Fixing Dragos arm-ttk id from resourceId validation errors (#11726)

dragosinc-sentinel · v-prasadboke · web-flow · commit 03d23806973c · 2025-02-03T15:58:56.000+05:30
* Mitigating arm-ttk errors that docs say we can ignore, but partner center submission rejects.

* Fixing custom detail as id bypass resulted in name that was too long

* Bumping analytic version due to id name field change.

* Solution packaged

---------

Co-authored-by: v-prasadboke &lt;v-prasadboke@microsoft.com&gt;
diff --git a/Solutions/Dragos/Analytic Rules/DragosNotifiction.yaml b/Solutions/Dragos/Analytic Rules/DragosNotifiction.yaml
@@ -37,7 +37,7 @@ alertDetailsOverride:
     - alertProperty: ProductName
       value: AlertProductName
 customDetails:
-  DragosNotificationId: id
+  DragosIdentifier: id
   DragosSeverity: severity
   DragosDetectionQuads: detectionQuads
   DragosCreatedAt: createdAt
@@ -60,6 +60,6 @@ incidentConfiguration:
     lookbackDuration: PT1H
     matchingMethod: Selected
     groupByCustomDetails:
-      - DragosNotificationId
-version: 1.0.0
+      - DragosIdentifier
+version: 1.0.1
 kind: Scheduled
diff --git a/Solutions/Dragos/Package/3.0.0.zip b/Solutions/Dragos/Package/3.0.0.zip
diff --git a/Solutions/Dragos/Package/mainTemplate.json b/Solutions/Dragos/Package/mainTemplate.json
diff --git a/Solutions/Dragos/Parsers/DragosNotificationsToSentinel.yaml b/Solutions/Dragos/Parsers/DragosNotificationsToSentinel.yaml
@@ -10,7 +10,7 @@ FunctionQuery: |
   let existingIncidents = SecurityAlert
     | where ProductName == "Dragos"
     | extend CustomDetails=tostring(parse_json(ExtendedProperties)["Custom Details"])
-    | extend id = toint(extract_json("$.DragosNotificationId[0]", CustomDetails))
+    | extend id = toint(extract_json("$.DragosIdentifier[0]", CustomDetails))
     | project-keep SystemAlertId, id;
   union isfuzzy=true DragosPushNotificationsToSentinel, DragosPullNotificationsToSentinel
     | join kind=leftouter (existingIncidents) on id
diff --git a/Solutions/Dragos/Parsers/DragosPullNotificationsToSentinel.yaml b/Solutions/Dragos/Parsers/DragosPullNotificationsToSentinel.yaml
@@ -26,7 +26,7 @@ FunctionQuery: |
   let existingIncidents = SecurityAlert
       | where ProductName == "Dragos"
       | extend CustomDetails=tostring(parse_json(ExtendedProperties)["Custom Details"])
-      | extend id = toint(extract_json("$.DragosNotificationId[0]", CustomDetails))
+      | extend id = toint(extract_json("$.DragosIdentifier[0]", CustomDetails))
       | project-keep SystemAlertId, id;
   DragosAlerts_CL
   | extend detectionQuads=strcat_array(detectionQuads, ",")
diff --git a/Solutions/Dragos/SolutionMetadata.json b/Solutions/Dragos/SolutionMetadata.json
@@ -1,6 +1,6 @@
 {
     "publisherId": "dragosinc1734451815609",
-    "offerId": "azure-sentinel-solution-dragos",
+    "offerId": "microsoft-sentinel-solution-dragos",
     "firstPublishDate": "2025-01-23",
     "lastPublishDate": "2025-01-23",
     "providers": [

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"publisherId": "dragosinc1734451815609",`
`3`		`- "offerId": "azure-sentinel-solution-dragos",`
	`3`	`+ "offerId": "microsoft-sentinel-solution-dragos",`
`4`	`4`	`"firstPublishDate": "2025-01-23",`
`5`	`5`	`"lastPublishDate": "2025-01-23",`
`6`	`6`	`"providers": [`