Skip to content

Entity-analyzer-Fixes #13295

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
v-atulyadav merged 4 commits into from
Dec 12, 2025
Merged

Entity-analyzer-Fixes #13295

v-atulyadav merged 4 commits into from
Dec 12, 2025
+72 −105

Conversation

@Yaniv-Shasha
Copy link
Contributor

@Yaniv-Shasha Yaniv-Shasha commented Dec 10, 2025

this commit changes these 3 parts

  1. change the lookback value to 7 days on all the 3 logic apps

  2. for the file
    \Solutions\SentinelSOARessentials\Playbooks\Incident-Trigger-Entity-Analyzer\azuredeploy.json

added

                        "type": "Foreach",
                        **"runtimeConfiguration": {
                            "concurrency": {
                                "repetitions": 5**
                            }
                        }

on the foreach loop - this was tested and deployed successfully

  1. for file :

Solutions\SentinelSOARessentials\Playbooks\Url-Trigger-Entity-Analyzer\azuredeploy.json

change the title of the logic app to
"title": "URL Trigger Entity Analyzer",

Version updated:

  • Yes
  • Detections/Analytic Rule templates are required to have the version updated

The code should have been tested in a Microsoft Sentinel environment that does not have any custom parsers, functions or tables, so that you validate no incorrect syntax and execution functions properly. If your submission requires a custom parser or function, it must be submitted with the PR.

Testing Completed:

  • Yes

Note: If updating a detection, you must update the version field.

Before the submission has been made, please look at running the KQL and Yaml Validation Checks locally.
https://github.com/Azure/Azure-Sentinel#run-kql-validation-locally

Checked that the validations are passing and have addressed any issues that are present:

  • Yes/No/Need Help

Note: Let us know if you have tried fixing the validation error and need help.

References:

@Yaniv-Shasha Yaniv-Shasha requested review from a team as code owners December 10, 2025 21:09
@v-shukore v-shukore added the Solution Solution specialty review needed label Dec 11, 2025
@v-maheshbh
Release SentinelSOARessentials v3.0.5
e09325c 
Bumped solution version to 3.0.5 and updated playbook descriptions accordingly. Changed lookback value to 7 days in relevant Logic Apps, improved incident comment formatting, enabled concurrency in foreach loops, and renamed Logic App title to 'URL Trigger Entity Analyzer'.
@v-maheshbh
Copy link
Contributor

v-maheshbh commented Dec 11, 2025

Hi @Yaniv-Shasha
Could you please attach the playbook testing screenshot for reference?

Thanks!

@Yaniv-Shasha
Copy link
Contributor Author

Yaniv-Shasha commented Dec 11, 2025

image image image just be sure that as i changes the title name of one of the logic, the solution package will still reference it

@v-maheshbh
Copy link
Contributor

v-maheshbh commented Dec 12, 2025

HI @Yaniv-Shasha

FYI
image

Thanks!

@v-atulyadav v-atulyadav merged commit ddf0aae into Azure:master Dec 12, 2025
32 of 33 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@v-dvedak v-dvedak v-dvedak approved these changes

@v-maheshbh v-maheshbh v-maheshbh approved these changes

Assignees

@v-maheshbh v-maheshbh

Labels

Solution Solution specialty review needed

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@Yaniv-Shasha @v-maheshbh @v-dvedak @v-atulyadav @v-shukore