Conversation
…zure Monitor destinations. Updated the existing file used to import connections into a Tanium Server in the Connect Module that creates the neccessary data pushes to support the Tanium Sentinel Workbooks. These new connections leverage the Azure Logs Ingestion API rather than the depracated HTTP Data Connector API. That way this supports the use of Data Connection Rules (DCR).
Updated the cspell config to use overrides to apply specific dictinaries to specific files, so we don't accidentally let mispellings in because made the allowance too braod. Also removed an unused word from one of the dictionaries and added a new dictionary for data connectors.
Added a new script for Tanium's CI purposes so that we can automate our checks and also filter out the known & documented false positive.
Added a new script for Tanium's CI purposes so that we can automate our checks.
…lished version. Added a new script for Tanium's CI purposes so that we can simply obtain the currently published version of our solution, without all the noise and automate our checks.
…ersion. Added a new script for Tanium's CI purposes so that we can simply obtain the new version of the solution to publish, without all the noise and automate our checks.
…lently. Added a new script for Tanium's CI purposes so that we can build the solution without all the noise in the current script and enable automation of deploying versions for testing.
Did a major refactor of our automation script to allow us to be able to fully automate our checks, validation, build and deployment of this solution to allow us to move faster and test our changes more easily with automation. Also we enabled the cspell-json-reporter to allow for output of the spelling mistakes without interupting our automation scripts.
Added a taskfile to allow for easier calling of our scripts.
Updated the ci to support the local build function versus the catalog mode so we can execute the build version properly. Also updated some minor issues after thorough testing.
Moved some common functionality into a function and updated scripts to use the new functions. Also had to add a new word to the cspell dictionary.
Added a new script to allow us to version our data connectors indvidually, since the existing build tool(s) do not support this. But not doing so defeats semantic versioning. Added some documentation and notes to existing functions. Applied sh formatting tool for consistency Updated the logic that validates our manifes to die at the end, so all manifest issues are displayed to the user. Updated formatting of messages displayed when manifest issues are found and printed to the console. Updated build logic to get the version before building, since the local mode edits the version in the Solution file. Updated build to call the new function to set the connector versions.
…or Basic Inventory Added the initial data connector (ccf push) for the new Tanium data connector. And included everything needed for basic inventory.
Updated the 3.3.0 solution build now that we added another stream
…ream & remove Basic Inventory. Added the stream for Threat Response alerts. However, due to the limitation of only 10 incoming streams, we removed the Basic Inventory stream. Basic Inventory was not used by our workbook, analytics rule, or playbooks. Updated the 3.3.0 build.
…ntel chart labels
Moved the Tanium import file and added readme for Data Connectors. Also updated workbook version and createed final build.
v-shukore
added
Solution
|
Hi @Tanium-Nicole, could you please address the validation failure? It appears to be caused by an incorrect branding name for Sentinel. Please use ‘Microsoft Sentinel’. Thanks! |
Forgot to rebuild the solution after correcting the data connector description to use 'Microsoft Sentinel' instead of just 'Sentinel'
|
@v-shukore yes, thank you! I have corrected that now. So sorry, I fixed the description yesterday but forgot to rebuild the solution. Now it should succeed when you run it next. Thank you so much! |
|
Hi @Tanium-Nicole, review has been completed for this connector could you please share the running CCF data connector screenshot for reference it will help us to proceed to merge this PR. |
|
@v-shukore Please see the attached screenshot. I believe this is what you are asking for. If not, please clarify what you need so that I can get that to you as soon as possible. As for the release, please see that they reference the release notes on our website. It states clearly that we are allowed to host those ourselves. We have our draft ready, but obviously won't publish until the release is Live in Azure via the Marketplace submission. Thanks so much! 
|
|
Hi @Tanium-Nicole, update the releasenotes.md file for adding this new Data Connector. Thanks! |
|
@v-shukore for the release notes, please see that they reference the release notes on our website. It states clearly that we are allowed to host those ourselves. We have our draft ready, but obviously won't publish until the release is Live in Azure via the Marketplace submission. |
|
@v-shukore thanks for the thumbs up, when do you think we will be able to get teh code owner review on this so we can get it merged? We're very eager to get this published. Thanks so much! |
5 participants
Change(s):
Reason for Change(s):
Version Updated:
Testing Completed:
Checked that the validations are passing and have addressed any issues that are present: