Gitlab
Solution: GitLab
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Publisher | Microsoft Corporation |
| Support Tier | Microsoft |
| Support Link | https://support.microsoft.com |
| Categories | domains |
| Version | 3.0.2 |
| Author | Microsoft - support@microsoft.com |
| First Published | 2022-04-27 |
| Last Updated | 2022-06-27 |
| Solution Folder | GitLab |
| Marketplace | Azure Marketplace · Popularity: 🔵 Medium (64%) |
| Pre-requisites | Syslog |
The GitLab solution allows you to easily connect your GitLab (GitLab Enterprise Edition - Standalone) logs into Microsoft Sentinel. This gives you more security insight into your organization's DevOps pipelines.
This solution is dependent on the Syslog solution containing the Syslog via AMA connector to collect the logs. The Syslog solution will be installed as part of this solution installation.
NOTE: Microsoft recommends installation of Syslog via AMA Connector. Legacy connector uses the Log Analytics agent which were deprecated on Aug 31, 2024. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost more details.
Contents
Pre-requisites
This solution depends on 1 other solution(s):
| Solution |
|---|
| Syslog |
Data Connectors
This solution has 1 discovered data connector(s)⚠️ (not in Solution definition):
Connectors from dependency solutions:
- Syslog via Legacy Agent (dependency on Syslog)
- Syslog via AMA (dependency on Syslog)
🔍 Discovered: This item was discovered by scanning the solution folder but is not listed in the Solution JSON file.
Tables Used
This solution uses 3 table(s):
| Table | Used By Connectors | Used By Content |
|---|---|---|
SigninLogs |
- | Analytics |
Syslog |
Syslog via AMA (dependency), Syslog via Legacy Agent (dependency), [Deprecated] GitLab | Analytics |
ThreatIntelligenceIndicator |
- | Analytics |
Content Items
This solution includes 12 content item(s):
| Content Type | Count |
|---|---|
| Analytic Rules | 9 |
| Parsers | 3 |
Analytic Rules
| Name | Severity | Tactics | Tables Used |
|---|---|---|---|
| GitLab - Abnormal number of repositories deleted | Medium | Impact | Syslog |
| GitLab - Brute-force Attempts | Medium | CredentialAccess | Syslog |
| GitLab - External User Added to GitLab | Medium | Persistence | Syslog |
| GitLab - Local Auth - No MFA | Medium | CredentialAccess | Syslog |
| GitLab - Personal Access Tokens creation over time | Medium | Collection | Syslog |
| GitLab - Repository visibility to Public | Medium | Persistence, DefenseEvasion, CredentialAccess | Syslog |
| GitLab - SSO - Sign-Ins Burst | Medium | CredentialAccess | SigninLogs |
| GitLab - TI - Connection from Malicious IP | Medium | InitialAccess | ThreatIntelligenceIndicator |
| GitLab - User Impersonation | Medium | Persistence | Syslog |
Parsers
| Name | Description | Tables Used |
|---|---|---|
| GitLabAccess | - | Syslog (read) |
| GitLabApp | - | Syslog (read) |
| GitLabAudit | - | Syslog (read) |
Release Notes
| Version | Date Modified (DD-MM-YYYY) | Change History |
|---|---|---|
| 3.0.2 | 12-12-2024 | Removed Deprecated Data connectors |
| 3.0.1 | 07-24-2023 | Deprecated data connectors |
| 3.0.0 | 07-11-2023 | Modifying text as there is rebranding from Azure Active Directory to Microsoft Entra ID |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊