Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
37 321 коммит 3 343 Ветки 0 Теги 10 GiB
Граф коммитов

3530 Коммитов

Автор SHA1 Сообщение Дата
Shain 94cfcb8028
Update Accountcreatedfromnon-approvedsources.yaml 2024-01-25 07:47:15 -08:00
Shain 44469351a8 version 2024-01-22 08:30:26 -08:00
Shain 922d1b59c6 Fixing customer reported bugs 2024-01-22 08:26:03 -08:00
Shain 9d2a99a0ec
Merge pull request #9706 from Azure/EntityWorkJan3 
EntityWorkJan3 - Manny
 2024-01-09 09:12:31 -08:00
Manuel Melendez dd422c4ca8 One more fix 2024-01-09 08:51:01 -08:00
Murali Krishna Dev Uppugunduri db7eeabea7 Merge branch 'master' into users/v-muuppugundu/MultipleRDPIssues 2024-01-08 12:57:30 +05:30
v-atulyadav 623de5bf61
Merge pull request #9730 from tduarte14/master 
Changed runtime to every 2h instead of 1d for 2 rules
 2024-01-08 11:05:48 +05:30
v-atulyadav 3286a7a962 version updated 2024-01-08 10:37:35 +05:30
Tiago Duarte 02a8bddf62
Added missing version number update 
Added missing version number update
 2024-01-06 11:46:17 +00:00
Tiago Duarte 1f65ac1374
Fixed wrong account parsing in AuditLog block 
Fixed wrong account parsing in AuditLog block
 2024-01-06 11:39:49 +00:00
Tiago Duarte 939a84ab3c
Added missing ' in the end of the ref link under description 
Added missing ' in the end of the ref link under description
 2024-01-06 10:08:38 +00:00
Tiago Duarte 8f0c1d90b6
Changed runtime to 2h in URLAddedtoApplicationfromUnknownDomain 
Changed runtime to 2h instead of 1d
Changed ref link to the new entra link
 2024-01-06 10:07:10 +00:00
Tiago Duarte 13959aeb0b
Merge branch 'Azure:master' into master 2024-01-06 09:56:30 +00:00
Tiago Duarte daca6f6604
Changed runtime to 2h instead of 1d for ChangestoApplicationOwnership 
Changed runtime to 2h instead of 1d for ChangestoApplicationOwnership

Also changed Ref link to new entra link
 2024-01-06 09:53:58 +00:00
Manuel Melendez 0be6272ca9 Making changes based on Shain's comments 2024-01-05 11:05:25 -08:00
Murali Krishna Dev Uppugunduri d951d5a88f Merge branch 'master' into users/v-muuppugundu/MultipleRDPIssues 2024-01-04 14:16:40 +05:30
Manuel Melendez 40d7020d29 Fixing a couple of typos 2024-01-03 07:23:30 -08:00
Manuel Melendez a898ed9377 EntityWorkJan3 - Manny 
Required items, please complete

   Change(s):
   - Changed a few detections, went over the ones not duplicated from Diana's previous PR

   Reason for Change(s):
   - Get better correlations

   Version Updated:
   - yes

   Testing Completed:
   - yes

   Checked that the validations are passing and have addressed any issues that are present:
   - no
 2024-01-03 06:59:58 -08:00
Ashwin Patil 775836af9b
Merge pull request #9694 from Azure/shainw-entityMapFix_5 
Shainw entity map fix 5 [last few AuditLogs]
 2024-01-02 07:05:47 -08:00
Shain 7bb1221638 Fixing up remaining AuditLog detections with entity mappings 2023-12-29 16:19:59 -08:00
Shain a0976f0f39 Removing custom entity mapping 2023-12-29 13:07:38 -08:00
Murali Krishna Dev Uppugunduri b0cc1e78e1 updated by Account=tolower(Account) 2023-12-29 16:14:36 +05:30
Shain ebb67b7452
Update Mercury_Log4j_August2022.yaml 
One more custom entity label missed...
 2023-12-28 15:57:02 -08:00
Shain 5d2c0934c6
Update Mercury_Log4j_August2022.yaml 
Missed one IPCustomEntity
 2023-12-28 15:40:10 -08:00
Shain 895657e7e6 Missed host entity mapping change 2023-12-28 15:21:02 -08:00
Shain 59f87eb044 Merge branch 'Entity-Work-#5-Diana's-Half' of https://github.com/Azure/Azure-Sentinel into Entity-Work-#5-Diana's-Half 2023-12-28 15:01:02 -08:00
Shain 0dba07ca43 Fixing typo and removing extra lines and spaces to drop under the 10k character limit for the query section 2023-12-28 14:59:01 -08:00
Shain 72edd5aa1d
Merge branch 'master' into Entity-Work-#5-Diana's-Half 2023-12-28 14:35:29 -08:00
Shain c285f20598 Taking incoming and adjusting 2023-12-28 14:31:36 -08:00
Shain 38e3b540b5 Updating minor addition from commit done after branch was taken 2023-12-28 14:27:43 -08:00
Shain 96a9fde801 adjustments 2023-12-28 14:22:21 -08:00
Diana Damenova 50d030cf37 reverting file changes - if build errors resolve 2023-12-27 12:06:34 -05:00
Tiago Duarte ac62bd58bb
Added missing TargetUserName and TargetDomainName 
Added missing TargetUserName and TargetDomainName as the rule was failing after the last update
 2023-12-22 13:19:44 +00:00
v-dvedak bdeb8adf97
Merge pull request #9586 from praveenthepro/master 
Added "GroupMembership has "Admin" condition for better extraction of admin accounts from the identity infotable
 2023-12-18 12:40:09 +05:30
Diana Damenova 656f0e9589 fixing ip column naming 2023-12-15 17:04:33 -05:00
Diana Damenova f740f7ca1e readding fullname mapping 2023-12-15 15:35:08 -05:00
Diana Damenova 8279ca7d08 entity mapping fixes 2023-12-15 15:11:10 -05:00
Shain 2d8241d2e2 Couple more fixes 2023-12-14 22:59:43 -08:00
Shain 5c5ada4bbd Adjusting identifier count per entity type 2023-12-14 22:41:39 -08:00
Shain 66d4e31948 Version misses 2023-12-14 20:55:42 -08:00
Shain 13c4accbca Adding FullName 2023-12-14 20:47:06 -08:00
v-atulyadav 933307b63b
Merge pull request #9585 from Azure/v-rusraut/LegacyIOCbasedThreatProtection 
Removed deprecated analytical rules
 2023-12-14 16:39:27 +05:30
v-rusraut abff3640b3 updated file version 2023-12-14 14:48:24 +05:30
v-rusraut 51c8afc96f updated file path in Detections folder 2023-12-14 14:29:47 +05:30
Ashwin Patil 2c679f96c7
Merge pull request #9594 from Azure/shainw-entityMapFix_7 
Entity map fix #7 - ASIM detections
 2023-12-12 07:05:09 -08:00
Shain 3ed3ad6c50 entity type 2023-12-11 21:06:51 -08:00
Shain df716882e4 Add resourceId 2023-12-11 21:00:24 -08:00
Shain 85f3e35155 Adjust mapping 2023-12-11 20:26:47 -08:00
Shain c5251bd8db versions 2023-12-11 20:05:52 -08:00
Shain 2162bdb825 version 2023-12-11 20:01:21 -08:00