How to add a function app for azure workbook and sentinel solution

Question

Hi,
I am working on contributing to an azure sentinel solution in github,

My solution contains data connector and workbooks. Now, I want to add a workbook that talks to a custom endpoint. In this case, the custom endpoint is a function app http trigger.

Once the workbook loads, it invokes an api which is nothing but the http trigger function app.

This in turn calls a third party api from the function app, lets suppose, it returns a json content and workbook visualizes it. Note: I cannot directly call the third party app from workbook due to some limitations, hence the only option is this.

My question is , how do I address this new function app in my github solution that is being built.

Answer 1

@Ashwin Venkatesha, thank you for reaching out on Microsoft Q&A.

As mentioned here Microsoft Sentinel solutions include packaged content, integrations, or service offerings for Microsoft Sentinel. This guide focuses on how to build packaged content into solutions, including combinations of data connectors, workbooks, analytic rules, playbooks, hunting queries, parsers, watchlists, and more for Microsoft Sentinel.

It has also mentioned reaching out to the [Microsoft Sentinel Solutions Onboarding Team] if you are planning or building another type of integration or service offering or want to include other types of content in your solution that isn't listed here. As you are planning to include an Azure Function in the solution, I would suggest reaching out to [Microsoft Sentinel Solutions Onboarding Team] for help on this front. For more details, see Feedback section of this doc.

Hope this helps.