Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[sentinel-intel] Fix (MD5/SHA-1 support & Fix with file metadata) #3425

Merged
merged 10 commits into from
Feb 20, 2025
Merged

[sentinel-intel] Fix (MD5/SHA-1 support & Fix with file metadata) #3425

merged 10 commits into from
Feb 20, 2025
+83 −76

Conversation

romain-filigran
Copy link
Member

@romain-filigran romain-filigran commented Feb 13, 2025
edited
Loading

Proposed changes

  • Publish MD5 & SHA-1 in addition to SHA-256
  • Stop publishing invalid file metadata
  • Fix deletion problems

Related issues

The deletion of indicators has also been corrected. This could solve these two problems:

Checklist

  • I consider the submitted work as finished
  • I tested the code for its functionality using different use cases
  • I added/update the relevant documentation (either on github or on notion)
  • Where necessary I refactored code to improve the overall quality

@romain-filigran romain-filigran changed the title Azure Sentinel Fix (MD5/SHA-1 support & Fix with file metadata) [sentinel-intel]: Fix (MD5/SHA-1 support & Fix with file metadata) Feb 13, 2025
@romain-filigran romain-filigran changed the title [sentinel-intel]: Fix (MD5/SHA-1 support & Fix with file metadata) [sentinel-intel] Fix (MD5/SHA-1 support & Fix with file metadata) Feb 13, 2025
@romain-filigran romain-filigran added the filigran team use to identify PR from the Filigran team label Feb 13, 2025
@SamuelHassine SamuelHassine force-pushed the master branch 2 times, most recently from b513b96 to 11a05bf Compare February 14, 2025 12:49
@helene-nguyen helene-nguyen added the do not merge Do not merge this PR until this tag will be removed label Feb 14, 2025
@helene-nguyen
Copy link
Member

@romain-filigran Following our discussion, I've added a label to not merge until you finished, feel free to ping us when it's done :)

@helene-nguyen helene-nguyen removed the do not merge Do not merge this PR until this tag will be removed label Feb 18, 2025
Powlinett
Powlinett previously requested changes Feb 18, 2025
View reviewed changes
Copy link
Member

@Powlinett Powlinett left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems to work as intended 👍

The issue is clear now and the fix is accurate, although the code could benefit from a little refacto to help with maintainability (see suggestions in comments) 🙌

Thanks!

stream/sentinel-intel/src/sentinel_intel_connector/api_handler.py Outdated Show resolved Hide resolved
stream/sentinel-intel/src/sentinel_intel_connector/api_handler.py Show resolved Hide resolved
stream/sentinel-intel/src/sentinel_intel_connector/api_handler.py Outdated Show resolved Hide resolved
stream/sentinel-intel/src/sentinel_intel_connector/connector.py Outdated Show resolved Hide resolved
stream/sentinel-intel/src/sentinel_intel_connector/connector.py Outdated Show resolved Hide resolved
stream/sentinel-intel/src/sentinel_intel_connector/connector.py Outdated Show resolved Hide resolved
@Powlinett Powlinett mentioned this pull request Feb 18, 2025
Merged
4 tasks
@romain-filigran
Copy link
Member Author

@Powlinett : Thank you for your review and comments.

@Powlinett Powlinett self-requested a review February 20, 2025 13:16
@Powlinett Powlinett dismissed their stale review February 20, 2025 13:17

Requested changes applied

@helene-nguyen helene-nguyen merged commit aa84436 into master Feb 20, 2025
4 checks passed
@helene-nguyen helene-nguyen deleted the issue/3423 branch February 20, 2025 13:54
This was linked to issues Feb 20, 2025
[sentinel-intel]: Incorrect File indicator metadata sent to Azure Sentinel resulting in incorrect STIX Pattern #3424
Closed
[sentinel-intel]: The connector does not send MD5 and SHA-1-based indicators to Sentinel SIEM #3423
Closed
[Sentinel-intel] Bad management of updates and non-deletion #3289
Closed
Stream-Sentinel-Intel Connector Not Deleting Indicators from Defender #3177
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Powlinett Powlinett Powlinett approved these changes

@helene-nguyen helene-nguyen Awaiting requested review from helene-nguyen

Assignees

@Powlinett Powlinett

@romain-filigran romain-filigran

Labels
filigran team use to identify PR from the Filigran team
Projects
None yet
Milestone
No milestone
3 participants
@romain-filigran @helene-nguyen @Powlinett