Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Merge pull request #8022 from jszigetvari-nxlog/nxlog-fim-solution-ng 

SOLUTION: NXLog FIM (File Integrity Monitoring) (yet again)
This commit is contained in:
v-dvedak 2023-06-12 19:00:59 +05:30 коммит произвёл GitHub
Родитель ba43d99b32 46b5ea3a08
Коммит 0c0da96110
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 4AEE18F83AFDEB23
9 изменённых файлов: 10685 добавлений и 0 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

113
.script/tests/KqlvalidationsTests/CustomTables/NXLogFIM_CL.json Normal file
Просмотреть файл

@ -0,0 +1,113 @@
{
"Name": "NXLogFIM_CL",
"Properties": [
{
"Name": "Computer",
"Type": "String"
},
{
"Name": "DigestName_s",
"Type": "String"
},
{
"Name": "Digest_s",
"Type": "String"
},
{
"Name": "EventReceivedTime_t",
"Type": "DateTime"
},
{
"Name": "EventTime_t",
"Type": "DateTime"
},
{
"Name": "EventType_s",
"Type": "String"
},
{
"Name": "FileName_s",
"Type": "String"
},
{
"Name": "FileSize_d",
"Type": "Double"
},
{
"Name": "HostIP_s",
"Type": "String"
},
{
"Name": "Hostname_s",
"Type": "String"
},
{
"Name": "ModificationTime_t",
"Type": "DateTime"
},
{
"Name": "Object_s",
"Type": "String"
},
{
"Name": "PrevDigest_s",
"Type": "String"
},
{
"Name": "PrevFileName_s",
"Type": "String"
},
{
"Name": "PrevFileSize_d",
"Type": "Double"
},
{
"Name": "PrevModificationTime_t",
"Type": "DateTime"
},
{
"Name": "RawData",
"Type": "String"
},
{
"Name": "SeverityValue_d",
"Type": "Double"
},
{
"Name": "Severity_s",
"Type": "String"
},
{
"Name": "SourceModuleName_s",
"Type": "String"
},
{
"Name": "SourceModuleType_s",
"Type": "String"
},
{
"Name": "TimeGenerated",
"Type": "DateTime"
},
{
"Name": "Type",
"Type": "String"
},
{
"Name": "_BilledSize",
"Type": "Double"
},
{
"Name": "_IsBillable",
"Type": "String"
},
{
"Name": "_ResourceId",
"Type": "String"
},
{
"Name": "_SubscriptionId",
"Type": "String"
}
]
}

9956
Sample Data/Custom/NXLogFIM_CL.json Normal file
Просмотреть файл

Разница между файлами не показана из-за своего большого размера Загрузить разницу

99
Solutions/NXLog FIM/Data Connectors/NXLogFIM.json Normal file
Просмотреть файл

@ -0,0 +1,99 @@
{
"id": "NXLogFIM",
"title": "NXLog FIM",
"publisher": "NXLog",
"descriptionMarkdown": "The [NXLog FIM](https://docs.nxlog.co/refman/current/im/fim.html) module allows for the scanning of files and directories, reporting detected additions, changes, renames and deletions on the designated paths through calculated checksums during successive scans. This REST API connector can efficiently export the configured FIM events to Microsoft Sentinel in real time.",
"graphQueries": [
{
"metricName": "Total data received",
"legend": "NXLogFIM_CL",
"baseQuery": "NXLogFIM_CL"
}
],
"sampleQueries": [
{
"description" : "Find all DELETE events",
"query": "NXLogFIM_CL\n| where EventType_s == 'DELETE'\n| project-away\n Type\n| sort by EventTime_t"
},
{
"description" : "Bar Chart for Events per type, per host",
"query": "NXLogFIM_CL\n| summarize EventCount = count() by Hostname_s, EventType_s\n| where strlen(EventType_s) > 1\n| project Eventype = Hostname_s, EventType_s, EventCount\n| order by EventCount desc\n| render barchart"
},
{
"description" : "Pie Chart for visualization of events per host",
"query": "NXLogFIM_CL\n| summarize EventCount = count() by Hostname_s, EventType_s\n| sort by EventCount\n| render piechart"
},
{
"description": "General Summary of Events per Host",
"query": "NXLogFIM_CL\n| summarize count() by Hostname_s, EventType_s"
}
],
"dataTypes": [
{
"name": "NXLogFIM_CL",
"lastDataReceivedQuery": "NXLogFIM_CL | summarize Time = max(TimeGenerated) | where isnotempty(Time)"
}
],
"connectivityCriterias": [
{
"type": "IsConnectedQuery",
"value": [
"NXLogFIM_CL | summarize LastLogReceived = max(TimeGenerated) | project IsConnected = LastLogReceived > ago(30d)"
]
}
],
"availability": {
"status": 1,
"isPreview": false
},
"permissions": {
"resourceProvider": [
{
"provider": "Microsoft.OperationalInsights/workspaces",
"permissionsDisplayText": "read and write permissions are required.",
"providerDisplayName": "Workspace",
"scope": "Workspace",
"requiredPermissions": {
"write": true,
"read": true,
"delete": true
}
},
{
"provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
"permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
"providerDisplayName": "Keys",
"scope": "Workspace",
"requiredPermissions": {
"action": true
}
}
]
},
"instructionSteps": [
{
"title": "",
"description": "Follow the step-by-step instructions in the [Microsoft Sentinel](https://docs.nxlog.co/userguide/integrate/microsoft-azure-sentinel.html) integration chapter of the *NXLog User Guide* to configure this connector.",
"instructions": [
{
"parameters": {
"fillWith": [
"WorkspaceId"
],
"label": "Workspace ID"
},
"type": "CopyableLabel"
},
{
"parameters": {
"fillWith": [
"PrimaryKey"
],
"label": "Primary Key"
},
"type": "CopyableLabel"
}
]
}
]
}

14
Solutions/NXLog FIM/Data/Solution_NXLogFIMTemplateSpec.json Normal file
Просмотреть файл

@ -0,0 +1,14 @@
{
"Name": "NXLog FIM",
"Author": "NXLog - support@nxlog.org",
"Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/NXLog.svg\" width=\"75px\" height=\"75px\">",
"Description": "The [NXLog FIM](https://docs.nxlog.co/refman/current/im/fim.html) module allows for the scanning of files and directories, reporting detected additions, changes, renames and deletions on the designated paths through calculated checksums during successive scans. This REST API connector can efficiently export the configured FIM events to Microsoft Sentinel in real time.",
"Data Connectors": [
"Data Connectors/NXLogFIM.json"
],
"BasePath": "C:\\One\\Azure-Sentinel-jszigetvari\\Solutions\\NXLog FIM",
"Version": "2.0.1",
"Metadata": "SolutionMetadata.json",
"TemplateSpec": true,
"Is1PConnector": false
}

Двоичные данные
Solutions/NXLog FIM/Package/2.0.0.zip Normal file
Просмотреть файл

Двоичный файл не отображается.

Двоичные данные
Solutions/NXLog FIM/Package/2.0.1.zip Normal file
Просмотреть файл

Двоичный файл не отображается.

85
Solutions/NXLog FIM/Package/createUiDefinition.json Normal file
Просмотреть файл

@ -0,0 +1,85 @@
{
"$schema": "https://schema.management.azure.com/schemas/0.1.2-preview/CreateUIDefinition.MultiVm.json#",
"handler": "Microsoft.Azure.CreateUIDef",
"version": "0.1.2-preview",
"parameters": {
"config": {
"isWizard": false,
"basics": {
"description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/NXLog.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** _There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing._\n\nThe [NXLog FIM](https://docs.nxlog.co/refman/current/im/fim.html) module allows for the scanning of files and directories, reporting detected additions, changes, renames and deletions on the designated paths through calculated checksums during successive scans. This REST API connector can efficiently export the configured FIM events to Microsoft Sentinel in real time.\n\n**Data Connectors:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
"subscription": {
"resourceProviders": [
"Microsoft.OperationsManagement/solutions",
"Microsoft.OperationalInsights/workspaces/providers/alertRules",
"Microsoft.Insights/workbooks",
"Microsoft.Logic/workflows"
]
},
"location": {
"metadata": {
"hidden": "Hiding location, we get it from the log analytics workspace"
},
"visible": false
},
"resourceGroup": {
"allowExisting": true
}
}
},
"basics": [
{
"name": "getLAWorkspace",
"type": "Microsoft.Solutions.ArmApiControl",
"toolTip": "This filters by workspaces that exist in the Resource Group selected",
"condition": "[greater(length(resourceGroup().name),0)]",
"request": {
"method": "GET",
"path": "[concat(subscription().id,'/providers/Microsoft.OperationalInsights/workspaces?api-version=2020-08-01')]"
}
},
{
"name": "workspace",
"type": "Microsoft.Common.DropDown",
"label": "Workspace",
"placeholder": "Select a workspace",
"toolTip": "This dropdown will list only workspace that exists in the Resource Group selected",
"constraints": {
"allowedValues": "[map(filter(basics('getLAWorkspace').value, (filter) => contains(toLower(filter.id), toLower(resourceGroup().name))), (item) => parse(concat('{\"label\":\"', item.name, '\",\"value\":\"', item.name, '\"}')))]",
"required": true
},
"visible": true
}
],
"steps": [
{
"name": "dataconnectors",
"label": "Data Connectors",
"bladeTitle": "Data Connectors",
"elements": [
{
"name": "dataconnectors1-text",
"type": "Microsoft.Common.TextBlock",
"options": {
"text": "This Solution installs the data connector for NXLog FIM. You can get NXLog FIM custom log data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
}
},
{
"name": "dataconnectors-link2",
"type": "Microsoft.Common.TextBlock",
"options": {
"link": {
"label": "Learn more about connecting data sources",
"uri": "https://docs.microsoft.com/azure/sentinel/connect-data-sources"
}
}
}
]
}
],
"outputs": {
"workspace-location": "[first(map(filter(basics('getLAWorkspace').value, (filter) => and(contains(toLower(filter.id), toLower(resourceGroup().name)),equals(filter.name,basics('workspace')))), (item) => item.location))]",
"location": "[location()]",
"workspace": "[basics('workspace')]"
}
}
}

403
Solutions/NXLog FIM/Package/mainTemplate.json Normal file
Просмотреть файл

@ -0,0 +1,403 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"metadata": {
"author": "NXLog - support@nxlog.org",
"comments": "Solution template for NXLog FIM"
},
"parameters": {
"location": {
"type": "string",
"minLength": 1,
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Not used, but needed to pass arm-ttk test `Location-Should-Not-Be-Hardcoded`. We instead use the `workspace-location` which is derived from the LA workspace"
}
},
"workspace-location": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "[concat('Region to deploy solution resources -- separate from location selection',parameters('location'))]"
}
},
"workspace": {
"defaultValue": "",
"type": "string",
"metadata": {
"description": "Workspace name for Log Analytics where Microsoft Sentinel is setup"
}
}
},
"variables": {
"solutionId": "nxlogltd1589381969261.NXLog_FIM",
"_solutionId": "[variables('solutionId')]",
"email": "support@nxlog.org",
"_email": "[variables('email')]",
"workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]",
"uiConfigId1": "NXLogFIM",
"_uiConfigId1": "[variables('uiConfigId1')]",
"dataConnectorContentId1": "NXLogFIM",
"_dataConnectorContentId1": "[variables('dataConnectorContentId1')]",
"dataConnectorId1": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
"_dataConnectorId1": "[variables('dataConnectorId1')]",
"dataConnectorTemplateSpecName1": "[concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId1')))]",
"dataConnectorVersion1": "1.0.0"
},
"resources": [
{
"type": "Microsoft.Resources/templateSpecs",
"apiVersion": "2022-02-01",
"name": "[variables('dataConnectorTemplateSpecName1')]",
"location": "[parameters('workspace-location')]",
"tags": {
"hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
"hidden-sentinelContentType": "DataConnector"
},
"properties": {
"description": "NXLog FIM data connector with template",
"displayName": "NXLog FIM template"
}
},
{
"type": "Microsoft.Resources/templateSpecs/versions",
"apiVersion": "2022-02-01",
"name": "[concat(variables('dataConnectorTemplateSpecName1'),'/',variables('dataConnectorVersion1'))]",
"location": "[parameters('workspace-location')]",
"tags": {
"hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
"hidden-sentinelContentType": "DataConnector"
},
"dependsOn": [
"[resourceId('Microsoft.Resources/templateSpecs', variables('dataConnectorTemplateSpecName1'))]"
],
"properties": {
"description": "NXLog FIM data connector with template version 2.0.1",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('dataConnectorVersion1')]",
"parameters": {},
"variables": {},
"resources": [
{
"name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId1'))]",
"apiVersion": "2021-03-01-preview",
"type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
"location": "[parameters('workspace-location')]",
"kind": "GenericUI",
"properties": {
"connectorUiConfig": {
"id": "[variables('_uiConfigId1')]",
"title": "NXLog FIM",
"publisher": "NXLog",
"descriptionMarkdown": "The [NXLog FIM](https://docs.nxlog.co/refman/current/im/fim.html) module allows for the scanning of files and directories, reporting detected additions, changes, renames and deletions on the designated paths through calculated checksums during successive scans. This REST API connector can efficiently export the configured FIM events to Microsoft Sentinel in real time.",
"graphQueries": [
{
"metricName": "Total data received",
"legend": "NXLogFIM_CL",
"baseQuery": "NXLogFIM_CL"
}
],
"sampleQueries": [
{
"description": "Find all DELETE events",
"query": "NXLogFIM_CL\n| where EventType_s == 'DELETE'\n| project-away\n SourceSystem,\n Type\n| sort by EventTime_t"
},
{
"description": "Bar Chart for Events per type, per host",
"query": "NXLogFIM_CL\n| summarize EventCount = count() by Hostname_s, EventType_s\n| where strlen(EventType_s) > 1\n| project Eventype = Hostname_s, EventType_s, EventCount\n| order by EventCount desc\n| render barchart"
},
{
"description": "Pie Chart for visualization of events per host",
"query": "NXLogFIM_CL\n| summarize EventCount = count() by Hostname_s, EventType_s\n| sort by EventCount\n| render piechart"
},
{
"description": "General Summary of Events per Host",
"query": "NXLogFIM_CL\n| summarize count() by Hostname_s, EventType_s"
}
],
"dataTypes": [
{
"name": "NXLogFIM_CL",
"lastDataReceivedQuery": "NXLogFIM_CL | summarize Time = max(TimeGenerated) | where isnotempty(Time)"
}
],
"connectivityCriterias": [
{
"type": "IsConnectedQuery",
"value": [
"NXLogFIM_CL | summarize LastLogReceived = max(TimeGenerated) | project IsConnected = LastLogReceived > ago(30d)"
]
}
],
"availability": {
"status": 1,
"isPreview": false
},
"permissions": {
"resourceProvider": [
{
"provider": "Microsoft.OperationalInsights/workspaces",
"permissionsDisplayText": "read and write permissions are required.",
"providerDisplayName": "Workspace",
"scope": "Workspace",
"requiredPermissions": {
"write": true,
"read": true,
"delete": true
}
},
{
"provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
"permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
"providerDisplayName": "Keys",
"scope": "Workspace",
"requiredPermissions": {
"action": true
}
}
]
},
"instructionSteps": [
{
"description": "Follow the step-by-step instructions in the [Microsoft Sentinel](https://docs.nxlog.co/userguide/integrate/microsoft-azure-sentinel.html) integration chapter of the *NXLog User Guide* to configure this connector.",
"instructions": [
{
"parameters": {
"fillWith": [
"WorkspaceId"
],
"label": "Workspace ID"
},
"type": "CopyableLabel"
},
{
"parameters": {
"fillWith": [
"PrimaryKey"
],
"label": "Primary Key"
},
"type": "CopyableLabel"
}
]
}
]
}
}
},
{
"type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
"apiVersion": "2022-01-01-preview",
"name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]",
"properties": {
"parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
"contentId": "[variables('_dataConnectorContentId1')]",
"kind": "DataConnector",
"version": "[variables('dataConnectorVersion1')]",
"source": {
"kind": "Solution",
"name": "NXLog FIM",
"sourceId": "[variables('_solutionId')]"
},
"author": {
"name": "NXLog",
"email": "[variables('_email')]"
},
"support": {
"name": "NXLog",
"tier": "Partner",
"link": "https://nxlog.co/support-tickets/add/support-ticket"
}
}
}
]
}
}
},
{
"type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
"apiVersion": "2022-01-01-preview",
"name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]",
"dependsOn": [
"[variables('_dataConnectorId1')]"
],
"location": "[parameters('workspace-location')]",
"properties": {
"parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
"contentId": "[variables('_dataConnectorContentId1')]",
"kind": "DataConnector",
"version": "[variables('dataConnectorVersion1')]",
"source": {
"kind": "Solution",
"name": "NXLog FIM",
"sourceId": "[variables('_solutionId')]"
},
"author": {
"name": "NXLog",
"email": "[variables('_email')]"
},
"support": {
"name": "NXLog",
"tier": "Partner",
"link": "https://nxlog.co/support-tickets/add/support-ticket"
}
}
},
{
"name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId1'))]",
"apiVersion": "2021-03-01-preview",
"type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
"location": "[parameters('workspace-location')]",
"kind": "GenericUI",
"properties": {
"connectorUiConfig": {
"title": "NXLog FIM",
"publisher": "NXLog",
"descriptionMarkdown": "The [NXLog FIM](https://docs.nxlog.co/refman/current/im/fim.html) module allows for the scanning of files and directories, reporting detected additions, changes, renames and deletions on the designated paths through calculated checksums during successive scans. This REST API connector can efficiently export the configured FIM events to Microsoft Sentinel in real time.",
"graphQueries": [
{
"metricName": "Total data received",
"legend": "NXLogFIM_CL",
"baseQuery": "NXLogFIM_CL"
}
],
"dataTypes": [
{
"name": "NXLogFIM_CL",
"lastDataReceivedQuery": "NXLogFIM_CL | summarize Time = max(TimeGenerated) | where isnotempty(Time)"
}
],
"connectivityCriterias": [
{
"type": "IsConnectedQuery",
"value": [
"NXLogFIM_CL | summarize LastLogReceived = max(TimeGenerated) | project IsConnected = LastLogReceived > ago(30d)"
]
}
],
"sampleQueries": [
{
"description": "Find all DELETE events",
"query": "NXLogFIM_CL\n| where EventType_s == 'DELETE'\n| project-away\n SourceSystem,\n Type\n| sort by EventTime_t"
},
{
"description": "Bar Chart for Events per type, per host",
"query": "NXLogFIM_CL\n| summarize EventCount = count() by Hostname_s, EventType_s\n| where strlen(EventType_s) > 1\n| project Eventype = Hostname_s, EventType_s, EventCount\n| order by EventCount desc\n| render barchart"
},
{
"description": "Pie Chart for visualization of events per host",
"query": "NXLogFIM_CL\n| summarize EventCount = count() by Hostname_s, EventType_s\n| sort by EventCount\n| render piechart"
},
{
"description": "General Summary of Events per Host",
"query": "NXLogFIM_CL\n| summarize count() by Hostname_s, EventType_s"
}
],
"availability": {
"status": 1,
"isPreview": false
},
"permissions": {
"resourceProvider": [
{
"provider": "Microsoft.OperationalInsights/workspaces",
"permissionsDisplayText": "read and write permissions are required.",
"providerDisplayName": "Workspace",
"scope": "Workspace",
"requiredPermissions": {
"write": true,
"read": true,
"delete": true
}
},
{
"provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
"permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
"providerDisplayName": "Keys",
"scope": "Workspace",
"requiredPermissions": {
"action": true
}
}
]
},
"instructionSteps": [
{
"description": "Follow the step-by-step instructions in the [Microsoft Sentinel](https://docs.nxlog.co/userguide/integrate/microsoft-azure-sentinel.html) integration chapter of the *NXLog User Guide* to configure this connector.",
"instructions": [
{
"parameters": {
"fillWith": [
"WorkspaceId"
],
"label": "Workspace ID"
},
"type": "CopyableLabel"
},
{
"parameters": {
"fillWith": [
"PrimaryKey"
],
"label": "Primary Key"
},
"type": "CopyableLabel"
}
]
}
],
"id": "[variables('_uiConfigId1')]"
}
}
},
{
"type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
"apiVersion": "2022-01-01-preview",
"location": "[parameters('workspace-location')]",
"properties": {
"version": "2.0.1",
"kind": "Solution",
"contentSchemaVersion": "2.0.0",
"contentId": "[variables('_solutionId')]",
"parentId": "[variables('_solutionId')]",
"source": {
"kind": "Solution",
"name": "NXLog FIM",
"sourceId": "[variables('_solutionId')]"
},
"author": {
"name": "NXLog",
"email": "[variables('_email')]"
},
"support": {
"name": "NXLog",
"tier": "Partner",
"link": "https://nxlog.co/support-tickets/add/support-ticket"
},
"dependencies": {
"operator": "AND",
"criteria": [
{
"kind": "DataConnector",
"contentId": "[variables('_dataConnectorContentId1')]",
"version": "[variables('dataConnectorVersion1')]"
}
]
},
"firstPublishDate": "2022-08-15",
"providers": [
"NXLog"
],
"categories": {
"domains": [
"IT Operations",
"Security - Others"
]
}
},
"name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/', variables('_solutionId'))]"
}
],
"outputs": {}
}

15
Solutions/NXLog FIM/SolutionMetadata.json Normal file
Просмотреть файл

@ -0,0 +1,15 @@
{
"publisherId": "nxlogltd1589381969261",
"offerId": "NXLog_FIM",
"firstPublishDate": "2022-08-15",
"providers": ["NXLog"],
"categories": {
"domains" : ["IT Operations","Security - Others"],
"verticals": []
},
"support": {
"name": "NXLog",
"tier": "Partner",
"link": "https://nxlog.co/support-tickets/add/support-ticket"
}
}