gravityzone solution without analytic rules

[gbarbieru]

Change(s):
- Creating a Sentinel solution for Bitdefender GravityZone. This solution uses a push-based approach using just a DCR, a DCE, custom table and an App registration with credentials to push data to Sentinel.

Reason for Change(s):

• New Sentinel solution

Version Updated:

• No. Version is 3.0.0 is the initial version.

Testing Completed:

• Yes

Checked that the validations are passing and have addressed any issues that are present:
Before going into this topic I want to disclose that development in my team is done on Linux workstations and the available tooling and guides offered by Microsoft kinda lack in this department. Local YAML testing was eventually achieved, but KQL validation failed. Due to time constraints additional effort in making them work Linux environments was abandoned and testing was eventually done on Microsoft Sentinel accounts via end-to-end testing.

• KQL: Tested using smoke tests directly on a Microsoft Sentinel account. No issues so far. Failed to test locally.
• YAML: Some issues are reported on the JSON that was compiled from bicep (data connector deployment template), but no issues were present when actually deploying and using the data connector.

**Notes**
- If/when the PR is approved for merge please hold off for an approval from us. We want the solution to actually go to market with something on our part (GravityZone).

[Copilot]

Pull request overview

Note

Copilot was unable to run its full agentic suite in this review.

Adds a new Microsoft Sentinel solution for Bitdefender GravityZone, including solution metadata, release notes, solution data registration, and accompanying validation assets.

Changes:

• Added SolutionMetadata.json and initial ReleaseNotes.md for the GravityZone solution.
• Added Solution_GravityZone.json to register solution components/version and link metadata.
• Updated repository validation inputs (connector ID allowlist and custom table schema) for KQL/schema checks.

Reviewed changes

Copilot reviewed 10 out of 12 changed files in this pull request and generated 5 comments.

Show a summary per file

File	Description
Solutions/GravityZone/SolutionMetadata.json	Defines marketplace/solution metadata (publisher/offer/support/categories).
Solutions/GravityZone/ReleaseNotes.md	Introduces initial release notes entry for v3.0.0.
Solutions/GravityZone/Package/testParameters.json	(Ignored for review) ARM test parameters for solution packaging.
Solutions/GravityZone/Package/mainTemplate.json	(Ignored for review) Main ARM template for solution deployment.
Solutions/GravityZone/Package/createUiDefinition.json	(Ignored for review) UI definition for solution installation experience.
Solutions/GravityZone/Data/Solution_GravityZone.json	Registers solution composition/version/metadata linkage for packaging.
Solutions/GravityZone/Data Connectors/azuredeploy_GravityZone_API.json	(Ignored for review) Data Connector deployment template (DCR/DCE/table/roles).
Solutions/GravityZone/Data Connectors/GravityZone_API.json	(Ignored for review) Data Connector UI definition/content.
.script/tests/detectionTemplateSchemaValidation/ValidConnectorIds.json	Adds GravityZone connector content ID to schema validation allowlist.
.script/tests/KqlvalidationsTests/CustomTables/GzSecurityEvents_CL.json	Adds custom table schema for local KQL validation.

[v-shukore]

Hi @gbarbieru, please make changes suggested by the copilot and repackage the solution and commit the change. Thanks!

[gbarbieru]

@v-shukore done!

[v-shukore]

Hi @gbarbieru, could you please share running data connector screenshots to merge this PR. Thanks!!

[gbarbieru]

@v-shukore

[gbarbieru]