From 83525d19a77bee8e370f6d39e16abad5cffdd723 Mon Sep 17 00:00:00 2001
From: elforb <55556791+elforb@users.noreply.github.com>
Date: Fri, 19 Feb 2021 07:24:40 -0800
Subject: [PATCH] Move solution content (#1792)

Co-authored-by: Eli Forbes <v-elforb@microsoft.com>
---
 .../Cisco ISE/Analytic Rules}/CiscoISEAdminPasswordReset.yaml     | 0
 .../Analytic Rules}/CiscoISEAttempDeleteLocalStoreLogs.yaml       | 0
 .../Cisco ISE/Analytic Rules}/CiscoISEBackupFailed.yaml           | 0
 .../Cisco ISE/Analytic Rules}/CiscoISECertExpired.yaml            | 0
 .../CiscoISECmdExecutionWithHighestPrivilegesNewIP.yaml           | 0
 .../CiscoISECmdExecutionWithHighestPrivilegesNewUser.yaml         | 0
 .../Cisco ISE/Analytic Rules}/CiscoISEDeviceChangedIP.yaml        | 0
 .../Analytic Rules}/CiscoISEDevicePostureStatusChanged.yaml       | 0
 .../Cisco ISE/Analytic Rules}/CiscoISELogCollectorSuspended.yaml  | 0
 .../Cisco ISE/Analytic Rules}/CiscoISELogsDeleted.yaml            | 0
 .../CiscoISEAuthenticationToSuspendedAccount.yaml                 | 0
 .../Hunting Queries}/CiscoISEDynamicAuthorizationFailed.yaml      | 0
 .../Hunting Queries}/CiscoISEExpiredCertInClientCertChain.yaml    | 0
 .../Cisco ISE/Hunting Queries}/CiscoISEFailedAuthentication.yaml  | 0
 .../Cisco ISE/Hunting Queries}/CiscoISEFailedLoginsSSHCLI.yaml    | 0
 .../Hunting Queries}/CiscoISEGuestAuthenticationFailed.yaml       | 0
 .../Hunting Queries}/CiscoISEGuestAuthenticationSuccess.yaml      | 0
 .../Cisco ISE/Hunting Queries}/CiscoISERareUserAgent.yaml         | 0
 .../CiscoISESourceHighNumberAuthenticationErrors.yaml             | 0
 .../Cisco ISE/Hunting Queries}/CiscoISESuspendLogCollector.yaml   | 0
 .../CriticalOrHighSeverityDetectionsByUser.yaml                   | 0
 .../{Detections => Analytic Rules}/CriticalSeverityDetection.yaml | 0
 .../ExcessiveBlockedTrafficGeneratedbyUser.yaml                   | 0
 .../{Detections => Analytic Rules}/MalwareDetected.yaml           | 0
 24 files changed, 0 insertions(+), 0 deletions(-)
 rename {Detections/CiscoISE => Solutions/Cisco ISE/Analytic Rules}/CiscoISEAdminPasswordReset.yaml (100%)
 rename {Detections/CiscoISE => Solutions/Cisco ISE/Analytic Rules}/CiscoISEAttempDeleteLocalStoreLogs.yaml (100%)
 rename {Detections/CiscoISE => Solutions/Cisco ISE/Analytic Rules}/CiscoISEBackupFailed.yaml (100%)
 rename {Detections/CiscoISE => Solutions/Cisco ISE/Analytic Rules}/CiscoISECertExpired.yaml (100%)
 rename {Detections/CiscoISE => Solutions/Cisco ISE/Analytic Rules}/CiscoISECmdExecutionWithHighestPrivilegesNewIP.yaml (100%)
 rename {Detections/CiscoISE => Solutions/Cisco ISE/Analytic Rules}/CiscoISECmdExecutionWithHighestPrivilegesNewUser.yaml (100%)
 rename {Detections/CiscoISE => Solutions/Cisco ISE/Analytic Rules}/CiscoISEDeviceChangedIP.yaml (100%)
 rename {Detections/CiscoISE => Solutions/Cisco ISE/Analytic Rules}/CiscoISEDevicePostureStatusChanged.yaml (100%)
 rename {Detections/CiscoISE => Solutions/Cisco ISE/Analytic Rules}/CiscoISELogCollectorSuspended.yaml (100%)
 rename {Detections/CiscoISE => Solutions/Cisco ISE/Analytic Rules}/CiscoISELogsDeleted.yaml (100%)
 rename {Hunting Queries/CiscoISE => Solutions/Cisco ISE/Hunting Queries}/CiscoISEAuthenticationToSuspendedAccount.yaml (100%)
 rename {Hunting Queries/CiscoISE => Solutions/Cisco ISE/Hunting Queries}/CiscoISEDynamicAuthorizationFailed.yaml (100%)
 rename {Hunting Queries/CiscoISE => Solutions/Cisco ISE/Hunting Queries}/CiscoISEExpiredCertInClientCertChain.yaml (100%)
 rename {Hunting Queries/CiscoISE => Solutions/Cisco ISE/Hunting Queries}/CiscoISEFailedAuthentication.yaml (100%)
 rename {Hunting Queries/CiscoISE => Solutions/Cisco ISE/Hunting Queries}/CiscoISEFailedLoginsSSHCLI.yaml (100%)
 rename {Hunting Queries/CiscoISE => Solutions/Cisco ISE/Hunting Queries}/CiscoISEGuestAuthenticationFailed.yaml (100%)
 rename {Hunting Queries/CiscoISE => Solutions/Cisco ISE/Hunting Queries}/CiscoISEGuestAuthenticationSuccess.yaml (100%)
 rename {Hunting Queries/CiscoISE => Solutions/Cisco ISE/Hunting Queries}/CiscoISERareUserAgent.yaml (100%)
 rename {Hunting Queries/CiscoISE => Solutions/Cisco ISE/Hunting Queries}/CiscoISESourceHighNumberAuthenticationErrors.yaml (100%)
 rename {Hunting Queries/CiscoISE => Solutions/Cisco ISE/Hunting Queries}/CiscoISESuspendLogCollector.yaml (100%)
 rename Solutions/CrowdStrike Falcon Endpoint Protection/{Detections => Analytic Rules}/CriticalOrHighSeverityDetectionsByUser.yaml (100%)
 rename Solutions/CrowdStrike Falcon Endpoint Protection/{Detections => Analytic Rules}/CriticalSeverityDetection.yaml (100%)
 rename Solutions/Symantec Endpoint Protection/{Detections => Analytic Rules}/ExcessiveBlockedTrafficGeneratedbyUser.yaml (100%)
 rename Solutions/Symantec Endpoint Protection/{Detections => Analytic Rules}/MalwareDetected.yaml (100%)

diff --git a/Detections/CiscoISE/CiscoISEAdminPasswordReset.yaml b/Solutions/Cisco ISE/Analytic Rules/CiscoISEAdminPasswordReset.yaml
similarity index 100%
rename from Detections/CiscoISE/CiscoISEAdminPasswordReset.yaml
rename to Solutions/Cisco ISE/Analytic Rules/CiscoISEAdminPasswordReset.yaml
diff --git a/Detections/CiscoISE/CiscoISEAttempDeleteLocalStoreLogs.yaml b/Solutions/Cisco ISE/Analytic Rules/CiscoISEAttempDeleteLocalStoreLogs.yaml
similarity index 100%
rename from Detections/CiscoISE/CiscoISEAttempDeleteLocalStoreLogs.yaml
rename to Solutions/Cisco ISE/Analytic Rules/CiscoISEAttempDeleteLocalStoreLogs.yaml
diff --git a/Detections/CiscoISE/CiscoISEBackupFailed.yaml b/Solutions/Cisco ISE/Analytic Rules/CiscoISEBackupFailed.yaml
similarity index 100%
rename from Detections/CiscoISE/CiscoISEBackupFailed.yaml
rename to Solutions/Cisco ISE/Analytic Rules/CiscoISEBackupFailed.yaml
diff --git a/Detections/CiscoISE/CiscoISECertExpired.yaml b/Solutions/Cisco ISE/Analytic Rules/CiscoISECertExpired.yaml
similarity index 100%
rename from Detections/CiscoISE/CiscoISECertExpired.yaml
rename to Solutions/Cisco ISE/Analytic Rules/CiscoISECertExpired.yaml
diff --git a/Detections/CiscoISE/CiscoISECmdExecutionWithHighestPrivilegesNewIP.yaml b/Solutions/Cisco ISE/Analytic Rules/CiscoISECmdExecutionWithHighestPrivilegesNewIP.yaml
similarity index 100%
rename from Detections/CiscoISE/CiscoISECmdExecutionWithHighestPrivilegesNewIP.yaml
rename to Solutions/Cisco ISE/Analytic Rules/CiscoISECmdExecutionWithHighestPrivilegesNewIP.yaml
diff --git a/Detections/CiscoISE/CiscoISECmdExecutionWithHighestPrivilegesNewUser.yaml b/Solutions/Cisco ISE/Analytic Rules/CiscoISECmdExecutionWithHighestPrivilegesNewUser.yaml
similarity index 100%
rename from Detections/CiscoISE/CiscoISECmdExecutionWithHighestPrivilegesNewUser.yaml
rename to Solutions/Cisco ISE/Analytic Rules/CiscoISECmdExecutionWithHighestPrivilegesNewUser.yaml
diff --git a/Detections/CiscoISE/CiscoISEDeviceChangedIP.yaml b/Solutions/Cisco ISE/Analytic Rules/CiscoISEDeviceChangedIP.yaml
similarity index 100%
rename from Detections/CiscoISE/CiscoISEDeviceChangedIP.yaml
rename to Solutions/Cisco ISE/Analytic Rules/CiscoISEDeviceChangedIP.yaml
diff --git a/Detections/CiscoISE/CiscoISEDevicePostureStatusChanged.yaml b/Solutions/Cisco ISE/Analytic Rules/CiscoISEDevicePostureStatusChanged.yaml
similarity index 100%
rename from Detections/CiscoISE/CiscoISEDevicePostureStatusChanged.yaml
rename to Solutions/Cisco ISE/Analytic Rules/CiscoISEDevicePostureStatusChanged.yaml
diff --git a/Detections/CiscoISE/CiscoISELogCollectorSuspended.yaml b/Solutions/Cisco ISE/Analytic Rules/CiscoISELogCollectorSuspended.yaml
similarity index 100%
rename from Detections/CiscoISE/CiscoISELogCollectorSuspended.yaml
rename to Solutions/Cisco ISE/Analytic Rules/CiscoISELogCollectorSuspended.yaml
diff --git a/Detections/CiscoISE/CiscoISELogsDeleted.yaml b/Solutions/Cisco ISE/Analytic Rules/CiscoISELogsDeleted.yaml
similarity index 100%
rename from Detections/CiscoISE/CiscoISELogsDeleted.yaml
rename to Solutions/Cisco ISE/Analytic Rules/CiscoISELogsDeleted.yaml
diff --git a/Hunting Queries/CiscoISE/CiscoISEAuthenticationToSuspendedAccount.yaml b/Solutions/Cisco ISE/Hunting Queries/CiscoISEAuthenticationToSuspendedAccount.yaml
similarity index 100%
rename from Hunting Queries/CiscoISE/CiscoISEAuthenticationToSuspendedAccount.yaml
rename to Solutions/Cisco ISE/Hunting Queries/CiscoISEAuthenticationToSuspendedAccount.yaml
diff --git a/Hunting Queries/CiscoISE/CiscoISEDynamicAuthorizationFailed.yaml b/Solutions/Cisco ISE/Hunting Queries/CiscoISEDynamicAuthorizationFailed.yaml
similarity index 100%
rename from Hunting Queries/CiscoISE/CiscoISEDynamicAuthorizationFailed.yaml
rename to Solutions/Cisco ISE/Hunting Queries/CiscoISEDynamicAuthorizationFailed.yaml
diff --git a/Hunting Queries/CiscoISE/CiscoISEExpiredCertInClientCertChain.yaml b/Solutions/Cisco ISE/Hunting Queries/CiscoISEExpiredCertInClientCertChain.yaml
similarity index 100%
rename from Hunting Queries/CiscoISE/CiscoISEExpiredCertInClientCertChain.yaml
rename to Solutions/Cisco ISE/Hunting Queries/CiscoISEExpiredCertInClientCertChain.yaml
diff --git a/Hunting Queries/CiscoISE/CiscoISEFailedAuthentication.yaml b/Solutions/Cisco ISE/Hunting Queries/CiscoISEFailedAuthentication.yaml
similarity index 100%
rename from Hunting Queries/CiscoISE/CiscoISEFailedAuthentication.yaml
rename to Solutions/Cisco ISE/Hunting Queries/CiscoISEFailedAuthentication.yaml
diff --git a/Hunting Queries/CiscoISE/CiscoISEFailedLoginsSSHCLI.yaml b/Solutions/Cisco ISE/Hunting Queries/CiscoISEFailedLoginsSSHCLI.yaml
similarity index 100%
rename from Hunting Queries/CiscoISE/CiscoISEFailedLoginsSSHCLI.yaml
rename to Solutions/Cisco ISE/Hunting Queries/CiscoISEFailedLoginsSSHCLI.yaml
diff --git a/Hunting Queries/CiscoISE/CiscoISEGuestAuthenticationFailed.yaml b/Solutions/Cisco ISE/Hunting Queries/CiscoISEGuestAuthenticationFailed.yaml
similarity index 100%
rename from Hunting Queries/CiscoISE/CiscoISEGuestAuthenticationFailed.yaml
rename to Solutions/Cisco ISE/Hunting Queries/CiscoISEGuestAuthenticationFailed.yaml
diff --git a/Hunting Queries/CiscoISE/CiscoISEGuestAuthenticationSuccess.yaml b/Solutions/Cisco ISE/Hunting Queries/CiscoISEGuestAuthenticationSuccess.yaml
similarity index 100%
rename from Hunting Queries/CiscoISE/CiscoISEGuestAuthenticationSuccess.yaml
rename to Solutions/Cisco ISE/Hunting Queries/CiscoISEGuestAuthenticationSuccess.yaml
diff --git a/Hunting Queries/CiscoISE/CiscoISERareUserAgent.yaml b/Solutions/Cisco ISE/Hunting Queries/CiscoISERareUserAgent.yaml
similarity index 100%
rename from Hunting Queries/CiscoISE/CiscoISERareUserAgent.yaml
rename to Solutions/Cisco ISE/Hunting Queries/CiscoISERareUserAgent.yaml
diff --git a/Hunting Queries/CiscoISE/CiscoISESourceHighNumberAuthenticationErrors.yaml b/Solutions/Cisco ISE/Hunting Queries/CiscoISESourceHighNumberAuthenticationErrors.yaml
similarity index 100%
rename from Hunting Queries/CiscoISE/CiscoISESourceHighNumberAuthenticationErrors.yaml
rename to Solutions/Cisco ISE/Hunting Queries/CiscoISESourceHighNumberAuthenticationErrors.yaml
diff --git a/Hunting Queries/CiscoISE/CiscoISESuspendLogCollector.yaml b/Solutions/Cisco ISE/Hunting Queries/CiscoISESuspendLogCollector.yaml
similarity index 100%
rename from Hunting Queries/CiscoISE/CiscoISESuspendLogCollector.yaml
rename to Solutions/Cisco ISE/Hunting Queries/CiscoISESuspendLogCollector.yaml
diff --git a/Solutions/CrowdStrike Falcon Endpoint Protection/Detections/CriticalOrHighSeverityDetectionsByUser.yaml b/Solutions/CrowdStrike Falcon Endpoint Protection/Analytic Rules/CriticalOrHighSeverityDetectionsByUser.yaml
similarity index 100%
rename from Solutions/CrowdStrike Falcon Endpoint Protection/Detections/CriticalOrHighSeverityDetectionsByUser.yaml
rename to Solutions/CrowdStrike Falcon Endpoint Protection/Analytic Rules/CriticalOrHighSeverityDetectionsByUser.yaml
diff --git a/Solutions/CrowdStrike Falcon Endpoint Protection/Detections/CriticalSeverityDetection.yaml b/Solutions/CrowdStrike Falcon Endpoint Protection/Analytic Rules/CriticalSeverityDetection.yaml
similarity index 100%
rename from Solutions/CrowdStrike Falcon Endpoint Protection/Detections/CriticalSeverityDetection.yaml
rename to Solutions/CrowdStrike Falcon Endpoint Protection/Analytic Rules/CriticalSeverityDetection.yaml
diff --git a/Solutions/Symantec Endpoint Protection/Detections/ExcessiveBlockedTrafficGeneratedbyUser.yaml b/Solutions/Symantec Endpoint Protection/Analytic Rules/ExcessiveBlockedTrafficGeneratedbyUser.yaml
similarity index 100%
rename from Solutions/Symantec Endpoint Protection/Detections/ExcessiveBlockedTrafficGeneratedbyUser.yaml
rename to Solutions/Symantec Endpoint Protection/Analytic Rules/ExcessiveBlockedTrafficGeneratedbyUser.yaml
diff --git a/Solutions/Symantec Endpoint Protection/Detections/MalwareDetected.yaml b/Solutions/Symantec Endpoint Protection/Analytic Rules/MalwareDetected.yaml
similarity index 100%
rename from Solutions/Symantec Endpoint Protection/Detections/MalwareDetected.yaml
rename to Solutions/Symantec Endpoint Protection/Analytic Rules/MalwareDetected.yaml