Skip to content

Commit

Permalink
Merge branch 'Azure:master' into master
Browse files Browse the repository at this point in the history
  • Loading branch information
@KustoKing
KustoKing authored Sep 18, 2023
2 parents 185c8b6 + c5886fc commit 4b2ddcd
Show file tree
Hide file tree
Showing 110 changed files with 40,314 additions and 119 deletions.
117 changes: 117 additions & 0 deletions .script/tests/KqlvalidationsTests/CustomTables/SpyCloudBreachDataWatchlist.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,117 @@
{
"Name": "SpyCloudBreachDataWatchlist_CL",
"Properties": [
{
"Name": "Document_Id_g",
"Type": "Guid"
},
{
"Name": "Domain_s",
"Type": "String"
},
{
"Name": "Email_s",
"Type": "String"
},
{
"Name": "IP_Address_s",
"Type": "String"
},
{
"Name": "Infected_Machine_Id",
"Type": "String"
},
{
"Name": "Infected_Machine_Id_g",
"Type": "Guid"
},
{
"Name": "Infected_Path_s",
"Type": "String"
},
{
"Name": "Infected_Time_t",
"Type": "DateTime"
},
{
"Name": "Password_s",
"Type": "String"
},
{
"Name": "Password_Plaintext_s",
"Type": "String"
},
{
"Name": "Severity_s",
"Type": "String"
},
{
"Name": "Source_Id_s",
"Type": "String"
},
{
"Name": "SpyCloud_Publish_Date_t",
"Type": "DateTime"
},
{
"Name": "Target_Domain_s",
"Type": "String"
},
{
"Name": "Target_SubDomain_s",
"Type": "String"
},
{
"Name": "Target_URL_s",
"Type": "String"
},
{
"Name": "User_Hostname_s",
"Type": "String"
},
{
"Name": "User_OS_s",
"Type": "String"
},
{
"Name": "Username_s",
"Type": "String"
},
{
"Name": "TenantID",
"Type": "String"
},
{
"Name": "SourceSystem",
"Type": "String"
},
{
"Name": "TimeGenerated",
"Type": "DateTime"
},
{
"Name": "Computer",
"Type": "String"
},
{
"Name": "MG",
"Type": "String"
},
{
"Name": "ManagementGroupName",
"Type": "String"
},
{
"Name": "RawData",
"Type": "String"
},
{
"Name": "Type",
"Type": "String"
},
{
"Name": "_ResourceId",
"Type": "String"
}
]
}
6 changes: 3 additions & 3 deletions ASIM/schemas/ASimFileEvent.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
Schema:
Schema: FileEvent
Version: '0.2.2'
Version: '0.2.3'
Last Updated: Sept 12 2023
References:
- Title: ASIM File Event Schema
Expand Down Expand Up @@ -183,9 +183,9 @@ Fields:

- Name: Hash
Type: string
Class: Conditional
Class: Alias
Description: Alias to the best available Target File hash.
Follows: [TargetFileMD5, TargetFileSHA1, TargetFileSHA256, TargetFileSHA512]
Aliases: [TargetFileMD5, TargetFileSHA1, TargetFileSHA256, TargetFileSHA512]

- Name: HashType
Class: Conditional
Expand Down
4 changes: 3 additions & 1 deletion ASIM/schemas/ASimProcessEvent.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
Schema:
Schema: ProcessEvent
Version: '0.1.4'
Version: '0.1.5'
Last Updated: Mar 06, 2023
References:
- Title: ASIM Process Event Schema
Expand All @@ -17,6 +17,8 @@ Include:
# Common fields
- Name: Event Fields
File: common/ASimEventFields.yaml
- Name: Inspection fields
File: common/ASimInspectionFields.yaml

# Entities
- Name: Dvc
Expand Down
54 changes: 27 additions & 27 deletions DataConnectors/M365Defender-VulnerabilityManagement/azureDeploy.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
"_generator": {
"name": "bicep",
"version": "0.13.1.58284",
"templateHash": "565765809013731276"
"templateHash": "11347846636968529735"
}
},
"parameters": {
Expand Down Expand Up @@ -46,14 +46,14 @@
},
"FunctionAppPackageUri": {
"type": "string",
"defaultValue": "https://raw.githubusercontent.com/anders-alex/Azure-Sentinel/DataConnector-M365Defender-VulnerabilityManagement/DataConnectors/M365Defender-VulnerabilityManagement/functionPackage.zip",
"defaultValue": "https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/M365Defender-VulnerabilityManagement/functionPackage.zip",
"metadata": {
"description": "Uri where the Function App package is located. Use default value unless you are hosting the package somewhere else."
}
},
"DeploymentScriptUri": {
"type": "string",
"defaultValue": "https://raw.githubusercontent.com/anders-alex/Azure-Sentinel/DataConnector-M365Defender-VulnerabilityManagement/DataConnectors/M365Defender-VulnerabilityManagement/deploymentScript.ps1",
"defaultValue": "https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/M365Defender-VulnerabilityManagement/deploymentScript.ps1",
"metadata": {
"description": "Uri where the post deployment script is located. This is used to publish the Function App code after the resources have been deploted. Use default value unless you are hosting the script somewhere else."
}
Expand Down Expand Up @@ -392,9 +392,9 @@
}
},
"properties": {
"azPowerShellVersion": "8.3",
"azPowerShellVersion": "10.0",
"retentionInterval": "PT1H",
"timeout": "PT5M",
"timeout": "PT15M",
"cleanupPreference": "Always",
"primaryScriptUri": "[parameters('DeploymentScriptUri')]",
"arguments": "[format('-PackageUri {0} -SubscriptionId {1} -ResourceGroupName {2} -FunctionAppName {3} -FAScope {4} -UAMIPrincipalId {5}', parameters('FunctionAppPackageUri'), split(subscription().id, '/')[2], resourceGroup().name, parameters('FunctionAppName'), resourceId('Microsoft.Web/sites', parameters('FunctionAppName')), reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('UserAssignedManagedIdentityName')), '2022-01-31-preview').principalId)]"
Expand Down Expand Up @@ -554,7 +554,7 @@
"_generator": {
"name": "bicep",
"version": "0.13.1.58284",
"templateHash": "18108567286443164898"
"templateHash": "6267106311640858417"
}
},
"parameters": {
Expand Down Expand Up @@ -681,7 +681,7 @@
},
{
"type": "Microsoft.Insights/dataCollectionRules",
"apiVersion": "2021-09-01-preview",
"apiVersion": "2022-06-01",
"name": "[parameters('DataCollectionRuleName')]",
"location": "[parameters('LogAnalyticsWorkspaceLocation')]",
"properties": {
Expand Down Expand Up @@ -817,10 +817,6 @@
},
"Custom-MDVMRecommendations_CL": {
"columns": [
{
"name": "activeAlert",
"type": "boolean"
},
{
"name": "associatedThreats",
"type": "dynamic"
Expand Down Expand Up @@ -916,6 +912,10 @@
{
"name": "transactionId",
"type": "string"
},
{
"name": "activeAlert",
"type": "boolean"
}
]
},
Expand Down Expand Up @@ -1141,10 +1141,6 @@
},
"Custom-MDVMNISTConfigurations_CL": {
"columns": [
{
"name": "configurationNumber",
"type": "int"
},
{
"name": "configurationOperator",
"type": "string"
Expand Down Expand Up @@ -1200,6 +1196,10 @@
{
"name": "transactionId",
"type": "string"
},
{
"name": "configurationNumber",
"type": "int"
}
]
}
Expand Down Expand Up @@ -1306,7 +1306,7 @@
"value": "Analytics"
},
"retention": {
"value": 730
"value": 90
},
"columns": {
"value": [
Expand Down Expand Up @@ -1437,7 +1437,7 @@
"value": "Analytics"
},
"retention": {
"value": 730
"value": 90
},
"columns": {
"value": [
Expand Down Expand Up @@ -1588,14 +1588,10 @@
"value": "Analytics"
},
"retention": {
"value": 730
"value": 90
},
"columns": {
"value": [
{
"name": "configurationNumber",
"type": "int"
},
{
"name": "configurationOperator",
"type": "string"
Expand Down Expand Up @@ -1651,6 +1647,10 @@
{
"name": "transactionId",
"type": "string"
},
{
"name": "configurationNumber",
"type": "int"
}
]
}
Expand Down Expand Up @@ -1724,10 +1724,6 @@
},
"columns": {
"value": [
{
"name": "activeAlert",
"type": "boolean"
},
{
"name": "associatedThreats",
"type": "dynamic"
Expand Down Expand Up @@ -1823,6 +1819,10 @@
{
"name": "transactionId",
"type": "string"
},
{
"name": "activeAlert",
"type": "boolean"
}
]
}
Expand Down Expand Up @@ -2221,7 +2221,7 @@
"outputs": {
"DcrImmutableId": {
"type": "string",
"value": "[reference(resourceId('Microsoft.Insights/dataCollectionRules', parameters('DataCollectionRuleName')), '2021-09-01-preview').immutableId]"
"value": "[reference(resourceId('Microsoft.Insights/dataCollectionRules', parameters('DataCollectionRuleName')), '2022-06-01').immutableId]"
},
"DceUri": {
"type": "string",
Expand Down
Loading

0 comments on commit 4b2ddcd

Please sign in to comment.