Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Misplaced scheduled rule #9266

Closed
bittib010 opened this issue Oct 24, 2023 · 7 comments · Fixed by #9318
Closed

Misplaced scheduled rule #9266

bittib010 opened this issue Oct 24, 2023 · 7 comments · Fixed by #9318
Assignees
@v-rbajaj @v-sudkharat @v-muuppugund
Labels
Hunting Hunting specialty review needed

Comments

@bittib010
Copy link

Describe the bug
This rule is a scheduled rule placed in Hunting Queries folder. Made some trouble for us when automating rule sorting...

To Reproduce
Take a look at this https://github.com/Azure/Azure-Sentinel/blob/e92286da7d185c99c6d30c2cb8c86bbeca1a99ba/Solutions/MicrosoftDefenderForEndpoint/Hunting%20Queries/MDE_Usage.yaml

ID: c63ae777-d5e0-4113-8c9a-c2c9d3d09fcd
@github-actions
Copy link
Contributor

Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.

@v-amolpatil v-amolpatil added the Hunting Hunting specialty review needed label Oct 24, 2023
@v-sudkharat
Copy link
Contributor

Hi @bittib010, Thanks for flagging this issue, we will investigate this issue and get back to you with some updates by 30-10-2023. Thanks!

@bittib010
Copy link
Author

bittib010 commented Oct 25, 2023
edited
Loading

Here is anotherone: 5a9ccb48-1316-46e1-89d1-aca0355c305e.
This one is also missing severity if it is a scheduled, and contains too much if it is a hunting query.

@v-sudkharat
Copy link
Contributor

v-sudkharat commented Oct 30, 2023
edited
Loading

Hi @bittib010, regarding 5a9ccb48-1316-46e1-89d1-aca0355c305e the Severity is optional for Hunting queries.
Sharing the document for reference -
https://github.com/Azure/Azure-Sentinel/wiki/Query-Style-Guide#severity
Thanks!

@v-sudkharat
Copy link
Contributor

Describe the bug This rule is a scheduled rule placed in Hunting Queries folder. Made some trouble for us when automating rule sorting...

To Reproduce Take a look at this https://github.com/Azure/Azure-Sentinel/blob/e92286da7d185c99c6d30c2cb8c86bbeca1a99ba/Solutions/MicrosoftDefenderForEndpoint/Hunting%20Queries/MDE_Usage.yaml

ID: c63ae777-d5e0-4113-8c9a-c2c9d3d09fcd

Hi @bittib010, we are working on modifying the changes, we will raise the PR once it done ETA = 06-11-2023. Thanks!

@v-sudkharat v-sudkharat linked a pull request Nov 3, 2023 that will close this issue
Updating proper mapping of entities in MDE hunting queries #9318
Merged
@v-sudkharat
Copy link
Contributor

Hi @bittib010, We have raised the PR with the changes - #9318, the changes will reflect once PR get Merged. Thanks!

@v-muuppugund
Copy link
Contributor

Hi @bittib010 ,Still waiting for the above PR merged and will update you once deployment formalities completed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@v-rbajaj v-rbajaj

@v-sudkharat v-sudkharat

@v-muuppugund v-muuppugund

Labels
Hunting Hunting specialty review needed
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Updating proper mapping of entities in MDE hunting queries Azure/Azure-Sentinel
5 participants
@bittib010 @v-amolpatil @v-rbajaj @v-sudkharat @v-muuppugund