/
create_table_with_commonsecuritylog_schema.ps1
171 lines (169 loc) · 7.75 KB
/
create_table_with_commonsecuritylog_schema.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
$tableParams = @'
{
"properties": {
"schema": {
"name": "BasicCommonSecLog_CL",
"columns": [
{"name":"TimeGenerated","type":"DateTime"},
{"name":"DeviceVendor","type":"String"},
{"name":"DeviceProduct","type":"String"},
{"name":"DeviceVersion","type":"String"},
{"name":"DeviceEventClassID","type":"String"},
{"name":"Activity","type":"String"},
{"name":"LogSeverity","type":"String"},
{"name":"OriginalLogSeverity","type":"String"},
{"name":"AdditionalExtensions","type":"String"},
{"name":"DeviceAction","type":"String"},
{"name":"ApplicationProtocol","type":"String"},
{"name":"EventCount","type":"int"},
{"name":"DestinationDnsDomain","type":"String"},
{"name":"DestinationServiceName","type":"String"},
{"name":"DestinationTranslatedAddress","type":"String"},
{"name":"DestinationTranslatedPort","type":"int"},
{"name":"CommunicationDirection","type":"String"},
{"name":"DeviceDnsDomain","type":"String"},
{"name":"DeviceExternalID","type":"String"},
{"name":"DeviceFacility","type":"String"},
{"name":"DeviceInboundInterface","type":"String"},
{"name":"DeviceNtDomain","type":"String"},
{"name":"DeviceOutboundInterface","type":"String"},
{"name":"DevicePayloadId","type":"String"},
{"name":"ProcessName","type":"String"},
{"name":"DeviceTranslatedAddress","type":"String"},
{"name":"DestinationHostName","type":"String"},
{"name":"DestinationMACAddress","type":"String"},
{"name":"DestinationNTDomain","type":"String"},
{"name":"DestinationProcessId","type":"int"},
{"name":"DestinationUserPrivileges","type":"String"},
{"name":"DestinationProcessName","type":"String"},
{"name":"DestinationPort","type":"int"},
{"name":"DestinationIP","type":"String"},
{"name":"DeviceTimeZone","type":"String"},
{"name":"DestinationUserID","type":"String"},
{"name":"DestinationUserName","type":"String"},
{"name":"DeviceAddress","type":"String"},
{"name":"DeviceName","type":"String"},
{"name":"DeviceMacAddress","type":"String"},
{"name":"ProcessID","type":"int"},
{"name":"EndTime","type":"datetime"},
{"name":"ExternalID","type":"int"},
{"name":"ExtID","type":"String"},
{"name":"FileCreateTime","type":"String"},
{"name":"FileHash","type":"String"},
{"name":"FileID","type":"String"},
{"name":"FileModificationTime","type":"String"},
{"name":"FilePath","type":"String"},
{"name":"FilePermission","type":"String"},
{"name":"FileType","type":"String"},
{"name":"FileName","type":"String"},
{"name":"FileSize","type":"int"},
{"name":"ReceivedBytes","type":"long"},
{"name":"Message","type":"String"},
{"name":"OldFileCreateTime","type":"String"},
{"name":"OldFileHash","type":"String"},
{"name":"OldFileID","type":"String"},
{"name":"OldFileModificationTime","type":"String"},
{"name":"OldFileName","type":"String"},
{"name":"OldFilePath","type":"String"},
{"name":"OldFilePermission","type":"String"},
{"name":"OldFileSize","type":"int"},
{"name":"OldFileType","type":"String"},
{"name":"SentBytes","type":"long"},
{"name":"EventOutcome","type":"String"},
{"name":"Protocol","type":"String"},
{"name":"Reason","type":"String"},
{"name":"RequestURL","type":"String"},
{"name":"RequestClientApplication","type":"String"},
{"name":"RequestContext","type":"String"},
{"name":"RequestCookies","type":"String"},
{"name":"RequestMethod","type":"String"},
{"name":"ReceiptTime","type":"String"},
{"name":"SourceHostName","type":"String"},
{"name":"SourceMACAddress","type":"String"},
{"name":"SourceNTDomain","type":"String"},
{"name":"SourceDnsDomain","type":"String"},
{"name":"SourceServiceName","type":"String"},
{"name":"SourceTranslatedAddress","type":"String"},
{"name":"SourceTranslatedPort","type":"int"},
{"name":"SourceProcessId","type":"int"},
{"name":"SourceUserPrivileges","type":"String"},
{"name":"SourceProcessName","type":"String"},
{"name":"SourcePort","type":"int"},
{"name":"SourceIP","type":"String"},
{"name":"StartTime","type":"datetime"},
{"name":"SourceUserID","type":"String"},
{"name":"SourceUserName","type":"String"},
{"name":"EventType","type":"int"},
{"name":"DeviceEventCategory","type":"String"},
{"name":"DeviceCustomIPv6Address1","type":"String"},
{"name":"DeviceCustomIPv6Address1Label","type":"String"},
{"name":"DeviceCustomIPv6Address2","type":"String"},
{"name":"DeviceCustomIPv6Address2Label","type":"String"},
{"name":"DeviceCustomIPv6Address3","type":"String"},
{"name":"DeviceCustomIPv6Address3Label","type":"String"},
{"name":"DeviceCustomIPv6Address4","type":"String"},
{"name":"DeviceCustomIPv6Address4Label","type":"String"},
{"name":"DeviceCustomFloatingPoint1","type":"real"},
{"name":"DeviceCustomFloatingPoint1Label","type":"String"},
{"name":"DeviceCustomFloatingPoint2","type":"real"},
{"name":"DeviceCustomFloatingPoint2Label","type":"String"},
{"name":"DeviceCustomFloatingPoint3","type":"real"},
{"name":"DeviceCustomFloatingPoint3Label","type":"String"},
{"name":"DeviceCustomFloatingPoint4","type":"real"},
{"name":"DeviceCustomFloatingPoint4Label","type":"String"},
{"name":"DeviceCustomNumber1","type":"int"},
{"name":"FieldDeviceCustomNumber1","type":"long"},
{"name":"DeviceCustomNumber1Label","type":"String"},
{"name":"DeviceCustomNumber2","type":"int"},
{"name":"FieldDeviceCustomNumber2","type":"long"},
{"name":"DeviceCustomNumber2Label","type":"String"},
{"name":"DeviceCustomNumber3","type":"int"},
{"name":"FieldDeviceCustomNumber3","type":"long"},
{"name":"DeviceCustomNumber3Label","type":"String"},
{"name":"DeviceCustomString1","type":"String"},
{"name":"DeviceCustomString1Label","type":"String"},
{"name":"DeviceCustomString2","type":"String"},
{"name":"DeviceCustomString2Label","type":"String"},
{"name":"DeviceCustomString3","type":"String"},
{"name":"DeviceCustomString3Label","type":"String"},
{"name":"DeviceCustomString4","type":"String"},
{"name":"DeviceCustomString4Label","type":"String"},
{"name":"DeviceCustomString5","type":"String"},
{"name":"DeviceCustomString5Label","type":"String"},
{"name":"DeviceCustomString6","type":"String"},
{"name":"DeviceCustomString6Label","type":"String"},
{"name":"DeviceCustomDate1","type":"String"},
{"name":"DeviceCustomDate1Label","type":"String"},
{"name":"DeviceCustomDate2","type":"String"},
{"name":"DeviceCustomDate2Label","type":"String"},
{"name":"FlexDate1","type":"String"},
{"name":"FlexDate1Label","type":"String"},
{"name":"FlexNumber1","type":"int"},
{"name":"FlexNumber1Label","type":"String"},
{"name":"FlexNumber2","type":"int"},
{"name":"FlexNumber2Label","type":"String"},
{"name":"FlexString1","type":"String"},
{"name":"FlexString1Label","type":"String"},
{"name":"FlexString2","type":"String"},
{"name":"FlexString2Label","type":"String"},
{"name":"RemoteIP","type":"String"},
{"name":"RemotePort","type":"String"},
{"name":"MaliciousIP","type":"String"},
{"name":"ThreatSeverity","type":"int"},
{"name":"IndicatorThreatType","type":"String"},
{"name":"ThreatDescription","type":"String"},
{"name":"ThreatConfidence","type":"String"},
{"name":"ReportReferenceLink","type":"String"},
{"name":"MaliciousIPLongitude","type":"real"},
{"name":"MaliciousIPLatitude","type":"real"},
{"name":"MaliciousIPCountry","type":"String"},
{"name":"Computer","type":"String"},
{"name":"SourceSystem","type":"String"},
{"name":"SimplifiedDeviceAction","type":"String"},
{"name":"CollectorHostName","type":"String"}
]
}
}
}
'@
Invoke-AzRestMethod -Path "(your sentinel path)/tables/BasicCommonSecLog_CL?api-version=2021-12-01-preview" -Method PUT -payload $tableParams