Q2 2024 updates

[nlepagnez]

Required items, please complete

Change(s):

• Deprecate Microsoft Exchange Logs and Events and creating multiple Data Connectors dedicated for AMA
• Correct bug on lastReceivedData for Exchange On-Premise and Online Collector Data connector
• Add a comparison system in Workbooks

Reason for Change(s):

• Solution evolution

[itsjusthaif]

Hi
Currently in the process of deploying this solution and I am stuck at the same issue due to which this pull was raised. When can I expect the solution to be updated?

[nlepagnez]

Hi @v-prasadboke, @v-atulyadav do we have any news on the analysis of this PR ?

[nlepagnez]

Hi Currently in the process of deploying this solution and I am stuck at the same issue due to which this pull was raised. When can I expect the solution to be updated?

Hi itsjusthaif, we are waiting for review from MS Sentinel team. We will update you as soon as possible.

[v-prasadboke]

Hello @nlepagnez & @itsjusthaif Sorry for the delay in response. Had some priority tasks on my name. Will get on this PR and update you soon

[nlepagnez]

@v-prasadboke any update ?

[nlepagnez]

@v-prasadboke, the "DataConnector" test detects that ESI-Opt6ExchangeMessageTrackingLogs.json and ESI-Opt7ExchangeHTTPProxyLogs.json are "Azure Function" Data connector, but it's completely false.

The detection has this conclusion because the table is not "Event" table and because he find "Deploy to Azure" in instruction but :

• Yes it's not Event table because we collect a specific log file in the server
• Yes he can find "Deploy to Azure" because the new Azure Monitor impose DCR that are deployed using ARM Template. It's not an Azure function, we use the Azure Monitor Agent.

Can you please correct the test because I cannot add a "Virtual" permission in my Data connector to request "Website permission" only to satisfy the test and create a confusion for end user.

[itsjusthaif]

Hi @nlepagnez, any update on this, please? Still waiting to go ahead or will have to manually map our what changes were made and reflect that to our environment.

[nlepagnez]

Hi @itsjusthaif, no news on the Microsoft Sentinel team. As you can see, I don't received any answer on my last comment.
@v-prasadboke, @v-atulyadav we are waiting on you. For remember, this PR is now opened since more than 1 month.

[v-prasadboke]

Hello @nlepagnez & @itsjusthaif, Apologies for the inconvenience but I was on leave from 2nd of October till 6th of October IST

But I still see some validation failure for Provided permissions does not match with Azure Function Connector Template from last commit.
Guidelines are provided in the failure checks to resolve permissions failure, Template path is provided in the failure description.

[nlepagnez]

Hello @nlepagnez & @itsjusthaif, Apologies for the inconvenience but I was on leave from 2nd of October till 6th of October IST

But I still see some validation failure for Provided permissions does not match with Azure Function Connector Template from last commit. Guidelines are provided in the failure checks to resolve permissions failure, Template path is provided in the failure description.

Hi @v-prasadboke, as you can see in my previous comment, this connector is not an Azure Function Connector, but an Azure Monitor Connector ingesting data in a custom table. I will not add a permission "Website permission" to my connector just to satisfy a test, a permission that will confuse users.

The test script detect my connector as Azure function connector because it's a custom table (not event table) and it found the word "Azure Deploy" inside instruction. Is it means that we cannot use Azure Deploy to deploy the DCRs needed by the "New" AMA ?!

So again, I ask you to correct the test to be compatible with AMA collecting custom data, not adapting a Data connector because the test do not works.

[itsjusthaif]

Hi @v-prasadboke please see the comment above and help progress this. We have customers waiting on this solution and this is now delayed by a good margin.

[itsjusthaif]

Any update on this one please?

[v-prasadboke]

Hello @nlepagnez & @itsjusthaif, We skipvalidated the template but still not able to get this PR merged

We are working on this