Merge branch 'fixPodDuplicateDataIssue' of https://github.com/shubhangipagar-gh/Azure-Sentinel into fixPodDuplicateDataIssue

Author: Shubhangi Pagar

.github/workflows/codeql-analysis.yml

@@ -32,7 +32,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        language: [ 'javascript', 'python', 'ruby', 'actions' ]
+        language: [ 'javascript', 'python', 'ruby', 'actions', 'csharp' ]
         # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby', 'actions' ]
         # Learn more about CodeQL language support at https://git.io/codeql-language-support
 
@@ -51,6 +51,16 @@ jobs:
         # queries: ./path/to/local/query, your-org/your-repo/queries@main
         queries: security-extended,security-and-quality
 
+    # ℹ️ Setup DotNet Versions to building C# projects
+    - name: Setup DotNet Versions
+      uses: actions/setup-dotnet@v5
+      with:
+        dotnet-version: | 
+          6.0.x
+          7.0.x
+          8.0.x
+          9.0.x
+
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild

.github/workflows/update-solutions-analyzer.yml

@@ -0,0 +1,79 @@
+name: Update Solutions Analyzer CSV Files
+
+on:
+  push:
+    branches:
+      - master
+    paths:
+      - 'Solutions/**/*.json'
+      - 'Solutions/**/Parsers/**/*.yaml'
+      - 'Solutions/**/Parsers/**/*.yml'
+      - 'Tools/Solutions Analyzer/solution_connector_tables.py'
+  workflow_dispatch:  # Allow manual trigger
+  schedule:
+    # Run weekly on Monday at 2 AM UTC to catch any missed changes
+    - cron: '0 2 * * 1'
+
+jobs:
+  update-csv:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
+    
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
+      
+      - name: Install dependencies
+        run: |
+          pip install json5
+      
+      - name: Run Solutions Analyzer
+        run: |
+          cd "Tools/Solutions Analyzer"
+          python solution_connector_tables.py
+      
+      - name: Check for changes
+        id: check_changes
+        run: |
+          if git diff --quiet "Tools/Solutions Analyzer/solutions_connectors_tables_mapping.csv" "Tools/Solutions Analyzer/solutions_connectors_tables_issues_and_exceptions_report.csv"; then
+            echo "changed=false" >> $GITHUB_OUTPUT
+          else
+            echo "changed=true" >> $GITHUB_OUTPUT
+          fi
+      
+      - name: Commit and push changes
+        if: steps.check_changes.outputs.changed == 'true'
+        run: |
+          git config --local user.email "github-actions[bot]@users.noreply.github.com"
+          git config --local user.name "github-actions[bot]"
+          git add "Tools/Solutions Analyzer/solutions_connectors_tables_mapping.csv"
+          git add "Tools/Solutions Analyzer/solutions_connectors_tables_issues_and_exceptions_report.csv"
+          git commit -m "chore: Update Solutions Analyzer CSV files [skip ci]"
+          git push
+      
+      - name: Create summary
+        if: steps.check_changes.outputs.changed == 'true'
+        run: |
+          echo "### Solutions Analyzer Updated :white_check_mark:" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo "CSV files have been regenerated and committed." >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo "**Modified files:**" >> $GITHUB_STEP_SUMMARY
+          echo "- Tools/Solutions Analyzer/solutions_connectors_tables_mapping.csv" >> $GITHUB_STEP_SUMMARY
+          echo "- Tools/Solutions Analyzer/solutions_connectors_tables_issues_and_exceptions_report.csv" >> $GITHUB_STEP_SUMMARY
+      
+      - name: No changes summary
+        if: steps.check_changes.outputs.changed == 'false'
+        run: |
+          echo "### Solutions Analyzer :information_source:" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo "No changes detected. CSV files are already up-to-date." >> $GITHUB_STEP_SUMMARY

.script/tests/asimParsersTest/ExclusionListForASimTests.csv

@@ -2,4 +2,7 @@ ParserName
 _ASim_NetworkSession_NTANetAnalytics
 _Im_NetworkSession_NTANetAnalytics
 _Im_NetworkSession_AzureFirewall
-_ASim_NetworkSession_AzureFirewall
+_ASim_NetworkSession_AzureFirewall
+_Im_Authentication_Sshd
+_ASim_Authentication_M365Defender
+_Im_Authentication_M365Defender

CODEOWNERS

@@ -5,7 +5,7 @@
 
 # All up code owners - this should be limited to a select few - if specific code owner is needed, add to the specific folders below
 
-* @Azure/sentinel-repo-admins @Azure/sentinel-repo-reviewers
+* @Azure/sentinel-repo-admins
 
 # This is copied from here: https://help.github.com/en/github/creating-cloning-and-archiving-repositories/about-code-owners
 
@@ -14,9 +14,11 @@
 /Detections/ @Azure/sentinel-repo-hunt-detection-reviewers @Azure/sentinel-repo-admins @Azure/sentinel-repo-reviewers
 /Hunting\ Queries/ @Azure/sentinel-repo-hunt-detection-reviewers @Azure/sentinel-repo-admins @Azure/sentinel-repo-reviewers
 /Notebooks/ @Azure/sentinel-repo-books-reviewers @Azure/sentinel-repo-admins @Azure/sentinel-repo-reviewers
-/Parsers/ @Azure/sentinel-repo-tools-reviewers @Azure/sentinel-repo-admins @Azure/sentinel-repo-reviewers
+/Parsers/ @Azure/sentinel-repo-tools-reviewers @Azure/sentinel-repo-parser-reviewers @Azure/sentinel-repo-admins @Azure/sentinel-repo-reviewers
 /Playbooks/ @Azure/sentinel-repo-books-reviewers @Azure/sentinel-repo-admins @Azure/sentinel-repo-reviewers
 /Workbooks/ @Azure/sentinel-repo-books-reviewers @Azure/sentinel-repo-admins @Azure/sentinel-repo-reviewers
 /Solutions/HoneyTokens/ @haneuvir
 /Solutions/SAP/ @udidekel
 /Solutions/ @Azure/sentinel-repo-solution-reviewers @Azure/sentinel-repo-admins @Azure/sentinel-repo-reviewers
+
+

DataConnectors/AWS-SecurityHubFindings/AzFunAWSSecurityHubIngestion/__init__.py

@@ -79,7 +79,7 @@ def main(mytimer: func.TimerRequest) -> None:
     try:
         managed_identity = ManagedIdentityCredential()
         azure_cli = AzureCliCredential()
-        default_azure_credential = DefaultAzureCredential(
+        default_azure_credential = DefaultAzureCredential(      # CodeQL [SM05139] This connector is deprecated. Code will be deleted soon.
             exclude_shared_token_cache_credential=True
         )
         credential_chain = ChainedTokenCredential(