-
Notifications
You must be signed in to change notification settings - Fork 407
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Microsoft_Defender_Cloud] Initial Release for the Microsoft Defender for Cloud #6593
[Microsoft_Defender_Cloud] Initial Release for the Microsoft Defender for Cloud #6593
Conversation
💚 Build Succeeded
History
|
🌐 Coverage report
|
Pinging @elastic/security-external-integrations (Team:Security-External Integrations) |
.github/CODEOWNERS
Outdated
@@ -242,3 +242,4 @@ | |||
/packages/statsd_input @elastic/obs-infraobs-integrations | |||
/packages/zeronetworks @elastic/security-external-integrations | |||
/packages/prometheus_input @elastic/obs-infraobs-integrations | |||
/packages/microsoft_defender_cloud @elastic/security-external-integrations |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please add this in sort order.
|
||
## Data streams | ||
|
||
The Microsoft Defender for Cloud integration collects one type of data : event. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The Microsoft Defender for Cloud integration collects one type of data : event. | |
The Microsoft Defender for Cloud integration collects one type of data: event. |
|
||
### To collect data from Microsoft Azure Event Hub, follow the below steps: | ||
|
||
- Configure the microsoft defender for cloud on azure subscription. For more detail, refer to the link [here](https://learn.microsoft.com/en-us/azure/defender-for-cloud/get-started). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- Configure the microsoft defender for cloud on azure subscription. For more detail, refer to the link [here](https://learn.microsoft.com/en-us/azure/defender-for-cloud/get-started). | |
- Configure the Microsoft Defender for Cloud on Azure subscription. For more detail, refer to the link [here](https://learn.microsoft.com/en-us/azure/defender-for-cloud/get-started). |
on_failure: | ||
- append: | ||
field: error.message | ||
value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag fail-{{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is not currently a correct message; it includes a reference to "fail-{{{_ingest.on_failure_processor_tag}}}" which is not placed anywhere. There are cases where this is done in other packages, but this is not done consistently where this error message is used. We need to make a decision about whether the machine-friendly tag version is going to be used and make sure the human-friendly message is consistent with that.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The format that's here includes reference to "fail-{{{_ingest.on_failure_processor_tag}}}" as a tag. There is no tag of that format added in this pipeline. This was done in 74f8fc4 for checkpoint, and I think for some others in other commits. Either we should remove this reference to the tag or the tag should be added as it is in that commit. I don't know which is the better solution. @P1llus do you have a view?
It probably should suffice to remove the "fail-" prefix.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@efd6 - I recall the discussion on this, and we opted against using the -fail
processor because if the pipeline reaches the -fail
processor, it will stop the execution of any further code. I agree on removing fail-
suffix as with that whole message looks mess up with fail keywords.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The alternative would be to add the "fail-{{{_ingest.on_failure_processor_tag}}}" value to error.message
as well, but I agree, not doing that and trimming the prefix is probably the way to go.
- set: | ||
field: event.type | ||
value: [indicator] | ||
tag: set_event_type | ||
if: ctx.json?.alerttype != null && ['arm_anomalousserviceoperation.credentialaccess','arm_anomalousserviceoperation.collection','arm_anomalousserviceoperation.defenseevasion','arm_anomalousserviceoperation.execution','arm_anomalousserviceoperation.impact','arm_anomalousserviceoperation.initialaccess','arm_anomalousserviceoperation.lateralmovement','arm_anomalousserviceoperation.persistence','arm_anomalousserviceoperation.privilegeescalation','arm_unusedaccountpersistence','arm_unusedapppowershellpersistence','arm_unusedappibizapersistence','arm_privilegedroledefinitioncreation','arm_anomalousrbacroleassignment','arm_anomalousoperation.credentialaccess','arm_anomalousoperation.collection','arm_anomalousoperation.defenseevasion','arm_anomalousoperation.execution','arm_anomalousoperation.impact','arm_anomalousoperation.initialaccess','arm_anomalousoperation.lateralmovement','arm_anomalousoperation.persistence','arm_anomalousoperation.privilegeescalation','arm_microburst.runcodeonbehalf','arm_netspi.maintainpersistence','arm_powerzure.runcodeonbehalf','arm_powerzure.maintainpersistence','arm_anomalousclassicroleassignment'].contains(ctx.json.alerttype.toLowerCase()) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm wondering if this would not be improved from a code maintenance perspective by making it like so:
- set: | |
field: event.type | |
value: [indicator] | |
tag: set_event_type | |
if: ctx.json?.alerttype != null && ['arm_anomalousserviceoperation.credentialaccess','arm_anomalousserviceoperation.collection','arm_anomalousserviceoperation.defenseevasion','arm_anomalousserviceoperation.execution','arm_anomalousserviceoperation.impact','arm_anomalousserviceoperation.initialaccess','arm_anomalousserviceoperation.lateralmovement','arm_anomalousserviceoperation.persistence','arm_anomalousserviceoperation.privilegeescalation','arm_unusedaccountpersistence','arm_unusedapppowershellpersistence','arm_unusedappibizapersistence','arm_privilegedroledefinitioncreation','arm_anomalousrbacroleassignment','arm_anomalousoperation.credentialaccess','arm_anomalousoperation.collection','arm_anomalousoperation.defenseevasion','arm_anomalousoperation.execution','arm_anomalousoperation.impact','arm_anomalousoperation.initialaccess','arm_anomalousoperation.lateralmovement','arm_anomalousoperation.persistence','arm_anomalousoperation.privilegeescalation','arm_microburst.runcodeonbehalf','arm_netspi.maintainpersistence','arm_powerzure.runcodeonbehalf','arm_powerzure.maintainpersistence','arm_anomalousclassicroleassignment'].contains(ctx.json.alerttype.toLowerCase()) | |
- set: | |
field: event.type | |
value: [indicator] | |
tag: set_event_type | |
if: | | |
ctx.json?.alerttype != null && [ | |
'arm_anomalousserviceoperation.credentialaccess', | |
'arm_anomalousserviceoperation.collection', | |
'arm_anomalousserviceoperation.defenseevasion', | |
'arm_anomalousserviceoperation.execution', | |
'arm_anomalousserviceoperation.impact', | |
'arm_anomalousserviceoperation.initialaccess', | |
'arm_anomalousserviceoperation.lateralmovement', | |
'arm_anomalousserviceoperation.persistence', | |
'arm_anomalousserviceoperation.privilegeescalation', | |
'arm_unusedaccountpersistence', | |
'arm_unusedapppowershellpersistence', | |
'arm_unusedappibizapersistence', | |
'arm_privilegedroledefinitioncreation', | |
'arm_anomalousrbacroleassignment', | |
'arm_anomalousoperation.credentialaccess', | |
'arm_anomalousoperation.collection', | |
'arm_anomalousoperation.defenseevasion', | |
'arm_anomalousoperation.execution', | |
'arm_anomalousoperation.impact', | |
'arm_anomalousoperation.initialaccess', | |
'arm_anomalousoperation.lateralmovement', | |
'arm_anomalousoperation.persistence', | |
'arm_anomalousoperation.privilegeescalation', | |
'arm_microburst.runcodeonbehalf', | |
'arm_netspi.maintainpersistence', | |
'arm_powerzure.runcodeonbehalf', | |
'arm_powerzure.maintainpersistence', | |
'arm_anomalousclassicroleassignment' | |
].contains(ctx.json.alerttype.toLowerCase()) |
(similar below)
return updatedJson; | ||
} | ||
|
||
def keyMap = new HashMap(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can this not be defined as a parameter map? (similar elsewhere)
ignore_missing: true | ||
- foreach: | ||
field: microsoft_defender_cloud.event.entities | ||
if: ctx.microsoft_defender_cloud?.event?.entities != null && ctx.microsoft_defender_cloud.event.entities instanceof List |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if: ctx.microsoft_defender_cloud?.event?.entities != null && ctx.microsoft_defender_cloud.event.entities instanceof List | |
if: ctx.microsoft_defender_cloud?.event?.entities instanceof List |
and similar below
packages/microsoft_defender_cloud/data_stream/event/elasticsearch/ingest_pipeline/default.yml
Show resolved
Hide resolved
if: ctx.microsoft_defender_cloud?.event?.entities != null && ctx.microsoft_defender_cloud.event.entities instanceof List | ||
processor: | ||
foreach: | ||
field: _ingest._value.ip_adresses |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
s/adresses/addresses/g
"hostname": "host_name" | ||
"imagefile": "image_file" | ||
"imageid": "image_id" | ||
"ipadresses": "ip_adresses" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"ipadresses": "ip_adresses" | |
"ipadresses": "ip_addresses" |
convert: | ||
field: _ingest._value.address | ||
type: ip | ||
tag: convert_ip_adresses_address_to_ip |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
tag: convert_ip_adresses_address_to_ip | |
tag: convert_ip_addresses_address_to_ip |
ignore_failure: true | ||
processor: | ||
foreach: | ||
field: _ingest._value.ip_adresses |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
field: _ingest._value.ip_adresses | |
field: _ingest._value.ip_addresses |
ignore_failure: true | ||
processor: | ||
foreach: | ||
field: _ingest._value.ip_adresses |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
field: _ingest._value.ip_adresses | |
field: _ingest._value.ip_addresses |
convert: | ||
field: _ingest._value.asset | ||
type: boolean | ||
tag: convert_ip_adresses_asset_to_boolean |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
tag: convert_ip_adresses_asset_to_boolean | |
tag: convert_ip_addresses_asset_to_boolean |
convert: | ||
field: _ingest._value.location.asn | ||
type: long | ||
tag: convert_ip_adresses_location_asn_to_long |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
tag: convert_ip_adresses_location_asn_to_long | |
tag: convert_ip_addresses_location_asn_to_long |
ignore_failure: true | ||
processor: | ||
foreach: | ||
field: _ingest._value.ip_adresses |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
field: _ingest._value.ip_adresses | |
field: _ingest._value.ip_addresses |
type: keyword | ||
- name: image_id | ||
type: keyword | ||
- name: ip_adresses |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- name: ip_adresses | |
- name: ip_addresses |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can this be downscaled? It's currently 1.23MB.
…astic/integrations into microsoft_defender_cloud-0.1.0
{"VendorName":"Microsoft","AlertType":"ARM_AnomalousServiceOperation.CredentialAccess","ProductName":"Microsoft Defender for Cloud","StartTimeUtc":"2023-05-11T13:15:45.0170422Z","EndTimeUtc":"2023-05-11T13:15:45.0170422Z","TimeGenerated":"2023-05-11T13:17:09.0170422Z","ProcessingEndTime":"2023-05-11T13:17:09.0170422Z","Severity":"Medium","Status":"New","ProviderAlertStatus":null,"ConfidenceLevel":null,"ConfidenceScore":null,"ConfidenceReasons":null,"IsIncident":false,"SystemAlertId":"2517184898549829577_cdcf9f94-ec53-47a6-ab87-76130f87218d","CorrelationKey":null,"Intent":"PreAttack","AzureResourceId":"/SUBSCRIPTIONS/12cabcb4-86e8-404f-a3d2-1dc9982f45ca/RESOURCEGROUPS/Sample-RG/providers/Microsoft.Compute/virtualMachines/Sample-VM","WorkspaceId":"00000000-0000-0000-0000-000000000001","WorkspaceSubscriptionId":"00000000-0000-0000-0000-000000000001","WorkspaceResourceGroup":"Sample-RG","AgentId":null,"CompromisedEntity":"Sample-VM","AlertDisplayName":"[SAMPLE ALERT] Login from a suspicious IP","Description":"THIS IS A SAMPLE ALERT: Your resource has been accessed successfully from an IP address that Microsoft Threat Intelligence has associated with suspicious activity.","Entities":[{"$id":"5","Address":"81.2.69.142","Location":{"CountryCode":"US","CountryName":"United States","State":"Virginia","City":"Washington","Longitude":-78.17197,"Latitude":38.73078,"Asn":8075},"ThreatIntelligence":[{"ProviderName":"AlertSimulator","ThreatType":"Sample-Type","ThreatName":"Sample-Threat","Confidence":1,"ThreatDescription":""}],"Asset":false,"Type":"ip"},{"$id":"6","ImageId":"sample-image:v1","Asset":false,"Type":"container-image"},{"$ref":"6"},{"$id":"5","DnsDomain":"","NTDomain":"","HostName":"Sample-VM","NetBiosName":"Sample-VM","AzureID":"/SUBSCRIPTIONS/12cabcb4-86e8-404f-a3d2-1dc9982f45ca/RESOURCEGROUPS/Sample-RG/providers/Microsoft.Compute/virtualMachines/Sample-VM","OMSAgentID":"00000000-0000-0000-0000-000000000001","OSFamily":"Linux","OSVersion":"Linux","Asset":false,"Type":"host"},{"$id":"6","ProcessId":"0x1e49a","CommandLine":"","Host":{"$ref":"5"},"Asset":false,"Type":"process"},{"$id":"7","Name":"Sample-account","Host":{"$ref":"5"},"Sid":"","Asset":false,"Type":"account","LogonId":"0xbd6e"},{"$id":"9","ProcessId":"0x1e99b","CommandLine":"php","CreationTimeUtc":"2023-05-11T13:17:49.1333596Z","ImageFile":{"$ref":"8"},"Account":{"$ref":"7"},"ParentProcess":{"$ref":"6"},"Host":{"$ref":"5"},"Asset":false,"Type":"process"},{"$id":"5","DomainName":"sample.domain","IpAddresses":[{"$id":"6","Address":"81.2.69.142","Location":{"CountryCode":"US","CountryName":"United States","State":"California","City":"San Francisco","Longitude":0,"Latitude":0,"Asn":0},"Asset":false,"Type":"ip"}],"HostIpAddress":{"$ref":"6"},"Asset":false,"Type":"dns"},{"$id":"6","Address":"81.2.69.142","Location":{"CountryCode":"sample","CountryName":"united states","State":"texas","City":"san antonio","Longitude":0,"Latitude":0,"Asn":0,"Carrier":"sample","Organization":"sample-organization","OrganizationType":"sample-organization","CloudProvider":"Azure","SystemService":"sample"},"ThreatIntelligence":[{"ProviderName":"Sample-Provider","ThreatType":"Sample-Threat","ThreatName":"Sample-Threat","Confidence":0.8,"ThreatDescription":"Sample-Threat"}],"Asset":false,"Type":"ip"},{"$id":"5","HostName":"Sample-VM","AzureID":"/SUBSCRIPTIONS/12cabcb4-86e8-404f-a3d2-1dc9982f45ca/RESOURCEGROUPS/Sample-RG/providers/Microsoft.Compute/virtualMachines/Sample-VM","OMSAgentID":"00000000-0000-0000-0000-000000000000","Asset":false,"Type":"host"},{"$id":"7","Directory":"Sample-fileShare/dummy/path/to","Name":"Sample-Name","FileHashes":[{"$id":"8","Algorithm":"MD5","Value":"Sample-SHA","Asset":false,"Type":"filehash"}],"Asset":false,"Type":"file"},{"$id":"9","Name":"Sample-Name","Category":"Virus","Files":[{"$ref":"8"}],"Asset":false,"Type":"malware"},{"$id":"5","DomainName":"sample.domain","IpAddresses":[{"$id":"6","Address":"81.2.69.142","Location":{"CountryCode":"US","CountryName":"United States","State":"California","City":"San Francisco","Longitude":0,"Latitude":0,"Asn":0},"Asset":false,"Type":"ip"}],"HostIpAddress":{"$ref":"6"},"Asset":false,"Type":"dns"},{"$id":"7","Name":"Sample-account","NTDomain":"Sample-VM","Host":{"$ref":"5"},"Sid":"S-1-5-21-3061399664-1673012318-3185014992-20022","IsDomainJoined":false,"Asset":false,"Type":"account","LogonId":"0x427d8dd9"},{"$id":"7","Name":"Sample-namespace","Cluster":{"$ref":"5"},"Asset":false,"Type":"K8s-namespace"},{"$id":"8","Name":"sample-pod","Namespace":{"$ref":"7"},"Asset":false,"Type":"K8s-pod"},{"$id":"9","Name":"sample-container","Image":{"$ref":"4"},"Pod":{"$ref":"8"},"Asset":false,"Type":"container"},{"$id":"10","ProjectId":"012345678901","ResourceType":"GCP Resource","ResourceName":"Sample-Cluster","Location":"us-central1-c","LocationType":"Zonal","Asset":true,"Type":"gcp-resource","RelatedAzureResourceIds":["/subscriptions/12cabcb4-86e8-404f-a3d2-1dc9982f45ca/resourceGroups/Sample-RG/providers/Microsoft.Security/securityConnectors/gcp-connector/securityentitydata/gcp-clusters-sample-cluster-us-central1-c"]},{"$id":"7","Name":"Sample-Name","BlobContainer":{"$ref":"5"},"Url":"https://Sample-Storage.blob.core.windows.net/Sample/Sample.txt","Etag":"Sample-Tag","Asset":false,"Type":"blob"},{"$id":"5","Name":"sample","UPNSuffix":"contoso.com","AadTenantId":"00000000-0000-0000-0000-000000000000","AadUserId":"00000000-0000-0000-0000-000000000000","Asset":false,"Type":"account"},{"$id":"5","CloudResource":{"$ref":"4"},"Asset":false,"Type":"K8s-cluster"},{"$id":"8","Directory":"https://Sample-Storage.blob.core.windows.net/Sample","Name":"Sample-Name","FileHashes":[{"$ref":"6"}],"Asset":false,"Type":"file"},{"$id":"10","ProjectId":"012345678901","ResourceType":"GCP Resource","ResourceName":"Sample-Cluster","Location":"us-central1-c","LocationType":"Zonal","Asset":true,"Type":"gcp-resource","RelatedAzureResourceIds":["/subscriptions/12cabcb4-86e8-404f-a3d2-1dc9982f45ca/resourceGroups/Sample-RG/providers/Microsoft.Security/securityConnectors/gcp-connector/securityentitydata/gcp-clusters-sample-cluster-us-central1-c"]},{"$id":"6","SourceAddress":{"$ref":"5"},"Protocol":"Tcp","Asset":false,"Type":"network-connection"},{"$id":"7","Name":"Sample-Name","StorageResource":{"$ref":"4"},"Asset":false,"Type":"blob-container"},{"$id":"7","ContainerId":"cc8ec8580f4c","Image":{"$ref":"6"},"Asset":false,"Type":"container"},{"$id":"5","Address":"81.2.69.142","Location":{"CountryCode":"IN","CountryName":"United States","State":"Virginia","City":"Washington","Longitude":-78.17197,"Latitude":38.73078,"Asn":8075},"ThreatIntelligence":[{"ProviderName":"AlertSimulator","ThreatType":"Sample-Type","ThreatName":"Sample-Threat","Confidence":1,"ThreatDescription":""}],"Asset":false,"Type":"ip"}],"ExtendedLinks":[{"Href":"https://blog.netspi.com/gathering-bearer-tokens-azure/","Category":null,"Label":"NetSPI blogpost","Type":"webLink"},{"Href":"https://github.com/NetSPI/MicroBurst/blob/master/REST/Get-AZStorageKeysREST.ps1","Category":null,"Label":"MicroBurst source code","Type":"webLink"}],"ResourceIdentifiers":[{"$id":"2","AzureResourceId":"/subscriptions/12cabcb4-86e8-404f-a3d2-1dc9982f45ca","Type":"AzureResource","AzureResourceTenantId":"aa40685b-417d-4664-b4ec-8f7640719adb"},{"$id":"3","AadTenantId":"aa40685b-417d-4664-b4ec-8f7640719adb","Type":"AAD"},{"$id":"3","WorkspaceId":"00000000-0000-0000-0000-000000000001","WorkspaceSubscriptionId":"00000000-0000-0000-0000-000000000001","WorkspaceResourceGroup":"Sample-RG","AgentId":"00000000-0000-0000-0000-00000000000","Type":"LogAnalytics"}],"RemediationSteps":["Go to the firewall settings in order to lock down the firewall as tightly as possible."],"ExtendedProperties":{"resourceType":"Virtual Machine","Investigation steps":"{\"displayValue\":\"How to investigate this alert using logs at your Log Analytics workspace.\",\"kind\":\"Link\",\"value\":\"https:\\/\\/go.microsoft.com\\/fwlink\\/?linkid=2091064\"}","Potential causes":"An attacker has accessed your database from a potentially suspicious IP; a legitimate user has accessed your database from a potentially suspicious IP.","Client principal name":"Sample-user","Alert Id":"00000000-0000-0000-0000-000000000000","Client IP address":"81.2.69.142","Client IP location":"Sample","Client application":"Sample-app","OMS workspace ID":"00000000-0000-0000-0000-000000000001","OMS agent ID":"00000000-0000-0000-0000-000000000001"},"AlertUri":"https://portal.azure.com/#blade/Microsoft_Azure_Security_AzureDefenderForData/AlertBlade/alertId/2517184898549829577_cdcf9f94-ec53-47a6-ab87-76130f87218d/subscriptionId/12cabcb4-86e8-404f-a3d2-1dc9982f45ca/resourceGroup/Sample-RG/referencedFrom/alertDeepLink/location/centralus"} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can I confirm that the data comes from the API with the correct spelling?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes , we have verified that and it's identical.
Package microsoft_defender_cloud - 0.1.0 containing this change is available at https://epr.elastic.co/search?package=microsoft_defender_cloud |
… for Cloud (#6593) * Initial Release * Update the changelog entry * Indentified Readme changes from comments on other integration and resolved * Resolve review comments * Conflicts Resolve * Review comments resolve
What does this PR do?
Integration release checklist
This checklist is intended for integrations maintainers to ensure consistency
when creating or updating a Package, Module or Dataset for an Integration.
All changes
New Package
Dashboards changes
Log dataset changes
How to test this PR locally
Related issues
Screenshots