Merge branch 'master' into dependabot/pip/Solutions/Cloudflare/Data-Connectors/aiohttp-3.12.14

Author: v-atulyadav

.script/tests/KqlvalidationsTests/CustomTables/SAPETDInvestigations_CL.json

@@ -0,0 +1,69 @@
+{
+    "Name": "SAPETDInvestigations_CL",
+    "Properties": [
+      {
+            "name": "TimeGenerated",
+            "type": "datetime"
+          },
+          {
+            "name": "Version",
+            "type": "string"
+          },
+          {
+            "name": "InvestigationId",
+            "type": "int"
+          },
+          {
+            "name": "Description",
+            "type": "string"
+          },
+          {
+            "name": "Severity",
+            "type": "string"
+          },
+          {
+            "name": "Status",
+            "type": "string"
+          },
+          {
+            "name": "Processor",
+            "type": "string"
+          },
+          {
+            "name": "ManagementVisibility",
+            "type": "string"
+          },
+          {
+            "name": "CustomerNotification",
+            "type": "boolean"
+          },
+          {
+            "name": "CompletionTimestamp",
+            "type": "datetime"
+          },
+          {
+            "name": "createdAt",
+            "type": "datetime"
+          },
+          {
+            "name": "createdBy",
+            "type": "string"
+          },
+          {
+            "name": "Actions",
+            "type": "dynamic"
+          },
+          {
+            "name": "Users",
+            "type": "dynamic"
+          },
+          {
+            "name": "Systems",
+            "type": "dynamic"
+          },
+          {
+            "name": "Alerts",
+            "type": "dynamic"
+          }
+    ]
+}

Logos/VirtualMetric.svg

@@ -0,0 +1,6 @@
+TenantId,"TimeGenerated [UTC]",DeviceVendor,DeviceProduct,DeviceVersion,DeviceEventClassID,Activity,LogSeverity,OriginalLogSeverity,AdditionalExtensions,DeviceAction,ApplicationProtocol,EventCount,DestinationDnsDomain,DestinationServiceName,DestinationTranslatedAddress,DestinationTranslatedPort,CommunicationDirection,DeviceDnsDomain,DeviceExternalID,DeviceFacility,DeviceInboundInterface,DeviceNtDomain,DeviceOutboundInterface,DevicePayloadId,ProcessName,DeviceTranslatedAddress,DestinationHostName,DestinationMACAddress,DestinationNTDomain,DestinationProcessId,DestinationUserPrivileges,DestinationProcessName,DestinationPort,DestinationIP,DeviceTimeZone,DestinationUserID,DestinationUserName,DeviceAddress,DeviceName,DeviceMacAddress,ProcessID,"EndTime [UTC]",ExternalID,ExtID,FileCreateTime,FileHash,FileID,FileModificationTime,FilePath,FilePermission,FileType,FileName,FileSize,ReceivedBytes,Message,OldFileCreateTime,OldFileHash,OldFileID,OldFileModificationTime,OldFileName,OldFilePath,OldFilePermission,OldFileSize,OldFileType,SentBytes,EventOutcome,Protocol,Reason,RequestURL,RequestClientApplication,RequestContext,RequestCookies,RequestMethod,ReceiptTime,SourceHostName,SourceMACAddress,SourceNTDomain,SourceDnsDomain,SourceServiceName,SourceTranslatedAddress,SourceTranslatedPort,SourceProcessId,SourceUserPrivileges,SourceProcessName,SourcePort,SourceIP,"StartTime [UTC]",SourceUserID,SourceUserName,EventType,DeviceEventCategory,DeviceCustomIPv6Address1,DeviceCustomIPv6Address1Label,DeviceCustomIPv6Address2,DeviceCustomIPv6Address2Label,DeviceCustomIPv6Address3,DeviceCustomIPv6Address3Label,DeviceCustomIPv6Address4,DeviceCustomIPv6Address4Label,DeviceCustomFloatingPoint1,DeviceCustomFloatingPoint1Label,DeviceCustomFloatingPoint2,DeviceCustomFloatingPoint2Label,DeviceCustomFloatingPoint3,DeviceCustomFloatingPoint3Label,DeviceCustomFloatingPoint4,DeviceCustomFloatingPoint4Label,DeviceCustomNumber1,FieldDeviceCustomNumber1,DeviceCustomNumber1Label,DeviceCustomNumber2,FieldDeviceCustomNumber2,DeviceCustomNumber2Label,DeviceCustomNumber3,FieldDeviceCustomNumber3,DeviceCustomNumber3Label,DeviceCustomString1,DeviceCustomString1Label,DeviceCustomString2,DeviceCustomString2Label,DeviceCustomString3,DeviceCustomString3Label,DeviceCustomString4,DeviceCustomString4Label,DeviceCustomString5,DeviceCustomString5Label,DeviceCustomString6,DeviceCustomString6Label,DeviceCustomDate1,DeviceCustomDate1Label,DeviceCustomDate2,DeviceCustomDate2Label,FlexDate1,FlexDate1Label,FlexNumber1,FlexNumber1Label,FlexNumber2,FlexNumber2Label,FlexString1,FlexString1Label,FlexString2,FlexString2Label,RemoteIP,RemotePort,MaliciousIP,ThreatSeverity,IndicatorThreatType,ThreatDescription,ThreatConfidence,ReportReferenceLink,MaliciousIPLongitude,MaliciousIPLatitude,MaliciousIPCountry,Computer,SourceSystem,SimplifiedDeviceAction,CollectorHostName,Type,"_ResourceId"
+"00000000-0000-0000-0000-000000000000","9/3/2025, 12:05:45.692 PM","Palo Alto Networks","PAN-OS","11.1.9",general,SYSTEM,1,,"PanOSDGl1=0;PanOSDGl2=0;PanOSDGl3=0;PanOSDGl4=0;PanOSVsysName=;PanOSActionFlags=0x0;anOSTimeGeneratedHighResolution=2025-09-01T11:40:45.000+02:00",,,,,,,,,,000702596951,,,,,,,,,,,,,,,,,,,,panamera01,,,,,7499071207306488098,,,,,,,,,,,"Auto update agent found no new WildFire updates",,,,,,,,,,,,,,,,,,,"Sep 01 2025 08:40:45 GMT",,,,,,,,,,,,,,,,,general,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Virtual System",,,,,,,,,,,,,,,,,,,general,Module,,,,,,,,,,,,panamera01,VirtualMetric,,,CommonSecurityLog,
+"00000000-0000-0000-0000-000000000000","9/15/2025, 7:36:11.745 AM","Palo Alto Networks","PAN-OS","11.1.9",general,SYSTEM,1,,,,,,,,,,,,000702596951,,,,,,,,,,,,,,,,,,,,panamera01,,,,,7499071207306488098,,,,,,,,,,,"Auto update agent found no new WildFire updates",,,,,,,,,,,,,,,,,,,"Sep 01 2025 08:40:45 GMT",,,,,,,,,,,,,,,,,general,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Virtual System",,,,,584505011149499420,CorrelationID,,,,,,,,,,,,,general,Module,,,,,,,,,,,,panamera01,VirtualMetric,,,CommonSecurityLog,
+"00000000-0000-0000-0000-000000000000","9/5/2025, 8:55:46.000 AM",Fortinet,Fortigate,"v7.6.1",00014,"traffic:local close",3,,"FTNTFGTeventtime=1757073346045809566;FTNTFGTlogid=0001000014;FTNTFGTsubtype=local;FTNTFGTlevel=notice;FTNTFGTvd=root;FTNTFGTsrcintfrole=undefined;FTNTFGTdstintfrole=wan;FTNTFGTsrccountry=Reserved;FTNTFGTdstcountry=United States;FTNTFGTpolicyid=0;FTNTFGTtrandisp=noop;FTNTFGTapp=HTTPS;FTNTFGTduration=2;FTNTFGTsentpkt=5;FTNTFGTrcvdpkt=3",close,HTTPS,,,,,,,,FGVMEVHCOQK4HJ22,,root,,port1,,,,,,,,,,443,"173.243.141.6",,,,,,,,,,5277,,,,,,,,,,164,,,,,,,,,,,275,,6,,,,,,,,,,,,,,,,,,7022,"192.168.1.73",,,,,"traffic:local",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"VirtualMetric-FW2",VirtualMetric,close,,CommonSecurityLog,
+"00000000-0000-0000-0000-000000000000","9/5/2025, 8:55:47.000 AM",Fortinet,Fortigate,"v7.6.1",00014,"traffic:local close",3,,"FTNTFGTeventtime=1757073347195814866;FTNTFGTlogid=0001000014;FTNTFGTsubtype=local;FTNTFGTlevel=notice;FTNTFGTvd=root;FTNTFGTsrcintfrole=undefined;FTNTFGTdstintfrole=wan;FTNTFGTsrccountry=Reserved;FTNTFGTdstcountry=United States;FTNTFGTpolicyid=0;FTNTFGTtrandisp=noop;FTNTFGTapp=HTTPS;FTNTFGTduration=2;FTNTFGTsentpkt=5;FTNTFGTrcvdpkt=4",close,HTTPS,,,,,,,,FGVMEVHCOQK4HJ22,,root,,port1,,,,,,,,,,443,"173.243.141.6",,,,,,,,,,5279,,,,,,,,,,228,,,,,,,,,,,275,,6,,,,,,,,,,,,,,,,,,7024,"192.168.1.73",,,,,"traffic:local",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"VirtualMetric-FW2",VirtualMetric,close,,CommonSecurityLog,
+"00000000-0000-0000-0000-000000000000","9/5/2025, 8:55:49.000 AM",Fortinet,Fortigate,"v7.6.1",00014,"traffic:local deny",3,,"FTNTFGTeventtime=1757073349236109166;FTNTFGTlogid=0001000014;FTNTFGTsubtype=local;FTNTFGTlevel=notice;FTNTFGTvd=root;FTNTFGTsrcintfrole=wan;FTNTFGTdstintfrole=undefined;FTNTFGTsrccountry=Reserved;FTNTFGTdstcountry=Reserved;FTNTFGTpolicyid=0;FTNTFGTpolicytype=local-in-policy;FTNTFGTtrandisp=noop;FTNTFGTapp=udp/6667;FTNTFGTduration=0;FTNTFGTsentpkt=0;FTNTFGTrcvdpkt=0",deny,"udp/6667",,,,,,,,FGVMEVHCOQK4HJ22,,port1,,root,,,,,,,,,,6667,"255.255.255.255",,,,,,,,,,5281,,,,,,,,,,0,"Connection Failed",,,,,,,,,,0,,17,,,,,,,,,,,,,,,,,,56071,"192.168.1.9",,,,,"traffic:local",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"VirtualMetric-FW2",VirtualMetric,deny,,CommonSecurityLog,

Sample Data/VirtualMetricDataStream_CEF.csv

@@ -37,7 +37,7 @@
 		"Analytic Rules/CiscoDuoUnexpectedAuthFactor.yaml"
 	],
 	"BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\CiscoDuoSecurity",
-	"Version": "3.0.3",
+	"Version": "3.0.4",
 	"Metadata": "SolutionMetadata.json",
 	"TemplateSpec": true,
 	"Is1Pconnector": false