Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CTERA Solution for Azure Sentinel #11169

Merged
merged 18 commits into from
Oct 21, 2024
Merged

Conversation

roberteliass
Copy link
Contributor

Required items, please complete

Change(s):
Updated files:

  • Analytic Rules
    • RansomwareUserBlocked.yaml
    • RansomwareDetected.yaml
  • Data
    • Solution_CTERA.json
  • Data Connectors
    • CTERA_Data_Connector.json
  • Hunting Queries
    • MassAccessDenied.yaml
    • MassPermissionChanges.yaml
    • MassDeletions.yaml
  • Package
    • mainTemplate.json
    • createUiDefinition.json
  • Workbooks
    • CTERA_Workbook.json
  • ReleaseNotes.md
  • SolutionMetadata.json

Reason for Change(s):

  • These updates include enhancements to the overall structure, improved detection capabilities, and better integration with the CTERA solution. Bug fixes and optimizations. Resolves validation issues encountered in prior submissions.

Version Updated:

  • yes
  • Version field updated for Detections/Analytic Rule templates.

Testing Completed:

  • Tested in Microsoft Sentinel environment without custom parsers, functions, or tables.
  • Validated functionality and ensured proper syntax execution.

Checked that the validations are passing and have addressed any issues that are present:
- Yes, validation checks were run, and all identified issues were addressed.

@roberteliass roberteliass requested review from a team as code owners September 23, 2024 10:59
@v-atulyadav v-atulyadav added the Solution Solution specialty review needed label Sep 23, 2024
@roberteliass
Copy link
Contributor Author

@v-prasadboke @v-atulyadav What is the ETA for the code to be reviewed?

@v-prasadboke
Copy link
Contributor

@v-prasadboke @v-atulyadav What is the ETA for the code to be reviewed?

Hello @roberteliass, I'm on leave till 6th Oct. Will get back to you by 9th Oct

@v-prasadboke
Copy link
Contributor

Hello @roberteliass, Please add workbook metadata to the workbooksmetadata file
https://github.com/Azure/Azure-Sentinel/blob/master/Workbooks/WorkbooksMetadata.json

Please try to resolve branch conflicts.

@roberteliass
Copy link
Contributor Author

roberteliass commented Oct 8, 2024 via email

# Conflicts:
#	.script/tests/detectionTemplateSchemaValidation/ValidConnectorIds.json
@roberteliass roberteliass reopened this Oct 8, 2024
@roberteliass roberteliass requested a review from a team as a code owner October 8, 2024 17:16
@roberteliass
Copy link
Contributor Author

roberteliass commented Oct 8, 2024 via email

@roberteliass
Copy link
Contributor Author

roberteliass commented Oct 14, 2024 via email

@v-prasadboke
Copy link
Contributor

Hello @roberteliass, Can you provide me write access to your branch

@roberteliass
Copy link
Contributor Author

roberteliass commented Oct 20, 2024 via email

@v-atulyadav v-atulyadav merged commit fdec8b3 into Azure:master Oct 21, 2024
35 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Solution Solution specialty review needed
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants