Azure-Sentinel icon indicating copy to clipboard operation
Azure-Sentinel copied to clipboard
verified publisher icon Azure

Cybersixgill Actionable alerts

Open loginsoft-integrations opened this issue 3 years ago • 7 comments

Required items, please complete

Change(s):

  • Cybersixgill Actionable alerts Solution

Reason for Change(s):

  • New solution

Version Updated:

  • N/A

Testing Completed:

  • Yes

Checked that the validations are passing and have addressed any issues that are present:

  • Yes

loginsoft-integrations avatar Oct 10 '22 10:10 loginsoft-integrations

CLA assistant check
Thank you for your submission, we really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.

:x: loginsoft-integrations sign now
You have signed the CLA already but the status is still pending? Let us recheck it.

ghost avatar Oct 10 '22 10:10 ghost

@loginsoft-integrations : Please fix the validation errors 1.Logo image image 2.Sample data image 3.In solution input file please remove the empty files analytics and parsers 4.while deploying workbook (ActionableAlertsDashboard.json) we could see below errors please fix it image image 5.while deploying workbook (ActionableAlertsList.json) we could see below errors please fix it image 6. Please remove the solution input file from tools folder 7. Data connector we could see below errors please fix it image 8. Please replace the text from azure sentinel to Microsoft sentinel wherever it is applicable image

v-spadarthi avatar Oct 11 '22 10:10 v-spadarthi

@loginsoft-integrations : Please address the above comments. Thanks!

v-spadarthi avatar Oct 13 '22 14:10 v-spadarthi

@aprakash13 : Please review the hunting queries. Thanks! @manishkumar1991 : Please review the Playbooks. Thanks!

v-spadarthi avatar Oct 13 '22 15:10 v-spadarthi

1st and 7th are open. We will fix those and commit.

syed-loginsoft avatar Oct 14 '22 16:10 syed-loginsoft

@loginsoft-integrations please confirm if you have used, our "playbook arm template generator tool" for generating the arm template of provided playbook, if not requesting you to please use the below link to generate the arm template and update the PR

https://github.com/Azure/Azure-Sentinel/tree/master/Tools/Playbook-ARM-Template-Generator

Kindly provide readme.md file for playbooks , which explains the playbook working and how to deploy it . @syed-loginsoft

manishkumar1991 avatar Oct 17 '22 09:10 manishkumar1991

@manishkumar1991 , We have used the "playbook arm template generator" to generate playbooks.

We will create readme file and commit once done. Thanks.

syed-loginsoft avatar Oct 17 '22 10:10 syed-loginsoft

@loginsoft-integrations : Please fix the validation errors. Thanks! @aprakash13 : Please review the hunting queries. Thanks!

v-spadarthi avatar Oct 21 '22 05:10 v-spadarthi

@loginsoft-integrations : Please fix the validation errors. Thanks! @aprakash13 : Please review the hunting queries. Thanks!

v-spadarthi avatar Oct 25 '22 08:10 v-spadarthi

@microsoft-github-policy-service agree [company="Loginsoft"]

loginsoft-integrations avatar Oct 26 '22 04:10 loginsoft-integrations

@microsoft-github-policy-service agree company="Loginsoft"

loginsoft-integrations avatar Oct 26 '22 04:10 loginsoft-integrations

@aprakash13 : Please review the hunting queries. Thanks!

v-spadarthi avatar Oct 28 '22 05:10 v-spadarthi

@aprakash13 : Please review the hunting queries. Thanks!

v-spadarthi avatar Oct 31 '22 06:10 v-spadarthi

@loginsoft-integrations : Please fix the validation errors Logo image Please follow the below instructions and provide the Logo

  1. Logo needs to be in SVG format and under 5 Kb 2)Ensure raw file of logo does not have any of the following: i)cls and style formats ii)embedded png formats iii) title tag is not used Workbook for ActionableAlertsDashboard.json please fix the below errors image image image Workbook for ActionableAlertsList.json please fix the below errors image Please add the workbook meta data for above 2 workbooks in below path https://github.com/Azure/Azure-Sentinel/blob/master/Tools/Create-Azure-Sentinel-Solution/V2/WorkbookMetadata/WorkbooksMetadata.json For input file please change the version 2.0.0 image

v-spadarthi avatar Oct 31 '22 08:10 v-spadarthi

Workbook metadata JSON file was already updated.

https://github.com/Azure/Azure-Sentinel/blob/master/Tools/Create-Azure-Sentinel-Solution/V2/WorkbookMetadata/WorkbooksMetadata.json#L4387

We are looking into others.

loginsoft-integrations avatar Oct 31 '22 09:10 loginsoft-integrations

@loginsoft-integrations : Please address the remaining comments and while testing Data connector we are getting below issue Please fix it image

v-spadarthi avatar Nov 02 '22 01:11 v-spadarthi

@v-spadarthi Can you please point us to relevant documentation to fix Workbook issue.

loginsoft-integrations avatar Nov 03 '22 12:11 loginsoft-integrations

@loginsoft-integrations : Please resolve the below comments Logo is looking good image In Workbook, please fix the below issues and we couldn't see these columns in Table CyberSixgill_Alerts_CL as well image image image image After fixing all these issues need to re-package it again. Thanks!

v-spadarthi avatar Nov 04 '22 02:11 v-spadarthi

  • threat_source_s
  • threat_actor_s
  • assets_s
  • portal_url_s

Above columns already exists in Cybersixgill_Alerts_CL.json

Do we have to update some where else too?

loginsoft-integrations avatar Nov 04 '22 13:11 loginsoft-integrations

@loginsoft-integrations : Please resolve the below comments In Data Connector still we are getting same issue please see the below image In workbooks looking good image ActionableAlertsDashboard image CreateUI definition image Main Template image Arm-ttk also running fine image After deploying main template we could see below in portal, In playbooks metadata missing please fix image Use below link to declare the metadata properties it will resolve above problem https://github.com/Azure/Azure-Sentinel/tree/master/docs/New%20Playbooks%20Contribution%20Guide#add-metadata

v-spadarthi avatar Nov 07 '22 09:11 v-spadarthi

@loginsoft-integrations : Thanks for the metadata changes. Please fix the data connector issues once done re-package it again. Thanks!

v-spadarthi avatar Nov 08 '22 06:11 v-spadarthi

@loginsoft-integrations : Still we are getting same error please fix it image

v-spadarthi avatar Nov 09 '22 09:11 v-spadarthi

@loginsoft-integrations : Please address the above comments

v-spadarthi avatar Nov 11 '22 05:11 v-spadarthi

Hi @v-spadarthi, Can you please review the changes. Thanks

v-mchatla avatar Nov 16 '22 04:11 v-mchatla

@loginsoft-integrations : While deploying the azure function in portal deployment successful but, not able to see function in function section please see the screenshot below please check and fix it image image

v-spadarthi avatar Nov 18 '22 04:11 v-spadarthi

We are looking into it.

loginsoft-integrations avatar Nov 18 '22 04:11 loginsoft-integrations

@loginsoft-integrations @syed-loginsoft

Post deployment of playbook we are seeing that secure string are visible in parameter section which is not a good practice

image

Requesting you to please change your playbooks and try to use existing key vaults for getting the secured secret keys.

manishkumar1991 avatar Nov 21 '22 05:11 manishkumar1991

@loginsoft-integrations : Please address the above comments.

v-spadarthi avatar Nov 23 '22 04:11 v-spadarthi

@loginsoft-integrations : Please address the @manishkumar1991 comments and as well please fix the below errors. image

v-spadarthi avatar Nov 25 '22 05:11 v-spadarthi

@loginsoft-integrations : we are getting below error please fix If it is working from your environment, please attach the screenshots. image

v-spadarthi avatar Nov 30 '22 05:11 v-spadarthi