MailGuard 365 Sentinel Solution #7992
Conversation
- Added MailGuard 365 Logo - Added Data Connector - Added Hunting Queries - Added Workbooks
|
@microsoft-github-policy-service agree company="MailGuard Pty Ltd" |
prathikc
changed the title
|
Hi @devikamehra, please provide your feedback. |
Solutions/MailGuard 365/Hunting Queries/MailGuard365HighConfidenceThreats.yaml
Show resolved
Hide resolved
.script/tests/KqlvalidationsTests/CustomTables/MailGuard365_Threats_CL.json
Show resolved
Hide resolved
|
Hi @prathikc, please provide the Sample data. Also, repackage the solution using this tool https://github.com/Azure/Azure-Sentinel/tree/master/Tools/Create-Azure-Sentinel-Solution/V2 with version 2.0.0 |
|
Hi @prathikc, please address the comments from me and Devika, thanks! |
- Updated entity mappings in the query - Added sample data
Hi @prathikc, can you please work on this as well? |
Hi @v-rbajaj , I have uploaded the sample data as well now. Running into a few issues with generating the solution package, i suspect it might be with my environment, will continue to work on it. |
|
Hi @v-rbajaj , I've updated the solution V2. |
| "sampleQueries": [ | ||
| { | ||
| "description" : "All phishing threats stopped by MailGuard 365", | ||
| "query": "MailGuard365_Threats_CL \n | where where Category == \"Phishing\"" |
There was a problem hiding this comment.
Please remove the extra "where" from the query, this should fix the failing KQL validation.
There was a problem hiding this comment.
Please do fix the ARM TTK validation as well.
There was a problem hiding this comment.
Thank you, I've fixed the KQL validation and the ARM TTK validation as well.
|
Hi @prathikc, thanks for making these changes. Please remove the 2.0.0 zip from this PR, this PR will only have 3.0.0 zip Please do add release note as well, follow below mentioned link for the same. Also please fix the merge conflicts. |
Hi @prathikc, please look into this comment. |
|
Hi @prathikc , please look into the above comment. |
|
Noted @prathikc, thanks. |
|
Hi @prathikc, can you please provide some update on this PR? |
1 similar comment
|
Hi @prathikc, can you please provide some update on this PR? |
|
Hi @prathikc, please provide some update on this PR |
Hi @v-rbajaj , i am working on packaging the solution. There are some urgent issues that I am currently working on, will provi
Hi @v-rbajaj , I'm still working on the packaging, will get it ready by early next week. |
|
Hi @prathikc, thanks noted. |
|
Hi @prathikc, can you please provide some update on this PR? |
prathikc
force-pushed
the
mailguard365-1
branch
from
689e1e7 to
cdcff8f
Compare
|
Hi @prathikc, thanks for making these changes, I hope you are working on adding of release notes and fixing the merge conflicts? |
prathikc
force-pushed
the
mailguard365-1
branch
from
a2fdbe0 to
5df908f
Compare
| "instructionSteps": [ | ||
| { | ||
| "title": "Configure and connect MailGuard 365", | ||
| "description": "1. In the MailGuard 365 Console, click **Settings** on the navigation bar.\n2. Click the **Integrations** tab.\n3. Click the **Enable Microsoft Sentinel**.\n - Enter your workspace id and primary key from the fields below, click **Finish**.\n5. For additional instructions, please contact MailGuard 365 support.", |
There was a problem hiding this comment.
Hi @prathikc, the description needs to be fixed, there is a small problem with the numbering, please take a look at image below.
Please repackage the solution post fixing.
There was a problem hiding this comment.
Hi @v-rbajaj , that was a good catch! I have made the changes and re-packaged the solution.
|
Hi @prathikc, I just wanted to confirm if "Enter your workspace id and primary key from the fields below, click Finish." should be point 4 and "For additional instructions, please contact MailGuard 365 support." should be 5? Asking because it does look a bit odd.. |
Required items, please complete
Change(s):
Reason for Change(s):
Version Updated:
Testing Completed:
Checked that the validations are passing and have addressed any issues that are present: