Azure-Sentinel BEC - Stages 2-3 UEBA updates

Required items, please complete

Change(s):

Added UEBA tables IdentityInfo and BehaviorAnalytics where applicable in all of the BEC scenario stage 2-3 queries.

Reason for Change(s):

Adding additional UEBA data for context.

Version Updated:

Yes
Detections/Analytic Rule templates are required to have the version updated

Testing Completed:

Yes

Checked that the validations are passing and have addressed any issues that are present:

Yes

Apr 21 '23 20:04 jannieli

Hello @jannieli please address to @aprakash13 comments

Apr 25 '23 11:04 v-prasadboke

Hello @jannieli @petebryan has requested changes

Apr 28 '23 05:04 v-prasadboke

Hello @jannieli please remove the branch conflicts

May 03 '23 04:05 v-prasadboke

Hello @petebryan & @aprakash13 @jannieli has made some changes

May 05 '23 04:05 v-prasadboke

Hello @jannieli any updates on the above

May 09 '23 11:05 v-prasadboke

Hello @petebryan, @aprakash13 @jannieli has made some changes

May 18 '23 16:05 v-prasadboke

Please update the branch from master as well

Jun 26 '23 10:06 v-prasadboke

Hello @jannieli will be investigating this PR, you can expect an update till 14 Jul

Jul 11 '23 06:07 v-prasadboke

Template Id: 99885ff5-00cf-49e8-9452-6de6aba2a5c7 is not valid in Line: 31 col: 8 Errors: The column 'IP_0_Address' must exist on both sides of the join., Code: 'KS145', Severity: 'Error', Location: '1401..1413'

please resolve this issue

Jul 14 '23 11:07 v-prasadboke

Hello @jannieli any updates on above

Jul 18 '23 08:07 v-prasadboke

Hello @jannieli we are waiting for your update, and please also resolve the branch conflicts

Jul 20 '23 10:07 v-prasadboke

Hello @jannieli, Thank you for committing the changes, you can expect an update till 26 Jul 2023

Jul 24 '23 11:07 v-prasadboke

Azure-Sentinel Azure-Sentinel copied to clipboard

BEC - Stages 2-3 UEBA updates

Azure-Sentinel
Azure-Sentinel copied to clipboard