Support gov tenants for microsoft-sentinel-log-analytics-logstash-output-plugin.

[csidiro]

Describe the bug
Currently the login URL for AAD is hardcoded here https://github.com/Azure/Azure-Sentinel/blob/master/DataConnectors/microsoft-sentinel-log-analytics-logstash-output-plugin/lib/logstash/sentinel_la/logAnalyticsAadTokenProvider.rb#L13 taking into account only the commercial tenant.

To Reproduce
Steps to reproduce the behavior:

1. Configure a gov tenant.
2. You will get authentication error since it will try to connect to commercial aad.

[github-actions]

Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.

[github-actions]

Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.

[github-actions]

Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.

[github-actions]

Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.

[v-sudkharat]

Hi @csidiro, thanks for flagging this issue, we will soon get back to you on this. Thanks!

[v-sudkharat]

Hello @csidiro, we are connecting with our concerned team for this issue, once we get any information on this, we will update you. Thanks!

[v-sudkharat]

Hi @csidiro, we connected with concerned data connector team for this issue. They will check on this. Once we get any further information, we will update you. Thanks!

[v-sudkharat]

Hi @csidiro, we received the update from concern team, the AAD endpoint is indeed hardcoded for the commercial cloud; plugin is currently in public preview and is slated to be globally available in the next few months. Below are few of the questions we would like to know -

1. Which cloud service you are using and are you sentinel client?
2. can you share the expected data volume which you are planning to send using the plugin?
   Thanks!

[v-sudkharat]

Hello @csidiro, Gentle Reminder: We are waiting for your response on this issue. If you still need to keep this issue active, please respond on it in the next 2 days. If we don't receive response by 20-08-2023 date, we will be close this issue. Thanks!

[csidiro]

Hi @v-sudkharat

1. Yes we are a sentinel client.
2. Data volume is ~10gb/month.

[v-sudkharat]

Hello @csidiro, Thanks for sharing details with us, the concerned team is working on this issue, once we get any further information, we will update you.

[v-sudkharat]

Hi @csidiro, as per response from concern team the AAD endpoint is indeed hardcoded for the commercial cloud and plugin is currently in public preview and is slated to be globally available in the next few months.
Currently there is no plan on including national clouds to public preview phase of the plugin.
So, closing this issue. If you still need support for this issue, feel free to re-open it any time. Thank you for your co-operation.