Adding Azure DevOps data connector and onboarding scripts

[azurekid]

Required items, please complete

Change(s):

• Adding data connector for Azure DevOps

Reason for Change(s):

• Didn't exist yet

Version Updated:

• Required only for Detections/Analytic Rule templates
• See guidance below

Testing Completed:

• Tested and validated see screenshots reamd.md for proof

Checked that the validations are passing and have addressed any issues that are present:

• See guidance below

[azurekid]

removed external links from templates and documentation

[azurekid]

@vmanojreddy I've also created a PR for the issue causing this pipeline not to run succesfully:
#4738

[v-spadarthi]

@azurekid :Please resolve the validation checks (DataConnectorValidations)

[v-marimanda]

@azurekid Logo need to svg format not be in png format. thanks!!

[v-marimanda]

@azurekid In Create UI Definition logo not displaying properly. Please correct logo format and update in Create UI Definition. thanks!!!

[v-marimanda]

@azurekid Please provide correct folder structure. Please refer below path for the folder structure.
Refer pat:https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Alsid%20For%20AD

[azurekid]

@azurekid Please provide correct folder structure. Please refer below path for the folder structure. Refer pat:https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Alsid%20For%20AD

@vmanojreddy
Thanks for the feedback, Do I also need to follow the solutions structure for just a data connector?
If so, I will update the folder structure with pleasure of course

[azurekid]

Okay as it seems, My folder was reused to create a AzureDevOps solution only containing Analytics Rules and Hunting Rules.
All work that wsa put in creating a custom Data Connector for Azure DevOps is gone and assumably lost.

The whole purpose of this PR in the first place was just a data connector for MS Sentinel, and after a lot of messages to create a solution package of it I did. Because of this some else overwritten all my code, and is it gone now.

How would you like to proceed, as there is now a Azure DevOps Auditing solution in MS Sentinel, but no connector to ingest the required data. :-(

I hope you do understand that I am not very happy right now after putting in a lot of free evening hours.

Please take the time first to read and see the whole communication history in this PR since April 27th before reacting!
@v-spadarthi @v-marimanda @NikTripathi @v-mchatla @oshezaf

[v-mchatla]

Hi @azurekid ,
We really appreciate your patience and continued support on this. I agree that this is a long pending PR but we are also occupied with solution migration during that phase. Now we are actively working on the GIT Hub Prs to get it closure as soon as it's get created. The only way is that we can create a v2 version of the package for you. I will also check with team on how to proceed in this case and keep you posted.
In the meantime, can you please confirm on the content we will be using for the new package. Can I add data connector to the existing Azure devops Auditing package which is alredy having Analytic rules and hunting queries.
Thanks

[v-mchatla]

Hi @azurekid
Please confirm on the content, we will create package based on your inputs.
Thanks

[azurekid]

Yes, I am nowcin the process of redeployment in my own tenant to make sure everything still works as expected. ETA is 12h CET

[v-mchatla]

Thanks for the update!!!

[v-mchatla]

Hi @azurekid,
I hope you have already started working on it. Let me know if you need any help over there.
Thanks

[azurekid]

Hi @v-mchatla, I have updated the solution files according to the documentation and tested it in my own dev environment

[v-mchatla]

Hi @azurekid
I Really appreciate your efforts in accommodating the requested changes.
I could see 2 different folders for AzureDevopsAuditing. Can we just have one and place all the content inside that. Please refer to this folder structure if required.

[v-mchatla]

Hi @azurekid,
Please accommodate the requested changes and resolve conflicts.
Thanks

[v-mchatla]

Hi @azurekid,
Can you please address suggested changes.
Thanks

[v-mchatla]

Hi @azurekid,
Sorry for multiple follow ups, It would be great if you can spare some time to address the suggested changes.
Thanks

[v-mchatla]

Hi @azurekid,
Please address the comments.
Thanks

[azurekid]

Hi @v-mchatla very busy lately unfortunately.
Folders can be merged indeed. Ca nyou guys do that, as I have some issues with my local branches and stuff. :-/

[v-mchatla]

Hi @azurekid,
Thanks for the response. I will discuss with team and try to fix it from our end.
Thanks

[v-mchatla]

Hi @azurekid,
Currently we are working on priority items, I will let you know once I discussed with team and make respective changes.
Thanks

[v-mchatla]

Hi @azurekid,
Please expect some delay, as we are currently occupied with priority items. We will come back to you soon.
Thanks

[v-mchatla]

Hi @azurekid,
Thanks for understanding, will let you know once your changes are done.
Thanks

[v-spadarthi]

@v-mchatla : Please have a look and provide your feedback.

[v-mchatla]

Hi @azurekid,
Team is occupied with priority work. I will discuss about the timelines for fixing this and comeback to you.
Thanks

[v-mchatla]

Hi @azurekid,
Team is occupied with priority work. I will discuss about the timelines for fixing this and comeback to you.
Thanks

[v-mchatla]

Hi @azurekid,
Please expect some delay, as we are currently occupied with priority items. We will come back to you with timelines for fixing this.
Thanks

[v-mchatla]

Hi @azurekid,
We have added this to our backlog item, will let you know once done with the changes.
Thanks

[v-mchatla]

Hi @azurekid,
We have added this to our backlog item, will let you know once done with the changes.
Thanks

[v-mchatla]

Hi @azurekid,
We have added this to our backlog item, will let you know once done with the changes.
Thanks

[v-mchatla]

Hi @azurekid,
I'm going work on this today. Will share you the update by EOD.
Thanks

[v-mchatla]

Hi @azurekid,
As its long pending PR and having lot of conflicts, I have created a new PR #7005 with the data connector and packaging changes. You can track the status in that PR and also post your queries there. I'm still testing the changes will get it reviewed and merged the changes as soon as possible.
Thanks