Merge Azure Sentinel Master into fork#26
Open
Phrozyn wants to merge 10000 commits intoarmor:masterfrom
Open
Conversation
Paging bug fix
…ration-change [Tenable App][rsyslog] - Change in rsyslog configuration
some name fixes
* Remove PII sample values from UEBABehaviorsAnalysisWorkbook Replaced hardcoded sample PII values with empty strings: - AWS IAM ARN - Incident time timestamp - Time window values (24h and 12h) * Packaged --------- Co-authored-by: shlomimaa10-art <shlomimaa10@gmail.com> Co-authored-by: v-atulyadav <v-atulyadav@microsoft.com>
Handle multiple offers in GetCatalogDetails
connector id added to ValidConnectorIds.json
- Changed paging from Offset to PersistentToken to prevent duplicate ingestion - Offset paging resets to 0 each poll cycle; Cyren API clamps low offsets to startOffset, causing ~99.99% duplicate records (1.19M ingested, 100 unique) - PersistentToken saves last offset across poll cycles via JSONPath extraction - Added ago(2d) filter in DCR transform as additional cost protection - Removed old 3.0.0.zip and 3.0.1.zip packages
Visa TI Solution for Microsoft Sentinel Content hub
- Restore functionCode.zip that was accidentally deleted during folder restructure The Function App template references this zip via WEBSITE_RUN_FROM_PACKAGE but the file was removed in commit 4c731dd per reviewer request without relocation - Remove workspace-scoped roleAssignment resources from Function App template These cause InvalidTemplate errors when deployed through Content Hub template specs (@ character parsing failure). No other Azure-Sentinel solution uses workspace-scoped roleAssignments in Function App templates. Role assignments are now documented as post-deployment steps matching the standard pattern (Fortinet, Zscaler, etc.) - Version bump to 3.0.1
…etadata to replace default 1.0.0
Bumps [cryptography](https://github.com/pyca/cryptography) from 3.4.8 to 46.0.5. - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](pyca/cryptography@3.4.8...46.0.5) --- updated-dependencies: - dependency-name: cryptography dependency-version: 46.0.5 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [cryptography](https://github.com/pyca/cryptography) from 41.0.3 to 46.0.5. - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](pyca/cryptography@41.0.3...46.0.5) --- updated-dependencies: - dependency-name: cryptography dependency-version: 46.0.5 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [cryptography](https://github.com/pyca/cryptography) from 42.0.8 to 46.0.5. - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](pyca/cryptography@42.0.8...46.0.5) --- updated-dependencies: - dependency-name: cryptography dependency-version: 46.0.5 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [cryptography](https://github.com/pyca/cryptography) from 43.0.1 to 46.0.5. - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](pyca/cryptography@43.0.1...46.0.5) --- updated-dependencies: - dependency-name: cryptography dependency-version: 46.0.5 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
…blockaad Updating permissions for blockaad user incident trigger
…s to 3.2.3 Release bump to version 3.2.3: adds the packaged release archive (Solutions/Microsoft Business Applications/Package/3.2.3.zip) and updates mainTemplate.json to reference 3.2.3 across the solution variable, resource descriptions, content/version fields for workbooks, analytic rules, hunting queries, playbooks, and parsers. Also adjusts technique IDs in a few rule/query entries (T0819 -> T1190).
…SessionEssentials_LinkFix [Network Session Essentials]: Links fixed. Removed review.
…imDnsActivityLogs Add missing field (EventSchemaVersion) to ASimDnsNative parsers
* Fix typos * [ASIM Parsers] Generate deployable ARM templates from KQL function YAML files. --------- Co-authored-by: Derrick Lee <derricklee@microsoft.com> Co-authored-by: github-actions[bot] <>
Update WorkspaceUsage.json
--- updated-dependencies: - dependency-name: aiohttp dependency-version: 3.13.3 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bump Microsoft.OperationalInsights/savedSearches apiVersion from 2022-10-01 to 2025-07-01 for hunting queries in mainTemplate.json, remove the HTML deprecation note about the legacy Log Analytics agent from solution metadata (Solution_Windows Security Events.json, createUiDefinition.json, mainTemplate.json), and refresh the packaged solution zip (3.0.12.zip). These changes align saved search resources with a newer API version and clean up installer documentation.
Update savedSearches apiVersion and solution description
CrowdSecurity PlayBook - Detect Authentication from suspicious IPs
Checkout PR branch; block fork test infra changes
Add-agentless-release
Update mainTemplate.json to use Microsoft.OperationalInsights API version 2025-07-01 for savedSearches and workspace savedSearches resources. Also bump the ExchagngeSuspiciousFileDownloads.yaml detection version from 1.0.4 to 1.0.5 and refresh the packaged solution (3.2.3.zip) to include these changes.
Change parameter types from "string" to "securestring" for sensitive parameters (connectorDefinitionName, workspace, tenantId, clientId, clientSecret, auditHost, innerWorkspace, etc.) across multiple parameter blocks in Solutions/Microsoft Business Applications/Package/mainTemplate.json. The packaged artifact Solutions/Microsoft Business Applications/Package/3.2.3.zip was also updated to reflect these template changes.
Updated technique in hunting query and Microsoft Business Application…
Add a missing period and normalize trailing spaces on the 3.0.2 entry in Solutions/WithSecureElementsViaFunction/ReleaseNotes.md for consistency.
Add support of lacking event types
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Required items, please complete
Change(s):
Reason for Change(s):
Version Updated:
Testing Completed:
Checked that the validations are passing and have addressed any issues that are present:
Guidance <- remove section before submitting
Before submitting this PR please ensure that you have read the following sections and filled out the changes, reason for change and testing complete sections:
Thank you for your contribution to the Microsoft Sentinel Github repo.
Change(s):
Reason for Change(s):
Version updated:
Testing Completed:
Note: If updating a detection, you must update the version field.
Checked that the validations are passing and have addressed any issues that are present:
Note: Let us know if you have tried fixing the validation error and need help.