-
Notifications
You must be signed in to change notification settings - Fork 3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Abnormal Security Sentinel New Polling Logic #11196
base: master
Are you sure you want to change the base?
Conversation
6021051
to
391ed26
Compare
PS: Was able to package it correctly. Can ignore this comment@v-atulyadav @v-prasadboke what commands should I run to package these changes. I added a new dependency of pydantic. I used the following to package. cd Solutions/AbnormalSecurity/Data\ Connectors
python3.8 -m venv .python_packages
pip3 install -r requirements.txt
# In .python_packages/lib folder execute
ln -s python3.8/site-packages site-packages
# source .python_packages
zip -r AbnormalSecurityConn.zip SentinelFunctionsOrchestrator .python_packages/lib/site-packages requirements.txt But I am getting this error Is it because the |
9df2529
to
f70dd38
Compare
@v-atulyadav @v-prasadboke Have I packaged it correctly? There was a recent upgrade done from Python 3.8 to 3.11 So for packaging of zip file I used the |
There was a recent PR by Microsoft that merged an upgrade from Python 3.8 to Python 3.11.
|
New Polling Logic for Abnormal Security Threats and Cases.
Change(s):
Reason for Change(s):
We were getting complaints from various customers about events not being ingested correctly.
The existing polling approach doesn't account for two things:
lastRemediatedAt
timestamp might get updated before the request reaches our service. (network latency)The new polling approach accounts for both of the above issues and is behind a feature flag. We will be asking some customers to test out the new logic before we switch all of the customers over.
Version Updated:
Should we update this?
Packaging
sentinel_test_and_package_output.txt
Testing Completed:
The following are completed
Zip File Used for Testing: https://github.com/Azure/Azure-Sentinel/raw/56150b8fac65730add168e7575816fe6074bd01a/Solutions/AbnormalSecurity/Data%20Connectors/AbnormalSecurityConn.zip
Testing Legacy Method
Tested existing polling method for threats by sending 42 threats with 4 campaigns.
Querying Sentinel Logs
Sentinel Invocation Logs
Testing cases
Testing New Polling Method
Set
ABNORMAL_ENABLE_V2_LOGIC=1
in environment variablesTested new polling method for threats by sending 75 threats with 4 campaigns.
Querying Sentinel Logs
Sentinel Invocation Logs
Testing cases
Checked that the validations are passing and have addressed any issues that are present:
Guidelines
# Guidance <- remove section before submitting ----------------------------------------------------------------------------------------------------------- ## Before submitting this PR please ensure that you have read the following sections and filled out the changes, reason for change and testing complete sections:Thank you for your contribution to the Microsoft Sentinel Github repo.
Change(s):
Reason for Change(s):
Version updated:
Testing Completed:
Note: If updating a detection, you must update the version field.
Checked that the validations are passing and have addressed any issues that are present:
Note: Let us know if you have tried fixing the validation error and need help.