35 Pull requests merged by 23 people

• Bug fixes for function and logic app

  #11328 merged Oct 25, 2024

• Exception Filtering Cases ASIM

  #11339 merged Oct 25, 2024

• Adding new MDO related queries from recent Microsoft Threat Intellige…

  #11316 merged Oct 25, 2024

• Updated azure deploy template for BitSight data connector

  #11334 merged Oct 25, 2024

• Updated Pulisher Id for mimecast solution

  #11336 merged Oct 25, 2024

• Update ingestASimSampleData.py

  #11337 merged Oct 25, 2024

• Placing workbook images in the workbook/image/preview location

  #11330 merged Oct 25, 2024

• fixing Typo in filtering script

  #11335 merged Oct 25, 2024

• Update ASimFilteringTest.py

  #11333 merged Oct 25, 2024

• Update SentinelOneAPISentinelConn.zip

  #11332 merged Oct 25, 2024

• Bump aiohttp from 3.9.5 to 3.10.2 in /Solutions/ZeroFox/Data Connectors/CTI

  #10963 merged Oct 24, 2024

• Fixes for issues occurred during publishing to the Azure Store

  #11276 merged Oct 24, 2024

• ZeroNetworks: update parsers with new auditTypes

  #11236 merged Oct 24, 2024

• Bump up package to 3.2.2 for partner center update

  #11313 merged Oct 24, 2024

• Standard Update for Cloudflare Function App

  #11284 merged Oct 24, 2024

• Update imDns_DomainEntity_DnsEvents.yaml

  #11257 merged Oct 24, 2024

• Fixed TLS default version related thing by udating it to TLS1.2

  #11318 merged Oct 24, 2024

• Bump urllib3 from 1.25.11 to 1.26.19 in /Solutions/CiscoUmbrella/Data Connectors

  #11024 merged Oct 23, 2024

• Update ingestASimSampleData.py

  #11317 merged Oct 23, 2024

• Bitglass solution packaged to update old URL to new URL

  #11304 merged Oct 23, 2024

• Enforcing ASim validations when failure comes

  #11314 merged Oct 23, 2024

• SentinelOne | Updated the requirements file for py_310 import errors

  #11292 merged Oct 23, 2024

• Added the newly created Learn links for publishing Sentinel solutions

  #11282 merged Oct 23, 2024

• Update EventsToTableMapping.json

  #11293 merged Oct 22, 2024

• Bump aiohttp from 3.9.2 to 3.10.2 in /Solutions/Google Cloud Platform Cloud Monitoring/Data Connectors

  #10958 merged Oct 22, 2024

• Inspira Enterprise Standalone workbooks

  #11310 merged Oct 22, 2024

• 1Password codeless connector

  #11131 merged Oct 22, 2024

• Abnormal Security Sentinel New Polling Logic

  #11196 merged Oct 22, 2024

• aws-s3-fun-pythonversionupdate3.8to3.9

  #11308 merged Oct 22, 2024

• add stream prefix to cloudwatch lambda

  #11305 merged Oct 22, 2024

• Updated Parsers and added new tabs in workbook as per new requirement in Corelight Solution.

  #11194 merged Oct 22, 2024

• Added Mimecast Solution

  #11114 merged Oct 21, 2024

• CTERA Solution for Azure Sentinel

  #11169 merged Oct 21, 2024

• update functionapp version, fix link to point to master branch

  #11295 merged Oct 21, 2024

• Added domain solutions id's

  #11298 merged Oct 21, 2024

10 Pull requests opened by 9 people

• Do not merge-test

  #11301 opened Oct 20, 2024

• Updated Tenable VM Data Connector to support compliance data ingestion.

  #11311 opened Oct 22, 2024

• Updating CrowdStrike Solution to add support for gov deployment

  #11315 opened Oct 23, 2024

• M3: Illumio Playbook support

  #11321 opened Oct 23, 2024

• Update Vmware Carbon black solution to fix deployment issue

  #11322 opened Oct 24, 2024

• MDO Tools hygiene

  #11323 opened Oct 24, 2024

• Adding new Box CCP connector and updated parser

  #11324 opened Oct 24, 2024

• Test

  #11326 opened Oct 24, 2024

• Bump snowflake-connector-python from 3.0.2 to 3.12.3 in /Solutions/Snowflake/Data Connectors

  #11331 opened Oct 24, 2024

• Updated description of Analytic Rule

  #11338 opened Oct 25, 2024

11 Issues closed by 2 people

• Invalid Column Name for Entity Mapping

  #11278 closed Oct 25, 2024

• SentinelOneAPISentinelConn.zip modification caused existing Function Apps to stop working

  #11325 closed Oct 25, 2024

• Analytic Rules Leads to FPs: Preview - TI map IP entity to Cloud App Events

  #11272 closed Oct 25, 2024

• Duplicated logs ingested into Sentinel with OCI (Azure Functions) Data Connector

  #10863 closed Oct 24, 2024

• Cisco Umbrella (using Azure Functions) connector for Microsoft Sentinel not ingesting intrusionlogs

  #11204 closed Oct 23, 2024

• Limiting GCP Workload Identity Access to Specific Azure Sentinel Connectors

  #11251 closed Oct 23, 2024

• Trend Micro Vision One - TrendMicro_XDR_WORKBENCH_CL table is not showing any results

  #11312 closed Oct 23, 2024

• Defender Advanced Hunt query error

  #11235 closed Oct 23, 2024

• Analytic rule not working properly

  #11125 closed Oct 23, 2024

• The Deployment fails in 3 different environments with different configuration on the same point - enableSolutionAndAlerts - Create-NewSolutionAndRulesFromList.ps1: line 44

  #11111 closed Oct 22, 2024

• Old Analytic Rules versions in /solutions/

  #11307 closed Oct 22, 2024

7 Issues opened by 7 people

• DomainEntity_EmailUrlInfo TI detection creates memory issues on large data sets

  #11340 opened Oct 25, 2024

• Environment failing to Deploy - enableSolutionAndAlerts - Create-NewSolutionAndRulesFromList.ps1: line 44

  #11329 opened Oct 24, 2024

• Arm template with a parameter of array type is resulting in an exception when deployed

  #11320 opened Oct 23, 2024

• Okta SSO Parser Calling Incorrect Table Name

  #11319 opened Oct 23, 2024

• Exchange Security Insights On-Premise Collector receives no logs

  #11309 opened Oct 22, 2024

• Support for sprintf format in Microsoft Sentinel output plugin for Logstash

  #11303 opened Oct 21, 2024

• Discrepancy in the Count of the Events - in the Incidents blade and Log Analytics Workspace results

  #11302 opened Oct 21, 2024

29 Unresolved conversations

Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.

• ESET Protect Platform solution 3.0.0.

  #11280 commented on Oct 24, 2024 • 3 new comments

• Fortinet FortiGate WebSession Parsers Parsing Fix & Additions

  #10865 commented on Oct 25, 2024 • 1 new comment

• Formatting fixes revealed during parsing

  #11300 commented on Oct 24, 2024 • 0 new comments

• fix: Deploy ASIM parsers without redeploying the Log Analytics workspace

  #11299 commented on Oct 22, 2024 • 0 new comments

• Fixed ssh_potentialBruteForce.yaml Account field

  #11290 commented on Oct 24, 2024 • 0 new comments

• PureStorage FlashBlade Integration

  #11286 commented on Oct 22, 2024 • 0 new comments

• Garrison ULTRA Remote Logs solution

  #11285 commented on Oct 24, 2024 • 0 new comments

• WindowsAuth Parser Update

  #11277 commented on Oct 25, 2024 • 0 new comments

• Update legacy syslog connector definition

  #11253 commented on Oct 23, 2024 • 0 new comments

• Veritas analytics rules

  #11250 commented on Oct 22, 2024 • 0 new comments

• Modified the Phishing Investigation application to handle benign case as well as no URL extracted from entities.

  #11217 commented on Oct 24, 2024 • 0 new comments

• Updates to DataConnectors/AWS-SecurityHubFindings

  #11211 commented on Oct 23, 2024 • 0 new comments

• 🐛 Don't mix ISO duration and KQL timespan formats

  #11199 commented on Oct 25, 2024 • 0 new comments

• Improve query if column is not present

  #11197 commented on Oct 24, 2024 • 0 new comments

• Sensor SSH Cowrie solution

  #11155 commented on Oct 23, 2024 • 0 new comments

• Q2 2024 updates

  #11049 commented on Oct 21, 2024 • 0 new comments

• Workbook complete rewrite for Microsoft Sentinel Cost

  #11003 commented on Oct 25, 2024 • 0 new comments

• IPinfo Sentinel Solution New Connectors

  #10981 commented on Oct 21, 2024 • 0 new comments

• Update OktaSSO.yaml

  #10943 commented on Oct 24, 2024 • 0 new comments

• Update BloodHound Enterprise Solution function app

  #10701 commented on Oct 25, 2024 • 0 new comments

• Integrating InsightVM with Sentinel

  #11233 commented on Oct 25, 2024 • 0 new comments

• Meraki Rest API information is out of date and failing to connect

  #11248 commented on Oct 25, 2024 • 0 new comments

• Suspicious overly permissive KMS key policy created - Rule Tuning

  #11296 commented on Oct 25, 2024 • 0 new comments

• Proofpoint On demand(POD) Timer too long

  #11243 commented on Oct 25, 2024 • 0 new comments

• Unable to view contents of function app's zip files after downloading from SCM_RUN_FROM_PACKAGE link

  #11281 commented on Oct 24, 2024 • 0 new comments

• SalesforceSentinelConnector Authentication Parameters, trigger variable, required application setting

  #11288 commented on Oct 24, 2024 • 0 new comments

• ConvertFrom-Json returning null???

  #11267 commented on Oct 23, 2024 • 0 new comments

• ASimWebSessionSquidProxy issue with data from AMA

  #11268 commented on Oct 23, 2024 • 0 new comments

• How to contribute to Network Session Essentials/solutions that use ASIM parsers?

  #11210 commented on Oct 22, 2024 • 0 new comments