Solution/threatconnect1

[punkrokk]

Required items, please complete

Change(s):

• First Release ThreatConnect Solution

Reason for Change(s):

• First Release

Testing Completed:

• See guidance below

Checked that the validations are passing and have addressed any issues that are present:

• See guidance below

Guidance <- remove section before submitting

---

Before submitting this PR please ensure that you have read the following sections and filled out the changes, reason for change and testing complete sections:

Thank you for your contribution to the Microsoft Sentinel Github repo.

Details of the code changes in your submitted PR. Providing descriptions for pull requests ensures there is context to changes being made and greatly enhances the code review process. Providing associated Issues that this resolves also easily connects the reason.

Change(s):

• Updated syntax for XYZ.yaml

Reason for Change(s):

• New schema used for XYZ.yaml
• Resolves ISSUE Add Logstash required version to Readme file #1234

Version updated:

• Yes
• Detections/Analytic Rule templates are required to have the version updated

The code should have been tested in a Microsoft Sentinel environment that does not have any custom parsers, functions or tables, so that you validate no incorrect syntax and execution functions properly. If your submission requires a custom parser or function, it must be submitted with the PR.

Testing Completed:

• Yes/No/Need Help

Note: If updating a detection, you must update the version field.

Before the submission has been made, please look at running the KQL and Yaml Validation Checks locally.
https://github.com/Azure/Azure-Sentinel#run-kql-validation-locally

Checked that the validations are passing and have addressed any issues that are present:

• Yes/No/Need Help

Note: Let us know if you have tried fixing the validation error and need help.

References:

• Guidance for Detection checks
• General contribution guidance
• PR validation troubleshooting

---

[v-prasadboke]

Hello @punkrokk, Thank you for raising this PR.
This PR will be investigated and will update you about the same before 18 September, 2023.
Thanks.

[v-prasadboke]

Hello @punkrokk, Sorry for the inconvenience but this PR is still under investigation and will update you about the same before 20 September, 2023.`

[v-prasadboke]

Hello @punkrokk, Is the workbook limited to subscriptions that are used.

Please add release notes and reference link to release notes in Create ui.
You can refer this createui for more reference https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Azure%20Active%20Directory/Package/createUiDefinition.json
Please update the zip package with latest maintemplate and createui after modifying the create ui

Also please move the workbook metadata from V2 folder to this file https://github.com/Azure/Azure-Sentinel/blob/master/Workbooks/WorkbooksMetadata.json
Also add the logo and previewimages of workbook in the specific folder
https://github.com/Azure/Azure-Sentinel/tree/master/Workbooks/Images

I'll recommend to repackage the solution as the analytic rule version in the analytic template is 1.0.0 while in maintemplate its reflecting 1.2.4
Thanks.

[v-prasadboke]

Hello @punkrokk, Please respond to the above comments.

[punkrokk]

@v-prasadboke I have resolved all of your requests.

[punkrokk]

regarding the analytic version, that is so we can version it from 1.0.0. That shouldn't matter and works fine and shows up at 1.0.0 on my side.

[v-prasadboke]

Thank you for the reply @punkrokk, Please resolve validation errors.

[punkrokk]

@v-prasadboke Looks like it's fixed

[v-prasadboke]

Hello @punkrokk, reason any reason behind adding a large amount of py packages to grey noise

[punkrokk]

Oops. I’ll pull them out.On Sep 29, 2023, at 6:14 AM, v-prasadboke ***@***.***> wrote: Hello @punkrokk, reason any reason behind adding a large amount of py packages to grey noise —Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you were mentioned.Message ID: ***@***.***>

[punkrokk]

@v-prasadboke If we are good I'm ready to go.

[v-prasadboke]

Hello @punkrokk, I was trying to resolve the image. Modified the code. Some tags were not closed properly and style keyword was missing before fill:url
Which I added but still logo is in B&W.
Please work on the same for correct Logo.

[v-prasadboke]

Hello @punkrokk can you please provide me write access to the branch so that I can push some changes from my side.
Until then please replace your logo with this logo https://github.com/Azure/Azure-Sentinel/blob/v-prasadboke-sampledata/Logos/ThreatConnect.svg

And also sentinel keyword should be in offerid

[punkrokk]

You should have write access. I'll fix the logo soon been traveling

[v-prasadboke]

You should have write access. I'll fix the logo soon been traveling

Sorry but I dont have the access

[v-prasadboke]

Hello @punkrokk Validation are failing for Logo Validator.. Can you please check.

[punkrokk]

@v-prasadboke working on it

[punkrokk]

@v-prasadboke graphics fixed