Skip to content

Commit

Permalink
MS Security Graph Update2 (#27695)
Browse files Browse the repository at this point in the history 
* Updated ModelingRules

* Updated ReleaseNotes

* Updated ReleaseNotes

* Updated .yml configs

* Reverted changes to .yml
  • Loading branch information
@eepstain @MosheEichler
eepstain authored and MosheEichler committed Jul 2, 2023
1 parent 9e62e5b commit 83fc7ac
Show file tree
Hide file tree
Showing 3 changed files with 8 additions and 2 deletions.
2 changes: 1 addition & 1 deletion Packs/MicrosoftGraphSecurity/ModelingRules/MicrosoftGraphSecurity/MicrosoftGraphSecurity.xif
View file
Original file line number Diff line number Diff line change
Expand Up @@ -128,7 +128,7 @@ filter _reporting_device_name = "https://graph.microsoft.com/beta/security/alert
xdm.target.file.size = to_integer(fileEvidence_fileDetails_fileSize),
xdm.target.file.sha256 = fileEvidence_fileDetails_sha256,
xdm.target.file.signer = fileEvidence_fileDetails_signer,
xdm.alert.mitre_techniques = mitreTechniques,
xdm.alert.mitre_techniques = arraymap(json_extract_array(mitreTechniques, "$"), replex("@element", "\"", "")),
xdm.source.host.ipv4_addresses = check_ipv4,
xdm.source.host.ipv6_addresses = check_ipv6,
xdm.source.user.username = coalesce(mailboxEvidence_displayName, mailboxEvidence_primaryAddress, mailboxEvidence_userAccount_accountName, mailboxEvidence_userAccount_userPrincipalName, processEvidence_userAccount_accountName, processEvidence_userAccount_userPrincipalName, userEvidence_userAccount_accountName, userEvidence_userAccount_userPrincipalName, userEvidence_userAccount_displayName),
Expand Down
6 changes: 6 additions & 0 deletions Packs/MicrosoftGraphSecurity/ReleaseNotes/2_1_23.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@

#### Modeling Rules

##### Microsoft Graph Security Modeling Rules

- Updated the Modeling Rule logic.
2 changes: 1 addition & 1 deletion Packs/MicrosoftGraphSecurity/pack_metadata.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
"name": "Microsoft Graph Security",
"description": "Unified gateway to security insights - all from a unified Microsoft Graph\n Security API.",
"support": "xsoar",
"currentVersion": "2.1.22",
"currentVersion": "2.1.23",
"author": "Cortex XSOAR",
"url": "https://www.paloaltonetworks.com/cortex",
"email": "",
Expand Down

0 comments on commit 83fc7ac

Please sign in to comment.