issues
search
splunk
/
TA-microsoft-365-defender-advanced-hunting-add-on
13
stars
7
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Derive app field from properties.ActionType
#20
inspired
opened
3 weeks ago
0
Extract tcp_flag
#19
inspired
opened
3 weeks ago
2
Remove ::ffff: if properties.RemoteIPType == "FourToSixMapping" and fix missing src_ip
#18
inspired
closed
6 months ago
0
Reverse src_ip and dest_ip if properties.ActionType == "FtpConnectionInspected" AND AdditionalFields.direction == "Out"
#17
inspired
opened
6 months ago
1
Update props.conf
#16
ogrodas
closed
1 year ago
1
Updates to props
#15
inspired
closed
1 year ago
1
More CIM parsing, see readme
#14
inspired
closed
1 year ago
0
Revisit recommendation on Microsoft Security App
#13
inspired
closed
1 year ago
1
Sourcetype cannot be changed in Splunk Addon for Microsoft Cloud Services
#12
EricMooreHays
closed
1 year ago
4
Inventory info, Email Info
#11
inspired
closed
1 year ago
0
Sourcetype defender:advancedhunting:malware shows up with action=unknown
#10
inspired
closed
2 years ago
1
Endpoint.Ports includes extraneous events
#9
SkyeLowry
opened
2 years ago
4
fix: mvmap command works for mitre_technique_id
#8
thilles
closed
2 years ago
0
Changed schema naming of AlertInfo table
#7
thilles
closed
2 years ago
1
Update Email dataset mapping with fixes
#6
thilles
closed
3 years ago
1
Update with Email dataset mappings
#5
thilles
closed
3 years ago
1
Update README.md
#4
JasonConger
closed
3 years ago
2
Change fieldalias process_name to properties.FileName
#3
thilles
closed
3 years ago
1
Create LICENSE
#2
inspired
closed
3 years ago
0
Improvements on all datasets
#1
thilles
closed
3 years ago
1