VMRay-new-solution

[RamboV]

Required items, please complete

Change(s):

• See guidance below

Reason for Change(s):

• See guidance below

Version Updated:

• Required only for Detections/Analytic Rule templates
• See guidance below

Testing Completed:

• See guidance below

Checked that the validations are passing and have addressed any issues that are present:

• See guidance below

Guidance <- remove section before submitting

---

Before submitting this PR please ensure that you have read the following sections and filled out the changes, reason for change and testing complete sections:

Thank you for your contribution to the Microsoft Sentinel Github repo.

Details of the code changes in your submitted PR. Providing descriptions for pull requests ensures there is context to changes being made and greatly enhances the code review process. Providing associated Issues that this resolves also easily connects the reason.

Change(s):

• Updated syntax for XYZ.yaml

Reason for Change(s):

• New schema used for XYZ.yaml
• Resolves ISSUE Add Logstash required version to Readme file #1234

Version updated:

• Yes
• Detections/Analytic Rule templates are required to have the version updated

The code should have been tested in a Microsoft Sentinel environment that does not have any custom parsers, functions or tables, so that you validate no incorrect syntax and execution functions properly. If your submission requires a custom parser or function, it must be submitted with the PR.

Testing Completed:

• Yes/No/Need Help

Note: If updating a detection, you must update the version field.

Before the submission has been made, please look at running the KQL and Yaml Validation Checks locally.
https://github.com/Azure/Azure-Sentinel#run-kql-validation-locally

Checked that the validations are passing and have addressed any issues that are present:

• Yes/No/Need Help

Note: Let us know if you have tried fixing the validation error and need help.

References:

• Guidance for Detection checks
• General contribution guidance
• PR validation troubleshooting

---

[v-shukore]

Hi @RamboV,
Could you please share the invocation logs of the running data connector and also provide some sample data for reference? Additionally, please resolve the failed logo validation so we can proceed with the next steps.
you can go through this readme file for sample data clarification - https://github.com/Azure/Azure-Sentinel/tree/master/Sample%20Data#readme
Thanks!!

[shubhamloginsoft]

Hi @RamboV, Could you please share the invocation logs of the running data connector and also provide some sample data for reference? Additionally, please resolve the failed logo validation so we can proceed with the next steps. you can go through this readme file for sample data clarification - https://github.com/Azure/Azure-Sentinel/tree/master/Sample%20Data#readme Thanks!!

Hi @v-shukore PFA invocation logs.

We have uploaded the sample data to Sample Data/ThreatIntelligence folder with name VMRay_RawLogs.json

[v-shukore]

Hi @RamboV, could you please keep only one logo for this solution? Also, kindly ensure that the ID assigned to the logo is in GUID format.
Thanks!

[v-shukore]

Hi @RamboV,
The folder structure within the Data Connector appears to be incorrect. Could you please review and make the necessary corrections? Additionally, kindly update the .zip file name to reflect the corrected Data Connector folder.
For reference, you may look at the Cloudflare solution available in the GitHub repository.
Thank you!

[RamboV]

Hi @RamboV, The folder structure within the Data Connector appears to be incorrect. Could you please review and make the necessary corrections? Additionally, kindly update the .zip file name to reflect the corrected Data Connector folder. For reference, you may look at the Cloudflare solution available in the GitHub repository. Thank you!

Hi @v-shukore I have updated the logo folder under the Data connector folder. Could you please check and let us know if any specific changes required.

[v-shukore]

Hi @RamboV,

I noticed that the zip file name in the Data Connector folder appears to be incorrect it should be named like "CloudflareConn". Could you please update it accordingly?

Also, kindly include the library versions in the requirements.txt file for clarity.

Additionally, the playbook images seem to be missing from the Playbook folder. Please add the images showing the playbook are running. For reference, you can follow the structure used in the CiscoUmbrella Solution.

Thanks so much!

[RamboV]

CloudflareConn

Hi @v-shukore , Thank you for the quick response. I have updated the solution as per your suggestions. Please review and let me know if any further changes are required.

[v-shukore]

Hi @RamboV, thanks for the update will review the changes and update you. Thanks!!

[v-shukore]

Hi @RamboV, in readme file the URL are currently pointing to your GitHub branch. It should instead point to the Azure Sentinel repository. Could you please correct raw URL? Also, correct for other URLs. Thanks!

[RamboV]

Hi @RamboV, in readme file the URL are currently pointing to your GitHub branch. It should instead point to the Azure Sentinel repository. Could you please correct raw URL? Also, correct for other URLs. Thanks!

Hi @v-shukore I have updated the link in the readme.md file. Please update all the soft links wherever necessary.

[v-shukore]

Hi @RamboV, thanks for the update. will check and update accordingly.

[RamboV]

Hello @v-atulyadav @v-shukore @v-prasadboke

While the solution was being submitted in the marketplace, we got the below validation errors

Your code did not pass one or more of the best practice tests. Click on the PR link below to see details.
You must add the GUID f1de974b-f438-4719-b423-8bf704ba2aef as one of your search keywords.
The package name (3.0.0) and package version (1.0.0) should match. It should be 3.0.0.
The links are not working
- https://aka.ms/sentinel-VMRay-azuredeploy
- https://aka.ms/sentinel-VMRay-functionapp
Release notes are not properly formatted

Can you please look into it.

[v-shukore]

Hi @RamboV,
This solution includes two Azure deploy files. To ensure each file can be referenced individually, you will need to create two separate shortlinks one for each file.

Thanks!