Skip to content

Commit 03c01f9

Browse files
yelevinyelevin
committed
Removed garbage, fixed heading
1 parent caaf5cc commit 03c01f9

File tree

2 files changed

+46
-46
lines changed

2 files changed

+46
-46
lines changed

articles/sentinel/automate-incident-handling-with-automation-rules.md

Lines changed: 45 additions & 45 deletions
Original file line numberDiff line numberDiff line change
@@ -225,53 +225,53 @@ The following entities and entity properties can be used as conditions for autom
225225

226226
##### [Mapping to entities](#tab/mapping)
227227

228-
| Name in API | Name in UI drop-down | Entity:Identity in V3 alert schema |
229-
| --------------------------- | ------------------------------ | ---------------------------------- |
230-
| AccountAadTenantId | Account tenant id | Account:AadTenantId |
231-
| AccountAadUserId | Account AAD user id | Account:AadUserId |
232-
| AccountName | Account name | Account:Name |
233-
| AccountNTDomain | Account NT domain | Account:NTDomain |
234-
| AccountPUID | Account PUID | Account:PUID |
235-
| AccountSid | Account SID | Account:Sid |
236-
| AccountObjectGuid | Account object id | Account:ObjectGuid |
237-
| AccountUPNSuffix | Account UPN suffix | Account:UPNSuffix |
238-
| AzureResourceResourceId | Azure resource id | AzureResource:ResourceId |
239-
| AzureResourceSubscriptionId | Azure resource subscription id | AzureResource:SubscriptionId |
228+
| Name in API | Name in UI drop-down | Entity:Identifier in V3 alert schema |
229+
| --------------------------- | ------------------------------ | ------------------------------------ |
230+
| AccountAadTenantId | Account tenant id | Account:AadTenantId |
231+
| AccountAadUserId | Account AAD user id | Account:AadUserId |
232+
| AccountName | Account name | Account:Name |
233+
| AccountNTDomain | Account NT domain | Account:NTDomain |
234+
| AccountPUID | Account PUID | Account:PUID |
235+
| AccountSid | Account SID | Account:Sid |
236+
| AccountObjectGuid | Account object id | Account:ObjectGuid |
237+
| AccountUPNSuffix | Account UPN suffix | Account:UPNSuffix |
238+
| AzureResourceResourceId | Azure resource id | AzureResource:ResourceId |
239+
| AzureResourceSubscriptionId | Azure resource subscription id | AzureResource:SubscriptionId |
240240
| CloudApplicationAppId | Cloud application id | CloudApplication:AppId ***(SaasId?)*** |
241-
| CloudApplicationAppName | Cloud application name | CloudApplication:Name |
242-
| DNSDomainName | DNS domain name | DNS:DomainName |
243-
| FileDirectory | File directory | File:Directory |
244-
| FileName | File name | File:Name |
245-
| FileHashValue | File hash | FileHash:Value |
246-
| HostAzureID | Host Azure id | Host:AzureID |
247-
| HostName | Host name | Host:HostName |
248-
| HostNetBiosName | ***Host BIOS name!!!*** | Host:NetBiosName |
249-
| HostNTDomain | Host NT domain | Host:NTDomain |
250-
| HostOSVersion | Host operating system | Host:OSVersion |
251-
| IoTDeviceId | IoT device id | IoTDevice:DeviceId |
252-
| IoTDeviceName | IoT device name | IoTDevice:DeviceName |
253-
| IoTDeviceType | IoT device type | IoTDevice:DeviceType |
241+
| CloudApplicationAppName | Cloud application name | CloudApplication:Name |
242+
| DNSDomainName | DNS domain name | DNS:DomainName |
243+
| FileDirectory | File directory | File:Directory |
244+
| FileName | File name | File:Name |
245+
| FileHashValue | File hash | FileHash:Value |
246+
| HostAzureID | Host Azure id | Host:AzureID |
247+
| HostName | Host name | Host:HostName |
248+
| HostNetBiosName | ***Host BIOS name!!!*** | Host:NetBiosName |
249+
| HostNTDomain | Host NT domain | Host:NTDomain |
250+
| HostOSVersion | Host operating system | Host:OSVersion |
251+
| IoTDeviceId | IoT device id | IoTDevice:DeviceId |
252+
| IoTDeviceName | IoT device name | IoTDevice:DeviceName |
253+
| IoTDeviceType | IoT device type | IoTDevice:DeviceType |
254254
| IoTDeviceVendor | IoT device vendor | IoTDevice:***Source? Manufacturer?*** |
255-
| IoTDeviceModel | IoT device model | IoTDevice:Model |
256-
| IoTDeviceOperatingSystem | IoT device operating system | IoTDevice:OperatingSystem |
257-
| IPAddress | IP address | IP:Address |
258-
| MailboxDisplayName | Mailbox display name | Mailbox:DisplayName |
259-
| MailboxPrimaryAddress | Mailbox primary address | Mailbox:MailboxPrimaryAddress |
260-
| MailboxUPN | Mailbox UPN | Mailbox:Upn |
261-
| MailMessageDeliveryAction | Mail message delivery action | MailMessage:DeliveryAction |
262-
| MailMessageDeliveryLocation | Mail message delivery location | MailMessage:DeliveryLocation |
263-
| MailMessageRecipient | Mail message recipient | MailMessage:Recipient |
264-
| MailMessageSenderIP | Mail message sender IP | MailMessage:SenderIP |
265-
| MailMessageSubject | Mail message subject | MailMessage:Subject |
266-
| MailMessageP1Sender | Mail message P1 sender | MailMessage:***???*** |
267-
| MailMessageP2Sender | Mail message P2 sender | MailMessage:***???*** |
268-
| MalwareCategory | Malware category | Malware:Category |
269-
| MalwareName | Malware name | Malware:Name |
270-
| ProcessCommandLine | Process command line | Process:CommandLine |
271-
| ProcessId | Process id | Process:ProcessId |
272-
| RegistryKey | Registry key | RegistryKey:Key |
273-
| RegistryValueData | Registry value | RegistryValue:Value |
274-
| Url | Url | Url:Url |
255+
| IoTDeviceModel | IoT device model | IoTDevice:Model |
256+
| IoTDeviceOperatingSystem | IoT device operating system | IoTDevice:OperatingSystem |
257+
| IPAddress | IP address | IP:Address |
258+
| MailboxDisplayName | Mailbox display name | Mailbox:DisplayName |
259+
| MailboxPrimaryAddress | Mailbox primary address | Mailbox:MailboxPrimaryAddress |
260+
| MailboxUPN | Mailbox UPN | Mailbox:Upn |
261+
| MailMessageDeliveryAction | Mail message delivery action | MailMessage:DeliveryAction |
262+
| MailMessageDeliveryLocation | Mail message delivery location | MailMessage:DeliveryLocation |
263+
| MailMessageRecipient | Mail message recipient | MailMessage:Recipient |
264+
| MailMessageSenderIP | Mail message sender IP | MailMessage:SenderIP |
265+
| MailMessageSubject | Mail message subject | MailMessage:Subject |
266+
| MailMessageP1Sender | Mail message P1 sender | MailMessage:***???*** |
267+
| MailMessageP2Sender | Mail message P2 sender | MailMessage:***???*** |
268+
| MalwareCategory | Malware category | Malware:Category |
269+
| MalwareName | Malware name | Malware:Name |
270+
| ProcessCommandLine | Process command line | Process:CommandLine |
271+
| ProcessId | Process id | Process:ProcessId |
272+
| RegistryKey | Registry key | RegistryKey:Key |
273+
| RegistryValueData | Registry value | RegistryValue:Value |
274+
| Url | Url | Url:Url |
275275

276276
---
277277

articles/sentinel/create-manage-use-automation-rules.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -154,7 +154,7 @@ Use the options in the **Conditions** area to define conditions for your automat
154154
| - **Title**<br>- **Description**<br>- All listed **entity properties**<br>&nbsp;&nbsp;(see [supported entity properties](automate-incident-handling-with-automation-rules.md#supported-entity-properties)) | - Equals/Does not equal<br>- Contains/Does not contain<br>- Starts with/Does not start with<br>- Ends with/Does not end with |
155155
| - **Tag** (See [individual vs. collection](automate-incident-handling-with-automation-rules.md#tag-property-individual-vs-collection)) | **Any individual tag:**<br>- Equals/Does not equal<br>- Contains/Does not contain<br>- Starts with/Does not start with<br>- Ends with/Does not end with<br><br>**Collection of all tags:**<br>- Contains/Does not contain |
156156
| - **Severity**<br>- **Status**<br>- **Custom details key** | - Equals/Does not equal |
157-
| - **Tactics**<br>- **Alert product names**<br>- **Custom details value**<br>- **Analytic rule name** | - Contains/Does not contain | [](#conditions-available-with-the-create-trigger)
157+
| - **Tactics**<br>- **Alert product names**<br>- **Custom details value**<br>- **Analytic rule name** | - Contains/Does not contain |
158158

159159
#### Conditions available with the update trigger
160160

0 commit comments

Comments
 (0)