Skip to content

Commit df97deb

Browse files
authored
Merge pull request #14564 from fgravato/lookout/v3.0.6
Lookout v3.0.6: CCF cursor timeout fix and DCR field path corrections
2 parents 8166eef + 59b3708 commit df97deb

9 files changed

Lines changed: 122 additions & 123 deletions

File tree

Solutions/Lookout/Data Connectors/LookoutStreamingConnector_ccp/LookoutStreaming_DCR.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -320,7 +320,7 @@
320320
"destinations": [
321321
"clv2ws1"
322322
],
323-
"transformKql": "source | extend TimeGenerated = todatetime(created_time), id = iff(isempty(tostring(id)), tostring(oid), tostring(id)), event_type = tostring(type), log_type = tostring(type), actor_device_guid = tostring(actor.guid), device_guid = tostring(device.guid), device_activated_at = todatetime(device.activated_at), device_activation_status = tostring(device.activation_status), device_checkin_time = todatetime(device.checkin_time), device_customer_id = tostring(device.customer_device_id), device_deactivated_at = todatetime(device.deactivated_at), device_group_guid = tostring(device.device_group_guid), device_platform = tostring(device.platform), device_os_version = tostring(device.os_version), device_manufacturer = tostring(device.manufacturer), device_model = tostring(device.model), device_email_address = tostring(device.email_address), device_security_status = tostring(device.security_status), client_lookout_sdk_version = tostring(device.client.lookout_sdk_version), client_ota_version = tostring(device.client.ota_version), client_package_name = tostring(device.client.package_name), client_package_version = tostring(device.client.package_version), mdm_connector_id = toint(device.details.mdm_connector_id), mdm_connector_uuid = tostring(device.details.mdm_connector_uuid), mdm_external_id = tostring(device.details.external_id), threat_id = tostring(threat.id), threat_type = tostring(threat.type), threat_action = tostring(threat.action), threat_severity = tostring(threat.severity), threat_classification = tostring(threat.classification), threat_classifications = tostring(threat.classifications), threat_risk = tostring(threat.risk), threat_status = tostring(threat.status), threat_assessments = tostring(threat.assessments), threat_description = tostring(threat.description), threat_application_name = tostring(threat.application_name), threat_package_name = tostring(threat.package_name), threat_package_sha = tostring(threat.package_sha), threat_file_name = tostring(threat.file_name), threat_file_path = tostring(threat.path), threat_pcp_reporting_reason = tostring(threat.pcp_reporting_reason), threat_pcp_device_response = tostring(threat.pcp_device_response), audit_type = tostring(audit.type), actor_type = tostring(actor.type), actor_guid = tostring(actor.guid), target_type = tostring(target.type), target_guid = tostring(target.guid), target_email_address = tostring(target.email_address), target_platform = tostring(target.platform), target_os_version = tostring(target.os_version), target_manufacturer = tostring(target.manufacturer), target_model = tostring(target.model), smishing_alert_id = tostring(smishing_alert.id), smishing_alert_type = tostring(smishing_alert.type), smishing_alert_severity = tostring(smishing_alert.severity), smishing_alert_description = tostring(smishing_alert.description), device_permissions = device.device_permissions, device_settings = device.device_settings, device_vulns = device.device_vulns, risky_config = device.risky_config, audit_attribute_changes = audit.attribute_changes, smishing_detections = smishing_alert.detections",
323+
"transformKql": "source | extend TimeGenerated = todatetime(created_time), id = iff(isempty(tostring(id)), tostring(oid), tostring(id)), event_type = tostring(type), log_type = tostring(type), actor_device_guid = tostring(actor.guid), device_guid = tostring(device.guid), device_activated_at = todatetime(device.activated_at), device_activation_status = tostring(device.activation_status), device_checkin_time = todatetime(device.checkin_time), device_customer_id = tostring(device.customer_device_id), device_deactivated_at = todatetime(device.deactivated_at), device_group_guid = tostring(device.device_group_guid), device_platform = tostring(device.platform), device_os_version = tostring(device.os_version), device_manufacturer = tostring(device.manufacturer), device_model = tostring(device.model), device_email_address = tostring(device.info.email), device_security_status = tostring(device.security_status), client_lookout_sdk_version = tostring(device.client.lookout_sdk_version), client_ota_version = tostring(device.client.ota_version), client_package_name = tostring(device.client.package_name), client_package_version = tostring(device.client.package_version), mdm_connector_id = toint(device.details.mdm_connector_id), mdm_connector_uuid = tostring(device.details.mdm_connector_uuid), mdm_external_id = tostring(device.details.external_id), threat_id = tostring(threat.guid), threat_type = tostring(threat.type), threat_action = tostring(threat.details.response), threat_severity = tostring(threat.severity), threat_classification = tostring(threat.classification), threat_classifications = tostring(threat.classifications), threat_risk = tostring(threat.risk), threat_status = tostring(threat.status), threat_assessments = tostring(threat.assessments), threat_description = tostring(threat.description), threat_application_name = tostring(threat.application_name), threat_package_name = tostring(threat.package_name), threat_package_sha = tostring(threat.package_sha), threat_file_name = tostring(threat.file_name), threat_file_path = tostring(threat.path), threat_pcp_reporting_reason = tostring(threat.pcp_reporting_reason), threat_pcp_device_response = tostring(threat.pcp_device_response), audit_type = tostring(audit.type), actor_type = tostring(actor.type), actor_guid = tostring(actor.guid), target_type = tostring(target.type), target_guid = tostring(target.guid), target_email_address = tostring(target.email_address), target_platform = tostring(target.platform), target_os_version = tostring(target.os_version), target_manufacturer = tostring(target.manufacturer), target_model = tostring(target.model), smishing_alert_id = tostring(smishing_alert.guid), smishing_alert_type = tostring(smishing_alert.type), smishing_alert_severity = tostring(smishing_alert.severity), smishing_alert_description = tostring(smishing_alert.description), device_permissions = device.device_permissions, device_settings = device.device_settings, device_vulns = device.device_vulns, risky_config = device.risky_config, audit_attribute_changes = audit.attribute_changes, smishing_detections = smishing_alert.detections",
324324
"outputStream": "Custom-LookoutMtdV2_CL"
325325
}
326326
]

Solutions/Lookout/Data Connectors/LookoutStreamingConnector_ccp/LookoutStreaming_PollingConfig.json

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -35,7 +35,6 @@
3535
"queryTimeFormat": "yyyy-MM-dd'T'HH:mm:ss'Z'",
3636
"rateLimitQps": 10,
3737
"retryCount": 3,
38-
"logResponseContent": true,
3938
"startTimeAttributeName": "start_time",
4039
"timeoutInSeconds": 30,
4140
"queryParameters": {
@@ -48,7 +47,7 @@
4847
}
4948
},
5049
"paging": {
51-
"pagingType": "PersistentToken",
50+
"pagingType": "NextPageToken",
5251
"nextPageTokenJsonPath": "$.last_oid",
5352
"nextPageParaName": "oid"
5453
},

Solutions/Lookout/Data/Solution_Lookout.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -40,7 +40,7 @@
4040
],
4141
"Metadata": "SolutionMetadata.json",
4242
"BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\Lookout",
43-
"Version": "3.0.5",
43+
"Version": "3.0.6",
4444
"TemplateSpec": true,
4545
"Is1PConnector": false
4646
}
33.1 KB
Binary file not shown.

0 commit comments

Comments
 (0)