From fdb0e190bd292c309db6c7efe9c63580aa058f8c Mon Sep 17 00:00:00 2001 From: "azure-sentinel[bot]" <81647488+azure-sentinel[bot]@users.noreply.github.com> Date: Wed, 14 Jun 2023 23:30:03 +0000 Subject: [PATCH 1/3] Updating file: ./.sentinel/exported_contents_map_d37709ad-78f8-4142-978d-6576236b2fd6.json --- ...ted_contents_map_d37709ad-78f8-4142-978d-6576236b2fd6.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.sentinel/exported_contents_map_d37709ad-78f8-4142-978d-6576236b2fd6.json b/.sentinel/exported_contents_map_d37709ad-78f8-4142-978d-6576236b2fd6.json index a2e10bc1..86f2a38d 100644 --- a/.sentinel/exported_contents_map_d37709ad-78f8-4142-978d-6576236b2fd6.json +++ b/.sentinel/exported_contents_map_d37709ad-78f8-4142-978d-6576236b2fd6.json @@ -5,8 +5,8 @@ "4c1ea13e-064f-448c-b917-a35b019c1b9e": "\"8f00726b-0000-0100-0000-62cff0c70000\"", "9dd41fd6-5b1f-4228-a31d-8784a6728108": "\"8f000d6c-0000-0100-0000-62cff0db0000\"", "8ee9c64a-fc2c-4410-be34-cba0e47aabf0": "\"8f00b56c-0000-0100-0000-62cff0f00000\"", - "ed27aa54-2adc-4774-ae30-6f84a1de0213": "\"8d0a8162-0000-0100-0000-631fa3de0000\"", + "ed27aa54-2adc-4774-ae30-6f84a1de0213": "\"2e0013dc-0000-0100-0000-642b1bb30000\"", "c62d2a2f-1820-4030-86cc-a6dd2cdb7558": "\"8e00446a-0000-0100-0000-63a090360000\"", "03006c6b-d532-4799-baac-0ab52bac8481": "\"8e005c6b-0000-0100-0000-63a090440000\"", - "a924b93b-f326-4a1d-9520-6abba9bad3dd": "\"5802f868-0000-0100-0000-640935490000\"" + "a924b93b-f326-4a1d-9520-6abba9bad3dd": "\"59020bf1-0000-0100-0000-640a6a5d0000\"" } \ No newline at end of file From f30e1a572a1acf36d638259ac63d25b400b9a7d8 Mon Sep 17 00:00:00 2001 From: "azure-sentinel[bot]" <81647488+azure-sentinel[bot]@users.noreply.github.com> Date: Wed, 14 Jun 2023 23:30:04 +0000 Subject: [PATCH 2/3] Exported file: Debjyoti Test CAC_ Valid Analytic Rule 1.json --- ...jyoti Test CAC_ Valid Analytic Rule 1.json | 60 +++++++++++++++++++ 1 file changed, 60 insertions(+) create mode 100644 SentinelExported-AnalyticsRule/Debjyoti Test CAC_ Valid Analytic Rule 1.json diff --git a/SentinelExported-AnalyticsRule/Debjyoti Test CAC_ Valid Analytic Rule 1.json b/SentinelExported-AnalyticsRule/Debjyoti Test CAC_ Valid Analytic Rule 1.json new file mode 100644 index 00000000..2dbb952b --- /dev/null +++ b/SentinelExported-AnalyticsRule/Debjyoti Test CAC_ Valid Analytic Rule 1.json @@ -0,0 +1,60 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "workspace": { + "type": "String" + } + }, + "resources": [ + { + "id": "[concat(resourceId('Microsoft.OperationalInsights/workspaces/providers', parameters('workspace'), 'Microsoft.SecurityInsights'),'/alertRules/ed27aa54-2adc-4774-ae30-6f84a1de0213')]", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/ed27aa54-2adc-4774-ae30-6f84a1de0213')]", + "type": "Microsoft.OperationalInsights/workspaces/providers/alertRules", + "kind": "Scheduled", + "apiVersion": "2023-02-01-preview", + "properties": { + "displayName": "Debjyoti Test CAC: Valid Analytic Rule 1", + "description": "DESCRIPTION CHECK", + "alertDetailsOverride": { + "alertDescriptionFormat": "DESC test {{Description}}", + "alertDisplayNameFormat": "alert name {{AlertName}}", + "alertDynamicProperties": null, + "alertSeverityColumnName": null, + "alertTacticsColumnName": null + }, + "customDetails": null, + "entityMappings": null, + "eventGroupingSettings": { + "aggregationKind": "SingleAlert" + }, + "incidentConfiguration": { + "createIncident": true, + "groupingConfiguration": { + "enabled": false, + "groupByAlertDetails": [], + "groupByCustomDetails": [], + "groupByEntities": [], + "lookbackDuration": "PT5H", + "matchingMethod": "AllEntities", + "reopenClosedIncident": false + } + }, + "query": "SecurityAlert", + "queryPeriod": "PT5H", + "queryFrequency": "PT5H", + "sentinelEntitiesMappings": null, + "severity": "High", + "suppressionDuration": "PT5H", + "suppressionEnabled": false, + "tactics": [], + "techniques": null, + "templateVersion": null, + "triggerOperator": "GreaterThan", + "triggerThreshold": 0, + "alertRuleTemplateName": null, + "enabled": true + } + } + ] +} \ No newline at end of file From 6d76abd32b516d756369631725d5b8c7ab1138e1 Mon Sep 17 00:00:00 2001 From: "azure-sentinel[bot]" <81647488+azure-sentinel[bot]@users.noreply.github.com> Date: Wed, 14 Jun 2023 23:30:05 +0000 Subject: [PATCH 3/3] Updating file: Palo Alto - possible internal to external port scanning.json --- ...Palo Alto - possible internal to external port scanning.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SentinelExported-AnalyticsRule/Palo Alto - possible internal to external port scanning.json b/SentinelExported-AnalyticsRule/Palo Alto - possible internal to external port scanning.json index 9f30b710..829f30d3 100644 --- a/SentinelExported-AnalyticsRule/Palo Alto - possible internal to external port scanning.json +++ b/SentinelExported-AnalyticsRule/Palo Alto - possible internal to external port scanning.json @@ -77,7 +77,7 @@ "triggerOperator": "GreaterThan", "triggerThreshold": 0, "alertRuleTemplateName": null, - "enabled": true + "enabled": false } } ]