Add another backend in Intel471 solution#13187
Conversation
|
Hello, when can we expect this change to be merged? Is there anything that needs to be done on our end? |
|
Hi @mmolenda |
|
@v-maheshbh I packaged the solution. Please verify |
|
Hi @mmolenda Modify the BasePath to the following structure: Please update the Release Notes with the current date, include the latest comment using a break tag, repackage the solution, and attach the testing screenshot. Thanks! |
|
@v-maheshbh I repackaged the solution. Screenshots below. 
|
Changed the storage account API version from '2022-09-01' to '2023-04-01' in mainTemplate.json for improved compatibility. Consolidated release notes entries for version 3.0.0 in ReleaseNotes.md. Updated 3.0.0.zip package file.
|
Hi @mmolenda Thanks! |
|
@v-maheshbh I granted you access |
|
Hi @v-maheshbh, do you have an idea when it might be merged? Let me know if I can do anything to help move it forward. |
|
Hi @mmolenda Thanks! |
|
hi @v-maheshbh, any update on this? |
There was a problem hiding this comment.
Pull request overview
This pull request adds support for Intel 471's new Verity471 backend platform alongside the existing Titan backend, enabling users to ingest malware indicators from either API. The changes also include performance improvements by switching from loop-based to query-based indicator filtering.
Key Changes:
- Added Verity471 API backend support with separate credential handling
- Updated documentation to reference both Titan and Verity platforms
- Migrated from Upload Indicators API to UploadStixObjects API
- Added backend selection parameter to ARM template
- Updated query examples for new ThreatIntelIndicators table
Reviewed changes
Copilot reviewed 8 out of 11 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| ReleaseNotes.md | Updated version date and added description of Verity471 backend support |
| malware-intelligence-screenshot.png | Binary image file update (deployment diagram) |
| README.md | Comprehensive documentation updates covering Verity backend, new API references, credential storage, and updated query examples |
| azuredeploy.json | Template file for Graph Security integration (title updated to indicate deprecation) |
| testParameters.json | New test parameters file for ARM template validation |
| createUiDefinition.json | Minor formatting improvements to solution description |
| Solution_Intel471.json | Updated BasePath (contains issue - see comments) |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
Hi @mmolenda The error message encountering, InvalidTemplate, indicates that there is an issue with the template language expressions in your Azure Resource Manager (ARM) template. Specifically, the error message states that the template variable RequestParamSize is not found. This means that the template is trying to use a variable that hasn't been defined or is not accessible in the current context so kindly review playbook added [Solutions/Intel471/Playbooks/Intel471-ImportMalwareIntelligenceToSentinel/azuredeploy.json] Thanks! |
|
@v-maheshbh it's fixed now, please review. |
Changed the API version for listKeys from '2022-09-01' to '2023-04-01' in two locations within mainTemplate.json to use the latest supported version. Also updated the associated package archive.
|
Hi @mmolenda Thanks! |
Change(s):
Added the Verity471 backend in the Intel471 solution for ingesting malware indicators.
Improved performance by switching from a regular loop to a query-based approach for indicator filtering.
Reason for Change(s):
Intel471 has launched its new Verity471 platform, and this update enables the new API.
Version Updated:
Yes
Testing Completed:
Yes
Validated and resolved any issues found:
Yes