Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create sophos-endpoint-security #96

Merged
merged 9 commits into from
Feb 8, 2024
Merged

Create sophos-endpoint-security #96

merged 9 commits into from
Feb 8, 2024

Conversation

mikiodehartj1
Copy link
Contributor

Initial barebones build. Will updated further once integration goes into beta

QA Checklist

Alerts Rule Packs

  • Does a related alert already exist, and should it be tweaked or added to instead?
  • Test each query to make sure it works
  • Look for hardcoded variables/parameter values in the query
  • Consider Severity for Alerts
  • Spellcheck
  • Use all caps for J1QL keywords and relationship classes
  • Upload the alerts rule pack JSON into JupiterOne to validate

@mikiodehartj1
Create sophos-endpoint-security
b01265f 
Initial barebones build. Will updated further once integration goes into beta
@mikiodehartj1 mikiodehartj1 requested a review from a team as a code owner January 30, 2024 22:22
SeaBlooms
SeaBlooms requested changes Feb 5, 2024
View reviewed changes
Copy link
Contributor

@SeaBlooms SeaBlooms left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

some updates needed, great start!

rule-packs/sophos-endpoint-security Outdated Show resolved Hide resolved
rule-packs/sophos-endpoint-security Outdated Show resolved Hide resolved
rule-packs/sophos-endpoint-security Outdated Show resolved Hide resolved
rule-packs/sophos-endpoint-security Outdated Show resolved Hide resolved
rule-packs/sophos-endpoint-security Outdated Show resolved Hide resolved
rule-packs/sophos-endpoint-security Outdated Show resolved Hide resolved
rule-packs/sophos-endpoint-security Outdated
[
{
"name": "sophos-misconfigured-endpoints-1",
"description": "This will query for endpoints that do not have sophos edr installed.",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

'that do not have the Sophos EDR Agent installed."

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Adjusting

rule-packs/sophos-endpoint-security Outdated Show resolved Hide resolved
mikiodehartj1
mikiodehartj1 commented Feb 8, 2024
View reviewed changes
Copy link
Contributor Author

@mikiodehartj1 mikiodehartj1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

corrections made per the comments

rule-packs/sophos-endpoint-security Outdated
[
{
"name": "sophos-misconfigured-endpoints-1",
"description": "This will query for endpoints that do not have sophos edr installed.",
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Adjusting

rule-packs/sophos-endpoint-security Outdated Show resolved Hide resolved
rule-packs/sophos-endpoint-security Outdated Show resolved Hide resolved
rule-packs/sophos-endpoint-security Outdated Show resolved Hide resolved
rule-packs/sophos-endpoint-security Outdated Show resolved Hide resolved
rule-packs/sophos-endpoint-security Outdated Show resolved Hide resolved
rule-packs/sophos-endpoint-security Outdated Show resolved Hide resolved
rule-packs/sophos-endpoint-security Outdated Show resolved Hide resolved
mikiodehartj1
mikiodehartj1 commented Feb 8, 2024
View reviewed changes
Copy link
Contributor Author

@mikiodehartj1 mikiodehartj1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

adjusting the index.js

@mikiodehartj1
Update sophos-endpoint-security
2908433 
change syntax issue
mikiodehartj1
mikiodehartj1 commented Feb 8, 2024
View reviewed changes
Copy link
Contributor Author

@mikiodehartj1 mikiodehartj1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

change syntax issue

mikiodehartj1
mikiodehartj1 commented Feb 8, 2024
View reviewed changes
Copy link
Contributor Author

@mikiodehartj1 mikiodehartj1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

a few syntax updates.

@SeaBlooms SeaBlooms merged commit 331f60a into main Feb 8, 2024
7 checks passed
@SeaBlooms SeaBlooms deleted the KNO-362 branch February 8, 2024 20:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@SeaBlooms SeaBlooms SeaBlooms approved these changes

Assignees

@SeaBlooms SeaBlooms

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mikiodehartj1 @SeaBlooms