SecurityInsights 0.2.0 release (#14750)

* Fix MSIC in UpdateAlertRule Bug - Typo on MSIC * API Updates Teams was added Moved Actions API * Fixes for empty fields returned from API ? * Update Get-AzSentinelAlertRule.md * Update Get-AzSentinelAlertRule.md * Update Get-AzSentinelAlertRule.md * Updating help files * Updated help files * Updated samples for Update-AzSentinelIncident * Updated Az.SecurityInsights help files * Update New-AzSentinelAlertRuleAction.md * Update New-AzSentinelAlertRuleAction.md * Update Az.SecurityInsights help files * Update Az.SecurityInsights help files * Updated Az.SecurityInsights help files * GA Updates Added Teams to Office Connector Fixed bug with AlertRuleTemplates (no required data connector) Changed to GA package of .net sdk recorded new test sessions * Update Change Log * Update Help Files * Update SignatureIssues.csv Added exception as -Teams is for Office Teams. * Update ChangeLog.md * Update Az.SecurityInsights.psd1 * Update Az.SecurityInsights.psd1 * Update Az.SecurityInsights.psd1 * Update ChangeLog.md Co-authored-by: Tiander Turpijn <tiandert@microsoft.com>
Azure · Apr 16, 2021 · ddb9b00 · ddb9b00
1 parent 03bf14a
commit ddb9b00
Show file tree

Hide file tree

Showing 83 changed files with 2,056 additions and 1,772 deletions.
diff --git a/src/SecurityInsights/SecurityInsights.Test/ScenarioTests/ActionsTests.ps1 b/src/SecurityInsights/SecurityInsights.Test/ScenarioTests/ActionsTests.ps1
@@ -22,9 +22,9 @@ function Get-AzSentinelAlertRuleAction-ListByAlertRule
 	$ActionId = "cd9f21e2-1718-4b8b-871e-b8d59c65f317"
 	$ActionId2 = "ccef9243-4f96-4ec5-8042-9df44e2df452"
 	$LogicAppResourceId = "/subscriptions/1c61ccbf-70b3-45a3-a1fb-848ce46d70a6/resourceGroups/ndicola-azsposh/providers/Microsoft.Logic/workflows/Block-AADUser"
-	$TriggerUri = "https://prod-13.westus.logic.azure.com:443/workflows/826a95b1b84c4ffbaf3af3dd88fe96b5/triggers/When_a_response_to_an_Azure_Sentinel_alert_is_triggered/paths/invoke?api-version=2018-07-01-preview&sp=%2Ftriggers%2FWhen_a_response_to_an_Azure_Sentinel_alert_is_triggered%2Frun&sv=1.0&sig=pK23xWl4uJT4RWs7zopxiP0Z7CpIfCDZEanL-mEyy1E"
+	$TriggerUri = "https://prod-08.eastus.logic.azure.com:443/workflows/854f1fc04f50415f83a359463dd60e8b/triggers/When_a_response_to_an_Azure_Sentinel_alert_is_triggered/paths/invoke?api-version=2018-07-01-preview&sp=%2Ftriggers%2FWhen_a_response_to_an_Azure_Sentinel_alert_is_triggered%2Frun&sv=1.0&sig=D7IHsTelJf8XFdhefU6mFRYjnHaa0oHkY_xWC_wW_Vs"
 	$LogicAppResourceId2 = "/subscriptions/1c61ccbf-70b3-45a3-a1fb-848ce46d70a6/resourceGroups/ndicola-azsposh/providers/Microsoft.Logic/workflows/Get-MDATPInvestigationPackage"
-	$TriggerUri2 = "https://prod-16.westus.logic.azure.com:443/workflows/18c75599cf3742c998d14af0f89cf3b1/triggers/When_a_response_to_an_Azure_Sentinel_alert_is_triggered/paths/invoke?api-version=2018-07-01-preview&sp=%2Ftriggers%2FWhen_a_response_to_an_Azure_Sentinel_alert_is_triggered%2Frun&sv=1.0&sig=rREdJWoN3PNCmhqwMz0KRy8apQDt8DQbZZuvlm1l4Oo"
+	$TriggerUri2 = "https://prod-11.eastus.logic.azure.com:443/workflows/9f824303d57e4f00bea47052e4318d1b/triggers/When_a_response_to_an_Azure_Sentinel_alert_is_triggered/paths/invoke?api-version=2018-07-01-preview&sp=%2Ftriggers%2FWhen_a_response_to_an_Azure_Sentinel_alert_is_triggered%2Frun&sv=1.0&sig=2cGZz7eu3Y437r3LRHpkSFUTmD0X15XXP7uiW5_aLaA"
 
 	#Create Alert Rule
 	$alertRule = New-AzSentinelAlertRule -ResourceGroupName (Get-TestResourceGroupName) -WorkspaceName (Get-TestWorkspaceName) -AlertRuleId $AlertRuleId -Scheduled -Enabled -DisplayName "PoshModuleTest" -Severity Low -Query "SecurityAlert | take 1" -QueryFrequency (New-TimeSpan -Hours 5) -QueryPeriod (New-TimeSpan -Hours 5) -TriggerThreshold 10
@@ -51,7 +51,7 @@ function Get-AzSentinelAlertRuleAction-GetAction
 	$AlertRuleId = "77def5f7-ab37-4aaf-8711-904d1ab55787"
 	$ActionId = "27dda575-93f0-4925-92b3-039ef4d89cad"
 	$LogicAppResourceId = "/subscriptions/1c61ccbf-70b3-45a3-a1fb-848ce46d70a6/resourceGroups/ndicola-azsposh/providers/Microsoft.Logic/workflows/Block-AADUser"
-	$TriggerUri = "https://prod-13.westus.logic.azure.com:443/workflows/826a95b1b84c4ffbaf3af3dd88fe96b5/triggers/When_a_response_to_an_Azure_Sentinel_alert_is_triggered/paths/invoke?api-version=2018-07-01-preview&sp=%2Ftriggers%2FWhen_a_response_to_an_Azure_Sentinel_alert_is_triggered%2Frun&sv=1.0&sig=pK23xWl4uJT4RWs7zopxiP0Z7CpIfCDZEanL-mEyy1E"
+	$TriggerUri = "https://prod-08.eastus.logic.azure.com:443/workflows/854f1fc04f50415f83a359463dd60e8b/triggers/When_a_response_to_an_Azure_Sentinel_alert_is_triggered/paths/invoke?api-version=2018-07-01-preview&sp=%2Ftriggers%2FWhen_a_response_to_an_Azure_Sentinel_alert_is_triggered%2Frun&sv=1.0&sig=D7IHsTelJf8XFdhefU6mFRYjnHaa0oHkY_xWC_wW_Vs"
 
 	#Create Alert Rule
 	$alertRule = New-AzSentinelAlertRule -ResourceGroupName (Get-TestResourceGroupName) -WorkspaceName (Get-TestWorkspaceName) -AlertRuleId $AlertRuleId -Scheduled -Enabled -DisplayName "PoshModuleTest" -Severity Low -Query "SecurityAlert | take 1" -QueryFrequency (New-TimeSpan -Hours 5) -QueryPeriod (New-TimeSpan -Hours 5) -TriggerThreshold 10
@@ -76,7 +76,7 @@ function New-AzSentinelAlertRuleAction-Create
     $AlertRuleId = "26501c9d-8f07-419d-8bcb-f9aac8ec1a7f"
 	$ActionId = "10d54e5f-8c03-42fc-b1d9-1bd881535af0"
 	$LogicAppResourceId = "/subscriptions/1c61ccbf-70b3-45a3-a1fb-848ce46d70a6/resourceGroups/ndicola-azsposh/providers/Microsoft.Logic/workflows/Block-AADUser"
-	$TriggerUri = "https://prod-13.westus.logic.azure.com:443/workflows/826a95b1b84c4ffbaf3af3dd88fe96b5/triggers/When_a_response_to_an_Azure_Sentinel_alert_is_triggered/paths/invoke?api-version=2018-07-01-preview&sp=%2Ftriggers%2FWhen_a_response_to_an_Azure_Sentinel_alert_is_triggered%2Frun&sv=1.0&sig=pK23xWl4uJT4RWs7zopxiP0Z7CpIfCDZEanL-mEyy1E"
+	$TriggerUri = "https://prod-08.eastus.logic.azure.com:443/workflows/854f1fc04f50415f83a359463dd60e8b/triggers/When_a_response_to_an_Azure_Sentinel_alert_is_triggered/paths/invoke?api-version=2018-07-01-preview&sp=%2Ftriggers%2FWhen_a_response_to_an_Azure_Sentinel_alert_is_triggered%2Frun&sv=1.0&sig=D7IHsTelJf8XFdhefU6mFRYjnHaa0oHkY_xWC_wW_Vs"
 
 	#Create Alert Rule
 	$alertRule = New-AzSentinelAlertRule -ResourceGroupName (Get-TestResourceGroupName) -WorkspaceName (Get-TestWorkspaceName) -AlertRuleId $AlertRuleId -Scheduled -Enabled -DisplayName "PoshModuleTest" -Severity Low -Query "SecurityAlert | take 1" -QueryFrequency (New-TimeSpan -Hours 5) -QueryPeriod (New-TimeSpan -Hours 5) -TriggerThreshold 10
@@ -99,9 +99,9 @@ function Update-AzSentinelAlertRuleAction-Update
 	$AlertRuleId = "1584e7a3-802c-435b-9178-5720a44be2f3"
 	$ActionId = "91c2ea2f-f40c-4bef-ab3b-43c09e4a9699"
 	$LogicAppResourceId = "/subscriptions/1c61ccbf-70b3-45a3-a1fb-848ce46d70a6/resourceGroups/ndicola-azsposh/providers/Microsoft.Logic/workflows/Block-AADUser"
-	$TriggerUri = "https://prod-13.westus.logic.azure.com:443/workflows/826a95b1b84c4ffbaf3af3dd88fe96b5/triggers/When_a_response_to_an_Azure_Sentinel_alert_is_triggered/paths/invoke?api-version=2018-07-01-preview&sp=%2Ftriggers%2FWhen_a_response_to_an_Azure_Sentinel_alert_is_triggered%2Frun&sv=1.0&sig=pK23xWl4uJT4RWs7zopxiP0Z7CpIfCDZEanL-mEyy1E"
+	$TriggerUri = "https://prod-08.eastus.logic.azure.com:443/workflows/854f1fc04f50415f83a359463dd60e8b/triggers/When_a_response_to_an_Azure_Sentinel_alert_is_triggered/paths/invoke?api-version=2018-07-01-preview&sp=%2Ftriggers%2FWhen_a_response_to_an_Azure_Sentinel_alert_is_triggered%2Frun&sv=1.0&sig=D7IHsTelJf8XFdhefU6mFRYjnHaa0oHkY_xWC_wW_Vs"
 	$LogicAppResourceId2 = "/subscriptions/1c61ccbf-70b3-45a3-a1fb-848ce46d70a6/resourceGroups/ndicola-azsposh/providers/Microsoft.Logic/workflows/Get-MDATPInvestigationPackage"
-	$TriggerUri2 = "https://prod-16.westus.logic.azure.com:443/workflows/18c75599cf3742c998d14af0f89cf3b1/triggers/When_a_response_to_an_Azure_Sentinel_alert_is_triggered/paths/invoke?api-version=2018-07-01-preview&sp=%2Ftriggers%2FWhen_a_response_to_an_Azure_Sentinel_alert_is_triggered%2Frun&sv=1.0&sig=rREdJWoN3PNCmhqwMz0KRy8apQDt8DQbZZuvlm1l4Oo"
+	$TriggerUri2 = "https://prod-11.eastus.logic.azure.com:443/workflows/9f824303d57e4f00bea47052e4318d1b/triggers/When_a_response_to_an_Azure_Sentinel_alert_is_triggered/paths/invoke?api-version=2018-07-01-preview&sp=%2Ftriggers%2FWhen_a_response_to_an_Azure_Sentinel_alert_is_triggered%2Frun&sv=1.0&sig=2cGZz7eu3Y437r3LRHpkSFUTmD0X15XXP7uiW5_aLaA"
 
 	#Create Alert Rule
 	$alertRule = New-AzSentinelAlertRule -ResourceGroupName (Get-TestResourceGroupName) -WorkspaceName (Get-TestWorkspaceName) -AlertRuleId $AlertRuleId -Scheduled -Enabled -DisplayName "PoshModuleTest" -Severity Low -Query "SecurityAlert | take 1" -QueryFrequency (New-TimeSpan -Hours 5) -QueryPeriod (New-TimeSpan -Hours 5) -TriggerThreshold 10

diff --git a/src/SecurityInsights/SecurityInsights.Test/ScenarioTests/AlertRulesTests.ps1 b/src/SecurityInsights/SecurityInsights.Test/ScenarioTests/AlertRulesTests.ps1
@@ -61,7 +61,8 @@ function New-AzSentinelAlertRule-CreateFusion
 {
     $AlertRuleTemplateName = "f71aba3d-28fb-450b-b192-4e76a83015c8"
 	$AlertRuleId = "db5ded90-76a4-4c59-8581-1c8b7601b375"
-
+	#remove builtin rule
+	Remove-AzSentinelAlertRule -ResourceGroupName (Get-TestResourceGroupName) -WorkspaceName (Get-TestWorkspaceName) -AlertRuleId "BuiltInFusion"
 	#Create Alert Rule
 	$alertrule = New-AzSentinelAlertRule -ResourceGroupName (Get-TestResourceGroupName) -WorkspaceName (Get-TestWorkspaceName) -AlertRuleId $AlertRuleId -Fusion -Enabled -AlertRuleTemplateName $AlertRuleTemplateName
 

diff --git a/src/SecurityInsights/SecurityInsights.Test/SecurityInsights.Test.csproj b/src/SecurityInsights/SecurityInsights.Test/SecurityInsights.Test.csproj
@@ -17,7 +17,7 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.Azure.Management.SecurityInsights" Version="1.0.0-preview.1" />
+    <PackageReference Include="Microsoft.Azure.Management.SecurityInsights" Version="1.0.0" />
   </ItemGroup>
 
   <ItemGroup>