Repackaged - Cisco SEG

Azure · Nov 14, 2024 · d128e4c · d128e4c
1 parent 3c0d446
commit d128e4c
Show file tree

Hide file tree

Showing 28 changed files with 95 additions and 1,094 deletions.
diff --git a/Solutions/CiscoSEG/Analytic Rules/CiscoSEGDLPViolation.yaml b/Solutions/CiscoSEG/Analytic Rules/CiscoSEGDLPViolation.yaml
@@ -5,12 +5,6 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: CiscoSEG
-    dataTypes:
-      - CiscoSEGEvent
-  - connectorId: CiscoSEGAma
-    dataTypes:
-      - CiscoSEGEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
@@ -34,5 +28,5 @@ entityMappings:
     fieldMappings:
       - identifier: Name
         columnName: AccountCustomEntity
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled
diff --git a/Solutions/CiscoSEG/Analytic Rules/CiscoSEGMaliciousAttachmentNotBlocked.yaml b/Solutions/CiscoSEG/Analytic Rules/CiscoSEGMaliciousAttachmentNotBlocked.yaml
@@ -5,12 +5,6 @@ description: |
 severity: High
 status: Available
 requiredDataConnectors:
-  - connectorId: CiscoSEG
-    dataTypes:
-      - CiscoSEGEvent
-  - connectorId: CiscoSEGAma
-    dataTypes:
-      - CiscoSEGEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
@@ -35,5 +29,5 @@ entityMappings:
     fieldMappings:
       - identifier: Name
         columnName: AccountCustomEntity
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled
diff --git a/Solutions/CiscoSEG/Analytic Rules/CiscoSEGMultipleLargeEmails.yaml b/Solutions/CiscoSEG/Analytic Rules/CiscoSEGMultipleLargeEmails.yaml
@@ -5,12 +5,6 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: CiscoSEG
-    dataTypes:
-      - CiscoSEGEvent
-  - connectorId: CiscoSEGAma
-    dataTypes:
-      - CiscoSEGEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
@@ -39,5 +33,5 @@ entityMappings:
     fieldMappings:
       - identifier: Name
         columnName: AccountCustomEntity
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled
diff --git a/Solutions/CiscoSEG/Analytic Rules/CiscoSEGMultipleSuspiciousEmails.yaml b/Solutions/CiscoSEG/Analytic Rules/CiscoSEGMultipleSuspiciousEmails.yaml
@@ -5,12 +5,6 @@ description: |
 severity: High
 status: Available
 requiredDataConnectors:
-  - connectorId: CiscoSEG
-    dataTypes:
-      - CiscoSEGEvent
-  - connectorId: CiscoSEGAma
-    dataTypes:
-      - CiscoSEGEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
@@ -36,5 +30,5 @@ entityMappings:
     fieldMappings:
       - identifier: Name
         columnName: AccountCustomEntity
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled
diff --git a/Solutions/CiscoSEG/Analytic Rules/CiscoSEGPossibleOutbreak.yaml b/Solutions/CiscoSEG/Analytic Rules/CiscoSEGPossibleOutbreak.yaml
@@ -5,12 +5,6 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: CiscoSEG
-    dataTypes:
-      - CiscoSEGEvent
-  - connectorId: CiscoSEGAma
-    dataTypes:
-      - CiscoSEGEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
@@ -34,5 +28,5 @@ entityMappings:
     fieldMappings:
       - identifier: Name
         columnName: AccountCustomEntity
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled
diff --git a/Solutions/CiscoSEG/Analytic Rules/CiscoSEGPotentialLinkToMalwareDownload.yaml b/Solutions/CiscoSEG/Analytic Rules/CiscoSEGPotentialLinkToMalwareDownload.yaml
@@ -5,12 +5,6 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: CiscoSEG
-    dataTypes:
-      - CiscoSEGEvent
-  - connectorId: CiscoSEGAma
-    dataTypes:
-      - CiscoSEGEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
@@ -35,5 +29,5 @@ entityMappings:
     fieldMappings:
       - identifier: Name
         columnName: AccountCustomEntity
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled
diff --git a/Solutions/CiscoSEG/Analytic Rules/CiscoSEGSuspiciousLink.yaml b/Solutions/CiscoSEG/Analytic Rules/CiscoSEGSuspiciousLink.yaml
@@ -5,12 +5,6 @@ description: |
 severity: High
 status: Available
 requiredDataConnectors:
-  - connectorId: CiscoSEG
-    dataTypes:
-      - CiscoSEGEvent
-  - connectorId: CiscoSEGAma
-    dataTypes:
-      - CiscoSEGEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
@@ -35,5 +29,5 @@ entityMappings:
     fieldMappings:
       - identifier: Name
         columnName: AccountCustomEntity
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled
diff --git a/Solutions/CiscoSEG/Analytic Rules/CiscoSEGSuspiciousSenderDomain.yaml b/Solutions/CiscoSEG/Analytic Rules/CiscoSEGSuspiciousSenderDomain.yaml
@@ -5,12 +5,6 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: CiscoSEG
-    dataTypes:
-      - CiscoSEGEvent
-  - connectorId: CiscoSEGAma
-    dataTypes:
-      - CiscoSEGEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
@@ -41,5 +35,5 @@ entityMappings:
     fieldMappings:
       - identifier: Name
         columnName: AccountCustomEntity
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled
diff --git a/Solutions/CiscoSEG/Analytic Rules/CiscoSEGUnclassifiedLink.yaml b/Solutions/CiscoSEG/Analytic Rules/CiscoSEGUnclassifiedLink.yaml
@@ -5,12 +5,6 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: CiscoSEG
-    dataTypes:
-      - CiscoSEGEvent
-  - connectorId: CiscoSEGAma
-    dataTypes:
-      - CiscoSEGEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
@@ -35,5 +29,5 @@ entityMappings:
     fieldMappings:
       - identifier: Name
         columnName: AccountCustomEntity
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled
diff --git a/Solutions/CiscoSEG/Analytic Rules/CiscoSEGUnexpextedAttachment.yaml b/Solutions/CiscoSEG/Analytic Rules/CiscoSEGUnexpextedAttachment.yaml
@@ -5,12 +5,6 @@ description: |
 severity: High
 status: Available
 requiredDataConnectors:
-  - connectorId: CiscoSEG
-    dataTypes:
-      - CiscoSEGEvent
-  - connectorId: CiscoSEGAma
-    dataTypes:
-      - CiscoSEGEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
@@ -34,5 +28,5 @@ entityMappings:
     fieldMappings:
       - identifier: Name
         columnName: AccountCustomEntity
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled
diff --git a/Solutions/CiscoSEG/Analytic Rules/CiscoSEGUnscannableAttachment.yaml b/Solutions/CiscoSEG/Analytic Rules/CiscoSEGUnscannableAttachment.yaml
@@ -5,12 +5,6 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: CiscoSEG
-    dataTypes:
-      - CiscoSEGEvent
-  - connectorId: CiscoSEGAma
-    dataTypes:
-      - CiscoSEGEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
@@ -34,5 +28,5 @@ entityMappings:
     fieldMappings:
       - identifier: Name
         columnName: AccountCustomEntity
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled
diff --git a/Solutions/CiscoSEG/Data/Solution_CiscoSEG.json b/Solutions/CiscoSEG/Data/Solution_CiscoSEG.json
@@ -31,10 +31,6 @@
 	"Parsers": [
 		"Parsers/CiscoSEGEvent.yaml"
 	],
-	"Data Connectors": [
-		"Data Connectors/Connector_Cisco_SEG_CEF.json",
-		"Data Connectors/template_CiscoSEGAMA.json"
-	],
 	"Workbooks": [
 		"Workbooks/CiscoSEG.json"
 	],

diff --git a/Solutions/CiscoSEG/Hunting Queries/CiscoSEGDroppedInMails.yaml b/Solutions/CiscoSEG/Hunting Queries/CiscoSEGDroppedInMails.yaml
@@ -4,12 +4,6 @@ description: |
   'Query searches for dropped mails.'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: CiscoSEG
-    dataTypes:
-      - CiscoSEGEvent
-  - connectorId: CiscoSEGAma
-    dataTypes:
-      - CiscoSEGEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog

diff --git a/Solutions/CiscoSEG/Hunting Queries/CiscoSEGDroppedOutMails.yaml b/Solutions/CiscoSEG/Hunting Queries/CiscoSEGDroppedOutMails.yaml
@@ -4,12 +4,6 @@ description: |
   'Query searches for dropped outgoing mails.'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: CiscoSEG
-    dataTypes:
-      - CiscoSEGEvent
-  - connectorId: CiscoSEGAma
-    dataTypes:
-      - CiscoSEGEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog

diff --git a/Solutions/CiscoSEG/Hunting Queries/CiscoSEGFailedDKIMFailure.yaml b/Solutions/CiscoSEG/Hunting Queries/CiscoSEGFailedDKIMFailure.yaml
@@ -4,12 +4,6 @@ description: |
   'Query searches for mails with DKIM failure status.'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: CiscoSEG
-    dataTypes:
-      - CiscoSEGEvent
-  - connectorId: CiscoSEGAma
-    dataTypes:
-      - CiscoSEGEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog

diff --git a/Solutions/CiscoSEG/Hunting Queries/CiscoSEGFailedDMARKFailure.yaml b/Solutions/CiscoSEG/Hunting Queries/CiscoSEGFailedDMARKFailure.yaml
@@ -4,12 +4,6 @@ description: |
   'Query searches for mails with DMARK failure status.'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: CiscoSEG
-    dataTypes:
-      - CiscoSEGEvent
-  - connectorId: CiscoSEGAma
-    dataTypes:
-      - CiscoSEGEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog

diff --git a/Solutions/CiscoSEG/Hunting Queries/CiscoSEGFailedSPFFailure.yaml b/Solutions/CiscoSEG/Hunting Queries/CiscoSEGFailedSPFFailure.yaml
@@ -4,12 +4,6 @@ description: |
   'Query searches for mails with SPF failure status.'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: CiscoSEG
-    dataTypes:
-      - CiscoSEGEvent
-  - connectorId: CiscoSEGAma
-    dataTypes:
-      - CiscoSEGEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog

diff --git a/Solutions/CiscoSEG/Hunting Queries/CiscoSEGFailedTLSIn.yaml b/Solutions/CiscoSEG/Hunting Queries/CiscoSEGFailedTLSIn.yaml
@@ -4,12 +4,6 @@ description: |
   'Query searches failed TLS incoming connections.'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: CiscoSEG
-    dataTypes:
-      - CiscoSEGEvent
-  - connectorId: CiscoSEGAma
-    dataTypes:
-      - CiscoSEGEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog

diff --git a/Solutions/CiscoSEG/Hunting Queries/CiscoSEGFailedTLSOut.yaml b/Solutions/CiscoSEG/Hunting Queries/CiscoSEGFailedTLSOut.yaml
@@ -4,12 +4,6 @@ description: |
   'Query searches failed TLS outgoing connections.'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: CiscoSEG
-    dataTypes:
-      - CiscoSEGEvent
-  - connectorId: CiscoSEGAma
-    dataTypes:
-      - CiscoSEGEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog

diff --git a/Solutions/CiscoSEG/Hunting Queries/CiscoSEGInsecureProtocol.yaml b/Solutions/CiscoSEG/Hunting Queries/CiscoSEGInsecureProtocol.yaml
@@ -4,12 +4,6 @@ description: |
   'Query searches for connections with insecure protocol.'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: CiscoSEG
-    dataTypes:
-      - CiscoSEGEvent
-  - connectorId: CiscoSEGAma
-    dataTypes:
-      - CiscoSEGEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog

diff --git a/Solutions/CiscoSEG/Hunting Queries/CiscoSEGSpamMails.yaml b/Solutions/CiscoSEG/Hunting Queries/CiscoSEGSpamMails.yaml
@@ -4,12 +4,6 @@ description: |
   'Query searches for sources of spam mails.'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: CiscoSEG
-    dataTypes:
-      - CiscoSEGEvent
-  - connectorId: CiscoSEGAma
-    dataTypes:
-      - CiscoSEGEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog

diff --git a/Solutions/CiscoSEG/Hunting Queries/CiscoSEGUsersReceivedSpam.yaml b/Solutions/CiscoSEG/Hunting Queries/CiscoSEGUsersReceivedSpam.yaml
@@ -4,12 +4,6 @@ description: |
   'Query searches for top users receiving spam mails.'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: CiscoSEG
-    dataTypes:
-      - CiscoSEGEvent
-  - connectorId: CiscoSEGAma
-    dataTypes:
-      - CiscoSEGEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog

diff --git a/Solutions/CiscoSEG/Package/3.0.4.zip b/Solutions/CiscoSEG/Package/3.0.4.zip