Skip to content

Adding a new workbook on Log4j hunting#3888

Merged
v-rucdu merged 10 commits into
Azure:masterfrom
samikroy:patch-17
Jan 19, 2022
Merged

Adding a new workbook on Log4j hunting#3888
v-rucdu merged 10 commits into
Azure:masterfrom
samikroy:patch-17

Conversation

@samikroy
Copy link
Copy Markdown
Contributor

@samikroy samikroy commented Jan 11, 2022

Change(s):

Azure-Sentinel/Workbooks/Log4jPostCompromiseHunting - A new workbook added with the following tabs
FindTrace - A lookup to curated IOCs across all sentinel tables.
SecurityNestedRecommendation - This section uses the Azure Defender Security Nested Recommendations data to find
machines vulnerable to log4j CVE-2021-44228. Log4j is an open-source Apache logging library that is used in many Java-
based applications. Security Nested Recommendations data is sent to Microsoft Sentinel using the continuous export
feature of Azure Defender
AzureDiagnostics - Azure Diagnostics
MultipleDataSources - Across multiple data sources
Syslog - From Syslog Sources

Azure-Sentinel/Workbooks/WorkbooksMetadata.json - To add workbook metadata.

Azure-Sentinel/Workbooks/Images/Logos - To add workbook logo.

Azure-Sentinel/Workbooks/Images/Preview - To add preview images.

@samikroy samikroy requested a review from YuvalNaor as a code owner January 11, 2022 16:36
@samikroy samikroy mentioned this pull request Jan 11, 2022
Merged
v-rucdu
v-rucdu suggested changes Jan 12, 2022
View reviewed changes
Copy link
Copy Markdown
Contributor

@v-rucdu v-rucdu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@samikroy : I think you missed to add workbook.json here, can you please add it... Thanks!!

@aprakash13 aprakash13 added the Workbook Workbook specialty review needed label Jan 12, 2022
@samikroy
Copy link
Copy Markdown
Contributor Author

samikroy commented Jan 12, 2022
edited
Loading

@samikroy : I think you missed to add workbook.json here, can you please add it... Thanks!!

@v-rucdu & @v-jayakal - Thank you for highlighting this.
Have added the files as requested.
Please let me know for further changes.

@samikroy samikroy requested a review from v-rucdu January 17, 2022 09:44
@v-rucdu
Copy link
Copy Markdown
Contributor

v-rucdu commented Jan 19, 2022
edited
Loading

@samikroy : I think you missed to add workbook.json here, can you please add it... Thanks!!

@v-rucdu & @v-jayakal - Thank you for highlighting this. Have added the files as requested. Please let me know for further changes.

@samikroy : You have added the workbook.json under Workbooks-->Images folder, can you please delete and add it under Workbooks folder... and in solutions WorkbookMetadata.json is not required... please delete it... thanks!!!

@samikroy samikroy requested a review from ashishsyal as a code owner January 19, 2022 12:20
@samikroy
Copy link
Copy Markdown
Contributor Author

samikroy commented Jan 19, 2022

@samikroy : I think you missed to add workbook.json here, can you please add it... Thanks!!

@v-rucdu & @v-jayakal - Thank you for highlighting this. Have added the files as requested. Please let me know for further changes.

@samikroy : You have added the workbook.json under Workbooks-->Images folder, can you please delete and add it under Workbooks folder... and in solutions WorkbookMetadata.json is not required... please delete it... thanks!!!

Done.

@v-rucdu v-rucdu merged commit aeb8852 into Azure:master Jan 19, 2022
@samikroy
Copy link
Copy Markdown
Contributor Author

samikroy commented Jan 19, 2022

Thank you @v-rucdu for the approval & merge.

@samikroy samikroy deleted the patch-17 branch January 19, 2022 12:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Amitbergman Amitbergman Awaiting requested review from Amitbergman

@aprakash13 aprakash13 Awaiting requested review from aprakash13

@ashwin-patil ashwin-patil Awaiting requested review from ashwin-patil

@dicolanl dicolanl Awaiting requested review from dicolanl

@ianhelle ianhelle Awaiting requested review from ianhelle

@juliango2100 juliango2100 Awaiting requested review from juliango2100

@laithhisham laithhisham Awaiting requested review from laithhisham

@liatlishams liatlishams Awaiting requested review from liatlishams

@liemilyg liemilyg Awaiting requested review from liemilyg

@lior-tamir lior-tamir Awaiting requested review from lior-tamir

@mgladi mgladi Awaiting requested review from mgladi

@nazang nazang Awaiting requested review from nazang

@NoamLandress NoamLandress Awaiting requested review from NoamLandress

@oshezaf oshezaf Awaiting requested review from oshezaf

@oshvartz oshvartz Awaiting requested review from oshvartz

@petebryan petebryan Awaiting requested review from petebryan

@preetikr preetikr Awaiting requested review from preetikr

@sagamzu sagamzu Awaiting requested review from sagamzu

@sarah-yo sarah-yo Awaiting requested review from sarah-yo

@shainw shainw Awaiting requested review from shainw

@shschwar shschwar Awaiting requested review from shschwar

@sreedharande sreedharande Awaiting requested review from sreedharande

@timbMSFT timbMSFT Awaiting requested review from timbMSFT

@Yaniv-Shasha Yaniv-Shasha Awaiting requested review from Yaniv-Shasha

@YaronFruchtmann YaronFruchtmann Awaiting requested review from YaronFruchtmann

@YuvalNaor YuvalNaor Awaiting requested review from YuvalNaor

@ashishsyal ashishsyal Awaiting requested review from ashishsyal

1 more reviewer

@v-rucdu v-rucdu v-rucdu approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@v-jayakal v-jayakal

Labels

Workbook Workbook specialty review needed

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@samikroy @v-rucdu @aprakash13 @v-jayakal