Merge pull request Azure#13279 from artafres/feature/SlackAudit/parser_fix

Fixed parser issue in SlackAuditV2_CL

Author: jlheard

Solutions/SlackAudit/Package/3.0.5.zip

@@ -1,8 +1,8 @@
 id: fb5aaeb6-14fa-45e8-bb4a-6d4c642a710e
 Function:
   Title: Parser for SlackAudit
-  Version: "1.0.0"
-  LastUpdated: "2023-08-23"
+  Version: "1.0.1"
+  LastUpdated: "2025-12-12"
 Category: Microsoft Sentinel Parser
 FunctionName: SlackAudit
 FunctionAlias: SlackAudit
@@ -204,8 +204,8 @@ FunctionQuery: |
         EntityChannelId=tostring(entity.channel.id),
         EntityChannelPrivacy=tostring(entity.channel.privacy),
         EntityChannelName=tostring(entity.channel.name),
-        EntityChannelIsShared=tobool(entity.channel.is.shared),
-        EntityChannelIsOrgShared=tobool(entity.channel.is.org.shared),
+        EntityChannelIsShared=tobool(entity.channel.is_shared),
+        EntityChannelIsOrgShared=tobool(entity.channel.is_org_shared),
         DetailsType=tostring(details.type),
         EntityUserId=tostring(entity.user.id),
         EntityUserName=tostring(entity.user.name),
@@ -226,8 +226,8 @@ FunctionQuery: |
         ContextLocationName=tostring(context.location.name),
         ContextLocationDomain=tostring(context.location.domain),
         ContextUA=tostring(context.ua),
-        ContextIpAddress=tostring(context.ip.address),
-        ContextSessionId=todouble(context.session.id),
+        ContextIpAddress=tostring(context.ip_address),
+        ContextSessionId=todouble(context.session_id),
         ActionDescription=column_ifexists('ActionDescription', ''),
         EventId=column_ifexists('Id', ''),
         EventEndTime=column_ifexists('DateCreate', ''),
@@ -236,7 +236,7 @@ FunctionQuery: |
         SrcUserName=tostring(actor.user.name),
         SrcUserEmail=tostring(actor.user.email),
         UserAgentOriginal=tostring(context.ua),
-        SrcIpAddr=tostring(context.ip.address),
+        SrcIpAddr=tostring(context.ip_address),
         DvcActionDesc=column_ifexists('ActionDescription', '')
   };
   union isfuzzy=true

Solutions/SlackAudit/Package/mainTemplate.json

@@ -1,5 +1,6 @@
 | **Version** | **Date Modified (DD-MM-YYYY)** | **Change History**                                                 |
 |-------------|--------------------------------|--------------------------------------------------------------------|
+| 3.0.5       | 12-12-2025                     | Updated the **Parser** yaml file. |
 | 3.0.4       | 28-07-2025                     | Removed Deprecated **Data Connector**. |
 | 3.0.3       | 30-06-2025                     | Moving **CCF Data Connector** to GA. |
 | 3.0.2       | 30-05-2025                     | Preview tag added to **CCF Data Connector**. |

Solutions/SlackAudit/Parsers/SlackAudit.yaml

@@ -38,7 +38,7 @@
   ],
   "Metadata": "SolutionMetadata.json",
   "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\SlackAudit",
-  "Version": "3.0.0",
+  "Version": "3.0.5",
   "TemplateSpec": true,
   "Is1PConnector": false
 }