Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

entity mapping fixes #9624

Merged
merged 13 commits into from
Dec 29, 2023
Merged

entity mapping fixes #9624

merged 13 commits into from
Dec 29, 2023

Conversation

ddamenova
Copy link
Contributor

Change(s):

  • making the entity mapping stronger by breaking down the account and host entity mappings.

  • getting rid of extraneous custom entity columns

    Reason for Change(s):

    • fixing entity mapping to get more alert correlations and reduce singletons

    Version Updated:

    • yes
      Testing Completed:
    • yes

    Checked that the validations are passing and have addressed any issues that are present:

    • not yet

@ddamenova ddamenova requested review from a team as code owners December 15, 2023 20:15
@github-actions GitHub Actions
Copy link
Contributor

Hello how are you I am GitHub bot
😀😀
I see that you changed templates under the detections/analytic rules folder. Did you remember to update the version of the templates you changed?
If not, and if you want customers to be aware that a new version of this template is available, please update the version property of the template you changed.

@github-actions GitHub Actions
Copy link
Contributor

Hello how are you I am GitHub bot
😀😀
I see that you changed templates under the detections/analytic rules folder. Did you remember to update the version of the templates you changed?
If not, and if you want customers to be aware that a new version of this template is available, please update the version property of the template you changed.

@github-actions GitHub Actions
Copy link
Contributor

Hello how are you I am GitHub bot
😀😀
I see that you changed templates under the detections/analytic rules folder. Did you remember to update the version of the templates you changed?
If not, and if you want customers to be aware that a new version of this template is available, please update the version property of the template you changed.

@v-prasadboke v-prasadboke self-assigned this Dec 18, 2023
@v-prasadboke v-prasadboke added the Detection Detection specialty review needed label Dec 18, 2023
@v-prasadboke
Copy link
Contributor

Hello @ddamenova, Is Shain or Ashwin reviewing this PR?

CC: @shainw && @ashwin-patil

@github-actions GitHub Actions
Copy link
Contributor

Hello how are you I am GitHub bot
😀😀
I see that you changed templates under the detections/analytic rules folder. Did you remember to update the version of the templates you changed?
If not, and if you want customers to be aware that a new version of this template is available, please update the version property of the template you changed.

@github-actions GitHub Actions
Copy link
Contributor

Hello how are you I am GitHub bot
😀😀
I see that you changed templates under the detections/analytic rules folder. Did you remember to update the version of the templates you changed?
If not, and if you want customers to be aware that a new version of this template is available, please update the version property of the template you changed.

@github-actions GitHub Actions
Copy link
Contributor

Hello how are you I am GitHub bot
😀😀
I see that you changed templates under the detections/analytic rules folder. Did you remember to update the version of the templates you changed?
If not, and if you want customers to be aware that a new version of this template is available, please update the version property of the template you changed.

@shainw
Update Mercury_Log4j_August2022.yaml
5d2c093 
Missed one IPCustomEntity
@github-actions GitHub Actions
Copy link
Contributor

Hello how are you I am GitHub bot
😀😀
I see that you changed templates under the detections/analytic rules folder. Did you remember to update the version of the templates you changed?
If not, and if you want customers to be aware that a new version of this template is available, please update the version property of the template you changed.

@shainw
Update Mercury_Log4j_August2022.yaml
ebb67b7 
One more custom entity label missed...
@github-actions GitHub Actions
Copy link
Contributor

Hello how are you I am GitHub bot
😀😀
I see that you changed templates under the detections/analytic rules folder. Did you remember to update the version of the templates you changed?
If not, and if you want customers to be aware that a new version of this template is available, please update the version property of the template you changed.

@shainw shainw merged commit ec65f47 into master Dec 29, 2023
26 checks passed
@shainw shainw added the CoreEntityFix Improving entity correlation ability by implement minimum entity mappings for Acount, Host and IP label Jan 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@shainw shainw shainw approved these changes

@ashwin-patil ashwin-patil Awaiting requested review from ashwin-patil

Assignees

@v-prasadboke v-prasadboke

@mmelndezlujn mmelndezlujn

@ddamenova ddamenova

Labels
CoreEntityFix Improving entity correlation ability by implement minimum entity mappings for Acount, Host and IP Detection Detection specialty review needed
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@ddamenova @v-prasadboke @shainw @mmelndezlujn