Граф коммитов

164 Коммитов

Автор SHA1 Сообщение Дата
yaronMSFT f88712f7b0
_Im_Dns Expansions (#4154)
* _Im_Dns Expansions
2022-03-08 18:53:37 +02:00
dosegal 4f2ef115c4
Add KQL validations for ImAuthentication (#4187)
* added KQL validations for ImAuthentication

* updated KQL validations

* fix Acc2Host_HostWithMostFails
2022-02-17 13:27:36 +02:00
yaronMSFT a30de588e0
expansion only supports single substitution 2021-12-14 14:24:25 +02:00
Yaron d1e617e111
Adding parameters to Authentication +2 expansion queries 2021-10-21 10:05:20 +03:00
Yaron 5e4f84fb68
Normalized Expansion queries DNS
* Normalized Expansions
2021-10-03 14:02:52 +03:00
Ashwin Patil f1956267ef replacing deprecated parsejson with parse_json 2021-08-17 12:26:48 -07:00
Ashwin Patil aa107109a9 fix - replace parsejson with parse_json 2021-08-17 12:17:02 -07:00
YuvalFeldmanMicrosoft 87ee550a76 Updated types 2021-06-29 14:56:24 +03:00
YuvalFeldmanMicrosoft 7c7cc375ae Updated ipadress type 2021-06-29 12:34:20 +03:00
YuvalFeldmanMicrosoft 5f4a2d119b fixed casting 2021-06-24 15:21:59 +03:00
YuvalFeldmanMicrosoft f60cb110a3 Updated queries to remove deviceType filter 2021-06-24 15:08:30 +03:00
Yaron Fruchtmann dd8b28ca80 Removing slash symbol 2021-05-03 13:50:41 +03:00
Yaron Fruchtmann 9d2f4cc454 Returning IP as an inner entity, not as string 2021-05-03 13:41:26 +03:00
Yaron 02721d2a87
renaming yml to Yaml (#2234)
* Fixing issues raised in tests.
square brackets  notation for dynamic objects  does not pass validation test. Replaces with dot notation

* removing stray newline

* renaming yml files to yaml
2021-05-02 13:40:17 +03:00
Yaron 5b0ef5fc6b
Validation tests: remove toguid casting
Host_OMSAgentID - removed casting to guid
2021-04-27 10:08:22 +03:00
Yaron b64ab56007
Fixing test failures
Fixing to match latest validatio tests:
- Agent Id as string
- removing brackets[notation] with dot.notation
2021-04-26 20:05:31 +03:00
Yaron Fruchtmann 20646144c5 Casting and other bug fixes 2021-04-25 21:39:33 +03:00
Yaron Fruchtmann fde55fd923 yaml fixes 2021-04-22 12:04:22 +03:00
Yaron Fruchtmann 9857833a63 Removing some invalid chars 2021-04-22 09:25:21 +03:00
jomeczyk c47a637adf
adding IoT exploration queries (#1934)
* adding IoT exploration queries
pP: Table structure isn't final, so query would have to be adjusted.
2021-04-20 09:48:51 +03:00
Shain b94a463c81
Merge pull request #1766 from Azure/yaronfr/2021/Feb/Expansions
Expansions based on MDE Unsigned file and screenshot taken
2021-02-23 21:49:09 -08:00
Shain 0d23d6c3f7
Merge pull request #1781 from Azure/dev/Expansion/AppControl
Expansion based on MS WD App Control
2021-02-23 21:42:46 -08:00
Yaron a10f8bc24f
Removing assignment of Process creation time 2021-02-21 09:48:13 +02:00
Yaron 32e7cb33ac
Changed DisplayName per PR comment 2021-02-21 09:26:10 +02:00
Shain f911051891
Merge pull request #1649 from Azure/feature/ExpansionUEBA
New expansion by ueba engine [New] [Expansion]
2021-02-17 17:02:36 -08:00
Yaron Fruchtmann 695a57ef16 Fixed undentaion for YAML syntax 2021-02-17 18:49:24 +02:00
Yaron Fruchtmann 9732f2ea75 Expansion based on MS WD App Con 2021-02-17 17:38:01 +02:00
Yaron a0396ba4b8
Changed title and description
accepted most review recommendation
2021-02-15 18:19:32 +02:00
Yaron Fruchtmann d8a584ff17 Expansions based on MDE Unsigned file and screenshot taken 2021-02-14 13:55:50 +02:00
Yaron Fruchtmann 2e0c68fd89 Removing non standard Tactics and non valid timespans 2021-02-02 17:35:25 +02:00
Yaron Fruchtmann f3482d9cae New expansion based assisted by ueba engine [New] [Expansion] 2021-01-25 14:37:23 +02:00
Yaron Fruchtmann a7023189df Strengthening returned Host entity by mapping strong identifier fields 2020-10-29 12:04:03 +02:00
Yaron Fruchtmann 1f813d9e90 mapping OMS agent id to reduce chances of creating weak Host entity 2020-10-21 10:57:38 +03:00
Yaron Fruchtmann 319a796d5f Casing valuse to guid before assigning to 2020-10-14 10:26:49 +03:00
Yaron Fruchtmann 335b88a0a5 Casting aadUserId to guid to prevent malformed strings from passing 2020-10-14 10:11:37 +03:00
Yaron Fruchtmann 80c153ae5c casting Syslog ProcessId to string to match V3 2020-09-29 15:41:43 +03:00
Yaron Fruchtmann e0e4e2ce18 Casting ProcessID to string to match AlertV3 2020-09-24 10:48:17 +03:00
Shain 417c6faba6
Revert "Insights folder rename" 2020-09-14 11:48:15 -07:00
Shain db24d633b0
Merge pull request #1069 from Azure/insights_folderRename
Insights folder rename
2020-09-14 11:47:16 -07:00
Shain Wray (MSTIC) 34dcf8ac67 merging 2020-08-24 07:43:42 -07:00
Raz Marom 99196cd797 Fix | Exploration Queries Enhancements 2020-08-20 14:44:58 +03:00
YaronFruchtmann 869a9e03da
Merge pull request #984 from Azure/YF_ExpansionWithUEBA
Fixed yaml declaration on input fields
2020-08-19 22:09:18 +03:00
Yaron Fruchtmann 057113bf60 Fixed yaml declaration on input fields 2020-08-19 20:08:58 +03:00
Raz Marom 62839bfbc5 Queries | Rename output attributes to match Polygon 2020-08-18 13:51:35 +03:00
Yaron Fruchtmann 98be6fbfc6 Casting the name to str 2020-08-13 12:55:30 +03:00
Yaron Fruchtmann 4767c028c3 Passing Process.ImageFile as an object 2020-08-13 12:52:46 +03:00
YaronFruchtmann b1b9c7a2c7
Merge pull request #963 from Azure/YF_ExpansionWithUEBA
fixing yaml schema
2020-08-12 17:52:48 +03:00
Yaron Fruchtmann e43692f8f1 fixing yaml schema 2020-08-12 17:51:10 +03:00
YaronFruchtmann 6c40dea8d0
Merge pull request #962 from Azure/YF_ExpansionWithUEBA
Fixed output column names
2020-08-12 17:35:54 +03:00
YaronFruchtmann 83f0e420e0
Merge pull request #954 from Azure/ExpansionsAug2020
replacing .[ notation with [. Alos removing three bytes (0xEFBBBF) at…
2020-08-12 16:58:43 +03:00