security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update logsource

Browse Source
This commit is contained in:
frack113
2023-01-04 19:36:37 +01:00
parent 756a248032
commit 7d5fb8db30
3 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/cloud/azure/azure_app_privileged_permissions.yml
+1 -2
View File
@@ -6,12 +6,11 @@ references:
- https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/security-operations-applications#application-granted-highly-privileged-permissions
author: Bailey Bercik '@baileybercik', Mark Morowczynski '@markmorow'
date: 2022/07/28
modified: 2023/01/04
tags:
- attack.privilege_escalation
logsource:
product: azure
service: auditlogs
service: microsoft365portal
detection:
selection:
properties.message: Add app role assignment to service principal
tests/logsource.json
+1
View File
@@ -228,6 +228,7 @@
"activitylogs":[],
"auditlogs":[],
"azureactivity":[],
"microsoft365portal":[],
"signinlogs":[]
}
},
tests/test_logsource.py
+2 -2
View File
@@ -141,7 +141,7 @@ class TestRules(unittest.TestCase):
if info == None:
faulty_rules.append(file)
print(
Fore.RED + "Rule {} has the unkwon logsource product/category/service ({}/{}/{})".format(file,
Fore.RED + "Rule {} has the unknown logsource product/category/service ({}/{}/{})".format(file,
full_logsource["product"],
full_logsource["category"],
full_logsource["service"]
@@ -209,7 +209,7 @@ class TestRules(unittest.TestCase):
files_with_fieldname_issues.append(file)
self.assertEqual(files_with_fieldname_issues, [], Fore.RED +
"There are rule files which contains unkown field or with cast error")
"There are rule files which contains unknown field or with cast error")
def load_fields_json(name:str):
data = {}