Added analytic rule for vulnerability of CVE-2023-4863

[kfriede]

Change(s):

• Added analytic rule to Microsoft 365 solution for CVE-2023-4863

Reason for Change(s):

• Emerging threat

Version Updated:

• N/A (v1.0.0)

Testing Completed:

• Yes

Checked that the validations are passing and have addressed any issues that are present:

• Yes

[v-atulyadav]

Hi @kfriede,
Could you please check the analytical rule for the missing properties?. Thanks

• tactics
• relevantTechniques
• version
  Note: Initial version should be 1.0.0

please refer Query-Style-Guide for the same

Also check below sample example for your reference
https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Microsoft%20365%20Defender/Analytic%20Rules/AVSpringShell.yaml

[kfriede]

Hi @v-atulyadav, I've updated the file with the requested changes

[v-atulyadav]

Hi @kfriede,
Could you please group the different entity types together into a single entity type instead of having multiple entity types for the same value?. Rest query looks good. Thanks

Below is for your reference.

[kfriede]

Hi @v-atulyadav, requested change has been made. Didn't know that grouping like that was legal, that's much more concise.

[v-atulyadav]

Hello @kfriede,
I have reverted the above commit because it was causing a validation failure. We will continue to proceed with the earlier approach. Thanks