Updated ids
This commit is contained in:
v-sabiraj
Родитель
e258cbf907
Коммит
b33e126388
|
|
@ -1,4 +1,4 @@
|
|||
id: 0b85a077-8ba5-4cb5-90f7-1e882afe10c4
|
||||
id: 6bb50582-caac-4a9b-9afb-3fee766ebbf7
|
||||
name: (Preview) GitHub - A payment method was removed
|
||||
description: |
|
||||
'Detect activities when a payment method was removed. This query runs every day and its severity is Medium.'
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
id: c3237d88-fdc4-4dee-8b90-118ded2c507c
|
||||
id: f0d30d3c-e6ad-480a-90e8-1bd7cc84881b
|
||||
name: GitHub First Time Invite Member and Add Member to Repo
|
||||
description: |
|
||||
'This hunting query identifies a user that add/invite a member to the organization for the first time. This technique can be leveraged by attackers to add stealth account access to the organization.'
|
||||
|
|
|
|||
Двоичные данные
Solutions/GitHub/Package/2.0.0.zip
Двоичные данные
Solutions/GitHub/Package/2.0.0.zip
Двоичный файл не отображается.
|
|
@ -49,7 +49,7 @@
|
|||
"_workbookContentId1": "[variables('workbookContentId1')]",
|
||||
"workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]",
|
||||
"analyticRuleVersion1": "1.0.0",
|
||||
"analyticRulecontentId1": "5ccf0a4b-becb-40d7-b97b-46367475d450",
|
||||
"analyticRulecontentId1": "6bb50582-caac-4a9b-9afb-3fee766ebbf7",
|
||||
"_analyticRulecontentId1": "[variables('analyticRulecontentId1')]",
|
||||
"analyticRuleId1": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', variables('analyticRulecontentId1'))]",
|
||||
"analyticRuleTemplateSpecName1": "[concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId1')))]",
|
||||
|
|
@ -109,7 +109,7 @@
|
|||
"analyticRuleId12": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', variables('analyticRulecontentId12'))]",
|
||||
"analyticRuleTemplateSpecName12": "[concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId12')))]",
|
||||
"huntingQueryVersion1": "1.0.0",
|
||||
"huntingQuerycontentId1": "5ccf0a4b-becb-40d7-b97b-46367475d450",
|
||||
"huntingQuerycontentId1": "f0d30d3c-e6ad-480a-90e8-1bd7cc84881b",
|
||||
"_huntingQuerycontentId1": "[variables('huntingQuerycontentId1')]",
|
||||
"huntingQueryId1": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('_huntingQuerycontentId1'))]",
|
||||
"huntingQueryTemplateSpecName1": "[concat(parameters('workspace'),'-hq-',uniquestring(variables('_huntingQuerycontentId1')))]",
|
||||
|
|
@ -353,8 +353,8 @@
|
|||
{
|
||||
"fieldMappings": [
|
||||
{
|
||||
"columnName": "AccountCustomEntity",
|
||||
"identifier": "FullName"
|
||||
"identifier": "FullName",
|
||||
"columnName": "AccountCustomEntity"
|
||||
}
|
||||
],
|
||||
"entityType": "Account"
|
||||
|
|
@ -453,8 +453,8 @@
|
|||
{
|
||||
"fieldMappings": [
|
||||
{
|
||||
"columnName": "AccountCustomEntity",
|
||||
"identifier": "FullName"
|
||||
"identifier": "FullName",
|
||||
"columnName": "AccountCustomEntity"
|
||||
}
|
||||
],
|
||||
"entityType": "Account"
|
||||
|
|
@ -553,8 +553,8 @@
|
|||
{
|
||||
"fieldMappings": [
|
||||
{
|
||||
"columnName": "AccountCustomEntity",
|
||||
"identifier": "FullName"
|
||||
"identifier": "FullName",
|
||||
"columnName": "AccountCustomEntity"
|
||||
}
|
||||
],
|
||||
"entityType": "Account"
|
||||
|
|
@ -653,8 +653,8 @@
|
|||
{
|
||||
"fieldMappings": [
|
||||
{
|
||||
"columnName": "AccountCustomEntity",
|
||||
"identifier": "FullName"
|
||||
"identifier": "FullName",
|
||||
"columnName": "AccountCustomEntity"
|
||||
}
|
||||
],
|
||||
"entityType": "Account"
|
||||
|
|
@ -753,8 +753,8 @@
|
|||
{
|
||||
"fieldMappings": [
|
||||
{
|
||||
"columnName": "AccountCustomEntity",
|
||||
"identifier": "FullName"
|
||||
"identifier": "FullName",
|
||||
"columnName": "AccountCustomEntity"
|
||||
}
|
||||
],
|
||||
"entityType": "Account"
|
||||
|
|
@ -853,8 +853,8 @@
|
|||
{
|
||||
"fieldMappings": [
|
||||
{
|
||||
"columnName": "AccountCustomEntity",
|
||||
"identifier": "FullName"
|
||||
"identifier": "FullName",
|
||||
"columnName": "AccountCustomEntity"
|
||||
}
|
||||
],
|
||||
"entityType": "Account"
|
||||
|
|
@ -953,8 +953,8 @@
|
|||
{
|
||||
"fieldMappings": [
|
||||
{
|
||||
"columnName": "AccountCustomEntity",
|
||||
"identifier": "FullName"
|
||||
"identifier": "FullName",
|
||||
"columnName": "AccountCustomEntity"
|
||||
}
|
||||
],
|
||||
"entityType": "Account"
|
||||
|
|
@ -1053,8 +1053,8 @@
|
|||
{
|
||||
"fieldMappings": [
|
||||
{
|
||||
"columnName": "AccountCustomEntity",
|
||||
"identifier": "FullName"
|
||||
"identifier": "FullName",
|
||||
"columnName": "AccountCustomEntity"
|
||||
}
|
||||
],
|
||||
"entityType": "Account"
|
||||
|
|
@ -1153,8 +1153,8 @@
|
|||
{
|
||||
"fieldMappings": [
|
||||
{
|
||||
"columnName": "AccountCustomEntity",
|
||||
"identifier": "FullName"
|
||||
"identifier": "FullName",
|
||||
"columnName": "AccountCustomEntity"
|
||||
}
|
||||
],
|
||||
"entityType": "Account"
|
||||
|
|
@ -1253,8 +1253,8 @@
|
|||
{
|
||||
"fieldMappings": [
|
||||
{
|
||||
"columnName": "AccountCustomEntity",
|
||||
"identifier": "FullName"
|
||||
"identifier": "FullName",
|
||||
"columnName": "AccountCustomEntity"
|
||||
}
|
||||
],
|
||||
"entityType": "Account"
|
||||
|
|
@ -1353,8 +1353,8 @@
|
|||
{
|
||||
"fieldMappings": [
|
||||
{
|
||||
"columnName": "AccountCustomEntity",
|
||||
"identifier": "FullName"
|
||||
"identifier": "FullName",
|
||||
"columnName": "AccountCustomEntity"
|
||||
}
|
||||
],
|
||||
"entityType": "Account"
|
||||
|
|
@ -1453,8 +1453,8 @@
|
|||
{
|
||||
"fieldMappings": [
|
||||
{
|
||||
"columnName": "AccountCustomEntity",
|
||||
"identifier": "FullName"
|
||||
"identifier": "FullName",
|
||||
"columnName": "AccountCustomEntity"
|
||||
}
|
||||
],
|
||||
"entityType": "Account"
|
||||
|
|
@ -2795,6 +2795,7 @@
|
|||
"kind": "APIPolling",
|
||||
"properties": {
|
||||
"connectorUiConfig": {
|
||||
"id": "[variables('_uiConfigId1')]",
|
||||
"title": "GitHub Enterprise Audit Log",
|
||||
"publisher": "GitHub",
|
||||
"descriptionMarkdown": "The GitHub audit log connector provides the capability to ingest GitHub logs into Azure Sentinel. By connecting GitHub audit logs into Azure Sentinel, you can view this data in workbooks, use it to create custom alerts, and improve your investigation process. \n\n **Note:** If you are intended to ingest GitHub subscribed events into Microsoft Sentinel , Please refer to GitHub (using Webhooks) Connector from \"**Data Connectors**\" gallery.",
|
||||
|
|
@ -2979,6 +2980,7 @@
|
|||
"kind": "APIPolling",
|
||||
"properties": {
|
||||
"connectorUiConfig": {
|
||||
"id": "[variables('_uiConfigId1')]",
|
||||
"title": "GitHub Enterprise Audit Log",
|
||||
"publisher": "GitHub",
|
||||
"descriptionMarkdown": "The GitHub audit log connector provides the capability to ingest GitHub logs into Azure Sentinel. By connecting GitHub audit logs into Azure Sentinel, you can view this data in workbooks, use it to create custom alerts, and improve your investigation process. \n\n **Note:** If you are intended to ingest GitHub subscribed events into Microsoft Sentinel , Please refer to GitHub (using Webhooks) Connector from \"**Data Connectors**\" gallery.",
|
||||
|
|
@ -3463,7 +3465,7 @@
|
|||
"description": "*Now we are done with the github Webhook configuration. Once the github events triggered and after the delay of 20 to 30 mins (As there will be a dealy for LogAnalytics to spin up the resources for the first time), you should be able to see all the transactional events from the Github into LogAnalytics workspace table called \"githubscanaudit_CL\".*\n\n For more details, Click [here](https://aka.ms/sentinel-gitHubwebhooksteps)"
|
||||
}
|
||||
],
|
||||
"id": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_uiConfigId2'))]"
|
||||
"id": "[variables('_uiConfigId2')]"
|
||||
}
|
||||
}
|
||||
},
|
||||
|
|
@ -3646,4 +3648,4 @@
|
|||
}
|
||||
],
|
||||
"outputs": {}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче