Training Lab: Fixed Detection Rule Deployment Script Resilience

What Changed

The Microsoft Sentinel Training Lab deployment script was updated to retry detection rule creation on any KQL syntax errors, not just OktaV2_CL table errors. The fix broadens error handling to cover scenarios where custom connector tables have not yet been created during lab initialization.

Security Impact

Silent deployment failures resolved: The script previously only retried for OktaV2_CL table errors, meaning detection rules targeting other custom tables (GCP, AWS, third-party connectors) would fail silently during deployment. SOC analysts completing the lab exercises would unknowingly have incomplete detection coverage, creating false confidence in their detection stack.

Exercise improvements include corrected ThreatIntelIndicators schema queries, updated automation rules targeting analytics rules instead of custom detections, and a new Exercise 17 covering cross-source attack chain graphs linking CrowdStrike, Palo Alto, Okta, AWS, GCP, and MailGuard data.

Affected Files

Tools/Microsoft-Sentinel-Training-Lab/Artifacts/Scripts/DeployDetectionRules.ps1
Tools/Microsoft-Sentinel-Training-Lab/Exercises/E02_threat_intelligence_mdti.md
Tools/Microsoft-Sentinel-Training-Lab/Exercises/E04_automation_rules.md
Tools/Microsoft-Sentinel-Training-Lab/Exercises/E05_device_isolation_response.md
Tools/Microsoft-Sentinel-Training-Lab/Exercises/E06_port_scan_threshold_tuning.md
Tools/Microsoft-Sentinel-Training-Lab/Exercises/E09_cost_management.md
Tools/Microsoft-Sentinel-Training-Lab/Exercises/E17_custom_graph.md
Tools/Microsoft-Sentinel-Training-Lab/Exercises/Onboarding.md
Tools/Microsoft-Sentinel-Training-Lab/GraphNotebook/GraphNotebookReadme.md
Tools/Microsoft-Sentinel-Training-Lab/GraphNotebook/cross_source_attack_chain_graph.ipynb
Tools/Microsoft-Sentinel-Training-Lab/Images/OnboardingImage43.png
Tools/Microsoft-Sentinel-Training-Lab/Images/OnboardingImage44.png
Tools/Microsoft-Sentinel-Training-Lab/Images/OnboardingImage45.png
Tools/Microsoft-Sentinel-Training-Lab/Images/OnboardingImage46.png
Tools/Microsoft-Sentinel-Training-Lab/Images/OnboardingImage47.png
Tools/Microsoft-Sentinel-Training-Lab/Images/OnboardingImage48.png
Tools/Microsoft-Sentinel-Training-Lab/README.md