DomainTools New Playbooks

[RamboV]

Required items, please complete

Change(s):

• See guidance below

  Reason for Change(s):

• See guidance below

  Version Updated:

• Required only for Detections/Analytic Rule templates

• See guidance below

  Testing Completed:

• See guidance below

  Checked that the validations are passing and have addressed any issues that are present:

• See guidance below

Guidance <- remove section before submitting

---

Before submitting this PR please ensure that you have read the following sections and filled out the changes, reason for change and testing complete sections:

Thank you for your contribution to the Microsoft Sentinel Github repo.

Details of the code changes in your submitted PR. Providing descriptions for pull requests ensures there is context to changes being made and greatly enhances the code review process. Providing associated Issues that this resolves also easily connects the reason.

Change(s):

• Updated syntax for XYZ.yaml

  Reason for Change(s):

• New schema used for XYZ.yaml

• Resolves ISSUE #1234

  Version updated:

• Yes
• Detections/Analytic Rule templates are required to have the version updated

The code should have been tested in a Microsoft Sentinel environment that does not have any custom parsers, functions or tables, so that you validate no incorrect syntax and execution functions properly. If your submission requires a custom parser or function, it must be submitted with the PR.

Testing Completed:

• Yes/No/Need Help

Note: If updating a detection, you must update the version field.

Before the submission has been made, please look at running the KQL and Yaml Validation Checks locally. https://github.com/Azure/Azure-Sentinel#run-kql-validation-locally

Checked that the validations are passing and have addressed any issues that are present:

• Yes/No/Need Help

  Note: Let us know if you have tried fixing the validation error and need help.

References:

• Guidance for Detection checks
• General contribution guidance
• PR validation troubleshooting

---

[RamboV]

During packaging we encountered some issues and are currently investigating the exact problem. Please refer to the below screenshot for details. Any suggestions or insights would be greatly appreciated.

[v-prasadboke]

During packaging we encountered some issues and are currently investigating the exact problem. Please refer to the below screenshot for details. Any suggestions or insights would be greatly appreciated.

This error is an exception, This can be ignored

And thanks for raising this PR. This PR will be investigated and we will update you about the same before 05 July, 2024.

[v-prasadboke]

Hello @RamboV, Please create a custom table named as DomainToolsDomainEnrichment_CL at location https://github.com/Azure/Azure-Sentinel/tree/master/.script/tests/KqlvalidationsTests/CustomTables

Custom connector located in Playbook folder, looks like Function app. If it is a Function app please move it to Data Connector folder and add Data connector file as well.

[RamboV]

Hello @v-prasadboke, Added custom table DomainToolsDomainEnrichment_CL.json at specified location.

[v-prasadboke]

Hello @RamboV, Please create a custom table named as DomainToolsDomainEnrichment_CL at location https://github.com/Azure/Azure-Sentinel/tree/master/.script/tests/KqlvalidationsTests/CustomTables

Custom connector located in Playbook folder, looks like Function app. If it is a Function app please move it to Data Connector folder and add Data connector file as well.

Please have a look at the below mentioned point

[RamboV]

Hello @RamboV, Please create a custom table named as DomainToolsDomainEnrichment_CL at location https://github.com/Azure/Azure-Sentinel/tree/master/.script/tests/KqlvalidationsTests/CustomTables Custom connector located in Playbook folder, looks like Function app. If it is a Function app please move it to Data Connector folder and add Data connector file as well.

Please have a look at the below mentioned point

Hello @v-prasadboke , it is a FuntionApp custom connector, very similar to the below https://github.com/Azure/Azure-Sentinel/tree/3a43f4e66e6d156bc7dbc4ebc420108050fcca6b/Solutions/AWS_IAM/Playbooks/AWS_IAM_FunctionAppConnector https://github.com/Azure/Azure-Sentinel/tree/3a43f4e66e6d156bc7dbc4ebc420108050fcca6b/Solutions/AWSAthena/Playbooks/CustomConnector/AWSAthena_FunctionAppConnector

Please let us know if you still need it to be moved

[v-prasadboke]

Will check on it @RamboV.

[v-prasadboke]

Hello @RamboV, The PR is still failing for a KQL validation. Can you check it once.

[RamboV]

Hello @v-prasadboke , we digged the issue, will submit the changes tomorrow, your change now doesn't solve the pipeline issues.

[v-prasadboke]

Hello @v-prasadboke , we digged the issue, will submit the changes tomorrow, your change now doesn't solve the pipeline issues.

Got it @RamboV.

[RamboV]

Hello @v-prasadboke , we digged the issue, will submit the changes tomorrow, your change now doesn't solve the pipeline issues.

Got it @RamboV.

Hello @v-prasadboke , we have updated the parser, all checks have passed, kindly check

[v-prasadboke]

Hello @RamboV, All looks fine to me. I have one final requirement. The logo which is being used in createui and input file is in png format.

Can you please provide us a logo in svg format and it should be less than or = 5kb

[RamboV]

Hello @RamboV, All looks fine to me. I have one final requirement. The logo which is being used in createui and input file is in png format.

Can you please provide us a logo in svg format and it should be less than or = 5kb

@v-prasadboke is it ok it is like 6kb, do you want us to send here?

[RamboV]

Hello @RamboV, All looks fine to me. I have one final requirement. The logo which is being used in createui and input file is in png format. Can you please provide us a logo in svg format and it should be less than or = 5kb

@v-prasadboke is it ok it is like 6kb, do you want us to send here?

[v-prasadboke]

You can add it in the Logos folder

[RamboV]

You can add it in the Logos folder

Hello @v-prasadboke done ,