Merge Azure Sentinel Master into fork #28

zhianchow · 2024-12-18T06:24:00Z

Required items, please complete

Change(s):

See guidance below

Reason for Change(s):

See guidance below

Version Updated:

Required only for Detections/Analytic Rule templates
See guidance below

Testing Completed:

See guidance below

Checked that the validations are passing and have addressed any issues that are present:

See guidance below

Guidance <- remove section before submitting

Before submitting this PR please ensure that you have read the following sections and filled out the changes, reason for change and testing complete sections:

Thank you for your contribution to the Microsoft Sentinel Github repo.

Details of the code changes in your submitted PR. Providing descriptions for pull requests ensures there is context to changes being made and greatly enhances the code review process. Providing associated Issues that this resolves also easily connects the reason.

Change(s):

Updated syntax for XYZ.yaml

Reason for Change(s):

New schema used for XYZ.yaml
Resolves ISSUE Add Logstash required version to Readme file Azure/Azure-Sentinel#1234

Version updated:

Yes
Detections/Analytic Rule templates are required to have the version updated

The code should have been tested in a Microsoft Sentinel environment that does not have any custom parsers, functions or tables, so that you validate no incorrect syntax and execution functions properly. If your submission requires a custom parser or function, it must be submitted with the PR.

Testing Completed:

Yes/No/Need Help

Note: If updating a detection, you must update the version field.

Before the submission has been made, please look at running the KQL and Yaml Validation Checks locally.
https://github.com/Azure/Azure-Sentinel#run-kql-validation-locally

Checked that the validations are passing and have addressed any issues that are present:

Yes/No/Need Help

Note: Let us know if you have tried fixing the validation error and need help.

References:

Guidance for Detection checks

General contribution guidance

PR validation troubleshooting

Updated deploy file to add UserName column

…ged-identity Fix alert importer managed identity

…User-Session-From-Incident Updated Permissions in AS-Revoke-Azure-AD-User-Session-From-Incident and AS-Revoke-Azure-AD-User-Session-From-Entity

…ct-platform-solution-3.0.1 ESET Protect Platform Solution 3.0.1

Improved BloodHound Enterprise Solution

…SVG, and updated IDs in Doppel workbook and connector files

…m workbook

…and Include color variants for Workbook Images for Doppel Solution.

…,microsoftexchangesecurity Repackage - CiscoMeraki , VMWare Esxi, Microsoft Exchange Security

Update DetectionsMigrated.json for change path name Microsoft Defender 365 to Microsoft Defender XDR

Adding condition to filter noisy logic and updated description for Team Detection

Update Object and ObjectType Class for AuditSchema in Tester.csv

New Solution Cortex XDR CCP solution

…ionUpgrade Update Readme.md

…loxNIOS-removeDC

…tion,InfobloxNIOS-removeDC Repackage - Symantec Endpoint Protection and Infobox NIOS

…r-Pulse/Data-Connectors/DataminrPulseAlerts/cryptography-44.0.0 Bump cryptography from 42.0.4 to 44.0.0 in /Solutions/Dataminr Pulse/Data Connectors/DataminrPulseAlerts

…RX-removalDC Repackage - McAfee ePolicy Orchestrator

Fixes related to UEBARiskscore calculation and threshold logic

…-defenderXDR update standalone MDO Hunting Queries

…-azure-cloud-ngfw-by-PAN update ReleaseNotes URL of Azure cloud NGFW by PAN

…all,CiscoWSA-removeDC Repackage - Barracuda CloudGen Firewall , Cisco WSA

Minor changes

v-visodadasi and others added 30 commits December 3, 2024 11:22

Permissions Changed in AS-Revoke-Azure-AD-User-Session-From-Incident

6596460

Updated Permissions in AS-Revoke-Azure-AD-User-Session-From-Entity

f8f5efa

update WorkbooksMetadata.json

7f8fb4e

Repackage - VmWare vCenter

006445e

commit push

d9c4c53

Solution version reverted

97abdd6

Merge branch 'master' into v-sabiraj-updatingadditionaltable

0e8267b

Merge branch 'master' into pr/11444

c6fdbeb

Merge pull request #11489 from Azure/v-sabiraj-updatingadditionaltable

06785f1

Updated deploy file to add UserName column

Merge pull request #11505 from recordedfuture/fix-alert-importer-mana…

76d7aa5

…ged-identity Fix alert importer managed identity

Merge pull request #11516 from Azure/v-visodadasi/AS-Revoke-Azure-AD-…

4d613c0

…User-Session-From-Incident Updated Permissions in AS-Revoke-Azure-AD-User-Session-From-Incident and AS-Revoke-Azure-AD-User-Session-From-Entity

Merge pull request #11444 from eset-enterprise-integration/eset-prote…

a0466d3

…ct-platform-solution-3.0.1 ESET Protect Platform Solution 3.0.1

Merge pull request #11445 from daviditkin/feature-bhe-solution

4a082e8

Improved BloodHound Enterprise Solution

updated connector

2231c43

Initial commit: Add Doppel Data Connector, Workbook, Logo and SampleLogs

1af9957

Sanitized emails in sample logs, removed comments from JSON, updated …

7a962a3

…SVG, and updated IDs in Doppel workbook and connector files

Update DeployToAzure button link

96d3603

Fix: Update SVG 'id' to GUID format and remove resource reference fro…

e3e3761

…m workbook

Add Solution File, Solution Metadata File, Update Workbook Metadata, …

277e6fe

…and Include color variants for Workbook Images for Doppel Solution.

Rebase branch on latest upstream/master and resolve conflicts

5d46b8f

Merge pull request #11511 from Azure/v-rusraut-ciscomeraki,vmwareesxi…

42d2825

…,microsoftexchangesecurity Repackage - CiscoMeraki , VMWare Esxi, Microsoft Exchange Security

Updated release notes

07d9526

update get ven details playbook to address minor issues

5dd9b74

Repackage - Cisco ISE

9efc276

table schema added

659ee6c

Merge branch 'master' into v-visodadasi/ThreatIntelligenceDomain

8854e86

Create 3.0.9.zip

431a276

Repackaged the Solution

b132091

Update mainTemplate.json

16ae59b

Solution packaged correctly

d57f7fe

v-atulyadav and others added 30 commits December 18, 2024 11:32

Merge pull request #11574 from Azure/v-shukore/defender356todefenderxdr

66548d8

Update DetectionsMigrated.json for change path name Microsoft Defender 365 to Microsoft Defender XDR

Repackage - McAfee ePolicy Orchestrator

f4dd5de

Solution packaged

30dfb88

Merge branch 'master' into vakohl-patch-TesterFileUpdate

73c29d7

Merge pull request #11572 from Azure/ashwin/teamsaction-fixes-dec24

bd8f469

Adding condition to filter noisy logic and updated description for Team Detection

update SkipStrcutreValidationsTemplates.json

836187c

Update SkipValidationsTemplates.json

e2646a8

Merge pull request #11093 from Azure/vakohl-patch-TesterFileUpdate

49cbed0

Update Object and ObjectType Class for AuditSchema in Tester.csv

Repackage - Juniper SRX

d02e56f

Merge pull request #11575 from Azure/v-prasadboke-cortexxdr

c068599

New Solution Cortex XDR CCP solution

Repackage - OpenVPN

b50ce99

Update Readme.md

4e8f5dc

upate queries

55cb4e5

Merge pull request #11578 from Azure/v-sudkharat/JumpcloudRuntimeVers…

dfac159

…ionUpgrade Update Readme.md

Merge branch 'master' into v-rusraut-SymantecEndpointProtection,Infob…

2285855

…loxNIOS-removeDC

Merge branch 'master' into ashwin/uebascorefixes-dec24

88a61c2

Update HuntingQueriesMigrated.json

1097ee5

Merge pull request #11573 from Azure/v-rusraut-SymantecEndpointProtec…

102ff4e

…tion,InfobloxNIOS-removeDC Repackage - Symantec Endpoint Protection and Infobox NIOS

Merge pull request #11547 from Azure/dependabot/pip/Solutions/Datamin…

79ba8a3

…r-Pulse/Data-Connectors/DataminrPulseAlerts/cryptography-44.0.0 Bump cryptography from 42.0.4 to 44.0.0 in /Solutions/Dataminr Pulse/Data Connectors/DataminrPulseAlerts

update ReleaseNotes URL in createui

e0f8cfd

Merge pull request #11577 from Azure/v-rusraut-McAfeeePolicy,JuniperS…

25eefbf

…RX-removalDC Repackage - McAfee ePolicy Orchestrator

solution packaged

84ac8fe

Merge pull request #11571 from Azure/ashwin/uebascorefixes-dec24

06e1643

Fixes related to UEBARiskscore calculation and threshold logic

Merge pull request #11579 from Azure/v-shukore/revert-all-changes-for…

b15d452

…-defenderXDR update standalone MDO Hunting Queries

Repackage - Barracuda CloudGen Firewall

325dc65

Merge pull request #11587 from Azure/v-shukore/fix-releasenote-url-of…

4e8da7c

…-azure-cloud-ngfw-by-PAN update ReleaseNotes URL of Azure cloud NGFW by PAN

Repackage - Cisco WSA

91365cc

Merge branch 'master' into pr/11568

594c379

Merge pull request #11588 from Azure/v-rusraut/BarracudaCloudGenFirew…

754347e

…all,CiscoWSA-removeDC Repackage - Barracuda CloudGen Firewall , Cisco WSA

Merge pull request #11568 from Cv-securityIQ/BugFix

ef2003c

Minor changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Merge Azure Sentinel Master into fork #28

Merge Azure Sentinel Master into fork #28

zhianchow commented Dec 18, 2024

Merge Azure Sentinel Master into fork #28

Are you sure you want to change the base?

Merge Azure Sentinel Master into fork #28

Conversation

zhianchow commented Dec 18, 2024

Guidance <- remove section before submitting

Before submitting this PR please ensure that you have read the following sections and filled out the changes, reason for change and testing complete sections: