diff --git a/Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTDenialofService.yaml b/Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTDenialofService.yaml index fd5155628ed..558deafcb29 100644 --- a/Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTDenialofService.yaml +++ b/Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTDenialofService.yaml @@ -47,14 +47,8 @@ query: | AlertManagementUri, Techniques entityMappings: - - entityType: IP - fieldMappings: - - identifier: Address - columnName: SourceDeviceAddress - - entityType: IP - fieldMappings: - - identifier: Address - columnName: DestDeviceAddress +sentinelEntitiesMappings: + - columnName: Entities eventGroupingSettings: aggregationKind: AlertPerResult customDetails: @@ -78,5 +72,5 @@ alertDetailsOverride: value: ProductComponentName - alertProperty: AlertLink value: AlertLink -version: 1.0.2 +version: 1.0.3 kind: Scheduled diff --git a/Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTExcessiveLoginAttempts.yaml b/Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTExcessiveLoginAttempts.yaml index c481dad5377..9f86a582b2d 100644 --- a/Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTExcessiveLoginAttempts.yaml +++ b/Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTExcessiveLoginAttempts.yaml @@ -47,14 +47,8 @@ query: | AlertManagementUri, Techniques entityMappings: - - entityType: IP - fieldMappings: - - identifier: Address - columnName: SourceDeviceAddress - - entityType: IP - fieldMappings: - - identifier: Address - columnName: DestDeviceAddress +sentinelEntitiesMappings: + - columnName: Entities eventGroupingSettings: aggregationKind: AlertPerResult customDetails: @@ -78,5 +72,5 @@ alertDetailsOverride: value: ProductComponentName - alertProperty: AlertLink value: AlertLink -version: 1.0.2 +version: 1.0.3 kind: Scheduled diff --git a/Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTFirmwareUpdates.yaml b/Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTFirmwareUpdates.yaml index 200bc2a90da..670caee7c0c 100644 --- a/Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTFirmwareUpdates.yaml +++ b/Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTFirmwareUpdates.yaml @@ -47,14 +47,8 @@ query: | AlertManagementUri, Techniques entityMappings: - - entityType: IP - fieldMappings: - - identifier: Address - columnName: SourceDeviceAddress - - entityType: IP - fieldMappings: - - identifier: Address - columnName: DestDeviceAddress +sentinelEntitiesMappings: + - columnName: Entities eventGroupingSettings: aggregationKind: AlertPerResult customDetails: @@ -78,5 +72,5 @@ alertDetailsOverride: value: ProductComponentName - alertProperty: AlertLink value: AlertLink -version: 1.0.2 +version: 1.0.3 kind: Scheduled diff --git a/Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTHighBandwidth.yaml b/Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTHighBandwidth.yaml index f2ba70dbc05..82a67608c96 100644 --- a/Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTHighBandwidth.yaml +++ b/Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTHighBandwidth.yaml @@ -47,14 +47,8 @@ query: | AlertManagementUri, Techniques entityMappings: - - entityType: IP - fieldMappings: - - identifier: Address - columnName: SourceDeviceAddress - - entityType: IP - fieldMappings: - - identifier: Address - columnName: DestDeviceAddress +sentinelEntitiesMappings: + - columnName: Entities eventGroupingSettings: aggregationKind: AlertPerResult customDetails: @@ -78,5 +72,5 @@ alertDetailsOverride: value: ProductComponentName - alertProperty: AlertLink value: AlertLink -version: 1.0.2 +version: 1.0.3 kind: Scheduled diff --git a/Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTINoSensorTrafficDetected.yaml b/Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTINoSensorTrafficDetected.yaml index 67dcf59e5b5..0b575b4d731 100644 --- a/Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTINoSensorTrafficDetected.yaml +++ b/Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTINoSensorTrafficDetected.yaml @@ -47,14 +47,8 @@ query: | AlertManagementUri, Techniques entityMappings: - - entityType: IP - fieldMappings: - - identifier: Address - columnName: SourceDeviceAddress - - entityType: IP - fieldMappings: - - identifier: Address - columnName: DestDeviceAddress +sentinelEntitiesMappings: + - columnName: Entities eventGroupingSettings: aggregationKind: AlertPerResult customDetails: @@ -78,5 +72,5 @@ alertDetailsOverride: value: ProductComponentName - alertProperty: AlertLink value: AlertLink -version: 1.0.2 +version: 1.0.3 kind: Scheduled diff --git a/Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTIllegalFunctionCodes.yaml b/Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTIllegalFunctionCodes.yaml index 43c3fd2028c..0ab6ca07a31 100644 --- a/Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTIllegalFunctionCodes.yaml +++ b/Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTIllegalFunctionCodes.yaml @@ -48,14 +48,8 @@ query: | AlertManagementUri, Techniques entityMappings: - - entityType: IP - fieldMappings: - - identifier: Address - columnName: SourceDeviceAddress - - entityType: IP - fieldMappings: - - identifier: Address - columnName: DestDeviceAddress +sentinelEntitiesMappings: + - columnName: Entities eventGroupingSettings: aggregationKind: AlertPerResult customDetails: @@ -79,5 +73,5 @@ alertDetailsOverride: value: ProductComponentName - alertProperty: AlertLink value: AlertLink -version: 1.0.2 +version: 1.0.3 kind: Scheduled diff --git a/Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTInsecurePLC.yaml b/Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTInsecurePLC.yaml index 00c28dd3945..c1e269da58e 100644 --- a/Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTInsecurePLC.yaml +++ b/Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTInsecurePLC.yaml @@ -47,14 +47,8 @@ query: | AlertManagementUri, Techniques entityMappings: - - entityType: IP - fieldMappings: - - identifier: Address - columnName: SourceDeviceAddress - - entityType: IP - fieldMappings: - - identifier: Address - columnName: DestDeviceAddress +sentinelEntitiesMappings: + - columnName: Entities eventGroupingSettings: aggregationKind: AlertPerResult customDetails: @@ -78,5 +72,5 @@ alertDetailsOverride: value: ProductComponentName - alertProperty: AlertLink value: AlertLink -version: 1.0.2 +version: 1.0.3 kind: Scheduled diff --git a/Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTInternetAccess.yaml b/Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTInternetAccess.yaml index 5ec57723475..1da6644e185 100644 --- a/Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTInternetAccess.yaml +++ b/Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTInternetAccess.yaml @@ -47,14 +47,8 @@ query: | AlertManagementUri, Techniques entityMappings: - - entityType: IP - fieldMappings: - - identifier: Address - columnName: SourceDeviceAddress - - entityType: IP - fieldMappings: - - identifier: Address - columnName: DestDeviceAddress +sentinelEntitiesMappings: + - columnName: Entities eventGroupingSettings: aggregationKind: AlertPerResult customDetails: @@ -78,5 +72,5 @@ alertDetailsOverride: value: ProductComponentName - alertProperty: AlertLink value: AlertLink -version: 1.0.2 +version: 1.0.3 kind: Scheduled diff --git a/Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTMalware.yaml b/Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTMalware.yaml index dfb16af4e86..6dbf1a29992 100644 --- a/Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTMalware.yaml +++ b/Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTMalware.yaml @@ -48,14 +48,8 @@ query: | AlertManagementUri, Techniques entityMappings: - - entityType: IP - fieldMappings: - - identifier: Address - columnName: SourceDeviceAddress - - entityType: IP - fieldMappings: - - identifier: Address - columnName: DestDeviceAddress +sentinelEntitiesMappings: + - columnName: Entities eventGroupingSettings: aggregationKind: AlertPerResult customDetails: @@ -79,5 +73,5 @@ alertDetailsOverride: value: ProductComponentName - alertProperty: AlertLink value: AlertLink -version: 1.0.2 +version: 1.0.3 kind: Scheduled diff --git a/Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTNetworkScanning.yaml b/Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTNetworkScanning.yaml index 181585a7296..cdd9175ffbd 100644 --- a/Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTNetworkScanning.yaml +++ b/Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTNetworkScanning.yaml @@ -47,14 +47,8 @@ query: | AlertManagementUri, Techniques entityMappings: - - entityType: IP - fieldMappings: - - identifier: Address - columnName: SourceDeviceAddress - - entityType: IP - fieldMappings: - - identifier: Address - columnName: DestDeviceAddress +sentinelEntitiesMappings: + - columnName: Entities eventGroupingSettings: aggregationKind: AlertPerResult customDetails: @@ -78,5 +72,5 @@ alertDetailsOverride: value: ProductComponentName - alertProperty: AlertLink value: AlertLink -version: 1.0.2 +version: 1.0.3 kind: Scheduled diff --git a/Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTPLCStopCommand.yaml b/Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTPLCStopCommand.yaml index 89710ac3384..05f70b59516 100644 --- a/Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTPLCStopCommand.yaml +++ b/Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTPLCStopCommand.yaml @@ -48,14 +48,8 @@ query: | AlertManagementUri, Techniques entityMappings: - - entityType: IP - fieldMappings: - - identifier: Address - columnName: SourceDeviceAddress - - entityType: IP - fieldMappings: - - identifier: Address - columnName: DestDeviceAddress +sentinelEntitiesMappings: + - columnName: Entities eventGroupingSettings: aggregationKind: AlertPerResult customDetails: @@ -79,5 +73,5 @@ alertDetailsOverride: value: ProductComponentName - alertProperty: AlertLink value: AlertLink -version: 1.0.2 +version: 1.0.3 kind: Scheduled diff --git a/Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTUnauthorizedDevice.yaml b/Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTUnauthorizedDevice.yaml index 4bdb5925e3e..de79eb02792 100644 --- a/Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTUnauthorizedDevice.yaml +++ b/Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTUnauthorizedDevice.yaml @@ -47,14 +47,8 @@ query: | AlertManagementUri, Techniques entityMappings: - - entityType: IP - fieldMappings: - - identifier: Address - columnName: SourceDeviceAddress - - entityType: IP - fieldMappings: - - identifier: Address - columnName: DestDeviceAddress +sentinelEntitiesMappings: + - columnName: Entities eventGroupingSettings: aggregationKind: AlertPerResult customDetails: @@ -78,5 +72,5 @@ alertDetailsOverride: value: ProductComponentName - alertProperty: AlertLink value: AlertLink -version: 1.0.2 +version: 1.0.3 kind: Scheduled diff --git a/Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTUnauthorizedNetworkConfiguration.yaml b/Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTUnauthorizedNetworkConfiguration.yaml index 1adb4b5f048..9d64927b518 100644 --- a/Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTUnauthorizedNetworkConfiguration.yaml +++ b/Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTUnauthorizedNetworkConfiguration.yaml @@ -47,14 +47,8 @@ query: | AlertManagementUri, Techniques entityMappings: - - entityType: IP - fieldMappings: - - identifier: Address - columnName: SourceDeviceAddress - - entityType: IP - fieldMappings: - - identifier: Address - columnName: DestDeviceAddress +sentinelEntitiesMappings: + - columnName: Entities eventGroupingSettings: aggregationKind: AlertPerResult customDetails: @@ -78,5 +72,5 @@ alertDetailsOverride: value: ProductComponentName - alertProperty: AlertLink value: AlertLink -version: 1.0.2 +version: 1.0.3 kind: Scheduled diff --git a/Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTUnauthorizedPLCModifications.yaml b/Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTUnauthorizedPLCModifications.yaml index 9a32ce27224..8bb63d7780e 100644 --- a/Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTUnauthorizedPLCModifications.yaml +++ b/Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTUnauthorizedPLCModifications.yaml @@ -49,14 +49,8 @@ query: | AlertManagementUri, Techniques entityMappings: - - entityType: IP - fieldMappings: - - identifier: Address - columnName: SourceDeviceAddress - - entityType: IP - fieldMappings: - - identifier: Address - columnName: DestDeviceAddress +sentinelEntitiesMappings: + - columnName: Entities eventGroupingSettings: aggregationKind: AlertPerResult customDetails: @@ -80,5 +74,5 @@ alertDetailsOverride: value: ProductComponentName - alertProperty: AlertLink value: AlertLink -version: 1.0.2 +version: 1.0.3 kind: Scheduled diff --git a/Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTUnauthorizedRemoteAccess.yaml b/Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTUnauthorizedRemoteAccess.yaml index da19eb624de..b83832126d6 100644 --- a/Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTUnauthorizedRemoteAccess.yaml +++ b/Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTUnauthorizedRemoteAccess.yaml @@ -47,14 +47,8 @@ query: | AlertManagementUri, Techniques entityMappings: - - entityType: IP - fieldMappings: - - identifier: Address - columnName: SourceDeviceAddress - - entityType: IP - fieldMappings: - - identifier: Address - columnName: DestDeviceAddress +sentinelEntitiesMappings: + - columnName: Entities eventGroupingSettings: aggregationKind: AlertPerResult customDetails: @@ -78,5 +72,5 @@ alertDetailsOverride: value: ProductComponentName - alertProperty: AlertLink value: AlertLink -version: 1.0.2 +version: 1.0.3 kind: Scheduled