From 83fc7acb94df9fc5e1a6cecb4a21df882b512607 Mon Sep 17 00:00:00 2001 From: eepstain <116078117+eepstain@users.noreply.github.com> Date: Tue, 27 Jun 2023 17:27:50 +0300 Subject: [PATCH] MS Security Graph Update2 (#27695) * Updated ModelingRules * Updated ReleaseNotes * Updated ReleaseNotes * Updated .yml configs * Reverted changes to .yml --- .../MicrosoftGraphSecurity/MicrosoftGraphSecurity.xif | 2 +- Packs/MicrosoftGraphSecurity/ReleaseNotes/2_1_23.md | 6 ++++++ Packs/MicrosoftGraphSecurity/pack_metadata.json | 2 +- 3 files changed, 8 insertions(+), 2 deletions(-) create mode 100644 Packs/MicrosoftGraphSecurity/ReleaseNotes/2_1_23.md diff --git a/Packs/MicrosoftGraphSecurity/ModelingRules/MicrosoftGraphSecurity/MicrosoftGraphSecurity.xif b/Packs/MicrosoftGraphSecurity/ModelingRules/MicrosoftGraphSecurity/MicrosoftGraphSecurity.xif index 70be0f8b6cd0..30a469902858 100644 --- a/Packs/MicrosoftGraphSecurity/ModelingRules/MicrosoftGraphSecurity/MicrosoftGraphSecurity.xif +++ b/Packs/MicrosoftGraphSecurity/ModelingRules/MicrosoftGraphSecurity/MicrosoftGraphSecurity.xif @@ -128,7 +128,7 @@ filter _reporting_device_name = "https://graph.microsoft.com/beta/security/alert xdm.target.file.size = to_integer(fileEvidence_fileDetails_fileSize), xdm.target.file.sha256 = fileEvidence_fileDetails_sha256, xdm.target.file.signer = fileEvidence_fileDetails_signer, - xdm.alert.mitre_techniques = mitreTechniques, + xdm.alert.mitre_techniques = arraymap(json_extract_array(mitreTechniques, "$"), replex("@element", "\"", "")), xdm.source.host.ipv4_addresses = check_ipv4, xdm.source.host.ipv6_addresses = check_ipv6, xdm.source.user.username = coalesce(mailboxEvidence_displayName, mailboxEvidence_primaryAddress, mailboxEvidence_userAccount_accountName, mailboxEvidence_userAccount_userPrincipalName, processEvidence_userAccount_accountName, processEvidence_userAccount_userPrincipalName, userEvidence_userAccount_accountName, userEvidence_userAccount_userPrincipalName, userEvidence_userAccount_displayName), diff --git a/Packs/MicrosoftGraphSecurity/ReleaseNotes/2_1_23.md b/Packs/MicrosoftGraphSecurity/ReleaseNotes/2_1_23.md new file mode 100644 index 000000000000..3ac3d21030de --- /dev/null +++ b/Packs/MicrosoftGraphSecurity/ReleaseNotes/2_1_23.md @@ -0,0 +1,6 @@ + +#### Modeling Rules + +##### Microsoft Graph Security Modeling Rules + +- Updated the Modeling Rule logic. diff --git a/Packs/MicrosoftGraphSecurity/pack_metadata.json b/Packs/MicrosoftGraphSecurity/pack_metadata.json index b5faade90f46..58c1632b25b0 100644 --- a/Packs/MicrosoftGraphSecurity/pack_metadata.json +++ b/Packs/MicrosoftGraphSecurity/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Microsoft Graph Security", "description": "Unified gateway to security insights - all from a unified Microsoft Graph\n Security API.", "support": "xsoar", - "currentVersion": "2.1.22", + "currentVersion": "2.1.23", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "",