Skip to content

Commit

Permalink
Merge branch 'Azure:master' into MimecastAzureDeployToolTipChanges
Browse files Browse the repository at this point in the history
  • Loading branch information
dhwanishah-crest authored Oct 28, 2024
2 parents c4b2793 + cc781b2 commit 34b04a0
Show file tree
Hide file tree
Showing 44 changed files with 1,464 additions and 1,390 deletions.
2 changes: 1 addition & 1 deletion .script/tests/asimParsersTest/ASimFilteringTest.py
Original file line number Diff line number Diff line change
Expand Up @@ -423,7 +423,7 @@ def check_required_fields(self, parser_file):
def datetime_test(self, param, query_definition, column_name_in_table):
param_name = param['Name']
# Get count of rows without filtering
no_filter_query = query_definition + f"query()\n"
no_filter_query = query_definition + f"query() | project TimeGenerated \n"
no_filter_response = self.send_query(no_filter_query)
num_of_rows_when_no_filters_in_query = len(no_filter_response.tables[0].rows)
self.assertNotEqual(len(no_filter_response.tables[0].rows) , 0 , f"No data for parameter:{param_name}")
Expand Down
3 changes: 2 additions & 1 deletion .script/tests/asimParsersTest/runAsimTesters.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -115,7 +115,8 @@ function testParser([Parser] $parser) {

Write-Host "***************************************************"
Write-Host "${yellow}Running 'Data' tests for '$($parser.Name)' parser${reset}"
$dataTest = "$parserAsletStatement`r`n$letStatementName | invoke ASimDataTester('$($parser.Schema)')"
# Test with only last 30 minutes of data.
$dataTest = "$parserAsletStatement`r`n$letStatementName | where TimeGenerated >= ago(30min) | invoke ASimDataTester('$($parser.Schema)')"
invokeAsimTester $dataTest $parser.Name "data"
Write-Host "***************************************************"
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@
"Workbooks/AzureKeyVaultWorkbook.json"
],
"BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\Azure Key Vault",
"Version": "3.0.2",
"Version": "3.0.3",
"Metadata": "SolutionMetadata.json",
"TemplateSpec": true,
"StaticDataConnectorIds": [
Expand Down
Binary file added Solutions/Azure Key Vault/Package/3.0.3.zip
Binary file not shown.
6 changes: 3 additions & 3 deletions Solutions/Azure Key Vault/Package/createUiDefinition.json
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
"config": {
"isWizard": false,
"basics": {
"description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \r \n • Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Azure%20Key%20Vault/ReleaseNotes.md)\r \n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\n[Azure Key Vault](https://azure.microsoft.com/services/key-vault/) Solution for Microsoft Sentinel enables you to stream Azure Key Vault diagnostics logs into Microsoft Sentinel, allowing you to continuously monitor activity in all your instances.\n\n**Data Connectors:** 1, **Workbooks:** 1, **Analytic Rules:** 4\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
"description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Azure%20Key%20Vault/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\n[Azure Key Vault](https://azure.microsoft.com/services/key-vault/) Solution for Microsoft Sentinel enables you to stream Azure Key Vault diagnostics logs into Microsoft Sentinel, allowing you to continuously monitor activity in all your instances.\n\n**Data Connectors:** 1, **Workbooks:** 1, **Analytic Rules:** 4\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
"subscription": {
"resourceProviders": [
"Microsoft.OperationsManagement/solutions",
Expand Down Expand Up @@ -166,7 +166,7 @@
"name": "analytic2-text",
"type": "Microsoft.Common.TextBlock",
"options": {
"text": "Identifies mass secret retrieval from Azure Key Vault observed by a single user. \nMass secret retrival crossing a certain threshold is an indication of credential dump operations or mis-configured applications. \nYou can tweak the EventCountThreshold based on average count seen in your environment \nand also filter any known sources (IP/Account) and useragent combinations based on historical analysis to further reduce noise"
"text": "Identifies mass secret retrieval from Azure Key Vault observed by a single user. \nMass secret retrival crossing a certain threshold is an indication of credential dump operations or mis-configured applications. \nYou can tweak the EventCountThreshold based on average count seen in your environment and also filter any known sources (IP/Account) and useragent combinations based on historical analysis to further reduce noise"
}
}
]
Expand All @@ -180,7 +180,7 @@
"name": "analytic3-text",
"type": "Microsoft.Common.TextBlock",
"options": {
"text": "Indentifies a sudden increase in count of Azure Key Vault secret or vault access operations by CallerIPAddress. The query leverages a built-in KQL anomaly detection algorithm\nto find large deviations from baseline Azure Key Vault access patterns. Any sudden increase in the count of Azure Key Vault accesses can be an\nindication of adversary dumping credentials via automated methods. If you are seeing any noise, try filtering known source(IP/Account) and user-agent combinations.\nTimeSeries Reference Blog: https://techcommunity.microsoft.com/t5/azure-sentinel/looking-for-unknown-anomalies-what-is-normal-time-series/ba-p/555052"
"text": "Identifies a sudden increase in count of Azure Key Vault secret or vault access operations by CallerIPAddress. The query leverages a built-in KQL anomaly detection algorithm to find large deviations from baseline Azure Key Vault access patterns.\nAny sudden increase in the count of Azure Key Vault accesses can be an indication of adversary dumping credentials via automated methods. If you are seeing any noise, try filtering known source(IP/Account) and user-agent combinations.\nTimeSeries Reference Blog: https://techcommunity.microsoft.com/t5/azure-sentinel/looking-for-unknown-anomalies-what-is-normal-time-series/ba-p/555052"
}
}
]
Expand Down
Loading

0 comments on commit 34b04a0

Please sign in to comment.