Update IPEntity_AppServiceHTTPLogs.yaml

[TommyJohansson]

Template was broken, added missing column.

Required items, please complete

Change(s):

• Added missing column in IPEntity_AppServiceHTTPLogs.yaml

Reason for Change(s):

• Template was broken

Version Updated:

• Yes

Testing Completed:

• Yes

Checked that the validations are passing and have addressed any issues that are present:

• Edited local template and uploaded it i the UI without issues

[v-maheshbh]

HI @TommyJohansson Kindly accept CLA.
thanks!

[TommyJohansson]

@microsoft-github-policy-service agree

[TommyJohansson]

@v-maheshbh Sure, but i think my comment was not the correct way to accept the CLA. Can you please give me some guidance on where/how i accept it ?

[v-maheshbh]

HI @TommyJohansson Try this @microsoft-github-policy-service agree company="Company name" add in comment.

Thanks!

[TommyJohansson]

@microsoft-github-policy-service agree company="SentorSecurity"

[TommyJohansson]

@v-maheshbh Guess that didnt work.

[TommyJohansson]

@v-maheshbh How to we fix this ?

[v-maheshbh]

Hi @TommyJohansson Kindly package solution.
Thanks!

[v-maheshbh]

Hi @TommyJohansson Kindly check above comment.

Thanks!

[TommyJohansson]

@v-maheshbh Sorry this is my first pull-request and i don't know what that mean or what i should do?

[v-maheshbh]

Hi @TommyJohansson KIndly package solution using v3 tool. You can find the V3 tool here:
https://github.com/Azure/Azure-Sentinel/blob/master/Tools/Create-Azure-Sentinel-Solution/V3/README.md

thanks!

[SteveBurkettNZ]

Concur with Tommy's change here, the existing analytics rule for AppServiceHTTPLogs wouldn't save in Microsoft Sentinel with an error:

Failed to save analytics rule 'TI map IP entity to AppServiceHTTPLogs'. BadRequest:Error in AlertDetailsOverride: The given column 'AlertPriority' does not exist.

Adding AlertPriority to the final project line allowed me to save it.

@v-maheshbh, I'd expect that a Microsoft employee (or v- user) should be doing the final packaging here, I gather that Tommy is just a member of the general public, like myself?

[TommyJohansson]

@SteveBurkettNZ Yeah im just a security analyst and not a Microsoft employee, not a developer either 😅

That step of creating a "package solution" was a bit hard to grasp, maybe i need try it again.

[v-maheshbh]

Hi @TommyJohansson
This Threat Intelligence solution will be deprecated in the future. Since we now have the updated solution, Threat Intelligence (NEW), [https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Threat%20Intelligence%20(NEW)]
please apply the same changes to the new solution as well. Also, is there any reason why the changes were applied to the old solution?

Thanks!

[TommyJohansson]

I have created a new pull-request for the "NEW" solution, it had the same issue.