splunk TA-microsoft-365-defender-advanced-hunting-add-on issues

splunk / TA-microsoft-365-defender-advanced-hunting-add-on

13 stars 7 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Derive app field from properties.ActionType

#20 inspired opened 3 weeks ago
0
Extract tcp_flag

#19 inspired opened 3 weeks ago
2
Remove ::ffff: if properties.RemoteIPType == "FourToSixMapping" and fix missing src_ip

#18 inspired closed 6 months ago
0
Reverse src_ip and dest_ip if properties.ActionType == "FtpConnectionInspected" AND AdditionalFields.direction == "Out"

#17 inspired opened 6 months ago
1
Update props.conf

#16 ogrodas closed 1 year ago
1
Updates to props

#15 inspired closed 1 year ago
1
More CIM parsing, see readme

#14 inspired closed 1 year ago
0
Revisit recommendation on Microsoft Security App

#13 inspired closed 1 year ago
1
Sourcetype cannot be changed in Splunk Addon for Microsoft Cloud Services

#12 EricMooreHays closed 1 year ago
4
Inventory info, Email Info

#11 inspired closed 1 year ago
0
Sourcetype defender:advancedhunting:malware shows up with action=unknown

#10 inspired closed 2 years ago
1
Endpoint.Ports includes extraneous events

#9 SkyeLowry opened 2 years ago
4
fix: mvmap command works for mitre_technique_id

#8 thilles closed 2 years ago
0
Changed schema naming of AlertInfo table

#7 thilles closed 2 years ago
1
Update Email dataset mapping with fixes

#6 thilles closed 3 years ago
1
Update with Email dataset mappings

#5 thilles closed 3 years ago
1
Update README.md

#4 JasonConger closed 3 years ago
2
Change fieldalias process_name to properties.FileName

#3 thilles closed 3 years ago
1
Create LICENSE

#2 inspired closed 3 years ago
0
Improvements on all datasets

#1 thilles closed 3 years ago
1