testing asim _ASim_RegistryEvent_MicrosoftSecurityEventV03#12384
testing asim _ASim_RegistryEvent_MicrosoftSecurityEventV03#12384v-amolpatil wants to merge 69 commits intomasterfrom
Conversation
|
ASIM parsers have been changed. ARM templates were regenerated from the updated KQL function YAML files. |
…RegistryEventMicrosoftSecurityEvent
|
ASIM parsers have been changed. ARM templates were regenerated from the updated KQL function YAML files. |
|
ASIM parsers have been changed. ARM templates were regenerated from the updated KQL function YAML files. |
… test-asim-file-ASimRegistryEventMicrosoftSecurityEvent
… test-asim-file-ASimRegistryEventMicrosoftSecurityEvent
|
ASIM parsers have been changed. ARM templates were regenerated from the updated KQL function YAML files. |
Changed the 'LastUpdated' date in both ASimRegistryEventMicrosoftSecurityEvent.yaml and vimRegistryEventMicrosoftSecurityEvent.yaml to June 23, 2024. Also made a minor formatting adjustment in the sample ingested logs CSV for registry events.
…RegistryEventMicrosoftSecurityEvent
|
ASIM parsers have been changed. ARM templates were regenerated from the updated KQL function YAML files. |
… of https://github.com/Azure/Azure-Sentinel into test-asim-file-ASimRegistryEventMicrosoftSecurityEvent
|
ASIM parsers have been changed. ARM templates were regenerated from the updated KQL function YAML files. |
… of https://github.com/Azure/Azure-Sentinel into test-asim-file-ASimRegistryEventMicrosoftSecurityEvent
|
done with testing so closing |
1 participant
Required items, please complete
Change(s):
Reason for Change(s):
Version Updated:
Testing Completed:
Checked that the validations are passing and have addressed any issues that are present:
Fixed by below:
Name to sample file with extension csv: Microsoft_Security Events_Authentication_IngestedLogs
In Sample data, Added a new column "ParentProcessId", I was getting error for DCR column having missmatch of data types as it was getting string to guid. InterfaceUuid, LogonGuid, SourceComputerId , SubcategoryGuid, TargetLogonGuid
Below is the error:
Response of DCR creation: {"error":{"code":"InvalidPayload","message":"Data collection rule is invalid","details":[{"code":"InvalidTransformOutput","message":"Types of transform output columns do not match the ones defined by the output stream: InterfaceUuid [produced:'String', output:'Guid'], LogonGuid [produced:'String', output:'Guid'], SourceComputerId [produced:'String', output:'Guid'], SubcategoryGuid [produced:'String', output:'Guid'], TargetLogonGuid [produced:'String', output:'Guid']","target":"properties.dataFlows[0]"}]}}