🧹Cleanup and rename analytic keys #11124
Conversation
pemontto
force-pushed
the
fix-analytic-keys
branch
from
7d14eb9 to
1f3d1fc
Compare
pemontto
force-pushed
the
fix-analytic-keys
branch
from
1f3d1fc to
8c74596
Compare
|
There are also additional (and redundant) keys in tactics:
- DefenseEvasion
relevantTechniques:
- T1550.001
[..]
threatAnalysisTactics: [ "DefenseEvasion" ]
threatAnalysisTechniques: [ "T1550.001" ] |
|
Hello @pemontto, Can you try to resolve falling validations |
pemontto
force-pushed
the
fix-analytic-keys
branch
from
8c74596 to
f049ed7
Compare
|
Accidentally forced pushed without commit. Re-opening with fixed tactics |
pemontto
force-pushed
the
fix-analytic-keys
branch
2 times, most recently
from
6035f6f to
c3366ce
Compare
pemontto
force-pushed
the
fix-analytic-keys
branch
from
c3366ce to
d2169dc
Compare
|
@v-prasadboke, looking good now. Haven't dug into how the validator works, but it still wasn't happy with |
|
@v-prasadboke anything else need here? |
|
@v-prasadboke any feedback, or is this OK to be merged? |
|
Hello @pemontto, Please repackage the Solutions. Please go through this documentation to package the solutions |
|
@v-prasadboke repackaged these with no other changes. |
|
@v-prasadboke do you want/need me to repackage this again, or do you want to merge master into this branch? |
|
@v-prasadboke I can combine this and #11199 into a single MR if you'd prefer? |
| @@ -39,13 +39,12 @@ entityMappings: | |||
| fieldMappings: | |||
| - identifier: HostName | |||
| columnName: hosts_s | |||
| sentinelEntitiesMappings: null | |||
There was a problem hiding this comment.
irrelevant deletion
packaging tool automatically removed this field
| @@ -4,7 +4,7 @@ description: 'Digital Shadows Analytic rule for generating Microsoft Sentinel in | |||
| severity: Medium | |||
| requiredDataConnectors: | |||
| - connectorId: DigitalShadows | |||
| dataTypes: | |||
There was a problem hiding this comment.
irrelevant removal of whitespace
packaging tool automatically removes this blankspace
| @@ -6,7 +6,6 @@ requiredDataConnectors: | |||
| - connectorId: MimecastSIEMAPI | |||
| dataTypes: | |||
| - MimecastSIEM_CL | |||
| enabled: true | |||
There was a problem hiding this comment.
irrelevant deletion
tool automatically removes this
|
Also we cannot remove this properties from the rules as it may lead to incorrect format in future As for Solution with typo correction for use until then you can close all of your PR's 😊😊 Thanks and sorry for the delay in response |
|
We wanted to check on the status of PR #11124. PR is pending for more than 10+ days. Please let us know if you need any assistance to review this PR. Per our standard operating procedures if no response is received in the next 7 business days, we will close this PR. Thank you for your cooperation. |
|
Since we have not received a response in the last 7 days, we are closing your PR #11124 per our standard operating procedures. If you still need support for this issue, you can re-open the PR at any time. If you do re-open, we simply request that you ensure the PR has response to the last request. Thank you for your cooperation. |
Required items, please complete
Change(s):
Reason for Change(s):
Version Updated: ✅
Testing Completed: ✅
Checked that the validations are passing and have addressed any issues that are present: