Merge remote-tracking branch 'origin/master' into native_Audit_Parser

.script/tests/KqlvalidationsTests/CustomTables/Samsung_Knox_Application_CL.json

@@ -0,0 +1,71 @@
+{
+    "Name": "Samsung_Knox_Application_CL",
+    "Properties": [
+        {
+          "name": "TimeGenerated",
+          "type": "DateTime",
+          "isDefaultDisplay": true,
+          "description": "The timestamp (UTC) reflecting the time in which the event was generated."
+        },
+        {
+          "name": "PrimaryImei",
+          "type": "string"
+        },
+        {
+          "name": "DeviceImei1",
+          "type": "string"
+        },
+        {
+          "name": "DeviceImei2",
+          "type": "string"
+        },
+        {
+          "name": "DeviceSerialNumber",
+          "type": "string"
+        },
+        {
+          "name": "DeviceWifimac",
+          "type": "string"
+        },
+        {
+          "name": "DeviceModel",
+          "type": "string"
+        },
+        {
+          "name": "EventGuid",
+          "type": "long"
+        },
+        {
+          "name": "Name",
+          "type": "string"
+        },
+        {
+          "name": "Version",
+          "type": "string"
+        },
+        {
+          "name": "Severity",
+          "type": "string"
+        },
+        {
+          "name": "MitreTtp",
+          "type": "dynamic"
+        },
+        {
+          "name": "Profile",
+          "type": "string"
+        },
+        {
+          "name": "PkgName",
+          "type": "string"
+        },
+        {
+          "name": "AccessibilityApi",
+          "type": "string"
+        },
+        {
+          "name": "RestrictedPerms",
+          "type": "dynamic"
+        }
+  ]
+}

.script/tests/KqlvalidationsTests/CustomTables/Samsung_Knox_Audit_CL.json

@@ -0,0 +1,87 @@
+{
+    "Name": "Samsung_Knox_Audit_CL",
+    "Properties": [
+          {
+            "name": "TimeGenerated",
+            "type": "DateTime",
+            "isDefaultDisplay": true,
+            "description": "The timestamp (UTC) reflecting the time in which the event was generated."
+          },
+          {
+            "name": "PrimaryImei",
+            "type": "string"
+          },
+          {
+            "name": "DeviceImei1",
+            "type": "string"
+          },
+          {
+            "name": "DeviceImei2",
+            "type": "string"
+          },
+          {
+            "name": "DeviceSerialNumber",
+            "type": "string"
+          },
+          {
+            "name": "DeviceWifimac",
+            "type": "string"
+          },
+          {
+            "name": "DeviceModel",
+            "type": "string"
+          },
+          {
+            "name": "EventGuid",
+            "type": "long"
+          },
+          {
+            "name": "Name",
+            "type": "string"
+          },
+          {
+            "name": "Version",
+            "type": "string"
+          },
+          {
+            "name": "Severity",
+            "type": "string"
+          },
+          {
+            "name": "MitreTtp",
+            "type": "dynamic"
+          },
+          {
+            "name": "Profile",
+            "type": "string"
+          },
+          {
+            "name": "UserId",
+            "type": "int"
+          },
+          {
+            "name": "AdmUserId",
+            "type": "int"
+          },
+          {
+            "name": "AdmPkgName",
+            "type": "string"
+          },
+          {
+            "name": "FailureReason",
+            "type": "string"
+          },
+          {
+            "name": "Action",
+            "type": "string"
+          },
+          {
+            "name": "KeyMask",
+            "type": "int"
+          },
+          {
+            "name": "PkgName",
+            "type": "string"
+          }
+    ]
+}

.script/tests/KqlvalidationsTests/CustomTables/Samsung_Knox_Network_CL.json

@@ -0,0 +1,135 @@
+{
+    "Name": "Samsung_Knox_Network_CL",
+    "Properties": [
+          {
+            "name": "TimeGenerated",
+            "type": "DateTime",
+            "isDefaultDisplay": true,
+            "description": "The timestamp (UTC) reflecting the time in which the event was generated."
+          },
+          {
+            "name": "PrimaryImei",
+            "type": "string"
+          },
+          {
+            "name": "DeviceImei1",
+            "type": "string"
+          },
+          {
+            "name": "DeviceImei2",
+            "type": "string"
+          },
+          {
+            "name": "DeviceSerialNumber",
+            "type": "string"
+          },
+          {
+            "name": "DeviceWifimac",
+            "type": "string"
+          },
+          {
+            "name": "DeviceModel",
+            "type": "string"
+          },
+          {
+            "name": "EventGuid",
+            "type": "long"
+          },
+          {
+            "name": "Name",
+            "type": "string"
+          },
+          {
+            "name": "Version",
+            "type": "string"
+          },
+          {
+            "name": "Severity",
+            "type": "string"
+          },
+          {
+            "name": "MitreTtp",
+            "type": "dynamic"
+          },
+          {
+            "name": "Profile",
+            "type": "string"
+          },
+          {
+            "name": "Protocol",
+            "type": "int"
+          },
+         {
+            "name": "SourcePort",
+            "type": "int"
+          },
+          {
+            "name": "RemotePort",
+            "type": "int"
+          },
+          {
+            "name": "SourceAddr",
+            "type": "string"
+          },
+          {
+            "name": "RemoteAddr",
+            "type": "string"
+          },
+          {
+            "name": "EventDetectedTime",
+            "type": "DateTime"
+          },
+          {
+            "name": "Family",
+            "type": "int"
+          },
+          {
+            "name": "PkgName",
+            "type": "string"
+          },
+          {
+            "name": "InterfaceName",
+            "type": "string"
+          },
+          {
+            "name": "Tid",
+            "type": "int"
+          },
+          {
+            "name": "Pid",
+            "type": "int"
+          },
+          {
+            "name": "Ppid",
+            "type": "int"
+          },
+          {
+            "name": "Uid",
+            "type": "int"
+          },
+          {
+            "name": "Gid",
+            "type": "int"
+          },
+          {
+            "name": "ExitCode",
+            "type": "int"
+          },
+          {
+            "name": "Syscall",
+            "type": "int"
+          },
+          {
+            "name": "Path",
+            "type": "string"
+          },
+          {
+            "name": "Ja3Fingerprint",
+            "type": "string"
+          },
+          {
+            "name": "SocketType",
+            "type": "int"
+          }
+    ]
+}