Skip to content

Gravityzone ASim parsers #13330

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
gbarbieru wants to merge 4 commits into
base: master
Choose a base branch
from
Open

Gravityzone ASim parsers #13330

gbarbieru wants to merge 4 commits into from

Conversation

@gbarbieru
Copy link

@gbarbieru gbarbieru commented Dec 16, 2025

Required items, please complete

Change(s):

  • Added support for Bitdefender GravityZone events in ASim parsers (ASim Alert Events)

Reason for Change(s):

Version Updated:

  • No

Testing Completed:

  • Yes

Checked that the validations are passing and have addressed any issues that are present:

Before going into this topic I want to disclose that development in my team is done on Linux workstations and the available tooling and guides offered by Microsoft kinda lack in this department. Due to time constraints additional effort in making them work on Linux environments was abandoned and testing was eventually done on Microsoft Sentinel accounts via end-to-end testing.

  • KQL: Tested using smoke tests directly on a Microsoft Sentinel account. No issues so far. Failed to test locally.
  • YAML: Failed to test locally. We hope they can be tested by the github actions.

@gbarbieru gbarbieru requested review from a team as code owners December 16, 2025 13:18
@github-actions
Copy link
Contributor

github-actions bot commented Dec 16, 2025

🔒 Security Approval Required

This fork PR requires manual approval before automated testing can run.

For security, a maintainer must:

  1. 📝 Review the code changes carefully
  2. Verify file types - This PR should only contain .yml, .yaml, or .json files. Check for any executable scripts (.ps1, .py, .sh, .exe, etc.) which are not allowed in this context.
  3. 🏷️ Add the SafeToRun label if the changes are safe to execute

Note: If new commits are added later, simply remove and re-add the SafeToRun label.

🤖 Automated security check • Created: 2025-12-16T13:18:38.466Z
Learn more: GitHub Security Lab - Preventing PWN Requests

@gbarbieru gbarbieru mentioned this pull request Dec 16, 2025
Open
@github-actions
Copy link
Contributor

github-actions bot commented Dec 16, 2025

🔒 Security Approval Required

This fork PR requires manual approval before automated testing can run.

For security, a maintainer must:

  1. 📝 Review the code changes carefully
  2. Verify file types - This PR should only contain .yml, .yaml, or .json files. Check for any executable scripts (.ps1, .py, .sh, .exe, etc.) which are not allowed in this context.
  3. 🏷️ Add the SafeToRun label if the changes are safe to execute

Note: If new commits are added later, simply remove and re-add the SafeToRun label.

🤖 Automated security check • Created: 2025-12-16T13:22:46.444Z
Learn more: GitHub Security Lab - Preventing PWN Requests

@v-shukore v-shukore added the ASIM label Dec 16, 2025
@github-actions
Copy link
Contributor

github-actions bot commented Dec 16, 2025

🔒 Security Approval Required

This fork PR requires manual approval before automated testing can run.

For security, a maintainer must:

  1. 📝 Review the code changes carefully
  2. Verify file types - This PR should only contain .yml, .yaml, or .json files. Check for any executable scripts (.ps1, .py, .sh, .exe, etc.) which are not allowed in this context.
  3. 🏷️ Add the SafeToRun label if the changes are safe to execute

Note: If new commits are added later, simply remove and re-add the SafeToRun label.

🤖 Automated security check • Created: 2025-12-16T13:57:55.516Z
Learn more: GitHub Security Lab - Preventing PWN Requests

@github-actions
Copy link
Contributor

github-actions bot commented Dec 19, 2025

🔒 Security Approval Required

This fork PR requires manual approval before automated testing can run.

For security, a maintainer must:

  1. 📝 Review the code changes carefully
  2. Verify file types - This PR should only contain .yml, .yaml, or .json files. Check for any executable scripts (.ps1, .py, .sh, .exe, etc.) which are not allowed in this context.
  3. 🏷️ Add the SafeToRun label if the changes are safe to execute

Note: If new commits are added later, simply remove and re-add the SafeToRun label.

🤖 Automated security check • Created: 2025-12-19T11:45:44.889Z
Learn more: GitHub Security Lab - Preventing PWN Requests

@v-atulyadav v-atulyadav added SafeToRun This is used only for ASim parsers Fork PR Pipeline run. and removed SafeToRun This is used only for ASim parsers Fork PR Pipeline run. labels Dec 22, 2025
@v-atulyadav v-atulyadav added the SafeToRun This is used only for ASim parsers Fork PR Pipeline run. label Dec 29, 2025
@v-atulyadav v-atulyadav removed the SafeToRun This is used only for ASim parsers Fork PR Pipeline run. label Dec 29, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@v-atulyadav v-atulyadav

Labels

ASIM

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@gbarbieru @yummyblabla @v-atulyadav @v-shukore