Yaron Fruchtmann
|
ada6d4a3a3
|
Merge branch 'Expansions_Jul20' of https://github.com/Azure/Azure-Sentinel into Expansions_Jul20
|
2020-07-26 14:02:02 +03:00 |
|
Yaron Fruchtmann
|
d366e195bb
|
Queries cannot serve as expansion. Converted to Hunting
|
2020-07-26 14:01:26 +03:00 |
Shain
|
116c71354d
|
Update Process2Host_VMConfigChange.yaml
Couple of changes besides moving this over.
|
2020-07-23 15:40:13 -07:00 |
|
Yaron Fruchtmann
|
519869a740
|
function call format
|
2020-07-22 09:06:13 +03:00 |
|
Yaron Fruchtmann
|
6d16d01c8e
|
Convert VMConfigChange to yaml format
|
2020-07-22 09:01:44 +03:00 |
|
Yaron Fruchtmann
|
bdeff08da4
|
Matching to backend style
|
2020-07-16 13:08:03 +03:00 |
|
Yaron Fruchtmann
|
601421f0ec
|
Fixed metadata DataSources
|
2020-07-13 17:13:41 +03:00 |
gumalul
|
90f9186ef5
|
update description
|
2020-07-08 08:50:10 +03:00 |
|
gumalul
|
5ba66c62f1
|
update query to support account sid and aad id
update the queries description
|
2020-07-07 15:32:17 +03:00 |
|
gumalul
|
307ee54f11
|
Merge branch 'master' of https://github.com/Azure/Azure-Sentinel into gumalul/newPolygonExpensionQueries
|
2020-07-07 15:27:26 +03:00 |
|
Shain
|
e08abab5a4
|
Update UserAccount_CreatedDeleted.yaml
Change to TargetAccount
|
2020-06-30 09:26:29 -07:00 |
|
gumalul
|
fc7a7f926e
|
add new BehaviourAnalytics expension queries
|
2020-06-29 19:45:47 +03:00 |
|
Yaron Fruchtmann
|
43b28aac7a
|
renamed file from FilesOnHost to HostsWithFile
|
2020-06-18 11:44:09 +03:00 |
|
Yaron Fruchtmann
|
95f2d28e38
|
Fixed expansion's DisplayName and Description
|
2020-06-17 15:42:27 +03:00 |
|
Yaron Fruchtmann
|
efbd716189
|
changed description to indicate Hosts are returned
|
2020-06-15 10:54:03 +03:00 |
|
Yaron Fruchtmann
|
ace1193b47
|
Adding call to function
|
2020-06-08 17:43:58 +03:00 |
|
Yaron Fruchtmann
|
20813c8546
|
Fixing output fields name to entity field names
|
2020-06-08 15:33:21 +03:00 |
Moran Raz Mizrahi
|
724bc123d5
|
change Domain to NTDomain
|
2020-03-27 01:37:37 +02:00 |
|
shainw
|
9dca4636f8
|
Merge pull request #551 from Azure/PossibleSuccessfulBruteForceFix
Removed ResourceId as it is not a Host Entity Field.
|
2020-03-26 07:14:28 -07:00 |
|
Yaron Fruchtmann
|
c5f7e91c7d
|
fixed YAML malformat
|
2020-03-26 11:12:21 +02:00 |
|
shainw
|
b74dcc967d
|
Merge pull request #549 from Azure/ServiceCreatedOnHostUpd
Fixing Services Created on Host and also fixed issue with missing par…
|
2020-03-25 08:23:29 -07:00 |
Shain Wray (MSTIC)
|
68e6de7b4d
|
Change function variable name back to v_host_hostname
|
2020-03-25 07:43:21 -07:00 |
|
Shain Wray (MSTIC)
|
6693f993ed
|
changing to just hostname for variable, we will see about ResourceId in the future, but not part of V3 so will leave out for now
|
2020-03-25 07:16:35 -07:00 |
|
Yaron Fruchtmann
|
cdab17f920
|
Removed ResourceId as it is not a Host Entity Field.
|
2020-03-25 14:56:29 +02:00 |
|
shainw
|
1db83683b3
|
Merge pull request #547 from Azure/equalityFix
changing equality for ip addresses
|
2020-03-24 17:27:42 -07:00 |
|
Shain Wray (MSTIC)
|
8c33054eff
|
Fixing Services Created on Host and also fixed issue with missing parameters for function in Possible BF
|
2020-03-24 17:04:00 -07:00 |
|
Moran Raz Mizrahi
|
a450982b05
|
changing equality for ip addresses
|
2020-03-24 17:05:57 +02:00 |
|
Moran Raz Mizrahi
|
82bcda2071
|
Changing the DataSources field in IOT query to a list type, according to the template format.
|
2020-03-23 11:54:45 +02:00 |
|
Yaron Fruchtmann
|
b5aa96b38b
|
Merge branch 'master' into ExpansionSanity
|
2020-03-19 22:54:41 +02:00 |
|
Yaron Fruchtmann
|
951f9084f0
|
reinforcing entity
|
2020-03-19 22:43:58 +02:00 |
|
shainw
|
21067c054e
|
Merge pull request #513 from Azure/RareIPLocationImprovement
Updating match method, along with validation and parsing values being…
|
2020-03-18 13:43:09 -07:00 |
|
Yaron Fruchtmann
|
4e81969007
|
Reenforced strength of entities
|
2020-03-18 21:18:39 +02:00 |
|
Shain Wray (MSTIC)
|
dcd53af3ad
|
Minor change, no need to handle the @ and slash combo based on order of operation
|
2020-03-10 10:44:59 -07:00 |
|
Shain Wray (MSTIC)
|
95b534cd2d
|
Slight mod on parsing
|
2020-03-10 10:33:31 -07:00 |
|
Shain Wray (MSTIC)
|
f515701dfe
|
Forgot to add in Input Fields update
|
2020-03-05 16:28:02 -08:00 |
|
Shain Wray (MSTIC)
|
8a01a23b28
|
improved matching on account and domain, plus added in properly formatted outputs for investigation graph pickup
|
2020-03-05 16:25:15 -08:00 |
|
Shain Wray (MSTIC)
|
8cddb49281
|
Updating match method, along with validation and parsing values being passed into the function to make sure the values are the format we expect. Also, improvements on the counts related to connections and locations.
|
2020-03-05 13:42:13 -08:00 |
|
Yaron Fruchtmann
|
d32fb153c1
|
renamed starttime and endtime to Aux
|
2020-03-04 11:29:11 +02:00 |
|
Yaron Fruchtmann
|
7cea63e309
|
removed non compliant column
|
2020-03-02 11:03:28 +02:00 |
|
Yaron Fruchtmann
|
2b490183a4
|
weakened Account req. changed returned column names
|
2020-03-02 11:03:09 +02:00 |
|
Yaron Fruchtmann
|
da0c66c2e2
|
renamed time fields to Aux
|
2020-03-02 10:35:46 +02:00 |
|
Yaron Fruchtmann
|
b1599b0ad0
|
renamed time fields to Aux
|
2020-03-02 10:25:49 +02:00 |
|
Yaron Fruchtmann
|
8433aeab7f
|
Decreased requirements on Host
|
2020-03-02 10:23:01 +02:00 |
|
Yaron Fruchtmann
|
2fb2f9af5a
|
renamed time fields to Aux
|
2020-03-01 14:11:21 +02:00 |
|
Yaron Fruchtmann
|
39e4fe3ea7
|
renamed time fields to Aux
|
2020-03-01 14:10:24 +02:00 |
|
Yaron Fruchtmann
|
78eace382e
|
renamed time fields to Aux
|
2020-03-01 13:56:37 +02:00 |
|
shainw
|
fcdb4e59c5
|
Merge pull request #435 from Azure/addIotQuery
added a query for IoTDevice
|
2020-02-11 10:36:38 -08:00 |
|
Shain Wray (MSTIC)
|
8c7e21f049
|
Updating to include additional context, bringing thru the count and fixing string match so case does not cause a miss on matching
|
2020-02-11 10:33:55 -08:00 |
moranraz
|
6b66e3b33d
|
Rearranged the folders to be all by inputEntity type (#450)
|
2020-01-29 13:17:58 +02:00 |
|
Moran Raz Mizrahi
|
ba3fe36385
|
text changes
|
2020-01-15 19:09:12 +02:00 |