From 3e8b65bbd52cd54b0537a42f15b5c6c5871b7a5c Mon Sep 17 00:00:00 2001 From: Sebastian Wiszowaty Date: Wed, 30 Aug 2023 12:48:02 +0200 Subject: [PATCH] add IdentityInfo/BehaviourAnalytics to missing detections --- .../AdditionofaTemporaryAccessPasstoaPrivilegedAccount.yaml | 3 +++ Detections/MultipleDataSources/RunCommandUEBABreach.yaml | 3 +++ ...ticationsofPrivilegedAccountsOutsideofExpectedControls.yaml | 3 +++ Detections/SigninLogs/PrivilegedUserLogonfromnewASN.yaml | 3 +++ 4 files changed, 12 insertions(+) diff --git a/Detections/AuditLogs/AdditionofaTemporaryAccessPasstoaPrivilegedAccount.yaml b/Detections/AuditLogs/AdditionofaTemporaryAccessPasstoaPrivilegedAccount.yaml index aea7e4e74a4..b2152b0bff9 100644 --- a/Detections/AuditLogs/AdditionofaTemporaryAccessPasstoaPrivilegedAccount.yaml +++ b/Detections/AuditLogs/AdditionofaTemporaryAccessPasstoaPrivilegedAccount.yaml @@ -14,6 +14,9 @@ requiredDataConnectors: - connectorId: BehaviorAnalytics dataTypes: - BehaviorAnalytics + - connectorId: BehaviorAnalytics + dataTypes: + - IdentityInfo queryFrequency: 1d queryPeriod: 1d triggerOperator: gt diff --git a/Detections/MultipleDataSources/RunCommandUEBABreach.yaml b/Detections/MultipleDataSources/RunCommandUEBABreach.yaml index cb02063cabe..c9a865392e0 100644 --- a/Detections/MultipleDataSources/RunCommandUEBABreach.yaml +++ b/Detections/MultipleDataSources/RunCommandUEBABreach.yaml @@ -8,6 +8,9 @@ requiredDataConnectors: - connectorId: AzureActivity dataTypes: - AzureActivity + - connectorId: BehaviorAnalytics + dataTypes: + - BehaviorAnalytics queryFrequency: 1d queryPeriod: 2d triggerOperator: gt diff --git a/Detections/SigninLogs/AuthenticationsofPrivilegedAccountsOutsideofExpectedControls.yaml b/Detections/SigninLogs/AuthenticationsofPrivilegedAccountsOutsideofExpectedControls.yaml index 7de8cf82256..1fa9111311a 100644 --- a/Detections/SigninLogs/AuthenticationsofPrivilegedAccountsOutsideofExpectedControls.yaml +++ b/Detections/SigninLogs/AuthenticationsofPrivilegedAccountsOutsideofExpectedControls.yaml @@ -13,6 +13,9 @@ requiredDataConnectors: - connectorId: BehaviorAnalytics dataTypes: - BehaviorAnalytics + - connectorId: BehaviorAnalytics + dataTypes: + - IdentityInfo queryFrequency: 1d queryPeriod: 7d triggerOperator: gt diff --git a/Detections/SigninLogs/PrivilegedUserLogonfromnewASN.yaml b/Detections/SigninLogs/PrivilegedUserLogonfromnewASN.yaml index 19ba91a5357..0a8f50abcc6 100644 --- a/Detections/SigninLogs/PrivilegedUserLogonfromnewASN.yaml +++ b/Detections/SigninLogs/PrivilegedUserLogonfromnewASN.yaml @@ -11,6 +11,9 @@ requiredDataConnectors: - connectorId: BehaviorAnalytics dataTypes: - BehaviorAnalytics + - connectorId: BehaviorAnalytics + dataTypes: + - IdentityInfo queryFrequency: 1d queryPeriod: 7d triggerOperator: gt