0c6c4fecb2
Merge branch 'master' into shaharBranch2
2021-05-19 10:12:21 +03:00
4741982a7c
fixed detection queries
2021-05-19 10:02:07 +03:00
f63fc0ed91
changes
2021-05-11 08:52:54 +03:00
4eb9ad07b1
changes
2021-05-10 15:54:50 +03:00
e1a001a7bb
Merge pull request #1440 from Azure/dicolanl-41
...
Couple of simple detections
2021-04-07 19:20:32 -07:00
7c23fdf0db
Merge pull request #2076 from Azure/shainw-TIUpd
...
Add in filtering to make sure the TI match is active for when the log…
2021-04-07 18:04:40 -07:00
3c024d3e5a
Didn't mean to update this one
2021-04-04 21:55:26 -07:00
c49613c626
Add in filtering to make sure the TI match is active for when the log event occurred
2021-04-04 21:46:37 -07:00
ce0e6212b5
Implemented function to look at AADNonInteractiveSigninLogs in current SigninLogs detectections
2021-04-04 13:21:33 -07:00
ceac069524
Fixed Emailaddress field to match with TI
2021-03-24 12:48:42 -07:00
d6bba12126
Merge branch 'master' into dicolanl-41
2021-02-22 11:31:08 -08:00
94b9463d98
Adding in AppServiceHTTPLogs, removing invalid connectors
2021-02-17 22:48:54 -08:00
504cc966fb
updating connector value in template
2021-01-15 16:29:02 -08:00
36bccd7ef4
Update IPEntity_AppServiceHTTPLogs.yaml
...
Fixing Cip --> CIp on join condition.
2020-12-19 08:41:59 -08:00
bff116a518
Update IPEntity_AppServiceHTTPLogs.yaml
2020-12-11 13:09:28 -08:00
fc0841b35b
Couple of simple detections
2020-12-11 00:32:57 +00:00
9f0fa91b90
Feature/lahisham/migrate scheduled templates to new entity mapping ( #1319 )
...
* migrate scheduled templates to new entity mapping model
* add validation for missing new entity mappings
2020-11-17 17:27:25 +02:00
354e25e587
Merge pull request #1097 from swiftsolves-msft/nateswift-detect-ti
...
Create IPEntity_AzureNetworkAnalytics.yaml
2020-10-08 11:46:54 -07:00
54c5ba3c4a
Create IPEntity_AzureNetworkAnalytics.yaml
...
Rewrited the VMConnection TI Map PublicIP detection to work with NSG Flow Logs from Azure Traffic Analytics, set so that detection occurs on Allowed NSG Flow from TI PublicIP IOC match.
2020-09-22 10:17:38 -04:00
abbbc5d072
Add ThreatIntelligenceTaxii as data connector
2020-08-25 10:56:21 +01:00
1d7fed2a42
Don't filter on arbitrary id
2020-08-25 10:56:09 +01:00
265a3294ed
Queryandplaybook ( #685 )
...
* query and playbook commit
2020-05-14 18:26:55 +01:00
852bcc554b
Filehash match fix ( #684 )
...
* handle matches hashes in both lower-case and upper-case
* indent
2020-05-14 15:24:23 +01:00
ba90e4555f
Updating to include URLCustomEntity where available.
2019-12-23 10:38:26 -08:00
fc1f75ab76
add connector Id when missing
2019-12-09 14:18:09 +02:00
6fb6ceee94
Fix dataType indentation
2019-12-09 11:20:05 +02:00
82da523765
Fixing missing Cisco and TrendMicro references for connectorID and updating connectorId's for VMConnection, WireData and W3CIISLog datatypes
2019-12-05 06:57:51 -08:00
5ef5b4f47e
Makelist Update
2019-11-25 13:04:10 +00:00
fdc08b85b8
Makelist Update
2019-11-25 13:03:41 +00:00
fd0e8c0087
Makelist Update
2019-11-25 13:02:21 +00:00
3f2b37fc78
Makelist Update
2019-11-25 13:01:03 +00:00
fb52dad799
Makelist Update
2019-11-25 13:00:29 +00:00
ee66e21be6
Add files via upload
...
Adding query which Identifies a match in CommonSecurityLog table from any Domain IOC from TI
2019-10-25 13:13:01 -07:00
8701defce0
Update DomainEntity_PaloAlto.yaml
...
Added:
1. tolower conversion for Domain
2. Updated entity extension
2019-10-24 13:58:50 -07:00
41b4dd363d
Fixed join statement
2019-10-07 09:50:45 -07:00
6e1f09fb0d
Merge pull request #328 from srisang/patch-13
...
Update DomainEntity_PaloAlto.yaml
2019-10-01 11:35:21 -07:00
d82b11f5f2
Update URLEntity_PaloAlto.yaml
...
Updating look back based on ingestion time in CommonSecurityLog
2019-09-27 11:38:52 -07:00
55e35c6293
Update DomainEntity_PaloAlto.yaml
...
Update the CommonSecurityLog lookup based on ingestion time.
2019-09-27 11:17:57 -07:00
d5adf96eca
Updated Url variable name to avoid conflict
2019-09-20 13:49:07 -07:00
2e59b087a5
Updated Url name to avoid conflict with TI field
2019-09-20 13:47:37 -07:00
de1eda46a0
Changes from comments
2019-09-20 11:17:15 -07:00
31fd0656cc
Changes from comments
2019-09-20 11:16:54 -07:00
79c6450643
Changes from comments
2019-09-20 11:16:23 -07:00
5fe667f74b
Changes from comments
2019-09-20 11:15:51 -07:00
1cde74ffa5
Updates from comments
2019-09-20 11:14:40 -07:00
6ac5ebfbe0
Updates from comments
2019-09-20 11:14:01 -07:00
562ed30295
Updates from comments
2019-09-20 11:13:29 -07:00
3411d6a35e
Updated TI collection to get only latest indicators
2019-09-19 14:48:07 -07:00
86ce09d12e
Updated TI collection to get only latest indicators
2019-09-19 14:47:35 -07:00
ecc1455a06
Improved URL extraction
2019-09-19 12:32:20 -07:00
t-shaviv
Amit Bergman
Shain
ashwin-patil
Shain Wray (MSTIC)
dicolanl
laithhisham
swiftsolves-msft
pemontto
timbMSFT
Sara Gamzu
Pete Bryan
srisang