-
Notifications
You must be signed in to change notification settings - Fork 3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Initial Push of Salem Cyber Integration #7743
Conversation
- playbook to collect Sentinel alerts and forward them to Salem - workbook to view Salem analysis in log analytics
@microsoft-github-policy-service agree company="Salem Cyber" |
Hello @jonbagg looking into this |
Hello @jonbagg please go through this readme to create a solution https://github.com/Azure/Azure-Sentinel/blob/master/Tools/Create-Azure-Sentinel-Solution/README.md |
Hello @jonbagg any updates on the followinf |
@v-prasadboke, yes, will have an update shortly |
Hello @jonbagg waiting for the updates |
@v-prasadboke, we're working through a few issues. have you seen this error before: |
Let me see what i can do from my side |
On which step are you facing this issue |
@v-prasadboke, this is in the Generate Solution Package step. But it appears that a new version of the script was published, and while I'm still getting this error, I can see the tests running. Unfortunately we have a new issue that we're trying to track down: It looks like this is validation running on the newly generated package, but it seems that this version of CreateUIDefinition.json is in memory, so I don't know what text and label fields are blank. I would like to know if it has to do with our workbook. Thats where our investigation is right now. If you have any thoughts on what this could be, please let me know |
Updates including: - Added logo - Added Solution Metadata - Added Input file - Updated playbook API versions in ARM template - Update Directory Name
Hello @jonbagg can you please add again the input file for the solution. |
@v-prasadboke , sorry about that, the files are synced now |
Thank you @jonbagg going through this |
hello @jonbagg working on this |
Hello @jonbagg please update the branch from master |
@v-prasadboke, I just updated from master |
Hello @jonbagg im still not able to fork the branch |
@v-prasadboke, I'm not sure I understand what you need to to do |
Hello @jonbagg, Metadata is missing from playbook such as last updated time and post deployment. After the playbook arm template is generated you can fill the metadata. |
Other than this I've added release notes in the solution. Please modify the date modified section of release notes as per needed. Also made some minimal changes for hyperlink validation. You can refer this readme file for clarification https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/ThreatXCloud/Playbooks/ThreatXPlaybooks/ThreatX-BlockIP-URL/readme.md |
@v-prasadboke, I added the readme on the playbook. I'm not following the comment on the metadata, but I did re-verify that the arm templates are working |
Hello there, @jonbagg . Thank you for providing the update. I'll investigate this. Thank you. |
Good day, @jonbagg. It must be because you are Custom deploying the Playbook arm template. This method directly takes you to Logic App Designer. You can refer this Playbook for required fields : https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/SlashNext/Playbooks/SlashNextPhishingIncidentInvestigation/deploy.json |
Aside from that, could you please share the Playbook's functional images? Thanks. |
What would be an example of a playbook functional image? Would that be a snap of the logic app designer? |
Yes that would work for me. |
Hello @jonbagg, Any updates for the requested images. Thanks. |
@v-prasadboke, I just made the requested updates and added a screenshot of the logic app to the images folder in the playbook dir |
Hello @jonbagg, Thanks for providing the requested changes. We will examine the commits and update you about the same by 28 August, 2023. |
Hello @jonbagg, All looks good. Just Repackage the solution again using V3 tool and After repackaging the solution please also add a hyperlink to readme in Description of Createui. |
@v-prasadboke, repackaged and updated createUI description as requested |
Hello @jonbagg, Thanks for committing the requested changes. Will examine this and update you about the same before 31 August, 2023. |
Required items, please complete
Change(s):
Reason for Change(s):
Version Updated:
Testing Completed:
Checked that the validations are passing and have addressed any issues that are present: