forked from demisto/content
-
Notifications
You must be signed in to change notification settings - Fork 13
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Parsing rules fix filter 3 (demisto#28118)
* Added filter to parsing rule of tanium threat response. * Added release note tanium threat response. * Added a filter to proofpoint tap parsing rule. * Added release note to proofpoint tap parsing rule. * revert proofpoint tap changes. * updated parsing rule of cisco ise * Added release notes. * Added filter to infoblox * Added release note to infoblox * Added release note to infoblox * Added comment to the parsing rules. * Updated the sql query in the readme for oracle
- Loading branch information
Showing
10 changed files
with
29 additions
and
14 deletions.
There are no files selected for viewing
4 changes: 3 additions & 1 deletion
4
Packs/Infoblox/ParsingRules/InfobloxParsingRules/InfobloxParsingRules.xif
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
#### Parsing Rules | ||
##### Infoblox Parsing Rule | ||
- Added a filter in the parsing rule to enhance its logic. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
4 changes: 3 additions & 1 deletion
4
Packs/TaniumThreatResponse/ParsingRules/TaniumThreatResponse/TaniumThreatResponse.xif
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1,4 @@ | ||
[INGEST:vendor="tanium", product="threat_response", target_dataset="tanium_threat_response_raw", no_hit = keep] | ||
alter _time = parse_timestamp("%Y-%m-%dT%H:%M:%E3SZ", json_extract_scalar(_raw_log, "$.Timestamp")); | ||
// Support only date time of format: yyyy-MM-ddThh:mm:ss.nnnZ. For example: "2022-01-01T10:00:00.000Z". | ||
filter json_extract_scalar(_raw_log, "$.Timestamp") ~= "\d+-\d+-\d+T\d+:\d+:\d+\.\d{3}Z" | ||
| alter _time = parse_timestamp("%Y-%m-%dT%H:%M:%E3SZ", json_extract_scalar(_raw_log, "$.Timestamp")); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
#### Parsing Rules | ||
##### Tanium Threat Response | ||
- Added a filter in the parsing rule to enhance its logic. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,6 @@ | ||
id: Cisco_ISE | ||
name: Cisco ISE | ||
fromversion: 6.10.0 | ||
fromversion: 8.2.0 | ||
tags: [] | ||
rules: '' | ||
samples: '' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
#### Parsing Rules | ||
##### Cisco ISE | ||
- Added a filter in the parsing rule to enhance its logic. | ||
- Improved implementation of _time parsing. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters