Merge pull request #9061 from esfateev/patch-2

Update NRT_AuthenticationMethodsChangedforVIPUsers.yaml
Azure · Sep 28, 2023 · be54b51 · be54b51
2 parents d6b4626 + 33f402e
commit be54b51
Show file tree

Hide file tree

Showing 6 changed files with 8,002 additions and 7,590 deletions.
diff --git a/.script/tests/KqlvalidationsTests/SkipValidationsTemplates.json b/.script/tests/KqlvalidationsTests/SkipValidationsTemplates.json
@@ -79,11 +79,6 @@
     "templateName": "vimNetworkSessionMicrosoftMD4IoT.yaml",
     "validationFailReason": "The name 'LocalPort' does not refer to any known column, table, variable or function."
   },
-  {
-    "id": "29e99017-e28d-47be-8b9a-c8c711f8a903",
-    "templateName": "NRT_AuthenticationMethodsChangedforVIPUsers.yaml",
-    "validationFailReason": "The name 'User Principal Name' does not refer to any known column, table, variable or function"
-  },
   {
     "id": "078a6526-e94e-4cf1-a08e-83bc0186479f",
     "templateName": "Anomalous AAD Account Manipulation.yaml",

diff --git a/...ns/Azure Active Directory/Analytic Rules/NRT_AuthenticationMethodsChangedforVIPUsers.yaml b/...ns/Azure Active Directory/Analytic Rules/NRT_AuthenticationMethodsChangedforVIPUsers.yaml
@@ -15,7 +15,7 @@ tags:
   - AADSecOpsGuide
 query: |
   let security_info_actions = dynamic(["User registered security info", "User changed default security info", "User deleted security info", "Admin updated security info", "User reviewed security info", "Admin deleted security info", "Admin registered security info"]);
-  let VIPUsers = (_GetWatchlist('VIPUsers') | distinct ["User Principal Name"]);
+  let VIPUsers = (_GetWatchlist('VIPUsers') | distinct "User Principal Name");
   AuditLogs
   | where Category =~ "UserManagement"
   | where ActivityDisplayName in (security_info_actions)
@@ -40,5 +40,5 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: IP
-version: 1.0.1
+version: 1.0.2
 kind: NRT
diff --git a/Solutions/Azure Active Directory/Package/3.0.3.zip b/Solutions/Azure Active Directory/Package/3.0.3.zip
diff --git a/Solutions/Azure Active Directory/Package/createUiDefinition.json b/Solutions/Azure Active Directory/Package/createUiDefinition.json
@@ -51,6 +51,30 @@
       }
     ],
     "steps": [
+      {
+        "name": "dataconnectors",
+        "label": "Data Connectors",
+        "bladeTitle": "Data Connectors",
+        "elements": [
+          {
+            "name": "dataconnectors1-text",
+            "type": "Microsoft.Common.TextBlock",
+            "options": {
+              "text": "This Solution installs the data connector for Azure Active Directory. You can get Azure Active Directory custom log data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
+            }
+          },
+          {
+            "name": "dataconnectors-link2",
+            "type": "Microsoft.Common.TextBlock",
+            "options": {
+              "link": {
+                "label": "Learn more about connecting data sources",
+                "uri": "https://docs.microsoft.com/azure/sentinel/connect-data-sources"
+              }
+            }
+          }
+        ]
+      },
       {
         "name": "workbooks",
         "label": "Workbooks",