Merge branch 'master' into pr/13252

Author: v-maheshbh

.github/workflows/arm-ttk-validations.yaml

@@ -20,7 +20,7 @@ jobs:
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
-          fetch-depth: 0
+          fetch-depth: 10
       - shell: pwsh
         id: step1
         name: Identify Changes in PR

.github/workflows/hyperlinkValidator.yaml

@@ -28,7 +28,7 @@ jobs:
         env:
           GeneratedToken: ${{ steps.generate_token.outputs.token }}
         with:
-          fetch-depth: 0
+          fetch-depth: 10
           token: ${{ env.GeneratedToken }}
       - shell: pwsh
         id: step1

.github/workflows/slash-command-armttk.yaml

@@ -46,7 +46,7 @@ jobs:
         if: steps.get-pr.outputs.is_fork == 'false'
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
-          fetch-depth: 0
+          fetch-depth: 10
           ref: ${{ steps.get-pr.outputs.head_sha }}
           persist-credentials: false
       - shell: pwsh

.github/workflows/update-solutions-analyzer.yml

@@ -55,23 +55,47 @@ jobs:
             echo "changed=true" >> $GITHUB_OUTPUT
           fi
       
-      - name: Commit and push changes
+      - name: Create Pull Request
         if: steps.check_changes.outputs.changed == 'true'
+        id: create_pr
+        uses: peter-evans/create-pull-request@v6
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          commit-message: 'chore: Update Solutions Analyzer CSV files and documentation'
+          branch: solutions-analyzer-update
+          delete-branch: true
+          title: 'chore: Update Solutions Analyzer CSV files and documentation'
+          body: |
+            ## Automated Solutions Analyzer Update
+            
+            This PR contains automated updates to:
+            - Solutions connector-to-tables mapping CSV
+            - Solutions issues and exceptions report CSV
+            - Connector documentation files
+            
+            Generated by the Solutions Analyzer workflow.
+            
+            **Triggered by:** ${{ github.event_name }}
+            **Workflow run:** ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
+          labels: automated, documentation
+          add-paths: |
+            Tools/Solutions Analyzer/solutions_connectors_tables_mapping.csv
+            Tools/Solutions Analyzer/solutions_connectors_tables_issues_and_exceptions_report.csv
+            Tools/Solutions Analyzer/connector-docs/
+      
+      - name: Enable auto-merge
+        if: steps.check_changes.outputs.changed == 'true' && steps.create_pr.outputs.pull-request-number != ''
         run: |
-          git config --local user.email "github-actions[bot]@users.noreply.github.com"
-          git config --local user.name "github-actions[bot]"
-          git add "Tools/Solutions Analyzer/solutions_connectors_tables_mapping.csv"
-          git add "Tools/Solutions Analyzer/solutions_connectors_tables_issues_and_exceptions_report.csv"
-          git add "Tools/Solutions Analyzer/connector-docs/"
-          git commit -m "chore: Update Solutions Analyzer CSV files and documentation [skip ci]"
-          git push
+          gh pr merge ${{ steps.create_pr.outputs.pull-request-number }} --auto --squash
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Create summary
         if: steps.check_changes.outputs.changed == 'true'
         run: |
-          echo "### Solutions Analyzer Updated :white_check_mark:" >> $GITHUB_STEP_SUMMARY
+          echo "### Solutions Analyzer Pull Request Created :white_check_mark:" >> $GITHUB_STEP_SUMMARY
           echo "" >> $GITHUB_STEP_SUMMARY
-          echo "CSV files and documentation have been regenerated and committed." >> $GITHUB_STEP_SUMMARY
+          echo "A pull request has been created with updated CSV files and documentation." >> $GITHUB_STEP_SUMMARY
           echo "" >> $GITHUB_STEP_SUMMARY
           echo "**Modified files:**" >> $GITHUB_STEP_SUMMARY
           echo "- Tools/Solutions Analyzer/solutions_connectors_tables_mapping.csv" >> $GITHUB_STEP_SUMMARY

.script/tests/KqlvalidationsTests/CustomTables/AZFWApplicationRule.json

@@ -9,6 +9,10 @@
         "Name": "ActionReason",
         "Type": "string"
       },
+      {
+        "Name": "_BilledSize",
+        "Type": "real"
+      },
       {
         "Name": "DestinationPort",
         "Type": "int"
@@ -17,6 +21,14 @@
         "Name": "Fqdn",
         "Type": "string"
       },
+      {
+        "Name": "_IsBillable",
+        "Type": "string"
+      },
+            {
+        "Name": "IsExplicitProxyRequest",
+        "Type": "bool"
+      },
       {
         "Name": "IsTlsInspected",
         "Type": "bool"
@@ -57,6 +69,10 @@
         "Name": "SourceSystem",
         "Type": "string"
       },
+      {
+        "Name": "_SubscriptionId",
+        "Type": "string"
+      },
       {
         "Name": "TargetUrl",
         "Type": "string"
@@ -76,6 +92,14 @@
       {
         "Name": "WebCategory",
         "Type": "string"
+      },
+      {
+        "Name": "_TimeReceived",
+        "Type": "datetime"
+      },
+      {
+        "Name": "_ItemId",
+        "Type": "string"
       }
     ]
 }

.script/tests/KqlvalidationsTests/CustomTables/AZFWDnsQuery.json

@@ -88,6 +88,14 @@
     {
       "Name": "Type",
       "Type": "string"
+    },
+    {
+      "Name": "_TimeReceived",
+      "Type": "datetime"
+    },
+    {
+      "Name": "_ItemId",
+      "Type": "string"
     }
   ]
 }

.script/tests/KqlvalidationsTests/CustomTables/AZFWIdpsSignature.json

@@ -80,6 +80,14 @@
   {
     "Name": "SignatureId",
     "Type": "string"
+  },
+  {
+    "Name": "_TimeReceived",
+    "Type": "datetime"
+  },
+  {
+    "Name": "_ItemId",
+    "Type": "string"
   }
 ]
 }

.script/tests/KqlvalidationsTests/CustomTables/AZFWNatRule.json

@@ -0,0 +1,89 @@
+{
+  "Name": "AZFWNatRule",
+  "Properties": [
+    {
+      "Name": "_BilledSized",
+      "Type": "real"
+    },
+    {
+      "Name": "DestinationIp",
+      "Type": "string"
+    },
+    {
+      "Name": "DestinationPort",
+      "Type": "int"
+    },
+{
+      "Name": "_IsBillable",
+      "Type": "string"
+    },
+    {
+      "Name": "Policy",
+      "Type": "string"
+    },
+    {
+      "Name": "Protocol",
+      "Type": "string"
+    },
+    {
+      "Name": "_ResourceId",
+      "Type": "string"
+    },
+    {
+      "Name": "Rule",
+      "Type": "string"
+    },
+    {
+      "Name": "RuleCollection",
+      "Type": "string"
+    },
+    {
+      "Name": "RuleCollectionGroup",
+      "Type": "string"
+    },
+    {
+      "Name": "SourceIp",
+      "Type": "string"
+    },
+    {
+      "Name": "SourcePort",
+      "Type": "int"
+    },
+    {
+      "Name": "SourceSystem",
+      "Type": "string"
+    },
+    {
+      "Name": "_SubscriptionId",
+      "Type": "string"
+    },
+    {
+      "Name": "TenantId",
+      "Type": "string"
+    },
+    {
+      "Name": "TimeGenerated",
+      "Type": "datetime"
+    },
+    {
+      "Name": "TranslatedIp",
+      "Type": "string"
+    },
+    {
+      "Name": "TranslatedPort",
+      "Type": "int"
+    },
+    {
+      "Name": "Type",
+      "Type": "string"
+    },
+    {
+      "Name": "_TimeReceived",
+      "Type": "datetime"
+    },
+    {
+      "Name": "_ItemId",
+      "Type": "string"
+    }
+  ]
+}

.script/tests/KqlvalidationsTests/CustomTables/AZFWNetworkRule.json

@@ -68,6 +68,14 @@
     {
       "Name": "Type",
       "Type": "string"
+    },
+    {
+      "Name": "_TimeReceived",
+      "Type": "datetime"
+    },
+    {
+      "Name": "_ItemId",
+      "Type": "string"
     }
   ]
 }

.script/tests/KqlvalidationsTests/CustomTables/AZFWThreatIntel.json

@@ -68,6 +68,14 @@
       {
         "Name": "Type",
         "Type": "string"
+      },
+      {
+        "Name": "_TimeReceived",
+        "Type": "datetime"
+      },
+      {
+        "Name": "_ItemId",
+        "Type": "string"
       }
     ]
   }