Made changes to the files as per latest KQL Failure

Mrudula-Oruganti-Gigamon · Mrudula-Oruganti-Gigamon · commit c91533bf021e · 2026-02-16T15:53:13.000+05:30
diff --git a/Solutions/Gigamon Connector/Data Connectors/Gigamon_CCF/Gigamon_ConnectorDefinition.json b/Solutions/Gigamon Connector/Data Connectors/Gigamon_CCF/Gigamon_ConnectorDefinition.json
@@ -7,7 +7,7 @@
     "properties": {
         "connectorUiConfig": {
             "id": "GigamonDefinition",
-            "title": "Gigamon Telemetry Connector",
+            "title": "Gigamon AMX Connector",
             "publisher": "GigamonDefinition",
             "descriptionMarkdown": "The Gigamon connector provides the capability to read raw event data from Gigamon in Microsoft Sentinel.",
             "graphQueries": [
diff --git a/Solutions/Gigamon Connector/Data Connectors/Gigamon_CCF/Gigamon_Connector_Analytics_Gigamon.json b/Solutions/Gigamon Connector/Data Connectors/Gigamon_CCF/Gigamon_Connector_Analytics_Gigamon.json
@@ -1,6 +1,6 @@
 {
     "id": "GigamonDataConnector",
-    "title": "Gigamon AMX Data Connector",
+    "title": "Gigamon AMX Connector",
     "publisher": "Gigamon",
     "descriptionMarkdown": "Use this data connector to integrate with Gigamon Application Metadata Exporter (AMX) and get data sent directly to Microsoft Sentinel. ",
     "graphQueries": [
@@ -60,7 +60,7 @@
     },
     "instructionSteps": [
         {
-            "title": "Gigamon Data Connector",
+            "title": "Gigamon AMX Connector",
             "description": "1. Application Metadata Exporter (AMX) application converts the output from the Application Metadata Intelligence (AMI) in CEF format into JSON format and sends it to the cloud tools and Kafka.\n 2. The AMX application can be deployed only on a V Series Node and can be connected to Application Metadata Intelligence running on a physical node or a virtual machine.\n 3. The AMX application and the AMI are managed by GigaVUE-FM. This application is supported on VMware ESXi, VMware NSX-T, AWS and Azure.\n  ",
             "instructions": [
                 {
diff --git a/Solutions/Gigamon Connector/Data Connectors/Gigamon_CCF/Gigamon_DCR.json b/Solutions/Gigamon Connector/Data Connectors/Gigamon_CCF/Gigamon_DCR.json
@@ -97,6 +97,7 @@
                     { "name": "total_packets", "type": "string" },
                     { "name": "ingress_vlan_id", "type": "string" },
                     { "name": "ip_ttl", "type": "string" },
+                    { "name": "tcp_flags", "type": "string" },
                     { "name": "ip_hdr_len", "type": "string" },
                     { "name": "ip_frag_flags", "type": "string" },
                     { "name": "tcp_ack_id", "type": "string" },
@@ -119,11 +120,13 @@
                     { "name": "ip_wrong_crc", "type": "string" },
                     { "name": "dnp3_al_function_code", "type": "string" },
                     { "name": "dnp3_dl_function_code", "type": "string" },
+                    { "name": "dnp3_dl_dir", "type": "string" },
                     { "name": "modbus_exception_code", "type": "string" },
                     { "name": "SSL_version", "type": "string" },
                     { "name": "http_code", "type": "string" },
                     { "name": "http_rtt", "type": "string" },
                     { "name": "tcp_rtt_app", "type": "string" },
+                    { "name": "tcp_flag_reset", "type": "string" },
                     { "name": "dns_response_time", "type": "string" },
                     { "name": "http_content_encoding", "type": "string" },
                     { "name": "snmp_version", "type": "string" },
diff --git a/Solutions/Gigamon Connector/Data Connectors/Gigamon_CCF/Gigamon_table.json b/Solutions/Gigamon Connector/Data Connectors/Gigamon_CCF/Gigamon_table.json
@@ -1,12 +1,12 @@
 {
-    "name": "Gigamon_DCR",
+    "name": "GigamonV2_CL",
     "type": "Microsoft.OperationalInsights/workspaces/tables",
     "apiVersion": "2022-10-01",
     "tags": {},
     "properties": {
         "plan": "Analytics",
         "schema": {
-            "name": "Gigamon_DCR",
+            "name": "GigamonV2_CL",
             "columns": [
                 { "name": "TimeGenerated", "type": "datetime" },
                     { "name": "RawData", "type": "string" },
@@ -98,6 +98,7 @@
                     { "name": "total_packets", "type": "string" },
                     { "name": "ingress_vlan_id", "type": "string" },
                     { "name": "ip_ttl", "type": "string" },
+                    { "name": "tcp_flags", "type": "string" },
                     { "name": "ip_hdr_len", "type": "string" },
                     { "name": "ip_frag_flags", "type": "string" },
                     { "name": "tcp_ack_id", "type": "string" },
@@ -120,11 +121,13 @@
                     { "name": "ip_wrong_crc", "type": "string" },
                     { "name": "dnp3_al_function_code", "type": "string" },
                     { "name": "dnp3_dl_function_code", "type": "string" },
+                    { "name": "dnp3_dl_dir", "type": "string" },
                     { "name": "modbus_exception_code", "type": "string" },
                     { "name": "SSL_version", "type": "string" },
                     { "name": "http_code", "type": "string" },
                     { "name": "http_rtt", "type": "string" },
                     { "name": "tcp_rtt_app", "type": "string" },
+                    { "name": "tcp_flag_reset", "type": "string" },
                     { "name": "dns_response_time", "type": "string" },
                     { "name": "http_content_encoding", "type": "string" },
                     { "name": "snmp_version", "type": "string" },
diff --git a/Solutions/Gigamon Connector/Data/Solution_Gigamon.json b/Solutions/Gigamon Connector/Data/Solution_Gigamon.json
@@ -7,7 +7,7 @@
         "Workbooks/Gigamon.json"
     ],
     "Data Connectors": [
-        "Data Connectors/Connector_Analytics_Gigamon.json",
+        "Data Connectors/Gigamon_CCF/Gigamon_Connector_Analytics_Gigamon.json",
         "Data Connectors/Gigamon_CCF/Gigamon_ConnectorDefinition.json"
     ],
     "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\Gigamon Connector",
diff --git a/Solutions/Gigamon Connector/Package/mainTemplate.json b/Solutions/Gigamon Connector/Package/mainTemplate.json
@@ -105,7 +105,7 @@
               "kind": "shared",
               "apiVersion": "2021-08-01",
               "metadata": {
-                "description": "A visualized overview of Gigamon AMX Data Connector .\nExplore, analize and learn about your security posture using Gigamon AMX data connector Overview."
+                "description": "A visualized overview of Gigamon AMX Connector .\nExplore, analize and learn about your security posture using Gigamon AMX Connector Overview."
               },
               "properties": {
                 "displayName": "[parameters('workbook1-name')]",
@@ -120,7 +120,7 @@
               "apiVersion": "2022-01-01-preview",
               "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Workbook-', last(split(variables('workbookId1'),'/'))))]",
               "properties": {
-                "description": "@{workbookKey=GigamonConnector; logoFileName=gigamon.svg; description=A visualized overview of Gigamon AMX Data Connector .\nExplore, analize and learn about your security posture using Gigamon AMX data connector Overview.; dataTypesDependencies=System.Object[]; dataConnectorsDependencies=System.Object[]; previewImagesFileNames=System.Object[]; version=1.0.0; title=Gigamon Workbook; templateRelativePath=Gigamon.json; subtitle=; provider=Gigamon}.description",
+                "description": "@{workbookKey=GigamonConnector; logoFileName=gigamon.svg; description=A visualized overview of Gigamon AMX Connector .\nExplore, analize and learn about your security posture using Gigamon AMX Connector Overview.; dataTypesDependencies=System.Object[]; dataConnectorsDependencies=System.Object[]; previewImagesFileNames=System.Object[]; version=1.0.0; title=Gigamon Workbook; templateRelativePath=Gigamon.json; subtitle=; provider=Gigamon}.description",
                 "parentId": "[variables('workbookId1')]",
                 "contentId": "[variables('_workbookContentId1')]",
                 "kind": "Workbook",
@@ -193,7 +193,7 @@
               "properties": {
                 "connectorUiConfig": {
                   "id": "[variables('_uiConfigId1')]",
-                  "title": "Gigamon AMX Data Connector",
+                  "title": "Gigamon AMX Connector",
                   "publisher": "Gigamon",
                   "descriptionMarkdown": "Use this data connector to integrate with Gigamon Application Metadata Exporter (AMX) and get data sent directly to Microsoft Sentinel. ",
                   "graphQueries": [
@@ -329,7 +329,7 @@
         "contentSchemaVersion": "3.0.0",
         "contentId": "[variables('_dataConnectorContentId1')]",
         "contentKind": "DataConnector",
-        "displayName": "Gigamon AMX Data Connector",
+        "displayName": "Gigamon AMX Connector",
         "contentProductId": "[variables('_dataConnectorcontentProductId1')]",
         "id": "[variables('_dataConnectorcontentProductId1')]",
         "version": "[variables('dataConnectorVersion1')]"
@@ -371,7 +371,7 @@
       "kind": "GenericUI",
       "properties": {
         "connectorUiConfig": {
-          "title": "Gigamon AMX Data Connector",
+          "title": "Gigamon AMX Connector",
           "publisher": "Gigamon",
           "descriptionMarkdown": "Use this data connector to integrate with Gigamon Application Metadata Exporter (AMX) and get data sent directly to Microsoft Sentinel. ",
           "graphQueries": [
@@ -469,7 +469,7 @@
       ],
       "properties": {
         "contentId": "[variables('_dataConnectorContentIdConnectorDefinition2')]",
-        "displayName": "Gigamon Telemetry Connector",
+        "displayName": "Gigamon AMX Connector",
         "contentKind": "DataConnector",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
@@ -486,7 +486,7 @@
               "properties": {
                 "connectorUiConfig": {
                   "id": "GigamonTelemetry",
-                  "title": "Gigamon Telemetry Connector",
+                  "title": "Gigamon AMX Connector",
                   "publisher": "GigamonTelemetry",
                   "descriptionMarkdown": "The Gigamon connector provides the capability to read raw event data from Gigamon in Microsoft Sentinel.",
                   "graphQueries": [
@@ -784,6 +784,7 @@
                     { "name": "total_packets", "type": "string" },
                     { "name": "ingress_vlan_id", "type": "string" },
                     { "name": "ip_ttl", "type": "string" },
+                    { "name": "tcp_flags", "type": "string" },
                     { "name": "ip_hdr_len", "type": "string" },
                     { "name": "ip_frag_flags", "type": "string" },
                     { "name": "tcp_ack_id", "type": "string" },
@@ -806,11 +807,13 @@
                     { "name": "ip_wrong_crc", "type": "string" },
                     { "name": "dnp3_al_function_code", "type": "string" },
                     { "name": "dnp3_dl_function_code", "type": "string" },
+                    { "name": "dnp3_dl_dir", "type": "string" },
                     { "name": "modbus_exception_code", "type": "string" },
                     { "name": "SSL_version", "type": "string" },
                     { "name": "http_code", "type": "string" },
                     { "name": "http_rtt", "type": "string" },
                     { "name": "tcp_rtt_app", "type": "string" },
+                    { "name": "tcp_flag_reset", "type": "string" },
                     { "name": "dns_response_time", "type": "string" },
                     { "name": "http_content_encoding", "type": "string" },
                     { "name": "snmp_version", "type": "string" },
@@ -913,7 +916,6 @@
                     { "name": "ssl_key_share_group", "type": "string" },
                     { "name": "ssl_fingerprint_ja3_full", "type": "string" },
                     { "name": "ssl_fingerprint_ja3s_full", "type": "string" },
-                    { "name": "tcp_flags", "type": "string" },
                     { "name": "ssl_common_name", "type": "string" },
                     { "name": "ssl_issuer", "type": "string" },
                     { "name": "ssl_validity_not_before", "type": "string" },
@@ -948,7 +950,6 @@
                     { "name": "total_packets", "type": "string" },
                     { "name": "ingress_vlan_id", "type": "string" },
                     { "name": "ip_ttl", "type": "string" },
-                    { "name": "tcp_flags", "type": "string" },
                     { "name": "ip_hdr_len", "type": "string" },
                     { "name": "ip_frag_flags", "type": "string" },
                     { "name": "tcp_ack_id", "type": "string" },
@@ -972,19 +973,13 @@
                     { "name": "dnp3_invalid_codes", "type": "string" },
                     { "name": "dnp3_al_function_code", "type": "string" },
                     { "name": "dnp3_dl_function_code", "type": "string" },
-                    { "name": "dnp3_dl_dir", "type": "string" },
-                    { "name": "dnp3_invalid_codes", "type": "string" },
-                    { "name": "dnp3_dl_dir", "type": "string" },
-                    { "name": "modbus_function_code", "type": "string" },
                     { "name": "modbus_function_code", "type": "string" },
                     { "name": "modbus_exception_code", "type": "string" },
                     { "name": "SSL_version", "type": "string" },
                     { "name": "http_code", "type": "string" },
                     { "name": "http_rtt", "type": "string" },
                     { "name": "tcp_rtt_app", "type": "string" },
-                    { "name": "tcp_flag_reset", "type": "string" },
                     { "name": "dns_response_time", "type": "string" },
-                    { "name": "tcp_flag_reset", "type": "string" },
                     { "name": "http_content_encoding", "type": "string" },
                     { "name": "snmp_version", "type": "string" },
                     { "name": "smb_version", "type": "string" },
@@ -1017,7 +1012,7 @@
       "properties": {
         "connectorUiConfig": {
           "id": "GigamonTelemetry",
-          "title": "Gigamon Telemetry Connector",
+          "title": "Gigamon AMX Connector",
           "publisher": "GigamonTelemetry",
           "descriptionMarkdown": "The Gigamon connector provides the capability to read raw event data from Gigamon in Microsoft Sentinel.",
           "graphQueries": [
@@ -1225,7 +1220,7 @@
       ],
       "properties": {
         "contentId": "[variables('_dataConnectorContentIdConnections2')]",
-        "displayName": "Gigamon Telemetry Connector",
+        "displayName": "Gigamon AMX Connector",
         "contentKind": "ResourcesDataConnector",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
@@ -1247,7 +1242,7 @@
               }
             },
             "connectorDefinitionName": {
-              "defaultValue": "Gigamon Telemetry Connector",
+              "defaultValue": "Gigamon AMX Connector",
               "type": "securestring",
               "minLength": 1
             },

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"id": "GigamonDataConnector",`
`3`		`- "title": "Gigamon AMX Data Connector",`
	`3`	`+ "title": "Gigamon AMX Connector",`
`4`	`4`	`"publisher": "Gigamon",`
`5`	`5`	`"descriptionMarkdown": "Use this data connector to integrate with Gigamon Application Metadata Exporter (AMX) and get data sent directly to Microsoft Sentinel. ",`
`6`	`6`	`"graphQueries": [`
`@@ -60,7 +60,7 @@`
`60`	`60`	`},`
`61`	`61`	`"instructionSteps": [`
`62`	`62`	`{`
`63`		`- "title": "Gigamon Data Connector",`
	`63`	`+ "title": "Gigamon AMX Connector",`
`64`	`64`	"description": "1. Application Metadata Exporter (AMX) application converts the output from the Application Metadata Intelligence (AMI) in CEF format into JSON format and sends it to the cloud tools and Kafka.\n 2. The AMX application can be deployed only on a V Series Node and can be connected to Application Metadata Intelligence running on a physical node or a virtual machine.\n 3. The AMX application and the AMI are managed by GigaVUE-FM. This application is supported on VMware ESXi, VMware NSX-T, AWS and Azure.\n ",
`65`	`65`	`"instructions": [`
`66`	`66`	`{`