File tree Expand file tree Collapse file tree 3 files changed +199
-0
lines changed
KqlvalidationsTests/CustomTables
detectionTemplateSchemaValidation Expand file tree Collapse file tree 3 files changed +199
-0
lines changed Original file line number Diff line number Diff line change 1+ {
2+ "Name" : " RedSiftAuth_CL"
3+ "Properties" : [
4+ {
5+ "Name" : " TimeGenerated"
6+ "Type" : " DateTime"
7+ },
8+ {
9+ "Name" : " Id"
10+ "Type" : " String"
11+ },
12+ {
13+ "Name" : " ActivityId"
14+ "Type" : " Int"
15+ },
16+ {
17+ "Name" : " ActivityName"
18+ "Type" : " String"
19+ },
20+ {
21+ "Name" : " ActorUserUid"
22+ "Type" : " String"
23+ },
24+ {
25+ "Name" : " ActorUserEmail"
26+ "Type" : " String"
27+ },
28+ {
29+ "Name" : " CategoryUid"
30+ "Type" : " Int"
31+ },
32+ {
33+ "Name" : " CategoryName"
34+ "Type" : " String"
35+ },
36+ {
37+ "Name" : " ClassUid"
38+ "Type" : " Int"
39+ },
40+ {
41+ "Name" : " ClassName"
42+ "Type" : " String"
43+ },
44+ {
45+ "Name" : " TypeUid"
46+ "Type" : " Int"
47+ },
48+ {
49+ "Name" : " SeverityId"
50+ "Type" : " Int"
51+ },
52+ {
53+ "Name" : " Severity"
54+ "Type" : " String"
55+ },
56+ {
57+ "Name" : " SrcIp"
58+ "Type" : " String"
59+ },
60+ {
61+ "Name" : " HttpUserAgent"
62+ "Type" : " String"
63+ },
64+ {
65+ "Name" : " UserUid"
66+ "Type" : " String"
67+ },
68+ {
69+ "Name" : " UserEmail"
70+ "Type" : " String"
71+ },
72+ {
73+ "Name" : " ServiceName"
74+ "Type" : " String"
75+ },
76+ {
77+ "Name" : " EventTime"
78+ "Type" : " DateTime"
79+ }
80+ ]
81+ }
Original file line number Diff line number Diff line change 1+ {
2+ "Name" : " RedSiftEmailForensics_CL"
3+ "Properties" : [
4+ {
5+ "Name" : " TimeGenerated"
6+ "Type" : " DateTime"
7+ },
8+ {
9+ "Name" : " EventTime"
10+ "Type" : " DateTime"
11+ },
12+ {
13+ "Name" : " ActivityId"
14+ "Type" : " Int"
15+ },
16+ {
17+ "Name" : " ActivityName"
18+ "Type" : " String"
19+ },
20+ {
21+ "Name" : " CategoryUid"
22+ "Type" : " Int"
23+ },
24+ {
25+ "Name" : " CategoryName"
26+ "Type" : " String"
27+ },
28+ {
29+ "Name" : " ClassUid"
30+ "Type" : " Int"
31+ },
32+ {
33+ "Name" : " ClassName"
34+ "Type" : " String"
35+ },
36+ {
37+ "Name" : " TypeUid"
38+ "Type" : " Int"
39+ },
40+ {
41+ "Name" : " SeverityId"
42+ "Type" : " Int"
43+ },
44+ {
45+ "Name" : " Severity"
46+ "Type" : " String"
47+ },
48+ {
49+ "Name" : " Direction"
50+ "Type" : " String"
51+ },
52+ {
53+ "Name" : " Message"
54+ "Type" : " String"
55+ },
56+ {
57+ "Name" : " ProtocolName"
58+ "Type" : " String"
59+ },
60+ {
61+ "Name" : " EmailFrom"
62+ "Type" : " String"
63+ },
64+ {
65+ "Name" : " EmailSubject"
66+ "Type" : " String"
67+ },
68+ {
69+ "Name" : " EmailReturnPath"
70+ "Type" : " String"
71+ },
72+ {
73+ "Name" : " EmailMessageUid"
74+ "Type" : " String"
75+ },
76+ {
77+ "Name" : " EmailUrls"
78+ "Type" : " Dynamic"
79+ },
80+ {
81+ "Name" : " DkimResult"
82+ "Type" : " String"
83+ },
84+ {
85+ "Name" : " SpfResult"
86+ "Type" : " String"
87+ },
88+ {
89+ "Name" : " SrcIp"
90+ "Type" : " String"
91+ },
92+ {
93+ "Name" : " DstHostname"
94+ "Type" : " String"
95+ },
96+ {
97+ "Name" : " Enrichments"
98+ "Type" : " Dynamic"
99+ },
100+ {
101+ "Name" : " Observables"
102+ "Type" : " Dynamic"
103+ },
104+ {
105+ "Name" : " CorrelationUid"
106+ "Type" : " String"
107+ },
108+ {
109+ "Name" : " ProductName"
110+ "Type" : " String"
111+ },
112+ {
113+ "Name" : " LogName"
114+ "Type" : " String"
115+ }
116+ ]
117+ }
Original file line number Diff line number Diff line change 160160 " QualysKB"
161161 " QualysVulnerabilityManagement"
162162 " RedCanaryDataConnector"
163+ " RedSiftPush"
163164 " RubrikSecurityCloudAzureFunctions"
164165 " SailPointIdentityNow"
165166 " SalesforceServiceCloud"
You can’t perform that action at this time.
0 commit comments