From 01857770f5228f3d9ae05bbd2870ebbdf863f9a1 Mon Sep 17 00:00:00 2001 From: Joana Martins Date: Tue, 30 Jan 2024 12:55:06 +0000 Subject: [PATCH] Adding tables to .script/tests/KqlvalidationsTests/CustomTables --- .../CustomTables/SophosEPAlerts_CL.json | 73 +++++++++++ .../CustomTables/SophosEPEvents_CL.json | 121 ++++++++++++++++++ 2 files changed, 194 insertions(+) create mode 100644 .script/tests/KqlvalidationsTests/CustomTables/SophosEPAlerts_CL.json create mode 100644 .script/tests/KqlvalidationsTests/CustomTables/SophosEPEvents_CL.json diff --git a/.script/tests/KqlvalidationsTests/CustomTables/SophosEPAlerts_CL.json b/.script/tests/KqlvalidationsTests/CustomTables/SophosEPAlerts_CL.json new file mode 100644 index 0000000000..e52f93d494 --- /dev/null +++ b/.script/tests/KqlvalidationsTests/CustomTables/SophosEPAlerts_CL.json @@ -0,0 +1,73 @@ +{ + "name": "SophosEPAlerts_CL", + "properties": [ + { + "name": "TimeGenerated", + "type": "Datetime" + }, + { + "name": "CustomerId", + "type": "string" + }, + { + "name": "EventSeverity", + "type": "string" + }, + { + "name": "EventVendor", + "type": "string" + }, + { + "name": "EventType", + "type": "string" + }, + { + "name": "EventProduct", + "type": "string" + }, + { + "name": "event_service_event_id", + "type": "string" + }, + { + "name": "EventEndTime", + "type": "datetime" + }, + { + "name": "DvcAction", + "type": "string" + }, + { + "name": "description", + "type": "string" + }, + { + "name": "DvcHostname", + "type": "string" + }, + { + "name": "EventOriginalUid", + "type": "string" + }, + { + "name": "data", + "type": "dynamic" + }, + { + "name": "Source", + "type": "string" + }, + { + "name": "info", + "type": "dynamic" + }, + { + "name": "ThreatName", + "type": "string" + }, + { + "name": "threat_cleanable", + "type": "boolean" + } + ] +} \ No newline at end of file diff --git a/.script/tests/KqlvalidationsTests/CustomTables/SophosEPEvents_CL.json b/.script/tests/KqlvalidationsTests/CustomTables/SophosEPEvents_CL.json new file mode 100644 index 0000000000..12ca896eda --- /dev/null +++ b/.script/tests/KqlvalidationsTests/CustomTables/SophosEPEvents_CL.json @@ -0,0 +1,121 @@ +{ + "name": "SophosEPEvents_CL", + "properties": [ + { + "name": "TimeGenerated", + "type": "Datetime" + }, + { + "name": "EventVendor", + "type": "string" + }, + { + "name": "EventProduct", + "type": "string" + }, + { + "name": "EventType", + "type": "string" + }, + { + "name": "amsi_threat_data", + "type": "dynamic" + }, + { + "name": "appCerts", + "type": "dynamic" + }, + { + "name": "AppSha256", + "type": "string" + }, + { + "name": "CoreRemedyItems", + "type": "string" + }, + { + "name": "CoreRemedyTotalItems", + "type": "int" + }, + { + "name": "Created", + "type": "datetime" + }, + { + "name": "CustomerId", + "type": "string" + }, + { + "name": "details", + "type": "dynamic" + }, + { + "name": "EndpointId", + "type": "string" + }, + { + "name": "SrcDvcType", + "type": "string" + }, + { + "name": "ThreatCategory", + "type": "string" + }, + { + "name": "EventOriginalUid", + "type": "string" + }, + { + "name": "ips_threat_data", + "type": "dynamic" + }, + { + "name": "DvcHostname", + "type": "string" + }, + { + "name": "EventMessage", + "type": "string" + }, + { + "name": "EventSubType", + "type": "string" + }, + { + "name": "EventSeverity", + "type": "string" + }, + { + "name": "Source", + "type": "string" + }, + { + "name": "source_info", + "type": "dynamic" + }, + { + "name": "SrcIpAddr", + "type": "string" + }, + { + "name": "ThreatName", + "type": "string" + }, + { + "name": "DvcAction", + "type": "string" + }, + { + "name": "DstUserSid", + "type": "string" + }, + { + "name": "EventEndTime", + "type": "datetime" + }, + { + "name": "whitelist_properties", + "type": "dynamic" + } + ] +} \ No newline at end of file