XBOW Sentinel Connector Update - April 2026#14145
Merged
Merged
Conversation
…ved structure and clarity
…assessment events
…ts and detail adjustments in analytic rules
Contributor
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
Updates the XBOW Microsoft Sentinel solution to align with XBOW Public API 2026-04-01, including a solution version bump and corresponding content/template updates.
Changes:
- Bumped solution/package version to 3.0.1 and added release notes entry.
- Updated the Azure Function connector to use API version
2026-04-01, improve 400 handling, and enrich assessment events (AttackCredits/RecentEvents). - Updated analytic rule customDetails keys and incident grouping customDetails accordingly.
Reviewed changes
Copilot reviewed 8 out of 10 changed files in this pull request and generated 7 comments.
Show a summary per file
| File | Description |
|---|---|
| Solutions/XBOW/ReleaseNotes.md | Adds 3.0.1 release notes describing the API version bump and assessment enrichment. |
| Solutions/XBOW/Package/mainTemplate.json | Updates packaged solution version/description and aligns customDetails/grouping keys with rule updates. |
| Solutions/XBOW/Data/Solution_Xbow.json | Bumps solution version to 3.0.1 in the source data file. |
| Solutions/XBOW/Data Connectors/AzureFunctionXbow/main.py | Updates connector API version, adds response checking for 400s, enriches assessments, refactors sync-state storage. |
| Solutions/XBOW/Analytic Rules/XbowNewAssetDiscovered.yaml | Renames customDetails keys and grouping key (AssetID/OrganizationID). |
| Solutions/XBOW/Analytic Rules/XbowMediumFindings.yaml | Renames customDetails keys and grouping key (FindingID/AssetID/OrganizationID). |
| Solutions/XBOW/Analytic Rules/XbowLowFindings.yaml | Renames customDetails keys and grouping key (FindingID/AssetID/OrganizationID). |
| Solutions/XBOW/Analytic Rules/XbowCriticalHighFindings.yaml | Renames customDetails keys and grouping key (FindingID/AssetID/OrganizationID). |
Contributor
|
Hi @GeekMasher, please update the analytic rule version to resolve validation failure and kindly implement the changes recommended by Copilot and commit them once completed. Thanks! |
Contributor
Author
|
@v-shukore Any updates on this? |
v-shukore
approved these changes
May 20, 2026
v-dvedak
approved these changes
May 20, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Required items, please complete
Change(s):
2026-04-01Reason for Change(s):
Version Updated:
Testing Completed:
Checked that the validations are passing and have addressed any issues that are present: