Dropdown option added in graph security connector

stix_shifter_modules/azure_sentinel/configuration/config.json

@@ -31,6 +31,11 @@
             "alertV2": {
                 "type": "boolean",
                 "default": false
+            },
+            "alert_resources": {
+                "type": "dropdown",
+                "default": "alerts",
+                "options": ["alerts", "alerts_v2" ]
             }
         }
     },

stix_shifter_modules/azure_sentinel/configuration/lang_en.json

@@ -24,6 +24,14 @@
             "alertV2": {
                 "label": "Alert",
                 "description": "Latest Generation of alerts in the Microsoft Graph security API"
+            },
+            "alert_resources": {
+                "label": "Alert resources",
+                "optionLabels": {
+                    "alerts": "Legacy alert",
+                    "alerts_v2": "Alert V2"
+                },
+                "description": "Select an alert resource version for the Microsoft Graph security API"
             }
         }
     },

stix_shifter_modules/azure_sentinel/stix_transmission/connector.py

@@ -10,8 +10,8 @@ class Connector(BaseJsonSyncConnector):
     api_client = None
     max_limit = 1000
     DEFAULT_API_VERSION = 'v1.0'
-    LEGACY_ALERT = 'security/alerts'
-    ALERT_V2 = 'security/alerts_v2'
+    LEGACY_ALERT = 'alerts'
+    ALERT_V2 = 'alerts_v2'
 
     def __init__(self, connection, configuration):
         """Initialization.
@@ -23,17 +23,31 @@ def __init__(self, connection, configuration):
         self.configuration = configuration
         self.api_client = APIClient(self.connection, self.configuration)
 
-        self.legacy_alert = connection['options'].get('alert')
-        self.alert_v2 = connection['options'].get('alertV2')
-
-        if self.legacy_alert:
+        # self.legacy_alert = connection['options'].get('alert')
+        # self.alert_v2 = connection['options'].get('alertV2')
+        self.alert_resource = connection['options'].get('alert_resources')
+
+        if self.alert_resource == self.LEGACY_ALERT:
             self.query_alert_type = 'alert'
-            self.endpoint = '{api_version}/{api_resource}'.format(api_version=self.DEFAULT_API_VERSION, api_resource=self.LEGACY_ALERT)
-        elif self.alert_v2:
+            self.endpoint = '{api_version}/security/{api_resource}'.format(api_version=self.DEFAULT_API_VERSION, api_resource=self.LEGACY_ALERT)
+        elif self.alert_resource == self.ALERT_V2:
             self.query_alert_type = 'alertV2'
-            self.endpoint = '{api_version}/{api_resource}'.format(api_version=self.DEFAULT_API_VERSION, api_resource=self.ALERT_V2)
+            self.endpoint = '{api_version}/security/{api_resource}'.format(api_version=self.DEFAULT_API_VERSION, api_resource=self.ALERT_V2)
         else:
             raise Exception('Invalid alert resource type. At least one alert type must be selected.')
+
+        #remove below block before creating PR
+        # if self.legacy_alert:
+        #     self.query_alert_type = 'alert'
+        #     self.endpoint = '{api_version}/{api_resource}'.format(api_version=self.DEFAULT_API_VERSION, api_resource=self.LEGACY_ALERT)
+        # elif self.alert_v2:
+        #     self.query_alert_type = 'alertV2'
+        #     self.endpoint = '{api_version}/{api_resource}'.format(api_version=self.DEFAULT_API_VERSION, api_resource=self.ALERT_V2)
+        # else:
+        #     raise Exception('Invalid alert resource type. At least one alert type must be selected.')
+
+
+        self.logger.warning('Alert Resource selected::: {}'.format(self.alert_resource))
 
     async def ping_connection(self):
         """Ping the endpoint."""

stix_shifter_modules/azure_sentinel/tests/stix_transmission/test_azure_sentinel.py

@@ -24,7 +24,7 @@ def connection(self):
         return {
                 "port": 443,
                 "options": {
-                        "alert": True
+                        "alert_resources": "alerts"
                     }
                 }