Added 5 new detections for Azure Firewall Sentinel Solution#13590
Closed
shabaz-github wants to merge 10 commits intoAzure:masterfrom
Closed
Added 5 new detections for Azure Firewall Sentinel Solution#13590shabaz-github wants to merge 10 commits intoAzure:masterfrom
shabaz-github wants to merge 10 commits intoAzure:masterfrom
Conversation
Added analytic rule for detecting high severity malicious activity in Azure Firewall IDPS logs.
Updated the analytic rule to identify medium severity malicious activity in Azure Firewall IDPS logs. Adjusted parameters such as time window, hit threshold, and categories of interest.
This analytic rule identifies web application attacks in Azure Firewall IDPS logs, with a focus on high severity incidents.
This analytic rule identifies DDoS attacks in Azure Firewall IDPS logs, providing details on severity, actions, and threat categories.
Updated the analytic rule to detect Elevation of Privilege attempts instead of DDoS attacks. Adjusted relevant fields and filters accordingly.
Increased the time window for DDoS attack detection from 30 days to 90 days.
Contributor
Author
|
will submit another one |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Required items, please complete
Change(s):
Reason for Change(s):
Version Updated:
Testing Completed:
Checked that the validations are passing and have addressed any issues that are present:
Guidance <- remove section before submitting
Before submitting this PR please ensure that you have read the following sections and filled out the changes, reason for change and testing complete sections:
Thank you for your contribution to the Microsoft Sentinel Github repo.
Change(s):
Reason for Change(s):
Version updated:
Testing Completed:
Note: If updating a detection, you must update the version field.
Checked that the validations are passing and have addressed any issues that are present:
Note: Let us know if you have tried fixing the validation error and need help.