Skip to content

Commit 02c9b36

Browse files
mazamizo21Taz Jack
mazamizo21
authored and
Taz Jack
committed
TacitRed-IOC-CrowdStrike v3.0.1: Add missing playbook discovery tags and deployment fixes
Changes from 3.0.0 to 3.0.1: - Added hidden-SentinelTemplateName and hidden-SentinelTemplateVersion tags (without these, playbook template does not appear in Automation > Playbook templates) - Fixed location parameter: removed hardcoded location, use workspace-location-inline - Removed unused TacitRed_Domain parameter and URI filter - Fixed solutionId to match Partner Center offer ID - Updated API versions from future-dated 2025-09-01 to 2023-04-01-preview - Updated publisher name to Data443 Risk Mitigation, Inc. Note: PR Azure#13641 (v3.0.1) was previously merged but only included the Solution JSON — the Package/mainTemplate.json and zip were not part of that merge. This PR adds them.
1 parent 1199cc6 commit 02c9b36

File tree

136 files changed

+12765
-0
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

136 files changed

+12765
-0
lines changed

.github/workflows/update-solutions-analyzer.yml

Lines changed: 109 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,109 @@
1+
name: Update Solutions Analyzer CSV Files
2+
3+
on:
4+
push:
5+
branches:
6+
- master
7+
paths:
8+
- 'Solutions/**/*.json'
9+
- 'Solutions/**/Parsers/**/*.yaml'
10+
- 'Solutions/**/Parsers/**/*.yml'
11+
- 'Tools/Solutions Analyzer/map_solutions_connectors_tables.py'
12+
workflow_dispatch: # Allow manual trigger
13+
schedule:
14+
# Run weekly on Monday at 2 AM UTC to catch any missed changes
15+
- cron: '0 2 * * 1'
16+
17+
jobs:
18+
update-csv:
19+
runs-on: ubuntu-latest
20+
permissions:
21+
contents: write
22+
pull-requests: write
23+
24+
steps:
25+
- name: Checkout repository
26+
uses: actions/checkout@v4
27+
with:
28+
fetch-depth: 0
29+
30+
- name: Set up Python
31+
uses: actions/setup-python@v5
32+
with:
33+
python-version: '3.11'
34+
35+
- name: Install dependencies
36+
run: |
37+
pip install json5
38+
39+
- name: Run Solutions Analyzer
40+
run: |
41+
cd "Tools/Solutions Analyzer"
42+
python map_solutions_connectors_tables.py
43+
44+
# Note: Documentation generation removed - docs are now hosted in a separate repo
45+
# See: https://github.com/oshezaf/sentinelninja/tree/main/Solutions%20Docs
46+
47+
- name: Check for changes
48+
id: check_changes
49+
run: |
50+
if git diff --quiet "Tools/Solutions Analyzer/solutions_connectors_tables_mapping.csv" "Tools/Solutions Analyzer/solutions_connectors_tables_issues_and_exceptions_report.csv"; then
51+
echo "changed=false" >> $GITHUB_OUTPUT
52+
else
53+
echo "changed=true" >> $GITHUB_OUTPUT
54+
fi
55+
56+
- name: Create Pull Request
57+
if: steps.check_changes.outputs.changed == 'true'
58+
id: create_pr
59+
uses: peter-evans/create-pull-request@v6
60+
with:
61+
token: ${{ secrets.GITHUB_TOKEN }}
62+
commit-message: 'chore: Update Solutions Analyzer CSV files'
63+
branch: solutions-analyzer-update
64+
delete-branch: true
65+
title: 'chore: Update Solutions Analyzer CSV files'
66+
body: |
67+
## Automated Solutions Analyzer Update
68+
69+
This PR contains automated updates to:
70+
- Solutions connector-to-tables mapping CSV
71+
- Solutions issues and exceptions report CSV
72+
73+
Generated by the Solutions Analyzer workflow.
74+
75+
**Note:** Documentation is now hosted separately at https://github.com/oshezaf/sentinelninja
76+
77+
**Triggered by:** ${{ github.event_name }}
78+
**Workflow run:** ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
79+
labels: automated
80+
add-paths: |
81+
Tools/Solutions Analyzer/solutions_connectors_tables_mapping.csv
82+
Tools/Solutions Analyzer/solutions_connectors_tables_issues_and_exceptions_report.csv
83+
84+
- name: Enable auto-merge
85+
if: steps.check_changes.outputs.changed == 'true' && steps.create_pr.outputs.pull-request-number != ''
86+
run: |
87+
gh pr merge ${{ steps.create_pr.outputs.pull-request-number }} --auto --squash
88+
env:
89+
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
90+
91+
- name: Create summary
92+
if: steps.check_changes.outputs.changed == 'true'
93+
run: |
94+
echo "### Solutions Analyzer Pull Request Created :white_check_mark:" >> $GITHUB_STEP_SUMMARY
95+
echo "" >> $GITHUB_STEP_SUMMARY
96+
echo "A pull request has been created with updated CSV files." >> $GITHUB_STEP_SUMMARY
97+
echo "" >> $GITHUB_STEP_SUMMARY
98+
echo "**Modified files:**" >> $GITHUB_STEP_SUMMARY
99+
echo "- Tools/Solutions Analyzer/solutions_connectors_tables_mapping.csv" >> $GITHUB_STEP_SUMMARY
100+
echo "- Tools/Solutions Analyzer/solutions_connectors_tables_issues_and_exceptions_report.csv" >> $GITHUB_STEP_SUMMARY
101+
echo "" >> $GITHUB_STEP_SUMMARY
102+
echo "**Note:** Documentation is hosted at https://github.com/oshezaf/sentinelninja" >> $GITHUB_STEP_SUMMARY
103+
104+
- name: No changes summary
105+
if: steps.check_changes.outputs.changed == 'false'
106+
run: |
107+
echo "### Solutions Analyzer :information_source:" >> $GITHUB_STEP_SUMMARY
108+
echo "" >> $GITHUB_STEP_SUMMARY
109+
echo "No changes detected. CSV files are already up-to-date." >> $GITHUB_STEP_SUMMARY

.script/tests/KqlvalidationsTests/CustomTables/FireworkV2_CL 2.json

Lines changed: 173 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,173 @@
1+
{
2+
"Name": "FireworkV2_CL",
3+
"Properties": [
4+
{
5+
"Name": "TimeGenerated",
6+
"Type": "DateTime"
7+
},
8+
{
9+
"Name": "EventVendor",
10+
"Type": "String"
11+
},
12+
{
13+
"Name": "EventProduct",
14+
"Type": "String"
15+
},
16+
{
17+
"Name": "EventSchemaVersion",
18+
"Type": "String"
19+
},
20+
{
21+
"Name": "EventSeverity",
22+
"Type": "String"
23+
},
24+
{
25+
"Name": "EventOriginalUid",
26+
"Type": "String"
27+
},
28+
{
29+
"Name": "EventOriginalType",
30+
"Type": "String"
31+
},
32+
{
33+
"Name": "RiskScore",
34+
"Type": "Int"
35+
},
36+
{
37+
"Name": "Url",
38+
"Type": "String"
39+
},
40+
{
41+
"Name": "timestamp",
42+
"Type": "String"
43+
},
44+
{
45+
"Name": "timestamp_formatted",
46+
"Type": "String"
47+
},
48+
{
49+
"Name": "first_crawled_at",
50+
"Type": "String"
51+
},
52+
{
53+
"Name": "materialized_at",
54+
"Type": "String"
55+
},
56+
{
57+
"Name": "url",
58+
"Type": "String"
59+
},
60+
{
61+
"Name": "event_title",
62+
"Type": "String"
63+
},
64+
{
65+
"Name": "event_type",
66+
"Type": "String"
67+
},
68+
{
69+
"Name": "source",
70+
"Type": "String"
71+
},
72+
{
73+
"Name": "source_name",
74+
"Type": "String"
75+
},
76+
{
77+
"Name": "id",
78+
"Type": "String"
79+
},
80+
{
81+
"Name": "keyword",
82+
"Type": "String"
83+
},
84+
{
85+
"Name": "category_name",
86+
"Type": "String"
87+
},
88+
{
89+
"Name": "content_preview",
90+
"Type": "dynamic"
91+
},
92+
{
93+
"Name": "content",
94+
"Type": "String"
95+
},
96+
{
97+
"Name": "alert_content",
98+
"Type": "String"
99+
},
100+
{
101+
"Name": "highlights",
102+
"Type": "dynamic"
103+
},
104+
{
105+
"Name": "risk",
106+
"Type": "dynamic"
107+
},
108+
{
109+
"Name": "tags",
110+
"Type": "dynamic"
111+
},
112+
{
113+
"Name": "related",
114+
"Type": "dynamic"
115+
},
116+
{
117+
"Name": "user_risk_score",
118+
"Type": "int"
119+
},
120+
{
121+
"Name": "user_notes",
122+
"Type": "String"
123+
},
124+
{
125+
"Name": "data",
126+
"Type": "dynamic"
127+
},
128+
{
129+
"Name": "uid",
130+
"Type": "String"
131+
},
132+
{
133+
"Name": "external_url",
134+
"Type": "String"
135+
},
136+
{
137+
"Name": "identifiers",
138+
"Type": "dynamic"
139+
},
140+
{
141+
"Name": "sort",
142+
"Type": "String"
143+
},
144+
{
145+
"Name": "asset_uuids",
146+
"Type": "dynamic"
147+
},
148+
{
149+
"Name": "code",
150+
"Type": "dynamic"
151+
},
152+
{
153+
"Name": "author_id",
154+
"Type": "String"
155+
},
156+
{
157+
"Name": "project_name",
158+
"Type": "String"
159+
},
160+
{
161+
"Name": "sha",
162+
"Type": "String"
163+
},
164+
{
165+
"Name": "actor",
166+
"Type": "String"
167+
},
168+
{
169+
"Name": "victim_name",
170+
"Type": "String"
171+
}
172+
]
173+
}

.script/tests/KqlvalidationsTests/CustomTables/VersasecCmsErrorLogs 2.json

Lines changed: 57 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,57 @@
1+
{
2+
"Name": "VersasecCmsErrorLogs",
3+
"Properties": [
4+
{
5+
"name": "TimeGenerated",
6+
"type": "datetime"
7+
},
8+
{
9+
"name": "EventVendor",
10+
"type": "string"
11+
},
12+
{
13+
"name": "EventProduct",
14+
"type": "string"
15+
},
16+
{
17+
"name": "CmsErrorID",
18+
"type": "real"
19+
},
20+
{
21+
"name": "ErrorCode",
22+
"type": "string"
23+
},
24+
{
25+
"name": "CmsErrorIDStrg",
26+
"type": "string"
27+
},
28+
{
29+
"name": "ErrorId",
30+
"type": "real"
31+
},
32+
{
33+
"name": "ComputerName",
34+
"type": "string"
35+
},
36+
{
37+
"name": "ClientId",
38+
"type": "string"
39+
},
40+
{
41+
"name": "ErrorMessage",
42+
"type": "string"
43+
},
44+
{
45+
"name": "TargetUsername",
46+
"type": "real"
47+
},
48+
{
49+
"name": "SupportTicket",
50+
"type": "string"
51+
},
52+
{
53+
"name": "TicketReference",
54+
"type": "string"
55+
}
56+
]
57+
}

.script/tests/KqlvalidationsTests/CustomTables/VersasecCmsErrorLogs_CL 2.json

Lines changed: 39 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,39 @@
1+
{
2+
"Name": "VersasecCmsErrorLogs_CL",
3+
"Properties": [
4+
{
5+
"name": "TimeGenerated",
6+
"type": "datetime"
7+
}, {
8+
"name": "CmsErrorID",
9+
"type": "real"
10+
}, {
11+
"name": "CmsErrorIDCode",
12+
"type": "string"
13+
}, {
14+
"name": "CmsErrorIDStrg",
15+
"type": "string"
16+
}, {
17+
"name": "ID",
18+
"type": "real"
19+
}, {
20+
"name": "ComputerName",
21+
"type": "string"
22+
}, {
23+
"name": "CLID",
24+
"type": "string"
25+
}, {
26+
"name": "ErrorStrg",
27+
"type": "string"
28+
}, {
29+
"name": "UserID",
30+
"type": "real"
31+
}, {
32+
"name": "SupportTicket",
33+
"type": "string"
34+
}, {
35+
"name": "TicketRef",
36+
"type": "string"
37+
}
38+
]
39+
}

0 commit comments

Comments
 (0)