Commit e5266ac
committed
File tree
2,590 files changed
+211554
-63698
lines changed- .github/workflows
- .script
- SecretScanning
- SolutionValidations
- tests
- KqlvalidationsTests
- CustomFunctions
- CustomTables
- asimParsersTest
- dataConnectorValidatorTest
- detectionTemplateSchemaValidation
- documentsLinkValidatorTest
- jsonFileValidatorTest
- logoValidatorTest
- playbooksValidatorTest
- sampleDataValidatorTest
- workbooksValidatorTest
- yamlFileValidatorTest
- utils
- LogoChecker
- dataConnectorCheckers
- playbookCheckers
- Models
- sampleDataCheckers
- schemas
- workbookCheckers
- workbookTemplateCheckers
- ASIM/dev/ASimTester
- DataConnectors
- AWS-S3-AzureFunction
- AzFun-AWS-S3-Ingestion
- AWS-S3
- Utils
- GitHub
- Hunting Queries
- AI Agents
- Microsoft 365 Defender
- Email and Collaboration Queries
- Attachment
- Authentication
- Custom Detections
- General
- Hunting
- Mailflow
- Malware
- Microsoft Teams protection
- Overrides
- Phish
- QR code
- Quarantine
- Remediation
- Spam
- Spoof and Impersonation
- Submissions
- Top Attacks
- URL Click
- URL
- ZAP
- Execution
- Logos
- Parsers
- ASimAlertEvent
- ARM
- ASimAlertEventSentinelOneSingularity
- vimAlertEventSentinelOneSingularity
- Parsers
- ASimNetworkSession
- ARM
- ASimNetworkSessionAzureFirewall
- ASimNetworkSessionNTANetAnalytics
- ASimNetworkSession
- imNetworkSession
- vimNetworkSessionAzureFirewall
- vimNetworkSessionNTANetAnalytics
- Parsers
- ASimWebSession
- ARM
- ASimWebSessionCiscoMeraki
- ASimWebSessionzScalerZIA
- vimWebSessionCiscoMeraki
- vimWebSessionzScalerZIA
- Parsers
- Playbooks/AS-Datadog-Events-Integration
- Images
- Sample Data
- ASIM
- Custom
- Mimecast
- Netskope
- Solutions
- AWS_AccessLogs
- Data Connectors/AwsS3ServerAccessLogsDefinition_CCP
- Package
- Acronis Cyber Protect Cloud
- Analytic Rules
- Data
- Hunting queries
- Package
- Alibaba Cloud/DataConnectors
- Amazon Web Services
- Analytic Rules
- Data
- Package
- Anvilogic
- Package
- Auth0/Data Connectors
- Azure Firewall
- Analytic Rules
- Package
- Azure Web Application Firewall (WAF)
- Analytic Rules
- Package
- BigID
- Data Connectors/BigIDDSPMLogs_ccp
- Data
- Package
- BitSight
- Data Connectors/BitSightDataConnector
- Package
- BloodHound Enterprise
- Analytic Rules
- Data Connectors
- BloodHoundDataConnector
- attack_path_collector
- attack_path_timeline_collector
- audit_log_collector
- finding_trends_collector
- posture_history_collector
- tier_zero_assets_collector
- deployments
- deployment
- pkg
- azure
- bloodhound
- connector
- control
- model
- Data
- Package
- Workbooks
- Images/Preview
- Box
- Analytic Rules
- Data Connectors
- Data
- Hunting Queries
- Package
- Workbooks
- Business Email Compromise - Financial Fraud
- Analytic Rules
- Data
- Package
- Check Point Cyberint Alerts
- Data Connectors/CyberintArgosAlertsLogs_ccp
- Package
- CiscoDuoSecurity
- Data
- Package
- CiscoMeraki
- Data Connectors
- Package
- CiscoUmbrella/Data Connectors
- Cloudflare CCF
- Data Connectors/CloudflareLog_CCF
- Data
- Package
- Cloudflare
- Data Connectors
- CohesitySecurity
- Data Connectors/Helios2Sentinel
- IncidentConsumer
- IncidentProducer
- Package
- Data
- Package
- ContinuousDiagnostics&Mitigation
- Data
- Package
- Workbooks
- ContrastADR
- Data Connectors
- Package
- Corelight
- Data
- Package
- Parsers
- CrowdStrike Falcon Endpoint Protection
- Data Connectors
- CrowdStrikeAPI_ccp
- CrowdStrikeFalconAdversaryIntelligence
- CrowdStrikeFalconThreatIntelConnector
- CrowdstrikeReplicatorCLv2
- CSFDRv2_Deploymnet
- Data
- Package
- CyberArkAudit
- Analytics Rules
- Data Connectors
- .python_packages/lib/site-packages/cffi
- CyberArkAuditConnector
- Package
- data
- CyeraDSPM
- Data Connectors
- CyeraDSPM_CCF
- CyeraDSPM_Functions
- AzureFunction
- CyeraConnector
- Data
- Package
- Cyfirma Attack Surface
- Analytic Rules
- Package
- Cyfirma Brand Intelligence
- Analytic Rules
- Package
- Cyfirma Compromised Accounts
- Analytic Rules
- Package
- Cyfirma Cyber Intelligence
- Analytic Rules
- Data Connectors/CyfirmaCyberIntelligence_ccp
- Package
- Cyfirma Digital Risk
- Analytic Rules
- Package
- Cyfirma Vulnerabilities Intel
- Analytic Rules
- Data Connectors/CyfirmaVulnerabilitiesIntel_ccp
- Package
- Dataminr Pulse
- Data Connectors/DataminrPulseAlerts
- DataminrPulseAlertsHttpStarter
- DataminrPulseAlertsManualActivity
- DataminrPulseAlertsSentinelActivity
- DataminrPulseThreatIntelligence
- RetryFailedIndicators
- Data
- Package
- Parsers
- ESET Protect Platform/Data Connectors
- ExtraHop/Data Connectors/ExtraHopDataConnector
- Feedly
- Data Connectors
- FeedlySentinelConnector
- Package
- GDPR Compliance & Data Security
- Data
- Package
- Workbooks
- Images/Preview
- GitHub
- Data Connectors
- GitHubAuditLogs_CCF
- GithubWebhook
- Package
- data
- Global Secure Access
- Analytic Rules
- Package
- Google Cloud Platform Security Command Center
- Analytic Rules
- Data
- Hunting Queries
- Package
- Sample Logs
- Google Kubernetes Engine
- Data Connectors/GoogleKubernetesEngineLogs_ccp
- Package
- Google Threat Intelligence
- Data
- Package
- Playbooks
- CustomConnector/GTICustomConnector
- GTIIocStream
- GTIThreatList
- GoogleCloudPlatformIAM
- Package
- Parsers
- HIPAA Compliance
- Data
- Package
- Workbooks
- Images/Preview
- Illumio Insight
- Data Connectors
- IllumioInsight_CCP
- IllumioInsightsSummaryConnector_CCP
- Data
- Package
- ImpervaCloudWAF/Data Connectors
- ImpervaWAFCloudSentinelConnector
- Lumen Defender Threat Feed
- Data Connectors/LumenThreatFeed
- LumenThreatFeedConnector
- activity_cleanup_blob
- activity_upload_from_blob
- orchestrator_function
- timer_starter_function
- Data
- Package
- Workbooks
- MailRisk
- Data Connectors
- MailRiskSentinelIntegration
- MailRisk_CCP
- models
- Data
- Package
- MaturityModelForEventLogManagementM2131
- Package
- Workbooks
- data
- Microsoft Copilot/Package
- Microsoft Defender XDR
- Hunting Queries/Email and Collaboration Queries
- Attachment
- Authentication
- Custom Detections
- General
- Hunting
- Mailflow
- Malware
- Microsoft Teams protection
- Overrides
- Phish
- QR code
- Quarantine
- Remediation
- Spam
- Spoof and Impersonation
- Submissions
- Top Attacks
- URL Click
- URL
- ZAP
- Playbooks/AttackSimulatorTrainingNonReporters
- Microsoft Entra ID Assets
- Data Connectors
- Data
- Package
- MicrosoftDefenderForEndpoint
- Package
- Playbooks/Run-MDEAntivirus
- Run-MDEAntivirus-alert-trigger
- Run-MDEAntivirus-incident-trigger
- Mimecast
- Analytic Rules/MimecastTTP
- Data Connectors
- MimecastAT
- PerformanceDetails
- SafeScoreDetails
- UserData
- WatchlistDetails
- MimecastAudit
- MimecastAudit
- MimecastCloudIntegrated
- MimecastCI
- MimecastSEG
- MimecastCG
- MimecastDLP
- MimecastTTP
- MimecastTTPAttachment
- MimecastTTPImpersonation
- MimecastTTPUrl
- Data
- Package
- Parsers
- MimecastAT
- MimecastAudit
- MimecastCI
- MimecastSEG
- MimecastTTP
- Workbooks
- MongoDBAtlas
- Data Connectors/MongoDBAtlasLogs
- GetMDBALogs
- Data
- Package
- Morphisec
- Analytic Rules
- Data Connectors
- Morphisec_CCF
- Data
- Package
- Parsers
- Mulesoft/Data Connectors
- NCSC-NL NDN Cyber Threat Intelligence Sharing
- Data
- Package
- NISTSP80053
- Package
- Workbooks
- data
- Netskopev2
- Data Connectors/NetskopeAlertsEvents_RestAPI_CCP
- Data
- Package
- Parsers
- Workbooks
- Images/Preview
- NetskopeCCFWebtxDashboard
- NetskopeCCPDashboard
- NetskopeCEDashboard
- NetskopeDashboard
- Network Session Essentials
- Analytic Rules
- Package
- Obsidian Datasharing
- Data Connectors/ObsidianDatasharing_CCP
- Data
- Package
- Okta Single Sign-On/Data Connectors/OktaSingleSign-On/AzureFunctionOktaSSO_V2
- Onapsis Defend
- Data Connectors/Onapsis_PUSH_CCP
- Package
- OneLoginIAM/Data
- OneTrust
- Data Connectors/OneTrustLogs_CCF
- Data
- Package
- Open Systems
- DataConnectors
- Data
- Package
- Parsers
- Oracle Cloud Infrastructure
- Data Connectors/Oracle_Cloud_Infrastructure_CCP
- Data
- Package
- Palo Alto Cortex XDR CCP
- Data Connectors/CortexXDR_ccp
- Data
- Package
- Palo Alto Cortex Xpanse CCF
- Data Connectors/CortexXpanse_ccp
- Package
- PaloAlto-PAN-OS
- Analytic Rules
- Package
- data
- PaloAltoPrismaCloud
- Data Connectors
- PrismaCloudCSPMLog_CCF
- Data
- Package
- Pathlock_TDnR
- Data Connectors
- Pathlock_TDnR_PUSH_CCP
- Data
- Package
- ProofPointTap
- Analytic Rules
- Data
- Package
- Parsers
- Proofpoint On demand(POD) Email Security
- Data
- Package
- QualysVM
- Analytic Rules
- Data Connectors
- QualysVMHostLogs_ccp
- Package
- Parsers
- Workbooks
- data
- Quokka
- Analytic Rules
- Data Connectors/QuokkaQscoutAppEventsLogs_ccf
- Data
- Package
- Workbooks
- RSAIDPlus_AdminLogs_Connector
- Analytic Rules
- Data Connectors/RSIDPlus_AdminLogs_Connector_CCP
- Data
- Package
- Playbooks/SendEmailOnRSAIDPlusAlert
- Images
- SampleLogs
- RubrikSecurityCloud
- Data
- Package
- Playbooks
- RubrikAdvanceThreatHunt
- RubrikAnomalyIncidentResponse
- RubrikCustomConnector
- RubrikTurboThreatHunt
- RubrikUpdateAnomalyStatusViaIncident
- SAP BTP
- Data Connectors/SAPBTPPollerConnector
- Data
- Package
- Tools
- SAP ETD Cloud
- Analytic Rules
- Data Connectors
- SAPETD_PUSH_CCP
- Data
- Package
- SAP S4 Cloud Public Edition
- Data Connectors/SAPS4PublicPollerConnector
- Data
- Package
- SOC Handbook
- Data
- Package
- Workbooks
- SailPointIdentityNow/Data Connectors
- SearchEvent
- Salesforce Service Cloud
- Analytic Rules
- Data Connectors/SalesforceSentinelConnector_CCP
- Data
- Package
- Samsung Knox Asset Intelligence
- Analytic Rules
- Data Connectors
- Data
- Package
- SecurityBridge App
- Data Connectors/SecurityBridge_PUSH_CCP
- Data
- Package
- Parsers
- Snowflake
- Analytic Rules
- Data Connectors
- SnowflakeLogs_ccp
- Data
- Package
- Parsers
- Workbooks
- Sophos Endpoint Protection
- Data Connectors
- Package
- Squadra Technologies SecRmm
- Analytic Rules
- Data Connectors
- Data
- Package
- Workbooks
- Tanium
- Package
- Playbooks
- Tanium-QuarantineHosts
- Tanium-UnquarantineHosts
- Workbooks
- Team Cymru Scout
- Data
- Package
- Playbooks/TeamCymruScoutEnrichIncident
- Tenable App
- Data Connectors/TenableVM
- TenableAssetDownloadAndProcessChunks
- TenableComplianceDownloadAndProcessChunks
- TenableVulnDownloadAndProcessChunks
- TenableWASAssetDownloadAndProcessChunks
- TenableWASVulnDownloadAndProcessChunks
- Data
- Package
- TenableIO/Data Connectors
- Threat Intelligence (NEW)
- Analytic Rules
- Data Connectors
- Data
- Package
- Threat Intelligence
- Analytic Rules
- Data
- Package
- Trend Micro Vision One/Data Connectors
- AzureFunctionTrendMicroXDR
- timer_trigger_oat
- timer_trigger
- UEBA Essentials
- Data
- Hunting Queries
- Package
- VMRay
- Data Connectors
- Package
- Playbooks/CustomConnector/VMRayEnrichment_FunctionAppConnector
- VMWareESXi
- Analytic Rules
- Data
- Package
- Varonis Purview
- Data Connectors/VaronisPurview_ccp
- Data
- Package
- Vectra XDR
- Analytic Rules
- Data Connectors/VectraDataConnector
- AccountEntities
- Audits
- Detections
- EntityScoring
- Health
- HostEntities
- Lockdown
- Data
- Package
- Parsers
- Playbooks
- VectaDownloadPcapFileToStorage
- VectraAddNoteToEntity
- VectraAddTagToEntityAllDetections
- VectraAddTagToEntitySelectedDetections
- VectraAddTagToEntity
- VectraAssignDynamicUserToEntity
- VectraAssignStaticUserToEntity
- VectraCloseDetections
- VectraDecorateIncidentBasedOnTagAndNotify
- VectraDecorateIncidentBasedOnTag
- VectraDynamicAssignMembersToGroup
- VectraDynamicResolveAssignment
- VectraIncidentTimelineUpdate
- VectraMarkDetectionsAsFixed
- VectraOpenClosedDetections
- VectraOperateOnEntitySourceIP
- VectraStaticAssignMembersToGroup
- VectraStaticResolveAssignment
- VectraUpdateIncidentBasedOnTagAndNotify
- Veeam
- Analytic Rules
- Data Connectors
- AzureFunctionVeeam
- CovewareApiClient
- Configuration
- Constants
- Models
- Veeam.Sentinel.FunctionApp
- Client
- Constants
- DTOs
- Extensions
- Functions
- Helpers
- Managers
- VoneApiClient
- Constants
- Model
- DeployTemplates/FunctionApp
- Data
- Package
- Playbooks
- Veeam-PerformScanBackup
- images
- Veeam-SetupConnectionsPlaybook
- Veeam-StartQuickBackup
- images
- Watchlists/CovewareSettings
- Workbooks
- VeeamDataPlatformMonitoring
- VeeamSecurityActivities
- VirtualMetric DataStream
- Data Connectors
- VirtualMetric-DirectorProxy
- VirtualMetric-SentinelDataLake
- VirtualMetric-Sentinel
- Data
- Package
- WithSecureElementsViaFunction/Data Connectors
- Wiz
- ZeroFox
- Data Connectors/Alerts
- Data
- Package
- ZeroNetworks
- Data Connectors/SegmentFunctionConnector
- AzureFunction_ZeroNetworks_Segment_Audit
- ZeroNetworks_Segment_Audit_TimeTrigger
- Data
- Package
- Playbooks/ZeroNetworksConnector
- Workbooks
- Zscaler Internet Access/Playbooks/Add-Url-To-Category
- Tools
- Create-Azure-Sentinel-Solution
- V2/templating
- V3
- ccfimages
- common
- templating
- input
- templating
- Sentinel-Defender-Helper-Script
- TableCreator
- WatchlistAutoUpdateFromNetworkRestrictedBlob
- stats
- Workbooks
- Images
- Logos
- Preview
- cspell-dictionaries
Some content is hidden
Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.
2,590 files changed
+211554
-63698
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
10 | 10 | | |
11 | 11 | | |
12 | 12 | | |
13 | | - | |
| 13 | + | |
14 | 14 | | |
15 | 15 | | |
16 | 16 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
2 | 2 | | |
3 | 3 | | |
4 | 4 | | |
5 | | - | |
6 | | - | |
| 5 | + | |
| 6 | + | |
7 | 7 | | |
8 | 8 | | |
9 | 9 | | |
| |||
23 | 23 | | |
24 | 24 | | |
25 | 25 | | |
26 | | - | |
27 | 26 | | |
28 | 27 | | |
| 28 | + | |
| 29 | + | |
| 30 | + | |
| 31 | + | |
29 | 32 | | |
| 33 | + | |
| 34 | + | |
| 35 | + | |
| 36 | + | |
| 37 | + | |
| 38 | + | |
| 39 | + | |
| 40 | + | |
| 41 | + | |
| 42 | + | |
| 43 | + | |
| 44 | + | |
| 45 | + | |
| 46 | + | |
| 47 | + | |
| 48 | + | |
| 49 | + | |
| 50 | + | |
| 51 | + | |
| 52 | + | |
| 53 | + | |
| 54 | + | |
| 55 | + | |
| 56 | + | |
| 57 | + | |
| 58 | + | |
| 59 | + | |
| 60 | + | |
| 61 | + | |
| 62 | + | |
| 63 | + | |
| 64 | + | |
| 65 | + | |
| 66 | + | |
| 67 | + | |
| 68 | + | |
| 69 | + | |
| 70 | + | |
| 71 | + | |
| 72 | + | |
| 73 | + | |
| 74 | + | |
| 75 | + | |
| 76 | + | |
| 77 | + | |
| 78 | + | |
| 79 | + | |
| 80 | + | |
| 81 | + | |
| 82 | + | |
| 83 | + | |
| 84 | + | |
| 85 | + | |
| 86 | + | |
| 87 | + | |
| 88 | + | |
| 89 | + | |
| 90 | + | |
| 91 | + | |
| 92 | + | |
| 93 | + | |
| 94 | + | |
| 95 | + | |
| 96 | + | |
| 97 | + | |
| 98 | + | |
| 99 | + | |
| 100 | + | |
| 101 | + | |
| 102 | + | |
| 103 | + | |
| 104 | + | |
| 105 | + | |
| 106 | + | |
| 107 | + | |
| 108 | + | |
| 109 | + | |
| 110 | + | |
| 111 | + | |
| 112 | + | |
| 113 | + | |
| 114 | + | |
| 115 | + | |
| 116 | + | |
| 117 | + | |
| 118 | + | |
| 119 | + | |
| 120 | + | |
| 121 | + | |
| 122 | + | |
| 123 | + | |
| 124 | + | |
| 125 | + | |
| 126 | + | |
| 127 | + | |
| 128 | + | |
| 129 | + | |
| 130 | + | |
| 131 | + | |
| 132 | + | |
| 133 | + | |
| 134 | + | |
| 135 | + | |
| 136 | + | |
| 137 | + | |
| 138 | + | |
| 139 | + | |
| 140 | + | |
| 141 | + | |
| 142 | + | |
| 143 | + | |
| 144 | + | |
| 145 | + | |
| 146 | + | |
| 147 | + | |
| 148 | + | |
| 149 | + | |
| 150 | + | |
| 151 | + | |
| 152 | + | |
| 153 | + | |
| 154 | + | |
| 155 | + | |
| 156 | + | |
| 157 | + | |
| 158 | + | |
| 159 | + | |
| 160 | + | |
| 161 | + | |
| 162 | + | |
| 163 | + | |
| 164 | + | |
| 165 | + | |
| 166 | + | |
| 167 | + | |
| 168 | + | |
| 169 | + | |
| 170 | + | |
| 171 | + | |
| 172 | + | |
| 173 | + | |
| 174 | + | |
| 175 | + | |
| 176 | + | |
| 177 | + | |
| 178 | + | |
| 179 | + | |
| 180 | + | |
| 181 | + | |
| 182 | + | |
| 183 | + | |
| 184 | + | |
| 185 | + | |
| 186 | + | |
| 187 | + | |
| 188 | + | |
| 189 | + | |
| 190 | + | |
| 191 | + | |
30 | 192 | | |
31 | 193 | | |
| 194 | + | |
| 195 | + | |
32 | 196 | | |
33 | 197 | | |
34 | 198 | | |
35 | 199 | | |
36 | 200 | | |
37 | | - | |
| 201 | + | |
38 | 202 | | |
39 | 203 | | |
40 | 204 | | |
| |||
78 | 242 | | |
79 | 243 | | |
80 | 244 | | |
| 245 | + | |
| 246 | + | |
| 247 | + | |
81 | 248 | | |
82 | 249 | | |
83 | 250 | | |
84 | 251 | | |
85 | | - | |
| 252 | + | |
86 | 253 | | |
87 | 254 | | |
88 | 255 | | |
| |||
136 | 303 | | |
137 | 304 | | |
138 | 305 | | |
| 306 | + | |
| 307 | + | |
| 308 | + | |
139 | 309 | | |
140 | 310 | | |
141 | 311 | | |
142 | 312 | | |
143 | | - | |
| 313 | + | |
144 | 314 | | |
145 | 315 | | |
146 | 316 | | |
| |||
197 | 367 | | |
198 | 368 | | |
199 | 369 | | |
| 370 | + | |
| 371 | + | |
| 372 | + | |
200 | 373 | | |
201 | 374 | | |
202 | 375 | | |
203 | 376 | | |
204 | | - | |
| 377 | + | |
205 | 378 | | |
206 | 379 | | |
207 | 380 | | |
| |||
246 | 419 | | |
247 | 420 | | |
248 | 421 | | |
249 | | - | |
| 422 | + | |
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
225 | 225 | | |
226 | 226 | | |
227 | 227 | | |
228 | | - | |
| 228 | + | |
229 | 229 | | |
230 | 230 | | |
231 | 231 | | |
| |||
321 | 321 | | |
322 | 322 | | |
323 | 323 | | |
324 | | - | |
| 324 | + | |
325 | 325 | | |
326 | 326 | | |
327 | 327 | | |
| |||
330 | 330 | | |
331 | 331 | | |
332 | 332 | | |
333 | | - | |
| 333 | + | |
334 | 334 | | |
335 | 335 | | |
336 | 336 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1 | 1 | | |
2 | | - | |
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
| 1 | + | |
| 2 | + | |
| 3 | + | |
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
| 1 | + | |
| 2 | + | |
| 3 | + | |
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
0 commit comments