Prioritize Enriched GSA Events, Keep Office Alerts for Non-Enriched Events #11108
Build #Azure Sentinel Validations had test failures
Details
- Failed: 15 (0.07%)
- Passed: 21,400 (99.93%)
- Other: 0 (0.00%)
- Total: 21,415
Annotations
Check failure on line 33 in Build log
azure-pipelines / Sentinel Content Validation
Build log #L33
An error occurred, please open an issue
Check failure on line 35 in Build log
azure-pipelines / Sentinel Content Validation
Build log #L35
Bash exited with code '255'.
Check failure on line 148 in Build log
azure-pipelines / Sentinel Content Validation
Build log #L148
Error: The process '/opt/hostedtoolcache/dotnet/dotnet' failed with exit code 1
Check failure on line 153 in Build log
azure-pipelines / Sentinel Content Validation
Build log #L153
Dotnet command failed with non-zero exit code on the following projects : [
'/home/vsts/work/1/s/.script/tests/detectionTemplateSchemaValidation/DetectionTemplateSchemaValidation.Tests.csproj'
]
azure-pipelines / Sentinel Content Validation
Kqlvalidations.Tests.KqlValidationTests.Validate_DetectionQueries_HaveValidKql(fileName: "Office 365 - Malicious_Inbox_Rule.yaml", encodedFilePath: "L2hvbWUvdnN0cy93b3JrLzEvcy9Tb2x1dGlvbnMvR2xvYmFsIF"...)
Template Id: 7b907bf7-77d4-41d0-a208-5643ff75bf9a is not valid in Line: 15 col: 169
Errors: Expected: ), Code: 'KS005', Severity: 'Error', Location: '1257..1257'
Expected: True
Actual: FalseRaw output
at Kqlvalidations.Tests.KqlValidationTests.ValidateKql(String id, String queryStr, Boolean ignoreNoTabularExpressionError) in /home/vsts/work/1/s/.script/tests/KqlvalidationsTests/KqlValidationTests.cs:line 462
at Kqlvalidations.Tests.KqlValidationTests.Validate_DetectionQueries_HaveValidKql(String fileName, String encodedFilePath) in /home/vsts/work/1/s/.script/tests/KqlvalidationsTests/KqlValidationTests.cs:line 124
azure-pipelines / Sentinel Content Validation
Kqlvalidations.Tests.KqlValidationTests.Validate_HuntingQueries_HaveValidKql(fileName: "MultipleTeamsDeletes.yaml", encodedFilePath: "L2hvbWUvdnN0cy93b3JrLzEvcy9Tb2x1dGlvbnMvR2xvYmFsIF"...)
Template Id: 64990414-b015-4edf-bef0-343b741e68c5 is not valid in Line: 41 col: 16
Errors: The name 'TimeGenerated' does not refer to any known column, table, variable or function., Code: 'KS142', Severity: 'Error', Location: '1779..1792'
Expected: True
Actual: FalseRaw output
at Kqlvalidations.Tests.KqlValidationTests.ValidateKql(String id, String queryStr, Boolean ignoreNoTabularExpressionError) in /home/vsts/work/1/s/.script/tests/KqlvalidationsTests/KqlValidationTests.cs:line 462
at Kqlvalidations.Tests.KqlValidationTests.Validate_HuntingQueries_HaveValidKql(String fileName, String encodedFilePath) in /home/vsts/work/1/s/.script/tests/KqlvalidationsTests/KqlValidationTests.cs:line 99
azure-pipelines / Sentinel Content Validation
Kqlvalidations.Tests.KqlValidationTests.Validate_HuntingQueries_HaveValidKql(fileName: "new_adminaccountactivity.yaml", encodedFilePath: "L2hvbWUvdnN0cy93b3JrLzEvcy9Tb2x1dGlvbnMvR2xvYmFsIF"...)
Template Id: 723c5f46-133f-4f1e-ada6-5c138f811d75 is not valid in Line: 26 col: 33
Errors: The name 'TimeGenerated' does not refer to any known column, table, variable or function., Code: 'KS142', Severity: 'Error', Location: '1219..1232',The name 'TimeGenerated' does not refer to any known column, table, variable or function., Code: 'KS142', Severity: 'Error', Location: '1249..1262',The name 'RecordType' does not refer to any known column, table, variable or function., Code: 'KS142', Severity: 'Error', Location: '1276..1286',The name 'Operation' does not refer to any known column, table, variable or function., Code: 'KS142', Severity: 'Error', Location: '1288..1297',The name 'UserType' does not refer to any known column, table, variable or function., Code: 'KS142', Severity: 'Error', Location: '1299..1307',The name 'OriginatingServer' does not refer to any known column, table, variable or function., Code: 'KS142', Severity: 'Error', Location: '1317..1334',The name 'ResultStatus' does not refer to any known column, table, variable or function., Code: 'KS142', Severity: 'Error', Location: '1336..1348'
Expected: True
Actual: FalseRaw output
at Kqlvalidations.Tests.KqlValidationTests.ValidateKql(String id, String queryStr, Boolean ignoreNoTabularExpressionError) in /home/vsts/work/1/s/.script/tests/KqlvalidationsTests/KqlValidationTests.cs:line 462
at Kqlvalidations.Tests.KqlValidationTests.Validate_HuntingQueries_HaveValidKql(String fileName, String encodedFilePath) in /home/vsts/work/1/s/.script/tests/KqlvalidationsTests/KqlValidationTests.cs:line 99
azure-pipelines / Sentinel Content Validation
Kqlvalidations.Tests.KqlValidationTests.Validate_DetectionQueries_HaveValidKql(fileName: "Office 365 - Office_Uploaded_Executables.yaml", encodedFilePath: "L2hvbWUvdnN0cy93b3JrLzEvcy9Tb2x1dGlvbnMvR2xvYmFsIF"...)
Template Id: d722831e-88f5-4e25-b106-4ef6e29f8c13 is not valid in Line: 57 col: 42
Errors: The name 'SourceFileName' does not refer to any known column, table, variable or function., Code: 'KS142', Severity: 'Error', Location: '4676..4690',The name 'SourceRelativeUrl' does not refer to any known column, table, variable or function., Code: 'KS142', Severity: 'Error', Location: '4692..4709',The name 'RecordType' does not refer to any known column, table, variable or function., Code: 'KS142', Severity: 'Error', Location: '4907..4917'
Expected: True
Actual: FalseRaw output
at Kqlvalidations.Tests.KqlValidationTests.ValidateKql(String id, String queryStr, Boolean ignoreNoTabularExpressionError) in /home/vsts/work/1/s/.script/tests/KqlvalidationsTests/KqlValidationTests.cs:line 462
at Kqlvalidations.Tests.KqlValidationTests.Validate_DetectionQueries_HaveValidKql(String fileName, String encodedFilePath) in /home/vsts/work/1/s/.script/tests/KqlvalidationsTests/KqlValidationTests.cs:line 124