Skip to content

Commit c612e04

Browse files
authored
Merge pull request #14451 from RamboV/master
Updated queries pointing to correct table
2 parents 012a82a + ce1ad2b commit c612e04

3 files changed

Lines changed: 24 additions & 23 deletions

File tree

15.5 KB
Binary file not shown.

Solutions/JoeSandbox/Package/mainTemplate.json

Lines changed: 22 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -31,7 +31,7 @@
3131
},
3232
"variables": {
3333
"_solutionName": "JoeSandbox",
34-
"_solutionVersion": "3.0.1",
34+
"_solutionVersion": "3.0.2",
3535
"solutionId": "joesecurity.azure-sentinel-solution-joesandbox",
3636
"_solutionId": "[variables('solutionId')]",
3737
"JoeSandboxEnrichment_FunctionAppConnector": "JoeSandboxEnrichment_FunctionAppConnector",
@@ -1677,36 +1677,36 @@
16771677
"graphQueries": [
16781678
{
16791679
"metricName": "JoeSandbox Threat Indicators data received",
1680-
"legend": "ThreatIntelligenceIndicator | where SourceSystem contains 'JoeSandbox'",
1681-
"baseQuery": "ThreatIntelligenceIndicator | where SourceSystem contains 'JoeSandbox'"
1680+
"legend": "ThreatIntelIndicators | where SourceSystem contains 'JoeSandbox'",
1681+
"baseQuery": "ThreatIntelIndicators | where SourceSystem contains 'JoeSandbox'"
16821682
},
16831683
{
16841684
"metricName": "Non-JoeSandbox Threat Indicators data received",
1685-
"legend": "ThreatIntelligenceIndicator | where SourceSystem !contains 'JoeSandbox'",
1686-
"baseQuery": "ThreatIntelligenceIndicator | where SourceSystem !contains 'JoeSandbox'"
1685+
"legend": "ThreatIntelIndicators | where SourceSystem !contains 'JoeSandbox'",
1686+
"baseQuery": "ThreatIntelIndicators | where SourceSystem !contains 'JoeSandbox'"
16871687
}
16881688
],
16891689
"sampleQueries": [
16901690
{
16911691
"description": "JoeSandbox Based Indicators Events - All JoeSandbox threat indicators in Microsoft Sentinel Threat Intelligence.",
1692-
"query": "ThreatIntelligenceIndicator\n | where SourceSystem contains 'JoeSandbox'\n | sort by TimeGenerated desc"
1692+
"query": "ThreatIntelIndicators\n | where SourceSystem contains 'JoeSandbox'\n | sort by TimeGenerated desc"
16931693
},
16941694
{
16951695
"description": "Non-JoeSandbox Based Indicators Events - All Non-JoeSandbox threat indicators in Microsoft Sentinel Threat Intelligence.",
1696-
"query": "ThreatIntelligenceIndicator\n | where SourceSystem !contains 'JoeSandbox'\n | sort by TimeGenerated desc"
1696+
"query": "ThreatIntelIndicators\n | where SourceSystem !contains 'JoeSandbox'\n | sort by TimeGenerated desc"
16971697
}
16981698
],
16991699
"dataTypes": [
17001700
{
1701-
"name": "ThreatIntelligenceIndicator",
1702-
"lastDataReceivedQuery": "ThreatIntelligenceIndicator\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)"
1701+
"name": "ThreatIntelIndicators",
1702+
"lastDataReceivedQuery": "ThreatIntelIndicators\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)"
17031703
}
17041704
],
17051705
"connectivityCriterias": [
17061706
{
17071707
"type": "IsConnectedQuery",
17081708
"value": [
1709-
"ThreatIntelligenceIndicator\n | where SourceSystem contains 'JoeSandbox'\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)"
1709+
"ThreatIntelIndicators\n | where SourceSystem contains 'JoeSandbox'\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)"
17101710
]
17111711
},
17121712
{
@@ -1718,7 +1718,7 @@
17181718
{
17191719
"type": "IsConnectedQuery",
17201720
"value": [
1721-
"ThreatIntelligenceIndicator\n | where SourceSystem !contains 'JoeSandbox'\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)"
1721+
"ThreatIntelIndicators\n | where SourceSystem !contains 'JoeSandbox'\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)"
17221722
]
17231723
}
17241724
],
@@ -1888,26 +1888,26 @@
18881888
"graphQueries": [
18891889
{
18901890
"metricName": "JoeSandbox Threat Indicators data received",
1891-
"legend": "ThreatIntelligenceIndicator | where SourceSystem contains 'JoeSandbox'",
1892-
"baseQuery": "ThreatIntelligenceIndicator | where SourceSystem contains 'JoeSandbox'"
1891+
"legend": "ThreatIntelIndicators | where SourceSystem contains 'JoeSandbox'",
1892+
"baseQuery": "ThreatIntelIndicators | where SourceSystem contains 'JoeSandbox'"
18931893
},
18941894
{
18951895
"metricName": "Non-JoeSandbox Threat Indicators data received",
1896-
"legend": "ThreatIntelligenceIndicator | where SourceSystem !contains 'JoeSandbox'",
1897-
"baseQuery": "ThreatIntelligenceIndicator | where SourceSystem !contains 'JoeSandbox'"
1896+
"legend": "ThreatIntelIndicators | where SourceSystem !contains 'JoeSandbox'",
1897+
"baseQuery": "ThreatIntelIndicators | where SourceSystem !contains 'JoeSandbox'"
18981898
}
18991899
],
19001900
"dataTypes": [
19011901
{
1902-
"name": "ThreatIntelligenceIndicator",
1903-
"lastDataReceivedQuery": "ThreatIntelligenceIndicator\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)"
1902+
"name": "ThreatIntelIndicators",
1903+
"lastDataReceivedQuery": "ThreatIntelIndicators\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)"
19041904
}
19051905
],
19061906
"connectivityCriterias": [
19071907
{
19081908
"type": "IsConnectedQuery",
19091909
"value": [
1910-
"ThreatIntelligenceIndicator\n | where SourceSystem contains 'JoeSandbox'\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)"
1910+
"ThreatIntelIndicators\n | where SourceSystem contains 'JoeSandbox'\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)"
19111911
]
19121912
},
19131913
{
@@ -1919,18 +1919,18 @@
19191919
{
19201920
"type": "IsConnectedQuery",
19211921
"value": [
1922-
"ThreatIntelligenceIndicator\n | where SourceSystem !contains 'JoeSandbox'\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)"
1922+
"ThreatIntelIndicators\n | where SourceSystem !contains 'JoeSandbox'\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)"
19231923
]
19241924
}
19251925
],
19261926
"sampleQueries": [
19271927
{
19281928
"description": "JoeSandbox Based Indicators Events - All JoeSandbox threat indicators in Microsoft Sentinel Threat Intelligence.",
1929-
"query": "ThreatIntelligenceIndicator\n | where SourceSystem contains 'JoeSandbox'\n | sort by TimeGenerated desc"
1929+
"query": "ThreatIntelIndicators\n | where SourceSystem contains 'JoeSandbox'\n | sort by TimeGenerated desc"
19301930
},
19311931
{
19321932
"description": "Non-JoeSandbox Based Indicators Events - All Non-JoeSandbox threat indicators in Microsoft Sentinel Threat Intelligence.",
1933-
"query": "ThreatIntelligenceIndicator\n | where SourceSystem !contains 'JoeSandbox'\n | sort by TimeGenerated desc"
1933+
"query": "ThreatIntelIndicators\n | where SourceSystem !contains 'JoeSandbox'\n | sort by TimeGenerated desc"
19341934
}
19351935
],
19361936
"availability": {
@@ -2022,7 +2022,7 @@
20222022
"apiVersion": "2023-04-01-preview",
20232023
"location": "[parameters('workspace-location')]",
20242024
"properties": {
2025-
"version": "3.0.1",
2025+
"version": "3.0.2",
20262026
"kind": "Solution",
20272027
"contentSchemaVersion": "3.0.0",
20282028
"displayName": "JoeSandbox",
Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,5 @@
11
| **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** |
22
|-------------|--------------------------------|---------------------------------------------|
3+
| 3.0.2 | 10-06-2026 | Fix sample queries to poinnt to the right tables. |
34
| 3.0.1 | 24-04-2026 | Fix Azure templates. |
4-
| 3.0.0 | 13-02-2026 | Initial Solution Release. <br/> Removed Manual Deployment Steps. |
5+
| 3.0.0 | 13-02-2026 | Initial Solution Release. <br/> Removed Manual Deployment Steps. |

0 commit comments

Comments
 (0)