Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
30 490 коммитов 3 214 Ветки 0 Теги 7,8 GiB
Граф коммитов

17 Коммитов

Автор SHA1 Сообщение Дата
NikTripathi de0d682f55 Fixing case sensitivity issue in solutions for Partner word. 2022-11-02 16:38:18 +05:30
v-laanjana c7b988a04b fixed link 2022-07-13 10:17:49 +05:30
v-laanjana 1ee28053ac text update for parser 2022-07-11 11:35:26 +05:30
v-laanjana 2c154cf55a fixed solution id 2022-07-07 16:13:11 +05:30
v-laanjana 65be20dbf3 fixed PR comments 2022-07-07 16:07:41 +05:30
v-laanjana 287bbfbbcd update solution with validation fix and text 2022-07-06 12:52:09 +05:30
v-laanjana db7ff43e7f NXLogDnsLogs solution created 2022-06-01 18:33:00 +05:30
John Kirch 1c032529ea Renamed the parser from NXLog_parsed_DNS_Server_ASim_view to ASimDnsMicrosoftNXLog 
Renamed the source table from DNS_Server_CL to NXLog_DNS_Server_CL
On line 38 of the Data Connector, changed query to use the source table instead of the parsed table.
 2021-10-04 08:55:10 -05:00
John Kirch 3cd9e969e9 Fix incorrect field name 2021-09-22 10:20:50 -05:00
John Kirch 9e3c791590 Fixed typo in the commments of the parser 2021-09-20 06:32:34 -05:00
John Kirch 3a657ad337 Corrected some mistakes in the comments of the parser 2021-09-18 17:11:18 -05:00
John Kirch b7ef58a521 Updated the DNS ASim parser's URL 2021-09-18 15:37:20 -05:00
John Kirch e59dfb3023 Changed from double-quotes to single-quotes for string literals in the queries 
of the sampleQueries array in the Data Connector definition.
 2021-09-17 17:00:31 -05:00
John Kirch 63c3622d55 Updated the KQL function for parsing fields as normalized DNS ASim data per Ofer's instructions 
Created a new set of sample data that includes DvcIpAddr
Adjusted the example queries as needed for time slices that will match the new set of events
 2021-09-17 00:45:12 -05:00
John Kirch 27c5d5df71 DNS Server Analytical ASim: Added 3 sample queries to the Data Connector 2021-09-12 22:59:40 -05:00
John Kirch 210239b032 Updated the value for "name" in the first element of the "dataTypes" array from 
"NXLog_parsed_DNS_Server_ASim_view" to "DNS_Server_CL"
 2021-09-08 01:34:19 -05:00
John Kirch 7575b425f6 Initial work on the NXLogDnsLogs Azure Sentinel solution 
- Added parsers:
    - NXLog_parsed_DNS_Server_ASim_view
    - NXLog_parsed_DNS_Server_view
    - NXLog_parsed_DNS_Analytical_view
    - NXLog_parsed_DNS_Audit_view
- Added the NXLogDnsLogs (JSON) Data Connector definition (WIP)
    - Still need to add sample queries
    - Need to reduce the size of the sample data (currently has 10,104 events)
 2021-09-08 01:17:16 -05:00