Azure-Sentinel
Azure-Sentinel copied to clipboard
Azure
Cyware Solution - Initial Addition
Change(s):
- Initial addition of Cyware Labs connectors
Reason for Change(s):
- Initial addition
Version Updated:
- Initial 1.0.0 version
Testing Completed:
- Yes
Checked that the validations are passing and have addressed any issues that are present:
- Need assistance (Can I get additional clarification around packaging the solutions if further packaging is needed?)
Thanks!
Hi @AashiqRamachandran,
- Playbook file azuredeploy.json has missing metadata, please add, below playbook sample is for your reference. https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Recorded%20Future/Playbooks/ThreatHunting/RecordedFuture-ActorThreatHunt-IndicatorImport/azuredeploy.json
- Also Images folder missing in playbook please add working png images into that. Below for your reference https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks/ADX-Health-Playbook
Hi @v-atulyadav,
Many thanks for the prompt review! I've added all the changes requested
- Removed Metadata in hunting queries
- Fix tactics and techniques referenced in hunting queries
- Fix azuredeploy.json with metadata
- Add images to README.md file for the Sentinel playbooks
Please do let me know any other changes that may be required!
Hi @AashiqRamachandran, I have resolved the validations by modifying the files. Please find the attached zip files and follow the guidelines below. Playbook.zip Hunting.zip
- Extract Hunting.zip and replace these files into hunting folder
- Extract playbook.zip and replace this file into below location.
Hi @v-atulyadav ,
Many thanks for the assistance and guidance! As guided, I have updated the files in their respective folder locations!
On a similar line, I also noticed there was a SolutionMetadata.json file included. Is that something we need to add, or is that something that gets added at a later point in time?
Please do let me know the following due process for submitting the Cyware solution to Microsoft Sentinel!
Looking forward to hearing back, Aashiq
Hi @AashiqRamachandran,
- Please repackage this solution with the help of below mentioned link. https://github.com/Azure/Azure-Sentinel/blob/master/Tools/Create-Azure-Sentinel-Solution/V3/README.md
- Also check below link to add Release Notes in solution https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/ReleaseNotesGuidance.md
- Please provide me an access to your branch so I will be able to commit if required.
Hi @v-atulyadav ,
Yes. We are currently packaging the solution as per the document attached above. We are expecting to push the updated code in the next few hours. Will let you know once pushed
Hi @v-atulyadav,
We have implemented all the required changes, and the content has also been pushed. Please let me know any additional fixes to implement.
Looking forward to hearing back
Hi @AashiqRamachandran, Thank you for repackaging this solution, I will review this again. Could you please modify release note version it should be 3.0.0 instead of 1.0.0.
Hi @AashiqRamachandran,
-
Logo validations are failing. I have modified the logo. Please extract the below file and replace. cyware-logo.zip
-
Also modify RelaseNote version to 3.0.0
-
The playbook path is wrongly mentioned, hence the playbook is not visible.
Please repackage this solution again once you are done with all the suggested changes.
Hi @v-atulyadav ,
I've added the fixes. A small doubt on the version tho. This is the first time we are developing a sentinel integration. Will the version still be 3.0.0? (The changes are pushed regardless)
Looking forward to hearing back!
Hi @v-atulyadav ,
I've added the fixes. A small doubt on the version tho. This is the first time we are developing a sentinel integration. Will the version still be 3.0.0? (The changes are pushed regardless)
Looking forward to hearing back!
Yes, we are using v3 tool for repackaging hence initial version should be 3.0.0.
Understood @v-atulyadav.
Please let me know any additional changes
Hi @AashiqRamachandran,
Also rename data file as Solution_Cyware
Also provide me a contributor access of your branch so I can commit few changes if needed. Thanks
Hi @v-atulyadav ,
I've renamed the files as recommended. Also checking on adding you as a contributor to our repo to enable you to make edits.
Do let me know if anything else is needed!
Hi @v-atulyadav ,
I see that the Pipeline checks have all passed (17/17). Please do let us know of next steps and changes that may be required!
Looking forward to hearing back
Hi @AashiqRamachandran, We still need a few changes, as we are unable to view the playbook after deployment. I am working on this issue. Meanwhile, could you please provide me with access so that I can commit a few changes and investigate the issue?. Thanks
Hi @AashiqRamachandran,
A. Please provide me an access for your branch.
B. 2 hunting queries have the same GUID, which you need to update for 1 file and repackage. Thanks
Hi @AashiqRamachandran, We are waiting for your response on above. Thanks
Hi @v-atulyadav ,
Sorry for the late reply. Was OOO due to an emergency. Yes. Will add the changes, and let will keep you posted on the repo access ASAP!
Hi @AashiqRamachandran, We are waiting for your response on above. Thanks
Hi Atul, I added you as a collaborator on the repo. If you need further access let me know.
Hi @AashiqRamachandran,
I am still not able to push anything into your branch. The below screenshot is for your reference. So, I am requesting that please check the above comments and act accordingly. Thanks
Hi @v-atulyadav ,
From investigating the issue, looks like your invite had expired. Resent the invite as well! Please let us know any additional changes required!
Hi @v-atulyadav ,
Please let me know if any other action items are needed!