Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

EntityWork#2 #9287

Merged
merged 15 commits into from
Nov 14, 2023
Merged

EntityWork#2 #9287

merged 15 commits into from
Nov 14, 2023

Conversation

mmelndezlujn
Copy link
Contributor

Required items, please complete

Change(s):

  • Diana and Manny modified a few detection yaml files to add mappings for better correlation with Defender detections.

Reason for Change(s):

  • To hopefully get better correlations with their equivalent Defender detections.

Version Updated:

  • Yes

Testing Completed:

  • No

Checked that the validations are passing and have addressed any issues that are present:

  • No

@mmelndezlujn
Entity Mapping Update to MultipleErrorReportedForSameDNSQueryStaticTh…
d431963 
…resholdBased.yaml

   Change(s):
   - Modified logic to include device name, IP, Host Name, and ResourceID
   - Updated mapping to include these fields
   - Updated eventGroupingSettings to SingleAlert

   Reason for Change(s):
   - Updating entity mapping for USX to test for better correlation with M365D detections

   Version Updated:
   - Yes

   Testing Completed:
   - Yes

   Checked that the validations are passing and have addressed any issues that are present:
   - No
@mmelndezlujn
Modified entityType to AzureResource to pass
72785de 
the tests.
Modified gte_6_FailedLogons_10m to include NTDomain for
Host mapping.
@mmelndezlujn
Revised version number
4bb499d
@mmelndezlujn
Fixed indentation for mapping
62775c0
@mmelndezlujn
Fixed another indentation error in the mapping
98cafc7
@mmelndezlujn
Modified the following detections
b243217
@mmelndezlujn mmelndezlujn requested review from a team as code owners October 27, 2023 21:45
@v-atulyadav v-atulyadav added Solution Solution specialty review needed Detection Detection specialty review needed Analytic Rules labels Oct 30, 2023
@v-rbajaj
Copy link
Contributor

v-rbajaj commented Nov 1, 2023

Hi @mmelndezlujn, thanks for the raising this PR, this PR is under review.

@shainw shainw added the CoreEntityFix Improving entity correlation ability by implement minimum entity mappings for Acount, Host and IP label Nov 10, 2023
@shainw
Update ExplicitMFADeny.yaml
6d88f74 
Added in proper connector
@shainw
Update ExplicitMFADeny.yaml
17f14ae 
Workaround for incorrect schema issue with DeviceInfo
@shainw
Update ExplicitMFADeny.yaml
30d47db 
Typo
@shainw shainw merged commit 35e41ae into Azure:master Nov 14, 2023
31 checks passed
@v-rbajaj v-rbajaj mentioned this pull request Dec 4, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@petebryan petebryan Awaiting requested review from petebryan

@ashwin-patil ashwin-patil Awaiting requested review from ashwin-patil

@shainw shainw Awaiting requested review from shainw

Assignees

@petebryan petebryan

@ashwin-patil ashwin-patil

@shainw shainw

@v-rbajaj v-rbajaj

@ddamenova ddamenova

Labels
Analytic Rules CoreEntityFix Improving entity correlation ability by implement minimum entity mappings for Acount, Host and IP Detection Detection specialty review needed Solution Solution specialty review needed
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@mmelndezlujn @v-rbajaj @petebryan @ashwin-patil @shainw @v-atulyadav @ddamenova