Skip to content

Commit 4fcfd96

Browse files
mazamizo21mazamizo21
committed
Merge remote-tracking branch 'upstream/master' into feature/tacitred-defender-ti
2 parents ae2591d + ed5623e commit 4fcfd96

File tree

219 files changed

+62417
-17974
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

219 files changed

+62417
-17974
lines changed

.script/tests/KqlvalidationsTests/CustomFunctions/AWSCloudTrail.json

Lines changed: 158 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,158 @@
1+
{
2+
"FunctionName": "AWSCloudTrail",
3+
"FunctionParameters": [],
4+
"FunctionResultColumns": [
5+
{
6+
"name": "TimeGenerated",
7+
"type": "DateTime"
8+
},
9+
{
10+
"name": "Type",
11+
"type": "String"
12+
},
13+
{
14+
"name": "UserIdentityStoreArn",
15+
"type": "String"
16+
},
17+
{
18+
"name": "UserIdentityUserId",
19+
"type": "String"
20+
},
21+
{
22+
"name": "EventName",
23+
"type": "String"
24+
},
25+
{
26+
"name": "UserIdentityArn",
27+
"type": "String"
28+
},
29+
{
30+
"name": "UserIdentityUserName",
31+
"type": "String"
32+
},
33+
{
34+
"name": "SourceIpAddress",
35+
"type": "String"
36+
},
37+
{
38+
"name": "UserIdentityType",
39+
"type": "String"
40+
},
41+
{
42+
"name": "UserIdentityPrincipalid",
43+
"type": "String"
44+
},
45+
{
46+
"name": "AwsEventId",
47+
"type": "String"
48+
},
49+
{
50+
"name": "ErrorMessage",
51+
"type": "String"
52+
},
53+
{
54+
"name": "EventVersion",
55+
"type": "String"
56+
},
57+
{
58+
"name": "AWSRegion",
59+
"type": "String"
60+
},
61+
{
62+
"name": "UserIdentityAccountId",
63+
"type": "String"
64+
},
65+
{
66+
"name": "UserAgent",
67+
"type": "String"
68+
},
69+
{
70+
"name": "_ItemId",
71+
"type": "String"
72+
},
73+
{
74+
"name": "AdditionalEventData",
75+
"type": "Dynamic"
76+
},
77+
{
78+
"name": "ResponseElements",
79+
"type": "Dynamic"
80+
},
81+
{
82+
"name": "EventSource",
83+
"type": "String"
84+
},
85+
{
86+
"name": "EventTypeName",
87+
"type": "String"
88+
},
89+
{
90+
"name": "Category",
91+
"type": "String"
92+
},
93+
{
94+
"name": "ErrorCode",
95+
"type": "String"
96+
},
97+
{
98+
"name": "ManagementEvent",
99+
"type": "String"
100+
},
101+
{
102+
"name": "OperationName",
103+
"type": "String"
104+
},
105+
{
106+
"name": "ReadOnly",
107+
"type": "String"
108+
},
109+
{
110+
"name": "RequestParameters",
111+
"type": "Dynamic"
112+
},
113+
{
114+
"name": "Resources",
115+
"type": "Dynamic"
116+
},
117+
{
118+
"name": "ServiceEventDetails",
119+
"type": "Dynamic"
120+
},
121+
{
122+
"name": "SharedEventId",
123+
"type": "String"
124+
},
125+
{
126+
"name": "SourceSystem",
127+
"type": "String"
128+
},
129+
{
130+
"name": "VpcEndpointId",
131+
"type": "String"
132+
},
133+
{
134+
"name": "APIVersion",
135+
"type": "String"
136+
},
137+
{
138+
"name": "RecipientAccountId",
139+
"type": "String"
140+
},
141+
{
142+
"name": "TenantId",
143+
"type": "String"
144+
},
145+
{
146+
"name": "EC2RoleDelivery",
147+
"type": "String"
148+
},
149+
{
150+
"name": "Session*",
151+
"type": "String"
152+
},
153+
{
154+
"name": "Aws*",
155+
"type": "String"
156+
}
157+
]
158+
}

.script/tests/asimParsersTest/ExclusionListForASimTests.csv

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,3 +10,4 @@ _ASim_Dns_AzureFirewall
1010
_Im_Authentication_Sshd
1111
_ASim_Authentication_M365Defender
1212
_Im_Authentication_M365Defender
13+
_Im_Authentication_AWSCloudTrail

0 commit comments

Comments
 (0)