Merge pull request #14125 from fgravato/lookout/v3.0.3

v-atulyadav · web-flow · commit ccbafa56ee90 · 2026-04-24T11:49:23.000+05:30
Lookout v3.0.3: Version bump for certification resubmission
diff --git a/Solutions/Lookout/Package/3.0.3.zip b/Solutions/Lookout/Package/3.0.3.zip
diff --git a/Solutions/Lookout/Package/mainTemplate.json b/Solutions/Lookout/Package/mainTemplate.json
@@ -85,7 +85,7 @@
   },
   "variables": {
     "_solutionName": "Lookout",
-    "_solutionVersion": "3.0.2",
+    "_solutionVersion": "3.0.3",
     "solutionId": "lookoutinc.lookout_mtd_sentinel",
     "_solutionId": "[variables('solutionId')]",
     "uiConfigId1": "LookoutAPI",
@@ -95,10 +95,10 @@
     "dataConnectorId1": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
     "_dataConnectorId1": "[variables('dataConnectorId1')]",
     "dataConnectorTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId1'))))]",
-    "dataConnectorVersion1": "3.0.2",
+    "dataConnectorVersion1": "3.0.3",
     "_dataConnectorcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentId1'),'-', variables('dataConnectorVersion1'))))]",
     "workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]",
-    "dataConnectorCCPVersion": "3.0.2",
+    "dataConnectorCCPVersion": "3.0.3",
     "_dataConnectorContentIdConnectorDefinition2": "LookoutStreaming_Definition",
     "dataConnectorTemplateNameConnectorDefinition2": "[concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentIdConnectorDefinition2')))]",
     "_dataConnectorContentIdConnections2": "LookoutStreaming_DefinitionConnections",
@@ -194,7 +194,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "Lookout data connector with template version 3.0.2",
+        "description": "Lookout data connector with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('dataConnectorVersion1')]",
@@ -1558,7 +1558,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "LookoutThreatEvent_AnalyticalRules Analytics Rule with template version 3.0.2",
+        "description": "LookoutThreatEvent_AnalyticalRules Analytics Rule with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject1').analyticRuleVersion1]",
@@ -1680,7 +1680,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "LookoutThreatEventV2_AnalyticalRules Analytics Rule with template version 3.0.2",
+        "description": "LookoutThreatEventV2_AnalyticalRules Analytics Rule with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject2').analyticRuleVersion2]",
@@ -1871,7 +1871,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "LookoutDeviceComplianceV2_AnalyticalRules Analytics Rule with template version 3.0.2",
+        "description": "LookoutDeviceComplianceV2_AnalyticalRules Analytics Rule with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject3').analyticRuleVersion3]",
@@ -2042,7 +2042,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "LookoutSmishingAlertV2_AnalyticalRules Analytics Rule with template version 3.0.2",
+        "description": "LookoutSmishingAlertV2_AnalyticalRules Analytics Rule with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject4').analyticRuleVersion4]",
@@ -2227,7 +2227,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "LookoutAuditEventV2_AnalyticalRules Analytics Rule with template version 3.0.2",
+        "description": "LookoutAuditEventV2_AnalyticalRules Analytics Rule with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject5').analyticRuleVersion5]",
@@ -2392,7 +2392,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "LookoutEvents Workbook with template version 3.0.2",
+        "description": "LookoutEvents Workbook with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('workbookVersion1')]",
@@ -2478,7 +2478,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "LookoutEventsV2 Workbook with template version 3.0.2",
+        "description": "LookoutEventsV2 Workbook with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('workbookVersion2')]",
@@ -2564,7 +2564,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "LookoutSecurityInvestigationDashboard Workbook with template version 3.0.2",
+        "description": "LookoutSecurityInvestigationDashboard Workbook with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('workbookVersion3')]",
@@ -2650,7 +2650,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "LookoutExecutiveDashboard Workbook with template version 3.0.2",
+        "description": "LookoutExecutiveDashboard Workbook with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('workbookVersion4')]",
@@ -2736,7 +2736,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "LookoutIOAInvestigationDashboard Workbook with template version 3.0.2",
+        "description": "LookoutIOAInvestigationDashboard Workbook with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('workbookVersion5')]",
@@ -2822,7 +2822,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "LookoutEvents Data Parser with template version 3.0.2",
+        "description": "LookoutEvents Data Parser with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('parserObject1').parserVersion1]",
@@ -2950,7 +2950,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "LookoutAdvancedThreatHunting_HuntingQueries Hunting Query with template version 3.0.2",
+        "description": "LookoutAdvancedThreatHunting_HuntingQueries Hunting Query with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject1').huntingQueryVersion1]",
@@ -3029,7 +3029,7 @@
       "apiVersion": "2023-04-01-preview",
       "location": "[parameters('workspace-location')]",
       "properties": {
-        "version": "3.0.2",
+        "version": "3.0.3",
         "kind": "Solution",
         "contentSchemaVersion": "3.0.0",
         "displayName": "Lookout",
diff --git a/Solutions/Lookout/ReleaseNotes.md b/Solutions/Lookout/ReleaseNotes.md
@@ -1,5 +1,6 @@
 | **Version** | **Date Modified (DD-MM-YYYY)** | **Change History**                                                 |
 |-------------|--------------------------------|--------------------------------------------------------------------|
+| 3.0.3       | 23-04-2026                     | Version bump for certification resubmission. Fixed `workspace-location` parameter `defaultValue` to use `[resourceGroup().location]` ARM expression. |
 | 3.0.2       | 11-03-2026                     | Updated `lastPublishDate` across solution metadata and package to 2026-03-11. Cleaned up stale v4.0.0 branches. Resubmission for certification after resolving link discrepancy flagged in Best Practice Test 300.4.1.1. Fixed product branding: updated "Azure Sentinel" to "Microsoft Sentinel" in workbook descriptions. Fixed DCR transform query error: undefined symbol `detections` corrected to `smishing_alert.detections`. Aligned data connector version from `1.0.0` to `3.0.2` for consistent version tracking across all solution components. Updated all template version references from `3.0.1` to `3.0.2` in package. Added **Parsers** and **Notebooks** steps to the install wizard (`createUiDefinition.json`) for improved discoverability during solution deployment. |
 | 3.0.1       | 18-12-2025                     | **Parser** v3.1.0 with support for Streaming/Polling/REST API field structures. Enhanced workbooks and dashboards. **Analytic Rules** updated with MITRE ATT&CK mobile tactics. Added **Jupyter Notebooks** for threat hunting: Mobile Malware, Smishing, Device Compliance, and Audit/Insider Threat analysis. |
 | 3.0.0       | 07-11-2025                     | New **CCF Connector** added to Solution - *Lookout Mobile Threat Detection Connector*.    |
diff --git a/Solutions/Lookout/SolutionMetadata.json b/Solutions/Lookout/SolutionMetadata.json
@@ -2,8 +2,8 @@
 	"publisherId": "lookoutinc",
 	"offerId": "lookout_mtd_sentinel",
 	"firstPublishDate": "2021-10-18",
-	"lastPublishDate": "2026-03-11",
-	"version": "3.0.2",
+	"lastPublishDate": "2026-04-23",
+	"version": "3.0.3",
 	"providers": ["Lookout"],
 	"categories": {
 		"domains" : ["Security - Threat Protection"],
