Add Vaikora AI Agent Signals to SentinelOne — Microsoft Sentinel Solution v1.0.0#13985
Open
mazamizo21 wants to merge 50 commits intoAzure:masterfrom
Open
Add Vaikora AI Agent Signals to SentinelOne — Microsoft Sentinel Solution v1.0.0#13985mazamizo21 wants to merge 50 commits intoAzure:masterfrom
mazamizo21 wants to merge 50 commits intoAzure:masterfrom
Conversation
v-shukore
added
the
New Solution
mazamizo21
force-pushed
the
feature/vaikora-sentinelone-azure-v1.0.0
branch
from
d91b17d to
f3ea143
Compare
added 6 commits
April 3, 2026 11:01
Contributor
Author
|
Hi @v-maheshbh — done! Repackaged with version 3.0.0. |
added 5 commits
April 3, 2026 12:13
…aApiKey) — ARM validates clean
…rams/vars, fix location
…ntId1), parentId bracket, arm-ttk clean (47-48/49 matching Cyren baseline)
…ment fix (same as Cyren-SentinelOne PR Azure#13990)
…ated response
Vaikora API returns a paginated envelope: {"actions": [...], "total": N, ...}
not a bare array. Filter_High_Severity_Or_Anomaly was passing the whole object
to the 'from' property, which expects an array and failed with:
"The 'from' property value in the 'query' action is of type 'Object'."
Fix: changed 'from' to @Body('Get_Vaikora_Actions')?['actions']
Also fixes in same pass:
- Added workspace-name variable (was missing, caused template ref errors)
- playbookContentId1: "Playbooks" -> "VaikoraToSentinelOne_Playbook"
- PlaybookName defaultValue: "pb-vaikora-to-sentinelone" -> "VaikoraToSentinelOne_Playbook"
- Parameter casing: VaikoraApiKey/VaikoraAgentId -> vaikoraApiKey/vaikoraAgentId
- displayName: "Playbooks" -> "VaikoraToSentinelOne_Playbook"
- Rebuilt 3.0.0.zip
E2E tested: Logic App deployed to rg-vaikora-test, triggered, 6 anomaly IOCs
pushed to SentinelOne TI API (source: "Vaikora AI Agent Security (Data443)")
Contributor
|
Hi @mazamizo21, accidently you have added multiple solutions in this PR please remove it all and clean the solution. Thanks! |
…plate compatibility
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Vaikora AI Agent Signals to SentinelOne — Microsoft Sentinel Solution v1.0.0
This PR adds a Logic App playbook solution that polls Vaikora AI agent behavioral signals and pushes high-severity indicators as Threat Intelligence IOCs to SentinelOne.
What's included
Logic App Playbook (VaikoraToSentinelOne_Playbook.json)
GET /api/v1/actionsfor high-risk + anomalous agent actionsPOST /web/api/v2.1/threat-intelligence/iocsSignal Mapping
Parameters
Notes
filter.accountIdsin POST body (S1 enforcement requirement)Publisher
Data443 Risk Mitigation, Inc. — support@data443.com