Skip to content

Fix filtering and field normalisation so as to allow for URL type IOC#13240

Closed
cg-techgw wants to merge 2 commits intoAzure:masterfrom
cg-techgw:fix_filtering_for_URL_IOC
Closed

Fix filtering and field normalisation so as to allow for URL type IOC#13240
cg-techgw wants to merge 2 commits intoAzure:masterfrom
cg-techgw:fix_filtering_for_URL_IOC

Conversation

@cg-techgw
Copy link
Copy Markdown

@cg-techgw cg-techgw commented Dec 4, 2025

Addresses #13238

Change(s):

  • Fix logic to allow for URL type indicators in rule

Reason for Change(s):

Version updated:

  • Yes

Testing Completed:

  • Yes

Checked that the validations are passing and have addressed any issues that are present:

  • Yes

@cg-techgw
Fix filtering and field normalisation so as to allow for URL type IOC
b1b92f8 
Addresses Azure#13238
The filtering was making later operations referring to rows with ObservableKey "url:value" redundant. 
This meant that only IOC of the "domain-name" type were being compared against WebSession logs, greatly reducing coverage for ThreatIntelIndicator content.
@cg-techgw cg-techgw requested review from a team as code owners December 4, 2025 13:59
@v-shukore v-shukore added the Solution Solution specialty review needed label Dec 5, 2025
@v-maheshbh
Update Threat Intelligence (NEW) to version 3.0.12
b04ebc2 
Bump solution version to 3.0.12 in mainTemplate.json and update analytic rule versions. Simplify and unify data connector descriptions in createUiDefinition.json. Add managementUri variable and update Entra ID access token instructions. Include new 3.0.12.zip package. Update release notes accordingly.
@v-maheshbh
Copy link
Copy Markdown
Contributor

v-maheshbh commented Dec 11, 2025
edited by v-sabiraj
Loading

Hi @cg-techgw

Kindly accept CLA by adding comment line @microsoft-github-policy-service agree [company="{your company}"]

Thanks!

@v-utpalkumar v-utpalkumar linked an issue Dec 12, 2025 that may be closed by this pull request
Analytic rule "TI map Domain entity to Web Session Events (ASIM Web Session schema)" not processing Url #13238
Closed
@v-utpalkumar
Copy link
Copy Markdown
Contributor

v-utpalkumar commented Dec 12, 2025

Hello @cg-techgw,

Kindly update @microsoft-github-policy-service agree [company="{your company}"]

Thanks!

@v-utpalkumar
Copy link
Copy Markdown
Contributor

v-utpalkumar commented Dec 15, 2025

Hello @cg-techgw,

Please update @microsoft-github-policy-service agree [company="{your company}"]

Thanks!

@v-utpalkumar v-utpalkumar removed a link to an issue Dec 29, 2025
Analytic rule "TI map Domain entity to Web Session Events (ASIM Web Session schema)" not processing Url #13238
Closed
@v-maheshbh
Copy link
Copy Markdown
Contributor

v-maheshbh commented Feb 3, 2026

Closing this PR as the issue team is currently working on the resolution. They will raise a new PR with the required fixes.

Thank you for your cooperation.

@v-maheshbh v-maheshbh closed this Feb 3, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@v-maheshbh v-maheshbh

Labels

Solution Solution specialty review needed

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@cg-techgw @v-maheshbh @v-utpalkumar @v-shukore