MicrosoftIt would be really nice to have a similar write up like this for STATv2, which uses functions for the modules and not logic apps (which more Sentinel admins are used to).
STAT seems great but I guess the logic app based approach seems to be being deprecated and now it is using functions, and the github docs do not even describe how to add the additional function modules.
After some playing with it, I do see they seem to be loaded as an action in the "sample" stat triage logic app, which I almost did not install since it is optional.
Overall, this is the sort of thing that seemed cool but now there is a major shift in how to actually use it and it is not explained in something like this (or elsewhere I can find in a google search), or in the github docs.
I honestly think even my smarter admin clients will fail on the various parts of this. This is just not ready for someone who does not want to have another research task and some pet to water and feed.
Switching to functions and abandoning the logic app approach (which, again, is what Sentinel uses primarily for basic automations and admins are used to) is also indicative to me that there was an initial lack of planning and I worry that this is just stuff I will be deleting 2 years from now.
How can I tell a client to use this when I cannot even explain how to add a new function module? Recommending this, would put me in a place what I am telling my clients that they need admins for their Sentinel deployment that can understand:
It is just a lot to ask for the quoted reason for v2 changes "performance gains". So now, if I put this in an environment, I need to be able to explain the choices and maintenance and the github docs do not really even do that.
I cannot recommend this at this time, and people should really think about whether they should rely on this solution and putting this into prod.
Also, the script should check the psversion and add a note to the installer. This area was clunky too.
