Merge branch 'master' into pr/11617

.github/workflows/detection-template-schema-validations.yaml

@@ -8,7 +8,7 @@ on:
     workflow_dispatch:
 jobs:
     DetectionTemplateSchemaValidation:
-      runs-on: ubuntu-latest
+      runs-on: ubuntu-22.04
       env:
         buildConfiguration: Release
         dotnetSdkVersion: 3.1.401

.github/workflows/non-ascii-validations.yaml

@@ -9,7 +9,7 @@ on:
     workflow_dispatch:
 jobs:
     NonAsciiValidations:
-      runs-on: ubuntu-latest
+      runs-on: ubuntu-22.04
       env:
         buildConfiguration: Release
         dotnetSdkVersion: 3.1.401

.script/tests/KqlvalidationsTests/CustomTables/NetworkAccessAlerts.json

@@ -0,0 +1,93 @@
+{
+	"Name": "NetworkAccessAlerts",
+	"Properties": [
+		{
+			"Name": "TenantId",
+			"Type": "string"
+		},
+		{
+			"Name": "TimeGenerated",
+			"Type": "datetime"
+		},
+		{
+			"Name": "Id",
+			"Type": "string"
+		},
+		{
+			"Name": "DisplayName",
+			"Type": "string"
+		},
+		{
+			"Name": "Severity",
+			"Type": "string"
+		},
+		{
+			"Name": "ComponentName",
+			"Type": "string"
+		},
+		{
+			"Name": "DetectionTechnology",
+			"Type": "string"
+		},
+		{
+			"Name": "AlertType",
+			"Type": "string"
+		},
+		{
+			"Name": "Description",
+			"Type": "string"
+		},
+		{
+			"Name": "ProductName",
+			"Type": "string"
+		},
+		{
+			"Name": "PolicyId",
+			"Type": "string"
+		},
+		{
+			"Name": "LastActivityDateTime",
+			"Type": "datetime"
+		},
+		{
+			"Name": "FirstActivityDateTime",
+			"Type": "datetime"
+		},
+		{
+			"Name": "SourceSystem",
+			"Type": "string"
+		},
+		{
+			"Name": "Techniques",
+			"Type": "string"
+		},
+		{
+			"Name": "SubTechniques",
+			"Type": "string"
+		},
+		{
+			"Name": "ExtendedProperties",
+			"Type": "dynamic"
+		},
+		{
+			"Name": "RelatedResources",
+			"Type": "dynamic"
+		},
+		{
+			"Name": "IsPreview",
+			"Type": "bool"
+		},
+		{
+			"Name": "CreationDateTime",
+			"Type": "datetime"
+		},
+		{
+			"Name": "Type",
+			"Type": "string"
+		},
+		{
+			"Name": "VendorName",
+			"Type": "string"
+		}
+	]
+}

.script/tests/KqlvalidationsTests/CustomTables/Samsung_Knox_Application_CL.json

@@ -0,0 +1,71 @@
+{
+    "Name": "Samsung_Knox_Application_CL",
+    "Properties": [
+        {
+          "name": "TimeGenerated",
+          "type": "DateTime",
+          "isDefaultDisplay": true,
+          "description": "The timestamp (UTC) reflecting the time in which the event was generated."
+        },
+        {
+          "name": "PrimaryImei",
+          "type": "string"
+        },
+        {
+          "name": "DeviceImei1",
+          "type": "string"
+        },
+        {
+          "name": "DeviceImei2",
+          "type": "string"
+        },
+        {
+          "name": "DeviceSerialNumber",
+          "type": "string"
+        },
+        {
+          "name": "DeviceWifimac",
+          "type": "string"
+        },
+        {
+          "name": "DeviceModel",
+          "type": "string"
+        },
+        {
+          "name": "EventGuid",
+          "type": "long"
+        },
+        {
+          "name": "Name",
+          "type": "string"
+        },
+        {
+          "name": "Version",
+          "type": "string"
+        },
+        {
+          "name": "Severity",
+          "type": "string"
+        },
+        {
+          "name": "MitreTtp",
+          "type": "dynamic"
+        },
+        {
+          "name": "Profile",
+          "type": "string"
+        },
+        {
+          "name": "PkgName",
+          "type": "string"
+        },
+        {
+          "name": "AccessibilityApi",
+          "type": "string"
+        },
+        {
+          "name": "RestrictedPerms",
+          "type": "dynamic"
+        }
+  ]
+}

.script/tests/KqlvalidationsTests/CustomTables/Samsung_Knox_Audit_CL.json

@@ -0,0 +1,87 @@
+{
+    "Name": "Samsung_Knox_Audit_CL",
+    "Properties": [
+          {
+            "name": "TimeGenerated",
+            "type": "DateTime",
+            "isDefaultDisplay": true,
+            "description": "The timestamp (UTC) reflecting the time in which the event was generated."
+          },
+          {
+            "name": "PrimaryImei",
+            "type": "string"
+          },
+          {
+            "name": "DeviceImei1",
+            "type": "string"
+          },
+          {
+            "name": "DeviceImei2",
+            "type": "string"
+          },
+          {
+            "name": "DeviceSerialNumber",
+            "type": "string"
+          },
+          {
+            "name": "DeviceWifimac",
+            "type": "string"
+          },
+          {
+            "name": "DeviceModel",
+            "type": "string"
+          },
+          {
+            "name": "EventGuid",
+            "type": "long"
+          },
+          {
+            "name": "Name",
+            "type": "string"
+          },
+          {
+            "name": "Version",
+            "type": "string"
+          },
+          {
+            "name": "Severity",
+            "type": "string"
+          },
+          {
+            "name": "MitreTtp",
+            "type": "dynamic"
+          },
+          {
+            "name": "Profile",
+            "type": "string"
+          },
+          {
+            "name": "UserId",
+            "type": "int"
+          },
+          {
+            "name": "AdmUserId",
+            "type": "int"
+          },
+          {
+            "name": "AdmPkgName",
+            "type": "string"
+          },
+          {
+            "name": "FailureReason",
+            "type": "string"
+          },
+          {
+            "name": "Action",
+            "type": "string"
+          },
+          {
+            "name": "KeyMask",
+            "type": "int"
+          },
+          {
+            "name": "PkgName",
+            "type": "string"
+          }
+    ]
+}