Jose Sebastián Canós
Jose Sebastián Canós
## Description Please, this was already considered in https://github.com/github/linguist/pull/4827 . I think currently .kql is widely used over .csl I would like to open another PR to change the grammar...
## Description This is a continuation of https://github.com/github/linguist/pull/5995 , a separate PR as recommended by Colin. ## Checklist: - [ ] **I am associating a language with a new file...
Change(s): - Add a scheduled rule for unusual anomalies. Reason for Change(s): - I think workspaces could benefit by starting to check Anomalies, specially the ones that do not happen...
I have added more operations to compare, and I think clients should select which events they want this rule to trigger. Azure Firewall might add more operations in the long...
Change(s): 1. Correct the column name "timstamp" as other detections have it. 2. Add failure conditions to Syslog logs. 3. Add success condition to AAD logs. (```in``` instead of ```!in```)...
Change(s): 1. Remove ```isnotempty(``` conditions, that are removing desired results. 2. Put a limit in make_set and make_list. 3. Do not show by default all columns from ```arg_max(CalledIPAddress, *)``` Reason...
Required items, please complete Change(s): 1. Use distinct query_frequency and query_period parameters. 2. Interchange left and right join sides. 3. Use join kind inner instead of innerunique. 4. Parse ```ServicePrincipal.ObjectID```...
Change(s): - Add more cases to consider, depending on ```OperationNameValue``` and ```ActivityStatus```. Reason for Change(s): - It seems there can be two parsed versions of the same type of operation...
Change(s): - Remove condition about SubjectLogonId being a hardcoded value. Reason for Change(s): - It is strange to look for events whose EventData column contains "0x3e4" and then exclude the...
Change(s): 1. Parse ```ServicePrincipal.ObjectID``` and ```ServicePrincipal.DisplayName``` by name instead of a position in ```modifiedProperties```. Reason for Change(s): 1. Not every event or environment has ```ServicePrincipal.ObjectID``` in a specific position of...