Merge pull request #9460 from Azure/origins/users/rahul/missing-entit…

…y-fix-5 BloodHound Enterprise - Add missing entity mappings
Azure · Nov 24, 2023 · e746cc9 · e746cc9
2 parents 64f986c + 8be6093
commit e746cc9
Show file tree

Hide file tree

Showing 4 changed files with 22 additions and 7 deletions.
diff --git a/.script/tests/detectionTemplateSchemaValidation/SkipStrcutreValidationsTemplates.json b/.script/tests/detectionTemplateSchemaValidation/SkipStrcutreValidationsTemplates.json
@@ -517,5 +517,8 @@
 	"d6543525-03e7-4423-a8dc-269a6818443e",
 	"600db9e0-1c11-4295-a88a-071c79434926",
 	"be52662c-3b23-435a-a6fa-f39bdfc849e6",
-	"84cf1d59-f620-4fee-b569-68daf7008b7b"
+	"84cf1d59-f620-4fee-b569-68daf7008b7b",
+	"df292d06-f348-41ad-b780-0abb5acfe9ab",
+    "b1f6aed2-ebb9-4fe4-bd7c-6657d02a0cc8",
+    "13424be6-aed7-448b-afe5-c03d8b29b4fe"
 ]
diff --git a/Solutions/BloodHound Enterprise/Analytic Rules/BloodHoundEnterpriseCriticalAttackPaths.yaml b/Solutions/BloodHound Enterprise/Analytic Rules/BloodHoundEnterpriseCriticalAttackPaths.yaml
@@ -21,6 +21,10 @@ query: |
   | summarize min_critical_risk_count = min(critical_risk_count), arg_max(created_at, current_critical_risk_count = critical_risk_count) by domain_name
   | extend  difference = current_critical_risk_count - min_critical_risk_count
   | where difference > 0
-entityMappings: null
-version: 1.0.0
+entityMappings:
+  - entityType: DNS
+    fieldMappings:
+      - identifier: DomainName
+        displayName: domain_name
+version: 1.0.1
 kind: Scheduled
diff --git a/Solutions/BloodHound Enterprise/Analytic Rules/BloodHoundEnterpriseExposure.yaml b/Solutions/BloodHound Enterprise/Analytic Rules/BloodHoundEnterpriseExposure.yaml
@@ -21,6 +21,10 @@ query: |
   | summarize min(exposure_index), arg_max(created_at, exposure_index) by domain_name
   | extend min_exposure = min_exposure_index * 100, latest_exposure = exposure_index * 100
   | where latest_exposure - min_exposure > 5
-entityMappings: null
-version: 1.0.0
+entityMappings:
+  - entityType: DNS
+    fieldMappings:
+      - identifier: DomainName
+        displayName: domain_name
+version: 1.0.1
 kind: Scheduled
diff --git a/Solutions/BloodHound Enterprise/Analytic Rules/BloodHoundEnterpriseTierZeroAssets.yaml b/Solutions/BloodHound Enterprise/Analytic Rules/BloodHoundEnterpriseTierZeroAssets.yaml
@@ -21,6 +21,10 @@ query: |
   | summarize min_tier_zero = min(tier_zero_count), max_tier_zero = arg_max(created_at, current_tier_zero = tier_zero_count) by domain_name
   | extend percent_difference = ((current_tier_zero - min_tier_zero) / min_tier_zero) * 100
   | where percent_difference > 5
-entityMappings: null
-version: 1.0.0
+entityMappings:
+  - entityType: DNS
+    fieldMappings:
+      - identifier: DomainName
+        displayName: domain_name
+version: 1.0.1
 kind: Scheduled