Cleaned the code with needed fields, added more fields and extra entities. Also, the name was corrected to Anomalous instead of Anomolous, which is miswritten.
Required items, please complete
Change(s):
- Split Account and Host fullnames and removed custom entities
Reason for Change(s):
- Need for entity work
Version Updated:
- Yes
Testing Completed:
- Yes
Checked that the validations are passing and have addressed any issues that are present:
-No
Required items, please complete
Change(s):
- Removing custom entity mappings
- splitting host and account
Reason for Change(s):
- Required for entity work
Version Updated:
- yes
Testing Completed:
- yes
Checked that the validations are passing and have addressed any issues that are present:
- No
Required items, please complete
Change(s):
- Deleted custom entites
- Split host into hostname and dnsdoman
- split account into name and upn suffix
Reason for Change(s):
- See guidance below
Version Updated:
- Required only for Detections/Analytic Rule templates
- See guidance below
Testing Completed:
- See guidance below
Checked that the validations are passing and have addressed any issues that are present:
- See guidance below
# Guidance <- remove section before submitting
-----------------------------------------------------------------------------------------------------------
## Before submitting this PR please ensure that you have read the following sections and filled out the changes, reason for change and testing complete sections:
Thank you for your contribution to the Microsoft Sentinel Github repo.
> Details of the code changes in your submitted PR. Providing descriptions for pull requests ensures there is context to changes being made and greatly enhances the code review process. Providing associated Issues that this resolves also easily connects the reason.
Change(s):
- Updated syntax for XYZ.yaml
Reason for Change(s):
- New schema used for XYZ.yaml
- Resolves ISSUE #1234
Version updated:
- Yes
- Detections/Analytic Rule templates are required to have the version updated
> The code should have been tested in a Microsoft Sentinel environment that does not have any custom parsers, functions or tables, so that you validate no incorrect syntax and execution functions properly. If your submission requires a custom parser or function, it must be submitted with the PR.
Testing Completed:
- Yes/No/Need Help
_Note: If updating a detection, you must update the version field._
> Before the submission has been made, please look at running the KQL and Yaml Validation Checks locally.
> https://github.com/Azure/Azure-Sentinel#run-kql-validation-locally
Checked that the validations are passing and have addressed any issues that are present:
- Yes/No/Need Help
_Note: Let us know if you have tried fixing the validation error and need help._
> References:
> - [Guidance for Detection checks](https://github.com/Azure/Azure-Sentinel#pull-request-detection-template-structure-validation-check)
> - [General contribution guidance](https://github.com/Azure/Azure-Sentinel/wiki#what-can-you-contribute-and-how-can-you-create-contributions)
> - [PR validation troubleshooting](https://github.com/Azure/Azure-Sentinel#pull-request)
-----------------------------------------------------------------------------------------------------------
Required items, please complete
Change(s):
- Deleted Custom Entity mappings
- Split hostname and domain
- Split name and UPN suffix
Reason for Change(s):
- Needed to add full mappings
Version Updated:
- yes
Testing Completed:
- yes
Checked that the validations are passing and have addressed any issues that are present:
- no
v-atulyadav
Dwaine Ridderhof
v-rusraut
Sentinel
PrasadBoke
Ashwin Patil
rahul0216
v-sabiraj
v-shukore
pemontto
Tiago Duarte
hannah.oneill@cybercx.com.au
Manuel Melendez
Shain
Murali Krishna Dev Uppugunduri
v-atulyadav