New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Just initialize this new branch for Cohesity internal collaboration/r… #2
base: master
Are you sure you want to change the base?
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@yinghuang123 , I finished my review. Please submit changes before you submit another round of reviews to Microsoft.
@ishitagupta25 , please chime in, too. In a few comments I specifically tagged you if I think that you should do the change.
DataConnectors/CohesitySecurity/Helios2Sentinel/IncidentConsumer/local.settings.json
Outdated
Show resolved
Hide resolved
DataConnectors/CohesitySecurity/Helios2Sentinel/IncidentConsumer/local.settings.json
Outdated
Show resolved
Hide resolved
* need to rewrite GetAccessTokenAsync function | ||
* as it uses obsolete technology to get the bearer token. | ||
*/ | ||
internal async Task<string> GetAccessTokenAsync(string uri) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Rewrite GetAccessTokenAsync function as it uses obsolete technology to get the bearer token. Here's the migration guide to new authentication functions. Please remember that the new authentication mechanism may nit need TenantID, ClientID and and ClientKey, so you'll also have to apply changes in local.settings.json and the corresponding ARM templates.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
put this one to lower priority.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You can also check how other pieces of code authenticate, e.g. https://github.com/cohesity/Azure-Sentinel/blob/CohesitySecurity.internal/Tools/Sample%20Code/AzureSentinel-ManagementAPICsharp/AzureSentinel_ManagementAPI/Incidents/IncidentsController.cs.
Also, check how we can put all secrets to the KeyVault to enable key rotation (see example at https://github.com/cohesity/Azure-Sentinel/tree/CohesitySecurity.internal/DataConnectors/AzureStorage#readme)
DataConnectors/CohesitySecurity/Helios2Sentinel/IncidentConsumer/IncidentConsumer.cs
Outdated
Show resolved
Hide resolved
Tools/Create-Azure-Sentinel-Solution/input/Solution_CohesitySecurity.json
Outdated
Show resolved
Hide resolved
Tools/Create-Azure-Sentinel-Solution/input/Solution_CohesitySecurity.json
Outdated
Show resolved
Hide resolved
Tools/Create-Azure-Sentinel-Solution/input/Solution_CohesitySecurity.json
Outdated
Show resolved
Hide resolved
Tools/Create-Azure-Sentinel-Solution/input/Solution_CohesitySecurity.json
Outdated
Show resolved
Hide resolved
Added link to the playbook template
Updated link to Azure deployment
First draft of deployment instructions
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Deleted comments about pre-built binaries
Added references to other deployment instructions
Fixed link for the package directory
Typo
Fixed step #1
Escaped URL
Fixing build instructions URL
Fixing URL again
Setting ref line
Deployment steps corrections
Minor fixes
Fixed typos
Added TBD for package directory
Corrected playbook description
Testing ARM
--- ./Solutions/CohesitySecurity/Data Connectors/helios_connector.json +++ ./Solutions/CohesitySecurity/Package/createUiDefinition.json +++ ./Solutions/CohesitySecurity/Package/mainTemplate.json update the build script.
Changed URI
Trying different link
Another URI test
Another link test
URI test
rename cohesity.config to cohesity.json, and update the build.ps1, readme.md. The github/codeql-action/autobuild keeps failing, but DataConnectors/CohesitySecurity/Helios2Sentinel build succeeded, as shown in following log. thus will disable the autobuild work flow. ============================= MSBuild version 17.4.0+18d5aef85 for .NET Determining projects to restore... Restored /Users/ying.huang/workspace/Azure-Sentinel/DataConnectors/CohesitySecurity/Helios2Sentinel/IncidentConsumer/IncidentConsumer.csproj (in 241 ms). Restored /Users/ying.huang/workspace/Azure-Sentinel/DataConnectors/CohesitySecurity/Helios2Sentinel/IncidentProducer/IncidentProducer.csproj (in 241 ms). /Users/ying.huang/workspace/Azure-Sentinel/DataConnectors/CohesitySecurity/Helios2Sentinel/IncidentProducer/IncidentProducer.cs(65,34): warning CS1998: This async method lacks 'await' operators and will run synchronously. Consider using the 'await' operator to await non-blocking API calls, or 'await Task.Run(...)' to do CPU-bound work on a background thread. [/Users/ying.huang/workspace/Azure-Sentinel/DataConnectors/CohesitySecurity/Helios2Sentinel/IncidentProducer/IncidentProducer.csproj] IncidentProducer -> /Users/ying.huang/workspace/Azure-Sentinel/DataConnectors/CohesitySecurity/Helios2Sentinel/IncidentProducer/bin/Debug/net6.0/Helios2Sentinel.dll /Users/ying.huang/workspace/Azure-Sentinel/DataConnectors/CohesitySecurity/Helios2Sentinel/IncidentConsumer/IncidentConsumer.cs(30,32): warning CS0618: 'AuthenticationContext.AcquireTokenAsync(string, ClientCredential)' is obsolete: 'Microsoft.IdentityModel.Clients.ActiveDirectory is deprecated and replaced with Microsoft.Identity.Client. To migrate a daemon application, or service to service flow, see https://aka.ms/adal-to-msal-net/daemon' [/Users/ying.huang/workspace/Azure-Sentinel/DataConnectors/CohesitySecurity/Helios2Sentinel/IncidentConsumer/IncidentConsumer.csproj] /Users/ying.huang/workspace/Azure-Sentinel/DataConnectors/CohesitySecurity/Helios2Sentinel/IncidentConsumer/IncidentConsumer.cs(39,51): warning SYSLIB0014: 'WebRequest.Create(Uri)' is obsolete: 'WebRequest, HttpWebRequest, ServicePoint, and WebClient are obsolete. Use HttpClient instead.' [/Users/ying.huang/workspace/Azure-Sentinel/DataConnectors/CohesitySecurity/Helios2Sentinel/IncidentConsumer/IncidentConsumer.csproj] IncidentConsumer -> /Users/ying.huang/workspace/Azure-Sentinel/DataConnectors/CohesitySecurity/Helios2Sentinel/IncidentConsumer/bin/Debug/net6.0/IncidentConsumer.dll Build succeeded. /Users/ying.huang/workspace/Azure-Sentinel/DataConnectors/CohesitySecurity/Helios2Sentinel/IncidentProducer/IncidentProducer.cs(65,34): warning CS1998: This async method lacks 'await' operators and will run synchronously. Consider using the 'await' operator to await non-blocking API calls, or 'await Task.Run(...)' to do CPU-bound work on a background thread. [/Users/ying.huang/workspace/Azure-Sentinel/DataConnectors/CohesitySecurity/Helios2Sentinel/IncidentProducer/IncidentProducer.csproj] /Users/ying.huang/workspace/Azure-Sentinel/DataConnectors/CohesitySecurity/Helios2Sentinel/IncidentConsumer/IncidentConsumer.cs(30,32): warning CS0618: 'AuthenticationContext.AcquireTokenAsync(string, ClientCredential)' is obsolete: 'Microsoft.IdentityModel.Clients.ActiveDirectory is deprecated and replaced with Microsoft.Identity.Client. To migrate a daemon application, or service to service flow, see https://aka.ms/adal-to-msal-net/daemon' [/Users/ying.huang/workspace/Azure-Sentinel/DataConnectors/CohesitySecurity/Helios2Sentinel/IncidentConsumer/IncidentConsumer.csproj] /Users/ying.huang/workspace/Azure-Sentinel/DataConnectors/CohesitySecurity/Helios2Sentinel/IncidentConsumer/IncidentConsumer.cs(39,51): warning SYSLIB0014: 'WebRequest.Create(Uri)' is obsolete: 'WebRequest, HttpWebRequest, ServicePoint, and WebClient are obsolete. Use HttpClient instead.' [/Users/ying.huang/workspace/Azure-Sentinel/DataConnectors/CohesitySecurity/Helios2Sentinel/IncidentConsumer/IncidentConsumer.csproj] 3 Warning(s) 0 Error(s) Time Elapsed 00:00:03.65
+++ ./Solutions/CohesitySecurity/Tools/createSolutionV2.ps1
Add test: Match up test between Sentinel and Helios.
…#9) Fetch alerts in a large interval and cache them to avoid missing them Helios can insert alerts because of which Producer may miss alerts because Producer only fetches alerts in the last 5 minutes. This period is now increased to 24 hours and a blob is used to store the previous alert ID to avoid pushing duplicate alerts in to the queue.
* add test cases, to do match up test between sentinel and helios. * hide/remove this file * some small changes according to review feedback. * add these files to parse alert.json +++ ./Solutions/CohesitySecurity/Tests/Alert.py +++ ./Solutions/CohesitySecurity/Tests/Alert.test.py some other small changes. * add/update comments in codes. change from apiKey to api_key * small changes based on review feedback. add/update comments. * rename files. add comments, small changes according to review feedback. * add this renamed file. * remove old file * add the new renamed file. * small changes. * fix the indent issue. * small changes based on feedback. * split the long lines. some renames +++ ./Solutions/CohesitySecurity/Tests/helios.test.py * move recover.json inside Data folder. add comments. * update the variables to be snake case.
"find Solutions/CohesitySecurity -type f -iname \*.py -exec black -l 79 {} \;" to format our py codes.
* add Test for theCohesity_Restore_From_Last_Snapshot playbook some other minor changes. * post resolve some merge conflicts. * add some comments. * small update according to feedback. * small changes according to review feedback.
* add test cases, to do match up test between sentinel and helios. * hide/remove this file * some small changes according to review feedback. * add Test for theCohesity_Restore_From_Last_Snapshot playbook some other minor changes. * post resolve some merge conflicts. * add some comments. * small update according to feedback. * small changes according to review feedback. * add def get_latest_playbook_run, and only use it to test playbooks. * add back some old changes. and small changes according to review feedback. * add back some old changes. and small changes according to review feedback. * small changes according to review feedback. * move the poll of status and assert codes inside playbook_run function. * add timeout to the get_latest_playbook_run loop.
You have successfully added a new CodeQL configuration |
You have successfully added a new CodeQL configuration |
You have successfully added a new CodeQL configuration |
…r related changes.
…o CohesitySecurity.internal
Rubrik Solution Update (#2)
…internal # Conflicts: # Solutions/CohesitySecurity/Data Connectors/Helios2Sentinel/remove.py # Solutions/CohesitySecurity/Tests/az.py # Solutions/CohesitySecurity/Tests/az.test.py # Solutions/CohesitySecurity/cohesity.json # Solutions/CohesitySecurity/json_parser.sh
…internal # Conflicts: # Solutions/CohesitySecurity/Data Connectors/Helios2Sentinel/remove.py # Solutions/CohesitySecurity/Tests/az.py # Solutions/CohesitySecurity/Tests/az.test.py # Solutions/CohesitySecurity/cohesity.json # Solutions/CohesitySecurity/json_parser.sh
#16) some refactoring, add def test_cohesity_createorupdate_servicenow_incident. some refactoring and changes according to review feedback.
"Please ensure at least one folder has content for the test." | ||
) | ||
|
||
returncode, run_id, client_tracking_id = run_playbook( |
Check notice
Code scanning / CodeQL
Unused local variable Note
"Please ensure at least one folder has content for the test." | ||
) | ||
|
||
returncode, run_id, client_tracking_id = run_playbook( |
Check notice
Code scanning / CodeQL
Unused local variable Note
"Please ensure at least one folder has content for the test." | ||
) | ||
|
||
returncode, run_id, client_tracking_id = run_playbook( |
Check notice
Code scanning / CodeQL
Unused local variable Note
|
||
snow_system_ids = get_snow_system_ids(incident_details) | ||
|
||
returncode, run_id, client_tracking_id = run_playbook( |
Check notice
Code scanning / CodeQL
Unused local variable Note
|
||
snow_system_ids = get_snow_system_ids(incident_details) | ||
|
||
returncode, run_id, client_tracking_id = run_playbook( |
Check notice
Code scanning / CodeQL
Unused local variable Note
|
||
snow_system_ids = get_snow_system_ids(incident_details) | ||
|
||
returncode, run_id, client_tracking_id = run_playbook( |
Check notice
Code scanning / CodeQL
Unused local variable Note
please hide this from public branch.
* refactor and implement the automation for cohesity solution. * manual update the cohesity.json. * change according to review feedback.
…eview.
Required items, please complete
Change(s):
Reason for Change(s):
Version Updated:
Testing Completed:
Checked that the validations are passing and have addressed any issues that are present:
Guidance <- remove section before submitting
Before submitting this PR please ensure that you have read the following sections and filled out the changes, reason for change and testing complete sections:
Thank you for your contribution to the Microsoft Sentinel Github repo.
Change(s):
Reason for Change(s):
Version updated:
Testing Completed:
Note: If updating a detection, you must update the version field.
Checked that the validations are passing and have addressed any issues that are present:
Note: Let us know if you have tried fixing the validation error and need help.