Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Veritas analytics rules #9047

Closed
wants to merge 50 commits into from
Closed

Veritas analytics rules #9047

wants to merge 50 commits into from

Conversation

swapnildombaleveritas
Copy link
Contributor

Required items, please complete

Change(s):
Added Analytic Rules for Veritas NetBackup product. These rules includes many login failures detection and many anomalies being generated detection.

Reason for Change(s):
Analytic rules for Veritas NetBackup product.

Version Updated:
V1

Testing Completed:
Yes

Checked that the validations are passing and have addressed any issues that are present:
Yes

@swapnildombaleveritas
Create README.txt
b0e94de
@swapnildombaleveritas
Added NetBackup AnalyticsRules
36f70e2
@swapnildombaleveritas
Delete Solutions/Veritas/README.txt
1be883a
@swapnildombaleveritas
Delete Solutions/Veritas directory
f0bfc43 
Removing the directory
@swapnildombaleveritas
Create README.txt
df034db
@swapnildombaleveritas
Add files via upload
b8529ee 
Added Veritas NetBackup Analytics Rules
@swapnildombaleveritas
Delete Solutions/Veritas NetBackup/README.txt
2ee8c19
@swapnildombaleveritas
Add files via upload
036c30e
@swapnildombaleveritas
Delete Solutions/Veritas NetBackup/NetBackup_many_Anomalies.json
4a1e330
@swapnildombaleveritas
Delete Solutions/Veritas NetBackup/NetBackup_many_login_fail.json
8572eb0
@swapnildombaleveritas
Add files via upload
23faa3f
@swapnildombaleveritas
Create Analytic Rules
e875f0a
@swapnildombaleveritas
Delete Solutions/Veritas NetBackup/Analytic Rules
969a2c0
@swapnildombaleveritas
Create README.md
b872515
@swapnildombaleveritas
Add files via upload
8377a76
@swapnildombaleveritas
Delete Solutions/Veritas NetBackup/Analytic Rules/README.md
ad6562b
@swapnildombaleveritas
Delete Solutions/Veritas NetBackup/MS-Sentinel-Integration.docx
7fcb37b
@swapnildombaleveritas
Delete Solutions/Veritas NetBackup/NetBackup_many_Anomalies.yaml
f0fdb57
@swapnildombaleveritas
Delete Solutions/Veritas NetBackup/NetBackup_many_login_fail.yaml
2736cdc
@swapnildombaleveritas
Create Sample.txt
097122c
@swapnildombaleveritas
Add files via upload
e2c028f
@swapnildombaleveritas
Add files via upload
62eafb0
@swapnildombaleveritas
Delete Solutions/Veritas NetBackup/Data/Sample.txt
f9e88ac
@v-atulyadav v-atulyadav added the Solution Solution specialty review needed label Sep 20, 2023
@v-prasadboke
Copy link
Contributor

Hello @swapnildombaleveritas, I went through the PR but I think some content is missing from the PR. The following folder contains images of playbook as well.
So does this solution have Playbook as well, If yes please add it to the solution folder. And move all the images in a folder named as images.
Please repackage the solution using V3 tool, guidance to V3 tool https://github.com/Azure/Azure-Sentinel/blob/master/Tools/Create-Azure-Sentinel-Solution/V3/README.md

@swapnildombaleveritas
Copy link
Contributor Author

Hello @swapnildombaleveritas, I went through the PR but I think some content is missing from the PR. The following folder contains images of playbook as well. So does this solution have Playbook as well, If yes please add it to the solution folder. And move all the images in a folder named as images. Please repackage the solution using V3 tool, guidance to V3 tool https://github.com/Azure/Azure-Sentinel/blob/master/Tools/Create-Azure-Sentinel-Solution/V3/README.md

We don't have a playbook yet and that's not a goal for this activity at this time

swapnildombaleveritas
swapnildombaleveritas commented Sep 25, 2023
View reviewed changes
Copy link
Contributor Author

@swapnildombaleveritas swapnildombaleveritas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added packaging changes

@v-prasadboke
Copy link
Contributor

Hello @swapnildombaleveritas, Thank you for committing the requested changes. Will investigate this and update you about the same before 4 October, 2023.

@v-atulyadav
Copy link
Contributor

Hi @swapnildombaleveritas,
We apologize for the delay, but due to lack of availability, we will update you on this by 06 Oct 2023. Thanks

v-prasadboke
v-prasadboke previously approved these changes Oct 6, 2023
View reviewed changes
Solutions/Veritas NetBackup/SolutionMetadata.json
@@ -0,0 +1,16 @@
{
"publisherId": "azuresentinel",
"offerId": "netbackup_sentinel",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hello @swapnildombaleveritas Correct me if I'm wrong as per my knowledge the offer id should be "azure-sentinel-solution-netbackup ".
If yes please replace it with this offer id

Solutions/Veritas NetBackup/Analytic Rules/NetBackup_many_Anomalies.yaml
Copy link
Contributor

@v-prasadboke v-prasadboke Oct 6, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tactics, relevant techniques and entity mappings is missing from this analytic rule.
Also add required data connector field and can be kept as null. A validation check is failing for requiredDataConnectors.
requiredDataConnectors: []

@v-prasadboke v-prasadboke dismissed their stale review October 6, 2023 11:22

Need more changes and accidently clicked on approve

@v-prasadboke
Copy link
Contributor

v-prasadboke commented Oct 6, 2023
edited
Loading

Please add a custom table named as ' NetBackupAlerts_CL ' in path https://github.com/Azure/Azure-Sentinel/tree/master/.script/tests/KqlvalidationsTests/CustomTables
You can refer any table from the table for more clarification.

Please repackage the solution after making the above changes.
Thanks.

@v-prasadboke
Copy link
Contributor

Hello @swapnildombaleveritas, Please respond to the above requested changes.

@v-prasadboke
Copy link
Contributor

Hello @swapnildombaleveritas please respond to the above messages.

@v-prasadboke
Copy link
Contributor

Hello @swapnildombaleveritas Please respond to the above comments

@v-prasadboke
Copy link
Contributor

Hello @swapnildombaleveritas, We know you may be busy into something and havent got time to check this. But just wanted know the progress on the above requested changes. Thanks.

@v-prasadboke
Copy link
Contributor

Hello @swapnildombaleveritas we are waiting for your response.
Thanks.

@v-prasadboke
Copy link
Contributor

Hello @swapnildombaleveritas, We would like to hear about the progress on requested changes.

@v-prasadboke
Copy link
Contributor

Hello @swapnildombaleveritas, We wanted to check on the status of PR #9047 . PR is pending for more than 30 days. Please let us know if you need any assistance to review this PR. Per our standard operating procedures if no response is received in the next 7 business days, we will close this PR. Thank you for your cooperation.

@v-prasadboke
Copy link
Contributor

Since we have not received a response in the last 7 days, we are closing your PR #9047 per our standard operating procedures. If you still need support for this issue, you can re-open the PR at any time.
If you do re-open, we simply request that you ensure the PR has response to the last request. Thank you for your cooperation.

@swapnildombaleveritas
Copy link
Contributor Author

We will reopen the PR

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@v-prasadboke v-prasadboke v-prasadboke left review comments

Assignees

@v-prasadboke v-prasadboke

Labels
Solution Solution specialty review needed
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@swapnildombaleveritas @v-prasadboke @v-atulyadav