Forum Discussion
SOURGUM Actor IOC - July 2021 Analytics Rule
Hi, Have a question regarding one Analytics Rule in Microsoft Sentinel ( SOURGUM Actor IOC - July 2021 ). In Sentinel, Office 365 connector is one of the list of data connectors for this rule. B...
There are two versions (1.0.1 and 1.1.1) both using the same name, I suspect in the 2nd link (the one you are looking at, Office365 is wrongly used in the YAML file)
https://github.com/Azure/Azure-Sentinel/blob/b20831ed8f721c2f91ffc356af8e7dfa3df08711/Solutions/Windows%20Forwarded%20Events/Analytic%20Rules/SOURGUM_IOC_WindowsEvent.yaml
and
https://github.com/Azure/Azure-Sentinel/blob/2e4f5f6e6d1899827c01e19e20dc368abd140eb3/Detections/MultipleDataSources/SOURGUM_IOC.yaml
https://github.com/Azure/Azure-Sentinel/blob/b20831ed8f721c2f91ffc356af8e7dfa3df08711/Solutions/Windows%20Forwarded%20Events/Analytic%20Rules/SOURGUM_IOC_WindowsEvent.yaml
and
https://github.com/Azure/Azure-Sentinel/blob/2e4f5f6e6d1899827c01e19e20dc368abd140eb3/Detections/MultipleDataSources/SOURGUM_IOC.yaml