Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding a new workbook on Log4j hunting #3888

Merged
merged 10 commits into from
Jan 19, 2022
Merged

Adding a new workbook on Log4j hunting #3888

merged 10 commits into from
Jan 19, 2022

Conversation

samikroy
Copy link
Contributor

Change(s):

Azure-Sentinel/Workbooks/Log4jPostCompromiseHunting - A new workbook added with the following tabs
FindTrace - A lookup to curated IOCs across all sentinel tables.
SecurityNestedRecommendation - This section uses the Azure Defender Security Nested Recommendations data to find
machines vulnerable to log4j CVE-2021-44228. Log4j is an open-source Apache logging library that is used in many Java-
based applications. Security Nested Recommendations data is sent to Microsoft Sentinel using the continuous export
feature of Azure Defender
AzureDiagnostics - Azure Diagnostics
MultipleDataSources - Across multiple data sources
Syslog - From Syslog Sources

Azure-Sentinel/Workbooks/WorkbooksMetadata.json - To add workbook metadata.

Azure-Sentinel/Workbooks/Images/Logos - To add workbook logo.

Azure-Sentinel/Workbooks/Images/Preview - To add preview images.

@samikroy samikroy mentioned this pull request Jan 11, 2022
Merged
v-rucdu
v-rucdu suggested changes Jan 12, 2022
View reviewed changes
Copy link
Contributor

@v-rucdu v-rucdu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@samikroy : I think you missed to add workbook.json here, can you please add it... Thanks!!

@aprakash13 aprakash13 added the Workbook Workbook specialty review needed label Jan 12, 2022
@samikroy
Copy link
Contributor Author

samikroy commented Jan 12, 2022
edited
Loading

@samikroy : I think you missed to add workbook.json here, can you please add it... Thanks!!

@v-rucdu & @v-jayakal - Thank you for highlighting this.
Have added the files as requested.
Please let me know for further changes.

@samikroy samikroy requested a review from v-rucdu January 17, 2022 09:44
@v-rucdu
Copy link
Contributor

v-rucdu commented Jan 19, 2022
edited
Loading

@samikroy : I think you missed to add workbook.json here, can you please add it... Thanks!!

@v-rucdu & @v-jayakal - Thank you for highlighting this. Have added the files as requested. Please let me know for further changes.

@samikroy : You have added the workbook.json under Workbooks-->Images folder, can you please delete and add it under Workbooks folder... and in solutions WorkbookMetadata.json is not required... please delete it... thanks!!!

@samikroy
Copy link
Contributor Author

@samikroy : I think you missed to add workbook.json here, can you please add it... Thanks!!

@v-rucdu & @v-jayakal - Thank you for highlighting this. Have added the files as requested. Please let me know for further changes.

@samikroy : You have added the workbook.json under Workbooks-->Images folder, can you please delete and add it under Workbooks folder... and in solutions WorkbookMetadata.json is not required... please delete it... thanks!!!

Done.

@v-rucdu v-rucdu merged commit aeb8852 into Azure:master Jan 19, 2022
@samikroy
Copy link
Contributor Author

Thank you @v-rucdu for the approval & merge.

@samikroy samikroy deleted the patch-17 branch January 19, 2022 12:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@v-rucdu v-rucdu v-rucdu approved these changes

@Amitbergman Amitbergman Awaiting requested review from Amitbergman

@aprakash13 aprakash13 Awaiting requested review from aprakash13

@ashwin-patil ashwin-patil Awaiting requested review from ashwin-patil

@dicolanl dicolanl Awaiting requested review from dicolanl

@ianhelle ianhelle Awaiting requested review from ianhelle

@juliango2100 juliango2100 Awaiting requested review from juliango2100

@laithhisham laithhisham Awaiting requested review from laithhisham

@liatlishams liatlishams Awaiting requested review from liatlishams

@liemilyg liemilyg Awaiting requested review from liemilyg

@lior-tamir lior-tamir Awaiting requested review from lior-tamir

@mgladi mgladi Awaiting requested review from mgladi

@nazang nazang Awaiting requested review from nazang

@NoamLandress NoamLandress Awaiting requested review from NoamLandress

@oshezaf oshezaf Awaiting requested review from oshezaf

@oshvartz oshvartz Awaiting requested review from oshvartz

@petebryan petebryan Awaiting requested review from petebryan

@preetikr preetikr Awaiting requested review from preetikr

@sagamzu sagamzu Awaiting requested review from sagamzu

@sarah-yo sarah-yo Awaiting requested review from sarah-yo

@shainw shainw Awaiting requested review from shainw

@shschwar shschwar Awaiting requested review from shschwar

@sreedharande sreedharande Awaiting requested review from sreedharande

@timbMSFT timbMSFT Awaiting requested review from timbMSFT

@Yaniv-Shasha Yaniv-Shasha Awaiting requested review from Yaniv-Shasha

@YaronFruchtmann YaronFruchtmann Awaiting requested review from YaronFruchtmann

@YuvalNaor YuvalNaor Awaiting requested review from YuvalNaor

@ashishsyal ashishsyal Awaiting requested review from ashishsyal

Assignees

@v-jayakal v-jayakal

Labels
Workbook Workbook specialty review needed
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@samikroy @v-rucdu @aprakash13 @v-jayakal