* Morphiesc DataConnector
- Morphisec Data connector configuration
- Morphisec parser function
- Morphisec logo
- Morphisec events sample as csv
* Updated files
- changed logo into smaller file without xmlns
- changed id
- fixed links to parser
- added IsPreview
- Fixed -O for python
* Update logo file
* Fixed logo
Added xmlns and remove title
Co-authored-by: Roi <roi@morphisec.com>
* Darktrace Connector info
initial 3 required files for connector PR
* Update Darktrace.json
added KQL query
* Update Darktrace.svg
removed xlink
* Update Darktrace.svg
Changed logo fill as requested
* Darktrace Connector workbook added
Added relevant files required for the darktrace workbook, which contains a variety of KQL queries.
* Updated Connector Description
Updated description to be more specific as per change request.
* Update WorkbooksMetadata.json
spaces added
* Removing additional Character
Removing additional Character at the beginning of the file in Darktrace workbook json
Co-authored-by: v-jayakal <v-jayakal@microsoft.com>
* NXLog LinuxAudit data connector: Initial Commit
1. Connector UX: NXLogLinuxAudit.json
2. Sample Data: NXLogLinuxAudit_CL.json
3. Logo: NXLog.svg
* 1. Connector UX: `NXLogDnsLogs.json`
2. Sample Data: `NXLogDNS_Logs_CL.json`
3. Logo: `NXLog.svg`
* Resolved the following issues in Pull Request 1280:
1. Changed the filename of the Data Samples for this collector to match the table name.
2. Added 7 additional JSON records having the "comm" field with various values:
"sshd","whoami","sudo","systemd-hostnam","accounts-daemon","usermod","polkit-agent-he"
* Resolve conversation in Pull Request 1298 regarding the "en-us" locale in the ETW Documentation URL
* Attempt to resolve DocumentsLinkValidation failures in Pull Request 1298:
Renamed "Sample Data/Custom/NXLogDNS_Logs_CL.json" to match the table name:
"Sample Data/Custom/DNS_Logs_CL.json"
Co-authored-by: Shain <45466083+shainw@users.noreply.github.com>
* Initial 4.0 build of enCore eStreamer client for Sentinel
* updated setup instructions
* Relocated CiscoFirepowerConnector location
* Updated sample queries, cleaned up documentation, and removed ids and title from svg logo
* Abbreviated links using markup
* modified svg ids and removed title
* Update cisco-logo-72px.svg
Removed invalid version attribute and modified guids
* Update cisco-logo-72px.svg
Removed xml namespace definition and credit to png generation software
Co-authored-by: Shain <45466083+shainw@users.noreply.github.com>
* PFI-25: Agari Data Connector
- Added support for fetching /revoking bearer tokens for Agari Phishing Defense (APD)
- Added support for fetching /revoking bearer tokens for Agari Phishing Response (APR)
- Added support for fetching /revoking bearer tokens for Agari Brand Protection (BP)
- Added support Microsoft Security Graph via OAuth
- Added support for fetching Policy Hits and Threat Categories for APD into Sentinel Log Analytics
- Added support for Brand Protection alert logs to Sentinel Log Analytics.
- Added support for Brand Protection Threat Feeds to feed URL data to the Security Graph
- Added support for Phishing Response IoCs to be fed to the Security Graph API
- Added error checking on API responses
- Added support for pagination of API responses
- Added instructions for fetching the Agari Client ID / Secret
- Added instructions about the Security Graph API
- Added instructions for manual deployment
* PFI-25: Agari Data Connector (continued - fixes)
- fixed typo in token gen if statement
- fixed header variable in APD call
- added x-header to API call to identify Sentinel
- added if statements for APD push to Sentinel to verify if there is data to push
- removed en-us from URLs
- added BP logs to deployment template
- added log samples - raw is data from the API call, formatted is what is used to push to Sentinel
- added approprtiate files to the zip archive
- functionapp.json--
- removed Preview from the title
- added preview to the availability section
--deploy.json--
- removed "description" tag from the boolean variables
- fixed typos in the descriptions
- fixed alignment of paramaters
- added new resources to capture function, resource groups, subscriptionid for writing to the evironment variables
- added 3 new variables for LastLogtTime per product
--run.ps1 changes--
- added new variables to take read environment variables
- added new function SetLastLogTime. This function stamps the new startdate to be used on the next run of the script. This was done to satisfy the case where if the script failed to run there would be no gap in the logs vs relying on the timer function
- added UserAgent Strings
- moved startdate into if statements per product to read the latest time in the respective variables
- added varaiables to be populated if the API call was successfule, used in the function above to signal a new startdate should be populated
- call the function last as it resets the current app session
--zip file--
- created new zip with updated app
- added version of powershell progamatically to the UA String
- per product UA strings
- Set the the first run start-date once
- moved to per product startdate variables
- modified queries to use per-product startdates
- Update agari.zip
* Update Agari_API_FunctionApp.json
-Updated instructions for additonal steps around permissions to make both the automated and manual deployments have the correct permissions.
-added BP logs to the query section
* Updated additonal instructions and samples
Cleaned up the instructions further
added samples in json format
removed old zip samples
* Updated role type
Changed text to Contirbutor vs owner
* Update azuredeploy_Agari_API_FunctionApp.json
Updated as per guidance from @nazang
* Update azuredeploy_Agari_API_FunctionApp.json
- Added the ?raw=true to the link.
* Update Agari_API_FunctionApp.json
@nazang I'll need a shortened link for the FunctionAPP.json as well
* Links and Logo Update
- added short links to json files
- added Agari logo
* Add new data connector
* Add example source data for ThycoticCEF dataconnector.
Add logo for dataconnector.
* Add workbook for Thycotic.
* Add workbook for Thycotic Secret Server.
* Add preview for Thycotic workbook
* Fix bug
* Add Thycotic dashboard and preview images and logo.
* Fix name dataconnector
* Add newline to json file
* Change workbook name in template
* Back file
* Add to Dashboard new block for event 'Login Failure'
* Change TemplateId
* Change link to base documentation for Secret Server
* Change link to documentation for configure Secret Server Syslog
* Changed data connector for Thycotic Secret Server
* Change Workbook , query add params
* Change format logo
* Add change to meta file
* Modify
* Update Logo for Dashboard, Dataconnector and Workbook
* Modify meta file
* Reset changes
* Reset Meta data
* Change meta file
* Change Logo for Thycotic
* Review image and changes Logo
Co-authored-by: unknown <andy@andy-nb.softwarium.net>
Eli Forbes
vu-socprime
v-jayakal
Vitalii Uslystyi
Alex Verbniak
adirDev
Usman Din
v-admahe
Roi Vaknin
Yotam Rosenmann
Shain
Julien CLEMENT
SunRift
SOC Prime
ecosystempo
tijuc
John Kirch
Andrey Nikolaev
skhademcis
Usman Din
cbiguet
Mike
Aymen Ibrahim