Azure-Sentinel icon indicating copy to clipboard operation
Azure-Sentinel copied to clipboard
verified publisher icon Azure

Correct targetProduct in tiIndicator: submitTiIndicators

Open RecordedFutureOskbo opened this issue 3 years ago • 6 comments

Required items, please complete

Change(s):

  • Change "targetProduct": "Microsoft Sentinel" back to "Azure Sentinel"
  • Generated new solution 2.2.2.zip containing the fix.

Reason for Change(s): Error in our playbooks introduced due to name change from Azure Sentinel to Microsoft Sentinel. Introduced in this COMMIT.

This fix will correct the targetProduct back to Azure Sentinel according to the spec https://learn.microsoft.com/en-us/graph/api/tiindicator-submittiindicators?view=graph-rest-beta&tabs=http

Testing Completed:

  • Installed mainTemplate.json
  • Installed playbooks from templates
  • Run templates importing data and triggered analytic rules.

RecordedFutureOskbo avatar Jan 11 '23 13:01 RecordedFutureOskbo

I have prepared publishing of Solution package in the partner portal and are ready to publish when this PR is approved.

RecordedFutureOskbo avatar Jan 11 '23 16:01 RecordedFutureOskbo

@RecordedFutureOskbo, please check if there is need to change the text from "Microsoft Sentinel" to "Azure sentinel" again? as we have changed at all instances, thanks.

v-sabiraj avatar Jan 11 '23 17:01 v-sabiraj

Yes this is required in the Microsoft Graph API. The text will not surface to the end user. I tested the API with "Microsoft Sentinel" as targetProduct I got HTTP Status 400 back. https://learn.microsoft.com/en-us/graph/api/resources/tiindicator?view=graph-rest-beta

image

RecordedFutureOskbo avatar Jan 11 '23 17:01 RecordedFutureOskbo

@RecordedFutureOskbo Ok, let me check if we can skip these failing validations, thanks.

v-sabiraj avatar Jan 11 '23 17:01 v-sabiraj

@v-sabiraj any status on this? I will try to create a workaround so we can get this fix to our customers.

RecordedFutureOskbo avatar Jan 13 '23 08:01 RecordedFutureOskbo

@v-sabiraj Azure.Azure-Sentinel task is now successful.

RecordedFutureOskbo avatar Jan 13 '23 14:01 RecordedFutureOskbo

@v-sabiraj, @v-atulyadav any new on this PR? I have fixed all Required checks.

RecordedFutureOskbo avatar Jan 17 '23 07:01 RecordedFutureOskbo

@RecordedFutureOskbo, actually the arm-ttk for particular playbooks is failing, the check has been added to check individual files.

v-sabiraj avatar Jan 17 '23 11:01 v-sabiraj

@RecordedFutureOskbo, actually the arm-ttk for particular playbooks is failing, the check has been added to check individual files.

I have a separate branch where I tried to remove all arm-ttk issues. I rather submit it separate, since I will rename all playbooks to azuredeploy.json as one of the updates.

RecordedFutureOskbo avatar Jan 17 '23 12:01 RecordedFutureOskbo

@v-sabiraj do you need fix for arm-ttk in this PR?

RecordedFutureOskbo avatar Jan 19 '23 13:01 RecordedFutureOskbo

@RecordedFutureOskbo, this is fixed, will approve, thanks.

v-sabiraj avatar Jan 21 '23 15:01 v-sabiraj

Hey, @RecordedFutureOskbo can you please update your branch from master. The fix has been done in master, thanks.

v-sabiraj avatar Jan 23 '23 05:01 v-sabiraj

Hey, @RecordedFutureOskbo can you please update your branch from master. The fix has been done in master, thanks.

Done, thanks!

RecordedFutureOskbo avatar Jan 23 '23 07:01 RecordedFutureOskbo