Edit

Share via

Package and publish a Microsoft Sentinel platform solution

A Microsoft Sentinel platform solution is a deployable package for the Microsoft Sentinel data lake. It includes code and configuration that help you analyze and respond to security data.

This article shows how to package and publish your completed platform solution in the Microsoft Security Store.

Prerequisites

Before you begin, please review the Microsoft Sentinel platform solution prerequisites.

Prepare your solution components

Before you create the package manifest, check that all your solution components adhere to the required structure and naming formats.

Important

Each platform solution must include one AgentManifest.yaml file.

  • One AgentManifest.yaml file.
  • You can include Copilot plugin specifications:
    • API plugin specs named openapispec_<number>.yaml or openapispec_<number>.json.
    • GPT or KQL plugin specs named template_<number>.txt.
  • You can include Sentinel data lake notebook jobs:
    • Each job must include a .job.yaml file and the corresponding notebook.
  • You can include mainTemplate.json if your solution deploys Azure resources.

Note

The ARM template doesn't support user input.

Create the package manifest

Create a package manifest to list the solution components. It includes the solution name, description, and contents to package.

  1. In Visual Studio Code, open the File Explorer view.

  2. Right-click an empty area and select Microsoft Sentinel > Create Package Manifest.

  3. Enter a name in the Save As dialog and save the manifest in your solution folder. VS Code creates a .package.yaml file and opens it in the package manifest editor.

  4. Fill in the package details in the editor:

    • Package name: The name that appears in the Microsoft Security Store.

    • Description: A short explanation of what the package does.

    • Include paths: The folders that contain the agent manifest, job YAML files, notebooks, and other required files.

      Screenshot of the Create Package Definition dialog in Visual Studio Code showing fields for package name, description, and include paths.

  5. (Optional) Select View YAML to edit the YAML file.

Example manifest

packageName: ContosoPlatformSolution
description: Provides advanced hunting notebooks and Copilot plugins for Contoso firewall logs.
includePaths:
  - ./AgentManifest.yaml
  - ./jobs/
  - ./notebooks/

Create the deployable ZIP file

After you define the package manifest, create the ZIP file required by the Microsoft Security Store.

  1. Open the .package.yaml manifest in Visual Studio Code.
  2. In the manifest editor, select Create Package ZIP file.
  3. The tool creates a ZIP file and saves it locally.

Publish to the Microsoft Security Store

After you create the ZIP file, publish it in the Microsoft Security Store.

  1. Open the Microsoft Security Store publisher portal.
  2. Create a new platform solution offer and upload the ZIP package.
  3. Complete the required offer details and submit for validation.

Tip

Publish first as a private offer to validate it in your environment.

Related content

For an introduction to Microsoft Sentinel SIEM solutions, see:

  • Last updated on