Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

version 3.0.1 #11529

Open
wants to merge 17 commits into
base: master
Choose a base branch
from
Open

version 3.0.1 #11529

wants to merge 17 commits into from

Conversation

roberteliass
Copy link
Contributor

Changes:

Added six new analytic rule templates to the CTERA Sentinel Solution:
RansomwareUserBlocked.yaml: Detects malicious users blocked by the CTERA Ransom Protect AI engine.
RansomwareDetected.yaml: Identifies ransomware attacks detected by the CTERA Ransom Protect AI engine.
MassDeletions.yaml: Monitors and flags mass file deletion events.
MassPermissionsChange.yaml: Detects large-scale permissions changes in files or folders.
MassAccessDenied.yaml: Flags excessive access denied events.
InfectedFileDetected.yaml: Detects infected files identified by the CTERA platform.
Updated createUiDefinition.json to reflect the addition of six analytic rules in the solution description and configuration steps.
Refined analytics rule descriptions for clarity and accuracy.

Reason for Change(s):
To enhance the CTERA Sentinel Solution with additional analytic capabilities, covering diverse scenarios such as ransomware detection, user blocking, mass file operations, and file infections.
Ensures alignment with Microsoft Sentinel best practices for analytic rules and solution design.

Version Updated:
Yes
Updated the version field for all six analytic rules to reflect the changes in this submission.
Testing Completed:
Tested all YAML files in a standalone Microsoft Sentinel environment without custom parsers or dependencies.
Validated successful execution of analytic rules, ensuring accurate detection and alert generation.
Tested createUiDefinition.json updates in the deployment interface for correct rendering and functionality.

Validations:
Ensured all validations are passing.
Addressed any flagged issues during local testing and validation.

Additional Notes:
Contributions adhere to Microsoft Sentinel guidelines for analytic rule structure and functionality.
Assistance is available if any further refinements are required.

@roberteliass roberteliass requested review from a team as code owners December 5, 2024 13:42
@v-atulyadav v-atulyadav added the Solution Solution specialty review needed label Dec 5, 2024
@v-prasadboke
Copy link
Contributor

Hello @roberteliass, Please upload the package the zip as well. Also try to resolve the KQL validation failures

@roberteliass
Copy link
Contributor Author

Hello @roberteliass, Please upload the package the zip as well. Also try to resolve the KQL validation failures

Hi v-prasadboke,

Thanks for noticing, indeed it was ignored by my app, I pushed it now.

@v-prasadboke
Copy link
Contributor

Hello @roberteliass, maintemplate have arm ttk failure for api version
please check it once and resolve

Api versions must be the latest or under 2 years old (730 days) - API
#13 7.231 version 2021-10-01-preview of Microsoft.SecurityInsights/AlertRuleTemplates is
#13 7.231 1168 days old Line: 1183, Column: 4

@v-prasadboke
Copy link
Contributor

please update the branch from master once

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Solution Solution specialty review needed
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants