8c7ef1cc9b
Indicator publish: 7/31/2020 8:02:19 PM
2020-07-31 13:02:19 -07:00
08d7002e93
Indicator publish: 7/31/2020 8:02:16 PM
2020-07-31 13:02:16 -07:00
324fd7afbf
Indicator publish: 7/29/2020 5:17:04 PM
2020-07-29 10:17:05 -07:00
4230f6a52c
Indicator publish: 7/29/2020 5:17:01 PM
2020-07-29 10:17:02 -07:00
39eda2e395
Indicator publish: 7/28/2020 6:03:06 PM
2020-07-28 11:03:07 -07:00
9b4bae75fa
Indicator publish: 7/28/2020 6:03:03 PM
2020-07-28 11:03:04 -07:00
ab786370da
Indicator publish: 7/27/2020 5:47:40 PM
2020-07-27 10:47:41 -07:00
3f28af73b8
Indicator publish: 7/27/2020 5:47:37 PM
2020-07-27 10:47:38 -07:00
f14922242f
Indicator publish: 7/24/2020 5:57:55 PM
2020-07-24 11:02:14 -07:00
ef01fb7ac3
Indicator publish: 7/24/2020 5:57:52 PM
2020-07-24 11:02:11 -07:00
d74986f70d
Indicator publish: 7/22/2020 5:29:01 PM
2020-07-22 10:29:02 -07:00
3e28d78038
Indicator publish: 7/22/2020 5:28:58 PM
2020-07-22 10:28:59 -07:00
e6f9c14172
Indicator publish: 7/20/2020 6:12:40 PM
2020-07-20 11:12:40 -07:00
fbcab96410
Indicator publish: 7/20/2020 6:12:36 PM
2020-07-20 11:12:37 -07:00
6da5088f59
Indicator publish: 7/17/2020 7:04:12 PM
2020-07-17 12:04:13 -07:00
10c0949dc9
Indicator publish: 7/17/2020 7:04:09 PM
2020-07-17 12:04:09 -07:00
16bf652c9d
Indicator publish: 7/16/2020 5:34:22 PM
2020-07-16 10:34:24 -07:00
96bb6f3756
Indicator publish: 7/16/2020 5:34:19 PM
2020-07-16 10:34:21 -07:00
31075cb2fc
Indicator publish: 7/14/2020 4:49:06 PM
2020-07-14 09:49:07 -07:00
0c6a8a4f00
Indicator publish: 7/14/2020 4:49:03 PM
2020-07-14 09:49:04 -07:00
fd232bec58
Indicator publish: 7/13/2020 6:06:39 PM
2020-07-13 11:06:40 -07:00
7081b81916
Indicator publish: 7/13/2020 6:06:36 PM
2020-07-13 11:06:37 -07:00
a005dc7940
adding Eset SMC parser ( #476 )
...
* adding Eset SMC parser
* Eset SMC data connector
* remove files no longer needed
* enhanced conn., added workbook and detections
Co-authored-by: Tomas Kubica <tokubica@microsoft.com>
2020-07-08 17:55:11 -07:00
cf7e95b241
Illusive cef connector ( #730 )
...
* illusive connector and sample data files
* Illusive Workbooks
* fix WorkbookMetdata json format
* add logo to workbook
* fix illusive workbook logo - CR
* add link to illusive website
2020-07-08 15:42:42 -07:00
32f9b39d4e
ACNCD_DataConnectors_final ( #767 )
...
* final PR
* detection corrections
* Revisions
* add default Function app root files
* revisions
2020-07-07 15:25:53 -07:00
6a8b1ad4f9
Updated known OAuth app allowList
...
Based on additional Azure Sentinel Lighthouse data
2020-07-06 16:08:56 -04:00
664d578519
Indicator publish: 7/2/2020 5:31:26 PM
2020-07-02 10:31:27 -07:00
02bbada984
Indicator publish: 7/2/2020 5:31:23 PM
2020-07-02 10:31:24 -07:00
83f4d6407e
Beyond Security beSECURE patch ( #745 )
...
* Beyond Security beSECURE Connector (Via RestAPI)
* beSECURE Sample Data
* Beyond Security Logo
* We have three tables, do a union of them
To correctly show the incoming data, we need to do a union of the three tables
* Add two sample queries for Audit and Events
* Add missing dataTypes
* No need for customs
* Bigger sample base
* More data
* More data samples, and more accurate structure
* Incorrect escape character
\b should be just \n
* Rephrase to be more clear
* No dependencies
* Empty
* No need for xlink
2020-07-01 16:48:34 -07:00
672e6c5de8
Create ForgeRock_CEF.txt ( #571 )
...
* Create ForgeRock_CEF.txt
* Update and rename ForgeRock_CEF.txt to ForgeRock_CEF.csv
added a header line, and replaced pipe character that our connector outputs with comma so this file can be submitted as a CSV file
* Update ForgeRock_CEF.csv
1. renamed last header field name to "Extensions"
2. added an additional 24 samples
3. extracted two fields from the JSON payload (that was previously in the last column) and made them individual columns; left the rest so that admins can (if they so chose) to query via Kusto in their browser and plain text (as opposed to writing java, compiling the jar, redeploying.)
* Update ForgeRock_CEF.csv
commas somehow stripped out on last commit... I can try to upload .csv directly if that happens again.
* Update ForgeRock_CEF.csv
added 2 more column names
2020-07-01 11:20:40 -07:00
43717a3000
Indicator publish: 7/1/2020 5:23:35 PM
2020-07-01 10:23:36 -07:00
fa822c7e47
Indicator publish: 7/1/2020 5:23:32 PM
2020-07-01 10:23:32 -07:00
3c85dcb1eb
Indicator publish: 7/1/2020 12:08:52 AM
2020-06-30 17:08:53 -07:00
730a6c7ddb
Indicator publish: 7/1/2020 12:08:49 AM
2020-06-30 17:08:50 -07:00
e3d6a43a47
Merge branch 'master' into master
2020-06-28 22:10:54 -07:00
29a25f5480
Added more known apps
...
Emphasis on "known" and they appear to be legitimate, however - we'll recommend admins review the promiscuous permissions with the hunting queries
2020-06-26 22:13:55 -04:00
6f52a80c81
Update Microsoft.OAuth.KnownApplications.csv
2020-06-25 17:52:28 -04:00
dc608e406b
Create several suspicious OAuth consent detections
...
Creating pull request to add these OAuth detections.
These require the addition of this CSV for externalData lookup to the "Sample Data" folder. If that location changes, these queries will need updated.
2020-06-25 17:47:52 -04:00
c03207803d
Indicator publish: 6/25/2020 6:06:27 PM
2020-06-25 11:06:28 -07:00
02d7143f39
Indicator publish: 6/25/2020 6:06:24 PM
2020-06-25 11:06:25 -07:00
908ad564b7
Indicator publish: 6/22/2020 9:57:44 PM
2020-06-22 14:57:45 -07:00
3c0e605367
Indicator publish: 6/22/2020 9:57:41 PM
2020-06-22 14:57:41 -07:00
22a7521bfb
Orca SEcurity REST API connector ( #721 )
...
Co-authored-by: Alon Lavian <alon@orca.security>
2020-06-19 14:03:45 -07:00
1ccee11bfc
ACNCD_Custom_DataConnector_v2 ( #729 )
...
* 3 custom data connector
* error corrections - locale
* resolve conflicts
* error corrections
* remove -- from CarbonBlack json
* Update WorkbooksMetadata.json
line 747
* Update WorkbookMetadata.json
Updated connect Dependencies to remove spaces and match connector ID
* Update Connector ID, exclude spaces
* Update Connector ID, exclude spaces
* Analytic Rule Corrections
* Retroactive changes to Analytics Rules
* typo in WorkbooksMedidata
* Post-Review Corrections
* QualysVM correction
2020-06-19 14:00:16 -07:00
d438ad3b55
Indicator publish: 6/19/2020 5:46:06 PM
2020-06-19 10:46:06 -07:00
b4f8c96df5
Indicator publish: 6/19/2020 5:46:03 PM
2020-06-19 10:46:03 -07:00
2fba5f9309
Indicator publish: 6/17/2020 4:18:00 PM
2020-06-17 09:18:02 -07:00
61bbcb6c9c
Indicator publish: 6/17/2020 4:17:57 PM
2020-06-17 09:17:59 -07:00
4e1758ec34
Indicator publish: 6/11/2020 6:16:13 PM
2020-06-11 11:15:36 -07:00
22bf657dbc
Indicator publish: 6/11/2020 6:16:10 PM
2020-06-11 11:15:33 -07:00
624ec38741
Indicator publish: 6/10/2020 8:37:58 PM
2020-06-10 13:37:59 -07:00
47e094432d
Indicator publish: 6/10/2020 8:37:56 PM
2020-06-10 13:37:56 -07:00
b5a16a090a
Indicator publish: 6/8/2020 5:39:44 PM
2020-06-08 10:39:44 -07:00
5c20c24e70
Indicator publish: 6/8/2020 5:39:22 PM
2020-06-08 10:39:22 -07:00
17418bd389
ACNCD_AzureSentinel-DataConnectors ( #706 )
...
* SymantecProxySG Connector Upload
* PulseSecureVPN Connector Upload
* updated Kusto Function links
* updated Yaml Syntax
* add new line
* add new line at end
* add new line at end
* add new line at end
* add new line at end
* error corrections
* Syslog Revisions and 2 New Submissions
* Pulseconnectsecure add. corrections
* corrections
* corrections
* minor type correction
* corrected dataconnector pages
* update SymantecProxySG Rules
* add logos to main dir
2020-06-05 14:14:23 -07:00
fb6e15375e
Indicator publish: 6/5/2020 6:13:41 PM
2020-06-05 11:13:42 -07:00
60ad5eea9a
Indicator publish: 6/5/2020 6:13:39 PM
2020-06-05 11:13:39 -07:00
85df954f23
Indicator publish: 6/4/2020 8:13:42 PM
2020-06-04 13:13:42 -07:00
4caacf533d
Indicator publish: 6/4/2020 8:13:39 PM
2020-06-04 13:13:40 -07:00
3ed1cb9faf
Indicator publish: 6/3/2020 5:39:57 PM
2020-06-03 10:39:58 -07:00
cb85f6c05a
Indicator publish: 6/3/2020 5:39:54 PM
2020-06-03 10:39:55 -07:00
708c7d8720
Indicator publish: 6/1/2020 4:58:17 PM
2020-06-01 09:58:18 -07:00
308894c926
Indicator publish: 6/1/2020 4:58:14 PM
2020-06-01 09:58:15 -07:00
3a95e64557
Indicator publish: 5/29/2020 6:14:10 PM
2020-05-29 11:14:11 -07:00
6005d4458c
Indicator publish: 5/29/2020 6:14:08 PM
2020-05-29 11:14:08 -07:00
7f13f00a18
Indicator publish: 5/28/2020 8:03:34 PM
2020-05-28 13:03:34 -07:00
cecf0d448e
Indicator publish: 5/28/2020 8:03:31 PM
2020-05-28 13:03:32 -07:00
41dd8e3075
Indicator publish: 5/27/2020 5:26:47 PM
2020-05-27 10:26:49 -07:00
b87ec47d24
Indicator publish: 5/27/2020 5:26:44 PM
2020-05-27 10:26:46 -07:00
1e5c7d84db
Indicator publish: 5/26/2020 12:50:42 AM
2020-05-25 17:50:43 -07:00
8f0a8f0243
Indicator publish: 5/26/2020 12:50:39 AM
2020-05-25 17:50:41 -07:00
be76ef747e
Indicator publish: 5/22/2020 5:25:11 PM
2020-05-22 10:25:12 -07:00
27c8d2ff35
Indicator publish: 5/22/2020 5:25:08 PM
2020-05-22 10:25:09 -07:00
9372ee2261
Indicator publish: 5/21/2020 8:27:23 PM
2020-05-21 13:27:24 -07:00
2df3b886bb
Indicator publish: 5/21/2020 8:27:20 PM
2020-05-21 13:27:21 -07:00
df63e8a60f
Indicator publish: 5/20/2020 6:04:53 PM
2020-05-20 11:04:54 -07:00
97671ece91
Indicator publish: 5/20/2020 6:04:50 PM
2020-05-20 11:04:50 -07:00
70a608daec
Indicator publish: 5/19/2020 8:12:23 PM
2020-05-19 13:12:23 -07:00
af1ca8b6f3
Indicator publish: 5/19/2020 8:12:18 PM
2020-05-19 13:12:19 -07:00
4009d4320c
Adding AI Vectra files for the connector ( #661 )
...
* Adding AI Vectra files for the connector
* add more sample data and queries
* add information about syslog guide
Co-authored-by: Fabien Guillot <fguillot@vectra.ai>
2020-05-18 12:20:09 -07:00
40baef6063
Indicator publish: 5/18/2020 5:18:07 PM
2020-05-18 10:18:08 -07:00
f21e57b725
Indicator publish: 5/18/2020 5:18:01 PM
2020-05-18 10:18:02 -07:00
8aed171994
Indicator publish: 5/15/2020 4:58:24 PM
2020-05-15 09:58:24 -07:00
9835a5e2b8
Indicator publish: 5/15/2020 4:58:18 PM
2020-05-15 09:58:18 -07:00
904b5f21a5
Indicator publish: 5/15/2020 10:00:07 AM
2020-05-15 03:00:08 -07:00
e222d78a44
Indicator publish: 5/15/2020 10:00:05 AM
2020-05-15 03:00:05 -07:00
9c751cf311
updating readme
2020-05-14 19:04:57 +01:00
af25136f28
Indicator publish: 5/14/2020 5:26:33 PM
2020-05-14 10:26:33 -07:00
118637725e
Indicator publish: 5/14/2020 5:26:22 PM
2020-05-14 10:26:22 -07:00
86be2400b6
Deleting the test file
2020-05-13 11:35:51 -07:00
8844792c7f
Perimeter81 ( #613 )
...
* add Perimeter 81 Activity Logs Data Connector
* add Perimeter 81 Overview Workbook
Signed-off-by: georgykagan <georgy@perimeter81.com>
* Perimeter81 logo - remove cls style formats from svg
Signed-off-by: georgykagan <georgy@perimeter81.com>
* update sample data with more events and data variation
Signed-off-by: georgykagan <georgy@perimeter81.com>
* add 2 example queries for anomalous activity (auth failures & resource deletions)
Signed-off-by: georgykagan <georgy@perimeter81.com>
* workbook - add 4 more charts
Signed-off-by: georgykagan <georgy@perimeter81.com>
* remove class from p81 logo svg sources
Signed-off-by: georgykagan <georgy@perimeter81.com>
* remove style and png from svg
Signed-off-by: georgykagan <georgy@perimeter81.com>
* remove newline
Signed-off-by: georgykagan <georgy@perimeter81.com>
2020-05-13 07:48:13 -07:00
39b3f988d8
Test commit
2020-05-12 12:32:51 -07:00
30ec4bdbcc
update custom file name ( #660 )
2020-05-06 15:39:58 -07:00
91c1795c68
Modify sample data file names to match their data types ( #656 )
...
* change sample files names to match their data types
* change csv file names
2020-05-06 00:39:46 -07:00
8b51343a55
move files in right folders ( #642 )
2020-05-04 06:11:31 -07:00
5128123636
Structuring sample data
2020-05-01 07:15:41 -07:00
394c2b4274
Add files via upload
2020-04-24 14:57:46 -07:00
7aca160276
feeds folder
2020-04-24 14:33:39 -07:00
0480396397
Log analytics interflow upload code and associated data
2020-04-02 11:23:18 +01:00
b05398ed56
Added DataConnector (alcide_kaudit.json) and Alcide logo ( #510 )
...
* Added DataConnector (alcide_kaudit.json) and Alcide logo
* Sample data files
Added 4 sample data files.
* Replaced fixed sample data files
* Create .DS_Store
* Update alcide_kaudit_activity_1_CL.json
* Update alcide_kaudit.json
* Delete .DS_Store
* Update alcide_kaudit.json
* Update alcide_kaudit.json
2020-03-18 16:16:14 -07:00
703e710128
Merge pull request #477 from Zimperium/Zimperium_MTD
...
Zimperium MTD Connector
2020-02-11 13:57:40 -08:00
6989dc1236
Added link for customer support.
2020-02-11 15:26:27 -06:00
74f2822858
New sample data files in csv format. Changed permissions on connector file.
2020-02-11 07:33:06 -06:00
9f73087684
Merge pull request #473 from Dlo-Bagari/master
...
Added Forcepoint CASB.json, Forcepoint CASB.csv and FP_Green_EMBLEM_R…
2020-02-10 21:32:25 -08:00
10ec3b4b5e
Merge pull request #472 from michaelNevinFP/Forcepoint-DLP-Integration
...
Forcepoint DLP Sentinel Integration
2020-02-10 21:14:51 -08:00
fe3a390683
Rename sample.json to ForcepointDLP_sample.json
2020-02-10 21:13:32 -08:00
5f3d039324
Rename query_data.csv to Forcepoint_ngfw_query_data.csv
2020-02-10 20:59:21 -08:00
97b429231d
Merge pull request #471 from tom-meaney-forcepoint/forcepoint-ngfw-connector
...
Add connector JSON, Forcepoint logo and sample data
2020-02-10 20:57:01 -08:00
d2778dca6b
Added sample data
2020-02-10 19:24:46 -06:00
32ba41b909
Remove tenant ID from Sample Data file
2020-02-10 14:01:26 -08:00
b2de31228a
Squadra Technologies SecRMM Azure Sentinel Data Connector
2020-02-09 11:02:39 -08:00
13fb97d6c1
sanitize data
2020-02-07 14:21:03 +00:00
cb277611ec
updated documentation
2020-02-07 14:10:01 +00:00
d248fc023b
update the tenant ID
2020-02-07 14:03:13 +00:00
f58107ff8b
Added Forcepoint CASB.json, Forcepoint CASB.csv and FP_Green_EMBLEM_RGB-01.svg for Forcepoint integration.
2020-02-06 12:06:31 +00:00
d17d71b54d
Forcepoint DLP Sentinel Integration
2020-02-06 11:43:30 +00:00
695aef3134
Add connector JSON, Forcepoint logo and sample data
2020-02-06 11:42:21 +00:00
931462def1
Creating sample data folder
...
This is a place to share sample data for each data connector that can be leveraged for Azure Sentinel contributions for validations
2020-01-31 16:46:31 -08:00
ahatekar
Tomáš Kubica
liadga
chicduong
Nick Carr
Noam Rathaus
javaservlets
Shain
Nick Carr
Alon Lavian
Fabien
Tim Burrell (MSTIC)
georgykagan
chinguyen1
Preeti Krishna
Ross Bevington
alonalcide
Scott Carpenter
Anthony LaMark
tom.meaney
Michael.Nevin
Dlo Bagari