Skip to content

Commit f13777c

Browse files
hassanchawichehassanchawiche
authored
Merge pull request #14111 from jlheard/user/jlheard/github-alerts-to-clv2
[GitHub Advanced Security Alerts] - create v2 connector which supports Log Analytics CLv2
2 parents 40d7321 + bcede57 commit f13777c

17 files changed

Lines changed: 1885 additions & 42 deletions

File tree

.script/tests/KqlvalidationsTests/CustomFunctions/githubscanaudit.json

Lines changed: 102 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,102 @@
1+
{
2+
"FunctionName": "githubscanaudit",
3+
"FunctionParameters": [],
4+
"FunctionResultColumns": [
5+
{
6+
"Name": "TimeGenerated",
7+
"Type": "datetime"
8+
},
9+
{
10+
"Name": "action_s",
11+
"Type": "string"
12+
},
13+
{
14+
"Name": "alert_s",
15+
"Type": "string"
16+
},
17+
{
18+
"Name": "repository_s",
19+
"Type": "string"
20+
},
21+
{
22+
"Name": "organization_s",
23+
"Type": "string"
24+
},
25+
{
26+
"Name": "sender_s",
27+
"Type": "string"
28+
},
29+
{
30+
"Name": "commits_s",
31+
"Type": "string"
32+
},
33+
{
34+
"Name": "commit_oid_s",
35+
"Type": "string"
36+
},
37+
{
38+
"Name": "ref_s",
39+
"Type": "string"
40+
},
41+
{
42+
"Name": "ref_type_s",
43+
"Type": "string"
44+
},
45+
{
46+
"Name": "rule_s",
47+
"Type": "string"
48+
},
49+
{
50+
"Name": "comment_s",
51+
"Type": "string"
52+
},
53+
{
54+
"Name": "deployment_s",
55+
"Type": "string"
56+
},
57+
{
58+
"Name": "deployment_status_s",
59+
"Type": "string"
60+
},
61+
{
62+
"Name": "discussion_s",
63+
"Type": "string"
64+
},
65+
{
66+
"Name": "check_run_s",
67+
"Type": "string"
68+
},
69+
{
70+
"Name": "key_s",
71+
"Type": "string"
72+
},
73+
{
74+
"Name": "changes_s",
75+
"Type": "string"
76+
},
77+
{
78+
"Name": "master_branch_s",
79+
"Type": "string"
80+
},
81+
{
82+
"Name": "pusher_type_s",
83+
"Type": "string"
84+
},
85+
{
86+
"Name": "description_s",
87+
"Type": "string"
88+
},
89+
{
90+
"Name": "event_s",
91+
"Type": "string"
92+
},
93+
{
94+
"Name": "number_d",
95+
"Type": "real"
96+
},
97+
{
98+
"Name": "forced_b",
99+
"Type": "bool"
100+
}
101+
]
102+
}

.script/tests/KqlvalidationsTests/CustomTables/GitHubAdvancedSecurityAlerts_CL.json

Lines changed: 117 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,117 @@
1+
{
2+
"Name": "GitHubAdvancedSecurityAlerts_CL",
3+
"Properties": [
4+
{
5+
"Name": "TenantId",
6+
"Type": "string"
7+
},
8+
{
9+
"Name": "SourceSystem",
10+
"Type": "string"
11+
},
12+
{
13+
"Name": "TimeGenerated",
14+
"Type": "datetime"
15+
},
16+
{
17+
"Name": "Type",
18+
"Type": "string"
19+
},
20+
{
21+
"Name": "_ResourceId",
22+
"Type": "string"
23+
},
24+
{
25+
"Name": "action_s",
26+
"Type": "string"
27+
},
28+
{
29+
"Name": "alert_s",
30+
"Type": "string"
31+
},
32+
{
33+
"Name": "repository_s",
34+
"Type": "string"
35+
},
36+
{
37+
"Name": "organization_s",
38+
"Type": "string"
39+
},
40+
{
41+
"Name": "sender_s",
42+
"Type": "string"
43+
},
44+
{
45+
"Name": "commits_s",
46+
"Type": "string"
47+
},
48+
{
49+
"Name": "commit_oid_s",
50+
"Type": "string"
51+
},
52+
{
53+
"Name": "ref_s",
54+
"Type": "string"
55+
},
56+
{
57+
"Name": "ref_type_s",
58+
"Type": "string"
59+
},
60+
{
61+
"Name": "rule_s",
62+
"Type": "string"
63+
},
64+
{
65+
"Name": "comment_s",
66+
"Type": "string"
67+
},
68+
{
69+
"Name": "deployment_s",
70+
"Type": "string"
71+
},
72+
{
73+
"Name": "deployment_status_s",
74+
"Type": "string"
75+
},
76+
{
77+
"Name": "discussion_s",
78+
"Type": "string"
79+
},
80+
{
81+
"Name": "check_run_s",
82+
"Type": "string"
83+
},
84+
{
85+
"Name": "key_s",
86+
"Type": "string"
87+
},
88+
{
89+
"Name": "changes_s",
90+
"Type": "string"
91+
},
92+
{
93+
"Name": "master_branch_s",
94+
"Type": "string"
95+
},
96+
{
97+
"Name": "pusher_type_s",
98+
"Type": "string"
99+
},
100+
{
101+
"Name": "description_s",
102+
"Type": "string"
103+
},
104+
{
105+
"Name": "event_s",
106+
"Type": "string"
107+
},
108+
{
109+
"Name": "number_d",
110+
"Type": "real"
111+
},
112+
{
113+
"Name": "forced_b",
114+
"Type": "bool"
115+
}
116+
]
117+
}

Sample Data/GitHubAdvancedSecurityAlerts_CL.json

Lines changed: 133 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,133 @@
1+
[
2+
{
3+
"TimeGenerated": "2024-06-01T10:15:00Z",
4+
"action_s": "reopened",
5+
"alert_s": "{\"number\":10,\"created_at\":\"2024-06-01T10:00:00Z\",\"updated_at\":\"2024-06-01T10:15:00Z\",\"url\":\"https://api.github.com/repos/Codertocat/Hello-World/code-scanning/alerts/10\",\"html_url\":\"https://github.com/Codertocat/Hello-World/security/code-scanning/10\",\"state\":\"open\",\"rule\":{\"id\":\"Style/FrozenStringLiteralComment\",\"severity\":\"note\",\"description\":\"Add the frozen_string_literal comment to the top of files to help transition to frozen string literals by default.\"},\"tool\":{\"name\":\"Rubocop\",\"version\":null}}",
6+
"commit_oid_s": "d6e4c75c141dbacecc279b721b8b9393d5405795",
7+
"ref_s": "refs/heads/main",
8+
"repository_s": "{\"id\":186853002,\"name\":\"Hello-World\",\"full_name\":\"Codertocat/Hello-World\",\"private\":false,\"owner\":{\"login\":\"Codertocat\",\"type\":\"User\"},\"url\":\"https://api.github.com/repos/Codertocat/Hello-World\",\"html_url\":\"https://github.com/Codertocat/Hello-World\",\"default_branch\":\"main\"}",
9+
"organization_s": "{\"login\":\"Octocoders\",\"id\":6,\"url\":\"https://api.github.com/orgs/Octocoders\"}",
10+
"sender_s": "{\"login\":\"github\",\"id\":9919,\"type\":\"Organization\",\"site_admin\":false}",
11+
"event_s": "code_scanning_alert",
12+
"rule_s": "",
13+
"alert_s_event": "code_scanning_alert",
14+
"commits_s": "",
15+
"ref_type_s": "",
16+
"comment_s": "",
17+
"deployment_s": "",
18+
"deployment_status_s": "",
19+
"discussion_s": "",
20+
"check_run_s": "",
21+
"key_s": "",
22+
"changes_s": "",
23+
"master_branch_s": "",
24+
"pusher_type_s": "",
25+
"description_s": "",
26+
"number_d": 10,
27+
"forced_b": false
28+
},
29+
{
30+
"TimeGenerated": "2024-06-01T11:30:00Z",
31+
"action_s": "create",
32+
"alert_s": "{\"number\":5,\"created_at\":\"2024-06-01T11:25:00Z\",\"affected_range\":\">= 1.0.0, < 1.8.0\",\"external_identifier\":\"CVE-2024-12345\",\"ghsa_id\":\"GHSA-xxxx-yyyy-zzzz\",\"severity\":\"high\",\"url\":\"https://api.github.com/repos/Codertocat/Hello-World/vulnerability-alerts/5\"}",
33+
"commit_oid_s": "",
34+
"ref_s": "",
35+
"repository_s": "{\"id\":186853002,\"name\":\"Hello-World\",\"full_name\":\"Codertocat/Hello-World\",\"private\":false,\"owner\":{\"login\":\"Codertocat\",\"type\":\"User\"},\"url\":\"https://api.github.com/repos/Codertocat/Hello-World\",\"html_url\":\"https://github.com/Codertocat/Hello-World\",\"default_branch\":\"main\"}",
36+
"organization_s": "{\"login\":\"Octocoders\",\"id\":6,\"url\":\"https://api.github.com/orgs/Octocoders\"}",
37+
"sender_s": "{\"login\":\"dependabot[bot]\",\"id\":49699333,\"type\":\"Bot\",\"site_admin\":false}",
38+
"event_s": "repository_vulnerability_alert",
39+
"rule_s": "",
40+
"commits_s": "",
41+
"ref_type_s": "",
42+
"comment_s": "",
43+
"deployment_s": "",
44+
"deployment_status_s": "",
45+
"discussion_s": "",
46+
"check_run_s": "",
47+
"key_s": "",
48+
"changes_s": "",
49+
"master_branch_s": "",
50+
"pusher_type_s": "",
51+
"description_s": "",
52+
"number_d": 5,
53+
"forced_b": false
54+
},
55+
{
56+
"TimeGenerated": "2024-06-01T12:45:00Z",
57+
"action_s": "created",
58+
"alert_s": "{\"number\":3,\"created_at\":\"2024-06-01T12:40:00Z\",\"url\":\"https://api.github.com/repos/Codertocat/Hello-World/secret-scanning/alerts/3\",\"html_url\":\"https://github.com/Codertocat/Hello-World/security/secret-scanning/3\",\"state\":\"open\",\"secret_type\":\"github_personal_access_token\",\"resolution\":null,\"resolved_by\":null,\"resolved_at\":null}",
59+
"commit_oid_s": "",
60+
"ref_s": "",
61+
"repository_s": "{\"id\":186853002,\"name\":\"Hello-World\",\"full_name\":\"Codertocat/Hello-World\",\"private\":false,\"owner\":{\"login\":\"Codertocat\",\"type\":\"User\"},\"url\":\"https://api.github.com/repos/Codertocat/Hello-World\",\"html_url\":\"https://github.com/Codertocat/Hello-World\",\"default_branch\":\"main\"}",
62+
"organization_s": "{\"login\":\"Octocoders\",\"id\":6,\"url\":\"https://api.github.com/orgs/Octocoders\"}",
63+
"sender_s": "{\"login\":\"Codertocat\",\"id\":21031067,\"type\":\"User\",\"site_admin\":false}",
64+
"event_s": "secret_scanning_alert",
65+
"rule_s": "",
66+
"commits_s": "",
67+
"ref_type_s": "",
68+
"comment_s": "",
69+
"deployment_s": "",
70+
"deployment_status_s": "",
71+
"discussion_s": "",
72+
"check_run_s": "",
73+
"key_s": "",
74+
"changes_s": "",
75+
"master_branch_s": "",
76+
"pusher_type_s": "",
77+
"description_s": "",
78+
"number_d": 3,
79+
"forced_b": false
80+
},
81+
{
82+
"TimeGenerated": "2024-06-01T13:00:00Z",
83+
"action_s": "completed",
84+
"alert_s": "",
85+
"commit_oid_s": "",
86+
"ref_s": "refs/heads/main",
87+
"ref_type_s": "",
88+
"repository_s": "{\"id\":186853002,\"name\":\"Hello-World\",\"full_name\":\"Codertocat/Hello-World\",\"private\":false,\"owner\":{\"login\":\"Codertocat\",\"type\":\"User\"},\"url\":\"https://api.github.com/repos/Codertocat/Hello-World\",\"html_url\":\"https://github.com/Codertocat/Hello-World\",\"default_branch\":\"main\"}",
89+
"organization_s": "{\"login\":\"Octocoders\",\"id\":6,\"url\":\"https://api.github.com/orgs/Octocoders\"}",
90+
"sender_s": "{\"login\":\"Codertocat\",\"id\":21031067,\"type\":\"User\",\"site_admin\":false}",
91+
"check_run_s": "{\"id\":128620228,\"name\":\"Octocoders-linter\",\"status\":\"completed\",\"conclusion\":\"success\",\"started_at\":\"2024-06-01T12:55:00Z\",\"completed_at\":\"2024-06-01T13:00:00Z\",\"url\":\"https://api.github.com/repos/Codertocat/Hello-World/check-runs/128620228\"}",
92+
"event_s": "check_run",
93+
"rule_s": "",
94+
"commits_s": "",
95+
"comment_s": "",
96+
"deployment_s": "",
97+
"deployment_status_s": "",
98+
"discussion_s": "",
99+
"key_s": "",
100+
"changes_s": "",
101+
"master_branch_s": "",
102+
"pusher_type_s": "",
103+
"description_s": "",
104+
"number_d": 0,
105+
"forced_b": false
106+
},
107+
{
108+
"TimeGenerated": "2024-06-01T14:00:00Z",
109+
"action_s": "push",
110+
"alert_s": "",
111+
"commit_oid_s": "",
112+
"ref_s": "refs/heads/main",
113+
"ref_type_s": "",
114+
"repository_s": "{\"id\":186853002,\"name\":\"Hello-World\",\"full_name\":\"Codertocat/Hello-World\",\"private\":false,\"owner\":{\"login\":\"Codertocat\",\"type\":\"User\"},\"url\":\"https://api.github.com/repos/Codertocat/Hello-World\",\"html_url\":\"https://github.com/Codertocat/Hello-World\",\"default_branch\":\"main\"}",
115+
"organization_s": "{\"login\":\"Octocoders\",\"id\":6,\"url\":\"https://api.github.com/orgs/Octocoders\"}",
116+
"sender_s": "{\"login\":\"Codertocat\",\"id\":21031067,\"type\":\"User\",\"site_admin\":false}",
117+
"commits_s": "[{\"id\":\"abc1234\",\"message\":\"Fix: update dependency versions\",\"timestamp\":\"2024-06-01T14:00:00Z\",\"author\":{\"name\":\"Codertocat\",\"email\":\"sanitized@sanitized.com\"}}]",
118+
"event_s": "push",
119+
"rule_s": "",
120+
"comment_s": "",
121+
"check_run_s": "",
122+
"deployment_s": "",
123+
"deployment_status_s": "",
124+
"discussion_s": "",
125+
"key_s": "",
126+
"changes_s": "",
127+
"master_branch_s": "main",
128+
"pusher_type_s": "user",
129+
"description_s": "",
130+
"number_d": 0,
131+
"forced_b": false
132+
}
133+
]

0 commit comments

Comments
 (0)