Merge branch 'master' of https://github.com/AmirSasson/Azure-Sentinel into feature/amirsasson/fix-oci-307-name-datapoller

Author: AmirSasson

Detections/http_proxy_oab_CL/ExchagngeSuspiciousFileDownloads.yaml

@@ -35,7 +35,7 @@ entityMappings:
         columnName: HostName
       - identifier: DnsDomain
         columnName: HostNameDomain
-version: 1.0.3
+version: 1.0.4
 kind: Scheduled
 metadata:
     source:

Hunting Queries/DeviceProcess/VScodeExtensionofanUser.yaml

@@ -1,8 +1,10 @@
 id: 75830932-794e-4a18-b62f-cc2a010080b5 
 name: List all the VScode Extensions which are installed on a user system
 description: |
-  'Detects potentially malicious Visual Studio Code (VSCode) extensions installed on a users system, which threat actors might use to control devices and exfiltrate personal information.
-    Ref: https://blog.checkpoint.com/securing-the-cloud/malicious-vscode-extensions-with-more-than-45k-downloads-steal-pii-and-enable-backdoors/'
+  'Detects observed Visual Studio Code (VS Code) extension installation activity on a user's system within the query time range.
+   Note: This query does not return a complete per-user inventory of installed extensions and may miss extensions installed outside the telemetry window or via unsupported installation methods.
+   Ref: https://blog.checkpoint.com/securing-the-cloud/malicious-vscode-extensions-with-more-than-45k-downloads-steal-pii-and-enable-backdoors/'
+   
 requiredDataConnectors:
   - connectorId: MicrosoftThreatProtection
     dataTypes:
@@ -33,7 +35,7 @@ entityMappings:
     fieldMappings:
       - identifier: Name
         columnName: AccountName
-version: 1.0.1
+version: 1.0.2
 metadata:
     source:
         kind: Community

Logos/meshcloud.svg

@@ -2,5 +2,5 @@
 
 ## Version 0.1.0
 
-- (2024-11-07) AlertSchemaParsers - [PR #11387](https://github.com/Azure/Azure-Sentinel/pull/11387)
+- (2024-11-07) Alert Schema Parsers - [PR #11387](https://github.com/Azure/Azure-Sentinel/pull/11387)
 

Parsers/ASimAlertEvent/ARM/ASimAlertEventMicrosoftDefenderXDR/ASimAlertEventMicrosoftDefenderXDR.json

@@ -1,6 +1,12 @@
 # Changelog for ASimAlertEventMicrosoftDefenderXDR.yaml
 
+## Version 0.2.0
+
+- (2026-01-09) [ASIM] AlertEvent - Microsoft Defender XDR Parser updates - [PR #13418](https://github.com/Azure/Azure-Sentinel/pull/13418)
+- Removal of unnormalized columns
+- Add value: `IpAddresses` to AdditionalFields
+
 ## Version 0.1.0
 
-- (2024-11-07) AlertSchemaParsers - [PR #11387](https://github.com/Azure/Azure-Sentinel/pull/11387)
+- (2024-11-07) Alert Schema Parsers - [PR #11387](https://github.com/Azure/Azure-Sentinel/pull/11387)
 

Parsers/ASimAlertEvent/ARM/vimAlertEventMicrosoftDefenderXDR/vimAlertEventMicrosoftDefenderXDR.json

@@ -2,5 +2,5 @@
 
 ## Version 0.1.0
 
-- (2024-11-07) AlertSchemaParsers - [PR #11387](https://github.com/Azure/Azure-Sentinel/pull/11387)
+- (2024-11-07) Alert Schema Parsers - [PR #11387](https://github.com/Azure/Azure-Sentinel/pull/11387)
 

Parsers/ASimAlertEvent/CHANGELOG/ASimAlertEvent.md

@@ -2,5 +2,5 @@
 
 ## Version 0.1.0
 
-- (2024-11-07) AlertSchemaParsers - [PR #11387](https://github.com/Azure/Azure-Sentinel/pull/11387)
+- (2024-11-07) Alert Schema Parsers - [PR #11387](https://github.com/Azure/Azure-Sentinel/pull/11387)
 

Parsers/ASimAlertEvent/CHANGELOG/ASimAlertEventMicrosoftDefenderXDR.md

@@ -2,5 +2,5 @@
 
 ## Version 0.1.0
 
-- (2024-11-07) AlertSchemaParsers - [PR #11387](https://github.com/Azure/Azure-Sentinel/pull/11387)
+- (2024-11-07) Alert Schema Parsers - [PR #11387](https://github.com/Azure/Azure-Sentinel/pull/11387)