Initial Release of Dragos Sentinel Solution

[dragosinc-sentinel]

Change(s):

• Adding new Dragos Sentinel Solution

Reason for Change(s):

• Initial release of Dragos Sentinel Solution

Version Updated:

• No. Initial release.

Testing Completed:

• Yes. Tested CCP data connector and parsers used to process CEF data sent via AMA

Checked that the validations are passing and have addressed any issues that are present:

• Yes

[dragosinc-sentinel]

@microsoft-github-policy-service agree company="Dragos Inc."

[dragosinc-sentinel]

I seem to be failing some KQL validations, but the error messages are not helpful. I have been unable to figure out what the issue is as the KQL queries validate and run properly when deployed in Sentinel. There is also an issue with the Analytic Rule that may be related to KQL. Appreciate any help you can provide.

[dragosinc-sentinel]

Resolved the KQL issues and also refactored core Sentinel validations code to support SentinelEntities, this enabled automated validations to pass

[dragosinc-sentinel]

@v-prasadboke or @v-shukore could you please provide some feedback on this PR. Its been a few weeks and we are hoping to get this merged soon.

[v-shukore]

Hi @dragosinc-sentinel, sorry for the delay in response. Already working on it. Will update you soon. Thanks!!

[dragosinc-sentinel]

@v-prasadboke and @v-shukore could you please provide and update or an estimated completion date? I need to coordinate with my colleagues as part of the larger release process that involves this PR along with the Microsoft Partner Center.