Azure
/
Azure-Sentinel
Π·Π΅Ρ€ΠΊΠ°Π»ΠΎ ΠΈΠ·
1
0
Π€ΠΎΡ€ΠΊΠ½ΡƒΡ‚ΡŒ 0
Код Π—Π°Π΄Π°Ρ‡ΠΈ ΠŸΠ°ΠΊΠ΅Ρ‚Ρ‹ ΠŸΡ€ΠΎΠ΅ΠΊΡ‚Ρ‹ Π Π΅Π»ΠΈΠ·Ρ‹ Π’ΠΈΠΊΠΈ ΠΠΊΡ‚ΠΈΠ²Π½ΠΎΡΡ‚ΡŒ

πŸ› Fix DGA alert name override placeholder

This commit is contained in:
pemontto 2024-06-06 12:26:27 +01:00
Π ΠΎΠ΄ΠΈΡ‚Π΅Π»ΡŒ a507a0b8c1
ΠšΠΎΠΌΠΌΠΈΡ‚ 9a37033814
НС Π½Π°ΠΉΠ΄Π΅Π½ ΠΊΠ»ΡŽΡ‡, ΡΠΎΠΎΡ‚Π²Π΅Ρ‚ΡΡ‚Π²ΡƒΡŽΡ‰ΠΈΠΉ Π΄Π°Π½Π½ΠΎΠΉ подписи
Π˜Π΄Π΅Π½Ρ‚ΠΈΡ„ΠΈΠΊΠ°Ρ‚ΠΎΡ€ ΠΊΠ»ΡŽΡ‡Π° GPG: EDCB93C3DA1B5DA9
1 ΠΈΠ·ΠΌΠ΅Π½Ρ‘Π½Π½Ρ‹Ρ… Ρ„Π°ΠΉΠ»ΠΎΠ²: 2 Π΄ΠΎΠ±Π°Π²Π»Π΅Π½ΠΈΠΉ ΠΈ 2 ΡƒΠ΄Π°Π»Π΅Π½ΠΈΠΉ
ΠŸΠΎΠΊΠ°Π·Π°Ρ‚ΡŒ статистику Π‘ΠΊΠ°Ρ‡Π°Ρ‚ΡŒ Patch Ρ„Π°ΠΉΠ» Π‘ΠΊΠ°Ρ‡Π°Ρ‚ΡŒ Diff Ρ„Π°ΠΉΠ» ΠŸΠΎΠΊΠ°Π·Π°Ρ‚ΡŒ всС Ρ„Π°ΠΉΠ»Ρ‹ Π‘Π²Π΅Ρ€Π½ΡƒΡ‚ΡŒ всС Ρ„Π°ΠΉΠ»Ρ‹

4
Detections/ASimWebSession/PossibleDGAContacts.yaml
ΠŸΡ€ΠΎΡΠΌΠΎΡ‚Ρ€Π΅Ρ‚ΡŒ Ρ„Π°ΠΉΠ»

@ -104,12 +104,12 @@ entityMappings:
- identifier: Url
columnName: Url
alertDetailsOverride:
alertDisplayNameFormat: Potential communication from {{SrcIpAddr} with a Domain Generation Algorithm (DGA) based host {{Name}}
alertDisplayNameFormat: Potential communication from {{SrcIpAddr}} with a Domain Generation Algorithm (DGA) based host {{Name}}
alertDescriptionFormat: A client with address {{SrcIpAddr}} communicated with host {{Name}} that have a domain name that might have been generated by a Domain Generation Algorithm (DGA), identified by the pattern {{DGADomain}}. DGAs are used by malware to generate rendezvous points that are difficult to predict in advance. This detection uses the top 1 million domain names to build a model of what normal domains look like and uses the model to identify domains that may have been randomly generated by an algorithm.
customDetails:
DGAPattern: DGADomain
NameCount: NameCount
version: 1.1.4
version: 1.1.5
kind: Scheduled
metadata:
source: