Add Vaikora AI Agent Signals to CrowdStrike — Microsoft Sentinel Solution v1.0.0#13984
Open
mazamizo21 wants to merge 51 commits intoAzure:masterfrom
Open
Add Vaikora AI Agent Signals to CrowdStrike — Microsoft Sentinel Solution v1.0.0#13984mazamizo21 wants to merge 51 commits intoAzure:masterfrom
mazamizo21 wants to merge 51 commits intoAzure:masterfrom
Conversation
v-shukore
added
the
New Solution
Contributor
|
Hi @mazamizo21 Thanks! |
mazamizo21
force-pushed
the
feature/vaikora-crowdstrike-azure-v1.0.0
branch
from
7d68c28 to
f3ea143
Compare
added 5 commits
April 3, 2026 11:01
Contributor
Author
|
Hi @v-maheshbh — done! Repackaged with version 3.0.0. |
…aApiKey) — ARM validates clean
…rams/vars, fix location
…ntId1), parentId bracket, arm-ttk clean (47-48/49 matching Cyren baseline)
…c App (playbook was invisible in Sentinel Automation tab)
…ntion, param casing
Vaikora GET /api/v1/actions returns {actions:[...], total:N} not bare array.
Fix For_Each 'from' expression to extract ?['actions'].
Fixes VaikoraToCrowdStrike_Playbook.json + mainTemplate.json (PR Azure#13984).
Same fix applied to vaikora-sentinelone-azure cf4bfa8 and
vaikora-azure-security-center via separate commit.
Contributor
|
Hi @mazamizo21 Kindly review file changes and removed the solution not part of this PR. Thanks! |
added 3 commits
April 8, 2026 07:17
Reverted Cyren-SentinelOne-ThreatIntelligence package files back to upstream master. These changes were accidentally included and don't belong in the Vaikora CrowdStrike solution PR.
These changes belong in a separate PR. Reverting Solution data, Playbook, ReleaseNotes, and package zip back to upstream master.
Restoring Cyren-SentinelOne-ThreatIntelligence to the exact state from before this branch. Removes 3.0.1.zip, reverts Solution data, Playbook, mainTemplate, and ReleaseNotes. These changes belong in their own separate PR.
Contributor
Author
|
Hi @v-maheshbh — removed the Cyren-SentinelOne-ThreatIntelligence files that were accidentally included. The PR now only contains the Vaikora-CrowdStrike-ThreatIntelligence solution (v3.0.0). Ready for re-review. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Vaikora AI Agent Signals to CrowdStrike — Microsoft Sentinel Solution v1.0.0
This PR adds a Logic App playbook solution that polls Vaikora AI agent behavioral signals and pushes high-severity indicators as Custom IOCs to CrowdStrike Falcon.
What's included
Logic App Playbook (VaikoraToCrowdStrike_Playbook.json)
GET /api/v1/actionsfor high-risk + anomalous agent actionsPOST /iocs/entities/indicators/v1Signal Mapping
Parameters
Publisher
Data443 Risk Mitigation, Inc. — support@data443.com