v3.1.1-better-logging

punkrokk · punkrokk · commit 3e2be63ff03e · 2026-04-09T16:19:44.000-04:00
diff --git a/Solutions/GreyNoiseThreatIntelligence/Data Connectors/GreyNoiseAPISentinelConn.zip b/Solutions/GreyNoiseThreatIntelligence/Data Connectors/GreyNoiseAPISentinelConn.zip
diff --git a/Solutions/GreyNoiseThreatIntelligence/Data Connectors/GreyNoiseAPISentinelConnector/main.py b/Solutions/GreyNoiseThreatIntelligence/Data Connectors/GreyNoiseAPISentinelConnector/main.py
@@ -1,5 +1,4 @@
 import datetime
-import json
 import logging
 import os
 import sys
@@ -27,12 +26,12 @@
 
 GreyNoiseSetup = namedtuple("GreyNoiseSetup", ["api_key", "query", "tries", "size"])
 MSALSetup = namedtuple("MSALSetup", ["tenant_id", "client_id", "client_secret", "workspace_id"])
-class GreuNoiseSentinelUpdater(object):
+class GreyNoiseSentinelUpdater(object):
     """Simple wrapper class to handle consuming IPs"""
 
     def __init__(self, greynoise_setup: GreyNoiseSetup,
                  msal_setup: MSALSetup):
-        super(GreuNoiseSentinelUpdater, self).__init__()
+        super(GreyNoiseSentinelUpdater, self).__init__()
 
         self.greynoise_query = greynoise_setup.query
         self.greynoise_size = greynoise_setup.size
@@ -75,6 +74,8 @@ def get_token(self):
             A token access key.
         """
         logging.info("Getting token for tenant: {0}".format(self.msal_tenant_id))
+        logging.info("Using client_id: {0}".format(self.msal_client_id))
+        logging.info("Using workspace_id: {0}".format(self.msal_workspace_id))
         try:
             context = msal.ConfidentialClientApplication(self.msal_client_id,
                                                         authority='https://login.microsofto'
@@ -154,23 +155,24 @@ def upload_indicators_to_sentinel(self, token: str, indicators: list):
             response.raise_for_status()
         except requests.HTTPError as e:
             status_retry += 1
-            if e.response.status_code == (429 or 503):
-                logging.error("HTTP: " + int(e.response.status_code))
+            if e.response.status_code in (429, 503):
+                logging.error("HTTP: " + str(e.response.status_code))
                 if status_retry > 3:
                     logging.error("Too many upload indicators API retries, exiting.")
                     sys.exit(1)
-                sleep_for = int(e.response.message.split()[7]) + 5 if e.response.message else 60
+                retry_after = e.response.headers.get('Retry-After')
+                sleep_for = int(retry_after) + 5 if retry_after else 60
                 logging.info("API Rate limit exceeded (HTTP 429) or Server Error (HTTP 503), waiting {0} seconds...".format(sleep_for))
                 time.sleep(sleep_for)
                 logging.info("Retrying upload...")
                 self.upload_indicators_to_sentinel(token, indicators)
             elif e.response.status_code == 401:
-                logging.error("HTTP: " + int(e.response.status_code))
+                logging.error("HTTP: " + str(e.response.status_code))
                 logging.error('Did you add the Azure Sentinel Contributor role to your service principal?')
                 logging.error('More info here: https://learn.microsoft.com/en-us/azure/sentinel/upload-indicators-api#acquire-an-access-token')
                 logging.error(e.response.text)
             elif e.response.status_code:
-                logging.error("HTTP: " + int(e.response.status_code))
+                logging.error("HTTP: " + str(e.response.status_code))
                 logging.error(e.response.text)
             logging.error('Cannot upload indicators to Azure Sentinel, exiting.')
             sys.exit(1)
@@ -179,8 +181,8 @@ def upload_indicators_to_sentinel(self, token: str, indicators: list):
             # Check for submission errors
             if response.json().get('errors') != []:
                     logging.warning('Nonfatal error in submitting indicator. While a field failed, \n'  \
-                                    'the rest of the indicator failed and we can continue.')
-                    logging.warning('Error: ' + json.loads(response.json()).get('error'))
+                                    'the rest of the indicator succeeded and we can continue.')
+                    logging.warning('Error: ' + str(response.json().get('errors')))
     
             return response.json()
         except requests.exceptions.JSONDecodeError:
@@ -408,7 +410,7 @@ def main(mytimer: func.TimerRequest) -> None:
         env.get("TENANT_ID"), env.get("CLIENT_ID"), env.get("CLIENT_SECRET"), env.get("WORKSPACE_ID")
     )
 
-    g = GreuNoiseSentinelUpdater(greynoise_setup, msal_setup)
+    g = GreyNoiseSentinelUpdater(greynoise_setup, msal_setup)
     g.consume_ips()
 
     logging.info('Python timer trigger function ran at %s', utc_timestamp)
diff --git a/Solutions/GreyNoiseThreatIntelligence/Data Connectors/GreyNoiseConnector_UploadIndicatorsAPI.json b/Solutions/GreyNoiseThreatIntelligence/Data Connectors/GreyNoiseConnector_UploadIndicatorsAPI.json
@@ -31,8 +31,7 @@
         }
     ],
     "availability": {
-        "status": 1,
-        "isPreview": true
+        "status": 1
     },
     "permissions": {
         "resourceProvider": [
@@ -101,7 +100,7 @@
             "description": "Follow this section here to add **'ThreatIndicators.ReadWrite.OwnedBy'** permission to the AAD App: https://learn.microsoft.com/en-us/azure/sentinel/connect-threat-intelligence-tip#specify-the-permissions-required-by-the-application. \n Back in your AAD App, ensure you grant admin consent for the permissions you just added. \n Finally, in the 'Tokens and APIs' section, generate a client secret and save it. You will need it in Step 6. "
         },{
             "title": "5. Deploy the Threat Intelligence (New) Solution, (v3.0.14 or later) which includes the Threat Intelligence Upload Indicators API (Preview)",
-            "description": "See Microsoft Sentinel Content Hub for this Solution, and install it in the Microsoft Sentinel instance. Note that you do not need to do any confirguration in this step."
+            "description": "See Microsoft Sentinel Content Hub for this Solution, and install it in the Microsoft Sentinel instance. Note that you do not need to do any configuration in this step."
         },
         {
             "title": "6. Deploy the Azure Function",
diff --git a/Solutions/GreyNoiseThreatIntelligence/Data Connectors/azuredeploy_Connector_GreyNoiseAPISentinel_AzureFunction.json b/Solutions/GreyNoiseThreatIntelligence/Data Connectors/azuredeploy_Connector_GreyNoiseAPISentinel_AzureFunction.json
@@ -13,8 +13,8 @@
               "defaultValue": "Workspace ID"
           },
           "GREYNOISE_KEY": {
-              "type": "string",
-              "defaultValue": "GreyNoise API Key"
+              "type": "securestring",
+              "defaultValue": ""
           },
           "TENANT_ID": {
               "type": "string",
@@ -25,8 +25,8 @@
               "defaultValue": "Client ID"
           },
           "CLIENT_SECRET": {
-              "type": "string",
-              "defaultValue": "Client Secret"
+              "type": "securestring",
+              "defaultValue": ""
           },
           "GREYNOISE_CLASSIFICATIONS": {
             "type": "string",
diff --git a/Solutions/GreyNoiseThreatIntelligence/Package/mainTemplate.json b/Solutions/GreyNoiseThreatIntelligence/Package/mainTemplate.json
@@ -1118,7 +1118,7 @@
                       "title": "4. Specify the AAD permissions to enable MS Graph API access to the upload-indicators API."
                     },
                     {
-                      "description": "See Microsoft Sentinel Content Hub for this Solution, and install it in the Microsoft Sentinel instance. Note that you do not need to do any confirguration in this step.",
+                      "description": "See Microsoft Sentinel Content Hub for this Solution, and install it in the Microsoft Sentinel instance. Note that you do not need to do any configuration in this step.",
                       "title": "5. Deploy the Threat Intelligence (New) Solution, (v3.0.14 or later) which includes the Threat Intelligence Upload Indicators API (Preview)"
                     },
                     {
@@ -1331,7 +1331,7 @@
               "title": "4. Specify the AAD permissions to enable MS Graph API access to the upload-indicators API."
             },
             {
-              "description": "See Microsoft Sentinel Content Hub for this Solution, and install it in the Microsoft Sentinel instance. Note that you do not need to do any confirguration in this step.",
+              "description": "See Microsoft Sentinel Content Hub for this Solution, and install it in the Microsoft Sentinel instance. Note that you do not need to do any configuration in this step.",
               "title": "5. Deploy the Threat Intelligence (New) Solution, (v3.0.14 or later) which includes the Threat Intelligence Upload Indicators API (Preview)"
             },
             {
diff --git a/Solutions/GreyNoiseThreatIntelligence/SolutionMetadata.json b/Solutions/GreyNoiseThreatIntelligence/SolutionMetadata.json
@@ -1,8 +1,8 @@
  {
-    "publisherId": "greynoiseintelligenceinc1681236078693",
+    "publisherId": "greynoiseintelligenceinc16812GreyNoiseAPISentinelConn6078693",
     "offerId": "microsoft-sentinel-byol-greynoise",
     "firstPublishDate": "2023-09-05",
-    "lastPublishDate": "2026-03-12",
+    "lastPublishDate": "2026-04-09",
     "providers": ["GreyNoise Intelligence, Inc."],
     "categories": {
       "domains" : ["Security - Threat Intelligence"],

Original file line number	Diff line number	Diff line change
`@@ -1118,7 +1118,7 @@`
`1118`	`1118`	`"title": "4. Specify the AAD permissions to enable MS Graph API access to the upload-indicators API."`
`1119`	`1119`	`},`
`1120`	`1120`	`{`
`1121`		`- "description": "See Microsoft Sentinel Content Hub for this Solution, and install it in the Microsoft Sentinel instance. Note that you do not need to do any confirguration in this step.",`
	`1121`	`+ "description": "See Microsoft Sentinel Content Hub for this Solution, and install it in the Microsoft Sentinel instance. Note that you do not need to do any configuration in this step.",`
`1122`	`1122`	`"title": "5. Deploy the Threat Intelligence (New) Solution, (v3.0.14 or later) which includes the Threat Intelligence Upload Indicators API (Preview)"`
`1123`	`1123`	`},`
`1124`	`1124`	`{`
`@@ -1331,7 +1331,7 @@`
`1331`	`1331`	`"title": "4. Specify the AAD permissions to enable MS Graph API access to the upload-indicators API."`
`1332`	`1332`	`},`
`1333`	`1333`	`{`
`1334`		`- "description": "See Microsoft Sentinel Content Hub for this Solution, and install it in the Microsoft Sentinel instance. Note that you do not need to do any confirguration in this step.",`
	`1334`	`+ "description": "See Microsoft Sentinel Content Hub for this Solution, and install it in the Microsoft Sentinel instance. Note that you do not need to do any configuration in this step.",`
`1335`	`1335`	`"title": "5. Deploy the Threat Intelligence (New) Solution, (v3.0.14 or later) which includes the Threat Intelligence Upload Indicators API (Preview)"`
`1336`	`1336`	`},`
`1337`	`1337`	`{`