[BUG] File Module - File profile function inconsistencies

[briandelmsft]

Describe the bug The File module uses the FileProfile() function with a hunting query. Unfortunately this function seems to return inconsistent data for the ThreatName column. Taking a file hash that is a threat, it does not always return that threat info. Evaluate if the File API provides more consistent results

Module Name File-Module

[briandelmsft]

File hash for testing a5059f5a353d7fa5014c0584c7ec18b808c2a02c

[briandelmsft]

Fixed in preview of STAT v2 which is now available to try

STAT v2 Preview is ready for you to try. This is a major move forward from previous versions of STAT, now using an Azure Functions backend and Logic Apps front end. The look and feel is the same as v1, but the improvements on the backend are substantial. This is also a complete rewrite of all of the backend functionality, so do be aware there may be some undiscovered bugs, though there are no known issues in this build. If you encounter any bugs, or even unexpected changes in functionality from previous version please open an issue no matter how small the issue may be.

This build includes the following new features:

• Backend of STAT is now using Azure Functions instead of Logic apps
• Support for User Assigned Managed Identities, Service Principal and Multi Tenant service principal authentication (in addition to existing system assigned managed id support)
• Support for the Sentinel Alert trigger (in addition to existing incident trigger)
• Ability to create a new Sentinel incident from an alert and automatically link the alert
• Additional performance and other minor improvements

The Preview deployment can be found only in the statv2_preview branch of this repo as well as supporting documentation. That includes documentation specific to multi-tenant/MSSP scenarios.

The main branch does not contain any information about v2 at this time, so ensure you select the correct branch.