Merge pull request Azure#13282 from Azure/tools/map-connectors-to-tables

Solutions Analyzer V3

Author: oshezaf

.github/workflows/update-solutions-analyzer.yml

@@ -55,23 +55,47 @@ jobs:
             echo "changed=true" >> $GITHUB_OUTPUT
           fi
       
-      - name: Commit and push changes
+      - name: Create Pull Request
         if: steps.check_changes.outputs.changed == 'true'
+        id: create_pr
+        uses: peter-evans/create-pull-request@v6
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          commit-message: 'chore: Update Solutions Analyzer CSV files and documentation'
+          branch: solutions-analyzer-update
+          delete-branch: true
+          title: 'chore: Update Solutions Analyzer CSV files and documentation'
+          body: |
+            ## Automated Solutions Analyzer Update
+            
+            This PR contains automated updates to:
+            - Solutions connector-to-tables mapping CSV
+            - Solutions issues and exceptions report CSV
+            - Connector documentation files
+            
+            Generated by the Solutions Analyzer workflow.
+            
+            **Triggered by:** ${{ github.event_name }}
+            **Workflow run:** ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
+          labels: automated, documentation
+          add-paths: |
+            Tools/Solutions Analyzer/solutions_connectors_tables_mapping.csv
+            Tools/Solutions Analyzer/solutions_connectors_tables_issues_and_exceptions_report.csv
+            Tools/Solutions Analyzer/connector-docs/
+      
+      - name: Enable auto-merge
+        if: steps.check_changes.outputs.changed == 'true' && steps.create_pr.outputs.pull-request-number != ''
         run: |
-          git config --local user.email "github-actions[bot]@users.noreply.github.com"
-          git config --local user.name "github-actions[bot]"
-          git add "Tools/Solutions Analyzer/solutions_connectors_tables_mapping.csv"
-          git add "Tools/Solutions Analyzer/solutions_connectors_tables_issues_and_exceptions_report.csv"
-          git add "Tools/Solutions Analyzer/connector-docs/"
-          git commit -m "chore: Update Solutions Analyzer CSV files and documentation [skip ci]"
-          git push
+          gh pr merge ${{ steps.create_pr.outputs.pull-request-number }} --auto --squash
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Create summary
         if: steps.check_changes.outputs.changed == 'true'
         run: |
-          echo "### Solutions Analyzer Updated :white_check_mark:" >> $GITHUB_STEP_SUMMARY
+          echo "### Solutions Analyzer Pull Request Created :white_check_mark:" >> $GITHUB_STEP_SUMMARY
           echo "" >> $GITHUB_STEP_SUMMARY
-          echo "CSV files and documentation have been regenerated and committed." >> $GITHUB_STEP_SUMMARY
+          echo "A pull request has been created with updated CSV files and documentation." >> $GITHUB_STEP_SUMMARY
           echo "" >> $GITHUB_STEP_SUMMARY
           echo "**Modified files:**" >> $GITHUB_STEP_SUMMARY
           echo "- Tools/Solutions Analyzer/solutions_connectors_tables_mapping.csv" >> $GITHUB_STEP_SUMMARY

Tools/Solutions Analyzer/README.md

@@ -17,9 +17,23 @@ Individual solution pages are organized in the [`solutions/`](solutions/) direct
 - Solution metadata (title, publisher, description)
 - List of data connectors included in the solution
 - Detailed connector information (ID, title, description)
+- Setup instructions (AI-generated from UI definitions - verify in portal)
+- Required permissions and prerequisites
 - Tables associated with each connector
 - Table uniqueness indicators (whether a table is used by only one connector)
 
+### Connector Pages
+
+Individual connector pages are organized in the [`connectors/`](connectors/) directory. Each connector page includes:
+
+- Connector metadata (ID, publisher, tables ingested)
+- Full connector description
+- Required permissions and prerequisites
+- **Setup Instructions** - Step-by-step configuration guidance rendered from connector UI definitions using AI
+  - ⚠️ **Note**: Instructions are automatically rendered from the user interface definition files using AI and may not be fully accurate. Always verify configuration steps in the Microsoft Sentinel portal.
+- Solutions that include this connector
+- Links to connector definition files on GitHub
+
 ## 📊 Quick Statistics
 
 For current statistics, see the [Solutions Index](solutions-index.md) which displays up-to-date counts of solutions (with and without connectors), connectors, and tables.
@@ -64,6 +78,17 @@ This documentation is automatically generated from the Solutions Analyzer tool,
 
 The analyzer identifies table references in connector configurations and parser logic to create comprehensive mappings.
 
+### AI-Generated Instructions
+
+**Setup Instructions** in connector documentation are automatically extracted from connector UI definition files using AI:
+- Interprets UI-centric instruction types (DataConnectorsGrid, ContextPane, GCPGrid, AADDataTypes, etc.)
+- Converts JSON UI definitions to readable markdown format
+- Generates step-by-step configuration guidance
+- Describes form fields, dropdowns, and management interfaces
+- Marks portal-only features with visual indicators
+
+⚠️ **Important**: AI-generated instructions may not be fully accurate. Always verify all configuration steps in the Microsoft Sentinel portal before implementation.
+
 ## 📝 Data Source
 
 The documentation is based on analysis of the `solutions_connectors_tables_mapping.csv` file, which contains:

Tools/Solutions Analyzer/connector-docs/README.md

@@ -22,4 +22,43 @@ This solution takes a dependency on the following technologies, and some of thes
 
 -  [Azure Functions](https://azure.microsoft.com/services/functions/#overview)
 
+## Permissions
+
+**Resource Provider Permissions:**
+- **Workspace** (Workspace): read and write permissions on the workspace are required.
+
+**Custom Permissions:**
+- **Microsoft.Web/sites permissions**: Read and write permissions to Azure Functions to create a Function App is required. [See the documentation to learn more about Azure Functions](https://docs.microsoft.com/azure/azure-functions/).
+- **1Password API Token**: A 1Password API Token is required. [See the documentation to learn more about the 1Password API](https://developer.1password.com/docs/events-api/reference). **Note:** A 1Password account is required
+
+## Setup Instructions
+
+> ⚠️ **Note**: These instructions were automatically generated from the connector's user interface definition file using AI and may not be fully accurate. Please verify all configuration steps in the Microsoft Sentinel portal.
+
+>**NOTE:** This connector uses Azure Functions to connect to 1Password to pull logs into Microsoft Sentinel. This might result in additional data ingestion costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/) for details.
+
+>**(Optional Step)** Securely store workspace and API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. [Follow these instructions](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) to use Azure Key Vault with an Azure Function App.
+
+**STEP 1 - Configuration steps for the 1Password API**
+
+ [Follow these instructions](https://support.1password.com/events-reporting/#appendix-issue-or-revoke-bearer-tokens) provided by 1Password to obtain an API Token. **Note:** A 1Password account is required
+
+**STEP 2 - Deploy the functionApp using DeployToAzure button to create the table, dcr and the associated Azure Function**
+
+>**IMPORTANT:** Before deploying the 1Password connector, a custom table needs to be created.
+
+**3. Option 1 - Azure Resource Manager (ARM) Template**
+
+This method provides an automated deployment of the 1Password connector using an ARM Tempate.
+
+1. Click the **Deploy to Azure** button below. 
+
+	[![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://aka.ms/sentinel-OnePassword-azuredeploy)
+2. Select the preferred **Subscription**, **Resource Group** and **Location**. 
+3. Enter the **Workspace Name**, **Workspace Name**, **API Key**, and **URI**.
+ - The default **Time Interval** is set to pull the last five (5) minutes of data. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly (in the function.json file, post deployment) to prevent overlapping data ingestion.
+ - Note: If using Azure Key Vault secrets for any of the values above, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details. 
+4. Mark the checkbox labeled **I agree to the terms and conditions stated above**. 
+5. Click **Purchase** to deploy.
+
 [← Back to Connectors Index](../connectors-index.md)

Tools/Solutions Analyzer/connector-docs/connectors/1password.md

@@ -10,4 +10,31 @@
 
 The 1Password CCP connector allows the user to ingest 1Password Audit, Signin & ItemUsage events into Microsoft Sentinel.
 
+## Permissions
+
+**Resource Provider Permissions:**
+- **Workspace** (Workspace): Read and Write permissions are required.
+
+**Custom Permissions:**
+- **1Password API token**: A 1Password API Token is required. See the [1Password documentation](https://support.1password.com/events-reporting/#appendix-issue-or-revoke-bearer-tokens) on how to create an API token.
+
+## Setup Instructions
+
+> ⚠️ **Note**: These instructions were automatically generated from the connector's user interface definition file using AI and may not be fully accurate. Please verify all configuration steps in the Microsoft Sentinel portal.
+
+**1. STEP 1 - Create a 1Password API token:**
+
+Follow the [1Password documentation](https://support.1password.com/events-reporting/#appendix-issue-or-revoke-bearer-tokens) for guidance on this step.
+
+**2. STEP 2 - Choose the correct base URL:**
+
+There are multiple 1Password servers which might host your events. The correct server depends on your license and region. Follow the [1Password documentation](https://developer.1password.com/docs/events-api/reference/#servers) to choose the correct server. Input the base URL as displayed by the documentation (including 'https://' and without a trailing '/').
+
+**3. STEP 3 - Enter your 1Password Details:**
+
+Enter the 1Password base URL & API Token below:
+- **Base Url**: Enter your Base Url
+- **API Token**: (password field)
+- Click 'connect' to establish connection
+
 [← Back to Connectors Index](../connectors-index.md)

Tools/Solutions Analyzer/connector-docs/connectors/1passwordccpdefinition.md

@@ -10,4 +10,52 @@
 
 Connects the 42Crunch API protection to Azure Log Analytics via the REST API interface
 
+## Permissions
+
+**Resource Provider Permissions:**
+- **Workspace** (Workspace): read and write permissions are required.
+- **Keys** (Workspace): read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).
+
+## Setup Instructions
+
+> ⚠️ **Note**: These instructions were automatically generated from the connector's user interface definition file using AI and may not be fully accurate. Please verify all configuration steps in the Microsoft Sentinel portal.
+
+**1. Step 1 : Read the detailed documentation**
+
+The installation process is documented in great detail in the GitHub repository [Microsoft Sentinel integration](https://github.com/42Crunch/azure-sentinel-integration). The user should consult this repository further to understand installation and debug of the integration.
+
+**2. Step 2: Retrieve the workspace access credentials**
+
+The first installation step is to retrieve both your **Workspace ID** and **Primary Key** from the Microsoft Sentinel platform.
+Copy the values shown below and save them for configuration of the API log forwarder integration.
+- **Workspace ID**: `WorkspaceId`
+  > *Note: The value above is dynamically provided when these instructions are presented within Microsoft Sentinel.*
+- **Primary Key**: `PrimaryKey`
+  > *Note: The value above is dynamically provided when these instructions are presented within Microsoft Sentinel.*
+
+**3. Step 3: Install the 42Crunch protection and log forwarder**
+
+The next step is to install the 42Crunch protection and log forwarder to protect your API. Both components are availabe as containers from the [42Crunch repository](https://hub.docker.com/u/42crunch). The exact installation will depend on your environment, consult the [42Crunch protection documentation](https://docs.42crunch.com/latest/content/concepts/api_firewall_deployment_architecture.htm) for full details. Two common installation scenarios are described below:
+**Installation via Docker Compose**
+
+  The solution can be installed using a [Docker compose file](https://github.com/42Crunch/azure-sentinel-integration/blob/main/sample-deployment/docker-compose.yml).
+
+  **Installation via Helm charts**
+
+  The solution can be installed using a [Helm chart](https://github.com/42Crunch/azure-sentinel-integration/tree/main/helm/sentinel).
+**4. Step 4: Test the data ingestion**
+
+In order to test the data ingestion the user should deploy the sample *httpbin* application alongside the 42Crunch protection and log forwarder [described in detail here](https://github.com/42Crunch/azure-sentinel-integration/tree/main/sample-deployment).
+**4.1 Install the sample**
+
+  The sample application can be installed locally using a [Docker compose file](https://github.com/42Crunch/azure-sentinel-integration/blob/main/sample-deployment/docker-compose.yml) which will install the httpbin API server, the 42Crunch API protection and the Microsoft Sentinel log forwarder. Set the environment variables as required using the values copied from step 2.
+
+  **4.2 Run the sample**
+
+  Verfify the API protection is connected to the 42Crunch platform, and then exercise the API locally on the *localhost* at port 8080 using Postman, curl, or similar. You should see a mixture of passing and failing API calls.
+
+  **4.3 Verify the data ingestion on Log Analytics**
+
+  After approximately 20 minutes access the Log Analytics workspace on your Microsoft Sentinel installation, and locate the *Custom Logs* section verify that a *apifirewall_log_1_CL* table exists. Use the sample queries to examine the data.
+
 [← Back to Connectors Index](../connectors-index.md)