Merge pull request Azure#13190 from bdudnyk-varonis/feature/varonis-informational-severity

v-atulyadav · web-flow · commit 0c511759910d · 2025-12-11T15:53:23.000+05:30
Added support of Informational alerts severity
diff --git a/Solutions/VaronisSaaS/Data Connectors/Varonis.Sentinel.Functions.zip b/Solutions/VaronisSaaS/Data Connectors/Varonis.Sentinel.Functions.zip
diff --git a/Solutions/VaronisSaaS/Data Connectors/VaronisSaaSFunction/Varonis.Sentinel.Functions/Helpers/AlertExtensions.cs b/Solutions/VaronisSaaS/Data Connectors/VaronisSaaSFunction/Varonis.Sentinel.Functions/Helpers/AlertExtensions.cs
@@ -20,7 +20,8 @@ public static class AlertExtensions
             {
                 ["High"] = 0,
                 ["Medium"] = 1,
-                ["Low"] = 2
+                ["Low"] = 2,
+                ["Informational"] = 3
             };
     }
 }
diff --git a/Solutions/VaronisSaaS/Data Connectors/VaronisSaaSFunction/Varonis.Sentinel.Functions/local.settings.json b/Solutions/VaronisSaaS/Data Connectors/VaronisSaaSFunction/Varonis.Sentinel.Functions/local.settings.json
@@ -9,7 +9,7 @@
     "LogAnalyticsKey": "",
     "LogAnalyticsWorkspace": "",
     "AlertRetrievalStart": "2 weeks",
-    "AlertSeverity": "Low, Medium, High",
+    "AlertSeverity": "Low, Medium, High, Informational",
     "ThreatDetectionPolicies": "",
     "AlertStatus": "New, Under Investigation",
     "MaxAlertRetrieval": "1000"
diff --git a/Solutions/VaronisSaaS/Data Connectors/VaronisSaaS_API_FunctionApp.json b/Solutions/VaronisSaaS/Data Connectors/VaronisSaaS_API_FunctionApp.json
@@ -23,6 +23,11 @@
       "baseQuery": "VaronisAlerts_CL\n| where Severity_s == \"Low\"",
       "legend": "Low severity alerts",
       "metricName": "Low severity alerts"
+    },
+    {
+      "baseQuery": "VaronisAlerts_CL\n| where Severity_s == \"Informational\"",
+      "legend": "Informational severity alerts",
+      "metricName": "Informational severity alerts"
     }
   ],
   "sampleQueries": [
diff --git a/Solutions/VaronisSaaS/Data Connectors/azuredeploy.bicep b/Solutions/VaronisSaaS/Data Connectors/azuredeploy.bicep
@@ -31,7 +31,7 @@ param threatDetectionPolicies string = ''
 param alertStatus string = 'New, Under Investigation'
 
 @description('Specify the alert severity.')
-param alertSeverity string = 'Low, Medium, High'
+param alertSeverity string = 'Low, Medium, High, Informational'
 
 var functionAppName = 'VaronisSaaS-${uniqueString(resourceGroup().id)}'
 var functionWorkerRuntime = 'dotnet'
diff --git a/Solutions/VaronisSaaS/Data Connectors/azuredeploy.json b/Solutions/VaronisSaaS/Data Connectors/azuredeploy.json
@@ -71,7 +71,7 @@
     },
     "alertSeverity": {
       "type": "string",
-      "defaultValue": "Low, Medium, High",
+      "defaultValue": "Low, Medium, High, Informational",
       "metadata": {
         "description": "Specify the alert severity."
       }
diff --git a/Solutions/VaronisSaaS/Data/Solution_VaronisSaaS.json b/Solutions/VaronisSaaS/Data/Solution_VaronisSaaS.json
@@ -6,7 +6,7 @@
   "Workbooks": ["Workbooks/VaronisSaaS.json"],
   "Data Connectors": ["Data Connectors/VaronisSaaS_API_FunctionApp.json"],
   "BasePath": "C:\\Projects\\DataIntegration\\Azure-Sentinel\\Solutions\\VaronisSaaS",
-  "Version": "3.0.2",
+  "Version": "3.0.3",
   "Metadata": "SolutionMetadata.json",
   "TemplateSpec": true,
   "Is1PConnector": false
diff --git a/Solutions/VaronisSaaS/Package/3.0.3.zip b/Solutions/VaronisSaaS/Package/3.0.3.zip
diff --git a/Solutions/VaronisSaaS/Package/mainTemplate.json b/Solutions/VaronisSaaS/Package/mainTemplate.json
@@ -39,7 +39,7 @@
   },
   "variables": {
     "_solutionName": "VaronisSaaS",
-    "_solutionVersion": "3.0.2",
+    "_solutionVersion": "3.0.3",
     "solutionId": "varonis.microsoft-sentinel-solution-varonissaas",
     "_solutionId": "[variables('solutionId')]",
     "workbookVersion1": "1.0.0",
@@ -70,7 +70,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "VaronisSaaS Workbook with template version 3.0.2",
+        "description": "VaronisSaaS Workbook with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('workbookVersion1')]",
@@ -157,7 +157,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "VaronisSaaS data connector with template version 3.0.2",
+        "description": "VaronisSaaS data connector with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('dataConnectorVersion1')]",
@@ -196,6 +196,11 @@
                       "baseQuery": "VaronisAlerts_CL\n| where Severity_s == \"Low\"",
                       "legend": "Low severity alerts",
                       "metricName": "Low severity alerts"
+                    },
+                    {
+                      "baseQuery": "VaronisAlerts_CL\n| where Severity_s == \"Informational\"",
+                      "legend": "Informational severity alerts",
+                      "metricName": "Informational severity alerts"
                     }
                   ],
                   "sampleQueries": [
@@ -387,6 +392,11 @@
               "baseQuery": "VaronisAlerts_CL\n| where Severity_s == \"Low\"",
               "legend": "Low severity alerts",
               "metricName": "Low severity alerts"
+            },
+            {
+              "baseQuery": "VaronisAlerts_CL\n| where Severity_s == \"Informational\"",
+              "legend": "Informational severity alerts",
+              "metricName": "Informational severity alerts"
             }
           ],
           "dataTypes": [
@@ -484,7 +494,7 @@
       "apiVersion": "2023-04-01-preview",
       "location": "[parameters('workspace-location')]",
       "properties": {
-        "version": "3.0.2",
+        "version": "3.0.3",
         "kind": "Solution",
         "contentSchemaVersion": "3.0.0",
         "displayName": "VaronisSaaS",
diff --git a/Solutions/VaronisSaaS/ReleaseNotes.md b/Solutions/VaronisSaaS/ReleaseNotes.md
@@ -1,5 +1,6 @@
 | **Version** | **Date Modified (DD-MM-YYYY)** | **Change History**                          |
 |-------------|--------------------------------|---------------------------------------------|
+| 3.0.3       | 25-11-2025                     | Add Informational severity level support    |
 | 3.0.2       | 12-09-2025                     | Save last alert ingest time                 |
 | 3.0.1       | 02-12-2025                     | Bug fixes                                   |
 | 3.0.0       | 02-07-2024                     | Refactor azure function                     |

Original file line number	Diff line number	Diff line change
`@@ -20,7 +20,8 @@ public static class AlertExtensions`
`20`	`20`	`{`
`21`	`21`	`["High"] = 0,`
`22`	`22`	`["Medium"] = 1,`
`23`		`- ["Low"] = 2`
	`23`	`+ ["Low"] = 2,`
	`24`	`+ ["Informational"] = 3`
`24`	`25`	`};`
`25`	`26`	`}`
`26`	`27`	`}`
Original file line number	Diff line number	Diff line change
`@@ -71,7 +71,7 @@`
`71`	`71`	`},`
`72`	`72`	`"alertSeverity": {`
`73`	`73`	`"type": "string",`
`74`		`- "defaultValue": "Low, Medium, High",`
	`74`	`+ "defaultValue": "Low, Medium, High, Informational",`
`75`	`75`	`"metadata": {`
`76`	`76`	`"description": "Specify the alert severity."`
`77`	`77`	`}`