Граф коммитов

613 Коммитов

Автор SHA1 Сообщение Дата
Ofer Shezaf ee97399b42 Revert "Revert "Merge branch 'master' of https://github.com/Azure/Azure-Sentinel""
This reverts commit ff69f85224.
2022-01-03 16:21:46 +02:00
Ofer Shezaf ff69f85224 Revert "Merge branch 'master' of https://github.com/Azure/Azure-Sentinel"
This reverts commit c929df845a, reversing
changes made to 53e6c92e3e.
2022-01-03 16:04:13 +02:00
aprakash13 bea143b5ae
Merge pull request #3681 from socprime/digital_guardian_content
add analytic content for Digital Guardian
2021-12-30 13:30:55 -08:00
aprakash13 cbf1b99627
Merge pull request #3513 from socprime/cisco_duo_content
ciscoduo content
2021-12-30 12:39:41 -08:00
NikTripathi f90f82ec80
Merge pull request #3555 from socprime/cisco_wsa_content
add cisco wsa content
2021-12-31 00:52:17 +05:30
NikTripathi ec69accb5f
Merge pull request #3683 from socprime/trendmicro_cas_content
analytic content TrendMicro CAS
2021-12-31 00:46:32 +05:30
aprakash13 8abdea0878
Merge pull request #3750 from socprime/sentinelone_content
sentinel1 analytic content
2021-12-30 01:30:44 -08:00
v-rucdu ce13459bfb updated schema 2021-12-29 16:07:28 +05:30
v-rucdu 026f06122d Initial commit for adding AzureDiagnostics support 2021-12-29 10:00:30 +05:30
Amit Bergman f4a5fb738f
Merge pull request #3794 from Azure/Amitbergman-patch-20
Update AttackTactic.cs
2021-12-28 10:01:07 +02:00
Shain Wray (MSTIC) 26ba1999e1 removing validation skip and trailing comma 2021-12-27 10:54:31 -08:00
Amit Bergman 7294ec923d
Update AttackTactic.cs 2021-12-27 18:46:17 +02:00
Amit Bergman 0c997aa822
Update AttackTactic.cs 2021-12-27 16:30:42 +02:00
Amit Bergman 6f303cfe8d
Update AttackTactic.cs 2021-12-27 14:26:18 +02:00
NikTripathi 6f7747e98f
Merge pull request #3567 from socprime/vmware_esxi_content
add analytic content for VMwareESXi
2021-12-23 23:59:59 +05:30
NikTripathi 552eda23a7
Merge pull request #3439 from socprime/imperva_cl_waf_content
add imperva content
2021-12-23 12:39:52 +05:30
rpressburger 0801e848c7
Added KQL syntax validations test for insights base queries. (#3708)
* support tests for insights base query

* fix test name

* comment out insights tests

* update dotnet version

* dotnet version

* typo

* version5

* try fix tests output

* kql tests config

* fix tests names and revert dotnet version

* comment out insights tests

* leave one test up

* might fix azure devops display bug

* might fix azure devops display bug

* override to string to empty

* pass encoded file path to tests

* code review

* GetYamlFilesPaths static

* use folder path as const

* better GetDir implementation
2021-12-21 13:28:45 +02:00
sp 558c3afafa fixed queries; workbook 2021-12-21 12:27:12 +02:00
sp 204eace7e7 ad parser schema; fix entity 2021-12-21 12:01:08 +02:00
yaronMSFT ca9b2fa9f7
ASim NW detections batch 2 (#3515) 2021-12-19 12:05:27 +02:00
sp ff5c9d2519 sentinel1 analytic content 2021-12-17 19:18:49 +02:00
sp dea5e4a9d3 add parser schema 2021-12-17 14:23:10 +02:00
v-jayakal 689caa0b1b
Merge pull request #3702 from rheabansal/rheabansal/updating_purview_solution
Updating Azure Purview Solution
2021-12-16 11:14:54 -08:00
NikTripathi 9bd3b8800a
Merge pull request #3432 from socprime/cisco_secure_endpoint_content
add cisco secure endpoint analytic content
2021-12-16 12:39:56 +05:30
NikTripathi 2c3c936fd9
Merge pull request #3397 from socprime/nginx_content
Nginx content
2021-12-16 12:38:16 +05:30
Ajeet Prakash (MSTIC) 5fd400eed7 Adding skip validation test for 'imwebsession' 2021-12-15 08:30:19 -08:00
Shain Wray (MSTIC) dda40644ed Adding build validation bypass for - HighlySensitivePasswordAccessed.yaml and "The name '_GetWatchlist' does not refer to any known function." 2021-12-14 10:28:56 -08:00
v-rucdu 495b983588
Merge pull request #3673 from ThijsLecomte/master
create LastPass Solution
2021-12-14 10:38:10 +05:30
Rhea Bansal 1e1fde3ec3 Updating Azure Purview Solution 2021-12-13 17:03:33 -08:00
sp 2a5bc5232f add parser schema 2021-12-13 12:07:54 +02:00
NikTripathi 3044bdef85
Merge pull request #3396 from socprime/apache_http_server_content
Apache HTTP Server content
2021-12-13 15:00:26 +05:30
v-jayakal 08d29f7fcf
Merge pull request #3327 from sschuur/InfobloxCDC-Oct
Update Infoblox CDC
2021-12-13 00:34:34 -08:00
Shain Wray (MSTIC) 7fe032df11 all validations pass, except imDns, exclude per protocol for now 2021-12-11 19:20:40 -08:00
sp dbbf25326f analytic content TrendMicro CAS 2021-12-10 17:35:34 +02:00
sp 6c1ac3f276 add analytic content for Digital Guardian 2021-12-10 17:13:29 +02:00
sp cabfeaa52e rm conflict file 2021-12-10 15:44:07 +02:00
sp 21f4f74a2c add parser schema 2021-12-10 15:42:16 +02:00
ThijsLecomte a6560fc934 Create KQLValidations 2021-12-10 09:32:57 +01:00
ThijsLecomte 599d61906e create LastPass Solution 2021-12-10 09:21:55 +01:00
Vitalii Uslystyi c6848a3271 Merge branch 'master' into apache_http_server_content 2021-12-09 15:57:29 +02:00
Vitalii Uslystyi 2bdc5ce59a Merge branch 'master' into nginx_content 2021-12-09 15:55:36 +02:00
sschuur 3df290fb72
Merge branch 'Azure:master' into InfobloxCDC-Oct 2021-12-08 16:20:05 -08:00
Amit Bergman 60dab5fa30
Merge pull request #3627 from Azure/Amitbergman-patch-12
Fix wrong connector ID - the correct value is AwsS3
2021-12-07 17:09:36 +02:00
Amit Bergman 81d793e0b1
Update ValidConnectorIds.json 2021-12-07 12:19:53 +02:00
Amit Bergman df91ebc00d
Update ValidConnectorIds.json 2021-12-07 11:47:53 +02:00
aprakash13 7f3c8b1428
Merge pull request #3588 from Azure/ashwin/ti-blognov2021
TI blog related queries - Nov2021 and bugfixes 

The TI blog post is supposed to go out today. Hence, approving and manually merging these even though some of the validations are failing and have errors. A lot of these validations error is due to NPM authentication that the content acceleration team is working on to fix currently.
2021-12-06 09:03:44 -08:00
aprakash13 be31ecb6cc
Merge pull request #3386 from scottymcraig/CiscoSEAnalytics
Add CiscoSE High Alert Rule
2021-12-06 07:20:49 -08:00
Ofer Shezaf 930b44436e
Merge pull request #3625 from Azure/dev/normalization/web
Dev/normalization/web-frame-only
2021-12-05 14:55:38 +02:00
Ofer Shezaf 74c2950837 custom table validation jsons 2021-12-05 14:46:25 +02:00
Ashwin Patil 37ad5ee072 typos and addng techniques 2021-12-03 14:35:34 -08:00