Azure
Update Vectra AI Stream solution
Required items, please complete
Change(s):
- Add support for AMA Data Connector
- Add custom table files and ARM template
- Remove deprecated content (Hunting queries and workbook)
Reason for Change(s):
- Deprecation of OMS in favor of AMA
- Use of different custom tables per metadata type.
- Clean up deprecated content
Version Updated:
- Yes
Testing Completed:
- YEs. Tested with Bring your own data connector feature.
Checked that the validations are passing and have addressed any issues that are present:
- KQL ok
I need some help to fix some of the issues:
- I am using custom tables so the validation is failing cause it does not recognize it as a valid KQL queries (example: "vectra_x509_CL' does not refer to any known table"). What do I need to do to fix it?
- "Error message: Invalid domains: [Security – Network] provided." -> according to https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/sentinel/sentinel-solutions.md?msclkid=9a240b52b11411ec99ae6736bd089c4a#categories-for-microsoft-sentinel-out-of-the-box-content-and-solutions. it is listed as a valid domain. What am I missing?
- The Data Connector validation is failing with the error: "no such file or directory, open '.script/utils/schemas/_ConnectorSchema.json'. Can you help to identify which part of my connector is triggering this issue and how I should proceed?
Hello @danymello, There are still some validation checks failing. I'm trying to resolve it
Hello @danymello, Sorry for the delay. I had too much on my plate. Will be taking this in my hands now
Hello, @Danymello. Here for a quick update on this PR.
Working on this PR, there is a KQL validation that fails for exceptions. To be more specific, consider the JSONreader Error exception. But, while investigating the error I did not notice any missing or extra characters in the content mentioned in the failures.
I submitted a test PR and have been working on it. I'll keep you updated. #10569
Thank you for your understanding, @danymello, and we apologize for the inconvenience and delay with this PR.
Hello, @danymello. Here for a quick update on this PR.
Working on this PR, there is a KQL validation that fails for exceptions. To be more specific, consider the JSONreader Error exception. But, while investigating the error I did not notice any missing or extra characters in the content mentioned in the failures.
I submitted a test PR and have been working on it. I'll keep you updated. #10569
Thank you for your understanding, @danymello, and we apologize for the inconvenience and delay with this PR.
any update?
Hello @fgu-vectra, Sorry for the delay. Had too much on my plate.
I'm testing the Solution and I'll provide you an update by 17 Jun, 2024.
Hello @danymello & @fgu-vectra Apologies for the delay. I was on sick leave for yesterday. I've resolved the KQL validation error which was failng for extra character and Value cannot be null
Can you share the sample data to test the content of the Solution.
Thanks, Prasad
Hello @danymello & @fgu-vectra KQL validation errors are resolved. Can you share sample data to test the content of the Solution. Thanks, Prasad
Hello @danymello & @fgu-vectra can you share sample data to test the content of the Solution.
Hello @danymello and @fgu-vectra we have resolved all the KQL validation failure for which Solution's content testing was left. Validations are resolved and we are waiting for sample data so that we can continue with the testing.
Thanks and Regards, Prasad
Hello @danymello and @fgu-vectra we have resolved all the KQL validation failure for which Solution's content testing was left. Validations are resolved and we are waiting for sample data so that we can continue with the testing.
Thanks and Regards, Prasad
added a commit with sample data. let me know if this is what you expected!
Hello @fgu-vectra Thanks for sharing the sample data. Will review the PR and update you by 09 July, 2024
Hello @danymello & @fgu-vectra we are facing an issue while packaging the solution. After packaging the dataconnectorversion variable shows no value in maintemplate. We are trying to find the root cause for it.