Merge pull request Azure#8867 from nipun-crestdatasystem/MimecastTTP

Mimecast TTP
KustoKing · Sep 15, 2023 · 578c106 · 578c106
2 parents 390b628 + fe1c5d8
commit 578c106
Show file tree

Hide file tree

Showing 53 changed files with 6,921 additions and 0 deletions.
diff --git a/.script/tests/KqlvalidationsTests/CustomTables/MimecastTTPAttachment_CL.json b/.script/tests/KqlvalidationsTests/CustomTables/MimecastTTPAttachment_CL.json
@@ -0,0 +1,73 @@
+{
+   "Name":"MimecastTTPAttachment_CL",
+   "Properties":[
+      {
+         "Name":"senderAddress_s",
+         "Type":"String"
+      },
+      {
+         "Name":"recipientAddress_s",
+         "Type":"String"
+      },
+      {
+         "Name":"fileName_s",
+         "Type":"String"
+      },
+      {
+         "Name":"fileType_s",
+         "Type":"String"
+      },
+      {
+         "Name":"result_s",
+         "Type":"String"
+      },
+      {
+         "Name":"actionTriggered_s",
+         "Type":"String"
+      },
+      {
+         "Name":"date_t",
+         "Type":"DateTime"
+      },
+      {
+         "Name":"details_s",
+         "Type":"String"
+      },
+      {
+         "Name":"route_s",
+         "Type":"String"
+      },
+      {
+         "Name":"messageId_s",
+         "Type":"String"
+      },
+      {
+         "Name":"subject_s",
+         "Type":"String"
+      },
+      {
+         "Name":"fileHash_s",
+         "Type":"String"
+      },
+      {
+         "Name":"definition_s",
+         "Type":"String"
+      },
+      {
+         "Name":"mimecastEventId_s",
+         "Type":"String"
+      },
+      {
+         "Name":"mimecastEventCategory_s",
+         "Type":"String"
+      },
+      {
+         "Name":"time_generated",
+         "Type":"DateTime"
+      },
+      {
+         "name": "TimeGenerated",
+         "type": "DateTime"
+      }
+   ]
+}
diff --git a/.script/tests/KqlvalidationsTests/CustomTables/MimecastTTPImpersonation_CL.json b/.script/tests/KqlvalidationsTests/CustomTables/MimecastTTPImpersonation_CL.json
@@ -0,0 +1,77 @@
+{
+   "Name":"MimecastTTPImpersonation_CL",
+   "Properties":[
+      {
+         "Name":"id_s",
+         "Type":"String"
+      },
+      {
+         "Name":"senderAddress_s",
+         "Type":"String"
+      },
+      {
+         "Name":"recipientAddress_s",
+         "Type":"String"
+      },
+      {
+         "Name":"subject_s",
+         "Type":"String"
+      },
+      {
+         "Name":"definition_s",
+         "Type":"String"
+      },
+      {
+         "Name":"hits_s",
+         "Type":"String"
+      },
+      {
+         "Name":"identifiers_s",
+         "Type":"String"
+      },
+      {
+         "Name":"action_s",
+         "Type":"String"
+      },
+      {
+         "Name":"taggedExternal_b",
+         "Type":"Bool"
+      },
+      {
+         "Name":"taggedMalicious_b",
+         "Type":"Bool"
+      },
+      {
+         "Name":"senderIpAddress_s",
+         "Type":"String"
+      },
+      {
+         "Name":"eventTime_t",
+         "Type":"DateTime"
+      },
+      {
+         "Name":"impersonationResults_s",
+         "Type":"String"
+      },
+      {
+         "Name":"messageId_s",
+         "Type":"String"
+      },
+      {
+         "Name":"mimecastEventId_s",
+         "Type":"String"
+      },
+      {
+         "Name":"mimecastEventCategory_s",
+         "Type":"String"
+      },
+      {
+         "Name":"time_generated",
+         "Type":"DateTime"
+      },
+      {
+         "name": "TimeGenerated",
+         "type": "DateTime"
+      }
+   ]
+}
diff --git a/.script/tests/KqlvalidationsTests/CustomTables/MimecastTTPUrl_CL.json b/.script/tests/KqlvalidationsTests/CustomTables/MimecastTTPUrl_CL.json
@@ -0,0 +1,105 @@
+{
+  "Name": "MimecastTTPUrl_CL",
+  "Properties": [
+    {
+      "Name": "userEmailAddress_s",
+      "Type": "String"
+    },
+    {
+      "Name": "fromUserEmailAddress_s",
+      "Type": "String"
+    },
+    {
+      "Name": "url_s",
+      "Type": "String"
+    },
+    {
+      "Name": "ttpDefinition_s",
+      "Type": "String"
+    },
+    {
+      "Name": "subject_s",
+      "Type": "String"
+    },
+    {
+      "Name": "action_s",
+      "Type": "String"
+    },
+    {
+      "Name": "adminOverride_s",
+      "Type": "String"
+    },
+    {
+      "Name": "userOverride_s",
+      "Type": "String"
+    },
+    {
+      "Name": "scanResult_s",
+      "Type": "String"
+    },
+    {
+      "Name": "category_s",
+      "Type": "String"
+    },
+    {
+      "Name": "sendingIp_s",
+      "Type": "String"
+    },
+    {
+      "Name": "advancedPhishingResult_CredentialTheftBrands_s",
+      "Type": "String"
+    },
+    {
+      "Name": "advancedPhishingResult_CredentialTheftTags_s",
+      "Type": "String"
+    },
+    {
+      "Name": "advancedPhishingResult_CredentialTheftEvidence_s",
+      "Type": "String"
+    },
+    {
+      "Name": "userAwarenessAction_s",
+      "Type": "String"
+    },
+    {
+      "Name": "date_t",
+      "Type": "DateTime"
+    },
+    {
+      "Name": "actions_s",
+      "Type": "String"
+    },
+    {
+      "Name": "route_s",
+      "Type": "String"
+    },
+    {
+      "Name": "creationMethod_s",
+      "Type": "String"
+    },
+    {
+      "Name": "emailPartsDescription_s",
+      "Type": "String"
+    },
+    {
+      "Name": "messageId_s",
+      "Type": "String"
+    },
+    {
+      "Name": "mimecastEventId_s",
+      "Type": "String"
+    },
+    {
+      "Name": "mimecastEventCategory_s",
+      "Type": "String"
+    },
+    {
+      "Name": "time_generated",
+      "Type": "DateTime"
+    },
+    {
+      "name": "TimeGenerated",
+      "type": "DateTime"
+   }
+  ]
+}
diff --git a/.script/tests/detectionTemplateSchemaValidation/ValidConnectorIds.json b/.script/tests/detectionTemplateSchemaValidation/ValidConnectorIds.json
@@ -198,6 +198,7 @@
   "DynatraceProblems",
   "MicrosoftDefenderThreatIntelligence",
   "CortexXDR",
+  "MimecastTTPAPI",
   "MimecastAuditAPI",
   "PingFederateAma",
   "vArmourACAma",