GitHub Security Vulnerability in Repository
| Id | 5436f471-b03d-41cb-b333-65891f887c43 |
| Rulename | GitHub Security Vulnerability in Repository |
| Description | This alerts when there is a new security vulnerability in a GitHub repository. |
| Severity | Informational |
| Tactics | InitialAccess Execution PrivilegeEscalation DefenseEvasion CredentialAccess LateralMovement |
| Techniques | T1190 T1203 T1068 T1211 T1212 T1210 |
| Kind | Scheduled |
| Query frequency | 1h |
| Query period | 1h |
| Trigger threshold | 0 |
| Trigger operator | gt |
| Source Uri | https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/GitHub/Analytic Rules/Security Vulnerability in Repo.yaml |
| Version | 1.0.3 |
| Arm template | 5436f471-b03d-41cb-b333-65891f887c43.json |
GitHubRepo
| where Action == "vulnerabilityAlert"
| project TimeGenerated, DismmisedAt, Reason, vulnerableManifestFilename, Description, Link, PublishedAt, Severity, Summary
queryPeriod: 1h
query: |
GitHubRepo
| where Action == "vulnerabilityAlert"
| project TimeGenerated, DismmisedAt, Reason, vulnerableManifestFilename, Description, Link, PublishedAt, Severity, Summary
name: GitHub Security Vulnerability in Repository
entityMappings:
- fieldMappings:
- columnName: Link
identifier: Url
entityType: URL
OriginalUri: https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/GitHub/Analytic Rules/Security Vulnerability in Repo.yaml
requiredDataConnectors: []
description: |
'This alerts when there is a new security vulnerability in a GitHub repository.'
kind: Scheduled
version: 1.0.3
queryFrequency: 1h
severity: Informational
relevantTechniques:
- T1190
- T1203
- T1068
- T1211
- T1212
- T1210
triggerOperator: gt
triggerThreshold: 0
tactics:
- InitialAccess
- Execution
- PrivilegeEscalation
- DefenseEvasion
- CredentialAccess
- LateralMovement
id: 5436f471-b03d-41cb-b333-65891f887c43