Defend - Knowbe4 Rebrand - New Project

[olliespires]

Required items, please complete

Change(s):

• Duplicated the Egress Defend solution but renamed all Egress references to KnowBe4

• The publisher has been updated to KnowBe4 from Egress Software Technologies

• Used the V3 package

• We will move users over to this solution and then have a follow up MR when we remove the Egress one later down the line

  Reason for Change(s):

  • We have duplicated the EgressDefend solution as we were advised in this rebrand MR that the changes to tables were breaking and this should be a new MR

  Version Updated:

  • To 3.0.1

  Testing Completed:

  • Yes, using the V3 builder. See screenshot below of KnowBe4 logs coming in

Checked that the validations are passing and have addressed any issues that are present:

• Will update once these have run in the MR pipeline

[olliespires]

Hi @v-shukore, I have updated the publisher to be KnowBe4, apologies for the delay but I just got the ID. If there is anything I need to do let me know, thanks!

[olliespires]

Hi @v-shukore any update on this? Thanks

[v-shukore]

Hi @olliespires,
Could you please resolve the DetectionTemplateValidation failure? It appears to be caused by an unexpected character—kindly review and address this.
Since this is the initial solution release, please package the solution with version 3.0.0 and update the same version in the data file as well.
Additionally, could you please confirm which type of connector this solution uses?
To resolve the arm-ttk validation issue: once you update the apiVersion in the maintemplate.json, please avoid repackaging immediately. Ensure the same updated maintemplate.json is also manually updated inside the ZIP package.
If you run the packaging again after updating the apiVersion, it may overwrite the changes. My suggestion is to complete all required updates first, perform the final packaging, and then update the maintemplate.json (including the new variable) both outside and inside the ZIP with the latest apiVersion.
Thanks!

[v-shukore]

Hi @olliespires, please correct the syntax and add quoma(,) after "VisaThreatIntelligence" in this .script/tests/detectionTemplateSchemaValidation/ValidConnectorIds.json file de to this detection validation is failing.

Thanks!

[olliespires]

Hi @olliespires, please correct the syntax and add quoma(,) after "VisaThreatIntelligence" in this .script/tests/detectionTemplateSchemaValidation/ValidConnectorIds.json file de to this detection validation is failing. Thanks!

Thanks, I have been looking for that syntax error. Pushed up now!

[v-shukore]

Hi @olliespires, I noticed that the support link referenced in the solutionmetadata file is not working and results in an error when opened. Could you please update it with a valid link and commit the change?
Thanks!

[olliespires]

Hi @olliespires, I noticed that the support link referenced in the solutionmetadata file is not working and results in an error when opened. Could you please update it with a valid link and commit the change? Thanks!

Oh yes apologies, I have corrected that and pushed. Thanks!

[v-shukore]

Hi @olliespires,
The review for this PR has been completed. We just need confirmation for this connector from the Microsoft Sentinel Partners team (AzureSentinelPartner@microsoft.com), as this is not a CCF connector.
Once approval is received from the Partners team, we can proceed with merging this PR.
Thanks!

[olliespires]

Hi @olliespires, The review for this PR has been completed. We just need confirmation for this connector from the Microsoft Sentinel Partners team (AzureSentinelPartner@microsoft.com), as this is not a CCF connector. Once approval is received from the Partners team, we can proceed with merging this PR. Thanks!

Thanks @v-shukore, I will get this through our QA team as well now you are happy with it. Cheers!

[v-shukore]

Hi @olliespires, have you received any update from the Sentinel Partner teams regarding the connector approval. Thanks!

[olliespires]

Hi @olliespires, have you received any update from the Sentinel Partner teams regarding the connector approval. Thanks!

Hi @v-shukore , I haven't heard anything no, is this something I should be reaching out for or will they contact me?

[v-shukore]

Hi @olliespires,
For this connector, approval is required from the Microsoft Sentinel Partners team. Please reach out to AzureSentinelPartner@microsoft.com for confirmation. Once approval is received, we can proceed further. If the connector is not approved, you may want to discuss alternative options with the team. Thanks!

[olliespires]

Hi @olliespires, For this connector, approval is required from the Microsoft Sentinel Partners team. Please reach out to AzureSentinelPartner@microsoft.com for confirmation. Once approval is received, we can proceed further. If the connector is not approved, you may want to discuss alternative options with the team. Thanks!

Hi @v-shukore,

Apologies for the delay, we have had a meeting with your team now and agreed to stay on the current connector approach for now. We are running this past our QA team on Monday. Below is request for exception from Mark Toshack our Product Manager. If this isn't the right place to post this let me know, thanks!

Hi,

My name is Mark Toshack, I am the Product Manager for the Defend product at KnowBe4. We are submitting an update to our existing Microsoft Sentinel connector to reflect our rebranding from Egress to KnowBe4.

Purpose of this Update
This is a branding-only update. While the underlying technology and data ingestion logic remain consistent with the current approved version, we have updated the naming conventions, logos, and descriptions to ensure a cohesive user experience under the KnowBe4 brand.
Technical Context & Roadmap
We are intentionally utilizing the current Azure technology stack for this specific release. We are aware of the transition toward the Content Cloud Framework (CCF); however:

Current State: This update ensures brand parity for our existing user base immediately.
Future State: We have a new Webhook API currently in development. Once that API is live, we intend to perform a full architectural migration to the recommended CCF build and republish a new Sentinel connector.

Request
We request approval for this version to ensure our customers see the correct branding in the Content Hub while we finalize the next-generation CCF integration.
Please let us know if you require any further documentation regarding the branding assets or the existing logic.
Best regards,
Mark Toshack
Snr. Product Manager,  KnowBe4