C-35F1-97B4-7027297EEC0C",
"audit_id": "136",
"audit_name": "Record modified",
"originator_ip": "192.168.15.254",
"triggered_by": "superadmin"
},
{
"additional_information": " SAMLv2Domains changed from 'example.org' to '' ",
"audit_code": "EE6579AD-9C6C-35F1-97B4-7027297EEC0C",
"audit_id": "123",
"audit_name": "Record modified",
"originator_ip": "192.168.15.254",
"triggered_by": "superadmin"
},
{
"additional_information": " TimeRange changed from '' to 'OOOOOOOOOOOOOOOOOOOOOOOO' <BR>\n Routine changed from '' to '|I|' ",
"audit_code": "EE6579AD-9C6C-35F1-97B4-7027297EEC0C",
"audit_id": "117",
"audit_name": "Record modified",
"originator_ip": "",
"triggered_by": "superadmin"
},
{
"additional_information": "",
"audit_code": "F86836CF-0A3A-3104-AEBA-A07E120335B8",
"audit_id": "116",
"audit_name": "Record created",
"originator_ip": "",
"triggered_by": "superadmin"
}
]

72
Sample Data/Custom/beSECURE_ScanEvent_CL.json Normal file
Просмотреть файл

@ -0,0 +1,72 @@
[
{
"additional_information": "",
"event_code": "AC5EE825-1C12-3E3D-98C4-049E8571974D",
"event_id": "361",
"event_name": "Scan Completed",
"event_time": "2020-06-10 00:00:22",
"scan_id": "FA15C1A8",
"scan_name": "Agent Scanning",
"scan_type": "networks"
},
{
"additional_information": "",
"event_code": "CB360E47-2D6A-392F-8775-F3CFA55CE44E",
"event_id": "362",
"event_name": "Scan Started",
"event_time": "2020-06-11 08:50:44",
"scan_id": "FA15C1A8",
"scan_name": "Agent Scanning",
"scan_type": "networks"
},
{
"additional_information": "Scan failed",
"event_code": "39A6C596-636D-3FC6-B6F3-5786517E946F",
"event_id": "363",
"event_name": "Scan Status Received",
"event_time": "2020-06-11 08:50:51",
"scan_id": "FA15C1A8",
"scan_name": "Agent Scanning",
"scan_type": "networks"
},
{
"additional_information": "",
"event_code": "AC5EE825-1C12-3E3D-98C4-049E8571974D",
"event_id": "364",
"event_name": "Scan Completed",
"event_time": "2020-06-11 08:50:51",
"scan_id": "FA15C1A8",
"scan_name": "Agent Scanning",
"scan_type": "networks"
},
{
"additional_information": "",
"event_code": "CB360E47-2D6A-392F-8775-F3CFA55CE44E",
"event_id": "365",
"event_name": "Scan Started",
"event_time": "2020-06-12 00:00:05",
"scan_id": "FA15C1A8",
"scan_name": "Agent Scanning",
"scan_type": "networks"
},
{
"additional_information": "Running preliminary scan<BR>\n",
"event_code": "2FB7C5AE-E111-3E75-A1E4-AA27B4882CCB",
"event_id": "366",
"event_name": "Scan Progress",
"event_time": "2020-06-12 00:00:10",
"scan_id": "FA15C1A8",
"scan_name": "Agent Scanning",
"scan_type": "networks"
},
{
"additional_information": "Scan completed successfully",
"event_code": "39A6C596-636D-3FC6-B6F3-5786517E946F",
"event_id": "368",
"event_name": "Scan Status Received",
"event_time": "2020-06-12 00:00:21",
"scan_id": "FA15C1A8",
"scan_name": "Agent Scanning",
"scan_type": "networks"
}
]

530
Sample Data/Custom/beSECURE_ScanResults_CL.json Normal file
Просмотреть файл

@ -0,0 +1,530 @@
[
{
"cves": "CVE-1999-0621",
"cvss_score": "1",
"destination_host": "192.168.15.254",
"destination_port": "137",
"risk_name": "Low",
"risk_value": "1",
"scan_name": "Noam Desktop",
"test_id": "838",
"vulnerability_name": "NetBIOS Information Retrieval"
},
{
"cves": "",
"cvss_score": "4",
"destination_host": "192.168.15.254",
"destination_port": "445",
"risk_name": "Medium",
"risk_value": "4",
"scan_name": "Noam Desktop",
"test_id": "1151",
"vulnerability_name": "SMB Shares Enumeration"
},
{
"cves": "CVE-1999-0503, CVE-1999-0504, CVE-1999-0505, CVE-1999-0506, CVE-2000-0222, CVE-2002-1117",
"cvss_score": "10.0",
"destination_host": "192.168.15.254",
"destination_port": "445",
"risk_name": "Medium",
"risk_value": "4",
"scan_name": "Noam Desktop",
"test_id": "1162",
"vulnerability_name": "Shared Directory Access (Login)"
},
{
"cves": "CVE-1999-0562",
"cvss_score": "7.5",
"destination_host": "192.168.15.254",
"destination_port": "445",
"risk_name": "Medium",
"risk_value": "4",
"scan_name": "Noam Desktop",
"test_id": "1164",
"vulnerability_name": "Remotely Accessible Registry"
},
{
"cves": "CVE-1999-0662",
"cvss_score": "10.0",
"destination_host": "192.168.15.254",
"destination_port": "445",
"risk_name": "Low",
"risk_value": "1",
"scan_name": "Noam Desktop",
"test_id": "1165",
"vulnerability_name": "Windows Version Information"
},
{
"cves": "CVE-1999-0519, CVE-1999-0520",
"cvss_score": "7.5",
"destination_host": "192.168.15.254",
"destination_port": "445",
"risk_name": "Medium",
"risk_value": "4",
"scan_name": "Noam Desktop",
"test_id": "1170",
"vulnerability_name": "Shared Directory Access (Share Access)"
},
{
"cves": "",
"cvss_score": "1",
"destination_host": "192.168.15.254",
"destination_port": "445",
"risk_name": "Low",
"risk_value": "1",
"scan_name": "Noam Desktop",
"test_id": "1179",
"vulnerability_name": "SMB Services Enumeration"
},
{
"cves": "",
"cvss_score": "4",
"destination_host": "192.168.15.254",
"destination_port": "445",
"risk_name": "Medium",
"risk_value": "4",
"scan_name": "Noam Desktop",
"test_id": "1191",
"vulnerability_name": "Remotely Accessible Registry (Full Access)"
},
{
"cves": "CVE-2000-1200",
"cvss_score": "5.0",
"destination_host": "192.168.15.254",
"destination_port": "445",
"risk_name": "Medium",
"risk_value": "4",
"scan_name": "Noam Desktop",
"test_id": "1618",
"vulnerability_name": "Host SID Information Retrieval"
},
{
"cves": "CVE-2000-1200",
"cvss_score": "5.0",
"destination_host": "192.168.15.254",
"destination_port": "445",
"risk_name": "Medium",
"risk_value": "4",
"scan_name": "Noam Desktop",
"test_id": "1620",
"vulnerability_name": "SMB Host SID User Enumeration"
},
{
"cves": "",
"cvss_score": "4",
"destination_host": "192.168.15.254",
"destination_port": "445",
"risk_name": "Medium",
"risk_value": "4",
"scan_name": "Noam Desktop",
"test_id": "1655",
"vulnerability_name": "Users in the 'Administrators' Group"
},
{
"cves": "",
"cvss_score": "1",
"destination_host": "192.168.15.254",
"destination_port": "0",
"risk_name": "Low",
"risk_value": "1",
"scan_name": "Noam Desktop",
"test_id": "1673",
"vulnerability_name": "Local Users Information: Disabled Accounts"
},
{
"cves": "",
"cvss_score": "1",
"destination_host": "192.168.15.254",
"destination_port": "0",
"risk_name": "Low",
"risk_value": "1",
"scan_name": "Noam Desktop",
"test_id": "1674",
"vulnerability_name": "Local Users Information: Password Never Changed"
},
{
"cves": "",
"cvss_score": "1",
"destination_host": "192.168.15.254",
"destination_port": "0",
"risk_name": "Low",
"risk_value": "1",
"scan_name": "Noam Desktop",
"test_id": "1675",
"vulnerability_name": "Local Users Information: Users Which Never Logged On"
},
{
"cves": "",
"cvss_score": "1",
"destination_host": "192.168.15.254",
"destination_port": "0",
"risk_name": "Low",
"risk_value": "1",
"scan_name": "Noam Desktop",
"test_id": "1676",
"vulnerability_name": "Local Users Information: User Passwords That Never Expires"
},
{
"cves": "",
"cvss_score": "4",
"destination_host": "192.168.15.254",
"destination_port": "445",
"risk_name": "Medium",
"risk_value": "4",
"scan_name": "Noam Desktop",
"test_id": "1782",
"vulnerability_name": "SMB Listens on Port"
},
{
"cves": "",
"cvss_score": "1",
"destination_host": "192.168.15.254",
"destination_port": "445",
"risk_name": "Low",
"risk_value": "1",
"scan_name": "Noam Desktop",
"test_id": "2408",
"vulnerability_name": "Winlogon Passwords Caching"
},
{
"cves": "",
"cvss_score": "1",
"destination_host": "192.168.15.254",
"destination_port": "445",
"risk_name": "Low",
"risk_value": "1",
"scan_name": "Noam Desktop",
"test_id": "2437",
"vulnerability_name": "Remote Host Replies to SYN+FIN"
},
{
"cves": "",
"cvss_score": "1",
"destination_host": "192.168.15.254",
"destination_port": "445",
"risk_name": "Low",
"risk_value": "1",
"scan_name": "Noam Desktop",
"test_id": "8447",
"vulnerability_name": "Password Policy Retrieval"
},
{
"cves": "",
"cvss_score": "1",
"destination_host": "192.168.15.254",
"destination_port": "0",
"risk_name": "Low",
"risk_value": "1",
"scan_name": "Noam Desktop",
"test_id": "9219",
"vulnerability_name": "SMB Log In Succeeded"
},
{
"cves": "",
"cvss_score": "1",
"destination_host": "192.168.15.254",
"destination_port": "445",
"risk_name": "Low",
"risk_value": "1",
"scan_name": "Noam Desktop",
"test_id": "9545",
"vulnerability_name": "Mozilla.org Application Detection"
},
{
"cves": "",
"cvss_score": "4",
"destination_host": "192.168.15.254",
"destination_port": "445",
"risk_name": "Medium",
"risk_value": "4",
"scan_name": "Noam Desktop",
"test_id": "10152",
"vulnerability_name": "Infected Hosts File (Windows)"
},
{
"cves": "",
"cvss_score": "1",
"destination_host": "192.168.15.254",
"destination_port": "0",
"risk_name": "Low",
"risk_value": "1",
"scan_name": "Noam Desktop",
"test_id": "10168",
"vulnerability_name": "SMB Share Hosting Office Files"
},
{
"cves": "CVE-1999-0519, CVE-1999-0520, CVE-2002-1117",
"cvss_score": "7.5",
"destination_host": "192.168.15.254",
"destination_port": "445",
"risk_name": "Medium",
"risk_value": "4",
"scan_name": "Noam Desktop",
"test_id": "10637",
"vulnerability_name": "NULL Session Available (SMB)"
},
{
"cves": "",
"cvss_score": "1",
"destination_host": "192.168.15.254",
"destination_port": "445",
"risk_name": "Low",
"risk_value": "1",
"scan_name": "Noam Desktop",
"test_id": "10708",
"vulnerability_name": "Adobe Flash Player Detection"
},
{
"cves": "",
"cvss_score": "1",
"destination_host": "192.168.15.254",
"destination_port": "445",
"risk_name": "Low",
"risk_value": "1",
"scan_name": "Noam Desktop",
"test_id": "11021",
"vulnerability_name": "VLC Media Player Detection"
},
{
"cves": "",
"cvss_score": "1",
"destination_host": "192.168.15.254",
"destination_port": "445",
"risk_name": "Low",
"risk_value": "1",
"scan_name": "Noam Desktop",
"test_id": "11198",
"vulnerability_name": "Oracle Java Runtime Environment Detection"
},
{
"cves": "",
"cvss_score": "1",
"destination_host": "192.168.15.254",
"destination_port": "445",
"risk_name": "Low",
"risk_value": "1",
"scan_name": "Noam Desktop",
"test_id": "11250",
"vulnerability_name": "BIOS Version (SMB)"
},
{
"cves": "",
"cvss_score": "1",
"destination_host": "192.168.15.254",
"destination_port": "445",
"risk_name": "Low",
"risk_value": "1",
"scan_name": "Noam Desktop",
"test_id": "11280",
"vulnerability_name": "Google Chrome Detection (Windows)"
},
{
"cves": "",
"cvss_score": "1",
"destination_host": "192.168.15.254",
"destination_port": "445",
"risk_name": "Low",
"risk_value": "1",
"scan_name": "Noam Desktop",
"test_id": "11316",
"vulnerability_name": "Wireshark / Ethereal Detection (Windows)"
},
{
"cves": "",
"cvss_score": "1",
"destination_host": "192.168.15.254",
"destination_port": "137",
"risk_name": "Low",
"risk_value": "1",
"scan_name": "Noam Desktop",
"test_id": "12035",
"vulnerability_name": "Windows Host NetBIOS to Information Retrieval"
},
{
"cves": "",
"cvss_score": "1",
"destination_host": "192.168.15.254",
"destination_port": "0",
"risk_name": "Low",
"risk_value": "1",
"scan_name": "Noam Desktop",
"test_id": "12065",
"vulnerability_name": "SMB Registry Startup"
},
{
"cves": "",
"cvss_score": "1",
"destination_host": "192.168.15.254",
"destination_port": "0",
"risk_name": "Low",
"risk_value": "1",
"scan_name": "Noam Desktop",
"test_id": "12067",
"vulnerability_name": "SMB Registry Shutdown"
},
{
"cves": "",
"cvss_score": "1",
"destination_host": "192.168.15.254",
"destination_port": "445",
"risk_name": "Low",
"risk_value": "1",
"scan_name": "Noam Desktop",
"test_id": "12216",
"vulnerability_name": "SMB Service Config Enumeration"
},
{
"cves": "",
"cvss_score": "1",
"destination_host": "192.168.15.254",
"destination_port": "445",
"risk_name": "Low",
"risk_value": "1",
"scan_name": "Noam Desktop",
"test_id": "12511",
"vulnerability_name": "Determine CPU and Memory Amount (Registry)"
},
{
"cves": "",
"cvss_score": "1",
"destination_host": "192.168.15.254",
"destination_port": "445",
"risk_name": "Low",
"risk_value": "1",
"scan_name": "Noam Desktop",
"test_id": "12998",
"vulnerability_name": "Microsoft Update Installed"
},
{
"cves": "",
"cvss_score": "1",
"destination_host": "192.168.15.254",
"destination_port": "445",
"risk_name": "Low",
"risk_value": "1",
"scan_name": "Noam Desktop",
"test_id": "13080",
"vulnerability_name": "Microsoft .NET Framework Detection"
},
{
"cves": "",
"cvss_score": "1",
"destination_host": "192.168.15.254",
"destination_port": "445",
"risk_name": "Low",
"risk_value": "1",
"scan_name": "Noam Desktop",
"test_id": "13627",
"vulnerability_name": "LibreOffice Detection"
},
{
"cves": "",
"cvss_score": "4",
"destination_host": "192.168.15.254",
"destination_port": "445",
"risk_name": "Medium",
"risk_value": "4",
"scan_name": "Noam Desktop",
"test_id": "14300",
"vulnerability_name": "SMB Signing Disabled"
},
{
"cves": "",
"cvss_score": "1",
"destination_host": "192.168.15.254",
"destination_port": "445",
"risk_name": "Low",
"risk_value": "1",
"scan_name": "Noam Desktop",
"test_id": "14484",
"vulnerability_name": "Windows DNS Server Enumeration"
},
{
"cves": "",
"cvss_score": "1",
"destination_host": "192.168.15.254",
"destination_port": "445",
"risk_name": "Low",
"risk_value": "1",
"scan_name": "Noam Desktop",
"test_id": "14988",
"vulnerability_name": "Microsoft Windows SMB Share Permissions Enumeration"
},
{
"cves": "",
"cvss_score": "1",
"destination_host": "192.168.15.254",
"destination_port": "0",
"risk_name": "Low",
"risk_value": "1",
"scan_name": "Noam Desktop",
"test_id": "15073",
"vulnerability_name": "SMB QuickFixEngineering (QFE) Enumeration"
},
{
"cves": "",
"cvss_score": "1",
"destination_host": "192.168.15.254",
"destination_port": "445",
"risk_name": "Low",
"risk_value": "1",
"scan_name": "Noam Desktop",
"test_id": "15916",
"vulnerability_name": "Microsoft Malicious Software Removal Tool Detection"
},
{
"cves": "",
"cvss_score": "1",
"destination_host": "192.168.15.254",
"destination_port": "445",
"risk_name": "Low",
"risk_value": "1",
"scan_name": "Noam Desktop",
"test_id": "16024",
"vulnerability_name": "Oracle Java JRE Enabled (Internet Explorer)"
},
{
"cves": "CVE-2015-6117, CVE-2016-0010, CVE-2016-0011, CVE-2016-0012, CVE-2016-0035",
"cvss_score": "9.3",
"destination_host": "192.168.15.254",
"destination_port": "445",
"risk_name": "High",
"risk_value": "8",
"scan_name": "Noam Desktop",
"test_id": "18651",
"vulnerability_name": "Security Update for Microsoft Office to Address Code Execution (MS16-004)"
},
{
"cves": "",
"cvss_score": "4",
"destination_host": "192.168.15.254",
"destination_port": "137",
"risk_name": "Medium",
"risk_value": "4",
"scan_name": "Noam Desktop",
"test_id": "19669",
"vulnerability_name": "Network Basic Input/Output System 'Name Resolution (Name Query)' DrDoS"
},
{
"cves": "CVE-2020-0663, CVE-2020-0706, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, CVE-2020-0767",
"cvss_score": "7",
"destination_host": "192.168.15.254",
"destination_port": "445",
"risk_name": "High",
"risk_value": "8",
"scan_name": "Noam Desktop",
"test_id": "20144",
"vulnerability_name": "Security Update for Microsoft Edge (Feb 2020)"
},
{
"cves": "CVE-2019-18197, CVE-2020-2754, CVE-2020-2755, CVE-2020-2756, CVE-2020-2757, CVE-2020-2767, CVE-2020-2773, CVE-2020-2778, CVE-2020-2781, CVE-2020-2800, CVE-2020-2803, CVE-2020-2805, CVE-2020-2816, CVE-2020-2830",
"cvss_score": "5.8",
"destination_host": "192.168.15.254",
"destination_port": "445",
"risk_name": "Medium",
"risk_value": "4",
"scan_name": "Noam Desktop",
"test_id": "20198",
"vulnerability_name": "Oracle Java SE Multiple Vulnerabilities (April 2020 CPU)"
}
]