Merge pull request #5 from SecureHats/merge/master

merge

.github/workflows/convertKqlFuncYamlToArmTemplate.yaml

@@ -30,12 +30,23 @@ jobs:
         with:
             packages: |
                 yamale
-      - name: Run kqlFuncYaml2Arm script
-        run: bash .script/kqlFuncYaml2Arm.sh
-      - name: setup git config
+      - name: Setup git config
         run: |
           git config --local user.name "github-actions[bot]"
           git config --local user.email "<>"
+      - name: Merge master into pull request branch
+        run: |
+          git merge origin/master
+          Conflicts=$(git ls-files -u | wc -l)
+          if [ "$Conflicts" -gt 0 ] ; then
+            echo "There is a merge conflict. Aborting"
+            git merge --abort
+            exit 1
+          fi
+      - name: Run kqlFuncYaml2Arm script
+        run: |
+          .script/kqlFuncYaml2Arm.ps1
+        shell: pwsh  
       - name: Commit changes
         run: |
           # Stage the files and commit

.github/workflows/runAsimTesters.yaml

@@ -0,0 +1,56 @@
+name: Run ASIM testers on "eco-connector-test" workspace
+on:
+  pull_request_target:
+    types: [opened, edited, reopened, synchronize, labeled]
+    paths:
+    - 'Parsers/ASimDns/Parsers/**'
+    - 'Parsers/ASimNetworkSession/Parsers/**'
+    - 'Parsers/ASimWebSession/Parsers/**'
+    - 'Parsers/ASimProcessEvent/Parsers/**'
+
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+permissions:
+      id-token: write
+      contents: read
+
+jobs: 
+  runAsimTesters:
+      runs-on: ubuntu-latest
+      steps:
+      - name: Checkout pull request branch
+        uses: actions/checkout@v3
+        with:
+            ref: ${{github.event.pull_request.head.ref}}
+            repository: ${{github.event.pull_request.head.repo.full_name}}
+            persist-credentials: false # otherwise, the token used is the GITHUB_TOKEN, instead of your personal access token.
+            fetch-depth: 0 # otherwise, there would be errors pushing refs to the destination repository.
+      - name: Login to Azure Public Cloud with AzPowershell
+        uses: azure/login@v1
+        with:
+          client-id: ${{ secrets.AZURE_CLIENT_ID }}
+          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} 
+          enable-AzPSSession: true
+      - name: Setup git config
+        run: |
+          git config --local user.name "github-actions[bot]"
+          git config --local user.email "<>"
+      - name: Merge master into pull request branch
+        run: |
+          git merge origin/master
+          Conflicts=$(git ls-files -u | wc -l)
+          if [ "$Conflicts" -gt 0 ] ; then
+            echo "There is a merge conflict. Aborting"
+            git merge --abort
+            exit 1
+          fi
+      - name: Run Asim testers
+        uses: azure/powershell@v1
+        with:
+          inlineScript: |
+            & ".script/tests/asimParsersTest/runAsimTesters.ps1"
+          azPSVersion: "latest"
+          errorActionPreference : continue
+          failOnStandardError: false

.gitignore

@@ -105,7 +105,6 @@ ipch/
 *.psess
 *.vsp
 *.vspx
-*.sap
 
 # Visual Studio Trace Files
 *.e2e

.script/dataConnectorValidator.ts

@@ -74,7 +74,7 @@ function getConnectorCategory(dataTypes : any, instructionSteps:[])
     {
         return ConnectorCategory.AzureFunction;
     }
-    else if(dataTypes[0].name.includes("meraki") && JSON.stringify(instructionSteps).includes("\"type\":\"InstallAgent\""))
+    else if((dataTypes[0].name.includes("meraki") || dataTypes[0].name.includes("vcenter")) && JSON.stringify(instructionSteps).includes("\"type\":\"InstallAgent\""))
     {
         return ConnectorCategory.SysLog;
     }

.script/getModifiedASimSchemas.ps1

@@ -0,0 +1,19 @@
+function getModifiedAsimSchemas() {
+    $schemas = ("ASimDns", "ASimWebSession", "ASimNetworkSession", "ASimProcessEvent")
+    $midifiedSchemas = @()
+    foreach ($schema in $schemas) {
+        $filesThatWereChanged= Invoke-Expression "git diff origin/master  --name-only -- $($PSScriptRoot)/../Parsers/$($schema)/Parsers"
+        if ($filesThatWereChanged) {
+            Write-Host Files that were changed under Azure-Sentinel/Parsers/$schema/ARM:
+			Write-Host  - $filesThatWereChanged
+            $midifiedSchemas += $schema
+        }
+        else {
+            Write-Host "No files were changed under Azure-Sentinel/Parsers/$schema/"
+        }
+    }
+
+    return $midifiedSchemas
+}
+
+getModifiedAsimSchemas

.script/kqlFuncYaml2Arm.ps1

@@ -0,0 +1,10 @@
+$failed=0
+# The KqlFuncYaml2Arm script generates deployable ARM templates from KQL function YAML files.
+# Currently, the script only runs on the Schemas listed below.
+$modifiedSchemas = & "$($PSScriptRoot)/getModifiedASimSchemas.ps1"
+foreach($schema in $modifiedSchemas) {
+	Remove-Item "$($PSScriptRoot)/../Parsers/$schema/ARM" -Recurse
+	python ASIM/dev/ASimYaml2ARM/KqlFuncYaml2Arm.py -m asim -d Parsers/$schema/ARM Parsers/$schema/Parsers
+}
+
+exit $failed

.script/tests/KqlvalidationsTests/CustomFunctions/_ASIM_GetSourceBySourceType.json

@@ -0,0 +1,16 @@
+{
+    "FunctionName": "_ASIM_GetSourceBySourceType",
+    "FunctionParameters": [
+      {
+        "Name": "SourceType",
+        "Type": "string",
+        "IsRequired": true
+      }
+    ],
+    "FunctionResultColumns": [
+      {
+        "Name": "print_0",
+        "Type": "dynamic"
+      }
+    ]
+}

.script/tests/KqlvalidationsTests/CustomTables/ApacheHTTPServer.json

@@ -43,7 +43,7 @@
         },
         {
             "Name": "HttpStatusCode",
-            "Type": "String"
+            "Type": "Double"
         },
         {
             "Name": "HttpUserAgentOriginal",