diff --git a/.script/tests/detectionTemplateSchemaValidation/SkipStrcutreValidationsTemplates.json b/.script/tests/detectionTemplateSchemaValidation/SkipStrcutreValidationsTemplates.json index 8e0c88beaba..074b11298ee 100644 --- a/.script/tests/detectionTemplateSchemaValidation/SkipStrcutreValidationsTemplates.json +++ b/.script/tests/detectionTemplateSchemaValidation/SkipStrcutreValidationsTemplates.json @@ -517,5 +517,8 @@ "d6543525-03e7-4423-a8dc-269a6818443e", "600db9e0-1c11-4295-a88a-071c79434926", "be52662c-3b23-435a-a6fa-f39bdfc849e6", - "84cf1d59-f620-4fee-b569-68daf7008b7b" + "84cf1d59-f620-4fee-b569-68daf7008b7b", + "df292d06-f348-41ad-b780-0abb5acfe9ab", + "b1f6aed2-ebb9-4fe4-bd7c-6657d02a0cc8", + "13424be6-aed7-448b-afe5-c03d8b29b4fe" ] \ No newline at end of file diff --git a/Solutions/BloodHound Enterprise/Analytic Rules/BloodHoundEnterpriseCriticalAttackPaths.yaml b/Solutions/BloodHound Enterprise/Analytic Rules/BloodHoundEnterpriseCriticalAttackPaths.yaml index 4f34770ac82..0869faccb11 100644 --- a/Solutions/BloodHound Enterprise/Analytic Rules/BloodHoundEnterpriseCriticalAttackPaths.yaml +++ b/Solutions/BloodHound Enterprise/Analytic Rules/BloodHoundEnterpriseCriticalAttackPaths.yaml @@ -21,6 +21,10 @@ query: | | summarize min_critical_risk_count = min(critical_risk_count), arg_max(created_at, current_critical_risk_count = critical_risk_count) by domain_name | extend difference = current_critical_risk_count - min_critical_risk_count | where difference > 0 -entityMappings: null -version: 1.0.0 +entityMappings: + - entityType: DNS + fieldMappings: + - identifier: DomainName + displayName: domain_name +version: 1.0.1 kind: Scheduled \ No newline at end of file diff --git a/Solutions/BloodHound Enterprise/Analytic Rules/BloodHoundEnterpriseExposure.yaml b/Solutions/BloodHound Enterprise/Analytic Rules/BloodHoundEnterpriseExposure.yaml index 46f59b1ae95..6f8bee7dfa6 100644 --- a/Solutions/BloodHound Enterprise/Analytic Rules/BloodHoundEnterpriseExposure.yaml +++ b/Solutions/BloodHound Enterprise/Analytic Rules/BloodHoundEnterpriseExposure.yaml @@ -21,6 +21,10 @@ query: | | summarize min(exposure_index), arg_max(created_at, exposure_index) by domain_name | extend min_exposure = min_exposure_index * 100, latest_exposure = exposure_index * 100 | where latest_exposure - min_exposure > 5 -entityMappings: null -version: 1.0.0 +entityMappings: + - entityType: DNS + fieldMappings: + - identifier: DomainName + displayName: domain_name +version: 1.0.1 kind: Scheduled \ No newline at end of file diff --git a/Solutions/BloodHound Enterprise/Analytic Rules/BloodHoundEnterpriseTierZeroAssets.yaml b/Solutions/BloodHound Enterprise/Analytic Rules/BloodHoundEnterpriseTierZeroAssets.yaml index 8de9a99fb3f..c8f777dda3d 100644 --- a/Solutions/BloodHound Enterprise/Analytic Rules/BloodHoundEnterpriseTierZeroAssets.yaml +++ b/Solutions/BloodHound Enterprise/Analytic Rules/BloodHoundEnterpriseTierZeroAssets.yaml @@ -21,6 +21,10 @@ query: | | summarize min_tier_zero = min(tier_zero_count), max_tier_zero = arg_max(created_at, current_tier_zero = tier_zero_count) by domain_name | extend percent_difference = ((current_tier_zero - min_tier_zero) / min_tier_zero) * 100 | where percent_difference > 5 -entityMappings: null -version: 1.0.0 +entityMappings: + - entityType: DNS + fieldMappings: + - identifier: DomainName + displayName: domain_name +version: 1.0.1 kind: Scheduled \ No newline at end of file