Open dafneb opened 8 months ago
Attention: Patch coverage is 87.06294%
with 37 lines
in your changes missing coverage. Please review.
Project coverage is 85.25%. Comparing base (
ed8a139
) to head (59fb297
). Report is 37 commits behind head on main.
Files | Patch % | Lines |
---|---|---|
plaso/parsers/defender_hunting.py | 88.31% | 27 Missing :warning: |
plaso/parsers/m365_activitylog.py | 81.81% | 10 Missing :warning: |
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
@dafneb I'll make some changes to make sure the code meets the style guide. I'll leave comments without tagging you in, consider them informational/educational.
Looks like M365 AH defines many more tables https://github.com/MicrosoftDocs/microsoft-365-docs/tree/public/microsoft-365/security/defender
Might be useful to keep notes about the format and queries somewhere. Started https://github.com/forensicswiki/wiki/pull/223/files
One line description of pull request
Parser for events and activities exported from Microsoft 365 Defender portal.
Description:
Related issue (if applicable):
Notes:
All contributions to Plaso undergo code review. This makes sure that the code has appropriate test coverage and conforms to the Plaso style guide.
One of the maintainers will examine your code, and may request changes. Check off the items below in order, and then a maintainer will review your code.
Checklist: