Azure-Sentinel Adding Mandiant Advantage Threat Intelligence Solution

Required items, please complete

Change(s):

Initial commit for adding Mandiant Advantage Threat Intelligence solution

Reason for Change(s):

Adding Mandiant Advantage Threat Intelligence solution

Testing Completed:

Yes

Checked that the validations are passing and have addressed any issues that are present:

Need Help

Sep 28 '22 16:09 chrishultin

Thank you for your submission, we really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.

:x: chrishultin sign now
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

Sep 28 '22 16:09 ghost

@chrishultin : While checking Logo we are getting below error please check and fix it. Ensure raw file of logo does not have any of the following: 1.cls and style formats 2.embedded png formats 3.data-name

Sep 29 '22 09:09 v-spadarthi

@manishkumar1991 :Please review the playbooks and provide your feedback. Thanks!

Sep 29 '22 09:09 v-spadarthi

Logo is good validation passed Once playbook reviewed and approved from @manishkumar1991 we can be good to merge. @chrishultin: Seems some issue with Contributor License Agreement acceptance, please try to sign Contributor License Agreement again to accept your contribution.

Sep 30 '22 06:09 v-spadarthi

Hi @manishkumar1991 Can you please review the playbooks and provide your feedback. thanks

Oct 04 '22 19:10 v-mchatla

Hi @manishkumar1991 Can you please review the playbooks and provide your feedback. thanks

Hello I have reviewed the playbook , and my feedback is, currently we don't support multi dependency deployment, for key vault , storage account creation and many other within playbook template, So requesting PR submitter to replace the creation of key vault and storage account resources . with the use of existing one and mention the procedure in readme.md file which is missing in this PR , Can take help from link mentioned below :

https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/ThreatXCloud/Playbooks/ThreatXPlaybooks/ThreatX-BlockIP-URL/azuredeploy.json

and instead of using the http call for mandiant api , recommend building one logic app custom connector.

and if this is going to be considered as separate solution, will it contain only one playbook?

@v-mchatla @v-spadarthi @chrishultin

Oct 06 '22 13:10 manishkumar1991

@chrishultin, can you please check on feedback from Manish? Also please sign license/cla, thanks.

Oct 10 '22 12:10 v-sabiraj

@chrishultin, can you please check on feedback from Manish? Also please sign license/cla, thanks.

Oct 13 '22 14:10 v-spadarthi

@chrishultin, can you please check on feedback from Manish? Also please sign license/cla, thanks.

Oct 17 '22 08:10 v-spadarthi

@chrishultin, can you please check on feedback from Manish? Also please sign license/cla, thanks.

Oct 19 '22 05:10 v-spadarthi