diff --git a/.script/tests/asimParsersTest/ASimFilteringTest.py b/.script/tests/asimParsersTest/ASimFilteringTest.py index 3845ee95596..dd98dcfc2a2 100644 --- a/.script/tests/asimParsersTest/ASimFilteringTest.py +++ b/.script/tests/asimParsersTest/ASimFilteringTest.py @@ -817,6 +817,20 @@ def send_query(self, query_str): # For each schema supported by the test there is a mapping between each of the schema's parameter to the column that the parameter filters. all_schemas_parameters = { + "AlertEvent" : + { + "ipaddr_has_any_prefix" : "DvcIpAddr", + "disabled" : "", + "endtime" : "EventEndTime", + "hostname_has_any" : "DvcHostname", + "username_has_any" : "Username", + "attacktactics_has_any" : "AttackTactics", + "attacktechniques_has_any" : "AttackTechniques", + "threatcategory_has_any" : "ThreatCategory", + "alertverdict_has_any" : "AlertVerdict", + "starttime" : "EventStartTime", + "eventseverity_has_any": "EventSeverity" + }, "AuditEvent" : { "actorusername_has_any" : "ActorUsername", diff --git a/.script/tests/asimParsersTest/VerifyASimParserTemplate.py b/.script/tests/asimParsersTest/VerifyASimParserTemplate.py index 7c9abb360b5..2b78f95f9a7 100644 --- a/.script/tests/asimParsersTest/VerifyASimParserTemplate.py +++ b/.script/tests/asimParsersTest/VerifyASimParserTemplate.py @@ -15,6 +15,7 @@ # Sentinel Repo URL SentinelRepoUrl = f"https://github.com/Azure/Azure-Sentinel.git" SCHEMA_INFO = [ + {"SchemaName": "AlertEvent", "SchemaVersion": "0.1", "SchemaTitle":"ASIM Alert Event Schema", "SchemaLink": "https://aka.ms/ASimAlertEventDoc"}, {"SchemaName": "AuditEvent", "SchemaVersion": "0.1", "SchemaTitle":"ASIM Audit Event Schema", "SchemaLink": "https://aka.ms/ASimAuditEventDoc"}, {"SchemaName": "Authentication", "SchemaVersion": "0.1.3","SchemaTitle":"ASIM Authentication Schema","SchemaLink": "https://aka.ms/ASimAuthenticationDoc"}, {"SchemaName": "Dns", "SchemaVersion": "0.1.7", "SchemaTitle":"ASIM Dns Schema","SchemaLink": "https://aka.ms/ASimDnsDoc"},