Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sensor SSH Cowrie solution #11155

Open
wants to merge 33 commits into
base: master
Choose a base branch
from
Open

Sensor SSH Cowrie solution #11155

wants to merge 33 commits into from

Commits on Sep 19, 2024

  1. Sensor SSH Cowrie solution 

    As part of Hackathon 2024 a team developed a 1 click deploy solution that will deploy a debain vm, install cowrie, create ama dcr, dce, and association, and create a custom table to collect cowrie events. Solution contains a workbook (under development), 1 parser and 5 detection rules . The goal is make this a framework for others and community to create other 1 click deploy for other types of interactive honeypots. Can be used publicly for TI or privately as a detection tripwire
    @swiftsolves-msft
    swiftsolves-msft committed Sep 19, 2024
    Configuration menu
    Copy the full SHA
    32c524a View commit details
    Browse the repository at this point in the history

  2. update to detections 

    fixing yaml spacing intial validation tests failed.
    @swiftsolves-msft
    swiftsolves-msft committed Sep 19, 2024
    Configuration menu
    Copy the full SHA
    1712052 View commit details
    Browse the repository at this point in the history

Commits on Sep 20, 2024

  1. workbook - parser fix 

    added workbook and fixing parser yaml
    @swiftsolves-msft
    swiftsolves-msft committed Sep 20, 2024
    Configuration menu
    Copy the full SHA
    d758d78 View commit details
    Browse the repository at this point in the history

  2. update fixes 

    fixed some kql, data connector, workbook validation errors, still researching the permissions on data connector does not match.
    @swiftsolves-msft
    swiftsolves-msft committed Sep 20, 2024
    Configuration menu
    Copy the full SHA
    948d8a6 View commit details
    Browse the repository at this point in the history

  3. fixed | extend 

    made a change to fix kql validation removing commas after each extend and new line | extend, also removed txt based parser.
    @swiftsolves-msft
    swiftsolves-msft committed Sep 20, 2024
    Configuration menu
    Copy the full SHA
    a8d6828 View commit details
    Browse the repository at this point in the history

  4. updated to include the vm ext ama 

    added vm ext ama for linux in deployment.
    @swiftsolves-msft
    swiftsolves-msft committed Sep 20, 2024
    Configuration menu
    Copy the full SHA
    42e025b View commit details
    Browse the repository at this point in the history

  5. updated permissions

    @v-atulyadav
    v-atulyadav committed Sep 20, 2024
    Configuration menu
    Copy the full SHA
    af08d18 View commit details
    Browse the repository at this point in the history

  6. Update ValidConnectorIds.json

    @v-atulyadav
    v-atulyadav committed Sep 20, 2024
    Configuration menu
    Copy the full SHA
    ff930f6 View commit details
    Browse the repository at this point in the history

  7. Update Cowrie_ARM_Deployment.json

    @v-atulyadav
    v-atulyadav committed Sep 20, 2024
    Configuration menu
    Copy the full SHA
    4b1096f View commit details
    Browse the repository at this point in the history

  8. fix validation 

    fixing detections validation error SourceIP custom colum name to sentinel recognized field Address
    @swiftsolves-msft
    swiftsolves-msft committed Sep 20, 2024
    Configuration menu
    Copy the full SHA
    4d37e6f View commit details
    Browse the repository at this point in the history

  9. Merge branch 'cowrie-nates' of https://github.com/swiftsolves-msft/Az… 

    …ure-Sentinel into cowrie-nates
    @swiftsolves-msft
    swiftsolves-msft committed Sep 20, 2024
    Configuration menu
    Copy the full SHA
    8d22c73 View commit details
    Browse the repository at this point in the history

Commits on Sep 22, 2024

  1. minor fixes to validation errors 

    minor fixes to validation errors
    @swiftsolves-msft
    swiftsolves-msft committed Sep 22, 2024
    Configuration menu
    Copy the full SHA
    6079fe0 View commit details
    Browse the repository at this point in the history

Commits on Sep 23, 2024

  1. minor fix filehash 

    minor fix filehash
    @swiftsolves-msft
    swiftsolves-msft committed Sep 23, 2024
    Configuration menu
    Copy the full SHA
    9741efc View commit details
    Browse the repository at this point in the history

  2. sha256 entity mapping fix 

    added algo identifier
    @swiftsolves-msft
    swiftsolves-msft committed Sep 23, 2024
    Configuration menu
    Copy the full SHA
    c84624d View commit details
    Browse the repository at this point in the history

Commits on Sep 24, 2024

  1. created new kql validator for cowrie 

    created new kql validator for cowrie
    @swiftsolves-msft
    swiftsolves-msft committed Sep 24, 2024
    Configuration menu
    Copy the full SHA
    0fd490c View commit details
    Browse the repository at this point in the history

  2. made a fix to query 

    added | extend for beinging of query line 25
    @swiftsolves-msft
    swiftsolves-msft committed Sep 24, 2024
    Configuration menu
    Copy the full SHA
    8cb08d0 View commit details
    Browse the repository at this point in the history

Commits on Sep 25, 2024

  1. update deploy to azure 

    updated deploy to azure button links and data connector permissions reqs
    @swiftsolves-msft
    swiftsolves-msft committed Sep 25, 2024
    Configuration menu
    Copy the full SHA
    881cc4a View commit details
    Browse the repository at this point in the history

  2. changes to data connector 

    changes to data connector to pass kql validations
    @swiftsolves-msft
    swiftsolves-msft committed Sep 25, 2024
    Configuration menu
    Copy the full SHA
    04309df View commit details
    Browse the repository at this point in the history

  3. data connector valid update

    @swiftsolves-msft
    swiftsolves-msft committed Sep 25, 2024
    Configuration menu
    Copy the full SHA
    290ea00 View commit details
    Browse the repository at this point in the history

Commits on Sep 26, 2024

  1. perm dc issue fix

    @swiftsolves-msft
    swiftsolves-msft committed Sep 26, 2024
    Configuration menu
    Copy the full SHA
    6291b96 View commit details
    Browse the repository at this point in the history

  2. fix

    @swiftsolves-msft
    swiftsolves-msft committed Sep 26, 2024
    Configuration menu
    Copy the full SHA
    afb1a5a View commit details
    Browse the repository at this point in the history

  3. fix

    @swiftsolves-msft
    swiftsolves-msft committed Sep 26, 2024
    Configuration menu
    Copy the full SHA
    432258c View commit details
    Browse the repository at this point in the history

  4. rearrange perms

    @swiftsolves-msft
    swiftsolves-msft committed Sep 26, 2024
    Configuration menu
    Copy the full SHA
    9865d7f View commit details
    Browse the repository at this point in the history

  5. fix

    @swiftsolves-msft
    swiftsolves-msft committed Sep 26, 2024
    Configuration menu
    Copy the full SHA
    89192e2 View commit details
    Browse the repository at this point in the history

  6. Update Microsoft-SSHCowrieSensor.json

    @v-atulyadav
    v-atulyadav committed Sep 26, 2024
    Configuration menu
    Copy the full SHA
    ed56e33 View commit details
    Browse the repository at this point in the history

  7. Update Microsoft-SSHCowrieSensor.json

    @v-atulyadav
    v-atulyadav committed Sep 26, 2024
    Configuration menu
    Copy the full SHA
    c02f6b8 View commit details
    Browse the repository at this point in the history

Commits on Oct 15, 2024

  1. create a custom sample data 

    create a custom sample data for Sensor SSH Cowrie solution.
    @swiftsolves-msft
    swiftsolves-msft committed Oct 15, 2024
    Configuration menu
    Copy the full SHA
    0e54dc4 View commit details
    Browse the repository at this point in the history

  2. Merge branch 'cowrie-nates' of https://github.com/swiftsolves-msft/Az… 

    …ure-Sentinel into cowrie-nates
    @swiftsolves-msft
    swiftsolves-msft committed Oct 15, 2024
    Configuration menu
    Copy the full SHA
    9606399 View commit details
    Browse the repository at this point in the history

Commits on Oct 23, 2024

  1. Merge branch 'master' into pr/11155

    @v-atulyadav
    v-atulyadav committed Oct 23, 2024
    Configuration menu
    Copy the full SHA
    5c5bab9 View commit details
    Browse the repository at this point in the history

  2. Merge branch 'cowrie-nates' of https://github.com/swiftsolves-msft/Az… 

    …ure-Sentinel into pr/11155
    @v-atulyadav
    v-atulyadav committed Oct 23, 2024
    Configuration menu
    Copy the full SHA
    f762a03 View commit details
    Browse the repository at this point in the history

Commits on Nov 7, 2024

  1. changes to workbookmeta 

    change solution name to match and added workbook metadata in
    @swiftsolves-msft
    swiftsolves-msft committed Nov 7, 2024
    Configuration menu
    Copy the full SHA
    970fd36 View commit details
    Browse the repository at this point in the history

  2. Merge branch 'cowrie-nates' of https://github.com/swiftsolves-msft/Az… 

    …ure-Sentinel into cowrie-nates
    @swiftsolves-msft
    swiftsolves-msft committed Nov 7, 2024
    Configuration menu
    Copy the full SHA
    225b7dd View commit details
    Browse the repository at this point in the history

  3. update images for preview 

    update images for preview for workbook
    @swiftsolves-msft
    swiftsolves-msft committed Nov 7, 2024
    Configuration menu
    Copy the full SHA
    004e725 View commit details
    Browse the repository at this point in the history