Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Samsung Knox Asset Intelligence Sentinel Solution #11586

Open
wants to merge 22 commits into
base: master
Choose a base branch
from

Conversation

sean-mcclelland
Copy link

Required items, please complete

Change(s):

  • Add Samsung Knox Asset Intelligence Sentinel Solution

Reason for Change(s):

  • PR for adding the new Samsung Knox Asset Intelligence Sentinel Solution

Version Updated:

  • N/A -- First version

Testing Completed:

  • Yes

Checked that the validations are passing and have addressed any issues that are present:

  • Yes

@sean-mcclelland sean-mcclelland requested review from a team as code owners December 19, 2024 05:57
@sean-mcclelland
Copy link
Author

@microsoft-github-policy-service agree company="Samsung"

@v-prasadboke
Copy link
Contributor

Hello @sean-mcclelland, Thanks for raising this PR. This PR will be investigated and we will provide you an update about the same before 24 December, 2024

@v-prasadboke
Copy link
Contributor

I see this PR has CCP connector. Please refer this connector and readme for CCP files arrangement and mapping
Connector

readme

@v-prasadboke v-prasadboke self-assigned this Dec 19, 2024
@v-prasadboke v-prasadboke added Connector Connector specialty review needed Solution Solution specialty review needed Codeless Connector Platform (CCP) Connector labels Dec 19, 2024
sean-mcclelland and others added 10 commits December 18, 2024 22:32
Add Samsung's Data Connector Definition, "SamsungDCDefinition", to ValidConnectorId's.
Samsung Knox Asset Intelligence Sentinel Solution Analytics Rules changes to fix issues reported during validation. Add missing fields for Analytics Rules that did not have tactics or techniques.
Add Samsung Knox's Sentinel Solution Custom tables to Azure Sentinel's KqlvalidationsTests Custom Tables list to help pass validation.
Corrected validations and re-packaged the solution.
fixing DataConnectorValidations & KqlValidations checks
updated AnalyticsRule, fix validations and repackage
@@ -0,0 +1,16 @@
{
"publisherId": "samsungelectronics1734042706970",
"offerId": "samsung-knox-asset-intelligence-sentinel",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please include azure-sentinel in offerid

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The offerId field has been updated. Thanks!

groupingConfiguration:
enabled: false
reopenClosedIncident: false
lookbackDuration: 5h
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please replace 5h with 5H in all the analytic rules

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This has been corrected now. Thanks!

@v-prasadboke
Copy link
Contributor

Hello @sean-mcclelland, Can you please provide me write access to your branch

@v-prasadboke
Copy link
Contributor

Also can you please tell me what kind of this Data connector is ?

I'm confused about it.
When I deployed the data connector to portal, It was not visible

@sean-mcclelland
Copy link
Author

Also can you please tell me what kind of this Data connector is ?

I'm confused about it. When I deployed the data connector to portal, It was not visible

@v-prasadboke Thank you for your help reviewing this PR. This PR contains a REST API (Push to Microsoft Sentinel) based Data Connector so it is not exactly a CCP based approach. This product is for Samsung Knox Asset Intelligence customers and allows them to push security logs from their devices to their Azure Sentinel setups via the Samsung KAI Cloud Services. Customers set up their configuration directly in the KAI Service Portal after which logs are pushed via their provided DCE/Generated url.

When it deploys you should see something similar to:
Screenshot 2024-12-23 at 2 56 34 PM

@jaspreet-saini will update this PR shortly with your two requested fixes.

jaspreet-saini and others added 2 commits December 23, 2024 15:28
update

fix analytics rule and repackage solution
Fix offerId and analytics rule and repackage solution
@v-prasadboke
Copy link
Contributor

Hello @sean-mcclelland, Can we get on a call. I have some doubts about the parameters declared in Data connectors.
Please share your time zone and availability so that we can plan according the same.

You can ping me directly teams as well at [email protected]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Codeless Connector Platform (CCP) Connector Connector Connector specialty review needed Solution Solution specialty review needed
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants