Fixing Dragos arm-ttk id from resourceId validation errors (#11726)

* Mitigating arm-ttk errors that docs say we can ignore, but partner center submission rejects. * Fixing custom detail as id bypass resulted in name that was too long * Bumping analytic version due to id name field change. * Solution packaged --------- Co-authored-by: v-prasadboke <v-prasadboke@microsoft.com>
Azure · Feb 3, 2025 · 03d2380 · 03d2380
1 parent 1838656
commit 03d2380
Show file tree

Hide file tree

Showing 6 changed files with 36 additions and 36 deletions.
diff --git a/Solutions/Dragos/Analytic Rules/DragosNotifiction.yaml b/Solutions/Dragos/Analytic Rules/DragosNotifiction.yaml
@@ -37,7 +37,7 @@ alertDetailsOverride:
     - alertProperty: ProductName
       value: AlertProductName
 customDetails:
-  DragosNotificationId: id
+  DragosIdentifier: id
   DragosSeverity: severity
   DragosDetectionQuads: detectionQuads
   DragosCreatedAt: createdAt
@@ -60,6 +60,6 @@ incidentConfiguration:
     lookbackDuration: PT1H
     matchingMethod: Selected
     groupByCustomDetails:
-      - DragosNotificationId
-version: 1.0.0
+      - DragosIdentifier
+version: 1.0.1
 kind: Scheduled
diff --git a/Solutions/Dragos/Package/3.0.0.zip b/Solutions/Dragos/Package/3.0.0.zip
diff --git a/Solutions/Dragos/Package/mainTemplate.json b/Solutions/Dragos/Package/mainTemplate.json
diff --git a/Solutions/Dragos/Parsers/DragosNotificationsToSentinel.yaml b/Solutions/Dragos/Parsers/DragosNotificationsToSentinel.yaml
@@ -10,7 +10,7 @@ FunctionQuery: |
   let existingIncidents = SecurityAlert
     | where ProductName == "Dragos"
     | extend CustomDetails=tostring(parse_json(ExtendedProperties)["Custom Details"])
-    | extend id = toint(extract_json("$.DragosNotificationId[0]", CustomDetails))
+    | extend id = toint(extract_json("$.DragosIdentifier[0]", CustomDetails))
     | project-keep SystemAlertId, id;
   union isfuzzy=true DragosPushNotificationsToSentinel, DragosPullNotificationsToSentinel
     | join kind=leftouter (existingIncidents) on id

diff --git a/Solutions/Dragos/Parsers/DragosPullNotificationsToSentinel.yaml b/Solutions/Dragos/Parsers/DragosPullNotificationsToSentinel.yaml
@@ -26,7 +26,7 @@ FunctionQuery: |
   let existingIncidents = SecurityAlert
       | where ProductName == "Dragos"
       | extend CustomDetails=tostring(parse_json(ExtendedProperties)["Custom Details"])
-      | extend id = toint(extract_json("$.DragosNotificationId[0]", CustomDetails))
+      | extend id = toint(extract_json("$.DragosIdentifier[0]", CustomDetails))
       | project-keep SystemAlertId, id;
   DragosAlerts_CL
   | extend detectionQuads=strcat_array(detectionQuads, ",")

diff --git a/Solutions/Dragos/SolutionMetadata.json b/Solutions/Dragos/SolutionMetadata.json
@@ -1,6 +1,6 @@
 {
     "publisherId": "dragosinc1734451815609",
-    "offerId": "azure-sentinel-solution-dragos",
+    "offerId": "microsoft-sentinel-solution-dragos",
     "firstPublishDate": "2025-01-23",
     "lastPublishDate": "2025-01-23",
     "providers": [