Google Threat Intelligence: clarify Custom Connector is a manual prerequisite for Playbooks

[kapetanios55]

Summary

Updates the Description field in Solutions/Google Threat Intelligence/Data/Solution_GoogleThreatIntelligence.json to clearly call out that the GTI Custom Logic Apps Connector is not deployed automatically as part of the Content Hub solution install, and must be deployed manually by the customer before any of the Playbooks will work.

Why

The current solution description does not mention the custom connector at all. The Content Hub install flow (Package/createUiDefinition.json) only has blades for Analytics, Hunting Queries, and Playbooks — there is no blade or prompt for the custom connector, and the connector resource is not deployed by the Playbook templates. Customers who install the solution and then instantiate any Playbook from the Automation blade hit authentication failures because the GoogleThreatIntelligence API connection / custom connector resource is not present in their resource group.

This PR adds a clear prerequisite call-out (with a link to the connector readme) to the solution Description so it surfaces in the Content Hub solution page.

Changes

• Only the Description field in Solution_GoogleThreatIntelligence.json is updated. No version bump, no other file touched.
• Reviewer note: please regenerate Package/createUiDefinition.json, Package/mainTemplate.json, and a new version zip if the validation pipeline requires it. Happy to update the PR if you'd prefer me to handle the packaging step.

[Copilot]

Pull request overview

Note

Copilot was unable to run its full agentic suite in this review.

Clarifies Microsoft Sentinel Content Hub installation prerequisites for the Google Threat Intelligence solution so customers understand that Playbooks require a manually deployed custom Logic Apps connector.

Changes:

• Updated the solution Description to add an explicit prerequisite callout for the GTI custom Logic Apps connector.
• Added a link to the connector instructions in the repository.

Comments suppressed due to low confidence (3)

Solutions/Google Threat Intelligence/Data/Solution_GoogleThreatIntelligence.json:1

• The solution-data guidelines expect the Description to use Markdown formatting and stay within the max length (commonly validated as 1000 chars). This update uses HTML (<br>, <b>, <a>) and is long enough that it may exceed the allowed length or render inconsistently in Content Hub. Consider converting to Markdown (\n\n, **bold**, [link](url)) and tightening wording to keep the description under the limit while preserving the prerequisite callout.

{

Solutions/Google Threat Intelligence/Data/Solution_GoogleThreatIntelligence.json:1

• The link currently points to a GitHub folder (/tree/.../GTICustomConnector) with anchor text readme. For reliability and clarity, link directly to the specific README.md file (and name it README/README.md in the text). This reduces the chance of users landing on a directory view and missing the “Deploy to Azure” instructions.

{

Solutions/Google Threat Intelligence/Data/Solution_GoogleThreatIntelligence.json:1

• Updating Solution_*.json without regenerating the packaged artifacts means the Content Hub-delivered createUiDefinition.json / mainTemplate.json (and ZIP) may not pick up the new description, and CI validation may fail if it checks for package/source drift. This should be accompanied by a packaging + validation run and committing any generated changes (and typically a patch version bump + ReleaseNotes entry for this text-only update).

{