Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature/1password #9980

Open
wants to merge 223 commits into
base: master
Choose a base branch
from
Open

Feature/1password #9980

wants to merge 223 commits into from
+14,713 −1

Conversation

azurekid
Copy link
Contributor

@azurekid azurekid commented Feb 19, 2024
edited

image

Change(s):

  • Added the following artifacts:

Alert Rules

- 1Password - Changes to firewall rules.yaml
- 1Password - Changes to SSO configuration.yaml
- 1Password - Disable MFA factor or type for all user accounts.yaml
- 1Password - Log Ingestion Failure.yaml
- 1Password - Manual account creation.yaml
- 1Password - New service account integration created.yaml
- 1Password - Non-privileged vault user permission change.yaml
- 1Password - Potential insider privilege escalation via group.yaml
- 1Password - Potential insider privilege escalation via vault.yaml
- 1Password - Privileged vault permission change.yaml
- 1Password - Secret extraction post vault access change by administrator.yaml
- 1Password - Service account integration token adjustment.yaml
- 1Password - Successful anomalous sign-in.yaml
- 1Password - User account MFA settings changed.yaml
- 1Password - User added to privileged group.yaml
- 1Password - Vault export post account creation.yaml
- 1Password - Vault export prior to account suspension or deletion.yaml
- 1Password - Vault export.yaml

Data Connector

  • 1Password_API_FunctionApp.json

    Workbooks

    • 1Password.json

    Reason for Change(s):

    • New feature for Microsoft Sentinel Content Hub

    Version Updated:

    • Yes

    Testing Completed:

    • Yes

    Checked that the validations are passing and have addressed any issues that are present:

    • In Progress

@azurekid
initial checkin
054585c
@azurekid
added test rule
eb121b1
@azurekid
added log_source
75a8867
@azurekid
updated defaults
60f101b
@azurekid
removed comment
568944e
@azurekid
remove empty lines
eb6ad38
@azurekid
rebuild file
5725949
@azurekid
removed obsolete files
786f2a6
@azurekid
compiling linked templates
cc33169
@azurekid
added parameter file
2c18123
@azurekid
removed parameter file added default values
4615f3f
@azurekid
added reference value
b296b9d
@azurekid
updated parameters
d988ee8
@azurekid
changed keyvault property
d9059c0
@azurekid
disabled softdelete
c47aacc
@azurekid
updated api key reference
e526790
@azurekid
changed softdelete
5cd5479
@azurekid
app packageUri
2ec8380
@azurekid
added missing character
20770f2
@azurekid
added extension deployment
2c263ac
@azurekid
added extension with packageUri
da173d5
@azurekid
fixed dependsOn
22b9ddd
@azurekid
troubleshooting
58a4dba
@azurekid
updated function code
4ec7057
@azurekid
updated results array
c151ced
@azurekid
created relative resources
9f4263f
@azurekid
added dependency
8b5bf47
@azurekid
revert
1e3cde7
@azurekid
dependency on appSettings
9c946a7
@azurekid
removed dependecy
9fc9915
@scottisloud
Copy link

@v-prasadboke Looks like we're all squared away and just awaiting review from MS. Let me or @azurekid know if there are any other changes required.
If you have an ETA for when you may be able to review this PR, then that'd be appreciated as we coordinate resources on the 1Password side of things.

@azurekid
Copy link
Contributor Author

azurekid commented May 7, 2024

@v-prasadboke , @v-atulyadav, @urajat, could one of you kindly provide a response? We missed our go-live date, and it's crucial to know if there are any updates or impediments. This PR has been ongoing for 90 days now, and clarity would be greatly appreciated.

@v-prasadboke
Copy link
Contributor

Hello @azurekid, Sorry was on leave till yesterday from last saturday. Was waiting for your committs to complete.
I'll get starting with this

@azurekid
Copy link
Contributor Author

azurekid commented May 8, 2024

Hello @azurekid, Sorry was on leave till yesterday from last saturday. Was waiting for your committs to complete.
I'll get starting with this

Hi @v-prasadboke ,
I hope you enjoyed your holiday. It is always good to recharge the internal battery once in a while.

Let's see if we can wrap this up together today.
I will make sure I have availability to swiftly pickup any change request.

@scottisloud FYI

@v-prasadboke
Copy link
Contributor

Hello @azurekid, Can you update this branch from master once

@azurekid
Copy link
Contributor Author

azurekid commented May 9, 2024

Hello @azurekid, Can you update this branch from master once

Just did 👍

@azurekid
Copy link
Contributor Author

azurekid commented May 13, 2024
edited

Hello @azurekid, Can you update this branch from master once

Just did 👍

Hi @v-prasadboke,
I noticed you did some updates on the parser file.
I have removed the parser as this contained an error and is not required in the current solution release.

Also added some extra error handling in the function code and zip file.

Now it seems to fail on the KQL in the 1Password_API_FunctionApp.json where I am sure the code is absolutely correct. Maybe @vakohl can help us out :-)

@v-prasadboke
match committ
31605fa 
latest commits from PR
@v-prasadboke
Copy link
Contributor

v-prasadboke commented May 16, 2024
edited

Hello @azurekid, I'm trying to resolve the KQL validation issue. It is for Data connector. I've raised a Draft PR where im working on it.

#10475

@azurekid
Copy link
Contributor Author

azurekid commented May 16, 2024
edited

Hello @azurekid, I'm trying to resolve the KQL validation issue. It is for Data connector. I've raised a Draft PR where im working on it.
I can give you access to my environment if you want to test it against 1Password data where I have the solution running.

#10475

Okay cool!
When running the queries in the LA it comes with result.
Also when using the data connector valid results are shown in the MS Sentinel data connector

@v-prasadboke
Copy link
Contributor

Hello @azurekid, On my test branch, I was looking for the cause for validation failure.
As per my analysis and investigation I've came to known the issue which is causing the validation failure is not about the code in the file.

Even I tried to replace the code in the data connector with another data connector.

We can skip this validation failure but need to discuss this within team whether the validation failure is legit or not OR can it be skipped

Thanks and sorry for the delay in response.

@azurekid
Copy link
Contributor Author

Hello @azurekid, On my test branch, I was looking for the cause for validation failure. As per my analysis and investigation I've came to known the issue which is causing the validation failure is not about the code in the file.

Even I tried to replace the code in the data connector with another data connector.

We can skip this validation failure but need to discuss this within team whether the validation failure is legit or not OR can it be skipped

Thanks and sorry for the delay in response.

Thanks! I am glad we came to the same conclusion regarding this.
We wanted to go live around RSA with this solution as a lot of customers are waiting for a supported integration between 1Password and Microsoft Sentinel.

Would love to see how we can put a bit more pressure on it so organizations can start to test the preview version and provide us with valuable feedback.

@scottisloud for visibility

@v-prasadboke
Copy link
Contributor

Hello @azurekid, On my test branch, I was looking for the cause for validation failure. As per my analysis and investigation I've came to known the issue which is causing the validation failure is not about the code in the file.
Even I tried to replace the code in the data connector with another data connector.
We can skip this validation failure but need to discuss this within team whether the validation failure is legit or not OR can it be skipped
Thanks and sorry for the delay in response.

Thanks! I am glad we came to the same conclusion regarding this. We wanted to go live around RSA with this solution as a lot of customers are waiting for a supported integration between 1Password and Microsoft Sentinel.

Would love to see how we can put a bit more pressure on it so organizations can start to test the preview version and provide us with valuable feedback.

@scottisloud for visibility

Noted @azurekid, Will get this complete soonest

@scottisloud
Copy link

Thanks @azurekid and @v-prasadboke for all of your hard work to help bring this solution across the finish line.

@v-atulyadav v-atulyadav mentioned this pull request May 29, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@v-prasadboke v-prasadboke v-prasadboke left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@v-prasadboke v-prasadboke

Labels
Solution Solution specialty review needed
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@azurekid @v-prasadboke @scottisloud @v-atulyadav