Create Phising emails.txt

[FabianBorz01]

Required items, please complete

Change(s):

• See guidance below

Reason for Change(s):

• See guidance below

Version Updated:

• Required only for Detections/Analytic Rule templates
• See guidance below

Testing Completed:

• See guidance below

Checked that the validations are passing and have addressed any issues that are present:

• See guidance below

Guidance <- remove section before submitting

---

Before submitting this PR please ensure that you have read the following sections and filled out the changes, reason for change and testing complete sections:

Thank you for your contribution to the Microsoft Sentinel Github repo.

Details of the code changes in your submitted PR. Providing descriptions for pull requests ensures there is context to changes being made and greatly enhances the code review process. Providing associated Issues that this resolves also easily connects the reason.

Change(s):

• Updated syntax for XYZ.yaml

Reason for Change(s):

• New schema used for XYZ.yaml
• Resolves ISSUE #1234

Version updated:

• Yes
• Detections/Analytic Rule templates are required to have the version updated

The code should have been tested in a Microsoft Sentinel environment that does not have any custom parsers, functions or tables, so that you validate no incorrect syntax and execution functions properly. If your submission requires a custom parser or function, it must be submitted with the PR.

Testing Completed:

• Yes/No/Need Help

Note: If updating a detection, you must update the version field.

Before the submission has been made, please look at running the KQL and Yaml Validation Checks locally. https://github.com/Azure/Azure-Sentinel#run-kql-validation-locally

Checked that the validations are passing and have addressed any issues that are present:

• Yes/No/Need Help

Note: Let us know if you have tried fixing the validation error and need help.

References:

• Guidance for Detection checks
• General contribution guidance
• PR validation troubleshooting

---

[v-spadarthi]

@aprakash13 : Could you please review the Hunting queries. Thanks!

[v-spadarthi]

@aprakash13 : Could you please review the Hunting queries. Thanks!

[v-spadarthi]

@aprakash13 : Could you please review the Hunting queries. Thanks!

[FabianBorz01]

@aprakash13 : Could you please review the Hunting queries. Thanks!

Hi, How should I review the hunting queries ? Thank you!

[v-laanjana]

@aprakash13 : Could you please review the Hunting queries. Thanks!

[FabianBorz01]

Hi, How should I review the hunting queries ? Thank you!

[NikTripathi]

Hi @FabianBorz01 You don't need to review anything. Our team is review and will provide there update. Thanks

[v-spadarthi]

@FabianBorz01 : Please follow the instructions suggested by @shainw and do the modifications accordingly.

[v-spadarthi]

@FabianBorz01 : Please follow the instructions suggested by @shainw and do the modifications accordingly.

[v-spadarthi]

@FabianBorz01 : Please follow the instructions suggested by @shainw and do the modifications accordingly.

[v-spadarthi]

@FabianBorz01 : Please follow the instructions suggested by @shainw and do the modifications accordingly.

[v-spadarthi]

@FabianBorz01 : Please follow the instructions suggested by @shainw and do the modifications accordingly.

[FabianBorz01]

Hello sir Thank you for your advice. I will do the modifications Thank you so much

On Wed, Sep 28, 2022 at 5:05 AM v-spadarthi @.***> wrote:

@FabianBorz01 https://github.com/FabianBorz01 : Please follow the instructions suggested by @shainw https://github.com/shainw and do the modifications accordingly.

— Reply to this email directly, view it on GitHub https://github.com/Azure/Azure-Sentinel/pull/5686#issuecomment-1260294381, or unsubscribe https://github.com/notifications/unsubscribe-auth/AV7BLM326KR4XF3PSGRGXTDWAORVDANCNFSM54KRFCFQ . You are receiving this because you were mentioned.Message ID: @.***>

[v-spadarthi]

@FabianBorz01 : Please do the modifications and let us know

[v-mchatla]

Hi @FabianBorz01, Please refer the sample shared by @shainw and make necessary change to your query. Let us know if you need any help over there. Thanks

[v-amolpatil]

Hi @FabianBorz01 , Please refer the sample shared by @shainw and make necessary changes to your query. Let us know if you need any help over there. Thanks

[v-spadarthi]

Hi @FabianBorz01 , Please refer the sample shared by @shainw and make necessary changes to your query. Let us know if you need any help over there. Thanks

[v-spadarthi]

Hi @FabianBorz01 , Please refer the sample shared by @shainw and make necessary changes to your query. Let us know if you need any help over there. Thanks

[v-spadarthi]

Hi @FabianBorz01 , Please refer the sample shared by @shainw and make necessary changes to your query. Let us know if you need any help over there. Thanks

[v-spadarthi]

Hi @FabianBorz01 , Please refer the sample shared by @shainw and make necessary changes to your query. Let us know if you need any help over there. Thanks

[v-spadarthi]

@FabianBorz01 We wanted to check on the status of PR https://github.com/Azure/Azure-Sentinel/pull/5686 . PR is pending from more than 60 days. Let us know if any assistance is required for this PR. As Per our standard operating procedures if no response is received in the next 7 business days, we will close this PR. Thank you for your cooperation.

[v-spadarthi]

Waiting for the update from author

[v-spadarthi]

Waiting for the update from author

[v-spadarthi]

Waiting for the update from author

[v-spadarthi]

Hi @FabianBorz01 Since we have not received response from last 7 days, we are closing your PR per our standard operating procedures. If you still need support for this issue you can re-open the PR at any time. If you do re-open, we simply request that you ensure the PR has response to the last request. Thank you for your cooperation.