Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Updating ForescoutHostPropertyMonitor solution for a new release #11788

Open
wants to merge 25 commits into
base: master
Choose a base branch
from
Open

Updating ForescoutHostPropertyMonitor solution for a new release #11788

wants to merge 25 commits into from

Conversation

rao-peraka
Copy link
Contributor 

  Changes(s):
  • Created a new workbook ForescoutHostPropertyMonitorWorkbook.json
  • Created preview files for new workbook
  • Updated WorkbooksMetadata.json to include new workbook
  • Updated schema of customer table ForescoutHostProperties_CL
  • Added two new Custom tables ForescoutComplianceStatus_CL, ForescoutPolicyStatus_CL
  • Updated playbook Forescout-DNSSniffEventPlaybook.json
  • Updated Analytic Rule ForeScout-DNSSniffEventMonitor.yaml
  • Updated/created new KqlValidationTests for CustomTables
  • Added ReadMe files
  • Updated a ReadMe files

Reason for Change(s):

  • New schema used for Custom Table, and addition of two new Custom Tables
  • Analytic Rules/Playbook changes corresponding to Customer table changes
  • New workbook
  • Updates to ReadMe files to capture new changes

Version Updated:

  • Yes

Testing Completed:

  • Yes

Checked that the validations are passing and have addressed any issues that are present:

  • Yes (Tools\Create-Azure-Sentinel-Solution\V2\createSolutionV2.ps1 is used for validation checks)

@rao-peraka
Add files via upload
d243630
@rao-peraka
Add files via upload
313456c 
Add new package zip
@rao-peraka
Add files via upload
dce2fc8 
Adding ReleaseNotes
@rao-peraka
Create ForescoutHostPropertyMonitorWorkbook.json
0dfdd25 
New workbook
@rao-peraka
Add files via upload
aea49e7 
Adding workbook preview screenshots.
@rao-peraka
Update ForescoutHostProperties_CL.json
e46d7af 
Update schema
@rao-peraka
Update ForeScout-DNSSniffEventMonitor.yaml
ac37f11 
Update analytic rule's KQL with new schema
@rao-peraka
Update ForescoutHostPropertyMonitor.json
83793b1 
Update data connector with new tables.
@rao-peraka
Update Solution_ForescoutHostProp.json
43cbecd 
Adding a new workbook
@rao-peraka
Update createUiDefinition.json
358aa71 
Newly generated createUiDefinition
@rao-peraka
Update mainTemplate.json
9d8698e 
Newly generated mainTemplate.
@rao-peraka
Update ReadMe.md
d228acc 
Updated Readme with changes.
@rao-peraka
Update Forescout-DNSSniffEventPlaybook.json
edd1688 
Updated playbook with using Tags instead of Description field.
@rao-peraka
Update WorkbooksMetadata.json
221bc8e 
Adding new workbook details to metadata
@rao-peraka rao-peraka requested review from a team as code owners February 10, 2025 14:45
@v-prasadboke v-prasadboke self-assigned this Feb 11, 2025
@v-prasadboke v-prasadboke added the Solution Solution specialty review needed label Feb 11, 2025
@rao-peraka
Copy link
Contributor Author

Thanks for the checks.
I have updated the files.
Appreciate if you could run the validation checks again.
Thanks a lot!

@rao-peraka
Copy link
Contributor Author

Thanks for the checks.
I have updated the files.
Appreciate if you could run the validation checks again.
Thanks a lot!

v-prasadboke
v-prasadboke reviewed Feb 14, 2025
View reviewed changes
Solutions/ForescoutHostPropertyMonitor/Playbooks/Forescout-DNSSniffEventPlaybook.json
@@ -1,23 +1,9 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"metadata": {
"title": "Forescout-DNS_Sniff_Event_Playbook",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please add metadata back. This is required.
Playbook wont be visible in automation blade if metadata is not present

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the comments.
We added metadata block to Playbook and regenerated package file.
Thanks a lot!

rao-peraka and others added 4 commits February 14, 2025 11:50
v-prasadboke added a commit that referenced this pull request Feb 18, 2025
@v-prasadboke
duplicating PR #11788
9e33ebd
@v-prasadboke v-prasadboke mentioned this pull request Feb 18, 2025
Open
@v-prasadboke
Copy link
Contributor

I have created a new PR which is a duplicate of this PR
PR #11830

can you proivde me a custom table schema for table ForescoutPolicyStatus_CL
for reference https://github.com/Azure/Azure-Sentinel/blob/master/.script/tests/KqlvalidationsTests/CustomTables

@rao-peraka
Copy link
Contributor Author

Hi Prasad,
Following is schema of 2 new custom tables that were added:

ForescoutPolicyStatus_CL:
{
"Name": "ForescoutPolicyStatus_CL",
"Properties": [
{
"name": "TimeGenerated",
"type": "datetime"
},
{
"name": "UploadTime",
"type": "datetime"
},
{
"name": "Ipv4Addr",
"type": "string"
},
{
"name": "Ipv6Addr",
"type": "dynamic"
},
{
"name": "MacAddr",
"type": "string"
},
{
"name": "EmIpAddr",
"type": "string"
},
{
"name": "HostProperties",
"type": "dynamic"
}

]
}

ForescoutComplianceStatus_CL:
{
"Name": "ForescoutComplianceStatus_CL",
"Properties": [
{
"name": "TimeGenerated",
"type": "datetime"
},
{
"name": "UploadTime",
"type": "datetime"
},
{
"name": "Ipv4Addr",
"type": "string"
},
{
"name": "Ipv6Addr",
"type": "dynamic"
},
{
"name": "MacAddr",
"type": "string"
},
{
"name": "EmIpAddr",
"type": "string"
},
{
"name": "HostProperties",
"type": "dynamic"
}
]
}

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@v-prasadboke v-prasadboke v-prasadboke left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@v-prasadboke v-prasadboke

Labels
Solution Solution specialty review needed
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@rao-peraka @v-prasadboke