VMware SD-WAN and SASE Solution v1.0.0 #9750
Conversation
The first update to include VMware SASE and SD-WAN connector into Azure Sentinel.
Fixed archive link
Added Readme
Fixed Storage Account references in the ARM template.
Pull request ready release: -Fixed table names in Workbook -Fixed table names in Analytics Rules -Fixed table names in Hunting Queries -Fixed Azure ARM template to deploy Function App from ZIP archive.
Added reference documentation.
Custom Table data added for pipeline testing.
Pipeline test fixes: - Removed title tag from SVG logo image - Removed obsolete custom table file - Fixed CWS DLP violation Analytics rule
Added: RequiredDataConnector, ConnectorId and dataType config to rule descriptors.
Minor fixes on the back of Azure Pipelines tests, MITRE tactic update, missing required connector settings, and added "VMwareSASE" to known connector IDs.
Remove entity mappings over the limit for the CWS Policy violation rule.
Added information for solution packaging as requested.
Updated the data connector scripts: 1. Removed unused branches (each script had instructions for every event type, now each script contains instructions for its own event type only 2. Cleaned up EFS-related defs from other scripts, moved global state array to initialize to sanitize EFS script 3. Fixed a number of other CodeQL flags such as variable use, format sanitization, etc.
Minor updates as requested: 1. Fixed the directory structure 2. Updated the archive to reflect directory changes 3. Connector file added
|
Hello @stlaszlo, |
|
Also can you provide me credentials to test function app |
|
@v-prasadboke sent credentials via email with some instructions, but should you need anything, please let me know, I am happy to push this through the finish line. |
|
Hello @stlaszlo, can you share working images of function app |
|
Hello @stlaszlo,
While we can see them in the Solution details |
| aggregationKind: SingleAlert | ||
| customDetails: | ||
| Edge_SerialNr: edgeSerialNumber | ||
| sentinelEntitiesMappings: |
There was a problem hiding this comment.
Hello @stlaszlo, Im not getting this sentinelEntitiesMappings
You can entity mappings over here
| alertDynamicProperties: [] | ||
| customDetails: | ||
| idpsSignatureVersion: idpsSignatureVersion | ||
| sentinelEntitiesMappings: |
There was a problem hiding this comment.
Same is the case here
| alertDynamicProperties: [] | ||
| customDetails: | ||
| idpsSignatureVersion: idpsSignatureVersion | ||
| sentinelEntitiesMappings: |
|
The analytic rules mentioned above are the ones which are not visible in the Content Hub. |
|
@v-prasadboke I will have a look tomorrow as I am on MWC. Thanks for the updates. |
|
Ok Thanks @stlaszlo. |
|
Hello @stlaszlo, Any updates on the above |
Removed stuck Sentinel Entities mapping and replaced them with custom mappings for Edge Serial Number.
|
|
You can share it over here |
|
Hi @v-prasadboke I have attached a ZIP archive of screenshots, I am not sure what are you after, but I've tried attaching screenshots from the App Insights showing logs of successful event retrieval. One thing to note is that I've done a clean deployment, application files are populated in VS Code, but the functions blade is empty. I've attached a working screenshot (function app name starts with laszlo-) and the new deployment. Could you please check the ZIP archive contents and let me know if I've named the files correctly? |
|
Hello @stlaszlo, unable to pull latest commits to my local. |
|
Hey @v-prasadboke, Sure, thanks. Yes, you are still a contributor: |
Change(s):
Added new solution: VMware SD-WAN and SASE (v1.0.0)
Included Function App for VMware Edge Cloud Orchestrator API integration
Included Analytics Rules for VMware SD-WAN and SASE
Included Hunting Queries for VMware SD-WAN and SASE
Included Workbook for VMware SD-WAN and SASE
Reason for Change(s):
New Solution Added
Version Updated:
No
Testing Completed:
Yes
Checked that the validations are passing and have addressed any issues that are present:
Need Help