fix feature flags

Solutions/Threat Intelligence Solution for Azure Government/Data/Solution_ThreatIntelligenceFairfax.json

@@ -56,7 +56,7 @@
 		"Solutions/Threat Intelligence Solution for Azure Government/Analytic Rules/IPEntity_DuoSecurity.yaml"
 	],
 	"BasePath": "C:\\GitHub\\Azure-Sentinel",
-	"Version": "3.0.4",
+	"Version": "3.0.5",
 	"Metadata": "SolutionMetadata.json",
 	"TemplateSpec": true,
 	"StaticDataConnectorIds": [

Solutions/Threat Intelligence Solution for Azure Government/ReleaseNotes.md

@@ -1,6 +1,7 @@
 | **Version** | **Date Modified (DD-MM-YYYY)** | **Change History**                          |
 |-------------|--------------------------------|---------------------------------------------|
-| 3.0.4      | 01-15-2025                     | Updated feature flags for PMDTI and MDTI for GA, and Upload API for PP. |
+| 3.0.5       | 01-22-2025                     | Fixed feature flag configs for PMDTI, MDTI, and UploadAPI based on the new FeatureStates. Fix api-version and documentation link for UploadAPI. |
+| 3.0.4       | 01-15-2025                     | Updated feature flags for PMDTI and MDTI for GA, and Upload API for PP. |
 | 3.0.3		  | 28-11-2024					   | Removed (Preview) from name for **Data Connectors** Microsoft Defender Threat Intelligence and Premium Microsoft Defender Threat Intelligence, make the MDTI and PMDTI data connctors available in gov solution, and update descriptions of data connectors. |
 | 3.0.2       | 19-08-2024                     | Updated isConnectedQuery for **Data Connector** of "Threat Intelligence Upload Indicators API". |
 | 3.0.1       | 06-08-2024                     | Updated the URL in **data connector**       |

Solutions/Threat Intelligence/Data Connectors/template_MicrosoftDefenderThreatIntelligence.json

@@ -39,7 +39,7 @@
         }
     ],
     "availability": {
-        "status": 3,
+        "status": 2,
         "isPreview": false,
         "featureFlag": {
             "feature": "msticonnector",
@@ -49,8 +49,9 @@
                 "3": 3,
                 "4": 3,
                 "5": 3,
-                "6": 2,
-                "7": 2
+                "6": 0,
+                "7": 2,
+                "8": 2
             }
         }
     },

Solutions/Threat Intelligence/Data Connectors/template_PremiumMicrosoftDefenderThreatIntelligence.json

@@ -6,7 +6,7 @@
         "type": 258,
         "options": null
     },
-    "descriptionMarkdown": "Microsoft Sentinel provides you the capability to import threat intelligence generated by Microsoft to enable monitoring, alerting and hunting. Use this data connector to import Indicators of Compromise (IOCs) from Microsoft Defender Threat Intelligence (MDTI) into Microsoft Sentinel. Threat indicators can include IP addresses, domains, URLs, and file hashes, etc. Note: This is a paid connector. To use and ingest data from it, please purchase the \"MDTI API Access\" SKU from the Partner Center.",
+    "descriptionMarkdown": "Microsoft Sentinel provides you the capability to import threat intelligence generated by Microsoft to enable monitoring, alerting and hunting. Use this data connector to import Indicators of Compromise (IOCs) from Premium Microsoft Defender Threat Intelligence (MDTI) into Microsoft Sentinel. Threat indicators can include IP addresses, domains, URLs, and file hashes, etc. Note: This is a paid connector. To use and ingest data from it, please purchase the \"MDTI API Access\" SKU from the Partner Center.",
     "graphQueries": [
         {
             "metricName": "Total data received",
@@ -39,18 +39,19 @@
         }
     ],
     "availability": {
-        "status": 3,
+        "status": 2,
         "isPreview": false,
         "featureFlag": {
             "feature": "premiummdticonnector",
-             "featureStates": {
+            "featureStates": {
                 "1": 3,
                 "2": 3,
                 "3": 3,
                 "4": 3,
                 "5": 3,
-                "6": 1,
-                "7": 1
+                "6": 0,
+                "7": 1,
+                "8": 1
             }
         }
     },

Solutions/Threat Intelligence/Data Connectors/template_ThreatIntelligenceUploadIndicators.json

@@ -31,7 +31,7 @@
         }
     ],
     "availability": {
-        "status": 2,
+        "status": 1,
         "isPreview": true
     },
     "permissions": {
@@ -64,7 +64,7 @@
         },
         {
 			"title": "2. Send STIX objects to Sentinel",
-			"description": "You can send the supported STIX object types by calling our Upload API. For more information about the API, click [here](https://learn.microsoft.com/azure/sentinel/upload-indicators-api). \n\n>HTTP method: POST \n\n>Endpoint: https://api.ti.sentinel.azure.com/workspaces/[WorkspaceID]/threatintelligence-stix-objects:upload?api-version=2024-02-01  \n\n>WorkspaceID: the workspace that the STIX objects are uploaded to.  \n\n\n>Header Value 1: \"Authorization\" = \"Bearer [Microsoft Entra ID Access Token from step 1]\" \n\n\n> Header Value 2: \"Content-Type\" = \"application/json\"  \n \n>Body: The body is a JSON object containing an array of STIX objects."
+			"description": "You can send the supported STIX object types by calling our Upload API. For more information about the API, click [here](https://learn.microsoft.com/en-us/azure/sentinel/stix-objects-api). \n\n>HTTP method: POST \n\n>Endpoint: https://api.ti.sentinel.azure.com/workspaces/[WorkspaceID]/threatintelligence-stix-objects:upload?api-version=2024-02-01-preview \n\n>WorkspaceID: the workspace that the STIX objects are uploaded to.  \n\n\n>Header Value 1: \"Authorization\" = \"Bearer [Microsoft Entra ID Access Token from step 1]\" \n\n\n> Header Value 2: \"Content-Type\" = \"application/json\"  \n \n>Body: The body is a JSON object containing an array of STIX objects."
 		}
     ]
 }

Solutions/Threat Intelligence/Data Connectors/template_ThreatIntelligenceUploadIndicators_ForGov.json

@@ -31,7 +31,7 @@
         }
     ],
     "availability": {
-        "status": 2,
+        "status": 1,
         "isPreview": true
     },
     "permissions": {
@@ -64,7 +64,7 @@
         },
         {
 			"title": "2. Send STIX objects to Sentinel",
-			"description": "You can send the supported STIX object types by calling our Upload API. For more information about the API, click [here](https://learn.microsoft.com/azure/sentinel/upload-indicators-api). \n\n>HTTP method: POST \n\n>Endpoint: \nFairfax: https://api.ti.sentinel.azure.us/workspaces/[WorkspaceID]/threatintelligence-stix-objects:upload?api-version=2024-02-01 \nMooncake: https://api.ti.sentinel.azure.cn/workspaces/[WorkspaceID]/threatintelligence-stix-objects:upload?api-version=2024-02-01  \n\n>WorkspaceID: the workspace that the STIX objects are uploaded to.  \n\n\n>Header Value 1: \"Authorization\" = \"Bearer [Microsoft Entra ID Access Token from step 1]\" \n\n\n> Header Value 2: \"Content-Type\" = \"application/json\"  \n \n>Body: The body is a JSON object containing an array of STIX objects."
+			"description": "You can send the supported STIX object types by calling our Upload API. For more information about the API, click [here](https://learn.microsoft.com/en-us/azure/sentinel/stix-objects-api). \n\n>HTTP method: POST \n\n>Endpoint: \nFairfax: https://api.ti.sentinel.azure.us/workspaces/[WorkspaceID]/threatintelligence-stix-objects:upload?api-version=2024-02-01-preview \nMooncake: https://api.ti.sentinel.azure.cn/workspaces/[WorkspaceID]/threatintelligence-stix-objects:upload?api-version=2024-02-01-preview \n\n>WorkspaceID: the workspace that the STIX objects are uploaded to.  \n\n\n>Header Value 1: \"Authorization\" = \"Bearer [Microsoft Entra ID Access Token from step 1]\" \n\n\n> Header Value 2: \"Content-Type\" = \"application/json\"  \n \n>Body: The body is a JSON object containing an array of STIX objects."
 		}
     ]
 }

Solutions/Threat Intelligence/Data/Solution_ThreatIntelligenceTemplateSpec.json

@@ -77,7 +77,7 @@
 	],
 	"Metadata": "SolutionMetadata.json",
 	"BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\Threat Intelligence\\",
-	"Version": "3.1.0",
+	"Version": "3.1.1",
 	"TemplateSpec": true,
 	"StaticDataConnectorIds": [
 		"ThreatIntelligenceTaxii",

Solutions/Threat Intelligence/ReleaseNotes.md

@@ -1,6 +1,7 @@
 | **Version** | **Date Modified (DD-MM-YYYY)** | **Change History**                          |
 |-------------|--------------------------------|---------------------------------------------|
-| 3.0.10      | 01-15-2025                     | Updated feature flags for PMDTI and MDTI for GA, and Upload API for PP. |
+| 3.1.1       | 01-22-2025                     | Fixed feature flag configs for PMDTI, MDTI, and UploadAPI based on the new FeatureStates. Fix api-version and documentation link for UploadAPI. |
+| 3.1.0       | 01-15-2025                     | Updated feature flags for PMDTI and MDTI for GA, and Upload API for PP. |
 | 3.0.9		  | 04-12-2024					   | Modified DomainEntity_EmailUrlInfo **Analytic Rule** to resolve memory issues |
 | 3.0.8		  | 28-11-2024					   | Removed (Preview) from name for **Data Connectors** Microsoft Defender Threat Intelligence and Premium Microsoft Defender Threat Intelligence, make the MDTI and PMDTI data connctors available in gov solution, and update descriptions of data connectors. |
 | 3.0.7		  | 24-10-2024					   | Updated Columns of **Analytical Rules** 				 			  |