-
Notifications
You must be signed in to change notification settings - Fork 3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
version 3.0.1 #11529
base: master
Are you sure you want to change the base?
version 3.0.1 #11529
Conversation
Hello @roberteliass, Please upload the package the zip as well. Also try to resolve the KQL validation failures |
Hi v-prasadboke, Thanks for noticing, indeed it was ignored by my app, I pushed it now. |
Hello @roberteliass, maintemplate have arm ttk failure for api version Api versions must be the latest or under 2 years old (730 days) - API |
…e.json and new 3.0.1.zip file
…e.json and new 3.0.1.zip file
please update the branch from master once |
…e.json and new 3.0.1.zip file
…e.json and fixed solutionId to match proper format
Changes:
Added six new analytic rule templates to the CTERA Sentinel Solution:
RansomwareUserBlocked.yaml: Detects malicious users blocked by the CTERA Ransom Protect AI engine.
RansomwareDetected.yaml: Identifies ransomware attacks detected by the CTERA Ransom Protect AI engine.
MassDeletions.yaml: Monitors and flags mass file deletion events.
MassPermissionsChange.yaml: Detects large-scale permissions changes in files or folders.
MassAccessDenied.yaml: Flags excessive access denied events.
InfectedFileDetected.yaml: Detects infected files identified by the CTERA platform.
Updated createUiDefinition.json to reflect the addition of six analytic rules in the solution description and configuration steps.
Refined analytics rule descriptions for clarity and accuracy.
Reason for Change(s):
To enhance the CTERA Sentinel Solution with additional analytic capabilities, covering diverse scenarios such as ransomware detection, user blocking, mass file operations, and file infections.
Ensures alignment with Microsoft Sentinel best practices for analytic rules and solution design.
Version Updated:
Yes
Updated the version field for all six analytic rules to reflect the changes in this submission.
Testing Completed:
Tested all YAML files in a standalone Microsoft Sentinel environment without custom parsers or dependencies.
Validated successful execution of analytic rules, ensuring accurate detection and alert generation.
Tested createUiDefinition.json updates in the deployment interface for correct rendering and functionality.
Validations:
Ensured all validations are passing.
Addressed any flagged issues during local testing and validation.
Additional Notes:
Contributions adhere to Microsoft Sentinel guidelines for analytic rule structure and functionality.
Assistance is available if any further refinements are required.