Skip to content

Commit

Permalink
Merge pull request #11467 from idoshabi07/cortex-xdr-ccp-solution
Browse files Browse the repository at this point in the history 
Cortex xdr ccp solution
  • Loading branch information
@v-dvedak
v-dvedak authored Nov 29, 2024
2 parents 90f6aa3 + cc0e5cd commit bbb7078
Show file tree
Hide file tree
Showing 18 changed files with 6,170 additions and 354 deletions.
277 changes: 277 additions & 0 deletions .script/tests/KqlvalidationsTests/CustomTables/PaloAltoCortexXDR_Incidents_CL.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,277 @@
{
"Name": "PaloAltoCortexXDR_Incidents_CL",
"Properties": [
{
"Name": "TenantId",
"Type": "String"
},
{
"Name": "SourceSystem",
"Type": "String"
},
{
"Name": "MG",
"Type": "String"
},
{
"Name": "ManagementGroupName",
"Type": "String"
},
{
"Name": "TimeGenerated",
"Type": "Datetime"
},
{
"Name": "Computer",
"Type": "String"
},
{
"Name": "RawData",
"Type": "String"
},
{
"Name": "aggregated_score_d",
"Type": "Double"
},
{
"Name": "original_tags_s",
"Type": "String"
},
{
"Name": "manual_description_s",
"Type": "String"
},
{
"Name": "predicted_score_d",
"Type": "Double"
},
{
"Name": "tags_s",
"Type": "String"
},
{
"Name": "manual_severity_s",
"Type": "String"
},
{
"Name": "critical_severity_alert_count_d",
"Type": "Double"
},
{
"Name": "assigned_user_mail_s",
"Type": "String"
},
{
"Name": "assigned_user_pretty_name_s",
"Type": "String"
},
{
"Name": "notes_s",
"Type": "String"
},
{
"Name": "resolve_comment_s",
"Type": "String"
},
{
"Name": "resolved_timestamp_d",
"Type": "Double"
},
{
"Name": "incident_id_s",
"Type": "String"
},
{
"Name": "creation_time_d",
"Type": "Double"
},
{
"Name": "modification_time_d",
"Type": "Double"
},
{
"Name": "status_s",
"Type": "String"
},
{
"Name": "severity_s",
"Type": "String"
},
{
"Name": "description_s",
"Type": "String"
},
{
"Name": "alert_count_d",
"Type": "Double"
},
{
"Name": "low_severity_alert_count_d",
"Type": "Double"
},
{
"Name": "med_severity_alert_count_d",
"Type": "Double"
},
{
"Name": "high_severity_alert_count_d",
"Type": "Double"
},
{
"Name": "user_count_d",
"Type": "Double"
},
{
"Name": "host_count_d",
"Type": "Double"
},
{
"Name": "xdr_url_s",
"Type": "String"
},
{
"Name": "starred_b",
"Type": "Bool"
},
{
"Name": "hosts_s",
"Type": "String"
},
{
"Name": "users_s",
"Type": "String"
},
{
"Name": "incident_sources_s",
"Type": "String"
},
{
"Name": "wildfire_hits_d",
"Type": "Double"
},
{
"Name": "alerts_grouping_status_s",
"Type": "String"
},
{
"Name": "mitre_tactics_ids_and_names_s",
"Type": "String"
},
{
"Name": "mitre_techniques_ids_and_names_s",
"Type": "String"
},
{
"Name": "alert_categories_s",
"Type": "String"
},
{
"Name": "Type",
"Type": "String"
},
{
"Name": "_ResourceId",
"Type": "String"
},
{
"Name": "AlertCategories",
"Type": "String"
},
{
"Name": "AlertCount",
"Type": "String"
},
{
"Name": "AlertsGroupingStatus",
"Type": "String"
},
{
"Name": "CreationTime",
"Type": "String"
},
{
"Name": "CriticalSeverityAlertCount",
"Type": "String"
},
{
"Name": "Description",
"Type": "String"
},
{
"Name": "HighSeverityAlertCount",
"Type": "String"
},
{
"Name": "HostCount",
"Type": "String"
},
{
"Name": "Hosts",
"Type": "String"
},
{
"Name": "IncidentId",
"Type": "String"
},
{
"Name": "IncidentSources",
"Type": "String"
},
{
"Name": "LowSeverityAlertCount",
"Type": "String"
},
{
"Name": "MedSeverityAlertCount",
"Type": "String"
},
{
"Name": "ModificationTime",
"Type": "String"
},
{
"Name": "OriginalTags",
"Type": "String"
},
{
"Name": "ResolveComment",
"Type": "String"
},
{
"Name": "ResolvedTimestamp",
"Type": "String"
},
{
"Name": "Severity",
"Type": "String"
},
{
"Name": "Starred",
"Type": "String"
},
{
"Name": "Status",
"Type": "String"
},
{
"Name": "Tags",
"Type": "String"
},
{
"Name": "UserCount",
"Type": "String"
},
{
"Name": "Users",
"Type": "String"
},
{
"Name": "WildfireHits",
"Type": "String"
},
{
"Name": "XdrUrl",
"Type": "String"
}
]
}
Loading

0 comments on commit bbb7078

Please sign in to comment.