Udated solution package with the changes of field mapping with ExternalId field.

2023-05-19 18:45:53 +05:30 · 2023-05-19 18:45:53 +05:30 · 76b74365a8
--- a/Connectors/CofenseTriageDataConnector/CofenseBasedIndicatorCreator/cofense_to_sentinel_mapping.py
+++ b/Connectors/CofenseTriageDataConnector/CofenseBasedIndicatorCreator/cofense_to_sentinel_mapping.py
@ -117,7 +117,6 @@ class CofenseToSentinelMapping:
                    data = {}
                    continue
                indicator_id = indicator.get("id", "")
-                data["properties"]["externalId"] = indicator_id
                data["properties"]["displayName"] = "Cofense Triage : {}".format(
                    indicator_id
                )
@ -181,7 +180,8 @@ class CofenseToSentinelMapping:
                            LOGS_STARTS_WITH, __method_name, COFENSE_TO_SENTINEL
                        )
                    )
-                self.microsoft_obj.create_indicator(data)
+                indicator_response = self.microsoft_obj.create_indicator(data)
+                indicator_externalId = indicator_response.get("properties", {}).get("externalId", "")
                applogger.debug(
                    "{}(method={}) : {}: indicator created successfully.".format(
                        LOGS_STARTS_WITH, __method_name, COFENSE_TO_SENTINEL
@ -190,6 +190,7 @@ class CofenseToSentinelMapping:
                updated_at = indicator.get("attributes", {}).get("updated_at", "")
                reportdata = {
                    "indicator_id": indicator_id,
+                    "external_id": "{}-{}".format(indicator_externalId, source_cofence),
                    "report_link": report_link,
                    "updated_at": updated_at
                }
--- a/Connectors/CofenseTriageDataConnector/CofenseBasedIndicatorCreator/sentinel.py
+++ b/Connectors/CofenseTriageDataConnector/CofenseBasedIndicatorCreator/sentinel.py
@ -68,7 +68,7 @@ class MicrosoftSentinel:
                            response_json,
                        )
                    )
-                    return
+                    return response_json
                elif response.status_code == 429:
                    applogger.error(
                        "{}(method={}) : {} : trying again error 429.".format(
--- a/Solutions/CofenseTriage/Package/2.0.1.zip
+++ b/Solutions/CofenseTriage/Package/2.0.1.zip
--- a/Solutions/CofenseTriage/Package/createUiDefinition.json
+++ b/Solutions/CofenseTriage/Package/createUiDefinition.json
@ -100,6 +100,20 @@
                "uri": "https://docs.microsoft.com/azure/sentinel/tutorial-monitor-your-data"
              }
            }
+          },
+          {
+            "name": "workbook1",
+            "type": "Microsoft.Common.Section",
+            "label": null,
+            "elements": [
+              {
+                "name": "workbook1-text",
+                "type": "Microsoft.Common.TextBlock",
+                "options": {
+                  "text": null
+                }
+              }
+            ]
          }
        ]
      }
--- a/Solutions/CofenseTriage/Package/mainTemplate.json
+++ b/Solutions/CofenseTriage/Package/mainTemplate.json
--- a/Solutions/CofenseTriage/Workbooks/CofenseTriageThreatIndicators.json
+++ b/Solutions/CofenseTriage/Workbooks/CofenseTriageThreatIndicators.json