Azure-Sentinel update parser with new attributes and fixes for some prefixes issues

Required items, please complete

Change(s):

Updated the parser for Vectra Stream: VectraStream_function.kql

Reason for Change(s):

Missing attributes (new attributes released in Vectra's product)
Some attributes did not have the right prefix (e.g. sometimes identified as string, sometimes as digit)

Testing Completed:

Yes

Checked that the validations are passing and have addressed any issues that are present:

Aug 04 '22 18:08 danymello

@danymello : Could you please resolve the below errors

Aug 22 '22 10:08 v-spadarthi

@danymello : Please fix above commented errors still we are getting same errors. This PR is depending on #5816 please fix errors asap. Thanks

Sep 05 '22 06:09 v-spadarthi

@danymello : Please fix above commented errors still we are getting same errors. and let us know

Sep 08 '22 07:09 v-laanjana

Hi @danymello Please fix the comments. Thanks

Sep 08 '22 19:09 NikTripathi

Hi @danymello Please fix the comments. Thanks

Sep 14 '22 11:09 v-laanjana

Hi @danymello Please fix the comments. Thanks

Sep 15 '22 11:09 v-laanjana

@v-spadarthi , I know about the duplicate but I dont know how to handle this scenario. Depending on the value, it is not recognized as the same type every time. To handle the different scenarios, I duplicate entries. Please advise on how to handle this case.

Sep 15 '22 21:09 danymello

@v-spadarthi , could you please update ??

Sep 23 '22 03:09 v-laanjana

@danymello : We will check with internal team and let you know the update.

Sep 28 '22 02:09 v-spadarthi

@danymello : Could you please have a look and let us know if it meets your criteria, we are providing the updated parser VectraStreamParser.txt to you. Thanks!!

Sep 29 '22 13:09 v-spadarthi

Hi @danymello Please let us know if the provided parser can help or do you need any help over there. Thanks

Oct 04 '22 19:10 v-mchatla

@v-mchatla , updated parser I just pushed should be good to go

Oct 04 '22 23:10 danymello

Hi @danymello, We will have a look and let you know if anything is missing. Thank you!

Oct 07 '22 04:10 v-amolpatil

@danymello : Please resolve below error

Oct 10 '22 07:10 v-spadarthi

@danymello : Please resolve below error

I don't see the same issue. columns exist in my setup

Oct 10 '22 16:10 fgu-vectra

@danymello / @fgu-vectra : Could you please share the updated sample data and will ingest and test it again the parser. Thanks!

Oct 11 '22 13:10 v-spadarthi

@danymello / @fgu-vectra : Could you please share the updated sample data and will ingest and test it again the parser. Thanks!

Oct 13 '22 14:10 v-spadarthi

@danymello / @fgu-vectra : Please share the updated sample data.

Oct 17 '22 07:10 v-spadarthi

@danymello / @fgu-vectra : Please share the updated sample data.

please take a look at the new samples added.

Oct 18 '22 01:10 fgu-vectra

Thanks for sharing the sample data. I have ingested sample data Parser tested again working fine But,This PR is depending on https://github.com/Azure/Azure-Sentinel/pull/5816 as well please fix below

Oct 18 '22 05:10 v-spadarthi

Thanks for sharing the sample data. I have ingested sample data Parser tested again working fine But,This PR is depending on #5816 as well please fix below

added smtp metadata sample which has the "date" attribute

Oct 18 '22 20:10 fgu-vectra

@danymello : Thanks for sharing the updated sample data. Please fix the validation error Sample data Parser Workbook also fine Once fix the validation error good to merge. Thanks

Oct 19 '22 08:10 v-spadarthi

@danymello : Please resolve the validation errors. Thanks!

Oct 20 '22 07:10 v-spadarthi

@danymello : Please resolve the validation errors. Thanks!

email has ben sanitized

Oct 20 '22 15:10 fgu-vectra

@danymello : Thanks for the fixing the validation error.

Oct 21 '22 05:10 v-spadarthi

Ingested sample data again

Oct 21 '22 05:10 v-spadarthi