cyborgsecurity-hunter-solution-v1 #9041
Conversation
|
@microsoft-github-policy-service agree [company="Cyborg Security, Inc"] |
|
@microsoft-github-policy-service agree company="Cyborg Security, Inc" |
|
Hi @nbyt3, Thanks for raising this PR, will review it by 28 Sep 2023. |
|
When running the 'createSolutionV3.ps1' tool, I'm getting the following errors but am unable to resolve due to a lack of detail in the error messaging.
|
|
When running the 'createSolutionV3.ps1' tool, i am receiving the following error but when resolving the issue on the 'mainTemplate.json' and 'createUiDefinition.json' and re-running the 'createSolutionV3.ps1' tool, the changes are overwritten. |
...es/Excessive Windows Discovery and Execution Processes - Potential Malware Installation.yaml
Outdated
Show resolved
Hide resolved
|
Hi @nbyt3, in all Hunting Queries tactics , relevantTechniques , Version is required, please add these missing fields |
|
For logo Validation failure, please ensure raw file of logo does not have xmlns:xlink |
Solutions/Cyborg Security HUNTER/Data Connectors/CyborgSecurity_HUNTER.json
Outdated
Show resolved
Hide resolved
Solutions/Cyborg Security HUNTER/Data Connectors/CyborgSecurity_HUNTER.json
Outdated
Show resolved
Hide resolved
|
Also do add release notes, please follow this link -https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/ReleaseNotesGuidance.md |
|
After doing all the above changes, repackage the solution |
|
@v-rbajaj I've completed the changes and resubmitted! |
|
@v-rbajaj I just updated maintemplate, and the data_connector file. When running the arm-ttk locally im getting the following errors: This solution does not have a dataType or connectivityCriteria as it is not pulling in data from a source. I'm working with Eric Burkholder to define this V1 of the solution. Also, it looks like the arm-ttk is failing due to the ID's for the included HuntingQueries. These IDs are UUID4, that I generated. Should there be another way to generate the IDs?
|
|
Hi @nbyt3, I don't think so these are errors because of hunting queries GUID. Sorry, I think you have interpreted my message wrongly, we don't need below empty arrays You need add KQL queries like in this json file https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Cybersixgill-Actionable-Alerts/Data%20Connectors/Cybersixgill_FunctionApp.json Also, I think you have repackage the solution after modifying the data connector file, please do repackage it otherwise the changes won't reflect in maintemplate. |
|
Hi @nbyt3, please provide update on the above comment.. |
|
@v-rbajaj Based on guidance from my Product Partnership contact at Microsoft, it was suggested to not include graphQueries, sampleQueries, or connectivityCristerias, as this integration is not actually pulling in data into Microsoft Sentinel. This version of the integration is more aligned to guidance on how to configure the HUNTER platform in order to utilize our 'deeplink' feature. I will reach back out to my contact, but in order to get past the arm-ttk errros, I've added in the required key/value items that are causing the error. The connectivityCriteria will make sure that there is atleast some SecurityEvents ingested in order to verify the visibility needed to utilize our hunt packages. |
|
Hi @nbyt3, we are still investigating on the ARM ttk failure and your question which is asked, we will get back to you by 19 Oct 2023. |
|
Hi @nbyt3, can you please remove this maintemplate from the PR - Solutions/CyberArkEPM/Package/mainTemplate.json And also look into the logo validation? |
|
Hi @nbyt3, please update the ID in GUID format for the logo so that logo validation is passed. |
|
@v-rbajaj I just update the id in the cyborg logo svg file. I wasn't sure where else that 'id' needed to be changed. |
|
Hi @nbyt3, I am still reviewing the contents of the solution for cyborg security hunter. But if we decide to merge this PR, this kind of commit will delete the maintemplate file, which we don't want. |
This reverts commit af568df.
|
Hi @nbyt3, then you would need to raise a new PR and close this PR. Copy the changed contents and create a new branch and paste the contents in the repo, please do not include the other solution while raising the new PR. |
|
Closing for #9309 |
Required items, please complete
Change(s):
cyborgsecurity-hunter-solutionReason for Change(s):
Testing Completed:
Checked that the validations are passing and have addressed any issues that are present: