Fixes to Anvilogic CCF Data Connector (#12648)

* Adds Anvilogic_Alerts_CL table and fixes Analytics Rule template and upddate mainTemplate.json and package

* Updating version numbers to 3.0.1 for connector and 1.0.1 for AR

* Removing hardcoded URL

* repackaging the new mainTemplate.json

* Re-sorting release notes

* Using the packaging tool to generate MainTemplate.json

* reverting the changes to queryFrequency, queryPeriod, and suppressionDuration values — these fields are case-sensitive and should remain lowercase (e.g., 5m, 5h) to ensure proper functionality.

* solution Packaged.

* Add template ID to skip ID validations list

Added '6ccc187a-42ee-4635-8bcc-3b299f8570df' to the SkipIdValidationsTemplates.json file to exclude this template from ID change validations.

* Update Anvilogic_Alerts.yaml

* Remove trailing space in alertDisplayNameFormat

Eliminated an unnecessary trailing space from the 'alertDisplayNameFormat' field in mainTemplate.json to ensure consistent formatting of alert display names.

* Revert "Add template ID to skip ID validations list"

This reverts commit 65ef760.

---------

Co-authored-by: maheshji001 <v-maheshbh@microsoft.com>

Author: jesweene

Solutions/Anvilogic/Analytic Rules/Anvilogic_Alerts.yaml

@@ -12,21 +12,21 @@ queryFrequency: 5m
 queryPeriod: 5m
 triggerOperator: gt
 triggerThreshold: 0
-suppressionDuration: 5h
+suppressionDuration: 1h
 suppressionEnabled: false
 tactics: []
 relevantTechniques: []
 incidentConfiguration:
   createIncident: true
   groupingConfiguration:
-    enabled: true
+    enabled: false
     reopenClosedIncident: false
-    lookbackDuration: 5h
+    lookbackDuration: PT5M
     matchingMethod: AllEntities
 eventGroupingSettings:
   aggregationKind: AlertPerResult
 alertDetailsOverride:
-  alertDisplayNameFormat: "{{avl_rule_id}} - {{avl_use_case_title}} - {{avl_use_case_type}} "
+  alertDisplayNameFormat: "{{avl_rule_id}} - {{avl_use_case_title}} - {{avl_use_case_type}}"
   alertDescriptionFormat: "avl_rule_id: {{avl_rule_id}} \n{{avl_definition}}"
   "alertTacticsColumnName": "avl_mitre_tactic"
   alertDynamicProperties: 
@@ -89,5 +89,5 @@ entityMappings:
         columnName: registry_value_data
       - identifier: ValueType
         columnName: registry_value_type
-version: 1.0.0
+version: 1.0.1
 kind: Scheduled

Solutions/Anvilogic/Data Connectors/AnviLogic_CCF/Anvilogic_DCR.json

@@ -1173,7 +1173,7 @@
                 "logAnalytics": [
                     {
                         "workspaceResourceId": "{{workspaceResourceId}}",
-                        "name": "{{workspaceId}}"
+                        "name": "clv2ws1"
                     }
                 ]
             },
@@ -1183,7 +1183,7 @@
                         "Custom-Anvilogic_Alerts_CL"
                     ],
                     "destinations": [
-                        "{{workspaceId}}"
+                        "clv2ws1"
                     ],
                     "transformKql": "source",
                     "outputStream": "Custom-Anvilogic_Alerts_CL"

Solutions/Anvilogic/Data Connectors/AnviLogic_CCF/Anvilogic_DataConnectorDefinition.json

@@ -67,7 +67,7 @@
                             "type": "Textbox",
                             "parameters": {
                                 "label": "Token Endpoint",
-                                "placeholder": "https://login.microsoftonline.com/<tenant_id>/oauth2/v2.0/token",
+                                "placeholder": "https://login[.]microsoftonline[.]com/<tenant_id>/oauth2/v2.0/token",
                                 "type": "text",
                                 "name": "tokenEndpoint"
                             }