Fixes to Anvilogic CCF Data Connector

[jesweene]

Required items, please complete

Change(s):

• Adds custom log needed for DCR
• Fixes Analytics Rule template
• Replaces instances of "AnviLogic" with correct "Anvilogic"
• Updates Package

Reason for Change(s):

• The changes made to the initial PR changed the overall way the Data Connector was intended to work, this likely was my fault by not including the Anvilogic_Alerts_CL arm template in the directory and not directly translating the Analytics Rule yaml exactly as intended

Version Updated:

• No version change as this hasn't been published yet

Testing Completed:

• Need help

Checked that the validations are passing and have addressed any issues that are present:

• Need help

[v-maheshbh]

Hi @jesweene Please check mainTemplate Must Not Contain Hardcoded Uri.

[jesweene]

@v-maheshbh I believe I should have addressed your comment in the previous commit, not sure what I'm doing wrong that causes testim.io to fail

[v-maheshbh]

Hi @jesweene we can ignore the testim.io validation check. please check other failing check. thanks

[v-maheshbh]

hi @jesweene It appears that the main template has been modified manually, so we kindly request you to repackage the solution. Additionally, please update the release notes to list the latest version at the top, as per the standard format.
. check this link https://github.com/Azure/Azure-Sentinel/blob/master/Tools/Create-Azure-Sentinel-Solution/V3/README.md
Thanks.

[jesweene]

hi @jesweene It appears that the main template has been modified manually, so we kindly request you to repackage the solution. Additionally, please update the release notes to list the latest version at the top, as per the standard format. . check this link https://github.com/Azure/Azure-Sentinel/blob/master/Tools/Create-Azure-Sentinel-Solution/V3/README.md Thanks.

Thanks @v-maheshbh, I used the packaging tool let me know if there are any other changes needed. We never published 3.0.0 so when using the packaging tool it defaulted to 3.0.0. I believe that is expected, but please let me know if that is incorrect?

[v-maheshbh]

Hi @jesweene Please revert the changes to queryFrequency, queryPeriod, and suppressionDuration values — these fields are case-sensitive and should remain lowercase (e.g., 5m, 5h) to ensure proper functionality.

Also, if possible, kindly grant me contributor access to the branch so I can make the necessary updates. I’d also like to rename Anvilogic_Alerts_CL to Anvilogic_Table to align with the standard naming convention.

added comments.

[jesweene]

@v-maheshbh when I test deploying the connector locally I get this error initially:

it seems like the way that package tool combines the contents in /Data Connectors/Anvilogic_CCF that there's a race condtion or an order of operation issuer where the DCR is created before the table? I was able to previously solve this by creating the table at install of the CCF solution, but I don't believe there is a way for the package tool to complete this?

[jesweene]

@v-maheshbh when I test deploying the connector locally I get this error initially: it seems like the way that package tool combines the contents in /Data Connectors/Anvilogic_CCF that there's a race condtion or an order of operation issuer where the DCR is created before the table? I was able to previously solve this by creating the table at install of the CCF solution, but I don't believe there is a way for the package tool to complete this?

if I attempt to connect the DataConnector a second time it works because the table creation was invoked the first time when it failed.

[jesweene]

@v-maheshbh you should have contributor access