11ec709397
|
||
|---|---|---|
| .azure-pipelines | ||
| .github | ||
| .script | ||
| .vscode | ||
| BYOML | ||
| Dashboards | ||
| DataConnectors | ||
| Detections | ||
| Exploration Queries | ||
| Functions | ||
| Hunting Queries | ||
| Logos | ||
| Notebooks@7e51374d2d | ||
| Parsers | ||
| Playbooks | ||
| QueryLanguageSamples | ||
| Sample Data | ||
| Tools | ||
| Workbooks | ||
| docs | ||
| .gitignore | ||
| .gitmodules | ||
| CODEOWNERS | ||
| LICENSE | ||
| README.md | ||
| azure-pipelines.yml | ||
| package-lock.json | ||
| package.json | ||
| tsconfig.json | ||
README.md
Azure Sentinel
Welcome to the Azure Sentinel repository! This repository contains out of the box detections, exploration queries, hunting queries, workbooks, playbooks and much more to help you get ramped up with Azure Sentinel and provide you security content to secure your environment and hunt for threats. You can also submit to issues for any samples or resources you would like to see here as you onboard to Azure Sentinel. This repository welcomes contributions and refer to this repository's wiki to get started. For questions and feedback, please contact AzureSentinel@microsoft.com
Resources
We value your feedback. Here are some channels to help surface your questions or feedback:
- General product specific Q&A <20> Join in the Azure Sentinel Tech Community conversations
- Product specific feature requests <20> Upvote or post new on Azure Sentinel feedback forums
- Report product or contribution bugs <20> File a GitHub Issue using Bug template
- General feedback on community and contribution process <20> File a GitHub Issue using Feature Request template
Contributing
This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.microsoft.com.
Add in your new or updated contributions to GitHub
Note: If you are a first time contributor to this repository, Fork the repo before cloning.
Brand new or update to a contribution via these methods:
- Submit for review directly on GitHub website
- Browse to the folder you want to upload your file to
- Choose Upload Files and browse to your file.
- You will be required to create your own branch and then submit the Pull Request for review.
- Use GitHub Desktop or Visual Studio or VSCode
- Fork the repo
- Clone the repo
- Create your own branch
- Do your additions/updates in GitHub Desktop
- Push your changes to GitHub
Pull Request
- After you push your changes, you will need to submit the Pull Request (PR)
- After submission, check the Pull Request for comments
- Make changes as suggested and update your branch or explain why no change is needed. Resolve the comment when done.
Pull Request Kql Validation Check
As part of the PR checks we run kql validation on the queries that are defined in the template. If this check fails go to Azure Pipeline (by pressing on the errors link on the checks tab in your PR)
In the pipeline you can see which test fail and what is the cause:
If you are using custom logs table (a table which is not defined on all workspaces by default) you should verify
your table schema is defined in json file in the folder Azure-Sentinel\.script\tests\KqlvalidationsTests\CustomTables
Example for table tablexyz.json
{
"Name": "tablexyz",
"Properties": [
{
"Name": "SomeDateTimeColumn",
"Type": "DateTime"
},
{
"Name": "SomeStringColumn",
"Type": "String"
},
{
"Name": "SomeDynamicColumn",
"Type": "Dynamic"
}
]
}
When you submit a pull request, a CLA-bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., label, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.
For information on what you can contribute and further details, refer to the "get started" section on the project's wiki.