Azure
Update Archive Log PS1 to work with Azure Government
Required items, please complete
Change(s):
- Updated the Archive Powershell in the the Tools/Archive-Log-Tool folder to allow this powershell script to connect to Azure Government. This required a new parameter, AzEnvironment to allow users to specify the environment and change the API endpoints. This also required a change to the Connect-AzAccount on line 513 to UseDeviceAuthentication.
Reason for Change(s):
- The original script did not work for Azure Government as written.
Version Updated:
- No
Testing Completed:
- Yes. Tested in BOTH AzureCloud and AzureUSGovernment
Checked that the validations are passing and have addressed any issues that are present:
- Yes
Guidance <- remove section before submitting
Before submitting this PR please ensure that you have read the following sections and filled out the changes, reason for change and testing complete sections:
Thank you for your contribution to the Microsoft Sentinel Github repo.
Details of the code changes in your submitted PR. Providing descriptions for pull requests ensures there is context to changes being made and greatly enhances the code review process. Providing associated Issues that this resolves also easily connects the reason.
Change(s):
- Updated the Archive Powershell in the the Tools/Archive-Log-Tool folder to allow this powershell script to connect to Azure Government. This required a new parameter, AzEnvironment to allow users to specify the environment and change the API endpoints. This also required a change to the Connect-AzAccount on line 513 to UseDeviceAuthentication.
Reason for Change(s):
- The original script did not work for Azure Government as written.
Version updated:
- No
- Detections/Analytic Rule templates are required to have the version updated
The code should have been tested in a Microsoft Sentinel environment that does not have any custom parsers, functions or tables, so that you validate no incorrect syntax and execution functions properly. If your submission requires a custom parser or function, it must be submitted with the PR.
Testing Completed:
- Yes. Tested in BOTH AzureCloud and AzureUSGovernment
Note: If updating a detection, you must update the version field.
Before the submission has been made, please look at running the KQL and Yaml Validation Checks locally. https://github.com/Azure/Azure-Sentinel#run-kql-validation-locally
Checked that the validations are passing and have addressed any issues that are present:
- Yes
Note: Let us know if you have tried fixing the validation error and need help.
References:
@sreedharande, the zip was updated at the same time. The changelog (c40cf5f) should show a commit for it and the script at the same time. It's a little messy bc I committed some of the log files and deleted everything before doing a clean commit.
@sreedharande Please take a look once and provide your sign off. thanks!!!
@sreedharande Please take a look once again and provide your sign off. thanks!!!
@sreedharande Please take a look once again and provide your sign off. thanks!!!
@sreedharande Please take a look once again and provide your sign off. thanks!!!
@sreedharande Please take a look once again and provide your sign off. thanks!!!
@sreedharande Please take a look once again and provide your sign off. thanks!!!
@sreedharande Please take a look once again and provide your sign off. thanks!!!
Hi @sreedharande, Author has incorporated the changes requested. Can you please review once again and provide your feedback. Thanks
