MDIoT analytic rules entities

Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTExcessiveLoginAttempts.yaml

@@ -47,14 +47,8 @@ query: |
     AlertManagementUri,
     Techniques
 entityMappings:
-  - entityType: IP
-    fieldMappings:
-      - identifier: Address
-        columnName: SourceDeviceAddress
-  - entityType: IP
-    fieldMappings:
-      - identifier: Address
-        columnName: DestDeviceAddress
+sentinelEntitiesMappings:
+  - columnName: Entities
 eventGroupingSettings:
   aggregationKind: AlertPerResult
 customDetails:
@@ -78,5 +72,5 @@ alertDetailsOverride:
       value: ProductComponentName
     - alertProperty: AlertLink
       value: AlertLink
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled

Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTFirmwareUpdates.yaml

@@ -47,14 +47,8 @@ query: |
     AlertManagementUri,
     Techniques
 entityMappings:
-  - entityType: IP
-    fieldMappings:
-      - identifier: Address
-        columnName: SourceDeviceAddress
-  - entityType: IP
-    fieldMappings:
-      - identifier: Address
-        columnName: DestDeviceAddress
+sentinelEntitiesMappings:
+  - columnName: Entities
 eventGroupingSettings:
   aggregationKind: AlertPerResult
 customDetails:
@@ -78,5 +72,5 @@ alertDetailsOverride:
       value: ProductComponentName
     - alertProperty: AlertLink
       value: AlertLink
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled

Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTHighBandwidth.yaml

@@ -47,14 +47,8 @@ query: |
     AlertManagementUri,
     Techniques
 entityMappings:
-  - entityType: IP
-    fieldMappings:
-      - identifier: Address
-        columnName: SourceDeviceAddress
-  - entityType: IP
-    fieldMappings:
-      - identifier: Address
-        columnName: DestDeviceAddress
+sentinelEntitiesMappings:
+  - columnName: Entities
 eventGroupingSettings:
   aggregationKind: AlertPerResult
 customDetails:
@@ -78,5 +72,5 @@ alertDetailsOverride:
       value: ProductComponentName
     - alertProperty: AlertLink
       value: AlertLink
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled

Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTINoSensorTrafficDetected.yaml

@@ -47,14 +47,8 @@ query: |
     AlertManagementUri,
     Techniques
 entityMappings:
-  - entityType: IP
-    fieldMappings:
-      - identifier: Address
-        columnName: SourceDeviceAddress
-  - entityType: IP
-    fieldMappings:
-      - identifier: Address
-        columnName: DestDeviceAddress
+sentinelEntitiesMappings:
+  - columnName: Entities
 eventGroupingSettings:
   aggregationKind: AlertPerResult
 customDetails:
@@ -78,5 +72,5 @@ alertDetailsOverride:
       value: ProductComponentName
     - alertProperty: AlertLink
       value: AlertLink
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled

Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTIllegalFunctionCodes.yaml

@@ -48,14 +48,8 @@ query: |
     AlertManagementUri,
     Techniques
 entityMappings:
-  - entityType: IP
-    fieldMappings:
-      - identifier: Address
-        columnName: SourceDeviceAddress
-  - entityType: IP
-    fieldMappings:
-      - identifier: Address
-        columnName: DestDeviceAddress
+sentinelEntitiesMappings:
+  - columnName: Entities
 eventGroupingSettings:
   aggregationKind: AlertPerResult
 customDetails:
@@ -79,5 +73,5 @@ alertDetailsOverride:
       value: ProductComponentName
     - alertProperty: AlertLink
       value: AlertLink
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled

Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTInsecurePLC.yaml

@@ -47,14 +47,8 @@ query: |
     AlertManagementUri,
     Techniques
 entityMappings:
-  - entityType: IP
-    fieldMappings:
-      - identifier: Address
-        columnName: SourceDeviceAddress
-  - entityType: IP
-    fieldMappings:
-      - identifier: Address
-        columnName: DestDeviceAddress
+sentinelEntitiesMappings:
+  - columnName: Entities
 eventGroupingSettings:
   aggregationKind: AlertPerResult
 customDetails:
@@ -78,5 +72,5 @@ alertDetailsOverride:
       value: ProductComponentName
     - alertProperty: AlertLink
       value: AlertLink
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled

Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTInternetAccess.yaml

@@ -47,14 +47,8 @@ query: |
     AlertManagementUri,
     Techniques
 entityMappings:
-  - entityType: IP
-    fieldMappings:
-      - identifier: Address
-        columnName: SourceDeviceAddress
-  - entityType: IP
-    fieldMappings:
-      - identifier: Address
-        columnName: DestDeviceAddress
+sentinelEntitiesMappings:
+  - columnName: Entities
 eventGroupingSettings:
   aggregationKind: AlertPerResult
 customDetails:
@@ -78,5 +72,5 @@ alertDetailsOverride:
       value: ProductComponentName
     - alertProperty: AlertLink
       value: AlertLink
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled

Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTMalware.yaml

@@ -48,14 +48,8 @@ query: |
     AlertManagementUri,
     Techniques
 entityMappings:
-  - entityType: IP
-    fieldMappings:
-      - identifier: Address
-        columnName: SourceDeviceAddress
-  - entityType: IP
-    fieldMappings:
-      - identifier: Address
-        columnName: DestDeviceAddress
+sentinelEntitiesMappings:
+  - columnName: Entities
 eventGroupingSettings:
   aggregationKind: AlertPerResult
 customDetails:
@@ -79,5 +73,5 @@ alertDetailsOverride:
       value: ProductComponentName
     - alertProperty: AlertLink
       value: AlertLink
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled

Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTNetworkScanning.yaml

@@ -47,14 +47,8 @@ query: |
     AlertManagementUri,
     Techniques
 entityMappings:
-  - entityType: IP
-    fieldMappings:
-      - identifier: Address
-        columnName: SourceDeviceAddress
-  - entityType: IP
-    fieldMappings:
-      - identifier: Address
-        columnName: DestDeviceAddress
+sentinelEntitiesMappings:
+  - columnName: Entities
 eventGroupingSettings:
   aggregationKind: AlertPerResult
 customDetails:
@@ -78,5 +72,5 @@ alertDetailsOverride:
       value: ProductComponentName
     - alertProperty: AlertLink
       value: AlertLink
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled

Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTPLCStopCommand.yaml

@@ -48,14 +48,8 @@ query: |
     AlertManagementUri,
     Techniques
 entityMappings:
-  - entityType: IP
-    fieldMappings:
-      - identifier: Address
-        columnName: SourceDeviceAddress
-  - entityType: IP
-    fieldMappings:
-      - identifier: Address
-        columnName: DestDeviceAddress
+sentinelEntitiesMappings:
+  - columnName: Entities
 eventGroupingSettings:
   aggregationKind: AlertPerResult
 customDetails:
@@ -79,5 +73,5 @@ alertDetailsOverride:
       value: ProductComponentName
     - alertProperty: AlertLink
       value: AlertLink
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled

Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTUnauthorizedDevice.yaml

@@ -47,14 +47,8 @@ query: |
     AlertManagementUri,
     Techniques
 entityMappings:
-  - entityType: IP
-    fieldMappings:
-      - identifier: Address
-        columnName: SourceDeviceAddress
-  - entityType: IP
-    fieldMappings:
-      - identifier: Address
-        columnName: DestDeviceAddress
+sentinelEntitiesMappings:
+  - columnName: Entities
 eventGroupingSettings:
   aggregationKind: AlertPerResult
 customDetails:
@@ -78,5 +72,5 @@ alertDetailsOverride:
       value: ProductComponentName
     - alertProperty: AlertLink
       value: AlertLink
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled

Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTUnauthorizedNetworkConfiguration.yaml

@@ -47,14 +47,8 @@ query: |
     AlertManagementUri,
     Techniques
 entityMappings:
-  - entityType: IP
-    fieldMappings:
-      - identifier: Address
-        columnName: SourceDeviceAddress
-  - entityType: IP
-    fieldMappings:
-      - identifier: Address
-        columnName: DestDeviceAddress
+sentinelEntitiesMappings:
+  - columnName: Entities
 eventGroupingSettings:
   aggregationKind: AlertPerResult
 customDetails:
@@ -78,5 +72,5 @@ alertDetailsOverride:
       value: ProductComponentName
     - alertProperty: AlertLink
       value: AlertLink
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled

Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTUnauthorizedPLCModifications.yaml

@@ -49,14 +49,8 @@ query: |
     AlertManagementUri,
     Techniques
 entityMappings:
-  - entityType: IP
-    fieldMappings:
-      - identifier: Address
-        columnName: SourceDeviceAddress
-  - entityType: IP
-    fieldMappings:
-      - identifier: Address
-        columnName: DestDeviceAddress
+sentinelEntitiesMappings:
+  - columnName: Entities
 eventGroupingSettings:
   aggregationKind: AlertPerResult
 customDetails:
@@ -80,5 +74,5 @@ alertDetailsOverride:
       value: ProductComponentName
     - alertProperty: AlertLink
       value: AlertLink
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled

Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTUnauthorizedRemoteAccess.yaml

@@ -47,14 +47,8 @@ query: |
     AlertManagementUri,
     Techniques
 entityMappings:
-  - entityType: IP
-    fieldMappings:
-      - identifier: Address
-        columnName: SourceDeviceAddress
-  - entityType: IP
-    fieldMappings:
-      - identifier: Address
-        columnName: DestDeviceAddress
+sentinelEntitiesMappings:
+  - columnName: Entities
 eventGroupingSettings:
   aggregationKind: AlertPerResult
 customDetails:
@@ -78,5 +72,5 @@ alertDetailsOverride:
       value: ProductComponentName
     - alertProperty: AlertLink
       value: AlertLink
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled