Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Initial version of baseVISION TI Solution #11855

Open
wants to merge 13 commits into
base: master
Choose a base branch
from
Open

Initial version of baseVISION TI Solution #11855

wants to merge 13 commits into from

Conversation

ThomasKur
Copy link

Required items, please complete

Change(s):

  • Initial version of baseVISION TI Solution

Reason for Change(s):

  • New solution

Version Updated:

  • Not required

Testing Completed:

  • Yes

Checked that the validations are passing and have addressed any issues that are present:

  • Yes

@ThomasKur ThomasKur requested review from a team as code owners February 26, 2025 07:38
@ThomasKur
Copy link
Author

@microsoft-github-policy-service agree company="baseVISION AG"

@v-prasadboke v-prasadboke self-assigned this Feb 26, 2025
@v-prasadboke
Copy link
Contributor

Please add workbook metadata to this file
https://github.com/Azure/Azure-Sentinel/blob/master/Workbooks/WorkbooksMetadata.json

v-prasadboke
v-prasadboke reviewed Mar 3, 2025
View reviewed changes
...ISION Threat Intelligence/Playbooks/la-basevisionti-telemetry/la-basevisionti-telemetry.json
"version": "0.30.23.60470",
"templateHash": "14242225795612779748"
},
"title": "baseVISION Threat Intel - Telemetry",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please add postdeployment steps in metadata. You can refer to any other playbook for the same

Solutions/baseVISION Threat Intelligence/data/Solution_basevisionTI.json Outdated
"Name": "baseVISION Threat Intelligence",
"Author": "baseVISION - support@basevision.ch",
"Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/baseVISION%20Threat%20Intel/Workbooks/Images/baseVISION.svg\" width=\"75px\" height=\"75px\">",
"Description": "The baseVISION Threat Intel Feeds offering provides tactical threat intelligence to detect and protect against known threats within an organization's environment before they can cause harm. The service leverages multiple sources integrated into its platform, curated and maintained by specialists to ensure quality, including Indicators of Compromise (IOCs), confidence levels, and expiration. The sources include data gathered from customers during incident analysis and response, as well as paid feeds from highly rated threat intelligence providers.\n\n**Important:** _This Sentinel Solution provides additional components to our Threat Intel Feeds which can be bought via Microsoft Azure Marketplace._\r\n\n",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

instead of just sentinel use Microsoft Sentinel

@ThomasKur ThomasKur requested a review from a team as a code owner March 4, 2025 15:36
@ThomasKur ThomasKur closed this Mar 4, 2025
@ThomasKur
Copy link
Author

Please add workbook metadata to this file https://github.com/Azure/Azure-Sentinel/blob/master/Workbooks/WorkbooksMetadata.json

@ThomasKur ThomasKur reopened this Mar 4, 2025
@v-prasadboke
Copy link
Contributor

Hello @ThomasKur, Can you provide me write access to your branch.

@ThomasKur
Copy link
Author

ThomasKur commented Mar 12, 2025
edited
Loading

Hello @ThomasKur, Can you provide me write access to your branch.

Provided the access @v-prasadboke

@v-atulyadav v-atulyadav added the Solution Solution specialty review needed label Mar 19, 2025
v-prasadboke
v-prasadboke reviewed Mar 19, 2025
View reviewed changes
...ISION Threat Intelligence/Playbooks/la-basevisionti-telemetry/la-basevisionti-telemetry.json
"laName": "[parameters('PlaybookName')]",
"azureSentinelConnectionName": "[format('{0}-azmon-connection', parameters('PlaybookName'))]",
"uamiName": "[format('{0}-uami', parameters('PlaybookName'))]",
"roleDefinitionSentinelReaderId": "8d289c81-5878-46d4-8554-54e1e3d8b5cb"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please change name of "roleDefinitionSentinelReaderId"
remove id from the variable name. it is causing an arm ttk failure

ThomasKur
ThomasKur commented Mar 21, 2025
View reviewed changes
Copy link
Author

@ThomasKur ThomasKur left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks for updating

# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@v-prasadboke v-prasadboke v-prasadboke left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@v-prasadboke v-prasadboke

@v-shukore v-shukore

Labels
Solution Solution specialty review needed
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@ThomasKur @v-prasadboke @v-atulyadav @v-shukore