Merge pull request #13252 from fenil-savani/Armis-Log-Ingestion-Support

[Armis][Solution] - Armis log ingestion support

Author: v-atulyadav

.script/tests/KqlvalidationsTests/CustomTables/Armis_Activities_CL.json

@@ -40,14 +40,94 @@
     "Name": "ActivityUUID",
     "Type": "string"
   },
+  {
+    "Name": "ConnectionIds",
+    "Type": "string"
+  },
   {
     "Name": "Content",
     "Type": "string"
   },
+  {
+    "Name": "DecisionData",
+    "Type": "string"
+  },
+  {
+    "Name": "DecisionData_AnswerIps",
+    "Type": "string"
+  },
+  {
+    "Name": "DecisionData_DeviceId",
+    "Type": "real"
+  },
+  {
+    "Name": "DecisionData_Host",
+    "Type": "string"
+  },
+  {
+    "Name": "DecisionData_QueryType",
+    "Type": "string"
+  },
+  {
+    "Name": "DecisionData_ClientOfferedSuites",
+    "Type": "string"
+  },
+  {
+    "Name": "DecisionData_SelectedSuite",
+    "Type": "string"
+  },
+  {
+    "Name": "DecisionData_SelectedSuiteSecurityLevel",
+    "Type": "string"
+  },
+  {
+    "Name": "DecisionData_SrcDeviceId",
+    "Type": "real"
+  },
+  {
+    "Name": "DecisionData_SrcIp",
+    "Type": "string"
+  },
+  {
+    "Name": "DecisionData_SrcMac",
+    "Type": "string"
+  },
+  {
+    "Name": "DecisionData_Version",
+    "Type": "string"
+  },
+  {
+    "Name": "DecisionData_SslConnectionStatus",
+    "Type": "string"
+  },
+  {
+    "Name": "DecisionData_Method",
+    "Type": "string"
+  },
+  {
+    "Name": "DecisionData_Port",
+    "Type": "real"
+  },
+  {
+    "Name": "DecisionData_UserAgent",
+    "Type": "string"
+  },
+  {
+    "Name": "DestinationEndpoints",
+    "Type": "string"
+  },
+  {
+    "Name": "DeviceIds",
+    "Type": "string"
+  },
   {
     "Name": "Protocol",
     "Type": "string"
   },
+  {
+    "Name": "Sensor",
+    "Type": "string"
+  },
   {
     "Name": "SensorName",
     "Type": "string"
@@ -56,6 +136,10 @@
     "Name": "SensorType",
     "Type": "string"
   },
+  {
+    "Name": "Site",
+    "Type": "string"
+  },
   {
     "Name": "SiteLocation",
     "Type": "string"
@@ -65,20 +149,24 @@
     "Type": "string"
   },
   {
-    "Name": "Title",
+    "Name": "Sites",
     "Type": "string"
   },
   {
-    "Name": "Type",
+    "Name": "SourceEndpoints",
     "Type": "string"
   },
   {
-    "Name": "Type",
+    "Name": "Armis_Activity_Time",
+    "Type": "datetime"
+  },
+  {
+    "Name": "ActivityType",
     "Type": "string"
   },
   {
     "Name": "_ResourceId",
     "Type": "string"
   }
 ]
-}
+}

.script/tests/KqlvalidationsTests/CustomTables/Armis_Alerts_CL.json

@@ -40,45 +40,81 @@
     "Name": "ActivityUUIDs",
     "Type": "string"
   },
+  {
+    "Name": "AffectedDevicesCount",
+    "Type": "real"
+  },
   {
     "Name": "AlertId",
+    "Type": "real"
+  },
+  {
+    "Name": "Classification",
+    "Type": "string"
+  },
+  {
+    "Name": "ConnectionIds",
     "Type": "string"
   },
   {
     "Name": "Description",
     "Type": "string"
   },
+  {
+    "Name": "DestinationEndpoints",
+    "Type": "string"
+  },
   {
     "Name": "DeviceIds",
     "Type": "string"
   },
   {
-    "Name": "Severity",
+    "Name": "LastAlertUpdateTime",
+    "Type": "datetime"
+  },
+  {
+    "Name": "MitreAttackLabels",
     "Type": "string"
   },
   {
-    "Name": "Status",
+    "Name": "PolicyId",
     "Type": "string"
   },
   {
-    "Name": "Time",
+    "Name": "PolicyLabels",
     "Type": "string"
   },
   {
-    "Name": "Title",
+    "Name": "PolicyTitle",
     "Type": "string"
   },
   {
-    "Name": "Type",
+    "Name": "Severity",
+    "Type": "string"
+  },
+  {
+    "Name": "SourceEndpoints",
+    "Type": "string"
+  },
+  {
+    "Name": "Status",
     "Type": "string"
   },
   {
-    "Name": "Type",
+    "Name": "StatusChangeTime",
+    "Type": "datetime"
+  },
+  {
+    "Name": "Armis_Alert_Time",
+    "Type": "datetime"
+  },
+  {
+    "Name": "AlertType",
     "Type": "string"
   },
   {
     "Name": "_ResourceId",
     "Type": "string"
   }
 ]
-}
+}