From 22716e9a78d76fcac7da07fd02734b0bdc71a470 Mon Sep 17 00:00:00 2001
From: Md Azam <mdazam@ca.ibm.com>
Date: Wed, 17 May 2023 12:16:38 -0300
Subject: [PATCH] Dropdown option added in graph security connector

---
 .../azure_sentinel/configuration/config.json  |  5 +++
 .../azure_sentinel/configuration/lang_en.json |  8 +++++
 .../stix_transmission/connector.py            | 32 +++++++++++++------
 .../stix_transmission/test_azure_sentinel.py  |  2 +-
 4 files changed, 37 insertions(+), 10 deletions(-)

diff --git a/stix_shifter_modules/azure_sentinel/configuration/config.json b/stix_shifter_modules/azure_sentinel/configuration/config.json
index f62516d8e..a400f9f34 100644
--- a/stix_shifter_modules/azure_sentinel/configuration/config.json
+++ b/stix_shifter_modules/azure_sentinel/configuration/config.json
@@ -30,6 +30,11 @@
             "alertV2": {
                 "type": "boolean",
                 "default": false
+            },
+            "alert_resources": {
+                "type": "dropdown",
+                "default": "alerts",
+                "options": ["alerts", "alerts_v2" ]
             }
         }
     },
diff --git a/stix_shifter_modules/azure_sentinel/configuration/lang_en.json b/stix_shifter_modules/azure_sentinel/configuration/lang_en.json
index 86d047026..b81a6ffae 100644
--- a/stix_shifter_modules/azure_sentinel/configuration/lang_en.json
+++ b/stix_shifter_modules/azure_sentinel/configuration/lang_en.json
@@ -28,6 +28,14 @@
             "alertV2": {
                 "label": "Alert",
                 "description": "Latest Generation of alerts in the Microsoft Graph security API"
+            },
+            "alert_resources": {
+                "label": "Alert resources",
+                "optionLabels": {
+                    "alerts": "Legacy alert",
+                    "alerts_v2": "Alert V2"
+                },
+                "description": "Select an alert resource version for the Microsoft Graph security API"
             }
         }
     },
diff --git a/stix_shifter_modules/azure_sentinel/stix_transmission/connector.py b/stix_shifter_modules/azure_sentinel/stix_transmission/connector.py
index 7587bee37..68ad04f25 100644
--- a/stix_shifter_modules/azure_sentinel/stix_transmission/connector.py
+++ b/stix_shifter_modules/azure_sentinel/stix_transmission/connector.py
@@ -11,8 +11,8 @@ class Connector(BaseJsonSyncConnector):
     max_limit = 1000
     base_uri = 'graph.microsoft.com' # Microsoft Graph API has single endpoint
     DEFAULT_API_VERSION = 'v1.0'
-    LEGACY_ALERT = 'security/alerts'
-    ALERT_V2 = 'security/alerts_v2'
+    LEGACY_ALERT = 'alerts'
+    ALERT_V2 = 'alerts_v2'
 
     def __init__(self, connection, configuration):
         """Initialization.
@@ -24,17 +24,31 @@ def __init__(self, connection, configuration):
         self.configuration = configuration
         self.api_client = APIClient(self.base_uri, self.connection, self.configuration)
         
-        self.legacy_alert = connection['options'].get('alert')
-        self.alert_v2 = connection['options'].get('alertV2')
-        
-        if self.legacy_alert:
+        # self.legacy_alert = connection['options'].get('alert')
+        # self.alert_v2 = connection['options'].get('alertV2')
+        self.alert_resource = connection['options'].get('alert_resources')
+
+        if self.alert_resource == self.LEGACY_ALERT:
             self.query_alert_type = 'alert'
-            self.endpoint = '{api_version}/{api_resource}'.format(api_version=self.DEFAULT_API_VERSION, api_resource=self.LEGACY_ALERT)
-        elif self.alert_v2:
+            self.endpoint = '{api_version}/security/{api_resource}'.format(api_version=self.DEFAULT_API_VERSION, api_resource=self.LEGACY_ALERT)
+        elif self.alert_resource == self.ALERT_V2:
             self.query_alert_type = 'alertV2'
-            self.endpoint = '{api_version}/{api_resource}'.format(api_version=self.DEFAULT_API_VERSION, api_resource=self.ALERT_V2)
+            self.endpoint = '{api_version}/security/{api_resource}'.format(api_version=self.DEFAULT_API_VERSION, api_resource=self.ALERT_V2)
         else:
             raise Exception('Invalid alert resource type. At least one alert type must be selected.')
+        
+        #remove below block before creating PR
+        # if self.legacy_alert:
+        #     self.query_alert_type = 'alert'
+        #     self.endpoint = '{api_version}/{api_resource}'.format(api_version=self.DEFAULT_API_VERSION, api_resource=self.LEGACY_ALERT)
+        # elif self.alert_v2:
+        #     self.query_alert_type = 'alertV2'
+        #     self.endpoint = '{api_version}/{api_resource}'.format(api_version=self.DEFAULT_API_VERSION, api_resource=self.ALERT_V2)
+        # else:
+        #     raise Exception('Invalid alert resource type. At least one alert type must be selected.')
+    
+        
+        self.logger.warning('Alert Resource selected::: {}'.format(self.alert_resource))
 
     async def ping_connection(self):
         """Ping the endpoint."""
diff --git a/stix_shifter_modules/azure_sentinel/tests/stix_transmission/test_azure_sentinel.py b/stix_shifter_modules/azure_sentinel/tests/stix_transmission/test_azure_sentinel.py
index 708c20db8..2b0167364 100644
--- a/stix_shifter_modules/azure_sentinel/tests/stix_transmission/test_azure_sentinel.py
+++ b/stix_shifter_modules/azure_sentinel/tests/stix_transmission/test_azure_sentinel.py
@@ -24,7 +24,7 @@ def connection(self):
         return {
                 "port": 443,
                 "options": {
-                        "alert": True
+                        "alert_resources": "alerts"
                     }
                 }