Solution/grey noise 1

[punkrokk]

Required items, please complete

Change(s):

• Add GreyNoise Solution

Reason for Change(s):

• See guidance below

Version Updated:

• First Release
• See guidance below

Testing Completed:

• No

Checked that the validations are passing and have addressed any issues that are present:

• See guidance below

Guidance <- remove section before submitting

---

Before submitting this PR please ensure that you have read the following sections and filled out the changes, reason for change and testing complete sections:

Thank you for your contribution to the Microsoft Sentinel Github repo.

Details of the code changes in your submitted PR. Providing descriptions for pull requests ensures there is context to changes being made and greatly enhances the code review process. Providing associated Issues that this resolves also easily connects the reason.

Change(s):

• Updated syntax for XYZ.yaml

Reason for Change(s):

• New schema used for XYZ.yaml
• Resolves ISSUE Add Logstash required version to Readme file #1234

Version updated:

• Yes
• Detections/Analytic Rule templates are required to have the version updated

The code should have been tested in a Microsoft Sentinel environment that does not have any custom parsers, functions or tables, so that you validate no incorrect syntax and execution functions properly. If your submission requires a custom parser or function, it must be submitted with the PR.

Testing Completed:

• Yes/No/Need Help

Note: If updating a detection, you must update the version field.

Before the submission has been made, please look at running the KQL and Yaml Validation Checks locally.
https://github.com/Azure/Azure-Sentinel#run-kql-validation-locally

Checked that the validations are passing and have addressed any issues that are present:

• Yes/No/Need Help

Note: Let us know if you have tried fixing the validation error and need help.

References:

• Guidance for Detection checks
• General contribution guidance
• PR validation troubleshooting

---

[punkrokk]

@punkrokk please read the following Contributor License Agreement(CLA). If you agree with the CLA, please reply with the following information.

@microsoft-github-policy-service agree [company="{your company}"]

Options:

• (default - no company specified) I have sole ownership of intellectual property rights to my Submissions and I am not making Submissions in the course of work for my employer.

@microsoft-github-policy-service agree

• (when company given) I am making Submissions in the course of work for my employer (or my employer has intellectual property rights in my Submissions by contract or applicable law). I have permission from my employer to make Submissions and enter into this Agreement on behalf of my employer. By signing below, the defined term “You” includes me and my employer.

@microsoft-github-policy-service agree company="Microsoft"

Contributor License Agreement

@microsoft-github-policy-service agree

[v-prasadboke]

Hello @punkrokk, Thank you for raising this PR. Please repackage the solution using V3 tool for which input file and solution metadata are required.
You can go through this instructions for more help on how to create input file, Solution metadata and V3 tool.

https://github.com/Azure/Azure-Sentinel/blob/master/Tools/Create-Azure-Sentinel-Solution/V3/README.md

[punkrokk]

I believe in order to setup and test my deploy to Azure Function link, I need to get this merged.

[v-prasadboke]

Hello @punkrokk, Thank you for committing the requested changes.
We will examine this PR and update you about the same before 11 September, 2023.

[v-prasadboke]

Hello @punkrokk, Please repackage the solution again with adding workbook in the input file. I did the changes in my local but came to know I dont have access to the branch.
Also please add latest sample data of ThreatIntellegenceIndicator to test the content of the solution, Thanks.

[punkrokk]

Hello @punkrokk, Please repackage the solution again with adding workbook in the input file. I did the changes in my local but came to know I dont have access to the branch. Also please add latest sample data of ThreatIntellegenceIndicator to test the content of the solution, Thanks.

I have added the workbook to the input file and added some Stix samples you can submit to the ThreatIntellegenceIndicator upload-api.

[v-prasadboke]

Hello @punkrokk, Thank you for committing the changes. I'll examine this commits and update you about the same before 14 September, 2023.

[v-prasadboke]

Zip package download link should have the master branch, currently its on your branch.

[punkrokk]

How do I get it on Master Branch? Do I need a PR with just the zip file?

[punkrokk]

see #9010

[v-prasadboke]

Just replace the branch name with "master"

[punkrokk]

Regarding this: I'm following the instructions here: https://github.com/Azure/Azure-Sentinel/blob/master/DataConnectors/Templates/Connector_REST_API_AzureFunctionApp_template/README.md#3-create-an-encoded-url which say to get my zip file up into master so I can update the link in azure_deploy file.

[v-prasadboke]

And the workbook is unable to access this subscription which I'm using. Is it ok too.

[punkrokk]

And the workbook is unable to access this subscription which I'm using. Is it ok too.

I have no idea what would cause this.... I am able to load and use this in 4 different environments/tenants.

[v-prasadboke]

Hello @punkrokk, I'll take a look at it and update you about the same before 20 September, 2023.

[v-prasadboke]

Hello @punkrokk, Everything looks good. Just add a reference link to release notes in Create ui.
You can refer this createui for more reference https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Azure%20Active%20Directory/Package/createUiDefinition.json
Please update the zip package with latest maintemplate and createui after modifying the create ui

Also please move the workbook metadata from V2 folder to this file https://github.com/Azure/Azure-Sentinel/blob/master/Workbooks/WorkbooksMetadata.json
Also add the logo and previewimages of workbook in the specific folder
https://github.com/Azure/Azure-Sentinel/tree/master/Workbooks/Images

This are the only changes requested. Other than this all looks good.
Thanks.

[punkrokk]

@v-prasadboke I messed up rebase, new PR here: #9070

[punkrokk]

@v-prasadboke I messed up rebase, new PR here: #9070

All changes requested in #9070 @v-prasadboke