Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Repackaged for updated in Analytical Rule #11266

Merged
merged 2 commits into from
Oct 14, 2024

Conversation

v-rusraut
Copy link
Contributor

Required items, please complete

Change(s):

  • Repackaged

Reason for Change(s):

Version Updated:

  • 3.0.1
    Testing Completed:
  • Done

@v-rusraut v-rusraut requested review from a team as code owners October 14, 2024 06:33
Copy link

Hello how are you I am GitHub bot
😀😀
I see that you changed templates under the detections/analytic rules folder. Did you remember to update the version of the templates you changed?
If not, and if you want customers to be aware that a new version of this template is available, please update the version property of the template you changed.

@v-rusraut v-rusraut added the Solution Solution specialty review needed label Oct 14, 2024
@v-rusraut v-rusraut linked an issue Oct 14, 2024 that may be closed by this pull request
Copy link
Contributor

@rahul0216 rahul0216 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please update the code for inline query.

| extend Username = iff(tostring(TargetUsernameType) == 'Windows', tostring(split(TargetUsername, '\\')), TargetUsername)
| extend NTDomain = iff(tostring(TargetUsernameType) == 'Windows', tostring(split(TargetUsername, '\\')), TargetUsername)
| extend Username = iff(tostring(TargetUsernameType) == 'UPN', tostring(split(TargetUsername, '@')), Username)
| extend UPNSuffix = iff(tostring(TargetUsernameType) == 'UPN', tostring(split(TargetUsername, '@')), '')
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Missed the subscripts after split.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

Copy link
Contributor

@rahul0216 rahul0216 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changes look good.

@v-atulyadav v-atulyadav merged commit 56d6352 into master Oct 14, 2024
36 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Content-Package Solution Solution specialty review needed
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Suspicious process creation analytics rule logic error
3 participants