Merge Azure Sentinel Master into fork#26
Open
Phrozyn wants to merge 10000 commits intoarmor:masterfrom
Open
Conversation
Bumps [pyjwt](https://github.com/jpadilla/pyjwt) from 2.4.0 to 2.12.0. - [Release notes](https://github.com/jpadilla/pyjwt/releases) - [Changelog](https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst) - [Commits](jpadilla/pyjwt@2.4.0...2.12.0) --- updated-dependencies: - dependency-name: pyjwt dependency-version: 2.12.0 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [pyjwt](https://github.com/jpadilla/pyjwt) from 2.8.0 to 2.12.0. - [Release notes](https://github.com/jpadilla/pyjwt/releases) - [Changelog](https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst) - [Commits](jpadilla/pyjwt@2.8.0...2.12.0) --- updated-dependencies: - dependency-name: pyjwt dependency-version: 2.12.0 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
AWS EKS: fix missing package
[OpenAI] Add OpenAI solution
- playbookContentId1: 'Playbooks' -> 'CyrenToSentinelOne' - playbookVersion1: '1.0.0' -> '1.0' - Removed spurious Playbooks/_Playbooks variables - displayName: 'Playbooks' -> 'CyrenToSentinelOne' - hidden-SentinelTemplateVersion tag: '1.0.0' -> '1.0' - parentId in inner metadata: single bracket -> double bracket (ARM escape) - Rebuilt 3.0.0.zip with fixed mainTemplate.json
…aybook not visible in Content Hub (Mahesh #13657)
…json — previous commit only rebuilt ZIP
Update WorkbooksMetadata.json
…n-One/Data-Connectors/AzureFunctionTrendMicroXDR/orjson-3.11.6
…n-One/Data-Connectors/orjson-3.11.6
…icro-Vision-One/Data-Connectors/orjson-3.11.6 Bump orjson from 3.9.15 to 3.11.6 in /Solutions/Trend Micro Vision One/Data Connectors
…icro-Vision-One/Data-Connectors/AzureFunctionTrendMicroXDR/orjson-3.11.6 Bump orjson from 3.10.18 to 3.11.6 in /Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR
…customers can now install without both tokens (Cyren-SentinelOne (PR #13657))
…are_urls per purchased feed
…ks (IP Reputation + Malware URL)
…idate all fixes into single release
Add .github/instructions/releasenotes.instructions.md which defines validation and formatting rules for Solutions/**/ReleaseNotes.md (exact 3-column table, specific headers, DD-MM-YYYY dates, semantic X.Y.Z versions in descending order, no duplicates) and includes examples and best practices. Update .github/copilot-instructions.md to add Pull Request review guidelines that require loading the appropriate custom instruction files for SolutionMetadata, Solution Data, and ReleaseNotes, and to specify files/paths to ignore during reviews.
… workspace param, use workspace-name var for Content Hub playbook visibility
Co-authored-by: Jason Heard <heardjasonl@gmail.com>
Add blacklens.io Microsoft Sentinel solution (v1.0.0)
Introduce detailed hunting queries instructions and tighten metadata requirements for detections. - Add new .github/instructions/huntingqueries.instructions.md with field-level validation, KQL best practices, MITRE tactic/technique rules, entity mappings, versioning, examples, and a checklist for Hunting Queries YAML files. - Update .github/copilot-instructions.md to reference and require loading the hunting queries instructions for files under Hunting Queries/Solutions hunting folders. - Extend .github/instructions/detections.instructions.md with a required metadata section for standalone detection files, valid domain categories, examples, and a sample YAML showing a missing-metadata validation case. These changes ensure reviewers apply specific guidance for hunting queries and enforce consistent metadata for standalone detection rules.
…mission Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…rtsGA update configuration steps and remove preview label for GA
Added detection based out of Microsoft Copilot Logs
Lookout v3.0.2: Fix APIKey bracket and rebuild zip — Certification blocker 300.4.1.1
…relight_data_explorer Added Support for Aggregation logs in Corelight Data Expolorer Dashboard
Bump D3 Smart SOAR solution to v3.1.0 for Partner Center resubmission
…rhuntingqueries Add hunting queries co-pilot guidance instructions and metadata rules
Updated schema for Vulnerabilities and WAS Vulnerabilities in Tenable VM
Change trigger event from pull_request to pull_request_target
…ters (Policy 300.4.1.1) Cyren-SentinelOne-ThreatIntelligence playbook definition.parameters had credential params typed as string instead of securestring: - Cyren_IpReputation_JwtToken: string -> securestring - Cyren_MalwareUrl_JwtToken: string -> securestring - SentinelOne_ApiToken: string -> securestring Required for Partner Center certification compliance.
Change token parameters to securestring in the ARM template so JWTs and API tokens are treated as secrets. Updated parameters: Cyren_IpReputation_JwtToken, Cyren_MalwareUrl_JwtToken, and SentinelOne_ApiToken in Solutions/Cyren-SentinelOne-ThreatIntelligence/Package/mainTemplate.json. Also updated the packaged artifact (3.0.0.zip) to include the template change.
…urity-Platform-for-Microsoft-Sentinel/Data-Connectors/LookoutCSConnector/requests-2.33.0
…ecurestring Fix: Cyren-SentinelOne playbook securestring compliance (Policy 300.4.1.1)
…nametoCCF1 remove null values for SentinelOne
…-cloud-public-preview [Imperva Cloud WAF] - promote to public preview
…n-One/Data-Connectors/requests-2.33.0
…-Cloud-Security-Platform-for-Microsoft-Sentinel/Data-Connectors/LookoutCSConnector/requests-2.33.0 Bump requests from 2.31.0 to 2.33.0 in /Solutions/Lookout Cloud Security Platform for Microsoft Sentinel/Data Connectors/LookoutCSConnector
…icro-Vision-One/Data-Connectors/requests-2.33.0 Bump requests from 2.31.0 to 2.33.0 in /Solutions/Trend Micro Vision One/Data Connectors
add space in solution name
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Required items, please complete
Change(s):
Reason for Change(s):
Version Updated:
Testing Completed:
Checked that the validations are passing and have addressed any issues that are present:
Guidance <- remove section before submitting
Before submitting this PR please ensure that you have read the following sections and filled out the changes, reason for change and testing complete sections:
Thank you for your contribution to the Microsoft Sentinel Github repo.
Change(s):
Reason for Change(s):
Version updated:
Testing Completed:
Note: If updating a detection, you must update the version field.
Checked that the validations are passing and have addressed any issues that are present:
Note: Let us know if you have tried fixing the validation error and need help.