Merge branch 'master' into dependabot/pip/Solutions/WithSecureElementsViaFunction/Data-Connectors/urllib3-2.5.0

Author: v-atulyadav

.script/tests/KqlvalidationsTests/CustomTables/GoogleCloudSCC.json

@@ -0,0 +1,33 @@
+{
+    "Name": "GoogleCloudSCC",
+    "Properties": [
+        {
+            "Name": "TimeGenerated",
+            "Type": "DateTime"
+        },
+        {
+            "Name": "TenantId",
+            "Type": "String"
+        },
+        {
+            "Name": "Findings",
+            "Type": "Dynamic"
+        },
+        {
+            "Name": "FindingsResource",
+            "Type": "Dynamic"
+        },
+        {
+            "Name": "SourceProperties",
+            "Type": "Dynamic"
+        },
+        {
+            "Name": "SourceSystem",
+            "Type": "String"
+        },
+        {
+            "Name": "Type",
+            "Type": "String"
+        }
+    ]
+}

.script/tests/KqlvalidationsTests/CustomTables/secRMM_CL.json

@@ -1,153 +1,137 @@
 {
-  "Name":"secRMM_CL",
-  "Properties":[
-  {
-    "Name": "_ResourceId",
-    "Type": "string"
-  },
-  {
-    "Name": "AdditionalProgramInfo",
-    "Type": "string"
-  },
-  {
-    "Name": "Computer",
-    "Type": "string"
-  },
-  {
-    "Name": "ConfigurationTarget",
-    "Type": "string"
-  },
-  {
-    "Name": "DeviceDescription",
-    "Type": "string"
-  },
-  {
-    "Name": "Drive",
-    "Type": "string"
-  },
-  {
-    "Name": "Event",
-    "Type": "string"
-  },
-  {
-    "Name": "InternalID",
-    "Type": "string"
-  },
-  {
-    "Name": "ManagementGroupName",
-    "Type": "string"
-  },
-  {
-    "Name": "Message",
-    "Type": "string"
-  },
-  {
-    "Name": "MG",
-    "Type": "string"
-  },
-  {
-    "Name": "Model",
-    "Type": "string"
-  },
-  {
-    "Name": "PreviousPropertyValue",
-    "Type": "string"
-  },
-  {
-    "Name": "ProgramName",
-    "Type": "string"
-  },
-  {
-    "Name": "ProgramPID_d",
-    "Type": "real"
-  },
-  {
-    "Name": "PropertyAction",
-    "Type": "string"
-  },
-  {
-    "Name": "PropertyName",
-    "Type": "string"
-  },
-  {
-    "Name": "PropertyOperationStatus",
-    "Type": "string"
-  },
-  {
-    "Name": "PropertyValue",
-    "Type": "string"
-  },
-  {
-    "Name": "RawData",
-    "Type": "string"
-  },
-  {
-    "Name": "SerialNumber_g",
-    "Type": "string"
-  },
-  {
-    "Name": "SourceFile",
-    "Type": "string"
-  },
-  {
-    "Name": "SourceFileLastWrite",
-    "Type": "string"
-  },
-  {
-    "Name": "SourceFileSize_d",
-    "Type": "real"
-  },
-  {
-    "Name": "SourceSystem",
-    "Type": "string"
-  },
-  {
-    "Name": "TargetFile",
-    "Type": "string"
-  },
-  {
-    "Name": "TenantId",
-    "Type": "string"
-  },
-  {
-    "Name": "TimeGenerated",
-    "Type": "datetime"
-  },
-  {
-    "Name": "Type",
-    "Type": "string"
-  },
-  {
-    "Name": "User",
-    "Type": "string"
-  },
-  {
-    "Name": "UserSID",
-    "Type": "string"
-  },
-  {
-    "Name": "Volume",
-    "Type": "string"
-  },
-  {
-    "Name": "Event_s",
-    "Type": "string"
-  },
-  {
-    "Name": "User_s",
-    "Type": "string"
-  },
-  {
-    "Name": "DeviceDescription_s",
-    "Type": "string"
-  },
-  {
-    "Name": "Drive_s",
-    "Type": "string"
-  },
-  {
-    "Name": "AdditionalProgramInfo_s",
-    "Type": "string"
-  }
-]
+  "Name": "secRMM_CL",
+  "Properties": [
+    {
+      "Name": "TenantId",
+      "Type": "String"
+    },
+    {
+      "Name": "SourceSystem",
+      "Type": "String"
+    },
+    {
+      "Name": "MG",
+      "Type": "String"
+    },
+    {
+      "Name": "ManagementGroupName",
+      "Type": "String"
+    },
+    {
+      "Name": "TimeGenerated",
+      "Type": "DateTime"
+    },
+    {
+      "Name": "Computer",
+      "Type": "String"
+    },
+    {
+      "Name": "RawData",
+      "Type": "String"
+    },
+    {
+      "Name": "Event_s",
+      "Type": "String"
+    },
+    {
+      "Name": "Time_s",
+      "Type": "String"
+    },
+    {
+      "Name": "UserSID_s",
+      "Type": "String"
+    },
+    {
+      "Name": "Drive_s",
+      "Type": "String"
+    },
+    {
+      "Name": "Volume_s",
+      "Type": "String"
+    },
+    {
+      "Name": "DeviceDescription_s",
+      "Type": "String"
+    },
+    {
+      "Name": "SerialNumber_s",
+      "Type": "String"
+    },
+    {
+      "Name": "Model_s",
+      "Type": "String"
+    },
+    {
+      "Name": "InternalID_s",
+      "Type": "String"
+    },
+    {
+      "Name": "TargetFile_s",
+      "Type": "String"
+    },
+    {
+      "Name": "SourceFile_s",
+      "Type": "String"
+    },
+    {
+      "Name": "SourceFileSize_s",
+      "Type": "String"
+    },
+    {
+      "Name": "SourceFileLastWrite_s",
+      "Type": "String"
+    },
+    {
+      "Name": "ProgramPID_s",
+      "Type": "String"
+    },
+    {
+      "Name": "Message",
+      "Type": "String"
+    },
+    {
+      "Name": "PropertyName_s",
+      "Type": "String"
+    },
+    {
+      "Name": "PropertyAction_s",
+      "Type": "String"
+    },
+    {
+      "Name": "PropertyValue_s",
+      "Type": "String"
+    },
+    {
+      "Name": "PreviousPropertyValue_s",
+      "Type": "String"
+    },
+    {
+      "Name": "ConfigurationTarget_s",
+      "Type": "String"
+    },
+    {
+      "Name": "PropertyOperationStatus_s",
+      "Type": "String"
+    },
+    {
+      "Name": "AdditionalProgramInfo_s",
+      "Type": "String"
+    },
+    {
+      "Name": "ProgramName_s",
+      "Type": "String"
+    },
+    {
+      "Name": "User_s",
+      "Type": "String"
+    },
+    {
+      "Name": "Type",
+      "Type": "String"
+    },
+    {
+      "Name": "_ResourceId",
+      "Type": "String"
+    }
+  ]
 }

.script/tests/detectionTemplateSchemaValidation/ValidConnectorIds.json

@@ -99,6 +99,7 @@
   "Fortinet",
   "FortiWeb",
   "GCPDNSDataConnector",
+  "GoogleSCCDefinition",
   "GWorkspaceRAPI",
   "GoogleWorkspaceReportsAPI",
   "GreyNoise2SentinelAPI",

DataConnectors/AWS-S3-AzureFunction/AzFun-AWS-S3-Ingestion.zip

@@ -179,7 +179,10 @@ def get_files_list(self, ts_from, ts_to):
 
         marker_end = (ts_from - datetime.timedelta(minutes=60)).strftime("/%Y-%m-%d/%Y-%m-%d-%H-%M")
 
-        for o in folders.get('CommonPrefixes'):        
+        # Handle case where CommonPrefixes might be None or empty (newer boto3 behavior)
+        common_prefixes = folders.get('CommonPrefixes') or []
+        
+        for o in common_prefixes:        
             marker = o.get('Prefix') + s3_folder + marker_end   
             folder = o.get('Prefix') + s3_folder           
             while True:                

DataConnectors/AWS-S3-AzureFunction/AzFun-AWS-S3-Ingestion/__init__.py

@@ -198,7 +198,7 @@
                 "alwaysOn": true,
                 "reserved": true,
                 "siteConfig": {
-                    "linuxFxVersion": "python|3.9"
+                    "linuxFxVersion": "python|3.11"
                 },
 				"serverFarmId": "[concat('/subscriptions/', subscription().subscriptionId,'/resourcegroups/', resourceGroup().name, '/providers/Microsoft.Web/serverfarms/', variables('HostingPlanName'))]"				
 			},            

DataConnectors/AWS-S3-AzureFunction/azuredeploy_awss3.json

@@ -11,6 +11,6 @@
   },
   "extensionBundle": {
     "id": "Microsoft.Azure.Functions.ExtensionBundle",
-    "version": "[3.*, 4.0.0)"
+    "version": "[4.*, 5.0.0)"
   }
 }

DataConnectors/AWS-S3-AzureFunction/host.json

@@ -3,5 +3,6 @@
 # Manually managing azure-functions-worker may cause unexpected issues
 
 azure-functions
-boto3==1.9.180
+boto3==1.28.85
+botocore==1.31.85
 requests==2.31.0

DataConnectors/AWS-S3-AzureFunction/requirements.txt

@@ -54,6 +54,10 @@ When the script(s) complete, you must complete the Azure Sentinel data connector
 
 By default, a log is created in the directory where the script is executed.
 
+## Attack Disruption advance option Setup
+
+The `awsScriptBash.zip` file contains a bash script for setting up AWS attack disruption capabilities. This script can be used in AWS CloudShell as an alternative to manual configuration for enhanced security response permissions.
+
 ## Advanced usage
 
 The `ConfigAwsConnector.ps1` script has two parameters: