Skip to content

Added a new set of Sentinel queries related to network activity using the CommonSecurityLog data source. #524

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
ianhelle merged 6 commits into from
Nov 17, 2022
Merged

Added a new set of Sentinel queries related to network activity using the CommonSecurityLog data source. #524

ianhelle merged 6 commits into from
Nov 17, 2022

Conversation

@petebryan
Copy link
Contributor

@petebryan petebryan commented Sep 26, 2022

Added a new set of Sentinel queries related to network activity using the CommonSecurityLog data source.

These inlcude:

  • Network.network_connections_to_url
  • Network.host_network_connections_csl
  • Network.ip_network_connections_csl
  • Network.all_network_connections_csl
  • Network.ips_by_host_csl
  • Network.hosts_by_ip_csl

@petebryan petebryan marked this pull request as ready for review September 26, 2022 22:25
@petebryan petebryan requested a review from ianhelle September 26, 2022 22:26
@petebryan petebryan added this to the Release 2.2.0 milestone Oct 6, 2022
ianhelle
ianhelle previously approved these changes Oct 28, 2022
View reviewed changes
Copy link
Contributor

@ianhelle ianhelle left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

just a couple of query params using 'ip" instead of ip_address (will allow them to appear as pivot functions)

ianhelle
ianhelle requested changes Nov 5, 2022
View reviewed changes
Copy link
Contributor

@ianhelle ianhelle left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would be good to stick to standard parameter names - ip_address

@petebryan petebryan requested a review from ianhelle November 16, 2022 00:54
@ianhelle ianhelle merged commit 7728c99 into main Nov 17, 2022
@ianhelle ianhelle deleted the pebryan/2022-9_26_CSLQueries branch November 17, 2022 00:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ianhelle ianhelle ianhelle approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

Release 2.2.0

Development

Successfully merging this pull request may close these issues.

3 participants

@petebryan @ianhelle