Created a new tool for creating Incidents with email by samikroy · Pull Request #6409 · Azure/Azure-Sentinel

samikroy · 2022-10-17T14:56:22Z

A detailed explanation is here.
https://github.com/samikroy/Azure-Sentinel/blob/patch-32/Tools/Create%20Incidents%20with%20Email/Readme.md

This will be a part of the readme after the PR merge.

samikroy · 2022-10-17T14:58:16Z

@v-mchatla - Request your help for the approval.

v-spadarthi · 2022-10-21T05:05:43Z

@rushriva : Please have a look and provide an update. Thanks!

v-spadarthi · 2022-10-25T08:34:09Z

@rushriva : Please have a look and provide an update. Thanks!

v-spadarthi · 2022-10-28T05:08:54Z

@rushriva : Please have a look and provide an update. Thanks!

v-spadarthi · 2022-10-31T06:44:48Z

@rushriva is checking with @shainw.

v-spadarthi · 2022-11-02T01:22:09Z

@rushriva : Please have a look and provide an update. Thanks!

v-spadarthi · 2022-11-04T02:24:33Z

@rushriva : Please have a look and provide an update. Thanks!

v-spadarthi · 2022-11-08T07:56:35Z

@rushriva : Please have a look and provide an update. Thanks!

v-spadarthi · 2022-11-11T05:03:34Z

@rushriva : Please have a look and provide an update. Thanks!

v-spadarthi · 2022-11-14T05:07:12Z

@rushriva : Please have a look and provide an update. Thanks!

v-spadarthi · 2022-11-16T04:28:54Z

@rushriva : Please have a look and provide an update. Thanks!

v-spadarthi · 2022-11-18T04:36:17Z

@rushriva : Please have a look and provide an update. Thanks!

v-spadarthi · 2022-11-23T04:18:25Z

@rushriva : Please have a look and provide an update. Thanks!

v-spadarthi · 2022-11-25T03:19:12Z

@rushriva : Please have a look and provide an update. Thanks!

anki-narravula · 2022-11-25T07:16:10Z

Hi @samikroy -

Thank you for this content. Based on the functionality I see this is automation playbook and can we move this to Playbook folder, so that we can get into Content hub subsequently. While moving, can you please add following elements, so that it will be ready for content hub

Metadata section:

You can find the instructions here - https://github.com/Azure/Azure-Sentinel/tree/master/docs/New%20Playbooks%20Contribution%20Guide#contribution-guidelines
For examples you can refer this playbook https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Okta%20Single%20Sign-On/Playbooks/OktaPlaybooks/Okta-EnrichIncidentWithUserDetails/azuredeploy.json

As a best practice, we recommend sentinel connection in playbooks uses "ManagedSecurityIdentity".
Please refer Sample Template for sample template. For more details, refer this. Make sure to do changes at 3 places

v-spadarthi · 2022-11-28T05:17:01Z

@samikroy : Please address the @anki-narravula comments.

samikroy · 2022-11-29T19:09:10Z

@anki-narravula @v-spadarthi - Please have a look at the updated code and share your reviews !

v-atulyadav · 2023-02-10T06:00:52Z

Hi @manishkumar1991, @samikroy has responded on your comments please check and respond accordingly. Thanks.

v-atulyadav · 2023-02-15T04:37:47Z

Hi @manishkumar1991, please provide your feedback. Thanks.

v-atulyadav · 2023-02-17T05:11:30Z

Hi @manishkumar1991, @samikroy has responded on your comments please check and respond accordingly. Thanks.

manishkumar1991 · 2023-02-21T06:08:45Z

Hi @manishkumar1991, @samikroy has responded on your comments please check and respond accordingly. Thanks.

checking

manishkumar1991 · 2023-02-21T06:19:02Z

@samikroy ,

Please address comments given by @anki-narravula regarding the use of "managed service identity " while making azure sentinel connection in playbook .

@v-atulyadav : Readme file changes has been taken care with minor correction needed, but first comments mentioned by anki is still not addressed .

Playbooks/Create Incidents with Email/Readme.md

manishkumar1991 · 2023-02-21T06:21:04Z

Hi @samikroy -

Thank you for this content. Based on the functionality I see this is automation playbook and can we move this to Playbook folder, so that we can get into Content hub subsequently. While moving, can you please add following elements, so that it will be ready for content hub

Metadata section:

You can find the instructions here - https://github.com/Azure/Azure-Sentinel/tree/master/docs/New%20Playbooks%20Contribution%20Guide#contribution-guidelines

For examples you can refer this playbook https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Okta%20Single%20Sign-On/Playbooks/OktaPlaybooks/Okta-EnrichIncidentWithUserDetails/azuredeploy.json

As a best practice, we recommend sentinel connection in playbooks uses "ManagedSecurityIdentity".
Please refer Sample Template for sample template. For more details, refer this. Make sure to do changes at 3 places

@samikroy These comments still not addressed, can you please make the changes

v-atulyadav · 2023-02-24T03:38:27Z

Hi @samikroy, please addressed comments above. Thanks

v-atulyadav · 2023-03-01T04:18:21Z

Hi @samikroy, could you please take a look at the above comments. Thanks

v-atulyadav · 2023-03-03T04:46:26Z

Hi @samikroy, I would appreciate if you could take a look at the above comments Thanks.

samikroy · 2023-03-03T10:16:52Z

@v-atulyadav & @manishkumar1991 - Have fixed the mentioned ones.
As there a lot of back and forth could you pease mention the exact error with line numbers mentioned to fast track this
Thank you.

manishkumar1991 · 2023-03-06T05:14:37Z

Playbooks/Create Incidents with Email/azuredeploy.json

+            "properties": {
+                "displayName": "[variables('AzureSentinelConnection')]",
+                "customParameterValues": {},
+                "api": {


Deployment is failing due to missing entry mentioned below:

After custom Parameters:
Kindly add.
"parameterValueType": "Alternative",

this will enable the deployment to install workflow as managed by service identity.

Note: Before submitting the PR, kindly test the deployment in your environment.

@samikroy is this done? Please confirm

@samikroy

Hello ,

after line number 58 you need to make the changes, you didn't get lost, that why I marked the comment at line 58.

Changes mentioned above are needs to be added in Microsoft.Web/connections of sentinel connection not in office 365 connection.

@v-atulyadav Waiting for @samikroy to complete the changes properly

manishkumar1991 · 2023-03-06T05:29:01Z

@v-atulyadav & @manishkumar1991 - Have fixed the mentioned ones. As there a lot of back and forth could you please mention the exact error with line numbers mentioned to fast track this Thank you.

@samikroy :As PR approver, We can only suggest you good practice, so that good quality content gets merged in our branch.

I see that if you can scroll up and see that Anki from our team, has already told you on the first day of the PR itself, and mentioned what needs to be changed. If proper action has been taken at that time, we could not have gone back and forth too much.

Kindly change the AzureSentinelConnection with MicrosoftSentinelConnection at all places in your arm template.

Thanks
Manish Kumar

v-atulyadav · 2023-03-08T05:20:02Z

Hi @samikroy, please respond on remaining fixes suggested by Anki. Thanks

samikroy · 2023-03-08T05:43:53Z

Hi @samikroy, please respond on remaining fixes suggested by Anki. Thanks

@v-atulyadav - Have address the comments. Please let me know for any further changes .

v-atulyadav · 2023-03-10T04:59:40Z

Hi @manishkumar1991, @samikroy has responded to comments please check. Thanks

manishkumar1991 · 2023-03-13T06:39:28Z

@samikroy , , Changes are not done, as asked .
Kindly refer to me previous comments

manishkumar1991

approved

samikroy · 2023-03-14T18:33:03Z

@manishkumar1991 , @v-atulyadav , @v-dvedak - Thank you for the your time throughout the PR timeline with the detailed reviews till the approval & merge.
Apologies for the back and forth while addressing the comments.

commit 27f02d17c5516dab768afda28edd82e6ab25d215 Author: git-rubrik <120683256+git-rubrik@users.noreply.github.com> Date: Tue Mar 14 20:15:52 2023 -0700 Squashed commit of the following: commit 137d60b0108b297faa722982fc587bb241b1012c Merge: c8c8b6d82 7e13ac1fc Author: git-rubrik <120683256+git-rubrik@users.noreply.github.com> Date: Tue Mar 14 07:47:14 2023 -0700 Merge branch 'Azure:master' into master commit 7e13ac1fcb778f2c3c3b2fdc3753a7e3aa11151d Merge: ce8280925 7cea6315b Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Tue Mar 14 18:31:01 2023 +0530 Merge pull request #7549 from Azure/v-rbajaj/ciscouscciscomeraki Updating CiscoUCS and Cisco Meraki commit ce8280925c2b9ab93c0e675c17a46778bdc97498 Merge: efe120329 46bbf1324 Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Tue Mar 14 17:24:47 2023 +0530 Merge pull request #7546 from Azure/v-rbajaj/azureactivedirectorysolution Repackaging Azure Active Directory commit efe12032972be7a40463e8a2d4e3d87c14946d65 Merge: ee655784a fb0ebb098 Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Tue Mar 14 16:56:13 2023 +0530 Merge pull request #7441 from Azure/v-rbajaj/ISCBind Update in data connector and parser commit 46bbf1324b1a0c6c71357548afea99478e214156 Author: v-rbajaj <v-rbajaj@microsoft.com> Date: Tue Mar 14 16:44:48 2023 +0530 repackaged with changes in data connector commit 7cea6315be9f72785888bcecbb98709ab55e2531 Author: v-rbajaj <v-rbajaj@microsoft.com> Date: Tue Mar 14 16:19:11 2023 +0530 Fixing UI changes commit ee655784a87594ae3fc688d37ff7ee6126a5a3b3 Merge: 78ef61068 60011ccf9 Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Tue Mar 14 16:05:06 2023 +0530 Merge pull request #7552 from Azure/v-vdixit/parsers-update-solutions Updating UI for Blackberry CylancePROTECT Solution commit 78ef61068a07390604612c8d38202a5b09a7d613 Merge: 7955d224b 9bfc71d94 Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Tue Mar 14 15:48:37 2023 +0530 Merge pull request #7285 from Azure/v-vdixit/KQLvalidationsMultipleSolutions Hunting Queries KQL validations for Multiple Solutions commit 7955d224b1722197786493f4399b22976871410d Merge: 066e04543 36990e71f Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Tue Mar 14 15:47:32 2023 +0530 Merge pull request #7536 from BenjiSec/AutomationHealthv2 Automation Health workbook update commit 60011ccf917cb1f23f98a16df0cdb82a6b369f4b Author: DixitVedanshi <v-vdixit@microsoft.com> Date: Tue Mar 14 15:09:34 2023 +0530 Updating UI for BlackberryCyclaneProtect commit 066e04543942bee44141f0915ec5d18b7a17ad52 Merge: fa775f897 05859e0d1 Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Tue Mar 14 14:51:08 2023 +0530 Merge pull request #7517 from txhaflaire/JamfProtect_for_MicrosoftSentinel_v2.1.2 Adding eventGroupingSettings to Analytic Rules commit fa775f8975ff22f838cdf92432c4973a38eafdf6 Merge: 5e67ce911 0096bcf65 Author: v-sabiraj <94349919+v-sabiraj@users.noreply.github.com> Date: Tue Mar 14 14:40:36 2023 +0530 Merge pull request #7481 from Azure/v-sabiraj-TemplatespecsolutionforGCPBigquery Solution creation for GCP big query commit 9bfc71d94933e7e26cbb081dcdb7a313eac2bb64 Author: v-vdixit <115772287+v-vdixit@users.noreply.github.com> Date: Tue Mar 14 14:35:52 2023 +0530 updating skipvalidations commit 39e68c9759a48e594d00a8301cb566a2b7788d5a Author: v-rbajaj <v-rbajaj@microsoft.com> Date: Tue Mar 14 14:17:59 2023 +0530 Fixing Cisco Meraki createui commit cd9dde7a137a42d4ee1c2ab5a4c879122a134907 Author: v-vdixit <115772287+v-vdixit@users.noreply.github.com> Date: Tue Mar 14 14:17:23 2023 +0530 Updating SkipValidationsTemplates.json commit c94056df6b38e12e70c1b16fced5522ebae7d48a Merge: e2ce52b9f 5e67ce911 Author: v-vdixit <115772287+v-vdixit@users.noreply.github.com> Date: Tue Mar 14 13:58:40 2023 +0530 Merge branch 'master' into v-vdixit/KQLvalidationsMultipleSolutions commit 5e67ce9115f3ffd959fdcc87e44a1f7f18d00c66 Merge: 6221850ff 5d54f6a3d Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Tue Mar 14 12:39:16 2023 +0530 Merge pull request #6409 from samikroy/patch-32 Created a new tool for creating Incidents with email commit 0376a9db312494eb9cd019859ea4bbf8f75d83ac Author: v-rbajaj <v-rbajaj@microsoft.com> Date: Tue Mar 14 11:52:44 2023 +0530 Updating CiscoUCS and Cisco Meraki commit 5d54f6a3d217cf084f47f2b1d2cec3de203fce3e Author: v-atulyadav <104008048+v-atulyadav@users.noreply.github.com> Date: Tue Mar 14 11:45:49 2023 +0530 Update azuredeploy.json commit e2ce52b9f4cd038ef16af2341f3519f3362c892a Author: v-vdixit <115772287+v-vdixit@users.noreply.github.com> Date: Tue Mar 14 11:36:23 2023 +0530 Update UseragentExploitPentest.yaml commit 28d41367f87e6082fc468fb0308fd6e122878759 Author: v-vdixit <115772287+v-vdixit@users.noreply.github.com> Date: Tue Mar 14 11:27:41 2023 +0530 Update GCPDNSRareErrors.yaml commit 7690d7814e1d7e7d3d102a350ad5f3bb2e11d220 Author: v-vdixit <115772287+v-vdixit@users.noreply.github.com> Date: Tue Mar 14 11:27:02 2023 +0530 Update GCPDNSRareDomains.yaml commit 6221850ffa51ac38ec68b4c7cfd0ce6034b4280e Merge: ce0557ac6 dcfba6b67 Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Tue Mar 14 11:01:45 2023 +0530 Merge pull request #7288 from Azure/v-vdixit/kql-validation-tests-for-hunting-queries Fixed failing KQL validations for Hunting Queries commit 5ee092c3ca1506e5f81a23e176d15f8d67368d44 Author: DixitVedanshi <v-vdixit@microsoft.com> Date: Tue Mar 14 10:51:36 2023 +0530 updating hunting queries commit dcf74d8e1c23ad55db1c4afc39b075eeb3144c75 Author: v-rbajaj <v-rbajaj@microsoft.com> Date: Mon Mar 13 16:05:28 2023 +0530 Repackaging Azure Active Directory commit ce0557ac60726ac30e189bc0146640723984f3b1 Merge: 5c9360596 4059a2c34 Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Mon Mar 13 15:34:47 2023 +0530 Merge pull request #7523 from Azure/v-vdixit/parsers-update-solutions Repackaging Solutions with Parser instructions Update commit 5c93605969b1dd18337f00806563d2ed0b69c171 Merge: e968e5f22 bada46d1a Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Mon Mar 13 15:31:22 2023 +0530 Merge pull request #7521 from Azure/v-rbajaj/RepackagingSolutions Repackaging BroadcomSymantecDLP, Cisco UCS, CiscoMeraki commit bada46d1a3f187e985d38c13ca456d963eba6f36 Author: v-rbajaj <v-rbajaj@microsoft.com> Date: Mon Mar 13 14:46:55 2023 +0530 Rolled back changes in main template commit e968e5f22301f00bbd9c6abcd85e130b65f5ea10 Merge: 35058f509 6cca7e5eb Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Mon Mar 13 12:26:24 2023 +0530 Merge pull request #7354 from Azure/v-vdixit/Data-connector-Updates Data Connector and Parser Update commit 6cca7e5ebcb2b3feef74c182a1f192f5253145c1 Author: DixitVedanshi <v-vdixit@microsoft.com> Date: Mon Mar 13 10:58:58 2023 +0530 updating createUI commit 35058f5091c83da4fecf65354c70ff35a8783909 Author: danielohfeld <98688758+danielohfeld@users.noreply.github.com> Date: Sun Mar 12 17:42:11 2023 +0200 Feature/danielohfeld/add readme to gcp terraform (#7541) * add support for cloudwatch * add readme for GCP connector scripts * minor fixes commit 14a610b53d79bdc9d682b83c3b19f719a3561b54 Merge: db2e74dbe 1e52eb46a Author: Ofer Shezaf <39997089+oshezaf@users.noreply.github.com> Date: Sun Mar 12 10:54:07 2023 +0200 Merge pull request #7540 from Azure/asim/update-pa-web-parser asim/update-pa-web-parser commit 1e52eb46ad8cc2ca884c203b5935cb90947a4981 Author: github-actions[bot] <> Date: Sun Mar 12 08:38:48 2023 +0000 [ASIM Parsers] Generate deployable ARM templates from KQL function YAML files. commit aec60f35687f112559737bc8dc7004a12abecf0b Author: Ofer Shezaf <39997089+oshezaf@users.noreply.github.com> Date: Sun Mar 12 10:35:35 2023 +0200 asim/update-pa-web-parser commit c8c8b6d826999051728f3a2efde3c3b528f990a0 Author: jayeshprajapaticrest <98145046+jayeshprajapaticrest@users.noreply.github.com> Date: Sat Mar 11 00:04:13 2023 +0530 Rubrik sentinel playbook update (#8) * Updated readme file by adding prerequisite about to deploy dependent playbook first. * Fixed the inline comments suggested by Reviewer. * Fixed the URL -> URLs related validation error in the Playbook template and make updated solution with the version 2.0.1 --------- Co-authored-by: jayeshssc <jayesh.prajapati@CDSYS.LOCAL> commit 655ee3cf22b59fd5bfa0f9d47e719edc7ab372d7 Merge: 4faee01b9 d2161119e Author: Ben Meadowcroft <ben@benmeadowcroft.com> Date: Fri Mar 10 10:31:17 2023 -0800 Merge branch 'master' of https://github.com/rubrikinc/Azure-Sentinel commit 4faee01b9aa034e953fc59afaf510fd50ad2bd3e Author: Ben Meadowcroft <ben@benmeadowcroft.com> Date: Fri Mar 10 10:27:52 2023 -0800 Squashed commit of the following: commit 2d1031699e5718207b83fcd80e8ec654a758fdbb Author: jayeshssc <jayesh.prajapati@CDSYS.LOCAL> Date: Fri Mar 10 13:39:24 2023 +0530 Fixed the URL -> URLs related validation error in the Playbook template and make updated solution with the version 2.0.1 commit 4183453f81478807876d7363254517c1ddb0e1fc Author: jayeshssc <jayesh.prajapati@CDSYS.LOCAL> Date: Fri Mar 3 21:55:44 2023 +0530 Fixed the inline comments suggested by Reviewer. commit fe95a41a4843e89659691e5a6970648467a25f5f Author: jayeshssc <jayesh.prajapati@CDSYS.LOCAL> Date: Tue Feb 28 12:24:11 2023 +0530 Updated readme file by adding prerequisite about to deploy dependent playbook first. commit d2161119e3d333f1885053b5712d536ede41d025 Merge: ad957cce6 db2e74dbe Author: git-rubrik <120683256+git-rubrik@users.noreply.github.com> Date: Fri Mar 10 10:04:56 2023 -0800 Merge remote-tracking branch 'upstream/master' commit db2e74dbe16108af7e366b6afcd5a42f5cc468c2 Merge: 562c13712 c8b59da62 Author: v-atulyadav <104008048+v-atulyadav@users.noreply.github.com> Date: Fri Mar 10 19:16:09 2023 +0530 Merge pull request #7530 from Azure/v-sabiraj-fixingWorkbooksbugs Fixing Bugs for Workbooks commit 36990e71f65c488335f39fe937e6c03b51b57c15 Author: Benjamin Kovacevic <61513156+BenjiSec@users.noreply.github.com> Date: Fri Mar 10 12:15:57 2023 +0000 update to automationheatlth.json removing link localization commit f03026b51f95480f0d8fa65dba80c31daa78e886 Author: Benjamin Kovacevic <61513156+BenjiSec@users.noreply.github.com> Date: Fri Mar 10 11:54:37 2023 +0000 Automation Health workbook update commit 562c137120dabe36243fd15e08db200bd2c06d84 Merge: 4fe9115e1 fa6c5025e Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Fri Mar 10 17:20:27 2023 +0530 Merge pull request #7516 from Azure/v-rbajaj/virustotalsolution Repackaging VirusTotal commit c8b59da628ef3816369d9bf511ac9636e6907b46 Author: v-sabiraj <v-sabiraj@microsoft.com> Date: Fri Mar 10 16:42:40 2023 +0530 Updating maintempate and UI for workbook commit 61964eb1494ae39797814f87e2a7f79517195ec4 Merge: be0b737d9 4fe9115e1 Author: v-sabiraj <v-sabiraj@microsoft.com> Date: Fri Mar 10 16:29:38 2023 +0530 Merge branch 'master' into v-sabiraj-fixingWorkbooksbugs commit fa6c5025e21bbecaecbdaefeb5b759483389c3e0 Author: v-rbajaj <v-rbajaj@microsoft.com> Date: Fri Mar 10 13:43:02 2023 +0530 updated zip commit 4fe9115e1e913ef3388b3fc86a418a767f71fd88 Merge: a90f55966 147d26cd5 Author: v-sabiraj <94349919+v-sabiraj@users.noreply.github.com> Date: Fri Mar 10 12:06:18 2023 +0530 Merge pull request #7341 from tduarte14/patch-1 Show the actual Role and Fix InitiatingUser commit a90f559669869d4d958af14f97cc07252aad068b Merge: 1fda18445 78dba38e9 Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Fri Mar 10 11:27:56 2023 +0530 Merge pull request #7430 from danymello/vectra_detect_analytics_fix fix typo and remove URL mapping commit 4059a2c3476388cebc9a5902b9cadedd384c822d Author: DixitVedanshi <v-vdixit@microsoft.com> Date: Fri Mar 10 10:45:44 2023 +0530 updating connector desciption commit d14f7604518fd503a148b379bff90b7b4cb67cf8 Author: v-rbajaj <v-rbajaj@microsoft.com> Date: Fri Mar 10 10:32:30 2023 +0530 Updated data connector description commit 1fda184457f19e9269d028390c0d37628c24dcc1 Merge: 1817a14a8 8bbe8fd03 Author: Pete Bryan <peter.bryan@microsoft.com> Date: Thu Mar 9 12:49:54 2023 -0800 Merge pull request #7531 from Azure/pebryan/3_9_2023_AiTMDetection Added new AiTM detection commit 8bbe8fd0335ffd3b739588740f6c6325ca526ffb Author: Pete Bryan <peter.bryan@microsoft.com> Date: Thu Mar 9 12:30:03 2023 -0800 Added extra data connector commit 40ff5715ecca2c0b98ad00a70449d541ac2763ac Author: Pete Bryan <peter.bryan@microsoft.com> Date: Thu Mar 9 11:37:34 2023 -0800 Added exclusion for unknown ASIM parameter commit 73aa25e03620d2f626bebf66f570d956880aeedb Author: Pete Bryan <peter.bryan@microsoft.com> Date: Thu Mar 9 11:15:11 2023 -0800 Updated alert desc format commit 72f1018cbdf89c7487665424a4f39ec2da7ee0f2 Author: Pete Bryan <peter.bryan@microsoft.com> Date: Thu Mar 9 11:02:00 2023 -0800 Added new AiTM detection commit 1817a14a86c15cb0b3a2177c528dcab872524a59 Author: Pete Bryan <peter.bryan@microsoft.com> Date: Thu Mar 9 11:00:43 2023 -0800 Remove file accidently pushed to master commit ca7b27fa1ac55a2e2c0342e40323e1da7acc65ac Author: Pete Bryan <peter.bryan@microsoft.com> Date: Thu Mar 9 10:53:55 2023 -0800 Added new AiTM detection commit be0b737d9bcc9ef9a90c29501818e8a4ed3d44c3 Author: v-sabiraj <v-sabiraj@microsoft.com> Date: Thu Mar 9 23:38:25 2023 +0530 Fixing Bugs for Workbooks commit a02ce85c96f162de6f8cc06f07a53b6525f0ff7f Merge: 156b3e8bb 7587e5653 Author: Ofer Shezaf <39997089+oshezaf@users.noreply.github.com> Date: Thu Mar 9 18:25:22 2023 +0200 Merge pull request #7526 from Azure/asim/add-registry-generation Update convertKqlFunctionYamlToArmTemplate.yaml commit 7587e5653d71c287acd784443c68498e5896736d Author: Ofer Shezaf <39997089+oshezaf@users.noreply.github.com> Date: Thu Mar 9 17:15:23 2023 +0200 Update convertKqlFunctionYamlToArmTemplate.yaml commit fb0ebb098e6929bb4eeca308d461032de4b623b5 Author: v-rbajaj <v-rbajaj@microsoft.com> Date: Thu Mar 9 17:22:19 2023 +0530 Updated CreateUI and repackaged commit 8a1ca5661878578ef6309ced0870eb2734ab7a58 Author: DixitVedanshi <v-vdixit@microsoft.com> Date: Thu Mar 9 15:33:29 2023 +0530 Repackaging Solutions with Parser instructions update commit 0dfa042269ebb7389bcddb6257f9178dc644c9e3 Author: v-rbajaj <v-rbajaj@microsoft.com> Date: Thu Mar 9 15:18:37 2023 +0530 validation fixes and necessary changes commit 5714200c8ce499f47d9cabfce271712c44f06a78 Author: v-rbajaj <v-rbajaj@microsoft.com> Date: Thu Mar 9 14:08:59 2023 +0530 fixing validations and discarding createui changes commit f3113391c3eb033119d9ad5e79652b4542006a06 Author: v-rbajaj <v-rbajaj@microsoft.com> Date: Thu Mar 9 12:55:59 2023 +0530 Repackaging BroadcomSymantecDLP, Cisco UCS, CiscoMeraki commit 156b3e8bb2abdcc554f0cf7df205c93aa3e8fb8f Merge: b49fa6474 8d7e5d6ec Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Thu Mar 9 12:35:52 2023 +0530 Merge pull request #7519 from Azure/Fixingworkspacedetection Fixingworkspacedetection commit 2bc53fda6699c7b3405af9619ceb274b29609b45 Author: DixitVedanshi <v-vdixit@microsoft.com> Date: Thu Mar 9 12:16:42 2023 +0530 Updating workbooks text commit 78f7d5392a8fcb8a35ded57ba1b701a460ccf618 Merge: 4fd02df11 79308d0fe Author: DixitVedanshi <v-vdixit@microsoft.com> Date: Thu Mar 9 12:02:48 2023 +0530 Merge branch 'master' into v-vdixit/Data-connector-Updates commit b49fa6474962a5968ecc62f17058846e98e991d6 Author: treyperrone <trey.perrone@gmail.com> Date: Thu Mar 9 01:20:42 2023 -0500 Update MaliciousOAuthApp_O365AttackToolkit.yaml (#7397) * Update MaliciousOAuthApp_O365AttackToolkit.yaml Current rule uses an older defaults for `Consent.Full` that was deprecated from the file: https://github.com/mdsecactivebreach/o365-attack-toolkit/blob/2231565f576e2d655cb9444ffed7309374c454a5/static/index.html#L29 The NEW defaults generated in Nov 2020 are here: https://github.com/mdsecactivebreach/o365-attack-toolkit/blob/master/template.conf old values to match on: `"offline_access","contacts.read","user.read","mail.read","notes.read.all","mailboxsettings.readwrite","Files.ReadWrite.All"` NEW values to match on: `"offline_access contacts.read user.read mail.read mail.send files.readWrite.all files.read files.read.all openid profile"` The current detection relies on finding `mailboxsettings` in LN32 https://github.com/Azure/Azure-Sentinel/blob/c6dce9c3aa4d4b4d02423ac4eb5a6b677a39e432/Solutions/Azure%20Active%20Directory/Analytic%20Rules/MaliciousOAuthApp_O365AttackToolkit.yaml#L32 which means anyone that downloads the current O365 attack toolkit and runs it with the defaults settings will NOT trigger the alert (this drove us crazy for a few hours testing). * move dynamic array to single array and match on has_any. remove search for single value * update description verbiage * updates from github conversation with join and new entity with appdisplayname for investigation graph * remove orphaned csv of app list, since its embedded in the KQL now. this is better for versioning as well; changes to CSV currently dont prompt a new version on customer side * put feeds knownapps.csv back, add in analrule, mv-aply consentFull * bump version 1.0.1 --> 1.1.0 per @devikamehra --------- Co-authored-by: Meena Kumari Chatla <v-mchatla@microsoft.com> commit 79308d0fef99fb3f054b0f7b521bc600ee709189 Author: v-amolpatil <107389644+v-amolpatil@users.noreply.github.com> Date: Thu Mar 9 11:02:51 2023 +0530 Get-GeoFromIpAndTagIncident Playbook Issue fix (#7513) * updated code * updated code as per review comment commit 87e64dda6408ba6329b1f9bb9df7eb7684a2df6f Author: v-rbajaj <120547590+v-rbajaj@users.noreply.github.com> Date: Wed Mar 8 17:30:20 2023 +0530 Repackaging Microsoft 365 (#7515) * Repackaging Microsoft 365 * Updated zip file * updated data connector description * Updated zip commit 05859e0d14b2defc50dc4c4015d3ce352fe4cba9 Author: Thijs Xhaflaire <thijsxhaflaire31@hotmail.com> Date: Wed Mar 8 11:55:47 2023 +0100 Adding eventGroupingSettings to Analytic Rules commit 0096bcf653a17a64e2da284a2fb1c0b248ebf7b5 Author: v-sabiraj <v-sabiraj@microsoft.com> Date: Wed Mar 8 15:55:42 2023 +0530 Updated UI description commit f525e87aa8bfda8c44520b4b81a111642a2673db Author: v-rbajaj <v-rbajaj@microsoft.com> Date: Wed Mar 8 15:38:21 2023 +0530 Repacking VirusTotal commit 13a9298f0425bc7e71d3ffa6fdae49320a49a212 Author: v-sabiraj <v-sabiraj@microsoft.com> Date: Wed Mar 8 14:59:08 2023 +0530 Updating package by adding variables for connector commit 1eb52deee6fb3e22b95bb9abeabd2486210ea6c9 Author: v-sabiraj <94349919+v-sabiraj@users.noreply.github.com> Date: Wed Mar 8 14:47:18 2023 +0530 Fixing bugs for Recorded future workbook (#7511) commit 6125f4ece5d0604bda40725b03dfc7df0271bc03 Merge: 50804e482 7498bb905 Author: Ofer Shezaf <39997089+oshezaf@users.noreply.github.com> Date: Wed Mar 8 09:56:58 2023 +0200 Merge pull request #7514 from TristankMS/patch-3 Update vimAuthenticationEmpty.yaml commit 62e232e7ced3df4265d7b6b9a0ce8152aa532cae Merge: b21194605 330f50fc2 Author: v-sabiraj <v-sabiraj@microsoft.com> Date: Wed Mar 8 12:21:53 2023 +0530 Merge branch 'master' into v-sabiraj-TemplatespecsolutionforGCPBigquery commit 50804e482c0ebc426966cca1821ab66951914f4f Author: Shain <45466083+shainw@users.noreply.github.com> Date: Tue Mar 7 22:29:10 2023 -0800 Update SharePoint_Downloads_byNewUserAgent.yaml (#7509) * Update SharePoint_Downloads_byNewUserAgent.yaml Adjusted to 8d due to perf considerations and doing 8d as query should be comparing the last day to the previous 7 days to the last day, otherwise it will miss like actions for the same day one week ago, Change order of operation for checking time, do not need to summarize the min/max time in the RecentActivity portion of the query as it is timebound to the last day, do not need to check the time frame of the results as again it is already time bound to last day after the join back to get full details of identified events, removing old entity mapping rows, bringing through proper account entity fields * Update SharePoint_Downloads_byNewUserAgent.yaml change to make_set commit 330f50fc2d6f70704573695830408e2a8ccfbbb0 Author: René Ammerlaan <78021472+rene-ammerlaan@users.noreply.github.com> Date: Wed Mar 8 06:53:27 2023 +0100 Rename Auth0 custom table to match documentation (#7319) * Rename Auth0 custom table to match documentation * Update Auth0Connector zip file * Add union to Auth0 KQL parser file commit 7498bb90581ab1ff9d88adee33456f7bf3a71ade Author: Tristan Kington <TristankMS@users.noreply.github.com> Date: Wed Mar 8 16:47:41 2023 +1100 Update vimAuthenticationEmpty.yaml And convert to more standard datatable syntax commit ef907ed8296d6281c2eb19a2020c2a4723bb5caa Author: Tiago Duarte <103927368+tduarte14@users.noreply.github.com> Date: Wed Mar 8 04:52:52 2023 +0000 Fixed deprecated command columnifexists (#7402) Replaced deprecated columnifexists with column_ifexists Replaced make_set(<<FIELD>>) with make_set(<<FIELD>>,200), so the max items is defined as it's recommended. commit 01b5cd6e77860d3aeba51472002b33b09eaf5006 Author: v-prasadboke <117061676+v-prasadboke@users.noreply.github.com> Date: Tue Mar 7 18:34:10 2023 +0530 Microsoft 365 Defender Repackaging (#7487) commit 6219ee4b02aed5a94cdfd90ae41ab7ae6cac071c Author: v-atulyadav <104008048+v-atulyadav@users.noreply.github.com> Date: Tue Mar 7 18:30:50 2023 +0530 Repackage Checkpoint (#7510) commit 9e510072288231b5c456be7db18478c7e2973665 Author: Samik Roy <samik.n.roy@gmail.com> Date: Tue Mar 7 17:53:10 2023 +0530 Update azuredeploy.json commit 8ac6c8ea08b314fa6ae70007ac78bef6530f67e1 Author: v-vdixit <115772287+v-vdixit@users.noreply.github.com> Date: Tue Mar 7 17:23:50 2023 +0530 Updating solarwindsInventory commit e790f566351ec95cb2c8f6a1492ecec08f534f28 Author: v-rbajaj <v-rbajaj@microsoft.com> Date: Tue Mar 7 16:53:37 2023 +0530 Updated Dataconnector description commit 3865112a4c604b59b74dccc6397403dac8b4048e Merge: 7e250a338 9a6ae5c88 Author: v-sabiraj <94349919+v-sabiraj@users.noreply.github.com> Date: Tue Mar 7 15:59:42 2023 +0530 Merge pull request #7446 from Azure/v-vdixit/Palo-alto-logo-update Palo Alto Solutions Logo update commit 9a6ae5c88286b6a34536068454c8eeb6b5f103ae Author: v-sabiraj <v-sabiraj@microsoft.com> Date: Tue Mar 7 15:43:04 2023 +0530 Revert "Update PaloAltoNetworks.json" This reverts commit 41ef2bf2448a63efdea35c671f750c797443e56a. commit 41ef2bf2448a63efdea35c671f750c797443e56a Author: v-sabiraj <v-sabiraj@microsoft.com> Date: Tue Mar 7 15:42:14 2023 +0530 Update PaloAltoNetworks.json commit 2e11f3da21087243f4e57d7c0b8bda7f3194646c Author: DixitVedanshi <v-vdixit@microsoft.com> Date: Tue Mar 7 13:52:17 2023 +0530 updating logo commit 4fd02df11117cada5f2345cdb4351b4696efffc0 Author: DixitVedanshi <v-vdixit@microsoft.com> Date: Tue Mar 7 13:03:20 2023 +0530 updating whitespace commit 7e250a338b2c9a67914547b4991de4d731bb1f3f Author: Meena Kumari Chatla <108806639+v-mchatla@users.noreply.github.com> Date: Tue Mar 7 12:12:43 2023 +0530 Rapid7InsightVM IcM(370102413) Fix (#7508) * Last Scan Details Fix Last Scan Details Fix * Fixed keyError for last_scan_date attribute * Added log to print recieved event * Removed the logging Removed the logging --------- Co-authored-by: v-rucdu <v-rucdu@microsoft.com> commit c2f74b070315b32f8745195984df6a625d754a23 Author: DixitVedanshi <v-vdixit@microsoft.com> Date: Tue Mar 7 11:04:41 2023 +0530 updating alignment commit 84be7b8805a856c45415573e20b219eb306c30c2 Author: DixitVedanshi <v-vdixit@microsoft.com> Date: Tue Mar 7 10:42:28 2023 +0530 updating note commit 44196df0f6ee93c7ab3c43524bd585a00b0d9d79 Author: v-vdixit <115772287+v-vdixit@users.noreply.github.com> Date: Tue Mar 7 10:31:33 2023 +0530 Updating OCIdestinations commit df6b93c3927babc6225b6239c05615d73491c0ea Author: DixitVedanshi <v-vdixit@microsoft.com> Date: Tue Mar 7 10:27:47 2023 +0530 update2.0.2 zip commit b07ee23f81b1d2d7f51cfb77b730c1396a0a3072 Author: DixitVedanshi <v-vdixit@microsoft.com> Date: Tue Mar 7 10:27:07 2023 +0530 updating connector description commit 8c6e1afb5ac713a33509ad30cd80e60e6aea3f5c Author: v-vdixit <115772287+v-vdixit@users.noreply.github.com> Date: Tue Mar 7 10:25:01 2023 +0530 Updating OracleDBAudit commit 415b148a1495d240e1cecbfc44f5637b0ac85e3d Merge: 4fa7945e3 0c6e3462e Author: Shain <45466083+shainw@users.noreply.github.com> Date: Mon Mar 6 18:08:31 2023 -0800 Merge pull request #7494 from Azure/shainw-FixMessageParse Update ssh_potentialBruteForce.yaml commit 0c6e3462e3984aa10d16b455883e03e1fd640bdf Author: Shain <45466083+shainw@users.noreply.github.com> Date: Mon Mar 6 17:39:54 2023 -0800 Update ssh_potentialBruteForce.yaml Updating description to explain how we are attempting to bring through single valued arrays for use in entity mappings. commit 33fb191f9638f9fe948a7d690476e4f34d31b1c2 Author: DixitVedanshi <v-vdixit@microsoft.com> Date: Mon Mar 6 23:28:57 2023 +0530 updating description of connector commit 0d025d55539c660d04cdac19de7150b61e3af028 Author: DixitVedanshi <v-vdixit@microsoft.com> Date: Mon Mar 6 17:28:52 2023 +0530 updating version commit 2d80a8c821bb2085897144daae50460b724ee997 Author: DixitVedanshi <v-vdixit@microsoft.com> Date: Mon Mar 6 17:02:28 2023 +0530 updating connector commit 4fa7945e3a48d1eba3d293ca6811b07e5b7b85da Merge: b6824cad6 3d674c9fa Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Mon Mar 6 15:17:12 2023 +0530 Merge pull request #7363 from Azure/v-vdixit/file-path-update Detections files path update commit 8d7e5d6ecd89ae8db70a12fdfbc30bc591942718 Merge: 180f25a8a c5387e48f Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Mon Mar 6 15:03:32 2023 +0530 Merge pull request #7432 from treyperrone/patch-3 Update to add `where` IP find/search commit b6824cad6fefa2c99ae55c1bb0472e71fd77498a Merge: 880c2e932 2cb1f93a1 Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Mon Mar 6 14:32:10 2023 +0530 Merge pull request #7343 from daspiker/IslandSentinelSolution Island sentinel solution commit 880c2e9321d86b66955c9e86a450d9d854583904 Merge: 96e7babc5 3b16a888a Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Mon Mar 6 14:10:53 2023 +0530 Merge pull request #7498 from Azure/v-sabiraj-updatingflaresolution Updating package for Flare commit 3b16a888ab45b5da8dcb1a1968739d1edd358e58 Author: v-sabiraj <v-sabiraj@microsoft.com> Date: Mon Mar 6 11:27:23 2023 +0530 Updating version commit 139c54cf65df9a31496f3a47330f3dd49a86892b Author: v-sabiraj <v-sabiraj@microsoft.com> Date: Mon Mar 6 11:16:25 2023 +0530 Updating package for Flare commit 96e7babc572e0d9225fb8efd35f6781fcb599a30 Merge: b4e21be1d e4b232cd2 Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Mon Mar 6 11:11:54 2023 +0530 Merge pull request #7497 from Azure/origins/rahul/EntityPlaybooks Entity Playbooks commit 73ea96dd186906dd4408d0b745456fc5b594d013 Author: Samik Roy <samik.n.roy@gmail.com> Date: Mon Mar 6 10:54:26 2023 +0530 Update azuredeploy.json commit b4e21be1d7fb0b83cb76556f5fbcfade4a4fdf0d Merge: 0d1b98bf7 04546475b Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Mon Mar 6 10:48:21 2023 +0530 Merge pull request #7476 from nickt444/tvm hide table only available to private preview commit 0d1b98bf7b250ba44261e1f1f416dad7caa28be3 Merge: bc84294cd fdd23459a Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Mon Mar 6 10:47:29 2023 +0530 Merge pull request #7436 from syed-loginsoft/cybersixgill-aa-offerid-update Cybersixgill Actionable Alerts offerid update commit 04546475be17994bdb22fc8795ac079b3325b235 Author: Nick Torkington <nicktork@microsoft.com> Date: Mon Mar 6 15:07:01 2023 +1100 reverting version to 1.0.0 commit bc84294cded4ff5c20ea3588c9ed2a378615dd16 Merge: 1086aa87b 2d4e0266b Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Mon Mar 6 09:04:28 2023 +0530 Merge pull request #7420 from Flared/v-sabiraj-AddingAnalyticRuleforFlare V sabiraj adding analytic rulefor flare commit 1086aa87b2305d91ab07bcdb0910ee01bf00e326 Merge: 6bfcebb28 53f5f98a5 Author: Ofer Shezaf <39997089+oshezaf@users.noreply.github.com> Date: Sun Mar 5 23:35:46 2023 +0200 Merge pull request #7495 from Azure/asim/fix-auth-deploy asim/fix-auth-deploy commit 53f5f98a5a677f87f87337e63112c114070f4b27 Author: github-actions[bot] <> Date: Sun Mar 5 21:12:58 2023 +0000 [ASIM Parsers] Generate deployable ARM templates from KQL function YAML files. commit 79c3388ed0cad6fc918ff9d55592f2135c88dd69 Author: Ofer Shezaf <github@shezaf.com> Date: Sun Mar 5 23:09:48 2023 +0200 Update getModifiedASimSchemas.ps1 commit 004ebb6dfed43834715bf5ea2828a01d5b97cbf4 Author: Ofer Shezaf <github@shezaf.com> Date: Sun Mar 5 22:26:21 2023 +0200 asim/fix-auth-deploy commit 526c66810149b9d8f7c875958535ad56ed76edb5 Author: Shain <45466083+shainw@users.noreply.github.com> Date: Sat Mar 4 14:29:49 2023 -0800 Update ssh_potentialBruteForce.yaml adding resourceid commit 36374313d6eebaa3ca86c29e906bf5911607f578 Author: Shain <45466083+shainw@users.noreply.github.com> Date: Sat Mar 4 14:14:18 2023 -0800 Update ssh_potentialBruteForce.yaml high alert counts in some situations and fixing the regex to properly grab the fields when SyslogMessage ends with characters right after ssh2 commit c5387e48f233e5c5ddc19ac3647610199672681e Author: treyperrone <trey.perrone@gmail.com> Date: Fri Mar 3 22:58:39 2023 -0500 add new entity of deleted resource for analyst view commit d2cbca01fd651e210be81eeea59e57063d2934a9 Author: treyperrone <trey.perrone@gmail.com> Date: Fri Mar 3 22:49:21 2023 -0500 swap slicker dynamic expansion from @v-atulyadav, bump version from 1.0.5 --> 1.0.6 commit ad957cce63699d6f3d6b7080bb4dbd249db0105a Author: jayeshprajapaticrest <98145046+jayeshprajapaticrest@users.noreply.github.com> Date: Fri Mar 3 22:37:48 2023 +0530 Rubrik sentinel playbook update (#7) * Updated readme file by adding prerequisite about to deploy dependent playbook first. * Fixed the inline comments suggested by Reviewer. --------- Co-authored-by: jayeshssc <jayesh.prajapati@CDSYS.LOCAL> commit 3d674c9fac6a914596a04d708593a0aa63f4beb4 Merge: 7f7f9a0e4 6bfcebb28 Author: v-vdixit <115772287+v-vdixit@users.noreply.github.com> Date: Fri Mar 3 20:06:07 2023 +0530 Merge branch 'master' into v-vdixit/file-path-update commit 7f7f9a0e43e63318cee55824442a36d538afecb3 Author: v-vdixit <115772287+v-vdixit@users.noreply.github.com> Date: Fri Mar 3 20:01:00 2023 +0530 Updating AWS_CredentialHijack.yaml commit 6bfcebb289dd7400ff910f60662d6bad9e23e255 Merge: 0ea15f6a4 cf9031e24 Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Fri Mar 3 16:37:07 2023 +0530 Merge pull request #7468 from Azure/v-rbajaj/AzureActiveeDirectory Repackaging Azure Active Directory commit 0ea15f6a4ceb70ceb2ebcabfc6f2f0b04607c3f1 Merge: cc977d5ab cd867f54b Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Fri Mar 3 16:28:29 2023 +0530 Merge pull request #7464 from Azure/v-prasadboke-mongodb MongoDB Repackaging commit cf9031e24e9950b0f099d0af2306d089291595be Author: v-sabiraj <v-sabiraj@microsoft.com> Date: Fri Mar 3 16:20:44 2023 +0530 Update 2.0.8.zip commit cd867f54bb93420ffb7f81d2924f98bd37351a1e Author: v-sabiraj <v-sabiraj@microsoft.com> Date: Fri Mar 3 16:13:04 2023 +0530 Update 2.0.2.zip commit cc977d5abb9ecb6be59945778ed676b8802943fe Merge: 2b74991d0 695900736 Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Fri Mar 3 15:59:53 2023 +0530 Merge pull request #7450 from Azure/v-rbajaj/VirusTotal Repackaging VirusTotal commit d4c9545c3e84f2ce4331f2047318446106a3910c Author: Samik Roy <samik.n.roy@gmail.com> Date: Fri Mar 3 15:37:45 2023 +0530 Update azuredeploy.json commit 67261aac41bd24a03102071733bd4495b35c3dd7 Author: Samik Roy <samik.n.roy@gmail.com> Date: Fri Mar 3 15:31:56 2023 +0530 Update Readme.md commit 2b74991d0dbbb9e765a6baea9359b2eef7ceef92 Merge: 0ef04dce3 2f87b2293 Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Fri Mar 3 14:37:20 2023 +0530 Merge pull request #7463 from Azure/v-prasadboke-marklogic Marklogic Repackaging commit 147d26cd5021f711908d586b092a961c677e1f5b Author: Tiago Duarte <103927368+tduarte14@users.noreply.github.com> Date: Fri Mar 3 08:44:44 2023 +0000 Removed "| where TimeGenerated >= ago(2h)" Reverted the change of using 2h for supposed loopback issue as requested by reviewer. commit 0ef04dce3c14b142022e3775325fef3bb5db120f Merge: 2f0ce42e2 388d35226 Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Fri Mar 3 13:51:14 2023 +0530 Merge pull request #7489 from txhaflaire/JamfProtect_for_MicrosoftSentinel_v2.1.1 Updates to 2.1.1 solution package commit 388d352268f869a623c214ae5ff1c17454405ec6 Author: Thijs Xhaflaire <thijsxhaflaire31@hotmail.com> Date: Fri Mar 3 08:59:36 2023 +0100 Updates to 2.1.1 solution package In the 2.1.1. package, older archives were included. Removed those. commit 2f0ce42e2bfe669f700b1ee5955a466e29e7bd91 Merge: 86a9c70dc 2ace3d8f4 Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Fri Mar 3 12:47:51 2023 +0530 Merge pull request #7406 from Azure/v-vdixit/file-path-update2 File path update for detections commit 86a9c70dcd66d63a7f171f654a8021abfd7308cb Merge: 998b567c0 b5c8ed537 Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Fri Mar 3 12:25:49 2023 +0530 Merge pull request #7398 from yangsa666/patch-1 Adding hint.strategy=native to support more partitions commit 998b567c0df55a2c4300cc1eec7e054a1deeba48 Merge: 076f67032 180f25a8a Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Fri Mar 3 12:24:22 2023 +0530 Merge pull request #7360 from Azure/Fixingworkspacedetection Update to Workspace deletion attempt from an infected device commit 076f67032e67f6eb6cf64f28efcff971da693ff7 Merge: 0d2bb23a6 437d79f0c Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Fri Mar 3 11:27:19 2023 +0530 Merge pull request #7479 from pensivepaddle/patch-4 Update AcscEssential8.json commit 4e64cfa9fce05564a574b35bf9b59a961560247c Author: Nick Torkington <nicktork@microsoft.com> Date: Fri Mar 3 15:25:07 2023 +1100 added conditional display of parameters commit bca15f16d9e28bae2e87dc0217594314b2d6f2f0 Author: Nick Torkington <nicktork@microsoft.com> Date: Fri Mar 3 10:11:39 2023 +1100 update version number commit ba6b41ef940fcb3bee4c78fe06e09af360256248 Author: Nick Torkington <nicktork@microsoft.com> Date: Fri Mar 3 08:27:54 2023 +1100 including fix from PR #7479 commit 08bc20f2e1ef884e3ae9cbbc0a6a0d8d0ea7fab0 Author: Nick Torkington <nicktork@microsoft.com> Date: Fri Mar 3 08:22:10 2023 +1100 reverting fromTemplateId commit 0d2bb23a6e0dc2d8c237845fe9ed14df43ebd9bf Merge: 401a4603e 3dc17e1c8 Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Thu Mar 2 17:47:59 2023 +0530 Merge pull request #7458 from Azure/v-sabiraj-MicrosoftDefenderforEndpoint Adding playbooks to MDE Solution commit 3dc17e1c85962647767e47f46620addb4573d28b Author: v-sabiraj <v-sabiraj@microsoft.com> Date: Thu Mar 2 17:28:14 2023 +0530 Updated data connector description commit b21194605446cdc67dfc5002d5ba2b1bb5119ab7 Author: v-sabiraj <v-sabiraj@microsoft.com> Date: Thu Mar 2 16:02:02 2023 +0530 SOlution cfreation for GCP big query commit 219c86db6b3976cf202083a26f20b3dcc8f43ee4 Author: Nick Torkington <nicktork@microsoft.com> Date: Thu Mar 2 21:23:33 2023 +1100 updated version number (again) commit 401a4603e70040e1d37bfe864bf2c822af88442b Merge: e6e492dce 481f8462f Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Thu Mar 2 15:38:44 2023 +0530 Merge pull request #7405 from Azure/v-vdixit/file-path-update1 File Path update for detections Files commit e6e492dce2aa075f14f9005f21b206f5ab843c68 Merge: cffb8bd70 97f4f1194 Author: tamirkopitz <91939884+tamirkopitz@users.noreply.github.com> Date: Thu Mar 2 12:08:11 2023 +0200 Merge pull request #7478 from Azure/dvir-ms-patch-1 add SENTINEL_AGENT_GUID commit 437d79f0c362fc9702dd27e4b7871b006d891eca Author: pensivepaddle <104833713+pensivepaddle@users.noreply.github.com> Date: Thu Mar 2 11:00:42 2023 +0100 Update AcscEssential8.json Mix up between two queries/titles, "Restrict Admin Privileges" vs "Multi-factor Authentication" commit 97f4f11941bc95110c3a698eff1c7fdd38cac656 Author: Dvir Naim <106969883+dvir-ms@users.noreply.github.com> Date: Thu Mar 2 11:52:44 2023 +0200 add SENTINEL_AGENT_GUID commit 11ce471fe6cc30e06b680c46e49994a9e014a594 Author: Nick Torkington <nicktork@microsoft.com> Date: Thu Mar 2 20:13:01 2023 +1100 updated workbook version number commit cffb8bd70ba73966b5ff90d32bcf08c6027e58ea Merge: 140ae0546 aa6f3500b Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Thu Mar 2 14:21:24 2023 +0530 Merge pull request #7376 from Azure/v-sabiraj-SolutionUpdateforShodan Template Spec Solution for Shodan commit 140ae05464972ceba27485b0cfa92a6e94401a55 Merge: b8887b568 20b10d524 Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Thu Mar 2 14:20:51 2023 +0530 Merge pull request #7364 from Azure/v-prasadboke-AtlassianJiraAudit-DataConnector Atalassian jira audit repackaging commit b8887b568612d12f32e2fc5ae93a56bf21676556 Merge: 6b61a8de1 695b59d91 Author: v-sabiraj <94349919+v-sabiraj@users.noreply.github.com> Date: Thu Mar 2 13:11:09 2023 +0530 Merge pull request #7477 from Azure/v-atulyadav/dynamic365 Repackage Dynamic 365 commit 20b10d52435b88c2f9af7077b38f97bf9245c74e Author: PrasadBoke <v-prasadboke@microsoft.com> Date: Thu Mar 2 12:52:35 2023 +0530 Update 2.0.3.zip commit 079ac1880d0d5a8aea67016dde696d919e046feb Merge: 979bd03d8 6b61a8de1 Author: DixitVedanshi <v-vdixit@microsoft.com> Date: Thu Mar 2 12:46:17 2023 +0530 Merge branch 'master' into v-vdixit/Palo-alto-logo-update commit 695b59d91d608a76413daafcbb5557f0f7ed437c Author: v-atulyadav <104008048+v-atulyadav@users.noreply.github.com> Date: Thu Mar 2 12:45:50 2023 +0530 Repackage Dynamic 365 commit 8c6835d9ba2abf8b49f7bbbea066cb8931b7bcef Author: Nick Torkington <nicktork@microsoft.com> Date: Thu Mar 2 17:58:16 2023 +1100 updated version number commit 94bc711c3f91f977eb14ff334b2c7128f63fb0cc Author: Nick Torkington <nicktork@microsoft.com> Date: Thu Mar 2 17:34:05 2023 +1100 updated fromTemplateId commit 6b61a8de18aec450e2e40d09f0fd09ca559612bc Merge: 57c8e8a80 bd66e5508 Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Thu Mar 2 11:36:38 2023 +0530 Merge pull request #7448 from Azure/entrustidentity [SOAR] New Solution Entrust commit e60da2809733972966ac56d3532118720d0ea8b9 Author: Nick Torkington <nicktork@microsoft.com> Date: Thu Mar 2 16:59:00 2023 +1100 hide table only available to private preview commit 979bd03d887b0cbfaaace74826cc183f0e01b881 Author: DixitVedanshi <v-vdixit@microsoft.com> Date: Thu Mar 2 10:29:38 2023 +0530 update 2.0.4 zip commit 57c8e8a80ccc76d33a01f771b10e2c29723e40a5 Merge: 7e4a93b42 83d09eadb Author: v-sabiraj <94349919+v-sabiraj@users.noreply.github.com> Date: Thu Mar 2 10:16:42 2023 +0530 Merge pull request #7473 from Azure/v-vdixit/logo-update Package Update for Google Solution commit 7e4a93b425391bc34957fa9cfb40b2d90dd390f7 Merge: a75b98838 0f2c9966b Author: v-atulyadav <104008048+v-atulyadav@users.noreply.github.com> Date: Thu Mar 2 09:35:11 2023 +0530 Merge pull request #7457 from cwatson-cat/patch-20 Update Dynamics 365 md desc to add Docs link commit 83d09eadb85d36c1682466a5d36f2781954142d6 Author: DixitVedanshi <v-vdixit@microsoft.com> Date: Thu Mar 2 00:24:47 2023 +0530 Package Update for Google Solution commit a75b98838ac3dfc719939a13fe4343c32d9a837a Merge: cb984b00c 63fe5ba59 Author: Shain <45466083+shainw@users.noreply.github.com> Date: Wed Mar 1 08:34:24 2023 -0800 Merge pull request #7461 from Azure/shainw-ReduceResults Update gte_6_FailedLogons_10m.yaml commit cb984b00cd513e0f944a11f1c3a5e5b9c60c24d6 Merge: cf19c76a6 0410a5375 Author: Ofer Shezaf <39997089+oshezaf@users.noreply.github.com> Date: Wed Mar 1 17:57:32 2023 +0200 Merge pull request #7472 from Azure/asim/periodical-fixes-Mar-1-23 Periodical parser updates, Mar 1st 2023 commit 0410a537583eff0b20c2e423b6d4e44641e4d567 Author: github-actions[bot] <> Date: Wed Mar 1 15:41:25 2023 +0000 [ASIM Parsers] Generate deployable ARM templates from KQL function YAML files. commit 28698d2c7b5bc58f4fb95668f4e104f7dbbeccfa Merge: fa1e9c60d cf19c76a6 Author: github-actions[bot] <> Date: Wed Mar 1 15:41:19 2023 +0000 Merge remote-tracking branch 'origin/master' into asim/periodical-fixes-Mar-1-23 commit cf19c76a601bc00168433f93083c328062d840f2 Merge: dcfc519c9 0159db782 Author: Ofer Shezaf <39997089+oshezaf@users.noreply.github.com> Date: Wed Mar 1 17:35:05 2023 +0200 Merge pull request #7471 from Azure/ASimDnsActivityLogs-CustomTable-Adding-Fields adding fields that were recently added to ASimDnsActivityLogs table schema commit 0159db7821c4c4b046617dcc6e69c3c10621559d Author: vakohl <97222872+vakohl@users.noreply.github.com> Date: Wed Mar 1 20:32:31 2023 +0530 adding fields that were recently added to ASimDnsActivityLogs table schema commit dcfc519c9f07f1a646736673e4948ca2631cab53 Author: Ofer Shezaf <39997089+oshezaf@users.noreply.github.com> Date: Wed Mar 1 16:48:58 2023 +0200 Update ASimDnsNative.yaml commit 01d0abfd0891c5d3749e402c0b39a32d063123b8 Author: Ofer Shezaf <39997089+oshezaf@users.noreply.github.com> Date: Wed Mar 1 16:48:39 2023 +0200 Update vimDnsNative.yaml commit fa1e9c60dea9497588fd72e3f92d5a522faa0b41 Author: Ofer Shezaf <github@shezaf.com> Date: Wed Mar 1 16:46:45 2023 +0200 NetworkSessionMicrosoftWindowsEventFirewall commit 25c15c6a55a108f81aea4d6cb3e9d0718033f858 Author: v-atulyadav <104008048+v-atulyadav@users.noreply.github.com> Date: Wed Mar 1 18:52:50 2023 +0530 Update stats.md (#7451) commit 886c5469c01638e83221e4e1fadff410d9762f81 Merge: d38456d91 fb51c392c Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Wed Mar 1 18:39:53 2023 +0530 Merge pull request #7419 from txhaflaire/master Jamf Protect for Microsoft Sentinel - v2.1.1 commit cf2be34436a6bfe71325b11f5667a62836f9e8cc Merge: 48b2623b6 d38456d91 Author: v-rbajaj <v-rbajaj@microsoft.com> Date: Wed Mar 1 18:25:48 2023 +0530 Merge branch 'master' into v-rbajaj/AzureActiveeDirectory commit fb51c392c8e18851576a7c94af3a8fc8735be243 Merge: 5d09db59a d38456d91 Author: Thijs Xhaflaire <thijsxhaflaire31@hotmail.com> Date: Wed Mar 1 13:53:35 2023 +0100 Merge branch 'Azure:master' into master commit d38456d91683b98392e125cd5ca923bc50388230 Merge: 0d1754cf1 775998089 Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Wed Mar 1 18:16:43 2023 +0530 Merge pull request #7445 from Azure/PhishingwithCSLandNetworkSession Detecting potential phishing in correlation with CSL & Network Session logs commit aa6f3500b3b7a07137f777796d7e0838236e6a0b Author: v-sabiraj <v-sabiraj@microsoft.com> Date: Wed Mar 1 18:15:23 2023 +0530 Updating description and entities commit 0d1754cf154cd728b1ae47b825bb5cf04ff02e64 Merge: 830230a5a 412e0667e Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Wed Mar 1 18:07:59 2023 +0530 Merge pull request #7469 from Azure/arm-ttk-failing-when-solutionname-has-space Fixed Arm-ttk issue when solution name has space commit 5d09db59a3561eebda22ccea3ccc5474c006ea0e Merge: c1043379b 830230a5a Author: Thijs Xhaflaire <thijsxhaflaire31@hotmail.com> Date: Wed Mar 1 13:17:24 2023 +0100 Merge branch 'Azure:master' into master commit 2ace3d8f45d06a29587eb609335a12672094244b Author: DixitVedanshi <v-vdixit@microsoft.com> Date: Wed Mar 1 17:36:16 2023 +0530 version update commit 412e0667ec85ea2280eac4d5886023d995cf2e34 Author: v-amolpatil <v-amolpatil@microsoft.com> Date: Wed Mar 1 17:16:39 2023 +0530 fixed issue on space in solution name commit 830230a5a5faf976be72d703366ff0c4b7949325 Merge: ec2492fbf ce5d3c9fd Author: Ofer Shezaf <39997089+oshezaf@users.noreply.github.com> Date: Wed Mar 1 13:05:50 2023 +0200 Merge pull request #7462 from Azure/ASimDnsActivityLogs-parser-bug-fix Duplicate column error fixed - DvcScopeId commit 124aa72e59f7f4b429df341d23d80e1118673111 Merge: 9a009669b 8347232f9 Author: v-sabiraj <v-sabiraj@microsoft.com> Date: Wed Mar 1 16:33:27 2023 +0530 Merge branch 'master' into v-sabiraj-SolutionUpdateforShodan commit 48b2623b6060ecde9ae4a330086bd3f62a6c72d7 Merge: f960cf697 ec2492fbf Author: v-rbajaj <v-rbajaj@microsoft.com> Date: Wed Mar 1 16:21:37 2023 +0530 Merge branch 'master' into v-rbajaj/AzureActiveeDirectory commit f960cf697dd4ddbdffeb9b93e700a45199c9d564 Author: v-rbajaj <v-rbajaj@microsoft.com> Date: Wed Mar 1 16:17:48 2023 +0530 Repackaging Azure Active Directory commit ec2492fbf8917cdda1e96386a88f405a893b580d Merge: 7e5fcbdd4 270f7dcf9 Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Wed Mar 1 16:16:20 2023 +0530 Merge pull request #7425 from Azure/v-vdixit/logo-update Google Cloud Solutions Logo Update commit 7e5fcbdd4df667131778ac5be580803166d4804e Merge: 76813497b a827835a1 Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Wed Mar 1 16:13:32 2023 +0530 Merge pull request #7453 from Azure/v-sabiraj-fixingsocplaybook Updating Soc Process package to fix bug commit c1043379b72765da69124e5a24c99ad357e4a289 Merge: ccd10f67f 49aeb72a7 Author: Thijs Xhaflaire <thijsxhaflaire31@hotmail.com> Date: Wed Mar 1 11:28:34 2023 +0100 Merge branch 'master' of https://github.com/txhaflaire/Azure-Sentinel commit ccd10f67f2c11314948c1f4601044b2c0b48fbc2 Merge: 30d3368dd 76813497b Author: Thijs Xhaflaire <thijsxhaflaire31@hotmail.com> Date: Wed Mar 1 11:28:22 2023 +0100 Merge remote-tracking branch 'upstream/master' commit 49aeb72a742ff998db913fc539408b760a8959c8 Merge: 0d57ec6e2 76813497b Author: Thijs Xhaflaire <thijsxhaflaire31@hotmail.com> Date: Wed Mar 1 11:05:31 2023 +0100 Merge branch 'Azure:master' into master commit 76813497ba5fab84d2ad4be0f9733a09268f5c8c Merge: 8347232f9 25c804a39 Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Wed Mar 1 15:32:17 2023 +0530 Merge pull request #7465 from Azure/v-sabiraj-UpdatingMetadataforbugs Updating Workbook Metadata to fix gallery bugs commit 0d57ec6e258c7dbf78f26af2f1c120f6813c1067 Merge: 9c633f503 8347232f9 Author: Thijs Xhaflaire <thijsxhaflaire31@hotmail.com> Date: Wed Mar 1 10:50:48 2023 +0100 Merge branch 'Azure:master' into master commit 25c804a39c842be4e74aba5fca7acf90a8c4d4c6 Author: v-sabiraj <v-sabiraj@microsoft.com> Date: Wed Mar 1 15:17:50 2023 +0530 Updating Workbook Metadata to fix gallery bugs commit 8347232f97f00439e3ab67d392548a9bea53c0c4 Merge: da1cf1041 377fc2478 Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Wed Mar 1 15:02:51 2023 +0530 Merge pull request #7413 from Azure/v-vdixit/file-path-update3 File path update for hunting queries commit 481f8462f0d73c9a59717fe8684b9921e5d4dbe5 Author: DixitVedanshi <v-vdixit@microsoft.com> Date: Wed Mar 1 14:59:54 2023 +0530 Version updates commit f3a462bef7ae545de0bc987d8adce3e4300073af Author: PrasadBoke <v-prasadboke@microsoft.com> Date: Wed Mar 1 14:59:38 2023 +0530 MongoDB Repackaging commit 695900736431b3a799ef5565746716aa4562bc19 Author: v-rbajaj <v-rbajaj@microsoft.com> Date: Wed Mar 1 14:43:11 2023 +0530 Updated the 2.0.3 zip commit d613fb75da68e31787962aa88b292466854f39f4 Author: DixitVedanshi <v-vdixit@microsoft.com> Date: Wed Mar 1 14:42:57 2023 +0530 updating Version commit 377fc2478efc1ab4fddb2f22eee9c5fb65e1ffc3 Author: v-vdixit <115772287+v-vdixit@users.noreply.github.com> Date: Wed Mar 1 13:55:05 2023 +0530 updating path1 commit aa8d29521c578568b4408ac98e95cd696d1502f9 Author: v-vdixit <115772287+v-vdixit@users.noreply.github.com> Date: Wed Mar 1 13:50:52 2023 +0530 updating AzureVirtualNetworkSubnets commit f65038e41184f5bb13c679842dcf5fadf2654d78 Merge: 7052b594f da1cf1041 Author: PrasadBoke <v-prasadboke@microsoft.com> Date: Wed Mar 1 13:39:11 2023 +0530 Merge branch 'master' into v-prasadboke-AtlassianJiraAudit-DataConnector commit a827835a10539e698e9aa79d9338e538c706d555 Author: v-sabiraj <v-sabiraj@microsoft.com> Date: Wed Mar 1 13:24:24 2023 +0530 Update azuredeploy.json commit 50f8752d3fa6e3be7030635a25e21f2468662440 Merge: bd419b31f da1cf1041 Author: v-sabiraj <v-sabiraj@microsoft.com> Date: Wed Mar 1 13:24:16 2023 +0530 Merge branch 'master' into v-sabiraj-fixingsocplaybook commit ce5d3c9fde86ad1164452558829843280922d9ce Merge: cdb47b58e ac2f6b0b5 Author: vakohl <97222872+vakohl@users.noreply.github.com> Date: Wed Mar 1 13:22:56 2023 +0530 Merge branch 'ASimDnsActivityLogs-parser-bug-fix' of https://github.com/Azure/Azure-Sentinel into ASimDnsActivityLogs-parser-bug-fix commit cdb47b58e46b4c5db2a97e4fdd520624b319d1d4 Author: vakohl <97222872+vakohl@users.noreply.github.com> Date: Wed Mar 1 13:22:49 2023 +0530 added DvcScopeId to the table schema commit 9c633f503f6085d5e597be7667705ec092541503 Merge: 30d3368dd da1cf1041 Author: v-atulyadav <104008048+v-atulyadav@users.noreply.github.com> Date: Wed Mar 1 13:21:53 2023 +0530 Merge branch 'master' into pr/7419 commit 2f87b2293ff173dae30dac4c7364efa0a28f48db Author: PrasadBoke <v-prasadboke@microsoft.com> Date: Wed Mar 1 13:13:23 2023 +0530 Marklogic Repackaging commit 7052b594f65b43b138c1898f881c8ee4a35ebe86 Author: PrasadBoke <v-prasadboke@microsoft.com> Date: Wed Mar 1 12:32:40 2023 +0530 Update SkipValidationsTemplates.json commit da1cf1041bdb21a5aaa1c417f52ffe869f241377 Merge: 990ced0af 0b848f0d6 Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Wed Mar 1 12:32:20 2023 +0530 Merge pull request #7282 from Azure/v-vdixit/KQL-validation-fix-for-Multiple-solutions KQL validations for Hunting Queries for multiple solutions commit 4bae5b91ad091217a2fe458d32fd2835c676d8ec Merge: fbb7d0292 990ced0af Author: v-sabiraj <v-sabiraj@microsoft.com> Date: Wed Mar 1 12:31:02 2023 +0530 Merge branch 'master' into v-rbajaj/VirusTotal commit ac2f6b0b574fc6467f328bbc6e39a6baff9bafcf Author: github-actions[bot] <> Date: Wed Mar 1 06:54:15 2023 +0000 [ASIM Parsers] Generate deployable ARM templates from KQL function YAML files. commit c216ee722f88074679a8057ee8c1f80692a8bccd Merge: 0199a1662 990ced0af Author: github-actions[bot] <> Date: Wed Mar 1 06:54:03 2023 +0000 Merge remote-tracking branch 'origin/master' into ASimDnsActivityLogs-parser-bug-fix commit 0199a16622d35eb1a74e3c72f303f5a86068c246 Author: vakohl <97222872+vakohl@users.noreply.github.com> Date: Wed Mar 1 12:20:50 2023 +0530 Updated Parser Version and Date commit e7da9fef44a2c45356a8fd934db3908612db7f6d Author: vakohl <97222872+vakohl@users.noreply.github.com> Date: Wed Mar 1 12:15:14 2023 +0530 Duplicate column error fixed - DvcScopeId commit a1d177f6022d0a30b74f72b4157a7e004f74aaf9 Author: PrasadBoke <v-prasadboke@microsoft.com> Date: Wed Mar 1 12:15:00 2023 +0530 Update SkipValidationsTemplates.json commit 990ced0af085cde6851121ce0b87f2cf82daefca Merge: 3286c9d6b 94e2d842e Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Wed Mar 1 12:13:56 2023 +0530 Merge pull request #7427 from Azure/origin/users/rahul/gcp-bigquery GCP BigQuery Solution - Initial commit of solution commit 3286c9d6b1adc0f6b898dfc8db9d304cd1e23170 Merge: be6b439e8 755249e24 Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Wed Mar 1 12:12:32 2023 +0530 Merge pull request #7294 from Azure/v-ntripathi/MaturityModelWorkbookFixIcM361952128 Fixing workbook query regarding IcM and repackaging commit fbb7d0292348703f1432812fd6ddc9b573bcea91 Merge: 21c4bed62 be6b439e8 Author: v-rbajaj <v-rbajaj@microsoft.com> Date: Wed Mar 1 11:23:56 2023 +0530 Merge branch 'master' into v-rbajaj/VirusTotal commit be6b439e8e818d30b4cfb1fdd30ed06b2623304a Merge: c74e7d817 0407141d9 Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Wed Mar 1 10:43:37 2023 +0530 Merge pull request #6925 from referefref/patch-1 Update AWSBucketAPILogs-SuspiciousDataAccessToS3BucketsfromUnknownIP.… commit c74e7d8174da6482f81e22d73ea20c8dfce4be5d Merge: 5d7077c80 3391ffcaf Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Wed Mar 1 10:38:08 2023 +0530 Merge pull request #7035 from ep3p/patch-6 Fix fields in Solution/Analytic Rule AzureADRoleManagementPermissionGrant.yaml commit 755249e24ac7dec840264a1b527c70e90464402e Merge: 4460ad5b2 ce1b0e7e2 Author: Meena Kumari Chatla <v-mchatla@microsoft.com> Date: Wed Mar 1 10:31:27 2023 +0530 Merge branch 'master' into v-ntripathi/MaturityModelWorkbookFixIcM361952128 commit 5d7077c805af8ccd6b1b364e4dad95eba89390ea Merge: ce1b0e7e2 1757d5974 Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Wed Mar 1 10:30:45 2023 +0530 Merge pull request #7456 from Azure/arm-ttk-issue-fix Arm ttk issue fix commit 427a8a26d9c17a24a5d097d17ad1419223f20731 Author: v-vdixit <115772287+v-vdixit@users.noreply.github.com> Date: Wed Mar 1 10:28:56 2023 +0530 Update IPEntity_DuoSecurity.yaml commit 89bc51c158b9996b8225c184d2e0dd4f20904de6 Author: v-vdixit <115772287+v-vdixit@users.noreply.github.com> Date: Wed Mar 1 10:28:01 2023 +0530 Updating AdFind_Usage.yaml commit 63fe5ba5903964d432fc97940bf77add1e24b67a Author: Shain <45466083+shainw@users.noreply.github.com> Date: Tue Feb 28 20:34:53 2023 -0800 Update gte_6_FailedLogons_10m.yaml commit ce1b0e7e2889918b66533a1333f1a47b1aaf14d1 Merge: 3af5f111d 3101d404a Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Wed Mar 1 10:03:43 2023 +0530 Merge pull request #7431 from briandelmsft/ii_wb_patch Investigation Insights - ASIM Support commit bd66e550853991f9681d826e8ac528abcd33b827 Author: Manish Kumar <97503740+manishkumar1991@users.noreply.github.com> Date: Wed Mar 1 09:04:33 2023 +0530 Update azuredeploy.json commit 6f3d5a72da513412e73a218d98d45359aee64666 Author: Manish Kumar <97503740+manishkumar1991@users.noreply.github.com> Date: Wed Mar 1 09:01:46 2023 +0530 Update readme.md commit 775998089da2b6925873939014e57a34abf8496e Author: gitj121 <jekurien@microsoft.com> Date: Tue Feb 28 13:16:07 2023 -0800 Description changes commit 37428ea2fffae391739b7910cc04c3c8ab010d50 Author: v-vdixit <115772287+v-vdixit@users.noreply.github.com> Date: Wed Mar 1 00:14:23 2023 +0530 version update commit 04ad400e02cc6a3b158b67f417885671d68b2101 Author: gitj121 <jekurien@microsoft.com> Date: Tue Feb 28 10:41:11 2023 -0800 Adding with changes commit a074d314c8b6bfab71c17afd61d68ab79da0dfa1 Author: DixitVedanshi <v-vdixit@microsoft.com> Date: Wed Mar 1 00:06:08 2023 +0530 version update commit 3c519a323bae6df8ad7ae41ee83f09393f518dd4 Author: v-sabiraj <v-sabiraj@microsoft.com> Date: Tue Feb 28 23:39:59 2023 +0530 Adding playbooks to MDE Solution commit 0f2c9966b5db3e22e2edc7455fc20b74dedf75df Author: Catherine Watson <cwatson@microsoft.com> Date: Tue Feb 28 08:38:50 2023 -0800 Update Dynamics 365 md desc to add Docs link @prtanej commit 187ec26e2b36bcc1cae47ff4c684bcf4ac326b55 Author: jayeshprajapaticrest <98145046+jayeshprajapaticrest@users.noreply.github.com> Date: Tue Feb 28 22:00:59 2023 +0530 Updated readme file by adding prerequisite about to deploy dependent playbook first. (#6) Co-authored-by: jayeshssc <jayesh.prajapati@CDSYS.LOCAL> commit 1757d5974db4a74761e73a0672b74d9a802bc132 Author: v-amolpatil <v-amolpatil@microsoft.com> Date: Tue Feb 28 21:55:35 2023 +0530 Update arm-ttk-validations.yaml commit f34c5e317318410318bbf548945bc4bece3a4f2c Author: v-amolpatil <v-amolpatil@microsoft.com> Date: Tue Feb 28 21:45:23 2023 +0530 updated code commit 3af5f111d58b65d8bb8293f4aacc97776b617bc8 Merge: 68516975f 95df0ea8f Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Tue Feb 28 20:02:16 2023 +0530 Merge pull request #7240 from Azure/v-atulyadav/Windows-Security-Events Repackage Windows Security Events commit bd9ad173269557a88012a581d698d39b829c9deb Author: v-amolpatil <v-amolpatil@microsoft.com> Date: Tue Feb 28 19:50:49 2023 +0530 updated code to fix commit 0277f7811b1193e424d656315b07bcc75db350a7 Author: DixitVedanshi <v-vdixit@microsoft.com> Date: Tue Feb 28 19:31:27 2023 +0530 updating whitespaces commit bd419b31f0ebd30e32bc11bc96053b162b396c73 Author: v-sabiraj <v-sabiraj@microsoft.com> Date: Tue Feb 28 19:14:27 2023 +0530 Update azuredeploy.json commit c1061631e5fb01469ff8ab3e771573f1baa7bb9f Merge: debfbfb03 68516975f Author: v-vdixit <115772287+v-vdixit@users.noreply.github.com> Date: Tue Feb 28 18:54:19 2023 +0530 Merge branch 'master' into v-vdixit/file-path-update3 commit debfbfb03103d7006097b1f4eb8f8278e7de7357 Merge: cf4145086 adf2433a8 Author: DixitVedanshi <v-vdixit@microsoft.com> Date: Tue Feb 28 18:46:12 2023 +0530 Updating description commit cf414508699f640f8ba5dbe174538e1fe100715f Author: DixitVedanshi <v-vdixit@microsoft.com> Date: Tue Feb 28 18:37:37 2023 +0530 updating quotes commit fdd23459a6420076e93c300c1683b9e1ae401cbb Author: syed-loginsoft <sdawood@loginsoft.com> Date: Tue Feb 28 18:19:56 2023 +0530 Updated version from 2.0.0 to 2.0.1 commit adf2433a8d963bdd1765c714c8f64e11c97a250c Author: v-vdixit <115772287+v-vdixit@users.noreply.github.com> Date: Tue Feb 28 18:03:56 2023 +0530 Updating ProofpointPODHighScoreAdultValue.yaml commit d9c8af19ebadb591c6cabc46acceba17fdd6cfe9 Author: v-vdixit <115772287+v-vdixit@users.noreply.github.com> Date: Tue Feb 28 18:02:53 2023 +0530 Updating UseragentExploitPentest commit 76dac88a9155c3e2287ea44b4dcb4d283e71750b Author: v-vdixit <115772287+v-vdixit@users.noreply.github.com> Date: Tue Feb 28 18:01:57 2023 +0530 Updating quotes commit 491992bb8f26ec824b69297d7225cc0ab633ea1f Author: v-vdixit <115772287+v-vdixit@users.noreply.github.com> Date: Tue Feb 28 18:01:32 2023 +0530 updating quotes commit 99a4f75d27c6ba71193083d1bc3cfb40a634e3bf Author: v-vdixit <115772287+v-vdixit@users.noreply.github.com> Date: Tue Feb 28 17:59:55 2023 +0…

commit 137d60b0108b297faa722982fc587bb241b1012c Merge: c8c8b6d82 7e13ac1fc Author: git-rubrik <120683256+git-rubrik@users.noreply.github.com> Date: Tue Mar 14 07:47:14 2023 -0700 Merge branch 'Azure:master' into master commit 7e13ac1fcb778f2c3c3b2fdc3753a7e3aa11151d Merge: ce8280925 7cea6315b Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Tue Mar 14 18:31:01 2023 +0530 Merge pull request #7549 from Azure/v-rbajaj/ciscouscciscomeraki Updating CiscoUCS and Cisco Meraki commit ce8280925c2b9ab93c0e675c17a46778bdc97498 Merge: efe120329 46bbf1324 Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Tue Mar 14 17:24:47 2023 +0530 Merge pull request #7546 from Azure/v-rbajaj/azureactivedirectorysolution Repackaging Azure Active Directory commit efe12032972be7a40463e8a2d4e3d87c14946d65 Merge: ee655784a fb0ebb098 Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Tue Mar 14 16:56:13 2023 +0530 Merge pull request #7441 from Azure/v-rbajaj/ISCBind Update in data connector and parser commit 46bbf1324b1a0c6c71357548afea99478e214156 Author: v-rbajaj <v-rbajaj@microsoft.com> Date: Tue Mar 14 16:44:48 2023 +0530 repackaged with changes in data connector commit 7cea6315be9f72785888bcecbb98709ab55e2531 Author: v-rbajaj <v-rbajaj@microsoft.com> Date: Tue Mar 14 16:19:11 2023 +0530 Fixing UI changes commit ee655784a87594ae3fc688d37ff7ee6126a5a3b3 Merge: 78ef61068 60011ccf9 Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Tue Mar 14 16:05:06 2023 +0530 Merge pull request #7552 from Azure/v-vdixit/parsers-update-solutions Updating UI for Blackberry CylancePROTECT Solution commit 78ef61068a07390604612c8d38202a5b09a7d613 Merge: 7955d224b 9bfc71d94 Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Tue Mar 14 15:48:37 2023 +0530 Merge pull request #7285 from Azure/v-vdixit/KQLvalidationsMultipleSolutions Hunting Queries KQL validations for Multiple Solutions commit 7955d224b1722197786493f4399b22976871410d Merge: 066e04543 36990e71f Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Tue Mar 14 15:47:32 2023 +0530 Merge pull request #7536 from BenjiSec/AutomationHealthv2 Automation Health workbook update commit 60011ccf917cb1f23f98a16df0cdb82a6b369f4b Author: DixitVedanshi <v-vdixit@microsoft.com> Date: Tue Mar 14 15:09:34 2023 +0530 Updating UI for BlackberryCyclaneProtect commit 066e04543942bee44141f0915ec5d18b7a17ad52 Merge: fa775f897 05859e0d1 Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Tue Mar 14 14:51:08 2023 +0530 Merge pull request #7517 from txhaflaire/JamfProtect_for_MicrosoftSentinel_v2.1.2 Adding eventGroupingSettings to Analytic Rules commit fa775f8975ff22f838cdf92432c4973a38eafdf6 Merge: 5e67ce911 0096bcf65 Author: v-sabiraj <94349919+v-sabiraj@users.noreply.github.com> Date: Tue Mar 14 14:40:36 2023 +0530 Merge pull request #7481 from Azure/v-sabiraj-TemplatespecsolutionforGCPBigquery Solution creation for GCP big query commit 9bfc71d94933e7e26cbb081dcdb7a313eac2bb64 Author: v-vdixit <115772287+v-vdixit@users.noreply.github.com> Date: Tue Mar 14 14:35:52 2023 +0530 updating skipvalidations commit 39e68c9759a48e594d00a8301cb566a2b7788d5a Author: v-rbajaj <v-rbajaj@microsoft.com> Date: Tue Mar 14 14:17:59 2023 +0530 Fixing Cisco Meraki createui commit cd9dde7a137a42d4ee1c2ab5a4c879122a134907 Author: v-vdixit <115772287+v-vdixit@users.noreply.github.com> Date: Tue Mar 14 14:17:23 2023 +0530 Updating SkipValidationsTemplates.json commit c94056df6b38e12e70c1b16fced5522ebae7d48a Merge: e2ce52b9f 5e67ce911 Author: v-vdixit <115772287+v-vdixit@users.noreply.github.com> Date: Tue Mar 14 13:58:40 2023 +0530 Merge branch 'master' into v-vdixit/KQLvalidationsMultipleSolutions commit 5e67ce9115f3ffd959fdcc87e44a1f7f18d00c66 Merge: 6221850ff 5d54f6a3d Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Tue Mar 14 12:39:16 2023 +0530 Merge pull request #6409 from samikroy/patch-32 Created a new tool for creating Incidents with email commit 0376a9db312494eb9cd019859ea4bbf8f75d83ac Author: v-rbajaj <v-rbajaj@microsoft.com> Date: Tue Mar 14 11:52:44 2023 +0530 Updating CiscoUCS and Cisco Meraki commit 5d54f6a3d217cf084f47f2b1d2cec3de203fce3e Author: v-atulyadav <104008048+v-atulyadav@users.noreply.github.com> Date: Tue Mar 14 11:45:49 2023 +0530 Update azuredeploy.json commit e2ce52b9f4cd038ef16af2341f3519f3362c892a Author: v-vdixit <115772287+v-vdixit@users.noreply.github.com> Date: Tue Mar 14 11:36:23 2023 +0530 Update UseragentExploitPentest.yaml commit 28d41367f87e6082fc468fb0308fd6e122878759 Author: v-vdixit <115772287+v-vdixit@users.noreply.github.com> Date: Tue Mar 14 11:27:41 2023 +0530 Update GCPDNSRareErrors.yaml commit 7690d7814e1d7e7d3d102a350ad5f3bb2e11d220 Author: v-vdixit <115772287+v-vdixit@users.noreply.github.com> Date: Tue Mar 14 11:27:02 2023 +0530 Update GCPDNSRareDomains.yaml commit 6221850ffa51ac38ec68b4c7cfd0ce6034b4280e Merge: ce0557ac6 dcfba6b67 Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Tue Mar 14 11:01:45 2023 +0530 Merge pull request #7288 from Azure/v-vdixit/kql-validation-tests-for-hunting-queries Fixed failing KQL validations for Hunting Queries commit 5ee092c3ca1506e5f81a23e176d15f8d67368d44 Author: DixitVedanshi <v-vdixit@microsoft.com> Date: Tue Mar 14 10:51:36 2023 +0530 updating hunting queries commit dcf74d8e1c23ad55db1c4afc39b075eeb3144c75 Author: v-rbajaj <v-rbajaj@microsoft.com> Date: Mon Mar 13 16:05:28 2023 +0530 Repackaging Azure Active Directory commit ce0557ac60726ac30e189bc0146640723984f3b1 Merge: 5c9360596 4059a2c34 Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Mon Mar 13 15:34:47 2023 +0530 Merge pull request #7523 from Azure/v-vdixit/parsers-update-solutions Repackaging Solutions with Parser instructions Update commit 5c93605969b1dd18337f00806563d2ed0b69c171 Merge: e968e5f22 bada46d1a Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Mon Mar 13 15:31:22 2023 +0530 Merge pull request #7521 from Azure/v-rbajaj/RepackagingSolutions Repackaging BroadcomSymantecDLP, Cisco UCS, CiscoMeraki commit bada46d1a3f187e985d38c13ca456d963eba6f36 Author: v-rbajaj <v-rbajaj@microsoft.com> Date: Mon Mar 13 14:46:55 2023 +0530 Rolled back changes in main template commit e968e5f22301f00bbd9c6abcd85e130b65f5ea10 Merge: 35058f509 6cca7e5eb Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Mon Mar 13 12:26:24 2023 +0530 Merge pull request #7354 from Azure/v-vdixit/Data-connector-Updates Data Connector and Parser Update commit 6cca7e5ebcb2b3feef74c182a1f192f5253145c1 Author: DixitVedanshi <v-vdixit@microsoft.com> Date: Mon Mar 13 10:58:58 2023 +0530 updating createUI commit 35058f5091c83da4fecf65354c70ff35a8783909 Author: danielohfeld <98688758+danielohfeld@users.noreply.github.com> Date: Sun Mar 12 17:42:11 2023 +0200 Feature/danielohfeld/add readme to gcp terraform (#7541) * add support for cloudwatch * add readme for GCP connector scripts * minor fixes commit 14a610b53d79bdc9d682b83c3b19f719a3561b54 Merge: db2e74dbe 1e52eb46a Author: Ofer Shezaf <39997089+oshezaf@users.noreply.github.com> Date: Sun Mar 12 10:54:07 2023 +0200 Merge pull request #7540 from Azure/asim/update-pa-web-parser asim/update-pa-web-parser commit 1e52eb46ad8cc2ca884c203b5935cb90947a4981 Author: github-actions[bot] <> Date: Sun Mar 12 08:38:48 2023 +0000 [ASIM Parsers] Generate deployable ARM templates from KQL function YAML files. commit aec60f35687f112559737bc8dc7004a12abecf0b Author: Ofer Shezaf <39997089+oshezaf@users.noreply.github.com> Date: Sun Mar 12 10:35:35 2023 +0200 asim/update-pa-web-parser commit c8c8b6d826999051728f3a2efde3c3b528f990a0 Author: jayeshprajapaticrest <98145046+jayeshprajapaticrest@users.noreply.github.com> Date: Sat Mar 11 00:04:13 2023 +0530 Rubrik sentinel playbook update (#8) * Updated readme file by adding prerequisite about to deploy dependent playbook first. * Fixed the inline comments suggested by Reviewer. * Fixed the URL -> URLs related validation error in the Playbook template and make updated solution with the version 2.0.1 --------- Co-authored-by: jayeshssc <jayesh.prajapati@CDSYS.LOCAL> commit 655ee3cf22b59fd5bfa0f9d47e719edc7ab372d7 Merge: 4faee01b9 d2161119e Author: Ben Meadowcroft <ben@benmeadowcroft.com> Date: Fri Mar 10 10:31:17 2023 -0800 Merge branch 'master' of https://github.com/rubrikinc/Azure-Sentinel commit 4faee01b9aa034e953fc59afaf510fd50ad2bd3e Author: Ben Meadowcroft <ben@benmeadowcroft.com> Date: Fri Mar 10 10:27:52 2023 -0800 Squashed commit of the following: commit 2d1031699e5718207b83fcd80e8ec654a758fdbb Author: jayeshssc <jayesh.prajapati@CDSYS.LOCAL> Date: Fri Mar 10 13:39:24 2023 +0530 Fixed the URL -> URLs related validation error in the Playbook template and make updated solution with the version 2.0.1 commit 4183453f81478807876d7363254517c1ddb0e1fc Author: jayeshssc <jayesh.prajapati@CDSYS.LOCAL> Date: Fri Mar 3 21:55:44 2023 +0530 Fixed the inline comments suggested by Reviewer. commit fe95a41a4843e89659691e5a6970648467a25f5f Author: jayeshssc <jayesh.prajapati@CDSYS.LOCAL> Date: Tue Feb 28 12:24:11 2023 +0530 Updated readme file by adding prerequisite about to deploy dependent playbook first. commit d2161119e3d333f1885053b5712d536ede41d025 Merge: ad957cce6 db2e74dbe Author: git-rubrik <120683256+git-rubrik@users.noreply.github.com> Date: Fri Mar 10 10:04:56 2023 -0800 Merge remote-tracking branch 'upstream/master' commit db2e74dbe16108af7e366b6afcd5a42f5cc468c2 Merge: 562c13712 c8b59da62 Author: v-atulyadav <104008048+v-atulyadav@users.noreply.github.com> Date: Fri Mar 10 19:16:09 2023 +0530 Merge pull request #7530 from Azure/v-sabiraj-fixingWorkbooksbugs Fixing Bugs for Workbooks commit 36990e71f65c488335f39fe937e6c03b51b57c15 Author: Benjamin Kovacevic <61513156+BenjiSec@users.noreply.github.com> Date: Fri Mar 10 12:15:57 2023 +0000 update to automationheatlth.json removing link localization commit f03026b51f95480f0d8fa65dba80c31daa78e886 Author: Benjamin Kovacevic <61513156+BenjiSec@users.noreply.github.com> Date: Fri Mar 10 11:54:37 2023 +0000 Automation Health workbook update commit 562c137120dabe36243fd15e08db200bd2c06d84 Merge: 4fe9115e1 fa6c5025e Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Fri Mar 10 17:20:27 2023 +0530 Merge pull request #7516 from Azure/v-rbajaj/virustotalsolution Repackaging VirusTotal commit c8b59da628ef3816369d9bf511ac9636e6907b46 Author: v-sabiraj <v-sabiraj@microsoft.com> Date: Fri Mar 10 16:42:40 2023 +0530 Updating maintempate and UI for workbook commit 61964eb1494ae39797814f87e2a7f79517195ec4 Merge: be0b737d9 4fe9115e1 Author: v-sabiraj <v-sabiraj@microsoft.com> Date: Fri Mar 10 16:29:38 2023 +0530 Merge branch 'master' into v-sabiraj-fixingWorkbooksbugs commit fa6c5025e21bbecaecbdaefeb5b759483389c3e0 Author: v-rbajaj <v-rbajaj@microsoft.com> Date: Fri Mar 10 13:43:02 2023 +0530 updated zip commit 4fe9115e1e913ef3388b3fc86a418a767f71fd88 Merge: a90f55966 147d26cd5 Author: v-sabiraj <94349919+v-sabiraj@users.noreply.github.com> Date: Fri Mar 10 12:06:18 2023 +0530 Merge pull request #7341 from tduarte14/patch-1 Show the actual Role and Fix InitiatingUser commit a90f559669869d4d958af14f97cc07252aad068b Merge: 1fda18445 78dba38e9 Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Fri Mar 10 11:27:56 2023 +0530 Merge pull request #7430 from danymello/vectra_detect_analytics_fix fix typo and remove URL mapping commit 4059a2c3476388cebc9a5902b9cadedd384c822d Author: DixitVedanshi <v-vdixit@microsoft.com> Date: Fri Mar 10 10:45:44 2023 +0530 updating connector desciption commit d14f7604518fd503a148b379bff90b7b4cb67cf8 Author: v-rbajaj <v-rbajaj@microsoft.com> Date: Fri Mar 10 10:32:30 2023 +0530 Updated data connector description commit 1fda184457f19e9269d028390c0d37628c24dcc1 Merge: 1817a14a8 8bbe8fd03 Author: Pete Bryan <peter.bryan@microsoft.com> Date: Thu Mar 9 12:49:54 2023 -0800 Merge pull request #7531 from Azure/pebryan/3_9_2023_AiTMDetection Added new AiTM detection commit 8bbe8fd0335ffd3b739588740f6c6325ca526ffb Author: Pete Bryan <peter.bryan@microsoft.com> Date: Thu Mar 9 12:30:03 2023 -0800 Added extra data connector commit 40ff5715ecca2c0b98ad00a70449d541ac2763ac Author: Pete Bryan <peter.bryan@microsoft.com> Date: Thu Mar 9 11:37:34 2023 -0800 Added exclusion for unknown ASIM parameter commit 73aa25e03620d2f626bebf66f570d956880aeedb Author: Pete Bryan <peter.bryan@microsoft.com> Date: Thu Mar 9 11:15:11 2023 -0800 Updated alert desc format commit 72f1018cbdf89c7487665424a4f39ec2da7ee0f2 Author: Pete Bryan <peter.bryan@microsoft.com> Date: Thu Mar 9 11:02:00 2023 -0800 Added new AiTM detection commit 1817a14a86c15cb0b3a2177c528dcab872524a59 Author: Pete Bryan <peter.bryan@microsoft.com> Date: Thu Mar 9 11:00:43 2023 -0800 Remove file accidently pushed to master commit ca7b27fa1ac55a2e2c0342e40323e1da7acc65ac Author: Pete Bryan <peter.bryan@microsoft.com> Date: Thu Mar 9 10:53:55 2023 -0800 Added new AiTM detection commit be0b737d9bcc9ef9a90c29501818e8a4ed3d44c3 Author: v-sabiraj <v-sabiraj@microsoft.com> Date: Thu Mar 9 23:38:25 2023 +0530 Fixing Bugs for Workbooks commit a02ce85c96f162de6f8cc06f07a53b6525f0ff7f Merge: 156b3e8bb 7587e5653 Author: Ofer Shezaf <39997089+oshezaf@users.noreply.github.com> Date: Thu Mar 9 18:25:22 2023 +0200 Merge pull request #7526 from Azure/asim/add-registry-generation Update convertKqlFunctionYamlToArmTemplate.yaml commit 7587e5653d71c287acd784443c68498e5896736d Author: Ofer Shezaf <39997089+oshezaf@users.noreply.github.com> Date: Thu Mar 9 17:15:23 2023 +0200 Update convertKqlFunctionYamlToArmTemplate.yaml commit fb0ebb098e6929bb4eeca308d461032de4b623b5 Author: v-rbajaj <v-rbajaj@microsoft.com> Date: Thu Mar 9 17:22:19 2023 +0530 Updated CreateUI and repackaged commit 8a1ca5661878578ef6309ced0870eb2734ab7a58 Author: DixitVedanshi <v-vdixit@microsoft.com> Date: Thu Mar 9 15:33:29 2023 +0530 Repackaging Solutions with Parser instructions update commit 0dfa042269ebb7389bcddb6257f9178dc644c9e3 Author: v-rbajaj <v-rbajaj@microsoft.com> Date: Thu Mar 9 15:18:37 2023 +0530 validation fixes and necessary changes commit 5714200c8ce499f47d9cabfce271712c44f06a78 Author: v-rbajaj <v-rbajaj@microsoft.com> Date: Thu Mar 9 14:08:59 2023 +0530 fixing validations and discarding createui changes commit f3113391c3eb033119d9ad5e79652b4542006a06 Author: v-rbajaj <v-rbajaj@microsoft.com> Date: Thu Mar 9 12:55:59 2023 +0530 Repackaging BroadcomSymantecDLP, Cisco UCS, CiscoMeraki commit 156b3e8bb2abdcc554f0cf7df205c93aa3e8fb8f Merge: b49fa6474 8d7e5d6ec Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Thu Mar 9 12:35:52 2023 +0530 Merge pull request #7519 from Azure/Fixingworkspacedetection Fixingworkspacedetection commit 2bc53fda6699c7b3405af9619ceb274b29609b45 Author: DixitVedanshi <v-vdixit@microsoft.com> Date: Thu Mar 9 12:16:42 2023 +0530 Updating workbooks text commit 78f7d5392a8fcb8a35ded57ba1b701a460ccf618 Merge: 4fd02df11 79308d0fe Author: DixitVedanshi <v-vdixit@microsoft.com> Date: Thu Mar 9 12:02:48 2023 +0530 Merge branch 'master' into v-vdixit/Data-connector-Updates commit b49fa6474962a5968ecc62f17058846e98e991d6 Author: treyperrone <trey.perrone@gmail.com> Date: Thu Mar 9 01:20:42 2023 -0500 Update MaliciousOAuthApp_O365AttackToolkit.yaml (#7397) * Update MaliciousOAuthApp_O365AttackToolkit.yaml Current rule uses an older defaults for `Consent.Full` that was deprecated from the file: https://github.com/mdsecactivebreach/o365-attack-toolkit/blob/2231565f576e2d655cb9444ffed7309374c454a5/static/index.html#L29 The NEW defaults generated in Nov 2020 are here: https://github.com/mdsecactivebreach/o365-attack-toolkit/blob/master/template.conf old values to match on: `"offline_access","contacts.read","user.read","mail.read","notes.read.all","mailboxsettings.readwrite","Files.ReadWrite.All"` NEW values to match on: `"offline_access contacts.read user.read mail.read mail.send files.readWrite.all files.read files.read.all openid profile"` The current detection relies on finding `mailboxsettings` in LN32 https://github.com/Azure/Azure-Sentinel/blob/c6dce9c3aa4d4b4d02423ac4eb5a6b677a39e432/Solutions/Azure%20Active%20Directory/Analytic%20Rules/MaliciousOAuthApp_O365AttackToolkit.yaml#L32 which means anyone that downloads the current O365 attack toolkit and runs it with the defaults settings will NOT trigger the alert (this drove us crazy for a few hours testing). * move dynamic array to single array and match on has_any. remove search for single value * update description verbiage * updates from github conversation with join and new entity with appdisplayname for investigation graph * remove orphaned csv of app list, since its embedded in the KQL now. this is better for versioning as well; changes to CSV currently dont prompt a new version on customer side * put feeds knownapps.csv back, add in analrule, mv-aply consentFull * bump version 1.0.1 --> 1.1.0 per @devikamehra --------- Co-authored-by: Meena Kumari Chatla <v-mchatla@microsoft.com> commit 79308d0fef99fb3f054b0f7b521bc600ee709189 Author: v-amolpatil <107389644+v-amolpatil@users.noreply.github.com> Date: Thu Mar 9 11:02:51 2023 +0530 Get-GeoFromIpAndTagIncident Playbook Issue fix (#7513) * updated code * updated code as per review comment commit 87e64dda6408ba6329b1f9bb9df7eb7684a2df6f Author: v-rbajaj <120547590+v-rbajaj@users.noreply.github.com> Date: Wed Mar 8 17:30:20 2023 +0530 Repackaging Microsoft 365 (#7515) * Repackaging Microsoft 365 * Updated zip file * updated data connector description * Updated zip commit 05859e0d14b2defc50dc4c4015d3ce352fe4cba9 Author: Thijs Xhaflaire <thijsxhaflaire31@hotmail.com> Date: Wed Mar 8 11:55:47 2023 +0100 Adding eventGroupingSettings to Analytic Rules commit 0096bcf653a17a64e2da284a2fb1c0b248ebf7b5 Author: v-sabiraj <v-sabiraj@microsoft.com> Date: Wed Mar 8 15:55:42 2023 +0530 Updated UI description commit f525e87aa8bfda8c44520b4b81a111642a2673db Author: v-rbajaj <v-rbajaj@microsoft.com> Date: Wed Mar 8 15:38:21 2023 +0530 Repacking VirusTotal commit 13a9298f0425bc7e71d3ffa6fdae49320a49a212 Author: v-sabiraj <v-sabiraj@microsoft.com> Date: Wed Mar 8 14:59:08 2023 +0530 Updating package by adding variables for connector commit 1eb52deee6fb3e22b95bb9abeabd2486210ea6c9 Author: v-sabiraj <94349919+v-sabiraj@users.noreply.github.com> Date: Wed Mar 8 14:47:18 2023 +0530 Fixing bugs for Recorded future workbook (#7511) commit 6125f4ece5d0604bda40725b03dfc7df0271bc03 Merge: 50804e482 7498bb905 Author: Ofer Shezaf <39997089+oshezaf@users.noreply.github.com> Date: Wed Mar 8 09:56:58 2023 +0200 Merge pull request #7514 from TristankMS/patch-3 Update vimAuthenticationEmpty.yaml commit 62e232e7ced3df4265d7b6b9a0ce8152aa532cae Merge: b21194605 330f50fc2 Author: v-sabiraj <v-sabiraj@microsoft.com> Date: Wed Mar 8 12:21:53 2023 +0530 Merge branch 'master' into v-sabiraj-TemplatespecsolutionforGCPBigquery commit 50804e482c0ebc426966cca1821ab66951914f4f Author: Shain <45466083+shainw@users.noreply.github.com> Date: Tue Mar 7 22:29:10 2023 -0800 Update SharePoint_Downloads_byNewUserAgent.yaml (#7509) * Update SharePoint_Downloads_byNewUserAgent.yaml Adjusted to 8d due to perf considerations and doing 8d as query should be comparing the last day to the previous 7 days to the last day, otherwise it will miss like actions for the same day one week ago, Change order of operation for checking time, do not need to summarize the min/max time in the RecentActivity portion of the query as it is timebound to the last day, do not need to check the time frame of the results as again it is already time bound to last day after the join back to get full details of identified events, removing old entity mapping rows, bringing through proper account entity fields * Update SharePoint_Downloads_byNewUserAgent.yaml change to make_set commit 330f50fc2d6f70704573695830408e2a8ccfbbb0 Author: René Ammerlaan <78021472+rene-ammerlaan@users.noreply.github.com> Date: Wed Mar 8 06:53:27 2023 +0100 Rename Auth0 custom table to match documentation (#7319) * Rename Auth0 custom table to match documentation * Update Auth0Connector zip file * Add union to Auth0 KQL parser file commit 7498bb90581ab1ff9d88adee33456f7bf3a71ade Author: Tristan Kington <TristankMS@users.noreply.github.com> Date: Wed Mar 8 16:47:41 2023 +1100 Update vimAuthenticationEmpty.yaml And convert to more standard datatable syntax commit ef907ed8296d6281c2eb19a2020c2a4723bb5caa Author: Tiago Duarte <103927368+tduarte14@users.noreply.github.com> Date: Wed Mar 8 04:52:52 2023 +0000 Fixed deprecated command columnifexists (#7402) Replaced deprecated columnifexists with column_ifexists Replaced make_set(<<FIELD>>) with make_set(<<FIELD>>,200), so the max items is defined as it's recommended. commit 01b5cd6e77860d3aeba51472002b33b09eaf5006 Author: v-prasadboke <117061676+v-prasadboke@users.noreply.github.com> Date: Tue Mar 7 18:34:10 2023 +0530 Microsoft 365 Defender Repackaging (#7487) commit 6219ee4b02aed5a94cdfd90ae41ab7ae6cac071c Author: v-atulyadav <104008048+v-atulyadav@users.noreply.github.com> Date: Tue Mar 7 18:30:50 2023 +0530 Repackage Checkpoint (#7510) commit 9e510072288231b5c456be7db18478c7e2973665 Author: Samik Roy <samik.n.roy@gmail.com> Date: Tue Mar 7 17:53:10 2023 +0530 Update azuredeploy.json commit 8ac6c8ea08b314fa6ae70007ac78bef6530f67e1 Author: v-vdixit <115772287+v-vdixit@users.noreply.github.com> Date: Tue Mar 7 17:23:50 2023 +0530 Updating solarwindsInventory commit e790f566351ec95cb2c8f6a1492ecec08f534f28 Author: v-rbajaj <v-rbajaj@microsoft.com> Date: Tue Mar 7 16:53:37 2023 +0530 Updated Dataconnector description commit 3865112a4c604b59b74dccc6397403dac8b4048e Merge: 7e250a338 9a6ae5c88 Author: v-sabiraj <94349919+v-sabiraj@users.noreply.github.com> Date: Tue Mar 7 15:59:42 2023 +0530 Merge pull request #7446 from Azure/v-vdixit/Palo-alto-logo-update Palo Alto Solutions Logo update commit 9a6ae5c88286b6a34536068454c8eeb6b5f103ae Author: v-sabiraj <v-sabiraj@microsoft.com> Date: Tue Mar 7 15:43:04 2023 +0530 Revert "Update PaloAltoNetworks.json" This reverts commit 41ef2bf2448a63efdea35c671f750c797443e56a. commit 41ef2bf2448a63efdea35c671f750c797443e56a Author: v-sabiraj <v-sabiraj@microsoft.com> Date: Tue Mar 7 15:42:14 2023 +0530 Update PaloAltoNetworks.json commit 2e11f3da21087243f4e57d7c0b8bda7f3194646c Author: DixitVedanshi <v-vdixit@microsoft.com> Date: Tue Mar 7 13:52:17 2023 +0530 updating logo commit 4fd02df11117cada5f2345cdb4351b4696efffc0 Author: DixitVedanshi <v-vdixit@microsoft.com> Date: Tue Mar 7 13:03:20 2023 +0530 updating whitespace commit 7e250a338b2c9a67914547b4991de4d731bb1f3f Author: Meena Kumari Chatla <108806639+v-mchatla@users.noreply.github.com> Date: Tue Mar 7 12:12:43 2023 +0530 Rapid7InsightVM IcM(370102413) Fix (#7508) * Last Scan Details Fix Last Scan Details Fix * Fixed keyError for last_scan_date attribute * Added log to print recieved event * Removed the logging Removed the logging --------- Co-authored-by: v-rucdu <v-rucdu@microsoft.com> commit c2f74b070315b32f8745195984df6a625d754a23 Author: DixitVedanshi <v-vdixit@microsoft.com> Date: Tue Mar 7 11:04:41 2023 +0530 updating alignment commit 84be7b8805a856c45415573e20b219eb306c30c2 Author: DixitVedanshi <v-vdixit@microsoft.com> Date: Tue Mar 7 10:42:28 2023 +0530 updating note commit 44196df0f6ee93c7ab3c43524bd585a00b0d9d79 Author: v-vdixit <115772287+v-vdixit@users.noreply.github.com> Date: Tue Mar 7 10:31:33 2023 +0530 Updating OCIdestinations commit df6b93c3927babc6225b6239c05615d73491c0ea Author: DixitVedanshi <v-vdixit@microsoft.com> Date: Tue Mar 7 10:27:47 2023 +0530 update2.0.2 zip commit b07ee23f81b1d2d7f51cfb77b730c1396a0a3072 Author: DixitVedanshi <v-vdixit@microsoft.com> Date: Tue Mar 7 10:27:07 2023 +0530 updating connector description commit 8c6e1afb5ac713a33509ad30cd80e60e6aea3f5c Author: v-vdixit <115772287+v-vdixit@users.noreply.github.com> Date: Tue Mar 7 10:25:01 2023 +0530 Updating OracleDBAudit commit 415b148a1495d240e1cecbfc44f5637b0ac85e3d Merge: 4fa7945e3 0c6e3462e Author: Shain <45466083+shainw@users.noreply.github.com> Date: Mon Mar 6 18:08:31 2023 -0800 Merge pull request #7494 from Azure/shainw-FixMessageParse Update ssh_potentialBruteForce.yaml commit 0c6e3462e3984aa10d16b455883e03e1fd640bdf Author: Shain <45466083+shainw@users.noreply.github.com> Date: Mon Mar 6 17:39:54 2023 -0800 Update ssh_potentialBruteForce.yaml Updating description to explain how we are attempting to bring through single valued arrays for use in entity mappings. commit 33fb191f9638f9fe948a7d690476e4f34d31b1c2 Author: DixitVedanshi <v-vdixit@microsoft.com> Date: Mon Mar 6 23:28:57 2023 +0530 updating description of connector commit 0d025d55539c660d04cdac19de7150b61e3af028 Author: DixitVedanshi <v-vdixit@microsoft.com> Date: Mon Mar 6 17:28:52 2023 +0530 updating version commit 2d80a8c821bb2085897144daae50460b724ee997 Author: DixitVedanshi <v-vdixit@microsoft.com> Date: Mon Mar 6 17:02:28 2023 +0530 updating connector commit 4fa7945e3a48d1eba3d293ca6811b07e5b7b85da Merge: b6824cad6 3d674c9fa Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Mon Mar 6 15:17:12 2023 +0530 Merge pull request #7363 from Azure/v-vdixit/file-path-update Detections files path update commit 8d7e5d6ecd89ae8db70a12fdfbc30bc591942718 Merge: 180f25a8a c5387e48f Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Mon Mar 6 15:03:32 2023 +0530 Merge pull request #7432 from treyperrone/patch-3 Update to add `where` IP find/search commit b6824cad6fefa2c99ae55c1bb0472e71fd77498a Merge: 880c2e932 2cb1f93a1 Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Mon Mar 6 14:32:10 2023 +0530 Merge pull request #7343 from daspiker/IslandSentinelSolution Island sentinel solution commit 880c2e9321d86b66955c9e86a450d9d854583904 Merge: 96e7babc5 3b16a888a Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Mon Mar 6 14:10:53 2023 +0530 Merge pull request #7498 from Azure/v-sabiraj-updatingflaresolution Updating package for Flare commit 3b16a888ab45b5da8dcb1a1968739d1edd358e58 Author: v-sabiraj <v-sabiraj@microsoft.com> Date: Mon Mar 6 11:27:23 2023 +0530 Updating version commit 139c54cf65df9a31496f3a47330f3dd49a86892b Author: v-sabiraj <v-sabiraj@microsoft.com> Date: Mon Mar 6 11:16:25 2023 +0530 Updating package for Flare commit 96e7babc572e0d9225fb8efd35f6781fcb599a30 Merge: b4e21be1d e4b232cd2 Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Mon Mar 6 11:11:54 2023 +0530 Merge pull request #7497 from Azure/origins/rahul/EntityPlaybooks Entity Playbooks commit 73ea96dd186906dd4408d0b745456fc5b594d013 Author: Samik Roy <samik.n.roy@gmail.com> Date: Mon Mar 6 10:54:26 2023 +0530 Update azuredeploy.json commit b4e21be1d7fb0b83cb76556f5fbcfade4a4fdf0d Merge: 0d1b98bf7 04546475b Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Mon Mar 6 10:48:21 2023 +0530 Merge pull request #7476 from nickt444/tvm hide table only available to private preview commit 0d1b98bf7b250ba44261e1f1f416dad7caa28be3 Merge: bc84294cd fdd23459a Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Mon Mar 6 10:47:29 2023 +0530 Merge pull request #7436 from syed-loginsoft/cybersixgill-aa-offerid-update Cybersixgill Actionable Alerts offerid update commit 04546475be17994bdb22fc8795ac079b3325b235 Author: Nick Torkington <nicktork@microsoft.com> Date: Mon Mar 6 15:07:01 2023 +1100 reverting version to 1.0.0 commit bc84294cded4ff5c20ea3588c9ed2a378615dd16 Merge: 1086aa87b 2d4e0266b Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Mon Mar 6 09:04:28 2023 +0530 Merge pull request #7420 from Flared/v-sabiraj-AddingAnalyticRuleforFlare V sabiraj adding analytic rulefor flare commit 1086aa87b2305d91ab07bcdb0910ee01bf00e326 Merge: 6bfcebb28 53f5f98a5 Author: Ofer Shezaf <39997089+oshezaf@users.noreply.github.com> Date: Sun Mar 5 23:35:46 2023 +0200 Merge pull request #7495 from Azure/asim/fix-auth-deploy asim/fix-auth-deploy commit 53f5f98a5a677f87f87337e63112c114070f4b27 Author: github-actions[bot] <> Date: Sun Mar 5 21:12:58 2023 +0000 [ASIM Parsers] Generate deployable ARM templates from KQL function YAML files. commit 79c3388ed0cad6fc918ff9d55592f2135c88dd69 Author: Ofer Shezaf <github@shezaf.com> Date: Sun Mar 5 23:09:48 2023 +0200 Update getModifiedASimSchemas.ps1 commit 004ebb6dfed43834715bf5ea2828a01d5b97cbf4 Author: Ofer Shezaf <github@shezaf.com> Date: Sun Mar 5 22:26:21 2023 +0200 asim/fix-auth-deploy commit 526c66810149b9d8f7c875958535ad56ed76edb5 Author: Shain <45466083+shainw@users.noreply.github.com> Date: Sat Mar 4 14:29:49 2023 -0800 Update ssh_potentialBruteForce.yaml adding resourceid commit 36374313d6eebaa3ca86c29e906bf5911607f578 Author: Shain <45466083+shainw@users.noreply.github.com> Date: Sat Mar 4 14:14:18 2023 -0800 Update ssh_potentialBruteForce.yaml high alert counts in some situations and fixing the regex to properly grab the fields when SyslogMessage ends with characters right after ssh2 commit c5387e48f233e5c5ddc19ac3647610199672681e Author: treyperrone <trey.perrone@gmail.com> Date: Fri Mar 3 22:58:39 2023 -0500 add new entity of deleted resource for analyst view commit d2cbca01fd651e210be81eeea59e57063d2934a9 Author: treyperrone <trey.perrone@gmail.com> Date: Fri Mar 3 22:49:21 2023 -0500 swap slicker dynamic expansion from @v-atulyadav, bump version from 1.0.5 --> 1.0.6 commit ad957cce63699d6f3d6b7080bb4dbd249db0105a Author: jayeshprajapaticrest <98145046+jayeshprajapaticrest@users.noreply.github.com> Date: Fri Mar 3 22:37:48 2023 +0530 Rubrik sentinel playbook update (#7) * Updated readme file by adding prerequisite about to deploy dependent playbook first. * Fixed the inline comments suggested by Reviewer. --------- Co-authored-by: jayeshssc <jayesh.prajapati@CDSYS.LOCAL> commit 3d674c9fac6a914596a04d708593a0aa63f4beb4 Merge: 7f7f9a0e4 6bfcebb28 Author: v-vdixit <115772287+v-vdixit@users.noreply.github.com> Date: Fri Mar 3 20:06:07 2023 +0530 Merge branch 'master' into v-vdixit/file-path-update commit 7f7f9a0e43e63318cee55824442a36d538afecb3 Author: v-vdixit <115772287+v-vdixit@users.noreply.github.com> Date: Fri Mar 3 20:01:00 2023 +0530 Updating AWS_CredentialHijack.yaml commit 6bfcebb289dd7400ff910f60662d6bad9e23e255 Merge: 0ea15f6a4 cf9031e24 Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Fri Mar 3 16:37:07 2023 +0530 Merge pull request #7468 from Azure/v-rbajaj/AzureActiveeDirectory Repackaging Azure Active Directory commit 0ea15f6a4ceb70ceb2ebcabfc6f2f0b04607c3f1 Merge: cc977d5ab cd867f54b Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Fri Mar 3 16:28:29 2023 +0530 Merge pull request #7464 from Azure/v-prasadboke-mongodb MongoDB Repackaging commit cf9031e24e9950b0f099d0af2306d089291595be Author: v-sabiraj <v-sabiraj@microsoft.com> Date: Fri Mar 3 16:20:44 2023 +0530 Update 2.0.8.zip commit cd867f54bb93420ffb7f81d2924f98bd37351a1e Author: v-sabiraj <v-sabiraj@microsoft.com> Date: Fri Mar 3 16:13:04 2023 +0530 Update 2.0.2.zip commit cc977d5abb9ecb6be59945778ed676b8802943fe Merge: 2b74991d0 695900736 Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Fri Mar 3 15:59:53 2023 +0530 Merge pull request #7450 from Azure/v-rbajaj/VirusTotal Repackaging VirusTotal commit d4c9545c3e84f2ce4331f2047318446106a3910c Author: Samik Roy <samik.n.roy@gmail.com> Date: Fri Mar 3 15:37:45 2023 +0530 Update azuredeploy.json commit 67261aac41bd24a03102071733bd4495b35c3dd7 Author: Samik Roy <samik.n.roy@gmail.com> Date: Fri Mar 3 15:31:56 2023 +0530 Update Readme.md commit 2b74991d0dbbb9e765a6baea9359b2eef7ceef92 Merge: 0ef04dce3 2f87b2293 Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Fri Mar 3 14:37:20 2023 +0530 Merge pull request #7463 from Azure/v-prasadboke-marklogic Marklogic Repackaging commit 147d26cd5021f711908d586b092a961c677e1f5b Author: Tiago Duarte <103927368+tduarte14@users.noreply.github.com> Date: Fri Mar 3 08:44:44 2023 +0000 Removed "| where TimeGenerated >= ago(2h)" Reverted the change of using 2h for supposed loopback issue as requested by reviewer. commit 0ef04dce3c14b142022e3775325fef3bb5db120f Merge: 2f0ce42e2 388d35226 Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Fri Mar 3 13:51:14 2023 +0530 Merge pull request #7489 from txhaflaire/JamfProtect_for_MicrosoftSentinel_v2.1.1 Updates to 2.1.1 solution package commit 388d352268f869a623c214ae5ff1c17454405ec6 Author: Thijs Xhaflaire <thijsxhaflaire31@hotmail.com> Date: Fri Mar 3 08:59:36 2023 +0100 Updates to 2.1.1 solution package In the 2.1.1. package, older archives were included. Removed those. commit 2f0ce42e2bfe669f700b1ee5955a466e29e7bd91 Merge: 86a9c70dc 2ace3d8f4 Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Fri Mar 3 12:47:51 2023 +0530 Merge pull request #7406 from Azure/v-vdixit/file-path-update2 File path update for detections commit 86a9c70dcd66d63a7f171f654a8021abfd7308cb Merge: 998b567c0 b5c8ed537 Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Fri Mar 3 12:25:49 2023 +0530 Merge pull request #7398 from yangsa666/patch-1 Adding hint.strategy=native to support more partitions commit 998b567c0df55a2c4300cc1eec7e054a1deeba48 Merge: 076f67032 180f25a8a Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Fri Mar 3 12:24:22 2023 +0530 Merge pull request #7360 from Azure/Fixingworkspacedetection Update to Workspace deletion attempt from an infected device commit 076f67032e67f6eb6cf64f28efcff971da693ff7 Merge: 0d2bb23a6 437d79f0c Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Fri Mar 3 11:27:19 2023 +0530 Merge pull request #7479 from pensivepaddle/patch-4 Update AcscEssential8.json commit 4e64cfa9fce05564a574b35bf9b59a961560247c Author: Nick Torkington <nicktork@microsoft.com> Date: Fri Mar 3 15:25:07 2023 +1100 added conditional display of parameters commit bca15f16d9e28bae2e87dc0217594314b2d6f2f0 Author: Nick Torkington <nicktork@microsoft.com> Date: Fri Mar 3 10:11:39 2023 +1100 update version number commit ba6b41ef940fcb3bee4c78fe06e09af360256248 Author: Nick Torkington <nicktork@microsoft.com> Date: Fri Mar 3 08:27:54 2023 +1100 including fix from PR #7479 commit 08bc20f2e1ef884e3ae9cbbc0a6a0d8d0ea7fab0 Author: Nick Torkington <nicktork@microsoft.com> Date: Fri Mar 3 08:22:10 2023 +1100 reverting fromTemplateId commit 0d2bb23a6e0dc2d8c237845fe9ed14df43ebd9bf Merge: 401a4603e 3dc17e1c8 Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Thu Mar 2 17:47:59 2023 +0530 Merge pull request #7458 from Azure/v-sabiraj-MicrosoftDefenderforEndpoint Adding playbooks to MDE Solution commit 3dc17e1c85962647767e47f46620addb4573d28b Author: v-sabiraj <v-sabiraj@microsoft.com> Date: Thu Mar 2 17:28:14 2023 +0530 Updated data connector description commit b21194605446cdc67dfc5002d5ba2b1bb5119ab7 Author: v-sabiraj <v-sabiraj@microsoft.com> Date: Thu Mar 2 16:02:02 2023 +0530 SOlution cfreation for GCP big query commit 219c86db6b3976cf202083a26f20b3dcc8f43ee4 Author: Nick Torkington <nicktork@microsoft.com> Date: Thu Mar 2 21:23:33 2023 +1100 updated version number (again) commit 401a4603e70040e1d37bfe864bf2c822af88442b Merge: e6e492dce 481f8462f Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Thu Mar 2 15:38:44 2023 +0530 Merge pull request #7405 from Azure/v-vdixit/file-path-update1 File Path update for detections Files commit e6e492dce2aa075f14f9005f21b206f5ab843c68 Merge: cffb8bd70 97f4f1194 Author: tamirkopitz <91939884+tamirkopitz@users.noreply.github.com> Date: Thu Mar 2 12:08:11 2023 +0200 Merge pull request #7478 from Azure/dvir-ms-patch-1 add SENTINEL_AGENT_GUID commit 437d79f0c362fc9702dd27e4b7871b006d891eca Author: pensivepaddle <104833713+pensivepaddle@users.noreply.github.com> Date: Thu Mar 2 11:00:42 2023 +0100 Update AcscEssential8.json Mix up between two queries/titles, "Restrict Admin Privileges" vs "Multi-factor Authentication" commit 97f4f11941bc95110c3a698eff1c7fdd38cac656 Author: Dvir Naim <106969883+dvir-ms@users.noreply.github.com> Date: Thu Mar 2 11:52:44 2023 +0200 add SENTINEL_AGENT_GUID commit 11ce471fe6cc30e06b680c46e49994a9e014a594 Author: Nick Torkington <nicktork@microsoft.com> Date: Thu Mar 2 20:13:01 2023 +1100 updated workbook version number commit cffb8bd70ba73966b5ff90d32bcf08c6027e58ea Merge: 140ae0546 aa6f3500b Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Thu Mar 2 14:21:24 2023 +0530 Merge pull request #7376 from Azure/v-sabiraj-SolutionUpdateforShodan Template Spec Solution for Shodan commit 140ae05464972ceba27485b0cfa92a6e94401a55 Merge: b8887b568 20b10d524 Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Thu Mar 2 14:20:51 2023 +0530 Merge pull request #7364 from Azure/v-prasadboke-AtlassianJiraAudit-DataConnector Atalassian jira audit repackaging commit b8887b568612d12f32e2fc5ae93a56bf21676556 Merge: 6b61a8de1 695b59d91 Author: v-sabiraj <94349919+v-sabiraj@users.noreply.github.com> Date: Thu Mar 2 13:11:09 2023 +0530 Merge pull request #7477 from Azure/v-atulyadav/dynamic365 Repackage Dynamic 365 commit 20b10d52435b88c2f9af7077b38f97bf9245c74e Author: PrasadBoke <v-prasadboke@microsoft.com> Date: Thu Mar 2 12:52:35 2023 +0530 Update 2.0.3.zip commit 079ac1880d0d5a8aea67016dde696d919e046feb Merge: 979bd03d8 6b61a8de1 Author: DixitVedanshi <v-vdixit@microsoft.com> Date: Thu Mar 2 12:46:17 2023 +0530 Merge branch 'master' into v-vdixit/Palo-alto-logo-update commit 695b59d91d608a76413daafcbb5557f0f7ed437c Author: v-atulyadav <104008048+v-atulyadav@users.noreply.github.com> Date: Thu Mar 2 12:45:50 2023 +0530 Repackage Dynamic 365 commit 8c6835d9ba2abf8b49f7bbbea066cb8931b7bcef Author: Nick Torkington <nicktork@microsoft.com> Date: Thu Mar 2 17:58:16 2023 +1100 updated version number commit 94bc711c3f91f977eb14ff334b2c7128f63fb0cc Author: Nick Torkington <nicktork@microsoft.com> Date: Thu Mar 2 17:34:05 2023 +1100 updated fromTemplateId commit 6b61a8de18aec450e2e40d09f0fd09ca559612bc Merge: 57c8e8a80 bd66e5508 Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Thu Mar 2 11:36:38 2023 +0530 Merge pull request #7448 from Azure/entrustidentity [SOAR] New Solution Entrust commit e60da2809733972966ac56d3532118720d0ea8b9 Author: Nick Torkington <nicktork@microsoft.com> Date: Thu Mar 2 16:59:00 2023 +1100 hide table only available to private preview commit 979bd03d887b0cbfaaace74826cc183f0e01b881 Author: DixitVedanshi <v-vdixit@microsoft.com> Date: Thu Mar 2 10:29:38 2023 +0530 update 2.0.4 zip commit 57c8e8a80ccc76d33a01f771b10e2c29723e40a5 Merge: 7e4a93b42 83d09eadb Author: v-sabiraj <94349919+v-sabiraj@users.noreply.github.com> Date: Thu Mar 2 10:16:42 2023 +0530 Merge pull request #7473 from Azure/v-vdixit/logo-update Package Update for Google Solution commit 7e4a93b425391bc34957fa9cfb40b2d90dd390f7 Merge: a75b98838 0f2c9966b Author: v-atulyadav <104008048+v-atulyadav@users.noreply.github.com> Date: Thu Mar 2 09:35:11 2023 +0530 Merge pull request #7457 from cwatson-cat/patch-20 Update Dynamics 365 md desc to add Docs link commit 83d09eadb85d36c1682466a5d36f2781954142d6 Author: DixitVedanshi <v-vdixit@microsoft.com> Date: Thu Mar 2 00:24:47 2023 +0530 Package Update for Google Solution commit a75b98838ac3dfc719939a13fe4343c32d9a837a Merge: cb984b00c 63fe5ba59 Author: Shain <45466083+shainw@users.noreply.github.com> Date: Wed Mar 1 08:34:24 2023 -0800 Merge pull request #7461 from Azure/shainw-ReduceResults Update gte_6_FailedLogons_10m.yaml commit cb984b00cd513e0f944a11f1c3a5e5b9c60c24d6 Merge: cf19c76a6 0410a5375 Author: Ofer Shezaf <39997089+oshezaf@users.noreply.github.com> Date: Wed Mar 1 17:57:32 2023 +0200 Merge pull request #7472 from Azure/asim/periodical-fixes-Mar-1-23 Periodical parser updates, Mar 1st 2023 commit 0410a537583eff0b20c2e423b6d4e44641e4d567 Author: github-actions[bot] <> Date: Wed Mar 1 15:41:25 2023 +0000 [ASIM Parsers] Generate deployable ARM templates from KQL function YAML files. commit 28698d2c7b5bc58f4fb95668f4e104f7dbbeccfa Merge: fa1e9c60d cf19c76a6 Author: github-actions[bot] <> Date: Wed Mar 1 15:41:19 2023 +0000 Merge remote-tracking branch 'origin/master' into asim/periodical-fixes-Mar-1-23 commit cf19c76a601bc00168433f93083c328062d840f2 Merge: dcfc519c9 0159db782 Author: Ofer Shezaf <39997089+oshezaf@users.noreply.github.com> Date: Wed Mar 1 17:35:05 2023 +0200 Merge pull request #7471 from Azure/ASimDnsActivityLogs-CustomTable-Adding-Fields adding fields that were recently added to ASimDnsActivityLogs table schema commit 0159db7821c4c4b046617dcc6e69c3c10621559d Author: vakohl <97222872+vakohl@users.noreply.github.com> Date: Wed Mar 1 20:32:31 2023 +0530 adding fields that were recently added to ASimDnsActivityLogs table schema commit dcfc519c9f07f1a646736673e4948ca2631cab53 Author: Ofer Shezaf <39997089+oshezaf@users.noreply.github.com> Date: Wed Mar 1 16:48:58 2023 +0200 Update ASimDnsNative.yaml commit 01d0abfd0891c5d3749e402c0b39a32d063123b8 Author: Ofer Shezaf <39997089+oshezaf@users.noreply.github.com> Date: Wed Mar 1 16:48:39 2023 +0200 Update vimDnsNative.yaml commit fa1e9c60dea9497588fd72e3f92d5a522faa0b41 Author: Ofer Shezaf <github@shezaf.com> Date: Wed Mar 1 16:46:45 2023 +0200 NetworkSessionMicrosoftWindowsEventFirewall commit 25c15c6a55a108f81aea4d6cb3e9d0718033f858 Author: v-atulyadav <104008048+v-atulyadav@users.noreply.github.com> Date: Wed Mar 1 18:52:50 2023 +0530 Update stats.md (#7451) commit 886c5469c01638e83221e4e1fadff410d9762f81 Merge: d38456d91 fb51c392c Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Wed Mar 1 18:39:53 2023 +0530 Merge pull request #7419 from txhaflaire/master Jamf Protect for Microsoft Sentinel - v2.1.1 commit cf2be34436a6bfe71325b11f5667a62836f9e8cc Merge: 48b2623b6 d38456d91 Author: v-rbajaj <v-rbajaj@microsoft.com> Date: Wed Mar 1 18:25:48 2023 +0530 Merge branch 'master' into v-rbajaj/AzureActiveeDirectory commit fb51c392c8e18851576a7c94af3a8fc8735be243 Merge: 5d09db59a d38456d91 Author: Thijs Xhaflaire <thijsxhaflaire31@hotmail.com> Date: Wed Mar 1 13:53:35 2023 +0100 Merge branch 'Azure:master' into master commit d38456d91683b98392e125cd5ca923bc50388230 Merge: 0d1754cf1 775998089 Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Wed Mar 1 18:16:43 2023 +0530 Merge pull request #7445 from Azure/PhishingwithCSLandNetworkSession Detecting potential phishing in correlation with CSL & Network Session logs commit aa6f3500b3b7a07137f777796d7e0838236e6a0b Author: v-sabiraj <v-sabiraj@microsoft.com> Date: Wed Mar 1 18:15:23 2023 +0530 Updating description and entities commit 0d1754cf154cd728b1ae47b825bb5cf04ff02e64 Merge: 830230a5a 412e0667e Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Wed Mar 1 18:07:59 2023 +0530 Merge pull request #7469 from Azure/arm-ttk-failing-when-solutionname-has-space Fixed Arm-ttk issue when solution name has space commit 5d09db59a3561eebda22ccea3ccc5474c006ea0e Merge: c1043379b 830230a5a Author: Thijs Xhaflaire <thijsxhaflaire31@hotmail.com> Date: Wed Mar 1 13:17:24 2023 +0100 Merge branch 'Azure:master' into master commit 2ace3d8f45d06a29587eb609335a12672094244b Author: DixitVedanshi <v-vdixit@microsoft.com> Date: Wed Mar 1 17:36:16 2023 +0530 version update commit 412e0667ec85ea2280eac4d5886023d995cf2e34 Author: v-amolpatil <v-amolpatil@microsoft.com> Date: Wed Mar 1 17:16:39 2023 +0530 fixed issue on space in solution name commit 830230a5a5faf976be72d703366ff0c4b7949325 Merge: ec2492fbf ce5d3c9fd Author: Ofer Shezaf <39997089+oshezaf@users.noreply.github.com> Date: Wed Mar 1 13:05:50 2023 +0200 Merge pull request #7462 from Azure/ASimDnsActivityLogs-parser-bug-fix Duplicate column error fixed - DvcScopeId commit 124aa72e59f7f4b429df341d23d80e1118673111 Merge: 9a009669b 8347232f9 Author: v-sabiraj <v-sabiraj@microsoft.com> Date: Wed Mar 1 16:33:27 2023 +0530 Merge branch 'master' into v-sabiraj-SolutionUpdateforShodan commit 48b2623b6060ecde9ae4a330086bd3f62a6c72d7 Merge: f960cf697 ec2492fbf Author: v-rbajaj <v-rbajaj@microsoft.com> Date: Wed Mar 1 16:21:37 2023 +0530 Merge branch 'master' into v-rbajaj/AzureActiveeDirectory commit f960cf697dd4ddbdffeb9b93e700a45199c9d564 Author: v-rbajaj <v-rbajaj@microsoft.com> Date: Wed Mar 1 16:17:48 2023 +0530 Repackaging Azure Active Directory commit ec2492fbf8917cdda1e96386a88f405a893b580d Merge: 7e5fcbdd4 270f7dcf9 Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Wed Mar 1 16:16:20 2023 +0530 Merge pull request #7425 from Azure/v-vdixit/logo-update Google Cloud Solutions Logo Update commit 7e5fcbdd4df667131778ac5be580803166d4804e Merge: 76813497b a827835a1 Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Wed Mar 1 16:13:32 2023 +0530 Merge pull request #7453 from Azure/v-sabiraj-fixingsocplaybook Updating Soc Process package to fix bug commit c1043379b72765da69124e5a24c99ad357e4a289 Merge: ccd10f67f 49aeb72a7 Author: Thijs Xhaflaire <thijsxhaflaire31@hotmail.com> Date: Wed Mar 1 11:28:34 2023 +0100 Merge branch 'master' of https://github.com/txhaflaire/Azure-Sentinel commit ccd10f67f2c11314948c1f4601044b2c0b48fbc2 Merge: 30d3368dd 76813497b Author: Thijs Xhaflaire <thijsxhaflaire31@hotmail.com> Date: Wed Mar 1 11:28:22 2023 +0100 Merge remote-tracking branch 'upstream/master' commit 49aeb72a742ff998db913fc539408b760a8959c8 Merge: 0d57ec6e2 76813497b Author: Thijs Xhaflaire <thijsxhaflaire31@hotmail.com> Date: Wed Mar 1 11:05:31 2023 +0100 Merge branch 'Azure:master' into master commit 76813497ba5fab84d2ad4be0f9733a09268f5c8c Merge: 8347232f9 25c804a39 Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Wed Mar 1 15:32:17 2023 +0530 Merge pull request #7465 from Azure/v-sabiraj-UpdatingMetadataforbugs Updating Workbook Metadata to fix gallery bugs commit 0d57ec6e258c7dbf78f26af2f1c120f6813c1067 Merge: 9c633f503 8347232f9 Author: Thijs Xhaflaire <thijsxhaflaire31@hotmail.com> Date: Wed Mar 1 10:50:48 2023 +0100 Merge branch 'Azure:master' into master commit 25c804a39c842be4e74aba5fca7acf90a8c4d4c6 Author: v-sabiraj <v-sabiraj@microsoft.com> Date: Wed Mar 1 15:17:50 2023 +0530 Updating Workbook Metadata to fix gallery bugs commit 8347232f97f00439e3ab67d392548a9bea53c0c4 Merge: da1cf1041 377fc2478 Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Wed Mar 1 15:02:51 2023 +0530 Merge pull request #7413 from Azure/v-vdixit/file-path-update3 File path update for hunting queries commit 481f8462f0d73c9a59717fe8684b9921e5d4dbe5 Author: DixitVedanshi <v-vdixit@microsoft.com> Date: Wed Mar 1 14:59:54 2023 +0530 Version updates commit f3a462bef7ae545de0bc987d8adce3e4300073af Author: PrasadBoke <v-prasadboke@microsoft.com> Date: Wed Mar 1 14:59:38 2023 +0530 MongoDB Repackaging commit 695900736431b3a799ef5565746716aa4562bc19 Author: v-rbajaj <v-rbajaj@microsoft.com> Date: Wed Mar 1 14:43:11 2023 +0530 Updated the 2.0.3 zip commit d613fb75da68e31787962aa88b292466854f39f4 Author: DixitVedanshi <v-vdixit@microsoft.com> Date: Wed Mar 1 14:42:57 2023 +0530 updating Version commit 377fc2478efc1ab4fddb2f22eee9c5fb65e1ffc3 Author: v-vdixit <115772287+v-vdixit@users.noreply.github.com> Date: Wed Mar 1 13:55:05 2023 +0530 updating path1 commit aa8d29521c578568b4408ac98e95cd696d1502f9 Author: v-vdixit <115772287+v-vdixit@users.noreply.github.com> Date: Wed Mar 1 13:50:52 2023 +0530 updating AzureVirtualNetworkSubnets commit f65038e41184f5bb13c679842dcf5fadf2654d78 Merge: 7052b594f da1cf1041 Author: PrasadBoke <v-prasadboke@microsoft.com> Date: Wed Mar 1 13:39:11 2023 +0530 Merge branch 'master' into v-prasadboke-AtlassianJiraAudit-DataConnector commit a827835a10539e698e9aa79d9338e538c706d555 Author: v-sabiraj <v-sabiraj@microsoft.com> Date: Wed Mar 1 13:24:24 2023 +0530 Update azuredeploy.json commit 50f8752d3fa6e3be7030635a25e21f2468662440 Merge: bd419b31f da1cf1041 Author: v-sabiraj <v-sabiraj@microsoft.com> Date: Wed Mar 1 13:24:16 2023 +0530 Merge branch 'master' into v-sabiraj-fixingsocplaybook commit ce5d3c9fde86ad1164452558829843280922d9ce Merge: cdb47b58e ac2f6b0b5 Author: vakohl <97222872+vakohl@users.noreply.github.com> Date: Wed Mar 1 13:22:56 2023 +0530 Merge branch 'ASimDnsActivityLogs-parser-bug-fix' of https://github.com/Azure/Azure-Sentinel into ASimDnsActivityLogs-parser-bug-fix commit cdb47b58e46b4c5db2a97e4fdd520624b319d1d4 Author: vakohl <97222872+vakohl@users.noreply.github.com> Date: Wed Mar 1 13:22:49 2023 +0530 added DvcScopeId to the table schema commit 9c633f503f6085d5e597be7667705ec092541503 Merge: 30d3368dd da1cf1041 Author: v-atulyadav <104008048+v-atulyadav@users.noreply.github.com> Date: Wed Mar 1 13:21:53 2023 +0530 Merge branch 'master' into pr/7419 commit 2f87b2293ff173dae30dac4c7364efa0a28f48db Author: PrasadBoke <v-prasadboke@microsoft.com> Date: Wed Mar 1 13:13:23 2023 +0530 Marklogic Repackaging commit 7052b594f65b43b138c1898f881c8ee4a35ebe86 Author: PrasadBoke <v-prasadboke@microsoft.com> Date: Wed Mar 1 12:32:40 2023 +0530 Update SkipValidationsTemplates.json commit da1cf1041bdb21a5aaa1c417f52ffe869f241377 Merge: 990ced0af 0b848f0d6 Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Wed Mar 1 12:32:20 2023 +0530 Merge pull request #7282 from Azure/v-vdixit/KQL-validation-fix-for-Multiple-solutions KQL validations for Hunting Queries for multiple solutions commit 4bae5b91ad091217a2fe458d32fd2835c676d8ec Merge: fbb7d0292 990ced0af Author: v-sabiraj <v-sabiraj@microsoft.com> Date: Wed Mar 1 12:31:02 2023 +0530 Merge branch 'master' into v-rbajaj/VirusTotal commit ac2f6b0b574fc6467f328bbc6e39a6baff9bafcf Author: github-actions[bot] <> Date: Wed Mar 1 06:54:15 2023 +0000 [ASIM Parsers] Generate deployable ARM templates from KQL function YAML files. commit c216ee722f88074679a8057ee8c1f80692a8bccd Merge: 0199a1662 990ced0af Author: github-actions[bot] <> Date: Wed Mar 1 06:54:03 2023 +0000 Merge remote-tracking branch 'origin/master' into ASimDnsActivityLogs-parser-bug-fix commit 0199a16622d35eb1a74e3c72f303f5a86068c246 Author: vakohl <97222872+vakohl@users.noreply.github.com> Date: Wed Mar 1 12:20:50 2023 +0530 Updated Parser Version and Date commit e7da9fef44a2c45356a8fd934db3908612db7f6d Author: vakohl <97222872+vakohl@users.noreply.github.com> Date: Wed Mar 1 12:15:14 2023 +0530 Duplicate column error fixed - DvcScopeId commit a1d177f6022d0a30b74f72b4157a7e004f74aaf9 Author: PrasadBoke <v-prasadboke@microsoft.com> Date: Wed Mar 1 12:15:00 2023 +0530 Update SkipValidationsTemplates.json commit 990ced0af085cde6851121ce0b87f2cf82daefca Merge: 3286c9d6b 94e2d842e Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Wed Mar 1 12:13:56 2023 +0530 Merge pull request #7427 from Azure/origin/users/rahul/gcp-bigquery GCP BigQuery Solution - Initial commit of solution commit 3286c9d6b1adc0f6b898dfc8db9d304cd1e23170 Merge: be6b439e8 755249e24 Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Wed Mar 1 12:12:32 2023 +0530 Merge pull request #7294 from Azure/v-ntripathi/MaturityModelWorkbookFixIcM361952128 Fixing workbook query regarding IcM and repackaging commit fbb7d0292348703f1432812fd6ddc9b573bcea91 Merge: 21c4bed62 be6b439e8 Author: v-rbajaj <v-rbajaj@microsoft.com> Date: Wed Mar 1 11:23:56 2023 +0530 Merge branch 'master' into v-rbajaj/VirusTotal commit be6b439e8e818d30b4cfb1fdd30ed06b2623304a Merge: c74e7d817 0407141d9 Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Wed Mar 1 10:43:37 2023 +0530 Merge pull request #6925 from referefref/patch-1 Update AWSBucketAPILogs-SuspiciousDataAccessToS3BucketsfromUnknownIP.… commit c74e7d8174da6482f81e22d73ea20c8dfce4be5d Merge: 5d7077c80 3391ffcaf Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Wed Mar 1 10:38:08 2023 +0530 Merge pull request #7035 from ep3p/patch-6 Fix fields in Solution/Analytic Rule AzureADRoleManagementPermissionGrant.yaml commit 755249e24ac7dec840264a1b527c70e90464402e Merge: 4460ad5b2 ce1b0e7e2 Author: Meena Kumari Chatla <v-mchatla@microsoft.com> Date: Wed Mar 1 10:31:27 2023 +0530 Merge branch 'master' into v-ntripathi/MaturityModelWorkbookFixIcM361952128 commit 5d7077c805af8ccd6b1b364e4dad95eba89390ea Merge: ce1b0e7e2 1757d5974 Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Wed Mar 1 10:30:45 2023 +0530 Merge pull request #7456 from Azure/arm-ttk-issue-fix Arm ttk issue fix commit 427a8a26d9c17a24a5d097d17ad1419223f20731 Author: v-vdixit <115772287+v-vdixit@users.noreply.github.com> Date: Wed Mar 1 10:28:56 2023 +0530 Update IPEntity_DuoSecurity.yaml commit 89bc51c158b9996b8225c184d2e0dd4f20904de6 Author: v-vdixit <115772287+v-vdixit@users.noreply.github.com> Date: Wed Mar 1 10:28:01 2023 +0530 Updating AdFind_Usage.yaml commit 63fe5ba5903964d432fc97940bf77add1e24b67a Author: Shain <45466083+shainw@users.noreply.github.com> Date: Tue Feb 28 20:34:53 2023 -0800 Update gte_6_FailedLogons_10m.yaml commit ce1b0e7e2889918b66533a1333f1a47b1aaf14d1 Merge: 3af5f111d 3101d404a Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Wed Mar 1 10:03:43 2023 +0530 Merge pull request #7431 from briandelmsft/ii_wb_patch Investigation Insights - ASIM Support commit bd66e550853991f9681d826e8ac528abcd33b827 Author: Manish Kumar <97503740+manishkumar1991@users.noreply.github.com> Date: Wed Mar 1 09:04:33 2023 +0530 Update azuredeploy.json commit 6f3d5a72da513412e73a218d98d45359aee64666 Author: Manish Kumar <97503740+manishkumar1991@users.noreply.github.com> Date: Wed Mar 1 09:01:46 2023 +0530 Update readme.md commit 775998089da2b6925873939014e57a34abf8496e Author: gitj121 <jekurien@microsoft.com> Date: Tue Feb 28 13:16:07 2023 -0800 Description changes commit 37428ea2fffae391739b7910cc04c3c8ab010d50 Author: v-vdixit <115772287+v-vdixit@users.noreply.github.com> Date: Wed Mar 1 00:14:23 2023 +0530 version update commit 04ad400e02cc6a3b158b67f417885671d68b2101 Author: gitj121 <jekurien@microsoft.com> Date: Tue Feb 28 10:41:11 2023 -0800 Adding with changes commit a074d314c8b6bfab71c17afd61d68ab79da0dfa1 Author: DixitVedanshi <v-vdixit@microsoft.com> Date: Wed Mar 1 00:06:08 2023 +0530 version update commit 3c519a323bae6df8ad7ae41ee83f09393f518dd4 Author: v-sabiraj <v-sabiraj@microsoft.com> Date: Tue Feb 28 23:39:59 2023 +0530 Adding playbooks to MDE Solution commit 0f2c9966b5db3e22e2edc7455fc20b74dedf75df Author: Catherine Watson <cwatson@microsoft.com> Date: Tue Feb 28 08:38:50 2023 -0800 Update Dynamics 365 md desc to add Docs link @prtanej commit 187ec26e2b36bcc1cae47ff4c684bcf4ac326b55 Author: jayeshprajapaticrest <98145046+jayeshprajapaticrest@users.noreply.github.com> Date: Tue Feb 28 22:00:59 2023 +0530 Updated readme file by adding prerequisite about to deploy dependent playbook first. (#6) Co-authored-by: jayeshssc <jayesh.prajapati@CDSYS.LOCAL> commit 1757d5974db4a74761e73a0672b74d9a802bc132 Author: v-amolpatil <v-amolpatil@microsoft.com> Date: Tue Feb 28 21:55:35 2023 +0530 Update arm-ttk-validations.yaml commit f34c5e317318410318bbf548945bc4bece3a4f2c Author: v-amolpatil <v-amolpatil@microsoft.com> Date: Tue Feb 28 21:45:23 2023 +0530 updated code commit 3af5f111d58b65d8bb8293f4aacc97776b617bc8 Merge: 68516975f 95df0ea8f Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Tue Feb 28 20:02:16 2023 +0530 Merge pull request #7240 from Azure/v-atulyadav/Windows-Security-Events Repackage Windows Security Events commit bd9ad173269557a88012a581d698d39b829c9deb Author: v-amolpatil <v-amolpatil@microsoft.com> Date: Tue Feb 28 19:50:49 2023 +0530 updated code to fix commit 0277f7811b1193e424d656315b07bcc75db350a7 Author: DixitVedanshi <v-vdixit@microsoft.com> Date: Tue Feb 28 19:31:27 2023 +0530 updating whitespaces commit bd419b31f0ebd30e32bc11bc96053b162b396c73 Author: v-sabiraj <v-sabiraj@microsoft.com> Date: Tue Feb 28 19:14:27 2023 +0530 Update azuredeploy.json commit c1061631e5fb01469ff8ab3e771573f1baa7bb9f Merge: debfbfb03 68516975f Author: v-vdixit <115772287+v-vdixit@users.noreply.github.com> Date: Tue Feb 28 18:54:19 2023 +0530 Merge branch 'master' into v-vdixit/file-path-update3 commit debfbfb03103d7006097b1f4eb8f8278e7de7357 Merge: cf4145086 adf2433a8 Author: DixitVedanshi <v-vdixit@microsoft.com> Date: Tue Feb 28 18:46:12 2023 +0530 Updating description commit cf414508699f640f8ba5dbe174538e1fe100715f Author: DixitVedanshi <v-vdixit@microsoft.com> Date: Tue Feb 28 18:37:37 2023 +0530 updating quotes commit fdd23459a6420076e93c300c1683b9e1ae401cbb Author: syed-loginsoft <sdawood@loginsoft.com> Date: Tue Feb 28 18:19:56 2023 +0530 Updated version from 2.0.0 to 2.0.1 commit adf2433a8d963bdd1765c714c8f64e11c97a250c Author: v-vdixit <115772287+v-vdixit@users.noreply.github.com> Date: Tue Feb 28 18:03:56 2023 +0530 Updating ProofpointPODHighScoreAdultValue.yaml commit d9c8af19ebadb591c6cabc46acceba17fdd6cfe9 Author: v-vdixit <115772287+v-vdixit@users.noreply.github.com> Date: Tue Feb 28 18:02:53 2023 +0530 Updating UseragentExploitPentest commit 76dac88a9155c3e2287ea44b4dcb4d283e71750b Author: v-vdixit <115772287+v-vdixit@users.noreply.github.com> Date: Tue Feb 28 18:01:57 2023 +0530 Updating quotes commit 491992bb8f26ec824b69297d7225cc0ab633ea1f Author: v-vdixit <115772287+v-vdixit@users.noreply.github.com> Date: Tue Feb 28 18:01:32 2023 +0530 updating quotes commit 99a4f75d27c6ba71193083d1bc3cfb40a634e3bf Author: v-vdixit <115772287+v-vdixit@users.noreply.github.com> Date: Tue Feb 28 17:59:55 2023 +0530 update RiskyCommandB64EncodedInUrl.yaml commit 724e15e08602762f13faed85490aaee34029a7e2 Author: v-vdixit <115772287+v-vdixit@users.noreply.github.com> Date: Tue Feb 28 17:59:19 2023 +0530 Updating quotes commit 42a2b2d4e823346f6cd7a219edbe1641fb35da2c Author: v-vdixit <115772287+v-vdixit@users.noreply.github.com> Date: Tue Feb 28 17:58:45 2023 +0530 updating quotes commit 21c4bed62c6d7f3da32d804bb039da905cba8577 Merge: 862ad6676 68516975f Author: v-amolpatil <v-amolpatil@microsoft.com> Date: Tue Feb 28 17:58:44 2023 +0530 Merge branch 'master' into v-rbajaj/VirusTotal commit 68516975f376ac2afed9015a388a28ea80d262af Merge: 43be861c9 f7bdab119 Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Tue Feb 28 17:49:20 2023 +0530 Merge pull request #7404 from Azure/v-atulyadav/ciscoasa Repackage Cisco ASA commit b4f680a796a09c2399f3230dcfc917df2fc16903 Author: v-sabiraj <v-sabiraj@microsoft.com> Date: Tue Feb 28 17:33:45 2023 +0530 Updating Soc Process package to fix bug commit 43be861c9bcd458b435ee7d039c7c8ceedad9f58 Merge: acff515d5 cfb24961d Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Tue Feb 28 16:56:14 2023 +0530 Merge pull request #7414 from Azure/v-vdixit/file-path-update4 Hunting Queries files' path update commit acff515d5c8b5b3f01444d7a3c9ae2f929516cb3 Merge: f40bc8d07 6c1bce777 Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Tue Feb 28 16:54:38 2023 +0530 Merge pull request #7283 from Azure/v-mchatla/GCPAuditLogs GCP Audit Log Packaging Changes with Data Connector commit f40bc8d07f603ba59ae60c6ae7f103a197bb48fe Merge: cdac19704 162b7f9f4 Author: v-dvedak <103933805+v-dvedak@users.noreply.github.com> Date: Tue Feb 28 16:37:22 2023 +0530 Merge pull request #7417 from aviatam/talon_solution Talon solution commit cfb24961d37a95d1af598c5e1636364b5ec6ab69 Author: v-vdixit <115772287+v-vdixit@users.noreply.github.com> Date: Tue Feb 28 16:37:12 2023 +0530 updating commas commit 862ad6676f90a3a57d1f353fc682e3ddd5e377c7 Author: v-rbajaj <v-rbajaj@microsoft.com> Date: Tue Feb 28 15:49:21 2023 +0530 Repackaging VirusTotal updated changes as per master commit a8d6ee9d8098fb9154049e22f02448db52865897 Author: DixitVedanshi <v-vdixit@microsoft.com> Date: Tue Feb 28 15:42:05 2023 +0530 updating domain Pan-OS commit 30d3368ddd6142fb02af94329135ed2df7e601a7 Author: Thijs Xhaflaire <thijsxhaflaire31@hotmail.com> Date: Tue Feb 28 10:08:49 2023 +0100 Updated Data Connector version to 2.1.1 commit a1fe1dd12101993c7f77e11e156702affd870e7c Author: Manish Kumar <97503740+manishkumar1991@users.noreply.github.com> Date: Tue Feb 28 14:36:54 2023 +0530 Update azuredeploy.json commit 07bd3f6e98fcb9fb5833364bb53bf017b71c5aef Author: Manish Kumar <97503740+manishkumar1991@users.noreply.github.com> Date: Tue Feb 28 14:36:03 2023 +0530 Update readme.md commit 22a41b4bbe6e76eccb564a5df5f136592bf1eef4 Author: Manish Kumar <97503740+manishkumar1991@users.noreply.github.com> Date: Tue Feb 28 14:35:41 2023 +0530 Update readme.md commit e9be7a9f542b02e8a9352691aa4caa23eeae946e Author: Manish Kumar <97503740+manishkumar1991@users.noreply.github.com> Date: Tue Feb 28 14:34:04 2023 +0530 Update readme.md commit 944b62556967aff5bb6710e2a6e0fba7c5322413 Author: Manish Kumar <97503740+manishkumar1991@users.noreply.github.com> Date: Tue Feb 28 14:32:37 2023 +0530 Update readme.md commit 9f8d2f04bb5831ee1d33617e464b246f6ef2f0e2 Author: Manish Kumar <97503740+manishkumar1991@users.noreply.github.com> Date: Tue Feb 28 14:31:24 2023 +0530 Update readme.md commit b45226929fbb45f5165c459f8416c2f8064068b0 Author: Manish Kumar <97503740+manishkumar1991@users.noreply.github.com> Date: Tue Feb 28 14:29:22 2023 +0530 Update readme.md commit c2d6f056ea0108d5593f898d88a0771c14a0c844 Author: Manish Kumar <97503740+manishkumar1991@users.noreply.github.com> Date: Tue Feb 28 14:24:04 2023 +0530 Update readme.md commit cd76700745b961d1460e9611424c51819aab455e Author: Manish Kumar <97503740+manishkumar1991@users.noreply.github.com> Date: Tue Feb 28 14:22:54 2023 +0530 Update readme.md commit c0a38c4f8430ccdd90be1ec956dd3440656b9f0f Author: Manish Kumar <97503740+manishkumar1991@users.noreply.github.com> Date: Tue Feb 28 14:20:37 2023 +0530 Update readme.md commit 89ac311dfceee54a5c0e096c9c2ef40c8f6abef6 Author: Manish Kumar <97503740+manishkumar1991@users.noreply.github.com> Date: Tue Feb 28 14:20:15 2023 +0530 Update readme.md commit fbf8f05bfb5f5cbb5525ccc5c0f44ea3fbe68a76 Author: Manish Kumar <97503740+manishkumar1991@users.noreply.github.com> Date: Tue Feb 28 14:19:53 2023 +0530 Update readme.md commit cb0d1e7533fffc878e9bf9d0f7001b13a25120b3 Author: Manish Kumar <97503740+manishkumar1991@users.noreply.github.com> Date: Tue Feb 28 14:19:22 2023 +0530 Update readme.md commit e260f3b8937f26d09b3c080c0beb1a9f7faa572a Author: Manish Kumar <97503740+manishkumar1991@users.noreply.github.com> Date: Tue Feb 28 14:18:54 2023 +0530 Update readme.md commit 6d1e5a340e1c9f4a3d6efb3b660343fbf5269a4a Author: Manish Kumar <man…

samikroy added 2 commits October 17, 2022 20:21

Create azuredeploy.json

4b1100f

Create Readme.md

590fdb3

samikroy requested review from a team as code owners October 17, 2022 14:56

v-spadarthi added the Tools label Oct 17, 2022

v-spadarthi assigned rushriva and v-spadarthi Oct 17, 2022

samikroy added 2 commits November 29, 2022 23:45

Update azuredeploy.json

e8120a3

Create azuredeploy.json

7c225ce

samikroy requested a review from a team as a code owner November 29, 2022 18:17

samikroy added 3 commits November 29, 2022 23:48

Create Readme.md

7bdb458

Update Readme.md

4ecde81

Delete Tools/Create Incidents with Email directory

47ba4d6

v-atulyadav assigned manishkumar1991 Feb 20, 2023

manishkumar1991 reviewed Feb 21, 2023

View reviewed changes

Playbooks/Create Incidents with Email/Readme.md Outdated Show resolved Hide resolved

samikroy added 2 commits March 3, 2023 15:31

Update Readme.md

67261aa

Update azuredeploy.json

d4c9545

manishkumar1991 reviewed Mar 6, 2023

View reviewed changes

Update azuredeploy.json

73ea96d

Update azuredeploy.json

9e51007

Update azuredeploy.json

5d54f6a

manishkumar1991 approved these changes Mar 14, 2023

View reviewed changes

v-atulyadav approved these changes Mar 14, 2023

View reviewed changes

v-dvedak approved these changes Mar 14, 2023

View reviewed changes

v-dvedak merged commit 5e67ce9 into Azure:master Mar 14, 2023

Conversation

samikroy commented Oct 17, 2022

Uh oh!

samikroy commented Oct 17, 2022

Uh oh!

v-spadarthi commented Oct 21, 2022

Uh oh!

v-spadarthi commented Oct 25, 2022

Uh oh!

v-spadarthi commented Oct 28, 2022

Uh oh!

v-spadarthi commented Oct 31, 2022

Uh oh!

v-spadarthi commented Nov 2, 2022

Uh oh!

v-spadarthi commented Nov 4, 2022

Uh oh!

v-spadarthi commented Nov 8, 2022

Uh oh!

v-spadarthi commented Nov 11, 2022

Uh oh!

v-spadarthi commented Nov 14, 2022

Uh oh!

v-spadarthi commented Nov 16, 2022

Uh oh!

v-spadarthi commented Nov 18, 2022

Uh oh!

v-spadarthi commented Nov 23, 2022

Uh oh!

v-spadarthi commented Nov 25, 2022

Uh oh!

anki-narravula commented Nov 25, 2022 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

v-spadarthi commented Nov 28, 2022

Uh oh!

samikroy commented Nov 29, 2022

Uh oh!

v-atulyadav commented Feb 10, 2023

Uh oh!

v-atulyadav commented Feb 15, 2023

Uh oh!

v-atulyadav commented Feb 17, 2023

Uh oh!

manishkumar1991 commented Feb 21, 2023

Uh oh!

manishkumar1991 commented Feb 21, 2023

Uh oh!

Uh oh!

manishkumar1991 commented Feb 21, 2023

Uh oh!

v-atulyadav commented Feb 24, 2023

Uh oh!

v-atulyadav commented Mar 1, 2023

Uh oh!

v-atulyadav commented Mar 3, 2023

Uh oh!

samikroy commented Mar 3, 2023

Uh oh!

manishkumar1991 Mar 6, 2023

Choose a reason for hiding this comment

Uh oh!

manishkumar1991 Mar 7, 2023

Choose a reason for hiding this comment

Uh oh!

manishkumar1991 Mar 13, 2023 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

manishkumar1991 Mar 13, 2023

Choose a reason for hiding this comment

Uh oh!

manishkumar1991 commented Mar 6, 2023

Uh oh!

v-atulyadav commented Mar 8, 2023

Uh oh!

samikroy commented Mar 8, 2023

Uh oh!

v-atulyadav commented Mar 10, 2023

Uh oh!

anki-narravula commented Nov 25, 2022 •

edited

Loading

manishkumar1991 Mar 13, 2023 •

edited

Loading