Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
6 416 коммитов 3 460 Ветки 0 Теги 12 GiB
Граф коммитов

187 Коммитов

Автор SHA1 Сообщение Дата
v-rucdu acdcdff359 Merge branch 'master' into feature/v-admahe/CodeReviewAutomation 2021-01-29 19:31:30 +05:30
v-rucdu a6b28e3017
Merge branch 'master' into feature/CodeReviewAutomation 2021-01-29 19:05:39 +05:30
Alex Verbniak e8d0748cfb JiraAudit: test table 2021-01-28 16:47:02 +02:00
v-rucdu 8d57aa2427 Merge branch 'master' into feature/v-admahe/CodeReviewAutomation 2021-01-28 17:01:17 +05:30
Vitalii Uslystyi 9fff03ecc9 add Cisco_Umbrella custom table schema 2021-01-27 13:19:10 +02:00
Yotam Rosenmann 694ab8e4c2 Added CyberpionSecurityLogs to ValidConnectorIds.json 2021-01-26 09:33:47 +02:00
roabadie-microsoft 2efa160980
Add fromTemplateId test for workbooks templates (#1612) 
* Add fromTemplateId test for workbooks templates
 2021-01-25 10:58:16 +02:00
Offir Shvartz a20f893cdd add tests 2021-01-24 10:13:36 +02:00
v-admahe 22835a5e83
Merge branch 'master' into feature/v-admahe/CodeReviewAutomation 2021-01-22 13:09:29 +05:30
Shain Wray (MSTIC) ec81a162a4 Removing validation skip 2021-01-21 07:50:03 -08:00
Ronen Butirev 31ba8d86b3 add invalid temaplte to whitelist 2021-01-21 12:12:13 +02:00
Ronen Butirev d4d944aaa0 Merge branch 'master' into robutire-AddDetectionConnectorsIdsTest 2021-01-21 11:38:00 +02:00
Ronen Butirev 8c6bd4c289 changes 2021-01-21 11:11:48 +02:00
Ronen Butirev 8a18399054 uncomment section 2021-01-21 11:03:39 +02:00
Ronen Butirev 256c5603f8 refactor 2021-01-21 10:54:47 +02:00
Offir Shvartz 2cc7100be5 test error message 2021-01-21 10:18:25 +02:00
Offir Shvartz 93f15ddd03 add non ascii validations 2021-01-21 10:00:25 +02:00
v-jayakal c68dfab32b
Merge pull request #1446 from cyberpion-yotam/cyberpion-sl-connector 
Cyberpion sl connector
 2021-01-21 10:47:11 +05:30
Sergiy Prystaiko 3ad4d0f0bb Added NGINX data connector 2021-01-20 14:14:14 +02:00
Ronen Butirev 1c3badfc1c Merge branch 'master' into robutire-AddDetectionConnectorsIdsTest 2021-01-20 11:36:59 +02:00
Ronen Butirev b70f0bec83 fixes 2021-01-20 11:34:46 +02:00
Shain 54e7371804
Merge pull request #1499 from chicduong/acn_cd_sepanalytics01 
ACN_CD_SymantectEndpointProtection_AnalyticsRules_01
 2021-01-19 20:31:59 -08:00
v-maudan 37e3a25b3a Added FileName validation 2021-01-13 18:15:33 +05:30
v-maudan 0f9e1541ac Added more data connector validation automation test cases 2021-01-13 18:03:19 +05:30
v-admahe e0e5bf7f17 change test case message 2021-01-13 16:51:38 +05:30
v-rucdu a850ed6f33 Added remaining tests 2021-01-12 10:32:46 +05:30
v-admahe 2b4259181d To check size of the logo 2021-01-11 17:59:17 +05:30
v-admahe a2d632d51d To check valid guid and unique 2021-01-08 20:21:18 +05:30
Aditi Maheshwari e49a82d258 Logo validation automation tool 2021-01-07 20:34:47 +05:30
v-maudan c9e31221bf fixed PR review comments 2021-01-07 19:25:07 +05:30
v-maudan 5a5c1f185b Updated dataconnector schema to verify all data connector 2021-01-06 18:17:17 +05:30
Yotam Rosenmann 715ba5664a Added custom table to tests 2021-01-06 09:59:35 +02:00
v-maudan b5cb8fd449 Added check to identify data connector json file 2021-01-05 17:06:18 +05:30
chicduong c9faf98dc3 CrowdStrike Falcon Analytics Rules 2021-01-04 17:13:51 -08:00
v-rucdu a1cc2b9498 Verify connector id and data type does not include spaces 2021-01-04 22:31:21 +05:30
v-rucdu 9ffbc33efd Logic to validate schema of DataConnector json 2020-12-31 18:02:44 +05:30
Ronen Butirev 573c77ffc0 Merge branch 'master' into robutire-AddDetectionConnectorsIdsTest 2020-12-29 19:42:05 +02:00
sagamzu ddc6317681
[PR validation] Update KustoServices NuGet version (#1529) 2020-12-24 11:34:54 +02:00
chicduong 19b280be78 added validation 2020-12-21 16:36:01 -08:00
Ronen Butirev d2c56defb6 1)Rename method name 2)Fix file name) 2020-12-20 17:20:25 +02:00
Ronen Butirev f325c12d26 fix before PR 2020-12-20 17:13:22 +02:00
Ronen Butirev 8100063a3f Refacator existing temaplte test and add new test case of connectors Ids validation 2020-12-20 17:06:16 +02:00
Shain b453a0c7d7
Merge pull request #1497 from Azure/pebryan/2020-12-16_Solarigate 
Pebryan/2020 12 16 solarigate
 2020-12-17 09:40:45 -08:00
Pete Bryan fd551c5051 Exclusions due to broken validation checks 2020-12-17 15:05:55 +00:00
sagamzu 297e803d4a
[PR validation] update Kusto service NuGet version (#1496) 2020-12-17 16:49:18 +02:00
Pete Bryan c32323b853 Fixes 2020-12-17 14:40:40 +00:00
Shain eb59af713f
Adding in Schema support for M365 tables 
In order to support detections that are being included for M365, we need to temporarily add the schema manually.
 2020-12-15 16:07:04 -08:00
Shain adf08b9bf9
Merge pull request #1368 from AlsidOfficial/AFAD-connector 
New Alsid for AD connector, workbooks and analytics templates
 2020-12-14 14:45:52 -08:00
Shain d84a1281dc
Merge pull request #1413 from chicduong/acn_cd_qualyskbparser01 
ACN_CD_QualysKB_Parser01
 2020-12-14 14:41:51 -08:00
sagamzu 5da58812af
update KustoServices NuGet version (#1461) 
* update kqlservices nuget version
 2020-12-14 16:47:37 +02:00
chicduong e4c133dc27 added validation file 2020-12-09 21:16:06 -08:00
Eric Shulze 1225b2d57a
Trend Micro XDR Initial Commit (#1353) 
* Trend Micro XDR - Initial Commit

* Fixed Rendering of onboarding steps

* Inital Rule Templates - Trend Micro XDR

* Fixed: Format Error

* Added Trend Micro XDR Overview Workbench, and supporting files.

* Fixed extra addition

* Rebased file issue

* Added Missing KQL Validation table format

* ARM Template Usablitiy enahcment - made dropdown option

* Sample Data Example Additon

* Added missing CL from customer data type dependancy.

* Addressed PR Comments, Added logging, Added API Key Failure Error

* Fixed commit issues

* Fixing Requested Change

* variable rename as requested

* fixed Workbook issue

* Added 3 new queries to Workbook

* Updated Sample Images

* updated URL for API Key instructions

* Updated ARM URL, removed subscription ID's

Co-authored-by: Eric Shulze <ericsh@us-ericsh-mac.us.trendnet.org>
Co-authored-by: ericsh <eric_shulze@trendmicro.com>
 2020-12-09 18:57:49 -08:00
chicduong be56e5305c revisions 2020-12-09 15:16:22 -08:00
SOC Prime cace382aa5
Apache HTTP Server Data Connector (#1373) 
* added ApacheHTTPServer Data Connector

* added description to apache parser

* added apache logo

* apache data connector - changed connector id

Co-authored-by: Sergiy Prystaiko <sp@socprime.com>
Co-authored-by: Vitalii Uslystyi <vu@socprime.com>
 2020-12-08 17:32:56 -08:00
Julien CLEMENT 5dd795d0c6 Add Custom table schema for afad_parser 
Signed-off-by: Julien CLEMENT <julien.clement@epita.fr>
 2020-12-03 10:48:36 +01:00
SOC Prime 88c3fc89b6
G workspace reports connector (#1320) 
* GWorkspace: add table schemas

* GWorkspace: add parser

* GWorkspace: add deploy template

* GWorkspace: add pickle_string script

* GWorkspace: add connector template

* GWorkspace: add connector archive

* GWorkspace: add connector files

* GWorkspace: fixes in script.

* GWorkspace: update archive.

* Gworkspace: fixing json file

* GWorkspace: add logo

* GWorkspace: Connector template fixes

* GWorkspace: added data samples

* GWorkspace: added new logo

* GWorkspace: Add sampleQueries

* GWorkspace: Script and Archive updated

Co-authored-by: Alex Verbniak <ov@socprime.com>
 2020-11-25 14:00:19 -08:00
SOC Prime 533e0983f8
Proofpoint POD Connector (#1293) 
* proofpoint pod - initial commit

* ProofpointPOD: Delete "Preview" and change Umbrella to Proofpoint

* ProofpointPOD: delete empty lines from parser

* ProofpointPOD: add proxies.json file

* ProofpointPOD: script fixes

* ProofpointPOD: add well-known CA library certifi

Co-authored-by: Alex Verbniak <ov@socprime.com>
 2020-11-20 17:30:04 -08:00
laithhisham 9f0fa91b90
Feature/lahisham/migrate scheduled templates to new entity mapping (#1319) 
* migrate scheduled templates to new entity mapping model

* add validation for missing new entity mappings
 2020-11-17 17:27:25 +02:00
SOC Prime e4d2a7a670
Salesforce Service Cloud Connector (#1292) 
* saleforce sc connector - initial commit

* salesforce sc - added python file

* salesforce sc - updated zip file

* salesforce sc - updated connector template

* salesforce sc - added logo

* Salesforce SC: delete Preview

* Salesforce SC: change chunksize

* Salesforce SC: add proxies.json

* Salesforce SC: add handling of nextRecordsUrl

* Salesforce SC: update zip file

Co-authored-by: Alex Verbniak <ov@socprime.com>
 2020-11-16 19:31:20 -08:00
SOC Prime a90ff862f6
Cisco umbrella connector (#1261) 
* added table schemas

* added function app

* added parser

* added logo

* added azuredeploy arm template

* updated links in azuredeploy arm template

* added connector template

* added sample data

* updated links to github in templates

* improved logging in function app

* updated connector template

* cisco umbrella: updated links

* cisco umbrella: removed logo to avoid duplication

* cisco umbrella connector - changed AWSSecretAccesKey variable name

* cisco umbrella connector - removed CiscoUmbrella.md file

* cisco umbrella connector - updated connector template

* cisco umbrella connector - updated connector template

* cisco umbrella - renamed parser func and updated connector template

* cisco umbrella - updated sample queries in connector template

* cisco umbrella - added proxies.json file

Co-authored-by: Vitalii Uslystyi <vu@socprime.com>
 2020-11-13 07:16:25 -08:00
Shain Wray (MSTIC) 78191eea2c Adding in schema for DeviceNetworkEvents from MDATP raw data tables 2020-11-12 20:51:27 -08:00
ehudk-msft ac24a19f8e add detection 2020-11-09 19:27:13 +02:00
ehudk-msft 3502112c6e seperate template structure validation to another pipeline 2020-11-08 17:10:23 +02:00
Offir Shvartz 3a16542e20
update Microsoft.Azure.Sentinel.KustoServices nuget - removed templates from skipped list (#1268) 
Co-authored-by: Offir Shvartz <ofshvart@microsoft.com>
 2020-11-04 20:21:24 +02:00
Offir Shvartz 39d7eab071
Add Kql Validation to PR pipeline (detection only) (#1223) 
Co-authored-by: Offir Shvartz <ofshvart@microsoft.com>
 2020-11-01 09:15:35 +02:00
Shain 402b6c1c6f
Revert "Add KQL syntax validation of detection queries as part of the PR pipeline" 2020-10-27 10:37:31 -07:00
Offir Shvartz 035706a999 merge 2020-10-21 09:37:20 +03:00
Offir Shvartz b493e5de09 c 2020-10-21 09:04:30 +03:00
Offir Shvartz 4231a2e4c5 tests 2020-09-17 13:49:11 +03:00
Offir Shvartz 11ec709397 fix tests 2020-09-10 16:13:11 +03:00
Offir Shvartz 6a8138fa0e nupack 2020-09-07 15:55:38 +03:00
Offir Shvartz eabaa9f583 move 2020-09-07 15:52:58 +03:00
Eran Toledano 623a503434 fix tests 2020-08-20 11:48:44 -07:00
Eran Toledano f9657c16e3 modify validation to be metadata specific 2020-08-20 11:48:44 -07:00
Eran Toledano a1929be102 fix test files 2020-08-20 11:48:44 -07:00
Eran Toledano 8845d158e4 fix preview image validations 2020-08-20 11:48:43 -07:00
Eran Toledano 294789569f fix indent 2020-08-20 11:48:43 -07:00
Eran Toledano 912c2c7047 cosmetic fixes 2020-08-20 11:48:43 -07:00
Eran Toledano 2bae03bdd1 create new pipeline for workbooks validations 2020-08-20 11:48:43 -07:00
Eran Toledano adf69f90a1 fix schema and test file 2020-08-20 11:48:43 -07:00
Eran Toledano 64ab8f8461 add await statement 2020-08-20 11:48:43 -07:00
Eran Toledano d9c098ed88 add schema validation for workbooksMetadata 2020-08-20 11:48:43 -07:00
Igal d8321c70a5
Documentation links should not include locale - fix and add validations (#678) 
* Documentation links should not include locale - fix and add validations
 2020-05-13 15:07:12 +03:00
necoh 1bea0ea9e0
Add id change validator (#548) 
* Add id change validation

* fix azure-pipelines jobs

* Refactoring

* Refactoring azure-pipelines jobs

* fix log message

* fix idChangeValidatorTest

* run test

* fix fileKinds

* fix fileKinds

* fix fileKinds

* fix code review comments

* fix code review comments
 2020-03-26 10:57:30 +02:00
sagamzu 0f75ec7c50
Add new PR validation - JSON file syntax (#467) 2020-02-04 11:23:49 +02:00
sagamzu a52ed777bc
run prettier on type script files (#465) 2020-02-02 18:03:21 +02:00
sagamzu 41d4ad1079
Add infrastructure for PR validation (#456) 
* update pr validation code

* small updates according to review comments

* run prettier again
 2020-01-30 15:47:21 +02:00