Added Support for Related Infrastructre Playbook and Workbook in Censys#13994
Added Support for Related Infrastructre Playbook and Workbook in Censys#13994devendra-chavda wants to merge 1 commit intoAzure:masterfrom
Conversation
v-atulyadav
added
Playbook
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
Adds a new “Related Infrastructure” experience to the Censys solution by wiring a new workbook section to a new playbook and custom table, plus updating supporting metadata and sample/test artifacts.
Changes:
- Added a new “Related Infrastructure” dashboard section and ARM action trigger to the Censys workbook.
- Added a new playbook reference + new custom table sample/test definitions for
CensysRelatedInfrastructure_CL. - Updated workbook metadata assets list (new table + additional images) and appended release notes.
Reviewed changes
Copilot reviewed 10 out of 16 changed files in this pull request and generated 9 comments.
Show a summary per file
| File | Description |
|---|---|
| Workbooks/WorkbooksMetadata.json | Updates Censys workbook metadata to reference the new custom table and additional images. |
| Solutions/Censys/Workbooks/Censys.json | Adds a “Related Infrastructure” dashboard section, parameters, and KQL queries to drive the experience. |
| Solutions/Censys/ReleaseNotes.md | Adds a release note entry for the new playbook/workbook support. |
| Solutions/Censys/Playbooks/CensysRelatedInfrastructure/README.md | Adds documentation for deploying/configuring the new playbook. |
| Solutions/Censys/Package/createUiDefinition.json | Updates package UI metadata (skipped review/comments per repo rules for Solutions/**/Package/**). |
| Solutions/Censys/Data/Solution_Censys.json | Adds the new playbook ARM template to the solution manifest. |
| Sample Data/Custom/CensysRelatedInfrastructure_CL.csv | Adds sample data for the new custom table. |
| Sample Data/Custom/CensysRelatedAssetsDetails_CL.csv | Removes sample data for the previous related-assets table. |
| .script/tests/KqlvalidationsTests/CustomTables/CensysRelatedInfrastructure_CL.json | Adds schema definition used by KQL validation tests for the new custom table. |
| .script/tests/KqlvalidationsTests/CustomTables/CensysRelatedAssetsDetails_CL.json | Removes schema definition for the old custom table. |
| "durationMs": 86400000 | ||
| }, | ||
| "queryType": 1, | ||
| "resourceType": "microsoft.operationalinsights/workspaces", |
There was a problem hiding this comment.
The SubscriptionId parameter is configured as a Resource Graph query (queryType: 1) against the Resources table, but resourceType is set to microsoft.operationalinsights/workspaces (Log Analytics). This mismatch is likely to break the parameter query. Align resourceType with Resource Graph (for consistency with the ResourceGroup parameter) or change the query/queryType to match Log Analytics.
| "resourceType": "microsoft.operationalinsights/workspaces", | |
| "resourceType": "microsoft.resourcegraph/resources", |
| "conditionalVisibilities": [ | ||
| { | ||
| "parameterName": "SubscriptionId", | ||
| "comparison": "isNotEqualTo" | ||
| }, | ||
| { | ||
| "parameterName": "ResourceGroup", | ||
| "comparison": "isNotEqualTo" | ||
| }, | ||
| { | ||
| "parameterName": "IndicatorType", | ||
| "comparison": "isNotEqualTo" | ||
| }, | ||
| { | ||
| "parameterName": "IndicatorValue", | ||
| "comparison": "isNotEqualTo" | ||
| } |
There was a problem hiding this comment.
Each conditionalVisibilities entry uses comparison: "isNotEqualTo" but omits the value to compare against. Workbook conditional visibility rules typically require a value (often "" to mean “not empty”). As-is, this can evaluate incorrectly or fail schema validation, causing the Submit link/panels to not appear as intended.
| @@ -1,3 +1,4 @@ | |||
| | **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** | | |||
| |-------------|--------------------------------|--------------------------------------------------------------------| | |||
| | 3.0.0 | 06-04-2026 | Added Support for Related Infrastructre Playbook and Workbook | | |||
There was a problem hiding this comment.
The release notes table violates the required release notes format: it appears to have an extra leading empty column (|| ...), and it introduces a duplicate version (3.0.0 appears twice). Update the table to have exactly 3 columns (no leading empty column) and bump the solution version for this change (e.g., 3.0.1), keeping versions unique and ordered newest-first.
| | 3.0.0 | 06-04-2026 | Added Support for Related Infrastructre Playbook and Workbook | | |
| | 3.0.1 | 06-04-2026 | Added Support for Related Infrastructre Playbook and Workbook | |
| | **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** | | ||
| |-------------|--------------------------------|--------------------------------------------------------------------| | ||
| | 3.0.0 | 06-04-2026 | Added Support for Related Infrastructre Playbook and Workbook | | ||
| | 3.0.0 | 05-03-2026 | Initial Solution for Censys with Playbooks and Workbook | |
There was a problem hiding this comment.
Correct spelling of "Infrastructre" to "Infrastructure".
| | **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** | | |
| |-------------|--------------------------------|--------------------------------------------------------------------| | |
| | 3.0.0 | 06-04-2026 | Added Support for Related Infrastructre Playbook and Workbook | | |
| | 3.0.0 | 05-03-2026 | Initial Solution for Censys with Playbooks and Workbook | | |
| | **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** | | |
| |-------------|--------------------------------|-------------------------------------------------------------------| | |
| | 3.0.1 | 06-04-2026 | Added Support for Related Infrastructure Playbook and Workbook | | |
| | 3.0.0 | 05-03-2026 | Initial Solution for Censys with Playbooks and Workbook | |
| @@ -1,3 +1,4 @@ | |||
| | **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** | | |||
| |-------------|--------------------------------|--------------------------------------------------------------------| | |||
| | 3.0.0 | 06-04-2026 | Added Support for Related Infrastructre Playbook and Workbook | | |||
There was a problem hiding this comment.
PR metadata says “Version Updated: No”, but the changes add functionality (new playbook/workbook support) and also add a new release note row. For Sentinel solutions, new content typically requires a version increment (and corresponding ReleaseNotes + Solution manifest alignment) rather than adding a second entry under the same version.
| "Playbooks/CensysHostHistory/azuredeploy.json", | ||
| "Playbooks/CensysIncidentEnrichment/azuredeploy.json", | ||
| "Playbooks/CensysIOCLookup/azuredeploy.json", | ||
| "Playbooks/CensysRelatedInfrastructure/azuredeploy.json", | ||
| "Playbooks/CensysRescan/azuredeploy.json" |
There was a problem hiding this comment.
Adding a new playbook to the solution manifest should generally be accompanied by a solution version bump and consistent release notes entry for that bumped version (to ensure packaging/update flows can detect and distribute the new content correctly). Right now the release notes attempt to document the change under the existing 3.0.0, which is problematic.
| @@ -0,0 +1,45 @@ | |||
| # Censys Ad-Hoc IOC Lookup | |||
There was a problem hiding this comment.
The README title doesn’t match the playbook being added (CensysRelatedInfrastructure) and can mislead users during deployment. Also, “Azure AD” is outdated terminology in Microsoft docs; consider updating to “Microsoft Entra ID” for consistency with current naming.
| * PlaybookName: Enter the playbook name here (default: CensysRelatedInfrastructure). | ||
| * OrganizationID: Your Censys Organization ID from the Censys platform account settings. | ||
| * KeyVaultName: Name of the Azure Key Vault where the Censys API token is stored. | ||
| * TenantId: Azure AD Tenant ID where the Key Vault is located. |
There was a problem hiding this comment.
The README title doesn’t match the playbook being added (CensysRelatedInfrastructure) and can mislead users during deployment. Also, “Azure AD” is outdated terminology in Microsoft docs; consider updating to “Microsoft Entra ID” for consistency with current naming.
| @@ -0,0 +1,11 @@ | |||
| TenantId,SourceSystem,MG,ManagementGroupName,"TimeGenerated [UTC]",Computer,RawData,"censys_url_s","count_d","fields_s","values_s","ioc_s","values_g",Type,"_ResourceId" | |||
There was a problem hiding this comment.
The CSV header includes a UTF-8 BOM character before TenantId (visible as an extra character at the start). This can cause schema/parsing mismatches in tooling that expects exact column names; please remove the BOM so the first header is exactly TenantId.
| TenantId,SourceSystem,MG,ManagementGroupName,"TimeGenerated [UTC]",Computer,RawData,"censys_url_s","count_d","fields_s","values_s","ioc_s","values_g",Type,"_ResourceId" | |
| TenantId,SourceSystem,MG,ManagementGroupName,"TimeGenerated [UTC]",Computer,RawData,"censys_url_s","count_d","fields_s","values_s","ioc_s","values_g",Type,"_ResourceId" |
Change(s):
Reason for Change(s):
Version Updated:
Testing Completed:
Checked that the validations are passing and have addressed any issues that are present: