Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixed ISSUE #10465 - Sentinel Central Workbook Patch #10466

Merged
merged 4 commits into from
May 24, 2024
Merged

Fixed ISSUE #10465 - Sentinel Central Workbook Patch #10466

merged 4 commits into from
May 24, 2024

Conversation

melatonein5
Copy link
Contributor

Fixed ISSUE #10465 where incidents were not being counted correctly.

Required items, please complete

Change(s):

  • Changed KQL Queries to include an arg_max() to prevent incidents from being counted multiple times in Workbooks\Sentinel_Central.json
  • Updated Change Log in Workbooks\Sentinel_Central.json

Reason for Change(s):

Version Updated:

  • Yes
  • Updated Changelog

Testing Completed:

  • Yes

Checked that the validations are passing and have addressed any issues that are present:

  • Yes

@melatonein5
Fixed issue Azure#10465
347c1e0 
Fixed issue Azure#10465 where incidents were not being counted correctly.
@melatonein5
Reverted Default Time Filter
5872ae8 
Default Time Filter set from 24 hours to 7 days
@melatonein5 melatonein5 requested review from a team as code owners May 10, 2024 09:04
@melatonein5
Copy link
Contributor Author

@microsoft-github-policy-service agree

@melatonein5
Copy link
Contributor Author

Pipeline claiming template failing at offset 200461 due to a resource reference. This is line 4088 , which is "fieldName": "Status", which is obviously not a resource, unless I am missing something.

@v-atulyadav v-atulyadav added the Workbook Workbook specialty review needed label May 13, 2024
@v-rusraut v-rusraut mentioned this pull request May 23, 2024
Closed
v-shukore
v-shukore reviewed May 23, 2024
View reviewed changes
Workbooks/Sentinel_Central.json Outdated
@@ -4248,6 +4211,9 @@
"name": "group - rules"
}
],
"fallbackResourceIds": [
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @melatonein5 could you please remove this block and try

@melatonein5
Copy link
Contributor Author

@v-shukore block removed, checks passed.

@v-atulyadav v-atulyadav merged commit c894ae7 into Azure:master May 24, 2024
22 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@v-atulyadav v-atulyadav v-atulyadav approved these changes

@v-shukore v-shukore v-shukore approved these changes

Assignees

@v-shukore v-shukore

Labels
Workbook Workbook specialty review needed
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@melatonein5 @v-atulyadav @v-shukore