Added workbook for AI Vectra Stream solution

[jayeshprajapaticrest]

Required items, please complete

Change(s):

• Added workbook for AIVectraStream

Reason for Change(s):

• New implementation

Version Updated:

• Initial Version

Testing Completed:

• Yes

Checked that the validations are passing and have addressed any issues that are present:

• Yes

---

[v-spadarthi]

@jayeshprajapaticrest : Please fix the below validation errors In Connection section we are getting below error please see the below screenshot In DNS section we are getting below error please see the below screenshot In Host section we are getting below error please see the below screenshot

[jayeshprajapaticrest]

@jayeshprajapaticrest : Please fix the below validation errors In Connection section we are getting below error please see the below screenshot In DNS section we are getting below error please see the below screenshot @v-spadarthi This issue is because of no data available in dropdown filter within selected time range. Details : If there is no data available in "Service" and "Query Type" dropdown filter within selected time range then by default "All" will be selected in UI and as there is no data available it will display that we must need to set the filter value which will be used in all the implemented queries. We are unable to handle this as no data available in the selected time range.

But if you select time range to more than 3 days then the data is available above filter and also in panels.

In Host section we are getting below error please see the below screenshot @v-spadarthi This issue is because of "Date" is not available in the current version of parser. The PR has been raised with the latest updated parser with the "Date" implementation, so once this is merged the above error might gets resolved automatically. Latest parser PR link : https://github.com/Azure/Azure-Sentinel/pull/5825

[jayeshprajapaticrest]

@jayeshprajapaticrest : Please fix the below validation errors In Connection section we are getting below error please see the below screenshot In DNS section we are getting below error please see the below screenshot @v-spadarthi I have fixed the above validation errors could you please confirm it and let us know if it works or not?

[jayeshprajapaticrest]

@v-spadarthi Is there any updates on above PR merging request as we have fixed the required information suggested by you?

[jayeshprajapaticrest]

@v-spadarthi Is there any updates on above PR merging request?

[v-spadarthi]

@jayeshprajapaticrest : As this PR having dependency on #5825, Please fix the issues in the PR .

[v-laanjana]

Hello,

please fix the issue .

[jayeshprajapaticrest]

Hello,

please fix the issue .

@v-laanjana Sorry, But is it fine it remains as it is as this is the part of requirements?

To view the data of Host, user must need to provide host name. If user provide * as input in it will display all host name data.

[NikTripathi]

@v-laanjana Please look into this.

[v-laanjana]

@NikTripathi we are checking .

[v-spadarthi]

@jayeshprajapaticrest : As this PR having dependency on https://github.com/Azure/Azure-Sentinel/pull/5825, Please fix the issues in the PR .

[v-laanjana]

@jayeshprajapaticrest : As this PR having dependency on https://github.com/Azure/Azure-Sentinel/pull/5825, Please fix the issues in the PR .

[jayeshprajapaticrest]

@jayeshprajapaticrest : As this PR having dependency on #5825, Please fix the issues in the PR . @v-laanjana OK Will ask PR raised person to fix it as early as possible so we can proceed with this.

[v-mchatla]

OK Will ask PR raised person to fix it as early as possible so we can proceed with this.

Thanks for the update. Please keep us posted on the same.

[NikTripathi]

@jayeshprajapaticrest Do we have any update on this sir? Thanks.

[jayeshprajapaticrest]

@jayeshprajapaticrest Do we have any update on this sir? Thanks. @NikTripathi They already have updated on the dependent PR(#5825) and waiting for the response from reviewer.

[v-spadarthi]

@jayeshprajapaticrest : Still we are getting the error and requested the updated sample data to test the Parser.

[v-spadarthi]

@jayeshprajapaticrest : We requested the updated sample data.

[jayeshprajapaticrest]

@jayeshprajapaticrest : We requested the updated sample data.

@v-spadarthi OK Thanks for the update. We need to wait till they provide data and merge that PR(#5825)

[v-spadarthi]

Above all are fine @Jayeshprajapaticrest: Still, we are getting below error after #5825 sample data provided and ingested also, please check and fix it. In Host section we are getting below please fix it

[jayeshprajapaticrest]

Above all are fine @jayeshprajapaticrest: Still, we are getting below error after #5825 sample data provided and ingested also, please check and fix it. In Host section we are getting below please fix it

@v-spadarthi As I checked on the parser they are going to commit in the PR(5825), there is a column with the name "date" is available. I don't know why it would not be available in the provided sample data.

[v-spadarthi]

@jayeshprajapaticrest : Thanks for sharing the updated sample data we ingested and tested working fine. Anyway we need to re-package this once #5825 validation error fixes we can good to merge. Thanks!

[jayeshprajapaticrest]

@jayeshprajapaticrest : Thanks for sharing the updated sample data we ingested and tested working fine. Anyway we need to re-package this once #5825 validation error fixes we can good to merge. Thanks!

@v-spadarthi Thanks for the Update.

[v-spadarthi]

@jayeshprajapaticrest : The https://github.com/Azure/Azure-Sentinel/pull/5825 validation error fixed now all looks good

[v-spadarthi]

By mistakenly closed sorry for that we are good to merge

[jayeshprajapaticrest]

@v-spadarthi Thanks for the support. Can you please let me know approx how much time it would take to publicly available of this workbook in Azure portal?