feat(SlackAudit): update parser version and standardize entity mappings

artafres · artafres · commit 29e8902fa98f · 2025-12-12T10:56:17.000-05:00
- Bump parser version from 1.0.0 to 1.0.1
- Reorder entity mapping fields for consistent formatting
- Standardize fieldMappings structure across all analytics rules
- Update package binary with latest changes
diff --git a/Solutions/SlackAudit/Package/3.0.5.zip b/Solutions/SlackAudit/Package/3.0.5.zip
diff --git a/Solutions/SlackAudit/Package/mainTemplate.json b/Solutions/SlackAudit/Package/mainTemplate.json
@@ -139,7 +139,7 @@
       "_parserName1": "[concat(parameters('workspace'),'/','SlackAudit Data Parser')]",
       "_parserId1": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'SlackAudit Data Parser')]",
       "parserTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring('SlackAudit-Parser')))]",
-      "parserVersion1": "1.0.0",
+      "parserVersion1": "1.0.1",
       "parserContentId1": "SlackAudit-Parser"
     },
     "huntingQueryObject1": {
@@ -334,13 +334,13 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "AccountCustomEntity"
+                        "columnName": "AccountCustomEntity",
+                        "identifier": "FullName"
                       }
-                    ]
+                    ],
+                    "entityType": "Account"
                   }
                 ]
               }
@@ -438,13 +438,13 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "AccountCustomEntity"
+                        "columnName": "AccountCustomEntity",
+                        "identifier": "FullName"
                       }
-                    ]
+                    ],
+                    "entityType": "Account"
                   }
                 ]
               }
@@ -542,13 +542,13 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "AccountCustomEntity"
+                        "columnName": "AccountCustomEntity",
+                        "identifier": "FullName"
                       }
-                    ]
+                    ],
+                    "entityType": "Account"
                   }
                 ]
               }
@@ -646,22 +646,22 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "AccountCustomEntity"
+                        "columnName": "AccountCustomEntity",
+                        "identifier": "FullName"
                       }
-                    ]
+                    ],
+                    "entityType": "Account"
                   },
                   {
-                    "entityType": "IP",
                     "fieldMappings": [
                       {
-                        "identifier": "Address",
-                        "columnName": "IPCustomEntity"
+                        "columnName": "IPCustomEntity",
+                        "identifier": "Address"
                       }
-                    ]
+                    ],
+                    "entityType": "IP"
                   }
                 ]
               }
@@ -759,22 +759,22 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "AccountCustomEntity"
+                        "columnName": "AccountCustomEntity",
+                        "identifier": "FullName"
                       }
-                    ]
+                    ],
+                    "entityType": "Account"
                   },
                   {
-                    "entityType": "File",
                     "fieldMappings": [
                       {
-                        "identifier": "Name",
-                        "columnName": "FileCustomEntity"
+                        "columnName": "FileCustomEntity",
+                        "identifier": "Name"
                       }
-                    ]
+                    ],
+                    "entityType": "File"
                   }
                 ]
               }
@@ -872,13 +872,13 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "AccountCustomEntity"
+                        "columnName": "AccountCustomEntity",
+                        "identifier": "FullName"
                       }
-                    ]
+                    ],
+                    "entityType": "Account"
                   }
                 ]
               }
@@ -978,13 +978,13 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "AccountCustomEntity"
+                        "columnName": "AccountCustomEntity",
+                        "identifier": "FullName"
                       }
-                    ]
+                    ],
+                    "entityType": "Account"
                   }
                 ]
               }
@@ -1082,22 +1082,22 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "AccountCustomEntity"
+                        "columnName": "AccountCustomEntity",
+                        "identifier": "FullName"
                       }
-                    ]
+                    ],
+                    "entityType": "Account"
                   },
                   {
-                    "entityType": "IP",
                     "fieldMappings": [
                       {
-                        "identifier": "Address",
-                        "columnName": "IPCustomEntity"
+                        "columnName": "IPCustomEntity",
+                        "identifier": "Address"
                       }
-                    ]
+                    ],
+                    "entityType": "IP"
                   }
                 ]
               }
@@ -1197,13 +1197,13 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "AccountCustomEntity"
+                        "columnName": "AccountCustomEntity",
+                        "identifier": "FullName"
                       }
-                    ]
+                    ],
+                    "entityType": "Account"
                   }
                 ]
               }
@@ -1968,8 +1968,8 @@
         "contentId": "[variables('parserObject1').parserContentId1]",
         "contentKind": "Parser",
         "displayName": "SlackAudit Data Parser",
-        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject1').parserContentId1,'-', '1.0.0')))]",
-        "id": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject1').parserContentId1,'-', '1.0.0')))]",
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject1').parserContentId1,'-', '1.0.1')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject1').parserContentId1,'-', '1.0.1')))]",
         "version": "[variables('parserObject1').parserVersion1]"
       }
     },
diff --git a/Solutions/SlackAudit/Parsers/SlackAudit.yaml b/Solutions/SlackAudit/Parsers/SlackAudit.yaml
@@ -1,8 +1,8 @@
 id: fb5aaeb6-14fa-45e8-bb4a-6d4c642a710e
 Function:
   Title: Parser for SlackAudit
-  Version: "1.0.0"
-  LastUpdated: "2023-08-23"
+  Version: "1.0.1"
+  LastUpdated: "2025-12-12"
 Category: Microsoft Sentinel Parser
 FunctionName: SlackAudit
 FunctionAlias: SlackAudit
diff --git a/Solutions/SlackAudit/ReleaseNotes.md b/Solutions/SlackAudit/ReleaseNotes.md
@@ -1,5 +1,6 @@
 | **Version** | **Date Modified (DD-MM-YYYY)** | **Change History**                                                 |
 |-------------|--------------------------------|--------------------------------------------------------------------|
+| 3.0.5       | 12-12-2025                     | Updated the **Parser** yaml file. |
 | 3.0.4       | 28-07-2025                     | Removed Deprecated **Data Connector**. |
 | 3.0.3       | 30-06-2025                     | Moving **CCF Data Connector** to GA. |
 | 3.0.2       | 30-05-2025                     | Preview tag added to **CCF Data Connector**. |

Original file line number	Diff line number	Diff line change
`@@ -139,7 +139,7 @@`
`139`	`139`	`"_parserName1": "[concat(parameters('workspace'),'/','SlackAudit Data Parser')]",`
`140`	`140`	`"_parserId1": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'SlackAudit Data Parser')]",`
`141`	`141`	`"parserTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring('SlackAudit-Parser')))]",`
`142`		`- "parserVersion1": "1.0.0",`
	`142`	`+ "parserVersion1": "1.0.1",`
`143`	`143`	`"parserContentId1": "SlackAudit-Parser"`
`144`	`144`	`},`
`145`	`145`	`"huntingQueryObject1": {`
`@@ -334,13 +334,13 @@`
`334`	`334`	`],`
`335`	`335`	`"entityMappings": [`
`336`	`336`	`{`
`337`		`- "entityType": "Account",`
`338`	`337`	`"fieldMappings": [`
`339`	`338`	`{`
`340`		`- "identifier": "FullName",`
`341`		`- "columnName": "AccountCustomEntity"`
	`339`	`+ "columnName": "AccountCustomEntity",`
	`340`	`+ "identifier": "FullName"`
`342`	`341`	`}`
`343`		`- ]`
	`342`	`+ ],`
	`343`	`+ "entityType": "Account"`
`344`	`344`	`}`
`345`	`345`	`]`
`346`	`346`	`}`
`@@ -438,13 +438,13 @@`
`438`	`438`	`],`
`439`	`439`	`"entityMappings": [`
`440`	`440`	`{`
`441`		`- "entityType": "Account",`
`442`	`441`	`"fieldMappings": [`
`443`	`442`	`{`
`444`		`- "identifier": "FullName",`
`445`		`- "columnName": "AccountCustomEntity"`
	`443`	`+ "columnName": "AccountCustomEntity",`
	`444`	`+ "identifier": "FullName"`
`446`	`445`	`}`
`447`		`- ]`
	`446`	`+ ],`
	`447`	`+ "entityType": "Account"`
`448`	`448`	`}`
`449`	`449`	`]`
`450`	`450`	`}`
`@@ -542,13 +542,13 @@`
`542`	`542`	`],`
`543`	`543`	`"entityMappings": [`
`544`	`544`	`{`
`545`		`- "entityType": "Account",`
`546`	`545`	`"fieldMappings": [`
`547`	`546`	`{`
`548`		`- "identifier": "FullName",`
`549`		`- "columnName": "AccountCustomEntity"`
	`547`	`+ "columnName": "AccountCustomEntity",`
	`548`	`+ "identifier": "FullName"`
`550`	`549`	`}`
`551`		`- ]`
	`550`	`+ ],`
	`551`	`+ "entityType": "Account"`
`552`	`552`	`}`
`553`	`553`	`]`
`554`	`554`	`}`
`@@ -646,22 +646,22 @@`
`646`	`646`	`],`
`647`	`647`	`"entityMappings": [`
`648`	`648`	`{`
`649`		`- "entityType": "Account",`
`650`	`649`	`"fieldMappings": [`
`651`	`650`	`{`
`652`		`- "identifier": "FullName",`
`653`		`- "columnName": "AccountCustomEntity"`
	`651`	`+ "columnName": "AccountCustomEntity",`
	`652`	`+ "identifier": "FullName"`
`654`	`653`	`}`
`655`		`- ]`
	`654`	`+ ],`
	`655`	`+ "entityType": "Account"`
`656`	`656`	`},`
`657`	`657`	`{`
`658`		`- "entityType": "IP",`
`659`	`658`	`"fieldMappings": [`
`660`	`659`	`{`
`661`		`- "identifier": "Address",`
`662`		`- "columnName": "IPCustomEntity"`
	`660`	`+ "columnName": "IPCustomEntity",`
	`661`	`+ "identifier": "Address"`
`663`	`662`	`}`
`664`		`- ]`
	`663`	`+ ],`
	`664`	`+ "entityType": "IP"`
`665`	`665`	`}`
`666`	`666`	`]`
`667`	`667`	`}`
`@@ -759,22 +759,22 @@`
`759`	`759`	`],`
`760`	`760`	`"entityMappings": [`
`761`	`761`	`{`
`762`		`- "entityType": "Account",`
`763`	`762`	`"fieldMappings": [`
`764`	`763`	`{`
`765`		`- "identifier": "FullName",`
`766`		`- "columnName": "AccountCustomEntity"`
	`764`	`+ "columnName": "AccountCustomEntity",`
	`765`	`+ "identifier": "FullName"`
`767`	`766`	`}`
`768`		`- ]`
	`767`	`+ ],`
	`768`	`+ "entityType": "Account"`
`769`	`769`	`},`
`770`	`770`	`{`
`771`		`- "entityType": "File",`
`772`	`771`	`"fieldMappings": [`
`773`	`772`	`{`
`774`		`- "identifier": "Name",`
`775`		`- "columnName": "FileCustomEntity"`
	`773`	`+ "columnName": "FileCustomEntity",`
	`774`	`+ "identifier": "Name"`
`776`	`775`	`}`
`777`		`- ]`
	`776`	`+ ],`
	`777`	`+ "entityType": "File"`
`778`	`778`	`}`
`779`	`779`	`]`
`780`	`780`	`}`
`@@ -872,13 +872,13 @@`
`872`	`872`	`],`
`873`	`873`	`"entityMappings": [`
`874`	`874`	`{`
`875`		`- "entityType": "Account",`
`876`	`875`	`"fieldMappings": [`
`877`	`876`	`{`
`878`		`- "identifier": "FullName",`
`879`		`- "columnName": "AccountCustomEntity"`
	`877`	`+ "columnName": "AccountCustomEntity",`
	`878`	`+ "identifier": "FullName"`
`880`	`879`	`}`
`881`		`- ]`
	`880`	`+ ],`
	`881`	`+ "entityType": "Account"`
`882`	`882`	`}`
`883`	`883`	`]`
`884`	`884`	`}`
`@@ -978,13 +978,13 @@`
`978`	`978`	`],`
`979`	`979`	`"entityMappings": [`
`980`	`980`	`{`
`981`		`- "entityType": "Account",`
`982`	`981`	`"fieldMappings": [`
`983`	`982`	`{`
`984`		`- "identifier": "FullName",`
`985`		`- "columnName": "AccountCustomEntity"`
	`983`	`+ "columnName": "AccountCustomEntity",`
	`984`	`+ "identifier": "FullName"`
`986`	`985`	`}`
`987`		`- ]`
	`986`	`+ ],`
	`987`	`+ "entityType": "Account"`
`988`	`988`	`}`
`989`	`989`	`]`
`990`	`990`	`}`
`@@ -1082,22 +1082,22 @@`
`1082`	`1082`	`],`
`1083`	`1083`	`"entityMappings": [`
`1084`	`1084`	`{`
`1085`		`- "entityType": "Account",`
`1086`	`1085`	`"fieldMappings": [`
`1087`	`1086`	`{`
`1088`		`- "identifier": "FullName",`
`1089`		`- "columnName": "AccountCustomEntity"`
	`1087`	`+ "columnName": "AccountCustomEntity",`
	`1088`	`+ "identifier": "FullName"`
`1090`	`1089`	`}`
`1091`		`- ]`
	`1090`	`+ ],`
	`1091`	`+ "entityType": "Account"`
`1092`	`1092`	`},`
`1093`	`1093`	`{`
`1094`		`- "entityType": "IP",`
`1095`	`1094`	`"fieldMappings": [`
`1096`	`1095`	`{`
`1097`		`- "identifier": "Address",`
`1098`		`- "columnName": "IPCustomEntity"`
	`1096`	`+ "columnName": "IPCustomEntity",`
	`1097`	`+ "identifier": "Address"`
`1099`	`1098`	`}`
`1100`		`- ]`
	`1099`	`+ ],`
	`1100`	`+ "entityType": "IP"`
`1101`	`1101`	`}`
`1102`	`1102`	`]`
`1103`	`1103`	`}`
`@@ -1197,13 +1197,13 @@`
`1197`	`1197`	`],`
`1198`	`1198`	`"entityMappings": [`
`1199`	`1199`	`{`
`1200`		`- "entityType": "Account",`
`1201`	`1200`	`"fieldMappings": [`
`1202`	`1201`	`{`
`1203`		`- "identifier": "FullName",`
`1204`		`- "columnName": "AccountCustomEntity"`
	`1202`	`+ "columnName": "AccountCustomEntity",`
	`1203`	`+ "identifier": "FullName"`
`1205`	`1204`	`}`
`1206`		`- ]`
	`1205`	`+ ],`
	`1206`	`+ "entityType": "Account"`
`1207`	`1207`	`}`
`1208`	`1208`	`]`
`1209`	`1209`	`}`
`@@ -1968,8 +1968,8 @@`
`1968`	`1968`	`"contentId": "[variables('parserObject1').parserContentId1]",`
`1969`	`1969`	`"contentKind": "Parser",`
`1970`	`1970`	`"displayName": "SlackAudit Data Parser",`
`1971`		`- "contentProductId": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject1').parserContentId1,'-', '1.0.0')))]",`
`1972`		`- "id": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject1').parserContentId1,'-', '1.0.0')))]",`
	`1971`	`+ "contentProductId": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject1').parserContentId1,'-', '1.0.1')))]",`
	`1972`	`+ "id": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject1').parserContentId1,'-', '1.0.1')))]",`
`1973`	`1973`	`"version": "[variables('parserObject1').parserVersion1]"`
`1974`	`1974`	`}`
`1975`	`1975`	`},`