New solution components

[nlepagnez]

Required items, please complete

Change(s):

• Modification of 1 analytics rule
• Adding a parser and modifying another
• Change a data connector instruction step

Version Updated:

• Yes as Workbook and Analytic rule changed

Testing Completed:

• Yes

Checked that the validations are passing and have addressed any issues that are present:

• yes

[v-prasadboke]

Hello @nlepagnez, Thanks for raising this PR. This PR will be investigated and will update you about the same before 06 November, 2023.

[nlepagnez]

@v-prasadboke in addition to analyze this PR, please can you change the pointer of aka.ms/sentinel-ESI-ExchangeConfiguration-OnPrem-parser and aka.ms/https://aka.ms/sentinel-ESI-ExchangeEnvironmentList-OnPrem-parser links as your team is the owner of those links and you didn't update the files when you switch from TXT to YAML files.

(Or you can add me as owner too to those links if you prefer).

[v-prasadboke]

Hello @nlepagnez, I'll take a look at the links and update the same.

[v-prasadboke]

Hello @nlepagnez I'm getting this error for ExchangeAdminAuditLogs

Is this expected or can you share screenshots of the results.
And please share the sample data as well

[nlepagnez]

Hello @nlepagnez I'm getting this error for ExchangeAdminAuditLogs

Is this expected or can you share screenshots of the results. And please share the sample data as well

Hi @v-prasadboke , I was unable to reproduce the problem you have. This parser is dependant of the ExchangeConfiguration parser. Can you confirm that the ExchangeConfiguration parser works well has usual (No change made in this parser and as usual, you need one of the ESIExchange* custom table).

Also, as usual, Sample data for the ExchangeAdminAudiLogs is present in Sample Data\Custom\ESI-ExchangeAdminAuditLogs-SampleData.json since multiple months to fill the Event table that the parser use.

[v-prasadboke]

Hi Nicolas, Thanks for sharing the Working screenshot. I guess I checked esiadmin sample data but I didnt find the columns. Maybe I must have missed it, I'll take a look again and come back to you by 10 November, 2023.

[nlepagnez]

Hi Nicolas, Thanks for sharing the Working screenshot. I guess I checked esiadmin sample data but I didnt find the columns. Maybe I must have missed it, I'll take a look again and come back to you by 10 November, 2023.

Hi Prasad, perhaps I misunderstand the sample data you wait. Is it the input sample data of the parser or the output sample data ? You can find the output structure here : .script\tests\KqlvalidationsTests\CustomFunctions\ExchangeAdminAuditLogs.json

[v-prasadboke]

I'll take a look at Nicolas, Thanks.

[v-prasadboke]

Hello @nlepagnez, sorry for the inconvenience but due to lack of availability we were unable to investigate this PR.
We will investigate this PR and provide you an update by 15 November, 2023.

[nlepagnez]

hi @v-atulyadav, @v-prasadboke, can you confirm me that the new packages are published ?