Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

adding solution SentinelOne #11486

Merged
merged 24 commits into from
Dec 12, 2024
Merged

adding solution SentinelOne #11486

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
24 commits
Select commit Hold shift + click to select a range
813613c
adding solution SentinelOne
idoshabi07 Nov 26, 2024
659ee6c
table schema added
v-prasadboke Dec 4, 2024
76c86e5
fixing issues with testing
idoshabi07 Dec 4, 2024
74ab4e7
Merge branch 'sentinelOne-package-solution' of https://github.com/ido…
v-prasadboke Dec 4, 2024
2f43e80
adding new test
idoshabi07 Dec 10, 2024
458c0d8
adding new test
idoshabi07 Dec 10, 2024
e14c2f3
fixing issues with testing
idoshabi07 Dec 10, 2024
ae18077
fixing issues with testing
idoshabi07 Dec 10, 2024
b5cd18e
fixing issues with testing
idoshabi07 Dec 10, 2024
3cfb310
fixing issues with testing
idoshabi07 Dec 10, 2024
676046d
fixing issues with testing
idoshabi07 Dec 11, 2024
cac03df
table schema updated
v-prasadboke Dec 11, 2024
4bcf3d6
Merge branch 'sentinelOne-package-solution' of https://github.com/ido…
v-prasadboke Dec 11, 2024
0a45b72
Update SentinelOne.yaml
v-prasadboke Dec 11, 2024
bfd33dc
Update SentinelOne.yaml
v-prasadboke Dec 11, 2024
f68c206
Update SentinelOne.yaml
v-prasadboke Dec 11, 2024
7df3aa4
tables empty
v-prasadboke Dec 11, 2024
299f4c0
Adding table Schema to solve testing
idoshabi07 Dec 12, 2024
efb95d3
Adding table Schema to solve testing
idoshabi07 Dec 12, 2024
f122e20
Adding table Schema to solve testing
idoshabi07 Dec 12, 2024
7e08e7a
Adding table Schema to solve testing
idoshabi07 Dec 12, 2024
6dc4d2c
Adding table Schema to solve testing
idoshabi07 Dec 12, 2024
eb0cc15
Adding table Schema to solve testing
idoshabi07 Dec 12, 2024
7c7e58d
Solution packaged
v-prasadboke Dec 12, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
94 changes: 94 additions & 0 deletions .script/tests/KqlvalidationsTests/CustomTables/SentinelOneActivities_CL.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,94 @@
{
"Name":"SentinelOneActivities_CL",
"Properties":[
{
"name": "AgentUpdatedVersion",
"type": "string"
},
{
"name": "UserId",
"type": "string"
},
{
"name": "ThreatId",
"type": "string"
},
{
"name": "PrimaryDescription",
"type": "string"
},
{
"name": "SecondaryDescription",
"type": "string"
},
{
"name": "Id",
"type": "string"
},
{
"name": "GroupId",
"type": "string"
},
{
"name": "CreatedAt",
"type": "datetime"
},
{
"name": "AccountName",
"type": "string"
},
{
"name": "Data",
"type": "string"
},
{
"name": "AgentId",
"type": "string"
},
{
"name": "Hash",
"type": "string"
},
{
"name": "UpdatedAt",
"type": "datetime"
},
{
"name": "Description",
"type": "string"
},
{
"name": "ActivityUuid",
"type": "string"
},
{
"name": "SiteId",
"type": "string"
},
{
"name": "ActivityType",
"type": "real"
},
{
"name": "SiteName",
"type": "string"
},
{
"name": "AccountId",
"type": "string"
},
{
"name": "OsFamily",
"type": "string"
},
{
"name": "GroupName",
"type": "string"
},
{
"name": "Comments",
"type": "string"
}
]

}
279 changes: 279 additions & 0 deletions .script/tests/KqlvalidationsTests/CustomTables/SentinelOneAgents_CL.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,279 @@
{
"Name":"SentinelOneAgents_CL",
"Properties":[
{
"name": "Uuid",
"type": "string"
},
{
"name": "MitigationMode",
"type": "string"
},
{
"name": "NetworkStatus",
"type": "string"
},
{
"name": "InstallerType",
"type": "string"
},
{
"name": "MitigationModeSuspicious",
"type": "string"
},
{
"name": "IsPendingUninstall",
"type": "bool"
},
{
"name": "InRemoteShellSession",
"type": "bool"
},
{
"name": "LastLoggedInUserName",
"type": "string"
},
{
"name": "OsRevision",
"type": "string"
},
{
"name": "OsArch",
"type": "string"
},
{
"name": "Id",
"type": "string"
},
{
"name": "ComputerName",
"type": "string"
},
{
"name": "TotalMemory",
"type": "real"
},
{
"name": "CreatedAt",
"type": "datetime"
},
{
"name": "GroupId",
"type": "string"
},
{
"name": "LastActiveDate",
"type": "datetime"
},
{
"name": "FullDiskScanLastUpdatedAt",
"type": "datetime"
},
{
"name": "AllowRemoteShell",
"type": "bool"
},
{
"name": "RangerVersion",
"type": "string"
},
{
"name": "AccountName",
"type": "string"
},
{
"name": "ScanStatus",
"type": "string"
},
{
"name": "Domain",
"type": "string"
},
{
"name": "MissingPermissions",
"type": "string"
},
{
"name": "IsActive",
"type": "bool"
},
{
"name": "GroupIp",
"type": "string"
},
{
"name": "ThreatRebootRequired",
"type": "bool"
},
{
"name": "GroupUpdatedAt",
"type": "datetime"
},
{
"name": "ExternalId",
"type": "string"
},
{
"name": "MachineType",
"type": "string"
},
{
"name": "RegisteredAt",
"type": "datetime"
},
{
"name": "AppsVulnerabilityStatus",
"type": "string"
},
{
"name": "CoreCount",
"type": "real"
},
{
"name": "Locations",
"type": "string"
},
{
"name": "ScanFinishedAt",
"type": "datetime"
},
{
"name": "UpdatedAt",
"type": "datetime"
},
{
"name": "ExternalIp",
"type": "string"
},
{
"name": "LocationType",
"type": "string"
},
{
"name": "PolicyUpdatedAt",
"type": "datetime"
},
{
"name": "IsDecommissioned",
"type": "bool"
},
{
"name": "CpuId",
"type": "string"
},
{
"name": "NetworkInterfaces",
"type": "string"
},
{
"name": "IsUninstalled",
"type": "bool"
},
{
"name": "ActiveDirectory",
"type": "string"
},
{
"name": "ScanStartedAt",
"type": "datetime"
},
{
"name": "RangerStatus",
"type": "string"
},
{
"name": "SiteId",
"type": "string"
},
{
"name": "AgentVersion",
"type": "string"
},
{
"name": "OsUsername",
"type": "string"
},
{
"name": "EncryptedApplications",
"type": "bool"
},
{
"name": "LastIpToMgmt",
"type": "string"
},
{
"name": "CpuCount",
"type": "real"
},
{
"name": "ScanAbortedAt",
"type": "datetime"
},
{
"name": "SiteName",
"type": "string"
},
{
"name": "ActiveThreats",
"type": "real"
},
{
"name": "Infected",
"type": "bool"
},
{
"name": "ConsoleMigrationStatus",
"type": "string"
},
{
"name": "OsType",
"type": "string"

},
{
"name": "AccountId",
"type": "string"
},
{
"name": "GroupName",
"type": "string"

},
{
"name": "OsName",
"type": "string"
},
{
"name": "IsUpToDate",
"type": "bool"
},
{
"name": "LicenseKey",
"type": "string"
},
{
"name": "UserActionsNeeded",
"type": "string"
},
{
"name": "ModelName",
"type": "string"
},
{
"name": "OsStartTime",
"type": "DateTime"
},
{
"name": "NetworkQuarantineEnabled",
"type": "bool"
},
{
"name": "OperationalStateExpiration",
"type": "string"
},
{
"name": "RemoteProfilingState",
"type": "string"
}
]
}
Loading
Loading