Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
Azure
GitHub Repository: Azure/Azure-Sentinel-Notebooks
 Path: blob/master/tutorials-and-examples/example-notebooks/data/data_queries.yaml
3255 views
1
metadata:

2
  version: 1

3
  description: Local Data Alert Queries

4
  data_environments: [LocalData]

5
  data_families: [SecurityAlert, WindowsSecurity, Network, Azure]

6
  tags: ['alert', 'securityalert', 'process', 'account', 'network', 'logon']

7
defaults:

8
  metadata:

9
    data_source: 'security_alert'

10
  parameters:

11
sources:

12
  list_alerts:

13
    description: Retrieves list of alerts

14
    metadata:

15
      data_families: [SecurityAlert]

16
    args:

17
      query: alerts_list.pkl

18
    parameters:

19
  list_host_processes:

20
    description: List processes on host

21
    metadata:

22
      data_families: [WindowsSecurity]

23
    args:

24
      query: processes_on_host.pkl

25
    parameters:

26
  list_host_logons:

27
    description: List logons on host

28
    metadata:

29
      data_families: [WindowsSecurity]

30
    args:

31
      query: host_logons.pkl

32
    parameters:

33
  list_host_logon_failures:

34
    description: List logon failures on host

35
    metadata:

36
      data_families: [WindowsSecurity]

37
    args:

38
      query: failed_logons.pkl

39
    parameters:

40
  list_host_events:

41
    description: List events failures on host

42
    metadata:

43
      data_families: [WindowsSecurity]

44
    args:

45
      query: all_events_df.pkl

46
    parameters:

47
  get_process_tree:

48
    description: Get process tree for a process

49
    metadata:

50
      data_families: [WindowsSecurity]

51
    args:

52
      query: process_tree.pkl

53
    parameters:

54
  list_azure_network_flows_by_ip:

55
    description: List Azure Network flows by IP address

56
    metadata:

57
      data_families: [Network]

58
    args:

59
      query: az_net_comms_df.pkl

60
    parameters:

61
  list_azure_network_flows_by_host:

62
    description: List Azure Network flows by host name

63
    metadata:

64
      data_families: [Network]

65
    args:

66
      query: az_net_comms_df.pkl

67
    parameters:

68
  list_all_signins_geo:

69
    description: List all Azure AD logon events

70
    metadata:

71
      data_families: [Azure]

72
    args:

73
      query: aad_logons.pkl

74
    parameters:

75