Skip to content

Gravityzone solution v3.0.0 #13264

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
gbarbieru wants to merge 95 commits into from
Closed

Gravityzone solution v3.0.0 #13264

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
95 commits
Select commit Hold shift + click to select a range
5807e32
Fix typos in AbuseIPDB Enrichment Playbook
CrashCringle12 Nov 14, 2025
b8b88e5
Update logo image source in azuredeploy.json
CrashCringle12 Nov 14, 2025
9e07f20
Update logo image source in azuredeploy.json
CrashCringle12 Nov 14, 2025
3576a8f
commit 13 files
Yaniv-Shasha Nov 14, 2025
fcc090f
solution packaged
v-maheshbh Nov 17, 2025
e4a27cc
Merge branch 'master' into pr/13139
v-maheshbh Nov 20, 2025
73f21cc
socprime_connector_first_commit
averbn Nov 24, 2025
30a84a0
Add Informational severity level to VaronisSaaS solution
bdudnyk-varonis Nov 24, 2025
13fc1d4
version updated to 3.0.3
bdudnyk-varonis Nov 25, 2025
cdde345
updated zipped binaries Varonis.Sentinel.Functions.zip
bdudnyk-varonis Nov 25, 2025
63c64ad
socprime_connector_26_11_25_fixes_commit
averbn Nov 26, 2025
6e5240b
socprime_connector_27_11_25_fixes_commit
averbn Nov 27, 2025
1bb8380
socprime_connector_27_11_25_fixes_commit_2
averbn Nov 27, 2025
7890fb1
Rename and update SOC Prime CCF data connector files
v-shukore Nov 28, 2025
be2ead0
Adding schemas for related parsers
Dec 2, 2025
3e183bd
kqlvalidation fails
Dec 2, 2025
02d217c
Update Cyera DSPM solution metadata and configuration files
kostiantyn-yevdiukhin-cyera Dec 2, 2025
13a3361
Re-adding install-pack-v0_7_3.zip file.
kostiantyn-yevdiukhin-cyera Dec 2, 2025
b75c38b
Update PoD conenctor polling file to remove start and end time and to…
Dec 3, 2025
636abb9
Merge branch 'fixPodDuplicateDataIssue' of https://github.com/shubhan…
Dec 3, 2025
218528d
chore: Update Solutions Analyzer CSV files [skip ci]
github-actions[bot] Dec 3, 2025
fe6725e
socprime_connector_3_12_25_partner
averbn Dec 3, 2025
50d6a4d
Merge branch 'socprime_connector_24_11_25' of https://github.com/socp…
averbn Dec 3, 2025
3182105
Fix title and description in azuredeploy.json
CrashCringle12 Dec 4, 2025
9d16ddf
Rename playbook folder - Previous name included a typo and fragment
CrashCringle12 Dec 4, 2025
26824f6
Apply name change throughout playbook
CrashCringle12 Dec 4, 2025
e7b34f1
Use consistent casing for types, additional typo fixes
CrashCringle12 Dec 4, 2025
adc2f78
Update ReadMe
CrashCringle12 Dec 4, 2025
dfacaee
Replace cases of Abuse"LPDB" with Abuse"IPDB"
CrashCringle12 Dec 4, 2025
2e7e5ec
Use consistent naming and casing
CrashCringle12 Dec 4, 2025
1b6b713
Package the solution and version bump
CrashCringle12 Dec 4, 2025
7b7b2e2
chore: Update Solutions Analyzer CSV files [skip ci]
github-actions[bot] Dec 4, 2025
87ae25f
Merge branch 'master' of https://github.com/fenil-savani/Azure-Sentin…
Dec 4, 2025
e2091b3
Revert "chore: Update Solutions Analyzer CSV files [skip ci]"
Dec 4, 2025
68a7810
Update workspace ID description to Microsoft Sentinel
v-maheshbh Dec 5, 2025
8abf54c
solution Updated
v-maheshbh Dec 5, 2025
74be7b1
Update deployment script naming
CrashCringle12 Dec 5, 2025
adbc3b1
Package the solution again (Includes additional name updates)
CrashCringle12 Dec 5, 2025
456cc71
Update Cyera DSPM connector descriptions for consistency
kostiantyn-yevdiukhin-cyera Dec 5, 2025
fa932dc
Adding other Assets support for Watchlist
vakohl Dec 6, 2025
be5d7f2
minor version update
vakohl Dec 6, 2025
149e36c
Update **ProofpointPOD_PollingConfig.json**. to remove start and end …
Dec 8, 2025
8df0942
format
Dec 8, 2025
c5bc50b
revert basPath changs
Dec 8, 2025
8e2e106
socprime_connector_8_12_25_fix_id
averbn Dec 8, 2025
318ccfe
Merge branch 'master' of https://github.com/shubhangipagar-gh/Azure-S…
Dec 8, 2025
ecf0bf8
Merge branch 'master' into fixPodDuplicateDataIssue
Dec 8, 2025
80c5b55
repackage
Dec 8, 2025
e54092b
chore: Update Solutions Analyzer CSV files and documentation [skip ci]
github-actions[bot] Dec 8, 2025
5eb8a44
Add Bitdefender GravityZone solution for Microsoft Sentinel
Dec 8, 2025
861d6d1
Update Cyera DSPM connector titles and descriptions for Microsoft Sen…
kostiantyn-yevdiukhin-cyera Dec 8, 2025
20983b3
Heartbeat v2 & user exclusions
kingwil Dec 8, 2025
81ff654
[CrowdstrikeApiConnector] - fix rate limit exceptions by introducing …
Dec 8, 2025
1230310
Merge pull request #13271 from srikarshastry/feature/srsistla/crowdSt…
hassanchawiche Dec 8, 2025
54cbc8d
Update descriptionMarkdown in FunctionAppDC.json to replace "Azure Se…
kostiantyn-yevdiukhin-cyera Dec 9, 2025
785d481
Limit fetch-depth in GitHub Actions workflows (#13273)
rahul0216 Dec 9, 2025
af5f8da
Merge pull request #13259 from Azure/IncludingOtherResourcesInGDPRWat…
vakohl Dec 9, 2025
a95b031
Merge branch 'master' into pr/13211
v-shukore Dec 9, 2025
b9c27c4
Merge branch 'Azure:master' into corelight-new-aggregation-parsers
fenil-savani Dec 9, 2025
0265667
Merge branch 'corelight-new-aggregation-parsers' of https://github.co…
v-shukore Dec 9, 2025
ad289af
revert
Dec 9, 2025
32398a1
Reverted content of file.
Dec 9, 2025
68f2a74
Merge branch 'master' into pr/13137
v-shukore Dec 9, 2025
29568e9
Update ReleaseNotes.md
v-shukore Dec 9, 2025
91557c8
Merge pull request #13137 from CrashCringle12/CrashCringle12-abuseipd…
v-atulyadav Dec 9, 2025
9b4e5e2
Merge pull request #13211 from fenil-savani/corelight-new-aggregation…
v-atulyadav Dec 9, 2025
f1e081c
Update 3.0.0.zip
v-shukore Dec 9, 2025
5700efe
Fix Azure Firewall template URI casing in deployment
v-sabiraj Dec 9, 2025
637f8e6
Merge branch 'Azure:master' into cyera-dspm
kostiantyn-yevdiukhin-cyera Dec 9, 2025
6d0ba18
Update mainTemplate.json to clarify Microsoft Sentinel integration an…
kostiantyn-yevdiukhin-cyera Dec 9, 2025
2b4d969
Script AWS Connector script for CloudTrail
Dec 10, 2025
55f7b55
Merge pull request #13281 from Azure/derricklee/fix-aws-connector-script
hassanchawiche Dec 10, 2025
ae8f23e
Add metadata to Sentinel SOAR playbooks and templates
v-maheshbh Dec 10, 2025
2142f73
Merge pull request #13246 from cyeragit/cyera-dspm
v-dvedak Dec 10, 2025
8ed24ff
Merge pull request #13139 from Yaniv-Shasha/master
v-dvedak Dec 10, 2025
b95b15d
Solutions Analyzer V3
oshezaf Dec 10, 2025
21d447f
Update v3 to render correctly also permissions
oshezaf Dec 10, 2025
ded9edd
Fix arm-ttk failures
v-shukore Dec 10, 2025
1b9d629
Merge pull request #13283 from Azure/v-shukore/ProofpointTAP-arm-ttk
v-dvedak Dec 10, 2025
330d7b6
Fix autoupdate
oshezaf Dec 10, 2025
c9571d1
revert basepath change
Dec 10, 2025
85655a3
Merge pull request #13275 from Azure/v-sabiraj-fixingpath
v-dvedak Dec 10, 2025
8fc5f23
Merge pull request #13186 from socprime/socprime_connector_24_11_25
v-dvedak Dec 10, 2025
28416ac
Remove hidden-SentinelWorkspaceId from MDTI playbook templates (#13285)
rahul0216 Dec 10, 2025
1ed870c
Merge pull request #13282 from Azure/tools/map-connectors-to-tables
oshezaf Dec 10, 2025
ef1490a
Merge pull request #13262 from shubhangipagar-gh/fixPodDuplicateDataI…
v-atulyadav Dec 11, 2025
e5c460d
Merge pull request #13265 from kingwil/wiking-agentless118
v-atulyadav Dec 11, 2025
0c51175
Merge pull request #13190 from bdudnyk-varonis/feature/varonis-inform…
v-atulyadav Dec 11, 2025
644266d
chore: Update Solutions Analyzer CSV files and documentation (#16)
github-actions[bot] Dec 11, 2025
bb70f32
CR
Dec 11, 2025
f5e8278
CR
Dec 11, 2025
98326a4
chore: Update Solutions Analyzer CSV files and documentation [skip ci]
github-actions[bot] Dec 8, 2025
dcfd5c4
Add Bitdefender GravityZone solution for Microsoft Sentinel
Dec 8, 2025
a8b21a2
CR
Dec 11, 2025
53d227e
Merge remote-tracking branch 'origin/gravityzone-solution-v3.0.0' int…
gbarbieru Dec 11, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
2 changes: 1 addition & 1 deletion .github/workflows/arm-ttk-validations.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ jobs:
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0
fetch-depth: 10
- shell: pwsh
id: step1
name: Identify Changes in PR
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/hyperlinkValidator.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ jobs:
env:
GeneratedToken: ${{ steps.generate_token.outputs.token }}
with:
fetch-depth: 0
fetch-depth: 10
token: ${{ env.GeneratedToken }}
- shell: pwsh
id: step1
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/slash-command-armttk.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ jobs:
if: steps.get-pr.outputs.is_fork == 'false'
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0
fetch-depth: 10
ref: ${{ steps.get-pr.outputs.head_sha }}
persist-credentials: false
- shell: pwsh
Expand Down
44 changes: 34 additions & 10 deletions .github/workflows/update-solutions-analyzer.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,23 +55,47 @@ jobs:
echo "changed=true" >> $GITHUB_OUTPUT
fi

- name: Commit and push changes
- name: Create Pull Request
if: steps.check_changes.outputs.changed == 'true'
id: create_pr
uses: peter-evans/create-pull-request@v6
with:
token: ${{ secrets.GITHUB_TOKEN }}
commit-message: 'chore: Update Solutions Analyzer CSV files and documentation'
branch: solutions-analyzer-update
delete-branch: true
title: 'chore: Update Solutions Analyzer CSV files and documentation'
body: |
## Automated Solutions Analyzer Update

This PR contains automated updates to:
- Solutions connector-to-tables mapping CSV
- Solutions issues and exceptions report CSV
- Connector documentation files

Generated by the Solutions Analyzer workflow.

**Triggered by:** ${{ github.event_name }}
**Workflow run:** ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
labels: automated, documentation
add-paths: |
Tools/Solutions Analyzer/solutions_connectors_tables_mapping.csv
Tools/Solutions Analyzer/solutions_connectors_tables_issues_and_exceptions_report.csv
Tools/Solutions Analyzer/connector-docs/

- name: Enable auto-merge
if: steps.check_changes.outputs.changed == 'true' && steps.create_pr.outputs.pull-request-number != ''
run: |
git config --local user.email "github-actions[bot]@users.noreply.github.com"
git config --local user.name "github-actions[bot]"
git add "Tools/Solutions Analyzer/solutions_connectors_tables_mapping.csv"
git add "Tools/Solutions Analyzer/solutions_connectors_tables_issues_and_exceptions_report.csv"
git add "Tools/Solutions Analyzer/connector-docs/"
git commit -m "chore: Update Solutions Analyzer CSV files and documentation [skip ci]"
git push
gh pr merge ${{ steps.create_pr.outputs.pull-request-number }} --auto --squash
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

- name: Create summary
if: steps.check_changes.outputs.changed == 'true'
run: |
echo "### Solutions Analyzer Updated :white_check_mark:" >> $GITHUB_STEP_SUMMARY
echo "### Solutions Analyzer Pull Request Created :white_check_mark:" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "CSV files and documentation have been regenerated and committed." >> $GITHUB_STEP_SUMMARY
echo "A pull request has been created with updated CSV files and documentation." >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "**Modified files:**" >> $GITHUB_STEP_SUMMARY
echo "- Tools/Solutions Analyzer/solutions_connectors_tables_mapping.csv" >> $GITHUB_STEP_SUMMARY
Expand Down
285 changes: 285 additions & 0 deletions .script/tests/KqlvalidationsTests/CustomTables/Corelight_v2_conn_agg_CL.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,285 @@
{
"Name": "Corelight_v2_conn_agg_CL",
"Properties": [
{
"Name": "TimeGenerated",
"Type": "DateTime"
},
{
"Name": "_path_s",
"Type": "String"
},
{
"Name": "_system_name_s",
"Type": "String"
},
{
"Name": "_write_ts_t",
"Type": "DateTime"
},
{
"Name": "uid_s",
"Type": "String"
},
{
"Name": "id_orig_h_s",
"Type": "String"
},
{
"Name": "id_orig_p_d",
"Type": "Double"
},
{
"Name": "id_resp_h_s",
"Type": "String"
},
{
"Name": "id_resp_p_d",
"Type": "Double"
},
{
"Name": "proto_s",
"Type": "String"
},
{
"Name": "suri_ids_s",
"Type": "String"
},
{
"Name": "local_orig_b",
"Type": "Boolean"
},
{
"Name": "local_resp_b",
"Type": "Boolean"
},
{
"Name": "id_orig_h_n_s",
"Type": "String"
},
{
"Name": "id_resp_h_n_s",
"Type": "String"
},
{
"Name": "community_id_s",
"Type": "String"
},
{
"Name": "spcap_url_s",
"Type": "String"
},
{
"Name": "service_s",
"Type": "String"
},
{
"Name": "app_s",
"Type": "String"
},
{
"Name": "corelight_shunted_b",
"Type": "Boolean"
},
{
"Name": "duration_d",
"Type": "Double"
},
{
"Name": "orig_bytes_d",
"Type": "Double"
},
{
"Name": "resp_bytes_d",
"Type": "Double"
},
{
"Name": "missed_bytes_d",
"Type": "Double"
},
{
"Name": "orig_shunted_pkts_d",
"Type": "Double"
},
{
"Name": "orig_shunted_bytes_d",
"Type": "Double"
},
{
"Name": "resp_shunted_pkts_d",
"Type": "Double"
},
{
"Name": "resp_shunted_bytes_d",
"Type": "Double"
},
{
"Name": "orig_pkts_d",
"Type": "Double"
},
{
"Name": "orig_ip_bytes_d",
"Type": "Double"
},
{
"Name": "resp_pkts_d",
"Type": "Double"
},
{
"Name": "resp_ip_bytes_d",
"Type": "Double"
},
{
"Name": "conn_state_s",
"Type": "String"
},
{
"Name": "history_s",
"Type": "String"
},
{
"Name": "tunnel_parents_s",
"Type": "String"
},
{
"Name": "netskope_site_id_s",
"Type": "String"
},
{
"Name": "netskope_user_id_s",
"Type": "String"
},
{
"Name": "id_vlan_d",
"Type": "Double"
},
{
"Name": "vlan_d",
"Type": "Double"
},
{
"Name": "inner_vlan_d",
"Type": "Double"
},
{
"Name": "orig_inst_org_id_s",
"Type": "String"
},
{
"Name": "orig_inst_name_s",
"Type": "String"
},
{
"Name": "orig_inst_az_s",
"Type": "String"
},
{
"Name": "orig_inst_vpc_id_s",
"Type": "String"
},
{
"Name": "orig_inst_subnet_id_s",
"Type": "String"
},
{
"Name": "orig_inst_sg_ids_s",
"Type": "String"
},
{
"Name": "orig_inst_project_s",
"Type": "String"
},
{
"Name": "orig_inst_network_s",
"Type": "String"
},
{
"Name": "orig_inst_network_tags_s",
"Type": "String"
},
{
"Name": "orig_inst_id_s",
"Type": "String"
},
{
"Name": "orig_inst_resource_group_s",
"Type": "String"
},
{
"Name": "orig_inst_subscription_s",
"Type": "String"
},
{
"Name": "orig_inst_os_s",
"Type": "String"
},
{
"Name": "orig_inst_location_s",
"Type": "String"
},
{
"Name": "orig_inst_nsg_s",
"Type": "String"
},
{
"Name": "resp_inst_org_id_s",
"Type": "String"
},
{
"Name": "resp_inst_name_s",
"Type": "String"
},
{
"Name": "resp_inst_az_s",
"Type": "String"
},
{
"Name": "resp_inst_vpc_id_s",
"Type": "String"
},
{
"Name": "resp_inst_subnet_id_s",
"Type": "String"
},
{
"Name": "resp_inst_sg_ids_s",
"Type": "String"
},
{
"Name": "resp_inst_project_s",
"Type": "String"
},
{
"Name": "resp_inst_network_s",
"Type": "String"
},
{
"Name": "resp_inst_network_tags_s",
"Type": "String"
},
{
"Name": "resp_inst_id_s",
"Type": "String"
},
{
"Name": "resp_inst_resource_group_s",
"Type": "String"
},
{
"Name": "resp_inst_subscription_s",
"Type": "String"
},
{
"Name": "resp_inst_os_s",
"Type": "String"
},
{
"Name": "resp_inst_location_s",
"Type": "String"
},
{
"Name": "resp_inst_nsg_s",
"Type": "String"
}
]
}
Loading
Loading