Junaid
df3878ec43
Initial Commit with the first version
2022-01-24 01:49:36 +05:00
Avital Merberg
bcbc36ad49
Add RequesterObjectId to the schema
2022-01-18 12:48:14 +02:00
Ingebrigt Nygård
3c7ae13065
Add MailRisk by SecurePractice connector, logo and sample data.
2022-01-14 13:20:16 +01:00
rc-iwoodley
f6208271fa
Merge remote-tracking branch 'origin/master' into redcanary_solution
2022-01-10 11:21:21 -05:00
adam_c_huang
07017791df
Update sample email to sanitized@sanitized.com.
2022-01-10 17:33:27 +08:00
adam_c_huang
32095cec05
Fix sample data format.
2022-01-10 17:20:45 +08:00
v-rucdu
222cdc4528
Merge pull request #3744 from udanashivm/BoschAIShield_connector
...
Bosch AIShield Solution
2022-01-10 13:48:52 +05:30
adam_c_huang
b7d50da4b8
Update new version data connector.
2022-01-10 15:09:16 +08:00
rc-iwoodley
f18adf6c4d
Add sample data
2022-01-05 15:21:34 -05:00
Avital Merberg
d0f1e2d7ae
Update DSTIM workbook to work with injectes log analytics queries
2022-01-03 23:07:23 +02:00
Ofer Shezaf
ee97399b42
Revert "Revert "Merge branch 'master' of https://github.com/Azure/Azure-Sentinel ""
...
This reverts commit ff69f85224
.
2022-01-03 16:21:46 +02:00
Ofer Shezaf
ff69f85224
Revert "Merge branch 'master' of https://github.com/Azure/Azure-Sentinel "
...
This reverts commit c929df845a
, reversing
changes made to 53e6c92e3e
.
2022-01-03 16:04:13 +02:00
v-jayakal
726596bd48
Merge pull request #3623 from avital-m/private/avital/DSTIM
...
Contribute DSTIM workbook
2021-12-20 21:59:01 -08:00
Mallikarjun Udanashiv
fa9bd8750b
Bosch AIShield connector, parser, Analytics Rules
2021-12-17 19:04:46 +05:30
Avital Merberg
1c04798822
change email to sanitized@sanitized.com.
2021-12-16 21:14:10 +02:00
Avital Merberg
6c44fd51c7
Fix comments
2021-12-12 13:46:17 +02:00
ThijsLecomte
599d61906e
create LastPass Solution
2021-12-10 09:21:55 +01:00
Avital Merberg
f2fff9b5db
Add custom functions
2021-12-08 18:00:58 +02:00
Avital Merberg
e353596bbb
merge from master
2021-12-08 17:13:09 +02:00
Avital Merberg
4fe6085bd1
Adddatasamplesforcutom logs
2021-12-08 14:46:37 +02:00
Vitalii Uslystyi
e3aeb1c6fa
slack connector - add sample data
2021-12-01 13:47:59 +02:00
David O'Brien
2114331e72
add def and sample
2021-11-22 17:02:22 +11:00
v-rucdu
220d843b3e
Merge pull request #3115 from Azure/v-maudan/CiscoUmbrealla_VersionUpdate
...
Updated Cisco Umbrella connector code to support Version 5 and Version 6
2021-11-17 15:40:23 +05:30
v-jayakal
c1b9e8b211
Merge pull request #3237 from cyberpion-yizhar/cyberpion-add-acknowledgment-fields
...
add is_acknowledged, acknowledged_by, acknowledged_reason, acknowledg…
2021-11-01 15:24:40 -07:00
v-jayakal
68bc12988c
Merge pull request #3140 from tyng94/AbnormalSecurity
...
Abnormal Security Sentinel Integration
2021-10-28 00:43:24 -07:00
v-jayakal
2129b74c1c
Merge pull request #3322 from socprime/apigeex_connector_function_app
...
ApigeeX Data Connector
2021-10-27 23:48:29 -07:00
Vitalii Uslystyi
3103da693c
apigeex - add sample data
2021-10-27 18:39:30 +03:00
v-jayakal
149427e1aa
Merge pull request #2939 from NikitaGrunskyHolm/holmsecurity
...
Files to deploy azure function
2021-10-26 23:30:00 -07:00
v-jayakal
6a079840dc
Merge pull request #3179 from sailpoint-tech-partner-eng/SailPointIdentityNow
...
SailPoint IdentityNow
2021-10-26 03:07:36 -07:00
v-rucdu
31b39c676d
Merge pull request #3114 from daenyel/InfoSecGlobal
...
Initial commit for InfoSec Global
2021-10-25 19:38:51 +05:30
Tze Yang Ng
71719271e8
Merge remote-tracking branch 'upstream/master' into AbnormalSecurity
2021-10-22 16:27:18 +08:00
Prashant Kagwad
ac5cf6da3d
SailPoint IdentityNow Updates
2021-10-20 08:39:58 -05:00
yizhar
f63920eb8b
add is_acknowledged, acknowledged_by, acknowledged_reason, acknowledged_date to action item's fields
2021-10-18 10:18:37 +03:00
v-jayakal
d2180dd037
Merge pull request #3141 from socprime/jboss_connector
...
JBoss Data Connector
2021-10-15 01:08:44 -07:00
v-jayakal
7023017323
Merge pull request #3102 from socprime/elastic_agent_connector
...
Elastic Agent Data Connector
2021-10-15 01:06:08 -07:00
v-jayakal
2fa8ec7854
Merge pull request #3146 from socprime/snowflake_connector
...
Snowflake Data Connector
2021-10-14 21:09:55 -07:00
v-jayakal
a778b2b5d8
Merge pull request #3113 from socprime/ImpervaCloudWAF_parse_CEF_inside_function
...
ImpervaCloudWAF: add CEF parsing inside the function
2021-10-14 19:48:30 -07:00
v-jayakal
f4b9f2a358
Merge pull request #3164 from socprime/cisco_secure_endpoint_connector
...
Cisco Secure Endpoint Data Connector
2021-10-13 22:36:15 -07:00
v-jayakal
2fb52d9c72
Merge pull request #3101 from socprime/Bitglass
...
Bitglass Data Connector
2021-10-13 22:29:41 -07:00
v-jayakal
43dea2f039
Merge pull request #3162 from socprime/TheHive
...
TheHive: first commit
2021-10-13 22:09:26 -07:00
Prashant Kagwad
2b0b98ed73
PR Updates
2021-10-12 18:09:29 -05:00
Tze Yang Ng
687f7a62d1
sanitised more emails
2021-10-11 16:19:24 +08:00
Tze Yang Ng
d30f54c2dd
sanitized emails
2021-10-11 16:12:58 +08:00
Tze Yang Ng
ba91cfc328
re-sanitized email addresses
2021-10-11 16:06:50 +08:00
Tze Yang Ng
a3daebc35e
fix messages json
2021-10-11 15:56:26 +08:00
Tze Yang Ng
7b099f5ad6
add sample data
2021-10-11 12:16:40 +08:00
v-jayakal
53544b249e
Merge pull request #3047 from socprime/TrendMicroCAS
...
TrendMicroCAS:first commit
2021-10-09 19:19:25 -07:00
v-jayakal
ed744b5514
Merge pull request #3056 from techwriter-dev/nxlog-dns-logs-solution
...
Nxlog dns logs solution
2021-10-06 22:38:11 -07:00
v-jayakal
228d404ad3
Merge pull request #2968 from techwriter-dev/nxlog-aix-audit-solution
...
Initial attempt to package the NXLog AIX Audit solution
2021-10-06 22:37:31 -07:00
v-jayakal
0702ec5655
Merge pull request #2995 from armorblox/master
...
Data Connector for Armorblox Solution
2021-10-06 06:04:03 -07:00
Alex Verbniak
cabe200a66
ImpervaWAFCloud: sanitize sample
2021-10-06 14:25:46 +03:00
Vitalii Uslystyi
01725262bf
cisco se - add sample data
2021-10-04 18:55:57 +03:00
John Kirch
1c032529ea
Renamed the parser from NXLog_parsed_DNS_Server_ASim_view to ASimDnsMicrosoftNXLog
...
Renamed the source table from DNS_Server_CL to NXLog_DNS_Server_CL
On line 38 of the Data Connector, changed query to use the source table instead of the parsed table.
2021-10-04 08:55:10 -05:00
v-maudan
477b03e322
Updated function code and added latest sample data
2021-10-04 19:15:17 +05:30
Alex Verbniak
cd5802e5ab
TheHive: first commit
2021-10-04 14:34:46 +03:00
Daniel Arbanas
a4ff1d0fc4
add sample data for InfoSecGlobal
2021-10-04 10:19:13 +02:00
Vitalii Uslystyi
e205af1453
snowflake - add sample data
2021-10-01 14:02:04 +03:00
Vitalii Uslystyi
d26b615041
jboss - add sample data
2021-09-30 17:11:45 +03:00
Alex Verbniak
6e4073f125
ImpervaCloudWAF: sanitizing fix
2021-09-27 11:41:51 +03:00
Alex Verbniak
ce8b26587d
ImpervaCloudWAF: add CEF parsing inside function
2021-09-27 11:29:33 +03:00
Vitalii Uslystyi
c60f733e00
elastic agent - add sample data
2021-09-24 15:37:42 +03:00
Alex Verbniak
6081c5e595
Bitglass: first commit
2021-09-24 11:41:28 +03:00
v-rucdu
3ed23b25ed
Merge pull request #2889 from socprime/oci_logs_connector
...
OCI data connector
2021-09-23 16:53:04 +05:30
v-rucdu
65b413a737
Merge pull request #2736 from sonraisecurity/master
...
Created Sonrai Security Solution for Azure Sentinel
2021-09-20 19:16:20 +05:30
Rajat Upadhyaya
96643ca178
Fix sanitized email value
2021-09-17 21:18:18 +05:30
John Kirch
63c3622d55
Updated the KQL function for parsing fields as normalized DNS ASim data per Ofer's instructions
...
Created a new set of sample data that includes DvcIpAddr
Adjusted the example queries as needed for time slices that will match the new set of events
2021-09-17 00:45:12 -05:00
v-rucdu
19872d46a6
Merge pull request #2792 from socprime/GoogleWorkspaceReports_issue#2624
...
GSuite_issue#2624_fix
2021-09-16 20:38:33 +05:30
Alex Verbniak
43bb8fcedc
TrendMicroCAS:first commit
2021-09-16 15:57:58 +03:00
Jayant Upadhyaya
435d5ff5eb
Add sample data
2021-09-15 01:56:59 +05:30
Cameron Dahr
34dc32d884
Added new sample data file in csv format
2021-09-13 14:25:09 -03:00
John Kirch
0a0e3879f0
* Regenerated input data and sent it to Azure Sentinel due to the required field name changes
...
* Rewrote the external NXLog documenation that supports this solution
* Updated the Sample Data
* Updated the Parser
* Updated the Data Connector
2021-09-10 01:07:01 -05:00
Vitalii Uslystyi
657beae11e
oci connector - update sample data
2021-09-09 13:49:40 +03:00
Nikita Grunskii
3e06bb6711
added sample data and all files were moved to Solutions folder.
2021-09-09 11:42:06 +02:00
v-rucdu
77c03bb010
Merge pull request #2869 from vmray/vmray-etd-connector
...
Data connector for VMRay Email Threat Defender
2021-09-06 16:45:04 +05:30
John Kirch
6fab790047
Initial attempt tp package the NXLog AIX Audit solution
2021-09-06 02:52:17 -05:00
Alex Verbniak
b7d91d7047
GWorkspace: fix sampl_sanitization
2021-08-27 09:55:49 +03:00
Vitalii Uslystyi
bdcea730ea
oci logs connector - add sample data and field types mapping
2021-08-20 16:01:56 +03:00
Alex Verbniak
c7dfdc6d82
GWorkspace-update samples
2021-08-20 11:25:06 +03:00
Jan Teske
342e8aaeed
sample data: Replace all email adresses with 'sanitize@sanitize.com'
2021-08-18 13:37:38 +02:00
Jan Teske
37b6bbb0f4
Add data connector for VMRay Email Threat Defender
2021-08-18 13:11:21 +02:00
Cameron Dahr
7c979c2d7f
Requested changes
2021-08-12 14:23:08 -03:00
Allen-Michael Grobelny
b54eb81ab7
Committing Tenable.io Data Connector and Parser.
2021-08-09 12:36:47 -05:00
v-rucdu
4168b87690
Merge branch 'master' into pr/2765
2021-08-03 10:13:36 +05:30
v-rucdu
3b42ba6695
Merge pull request #2760 from NikTripathi/v-ntripathi/DeleteSampledata
...
Deleting sample data file for sanitization.
2021-08-03 10:07:45 +05:30
NikTripathi
71a73e9009
sanitized email
2021-08-02 18:20:14 +05:30
NikTripathi
1f2432e14c
Sanitizing email, name
2021-08-02 12:33:03 +05:30
Ajeet Prakash (MSTIC)
1d043b7571
Sample File Create
2021-07-30 12:42:53 -07:00
Ajeet Prakash (MSTIC)
0e3b29e3c2
Sample File Create
2021-07-30 12:13:57 -07:00
Ajeet Prakash (MSTIC)
ed03c29082
Sample Data File Delete
2021-07-30 11:57:29 -07:00
NikTripathi
59bee5d434
Sanitizing Email & Name.
2021-07-30 17:21:22 +05:30
NikTripathi
e0831df7c8
Delete email consisting file to replace
2021-07-29 19:34:11 +05:30
NikTripathi
077a41a0eb
Replaced Emails with sanitized_email.com
2021-07-28 19:42:57 +05:30
Rajendra Khabiya
74749cf0a2
Merge branch 'Azure:master' into master
2021-07-27 10:39:46 +05:30
v-jayakal
d67e832e1c
Merge pull request #2583 from socprime/ImpervaCloudWAF
...
ImpervaWAF: dataconnector, parser, samples
2021-07-26 21:40:12 -07:00
Cameron Dahr
1454a6b3a0
Created Sonrai Security Solution for Azure Sentinel
2021-07-26 09:46:01 -03:00
Ajeet Prakash (MSTIC)
8c75c2cdc3
Modifying the sample data to sanitize it of any possible PII information.
2021-07-21 11:27:02 -07:00
Alex Verbniak
7dc9874fd6
ImpervaWAF:add log samples
2021-07-20 16:11:03 +02:00
Rajendra Khabiya
10f7707991
Ent name added into parser and sample data
2021-07-16 17:05:26 +05:30
v-jayakal
8ba61bd0ff
Merge pull request #2586 from socprime/cisco_duo_connector
...
Cisco Duo Data Connector
2021-07-14 21:56:41 -07:00
Alex Verbniak
a9d7102b2f
ImpervaWAF: fix conn page, zip archive, schema
2021-07-07 09:52:40 +03:00
v-jayakal
ca92600995
Merge pull request #2506 from socprime/gcp_dns_connector
...
GCP DNS Data Connector
2021-07-06 17:49:41 -07:00
Vitalii Uslystyi
fc8511e150
cisco duo - update sample data
2021-07-06 13:48:37 +03:00
v-jayakal
d26f7f7957
Merge pull request #2509 from socprime/sophos_connector
...
SophosEP Data Connector
2021-07-04 22:09:15 -07:00
Sarah Young
9c9f3f8a8c
Merge pull request #2540 from EvgeniyMeteliza/gibintegration
...
update Group IB TIA playbooks for solutions package + logo + sample data
2021-07-05 09:14:21 +12:00
Vitalii Uslystyi
ca48c5b19d
Sophos EP - update sample data
2021-07-01 16:47:51 +03:00
v-jayakal
c47bb815b2
Merge pull request #2507 from socprime/InsightVMCloud
...
InsightVMCloud: data_connector,parsers,datasamples
2021-06-30 22:28:12 -07:00
Vitalii Uslystyi
137560db64
cisco duo - add sample data
2021-06-29 17:36:08 +03:00
Vitalii Uslystyi
ea63b0e459
SophosEP - update smaple data
2021-06-25 11:17:37 +03:00
v-jayakal
a23ff174f5
Merge pull request #2418 from socprime/gcp_iam_connector
...
GCP IAM Data Connector
2021-06-24 20:31:46 -07:00
v-jayakal
40c429d5fe
Merge pull request #2417 from socprime/TenableNessus
...
TenableNessus: added io and sc dataconnectors, parser, data sample
2021-06-24 20:16:10 -07:00
v-jayakal
bbc4ab79c2
Merge pull request #2249 from tj-senserva/master
...
Update to Senserva format and queries
2021-06-23 23:18:05 -07:00
Vitalii Uslystyi
90183f5df4
gcp dns - update sample data
2021-06-23 11:50:04 +03:00
Alex Verbniak
7281e29184
InsightVMCloud: fixes
2021-06-23 10:31:15 +03:00
v-jayakal
c9b22fde50
Merge pull request #2508 from socprime/gcp_monitor_connector
...
GCP Monitoring Data Connector
2021-06-22 15:58:47 -07:00
ivanovchinnikov
feea39f6cd
update Group IB TIA playbooks for solutions package + logo + sample data
2021-06-22 12:36:22 +03:00
Vitalii Uslystyi
782d78a4b8
gcp monitor - update sample data
2021-06-22 11:33:16 +03:00
v-jayakal
59ceefb46e
Merge pull request #2414 from socprime/JuniperIDP
...
JuniperIDP: data connector, parser, samples
2021-06-21 14:40:59 -07:00
Vitalii Uslystyi
99c2a61e8c
sophos - add sample data
2021-06-17 15:51:47 +03:00
Vitalii Uslystyi
39d816a9d3
gcp monitor - add sample data
2021-06-17 15:26:36 +03:00
Alex Verbniak
34bb70895a
InsightVMCloud: data_connector,parsers,datasamples
2021-06-17 15:09:20 +03:00
Vitalii Uslystyi
3631709805
gcp dns - add sample data
2021-06-17 12:53:13 +03:00
Thomas Dolan
0ef3149280
Updating sample data per request
2021-06-14 10:00:14 -05:00
tj-senserva
4265ce945f
Merge pull request #15 from Azure/master
...
Bringing up to date
2021-06-14 09:38:40 -05:00
Alex Verbniak
9806953ff7
TenableNessus: link change
2021-06-11 09:30:29 +03:00
v-jayakal
ae79134b3e
Merge pull request #1764 from Azure/duoconnector
...
Duo Security Connector
2021-06-10 10:23:43 -07:00
v-jayakal
8a15c766c4
Merge pull request #2297 from gate6/master
...
Lookout Data Connector for Sentinel
2021-06-07 18:55:24 -07:00
Vitalii Uslystyi
30b2481d19
GCP IAM - add sample data
2021-06-07 16:15:01 +03:00
Alex Verbniak
ce1f5e2b95
TenableNessus: added io and sc dataconnectors, parser, data sample
2021-06-07 16:07:15 +03:00
Alex Verbniak
d575f40c26
JuniperIDP: data connector, parser, samples
2021-06-07 12:02:25 +03:00
Thomas Dolan
d0d43fa9ce
merge
2021-06-04 10:03:43 -05:00
Rajendra Khabiya
70188c1319
Sample JSON data added
2021-06-02 21:17:10 +05:30
aviau
d9d08252ea
Solutions: Add Flare Systems Firework connector
2021-05-20 16:23:40 -04:00
Thomas Dolan
e3532abb72
Updating data format, updating queries to match new data format
2021-05-04 15:57:21 -05:00
v-jayakal
2163caf2be
Merge pull request #2024 from K-Patel-NC/KP_NucleusCyber_NCProtect
...
Kp nucleus cyber nc protect
2021-04-15 13:48:03 -07:00
v-admahe
8e7d4e1101
Update sample data in csv
2021-04-14 13:12:24 +05:30
v-admahe
4ad4a74983
Change in sample data
2021-04-14 13:04:45 +05:30
v-jayakal
e40a87e692
Merge pull request #2060 from socprime/prisma_cloud_data_conn
...
Palo Alto Prisma Cloud Data Connector
2021-04-09 00:03:59 -07:00
v-maudan
c3b140be74
updated sample data
2021-04-09 11:30:43 +05:30
Vitalii Uslystyi
a2e241f94e
prisma cloud - update sample data
2021-04-08 11:14:08 +03:00
v-jayakal
87629396c1
Merge pull request #1992 from socprime/ConfluenceAudit
...
Confluence audit
2021-04-06 21:56:20 -07:00
v-jayakal
9d8a617b68
Merge pull request #2050 from socprime/WorplaceFacebook
...
WorkplaceFacebook: connector+parser+schema
2021-04-06 00:28:55 -07:00
v-jayakal
2e014b6823
Merge pull request #2031 from socprime/SentinelOne
...
SentinelOne:Connector+parser
2021-04-06 00:23:35 -07:00
v-jayakal
2c95f0f18a
Merge pull request #2028 from socprime/oracle_web_logic_server
...
Oracle Web Logic Server Data Connector
2021-04-05 00:15:43 -07:00
Vitalii Uslystyi
f29e9134c0
prisma cloud - add sample data
2021-04-01 17:31:16 +03:00
Alex Verbniak
fc5421809a
WorkplaceFacebook: connector json and samples
2021-04-01 16:54:29 +03:00
v-jayakal
7bc16dd799
Merge pull request #2006 from socprime/zpa_data_conn
...
ZPA Data Connector
2021-03-31 00:42:51 -07:00
Vitalii Uslystyi
a1938f1519
oracle web logic server - rename sample file
2021-03-31 10:41:41 +03:00
v-jayakal
b2b2c4f4f1
Merge pull request #1988 from socprime/tomcat_data_conn
...
Tomcat Data Connector
2021-03-30 23:24:35 -07:00
Alex Verbniak
8546947dcf
SentinelOne: Samples+ fixes
2021-03-30 15:40:18 +03:00
v-ampami
f76b6ed5bd
Merge branch 'master' into ubiquiti_data_conn
2021-03-30 13:02:25 +05:30
Sergiy Prystaiko
b3d631abb3
OracleWebLogicServer - add data connector
2021-03-29 13:54:45 +03:00
Thomas Dolan
5a9f74b52e
Updating Sample Data
2021-03-25 10:18:48 -05:00
tj-senserva
0e386b2b4f
Merge pull request #4 from Azure/master
...
Bringing Up To Date
2021-03-25 09:24:46 -05:00
v-jayakal
c4a913585a
Merge pull request #1995 from socprime/ZoomReports
...
Zoom reports
2021-03-24 23:01:27 -07:00
Thomas Dolan
13736fa3e5
Resolving merge conflicts
2021-03-24 09:25:38 -05:00
Shain
227614b88f
Merge pull request #1796 from socprime/SlackAuditConnector
...
SlackAudit: dataconnector+workbook
2021-03-23 20:40:58 -07:00
Thomas Dolan
b8bdbb9553
Merge in Updates
2021-03-23 15:22:46 -05:00
Vitalii Uslystyi
7723526522
zpa - add sample data
2021-03-23 19:19:26 +02:00
v-jayakal
d2d09d17e2
Merge pull request #1904 from socprime/Corelight
...
Corelight
2021-03-22 13:50:13 -07:00
Thomas Dolan
f22caa79c9
Merge branch 'master' into senserva-tj
2021-03-22 13:42:39 -05:00
Alex Verbniak
f83a9e1478
ZoomReports: table, parser, sample
2021-03-22 16:23:57 +02:00
Alex Verbniak
2e8a0694ec
ConfluenceAudit: table schema,parser,samples
2021-03-22 15:34:21 +02:00
v-jayakal
c5280bc226
Merge pull request #1951 from socprime/cloudflare_data_conn
...
Cloudflare Data Connector
2021-03-22 05:39:45 -07:00
Sergiy Prystaiko
814dca7ab0
tomcat - add sample data
2021-03-22 13:17:36 +02:00
K-Patel-NC
7885b5b2fe
Sample Data in Json format and CSV format added
2021-03-22 10:11:29 +11:00
Vitalii Uslystyi
c4d02ea13f
cloudflare - updated sample data
2021-03-19 17:52:16 +02:00
K-Patel-NC
b83686734c
Logo, TableSchema, Json Related changes added
2021-03-19 11:30:52 +11:00
Thomas Dolan
ac569960d2
updating name
2021-03-17 10:54:57 -05:00
Thomas Dolan
54d0f41ca0
sample data
2021-03-17 10:00:44 -05:00
Alex Verbniak
41c8c38e0f
Corelight: change sample file
2021-03-16 10:19:21 +02:00
v-rucdu
ee02cae67b
Merge branch 'master' into SlackAuditConnector
2021-03-16 10:27:24 +05:30
Vitalii Uslystyi
4d45a31273
cloudflare - added sample data
2021-03-15 21:00:01 +02:00
Sergiy Prystaiko
cb92751283
ubiquiti - added sample data
2021-03-12 16:51:23 +02:00
Alex Verbniak
85179f854f
Corelight: file samples for la_agent
2021-03-12 11:44:43 +02:00
Alex Verbniak
59b35dad7a
CrowdstrikeFDR: Samples,parser,table-schema
2021-03-09 12:33:14 +02:00
dicolanl
731696503a
Merge branch 'master' into duoconnector
2021-03-08 10:13:29 -08:00
v-jayakal
1c9d02195f
Merge pull request #1812 from adirDev/CognniDataConnector
...
Add Cognni data connector, including:
2021-03-01 15:19:09 -08:00
v-jayakal
52ff0bdb21
Merge pull request #1797 from socprime/box_data_conn
...
Box Data Connector
2021-02-25 10:45:28 -08:00
Alex Verbniak
89849e4503
SlackAudit: Datasample added
2021-02-23 16:09:15 +02:00
v-jayakal
20f012c15c
Merge pull request #1679 from socprime/JiraAuditConnector
...
Jira audit connector
2021-02-22 22:47:40 -08:00
adirDev
cfe0559e46
Add Cognni data connector including:
...
* The data connector json file
* Cognni logo
* Cognni sample data
* Detection queries
* Cognni workbook with preview images
2021-02-22 10:43:16 +02:00
dicolanl
1d4496c4b2
Merge branch 'master' into duoconnector
2021-02-19 19:44:29 +00:00
dicolanl
25aed73f8f
adding sample data
2021-02-19 15:54:16 +00:00
Vitalii Uslystyi
014608161f
box data conn - added sample data
2021-02-19 16:10:19 +02:00
v-jayakal
597526d9e5
Merge pull request #1614 from socprime/nginx_data_connector
...
NGINX data connector
2021-02-15 04:42:06 -08:00
Alex Verbniak
52303d6216
JiraAudit: data sample
2021-01-28 16:47:35 +02:00
v-jayakal
c68dfab32b
Merge pull request #1446 from cyberpion-yotam/cyberpion-sl-connector
...
Cyberpion sl connector
2021-01-21 10:47:11 +05:30
Sergiy Prystaiko
3ad4d0f0bb
Added NGINX data connector
2021-01-20 14:14:14 +02:00
John Kirch
f1c16795d2
NXLog BSM macOS (Custom) data connector
...
1. Connector UX: `NXLogBSMmacOS.json`
2. Sample Data: `BSMmacOS_CL.json`
3. Logo: `NXLog.svg`
2021-01-07 12:35:54 -06:00
Yotam Rosenmann
29922b4c16
Merge branch 'master' into cyberpion-sl-connector
2020-12-24 12:34:52 +02:00
Yotam Rosenmann
8d0a4e8ad1
Fixed sample data format
2020-12-23 14:05:10 +02:00
Shain
d84a1281dc
Merge pull request #1413 from chicduong/acn_cd_qualyskbparser01
...
ACN_CD_QualysKB_Parser01
2020-12-14 14:41:51 -08:00
Donny Maasland
6a43d4da21
Add ESET Enterprise Inspector REST API connector ( #1417 )
...
* initial commit of eei connector
* add custom permissions
* add sample data
* remove actual URL
* trim sample data
* change package URL
* remove locale from comment
* update zip
* remove extra space
* remove extra double quote
2020-12-11 15:58:33 -08:00
Yotam Rosenmann
e5d762782f
Merge branch 'master' into cyberpion-sl-connector
2020-12-11 11:40:04 +02:00
Yotam Rosenmann
87d4529039
Created Cyberpion connector
2020-12-11 11:14:00 +02:00
Eric Shulze
1225b2d57a
Trend Micro XDR Initial Commit ( #1353 )
...
* Trend Micro XDR - Initial Commit
* Fixed Rendering of onboarding steps
* Inital Rule Templates - Trend Micro XDR
* Fixed: Format Error
* Added Trend Micro XDR Overview Workbench, and supporting files.
* Fixed extra addition
* Rebased file issue
* Added Missing KQL Validation table format
* ARM Template Usablitiy enahcment - made dropdown option
* Sample Data Example Additon
* Added missing CL from customer data type dependancy.
* Addressed PR Comments, Added logging, Added API Key Failure Error
* Fixed commit issues
* Fixing Requested Change
* variable rename as requested
* fixed Workbook issue
* Added 3 new queries to Workbook
* Updated Sample Images
* updated URL for API Key instructions
* Updated ARM URL, removed subscription ID's
Co-authored-by: Eric Shulze <ericsh@us-ericsh-mac.us.trendnet.org>
Co-authored-by: ericsh <eric_shulze@trendmicro.com>
2020-12-09 18:57:49 -08:00
SOC Prime
cace382aa5
Apache HTTP Server Data Connector ( #1373 )
...
* added ApacheHTTPServer Data Connector
* added description to apache parser
* added apache logo
* apache data connector - changed connector id
Co-authored-by: Sergiy Prystaiko <sp@socprime.com>
Co-authored-by: Vitalii Uslystyi <vu@socprime.com>
2020-12-08 17:32:56 -08:00
Praneet
8644628b81
Sophos cloud optix ( #1391 )
...
* Sophos Cloud Optix Rest API Data Connector Initial Commit
* Removing the stale description line
* Fixing the DocumentsLinkValidation error with locale (en-us) specified in the url
* Fixing the DocumentsLinkValidation error with locale (en-us) specified in some sample data
* Updating to remove 'customs' permissions as Sophos Cloud Optix doesn't need it
* Updating the query to show top 5 environments
2020-12-08 08:27:37 -08:00
chicduong
b156974d98
qualys KB parser
2020-12-04 22:56:36 -08:00
John Kirch
6463056031
NXLog LinuxAudit data connector: Initial Commit ( #1280 )
...
* NXLog LinuxAudit data connector: Initial Commit
1. Connector UX: NXLogLinuxAudit.json
2. Sample Data: NXLogLinuxAudit_CL.json
3. Logo: NXLog.svg
* 1. Connector UX: `NXLogDnsLogs.json`
2. Sample Data: `NXLogDNS_Logs_CL.json`
3. Logo: `NXLog.svg`
* Resolved the following issues in Pull Request 1280:
1. Changed the filename of the Data Samples for this collector to match the table name.
2. Added 7 additional JSON records having the "comm" field with various values:
"sshd","whoami","sudo","systemd-hostnam","accounts-daemon","usermod","polkit-agent-he"
* Resolve conversation in Pull Request 1298 regarding the "en-us" locale in the ETW Documentation URL
* Attempt to resolve DocumentsLinkValidation failures in Pull Request 1298:
Renamed "Sample Data/Custom/NXLogDNS_Logs_CL.json" to match the table name:
"Sample Data/Custom/DNS_Logs_CL.json"
Co-authored-by: Shain <45466083+shainw@users.noreply.github.com>
2020-12-01 23:44:20 -08:00
SOC Prime
88c3fc89b6
G workspace reports connector ( #1320 )
...
* GWorkspace: add table schemas
* GWorkspace: add parser
* GWorkspace: add deploy template
* GWorkspace: add pickle_string script
* GWorkspace: add connector template
* GWorkspace: add connector archive
* GWorkspace: add connector files
* GWorkspace: fixes in script.
* GWorkspace: update archive.
* Gworkspace: fixing json file
* GWorkspace: add logo
* GWorkspace: Connector template fixes
* GWorkspace: added data samples
* GWorkspace: added new logo
* GWorkspace: Add sampleQueries
* GWorkspace: Script and Archive updated
Co-authored-by: Alex Verbniak <ov@socprime.com>
2020-11-25 14:00:19 -08:00
chicduong
d104b3816b
ACN_CD_Netskope_DataConnector01 ( #1313 )
...
* Netskope Connector
* revisions
* revisions 2
* updated filename
2020-11-24 14:29:06 -08:00
SOC Prime
533e0983f8
Proofpoint POD Connector ( #1293 )
...
* proofpoint pod - initial commit
* ProofpointPOD: Delete "Preview" and change Umbrella to Proofpoint
* ProofpointPOD: delete empty lines from parser
* ProofpointPOD: add proxies.json file
* ProofpointPOD: script fixes
* ProofpointPOD: add well-known CA library certifi
Co-authored-by: Alex Verbniak <ov@socprime.com>
2020-11-20 17:30:04 -08:00
SOC Prime
e4d2a7a670
Salesforce Service Cloud Connector ( #1292 )
...
* saleforce sc connector - initial commit
* salesforce sc - added python file
* salesforce sc - updated zip file
* salesforce sc - updated connector template
* salesforce sc - added logo
* Salesforce SC: delete Preview
* Salesforce SC: change chunksize
* Salesforce SC: add proxies.json
* Salesforce SC: add handling of nextRecordsUrl
* Salesforce SC: update zip file
Co-authored-by: Alex Verbniak <ov@socprime.com>
2020-11-16 19:31:20 -08:00
SOC Prime
a90ff862f6
Cisco umbrella connector ( #1261 )
...
* added table schemas
* added function app
* added parser
* added logo
* added azuredeploy arm template
* updated links in azuredeploy arm template
* added connector template
* added sample data
* updated links to github in templates
* improved logging in function app
* updated connector template
* cisco umbrella: updated links
* cisco umbrella: removed logo to avoid duplication
* cisco umbrella connector - changed AWSSecretAccesKey variable name
* cisco umbrella connector - removed CiscoUmbrella.md file
* cisco umbrella connector - updated connector template
* cisco umbrella connector - updated connector template
* cisco umbrella - renamed parser func and updated connector template
* cisco umbrella - updated sample queries in connector template
* cisco umbrella - added proxies.json file
Co-authored-by: Vitalii Uslystyi <vu@socprime.com>
2020-11-13 07:16:25 -08:00
Aymen Ibrahim
3d059a315b
Added missing fields in Better MTD sample data
2020-11-12 16:29:19 +03:00
chicduong
6ab2bfe4d0
Squid Proxy Connector ( #1231 )
...
Co-authored-by: Preeti Krishna <preetikr@microsoft.com>
2020-11-10 17:08:31 -08:00
Aymen Ibrahim
e95ec341a2
Added json sample BETTER MTD data
2020-10-28 11:35:36 +03:00
Aymen Ibrahim
1cd62d5d7f
Added BETTER MTD sample data for each custom logs
2020-10-13 22:59:36 +04:00
chicduong
32f9b39d4e
ACNCD_DataConnectors_final ( #767 )
...
* final PR
* detection corrections
* Revisions
* add default Function app root files
* revisions
2020-07-07 15:25:53 -07:00
Noam Rathaus
83f4d6407e
Beyond Security beSECURE patch ( #745 )
...
* Beyond Security beSECURE Connector (Via RestAPI)
* beSECURE Sample Data
* Beyond Security Logo
* We have three tables, do a union of them
To correctly show the incoming data, we need to do a union of the three tables
* Add two sample queries for Audit and Events
* Add missing dataTypes
* No need for customs
* Bigger sample base
* More data
* More data samples, and more accurate structure
* Incorrect escape character
\b should be just \n
* Rephrase to be more clear
* No dependencies
* Empty
* No need for xlink
2020-07-01 16:48:34 -07:00
Alon Lavian
22a7521bfb
Orca SEcurity REST API connector ( #721 )
...
Co-authored-by: Alon Lavian <alon@orca.security>
2020-06-19 14:03:45 -07:00
chicduong
1ccee11bfc
ACNCD_Custom_DataConnector_v2 ( #729 )
...
* 3 custom data connector
* error corrections - locale
* resolve conflicts
* error corrections
* remove -- from CarbonBlack json
* Update WorkbooksMetadata.json
line 747
* Update WorkbookMetadata.json
Updated connect Dependencies to remove spaces and match connector ID
* Update Connector ID, exclude spaces
* Update Connector ID, exclude spaces
* Analytic Rule Corrections
* Retroactive changes to Analytics Rules
* typo in WorkbooksMedidata
* Post-Review Corrections
* QualysVM correction
2020-06-19 14:00:16 -07:00
chinguyen1
30ec4bdbcc
update custom file name ( #660 )
2020-05-06 15:39:58 -07:00
chinguyen1
91c1795c68
Modify sample data file names to match their data types ( #656 )
...
* change sample files names to match their data types
* change csv file names
2020-05-06 00:39:46 -07:00
chinguyen1
8b51343a55
move files in right folders ( #642 )
2020-05-04 06:11:31 -07:00
Preeti Krishna
5128123636
Structuring sample data
2020-05-01 07:15:41 -07:00