Skip to content

Commit 2360a3b

Browse files
prajval-umprajval-um
committed
Merge branch 'build-azure' of https://github.com/prajval-um/Cisco-Azure-Sentinel into build-azure
2 parents 6d131c1 + 24fd6f2 commit 2360a3b

File tree

711 files changed

+31698
-14810
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

711 files changed

+31698
-14810
lines changed

.script/package-automation/catalogAPI.ps1

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -25,6 +25,28 @@ function GetCatalogDetails($offerId)
2525
return $null;
2626
}
2727
else {
28+
# Handle case where multiple offers are returned with same OfferId
29+
if ($offerDetails -is [System.Object[]] -and $offerDetails.Count -gt 1)
30+
{
31+
Write-Host "Multiple offers found for offerId $offerId. Matching by publisherId from baseMetadata."
32+
$matched = $offerDetails | Where-Object { $_.publisherId -eq $baseMetadata.publisherId }
33+
if ($null -ne $matched)
34+
{
35+
if ($matched -is [System.Object[]])
36+
{
37+
$offerDetails = $matched[0]
38+
}
39+
else
40+
{
41+
$offerDetails = $matched
42+
}
43+
}
44+
else
45+
{
46+
Write-Host "No offer matched publisherId '$($baseMetadata.publisherId)'. Defaulting to first offer."
47+
$offerDetails = $offerDetails[0]
48+
}
49+
}
2850
Write-Host "CatalogAPI Details found for offerId $offerId"
2951
return $offerDetails;
3052
}

.script/tests/KqlvalidationsTests/CustomTables/NetworkAccessTraffic.json

Lines changed: 188 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -113,6 +113,194 @@
113113
"Name": "XForwardedFor",
114114
"Type": "string"
115115
},
116+
{
117+
"Name": "FilteringProfileId",
118+
"Type": "string"
119+
},
120+
{
121+
"Name": "FilteringProfileName",
122+
"Type": "string"
123+
},
124+
{
125+
"Name": "PolicyName",
126+
"Type": "string"
127+
},
128+
{
129+
"Name": "RuleName",
130+
"Type": "string"
131+
},
132+
{
133+
"Name": "InitiatingProcessName",
134+
"Type": "string"
135+
},
136+
{
137+
"Name": "ResourceTenantId",
138+
"Type": "string"
139+
},
140+
{
141+
"Name": "ThreatType",
142+
"Type": "string"
143+
},
144+
{
145+
"Name": "DestinationUrl",
146+
"Type": "string"
147+
},
148+
{
149+
"Name": "Description",
150+
"Type": "string"
151+
},
152+
{
153+
"Name": "DestinationWebCategories",
154+
"Type": "string"
155+
},
156+
{
157+
"Name": "AppId",
158+
"Type": "string"
159+
},
160+
{
161+
"Name": "ConnectionStatus",
162+
"Type": "string"
163+
},
164+
{
165+
"Name": "ConnectorId",
166+
"Type": "string"
167+
},
168+
{
169+
"Name": "ConnectorName",
170+
"Type": "string"
171+
},
172+
{
173+
"Name": "ConnectorIp",
174+
"Type": "string"
175+
},
176+
{
177+
"Name": "AccessType",
178+
"Type": "string"
179+
},
180+
{
181+
"Name": "ProcessingRegion",
182+
"Type": "string"
183+
},
184+
{
185+
"Name": "AppSegmentId",
186+
"Type": "string"
187+
},
188+
{
189+
"Name": "RemoteNetworkId",
190+
"Type": "string"
191+
},
192+
{
193+
"Name": "HttpMethod",
194+
"Type": "string"
195+
},
196+
{
197+
"Name": "ResponseCode",
198+
"Type": "int"
199+
},
200+
{
201+
"Name": "Token3PExpiry",
202+
"Type": "datetime"
203+
},
204+
{
205+
"Name": "Token3PValidFrom",
206+
"Type": "datetime"
207+
},
208+
{
209+
"Name": "Token3PIssuedAt",
210+
"Type": "datetime"
211+
},
212+
{
213+
"Name": "Token3PUniqueId",
214+
"Type": "string"
215+
},
216+
{
217+
"Name": "TlsAction",
218+
"Type": "string"
219+
},
220+
{
221+
"Name": "TlsStatus",
222+
"Type": "string"
223+
},
224+
{
225+
"Name": "TlsPolicyId",
226+
"Type": "string"
227+
},
228+
{
229+
"Name": "TlsPolicyName",
230+
"Type": "string"
231+
},
232+
{
233+
"Name": "UniqueTokenId",
234+
"Type": "string"
235+
},
236+
{
237+
"Name": "VendorNames",
238+
"Type": "string"
239+
},
240+
{
241+
"Name": "CloudAppCatalogId",
242+
"Type": "string"
243+
},
244+
{
245+
"Name": "CloudAppName",
246+
"Type": "string"
247+
},
248+
{
249+
"Name": "CloudAppCategory",
250+
"Type": "string"
251+
},
252+
{
253+
"Name": "CloudAppGeneralScore",
254+
"Type": "int"
255+
},
256+
{
257+
"Name": "CloudAppRiskScore",
258+
"Type": "int"
259+
},
260+
{
261+
"Name": "CloudAppComplianceScore",
262+
"Type": "int"
263+
},
264+
{
265+
"Name": "CloudAppLegalScore",
266+
"Type": "int"
267+
},
268+
{
269+
"Name": "CloudAppLoginUser",
270+
"Type": "string"
271+
},
272+
{
273+
"Name": "HttpRequestContentType",
274+
"Type": "string"
275+
},
276+
{
277+
"Name": "HttpResponseContentType",
278+
"Type": "string"
279+
},
280+
{
281+
"Name": "HttpUserAgent",
282+
"Type": "string"
283+
},
284+
{
285+
"Name": "TlsRuleId",
286+
"Type": "string"
287+
},
288+
{
289+
"Name": "TlsRuleName",
290+
"Type": "string"
291+
},
292+
{
293+
"Name": "DnsResponseOrigin",
294+
"Type": "string"
295+
},
296+
{
297+
"Name": "AIAgentId",
298+
"Type": "string"
299+
},
300+
{
301+
"Name": "AIAgentName",
302+
"Type": "string"
303+
},
116304
{
117305
"Name": "SourceSystem",
118306
"Type": "string"

.script/tests/KqlvalidationsTests/CustomTables/VersasecCmsErrorLogs.json

Lines changed: 57 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,57 @@
1+
{
2+
"Name": "VersasecCmsErrorLogs",
3+
"Properties": [
4+
{
5+
"name": "TimeGenerated",
6+
"type": "datetime"
7+
},
8+
{
9+
"name": "EventVendor",
10+
"type": "string"
11+
},
12+
{
13+
"name": "EventProduct",
14+
"type": "string"
15+
},
16+
{
17+
"name": "CmsErrorID",
18+
"type": "real"
19+
},
20+
{
21+
"name": "ErrorCode",
22+
"type": "string"
23+
},
24+
{
25+
"name": "CmsErrorIDStrg",
26+
"type": "string"
27+
},
28+
{
29+
"name": "ErrorId",
30+
"type": "real"
31+
},
32+
{
33+
"name": "ComputerName",
34+
"type": "string"
35+
},
36+
{
37+
"name": "ClientId",
38+
"type": "string"
39+
},
40+
{
41+
"name": "ErrorMessage",
42+
"type": "string"
43+
},
44+
{
45+
"name": "TargetUsername",
46+
"type": "real"
47+
},
48+
{
49+
"name": "SupportTicket",
50+
"type": "string"
51+
},
52+
{
53+
"name": "TicketReference",
54+
"type": "string"
55+
}
56+
]
57+
}

.script/tests/KqlvalidationsTests/CustomTables/VersasecCmsErrorLogs_CL.json

Lines changed: 39 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,39 @@
1+
{
2+
"Name": "VersasecCmsErrorLogs_CL",
3+
"Properties": [
4+
{
5+
"name": "TimeGenerated",
6+
"type": "datetime"
7+
}, {
8+
"name": "CmsErrorID",
9+
"type": "real"
10+
}, {
11+
"name": "CmsErrorIDCode",
12+
"type": "string"
13+
}, {
14+
"name": "CmsErrorIDStrg",
15+
"type": "string"
16+
}, {
17+
"name": "ID",
18+
"type": "real"
19+
}, {
20+
"name": "ComputerName",
21+
"type": "string"
22+
}, {
23+
"name": "CLID",
24+
"type": "string"
25+
}, {
26+
"name": "ErrorStrg",
27+
"type": "string"
28+
}, {
29+
"name": "UserID",
30+
"type": "real"
31+
}, {
32+
"name": "SupportTicket",
33+
"type": "string"
34+
}, {
35+
"name": "TicketRef",
36+
"type": "string"
37+
}
38+
]
39+
}

.script/tests/KqlvalidationsTests/CustomTables/VersasecCmsSysLogs.json

Lines changed: 53 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,53 @@
1+
{
2+
"Name": "VersasecCmsSysLogs",
3+
"Properties": [
4+
{
5+
"name": "TimeGenerated",
6+
"type": "datetime"
7+
},
8+
{
9+
"name": "EventVendor",
10+
"type": "string"
11+
},
12+
{
13+
"name": "EventProduct",
14+
"type": "string"
15+
},
16+
{
17+
"name": "EventId",
18+
"type": "real"
19+
},
20+
{
21+
"name": "EventResult",
22+
"type": "string"
23+
},
24+
{
25+
"name": "ActivitySummary",
26+
"type": "string"
27+
},
28+
{
29+
"name": "SyslogID",
30+
"type": "real"
31+
},
32+
{
33+
"name": "ComputerName",
34+
"type": "string"
35+
},
36+
{
37+
"name": "TargetUsername",
38+
"type": "string"
39+
},
40+
{
41+
"name": "Parameter",
42+
"type": "string"
43+
},
44+
{
45+
"name": "UserID",
46+
"type": "real"
47+
},
48+
{
49+
"name": "TicketReference",
50+
"type": "string"
51+
}
52+
]
53+
}

0 commit comments

Comments
 (0)