Skip to content

Commit db771e7

Browse files
v-atulyadavv-atulyadav
authored
Merge pull request #13977 from Azure/v-kasghosh/issues_number/13860
Updated "TI map Domain entity to SecurityAlert " for Threat Intelligence (NEW)
2 parents cbf56da + c577e03 commit db771e7

File tree

4 files changed

+742
-740
lines changed

4 files changed

+742
-740
lines changed

Solutions/Threat Intelligence (NEW)/Analytic Rules/DomainEntity_SecurityAlert.yaml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -32,6 +32,7 @@ query: |
3232
let ioc_lookBack = 14d;
3333
let SecurityAlerts = SecurityAlert
3434
| where TimeGenerated > ago(dt_lookBack)
35+
| where AlertName != "TI map Domain entity to SecurityAlert"
3536
| extend domain = todynamic(dynamic_to_json(extract_all(@"(((xn--)?[a-z0-9\-]+\.)+([a-z]+|(xn--[a-z0-9]+)))", dynamic([1]), tolower(Entities))))
3637
| where isnotempty(domain)
3738
| mv-expand domain
@@ -80,5 +81,5 @@ entityMappings:
8081
fieldMappings:
8182
- identifier: Url
8283
columnName: Url
83-
version: 1.4.5
84+
version: 1.4.6
8485
kind: Scheduled

Solutions/Threat Intelligence (NEW)/Package/3.0.17.zip

61.1 KB
Binary file not shown.

0 commit comments

Comments
 (0)