Recorded Future: add sandbox region & update indicator import#14056
Merged
v-atulyadav merged 11 commits intoAzure:masterfrom Apr 20, 2026
Merged
Recorded Future: add sandbox region & update indicator import#14056v-atulyadav merged 11 commits intoAzure:masterfrom
v-atulyadav merged 11 commits intoAzure:masterfrom
Conversation
# Conflicts: # Solutions/Recorded Future/ReleaseNotes.md
Contributor
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
Adds sandbox region support to Recorded Future sandboxing playbooks and updates threat indicator import formatting to store evidence details in external_references, along with associated solution version bumps and documentation updates.
Changes:
- Added
SandboxRegionparameter (with allowed values) to sandboxing logic apps and updated request headers accordingly. - Updated indicator import playbooks to move “Recorded Future evidence details” from
labelstoexternal_references. - Bumped solution/playbook versions and updated release notes + playbook readmes.
Reviewed changes
Copilot reviewed 13 out of 14 changed files in this pull request and generated 6 comments.
Show a summary per file
| File | Description |
|---|---|
| Solutions/Recorded Future/SolutionMetadata.json | Updates lastPublishDate to reflect the new release. |
| Solutions/Recorded Future/ReleaseNotes.md | Adds 3.2.19 release entry describing sandbox region + indicator import change. |
| Solutions/Recorded Future/Playbooks/readme.md | Updates sandbox API key guidance (incl. Enterprise Sandbox token note). |
| Solutions/Recorded Future/Playbooks/Sandboxing/readme.md | Mirrors sandbox API key guidance update for sandboxing playbooks. |
| Solutions/Recorded Future/Playbooks/Sandboxing/RecordedFuture-Sandbox_StorageAccount/azuredeploy.json | Adds sandbox region parameter + renames/adjusts sandbox token parameter usage. |
| Solutions/Recorded Future/Playbooks/Sandboxing/RecordedFuture-Sandbox_Outlook_Attachment/azuredeploy.json | Adds sandbox region parameter + renames/adjusts sandbox token parameter usage. |
| Solutions/Recorded Future/Playbooks/Sandboxing/RecordedFuture-Sandbox_Enrichment-Url/azuredeploy.json | Adds sandbox region parameter + renames/adjusts sandbox token parameter usage. |
| Solutions/Recorded Future/Playbooks/IndicatorImport/RecordedFuture-URL-IndicatorImport/azuredeploy.json | Moves evidence details into external_references; bumps playbook version. |
| Solutions/Recorded Future/Playbooks/IndicatorImport/RecordedFuture-IP-IndicatorImport/azuredeploy.json | Moves evidence details into external_references; bumps playbook version. |
| Solutions/Recorded Future/Playbooks/IndicatorImport/RecordedFuture-Hash-IndicatorImport/azuredeploy.json | Moves evidence details into external_references; bumps playbook version. |
| Solutions/Recorded Future/Playbooks/IndicatorImport/RecordedFuture-Domain-IndicatorImport/azuredeploy.json | Moves evidence details into external_references; bumps playbook version. |
| Solutions/Recorded Future/Package/mainTemplate.json | Bumps solution/playbook versions and propagates updated templates. (Ignored for review per repo rules.) |
| Solutions/Recorded Future/Data/Solution_RecordedFuture.json | Bumps solution version to 3.2.19. |
| "Version": "3.2.18", | ||
| "Version": "3.2.19", | ||
| "Metadata": "SolutionMetadata.json", | ||
| "TemplateSpec": true, |
There was a problem hiding this comment.
TemplateSpec is set to true for a 3.x.x solution version. Per solution-data validation rules, version 3.*.* solutions must have TemplateSpec: false, otherwise solution validation/build will fail. Set TemplateSpec to false for 3.2.19.
Suggested change
| "TemplateSpec": true, | |
| "TemplateSpec": false, |
Contributor
There was a problem hiding this comment.
Please implement this change and repackage the solutiion.
| "Version": "3.2.19", | ||
| "Metadata": "SolutionMetadata.json", | ||
| "TemplateSpec": true, | ||
| "Is1Pconnector": false |
There was a problem hiding this comment.
The field name Is1Pconnector does not match the required schema field Is1PConnector (case-sensitive). This can break schema/packaging validation; rename the property key to Is1PConnector.
Suggested change
| "Is1Pconnector": false | |
| "Is1PConnector": false |
v-shukore
approved these changes
Apr 20, 2026
v-atulyadav
approved these changes
Apr 20, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Change(s):
labelsto withinexternal_referencesTesting Completed:
Checked that the validations are passing and have addressed any issues that are present: