Merge branch 'MimecastTIRegional' of https://github.com/nipun-crestda…

…tasystem/Azure-Sentinel into MimecastTIRegional
Azure · Sep 4, 2023 · 6dc40c8 · 6dc40c8
2 parents 2d02800 + 75419bd
commit 6dc40c8
Show file tree

Hide file tree

Showing 649 changed files with 172,334 additions and 30,252 deletions.
diff --git a/.github/workflows/IssueComment.yml b/.github/workflows/IssueComment.yml
@@ -1,6 +1,8 @@
 name: IssueComment
 
-on: [issues]
+on: 
+  issues:
+    types: opened
 
 jobs:
   commenting:

diff --git a/.github/workflows/addCommentToRemindUpdatingTemplateVersion.yml b/.github/workflows/addCommentToRemindUpdatingTemplateVersion.yml
@@ -9,6 +9,7 @@ on:
 jobs:
   add-comment:
     uses: ./.github/workflows/addComment.yaml
+    if: ${{ !github.event.pull_request.head.repo.fork }}
     with:
       message: |
         **Hello how are you I am GitHub bot**

diff --git a/.github/workflows/package-on-merge.yaml b/.github/workflows/package-on-merge.yaml
@@ -236,6 +236,15 @@ jobs:
       message: "@${{ github.event.client_payload.github.actor }} The requested package for the '${{ needs.solutionNameDetails.outputs.solutionName }}' solution has been generated based on Pull request #${{ github.event.client_payload.pull_request.number }}"
       prNumber: "${{ needs.createNewPR.outputs.newPRNumber }}"
 
+  addAutoPackageLabel:
+    name: Add Label of Auto-Package
+    needs: createNewPR
+    if: ${{ success() }} 
+    uses: ./.github/workflows/addLabelOnPr.yaml
+    with:
+      labelName: "auto-package"
+    secrets: inherit
+
   release-project:
     name: Publish-Artifacts
     runs-on: ubuntu-latest

diff --git a/.github/workflows/slash-command-dispatch.yaml b/.github/workflows/slash-command-dispatch.yaml
@@ -35,3 +35,12 @@ jobs:
           repository: ${{env.REPO_OWNER}}/${{env.REPO_NAME}}
           issue-type: pull-request
           reactions: false
+
+  addAutoPackageLabel:
+    name: Add Label of Auto-Package
+    needs: slashCommandDispatch
+    if: ${{ success() }} 
+    uses: ./.github/workflows/addLabelOnPr.yaml
+    with:
+      labelName: "auto-package"
+    secrets: inherit
diff --git a/.script/package-automation/package-generator.ps1 b/.script/package-automation/package-generator.ps1
@@ -102,7 +102,7 @@ try {
         $playbookFiles = $playbookFiles -match ([regex]::Escape(".json"))
 
         if ($playbookFiles.Count -gt 0) {
-            $playbookFiles = $playbookFiles | Where-Object { $_ -notlike '*swagger*' -and $_ -notlike '*gov*' } | Where-Object { $_ -notlike '*function.json*' }
+            $playbookFiles = $playbookFiles | Where-Object { $_ -notlike '*swagger*' -and $_ -notlike '*gov*' -and $_ -notlike '*function.json' -and $_ -notlike '*host.json' }
         }
 
         return $playbookFiles;
@@ -521,11 +521,22 @@ try {
                 $playbooksFolderHasFunctionAppsInSolutionsFolder = @()
                 $playbooksFolderHasFunctionAppsInSolutionsFolder += $filteredPlaybookFunctionApps
 
-                $playbooksFunctionAppFiles += GetPlaybooksJsonFileNames($playbooksFolderHasFunctionAppsInSolutionsFolder)
+                $playbooksFunctionAppFilesInSolutionsFolder = GetPlaybooksJsonFileNames($playbooksFolderHasFunctionAppsInSolutionsFolder)
 
-                if ($playbooksFunctionAppFiles -gt 0)
+                if ($playbooksFunctionAppFilesInSolutionsFolder.Count -gt 0)
                 {
-                    $playbooksFunctionAppFiles = $playbooksFunctionAppFiles | ForEach-Object { $_.replace("$solutionFolderPath", '', 'OrdinalIgnoreCase') }
+                    $filteredPlaybooksFunctionAppFiles = $playbooksFunctionAppFilesInSolutionsFolder | ForEach-Object { $_.replace("$solutionFolderPath", '', 'OrdinalIgnoreCase') }
+
+                    if ($filteredPlaybooksFunctionAppFiles.Count -gt 0)
+                    {
+                        foreach($item in $filteredPlaybooksFunctionAppFiles)
+                        {
+                            if ($playbooksFunctionAppFiles -notcontains $item)
+                            {
+                                $playbooksFunctionAppFiles += $item
+                            }
+                        }
+                    }
                 }
             }
         }
@@ -738,14 +749,20 @@ try {
             # ADD REMAINING PLAYBOOKS
             foreach ($fl in $formulatePlaybooksList)
             {
-                $playbooksFinalList += $fl.Replace("$solutionFolderPath", '')
+                if ($playbooksFinalList -notcontains $fl)
+                {
+                    $playbooksFinalList += $fl.Replace("$solutionFolderPath", '')
+                }
             }
         }
         else 
         {
             foreach ($fl in $formulatePlaybooksList)
             {
-                $playbooksFinalList += $fl.Replace("$solutionFolderPath", '')
+                if ($playbooksFinalList -notcontains $fl)
+                {
+                    $playbooksFinalList += $fl.Replace("$solutionFolderPath", '')
+                }
             }
         }
 

diff --git a/.script/tests/KqlvalidationsTests/CustomTables/InfobloxCDC.json b/.script/tests/KqlvalidationsTests/CustomTables/InfobloxCDC.json
@@ -40,6 +40,62 @@
         {
             "Name": "DestinationDnsDomain",
             "Type": "String"
+        },
+        {
+            "Name": "ThreatLevel",
+            "Type": "String"
+        },
+        {
+            "Name": "ThreatConfidence",
+            "Type": "Int"
+        },
+        {
+            "Name": "InfobloxThreatConfidence",
+            "Type": "Int"
+        },
+        {
+            "Name": "InfobloxB1FeedName",
+            "Type": "String"
+        },
+        {
+            "Name": "ThreatClass",
+            "Type": "String"
+        },
+        {
+            "Name": "ThreatProperty",
+            "Type": "String"
+        },
+        {
+            "Name": "DeviceAction",
+            "Type": "String"
+        },
+        {
+            "Name": "InfobloxB1PolicyName",
+            "Type": "String"
+        },
+        {
+            "Name": "SourceMACAddress",
+            "Type": "String"
+        },
+        {
+            "Name": "SourceUserName",
+            "Type": "String"
+        },
+        {
+            "Name": "InfobloxB1SrcOSVersion",
+            "Type": "String"
+        },
+        {
+            "Name": "InfobloxB1ConnectionType",
+            "Type": "String"
+        },
+        {
+            "Name": "InfobloxB1Network",
+            "Type": "String"
+        },
+        {
+            "Name": "AdditionalExtensionsParsedNested",
+            "Type": "Dynamic"
         }
     ]
-}
+}
diff --git a/.script/tests/KqlvalidationsTests/CustomTables/VotiroEvents.json b/.script/tests/KqlvalidationsTests/CustomTables/VotiroEvents.json
@@ -0,0 +1,105 @@
+{
+  "Name": "VotiroEvents",
+  "Properties": [
+    {
+      "Name": "companyName",
+      "Type": "String"
+    },
+    {
+      "Name": "correlationId",
+      "Type": "String"
+    },
+    {
+      "Name": "itemId",
+      "Type": "String"
+    },
+    {
+      "Name": "sanitizationResult",
+      "Type": "String"
+    },
+    {
+      "Name": "passwordProtected",
+      "Type": "String"
+    },
+    {
+      "Name": "from",
+      "Type": "String"
+    },
+    {
+      "Name": "fileName",
+      "Type": "String"
+    },
+    {
+      "Name": "connectorName",
+      "Type": "String"
+    },
+    {
+      "Name": "recipients",
+      "Type": "String"
+    },
+    {
+        "Name": "SrcFileSHA256",
+        "Type": "String"
+    },
+    {
+        "Name": "policyName",
+        "Type": "String"
+    },
+    {
+        "Name": "incidentURL",
+        "Type": "String"
+    },
+    {
+        "Name": "LogSeverity",
+        "Type": "String"
+    },
+    {
+        "Name": "fileSize",
+        "Type": "Int"
+    },
+    {
+        "Name": "AVResult",
+        "Type": "String"
+    },
+    {
+        "Name": "threatCount",
+        "Type": "Int"
+    },
+    {
+        "Name": "blockedCount",
+        "Type": "Int"
+    },
+    {
+        "Name": "threats",
+        "Type": "String"
+    },
+    {
+        "Name": "fileModification",
+        "Type": "String"
+    },
+    {
+        "Name": "sanitizationTime",
+        "Type": "Int"
+    },
+    {
+        "Name": "connectorType",
+        "Type": "String"
+    },
+    {
+        "Name": "connectorId",
+        "Type": "String"
+    },
+    {
+        "Name": "exceptionId",
+        "Type": "String"
+    },
+    {
+        "Name": "messageId",
+        "Type": "String"
+    },
+    {
+        "Name": "subject",
+        "Type": "String"
+    }
+  ]
+}
diff --git a/.script/tests/KqlvalidationsTests/CustomTables/feedly_indicators_CL.json b/.script/tests/KqlvalidationsTests/CustomTables/feedly_indicators_CL.json
@@ -0,0 +1,61 @@
+{
+  "Name":"feedly_indicators_CL",
+  "Properties":[
+  {
+    "Name": "TenantId",
+    "Type": "string"
+  },
+  {
+    "Name": "SourceSystem",
+    "Type": "string"
+  },
+  {
+    "Name": "MG",
+    "Type": "string"
+  },
+  {
+    "Name": "ManagementGroupName",
+    "Type": "string"
+  },
+  {
+    "Name": "TimeGenerated",
+    "Type": "datetime"
+  },
+  {
+    "Name": "Computer",
+    "Type": "string"
+  },
+  {
+    "Name": "RawData",
+    "Type": "string"
+  },
+  {
+    "Name": "articleTitle_s",
+    "Type": "string"
+  },
+  {
+    "Name": "articleUrl_s",
+    "Type": "string"
+  },
+  {
+    "Name": "source_s",
+    "Type": "string"
+  },
+  {
+    "Name": "type_s",
+    "Type": "string"
+  },
+  {
+    "Name": "value_s",
+    "Type": "string"
+  },
+  {
+    "Name": "Type",
+    "Type": "string"
+  },
+  {
+    "Name": "_ResourceId",
+    "Type": "string"
+  }
+]
+}