What Changed
Released the Solutions Analyzer tool - a comprehensive Python-based solution for automatically analyzing Microsoft Sentinel content repository structure. The tool performs automated discovery and mapping of data connector to table relationships across all solutions.
Key capabilities:
- Automated Discovery: Scans all solution directories to identify connectors, parsers, and table dependencies
- KQL Analysis: Parses connector definitions, DCR configurations, and query templates to extract table references
- Relationship Mapping: Creates detailed mappings between connectors and the tables they populate
- CSV Reporting: Generates multiple CSV reports for analysis and validation
- CI Integration: Includes GitHub workflow for automated analysis updates
Detection Surface Unlocked
This tool enhances SOC operations by:
- Visibility Gap Identification: Quickly identifies which tables are populated by which connectors
- Dependency Analysis: Maps parser dependencies and ASIM relationships
- Configuration Validation: Detects mismatches between connector names and actual table references
- Coverage Assessment: Enables comprehensive data source coverage analysis for threat hunting
Affected Files
Tools/Solutions Analyzer/solution_connector_tables.py (new analysis engine)
Tools/Solutions Analyzer/README.md
.github/workflows/update-solutions-analyzer.yml (new CI workflow)
Tools/Solutions Analyzer/solutions_connectors_tables_mapping.csv (generated mapping)
Tools/Solutions Analyzer/solutions_connectors_tables_issues_and_exceptions_report.csv (issue tracking)