CrowdStrike Falcon Adversary Connector - change TableName

[fuqing04]

Required items, please complete

Change(s):

• See guidance below

Reason for Change(s):

• See guidance below

Version Updated:

• Required only for Detections/Analytic Rule templates
• See guidance below

Testing Completed:

• See guidance below

Checked that the validations are passing and have addressed any issues that are present:

• See guidance below

Guidance <- remove section before submitting

---

Before submitting this PR please ensure that you have read the following sections and filled out the changes, reason for change and testing complete sections:

Thank you for your contribution to the Microsoft Sentinel Github repo.

Details of the code changes in your submitted PR. Providing descriptions for pull requests ensures there is context to changes being made and greatly enhances the code review process. Providing associated Issues that this resolves also easily connects the reason.

Change(s):

• Changed table name to be "ThreatIntelIndicators" instead of "ThreatIntelligenceIndicator"

Reason for Change(s):

• The actual table name is "ThreatIntelIndicators", use of a different name broke the connectivity check query. Upon research, "ThreatIntelligenceIndicator" was used over 3 years ago and seems deprecated.

Version updated:

• No. The previous 3.1.9 version hasn't been published, hence squeeze this change into the same version.

The code should have been tested in a Microsoft Sentinel environment that does not have any custom parsers, functions or tables, so that you validate no incorrect syntax and execution functions properly. If your submission requires a custom parser or function, it must be submitted with the PR.

Testing Completed:

• Yes

Note: If updating a detection, you must update the version field.

Before the submission has been made, please look at running the KQL and Yaml Validation Checks locally.
https://github.com/Azure/Azure-Sentinel#run-kql-validation-locally

Checked that the validations are passing and have addressed any issues that are present:

• Yes

Note: Let us know if you have tried fixing the validation error and need help.

References:

• Guidance for Detection checks
• General contribution guidance
• PR validation troubleshooting

---

[fuqing04]

@microsoft-github-policy-service agree company="Microsoft"

[fuqing04]

@darshana Vedak (Tata Consultancy Services Limi)

[jlheard]

Also change the version here:

Azure-Sentinel/Solutions/CrowdStrike Falcon Endpoint Protection/Data/Solution_CrowdStrike.json

Line 33 in c16293b

"Version": "3.1.8",

[jlheard]

good catch!