Skip to content

Commit 1135150

Browse files
v-dvedakv-dvedak
authored
Merge pull request Azure#12905 from tanium/versions/3.2.0
Versions/3.2.0 - one more fix before release
2 parents 03fc30d + 036d4d6 commit 1135150

File tree

6 files changed

+69
-66
lines changed

6 files changed

+69
-66
lines changed

Solutions/Tanium/Package/3.2.0.zip

-6.11 KB
Binary file not shown.

Solutions/Tanium/Package/mainTemplate.json

Lines changed: 39 additions & 41 deletions
Large diffs are not rendered by default.

Solutions/Tanium/Playbooks/Tanium-QuarantineHosts/azuredeploy.json

Lines changed: 11 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@
1313
],
1414
"entities": [ "host" ],
1515
"tags": [ "Remediation" ],
16-
"lastUpdateTime": "2025-09-12T00:00:00.000Z",
16+
"lastUpdateTime": "2025-10-02T00:00:00.000Z",
1717
"support": {
1818
"tier": "developer",
1919
"link": "https://www.tanium.com"
@@ -29,7 +29,7 @@
2929
"type": "string"
3030
},
3131
"KeyVaultConnectionName": {
32-
"defaultValue": "Tanium-GeneralHostInfo-KeyVault-WebConn",
32+
"defaultValue": "Tanium-QuarantineHosts-KeyVault-WebConn",
3333
"type": "string",
3434
"metadata": {
3535
"description": "The name to use for the Azure Key Vault Connector in the Logic App. (This will exist as an API Connection in your subscription)"
@@ -116,7 +116,7 @@
116116
},
117117
"tags": {
118118
"hidden-SentinelTemplateName": "Tanium-QuarantineHosts",
119-
"hidden-SentinelTemplateVersion": "2.3"
119+
"hidden-SentinelTemplateVersion": "2.4"
120120
},
121121
"dependsOn": [
122122
"[resourceId('Microsoft.Web/connections', parameters('AzureSentinelConnectionName'))]"
@@ -1172,7 +1172,7 @@
11721172
"inputs": {
11731173
"variables": [
11741174
{
1175-
"name": "apiVariables",
1175+
"name": "queryVariables",
11761176
"type": "string",
11771177
"value": "{\n \"source\": @{variables('endpointSource')},\n \"incidentHosts\": {\n \"any\": true,\n \"filters\": @{variables('endpointFilters')}\n }\n}"
11781178
}
@@ -1442,7 +1442,7 @@
14421442
"inputs": {
14431443
"body": {
14441444
"query": "@variables('apiQuery')",
1445-
"variables": "@json(variables('apiVariables'))"
1445+
"variables": "@json(variables('queryVariables'))"
14461446
},
14471447
"headers": {
14481448
"Content-Type": "application/json",
@@ -1484,7 +1484,7 @@
14841484
"inputs": {
14851485
"body": {
14861486
"query": "@variables('apiQuery')",
1487-
"variables": "@json(variables('apiVariables'))"
1487+
"variables": "@json(variables('queryVariables'))"
14881488
},
14891489
"headers": {
14901490
"Content-Type": "application/json",
@@ -1532,7 +1532,7 @@
15321532
},
15331533
"type": "SetVariable",
15341534
"inputs": {
1535-
"name": "apiVariables",
1535+
"name": "queryVariables",
15361536
"value": "{\n \"source\": @{variables('endpointSource')},\n \"incidentHosts\": {\n \"any\": true,\n \"filters\": @{variables('endpointFilters')}\n }\n}"
15371537
}
15381538
}
@@ -1743,7 +1743,7 @@
17431743
},
17441744
"body": {
17451745
"query": "@variables('apiQuery')",
1746-
"variables": "@json(variables('apiVariables'))"
1746+
"variables": "@json(variables('queryVariables'))"
17471747
}
17481748
},
17491749
"runtimeConfiguration": {
@@ -1820,11 +1820,8 @@
18201820
"Update_cursor_for_next_page": {
18211821
"type": "SetVariable",
18221822
"inputs": {
1823-
"name": "apiQuery",
1824-
"value": {
1825-
"source": "@variables('endpointSource')",
1826-
"endCursor": "@variables('cursor')"
1827-
}
1823+
"name": "queryVariables",
1824+
"value": "{\n \"source\": @{variables('endpointSource')},\n \"endCursor\": \"@{variables('cursor')}\"\n}"
18281825
}
18291826
}
18301827
}
@@ -2223,7 +2220,7 @@
22232220
"Parse_action_result": {
22242221
"type": "JavaScriptCode",
22252222
"inputs": {
2226-
"code": "var action_results = workflowContext.actions.Get_action_result.outputs.body.data;\r\nvar action_id = workflowContext.actions.Parse_current_issued_action.outputs.body.id;\r\nvar columns = action_results.result_sets[0].columns.map(c => c.name);\r\nvar robjects = [];\r\n\r\naction_results.result_sets.forEach(function(rs) {\r\n\trs.rows.forEach(function(row) {\r\n\t\tvar robject = {'action id': action_id};\r\n\t\tcolumns.forEach(function(c, i) {\r\n\t\t\trobject[c] = row.data[i][0].text;\r\n\t\t});\r\n\t\trobjects.push(robject);\r\n\t});\r\n});\r\n\r\nreturn robjects;"
2223+
"code": "var action_results = workflowContext.actions.Get_action_result.outputs.body.data;\r\nvar action_id = workflowContext.actions.Parse_current_issued_action.outputs.body.id;\r\nvar columns = action_results.result_sets[0].columns.map(c => c.name);\r\nvar rObjects = [];\r\n\r\naction_results.result_sets.forEach(function(rs) {\r\n\trs.rows.forEach(function(row) {\r\n\t\tvar rObject = {'action id': action_id};\r\n\t\tcolumns.forEach(function(c, i) {\r\n\t\t\trObject[c] = row.data[i][0].text;\r\n\t\t});\r\n\t\trObjects.push(rObject);\r\n\t});\r\n});\r\n\r\nreturn rObjects;"
22272224
},
22282225
"runAfter": {
22292226
"Parse_current_issued_action": [

Solutions/Tanium/Playbooks/Tanium-UnquarantineHosts/azuredeploy.json

Lines changed: 11 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@
1313
],
1414
"entities": [ "host" ],
1515
"tags": [ "Remediation" ],
16-
"lastUpdateTime": "2025-09-12T00:00:00.000Z",
16+
"lastUpdateTime": "2025-10-02T00:00:00.000Z",
1717
"support": {
1818
"tier": "developer",
1919
"link": "https://www.tanium.com"
@@ -29,7 +29,7 @@
2929
"type": "string"
3030
},
3131
"KeyVaultConnectionName": {
32-
"defaultValue": "Tanium-GeneralHostInfo-KeyVault-WebConn",
32+
"defaultValue": "Tanium-UnquarantineHosts-KeyVault-WebConn",
3333
"type": "string",
3434
"metadata": {
3535
"description": "The name to use for the Azure Key Vault Connector in the Logic App. (This will exist as an API Connection in your subscription)"
@@ -39,7 +39,7 @@
3939
"type": "String"
4040
},
4141
"AzureSentinelConnectionName": {
42-
"defaultValue": "Tanium-QuarantineHosts-Sentinel-WebConn",
42+
"defaultValue": "Tanium-UnquarantineHosts-Sentinel-WebConn",
4343
"type": "string",
4444
"metadata": {
4545
"description": "The name to use for the Microsoft Sentinel Connector in the Logic App. (This will exist as an API Connection in your subscription)"
@@ -116,7 +116,7 @@
116116
},
117117
"tags": {
118118
"hidden-SentinelTemplateName": "Tanium-UnquarantineHosts",
119-
"hidden-SentinelTemplateVersion": "2.2"
119+
"hidden-SentinelTemplateVersion": "2.3"
120120
},
121121
"dependsOn": [
122122
"[resourceId('Microsoft.Web/connections', parameters('AzureSentinelConnectionName'))]"
@@ -1171,7 +1171,7 @@
11711171
"inputs": {
11721172
"variables": [
11731173
{
1174-
"name": "apiVariables",
1174+
"name": "queryVariables",
11751175
"type": "string",
11761176
"value": "{\n \"source\": @{variables('endpointSource')},\n \"incidentHosts\": {\n \"any\": true,\n \"filters\": @{variables('endpointFilters')}\n }\n}"
11771177
}
@@ -1469,7 +1469,7 @@
14691469
},
14701470
"body": {
14711471
"query": "@variables('apiQuery')",
1472-
"variables": "@json(variables('apiVariables'))"
1472+
"variables": "@json(variables('queryVariables'))"
14731473
}
14741474
},
14751475
"runtimeConfiguration": {
@@ -1517,7 +1517,7 @@
15171517
},
15181518
"body": {
15191519
"query": "@variables('apiQuery')",
1520-
"variables": "@json(variables('apiVariables'))"
1520+
"variables": "@json(variables('queryVariables'))"
15211521
}
15221522
},
15231523
"runAfter": {
@@ -1559,7 +1559,7 @@
15591559
"Update_API_Query_variables_to_get_new_source": {
15601560
"type": "SetVariable",
15611561
"inputs": {
1562-
"name": "apiVariables",
1562+
"name": "queryVariables",
15631563
"value": "{\n \"source\": @{variables('endpointSource')},\n \"incidentHosts\": {\n \"any\": true,\n \"filters\": @{variables('endpointFilters')}\n }\n}"
15641564
},
15651565
"runAfter": {
@@ -1776,7 +1776,7 @@
17761776
},
17771777
"body": {
17781778
"query": "@variables('apiQuery')",
1779-
"variables": "@json(variables('apiVariables'))"
1779+
"variables": "@json(variables('queryVariables'))"
17801780
}
17811781
},
17821782
"runAfter": {
@@ -1861,7 +1861,7 @@
18611861
"Update_cursor_for_next_page": {
18621862
"type": "SetVariable",
18631863
"inputs": {
1864-
"name": "apiQuery",
1864+
"name": "queryVariables",
18651865
"value": "{\n \"source\": @{variables('endpointSource')},\n \"endCursor\": \"@{variables('cursor')}\"\n}"
18661866
}
18671867
}
@@ -2177,7 +2177,7 @@
21772177
"Parse_action_result": {
21782178
"type": "JavaScriptCode",
21792179
"inputs": {
2180-
"code": "var action_results = workflowContext.actions.Get_action_result.outputs.body.data;\r\nvar action_id = workflowContext.actions.Parse_current_issued_action.outputs.body.id;\r\nvar columns = action_results.result_sets[0].columns.map(c => c.name);\r\nvar robjects = [];\r\n\r\naction_results.result_sets.forEach(function(rs) {\r\n\trs.rows.forEach(function(row) {\r\n\t\tlet robject = {'action id': action_id};\r\n\t\tcolumns.forEach(function(c, i) {\r\n\t\t\trobject[c] = row.data[i][0].text;\r\n\t\t});\r\n\t\trobjects.push(robject);\r\n\t});\r\n});\r\n\r\nreturn robjects;"
2180+
"code": "var action_results = workflowContext.actions.Get_action_result.outputs.body.data;\r\nvar action_id = workflowContext.actions.Parse_current_issued_action.outputs.body.id;\r\nvar columns = action_results.result_sets[0].columns.map(c => c.name);\r\nvar rObjects = [];\r\n\r\naction_results.result_sets.forEach(function(rs) {\r\n\trs.rows.forEach(function(row) {\r\n\t\tlet rObject = {'action id': action_id};\r\n\t\tcolumns.forEach(function(c, i) {\r\n\t\t\trObject[c] = row.data[i][0].text;\r\n\t\t});\r\n\t\trObjects.push(rObject);\r\n\t});\r\n});\r\n\r\nreturn rObjects;"
21812181
},
21822182
"runAfter": {
21832183
"Parse_current_issued_action": [

cspell-dictionaries/analytics-rules-words.txt

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
lookback

cspell.config.json

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,7 @@
2121
"retryable"
2222
],
2323
"dictionaries": [
24+
"analytics-rules-words",
2425
"azure-arm-template-words",
2526
"azure-workbook-words",
2627
"bash-words",
@@ -29,6 +30,12 @@
2930
"publisher-ids"
3031
],
3132
"dictionaryDefinitions": [
33+
{
34+
"name": "analytics-rules-words",
35+
"path": "./cspell-dictionaries/analytics-rules-words.txt",
36+
"description": "Analytics Rules ARM Template words that should be ignored.",
37+
"addWords": true
38+
},
3239
{
3340
"name": "azure-arm-template-words",
3441
"path": "./cspell-dictionaries/azure-arm-template-words.txt",

0 commit comments

Comments
 (0)