-
Notifications
You must be signed in to change notification settings - Fork 3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Samsung Knox Asset Intelligence Sentinel Solution #11586
base: master
Are you sure you want to change the base?
Conversation
Add Samsung Knox Asset Intelligence Sentinel Solution to Azure Sentinel
Add Samsung KAI Sentinel Solution
Update Workbooks Metadata to include support for Samsung Knox Asset Intelligence
@microsoft-github-policy-service agree company="Samsung" |
Hello @sean-mcclelland, Thanks for raising this PR. This PR will be investigated and we will provide you an update about the same before 24 December, 2024 |
Add Samsung's Data Connector Definition, "SamsungDCDefinition", to ValidConnectorId's.
Samsung Knox Asset Intelligence Sentinel Solution Analytics Rules changes to fix issues reported during validation. Add missing fields for Analytics Rules that did not have tactics or techniques.
Add Samsung Knox's Sentinel Solution Custom tables to Azure Sentinel's KqlvalidationsTests Custom Tables list to help pass validation.
Fix analytics rules
Corrected validations and re-packaged the solution.
fixing DataConnectorValidations & KqlValidations checks
updated AnalyticsRule, fix validations and repackage
@@ -0,0 +1,16 @@ | |||
{ | |||
"publisherId": "samsungelectronics1734042706970", | |||
"offerId": "samsung-knox-asset-intelligence-sentinel", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
please include azure-sentinel in offerid
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The offerId field has been updated. Thanks!
groupingConfiguration: | ||
enabled: false | ||
reopenClosedIncident: false | ||
lookbackDuration: 5h |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please replace 5h with 5H in all the analytic rules
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This has been corrected now. Thanks!
Hello @sean-mcclelland, Can you please provide me write access to your branch |
Also can you please tell me what kind of this Data connector is ? I'm confused about it. |
@v-prasadboke Thank you for your help reviewing this PR. This PR contains a REST API (Push to Microsoft Sentinel) based Data Connector so it is not exactly a CCP based approach. This product is for Samsung Knox Asset Intelligence customers and allows them to push security logs from their devices to their Azure Sentinel setups via the Samsung KAI Cloud Services. Customers set up their configuration directly in the KAI Service Portal after which logs are pushed via their provided DCE/Generated url. When it deploys you should see something similar to: @jaspreet-saini will update this PR shortly with your two requested fixes. |
update fix analytics rule and repackage solution
Fix offerId and analytics rule and repackage solution
Hello @sean-mcclelland, Can we get on a call. I have some doubts about the parameters declared in Data connectors. You can ping me directly teams as well at [email protected] |
Required items, please complete
Change(s):
Reason for Change(s):
Version Updated:
Testing Completed:
Checked that the validations are passing and have addressed any issues that are present: