MongoDB Atlas Solution

[stevelordbq]

Required items, please complete

Change(s):

• Initial version of Solution contain MongoDB Atlas Administration API connector for Logs

Reason for Change(s):

• Initial version

Version Updated:

• Required only for Detections/Analytic Rule templates

Testing Completed:

• No

Checked that the validations are passing and have addressed any issues that are present:

• Yes - one false positive

[stevelordbq]

@stevelordbq please read the following Contributor License Agreement(CLA). If you agree with the CLA, please reply with the following information.

@microsoft-github-policy-service agree [company="{your company}"]

Options:

• (default - no company specified) I have sole ownership of intellectual property rights to my Submissions and I am not making Submissions in the course of work for my employer.

@microsoft-github-policy-service agree

• (when company given) I am making Submissions in the course of work for my employer (or my employer has intellectual property rights in my Submissions by contract or applicable law). I have permission from my employer to make Submissions and enter into this Agreement on behalf of my employer. By signing below, the defined term “You” includes me and my employer.

@microsoft-github-policy-service agree company="Microsoft"

Contributor License Agreement

@microsoft-github-policy-service agree company="MongoDB"

[v-maheshbh]

Hi @stevelordbq JSON does not support comments, Kindly remove the comment line from azure deploy file.
and To fix the logo validation issue, open the logo file in Visual Studio Code and look for the id property. Replace it with a new GUID, which is a 16-character unique identifier. You can generate a GUID online and update the id property with it.
Thanks!

[stevelordbq]

Hi @stevelordbq JSON does not support comments, Kindly remove the comment line from azure deploy file. and To fix the logo validation issue, open the logo file in Visual Studio Code and look for the id property. Replace it with a new GUID, which is a 16-character unique identifier. You can generate a GUID online and update the id property with it. Thanks!
I have removed the comments @v-maheshbh .
I'm a bit confused by the svg id comment. The validation error is stating the file contains an xmlns:xlink link, which it does. I have now removed that. There are two id fields in the file and . I'm unsure which, if either, I should set to a GUID value. I'll resubmit with just the xmlns:xlink link removed and see if it clear the error.

[v-maheshbh]

Hi @stevelordbq For Logo validation Kindly, refer to a valid logo example from the Azure-Sentinel repository
to ensure compliance with the required standards. Additionally, please review your submission for any KQL (Kusto Query Language) validation errors.
Thanks.

[stevelordbq]

Hi @stevelordbq For Logo validation Kindly, refer to a valid logo example from the Azure-Sentinel repository to ensure compliance with the required standards. Additionally, please review your submission for any KQL (Kusto Query Language) validation errors. Thanks.

Hi @v-maheshbh. I think I have fixed the logo file.
For the failing KQL validation test, it looks like the test can't find the table MDBALogTable_CL.
I understand I need to provide a .scripts/tests/KqlvalidationsTests/CustomTables/MDBALogTable_CL.json.
This was already present in the PR. My only observation here was that it contained a TenantId column that I don't specify when creating the actual table. I have removed that so it matches my definition, although I understand the column will be present in the actual table anyway.
If this fails I don't understand what the issue is.

[stevelordbq]

Many thanks @v-maheshbh. I thought I had created file MDBALogTable_CL with extension json, but obviously not. Well spotted.

[v-maheshbh]

Hi @stevelordbq Kindly add a valid email ID in the Author section, update BasePath to C:\GitHub\Azure-Sentinel\solutions\MongoDBAtlas and version to 3.0.0, and remove Analytic Rules: n, Workbooks: n, and Playbooks if not needed. for reference refer existing azure-sentinel solution.
Thanks

[stevelordbq]

CLA is agreed but check shows it isn't. Is there something I am missing @v-maheshbh ?

[stevelordbq]

Hi @v-maheshbh . I see you have updated my PR. Thank you. Aside from the Solution_MongoDBAtlas.json escape character change, is there anything else you spotted?

QQ, if I update Solution_MongoDBAtlas.json etc should I regenerate Package/ again and submit the new version as part of the PR, or should I be generating Package/ at all? It looks there are several checks that are skipping files as it doesn't think they are from the same origin.

[DianaMDB]

Hi Team,
Could you please help us with an ETA of when the checks will be completed and we can move to the next phase ? Sorry, but we have some tight timelines, hence the request.

[v-maheshbh]

Hi @stevelordbq I observed that a typo correction made earlier has not been reflected in the main template. Kindly repackage the updated version to ensure consistency across all documents.

Additionally, please review the UI file and verify whether the "Note" and "Important" sections are necessary. If they are not required, kindly remove them from the data file and also remove duplicate link.

Could you please also share the invocation logs of the running data connector?

Thanks!

[v-maheshbh]

Hi @stevelordbq Kindly share the invocation logs of the running data connector.
Please accept CLA and remove the duplicate link from data file and package it.

Thanks.

[stevelordbq]

Hi @v-maheshbh,
Regarding the CLA, I've already responded with a comment: @microsoft-github-policy-service agree company="MongoDB"
as per the instruction @microsoft-github-policy-service agree [company="{your company}"], but this doesn't pass according to the checks. Do I have the right syntax or is it looking for a specific format for the MongoDB company name?

I'm asked to provide invocation logs. Is a link to the logs sufficient?

[stevelordbq]

@v-maheshbh Invocation logs link: https://portal.azure.com/#view/WebsitesExtension/FunctionTabMenuBlade/~/invocations/resourceId/%2Fsubscriptions%2Fc44249e9-ee17-4d0a-b530-f6afe565af65%2FresourceGroups%2Fmongodbsentinel-rg-v1%2Fproviders%2FMicrosoft.Web%2Fsites%2Ffa-mdba-c5vd3mwogxpka%2Ffunctions%2FGetMDBALogs

[v-maheshbh]

Hi @stevelordbq I don’t have access to the Invocation logs link. Could you please share a screenshot of the logs instead?
Thnaks!

[stevelordbq]

@v-maheshbh please find attached invocation logs screen shot and log content.
If possible please group any other comments so we can address them all promptly. Thank you

[v-maheshbh]

Hi @stevelordbq Thank you for providing the logs. Kindly proceed to accept the Contributor License Agreement (CLA) by commenting:
@microsoft-github-policy-service agree company="MongoDB"

Thanks!

[DianaMDB]

Hi @v-maheshbh ,
Thank You for all your help.
Can I accept the CLA ? All I have to do is add a comment here saying : @microsoft-github-policy-service agree company="MongoDB" ?
Also, we had a small set of delta code changes which we did while this PR was under process. It was suggested by Leo Leong, to hold on from committing those changes, to prevent impact on the processing of the current PR.. Please suggest if we should add a new commit in this PR or add a new PR - please suggest whatever is faster ..
Thanks in advance..

[v-maheshbh]

Hi @DianaMDB Yes, please proceed with accepting the CLA. A new pull request can be submitted with the changes at a later time.
Thanks!

[DianaMDB]

@microsoft-github-policy-service agree company="MongoDB"

[DianaMDB]

@v-maheshbh - CLA accepted.. We will raise a new PR post merging of this one for the delta changes.. Hope that will be processed faster.. Thanks

[v-maheshbh]

@microsoft-github-policy-service agree company="Microsoft"