From 7d5fb8db30c22476432049b1c55cfc7faeb441d4 Mon Sep 17 00:00:00 2001
From: frack113 <62423083+frack113@users.noreply.github.com>
Date: Wed, 4 Jan 2023 19:36:37 +0100
Subject: [PATCH] update logsource

---
 rules/cloud/azure/azure_app_privileged_permissions.yml | 3 +--
 tests/logsource.json                                   | 1 +
 tests/test_logsource.py                                | 4 ++--
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/rules/cloud/azure/azure_app_privileged_permissions.yml b/rules/cloud/azure/azure_app_privileged_permissions.yml
index 5bd6052c3..bdc64a4c7 100644
--- a/rules/cloud/azure/azure_app_privileged_permissions.yml
+++ b/rules/cloud/azure/azure_app_privileged_permissions.yml
@@ -6,12 +6,11 @@ references:
     - https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/security-operations-applications#application-granted-highly-privileged-permissions
 author: Bailey Bercik '@baileybercik', Mark Morowczynski '@markmorow'
 date: 2022/07/28
-modified: 2023/01/04
 tags:
     - attack.privilege_escalation
 logsource:
     product: azure
-    service: auditlogs
+    service: microsoft365portal
 detection:
     selection:
         properties.message: Add app role assignment to service principal
diff --git a/tests/logsource.json b/tests/logsource.json
index 63cdfcd6c..5a4138bd9 100644
--- a/tests/logsource.json
+++ b/tests/logsource.json
@@ -228,6 +228,7 @@
                 "activitylogs":[],
                 "auditlogs":[],
                 "azureactivity":[],
+                "microsoft365portal":[],
                 "signinlogs":[]
             }
         },
diff --git a/tests/test_logsource.py b/tests/test_logsource.py
index 4e191f903..a0863726c 100644
--- a/tests/test_logsource.py
+++ b/tests/test_logsource.py
@@ -141,7 +141,7 @@ class TestRules(unittest.TestCase):
                 if info == None:
                     faulty_rules.append(file)
                     print(
-                        Fore.RED + "Rule {} has the unkwon logsource product/category/service ({}/{}/{})".format(file,
+                        Fore.RED + "Rule {} has the unknown logsource product/category/service ({}/{}/{})".format(file,
                                                                                                         full_logsource["product"],
                                                                                                         full_logsource["category"],
                                                                                                         full_logsource["service"]
@@ -209,7 +209,7 @@ class TestRules(unittest.TestCase):
                                     files_with_fieldname_issues.append(file)                        
 
         self.assertEqual(files_with_fieldname_issues, [], Fore.RED +
-                         "There are rule files which contains unkown field or with cast error")
+                         "There are rule files which contains unknown field or with cast error")
 
 def load_fields_json(name:str):
     data = {}