Add D3 Smart SOAR data connector v3.0.0#13718
Conversation
- CCF RestApiPoller connector polling D3 Smart SOAR incidents into D3SOARIncidents_CL every 5 minutes - DCR with KQL transform mapping 19 D3 SOAR fields to clean Sentinel column names - Pagination support (Offset, page index increment) - Instruction step title and description added to connector UI - Renamed product label to "D3 Smart SOAR" throughout Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Add IncidentRawData and EventRawData dynamic fields via PollFromSentinel:true API parameter - Rename fields in DCR stream declaration (no-space names required by DCR) - Update DCR transformKql to map and project IncidentRawData/EventRawData - Swap package zip 3.0.0 → 3.0.1 - Add .gitignore to exclude local dev scripts Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Initial release of D3 Smart SOAR Sentinel data connector - Polls incidents every 5 minutes via CCF RestApiPoller - IncidentRawData and EventRawData dynamic fields via PollFromSentinel:true - UTC-based date filtering - Solution folder: Solutions/D3SmartSOAR Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Remove .claude/settings.json and .claude/settings.local.json from tracking - Remove stale 3.0.1.zip - Add .claude/ to root .gitignore to prevent future accidents Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@microsoft-github-policy-service agree company="D3 Security" |
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
v-atulyadav
added
Solution
… SVG - Strip UTF-8 BOM from 5 JSON files (caused ContentValidations, DataConnectorValidations, JsonFileValidation, WorkbooksTemplateValidations failures) - Remove xmlns:xlink attribute from Logos/D3SOAR.svg (caused logoValidator failure) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
Issues reported have been fixed |
CI logoValidator rejects SVGs with style= attributes. Removed the <style> block, metadata, and Adobe boilerplate, inlining fill colors directly as SVG attributes on each path element. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
Fixed the logo issue and pushed. But the other validation failed didn't come from our solution. It's related to other solutions. |
|
Hi @v-atulyadav @v-maheshbh, could you guys help run the workflows again? |
|
Seems like all checks have passed. Could you let me know what's the next step? Thanks! |
v-maheshbh
added
New Solution
|
There is a version mismatch between the main template inside the ZIP and the one outside. Kindly repackage the solution Thanks! |
The mainTemplate.json inside the zip still had version 3.0.2 from the packager auto-bump while the one outside was reset to 3.0.0. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Hi @v-maheshbh I have fixed the version issue. And please kindly check the screenshot of the connector is here: Thanks! |
|
Hi @v-maheshbh, just a kind follow up on this PR. I have fixed the issue you mentioned. Could you let me know what's the next step for my PR, and normally how long it would take for the change to reflect on Azure after merging? Thanks! |
|
The documentation folder is not required. Please place the README file at the root level, consistent with the release notes. Thanks! |
Per PR review feedback: Documentation folder not required, README should be at root level consistent with ReleaseNotes.md. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Already exists at solution root level. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Revert root .gitignore to match upstream and remove solution-level .gitignore, per PR review best practices. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Hi @v-maheshbh , the readme has been moved to the root level. THanks! |
|
Hi @v-maheshbh , all the checks have passed. Could you let me know what the next step would be? Thanks! |
|
hi, @v-maheshbh could you share some information or suggest our next move? we are expecting to see the connector in Sentinel platform. Do we still need to wait the below reviewers' response before the solution can be merged? how could we reach out them? how long does this usually take? Thank you. |
5 participants
Change(s):
D3SOARIncidents_CLcustom table every 5 minutesReason for Change(s):
Version Updated:
Testing Completed:
Checked that the validations are passing and have addressed any issues that are present:
IDs Should Be Derived From ResourceIDsforcontentProductIdandidproperties. PerTools/Create-Azure-Sentinel-Solution/V3/README.md: "If you see arm-ttk error for 'contentProductId' and 'id' for 'Ids should be derived from ResourceIds' then you can ignore this error validations."