yaronMSFT
|
f88712f7b0
|
_Im_Dns Expansions (#4154)
* _Im_Dns Expansions
|
2022-03-08 18:53:37 +02:00 |
dosegal
|
4f2ef115c4
|
Add KQL validations for ImAuthentication (#4187)
* added KQL validations for ImAuthentication
* updated KQL validations
* fix Acc2Host_HostWithMostFails
|
2022-02-17 13:27:36 +02:00 |
yaronMSFT
|
a30de588e0
|
expansion only supports single substitution
|
2021-12-14 14:24:25 +02:00 |
Yaron
|
d1e617e111
|
Adding parameters to Authentication +2 expansion queries
|
2021-10-21 10:05:20 +03:00 |
Yaron
|
5e4f84fb68
|
Normalized Expansion queries DNS
* Normalized Expansions
|
2021-10-03 14:02:52 +03:00 |
Ashwin Patil
|
f1956267ef
|
replacing deprecated parsejson with parse_json
|
2021-08-17 12:26:48 -07:00 |
Ashwin Patil
|
aa107109a9
|
fix - replace parsejson with parse_json
|
2021-08-17 12:17:02 -07:00 |
YuvalFeldmanMicrosoft
|
87ee550a76
|
Updated types
|
2021-06-29 14:56:24 +03:00 |
YuvalFeldmanMicrosoft
|
7c7cc375ae
|
Updated ipadress type
|
2021-06-29 12:34:20 +03:00 |
YuvalFeldmanMicrosoft
|
5f4a2d119b
|
fixed casting
|
2021-06-24 15:21:59 +03:00 |
YuvalFeldmanMicrosoft
|
f60cb110a3
|
Updated queries to remove deviceType filter
|
2021-06-24 15:08:30 +03:00 |
Yaron Fruchtmann
|
dd8b28ca80
|
Removing slash symbol
|
2021-05-03 13:50:41 +03:00 |
Yaron Fruchtmann
|
9d2f4cc454
|
Returning IP as an inner entity, not as string
|
2021-05-03 13:41:26 +03:00 |
Yaron
|
02721d2a87
|
renaming yml to Yaml (#2234)
* Fixing issues raised in tests.
square brackets notation for dynamic objects does not pass validation test. Replaces with dot notation
* removing stray newline
* renaming yml files to yaml
|
2021-05-02 13:40:17 +03:00 |
Yaron
|
5b0ef5fc6b
|
Validation tests: remove toguid casting
Host_OMSAgentID - removed casting to guid
|
2021-04-27 10:08:22 +03:00 |
Yaron
|
b64ab56007
|
Fixing test failures
Fixing to match latest validatio tests:
- Agent Id as string
- removing brackets[notation] with dot.notation
|
2021-04-26 20:05:31 +03:00 |
Yaron Fruchtmann
|
20646144c5
|
Casting and other bug fixes
|
2021-04-25 21:39:33 +03:00 |
Yaron Fruchtmann
|
fde55fd923
|
yaml fixes
|
2021-04-22 12:04:22 +03:00 |
Yaron Fruchtmann
|
9857833a63
|
Removing some invalid chars
|
2021-04-22 09:25:21 +03:00 |
jomeczyk
|
c47a637adf
|
adding IoT exploration queries (#1934)
* adding IoT exploration queries
pP: Table structure isn't final, so query would have to be adjusted.
|
2021-04-20 09:48:51 +03:00 |
Shain
|
b94a463c81
|
Merge pull request #1766 from Azure/yaronfr/2021/Feb/Expansions
Expansions based on MDE Unsigned file and screenshot taken
|
2021-02-23 21:49:09 -08:00 |
Shain
|
0d23d6c3f7
|
Merge pull request #1781 from Azure/dev/Expansion/AppControl
Expansion based on MS WD App Control
|
2021-02-23 21:42:46 -08:00 |
Yaron
|
a10f8bc24f
|
Removing assignment of Process creation time
|
2021-02-21 09:48:13 +02:00 |
Yaron
|
32e7cb33ac
|
Changed DisplayName per PR comment
|
2021-02-21 09:26:10 +02:00 |
Shain
|
f911051891
|
Merge pull request #1649 from Azure/feature/ExpansionUEBA
New expansion by ueba engine [New] [Expansion]
|
2021-02-17 17:02:36 -08:00 |
Yaron Fruchtmann
|
695a57ef16
|
Fixed undentaion for YAML syntax
|
2021-02-17 18:49:24 +02:00 |
Yaron Fruchtmann
|
9732f2ea75
|
Expansion based on MS WD App Con
|
2021-02-17 17:38:01 +02:00 |
Yaron
|
a0396ba4b8
|
Changed title and description
accepted most review recommendation
|
2021-02-15 18:19:32 +02:00 |
Yaron Fruchtmann
|
d8a584ff17
|
Expansions based on MDE Unsigned file and screenshot taken
|
2021-02-14 13:55:50 +02:00 |
Yaron Fruchtmann
|
2e0c68fd89
|
Removing non standard Tactics and non valid timespans
|
2021-02-02 17:35:25 +02:00 |
Yaron Fruchtmann
|
f3482d9cae
|
New expansion based assisted by ueba engine [New] [Expansion]
|
2021-01-25 14:37:23 +02:00 |
Yaron Fruchtmann
|
a7023189df
|
Strengthening returned Host entity by mapping strong identifier fields
|
2020-10-29 12:04:03 +02:00 |
Yaron Fruchtmann
|
1f813d9e90
|
mapping OMS agent id to reduce chances of creating weak Host entity
|
2020-10-21 10:57:38 +03:00 |
Yaron Fruchtmann
|
319a796d5f
|
Casing valuse to guid before assigning to
|
2020-10-14 10:26:49 +03:00 |
Yaron Fruchtmann
|
335b88a0a5
|
Casting aadUserId to guid to prevent malformed strings from passing
|
2020-10-14 10:11:37 +03:00 |
Yaron Fruchtmann
|
80c153ae5c
|
casting Syslog ProcessId to string to match V3
|
2020-09-29 15:41:43 +03:00 |
Yaron Fruchtmann
|
e0e4e2ce18
|
Casting ProcessID to string to match AlertV3
|
2020-09-24 10:48:17 +03:00 |
Shain
|
417c6faba6
|
Revert "Insights folder rename"
|
2020-09-14 11:48:15 -07:00 |
Shain
|
db24d633b0
|
Merge pull request #1069 from Azure/insights_folderRename
Insights folder rename
|
2020-09-14 11:47:16 -07:00 |
Shain Wray (MSTIC)
|
34dcf8ac67
|
merging
|
2020-08-24 07:43:42 -07:00 |
Raz Marom
|
99196cd797
|
Fix | Exploration Queries Enhancements
|
2020-08-20 14:44:58 +03:00 |
YaronFruchtmann
|
869a9e03da
|
Merge pull request #984 from Azure/YF_ExpansionWithUEBA
Fixed yaml declaration on input fields
|
2020-08-19 22:09:18 +03:00 |
Yaron Fruchtmann
|
057113bf60
|
Fixed yaml declaration on input fields
|
2020-08-19 20:08:58 +03:00 |
Raz Marom
|
62839bfbc5
|
Queries | Rename output attributes to match Polygon
|
2020-08-18 13:51:35 +03:00 |
Yaron Fruchtmann
|
98be6fbfc6
|
Casting the name to str
|
2020-08-13 12:55:30 +03:00 |
Yaron Fruchtmann
|
4767c028c3
|
Passing Process.ImageFile as an object
|
2020-08-13 12:52:46 +03:00 |
YaronFruchtmann
|
b1b9c7a2c7
|
Merge pull request #963 from Azure/YF_ExpansionWithUEBA
fixing yaml schema
|
2020-08-12 17:52:48 +03:00 |
Yaron Fruchtmann
|
e43692f8f1
|
fixing yaml schema
|
2020-08-12 17:51:10 +03:00 |
YaronFruchtmann
|
6c40dea8d0
|
Merge pull request #962 from Azure/YF_ExpansionWithUEBA
Fixed output column names
|
2020-08-12 17:35:54 +03:00 |
YaronFruchtmann
|
83f0e420e0
|
Merge pull request #954 from Azure/ExpansionsAug2020
replacing .[ notation with [. Alos removing three bytes (0xEFBBBF) at…
|
2020-08-12 16:58:43 +03:00 |