Skip to content

Commit 4d14d47

Browse files
shainwshainw
authored
Merge branch 'master' into shainw-fixCustomEntity
2 parents d84a359 + c02d1c2 commit 4d14d47

File tree

95 files changed

+5918
-3694
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

95 files changed

+5918
-3694
lines changed

.script/tests/KqlvalidationsTests/CustomTables/Samsung_Knox_Application_CL.json

Lines changed: 71 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,71 @@
1+
{
2+
"Name": "Samsung_Knox_Application_CL",
3+
"Properties": [
4+
{
5+
"name": "TimeGenerated",
6+
"type": "DateTime",
7+
"isDefaultDisplay": true,
8+
"description": "The timestamp (UTC) reflecting the time in which the event was generated."
9+
},
10+
{
11+
"name": "PrimaryImei",
12+
"type": "string"
13+
},
14+
{
15+
"name": "DeviceImei1",
16+
"type": "string"
17+
},
18+
{
19+
"name": "DeviceImei2",
20+
"type": "string"
21+
},
22+
{
23+
"name": "DeviceSerialNumber",
24+
"type": "string"
25+
},
26+
{
27+
"name": "DeviceWifimac",
28+
"type": "string"
29+
},
30+
{
31+
"name": "DeviceModel",
32+
"type": "string"
33+
},
34+
{
35+
"name": "EventGuid",
36+
"type": "long"
37+
},
38+
{
39+
"name": "Name",
40+
"type": "string"
41+
},
42+
{
43+
"name": "Version",
44+
"type": "string"
45+
},
46+
{
47+
"name": "Severity",
48+
"type": "string"
49+
},
50+
{
51+
"name": "MitreTtp",
52+
"type": "dynamic"
53+
},
54+
{
55+
"name": "Profile",
56+
"type": "string"
57+
},
58+
{
59+
"name": "PkgName",
60+
"type": "string"
61+
},
62+
{
63+
"name": "AccessibilityApi",
64+
"type": "string"
65+
},
66+
{
67+
"name": "RestrictedPerms",
68+
"type": "dynamic"
69+
}
70+
]
71+
}

.script/tests/KqlvalidationsTests/CustomTables/Samsung_Knox_Audit_CL.json

Lines changed: 87 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,87 @@
1+
{
2+
"Name": "Samsung_Knox_Audit_CL",
3+
"Properties": [
4+
{
5+
"name": "TimeGenerated",
6+
"type": "DateTime",
7+
"isDefaultDisplay": true,
8+
"description": "The timestamp (UTC) reflecting the time in which the event was generated."
9+
},
10+
{
11+
"name": "PrimaryImei",
12+
"type": "string"
13+
},
14+
{
15+
"name": "DeviceImei1",
16+
"type": "string"
17+
},
18+
{
19+
"name": "DeviceImei2",
20+
"type": "string"
21+
},
22+
{
23+
"name": "DeviceSerialNumber",
24+
"type": "string"
25+
},
26+
{
27+
"name": "DeviceWifimac",
28+
"type": "string"
29+
},
30+
{
31+
"name": "DeviceModel",
32+
"type": "string"
33+
},
34+
{
35+
"name": "EventGuid",
36+
"type": "long"
37+
},
38+
{
39+
"name": "Name",
40+
"type": "string"
41+
},
42+
{
43+
"name": "Version",
44+
"type": "string"
45+
},
46+
{
47+
"name": "Severity",
48+
"type": "string"
49+
},
50+
{
51+
"name": "MitreTtp",
52+
"type": "dynamic"
53+
},
54+
{
55+
"name": "Profile",
56+
"type": "string"
57+
},
58+
{
59+
"name": "UserId",
60+
"type": "int"
61+
},
62+
{
63+
"name": "AdmUserId",
64+
"type": "int"
65+
},
66+
{
67+
"name": "AdmPkgName",
68+
"type": "string"
69+
},
70+
{
71+
"name": "FailureReason",
72+
"type": "string"
73+
},
74+
{
75+
"name": "Action",
76+
"type": "string"
77+
},
78+
{
79+
"name": "KeyMask",
80+
"type": "int"
81+
},
82+
{
83+
"name": "PkgName",
84+
"type": "string"
85+
}
86+
]
87+
}

.script/tests/KqlvalidationsTests/CustomTables/Samsung_Knox_Network_CL.json

Lines changed: 135 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,135 @@
1+
{
2+
"Name": "Samsung_Knox_Network_CL",
3+
"Properties": [
4+
{
5+
"name": "TimeGenerated",
6+
"type": "DateTime",
7+
"isDefaultDisplay": true,
8+
"description": "The timestamp (UTC) reflecting the time in which the event was generated."
9+
},
10+
{
11+
"name": "PrimaryImei",
12+
"type": "string"
13+
},
14+
{
15+
"name": "DeviceImei1",
16+
"type": "string"
17+
},
18+
{
19+
"name": "DeviceImei2",
20+
"type": "string"
21+
},
22+
{
23+
"name": "DeviceSerialNumber",
24+
"type": "string"
25+
},
26+
{
27+
"name": "DeviceWifimac",
28+
"type": "string"
29+
},
30+
{
31+
"name": "DeviceModel",
32+
"type": "string"
33+
},
34+
{
35+
"name": "EventGuid",
36+
"type": "long"
37+
},
38+
{
39+
"name": "Name",
40+
"type": "string"
41+
},
42+
{
43+
"name": "Version",
44+
"type": "string"
45+
},
46+
{
47+
"name": "Severity",
48+
"type": "string"
49+
},
50+
{
51+
"name": "MitreTtp",
52+
"type": "dynamic"
53+
},
54+
{
55+
"name": "Profile",
56+
"type": "string"
57+
},
58+
{
59+
"name": "Protocol",
60+
"type": "int"
61+
},
62+
{
63+
"name": "SourcePort",
64+
"type": "int"
65+
},
66+
{
67+
"name": "RemotePort",
68+
"type": "int"
69+
},
70+
{
71+
"name": "SourceAddr",
72+
"type": "string"
73+
},
74+
{
75+
"name": "RemoteAddr",
76+
"type": "string"
77+
},
78+
{
79+
"name": "EventDetectedTime",
80+
"type": "DateTime"
81+
},
82+
{
83+
"name": "Family",
84+
"type": "int"
85+
},
86+
{
87+
"name": "PkgName",
88+
"type": "string"
89+
},
90+
{
91+
"name": "InterfaceName",
92+
"type": "string"
93+
},
94+
{
95+
"name": "Tid",
96+
"type": "int"
97+
},
98+
{
99+
"name": "Pid",
100+
"type": "int"
101+
},
102+
{
103+
"name": "Ppid",
104+
"type": "int"
105+
},
106+
{
107+
"name": "Uid",
108+
"type": "int"
109+
},
110+
{
111+
"name": "Gid",
112+
"type": "int"
113+
},
114+
{
115+
"name": "ExitCode",
116+
"type": "int"
117+
},
118+
{
119+
"name": "Syscall",
120+
"type": "int"
121+
},
122+
{
123+
"name": "Path",
124+
"type": "string"
125+
},
126+
{
127+
"name": "Ja3Fingerprint",
128+
"type": "string"
129+
},
130+
{
131+
"name": "SocketType",
132+
"type": "int"
133+
}
134+
]
135+
}

0 commit comments

Comments
 (0)