forked from Azure/Azure-Sentinel
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathSolution_ThreatIntelligenceTemplateSpec.json
More file actions
87 lines (87 loc) · 4.09 KB
/
Solution_ThreatIntelligenceTemplateSpec.json
File metadata and controls
87 lines (87 loc) · 4.09 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
{
"Name": "Threat Intelligence",
"Author": "Microsoft - support@microsoft.com",
"Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\"width=\"75px\" height=\"75px\">",
"Description": "The Threat Intelligence solution contains data connectors for import of supported STIX objects into Microsoft Sentinel, analytic rules for matching TI data with event data, workbook, and hunting queries. Threat indicators can be malicious IP's, URL's, filehashes, domains, email addresses etc.",
"Data Connectors": [
"Data Connectors/template_ThreatIntelligenceTaxii.json",
"Data Connectors/template_ThreatIntelligence.json",
"Data Connectors/template_ThreatIntelligenceUploadIndicators.json",
"Data Connectors/template_PremiumMicrosoftDefenderThreatIntelligence.json",
"Data Connectors/template_MicrosoftDefenderThreatIntelligence.json"
],
"Workbooks": [
"Workbooks/ThreatIntelligence.json"
],
"Hunting Queries": [
"Hunting Queries/FileEntity_OfficeActivity.yaml",
"Hunting Queries/FileEntity_SecurityEvent.yaml",
"Hunting Queries/FileEntity_Syslog.yaml",
"Hunting Queries/FileEntity_VMConnection.yaml",
"Hunting Queries/FileEntity_WireData.yaml"
],
"Analytic Rules": [
"Analytic Rules/DomainEntity_CommonSecurityLog.yaml",
"Analytic Rules/DomainEntity_DeviceNetworkEvents.yaml",
"Analytic Rules/DomainEntity_DnsEvents.yaml",
"Analytic Rules/DomainEntity_EmailEvents.yaml",
"Analytic Rules/DomainEntity_EmailUrlInfo.yaml",
"Analytic Rules/DomainEntity_imWebSession.yaml",
"Analytic Rules/DomainEntity_PaloAlto.yaml",
"Analytic Rules/DomainEntity_SecurityAlert.yaml",
"Analytic Rules/DomainEntity_Syslog.yaml",
"Analytic Rules/EmailEntity_AzureActivity.yaml",
"Analytic Rules/EmailEntity_EmailEvents.yaml",
"Analytic Rules/EmailEntity_OfficeActivity.yaml",
"Analytic Rules/EmailEntity_PaloAlto.yaml",
"Analytic Rules/EmailEntity_SecurityAlert.yaml",
"Analytic Rules/EmailEntity_SecurityEvent.yaml",
"Analytic Rules/EmailEntity_SigninLogs.yaml",
"Analytic Rules/FileHashEntity_CommonSecurityLog.yaml",
"Analytic Rules/FileHashEntity_DeviceFileEvents.yaml",
"Analytic Rules/FileHashEntity_SecurityEvent.yaml",
"Analytic Rules/IPEntity_AppServiceHTTPLogs.yaml",
"Analytic Rules/IPEntity_AWSCloudTrail.yaml",
"Analytic Rules/IPEntity_AzureActivity.yaml",
"Analytic Rules/IPEntity_AzureFirewall.yaml",
"Analytic Rules/IPEntity_AzureKeyVault.yaml",
"Analytic Rules/IPEntity_AzureNetworkAnalytics.yaml",
"Analytic Rules/IPEntity_AzureSQL.yaml",
"Analytic Rules/IPEntity_CustomSecurityLog.yaml",
"Analytic Rules/IPEntity_DeviceNetworkEvents.yaml",
"Analytic Rules/IPEntity_DnsEvents.yaml",
"Analytic Rules/IPEntity_imWebSession.yaml",
"Analytic Rules/IPEntity_OfficeActivity.yaml",
"Analytic Rules/IPEntity_SigninLogs.yaml",
"Analytic Rules/IPEntity_VMConnection.yaml",
"Analytic Rules/IPEntity_W3CIISLog.yaml",
"Analytic Rules/URLEntity_AuditLogs.yaml",
"Analytic Rules/URLEntity_DeviceNetworkEvents.yaml",
"Analytic Rules/URLEntity_EmailUrlInfo.yaml",
"Analytic Rules/URLEntity_OfficeActivity.yaml",
"Analytic Rules/URLEntity_PaloAlto.yaml",
"Analytic Rules/URLEntity_SecurityAlerts.yaml",
"Analytic Rules/URLEntity_Syslog.yaml",
"Analytic Rules/URLEntity_UrlClickEvents.yaml",
"Analytic Rules/IPEntity_DuoSecurity.yaml",
"Analytic Rules/imDns_DomainEntity_DnsEvents.yaml",
"Analytic Rules/imDns_IPEntity_DnsEvents.yaml",
"Analytic Rules/IPEntity_imNetworkSession.yaml",
"Analytic Rules/Threat Intel Matches to GitHub Audit Logs.yaml",
"Analytic Rules/DomainEntity_CloudAppEvents.yaml",
"Analytic Rules/EmailEntity_CloudAppEvents.yaml",
"Analytic Rules/FileHashEntity_CloudAppEvents.yaml",
"Analytic Rules/IPEntity_CloudAppEvents.yaml",
"Analytic Rules/URLEntity_CloudAppEvents.yaml",
"Analytic Rules/IPEntity_Workday.yaml"
],
"Metadata": "SolutionMetadata.json",
"BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\Threat Intelligence\\",
"Version": "3.0.8",
"TemplateSpec": true,
"StaticDataConnectorIds": [
"ThreatIntelligenceTaxii",
"ThreatIntelligence",
"MicrosoftDefenderThreatIntelligence"
]
}