Add Miro solution for Microsoft Sentinel#13248
Conversation
|
@microsoft-github-policy-service agree [company="Miro"] |
|
@microsoft-github-policy-service agree company="Miro" |
ilia-sretenskii
force-pushed
the
miro-solution-v3.0.0
branch
2 times, most recently
from
26e4450 to
345279f
Compare
v-atulyadav
added
Solution
|
Update the branch from master to resolve ARM-TTK validation issues. Thanks! |
Adds Miro solution with two CCF data connectors for ingesting Miro audit logs and content activity logs into Microsoft Sentinel. Components: - Miro Audit Logs connector (Enterprise Plan) - Miro Content Logs connector (Enterprise Plan + Enterprise Guard) - Solution metadata with 7 domain categories - Data collection rules and custom tables - ARM templates for deployment - README.md with installation and configuration guide - ReleaseNotes.md for version 3.0.0
Improve README formatting and consistency: - Standardize section header capitalization - Improve punctuation and grammar consistency - Update OAuth documentation link to non-expiring tokens - Change "Method" to "Option" for better clarity - Remove redundant CCF dependency section
- Update publisherId to realtimeboardincdbamiro1645117589045 - Update README with improved overview description - Rebuild package with V3 tool
ilia-sretenskii
force-pushed
the
miro-solution-v3.0.0
branch
from
31421df to
a28c57a
Compare
I have updated the branch from master and also updated it with our correct @v-maheshbh , please review the updated pull-request. |
- Move logo from Solutions/Miro/Logo/Miro.svg to Logos/Miro.svg to follow repository convention - Update Solution_Miro.json to reference centralized logo: https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Miro.svg - Delete the now-empty Solutions/Miro/Logo directory - Rebuild solution package with V3 tool to reflect logo URL change This ensures the logo file exists on master branch when referenced, fixing logo-validation workflow failure.
The logo has been moved to the centralized Logos directory. Removing the now-unused Solutions/Miro/Logo/Miro.svg file.
|
Hi @ilia-sretenskii Thanks! |
@v-maheshbh , here is the screenshot. What kind of invocation logs can we provide? |
Kindly attach the invocation logs from the running data connector. 
Thanks! |
|
@v-maheshbh , thank you! I suppose it might be related to "Content Hub", but for some reason that section of Sentinel is displaying just this: 
|
Invocation Logs from Running Data ConnectorsHi @v-maheshbh, here are the invocation logs from the deployed Miro data connectors. How These Logs Were RetrievedThe invocation logs were captured from Azure Log Analytics by querying the deployed data connector tables using the Azure CLI: # Query Miro Audit Logs ingestion activity
az monitor log-analytics query \
-w <workspace-id> \
--analytics-query "MiroAuditLogs_CL | summarize IngestionCount = count() by bin(TimeGenerated, 12h) | order by TimeGenerated desc"
# Query Miro Content Logs ingestion activity
az monitor log-analytics query \
-w <workspace-id> \
--analytics-query "MiroContentLogs_CL | summarize IngestionCount = count() by bin(TimeGenerated, 12h) | order by TimeGenerated desc"These queries show the actual data ingestion pattern by time, proving the connectors are actively polling and ingesting data. Connector Invocation SummaryBoth CCF connectors are deployed and actively running:
Data Ingestion TimelineMiro Audit Logs - Invocation History
Miro Content Logs - Invocation History
Deployment & Activation TimelineActivity Log shows successful connector operations:
Proof of Active Data FlowLatest sample records from the tables (queried via Most Recent Audit Log Entry:
Most Recent Content Log Entry:
Summary✅ Both CCF connectors deployed successfully The connectors are fully operational and continuously collecting data from Miro APIs. Thanks! |
Official Connector Invocation LogsHi @v-maheshbh, here are the invocation logs from the deployed Miro data connectors using the SentinelHealth table. How to Retrieve These LogsThe Miro solution uses CCF (Codeless Connector Framework), which is a managed Microsoft service. Unlike traditional Azure Functions, CCF connectors don't appear as Function App resources. Instead, invocation logs are available through the SentinelHealth table in Log Analytics. Verification that no Function Apps are created (CCF is managed by Microsoft): az functionapp list --resource-group <resource-group>
# Returns: 0 Function Apps (CCF handles infrastructure)Query for invocation logs in SentinelHealth (equivalent to Azure Function "Invocations" tab): SentinelHealth
| where SentinelResourceType == "Data connector"
| where SentinelResourceName contains "Miro"
| order by TimeGenerated descMiro Audit Logs Connector - Invocations
Polling Frequency: Every 50 minutes - 1 hour Miro Content Logs Connector - Invocations
Polling Frequency: Every 50 minutes - 1 hour Summary:
Thanks! |
5 participants
Change(s)
MiroAuditLogs_CL,MiroContentLogs_CL)Reason for Change(s)
Version Updated
Testing Completed
Checked that the validations are passing and have addressed any issues that are present