Skip to content

Commit

Permalink
Add files via upload
Browse files Browse the repository at this point in the history
  • Loading branch information
@AcceleryntSecurityDev
AcceleryntSecurityDev authored Nov 2, 2024
1 parent bc85dd6 commit 51d2024
Show file tree
Hide file tree
Showing 65 changed files with 1,608 additions and 0 deletions.
Binary file added ...ks/AS-Microsoft-DCR-Log-Ingestion/Images/DCRLogIngestion_App_Registration_1.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added ...s/AS-Microsoft-DCR-Log-Ingestion/Images/DCRLogIngestion_App_Registration_10.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added ...s/AS-Microsoft-DCR-Log-Ingestion/Images/DCRLogIngestion_App_Registration_11.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added ...s/AS-Microsoft-DCR-Log-Ingestion/Images/DCRLogIngestion_App_Registration_12.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added ...ks/AS-Microsoft-DCR-Log-Ingestion/Images/DCRLogIngestion_App_Registration_2.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added ...ks/AS-Microsoft-DCR-Log-Ingestion/Images/DCRLogIngestion_App_Registration_3.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added ...ks/AS-Microsoft-DCR-Log-Ingestion/Images/DCRLogIngestion_App_Registration_4.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added ...ks/AS-Microsoft-DCR-Log-Ingestion/Images/DCRLogIngestion_App_Registration_5.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added ...ks/AS-Microsoft-DCR-Log-Ingestion/Images/DCRLogIngestion_App_Registration_6.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added ...ks/AS-Microsoft-DCR-Log-Ingestion/Images/DCRLogIngestion_App_Registration_7.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added ...ks/AS-Microsoft-DCR-Log-Ingestion/Images/DCRLogIngestion_App_Registration_8.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added ...ks/AS-Microsoft-DCR-Log-Ingestion/Images/DCRLogIngestion_App_Registration_9.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added ...S-Microsoft-DCR-Log-Ingestion/Images/DCRLogIngestion_App_Registration_DCR_1.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added ...-Microsoft-DCR-Log-Ingestion/Images/DCRLogIngestion_App_Registration_DCR_10.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added ...-Microsoft-DCR-Log-Ingestion/Images/DCRLogIngestion_App_Registration_DCR_11.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added ...S-Microsoft-DCR-Log-Ingestion/Images/DCRLogIngestion_App_Registration_DCR_2.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added ...S-Microsoft-DCR-Log-Ingestion/Images/DCRLogIngestion_App_Registration_DCR_3.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added ...S-Microsoft-DCR-Log-Ingestion/Images/DCRLogIngestion_App_Registration_DCR_4.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added ...S-Microsoft-DCR-Log-Ingestion/Images/DCRLogIngestion_App_Registration_DCR_5.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added ...S-Microsoft-DCR-Log-Ingestion/Images/DCRLogIngestion_App_Registration_DCR_6.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added ...S-Microsoft-DCR-Log-Ingestion/Images/DCRLogIngestion_App_Registration_DCR_7.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added ...S-Microsoft-DCR-Log-Ingestion/Images/DCRLogIngestion_App_Registration_DCR_8.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added ...S-Microsoft-DCR-Log-Ingestion/Images/DCRLogIngestion_App_Registration_DCR_9.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added ...s/AS-Microsoft-DCR-Log-Ingestion/Images/DCRLogIngestion_Azure_Cloud_Shell_1.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added ...s/AS-Microsoft-DCR-Log-Ingestion/Images/DCRLogIngestion_Azure_Cloud_Shell_2.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added ...s/AS-Microsoft-DCR-Log-Ingestion/Images/DCRLogIngestion_Azure_Cloud_Shell_3.png
View file
Binary file added ...crosoft-DCR-Log-Ingestion/Images/DCRLogIngestion_Data_Collection_Endpoint_1.png
View file
Binary file added ...crosoft-DCR-Log-Ingestion/Images/DCRLogIngestion_Data_Collection_Endpoint_2.png
View file
Binary file added ...crosoft-DCR-Log-Ingestion/Images/DCRLogIngestion_Data_Collection_Endpoint_3.png
View file
Binary file added ...crosoft-DCR-Log-Ingestion/Images/DCRLogIngestion_Data_Collection_Endpoint_4.png
View file
Binary file added ...crosoft-DCR-Log-Ingestion/Images/DCRLogIngestion_Data_Collection_Endpoint_5.png
View file
Binary file added ...crosoft-DCR-Log-Ingestion/Images/DCRLogIngestion_Data_Collection_Endpoint_6.png
View file
Binary file added ...S-Microsoft-DCR-Log-Ingestion/Images/DCRLogIngestion_Data_Collection_Rule_1.png
View file
Binary file added ...-Microsoft-DCR-Log-Ingestion/Images/DCRLogIngestion_Data_Collection_Rule_10.png
View file
Binary file added ...-Microsoft-DCR-Log-Ingestion/Images/DCRLogIngestion_Data_Collection_Rule_11.png
View file
Binary file added ...-Microsoft-DCR-Log-Ingestion/Images/DCRLogIngestion_Data_Collection_Rule_12.png
View file
Binary file added ...-Microsoft-DCR-Log-Ingestion/Images/DCRLogIngestion_Data_Collection_Rule_13.png
View file
Binary file added ...-Microsoft-DCR-Log-Ingestion/Images/DCRLogIngestion_Data_Collection_Rule_14.png
View file
Binary file added ...-Microsoft-DCR-Log-Ingestion/Images/DCRLogIngestion_Data_Collection_Rule_15.png
View file
Binary file added ...S-Microsoft-DCR-Log-Ingestion/Images/DCRLogIngestion_Data_Collection_Rule_2.png
View file
Binary file added ...S-Microsoft-DCR-Log-Ingestion/Images/DCRLogIngestion_Data_Collection_Rule_3.png
View file
Binary file added ...S-Microsoft-DCR-Log-Ingestion/Images/DCRLogIngestion_Data_Collection_Rule_4.png
View file
Binary file added ...S-Microsoft-DCR-Log-Ingestion/Images/DCRLogIngestion_Data_Collection_Rule_5.png
View file
Binary file added ...S-Microsoft-DCR-Log-Ingestion/Images/DCRLogIngestion_Data_Collection_Rule_6.png
View file
Binary file added ...S-Microsoft-DCR-Log-Ingestion/Images/DCRLogIngestion_Data_Collection_Rule_7.png
View file
Binary file added ...S-Microsoft-DCR-Log-Ingestion/Images/DCRLogIngestion_Data_Collection_Rule_8.png
View file
Binary file added ...S-Microsoft-DCR-Log-Ingestion/Images/DCRLogIngestion_Data_Collection_Rule_9.png
View file
Binary file added Playbooks/AS-Microsoft-DCR-Log-Ingestion/Images/DCRLogIngestion_Demo_1.png
View file
Binary file added Playbooks/AS-Microsoft-DCR-Log-Ingestion/Images/DCRLogIngestion_Demo_2.png
View file
Binary file added Playbooks/AS-Microsoft-DCR-Log-Ingestion/Images/DCRLogIngestion_Deploy_1.png
View file
Binary file added Playbooks/AS-Microsoft-DCR-Log-Ingestion/Images/DCRLogIngestion_Deploy_2.png
View file
Binary file added Playbooks/AS-Microsoft-DCR-Log-Ingestion/Images/DCRLogIngestion_Deploy_3.png
View file
Binary file added Playbooks/AS-Microsoft-DCR-Log-Ingestion/Images/DCRLogIngestion_Key_Vault_1.png
View file
Binary file added Playbooks/AS-Microsoft-DCR-Log-Ingestion/Images/DCRLogIngestion_Key_Vault_2.png
View file
Binary file added ...ks/AS-Microsoft-DCR-Log-Ingestion/Images/DCRLogIngestion_Key_Vault_Access_1.png
View file
Binary file added ...ks/AS-Microsoft-DCR-Log-Ingestion/Images/DCRLogIngestion_Key_Vault_Access_2.png
View file
Binary file added ...ks/AS-Microsoft-DCR-Log-Ingestion/Images/DCRLogIngestion_Logic_App_Enable_1.png
View file
Binary file added ...AS-Microsoft-DCR-Log-Ingestion/Images/DCRLogIngestion_Receiving_Key_Vault_1.png
View file
Binary file added ...AS-Microsoft-DCR-Log-Ingestion/Images/DCRLogIngestion_Receiving_Key_Vault_2.png
View file
375 changes: 375 additions & 0 deletions Playbooks/AS-Microsoft-DCR-Log-Ingestion/README.md
View file

Large diffs are not rendered by default.

278 changes: 278 additions & 0 deletions Playbooks/AS-Microsoft-DCR-Log-Ingestion/Samples/AuditLogsSample.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,278 @@
[
{
"id": "Directory_sample-id_1",
"category": "Device",
"correlationId": "sample-correlation-id-1",
"result": "success",
"resultReason": "",
"activityDisplayName": "Update device",
"activityDateTime": "2024-09-14T00:46:35.7046089Z",
"TimeGenerated": "2024-09-14T00:46:35.7046089Z",
"loggedByService": "Core Directory",
"operationType": "Update",
"initiatedBy": {
"user": null,
"app": {
"appId": null,
"displayName": "Device Registration Service",
"servicePrincipalId": "sample-service-principal-id-1",
"servicePrincipalName": null
}
},
"targetResources": [
{
"id": "sample-resource-id-1",
"displayName": "Device1234",
"type": "Device",
"userPrincipalName": null,
"groupType": null,
"modifiedProperties": [
{
"displayName": "DeviceOSVersion",
"oldValue": "[\"10.0.19045.4651\"]",
"newValue": "[\"10.0.19045.4780\"]"
},
{
"displayName": "Included Updated Properties",
"oldValue": null,
"newValue": "\"DeviceOSVersion\""
},
{
"displayName": "TargetId.DeviceId",
"oldValue": null,
"newValue": "\"sample-device-id-1\""
},
{
"displayName": "TargetId.DeviceOSType",
"oldValue": null,
"newValue": "\"Windows\""
},
{
"displayName": "TargetId.DeviceTrustType",
"oldValue": null,
"newValue": "\"ServerAd\""
}
]
}
],
"additionalDetails": [
{
"key": "DeviceId",
"value": "sample-device-id-1"
},
{
"key": "DeviceOSType",
"value": "Windows"
},
{
"key": "DeviceTrustType",
"value": "ServerAd"
},
{
"key": "User-Agent",
"value": "Microsoft.OData.Client/7.12.5"
}
]
},
{
"id": "UserManagement_sample-id_2",
"category": "UserManagement",
"correlationId": "sample-correlation-id-2",
"result": "clientError",
"resultReason": null,
"activityDisplayName": "Invite external user",
"activityDateTime": "2024-09-14T00:46:19.8135019Z",
"TimeGenerated": "2024-09-14T00:46:19.8135019Z",
"loggedByService": "Invited Users",
"operationType": "Add",
"initiatedBy": {
"user": null,
"app": {
"appId": "sample-app-id-2",
"displayName": "Microsoft.Azure.SyncFabric",
"servicePrincipalId": null,
"servicePrincipalName": null
}
},
"targetResources": [
{
"id": "sample-resource-id-2",
"displayName": "John Doe (SUP)",
"type": "User",
"userPrincipalName": "john.doe_sample@domain.com",
"groupType": null,
"modifiedProperties": []
}
],
"additionalDetails": [
{
"key": "oid",
"value": "sample-oid-1"
},
{
"key": "tid",
"value": "sample-tid-1"
},
{
"key": "ipaddr",
"value": ""
},
{
"key": "wids",
"value": "sample-wids"
},
{
"key": "InvitationId",
"value": "sample-invitation-id-1"
},
{
"key": "invitedUserEmailAddress",
"value": "john.doe_sample@domain.com"
}
]
},
{
"id": "ProvisioningManagement_sample-id_3",
"category": "ProvisioningManagement",
"correlationId": "sample-correlation-id-3",
"result": "success",
"resultReason": "User 'sample.user@domain.com' was deleted in Microsoft Entra ID",
"activityDisplayName": "Export",
"activityDateTime": "2024-09-14T00:44:55.9931961Z",
"TimeGenerated": "2024-09-14T00:44:55.9931961Z",
"loggedByService": "Account Provisioning",
"operationType": "",
"initiatedBy": {
"user": null,
"app": {
"appId": null,
"displayName": "Azure AD Cloud Sync",
"servicePrincipalId": null,
"servicePrincipalName": null
}
},
"targetResources": [
{
"id": "sample-resource-id-3",
"displayName": "Sample cross-tenant",
"type": "ServicePrincipal",
"userPrincipalName": null,
"groupType": null,
"modifiedProperties": []
},
{
"id": null,
"displayName": "sample.user@domain.com",
"type": "User",
"userPrincipalName": null,
"groupType": null,
"modifiedProperties": []
}
],
"additionalDetails": [
{
"key": "Details",
"value": ""
},
{
"key": "ErrorCode",
"value": ""
},
{
"key": "EventName",
"value": "EntryExportDelete"
},
{
"key": "ipaddr",
"value": null
},
{
"key": "JoiningProperty",
"value": "[Type: 5, Identity Provider: , Key: sample-key]"
},
{
"key": "oid",
"value": null
},
{
"key": "SourceAnchor",
"value": "sample-source-anchor"
},
{
"key": "TargetAnchor",
"value": "sample-target-anchor"
},
{
"key": "tid",
"value": null
},
{
"key": "wids",
"value": null
}
]
},
{
"id": "ProvisioningManagement_sample-id_4",
"category": "ProvisioningManagement",
"correlationId": "sample-correlation-id-4",
"result": "failure",
"resultReason": "Failed to update User 'jane.doe@domain.com'; Error: The domain portion of the userPrincipalName property is invalid.",
"activityDisplayName": "Export",
"activityDateTime": "2024-09-14T00:44:54.7303184Z",
"TimeGenerated": "2024-09-14T00:44:54.7303184Z",
"loggedByService": "Account Provisioning",
"operationType": "",
"initiatedBy": {
"user": null,
"app": {
"appId": null,
"displayName": "Azure AD Cloud Sync",
"servicePrincipalId": null,
"servicePrincipalName": null
}
},
"targetResources": [
{
"id": "sample-resource-id-4",
"displayName": "Sample cross-tenant",
"type": "ServicePrincipal",
"userPrincipalName": null,
"groupType": null,
"modifiedProperties": [
{
"displayName": "streetAddress",
"oldValue": null,
"newValue": "\"123 Sample St\""
},
{
"displayName": "city",
"oldValue": null,
"newValue": "\"Sample City\""
},
{
"displayName": "state",
"oldValue": null,
"newValue": "\"Sample State\""
},
{
"displayName": "postalCode",
"oldValue": null,
"newValue": "\"12345\""
},
{
"displayName": "companyName",
"oldValue": null,
"newValue": "\"Sample Company\""
},
{
"displayName": "jobTitle",
"oldValue": null,
"newValue": "\"Sample Title\""
}
]
}
],
"additionalDetails": []
}
]
Loading

0 comments on commit 51d2024

Please sign in to comment.