v-rusraut
commented
6 days ago Hi @FJSte , Thanks for flagging this issue, we will investigate this issue and get back to you with some updates. Thanks!
Open FJSte opened 2 weeks ago
v-rusraut
commented
6 days ago Hi @FJSte , Thanks for flagging this issue, we will investigate this issue and get back to you with some updates. Thanks!
The Azure Sentinel solution Network Session Essentials analytic rule PortScan.yaml uses the deprecated Fortinet connector (connectorId: Fortinet) as a data source instead of the recommended FortinetAma connector. The FortinetAma connector (connectorId: FortinetAma) is available and should be used instead.
https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Network%20Session%20Essentials/Analytic%20Rules/PortScan.yaml
Only contains the deprecated connector as a data source
connectorId: Fortinet dataTypes:
and not the recommended data connector
connectorId: FortinetAma dataTypes:
From https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Fortinet%20FortiGate%20Next-Generation%20Firewall%20connector%20for%20Microsoft%20Sentinel/Data%20Connectors/template_Fortinet-FortiGateAma.json
I assume that there will be multiple analytics rules missing the now recommended connectorId: FortinetAma (47 files are currently reffering to the deprecated version) and 0 the newer connector.