diff --git a/Detections/AWSCloudTrail/AWS_ChangeToRDSDatabase.yaml b/Detections/AWSCloudTrail/AWS_ChangeToRDSDatabase.yaml index 6406faa2d1..7a770254da 100644 --- a/Detections/AWSCloudTrail/AWS_ChangeToRDSDatabase.yaml +++ b/Detections/AWSCloudTrail/AWS_ChangeToRDSDatabase.yaml @@ -35,5 +35,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/AWSCloudTrail/AWS_ChangeToVPC.yaml b/Detections/AWSCloudTrail/AWS_ChangeToVPC.yaml index 5a4d2f20b3..3ce1605eb9 100644 --- a/Detections/AWSCloudTrail/AWS_ChangeToVPC.yaml +++ b/Detections/AWSCloudTrail/AWS_ChangeToVPC.yaml @@ -37,5 +37,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/AWSCloudTrail/AWS_ClearStopChangeTrailLogs.yaml b/Detections/AWSCloudTrail/AWS_ClearStopChangeTrailLogs.yaml index 327d6a3237..12a9c61074 100644 --- a/Detections/AWSCloudTrail/AWS_ClearStopChangeTrailLogs.yaml +++ b/Detections/AWSCloudTrail/AWS_ClearStopChangeTrailLogs.yaml @@ -36,5 +36,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/AWSCloudTrail/AWS_ConsoleLogonWithoutMFA.yaml b/Detections/AWSCloudTrail/AWS_ConsoleLogonWithoutMFA.yaml index d0a7fd73cc..317ea3815c 100644 --- a/Detections/AWSCloudTrail/AWS_ConsoleLogonWithoutMFA.yaml +++ b/Detections/AWSCloudTrail/AWS_ConsoleLogonWithoutMFA.yaml @@ -39,5 +39,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/AWSCloudTrail/AWS_CredentialHijack.yaml b/Detections/AWSCloudTrail/AWS_CredentialHijack.yaml index ec73c8de6e..7f6c0374d7 100644 --- a/Detections/AWSCloudTrail/AWS_CredentialHijack.yaml +++ b/Detections/AWSCloudTrail/AWS_CredentialHijack.yaml @@ -36,5 +36,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/AWSCloudTrail/AWS_FullAdminPolicyAttachedToRolesUsersGroups.yaml b/Detections/AWSCloudTrail/AWS_FullAdminPolicyAttachedToRolesUsersGroups.yaml index 925c57b288..612aab92b4 100644 --- a/Detections/AWSCloudTrail/AWS_FullAdminPolicyAttachedToRolesUsersGroups.yaml +++ b/Detections/AWSCloudTrail/AWS_FullAdminPolicyAttachedToRolesUsersGroups.yaml @@ -69,5 +69,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/AWSCloudTrail/AWS_IngressEgressSecurityGroupChange.yaml b/Detections/AWSCloudTrail/AWS_IngressEgressSecurityGroupChange.yaml index d1c005312d..c06f2c5f85 100644 --- a/Detections/AWSCloudTrail/AWS_IngressEgressSecurityGroupChange.yaml +++ b/Detections/AWSCloudTrail/AWS_IngressEgressSecurityGroupChange.yaml @@ -36,5 +36,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/AWSCloudTrail/AWS_LoadBalancerSecGroupChange.yaml b/Detections/AWSCloudTrail/AWS_LoadBalancerSecGroupChange.yaml index 297913ece0..059c48a854 100644 --- a/Detections/AWSCloudTrail/AWS_LoadBalancerSecGroupChange.yaml +++ b/Detections/AWSCloudTrail/AWS_LoadBalancerSecGroupChange.yaml @@ -37,5 +37,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/AlsidForAD/DCShadow.yaml b/Detections/AlsidForAD/DCShadow.yaml index 0b97bcf4cf..b2902aad32 100644 --- a/Detections/AlsidForAD/DCShadow.yaml +++ b/Detections/AlsidForAD/DCShadow.yaml @@ -18,5 +18,4 @@ relevantTechniques: query: | afad_parser | where MessageType == 2 and Codename == "DCShadow" - version: 1.0.0 \ No newline at end of file diff --git a/Detections/AlsidForAD/DCSync.yaml b/Detections/AlsidForAD/DCSync.yaml index 98f9aa22e6..d7cd7e03bf 100644 --- a/Detections/AlsidForAD/DCSync.yaml +++ b/Detections/AlsidForAD/DCSync.yaml @@ -18,5 +18,4 @@ relevantTechniques: query: | afad_parser | where MessageType == 2 and Codename == "DCSync" - version: 1.0.0 \ No newline at end of file diff --git a/Detections/AlsidForAD/GoldenTicket.yaml b/Detections/AlsidForAD/GoldenTicket.yaml index 3bba70f988..a9d7b99176 100644 --- a/Detections/AlsidForAD/GoldenTicket.yaml +++ b/Detections/AlsidForAD/GoldenTicket.yaml @@ -18,5 +18,4 @@ relevantTechniques: query: | afad_parser | where MessageType == 2 and Codename == "Golden Ticket" - version: 1.0.0 \ No newline at end of file diff --git a/Detections/AlsidForAD/IndicatorsOfAttack.yaml b/Detections/AlsidForAD/IndicatorsOfAttack.yaml index 3877f314ac..af7008d329 100644 --- a/Detections/AlsidForAD/IndicatorsOfAttack.yaml +++ b/Detections/AlsidForAD/IndicatorsOfAttack.yaml @@ -26,5 +26,4 @@ query: | | where MessageType == 2 | lookup kind=leftouter SeverityTable on Severity | order by Level - version: 1.0.0 \ No newline at end of file diff --git a/Detections/AlsidForAD/LSASSMemory.yaml b/Detections/AlsidForAD/LSASSMemory.yaml index 6bfa073a4e..bd8641690c 100644 --- a/Detections/AlsidForAD/LSASSMemory.yaml +++ b/Detections/AlsidForAD/LSASSMemory.yaml @@ -18,5 +18,4 @@ relevantTechniques: query: | afad_parser | where MessageType == 2 and Codename == "OS Credential Dumping: LSASS Memory" - version: 1.0.0 \ No newline at end of file diff --git a/Detections/AlsidForAD/PasswordGuessing.yaml b/Detections/AlsidForAD/PasswordGuessing.yaml index 218e1a445c..fe449679c1 100644 --- a/Detections/AlsidForAD/PasswordGuessing.yaml +++ b/Detections/AlsidForAD/PasswordGuessing.yaml @@ -18,5 +18,4 @@ relevantTechniques: query: | afad_parser | where MessageType == 2 and Codename == "Password Guessing" - version: 1.0.0 \ No newline at end of file diff --git a/Detections/AlsidForAD/PasswordSpraying.yaml b/Detections/AlsidForAD/PasswordSpraying.yaml index 8d2071bb89..7465128d1d 100644 --- a/Detections/AlsidForAD/PasswordSpraying.yaml +++ b/Detections/AlsidForAD/PasswordSpraying.yaml @@ -18,5 +18,4 @@ relevantTechniques: query: | afad_parser | where MessageType == 2 and Codename == "Password Spraying" - version: 1.0.0 \ No newline at end of file diff --git a/Detections/AuditLogs/ADFSDomainTrustMods.yaml b/Detections/AuditLogs/ADFSDomainTrustMods.yaml index e0b1f10019..42dd07e39b 100644 --- a/Detections/AuditLogs/ADFSDomainTrustMods.yaml +++ b/Detections/AuditLogs/ADFSDomainTrustMods.yaml @@ -57,5 +57,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/AuditLogs/FirstAppOrServicePrincipalCredential.yaml b/Detections/AuditLogs/FirstAppOrServicePrincipalCredential.yaml index e9d6401acc..17f897d0db 100644 --- a/Detections/AuditLogs/FirstAppOrServicePrincipalCredential.yaml +++ b/Detections/AuditLogs/FirstAppOrServicePrincipalCredential.yaml @@ -55,5 +55,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/AuditLogs/RareApplicationConsent.yaml b/Detections/AuditLogs/RareApplicationConsent.yaml index 1de8426af6..018179db44 100644 --- a/Detections/AuditLogs/RareApplicationConsent.yaml +++ b/Detections/AuditLogs/RareApplicationConsent.yaml @@ -73,5 +73,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/AuditLogs/SuspiciousOAuthApp_OfflineAccess.yaml b/Detections/AuditLogs/SuspiciousOAuthApp_OfflineAccess.yaml index ba395caf85..7bea0a45c8 100644 --- a/Detections/AuditLogs/SuspiciousOAuthApp_OfflineAccess.yaml +++ b/Detections/AuditLogs/SuspiciousOAuthApp_OfflineAccess.yaml @@ -68,5 +68,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/AuditLogs/UseraddedtoPrivilgedGroups.yaml b/Detections/AuditLogs/UseraddedtoPrivilgedGroups.yaml index 8889cca3ef..c9f818a6b5 100644 --- a/Detections/AuditLogs/UseraddedtoPrivilgedGroups.yaml +++ b/Detections/AuditLogs/UseraddedtoPrivilgedGroups.yaml @@ -52,5 +52,4 @@ entityMappings: fieldMappings: - identifier: FullName columnName: AccountCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/AzureActivity/Creating_Anomalous_Number_Of_Resources_detection.yaml b/Detections/AzureActivity/Creating_Anomalous_Number_Of_Resources_detection.yaml index fba528f519..a969d9393c 100644 --- a/Detections/AzureActivity/Creating_Anomalous_Number_Of_Resources_detection.yaml +++ b/Detections/AzureActivity/Creating_Anomalous_Number_Of_Resources_detection.yaml @@ -60,5 +60,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/AzureActivity/Creation_of_Expensive_Computes_in _Azure.yaml b/Detections/AzureActivity/Creation_of_Expensive_Computes_in _Azure.yaml index 4e4c749df8..e6e55afa0a 100644 --- a/Detections/AzureActivity/Creation_of_Expensive_Computes_in _Azure.yaml +++ b/Detections/AzureActivity/Creation_of_Expensive_Computes_in _Azure.yaml @@ -42,5 +42,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/AzureActivity/Granting_Permissions_To_Account_detection.yaml b/Detections/AzureActivity/Granting_Permissions_To_Account_detection.yaml index 7530a58372..80b246bbc1 100644 --- a/Detections/AzureActivity/Granting_Permissions_To_Account_detection.yaml +++ b/Detections/AzureActivity/Granting_Permissions_To_Account_detection.yaml @@ -45,5 +45,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/AzureActivity/NewResourceGroupsDeployedTo.yaml b/Detections/AzureActivity/NewResourceGroupsDeployedTo.yaml index b9c4ec2854..04376763a7 100644 --- a/Detections/AzureActivity/NewResourceGroupsDeployedTo.yaml +++ b/Detections/AzureActivity/NewResourceGroupsDeployedTo.yaml @@ -46,5 +46,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/AzureActivity/RareOperations.yaml b/Detections/AzureActivity/RareOperations.yaml index 86c85bb7bb..13f6df13ba 100644 --- a/Detections/AzureActivity/RareOperations.yaml +++ b/Detections/AzureActivity/RareOperations.yaml @@ -51,5 +51,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/AzureAppServices/AVScan_Failure.yaml b/Detections/AzureAppServices/AVScan_Failure.yaml index d508330bff..b356204b77 100644 --- a/Detections/AzureAppServices/AVScan_Failure.yaml +++ b/Detections/AzureAppServices/AVScan_Failure.yaml @@ -19,5 +19,4 @@ entityMappings: fieldMappings: - identifier: FullName columnName: HostCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/AzureAppServices/AVScan_Infected_Files_Found.yaml b/Detections/AzureAppServices/AVScan_Infected_Files_Found.yaml index e6b95be2d0..406b3ff582 100644 --- a/Detections/AzureAppServices/AVScan_Infected_Files_Found.yaml +++ b/Detections/AzureAppServices/AVScan_Infected_Files_Found.yaml @@ -19,5 +19,4 @@ entityMappings: fieldMappings: - identifier: FullName columnName: HostCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/AzureDevOpsAuditing/ADOSecretNotSecured.yaml b/Detections/AzureDevOpsAuditing/ADOSecretNotSecured.yaml index 329180e642..6eef12b7fc 100644 --- a/Detections/AzureDevOpsAuditing/ADOSecretNotSecured.yaml +++ b/Detections/AzureDevOpsAuditing/ADOSecretNotSecured.yaml @@ -33,5 +33,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/AzureDevOpsAuditing/AzDOAdminGroupAdditions.yaml b/Detections/AzureDevOpsAuditing/AzDOAdminGroupAdditions.yaml index dadcfcce0d..f0a27eb089 100644 --- a/Detections/AzureDevOpsAuditing/AzDOAdminGroupAdditions.yaml +++ b/Detections/AzureDevOpsAuditing/AzDOAdminGroupAdditions.yaml @@ -38,5 +38,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/AzureDevOpsAuditing/AzDOHistoricPrPolicyBypassing.yaml b/Detections/AzureDevOpsAuditing/AzDOHistoricPrPolicyBypassing.yaml index 9569bee889..bede5e26dd 100644 --- a/Detections/AzureDevOpsAuditing/AzDOHistoricPrPolicyBypassing.yaml +++ b/Detections/AzureDevOpsAuditing/AzDOHistoricPrPolicyBypassing.yaml @@ -39,5 +39,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/AzureDevOpsAuditing/AzDOHistoricServiceConnectionAdds.yaml b/Detections/AzureDevOpsAuditing/AzDOHistoricServiceConnectionAdds.yaml index 004eedb836..d5934f4e27 100644 --- a/Detections/AzureDevOpsAuditing/AzDOHistoricServiceConnectionAdds.yaml +++ b/Detections/AzureDevOpsAuditing/AzDOHistoricServiceConnectionAdds.yaml @@ -58,5 +58,4 @@ entityMappings: fieldMappings: - identifier: FullName columnName: AccountCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/AzureDevOpsAuditing/AzDOPatSessionMisuse.yaml b/Detections/AzureDevOpsAuditing/AzDOPatSessionMisuse.yaml index e564fce1b5..3eed12d596 100644 --- a/Detections/AzureDevOpsAuditing/AzDOPatSessionMisuse.yaml +++ b/Detections/AzureDevOpsAuditing/AzDOPatSessionMisuse.yaml @@ -41,5 +41,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/AzureDevOpsAuditing/AzDOPipelineCreatedDeletedOneDay.yaml b/Detections/AzureDevOpsAuditing/AzDOPipelineCreatedDeletedOneDay.yaml index e17b4fbb13..0f67f029e4 100644 --- a/Detections/AzureDevOpsAuditing/AzDOPipelineCreatedDeletedOneDay.yaml +++ b/Detections/AzureDevOpsAuditing/AzDOPipelineCreatedDeletedOneDay.yaml @@ -56,5 +56,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: DeletingIP - version: 1.0.0 \ No newline at end of file diff --git a/Detections/AzureDevOpsAuditing/NewPAPCAPCASaddedtoADO.yaml b/Detections/AzureDevOpsAuditing/NewPAPCAPCASaddedtoADO.yaml index 73f0ad1568..76610e9ae4 100644 --- a/Detections/AzureDevOpsAuditing/NewPAPCAPCASaddedtoADO.yaml +++ b/Detections/AzureDevOpsAuditing/NewPAPCAPCASaddedtoADO.yaml @@ -39,5 +39,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/AzureDiagnostics/KeyVaultSensitiveOperations.yaml b/Detections/AzureDiagnostics/KeyVaultSensitiveOperations.yaml index 82771e2574..4f5e4b18a2 100644 --- a/Detections/AzureDiagnostics/KeyVaultSensitiveOperations.yaml +++ b/Detections/AzureDiagnostics/KeyVaultSensitiveOperations.yaml @@ -40,5 +40,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/AzureDiagnostics/KeyvaultMassSecretRetrieval.yaml b/Detections/AzureDiagnostics/KeyvaultMassSecretRetrieval.yaml index 329dc3a278..c506f03d99 100644 --- a/Detections/AzureDiagnostics/KeyvaultMassSecretRetrieval.yaml +++ b/Detections/AzureDiagnostics/KeyvaultMassSecretRetrieval.yaml @@ -52,5 +52,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/AzureDiagnostics/MaliciousWAFSessions.yaml b/Detections/AzureDiagnostics/MaliciousWAFSessions.yaml index 3c81a07b6f..971f7e95f0 100644 --- a/Detections/AzureDiagnostics/MaliciousWAFSessions.yaml +++ b/Detections/AzureDiagnostics/MaliciousWAFSessions.yaml @@ -56,5 +56,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/AzureDiagnostics/TimeSeriesKeyvaultAccessAnomaly.yaml b/Detections/AzureDiagnostics/TimeSeriesKeyvaultAccessAnomaly.yaml index 91d1413f4b..a971cad3ec 100644 --- a/Detections/AzureDiagnostics/TimeSeriesKeyvaultAccessAnomaly.yaml +++ b/Detections/AzureDiagnostics/TimeSeriesKeyvaultAccessAnomaly.yaml @@ -73,5 +73,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/AzureFirewall/SeveralDenyActionsRegistered.yaml b/Detections/AzureFirewall/SeveralDenyActionsRegistered.yaml index 6ba19541df..19b6672c27 100644 --- a/Detections/AzureFirewall/SeveralDenyActionsRegistered.yaml +++ b/Detections/AzureFirewall/SeveralDenyActionsRegistered.yaml @@ -43,5 +43,4 @@ entityMappings: fieldMappings: - identifier: Url columnName: URLCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/CommonSecurityLog/CiscoASA-AvgAttackDetectRateIncrease.yaml b/Detections/CommonSecurityLog/CiscoASA-AvgAttackDetectRateIncrease.yaml index 50ed5e1d96..9180f80205 100644 --- a/Detections/CommonSecurityLog/CiscoASA-AvgAttackDetectRateIncrease.yaml +++ b/Detections/CommonSecurityLog/CiscoASA-AvgAttackDetectRateIncrease.yaml @@ -69,5 +69,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/CommonSecurityLog/CiscoASA-ThreatDetectionMessage.yaml b/Detections/CommonSecurityLog/CiscoASA-ThreatDetectionMessage.yaml index f87406ddd7..beb3d3b5f5 100644 --- a/Detections/CommonSecurityLog/CiscoASA-ThreatDetectionMessage.yaml +++ b/Detections/CommonSecurityLog/CiscoASA-ThreatDetectionMessage.yaml @@ -34,5 +34,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/CommonSecurityLog/Fortinet-NetworkBeaconPattern.yaml b/Detections/CommonSecurityLog/Fortinet-NetworkBeaconPattern.yaml index 621712027a..55ee12e17f 100644 --- a/Detections/CommonSecurityLog/Fortinet-NetworkBeaconPattern.yaml +++ b/Detections/CommonSecurityLog/Fortinet-NetworkBeaconPattern.yaml @@ -79,5 +79,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/CommonSecurityLog/MultiVendor-PossibleDGAContacts.yaml b/Detections/CommonSecurityLog/MultiVendor-PossibleDGAContacts.yaml index 6f4146f841..64875cc956 100644 --- a/Detections/CommonSecurityLog/MultiVendor-PossibleDGAContacts.yaml +++ b/Detections/CommonSecurityLog/MultiVendor-PossibleDGAContacts.yaml @@ -121,5 +121,4 @@ entityMappings: fieldMappings: - identifier: DomainName columnName: Name - version: 1.0.0 \ No newline at end of file diff --git a/Detections/CommonSecurityLog/PaloAlto-NetworkBeaconing.yaml b/Detections/CommonSecurityLog/PaloAlto-NetworkBeaconing.yaml index 534b1aad36..8c03c7f201 100644 --- a/Detections/CommonSecurityLog/PaloAlto-NetworkBeaconing.yaml +++ b/Detections/CommonSecurityLog/PaloAlto-NetworkBeaconing.yaml @@ -63,5 +63,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/CommonSecurityLog/PaloAlto-PortScanning.yaml b/Detections/CommonSecurityLog/PaloAlto-PortScanning.yaml index 2dae66877d..36dcdd1bed 100644 --- a/Detections/CommonSecurityLog/PaloAlto-PortScanning.yaml +++ b/Detections/CommonSecurityLog/PaloAlto-PortScanning.yaml @@ -58,5 +58,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/CommonSecurityLog/TimeSeriesAnomaly-MultiVendor_NetworkTraffic.yaml b/Detections/CommonSecurityLog/TimeSeriesAnomaly-MultiVendor_NetworkTraffic.yaml index aeeab4f209..a3e099a442 100644 --- a/Detections/CommonSecurityLog/TimeSeriesAnomaly-MultiVendor_NetworkTraffic.yaml +++ b/Detections/CommonSecurityLog/TimeSeriesAnomaly-MultiVendor_NetworkTraffic.yaml @@ -82,5 +82,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/CommonSecurityLog/Wazuh-Large Number of Web errors from an IP.yaml b/Detections/CommonSecurityLog/Wazuh-Large Number of Web errors from an IP.yaml index c0722b6552..66f7392a88 100644 --- a/Detections/CommonSecurityLog/Wazuh-Large Number of Web errors from an IP.yaml +++ b/Detections/CommonSecurityLog/Wazuh-Large Number of Web errors from an IP.yaml @@ -32,5 +32,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/CommonSecurityLog/Zscaler-LowVolumeDomainRequests.yaml b/Detections/CommonSecurityLog/Zscaler-LowVolumeDomainRequests.yaml index 9bbc8845dd..73d6a27e2d 100644 --- a/Detections/CommonSecurityLog/Zscaler-LowVolumeDomainRequests.yaml +++ b/Detections/CommonSecurityLog/Zscaler-LowVolumeDomainRequests.yaml @@ -50,5 +50,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/DeviceEvents/SolarWinds_TEARDROP_Process-IOCs.yaml b/Detections/DeviceEvents/SolarWinds_TEARDROP_Process-IOCs.yaml index 86fbe20401..0c504bab4e 100644 --- a/Detections/DeviceEvents/SolarWinds_TEARDROP_Process-IOCs.yaml +++ b/Detections/DeviceEvents/SolarWinds_TEARDROP_Process-IOCs.yaml @@ -49,5 +49,4 @@ entityMappings: columnName: FileHashType - identifier: Value columnName: FileHashCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/DeviceFileEvents/SolarWinds_SUNBURST_&_SUPERNOVA_File-IOCs.yaml b/Detections/DeviceFileEvents/SolarWinds_SUNBURST_&_SUPERNOVA_File-IOCs.yaml index 71446eb135..f866030ab0 100644 --- a/Detections/DeviceFileEvents/SolarWinds_SUNBURST_&_SUPERNOVA_File-IOCs.yaml +++ b/Detections/DeviceFileEvents/SolarWinds_SUNBURST_&_SUPERNOVA_File-IOCs.yaml @@ -45,5 +45,4 @@ entityMappings: columnName: MD5 - identifier: Value columnName: FileHashCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/DeviceProcessEvents/SolarWinds_SUNBURST_Process-IOCs.yaml b/Detections/DeviceProcessEvents/SolarWinds_SUNBURST_Process-IOCs.yaml index 8684205761..c3463fc5dd 100644 --- a/Detections/DeviceProcessEvents/SolarWinds_SUNBURST_Process-IOCs.yaml +++ b/Detections/DeviceProcessEvents/SolarWinds_SUNBURST_Process-IOCs.yaml @@ -48,5 +48,4 @@ entityMappings: columnName: MD5 - identifier: Value columnName: FileHashCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/DnsEvents/DNS_HighNXDomainCount_detection.yaml b/Detections/DnsEvents/DNS_HighNXDomainCount_detection.yaml index f9e01bdd02..5bf7b2f83f 100644 --- a/Detections/DnsEvents/DNS_HighNXDomainCount_detection.yaml +++ b/Detections/DnsEvents/DNS_HighNXDomainCount_detection.yaml @@ -49,5 +49,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/DnsEvents/DNS_HighReverseDNSCount_detection.yaml b/Detections/DnsEvents/DNS_HighReverseDNSCount_detection.yaml index ffe4638956..458478a4a6 100644 --- a/Detections/DnsEvents/DNS_HighReverseDNSCount_detection.yaml +++ b/Detections/DnsEvents/DNS_HighReverseDNSCount_detection.yaml @@ -40,5 +40,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/DnsEvents/DNS_Miners.yaml b/Detections/DnsEvents/DNS_Miners.yaml index 6753044a4e..27fb026544 100644 --- a/Detections/DnsEvents/DNS_Miners.yaml +++ b/Detections/DnsEvents/DNS_Miners.yaml @@ -40,5 +40,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/DnsEvents/DNS_TorProxies.yaml b/Detections/DnsEvents/DNS_TorProxies.yaml index f619f9a103..e93f96c646 100644 --- a/Detections/DnsEvents/DNS_TorProxies.yaml +++ b/Detections/DnsEvents/DNS_TorProxies.yaml @@ -33,5 +33,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/EsetSMC/eset-sites-blocked.yaml b/Detections/EsetSMC/eset-sites-blocked.yaml index c7e6951334..9142a0d22a 100644 --- a/Detections/EsetSMC/eset-sites-blocked.yaml +++ b/Detections/EsetSMC/eset-sites-blocked.yaml @@ -36,5 +36,4 @@ entityMappings: fieldMappings: - identifier: Url columnName: URLCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/EsetSMC/eset-threats.yaml b/Detections/EsetSMC/eset-threats.yaml index b219913a7a..01867a7394 100644 --- a/Detections/EsetSMC/eset-threats.yaml +++ b/Detections/EsetSMC/eset-threats.yaml @@ -32,5 +32,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/GitHub/GitHub Activities from Infrequent Country.yaml b/Detections/GitHub/GitHub Activities from Infrequent Country.yaml index dbd77b5cd6..3138d4abf8 100644 --- a/Detections/GitHub/GitHub Activities from Infrequent Country.yaml +++ b/Detections/GitHub/GitHub Activities from Infrequent Country.yaml @@ -35,5 +35,4 @@ entityMappings: fieldMappings: - identifier: FullName columnName: AccountCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/GitHub/Security Vulnerability in Repo.yaml b/Detections/GitHub/Security Vulnerability in Repo.yaml index 12f57843b2..b1efba0b3d 100644 --- a/Detections/GitHub/Security Vulnerability in Repo.yaml +++ b/Detections/GitHub/Security Vulnerability in Repo.yaml @@ -13,5 +13,4 @@ query: | GitHubRepo | where Action == "vulnerabilityAlert" | project TimeGenerated, DismmisedAt, Reason, vulnerableManifestFilename, Description, Link, PublishedAt, Severity, Summary - version: 1.0.0 \ No newline at end of file diff --git a/Detections/GitHub/Threat Intel Matches to GitHub Audit Logs.yaml b/Detections/GitHub/Threat Intel Matches to GitHub Audit Logs.yaml index f44aca2892..b466c667de 100644 --- a/Detections/GitHub/Threat Intel Matches to GitHub Audit Logs.yaml +++ b/Detections/GitHub/Threat Intel Matches to GitHub Audit Logs.yaml @@ -43,5 +43,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/GitHub/Two Factor Authentication Disabled.yaml b/Detections/GitHub/Two Factor Authentication Disabled.yaml index c98439ce4f..33fd9bbc45 100644 --- a/Detections/GitHub/Two Factor Authentication Disabled.yaml +++ b/Detections/GitHub/Two Factor Authentication Disabled.yaml @@ -27,5 +27,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/InfobloxNIOS/ExcessiveNXDOMAINDNSQueries.yaml b/Detections/InfobloxNIOS/ExcessiveNXDOMAINDNSQueries.yaml index b26027a03a..a59c3a31bf 100644 --- a/Detections/InfobloxNIOS/ExcessiveNXDOMAINDNSQueries.yaml +++ b/Detections/InfobloxNIOS/ExcessiveNXDOMAINDNSQueries.yaml @@ -36,5 +36,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/InfobloxNIOS/PotentialDHCPStarvationAttack.yaml b/Detections/InfobloxNIOS/PotentialDHCPStarvationAttack.yaml index 6b1df606d6..3f433b3856 100644 --- a/Detections/InfobloxNIOS/PotentialDHCPStarvationAttack.yaml +++ b/Detections/InfobloxNIOS/PotentialDHCPStarvationAttack.yaml @@ -31,5 +31,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/LAQueryLogs/UserSearchingForVIPUserActivity.yaml b/Detections/LAQueryLogs/UserSearchingForVIPUserActivity.yaml index 080bbb859b..a72ec2a983 100644 --- a/Detections/LAQueryLogs/UserSearchingForVIPUserActivity.yaml +++ b/Detections/LAQueryLogs/UserSearchingForVIPUserActivity.yaml @@ -30,5 +30,4 @@ entityMappings: fieldMappings: - identifier: FullName columnName: AccountCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/MultipleDataSources/AADAWSConsoleCorrelation.yaml b/Detections/MultipleDataSources/AADAWSConsoleCorrelation.yaml index 28927c2f38..b1566ff9ac 100644 --- a/Detections/MultipleDataSources/AADAWSConsoleCorrelation.yaml +++ b/Detections/MultipleDataSources/AADAWSConsoleCorrelation.yaml @@ -64,5 +64,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/MultipleDataSources/AADHostLoginCorrelation.yaml b/Detections/MultipleDataSources/AADHostLoginCorrelation.yaml index 2316a4d8dc..1fdbf89d3a 100644 --- a/Detections/MultipleDataSources/AADHostLoginCorrelation.yaml +++ b/Detections/MultipleDataSources/AADHostLoginCorrelation.yaml @@ -77,5 +77,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/MultipleDataSources/AAD_PAVPN_Correlation.yaml b/Detections/MultipleDataSources/AAD_PAVPN_Correlation.yaml index 3b81bed8c5..1cc2359a2e 100644 --- a/Detections/MultipleDataSources/AAD_PAVPN_Correlation.yaml +++ b/Detections/MultipleDataSources/AAD_PAVPN_Correlation.yaml @@ -75,5 +75,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/MultipleDataSources/ADFS-DKM-MasterKey-Export.yaml b/Detections/MultipleDataSources/ADFS-DKM-MasterKey-Export.yaml index 31b1dd2513..28540fedb3 100644 --- a/Detections/MultipleDataSources/ADFS-DKM-MasterKey-Export.yaml +++ b/Detections/MultipleDataSources/ADFS-DKM-MasterKey-Export.yaml @@ -51,5 +51,4 @@ entityMappings: fieldMappings: - identifier: FullName columnName: HostCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/MultipleDataSources/AWSConsoleAADCorrelation.yaml b/Detections/MultipleDataSources/AWSConsoleAADCorrelation.yaml index 171b264754..5d608a9831 100644 --- a/Detections/MultipleDataSources/AWSConsoleAADCorrelation.yaml +++ b/Detections/MultipleDataSources/AWSConsoleAADCorrelation.yaml @@ -50,5 +50,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/MultipleDataSources/AdditionalFilesUploadedByActor.yaml b/Detections/MultipleDataSources/AdditionalFilesUploadedByActor.yaml index ece3d17825..d30265fa9c 100644 --- a/Detections/MultipleDataSources/AdditionalFilesUploadedByActor.yaml +++ b/Detections/MultipleDataSources/AdditionalFilesUploadedByActor.yaml @@ -89,5 +89,4 @@ entityMappings: columnName: HashAlgorithm - identifier: Value columnName: FileHashCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/MultipleDataSources/AnomalousIPUsageFollowedByTeamsAction.yaml b/Detections/MultipleDataSources/AnomalousIPUsageFollowedByTeamsAction.yaml index 4211730d12..5e7bef06e7 100644 --- a/Detections/MultipleDataSources/AnomalousIPUsageFollowedByTeamsAction.yaml +++ b/Detections/MultipleDataSources/AnomalousIPUsageFollowedByTeamsAction.yaml @@ -125,5 +125,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/MultipleDataSources/AuditPolicyManipulation_using_auditpol.yaml b/Detections/MultipleDataSources/AuditPolicyManipulation_using_auditpol.yaml index a8912e33f5..49c2dfd132 100644 --- a/Detections/MultipleDataSources/AuditPolicyManipulation_using_auditpol.yaml +++ b/Detections/MultipleDataSources/AuditPolicyManipulation_using_auditpol.yaml @@ -89,5 +89,4 @@ entityMappings: fieldMappings: - identifier: FullName columnName: HostCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/MultipleDataSources/BariumDomainIOC112020.yaml b/Detections/MultipleDataSources/BariumDomainIOC112020.yaml index 771a1bd730..7e14f402bf 100644 --- a/Detections/MultipleDataSources/BariumDomainIOC112020.yaml +++ b/Detections/MultipleDataSources/BariumDomainIOC112020.yaml @@ -152,5 +152,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/MultipleDataSources/BariumIPIOC112020.yaml b/Detections/MultipleDataSources/BariumIPIOC112020.yaml index 777cdd4104..fc0bf79f27 100644 --- a/Detections/MultipleDataSources/BariumIPIOC112020.yaml +++ b/Detections/MultipleDataSources/BariumIPIOC112020.yaml @@ -171,5 +171,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/MultipleDataSources/CERIUMOct292020IOCs.yaml b/Detections/MultipleDataSources/CERIUMOct292020IOCs.yaml index 21dc3454e3..3a57fc9a02 100644 --- a/Detections/MultipleDataSources/CERIUMOct292020IOCs.yaml +++ b/Detections/MultipleDataSources/CERIUMOct292020IOCs.yaml @@ -81,5 +81,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/MultipleDataSources/EmailAccessviaActiveSync.yaml b/Detections/MultipleDataSources/EmailAccessviaActiveSync.yaml index a1f001da61..a57cef5e68 100644 --- a/Detections/MultipleDataSources/EmailAccessviaActiveSync.yaml +++ b/Detections/MultipleDataSources/EmailAccessviaActiveSync.yaml @@ -70,5 +70,4 @@ entityMappings: fieldMappings: - identifier: FullName columnName: HostCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/MultipleDataSources/GainCodeExecutionADFSviaWMI.yaml b/Detections/MultipleDataSources/GainCodeExecutionADFSviaWMI.yaml index 1d52b93ccc..c55003de8a 100644 --- a/Detections/MultipleDataSources/GainCodeExecutionADFSviaWMI.yaml +++ b/Detections/MultipleDataSources/GainCodeExecutionADFSviaWMI.yaml @@ -95,5 +95,4 @@ entityMappings: fieldMappings: - identifier: FullName columnName: HostCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/MultipleDataSources/GalliumIOCs.yaml b/Detections/MultipleDataSources/GalliumIOCs.yaml index fe98a94b6b..06ee8b2017 100644 --- a/Detections/MultipleDataSources/GalliumIOCs.yaml +++ b/Detections/MultipleDataSources/GalliumIOCs.yaml @@ -102,5 +102,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/MultipleDataSources/HAFNIUMUmServiceSuspiciousFile.yaml b/Detections/MultipleDataSources/HAFNIUMUmServiceSuspiciousFile.yaml index 6e08d228ea..718f0b5304 100644 --- a/Detections/MultipleDataSources/HAFNIUMUmServiceSuspiciousFile.yaml +++ b/Detections/MultipleDataSources/HAFNIUMUmServiceSuspiciousFile.yaml @@ -53,5 +53,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/MultipleDataSources/HostAADCorrelation.yaml b/Detections/MultipleDataSources/HostAADCorrelation.yaml index b6d8cd479e..bec526e028 100644 --- a/Detections/MultipleDataSources/HostAADCorrelation.yaml +++ b/Detections/MultipleDataSources/HostAADCorrelation.yaml @@ -70,5 +70,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/MultipleDataSources/IridiumIOCs.yaml b/Detections/MultipleDataSources/IridiumIOCs.yaml index f2134a6298..68d8e8f895 100644 --- a/Detections/MultipleDataSources/IridiumIOCs.yaml +++ b/Detections/MultipleDataSources/IridiumIOCs.yaml @@ -143,5 +143,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/MultipleDataSources/KnownPHOSPHORUSDomainsIP-October2020.yaml b/Detections/MultipleDataSources/KnownPHOSPHORUSDomainsIP-October2020.yaml index 9299b1e9a6..1496740cf6 100644 --- a/Detections/MultipleDataSources/KnownPHOSPHORUSDomainsIP-October2020.yaml +++ b/Detections/MultipleDataSources/KnownPHOSPHORUSDomainsIP-October2020.yaml @@ -95,5 +95,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/MultipleDataSources/MFADisable.yaml b/Detections/MultipleDataSources/MFADisable.yaml index 3fa1f41ec9..6cf780348b 100644 --- a/Detections/MultipleDataSources/MFADisable.yaml +++ b/Detections/MultipleDataSources/MFADisable.yaml @@ -47,5 +47,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/MultipleDataSources/MalformedUserAgents.yaml b/Detections/MultipleDataSources/MalformedUserAgents.yaml index 30529be865..598a5a14b2 100644 --- a/Detections/MultipleDataSources/MalformedUserAgents.yaml +++ b/Detections/MultipleDataSources/MalformedUserAgents.yaml @@ -95,5 +95,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/MultipleDataSources/Manganese_VPN-IOCs.yaml b/Detections/MultipleDataSources/Manganese_VPN-IOCs.yaml index 9238eef57d..2e6de522f8 100644 --- a/Detections/MultipleDataSources/Manganese_VPN-IOCs.yaml +++ b/Detections/MultipleDataSources/Manganese_VPN-IOCs.yaml @@ -52,5 +52,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/MultipleDataSources/MultiplePasswordresetsbyUser.yaml b/Detections/MultipleDataSources/MultiplePasswordresetsbyUser.yaml index 51374e8fdf..616a98a5a5 100644 --- a/Detections/MultipleDataSources/MultiplePasswordresetsbyUser.yaml +++ b/Detections/MultipleDataSources/MultiplePasswordresetsbyUser.yaml @@ -88,5 +88,4 @@ entityMappings: fieldMappings: - identifier: FullName columnName: HostCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/MultipleDataSources/NOBELIUM_DomainIOCsMarch2021.yaml b/Detections/MultipleDataSources/NOBELIUM_DomainIOCsMarch2021.yaml index 15d2cbf6f0..4d2576dddb 100644 --- a/Detections/MultipleDataSources/NOBELIUM_DomainIOCsMarch2021.yaml +++ b/Detections/MultipleDataSources/NOBELIUM_DomainIOCsMarch2021.yaml @@ -101,5 +101,4 @@ entityMappings: fieldMappings: - identifier: DomainName columnName: DNSName - version: 1.0.0 \ No newline at end of file diff --git a/Detections/MultipleDataSources/NetworkEndpointCorrelation.yaml b/Detections/MultipleDataSources/NetworkEndpointCorrelation.yaml index 495e5d62c2..83e236bab9 100644 --- a/Detections/MultipleDataSources/NetworkEndpointCorrelation.yaml +++ b/Detections/MultipleDataSources/NetworkEndpointCorrelation.yaml @@ -52,5 +52,4 @@ entityMappings: fieldMappings: - identifier: Url columnName: URLCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/MultipleDataSources/NewUserAgentLast24h.yaml b/Detections/MultipleDataSources/NewUserAgentLast24h.yaml index 91e7ed1c23..7ad138680c 100644 --- a/Detections/MultipleDataSources/NewUserAgentLast24h.yaml +++ b/Detections/MultipleDataSources/NewUserAgentLast24h.yaml @@ -81,5 +81,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/MultipleDataSources/PHOSPHORUSMarch2019IOCs.yaml b/Detections/MultipleDataSources/PHOSPHORUSMarch2019IOCs.yaml index 27b3de5d92..09da76d678 100644 --- a/Detections/MultipleDataSources/PHOSPHORUSMarch2019IOCs.yaml +++ b/Detections/MultipleDataSources/PHOSPHORUSMarch2019IOCs.yaml @@ -107,5 +107,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/MultipleDataSources/PotentialBuildProcessCompromiseMDE.yaml b/Detections/MultipleDataSources/PotentialBuildProcessCompromiseMDE.yaml index ee6db52988..2f1fa59b87 100644 --- a/Detections/MultipleDataSources/PotentialBuildProcessCompromiseMDE.yaml +++ b/Detections/MultipleDataSources/PotentialBuildProcessCompromiseMDE.yaml @@ -53,5 +53,4 @@ entityMappings: fieldMappings: - identifier: FullName columnName: HostCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/MultipleDataSources/STRONTIUMJuly2019IOCs.yaml b/Detections/MultipleDataSources/STRONTIUMJuly2019IOCs.yaml index dd2b8cca7f..9e9cbd174f 100644 --- a/Detections/MultipleDataSources/STRONTIUMJuly2019IOCs.yaml +++ b/Detections/MultipleDataSources/STRONTIUMJuly2019IOCs.yaml @@ -71,5 +71,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/MultipleDataSources/STRONTIUMOct292020IOCs.yaml b/Detections/MultipleDataSources/STRONTIUMOct292020IOCs.yaml index 71ec042224..e18821e10e 100644 --- a/Detections/MultipleDataSources/STRONTIUMOct292020IOCs.yaml +++ b/Detections/MultipleDataSources/STRONTIUMOct292020IOCs.yaml @@ -33,5 +33,4 @@ query: | | where authAttempts > 500 | extend timestamp = firstAttempt | sort by uniqueAccounts - version: 1.0.0 \ No newline at end of file diff --git a/Detections/MultipleDataSources/SUNSPOTHashes.yaml b/Detections/MultipleDataSources/SUNSPOTHashes.yaml index 29d3b3f30f..580071b943 100644 --- a/Detections/MultipleDataSources/SUNSPOTHashes.yaml +++ b/Detections/MultipleDataSources/SUNSPOTHashes.yaml @@ -35,5 +35,4 @@ entityMappings: fieldMappings: - identifier: FullName columnName: HostCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/MultipleDataSources/SUNSPOTLogFile.yaml b/Detections/MultipleDataSources/SUNSPOTLogFile.yaml index c87b86adf9..b3c2d5b5bb 100644 --- a/Detections/MultipleDataSources/SUNSPOTLogFile.yaml +++ b/Detections/MultipleDataSources/SUNSPOTLogFile.yaml @@ -40,5 +40,4 @@ entityMappings: - version: 1.0.0 \ No newline at end of file diff --git a/Detections/MultipleDataSources/SecurityServiceRegistryACLModification.yaml b/Detections/MultipleDataSources/SecurityServiceRegistryACLModification.yaml index 69dfe2629f..350183f113 100644 --- a/Detections/MultipleDataSources/SecurityServiceRegistryACLModification.yaml +++ b/Detections/MultipleDataSources/SecurityServiceRegistryACLModification.yaml @@ -82,5 +82,4 @@ entityMappings: fieldMappings: - identifier: FullName columnName: HostCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/MultipleDataSources/SigninFirewallCorrelation.yaml b/Detections/MultipleDataSources/SigninFirewallCorrelation.yaml index b78fb0fa09..60e522c753 100644 --- a/Detections/MultipleDataSources/SigninFirewallCorrelation.yaml +++ b/Detections/MultipleDataSources/SigninFirewallCorrelation.yaml @@ -54,5 +54,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/MultipleDataSources/Solorigate-Network-Beacon.yaml b/Detections/MultipleDataSources/Solorigate-Network-Beacon.yaml index 7e9494ae91..6792877f3f 100644 --- a/Detections/MultipleDataSources/Solorigate-Network-Beacon.yaml +++ b/Detections/MultipleDataSources/Solorigate-Network-Beacon.yaml @@ -98,5 +98,4 @@ entityMappings: fieldMappings: - identifier: DomainName columnName: DNSName - version: 1.0.0 \ No newline at end of file diff --git a/Detections/MultipleDataSources/ThalliumIOCs.yaml b/Detections/MultipleDataSources/ThalliumIOCs.yaml index e435cb6b4a..fbb99f93e0 100644 --- a/Detections/MultipleDataSources/ThalliumIOCs.yaml +++ b/Detections/MultipleDataSources/ThalliumIOCs.yaml @@ -81,5 +81,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/MultipleDataSources/TimeSeriesAnomaly-MultiVendor_DataExfiltration.yaml b/Detections/MultipleDataSources/TimeSeriesAnomaly-MultiVendor_DataExfiltration.yaml index 4db1c64a9b..1da616a5bb 100644 --- a/Detections/MultipleDataSources/TimeSeriesAnomaly-MultiVendor_DataExfiltration.yaml +++ b/Detections/MultipleDataSources/TimeSeriesAnomaly-MultiVendor_DataExfiltration.yaml @@ -114,5 +114,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/MultipleDataSources/ZincJan272021IOCs.yaml b/Detections/MultipleDataSources/ZincJan272021IOCs.yaml index 1f62226f70..13aa6d7f9c 100644 --- a/Detections/MultipleDataSources/ZincJan272021IOCs.yaml +++ b/Detections/MultipleDataSources/ZincJan272021IOCs.yaml @@ -139,5 +139,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/MultipleDataSources/ZincOct292020IOCs.yaml b/Detections/MultipleDataSources/ZincOct292020IOCs.yaml index 8f1673eeed..d78d798692 100644 --- a/Detections/MultipleDataSources/ZincOct292020IOCs.yaml +++ b/Detections/MultipleDataSources/ZincOct292020IOCs.yaml @@ -55,5 +55,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/OfficeActivity/ExternalUserAddedRemovedInTeams.yaml b/Detections/OfficeActivity/ExternalUserAddedRemovedInTeams.yaml index 32283adbb8..3f91f8210e 100644 --- a/Detections/OfficeActivity/ExternalUserAddedRemovedInTeams.yaml +++ b/Detections/OfficeActivity/ExternalUserAddedRemovedInTeams.yaml @@ -39,5 +39,4 @@ entityMappings: fieldMappings: - identifier: FullName columnName: AccountCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/OfficeActivity/Mail_redirect_via_ExO_transport_rule.yaml b/Detections/OfficeActivity/Mail_redirect_via_ExO_transport_rule.yaml index c0b5b6aead..94f559a9f0 100644 --- a/Detections/OfficeActivity/Mail_redirect_via_ExO_transport_rule.yaml +++ b/Detections/OfficeActivity/Mail_redirect_via_ExO_transport_rule.yaml @@ -57,5 +57,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/OfficeActivity/Malicious_Inbox_Rule.yaml b/Detections/OfficeActivity/Malicious_Inbox_Rule.yaml index c17a2843af..6cdfb9825b 100644 --- a/Detections/OfficeActivity/Malicious_Inbox_Rule.yaml +++ b/Detections/OfficeActivity/Malicious_Inbox_Rule.yaml @@ -50,5 +50,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/OfficeActivity/MultipleTeamsDeletes.yaml b/Detections/OfficeActivity/MultipleTeamsDeletes.yaml index d66a54f574..77ced8d061 100644 --- a/Detections/OfficeActivity/MultipleTeamsDeletes.yaml +++ b/Detections/OfficeActivity/MultipleTeamsDeletes.yaml @@ -33,5 +33,4 @@ entityMappings: fieldMappings: - identifier: FullName columnName: AccountCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/OfficeActivity/Office_MailForwarding.yaml b/Detections/OfficeActivity/Office_MailForwarding.yaml index 1918ce8b87..b68411e7e1 100644 --- a/Detections/OfficeActivity/Office_MailForwarding.yaml +++ b/Detections/OfficeActivity/Office_MailForwarding.yaml @@ -71,5 +71,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/OfficeActivity/RareOfficeOperations.yaml b/Detections/OfficeActivity/RareOfficeOperations.yaml index e776c65ef5..037c26d474 100644 --- a/Detections/OfficeActivity/RareOfficeOperations.yaml +++ b/Detections/OfficeActivity/RareOfficeOperations.yaml @@ -33,5 +33,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/OfficeActivity/SharePoint_Downloads_byNewIP.yaml b/Detections/OfficeActivity/SharePoint_Downloads_byNewIP.yaml index 77fb6d0337..7800048cd6 100644 --- a/Detections/OfficeActivity/SharePoint_Downloads_byNewIP.yaml +++ b/Detections/OfficeActivity/SharePoint_Downloads_byNewIP.yaml @@ -60,5 +60,4 @@ entityMappings: fieldMappings: - identifier: Url columnName: URLCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/OfficeActivity/SharePoint_Downloads_byNewUserAgent.yaml b/Detections/OfficeActivity/SharePoint_Downloads_byNewUserAgent.yaml index f16d24d44a..72d19ce69c 100644 --- a/Detections/OfficeActivity/SharePoint_Downloads_byNewUserAgent.yaml +++ b/Detections/OfficeActivity/SharePoint_Downloads_byNewUserAgent.yaml @@ -65,5 +65,4 @@ entityMappings: fieldMappings: - identifier: Url columnName: URLCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/OfficeActivity/StrontiumCredHarvesting.yaml b/Detections/OfficeActivity/StrontiumCredHarvesting.yaml index a4e837fece..e39f94ed53 100644 --- a/Detections/OfficeActivity/StrontiumCredHarvesting.yaml +++ b/Detections/OfficeActivity/StrontiumCredHarvesting.yaml @@ -30,5 +30,4 @@ query: | | where authAttempts > 2500 | extend timestamp = firstAttempt | sort by uniqueAccounts - version: 1.0.0 \ No newline at end of file diff --git a/Detections/OfficeActivity/exchange_auditlogdisabled.yaml b/Detections/OfficeActivity/exchange_auditlogdisabled.yaml index b7469dcf18..fa7f541e77 100644 --- a/Detections/OfficeActivity/exchange_auditlogdisabled.yaml +++ b/Detections/OfficeActivity/exchange_auditlogdisabled.yaml @@ -35,5 +35,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/OfficeActivity/office_policytampering.yaml b/Detections/OfficeActivity/office_policytampering.yaml index b32389f251..db65b8c3b4 100644 --- a/Detections/OfficeActivity/office_policytampering.yaml +++ b/Detections/OfficeActivity/office_policytampering.yaml @@ -53,5 +53,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/OktaSSO/FailedLoginsFromUnknownOrInvalidUser.yaml b/Detections/OktaSSO/FailedLoginsFromUnknownOrInvalidUser.yaml index f59940fe18..a9368ce179 100644 --- a/Detections/OktaSSO/FailedLoginsFromUnknownOrInvalidUser.yaml +++ b/Detections/OktaSSO/FailedLoginsFromUnknownOrInvalidUser.yaml @@ -39,5 +39,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/OktaSSO/LoginfromUsersfromDifferentCountrieswithin3hours.yaml b/Detections/OktaSSO/LoginfromUsersfromDifferentCountrieswithin3hours.yaml index f1c4507002..38020819b6 100644 --- a/Detections/OktaSSO/LoginfromUsersfromDifferentCountrieswithin3hours.yaml +++ b/Detections/OktaSSO/LoginfromUsersfromDifferentCountrieswithin3hours.yaml @@ -31,5 +31,4 @@ entityMappings: fieldMappings: - identifier: FullName columnName: AccountCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/OktaSSO/PasswordSpray.yaml b/Detections/OktaSSO/PasswordSpray.yaml index 054265f9cb..43a8145f97 100644 --- a/Detections/OktaSSO/PasswordSpray.yaml +++ b/Detections/OktaSSO/PasswordSpray.yaml @@ -35,5 +35,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/ProofpointPOD/ProofpointPODWeakCiphers.yaml b/Detections/ProofpointPOD/ProofpointPODWeakCiphers.yaml index 20a13886c9..9be4ac490a 100644 --- a/Detections/ProofpointPOD/ProofpointPODWeakCiphers.yaml +++ b/Detections/ProofpointPOD/ProofpointPODWeakCiphers.yaml @@ -23,5 +23,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/ProofpointTAP/MalwareAttachmentDelivered.yaml b/Detections/ProofpointTAP/MalwareAttachmentDelivered.yaml index de3586fc24..7897c43166 100644 --- a/Detections/ProofpointTAP/MalwareAttachmentDelivered.yaml +++ b/Detections/ProofpointTAP/MalwareAttachmentDelivered.yaml @@ -34,5 +34,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/ProofpointTAP/MalwareLinkClicked.yaml b/Detections/ProofpointTAP/MalwareLinkClicked.yaml index afc1159b51..55bc5d4fba 100644 --- a/Detections/ProofpointTAP/MalwareLinkClicked.yaml +++ b/Detections/ProofpointTAP/MalwareLinkClicked.yaml @@ -34,5 +34,4 @@ entityMappings: fieldMappings: - identifier: Url columnName: URLCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/PulseConnectSecure/PulseConnectSecureVPN-BruteForce.yaml b/Detections/PulseConnectSecure/PulseConnectSecureVPN-BruteForce.yaml index 480e1ed6c7..d3a6423c8a 100644 --- a/Detections/PulseConnectSecure/PulseConnectSecureVPN-BruteForce.yaml +++ b/Detections/PulseConnectSecure/PulseConnectSecureVPN-BruteForce.yaml @@ -32,5 +32,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/PulseConnectSecure/PulseConnectSecureVPN-DistinctFailedUserLogin.yaml b/Detections/PulseConnectSecure/PulseConnectSecureVPN-DistinctFailedUserLogin.yaml index 81d17d7861..92e398c18e 100644 --- a/Detections/PulseConnectSecure/PulseConnectSecureVPN-DistinctFailedUserLogin.yaml +++ b/Detections/PulseConnectSecure/PulseConnectSecureVPN-DistinctFailedUserLogin.yaml @@ -28,5 +28,4 @@ entityMappings: fieldMappings: - identifier: FullName columnName: HostCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/QualysVM/HighNumberofVulnDetected.yaml b/Detections/QualysVM/HighNumberofVulnDetected.yaml index 466c0b1d52..dbd6df7b2f 100644 --- a/Detections/QualysVM/HighNumberofVulnDetected.yaml +++ b/Detections/QualysVM/HighNumberofVulnDetected.yaml @@ -33,5 +33,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/QualysVM/NewHighSeverityVulnDetectedAcrossMulitpleHosts.yaml b/Detections/QualysVM/NewHighSeverityVulnDetectedAcrossMulitpleHosts.yaml index c532fbf783..753b4443b8 100644 --- a/Detections/QualysVM/NewHighSeverityVulnDetectedAcrossMulitpleHosts.yaml +++ b/Detections/QualysVM/NewHighSeverityVulnDetectedAcrossMulitpleHosts.yaml @@ -25,5 +25,4 @@ query: | | summarize StartTime = min(TimeGenerated), EndTime = max(TimeGenerated), dcount(NetBios_s) by tostring(Detections_s.QID) | where dcount_NetBios_s >= threshold | extend timestamp = StartTime - version: 1.0.0 \ No newline at end of file diff --git a/Detections/SecurityAlert/CorrelateIPC_Unfamiliar-Atypical.yaml b/Detections/SecurityAlert/CorrelateIPC_Unfamiliar-Atypical.yaml index 3937adf723..fd400ce5fb 100644 --- a/Detections/SecurityAlert/CorrelateIPC_Unfamiliar-Atypical.yaml +++ b/Detections/SecurityAlert/CorrelateIPC_Unfamiliar-Atypical.yaml @@ -52,5 +52,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/SecurityAlert/Solorigate-Defender-Detections.yaml b/Detections/SecurityAlert/Solorigate-Defender-Detections.yaml index 3c75ad4622..f105e05653 100644 --- a/Detections/SecurityAlert/Solorigate-Defender-Detections.yaml +++ b/Detections/SecurityAlert/Solorigate-Defender-Detections.yaml @@ -44,5 +44,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/SecurityEvent/ADFSKeyExportSysmon.yaml b/Detections/SecurityEvent/ADFSKeyExportSysmon.yaml index fc7eef122e..060fe7bf20 100644 --- a/Detections/SecurityEvent/ADFSKeyExportSysmon.yaml +++ b/Detections/SecurityEvent/ADFSKeyExportSysmon.yaml @@ -72,5 +72,4 @@ entityMappings: fieldMappings: - identifier: FullName columnName: HostCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/SecurityEvent/ExcessiveLogonFailures.yaml b/Detections/SecurityEvent/ExcessiveLogonFailures.yaml index 75cf817cd6..32aac999fb 100644 --- a/Detections/SecurityEvent/ExcessiveLogonFailures.yaml +++ b/Detections/SecurityEvent/ExcessiveLogonFailures.yaml @@ -72,5 +72,4 @@ entityMappings: fieldMappings: - identifier: FullName columnName: HostCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/SecurityEvent/ExchangeOABVirtualDirectoryAttributeContainingPotentialWebshell.yaml b/Detections/SecurityEvent/ExchangeOABVirtualDirectoryAttributeContainingPotentialWebshell.yaml index 6bbd811006..9a8202652f 100644 --- a/Detections/SecurityEvent/ExchangeOABVirtualDirectoryAttributeContainingPotentialWebshell.yaml +++ b/Detections/SecurityEvent/ExchangeOABVirtualDirectoryAttributeContainingPotentialWebshell.yaml @@ -48,5 +48,4 @@ entityMappings: fieldMappings: - identifier: FullName columnName: HostCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/SecurityEvent/GainCodeExecutionADFSViaSMB.yaml b/Detections/SecurityEvent/GainCodeExecutionADFSViaSMB.yaml index 00771b3137..ea2b0a8212 100644 --- a/Detections/SecurityEvent/GainCodeExecutionADFSViaSMB.yaml +++ b/Detections/SecurityEvent/GainCodeExecutionADFSViaSMB.yaml @@ -65,5 +65,4 @@ entityMappings: fieldMappings: - identifier: FullName columnName: HostCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/SecurityEvent/HAFNIUMNewUMServiceChildProcess.yaml b/Detections/SecurityEvent/HAFNIUMNewUMServiceChildProcess.yaml index 1a2361d568..aaf1c01c78 100644 --- a/Detections/SecurityEvent/HAFNIUMNewUMServiceChildProcess.yaml +++ b/Detections/SecurityEvent/HAFNIUMNewUMServiceChildProcess.yaml @@ -42,5 +42,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/SecurityEvent/HAFNIUMSuspiciousUMServiceError.yaml b/Detections/SecurityEvent/HAFNIUMSuspiciousUMServiceError.yaml index 10c3007098..b34f68e946 100644 --- a/Detections/SecurityEvent/HAFNIUMSuspiciousUMServiceError.yaml +++ b/Detections/SecurityEvent/HAFNIUMSuspiciousUMServiceError.yaml @@ -26,5 +26,4 @@ entityMappings: fieldMappings: - identifier: FullName columnName: HostCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/SecurityEvent/MultipleFailedFollowedBySuccess.yaml b/Detections/SecurityEvent/MultipleFailedFollowedBySuccess.yaml index 27698b9a11..3abb9004d5 100644 --- a/Detections/SecurityEvent/MultipleFailedFollowedBySuccess.yaml +++ b/Detections/SecurityEvent/MultipleFailedFollowedBySuccess.yaml @@ -62,5 +62,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/SecurityEvent/PotentialBuildProcessCompromise.yaml b/Detections/SecurityEvent/PotentialBuildProcessCompromise.yaml index b69d54aec0..690045f133 100644 --- a/Detections/SecurityEvent/PotentialBuildProcessCompromise.yaml +++ b/Detections/SecurityEvent/PotentialBuildProcessCompromise.yaml @@ -56,5 +56,4 @@ entityMappings: fieldMappings: - identifier: FullName columnName: HostCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/SecurityEvent/PotentialKerberoast.yaml b/Detections/SecurityEvent/PotentialKerberoast.yaml index c0e8241f67..b472c8ab69 100644 --- a/Detections/SecurityEvent/PotentialKerberoast.yaml +++ b/Detections/SecurityEvent/PotentialKerberoast.yaml @@ -74,5 +74,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/SecurityEvent/RDP_MultipleConnectionsFromSingleSystem.yaml b/Detections/SecurityEvent/RDP_MultipleConnectionsFromSingleSystem.yaml index 0e81d174bb..c079802a5a 100644 --- a/Detections/SecurityEvent/RDP_MultipleConnectionsFromSingleSystem.yaml +++ b/Detections/SecurityEvent/RDP_MultipleConnectionsFromSingleSystem.yaml @@ -47,5 +47,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/SecurityEvent/RDP_Nesting.yaml b/Detections/SecurityEvent/RDP_Nesting.yaml index 7300ff8f53..92dc066ef9 100644 --- a/Detections/SecurityEvent/RDP_Nesting.yaml +++ b/Detections/SecurityEvent/RDP_Nesting.yaml @@ -69,5 +69,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/SecurityEvent/RDP_RareConnection.yaml b/Detections/SecurityEvent/RDP_RareConnection.yaml index 03fa0ccd4f..31e7cc50c6 100644 --- a/Detections/SecurityEvent/RDP_RareConnection.yaml +++ b/Detections/SecurityEvent/RDP_RareConnection.yaml @@ -48,5 +48,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/SecurityEvent/SecurityEventLogCleared.yaml b/Detections/SecurityEvent/SecurityEventLogCleared.yaml index 3813589d99..c1ecfb9f4f 100644 --- a/Detections/SecurityEvent/SecurityEventLogCleared.yaml +++ b/Detections/SecurityEvent/SecurityEventLogCleared.yaml @@ -31,5 +31,4 @@ entityMappings: fieldMappings: - identifier: FullName columnName: HostCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/SecurityEvent/SolorigateNamedPipe.yaml b/Detections/SecurityEvent/SolorigateNamedPipe.yaml index 254d1ce592..d57d4ff745 100644 --- a/Detections/SecurityEvent/SolorigateNamedPipe.yaml +++ b/Detections/SecurityEvent/SolorigateNamedPipe.yaml @@ -47,5 +47,4 @@ entityMappings: fieldMappings: - identifier: FullName columnName: HostCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/SecurityEvent/TimeSeriesAnomaly-ProcessExecutions.yaml b/Detections/SecurityEvent/TimeSeriesAnomaly-ProcessExecutions.yaml index a50a924067..42d2304914 100644 --- a/Detections/SecurityEvent/TimeSeriesAnomaly-ProcessExecutions.yaml +++ b/Detections/SecurityEvent/TimeSeriesAnomaly-ProcessExecutions.yaml @@ -61,5 +61,4 @@ entityMappings: fieldMappings: - identifier: FullName columnName: HostCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/SecurityEvent/UserAccountAdd-Removed.yaml b/Detections/SecurityEvent/UserAccountAdd-Removed.yaml index 6607479832..c7ee665910 100644 --- a/Detections/SecurityEvent/UserAccountAdd-Removed.yaml +++ b/Detections/SecurityEvent/UserAccountAdd-Removed.yaml @@ -57,5 +57,4 @@ entityMappings: fieldMappings: - identifier: FullName columnName: HostCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/SecurityEvent/UserAccountAddedToPrivlegeGroup_1h.yaml b/Detections/SecurityEvent/UserAccountAddedToPrivlegeGroup_1h.yaml index a96fd1c265..0926d8614e 100644 --- a/Detections/SecurityEvent/UserAccountAddedToPrivlegeGroup_1h.yaml +++ b/Detections/SecurityEvent/UserAccountAddedToPrivlegeGroup_1h.yaml @@ -45,5 +45,4 @@ entityMappings: fieldMappings: - identifier: FullName columnName: HostCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/SecurityEvent/UserAccountCreatedDeleted_10m.yaml b/Detections/SecurityEvent/UserAccountCreatedDeleted_10m.yaml index 7273ec7f96..0c4394d9b8 100644 --- a/Detections/SecurityEvent/UserAccountCreatedDeleted_10m.yaml +++ b/Detections/SecurityEvent/UserAccountCreatedDeleted_10m.yaml @@ -55,5 +55,4 @@ entityMappings: fieldMappings: - identifier: FullName columnName: HostCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/SecurityEvent/UserAccountEnabledDisabled_10m.yaml b/Detections/SecurityEvent/UserAccountEnabledDisabled_10m.yaml index 1b9f45f600..772fd7a6ee 100644 --- a/Detections/SecurityEvent/UserAccountEnabledDisabled_10m.yaml +++ b/Detections/SecurityEvent/UserAccountEnabledDisabled_10m.yaml @@ -56,5 +56,4 @@ entityMappings: fieldMappings: - identifier: FullName columnName: HostCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/SecurityEvent/UserCreatedAddedToBuiltinAdmins_1d.yaml b/Detections/SecurityEvent/UserCreatedAddedToBuiltinAdmins_1d.yaml index ebe952e02a..3b5feeb0b8 100644 --- a/Detections/SecurityEvent/UserCreatedAddedToBuiltinAdmins_1d.yaml +++ b/Detections/SecurityEvent/UserCreatedAddedToBuiltinAdmins_1d.yaml @@ -50,5 +50,4 @@ entityMappings: fieldMappings: - identifier: FullName columnName: HostCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/SecurityEvent/base64_encoded_pefile.yaml b/Detections/SecurityEvent/base64_encoded_pefile.yaml index f394fae5b9..c457ed0dc1 100644 --- a/Detections/SecurityEvent/base64_encoded_pefile.yaml +++ b/Detections/SecurityEvent/base64_encoded_pefile.yaml @@ -39,5 +39,4 @@ entityMappings: fieldMappings: - identifier: FullName columnName: HostCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/SecurityEvent/execute_base64_decodedpayload.yaml b/Detections/SecurityEvent/execute_base64_decodedpayload.yaml index 5d0de64ccd..41c0b227f1 100644 --- a/Detections/SecurityEvent/execute_base64_decodedpayload.yaml +++ b/Detections/SecurityEvent/execute_base64_decodedpayload.yaml @@ -46,5 +46,4 @@ entityMappings: fieldMappings: - identifier: FullName columnName: HostCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/SecurityEvent/gte_6_FailedLogons_10m.yaml b/Detections/SecurityEvent/gte_6_FailedLogons_10m.yaml index bae4230fc6..460ade0f6a 100644 --- a/Detections/SecurityEvent/gte_6_FailedLogons_10m.yaml +++ b/Detections/SecurityEvent/gte_6_FailedLogons_10m.yaml @@ -63,5 +63,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/SecurityEvent/malware_in_recyclebin.yaml b/Detections/SecurityEvent/malware_in_recyclebin.yaml index 1276ba7b23..60beedf481 100644 --- a/Detections/SecurityEvent/malware_in_recyclebin.yaml +++ b/Detections/SecurityEvent/malware_in_recyclebin.yaml @@ -40,5 +40,4 @@ entityMappings: fieldMappings: - identifier: FullName columnName: HostCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/SecurityEvent/password_never_expires.yaml b/Detections/SecurityEvent/password_never_expires.yaml index 05eff4cedd..cab3bfd616 100644 --- a/Detections/SecurityEvent/password_never_expires.yaml +++ b/Detections/SecurityEvent/password_never_expires.yaml @@ -42,5 +42,4 @@ entityMappings: fieldMappings: - identifier: FullName columnName: HostCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/SecurityEvent/password_not_set.yaml b/Detections/SecurityEvent/password_not_set.yaml index d01978f0b3..ef7eebfede 100644 --- a/Detections/SecurityEvent/password_not_set.yaml +++ b/Detections/SecurityEvent/password_not_set.yaml @@ -53,5 +53,4 @@ entityMappings: fieldMappings: - identifier: FullName columnName: HostCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/SecurityEvent/powershell_empire.yaml b/Detections/SecurityEvent/powershell_empire.yaml index 79ae4c301a..0f96794fd6 100644 --- a/Detections/SecurityEvent/powershell_empire.yaml +++ b/Detections/SecurityEvent/powershell_empire.yaml @@ -49,5 +49,4 @@ entityMappings: fieldMappings: - identifier: FullName columnName: HostCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/SigninLogs/AnomalousUserAppSigninLocationIncrease-detection.yaml b/Detections/SigninLogs/AnomalousUserAppSigninLocationIncrease-detection.yaml index 585956aad0..58cfed3c8b 100644 --- a/Detections/SigninLogs/AnomalousUserAppSigninLocationIncrease-detection.yaml +++ b/Detections/SigninLogs/AnomalousUserAppSigninLocationIncrease-detection.yaml @@ -78,5 +78,4 @@ entityMappings: fieldMappings: - identifier: FullName columnName: AccountCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/SigninLogs/AzureAADPowerShellAnomaly.yaml b/Detections/SigninLogs/AzureAADPowerShellAnomaly.yaml index 383485cf48..a4bf9b6dcb 100644 --- a/Detections/SigninLogs/AzureAADPowerShellAnomaly.yaml +++ b/Detections/SigninLogs/AzureAADPowerShellAnomaly.yaml @@ -48,5 +48,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/SigninLogs/Brute Force Attack against GitHub Account.yaml b/Detections/SigninLogs/Brute Force Attack against GitHub Account.yaml index fba69b2d08..8f6a613975 100644 --- a/Detections/SigninLogs/Brute Force Attack against GitHub Account.yaml +++ b/Detections/SigninLogs/Brute Force Attack against GitHub Account.yaml @@ -52,5 +52,4 @@ entityMappings: fieldMappings: - identifier: FullName columnName: AccountCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/SigninLogs/BypassCondAccessRule.yaml b/Detections/SigninLogs/BypassCondAccessRule.yaml index 8bf9ed0c5a..ddb9cfab5e 100644 --- a/Detections/SigninLogs/BypassCondAccessRule.yaml +++ b/Detections/SigninLogs/BypassCondAccessRule.yaml @@ -66,5 +66,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/SigninLogs/DisabledAccountSigninsAcrossManyApplications.yaml b/Detections/SigninLogs/DisabledAccountSigninsAcrossManyApplications.yaml index 3ced4ea576..edf0881926 100644 --- a/Detections/SigninLogs/DisabledAccountSigninsAcrossManyApplications.yaml +++ b/Detections/SigninLogs/DisabledAccountSigninsAcrossManyApplications.yaml @@ -45,5 +45,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/SigninLogs/DistribPassCrackAttempt.yaml b/Detections/SigninLogs/DistribPassCrackAttempt.yaml index 98db7c681e..55dcb9a0fd 100644 --- a/Detections/SigninLogs/DistribPassCrackAttempt.yaml +++ b/Detections/SigninLogs/DistribPassCrackAttempt.yaml @@ -58,5 +58,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/SigninLogs/ExplicitMFADeny.yaml b/Detections/SigninLogs/ExplicitMFADeny.yaml index f394f6aee0..14493ff4a8 100644 --- a/Detections/SigninLogs/ExplicitMFADeny.yaml +++ b/Detections/SigninLogs/ExplicitMFADeny.yaml @@ -42,5 +42,4 @@ entityMappings: fieldMappings: - identifier: Url columnName: URLCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/SigninLogs/FailedLogonToAzurePortal.yaml b/Detections/SigninLogs/FailedLogonToAzurePortal.yaml index e2c5c34793..4d470f43c5 100644 --- a/Detections/SigninLogs/FailedLogonToAzurePortal.yaml +++ b/Detections/SigninLogs/FailedLogonToAzurePortal.yaml @@ -99,5 +99,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/SigninLogs/Sign-in Burst from Multiple Locations.yaml b/Detections/SigninLogs/Sign-in Burst from Multiple Locations.yaml index 2d5b715572..24c077e954 100644 --- a/Detections/SigninLogs/Sign-in Burst from Multiple Locations.yaml +++ b/Detections/SigninLogs/Sign-in Burst from Multiple Locations.yaml @@ -35,5 +35,4 @@ entityMappings: fieldMappings: - identifier: FullName columnName: AccountCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/SigninLogs/SigninAttemptsByIPviaDisabledAccounts.yaml b/Detections/SigninLogs/SigninAttemptsByIPviaDisabledAccounts.yaml index b65f82b367..11ae849292 100644 --- a/Detections/SigninLogs/SigninAttemptsByIPviaDisabledAccounts.yaml +++ b/Detections/SigninLogs/SigninAttemptsByIPviaDisabledAccounts.yaml @@ -55,5 +55,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/SigninLogs/SigninBruteForce-AzurePortal.yaml b/Detections/SigninLogs/SigninBruteForce-AzurePortal.yaml index 26d594a702..9ca9f5a7f1 100644 --- a/Detections/SigninLogs/SigninBruteForce-AzurePortal.yaml +++ b/Detections/SigninLogs/SigninBruteForce-AzurePortal.yaml @@ -56,5 +56,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/SigninLogs/SigninPasswordSpray.yaml b/Detections/SigninLogs/SigninPasswordSpray.yaml index c9928a5f11..8d673640d1 100644 --- a/Detections/SigninLogs/SigninPasswordSpray.yaml +++ b/Detections/SigninLogs/SigninPasswordSpray.yaml @@ -85,5 +85,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/SigninLogs/SuccessThenFail_DiffIP_SameUserandApp.yaml b/Detections/SigninLogs/SuccessThenFail_DiffIP_SameUserandApp.yaml index 8c9fdd04fb..88d3e998d6 100644 --- a/Detections/SigninLogs/SuccessThenFail_DiffIP_SameUserandApp.yaml +++ b/Detections/SigninLogs/SuccessThenFail_DiffIP_SameUserandApp.yaml @@ -52,5 +52,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/SophosXGFirewall/ExcessiveAmountofDeniedConnectionsfromASingleSource.yaml b/Detections/SophosXGFirewall/ExcessiveAmountofDeniedConnectionsfromASingleSource.yaml index 4135492c8e..79e0d75f3b 100644 --- a/Detections/SophosXGFirewall/ExcessiveAmountofDeniedConnectionsfromASingleSource.yaml +++ b/Detections/SophosXGFirewall/ExcessiveAmountofDeniedConnectionsfromASingleSource.yaml @@ -28,5 +28,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/SophosXGFirewall/PortScanDetected.yaml b/Detections/SophosXGFirewall/PortScanDetected.yaml index d7759345f5..5fae9bb735 100644 --- a/Detections/SophosXGFirewall/PortScanDetected.yaml +++ b/Detections/SophosXGFirewall/PortScanDetected.yaml @@ -29,5 +29,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/SymantecProxySG/ExcessiveDeniedProxyTraffic.yaml b/Detections/SymantecProxySG/ExcessiveDeniedProxyTraffic.yaml index 038a636feb..c5267a14a7 100644 --- a/Detections/SymantecProxySG/ExcessiveDeniedProxyTraffic.yaml +++ b/Detections/SymantecProxySG/ExcessiveDeniedProxyTraffic.yaml @@ -32,5 +32,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/SymantecProxySG/UserAccessedSuspiciousURLCategories.yaml b/Detections/SymantecProxySG/UserAccessedSuspiciousURLCategories.yaml index 177f9ada89..55de2f8579 100644 --- a/Detections/SymantecProxySG/UserAccessedSuspiciousURLCategories.yaml +++ b/Detections/SymantecProxySG/UserAccessedSuspiciousURLCategories.yaml @@ -35,5 +35,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/SymantecVIP/ClientDeniedAccess.yaml b/Detections/SymantecVIP/ClientDeniedAccess.yaml index b7817e6141..a5892a9198 100644 --- a/Detections/SymantecVIP/ClientDeniedAccess.yaml +++ b/Detections/SymantecVIP/ClientDeniedAccess.yaml @@ -39,5 +39,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/SymantecVIP/ExcessiveFailedAuthenticationsfromInvalidInputs.yaml b/Detections/SymantecVIP/ExcessiveFailedAuthenticationsfromInvalidInputs.yaml index 4be016151f..99c0ee099b 100644 --- a/Detections/SymantecVIP/ExcessiveFailedAuthenticationsfromInvalidInputs.yaml +++ b/Detections/SymantecVIP/ExcessiveFailedAuthenticationsfromInvalidInputs.yaml @@ -33,5 +33,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/Syslog/FailedLogonAttempts_UnknownUser.yaml b/Detections/Syslog/FailedLogonAttempts_UnknownUser.yaml index c015589606..5b2ccc9a3d 100644 --- a/Detections/Syslog/FailedLogonAttempts_UnknownUser.yaml +++ b/Detections/Syslog/FailedLogonAttempts_UnknownUser.yaml @@ -68,5 +68,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/Syslog/squid_cryptomining_pools.yaml b/Detections/Syslog/squid_cryptomining_pools.yaml index b0dbbba0c8..9ab3c12123 100644 --- a/Detections/Syslog/squid_cryptomining_pools.yaml +++ b/Detections/Syslog/squid_cryptomining_pools.yaml @@ -57,5 +57,4 @@ entityMappings: fieldMappings: - identifier: Url columnName: URLCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/Syslog/squid_tor_proxies.yaml b/Detections/Syslog/squid_tor_proxies.yaml index 67630528f5..ca4dd0371c 100644 --- a/Detections/Syslog/squid_tor_proxies.yaml +++ b/Detections/Syslog/squid_tor_proxies.yaml @@ -52,5 +52,4 @@ entityMappings: fieldMappings: - identifier: Url columnName: URLCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/Syslog/ssh_NewlyInternetExposed.yaml b/Detections/Syslog/ssh_NewlyInternetExposed.yaml index 50cbaa55ab..391496aa56 100644 --- a/Detections/Syslog/ssh_NewlyInternetExposed.yaml +++ b/Detections/Syslog/ssh_NewlyInternetExposed.yaml @@ -63,5 +63,4 @@ entityMappings: fieldMappings: - identifier: FullName columnName: HostCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/Syslog/ssh_potentialBruteForce.yaml b/Detections/Syslog/ssh_potentialBruteForce.yaml index 397e3e58f0..0cffc32031 100644 --- a/Detections/Syslog/ssh_potentialBruteForce.yaml +++ b/Detections/Syslog/ssh_potentialBruteForce.yaml @@ -39,5 +39,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/ThreatIntelligenceIndicator/DomainEntity_CommonSecurityLog.yaml b/Detections/ThreatIntelligenceIndicator/DomainEntity_CommonSecurityLog.yaml index 1b5ca0d2d1..c0fe3555e9 100644 --- a/Detections/ThreatIntelligenceIndicator/DomainEntity_CommonSecurityLog.yaml +++ b/Detections/ThreatIntelligenceIndicator/DomainEntity_CommonSecurityLog.yaml @@ -71,5 +71,4 @@ entityMappings: fieldMappings: - identifier: Url columnName: URLCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/ThreatIntelligenceIndicator/DomainEntity_DnsEvents.yaml b/Detections/ThreatIntelligenceIndicator/DomainEntity_DnsEvents.yaml index 50fa356dd0..c206f52b2a 100644 --- a/Detections/ThreatIntelligenceIndicator/DomainEntity_DnsEvents.yaml +++ b/Detections/ThreatIntelligenceIndicator/DomainEntity_DnsEvents.yaml @@ -65,5 +65,4 @@ entityMappings: fieldMappings: - identifier: Url columnName: URLCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/ThreatIntelligenceIndicator/DomainEntity_PaloAlto.yaml b/Detections/ThreatIntelligenceIndicator/DomainEntity_PaloAlto.yaml index 91426501ac..56dc64b988 100644 --- a/Detections/ThreatIntelligenceIndicator/DomainEntity_PaloAlto.yaml +++ b/Detections/ThreatIntelligenceIndicator/DomainEntity_PaloAlto.yaml @@ -76,5 +76,4 @@ entityMappings: fieldMappings: - identifier: Url columnName: URLCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/ThreatIntelligenceIndicator/DomainEntity_SecurityAlert.yaml b/Detections/ThreatIntelligenceIndicator/DomainEntity_SecurityAlert.yaml index b35dc9d41d..d021a3ba6e 100644 --- a/Detections/ThreatIntelligenceIndicator/DomainEntity_SecurityAlert.yaml +++ b/Detections/ThreatIntelligenceIndicator/DomainEntity_SecurityAlert.yaml @@ -76,5 +76,4 @@ entityMappings: fieldMappings: - identifier: Url columnName: URLCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/ThreatIntelligenceIndicator/DomainEntity_Syslog.yaml b/Detections/ThreatIntelligenceIndicator/DomainEntity_Syslog.yaml index 8323772af3..c30af6af14 100644 --- a/Detections/ThreatIntelligenceIndicator/DomainEntity_Syslog.yaml +++ b/Detections/ThreatIntelligenceIndicator/DomainEntity_Syslog.yaml @@ -66,5 +66,4 @@ entityMappings: fieldMappings: - identifier: Url columnName: URLCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/ThreatIntelligenceIndicator/EmailEntity_AzureActivity.yaml b/Detections/ThreatIntelligenceIndicator/EmailEntity_AzureActivity.yaml index d902da7a57..1bce0fce22 100644 --- a/Detections/ThreatIntelligenceIndicator/EmailEntity_AzureActivity.yaml +++ b/Detections/ThreatIntelligenceIndicator/EmailEntity_AzureActivity.yaml @@ -55,5 +55,4 @@ entityMappings: fieldMappings: - identifier: Url columnName: URLCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/ThreatIntelligenceIndicator/EmailEntity_OfficeActivity.yaml b/Detections/ThreatIntelligenceIndicator/EmailEntity_OfficeActivity.yaml index 27c13a51f8..e853601028 100644 --- a/Detections/ThreatIntelligenceIndicator/EmailEntity_OfficeActivity.yaml +++ b/Detections/ThreatIntelligenceIndicator/EmailEntity_OfficeActivity.yaml @@ -53,5 +53,4 @@ entityMappings: fieldMappings: - identifier: Url columnName: URLCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/ThreatIntelligenceIndicator/EmailEntity_PaloAlto.yaml b/Detections/ThreatIntelligenceIndicator/EmailEntity_PaloAlto.yaml index 009cebb7a3..2364df2451 100644 --- a/Detections/ThreatIntelligenceIndicator/EmailEntity_PaloAlto.yaml +++ b/Detections/ThreatIntelligenceIndicator/EmailEntity_PaloAlto.yaml @@ -57,5 +57,4 @@ entityMappings: fieldMappings: - identifier: Url columnName: URLCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/ThreatIntelligenceIndicator/EmailEntity_SecurityAlert.yaml b/Detections/ThreatIntelligenceIndicator/EmailEntity_SecurityAlert.yaml index 1a45336246..6c4dc74c61 100644 --- a/Detections/ThreatIntelligenceIndicator/EmailEntity_SecurityAlert.yaml +++ b/Detections/ThreatIntelligenceIndicator/EmailEntity_SecurityAlert.yaml @@ -57,5 +57,4 @@ entityMappings: fieldMappings: - identifier: Url columnName: URLCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/ThreatIntelligenceIndicator/EmailEntity_SecurityEvent.yaml b/Detections/ThreatIntelligenceIndicator/EmailEntity_SecurityEvent.yaml index fc52adbbe1..d8d578777d 100644 --- a/Detections/ThreatIntelligenceIndicator/EmailEntity_SecurityEvent.yaml +++ b/Detections/ThreatIntelligenceIndicator/EmailEntity_SecurityEvent.yaml @@ -60,5 +60,4 @@ entityMappings: fieldMappings: - identifier: Url columnName: URLCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/ThreatIntelligenceIndicator/EmailEntity_SigninLogs.yaml b/Detections/ThreatIntelligenceIndicator/EmailEntity_SigninLogs.yaml index fe537a2209..ee3f3642bd 100644 --- a/Detections/ThreatIntelligenceIndicator/EmailEntity_SigninLogs.yaml +++ b/Detections/ThreatIntelligenceIndicator/EmailEntity_SigninLogs.yaml @@ -68,5 +68,4 @@ entityMappings: fieldMappings: - identifier: Url columnName: URLCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/ThreatIntelligenceIndicator/FileHashEntity_CommonSecurityLog.yaml b/Detections/ThreatIntelligenceIndicator/FileHashEntity_CommonSecurityLog.yaml index 82ebd9de14..79ee41dbce 100644 --- a/Detections/ThreatIntelligenceIndicator/FileHashEntity_CommonSecurityLog.yaml +++ b/Detections/ThreatIntelligenceIndicator/FileHashEntity_CommonSecurityLog.yaml @@ -59,5 +59,4 @@ entityMappings: fieldMappings: - identifier: Url columnName: URLCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/ThreatIntelligenceIndicator/FileHashEntity_Covid19_CommonSecurityLog.yaml b/Detections/ThreatIntelligenceIndicator/FileHashEntity_Covid19_CommonSecurityLog.yaml index 07c3dda7bd..e3dba62af7 100644 --- a/Detections/ThreatIntelligenceIndicator/FileHashEntity_Covid19_CommonSecurityLog.yaml +++ b/Detections/ThreatIntelligenceIndicator/FileHashEntity_Covid19_CommonSecurityLog.yaml @@ -47,5 +47,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/ThreatIntelligenceIndicator/FileHashEntity_SecurityEvent.yaml b/Detections/ThreatIntelligenceIndicator/FileHashEntity_SecurityEvent.yaml index c967e51235..d758cfb01d 100644 --- a/Detections/ThreatIntelligenceIndicator/FileHashEntity_SecurityEvent.yaml +++ b/Detections/ThreatIntelligenceIndicator/FileHashEntity_SecurityEvent.yaml @@ -52,5 +52,4 @@ entityMappings: fieldMappings: - identifier: Url columnName: URLCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/ThreatIntelligenceIndicator/IPEntity_AWSCloudTrail.yaml b/Detections/ThreatIntelligenceIndicator/IPEntity_AWSCloudTrail.yaml index dd2058a811..646dc2ca59 100644 --- a/Detections/ThreatIntelligenceIndicator/IPEntity_AWSCloudTrail.yaml +++ b/Detections/ThreatIntelligenceIndicator/IPEntity_AWSCloudTrail.yaml @@ -58,5 +58,4 @@ entityMappings: fieldMappings: - identifier: Url columnName: URLCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/ThreatIntelligenceIndicator/IPEntity_AppServiceHTTPLogs.yaml b/Detections/ThreatIntelligenceIndicator/IPEntity_AppServiceHTTPLogs.yaml index e2e470245c..53df511de9 100644 --- a/Detections/ThreatIntelligenceIndicator/IPEntity_AppServiceHTTPLogs.yaml +++ b/Detections/ThreatIntelligenceIndicator/IPEntity_AppServiceHTTPLogs.yaml @@ -58,5 +58,4 @@ entityMappings: fieldMappings: - identifier: Url columnName: URLCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/ThreatIntelligenceIndicator/IPEntity_AzureActivity.yaml b/Detections/ThreatIntelligenceIndicator/IPEntity_AzureActivity.yaml index 85f46e6839..2c4a63e76f 100644 --- a/Detections/ThreatIntelligenceIndicator/IPEntity_AzureActivity.yaml +++ b/Detections/ThreatIntelligenceIndicator/IPEntity_AzureActivity.yaml @@ -57,5 +57,4 @@ entityMappings: fieldMappings: - identifier: Url columnName: URLCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/ThreatIntelligenceIndicator/IPEntity_AzureNetworkAnalytics.yaml b/Detections/ThreatIntelligenceIndicator/IPEntity_AzureNetworkAnalytics.yaml index edb340181f..55cbb2a9fa 100644 --- a/Detections/ThreatIntelligenceIndicator/IPEntity_AzureNetworkAnalytics.yaml +++ b/Detections/ThreatIntelligenceIndicator/IPEntity_AzureNetworkAnalytics.yaml @@ -60,5 +60,4 @@ entityMappings: fieldMappings: - identifier: Url columnName: URLCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/ThreatIntelligenceIndicator/IPEntity_DnsEvents.yaml b/Detections/ThreatIntelligenceIndicator/IPEntity_DnsEvents.yaml index 0e35d29d23..7f715e3399 100644 --- a/Detections/ThreatIntelligenceIndicator/IPEntity_DnsEvents.yaml +++ b/Detections/ThreatIntelligenceIndicator/IPEntity_DnsEvents.yaml @@ -61,5 +61,4 @@ entityMappings: fieldMappings: - identifier: Url columnName: URLCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/ThreatIntelligenceIndicator/IPEntity_OfficeActivity.yaml b/Detections/ThreatIntelligenceIndicator/IPEntity_OfficeActivity.yaml index ff7cb014cf..b12d099e85 100644 --- a/Detections/ThreatIntelligenceIndicator/IPEntity_OfficeActivity.yaml +++ b/Detections/ThreatIntelligenceIndicator/IPEntity_OfficeActivity.yaml @@ -57,5 +57,4 @@ entityMappings: fieldMappings: - identifier: Url columnName: URLCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/ThreatIntelligenceIndicator/IPEntity_VMConnection.yaml b/Detections/ThreatIntelligenceIndicator/IPEntity_VMConnection.yaml index 8c46a478e7..47b0ef4ede 100644 --- a/Detections/ThreatIntelligenceIndicator/IPEntity_VMConnection.yaml +++ b/Detections/ThreatIntelligenceIndicator/IPEntity_VMConnection.yaml @@ -58,5 +58,4 @@ entityMappings: fieldMappings: - identifier: Url columnName: URLCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/ThreatIntelligenceIndicator/IPEntity_W3CIISLog.yaml b/Detections/ThreatIntelligenceIndicator/IPEntity_W3CIISLog.yaml index 22a60c4c33..df1cdaa65d 100644 --- a/Detections/ThreatIntelligenceIndicator/IPEntity_W3CIISLog.yaml +++ b/Detections/ThreatIntelligenceIndicator/IPEntity_W3CIISLog.yaml @@ -64,5 +64,4 @@ entityMappings: fieldMappings: - identifier: Url columnName: URLCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/ThreatIntelligenceIndicator/IPEntity_WireData.yaml b/Detections/ThreatIntelligenceIndicator/IPEntity_WireData.yaml index 534b78b477..3c0cfb4039 100644 --- a/Detections/ThreatIntelligenceIndicator/IPEntity_WireData.yaml +++ b/Detections/ThreatIntelligenceIndicator/IPEntity_WireData.yaml @@ -58,5 +58,4 @@ entityMappings: fieldMappings: - identifier: Url columnName: URLCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/ThreatIntelligenceIndicator/IPentity_SigninLogs.yaml b/Detections/ThreatIntelligenceIndicator/IPentity_SigninLogs.yaml index 7714912728..9f875e8bbc 100644 --- a/Detections/ThreatIntelligenceIndicator/IPentity_SigninLogs.yaml +++ b/Detections/ThreatIntelligenceIndicator/IPentity_SigninLogs.yaml @@ -68,5 +68,4 @@ entityMappings: fieldMappings: - identifier: Url columnName: URLCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/ThreatIntelligenceIndicator/URLEntity_AuditLogs.yaml b/Detections/ThreatIntelligenceIndicator/URLEntity_AuditLogs.yaml index da77fb5179..fec89a1cd7 100644 --- a/Detections/ThreatIntelligenceIndicator/URLEntity_AuditLogs.yaml +++ b/Detections/ThreatIntelligenceIndicator/URLEntity_AuditLogs.yaml @@ -56,5 +56,4 @@ entityMappings: fieldMappings: - identifier: Url columnName: URLCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/ThreatIntelligenceIndicator/URLEntity_OfficeActivity.yaml b/Detections/ThreatIntelligenceIndicator/URLEntity_OfficeActivity.yaml index 46ef99ff16..c08427fc11 100644 --- a/Detections/ThreatIntelligenceIndicator/URLEntity_OfficeActivity.yaml +++ b/Detections/ThreatIntelligenceIndicator/URLEntity_OfficeActivity.yaml @@ -51,5 +51,4 @@ entityMappings: fieldMappings: - identifier: Url columnName: URLCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/ThreatIntelligenceIndicator/URLEntity_PaloAlto.yaml b/Detections/ThreatIntelligenceIndicator/URLEntity_PaloAlto.yaml index 084d2ed3f2..a236de4dcb 100644 --- a/Detections/ThreatIntelligenceIndicator/URLEntity_PaloAlto.yaml +++ b/Detections/ThreatIntelligenceIndicator/URLEntity_PaloAlto.yaml @@ -61,5 +61,4 @@ entityMappings: fieldMappings: - identifier: Url columnName: URLCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/ThreatIntelligenceIndicator/URLEntity_SecurityAlerts.yaml b/Detections/ThreatIntelligenceIndicator/URLEntity_SecurityAlerts.yaml index a83fded539..8c7872b25c 100644 --- a/Detections/ThreatIntelligenceIndicator/URLEntity_SecurityAlerts.yaml +++ b/Detections/ThreatIntelligenceIndicator/URLEntity_SecurityAlerts.yaml @@ -56,5 +56,4 @@ entityMappings: fieldMappings: - identifier: Url columnName: URLCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/ThreatIntelligenceIndicator/URLEntity_Syslog.yaml b/Detections/ThreatIntelligenceIndicator/URLEntity_Syslog.yaml index b5bbfb1325..85344077c0 100644 --- a/Detections/ThreatIntelligenceIndicator/URLEntity_Syslog.yaml +++ b/Detections/ThreatIntelligenceIndicator/URLEntity_Syslog.yaml @@ -53,5 +53,4 @@ entityMappings: fieldMappings: - identifier: Url columnName: URLCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/TrendMicroXDR/Create Incident for XDR Alerts (Critical & High).yaml b/Detections/TrendMicroXDR/Create Incident for XDR Alerts (Critical & High).yaml index 520ba65f23..0189dac46c 100644 --- a/Detections/TrendMicroXDR/Create Incident for XDR Alerts (Critical & High).yaml +++ b/Detections/TrendMicroXDR/Create Incident for XDR Alerts (Critical & High).yaml @@ -33,5 +33,4 @@ entityMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/TrendMicroXDR/Create Incident for XDR Alerts (Medium & Low).yaml b/Detections/TrendMicroXDR/Create Incident for XDR Alerts (Medium & Low).yaml index 010d0e6163..a863800da1 100644 --- a/Detections/TrendMicroXDR/Create Incident for XDR Alerts (Medium & Low).yaml +++ b/Detections/TrendMicroXDR/Create Incident for XDR Alerts (Medium & Low).yaml @@ -33,5 +33,4 @@ entityMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/VMwareCarbonBlack/CriticalThreatDetected.yaml b/Detections/VMwareCarbonBlack/CriticalThreatDetected.yaml index 85b48bd734..bcceba8683 100644 --- a/Detections/VMwareCarbonBlack/CriticalThreatDetected.yaml +++ b/Detections/VMwareCarbonBlack/CriticalThreatDetected.yaml @@ -33,5 +33,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/VMwareCarbonBlack/KnownMalwareDetected.yaml b/Detections/VMwareCarbonBlack/KnownMalwareDetected.yaml index 9630959d82..de07131452 100644 --- a/Detections/VMwareCarbonBlack/KnownMalwareDetected.yaml +++ b/Detections/VMwareCarbonBlack/KnownMalwareDetected.yaml @@ -35,5 +35,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/W3CIISLog/AnomomlousUserAgentConnection.yaml b/Detections/W3CIISLog/AnomomlousUserAgentConnection.yaml index ebbb057080..ee52af9558 100644 --- a/Detections/W3CIISLog/AnomomlousUserAgentConnection.yaml +++ b/Detections/W3CIISLog/AnomomlousUserAgentConnection.yaml @@ -41,5 +41,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/W3CIISLog/HAFNIUMSuspiciousExchangeRequestPattern.yaml b/Detections/W3CIISLog/HAFNIUMSuspiciousExchangeRequestPattern.yaml index 505dea15e1..4a57fe0228 100644 --- a/Detections/W3CIISLog/HAFNIUMSuspiciousExchangeRequestPattern.yaml +++ b/Detections/W3CIISLog/HAFNIUMSuspiciousExchangeRequestPattern.yaml @@ -42,5 +42,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/W3CIISLog/HighFailedLogonCountByClientIP.yaml b/Detections/W3CIISLog/HighFailedLogonCountByClientIP.yaml index 5397573146..830fa0540d 100644 --- a/Detections/W3CIISLog/HighFailedLogonCountByClientIP.yaml +++ b/Detections/W3CIISLog/HighFailedLogonCountByClientIP.yaml @@ -77,5 +77,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/W3CIISLog/HighFailedLogonCountByUser.yaml b/Detections/W3CIISLog/HighFailedLogonCountByUser.yaml index 56d4c3f4c9..c97ab0100b 100644 --- a/Detections/W3CIISLog/HighFailedLogonCountByUser.yaml +++ b/Detections/W3CIISLog/HighFailedLogonCountByUser.yaml @@ -77,5 +77,4 @@ entityMappings: fieldMappings: - identifier: FullName columnName: HostCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/W3CIISLog/HighPortCountByClientIP.yaml b/Detections/W3CIISLog/HighPortCountByClientIP.yaml index 5f4711e9dc..153ed6196c 100644 --- a/Detections/W3CIISLog/HighPortCountByClientIP.yaml +++ b/Detections/W3CIISLog/HighPortCountByClientIP.yaml @@ -69,5 +69,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/W3CIISLog/MaliciousAlertLinkedWebRequests.yaml b/Detections/W3CIISLog/MaliciousAlertLinkedWebRequests.yaml index 5af9b567bf..8e79dff087 100644 --- a/Detections/W3CIISLog/MaliciousAlertLinkedWebRequests.yaml +++ b/Detections/W3CIISLog/MaliciousAlertLinkedWebRequests.yaml @@ -71,5 +71,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/W3CIISLog/Supernovawebshell.yaml b/Detections/W3CIISLog/Supernovawebshell.yaml index ab961fcdf6..da90858cf8 100644 --- a/Detections/W3CIISLog/Supernovawebshell.yaml +++ b/Detections/W3CIISLog/Supernovawebshell.yaml @@ -40,5 +40,4 @@ entityMappings: fieldMappings: - identifier: Address columnName: IPCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/ZoomLogs/E2EEDisbaled.yaml b/Detections/ZoomLogs/E2EEDisbaled.yaml index 56b12e94fc..cf94c2c55f 100644 --- a/Detections/ZoomLogs/E2EEDisbaled.yaml +++ b/Detections/ZoomLogs/E2EEDisbaled.yaml @@ -26,5 +26,4 @@ entityMappings: fieldMappings: - identifier: FullName columnName: AccountCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/ZoomLogs/ExternalUserAccess.yaml b/Detections/ZoomLogs/ExternalUserAccess.yaml index ec3a127499..53d8154a6d 100644 --- a/Detections/ZoomLogs/ExternalUserAccess.yaml +++ b/Detections/ZoomLogs/ExternalUserAccess.yaml @@ -34,5 +34,4 @@ entityMappings: fieldMappings: - identifier: FullName columnName: AccountCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/ZoomLogs/JoiningMeetingFromAnotherTimeZone.yaml b/Detections/ZoomLogs/JoiningMeetingFromAnotherTimeZone.yaml index 389b79a0ec..78e86b132b 100644 --- a/Detections/ZoomLogs/JoiningMeetingFromAnotherTimeZone.yaml +++ b/Detections/ZoomLogs/JoiningMeetingFromAnotherTimeZone.yaml @@ -41,5 +41,4 @@ entityMappings: fieldMappings: - identifier: FullName columnName: AccountCustomEntity - version: 1.0.0 \ No newline at end of file diff --git a/Detections/ZoomLogs/SupiciousLinkSharing.yaml b/Detections/ZoomLogs/SupiciousLinkSharing.yaml index 5e655339b8..b684e33584 100644 --- a/Detections/ZoomLogs/SupiciousLinkSharing.yaml +++ b/Detections/ZoomLogs/SupiciousLinkSharing.yaml @@ -31,5 +31,4 @@ entityMappings: fieldMappings: - identifier: FullName columnName: AccountCustomEntity - version: 1.0.0 \ No newline at end of file