Adding new workbook, custom tables, data connector and analytic rules…

[seanmacdonald8]

… for the new log ingestion api-based integration

Required items, please complete

Change(s):

• Adding a new data connector for log ingestion API method

Reason for Change(s):

• http data collector will be deprecated soon

Version Updated:

• N/A

Testing Completed:

• yes

Checked that the validations are passing and have addressed any issues that are present:

• Need help

[v-kasghosh]

Hey @seanmacdonald8,

I noticed in this PR that you've added a new Workbook, Analytic rules, Custom tables, and Data connector for Darktrace. To move forward, please package the solution as follows:

• Add the Workbook, Analytic rules, and Data connector to the solution's data file. This is the path of current data file - https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Darktrace/Data/Solution_DarktraceEnterpriseImmuneSystem.json
• Update the solution version.
• Package the solution using the V3 tool: https://github.com/Azure/Azure-Sentinel/blob/master/Tools/Create-Azure-Sentinel-Solution/V3/README.md

Also, please add the new Custom tables to the following folder: https://github.com/Azure/Azure-Sentinel/tree/master/.script/tests/KqlvalidationsTests/CustomTables

Also, update the metadata for the workbook at the path below.
https://github.com/Azure/Azure-Sentinel/blob/master/Workbooks/WorkbooksMetadata.json

Let me know if you need any assistance.
Thanks!

[v-kasghosh]

Hey @seanmacdonald8, do you have any updates on this?

[v-kasghosh]

Hey @seanmacdonald8
We wanted to check on the status of PR 12963. PR is pending for more than 3 weeks. Please let us know if you need any assistance to review this PR. Per our standard operating procedures if no response is received in the next 7 business days, we will close this PR.

Thank you for your cooperation.

[seanmacdonald8]

Hi @v-kasghosh This is still being worked on and we just added some changes. Please don't close the PR. Will have more updates soon. Thanks.

[v-kasghosh]

Hey @seanmacdonald8

Please package the solution using the V3 tool: https://github.com/Azure/Azure-Sentinel/blob/master/Tools/Create-Azure-Sentinel-Solution/V3/README.md

Let me know if you need any help. Thanks!

[v-kasghosh]

Hey @seanmacdonald8, do you have any updates on this?

[v-kasghosh]

Hey @seanmacdonald8
We wanted to check on the status of PR #12963 . PR is pending for more than 30 days. Please let us know if you need any assistance to review this PR. Per our standard operating procedures if no response is received in the next 7 business days, we will close this PR. Thank you for your cooperation.

[seanmacdonald8]

Hey @seanmacdonald8 We wanted to check on the status of PR #12963 . PR is pending for more than 30 days. Please let us know if you need any assistance to review this PR. Per our standard operating procedures if no response is received in the next 7 business days, we will close this PR. Thank you for your cooperation.

Hi there, please don't close the PR. We are still working on this. Thanks!

[v-kasghosh]

hey @seanmacdonald8 ,

Thank you for your reply. Please let us know once your PR is ready for review.
In the meantime, kindly resolve the conflicts so the validation check can begin.

[v-kasghosh]

Hey @seanmacdonald8 , could you please let us know the estimated time you might need to complete this PR?

[dylan-o-sullivan]

After call, moving forward with CCF integration instead of this one

#13523

[v-kasghosh]

I'm closing this PR since the changes have been made in this PR #13523