Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding a new workook for MicrosoftTeams #4128

Merged
merged 13 commits into from
Feb 28, 2022
Merged

Adding a new workook for MicrosoftTeams #4128

merged 13 commits into from
Feb 28, 2022

Conversation

samikroy
Copy link
Contributor

@samikroy samikroy commented Feb 8, 2022
edited
Loading

Change(s):

Azure-Sentinel/Workbooks/MicrosoftTeams.json- A new workbook added with the following tabs
Overview - An overview of Microsoft Teams logs in OfficeActivity.
Admin Activity - Administration activities in Microsoft Teams.
External User Activity - External user activities
Hunting - Hunting activities in Microsoft Teams.

Azure-Sentinel/Workbooks/WorkbooksMetadata.json - To add workbook metadata.

Azure-Sentinel/Workbooks/Images/Logos - To add workbook logo.

Azure-Sentinel/Workbooks/Images/Preview - To add preview images.

@samikroy samikroy changed the title Create MicrosoftTeams.json Adding a new workook for MicrosoftTeams Feb 8, 2022
@aprakash13 aprakash13 added the Workbook Workbook specialty review needed label Feb 9, 2022
alexkarabas
alexkarabas previously approved these changes Feb 10, 2022
View reviewed changes
@samikroy
Copy link
Contributor Author

@vmanojreddy & @NikTripathi - Could you please help in merging this approved one.

@samikroy samikroy requested a review from thmcelro as a code owner February 24, 2022 11:16
@v-marimanda
Copy link
Contributor

@samikroy Workbooks Queries are failing. Please look into it.
image

@samikroy
Copy link
Contributor Author

vmanojreddy

Thank you for sharing this @vmanojreddy , have updated the file with the fix, please review.

@NikTripathi NikTripathi merged commit 91e361e into Azure:master Feb 28, 2022
@samikroy
Copy link
Contributor Author

Thank you for approval @vmanojreddy & thank you for the merge @NikTripathi.

@samikroy samikroy mentioned this pull request Mar 1, 2022
Merged
@NikTripathi
Copy link
Contributor

@samikroy We already have solution for teams, Should we include it as part of the solution or standalone?

@samikroy
Copy link
Contributor Author

samikroy commented Mar 2, 2022
edited
Loading

@NikTripathi - Please include this also as a part of the existing solution.
Created a new folder structure as could not find it in the solution folder with another PR.
Current PR #4128 is for this being available as a workbook & PR #4289 is for the workbook being a part of the solution.
Let me know for any for updates to the source code.
Thank you.

@NikTripathi
Copy link
Contributor

@NikTripathi - Please include this also as a part of the existing solution. Created a new folder structure as could not find it in the solution folder with another PR. Current PR #4128 is for this being available as a workbook & PR #4289 is for the workbook being a part of the solution. Let me know for any for updates to the source code. Thank you.

Hi @samikroy . Do we need it as a standalone workbook if it's part of a solution and being distributed as a solution? As a stand-alone, I believe it should be removed. Please let me know what you think. Thanks.

@samikroy
Copy link
Contributor Author

samikroy commented Mar 4, 2022

@NikTripathi - Please include this also as a part of the existing solution. Created a new folder structure as could not find it in the solution folder with another PR. Current PR #4128 is for this being available as a workbook & PR #4289 is for the workbook being a part of the solution. Let me know for any for updates to the source code. Thank you.

Hi @samikroy . Do we need it as a standalone workbook if it's part of a solution and being distributed as a solution? As a stand-alone, I believe it should be removed. Please let me know what you think. Thanks.

@NikTripathi - Thank you for sharing your insights.
As have seen customers of categories

1.Only want to monitor teams activity.
2.Evaluatng the insights on a teams pilot phase.
3.Want to enable hunting & analytic for Teams.

For #1 & #2 the standalone workbook will enable to view the details from template gallery with MS/ Community updates.
#3 - Solution is a best fit.

Reasons for 2 different PRs are

a. There is not way to link a gallery workbook template in solution (happy to link when it is available as this will reduce the maintenance.)
b. No option to cherry pick components from solution.
c. Have seen this solution having existing analytic rules #1068

Component seems duplicated for increasing the solution (workbook) available more to bigger set of customers.
But, will let the MS product teams decide on the availability of both.
Thank you.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@v-marimanda v-marimanda v-marimanda approved these changes

@alexkarabas alexkarabas alexkarabas left review comments

@aprakash13 aprakash13 Awaiting requested review from aprakash13

@ashwin-patil ashwin-patil Awaiting requested review from ashwin-patil

@nazang nazang Awaiting requested review from nazang

@petebryan petebryan Awaiting requested review from petebryan

@shainw shainw Awaiting requested review from shainw

@thmcelro thmcelro Awaiting requested review from thmcelro

Assignees

@v-jayakal v-jayakal

@ashishsyal ashishsyal

Labels
Workbook Workbook specialty review needed
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@samikroy @v-marimanda @NikTripathi @alexkarabas @aprakash13 @v-jayakal @ashishsyal