Digital Shadows: Updated EventReportUrl to Use GreyMatter Platform Links

What Changed

Digital Shadows updated both analytic rules (Digital_Shadows_incident_creation_include.yaml and Digital_Shadows_incident_creation_exclude.yaml) to use the new gm_link_s column for EventReportUrl construction, replacing hardcoded portal-digitalshadows.com URLs.

Detection Logic

• Primary data source: DigitalShadows_CL table
• Core logic change: EventReportUrl now uses coalesce(gm_link_s, “”) instead of string concatenation with portal-digitalshadows.com
• Entity mapping: URL entities in incidents will now point to live GreyMatter destinations for migrated accounts; non-migrated accounts get empty EventReportUrl (no broken links)
• Version bump: Both rules updated from 1.0.2 to 1.0.3

Security Impact (Visibility & Fidelity)

This addresses a data fidelity gap where Digital Shadows customers migrating to the GreyMatter platform would receive broken URL entities in Sentinel incidents. The portal-digitalshadows.com domain is being deprecated, causing dead links that impact analyst workflow when investigating Digital Shadows-sourced incidents. SOC teams using Digital Shadows will now receive functional GreyMatter URLs that properly redirect to active threat intelligence details.

Affected Files

.script/tests/KqlvalidationsTests/CustomTables/DigitalShadows_CL.json
Solutions/Digital Shadows/Analytic Rules/Digital_Shadows_incident_creation_exclude.yaml
Solutions/Digital Shadows/Analytic Rules/Digital_Shadows_incident_creation_include.yaml
Solutions/Digital Shadows/Data Connectors/DigitalShadowsConnectorAzureFunction/AS_api.py
Solutions/Digital Shadows/Data Connectors/DigitalShadowsConnectorAzureFunction/AS_poller.py
Solutions/Digital Shadows/Data Connectors/DigitalShadowsConnectorAzureFunction/DS_api.py
Solutions/Digital Shadows/Data Connectors/DigitalShadowsConnectorAzureFunction/DS_poller.py
Solutions/Digital Shadows/Data Connectors/DigitalShadowsConnectorAzureFunction/__init__.py
Solutions/Digital Shadows/Data Connectors/DigitalShadowsConnectorAzureFunction/constant.py
Solutions/Digital Shadows/Data Connectors/DigitalShadowsConnectorAzureFunction/function.json
Solutions/Digital Shadows/Data Connectors/DigitalShadowsConnectorAzureFunction/state_serializer.py
Solutions/Digital Shadows/Data Connectors/DigitalShadowsSearchlight_API_functionApp.json
Solutions/Digital Shadows/Data Connectors/digitalshadowsARM.json
Solutions/Digital Shadows/Data Connectors/host.json
Solutions/Digital Shadows/Data Connectors/proxies.json
Solutions/Digital Shadows/Data Connectors/readme.md
Solutions/Digital Shadows/Data Connectors/requirements.txt
(packaging artefacts: 3.0.0.zip, ReleaseNotes.md, Solution_DigitalShadowsSearchlight.json, digitalshadowsConnector.zip, mainTemplate.json)