Skip to content

Create ExternalUserAddedRemovedInTeams.yaml#1067

Merged
shainw merged 11 commits intoAzure:masterfrom
samikroy:patch-1
Oct 8, 2020
Merged

Create ExternalUserAddedRemovedInTeams.yaml#1067
shainw merged 11 commits intoAzure:masterfrom
samikroy:patch-1

Conversation

@samikroy
Copy link
Copy Markdown
Contributor

@samikroy samikroy commented Sep 13, 2020

This detection flags the occurrences of external user accounts that are added to a Team and then removed within
one hour.This data is a part of Office 365 Connector in Azure Sentinel.
More details: https://docs.microsoft.com/en-us/azure/sentinel/connect-office-365

@samikroy
Create ExternalUserAddedRemovedInTeams.yaml
80d6166 
This detection flags the occurances of external user accounts that are added to a Team and then removed within
  one hour.This data is a part of Office 365 Connector in Azure Sentinel.
  More details: https://docs.microsoft.com/en-us/azure/sentinel/connect-office-365
shainw
shainw requested changes Sep 17, 2020
View reviewed changes
Copy link
Copy Markdown
Contributor

@shainw shainw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please make the suggested changes to the query. Additionally, when you did your PR it included the deletion of 2 files. Please re-submit your PR without the deletion of these files - Workbooks/AzureActivity.json and Workbooks/WorkbooksMetadata.json

Comment thread Detections/OfficeActivity/ExternalUserAddedRemovedInTeams.yaml Outdated
Comment thread Detections/OfficeActivity/ExternalUserAddedRemovedInTeams.yaml Outdated
Comment thread Detections/OfficeActivity/ExternalUserAddedRemovedInTeams.yaml Outdated
Comment thread Detections/OfficeActivity/ExternalUserAddedRemovedInTeams.yaml Outdated
Comment thread Detections/OfficeActivity/ExternalUserAddedRemovedInTeams.yaml
@shainw shainw self-assigned this Sep 17, 2020
@samikroy
Copy link
Copy Markdown
Contributor Author

samikroy commented Sep 17, 2020

Please make the suggested changes to the query. Additionally, when you did your PR it included the deletion of 2 files. Please re-submit your PR without the deletion of these files - Workbooks/AzureActivity.json and Workbooks/WorkbooksMetadata.json

There is a long pending separate PR on this which came in during this submission.
#796
Please let me know if that change should be merged in this.

@samikroy
Copy link
Copy Markdown
Contributor Author

samikroy commented Sep 17, 2020

There is a long pending separate PR on this which came in during this submission.
#796
Please let me know if that change should be merged in this.

@samikroy
Update ExternalUserAddedRemovedInTeams.yaml
372e1d9 
Query made to detect for an hour.
@shainw
Copy link
Copy Markdown
Contributor

shainw commented Sep 17, 2020

Please make the suggested changes to the query. Additionally, when you did your PR it included the deletion of 2 files. Please re-submit your PR without the deletion of these files - Workbooks/AzureActivity.json and Workbooks/WorkbooksMetadata.json

There is a long pending separate PR on this which came in during this submission.
#796
Please let me know if that change should be merged in this.

okay, will have a look

@shainw
Copy link
Copy Markdown
Contributor

shainw commented Sep 25, 2020

Please make the suggested changes to the query. Additionally, when you did your PR it included the deletion of 2 files. Please re-submit your PR without the deletion of these files - Workbooks/AzureActivity.json and Workbooks/WorkbooksMetadata.json

There is a long pending separate PR on this which came in during this submission.
#796
Please let me know if that change should be merged in this.

okay, will have a look

@samikroy - I completed #796 and so you can remove the file deletion in this PR.

@samikroy
Copy link
Copy Markdown
Contributor Author

samikroy commented Sep 25, 2020

Thank you @shainw , have added back the files from master.
Please have a look and let me know for any changes.

@shainw shainw merged commit 9188db2 into Azure:master Oct 8, 2020
@samikroy samikroy deleted the patch-1 branch January 11, 2022 20:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@shainw shainw shainw approved these changes

@Amitbergman Amitbergman Awaiting requested review from Amitbergman

@dicolanl dicolanl Awaiting requested review from dicolanl

@ianhelle ianhelle Awaiting requested review from ianhelle

@juliango2100 juliango2100 Awaiting requested review from juliango2100

@KobyKoren KobyKoren Awaiting requested review from KobyKoren

@liemilyg liemilyg Awaiting requested review from liemilyg

@mgladi mgladi Awaiting requested review from mgladi

@morshabi morshabi Awaiting requested review from morshabi

@orco365 orco365 Awaiting requested review from orco365

@preetikr preetikr Awaiting requested review from preetikr

@sagamzu sagamzu Awaiting requested review from sagamzu

@sarah-yo sarah-yo Awaiting requested review from sarah-yo

@timbMSFT timbMSFT Awaiting requested review from timbMSFT

@Yaniv-Shasha Yaniv-Shasha Awaiting requested review from Yaniv-Shasha

@YaronFruchtmann YaronFruchtmann Awaiting requested review from YaronFruchtmann

Assignees

@shainw shainw

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@samikroy @shainw