-
Notifications
You must be signed in to change notification settings - Fork 2.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adding a new workbook on Log4j hunting #3888
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@samikroy : I think you missed to add workbook.json here, can you please add it... Thanks!!
@v-rucdu & @v-jayakal - Thank you for highlighting this. |
@samikroy : You have added the workbook.json under Workbooks-->Images folder, can you please delete and add it under Workbooks folder... and in solutions WorkbookMetadata.json is not required... please delete it... thanks!!! |
Done. |
Thank you @v-rucdu for the approval & merge. |
Change(s):
Azure-Sentinel/Workbooks/Log4jPostCompromiseHunting - A new workbook added with the following tabs
FindTrace - A lookup to curated IOCs across all sentinel tables.
SecurityNestedRecommendation - This section uses the Azure Defender Security Nested Recommendations data to find
machines vulnerable to log4j CVE-2021-44228. Log4j is an open-source Apache logging library that is used in many Java-
based applications. Security Nested Recommendations data is sent to Microsoft Sentinel using the continuous export
feature of Azure Defender
AzureDiagnostics - Azure Diagnostics
MultipleDataSources - Across multiple data sources
Syslog - From Syslog Sources
Azure-Sentinel/Workbooks/WorkbooksMetadata.json - To add workbook metadata.
Azure-Sentinel/Workbooks/Images/Logos - To add workbook logo.
Azure-Sentinel/Workbooks/Images/Preview - To add preview images.