Azure
DomainTools New Playbooks
Required items, please complete
Change(s):
- See guidance below
Reason for Change(s):
- See guidance below
Version Updated:
- Required only for Detections/Analytic Rule templates
- See guidance below
Testing Completed:
- See guidance below
Checked that the validations are passing and have addressed any issues that are present:
- See guidance below
Guidance <- remove section before submitting
Before submitting this PR please ensure that you have read the following sections and filled out the changes, reason for change and testing complete sections:
Thank you for your contribution to the Microsoft Sentinel Github repo.
Details of the code changes in your submitted PR. Providing descriptions for pull requests ensures there is context to changes being made and greatly enhances the code review process. Providing associated Issues that this resolves also easily connects the reason.
Change(s):
- Updated syntax for XYZ.yaml
Reason for Change(s):
- New schema used for XYZ.yaml
- Resolves ISSUE #1234
Version updated:
- Yes
- Detections/Analytic Rule templates are required to have the version updated
The code should have been tested in a Microsoft Sentinel environment that does not have any custom parsers, functions or tables, so that you validate no incorrect syntax and execution functions properly. If your submission requires a custom parser or function, it must be submitted with the PR.
Testing Completed:
- Yes/No/Need Help
Note: If updating a detection, you must update the version field.
Before the submission has been made, please look at running the KQL and Yaml Validation Checks locally. https://github.com/Azure/Azure-Sentinel#run-kql-validation-locally
Checked that the validations are passing and have addressed any issues that are present:
- Yes/No/Need Help
Note: Let us know if you have tried fixing the validation error and need help.
References:
During packaging we encountered some issues and are currently investigating the exact problem. Please refer to the below screenshot for details. Any suggestions or insights would be greatly appreciated.
During packaging we encountered some issues and are currently investigating the exact problem. Please refer to the below screenshot for details. Any suggestions or insights would be greatly appreciated.
This error is an exception, This can be ignored
And thanks for raising this PR. This PR will be investigated and we will update you about the same before 05 July, 2024.
Hello @RamboV, Please create a custom table named as DomainToolsDomainEnrichment_CL at location https://github.com/Azure/Azure-Sentinel/tree/master/.script/tests/KqlvalidationsTests/CustomTables
Custom connector located in Playbook folder, looks like Function app. If it is a Function app please move it to Data Connector folder and add Data connector file as well.
Hello @v-prasadboke, Added custom table DomainToolsDomainEnrichment_CL.json at specified location.
Hello @RamboV, Please create a custom table named as DomainToolsDomainEnrichment_CL at location https://github.com/Azure/Azure-Sentinel/tree/master/.script/tests/KqlvalidationsTests/CustomTables
Custom connector located in Playbook folder, looks like Function app. If it is a Function app please move it to Data Connector folder and add Data connector file as well.
Please have a look at the below mentioned point
Hello @RamboV, Please create a custom table named as DomainToolsDomainEnrichment_CL at location https://github.com/Azure/Azure-Sentinel/tree/master/.script/tests/KqlvalidationsTests/CustomTables Custom connector located in Playbook folder, looks like Function app. If it is a Function app please move it to Data Connector folder and add Data connector file as well.
Please have a look at the below mentioned point
Hello @v-prasadboke , it is a FuntionApp custom connector, very similar to the below https://github.com/Azure/Azure-Sentinel/tree/3a43f4e66e6d156bc7dbc4ebc420108050fcca6b/Solutions/AWS_IAM/Playbooks/AWS_IAM_FunctionAppConnector https://github.com/Azure/Azure-Sentinel/tree/3a43f4e66e6d156bc7dbc4ebc420108050fcca6b/Solutions/AWSAthena/Playbooks/CustomConnector/AWSAthena_FunctionAppConnector
Please let us know if you still need it to be moved
Hello @RamboV, The PR is still failing for a KQL validation. Can you check it once.
Hello @v-prasadboke , we digged the issue, will submit the changes tomorrow, your change now doesn't solve the pipeline issues.
Hello @v-prasadboke , we digged the issue, will submit the changes tomorrow, your change now doesn't solve the pipeline issues.
Got it @RamboV.
Hello @v-prasadboke , we digged the issue, will submit the changes tomorrow, your change now doesn't solve the pipeline issues.
Got it @RamboV.
Hello @v-prasadboke , we have updated the parser, all checks have passed, kindly check
Hello @RamboV, All looks fine to me. I have one final requirement. The logo which is being used in createui and input file is in png format.
Can you please provide us a logo in svg format and it should be less than or = 5kb
Hello @RamboV, All looks fine to me. I have one final requirement. The logo which is being used in createui and input file is in png format.
Can you please provide us a logo in svg format and it should be less than or = 5kb
@v-prasadboke is it ok it is like 6kb, do you want us to send here?
Hello @RamboV, All looks fine to me. I have one final requirement. The logo which is being used in createui and input file is in png format. Can you please provide us a logo in svg format and it should be less than or = 5kb
@v-prasadboke is it ok it is like 6kb, do you want us to send here?