Skip to content

Commit

Permalink
Merge branch 'public' into patch-1
Browse files Browse the repository at this point in the history
  • Loading branch information
shdyas authored Aug 21, 2024
2 parents e76f749 + 940d011 commit 8153273
Show file tree
Hide file tree
Showing 8 changed files with 172 additions and 11 deletions.
35 changes: 35 additions & 0 deletions .github/workflows/AutoLabelAssign.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
name: Assign and label PR

permissions:
pull-requests: write
contents: read
actions: read

on:
workflow_run:
workflows: [Background tasks]
types:
- completed

jobs:
download-payload:
name: Download and extract payload artifact
uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-ExtractPayload.yml@workflows-prod
with:
WorkflowId: ${{ github.event.workflow_run.id }}
OrgRepo: ${{ github.repository }}
secrets:
AccessToken: ${{ secrets.GITHUB_TOKEN }}

label-assign:
name: Run assign and label
needs: [download-payload]
uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-AutoLabelAssign.yml@workflows-prod
with:
PayloadJson: ${{ needs.download-payload.outputs.WorkflowPayload }}
AutoAssignUsers: 1
AutoLabel: 1
ExcludedUserList: '["user1", "user2"]'
ExcludedBranchList: '["branch1", "branch2"]'
secrets:
AccessToken: ${{ secrets.GITHUB_TOKEN }}
34 changes: 34 additions & 0 deletions .github/workflows/AutoLabelMsftContributor.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
name: Auto label Microsoft contributors

permissions:
pull-requests: write
contents: read
actions: read

on:
workflow_run:
workflows: [Background tasks]
types:
- completed

jobs:
download-payload:
if: github.repository_visibility == 'public'
name: Download and extract payload artifact
uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-ExtractPayload.yml@workflows-prod
with:
WorkflowId: ${{ github.event.workflow_run.id }}
OrgRepo: ${{ github.repository }}
secrets:
AccessToken: ${{ secrets.GITHUB_TOKEN }}

label-msft:
name: Label Microsoft contributors
if: github.repository_visibility == 'public'
needs: [download-payload]
uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-AutoLabelMsftContributor.yml@workflows-prod
with:
PayloadJson: ${{ needs.download-payload.outputs.WorkflowPayload }}
secrets:
AccessToken: ${{ secrets.GITHUB_TOKEN }}
TeamReadAccessToken: ${{ secrets.ORG_READTEAMS_TOKEN }}
26 changes: 26 additions & 0 deletions .github/workflows/BackgroundTasks.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
name: Background tasks

permissions:
pull-requests: write
contents: read

on:
pull_request_target:

jobs:
upload:
runs-on: ubuntu-latest

steps:
- name: Save payload data
env:
PayloadJson: ${{ toJSON(github) }}
AccessToken: ${{ github.token }}
run: |
mkdir -p ./pr
echo $PayloadJson > ./pr/PayloadJson.json
sed -i -e "s/$AccessToken/XYZ/g" ./pr/PayloadJson.json
- uses: actions/upload-artifact@v4
with:
name: PayloadJson
path: pr/
19 changes: 19 additions & 0 deletions .github/workflows/LiveMergeCheck.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
name: PR can merge into branch

permissions:
pull-requests: write
statuses: write
contents: read

on:
pull_request_target:
types: [opened, reopened, synchronize, edited]

jobs:

live-merge:
uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-LiveMergeCheck.yml@workflows-prod
with:
PayloadJson: ${{ toJSON(github) }}
secrets:
AccessToken: ${{ secrets.GITHUB_TOKEN }}
19 changes: 19 additions & 0 deletions .github/workflows/PrFileCount.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
name: PR file count less than limit

permissions:
pull-requests: write
statuses: write
contents: read

on:
pull_request_target:
types: [opened, reopened, synchronize, labeled, unlabeled, edited]

jobs:

file-count:
uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-PrFileCount.yml@workflows-prod
with:
PayloadJson: ${{ toJSON(github) }}
secrets:
AccessToken: ${{ secrets.GITHUB_TOKEN }}
17 changes: 17 additions & 0 deletions .github/workflows/ProtectedFiles.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
name: PR has no protected files

permissions:
pull-requests: write
statuses: write
contents: read

on: [pull_request_target]

jobs:

protected-files:
uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-ProtectedFiles.yml@workflows-prod
with:
PayloadJson: ${{ toJSON(github) }}
secrets:
AccessToken: ${{ secrets.GITHUB_TOKEN }}
6 changes: 4 additions & 2 deletions defender-xdr/TOC.yml
Original file line number Diff line number Diff line change
Expand Up @@ -478,9 +478,11 @@
items:
- name: SOC optimization overview
display name: SOC optimization
href: https://aka.ms/soc-opt-from-defender
href: /azure/sentinel/soc-optimization/soc-optimization-access?toc=/defender-xdr/toc.json&bc=/defender-xdr/breadcrumb/toc.json
- name: Use SOC optimizations programmatically
href: /azure/sentinel/soc-optimization/soc-optimization-api?toc=/defender-xdr/toc.json&bc=/defender-xdr/breadcrumb/toc.json
- name: SOC optimization reference
href: https://aka.ms/soc-opt-ref
href: /azure/sentinel/soc-optimization/soc-optimization-reference?toc=/defender-xdr/toc.json&bc=/defender-xdr/breadcrumb/toc.json
- name: Manage multitenant environments
items:
- name: Overview
Expand Down
27 changes: 18 additions & 9 deletions defender-xdr/microsoft-threat-actor-naming.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,16 +6,16 @@ ms.service: defender-xdr
ms.mktglfcycl: secure
ms.sitesec: library
ms.localizationpriority: medium
ms.author: vpattnaik
author: diannegali
ms.author: diannegali
author: vpattnaik
manager: dansimp
audience: ITPro
ms.collection:
- m365-security
- tier2
ms.topic: conceptual
search.appverid: met150
ms.date: 06/12/2024
ms.date: 08/19/2024
---

# How Microsoft names threat actors
Expand Down Expand Up @@ -54,6 +54,7 @@ Use the following reference table to understand how our previously publicly disc

|Threat actor name|Previous name|Origin/Threat|Other names|
|:---:|:---:|:---:|:---:|
|Antique Typhoon|Storm-0558|China||
|Aqua Blizzard|ACTINIUM|Russia|UNC530, Primitive Bear, Gamaredon|
|Blue Tsunami||Private sector offensive actor|Black Cube|
|Brass Typhoon|BARIUM|China|APT41|
Expand Down Expand Up @@ -97,7 +98,7 @@ Use the following reference table to understand how our previously publicly disc
|Night Tsunami|DEV-0336|Private sector offensive actor|NSO Group|
|Nylon Typhoon|NICKEL|China|ke3chang, APT15, Vixen Panda|
|Octo Tempest|Storm-0875|Financially motivated|0ktapus, Scattered Spider, UNC3944|
|Onyx Sleet|PLUTONIUM|North Korea|Silent Chollima, Andariel, DarkSeoul|
|Onyx Sleet|PLUTONIUM|North Korea|APT45, Silent Chollima, Andariel, DarkSeoul|
|Opal Sleet|OSMIUM|North Korea|Konni|
|Peach Sandstorm|HOLMIUM|Iran|APT33, Refined Kitten|
|Pearl Sleet|DEV-0215 (LAWRENCIUM)|North Korea||
Expand All @@ -110,13 +111,15 @@ Use the following reference table to understand how our previously publicly disc
|Purple Typhoon|POTASSIUM|China|APT10, Cloudhopper, MenuPass|
|Raspberry Typhoon|RADIUM|China|APT30, LotusBlossom|
|Ruby Sleet|CERIUM|North Korea||
|Ruza Flood|Storm-1099|Russia, Influence operations||
|Salmon Typhoon|SODIUM|China|APT4, Maverick Panda|
|Sangria Tempest|ELBRUS|Financially motivated|Carbon Spider, FIN7|
|Sapphire Sleet|COPERNICIUM|North Korea|Genie Spider, BlueNoroff|
|Seashell Blizzard|IRIDIUM|Russia|APT44, Sandworm|
|Secret Blizzard|KRYPTON|Russia|Venomous Bear, Turla, Snake|
|Sefid Flood|Storm-1364|Iran, Influence operations||
|Silk Typhoon|HAFNIUM|China||
|Smoke Sandstorm|BOHRIUM|Iran||
|Smoke Sandstorm|BOHRIUM|Iran|UNC1549|
|Spandex Tempest|CHIMBORAZO|Financially motivated|TA505|
|Star Blizzard|SEABORGIUM|Russia|Callisto, Reuse Team|
|Storm-0062||China|DarkShadow, Oro0lxy|
Expand All @@ -125,23 +128,24 @@ Use the following reference table to understand how our previously publicly disc
|Storm-0257||Group in development|UNC1151|
|Storm-0324||Financially motivated|TA543, Sagrid|
|Storm-0381||Financially motivated||
|Storm-0501||Group in development||
|Storm-0506||Group in development||
|Storm-0530||North Korea|H0lyGh0st|
|Storm-0539||Financially motivated|Atlas Lion|
|Storm-0558||China||
|Storm-0569||Financially motivated||
|Storm-0587||Russia|SaintBot, Saint Bear, TA471|
|Storm-0744||Financially motivated||
|Storm-0784||Iran||
|Storm-0829||Group in development|Nwgen Team|
|Storm-0835||Group in development|EvilProxy|
|Storm-0842||Iran||
|Storm-0844||Group in development||
|Storm-0861||Iran||
|Storm-0867||Egypt|Caffeine|
|Storm-0971||Financially motivated|(Merged into Octo Tempest)|
|Storm-0978||Group in development|RomCom, Underground Team|
|Storm-1044||Financially motivated|Danabot|
|Storm-1084||Iran|DarkBit|
|Storm-1099||Russia||
|Storm-1101||Group in development|NakedPages|
|Storm-1113||Financially motivated||
|Storm-1133||Palestinian Authority||
Expand All @@ -151,17 +155,22 @@ Use the following reference table to understand how our previously publicly disc
|Storm-1283||Group in development||
|Storm-1286||Group in development||
|Storm-1295||Group in development|Greatness|
|Storm-1364||Iran||
|Storm-1376||China, Influence operations||
|Storm-1516||Russia, Influence operations||
|Storm-1567||Financially motivated|Akira|
|Storm-1575||Group in development|Dadsec|
|Storm-1660||Iran, Influence operations||
|Storm-1674||Financially motivated||
|Storm-1679||Russia, Influence operations||
|Storm-1804||Iran, Influence operations||
|Storm-1805||Iran, Influence operations||
|Storm-1811||Financially motivated||
|Storm-1841||Russia, Influence operations||
|Storm-1849||China|UAT4356|
|Storm-1852||Group in development||
|Storm-2035||Iran, Influence operations||
|Strawberry Tempest||Financially motivated|LAPSUS$|
|Sunglow Blizzard||Russia||
|Taizi Flood|Storm-1376|China, Influence operations|Spamouflage, Dragonbridge|
|Tomato Tempest|SPURR|Financially motivated|Vatet|
|Vanilla Tempest|DEV-0832|Financially motivated||
|Velvet Tempest|DEV-0504|Financially motivated||
Expand Down

0 comments on commit 8153273

Please sign in to comment.