Merge pull request #11701 from ni-bhandari/nibhandari/fix-feature-flags

[ThreatIntelligence] Fix feature flag configs

Solutions/Threat Intelligence Solution for Azure Government/Data/Solution_ThreatIntelligenceFairfax.json

@@ -56,7 +56,7 @@
 		"Solutions/Threat Intelligence Solution for Azure Government/Analytic Rules/IPEntity_DuoSecurity.yaml"
 	],
 	"BasePath": "C:\\GitHub\\Azure-Sentinel",
-	"Version": "3.0.4",
+	"Version": "3.0.5",
 	"Metadata": "SolutionMetadata.json",
 	"TemplateSpec": true,
 	"StaticDataConnectorIds": [

Solutions/Threat Intelligence Solution for Azure Government/Package/createUiDefinition.json

@@ -70,6 +70,20 @@
               "text": "This Solution installs the data connector for Threat Intelligence Solution for Azure Government. You can get Threat Intelligence Solution for Azure Government custom log data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
             }
           },
+          {
+            "name": "dataconnectors3-text",
+            "type": "Microsoft.Common.TextBlock",
+            "options": {
+              "text": "This Solution installs the data connector for Threat Intelligence Solution for Azure Government. You can get Threat Intelligence Solution for Azure Government custom log data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
+            }
+          },
+          {
+            "name": "dataconnectors4-text",
+            "type": "Microsoft.Common.TextBlock",
+            "options": {
+              "text": "This Solution installs the data connector for Threat Intelligence Solution for Azure Government. You can get Threat Intelligence Solution for Azure Government custom log data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
+            }
+          },
           {
             "name": "dataconnectors-link2",
             "type": "Microsoft.Common.TextBlock",

Solutions/Threat Intelligence Solution for Azure Government/ReleaseNotes.md

@@ -1,6 +1,7 @@
 | **Version** | **Date Modified (DD-MM-YYYY)** | **Change History**                          |
 |-------------|--------------------------------|---------------------------------------------|
-| 3.0.4      | 01-15-2025                     | Updated feature flags for PMDTI and MDTI for GA, and Upload API for PP. |
+| 3.0.5       | 01-22-2025                     | Fixed feature flag configs for PMDTI, MDTI, and UploadAPI based on the new FeatureStates. Fix api-version and documentation link for UploadAPI. |
+| 3.0.4       | 01-15-2025                     | Updated feature flags for PMDTI and MDTI for GA, and Upload API for PP. |
 | 3.0.3		  | 28-11-2024					   | Removed (Preview) from name for **Data Connectors** Microsoft Defender Threat Intelligence and Premium Microsoft Defender Threat Intelligence, make the MDTI and PMDTI data connctors available in gov solution, and update descriptions of data connectors. |
 | 3.0.2       | 19-08-2024                     | Updated isConnectedQuery for **Data Connector** of "Threat Intelligence Upload Indicators API". |
 | 3.0.1       | 06-08-2024                     | Updated the URL in **data connector**       |

Solutions/Threat Intelligence/Data Connectors/template_MicrosoftDefenderThreatIntelligence.json

@@ -39,7 +39,7 @@
         }
     ],
     "availability": {
-        "status": 3,
+        "status": 2,
         "isPreview": false,
         "featureFlag": {
             "feature": "msticonnector",
@@ -49,8 +49,9 @@
                 "3": 3,
                 "4": 3,
                 "5": 3,
-                "6": 2,
-                "7": 2
+                "6": 0,
+                "7": 2,
+                "8": 2
             }
         }
     },

Solutions/Threat Intelligence/Data Connectors/template_PremiumMicrosoftDefenderThreatIntelligence.json

@@ -6,7 +6,7 @@
         "type": 258,
         "options": null
     },
-    "descriptionMarkdown": "Microsoft Sentinel provides you the capability to import threat intelligence generated by Microsoft to enable monitoring, alerting and hunting. Use this data connector to import Indicators of Compromise (IOCs) from Microsoft Defender Threat Intelligence (MDTI) into Microsoft Sentinel. Threat indicators can include IP addresses, domains, URLs, and file hashes, etc. Note: This is a paid connector. To use and ingest data from it, please purchase the \"MDTI API Access\" SKU from the Partner Center.",
+    "descriptionMarkdown": "Microsoft Sentinel provides you the capability to import threat intelligence generated by Microsoft to enable monitoring, alerting and hunting. Use this data connector to import Indicators of Compromise (IOCs) from Premium Microsoft Defender Threat Intelligence (MDTI) into Microsoft Sentinel. Threat indicators can include IP addresses, domains, URLs, and file hashes, etc. Note: This is a paid connector. To use and ingest data from it, please purchase the \"MDTI API Access\" SKU from the Partner Center.",
     "graphQueries": [
         {
             "metricName": "Total data received",
@@ -39,18 +39,19 @@
         }
     ],
     "availability": {
-        "status": 3,
+        "status": 2,
         "isPreview": false,
         "featureFlag": {
             "feature": "premiummdticonnector",
-             "featureStates": {
+            "featureStates": {
                 "1": 3,
                 "2": 3,
                 "3": 3,
                 "4": 3,
                 "5": 3,
-                "6": 1,
-                "7": 1
+                "6": 0,
+                "7": 1,
+                "8": 1
             }
         }
     },

Solutions/Threat Intelligence/Data Connectors/template_ThreatIntelligenceUploadIndicators.json

@@ -31,7 +31,7 @@
         }
     ],
     "availability": {
-        "status": 2,
+        "status": 1,
         "isPreview": true
     },
     "permissions": {
@@ -64,7 +64,7 @@
         },
         {
 			"title": "2. Send STIX objects to Sentinel",
-			"description": "You can send the supported STIX object types by calling our Upload API. For more information about the API, click [here](https://learn.microsoft.com/azure/sentinel/upload-indicators-api). \n\n>HTTP method: POST \n\n>Endpoint: https://api.ti.sentinel.azure.com/workspaces/[WorkspaceID]/threatintelligence-stix-objects:upload?api-version=2024-02-01  \n\n>WorkspaceID: the workspace that the STIX objects are uploaded to.  \n\n\n>Header Value 1: \"Authorization\" = \"Bearer [Microsoft Entra ID Access Token from step 1]\" \n\n\n> Header Value 2: \"Content-Type\" = \"application/json\"  \n \n>Body: The body is a JSON object containing an array of STIX objects."
+			"description": "You can send the supported STIX object types by calling our Upload API. For more information about the API, click [here](https://learn.microsoft.com/azure/sentinel/stix-objects-api). \n\n>HTTP method: POST \n\n>Endpoint: https://api.ti.sentinel.azure.com/workspaces/[WorkspaceID]/threatintelligence-stix-objects:upload?api-version=2024-02-01-preview \n\n>WorkspaceID: the workspace that the STIX objects are uploaded to.  \n\n\n>Header Value 1: \"Authorization\" = \"Bearer [Microsoft Entra ID Access Token from step 1]\" \n\n\n> Header Value 2: \"Content-Type\" = \"application/json\"  \n \n>Body: The body is a JSON object containing an array of STIX objects."
 		}
     ]
 }

Solutions/Threat Intelligence/Data Connectors/template_ThreatIntelligenceUploadIndicators_ForGov.json

@@ -31,7 +31,7 @@
         }
     ],
     "availability": {
-        "status": 2,
+        "status": 1,
         "isPreview": true
     },
     "permissions": {
@@ -64,7 +64,7 @@
         },
         {
 			"title": "2. Send STIX objects to Sentinel",
-			"description": "You can send the supported STIX object types by calling our Upload API. For more information about the API, click [here](https://learn.microsoft.com/azure/sentinel/upload-indicators-api). \n\n>HTTP method: POST \n\n>Endpoint: \nFairfax: https://api.ti.sentinel.azure.us/workspaces/[WorkspaceID]/threatintelligence-stix-objects:upload?api-version=2024-02-01 \nMooncake: https://api.ti.sentinel.azure.cn/workspaces/[WorkspaceID]/threatintelligence-stix-objects:upload?api-version=2024-02-01  \n\n>WorkspaceID: the workspace that the STIX objects are uploaded to.  \n\n\n>Header Value 1: \"Authorization\" = \"Bearer [Microsoft Entra ID Access Token from step 1]\" \n\n\n> Header Value 2: \"Content-Type\" = \"application/json\"  \n \n>Body: The body is a JSON object containing an array of STIX objects."
+			"description": "You can send the supported STIX object types by calling our Upload API. For more information about the API, click [here](https://learn.microsoft.com/azure/sentinel/stix-objects-api). \n\n>HTTP method: POST \n\n>Endpoint: \nFairfax: https://api.ti.sentinel.azure.us/workspaces/[WorkspaceID]/threatintelligence-stix-objects:upload?api-version=2024-02-01-preview \nMooncake: https://api.ti.sentinel.azure.cn/workspaces/[WorkspaceID]/threatintelligence-stix-objects:upload?api-version=2024-02-01-preview \n\n>WorkspaceID: the workspace that the STIX objects are uploaded to.  \n\n\n>Header Value 1: \"Authorization\" = \"Bearer [Microsoft Entra ID Access Token from step 1]\" \n\n\n> Header Value 2: \"Content-Type\" = \"application/json\"  \n \n>Body: The body is a JSON object containing an array of STIX objects."
 		}
     ]
 }

Solutions/Threat Intelligence/Data/Solution_ThreatIntelligenceTemplateSpec.json

@@ -77,7 +77,7 @@
 	],
 	"Metadata": "SolutionMetadata.json",
 	"BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\Threat Intelligence\\",
-	"Version": "3.1.0",
+	"Version": "3.1.1",
 	"TemplateSpec": true,
 	"StaticDataConnectorIds": [
 		"ThreatIntelligenceTaxii",