Skip to content

Main change is to the uncommon processes query.#2

Closed
timbMSFT wants to merge 3 commits into
masterfrom
RareProcessQ-Nov
Closed

Main change is to the uncommon processes query.#2
timbMSFT wants to merge 3 commits into
masterfrom
RareProcessQ-Nov

Conversation

@timbMSFT

@timbMSFT timbMSFT commented Nov 29, 2018

Copy link
Copy Markdown
Contributor

Multiple queries update to use split instead of the convoluted reverse() to extract filename.
Copied all queries to Deployed - on the basis that the PR for this in ASI-portal repo has been completed already.

@timbMSFT
Main change is to the uncommon processes query.
63b4b2e 
Multiple queries update to use split instead of the convoluted reverse() to extract filename.
Copied all queries to Deployed - on the basis that the PR for this in ASI-portal repo has been completed already.
@timbMSFT
Revert "Main change is to the uncommon processes query. Multiple quer…
f4afbe2 
…ies update to use split instead of the convoluted reverse() to extract filename. Copied all queries to Deployed - on the basis that the PR for this in ASI-portal repo has been completed already."

This reverts commit 63b4b2e.
@timbMSFT
updating based on changes to uncommon processes query completed in AS…
d50b306 
…I-portal repo.

As well as that query the convoluted reverse() mechanism for extracting Filename is replaced with simpler split() approach.
@juliango2100

juliango2100 commented Dec 3, 2018

Copy link
Copy Markdown
Contributor

There are conflicting changes. These need to be merged.

@timbMSFT

timbMSFT commented Dec 3, 2018

Copy link
Copy Markdown
Contributor Author

abandoning this PR

@timbMSFT timbMSFT closed this Dec 3, 2018
shainw pushed a commit that referenced this pull request Jul 31, 2019
@petebryan
Merge pull request #2 from petebryan/patch-3
f59929a 
Added in filters for block events
This was referenced Feb 8, 2020
Merged
Merged
@preetikr preetikr mentioned this pull request Apr 24, 2020
Closed
@dicolanl dicolanl mentioned this pull request Apr 24, 2020
Merged
shainw pushed a commit that referenced this pull request May 14, 2020
@duzlov
Merge pull request #2 from Azure/master
996d250 
20022020
@preetikr preetikr mentioned this pull request Jun 13, 2020
Closed
@ghost ghost mentioned this pull request Jun 18, 2020
Closed
@ghost ghost mentioned this pull request Jul 22, 2020
Merged
@sreedharande sreedharande mentioned this pull request Oct 19, 2020
Merged
shainw pushed a commit that referenced this pull request Oct 27, 2020
@oshvartz
Merge pull request #2 from Azure/master
8249b38 
Merge from orign
vaniMSTIC added a commit to vaniMSTIC/Azure-Sentinel that referenced this pull request Nov 23, 2020
@vaniMSTIC
Update MaliciousWAFSessions.yaml
d47acc4 
Shain's feedback Azure#2
shainw pushed a commit that referenced this pull request Dec 14, 2020
@Jujure
Merge pull request #2 from v-jayakal/patch-11
f6b5eb7 
Removing special character
v-jayakal pushed a commit that referenced this pull request Jan 21, 2021
@cyberpion-yotam
Merge pull request #2 from Azure/master
2446105 
Pull from master
sarah-yo pushed a commit that referenced this pull request Feb 2, 2021
@johnbilliris
Merge pull request #2 from johnbilliris/master
21b92ec 
Pull request from johnbilliris/Azure-Sentinel:master to johnbilliris/Azure-Sentinel:GuardicoreThreatIntelImprovements
@shainw shainw deleted the RareProcessQ-Nov branch March 16, 2021 16:07
v-jayakal pushed a commit that referenced this pull request Mar 30, 2021
@tj-senserva
Merge pull request #2 from Azure/master
eed4d27 
Bringing up to date
v-jayakal pushed a commit that referenced this pull request May 26, 2021
@dmaasland
Merge pull request #2 from esetnl-kate/master
cb2cb15 
Changed solution rule datatypes to ESETPROTECT
Yaniv-Shasha added a commit that referenced this pull request Jun 1, 2021
@Yaniv-Shasha
Merge pull request #2378 from Azure/dicolanl-51
73e7ccf 
Playbooks Update #2
@xyzzykdj xyzzykdj mentioned this pull request Jul 8, 2021
Merged
@holmbert095 holmbert095 mentioned this pull request Aug 24, 2021
Closed
v-maudan pushed a commit that referenced this pull request Sep 30, 2021
@ujayant
Merge pull request #2 from armorblox/armorblox-sentinel-solution
179cf4c 
Add data connector for Armorblox solution
v-jayakal pushed a commit that referenced this pull request Nov 9, 2021
@azurekid
Merge pull request #2 from SecureHats/10-29-2021-azurekid-module-3
9fa66ff 
Add files via upload
v-jayakal pushed a commit that referenced this pull request Dec 21, 2021
@avital-m
Merge pull request #2 from Azure/master
d62dc6f 
merge to upstream
v-dvedak pushed a commit that referenced this pull request Dec 20, 2022
@nniryanb
Noname api security for azure sentinel (#2)
9f76e3d 
Solution_NonameSecurity.json

Connector_RESTAPI_NonameSecurity.json
udidekel pushed a commit that referenced this pull request Dec 21, 2022
@dvir-ms
Merge pull request #2 from Azure/master
4302cbf 
rebase to master
mayank88mahajan added a commit to mayank88mahajan/Azure-Sentinel that referenced this pull request Jan 13, 2023
@mayank88mahajan
Azure#2
4d52bbc
v-dvedak pushed a commit that referenced this pull request Mar 29, 2023
@benmeadowcroft
Rubrik Solution Update (#2)
545802c 
* Solution package with the updated Playbook Templates.
* Updated documentation and package
v-dvedak added a commit that referenced this pull request Mar 29, 2023
@v-dvedak
Merge pull request #7352 from rubrikinc/Rubrik-Solution-Update
82fdbc1 
Rubrik Solution Update (#2)
v-atulyadav pushed a commit that referenced this pull request Jun 13, 2023
@praveenthepro
Merge pull request #2 from praveenthepro/praveenthepro-patch-1
0ce87ce 
Update AuthenticationAttemptfromNewCountry.yaml
v-dvedak pushed a commit that referenced this pull request Jul 4, 2023
@CallMeGreg
Merge pull request #2 from CallMeGreg/callmegreg-github-solution-impr…
4bc772e 
…ovements

Callmegreg GitHub solution improvements
v-dvedak pushed a commit that referenced this pull request Aug 2, 2023
@ltipp147
Merge pull request #2 from ltipp147/ltipp147/PackageContent
70d2c91 
Ltipp147/package content
v-atulyadav pushed a commit that referenced this pull request Mar 12, 2024
@joanabmartins
Merge pull request #2 from joanabmartins/joanabmartins-updateSophosEn…
c1b02f3 
…dpointconnector-ccp

Update Sophos Endpoint Data Connector - ccp
v-atulyadav pushed a commit that referenced this pull request Jul 22, 2024
@vkorenkov-varonis
Merge pull request #2 from vkorenkov-varonis/users/vkorenkov/1643469-…
491b7bc 
…improvements

Users/vkorenkov/1643469 improvements
v-dvedak pushed a commit that referenced this pull request Aug 21, 2024
@amiracle
Merge pull request #2 from criblio/cribl-stream-solution-dataconnector
f9e1d1c 
fixes for compliance with checks
v-atulyadav pushed a commit that referenced this pull request Nov 27, 2024
@rahul0216
Merge pull request #2 from rahul0216/origins/users/rahul/kql-validation
12b9c85 
PR to test KQL validation run
v-atulyadav pushed a commit that referenced this pull request Dec 31, 2024
@sean-mcclelland
Merge pull request #2 from Samsung/fix-analytics-rules
8600645 
Fix analytics rules
v-prasadboke pushed a commit that referenced this pull request Mar 6, 2025
@V1ManagedServices
Merge pull request #2 from V1ManagedServices/p/MXDR-2901_add_mea_site
0ea5521 
Add mea site config
v-prasadboke pushed a commit that referenced this pull request Mar 17, 2025
@ErikMangstenRecFut
Merge pull request #2 from recordedfuture/feat-identity-pba-importer-…
ecb130f 
…readme-updates

docs: readme improvements
@v-maheshbh v-maheshbh mentioned this pull request Dec 19, 2025
Merged
v-atulyadav pushed a commit that referenced this pull request Jan 15, 2026
@github-actions @v-shukore
chore: Update Solutions Analyzer CSV files (#2)
e079ca0 
Co-authored-by: v-shukore <159111145+v-shukore@users.noreply.github.com>
v-atulyadav pushed a commit that referenced this pull request Jan 15, 2026
@v-shukore
Revert "chore: Update Solutions Analyzer CSV files (#2)"
2c59b20 
This reverts commit e079ca0.
v-dvedak pushed a commit that referenced this pull request Jan 22, 2026
@github-actions @RamboV
chore: Update Solutions Analyzer CSV files and documentation (#2)
20419d8 
Co-authored-by: RamboV <68921481+RamboV@users.noreply.github.com>
v-dvedak pushed a commit that referenced this pull request Jan 22, 2026
@RamboV
Revert "chore: Update Solutions Analyzer CSV files and documentation (#2
c0796e4 
)"

This reverts commit 20419d8.
yummyblabla added a commit that referenced this pull request Feb 4, 2026
@yummyblabla
[ASIM] Changelog Iteration #2 (#13561)
e1fd25f 
* Redo

* Manual lookover

* Remove nonascii chars

* Remove nonascii characters

---------

Co-authored-by: Derrick Lee <derricklee@microsoft.com>
v-atulyadav pushed a commit that referenced this pull request Feb 23, 2026
@Edouard360
Merge pull request #2 from feedly/sync-upstream
f996ba1 
Sync upstream
v-atulyadav pushed a commit that referenced this pull request Feb 24, 2026
@github-actions @gloo-shock
chore: Update Solutions Analyzer CSV files (#2)
a63d238 
Co-authored-by: gloo-shock <36697840+gloo-shock@users.noreply.github.com>
v-atulyadav pushed a commit that referenced this pull request Feb 24, 2026
@gloo-shock
Revert "chore: Update Solutions Analyzer CSV files (#2)"
85480a0 
This reverts commit a63d238
v-atulyadav pushed a commit that referenced this pull request Feb 24, 2026
@gloo-shock
Revert "chore: Update Solutions Analyzer CSV files (#2)"
ea74af9 
This reverts commit a63d238
v-atulyadav pushed a commit that referenced this pull request Apr 30, 2026
@ayoubkdib
Merge pull request #2 from Azure/master
4af45fb 
Syncing my fork with the latest changes from main
@freddan58 freddan58 mentioned this pull request May 28, 2026
Open
@mazamizo21 mazamizo21 mentioned this pull request May 29, 2026
Open
4 tasks
elakkuvan-r added a commit to elakkuvan-r/Azure-Sentinel that referenced this pull request Jun 4, 2026
@elakkuvan-r
Whisper Security Solution: address remaining review threads (Azure#2, A…
bec976f 
…zure#3, Azure#4)

Azure#2 — Renamed Whisper - BGP Anomaly Hunt → Whisper - ASN Reputation Score Hunt
to match the query's actual logic (compares ASN reputation scores across
24-hour windows, flags increases >20 points). Filename kept stable.

Azure#3 — Standardized the playbook parameter naming across all 10 playbooks
from `playbook-name` (kebab) to `PlaybookName` (PascalCase) per the
Azure-Sentinel repo convention. Updated both the parameter declaration
and every `parameters('playbook-name')` reference.

Azure#4 — Moved the Whisper Security custom API connector ARM template into
its own folder per repo convention:
  Solutions/Whisper/Playbooks/WhisperSecurityConnector.json
    → Solutions/Whisper/Playbooks/WhisperSecurityConnector/azuredeploy.json

Package regenerated to 3.0.29 via Create-Azure-Sentinel-Solution V3.

Azure#1 (parse_json on comma-separated strings) — replied on the thread
explaining deferral until we have live data to verify the actual
ingestion-pipeline output format; not changing code in this round.

Signed-off-by: Elakkuvan Rajamani <elakkuvan@whisper.security>
@seanstark seanstark mentioned this pull request Jun 4, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@timbMSFT @juliango2100