TacitRed-SentinelOne v3.0.2: Fix InvalidResourceLocation and remove domain filter

- Remove non-standard 'location' parameter from inner template, use
  variables('workspace-location-inline') matching 489 other solutions
- Fix metadata resource name: change [[ (double bracket) to [ (single
  bracket) for outer template resolution, matching 481 other solutions
- Remove TacitRed_Domain parameter from deployment UI, Logic App params,
  and API URI — playbook now fetches all findings without domain filter
- Update standalone playbook template to match
- Bump version to 3.0.2
- Preserve 3.0.0 zip package

Author: mazamizo21

Solutions/TacitRed-SentinelOne/Data/Solution_TacitRedSentinelOneAutomation.json

@@ -8,7 +8,7 @@
     ],
     "Metadata": "SolutionMetadata.json",
     "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\TacitRed-SentinelOne",
-    "Version": "3.0.1",
+    "Version": "3.0.2",
     "TemplateSpec": true,
     "Is1Pconnector": false
 }

Solutions/TacitRed-SentinelOne/Package/3.0.2.zip

@@ -33,7 +33,7 @@
     "email": "support@data443.com",
     "_email": "[variables('email')]",
     "_solutionName": "TacitRed-SentinelOne",
-    "_solutionVersion": "3.0.1",
+    "_solutionVersion": "3.0.2",
     "solutionId": "data443riskmitigationinc1761580347231.azure-sentinel-solution-tacitred-s1-ioc-auto",
     "_solutionId": "[variables('solutionId')]",
     "blanks": "[replace('b', 'b', '')]",
@@ -56,7 +56,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "pb-tacitred-to-sentinelone Playbook with template version 3.0.0",
+        "description": "pb-tacitred-to-sentinelone Playbook with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('playbookVersion1')]",
@@ -65,24 +65,13 @@
               "type": "string",
               "defaultValue": "pb-tacitred-to-sentinelone"
             },
-            "location": {
-              "type": "string",
-              "defaultValue": "[concat('[resourceGroup().locatio', 'n]')]"
-            },
             "TacitRed_ApiKey": {
               "type": "securestring",
               "defaultValue": "",
               "metadata": {
                 "description": "TacitRed API Key for authentication"
               }
             },
-            "TacitRed_Domain": {
-              "type": "string",
-              "defaultValue": "",
-              "metadata": {
-                "description": "Optional domain filter for TacitRed findings"
-              }
-            },
             "SentinelOne_ApiToken": {
               "type": "securestring",
               "defaultValue": "",
@@ -108,16 +97,13 @@
               "type": "Microsoft.Logic/workflows",
               "apiVersion": "2019-05-01",
               "name": "[[parameters('PlaybookName')]",
-              "location": "[[parameters('location')]",
+              "location": "[[variables('workspace-location-inline')]",
               "properties": {
                 "state": "Enabled",
                 "parameters": {
                   "TacitRed_ApiKey": {
                     "value": "[[parameters('TacitRed_ApiKey')]"
                   },
-                  "TacitRed_Domain": {
-                    "value": "[[parameters('TacitRed_Domain')]"
-                  },
                   "SentinelOne_ApiToken": {
                     "value": "[[parameters('SentinelOne_ApiToken')]"
                   },
@@ -137,10 +123,6 @@
                       "type": "string",
                       "defaultValue": "[variables('blanks')]"
                     },
-                    "TacitRed_Domain": {
-                      "type": "string",
-                      "defaultValue": "[variables('blanks')]"
-                    },
                     "SentinelOne_BaseUrl": {
                       "type": "string",
                       "defaultValue": "https://usea1-001.sentinelone.net"
@@ -165,7 +147,7 @@
                       "type": "Http",
                       "inputs": {
                         "method": "GET",
-                        "uri": "@{parameters('TacitRed_ApiUrl')}?types[]=compromised_credentials&domains[]=@{encodeUriComponent(parameters('TacitRed_Domain'))}&date_from=@{formatDateTime(addDays(utcNow(), -7), 'yyyy-MM-dd')}&page=1&page_size=100",
+                        "uri": "@{parameters('TacitRed_ApiUrl')}?types[]=compromised_credentials&date_from=@{formatDateTime(addDays(utcNow(), -7), 'yyyy-MM-dd')}&page=1&page_size=100",
                         "headers": {
                           "accept": "application/json",
                           "User-Agent": "Microsoft-Sentinel-TacitRed/1.0",
@@ -212,13 +194,15 @@
                 }
               },
               "tags": {
+                "hidden-SentinelTemplateName": "TacitRedToSentinelOne",
+                "hidden-SentinelTemplateVersion": "1.0",
                 "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
               }
             },
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId1'),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId1'),'/'))))]",
               "properties": {
                 "parentId": "[[variables('playbookId1')]]",
                 "contentId": "[variables('_playbookContentId1')]",
@@ -251,8 +235,7 @@
             "postDeployment": [
               "1. Configure the TacitRed API Key parameter",
               "2. Configure the SentinelOne API Token and Base URL parameters",
-              "3. Optionally set a domain filter to limit findings to specific domains",
-              "4. Enable the Logic App and configure the recurrence trigger as needed"
+              "3. Enable the Logic App and configure the recurrence trigger as needed"
             ],
             "lastUpdateTime": "2026-01-22T00:00:00Z",
             "tags": [
@@ -288,7 +271,7 @@
       "apiVersion": "2023-04-01-preview",
       "location": "[parameters('workspace-location')]",
       "properties": {
-        "version": "3.0.0",
+        "version": "3.0.2",
         "kind": "Solution",
         "contentSchemaVersion": "3.0.0",
         "displayName": "TacitRed-SentinelOne",

Solutions/TacitRed-SentinelOne/Package/mainTemplate.json

@@ -8,8 +8,7 @@
         "postDeployment": [
             "1. Configure the TacitRed API Key parameter",
             "2. Configure the SentinelOne API Token and Base URL parameters",
-            "3. Optionally set a domain filter to limit findings to specific domains",
-            "4. Enable the Logic App and configure the recurrence trigger as needed"
+            "3. Enable the Logic App and configure the recurrence trigger as needed"
         ],
         "prerequisitesDeployTemplateFile": "",
         "lastUpdateTime": "2026-01-22T00:00:00.000Z",
@@ -38,13 +37,6 @@
                 "description": "TacitRed API Key for authentication"
             }
         },
-        "TacitRed_Domain": {
-            "type": "string",
-            "defaultValue": "",
-            "metadata": {
-                "description": "Optional domain filter for TacitRed findings"
-            }
-        },
         "SentinelOne_ApiToken": {
             "type": "securestring",
             "defaultValue": "",
@@ -72,9 +64,6 @@
                     "TacitRed_ApiKey": {
                         "value": "[parameters('TacitRed_ApiKey')]"
                     },
-                    "TacitRed_Domain": {
-                        "value": "[parameters('TacitRed_Domain')]"
-                    },
                     "SentinelOne_ApiToken": {
                         "value": "[parameters('SentinelOne_ApiToken')]"
                     },
@@ -94,10 +83,6 @@
                             "type": "string",
                             "defaultValue": ""
                         },
-                        "TacitRed_Domain": {
-                            "type": "string",
-                            "defaultValue": ""
-                        },
                         "SentinelOne_BaseUrl": {
                             "type": "string",
                             "defaultValue": "https://usea1-001.sentinelone.net"
@@ -122,7 +107,7 @@
                             "type": "Http",
                             "inputs": {
                                 "method": "GET",
-                                "uri": "@{parameters('TacitRed_ApiUrl')}?types[]=compromised_credentials&domains[]=@{encodeUriComponent(parameters('TacitRed_Domain'))}&date_from=@{formatDateTime(addDays(utcNow(), -7), 'yyyy-MM-dd')}&page=1&page_size=100",
+                                "uri": "@{parameters('TacitRed_ApiUrl')}?types[]=compromised_credentials&date_from=@{formatDateTime(addDays(utcNow(), -7), 'yyyy-MM-dd')}&page=1&page_size=100",
                                 "headers": {
                                     "accept": "application/json",
                                     "User-Agent": "Microsoft-Sentinel-TacitRed/1.0",

Solutions/TacitRed-SentinelOne/Playbooks/TacitRedToSentinelOne_Playbook.json

@@ -1,3 +1,4 @@
 | **Version** | **Date Modified (DD-MM-YYYY)** | **Change History**         |
 |-------------|--------------------------------|----------------------------|
+| 3.0.2       | 17-02-2026                     | Fixed `InvalidResourceLocation` error: removed non-standard `location` parameter from inner template, aligned with standard Content Hub variable pattern. Fixed metadata resource name using wrong bracket type. Removed `TacitRed_Domain` filter parameter from deployment UI — playbook now fetches all findings without domain restriction. |
 | 3.0.0       | 09-12-2025                     | Initial Solution Release.  |