Add Datawiza new solution

[TianweiDaiDW]

Required items, please complete

Change(s):

• Adds new solution template to allow Datawiza customers to ingest logs into Azure Logs Analytics/Sentinel

Reason for Change(s):

• New solution

Version Updated:

• Required only for Detections/Analytic Rule templates
• See guidance below

Testing Completed:

• Yes

Checked that the validations are passing and have addressed any issues that are present:

• Yes

[TianweiDaiDW]

@microsoft-github-policy-service agree [company="Datawiza"]

[TianweiDaiDW]

@microsoft-github-policy-service agree company="Datawiza"

[v-shukore]

Hi @TianweiDaiDW, kindly provide a screenshot of the successfully running connector. Thanks

[TianweiDaiDW]

Hi @TianweiDaiDW, kindly provide a screenshot of the successfully running connector. Thanks

Hi @v-shukore, No problem. We usually ask our customers to follow the steps below to verify the connector is healthy and make sure the logs have been sent to Sentinel successfully:

1. Since the connector is running in the customer's data center or virtual machine. We will ask them to list all running Docker containers, like below:

2. Then we will go to the workspace to find the target table and run some sample queries to list some recent logs in Sentinel:

I am not sure if it meets your requirements or not. If not, please let me know.

[v-shukore]

Hi @TianweiDaiDW,
Tanks for providing the running connector screenshots. Proceeding to merge this PR.

[v-shukore]

Hi @TianweiDaiDW,
We are putting your PR on hold because your solution uses Azure Function and not Sentinel Codeless Connector Framework (CCF). We would be happy to work with you to migrate your solution to CCF.
Please drop a mail to the Microsoft Sentinel Partners at [email protected] to get their feedback and approval, so we can proceed further.
Thanks!!

[v-shukore]

Hi @TianweiDaiDW, any update on the above request. Thanks!!

[TianweiDaiDW]

Hi @TianweiDaiDW, any update on the above request. Thanks!!

Hi @v-shukore I have contacted the Azure Sentinel team, and they asked me to provide more details about our solution. And currently I am discussing with them. I think they will notify you as they know the next step.

[v-shukore]

Hi @TianweiDaiDW, thanks for the update.
Once you got update/approval from the respective team please let me know to proceed.

[v-shukore]

Hi @TianweiDaiDW, could you update the "sentinel" keyword to "Microsoft Sentinel" throughout the Data Connector and repackage the solution? Thanks!!

[TianweiDaiDW]

Hi @TianweiDaiDW, could you update the "sentinel" keyword to "Microsoft Sentinel" throughout the Data Connector and repackage the solution? Thanks!!

Hi @v-shukore I have updated it and repackaged the solution.

[v-shukore]

Hi @TianweiDaiDW, could you please add the solutions logo "datawiza_logo.svg" to this location - https://github.com/Azure/Azure-Sentinel/tree/master/Logos

[TianweiDaiDW]

Hi @TianweiDaiDW, could you please add the solutions logo "datawiza_logo.svg" to this location - https://github.com/Azure/Azure-Sentinel/tree/master/Logos

Hi @v-shukore The logo has been added.

[v-shukore]

Hi @TianweiDaiDW, you used capital letters for the logo name in Logos folder, but in the data file it’s listed in lowercase. Please make sure the logo name matches in both places, as it’s case sensitive and could cause issues after the PR is merged. Thanks!

[TianweiDaiDW]

Hi @v-shukore thank you for your remind! I have renamed the logo.