Initial Branch from old Closed PR #7696 #8603
Conversation
This is the NEW AUHOMIZE Solution Files modified: modified: .script/tests/detectionTemplateSchemaValidation/ValidConnectorIds.json modified: Tools/Create-Azure-Sentinel-Solution/V2/WorkbookMetadata/WorkbooksMetadata.json Files added: .script/tests/KqlvalidationsTests/CustomTables/Authomize_v2_CL.json Logos/Authomize.svg Sample Data/Authomize_v2_CL.csv Solutions/Authomize/Analytic Rules/ Solutions/Authomize/Data Connectors/ Solutions/Authomize/Data/ Solutions/Authomize/Hunting queries/ Solutions/Authomize/Package/ Solutions/Authomize/SolutionMetadata.json Solutions/Authomize/Workbooks/ Workbooks/Images/Logos/authomize.svg
|
This is a continuation of work from the original - We closed out PR @7696 to remove files that should not have been modified and were missed - |
|
@v-atulyadav Hi - this is the new updated content - I copied the original and updated a new branch with details. Working the data connector for verification of tests this weekend. Let me know if you find anything in this initial. |
|
Hi @sriley0975, As per latest guidelines issued by Microsoft Sentinel, please repackage the solution using V3 tool Please go through this readme file on how to use the V3 tool https://github.com/Azure/Azure-Sentinel/blob/master/Tools/Create-Azure-Sentinel-Solution/V3/README.md And we need to add ReleaseNotes file for solution.Please refer below link for how to create ReleaseNotes. Thanks |
|
OK - understood - will look at t he new V3 guidance and repackage solution. |
Thanks @sriley0975. |
Added the release notes as requested. Ran the new /Tools/Create-Azure-Sentinel-Solution/V3/createSolutionV3.ps1 NOTE: will be adding a readme.md in data connector to detail how to deploy and configur.
|
Doing a walkthrough of app function to update readme.md with final install instructions. Expect to have that done today. I will also supply a deployment ARM file (not sure if this is required). |
|
Hi @sriley0975,
|
|
Got it - working this today. Cheers |
|
Hi @sriley0975, hope you are doing well. Just wanted to check if you got a chance to look at the suggestions shared. Please feel free to reach out to us for any queries and/or support. Thanks |
|
Hi @v-atulyadav sorry for the delay - found an issue with my app when doing the readme.md file - The current readme.md needed some heavy lifting to make it easier for customer to install function app. I'm new to function apps so it has been a bit of a learning curve as I try and make it work correctly on my test environment. I'm currently on vacation, but I did make all the other suggested changes which I can submit if you want to start reviewing those. Let me know if you want me to do that? Meanwhile I have to work on the final piece at thee end of this week when I come back from my holidays. I should have something for you over this coming weekend. Let me know if you want me to release to you what I have current done and then send you the latest on the data connector and readme.md file this weekend or wait until I have finished everything and release. |
|
Hi @sriley0975, |
|
OK – I’ll aim to submit this weekend so all changes are reviewed at once.
From: v-atulyadav ***@***.***>
Sent: Tuesday, August 1, 2023 12:59 AM
To: Azure/Azure-Sentinel ***@***.***>
Cc: Steven Riley ***@***.***>; Mention ***@***.***>
Subject: Re: [Azure/Azure-Sentinel] Initial Branch from old Closed PR #7696 (PR #8603)
Hi @sriley0975<https://github.com/sriley0975>,
It will be easier for us to review all of the changes if you commit them in one go.
Thanks
—
Reply to this email directly, view it on GitHub<#8603 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AZ2HNOEEC4MXUFGYATDZPE3XTCSMJANCNFSM6AAAAAA2TMOPRI>.
You are receiving this because you were mentioned.Message ID: ***@***.***>
|
|
Hi @sriley0975, |
|
sorry for the delay - I became sick and have only just returned back to work - I will be working this today onwards. Thank you.
…________________________________
From: v-atulyadav ***@***.***>
Sent: Monday, August 7, 2023 10:08 PM
To: Azure/Azure-Sentinel ***@***.***>
Cc: Steven Riley ***@***.***>; Mention ***@***.***>
Subject: Re: [Azure/Azure-Sentinel] Initial Branch from old Closed PR #7696 (PR #8603)
Hi @sriley0975<https://github.com/sriley0975>,
I would appreciate if you could let us know once you've completed the suggested changes and also checked for conflicts in the branch.
Thanks
—
Reply to this email directly, view it on GitHub<#8603 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AZ2HNOEFTB5PYH7JGSAZM53XUG3U3ANCNFSM6AAAAAA2TMOPRI>.
You are receiving this because you were mentioned.Message ID: ***@***.***>
|
|
Noted @sriley0975. Thanks |
|
Hi @sriley0975, waiting for your response. Thanks |
|
Yes – working – found some issues with function – tables not working properly – may switch to blob tomorrow morning else all done…
From: v-atulyadav ***@***.***>
Date: Tuesday, August 15, 2023 at 11:41 PM
To: Azure/Azure-Sentinel ***@***.***>
Cc: Steven Riley ***@***.***>, Mention ***@***.***>
Subject: Re: [Azure/Azure-Sentinel] Initial Branch from old Closed PR #7696 (PR #8603)
Hi @sriley0975<https://github.com/sriley0975>, waiting for your response. Thanks
—
Reply to this email directly, view it on GitHub<#8603 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AZ2HNOB5LL2ZL4OAMEU3F4LXVRMQHANCNFSM6AAAAAA2TMOPRI>.
You are receiving this because you were mentioned.Message ID: ***@***.***>
|
|
Thanks @sriley0975. |
|
Hi @sriley0975, |
|
Thanks for the followup working it – will update as soon as released
From: v-atulyadav ***@***.***>
Date: Monday, August 21, 2023 at 11:19 PM
To: Azure/Azure-Sentinel ***@***.***>
Cc: Steven Riley ***@***.***>, Mention ***@***.***>
Subject: Re: [Azure/Azure-Sentinel] Initial Branch from old Closed PR #7696 (PR #8603)
Hi @sriley0975<https://github.com/sriley0975>,
Please inform us once you've completed the suggested changes and checked for conflicts in the branch. Thanks
—
Reply to this email directly, view it on GitHub<#8603 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AZ2HNOBHZN7EYOLN54JNX2DXWQ6NNANCNFSM6AAAAAA2TMOPRI>.
You are receiving this because you were mentioned.Message ID: ***@***.***>
|
|
Noted @sriley0975, thanks. |
|
Hi @sriley0975. |
|
Thank you – changes will be made today and updates performed.
From: v-atulyadav ***@***.***>
Date: Sunday, October 15, 2023 at 10:35 PM
To: Azure/Azure-Sentinel ***@***.***>
Cc: Steven Riley ***@***.***>, Mention ***@***.***>
Subject: Re: [Azure/Azure-Sentinel] Initial Branch from old Closed PR #7696 (PR #8603)
Hi @sriley0975<https://github.com/sriley0975>.
To follow up appropriately, we would appreciate some indication of the timeframe for these changes. Thanks
—
Reply to this email directly, view it on GitHub<#8603 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AZ2HNOB6BU77J52UZQLPTOLX7S2SRAVCNFSM6AAAAAA2TMOPRKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTONRTG4YTCMRUGM>.
You are receiving this because you were mentioned.Message ID: ***@***.***>
|
|
Sorry this took so long – I’m back on deck for the rest of the week
I just pushed update for DataConnectorValidations
cheers
From: v-atulyadav ***@***.***>
Date: Friday, October 6, 2023 at 5:49 AM
To: Azure/Azure-Sentinel ***@***.***>
Cc: Steven Riley ***@***.***>, Mention ***@***.***>
Subject: Re: [Azure/Azure-Sentinel] Initial Branch from old Closed PR #7696 (PR #8603)
Hi @sriley0975<https://github.com/sriley0975>,
The data connector permission block has been modified. Please replace the attached connector (extract the zip file for the connector file). This will clear DataConnectorValidations.
.
AuthomizeCustomConnector.zip<https://github.com/Azure/Azure-Sentinel/files/12830574/AuthomizeCustomConnector.zip>
—
Reply to this email directly, view it on GitHub<#8603 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AZ2HNOE7GCBKRMPMDNOGDATX57VVLAVCNFSM6AAAAAA2TMOPRKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTONJQGUYDKNRUG4>.
You are receiving this because you were mentioned.Message ID: ***@***.***>
|
|
Updated with new AuthomizeCustomConnector |
|
Hi @sriley0975, we are still getting connector validation failures. And also could you please grant me the access for your branch so I can push few commits. Thanks |
|
I will do it again…I will grant access
From: v-atulyadav ***@***.***>
Date: Tuesday, October 17, 2023 at 10:44 PM
To: Azure/Azure-Sentinel ***@***.***>
Cc: Steven Riley ***@***.***>, Mention ***@***.***>
Subject: Re: [Azure/Azure-Sentinel] Initial Branch from old Closed PR #7696 (PR #8603)
Hi @sriley0975<https://github.com/sriley0975>, we are still getting connector validation failures.
The data connector permission block has been modified. Please replace the attached connector (extract the zip file for the connector file).
AuthomizeCustomConnector.zip<https://github.com/Azure/Azure-Sentinel/files/12981970/AuthomizeCustomConnector.zip>
And also could you please grant me the access for your branch so I can push few commits. Thanks
—
Reply to this email directly, view it on GitHub<#8603 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AZ2HNOAC6L6RNM4JPBQQDIDX75NARAVCNFSM6AAAAAA2TMOPRKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTONRXGYZTANZSHE>.
You are receiving this because you were mentioned.Message ID: ***@***.***>
|
|
Thanks @sriley0975. |
sriley0975
force-pushed
the
Authomize-Solution-v2
branch
from
d015f38 to
e293e94
Compare
v-atulyadav
force-pushed
the
Authomize-Solution-v2
branch
from
fb02269 to
f2baaed
Compare
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Solutions/Authomize/Data Connectors/AuthomizeSentinelConnector/__init__.py
Dismissed
Show dismissed
Hide dismissed
|
Hi @sriley0975, |
v-atulyadav
force-pushed
the
Authomize-Solution-v2
branch
from
23140a1 to
dd3afee
Compare
|
|
v-atulyadav
force-pushed
the
Authomize-Solution-v2
branch
from
c47de78 to
c6baebe
Compare
v-atulyadav
force-pushed
the
Authomize-Solution-v2
branch
from
353291a to
cf26ebe
Compare
This is the NEW AUHOMIZE Solution
Files modified:
modified: .script/tests/detectionTemplateSchemaValidation/ValidConnectorIds.json
modified: Tools/Create-Azure-Sentinel-Solution/V2/WorkbookMetadata/WorkbooksMetadata.json
Files added:
.script/tests/KqlvalidationsTests/CustomTables/Authomize_v2_CL.json
Logos/Authomize.svg
Sample Data/Authomize_v2_CL.csv
Solutions/Authomize/Analytic Rules/
Solutions/Authomize/Data Connectors/
Solutions/Authomize/Data/
Solutions/Authomize/Hunting queries/
Solutions/Authomize/Package/
Solutions/Authomize/SolutionMetadata.json
Solutions/Authomize/Workbooks/
Workbooks/Images/Logos/authomize.svg
Required items, please complete
Change(s):
Reason for Change(s):
Version Updated:
Testing Completed:
Checked that the validations are passing and have addressed any issues that are present:
Guidance <- remove section before submitting
Before submitting this PR please ensure that you have read the following sections and filled out the changes, reason for change and testing complete sections:
Thank you for your contribution to the Microsoft Sentinel Github repo.
Change(s):
Reason for Change(s):
Version updated:
Testing Completed:
Note: If updating a detection, you must update the version field.
Checked that the validations are passing and have addressed any issues that are present:
Note: Let us know if you have tried fixing the validation error and need help.