Skip to content

Commit

Permalink
Merge branch 'master' into SAP-add-DBTABLOG-tables-to-role
Browse files Browse the repository at this point in the history
  • Loading branch information
@oferInbar
oferInbar authored Jun 5, 2024
2 parents 71624d6 + 21cc2b4 commit ab6857d
Show file tree
Hide file tree
Showing 1,058 changed files with 101,451 additions and 43,711 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/convertKqlFunctionYamlToArmTemplate.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# Each pull request that updates ASimDns, ASimNetworkSession, or ASimWebSession parsers triggers the script.
# Each pull request that updates ASIM parsers triggers the script.
# The script generates deployable ARM templates based on ASim parsers YAML files and pushes them to the pull request branch.
name: Convert Kql function yaml to ARM template
on:
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/hyperlinkValidator.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,4 +43,4 @@ jobs:
$baseFolderPath = "${{ env.BASE_FOLDER_PATH }}"
Set-PSRepository PSGallery -InstallationPolicy Trusted
Install-Module powershell-yaml
./.script/package-automation/hyperlink-validation.ps1 $runId $pullRequestNumber $instrumentationKey $baseFolderPath
./.script/package-automation/hyperlink-validation.ps1 $runId $pullRequestNumber $instrumentationKey $baseFolderPath
9 changes: 8 additions & 1 deletion .github/workflows/runAsimSchemaAndDataTesters.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
# Each pull request that updates ASIM parsers triggers the script.
# The script runs ASIM Schema amd Data testers on the "eco-connector-test" workspace.
name: Run ASIM testers on "eco-connector-test" workspace
on:
pull_request:
Expand All @@ -8,6 +10,11 @@ on:
- 'Parsers/ASimWebSession/Parsers/**'
- 'Parsers/ASimProcessEvent/Parsers/**'
- 'Parsers/ASimAuditEvent/Parsers/**'
- 'Parsers/ASimAuthentication/Parsers/**'
- 'Parsers/ASimFileEvent/Parsers/**'
- 'Parsers/ASimRegistryEvent/Parsers/**'
- 'Parsers/ASimUserManagement/Parsers/**'
- 'Parsers/ASimDhcpEvent/Parsers/**'

# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
Expand All @@ -30,7 +37,7 @@ jobs:
persist-credentials: false # otherwise, the token used is the GITHUB_TOKEN, instead of your personal access token.
fetch-depth: 0 # otherwise, there would be errors pushing refs to the destination repository.
- name: Login to Azure Public Cloud with AzPowershell
uses: azure/login@v1
uses: azure/login@v2
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
Expand Down
4 changes: 4 additions & 0 deletions .script/dataConnectorValidator.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -144,6 +144,10 @@ function getConnectorCategory(dataTypes : any, instructionSteps:[])
{
return ConnectorCategory.CybleThreatIntel;
}
else if (dataTypes[0].name.includes("IndicatorsOfCompromise"))
{
return ConnectorCategory.CrowdStrikeFalconIOC;
}
return "";
}
let fileTypeSuffixes = ["json"];
Expand Down
2 changes: 1 addition & 1 deletion ...sTests/CustomTables/Breaches_data_CL.json → ...ustomTables/BitsightBreaches_data_CL.json
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
{
"Name": "Breaches_data_CL",
"Name": "BitsightBreaches_data_CL",
"Properties": [
{
"Name": "EventVendor",
Expand Down
2 changes: 1 addition & 1 deletion ...ests/CustomTables/Company_details_CL.json → ...tomTables/BitsightCompany_details_CL.json
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
{
"Name": "Company_details_CL",
"Name": "BitsightCompany_details_CL",
"Properties": [
{
"Name": "EventVendor",
Expand Down
2 changes: 1 addition & 1 deletion ...stomTables/Company_rating_details_CL.json → ...es/BitsightCompany_rating_details_CL.json
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
{
"Name": "Company_rating_details_CL",
"Name": "BitsightCompany_rating_details_CL",
"Properties": [
{
"Name": "EventVendor",
Expand Down
2 changes: 1 addition & 1 deletion ...s/Diligence_historical_statistics_CL.json → ...htDiligence_historical_statistics_CL.json
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
{
"Name": "Diligence_historical_statistics_CL",
"Name": "BitsightDiligence_historical_statistics_CL",
"Properties": [
{
"Name": "EventVendor",
Expand Down
2 changes: 1 addition & 1 deletion ...CustomTables/Diligence_statistics_CL.json → ...bles/BitsightDiligence_statistics_CL.json
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
{
"Name": "Diligence_statistics_CL",
"Name": "BitsightDiligence_statistics_CL",
"Properties": [
{
"Name": "EventVendor",
Expand Down
2 changes: 1 addition & 1 deletion ...sTests/CustomTables/Findings_data_CL.json → ...ustomTables/BitsightFindings_data_CL.json
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
{
"Name": "Findings_data_CL",
"Name": "BitsightFindings_data_CL",
"Properties": [
{
"Name": "EventVendor",
Expand Down
2 changes: 1 addition & 1 deletion ...sts/CustomTables/Findings_summary_CL.json → ...omTables/BitsightFindings_summary_CL.json
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
{
"Name": "Findings_summary_CL",
"Name": "BitsightFindings_summary_CL",
"Properties": [
{
"Name": "EventVendor",
Expand Down
2 changes: 1 addition & 1 deletion ...ionsTests/CustomTables/Graph_data_CL.json → ...s/CustomTables/BitsightGraph_data_CL.json
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
{
"Name": "Graph_data_CL",
"Name": "BitsightGraph_data_CL",
"Properties": [
{
"Name": "EventVendor",
Expand Down
2 changes: 1 addition & 1 deletion ...stomTables/Observation_statistics_CL.json → ...les/BitsightIndustrial_statistics_CL.json
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
{
"Name": "Observation_statistics_CL",
"Name": "BitsightIndustrial_statistics_CL",
"Properties": [
{
"Name": "EventVendor",
Expand Down
2 changes: 1 addition & 1 deletion ...ustomTables/Industrial_statistics_CL.json → ...es/BitsightObservation_statistics_CL.json
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
{
"Name": "Industrial_statistics_CL",
"Name": "BitsightObservation_statistics_CL",
"Properties": [
{
"Name": "EventVendor",
Expand Down
98 changes: 98 additions & 0 deletions .script/tests/KqlvalidationsTests/CustomTables/CommvaultSecurityIQ_CL.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,98 @@
{
"Name": "CommvaultSecurityIQ_CL",
"properties":
[
{
"Name": "anomaly_sub_type_s",
"Type": "String"
},
{
"Name": "created_files_count_s",
"Type": "String"
},
{
"Name": "deleted_files_count_s",
"Type": "String"
},
{
"Name": "description_s",
"Type": "String"
},
{
"Name": "external_link_s",
"Type": "String"
},
{
"Name": "files_list_s",
"Type": "String"
},
{
"Name": "job_end_time_s",
"Type": "String"
},
{
"Name": "job_id_s",
"Type": "String"
},
{
"Name": "job_start_time_s",
"Type": "String"
},
{
"Name": "originating_client_s",
"Type": "String"
},
{
"Name": "scanned_folder_list_s",
"Type": "String"
},
{
"Name": "severity_s",
"Type": "String"
},
{
"Name": "subclient_id_d",
"Type": "Real"
},
{
"Name": "user_id_d",
"Type": "Real"
},
{
"Name": "username_s",
"Type": "String"
},
{
"Name": "Computer",
"Type": "String"
},
{
"Name": "ManagementGroupName",
"Type": "String"
},
{
"Name": "MG",
"Type": "Guid"
},
{
"Name": "RawData",
"Type": "String"
},
{
"Name": "SourceSystem",
"Type": "String"
},
{
"Name": "TenantId",
"Type": "Guid"
},
{
"Name": "TimeGenerated",
"Type": "Datetime"
},
{
"Name": "Type",
"Type": "String"
}
]
}
49 changes: 49 additions & 0 deletions .script/tests/KqlvalidationsTests/CustomTables/Illumio_Auditable_Events_CL.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
{
"name": "Illumio_Auditable_Events_CL",
"Properties": [
{
"name": "TimeGenerated",
"type": "DateTime"
},
{
"name": "href",
"type": "String"
},
{
"name": "pce_fqdn",
"type": "String"
},
{
"name": "created_by",
"type": "dynamic"
},
{
"name": "event_type",
"type": "String"
},
{
"name": "status",
"type": "String"
},
{
"name": "severity",
"type": "String"
},
{
"name": "action",
"type": "dynamic"
},
{
"name": "resource_changes",
"type": "dynamic"
},
{
"name": "notifications",
"type": "dynamic"
},
{
"name": "version",
"type": "int"
}
]
}
125 changes: 125 additions & 0 deletions .script/tests/KqlvalidationsTests/CustomTables/Illumio_Flow_Events_CL.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,125 @@
{
"name": "Illumio_Flow_Events_CL",
"Properties": [
{
"name": "TimeGenerated",
"type": "datetime"
},
{
"name": "dst_dbi",
"type": "int"
},
{
"name": "dst_dbo",
"type": "int"
},
{
"name": "dst_tbi",
"type": "int"
},
{
"name": "dst_tbo",
"type": "int"
},
{
"name": "ddms",
"type": "int"
},
{
"name": "tdms",
"type": "int"
},
{
"name": "pn",
"type": "string"
},
{
"name": "un",
"type": "string"
},
{
"name": "src_ip",
"type": "string"
},
{
"name": "dst_ip",
"type": "string"
},
{
"name": "class",
"type": "string"
},
{
"name": "proto",
"type": "int"
},
{
"name": "dst_port",
"type": "int"
},
{
"name": "flow_count",
"type": "int"
},
{
"name": "dir",
"type": "string"
},
{
"name": "org_id",
"type": "int"
},
{
"name": "state",
"type": "string"
},
{
"name": "pd_qualifier",
"type": "int"
},
{
"name": "pd",
"type": "int"
},
{
"name": "src_hostname",
"type": "string"
},
{
"name": "src_href",
"type": "string"
},
{
"name": "dst_hostname",
"type": "string"
},
{
"name": "dst_href",
"type": "string"
},
{
"name": "network",
"type": "string"
},
{
"name": "src_labels",
"type": "dynamic"
},
{
"name": "dst_labels",
"type": "dynamic"
},
{
"name": "interval_sec",
"type": "int"
},
{
"name": "pce_fqdn",
"type": "string"
},
{
"name": "version",
"type": "int"
}
]
}
Loading

0 comments on commit ab6857d

Please sign in to comment.