What Changed
TacitRed CrowdStrike IOC Automation solution v3.0.1 addresses critical deployment and visibility issues:
- Fixed InvalidResourceLocation error preventing Content Hub deployments
- Added missing Sentinel discovery tags making playbook template visible in Automation UI
- Removed restrictive domain filter expanding IOC retrieval scope
Deployment Template Fixes
ARM Template Standardization:
- Location parameter fix: Removed non-standard location parameter causing Content Hub failures
- Sentinel template discovery: Added hidden-SentinelTemplateName and hidden-SentinelTemplateVersion tags
- Domain filter removal: Eliminated forced domain restriction from API calls
Security Impact (IOC Automation)
This was a complete solution deployment and discovery failure:
- Pre-fix: Solution appeared installed but playbook template was completely invisible in Sentinel Automation UI
- Post-fix: Playbook template properly discoverable enabling TacitRed to CrowdStrike IOC synchronization
IOC Integration Enhancement:
- Template visibility: Fixed missing hidden tags that prevented playbook discovery in Sentinel Automation > Playbook templates
- Full IOC scope: Removed domain filter allowing retrieval of all TacitRed compromised credentials
- CrowdStrike integration: Enables automated push of domain and SHA256 IOCs to CrowdStrike Falcon platform
The missing discovery tags were preventing security teams from finding and configuring the IOC automation playbook, effectively rendering the threat intelligence integration non-functional despite successful solution installation.
Affected Files
Solutions/TacitRed-IOC-CrowdStrike/Playbooks/TacitRedToCrowdStrike_Playbook.json
(packaging artefacts: 3.0.1.zip, ReleaseNotes.md, Solution_TacitRedCrowdStrikeAutomation.json, mainTemplate.json)