Skip to content

Commit

Permalink
Merge pull request #2 from dluxtron/main
Browse files Browse the repository at this point in the history 
Adding CIM Mapping for Vulnerabilities Datamodel
  • Loading branch information
@JasonConger
JasonConger authored Jul 13, 2022
2 parents c645fcc + d664d9e commit 41ec5b6
Show file tree
Hide file tree
Showing 3 changed files with 22 additions and 0 deletions.
3 changes: 3 additions & 0 deletions package/default/eventtypes.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,3 +35,6 @@ search = sourcetype="azure:vm:stop"
[add_member_m365_group_modaction_result]
search = sourcetype="m365:group:member:add"

[azure_vuln]
search = (sourcetype=azure:resourcegraph type="microsoft.security/assessments/subAssessments" "properties.additionalData.assessedResourceType"=ServerVulnerability
properties.additionalData.cve{}.title=*)
16 changes: 16 additions & 0 deletions package/default/props.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -227,7 +227,23 @@ EVAL-resourceType = case(\
####################

[azure:resourcegraph]
EVAL-cvss = ifnull(cvss,'xref')
EVAL-dvc = dvc=dest
EXTRACT-mskb = HREF=\\\\\"(?P<mskb>https:\/\/portal.msrc.microsoft.com\/.*?)\"
EXTRACT-msft = HREF=\\\\\"(?P<msft>https:\/\/technet.microsoft.com\/.*?)\"
EXTRACT-dest = \"resourceDetails\":\s\{\"id\":\s\".[^\"]+\/(?P<dest>.*?)\"
FIELDALIAS-aob_gen_azure_resourcegraph_alias_1 = properties.additionalData.cve{}.title AS cve
FIELDALIAS-aob_gen_azure_resourcegraph_alias_2 = properties.additionalData.cvss.3.0.base AS cvss
FIELDALIAS-aob_gen_azure_resourcegraph_alias_3 = properties.additionalData.cvss.2.0.base AS xref
FIELDALIAS-aob_gen_azure_resourcegraph_alias_4 = properties.status.severity AS severity
FIELDALIAS-aob_gen_azure_resourcegraph_alias_5 = properties.description AS signature
FIELDALIAS-aob_gen_azure_resourcegraph_alias_6 = properties.category AS category
FIELDALIAS-aob_gen_azure_resourcegraph_alias_7 = properties.resourceDetails.source AS vendor_product
FIELDALIAS-aob_gen_azure_resourcegraph_alias_8 = properties.id AS signature_id
FIELDALIAS-aob_gen_azure_resourcegraph_alias_9 = properties.additionalData.vendorReferences{}.link AS url
SHOULD_LINEMERGE = 0
category = Splunk App Add-on Builder
pulldown_type = 1

[azure:reservation:recommendation]
SHOULD_LINEMERGE = 0
Expand Down
3 changes: 3 additions & 0 deletions package/default/tags.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,3 +39,6 @@ modaction_result = enabled
[eventtype=add_member_m365_group_modaction_result]
modaction_result = enabled

[eventtype=azure_vuln]
report = enabled
vulnerability = enabled

0 comments on commit 41ec5b6

Please sign in to comment.