Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Initial

This commit is contained in:
Steven Bronkhorst 2023-02-16 07:17:11 +01:00
Родитель 945a474811
Коммит b3deca893b
4 изменённых файлов: 629 добавлений и 0 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

46
Logos/Logo Black.svg Normal file
Просмотреть файл

@ -0,0 +1,46 @@
<svg width="427" height="305" viewBox="0 0 427 305" fill="none" xmlns="http://www.w3.org/2000/svg">
<g clip-path="url(#clip0_316_38921)">
<path fill-rule="evenodd" clip-rule="evenodd" d="M310.779 93.9737H247.018C246.04 93.9737 245.551 92.7894 246.246 92.1071L297.224 41.1296C297.713 40.6404 297.983 39.9968 297.983 39.3145V32.1699C297.983 31.4876 297.713 30.8311 297.224 30.3548L287.981 21.1119C287.492 20.6227 286.848 20.3524 286.166 20.3524H279.021C278.339 20.3524 277.682 20.6227 277.206 21.1119L226.318 71.9993C225.623 72.6945 224.452 72.2053 224.452 71.2269V7.63376C224.452 6.95148 224.182 6.29495 223.692 5.81865L218.633 0.759514C218.144 0.270335 217.5 0 216.818 0H203.752C203.07 0 202.413 0.270335 201.937 0.759514L196.878 5.81865C196.388 6.30783 196.118 6.95148 196.118 7.63376V103.217C196.118 103.899 196.388 104.555 196.878 105.032L213.381 121.535C213.87 122.024 214.514 122.295 215.196 122.295H310.792C311.474 122.295 312.131 122.024 312.607 121.535L317.666 116.476C318.155 115.987 318.426 115.343 318.426 114.661V101.595C318.426 100.912 318.155 100.256 317.666 99.7795L312.607 94.7204C312.118 94.2312 311.474 93.9609 310.792 93.9609L310.779 93.9737Z" fill="black"/>
<path d="M139.383 159.128L137.38 161.131C136.877 161.633 136.877 162.448 137.38 162.951L155.586 181.156C156.088 181.659 156.903 181.659 157.406 181.156L159.409 179.154C159.911 178.651 159.911 177.836 159.409 177.333L141.203 159.128C140.701 158.625 139.885 158.625 139.383 159.128Z" fill="black"/>
<path fill-rule="evenodd" clip-rule="evenodd" d="M122.998 122.359H128.289C128.868 122.359 129.152 121.664 128.74 121.265L105.838 98.3506C105.439 97.9515 104.783 97.9515 104.384 98.3506L102.839 99.8953L102.015 100.732C101.616 101.131 101.616 101.788 102.015 102.187L121.621 121.793C121.981 122.153 122.471 122.359 122.985 122.359H122.998Z" fill="black"/>
<path d="M145.738 152.783L143.736 154.785C143.233 155.288 143.233 156.103 143.736 156.606L161.941 174.811C162.444 175.314 163.259 175.314 163.762 174.811L165.764 172.808C166.267 172.306 166.267 171.491 165.764 170.988L147.559 152.783C147.056 152.28 146.241 152.28 145.738 152.783Z" fill="black"/>
<path d="M158.457 140.079L156.454 142.082C155.952 142.584 155.952 143.399 156.454 143.902L174.66 162.108C175.162 162.61 175.978 162.61 176.48 162.108L178.483 160.105C178.986 159.602 178.986 158.787 178.483 158.284L160.278 140.079C159.775 139.576 158.96 139.576 158.457 140.079Z" fill="black"/>
<path d="M126.686 171.841L124.684 173.843C124.181 174.346 124.181 175.161 124.684 175.664L142.889 193.869C143.392 194.372 144.207 194.372 144.709 193.869L146.712 191.866C147.215 191.364 147.215 190.549 146.712 190.046L128.507 171.841C128.004 171.338 127.189 171.338 126.686 171.841Z" fill="black"/>
<path d="M133.023 165.495L131.021 167.498C130.518 168.001 130.518 168.816 131.021 169.318L149.226 187.524C149.729 188.027 150.544 188.027 151.047 187.524L153.049 185.521C153.552 185.018 153.552 184.203 153.049 183.701L134.844 165.495C134.341 164.993 133.526 164.993 133.023 165.495Z" fill="black"/>
<path fill-rule="evenodd" clip-rule="evenodd" d="M122.574 180.172V185.231C122.574 185.579 122.715 185.901 122.947 186.145L132.421 195.607C132.666 195.852 132.988 195.98 133.335 195.98H138.382C138.961 195.98 139.244 195.285 138.832 194.886L123.668 179.722C123.269 179.322 122.574 179.606 122.574 180.172V180.172Z" fill="black"/>
<path d="M164.794 133.721L162.792 135.723C162.289 136.226 162.289 137.041 162.792 137.544L180.997 155.749C181.5 156.252 182.315 156.252 182.818 155.749L184.82 153.747C185.323 153.244 185.323 152.429 184.82 151.926L166.615 133.721C166.112 133.218 165.297 133.218 164.794 133.721Z" fill="black"/>
<path d="M152.089 146.424L150.086 148.427C149.583 148.93 149.583 149.745 150.086 150.247L168.291 168.453C168.794 168.955 169.609 168.955 170.112 168.453L172.114 166.45C172.617 165.947 172.617 165.132 172.114 164.63L153.909 146.424C153.406 145.922 152.591 145.922 152.089 146.424Z" fill="black"/>
<path d="M171.163 127.375L169.16 129.378C168.657 129.881 168.657 130.696 169.16 131.199L187.365 149.404C187.868 149.907 188.683 149.907 189.186 149.404L191.189 147.401C191.691 146.899 191.691 146.084 191.189 145.581L172.983 127.375C172.481 126.873 171.665 126.873 171.163 127.375Z" fill="black"/>
<path fill-rule="evenodd" clip-rule="evenodd" d="M151.551 94.0381H146.26C145.681 94.0381 145.398 94.7333 145.81 95.1324L223.331 172.654C223.73 173.053 224.426 172.77 224.426 172.204V166.642C224.426 166.295 224.284 165.973 224.052 165.729L152.915 94.5917C152.555 94.2312 152.066 94.0253 151.551 94.0253V94.0381Z" fill="black"/>
<path fill-rule="evenodd" clip-rule="evenodd" d="M176.975 94.0381H171.684C171.105 94.0381 170.822 94.7332 171.234 95.1323L223.344 147.243C223.743 147.642 224.438 147.359 224.438 146.792V141.231C224.438 140.883 224.297 140.562 224.065 140.317L178.353 94.6045C177.992 94.244 177.503 94.0381 176.988 94.0381H176.975Z" fill="black"/>
<path fill-rule="evenodd" clip-rule="evenodd" d="M190.955 100.616V94.6817C190.955 94.3213 190.672 94.0381 190.312 94.0381H184.377C183.798 94.0381 183.515 94.7332 183.927 95.1323L189.861 101.067C190.26 101.466 190.955 101.183 190.955 100.616Z" fill="black"/>
<path fill-rule="evenodd" clip-rule="evenodd" d="M196.105 152.057V157.348C196.105 157.863 196.311 158.352 196.671 158.713L223.331 185.373C223.731 185.772 224.426 185.489 224.426 184.922V179.632C224.426 179.117 224.22 178.627 223.859 178.267L197.199 151.607C196.8 151.208 196.105 151.491 196.105 152.057V152.057Z" fill="black"/>
<path fill-rule="evenodd" clip-rule="evenodd" d="M223.782 127.444H217.783C217.204 127.444 216.921 128.139 217.333 128.538L223.331 134.537C223.73 134.936 224.426 134.653 224.426 134.086V128.087C224.426 127.727 224.142 127.444 223.782 127.444Z" fill="black"/>
<path fill-rule="evenodd" clip-rule="evenodd" d="M164.27 94.0381H158.979C158.399 94.0381 158.116 94.7332 158.528 95.1323L223.344 159.948C223.743 160.347 224.438 160.064 224.438 159.498V153.937C224.438 153.589 224.297 153.267 224.065 153.023L165.647 94.6045C165.287 94.244 164.797 94.0381 164.282 94.0381H164.27Z" fill="black"/>
<path fill-rule="evenodd" clip-rule="evenodd" d="M148.41 122.359H153.701C154.28 122.359 154.563 121.664 154.151 121.265L127.491 94.6045C127.131 94.244 126.641 94.0381 126.126 94.0381H120.836C120.256 94.0381 119.973 94.7332 120.385 95.1323L147.045 121.793C147.406 122.153 147.895 122.359 148.41 122.359V122.359Z" fill="black"/>
<path fill-rule="evenodd" clip-rule="evenodd" d="M135.704 122.359H140.995C141.574 122.359 141.857 121.664 141.446 121.265L114.785 94.6045C114.425 94.244 113.936 94.0381 113.421 94.0381H108.143C107.563 94.0381 107.28 94.7332 107.692 95.1323L134.352 121.793C134.713 122.153 135.202 122.359 135.717 122.359H135.704Z" fill="black"/>
<path fill-rule="evenodd" clip-rule="evenodd" d="M133.104 95.1323L159.764 121.793C160.124 122.153 160.614 122.359 161.129 122.359H166.419C166.999 122.359 167.282 121.664 166.87 121.265L140.21 94.6045C139.849 94.244 139.36 94.0381 138.845 94.0381H133.554C132.975 94.0381 132.692 94.7332 133.104 95.1323V95.1323Z" fill="black"/>
<path fill-rule="evenodd" clip-rule="evenodd" d="M110.022 122.359H115.583C116.163 122.359 116.446 121.664 116.034 121.265L102.865 108.096C102.466 107.696 101.771 107.98 101.771 108.546V114.107C101.771 114.455 101.912 114.777 102.144 115.021L109.108 121.986C109.353 122.23 109.675 122.359 110.022 122.359V122.359Z" fill="black"/>
<path fill-rule="evenodd" clip-rule="evenodd" d="M196.105 164.763V170.054C196.105 170.569 196.311 171.058 196.671 171.418L223.331 198.079C223.731 198.478 224.426 198.194 224.426 197.628V192.337C224.426 191.822 224.22 191.333 223.859 190.973L197.199 164.312C196.8 163.913 196.105 164.197 196.105 164.763V164.763Z" fill="black"/>
<path fill-rule="evenodd" clip-rule="evenodd" d="M196.105 195.478V190.188C196.105 189.608 196.8 189.325 197.199 189.737L220.101 212.638C220.5 213.037 220.5 213.694 220.101 214.093L218.556 215.638L217.719 216.462C217.32 216.861 216.664 216.861 216.265 216.462L196.659 196.856C196.298 196.495 196.092 196.006 196.092 195.491L196.105 195.478Z" fill="black"/>
<path fill-rule="evenodd" clip-rule="evenodd" d="M196.105 182.759V177.469C196.105 176.889 196.8 176.606 197.199 177.018L223.86 203.678C224.22 204.039 224.426 204.528 224.426 205.043V210.334C224.426 210.913 223.731 211.196 223.332 210.784L196.672 184.124C196.311 183.764 196.105 183.274 196.105 182.759Z" fill="black"/>
<path fill-rule="evenodd" clip-rule="evenodd" d="M196.105 208.442V202.88C196.105 202.301 196.8 202.018 197.199 202.43L210.369 215.599C210.768 215.998 210.485 216.693 209.918 216.693H204.357C204.009 216.693 203.688 216.552 203.443 216.32L196.479 209.356C196.234 209.111 196.105 208.789 196.105 208.442Z" fill="black"/>
</g>
<path d="M73.9276 284.027V274.794H70.7324V266.199H74.1314V259.47H84.2306V266.199H90.7026V274.794H84.2306V281.563C84.2306 283.583 85.8608 284.318 87.6459 284.318C88.8316 284.29 89.998 284.014 91.0694 283.51V292.105C88.8209 293.147 86.3619 293.666 83.8801 293.624C77.237 293.624 73.9032 290.578 73.9032 284.051" fill="black"/>
<path d="M129.421 256.966H140.669V292.824H129.421V256.966Z" fill="black"/>
<path d="M202.82 266.934H213.686V270.537C214.594 269.266 215.789 268.224 217.176 267.491C218.563 266.759 220.103 266.358 221.674 266.32C227.176 266.32 230.64 269.923 230.64 275.755V292.824H219.758V279.213C219.758 276.991 218.421 275.707 216.791 275.707C215.161 275.707 213.686 276.991 213.686 279.213V292.824H202.82V266.975" fill="black"/>
<path d="M27.6379 257.192C27.6379 257.192 27.5319 273.445 27.32 276.07C27.2843 277.854 26.6162 279.568 25.4328 280.912C24.2494 282.256 22.6262 283.144 20.848 283.421L27.483 293.058H39.5385V257.152L27.6379 257.192Z" fill="black"/>
<path d="M19.633 268.671L11.7509 257.184H0.0214844V293.09H11.8242C11.8242 292.678 11.9547 276.587 11.9954 276.28C11.9911 274.268 12.7931 272.336 14.2252 270.909C15.6572 269.483 17.6023 268.677 19.633 268.671V268.671Z" fill="black"/>
<path d="M19.5353 281.054C22.2499 281.054 24.4504 278.874 24.4504 276.183C24.4504 273.493 22.2499 271.312 19.5353 271.312C16.8208 271.312 14.6202 273.493 14.6202 276.183C14.6202 278.874 16.8208 281.054 19.5353 281.054Z" fill="black"/>
<path d="M69.5999 280.271C69.5999 272.12 65.1332 265.488 55.523 265.488C47.3719 265.488 41.5928 271.579 41.5928 279.584V279.681C41.5928 286.491 45.5869 291.435 51.8713 293.034C53.375 293.405 54.9191 293.589 56.4686 293.583C58.4475 293.657 60.421 293.333 62.2701 292.63C64.1192 291.928 65.8057 290.861 67.228 289.496L62.7693 283.034H62.7041C60.9435 284.811 59.2725 285.732 57.2592 285.732C56.2931 285.778 55.3339 285.549 54.4957 285.07C53.6575 284.592 52.9758 283.885 52.5316 283.034C52.3856 282.746 52.2603 282.45 52.1566 282.145H69.551C69.5999 281.547 69.5999 280.861 69.5999 280.271ZM51.9855 277.226C52.336 274.802 53.6727 273.187 55.5556 273.187C57.4385 273.187 59.0769 274.665 59.3214 277.226H51.9855Z" fill="black"/>
<path d="M196.651 269.018C194.279 266.66 190.708 265.537 185.239 265.537C181.344 265.474 177.473 266.14 173.828 267.5L173.909 267.807L178.237 274.099C179.88 273.628 181.581 273.389 183.291 273.388C186.763 273.388 188.296 274.818 188.296 277.274V277.718C186.23 277.064 184.074 276.732 181.905 276.733C176.884 276.733 173.322 278.639 172.083 282.129C171.75 283.079 171.585 284.079 171.594 285.085V285.174C171.588 286.035 171.698 286.894 171.92 287.727C172.923 291.418 176.167 293.43 180.462 293.43C181.926 293.459 183.378 293.176 184.721 292.601C186.064 292.025 187.266 291.17 188.247 290.093V292.791H199.52V277.549C199.52 273.671 198.705 271.07 196.651 269.018ZM188.377 282.904C188.377 285.457 186.894 287.032 184.913 287.032C184.567 287.041 184.223 286.98 183.902 286.851C183.581 286.723 183.29 286.53 183.048 286.285C182.805 286.04 182.616 285.749 182.493 285.428C182.369 285.108 182.313 284.765 182.329 284.423V284.366C182.329 282.702 183.568 281.377 185.801 281.377C186.679 281.378 187.549 281.526 188.377 281.814V282.904Z" fill="black"/>
<path d="M170.901 280.271C170.901 272.12 166.442 265.488 156.824 265.488C148.673 265.488 142.902 271.579 142.902 279.584V279.681C142.902 286.491 146.888 291.435 153.173 293.034C154.676 293.404 156.22 293.589 157.77 293.583C159.751 293.659 161.728 293.336 163.58 292.633C165.432 291.931 167.121 290.863 168.545 289.496L164.095 283.034H164.03C162.261 284.811 160.59 285.732 158.577 285.732C157.613 285.776 156.657 285.544 155.823 285.064C154.989 284.584 154.312 283.877 153.874 283.025C153.721 282.74 153.593 282.443 153.49 282.137H170.885C170.901 281.547 170.901 280.861 170.901 280.271ZM153.311 277.226C153.653 274.802 154.99 273.187 156.873 273.187C158.756 273.187 160.394 274.665 160.647 277.226H153.311Z" fill="black"/>
<path d="M118.433 279.382C117.78 280.653 116.786 281.721 115.561 282.469C114.336 283.217 112.927 283.617 111.488 283.623C109.41 283.623 107.418 282.805 105.949 281.349C104.48 279.894 103.655 277.919 103.655 275.86C103.655 273.801 104.48 271.825 105.949 270.368C107.417 268.911 109.41 268.092 111.488 268.089C112.891 268.093 114.267 268.47 115.472 269.181C116.678 269.891 117.669 270.909 118.343 272.128L127.366 266.902C124.44 261.643 119.28 257.96 111.651 257.96C101.299 257.96 93.2132 265.626 93.2132 275.893V275.99C93.2132 286.644 101.593 293.817 111.211 293.817C119.826 293.817 124.685 289.641 127.611 284.536L118.433 279.382Z" fill="black"/>
<path d="M253.404 258.112H242.917V292.738H253.404V258.112ZM292.068 265.878C288.012 265.878 284.895 267.609 282.867 270.38C280.987 267.56 277.772 265.878 274.161 265.878C270.451 265.878 267.879 267.659 266.197 270.132L265.455 266.521H256.551V292.738H266.543V279.976C266.543 276.118 267.78 274.139 270.5 274.139C273.221 274.139 274.656 275.87 274.656 278.245V292.738H284.648V279.729C284.648 276.118 285.884 274.139 288.655 274.139C291.276 274.139 292.76 275.92 292.76 278.245V292.738H302.753V276.019C302.753 269.835 298.399 265.878 292.068 265.878ZM322.977 265.878C319.218 265.878 316.794 267.362 315.31 269.786L314.222 266.521H305.318V301.741H315.31V289.919C316.844 292.293 319.317 293.431 322.78 293.431C330.397 293.431 335.74 287.495 335.74 279.481C335.74 271.023 330.002 265.878 322.977 265.878ZM320.554 284.923C317.684 284.923 315.31 282.895 315.31 279.531C315.31 276.316 317.487 274.188 320.504 274.188C323.719 274.188 325.599 276.266 325.599 279.432C325.599 282.598 323.67 284.923 320.554 284.923ZM349.492 265.928C345.832 265.928 341.825 266.472 339.352 267.263L340.242 274.188C343.21 273.793 345.139 273.545 347.514 273.545C351.817 273.545 353.895 274.386 353.895 277.305V277.849C352.163 277.058 350.036 276.464 347.217 276.464C340.341 276.464 336.483 279.481 336.483 284.675C336.483 290.265 340.935 293.332 346.772 293.332C350.234 293.332 352.559 292.145 354.043 290.413L355.379 292.738H363.936V276.909C363.936 268.698 358.149 265.928 349.492 265.928ZM349.987 286.852C348.008 286.852 346.524 286.209 346.524 284.428C346.524 282.548 347.613 281.658 349.987 281.658C351.471 281.658 352.856 282.054 353.895 282.697V282.944C353.895 285.863 352.065 286.852 349.987 286.852ZM381.067 265.878C371.866 265.878 365.831 271.468 365.831 279.729C365.831 288.286 372.361 293.431 381.018 293.431C386.805 293.431 390.515 290.562 392.098 289.028L388.091 282.4C385.766 283.983 383.54 284.675 381.562 284.675C378.544 284.675 376.021 282.944 376.021 279.481C376.021 276.167 378.297 274.386 381.413 274.386C383.342 274.386 385.42 274.881 387.349 276.068L391.356 269.489C389.971 268.104 386.706 265.878 381.067 265.878ZM413.339 283.933C411.954 284.379 410.173 284.675 409.036 284.675C407.453 284.675 406.365 283.587 406.365 282.004V274.782H413.092V266.521H406.365V259.25L396.372 259.695V266.521H392.712V274.782H396.372V284.675C396.372 290.71 400.429 293.431 406.315 293.431C408.739 293.431 412.35 292.837 414.576 291.799L413.339 283.933Z" fill="black"/>
<path d="M421.575 293.241C424.249 293.241 426.416 291.093 426.416 288.443C426.416 285.793 424.249 283.645 421.575 283.645C418.901 283.645 416.733 285.793 416.733 288.443C416.733 291.093 418.901 293.241 421.575 293.241Z" fill="black"/>
<defs>
<clipPath id="clip0_316_38921">
<rect width="216.68" height="216.757" fill="white" transform="translate(101.719)"/>
</clipPath>
</defs>
</svg>
Режим "рядом"

После

Ширина:  |  Высота:  |  Размер: 16 KiB

4
Sample Data/NetCleanProActiveSampleData.csv Normal file
Просмотреть файл

@ -0,0 +1,4 @@
"TimeGenerated [UTC]","domain_s","hasCollectedNearbyFiles_s","externalIP_s","nearbyFiles_md5s_s","Hostname_s","Identifier_g","type_s","version_s","foundTime_t [UTC]","detectionMethod_s","agentInformatonIdentifier_g","osVersion_s","machineName_s","microsoftCultureId_s","timeZoneId_s","microsoftGeoId_s","Agentversion_s","Agentidentifier_g","loggedOnUsers_s"
"2/14/2023, 2:39:07.296PM",BUILTIN,False,,,"WIN-NGJQE85N9M6","f744015b-1212-4d79-ab0e-c1196bf15889",demoIncident,1,"2/14/2023, 2:36:35.893PM",ncHash,"1335bb5a-c5a5-4346-80d6-88fd79c753f4","Windows Server 2022 Standard 2009","WIN-NGJQE85N9M6",1033,"Pacific Standard Time",244,"22.1.1.0","1335bb5a-c5a5-4346-80d6-88fd79c753f4","DWM-2'@'Window Manager | UMFD-2'@'Font Driver Host | DWM-2'@'Window Manager | WIN-NGJQE85N9M6$'@'WORKGROUP | Administrator'@'WIN-NGJQE85N9M6 | DWM-1'@'Window Manager | UMFD-1'@'Font Driver Host | DWM-1'@'Window Manager | Administrator'@'WIN-NGJQE85N9M6 | LOCAL SERVICE'@'NT AUTHORITY | UMFD-0'@'Font Driver Host | "
"2/14/2023, 2:39:16.715PM",BUILTIN,False,"98.128.167.185",,"WIN-NGJQE85N9M6","f744015b-1212-4d79-ab0e-c1196bf15889",demoIncident,2,"2/14/2023, 2:36:35.893PM",ncHash,"1335bb5a-c5a5-4346-80d6-88fd79c753f4","Windows Server 2022 Standard 2009","WIN-NGJQE85N9M6",1033,"Pacific Standard Time",244,"22.1.1.0","1335bb5a-c5a5-4346-80d6-88fd79c753f4","DWM-2'@'Window Manager | DWM-2'@'Window Manager | WIN-NGJQE85N9M6$'@'WORKGROUP | DWM-1'@'Window Manager | Administrator'@'WIN-NGJQE85N9M6 | UMFD-0'@'Font Driver Host | UMFD-1'@'Font Driver Host | DWM-1'@'Window Manager | LOCAL SERVICE'@'NT AUTHORITY | UMFD-2'@'Font Driver Host | Administrator'@'WIN-NGJQE85N9M6 | "
"2/14/2023, 2:39:23.946PM",BUILTIN,True,"98.128.167.185","ljJDt4PDAAkyVLbCOQ2NNA==,h8LZs7h0otiarDCNzCyr7g==,k1agrxi2QYWAAS2vAvZMUA==,HMKOgcbNciZFngwoYQ36oA==,qewOOI7M8R03zRRceV+uew==,NIroURZNmuPCvFAETHsT6Q==,iIbapL5DUvpCItEam+o5LA==,ewPZishQCpGlQgSRge9QrA==,","WIN-NGJQE85N9M6","f744015b-1212-4d79-ab0e-c1196bf15889",demoIncident,12,"2/14/2023, 2:36:35.893PM",ncHash,"1335bb5a-c5a5-4346-80d6-88fd79c753f4","Windows Server 2022 Standard 2009","WIN-NGJQE85N9M6",1033,"Pacific Standard Time",244,"22.1.1.0","1335bb5a-c5a5-4346-80d6-88fd79c753f4","DWM-2'@'Window Manager | Administrator'@'WIN-NGJQE85N9M6 | LOCAL SERVICE'@'NT AUTHORITY | Administrator'@'WIN-NGJQE85N9M6 | WIN-NGJQE85N9M6$'@'WORKGROUP | DWM-2'@'Window Manager | UMFD-1'@'Font Driver Host | DWM-1'@'Window Manager | UMFD-0'@'Font Driver Host | DWM-1'@'Window Manager | UMFD-2'@'Font Driver Host | "
1 TimeGenerated [UTC] domain_s hasCollectedNearbyFiles_s externalIP_s nearbyFiles_md5s_s Hostname_s Identifier_g type_s version_s foundTime_t [UTC] detectionMethod_s agentInformatonIdentifier_g osVersion_s machineName_s microsoftCultureId_s timeZoneId_s microsoftGeoId_s Agentversion_s Agentidentifier_g loggedOnUsers_s
2 2/14/2023, 2:39:07.296 PM BUILTIN False WIN-NGJQE85N9M6 f744015b-1212-4d79-ab0e-c1196bf15889 demoIncident 1 2/14/2023, 2:36:35.893 PM ncHash 1335bb5a-c5a5-4346-80d6-88fd79c753f4 Windows Server 2022 Standard 2009 WIN-NGJQE85N9M6 1033 Pacific Standard Time 244 22.1.1.0 1335bb5a-c5a5-4346-80d6-88fd79c753f4 DWM-2'@'Window Manager | UMFD-2'@'Font Driver Host | DWM-2'@'Window Manager | WIN-NGJQE85N9M6$'@'WORKGROUP | Administrator'@'WIN-NGJQE85N9M6 | DWM-1'@'Window Manager | UMFD-1'@'Font Driver Host | DWM-1'@'Window Manager | Administrator'@'WIN-NGJQE85N9M6 | LOCAL SERVICE'@'NT AUTHORITY | UMFD-0'@'Font Driver Host |
3 2/14/2023, 2:39:16.715 PM BUILTIN False 98.128.167.185 WIN-NGJQE85N9M6 f744015b-1212-4d79-ab0e-c1196bf15889 demoIncident 2 2/14/2023, 2:36:35.893 PM ncHash 1335bb5a-c5a5-4346-80d6-88fd79c753f4 Windows Server 2022 Standard 2009 WIN-NGJQE85N9M6 1033 Pacific Standard Time 244 22.1.1.0 1335bb5a-c5a5-4346-80d6-88fd79c753f4 DWM-2'@'Window Manager | DWM-2'@'Window Manager | WIN-NGJQE85N9M6$'@'WORKGROUP | DWM-1'@'Window Manager | Administrator'@'WIN-NGJQE85N9M6 | UMFD-0'@'Font Driver Host | UMFD-1'@'Font Driver Host | DWM-1'@'Window Manager | LOCAL SERVICE'@'NT AUTHORITY | UMFD-2'@'Font Driver Host | Administrator'@'WIN-NGJQE85N9M6 |
4 2/14/2023, 2:39:23.946 PM BUILTIN True 98.128.167.185 ljJDt4PDAAkyVLbCOQ2NNA==,h8LZs7h0otiarDCNzCyr7g==,k1agrxi2QYWAAS2vAvZMUA==,HMKOgcbNciZFngwoYQ36oA==,qewOOI7M8R03zRRceV+uew==,NIroURZNmuPCvFAETHsT6Q==,iIbapL5DUvpCItEam+o5LA==,ewPZishQCpGlQgSRge9QrA==, WIN-NGJQE85N9M6 f744015b-1212-4d79-ab0e-c1196bf15889 demoIncident 12 2/14/2023, 2:36:35.893 PM ncHash 1335bb5a-c5a5-4346-80d6-88fd79c753f4 Windows Server 2022 Standard 2009 WIN-NGJQE85N9M6 1033 Pacific Standard Time 244 22.1.1.0 1335bb5a-c5a5-4346-80d6-88fd79c753f4 DWM-2'@'Window Manager | Administrator'@'WIN-NGJQE85N9M6 | LOCAL SERVICE'@'NT AUTHORITY | Administrator'@'WIN-NGJQE85N9M6 | WIN-NGJQE85N9M6$'@'WORKGROUP | DWM-2'@'Window Manager | UMFD-1'@'Font Driver Host | DWM-1'@'Window Manager | UMFD-0'@'Font Driver Host | DWM-1'@'Window Manager | UMFD-2'@'Font Driver Host |

95
Solutions/NetClean ProActive/Analytic Rules/NetClean_Sentinel_analytic_rule.json Normal file
Просмотреть файл

@ -0,0 +1,95 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"workspace": {
"type": "String"
}
},
"resources": [
{
"id": "[concat(resourceId('Microsoft.OperationalInsights/workspaces/providers', parameters('workspace'), 'Microsoft.SecurityInsights'),'/alertRules/77aaeec4-c852-4d4e-8a93-5a8c35159557')]",
"name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/77aaeec4-c852-4d4e-8a93-5a8c35159557')]",
"type": "Microsoft.OperationalInsights/workspaces/providers/alertRules",
"kind": "Scheduled",
"apiVersion": "2022-09-01-preview",
"properties": {
"displayName": "NetClean Incidents",
"description": "NetClean Incident",
"severity": "High",
"enabled": true,
"query": "Netclean_Incidents_CL | where version_s == 1\n",
"queryFrequency": "PT5M",
"queryPeriod": "PT5M",
"triggerOperator": "GreaterThan",
"triggerThreshold": 0,
"suppressionDuration": "PT5H",
"suppressionEnabled": false,
"tactics": [
"Discovery"
],
"techniques": [
"T1083"
],
"alertRuleTemplateName": null,
"incidentConfiguration": {
"createIncident": true,
"groupingConfiguration": {
"enabled": false,
"reopenClosedIncident": false,
"lookbackDuration": "PT5H",
"matchingMethod": "AllEntities",
"groupByEntities": [],
"groupByAlertDetails": [],
"groupByCustomDetails": []
}
},
"eventGroupingSettings": {
"aggregationKind": "SingleAlert"
},
"alertDetailsOverride": null,
"customDetails": null,
"entityMappings": [
{
"entityType": "FileHash",
"fieldMappings": [
{
"identifier": "Value",
"columnName": "md5_s"
}
]
},
{
"entityType": "DNS",
"fieldMappings": [
{
"identifier": "DomainName",
"columnName": "domain_s"
}
]
},
{
"entityType": "Host",
"fieldMappings": [
{
"identifier": "HostName",
"columnName": "Hostname_s"
}
]
},
{
"entityType": "IP",
"fieldMappings": [
{
"identifier": "Address",
"columnName": "externalIP_s"
}
]
}
],
"sentinelEntitiesMappings": null,
"templateVersion": null
}
}
]
}

484
Solutions/NetClean ProActive/Workbooks/NetCleanProActiveWorkbook.json Normal file
Просмотреть файл

@ -0,0 +1,484 @@
{
"version": "Notebook/1.0",
"items": [
{
"type": 12,
"content": {
"version": "NotebookGroup/1.0",
"groupType": "editable",
"items": [
{
"type": 1,
"content": {
"json": "## NetClean Overview last 30 Days\nShows only original incident, please specify the incident you would like to view to include near by files\n"
},
"name": "text - 2"
},
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "Netclean_Incidents_CL | where version_s == 1 |summarize Count=count() by Type, type_s\n",
"size": 1,
"queryType": 0,
"resourceType": "microsoft.operationalinsights/workspaces",
"visualization": "categoricalbar",
"chartSettings": {
"xAxis": "type_s",
"yAxis": [
"Count"
]
}
},
"name": "query - 2"
},
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "Netclean_Incidents_CL | where version_s == 1 |summarize Count=count() by md5_s",
"size": 4,
"timeContext": {
"durationMs": 2592000000
},
"queryType": 0,
"resourceType": "microsoft.operationalinsights/workspaces",
"visualization": "piechart"
},
"name": "query - 2"
},
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "Netclean_Incidents_CL | where version_s == 1 |summarize Count=count() by Hostname_s",
"size": 4,
"timeContext": {
"durationMs": 2592000000
},
"queryType": 0,
"resourceType": "microsoft.operationalinsights/workspaces",
"visualization": "piechart"
},
"name": "query - 5"
},
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "Netclean_Incidents_CL | where version_s == 1 | distinct Identifier_g, TimeGenerated | sort by TimeGenerated desc | project-rename Incident_Identifier=Identifier_g, TimeGenerated\n ",
"size": 0,
"timeContext": {
"durationMs": 2592000000
},
"queryType": 0,
"resourceType": "microsoft.operationalinsights/workspaces",
"sortBy": []
},
"name": "query - 3"
},
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "Netclean_Incidents_CL | where version_s == 1 | sort by TimeGenerated asc\n| summarize Count=count() by format_datetime (TimeGenerated,'yy-MM-dd '), Identifier_g\n",
"size": 0,
"timeContext": {
"durationMs": 2592000000
},
"queryType": 0,
"resourceType": "microsoft.operationalinsights/workspaces",
"visualization": "barchart",
"tileSettings": {
"showBorder": false,
"titleContent": {
"columnMatch": "Week",
"formatter": 1
},
"leftContent": {
"columnMatch": "count_",
"formatter": 12,
"formatOptions": {
"palette": "auto"
},
"numberFormat": {
"unit": 17,
"options": {
"maximumSignificantDigits": 3,
"maximumFractionDigits": 2
}
}
}
},
"graphSettings": {
"type": 0
},
"chartSettings": {
"xAxis": "TimeGenerated",
"yAxis": [
"Count"
],
"xSettings": {
"numberFormatSettings": {
"unit": 0,
"options": {
"style": "decimal",
"useGrouping": false
},
"missingSparkDataOption": "Zero"
}
},
"ySettings": {
"numberFormatSettings": {
"unit": 0,
"options": {
"style": "decimal",
"useGrouping": true
}
}
}
},
"mapSettings": {
"locInfo": "LatLong",
"sizeSettings": "count_",
"sizeAggregation": "Sum",
"legendMetric": "count_",
"legendAggregation": "Sum",
"itemColorSettings": {
"type": "heatmap",
"colorAggregation": "Sum",
"nodeColorField": "count_",
"heatmapPalette": "greenRed"
}
}
},
"name": "query - 4"
}
]
},
"name": "NetClean Oerview"
},
{
"type": 12,
"content": {
"version": "NotebookGroup/1.0",
"groupType": "editable",
"items": [
{
"type": 1,
"content": {
"json": "## NetClean Incident"
},
"name": "text - 4"
},
{
"type": 9,
"content": {
"version": "KqlParameterItem/1.0",
"parameters": [
{
"id": "1e3b2c62-399e-43e6-a643-8a7484ac5c91",
"version": "KqlParameterItem/1.0",
"name": "incident",
"type": 2,
"query": "Netclean_Incidents_CL |where version_s == 1 | sort by TimeGenerated desc | project Identifier_g ",
"typeSettings": {
"additionalResourceOptions": [],
"showDefault": false
},
"timeContext": {
"durationMs": 2592000000
},
"queryType": 0,
"resourceType": "microsoft.operationalinsights/workspaces",
"value": "54726ac8-a23c-4f60-ba89-4092b4215125"
}
],
"style": "pills",
"queryType": 0,
"resourceType": "microsoft.operationalinsights/workspaces"
},
"name": "parameters - 2"
},
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "Netclean_Incidents_CL | where Identifier_g == \"{incident}\" |summarize Count=count()",
"size": 4,
"title": "Number of log entrys for specified incident",
"timeContext": {
"durationMs": 2592000000
},
"queryType": 0,
"resourceType": "microsoft.operationalinsights/workspaces",
"visualization": "tiles",
"tileSettings": {
"titleContent": {
"columnMatch": "Count",
"formatter": 12,
"formatOptions": {
"min": 1,
"palette": "purpleDark"
},
"tooltipFormat": {
"tooltip": "Number of log entrys for specified incident"
}
},
"showBorder": false
}
},
"customWidth": "20",
"name": "Number of log entrys for specified incident"
},
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "Netclean_Incidents_CL | where Identifier_g == \"{incident}\" | top 1 by TimeGenerated | project hasCollectedNearbyFiles_s",
"size": 4,
"title": "Has Collected Nearby Files",
"timeContext": {
"durationMs": 2592000000
},
"queryType": 0,
"resourceType": "microsoft.operationalinsights/workspaces",
"visualization": "tiles",
"tileSettings": {
"titleContent": {
"columnMatch": "hasCollectedNearbyFiles_s",
"formatter": 1,
"numberFormat": {
"unit": 0,
"options": {
"style": "decimal"
}
}
},
"showBorder": false,
"size": "auto"
}
},
"customWidth": "20",
"name": "hasCollectedNearbyFiles"
},
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "Netclean_Incidents_CL | where Identifier_g == \"{incident}\" | top 1 by TimeGenerated | project domain_s",
"size": 4,
"title": "Domain",
"timeContext": {
"durationMs": 2592000000
},
"queryType": 0,
"resourceType": "microsoft.operationalinsights/workspaces",
"visualization": "tiles",
"tileSettings": {
"titleContent": {
"columnMatch": "domain_s",
"formatter": 1,
"numberFormat": {
"unit": 0,
"options": {
"style": "decimal"
}
}
},
"showBorder": false,
"size": "auto"
}
},
"customWidth": "20",
"name": "domain"
},
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "Netclean_Incidents_CL | where Identifier_g == \"{incident}\" | top 1 by TimeGenerated | project countof(nearbyFiles_md5s_s, \",\")\n\n\n\n\n",
"size": 4,
"title": "Number of nearby files",
"timeContext": {
"durationMs": 2592000000
},
"queryType": 0,
"resourceType": "microsoft.operationalinsights/workspaces",
"visualization": "tiles",
"gridSettings": {
"sortBy": [
{
"itemKey": "Column1",
"sortOrder": 1
}
]
},
"sortBy": [
{
"itemKey": "Column1",
"sortOrder": 1
}
],
"tileSettings": {
"titleContent": {
"columnMatch": "Column1",
"formatter": 12,
"formatOptions": {
"palette": "orange"
},
"numberFormat": {
"unit": 17,
"options": {
"style": "decimal"
},
"emptyValCustomText": "0"
}
},
"showBorder": true,
"size": "auto"
}
},
"customWidth": "20",
"name": "Number of nearby files"
},
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "Netclean_Incidents_CL | where Identifier_g == \"{incident}\" | top 1 by TimeGenerated | project Hostname_s, osVersion_s, hasCollectedNearbyFiles_s, externalIP_s\n\n\n\n",
"size": 4,
"title": "Hostname",
"timeContext": {
"durationMs": 2592000000
},
"queryType": 0,
"resourceType": "microsoft.operationalinsights/workspaces",
"visualization": "table",
"gridSettings": {
"sortBy": [
{
"itemKey": "hasCollectedNearbyFiles_s",
"sortOrder": 1
}
]
},
"sortBy": [
{
"itemKey": "hasCollectedNearbyFiles_s",
"sortOrder": 1
}
],
"tileSettings": {
"titleContent": {
"columnMatch": "Hostname_s",
"formatter": 1,
"numberFormat": {
"unit": 0,
"options": {
"style": "decimal"
}
}
},
"showBorder": false,
"sortCriteriaField": "hasCollectedNearbyFiles_s",
"sortOrderField": 1,
"size": "auto"
},
"textSettings": {
"style": "header"
}
},
"name": "Hostname"
},
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "Netclean_Incidents_CL | where Identifier_g == \"{incident}\" | top 1 by TimeGenerated | mvexpand LoggedOnUsers=split(loggedOnUsers_s, '|') to typeof(string) | project LoggedOnUsers\n ",
"size": 0,
"title": "All Logged On Users",
"timeContext": {
"durationMs": 2592000000
},
"queryType": 0,
"resourceType": "microsoft.operationalinsights/workspaces",
"visualization": "table",
"tileSettings": {
"titleContent": {
"columnMatch": "loggedOnUsers_s",
"formatter": 1
},
"showBorder": true,
"size": "auto"
}
},
"name": "query - 9"
},
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "Netclean_Incidents_CL | where Identifier_g == \"{incident}\" | top 1 by TimeGenerated | mvexpand LoggedOnUser=split(loggedOnUsers_s, '|') to typeof(string) | where LoggedOnUser hassuffix Hostname_s or LoggedOnUser endswith domain_s | where LoggedOnUser !contains \"WORKGROUP\" |distinct LoggedOnUser",
"size": 4,
"title": "Users where domain matches hostname or domainname",
"timeContext": {
"durationMs": 86400000
},
"queryType": 0,
"resourceType": "microsoft.operationalinsights/workspaces"
},
"name": "query - 9"
},
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "Netclean_Incidents_CL | where Identifier_g == \"{incident}\" | top 1 by TimeGenerated\n| project format_datetime (creationTime_t,'yyyy-MM-dd HH:mm:ss'), format_datetime (lastAccessTime_t,'yyyy-MM-dd HH:mm:ss'), format_datetime (lastWriteTime_t,'yyyy-MM-dd HH:mm:ss'), format_datetime (TimeGenerated,'yyyy-MM-dd HH:mm:ss'), format_datetime (foundTime_t,'yyyy-MM-dd HH:mm:ss') ",
"size": 4,
"timeContext": {
"durationMs": 2592000000
},
"queryType": 0,
"resourceType": "microsoft.operationalinsights/workspaces",
"visualization": "table",
"tileSettings": {
"titleContent": {
"columnMatch": "creationTime_t",
"numberFormat": {
"unit": 27,
"options": {
"style": "decimal"
}
}
},
"showBorder": true,
"size": "auto"
},
"graphSettings": {
"type": 0,
"topContent": {},
"nodeIdField": "foundTime_t",
"sourceIdField": "foundTime_t",
"targetIdField": "foundTime_t",
"graphOrientation": 3,
"showOrientationToggles": false,
"nodeSize": null,
"staticNodeSize": 100,
"colorSettings": null,
"hivesMargin": 5
},
"mapSettings": {
"locInfo": "LatLong"
}
},
"name": "query - 3"
}
]
},
"name": "group - 5"
}
],
"fromTemplateId": "sentinel-UserWorkbook",
"$schema": "https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json"
}