GCPCM solution packaged
This commit is contained in:
Родитель
394a009016
Коммит
10b4b9ad3e
|
@ -4,13 +4,13 @@
|
|||
"Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/google_logo.svg\" width=\"75px\" height=\"75px\">",
|
||||
"Description": "The [Google Cloud Platform](https://cloud.google.com/gcp) Cloud Monitoring data connector provides the capability to ingest [GCP Monitoring metrics](https://cloud.google.com/monitoring/api/metrics_gcp) into Microsoft Sentinel using the GCP Monitoring API. Refer to [GCP Monitoring API documentation](https://cloud.google.com/monitoring/api/v3) for more information. \n \n **Underlying Microsoft Technologies used:**\n\n This solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs: \n \n a. [Azure Monitor HTTP Data Collector API](https://docs.microsoft.com/azure/azure-monitor/logs/data-collector-api) \n \n b. [Azure Functions](https://azure.microsoft.com/services/functions/#overview)",
|
||||
"Parsers": [
|
||||
"Parsers/GCP_MONITOR.txt"
|
||||
"Parsers/GCP_MONITOR.yaml"
|
||||
],
|
||||
"Data Connectors": [
|
||||
"Data Connectors/GCP_Monitor_API_FunctionApp.json"
|
||||
],
|
||||
"BasePath": "C:\\Github\\Azure-Sentinel\\Solutions\\Google Cloud Platform Cloud Monitoring",
|
||||
"Version": "2.0.2",
|
||||
"Version": "3.0.0",
|
||||
"Metadata": "SolutionMetadata.json",
|
||||
"TemplateSpec": true,
|
||||
"Is1Pconnector": false
|
||||
|
|
Двоичный файл не отображается.
|
@ -6,7 +6,7 @@
|
|||
"config": {
|
||||
"isWizard": false,
|
||||
"basics": {
|
||||
"description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/google_logo.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Google%20Cloud%20Platform%20Cloud%20Monitoring/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Google Cloud Platform](https://cloud.google.com/gcp) Cloud Monitoring data connector provides the capability to ingest [GCP Monitoring metrics](https://cloud.google.com/monitoring/api/metrics_gcp) into Microsoft Sentinel using the GCP Monitoring API. Refer to [GCP Monitoring API documentation](https://cloud.google.com/monitoring/api/v3) for more information. \n \n **Underlying Microsoft Technologies used:**\n\n This solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs: \n \n a. [Azure Monitor HTTP Data Collector API](https://docs.microsoft.com/azure/azure-monitor/logs/data-collector-api) \n \n b. [Azure Functions](https://azure.microsoft.com/services/functions/#overview)\n\n**Data Connectors:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
|
||||
"description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/google_logo.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Google%20Cloud%20Platform%20Cloud%20Monitoring/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Google Cloud Platform](https://cloud.google.com/gcp) Cloud Monitoring data connector provides the capability to ingest [GCP Monitoring metrics](https://cloud.google.com/monitoring/api/metrics_gcp) into Microsoft Sentinel using the GCP Monitoring API. Refer to [GCP Monitoring API documentation](https://cloud.google.com/monitoring/api/v3) for more information. \n \n **Underlying Microsoft Technologies used:**\n\n This solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs: \n \n a. [Azure Monitor HTTP Data Collector API](https://docs.microsoft.com/azure/azure-monitor/logs/data-collector-api) \n \n b. [Azure Functions](https://azure.microsoft.com/services/functions/#overview)\n\n**Data Connectors:** 1, **Parsers:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
|
||||
"subscription": {
|
||||
"resourceProviders": [
|
||||
"Microsoft.OperationsManagement/solutions",
|
||||
|
@ -60,14 +60,14 @@
|
|||
"name": "dataconnectors1-text",
|
||||
"type": "Microsoft.Common.TextBlock",
|
||||
"options": {
|
||||
"text": "This solution installs the data connector for ingesting Google Cloud Platform Cloud Monitoring metrics into Microsoft Sentinel. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
|
||||
"text": "This Solution installs the data connector for Google Cloud Platform Cloud Monitoring. You can get Google Cloud Platform Cloud Monitoring custom log data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "dataconnectors-parser-text",
|
||||
"type": "Microsoft.Common.TextBlock",
|
||||
"options": {
|
||||
"text": "The solution also installs a parser that transforms ingested data. The transformed logs can be accessed using the GCP_MONITOR Kusto Function alias."
|
||||
"text": "The Solution installs a parser that transforms the ingested data into Microsoft Sentinel normalized format. The normalized format enables better correlation of different types of data from different data sources to drive end-to-end outcomes seamlessly in security monitoring, hunting, incident investigation and response scenarios in Microsoft Sentinel."
|
||||
}
|
||||
},
|
||||
{
|
||||
|
|
|
@ -36,6 +36,13 @@
|
|||
"_solutionVersion": "3.0.0",
|
||||
"solutionId": "azuresentinel.azure-sentinel-solution-gcpmonitoring",
|
||||
"_solutionId": "[variables('solutionId')]",
|
||||
"parserObject1": {
|
||||
"_parserName1": "[concat(parameters('workspace'),'/','Google Cloud Platform Cloud Monitoring Data Parser')]",
|
||||
"_parserId1": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Google Cloud Platform Cloud Monitoring Data Parser')]",
|
||||
"parserTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring('GCP_MONITOR-Parser')))]",
|
||||
"parserVersion1": "1.0.0",
|
||||
"parserContentId1": "GCP_MONITOR-Parser"
|
||||
},
|
||||
"uiConfigId1": "GCPMonitorDataConnector",
|
||||
"_uiConfigId1": "[variables('uiConfigId1')]",
|
||||
"dataConnectorContentId1": "GCPMonitorDataConnector",
|
||||
|
@ -48,6 +55,138 @@
|
|||
"_solutioncontentProductId": "[concat(take(variables('_solutionId'),50),'-','sl','-', uniqueString(concat(variables('_solutionId'),'-','Solution','-',variables('_solutionId'),'-', variables('_solutionVersion'))))]"
|
||||
},
|
||||
"resources": [
|
||||
{
|
||||
"type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
|
||||
"apiVersion": "2023-04-01-preview",
|
||||
"name": "[variables('parserObject1').parserTemplateSpecName1]",
|
||||
"location": "[parameters('workspace-location')]",
|
||||
"dependsOn": [
|
||||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "GCP_MONITOR Data Parser with template version 3.0.0",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('parserObject1').parserVersion1]",
|
||||
"parameters": {},
|
||||
"variables": {},
|
||||
"resources": [
|
||||
{
|
||||
"name": "[variables('parserObject1')._parserName1]",
|
||||
"apiVersion": "2022-10-01",
|
||||
"type": "Microsoft.OperationalInsights/workspaces/savedSearches",
|
||||
"location": "[parameters('workspace-location')]",
|
||||
"properties": {
|
||||
"eTag": "*",
|
||||
"displayName": "Google Cloud Platform Cloud Monitoring Data Parser",
|
||||
"category": "Microsoft Sentinel Parser",
|
||||
"functionAlias": "GCP_MONITOR",
|
||||
"query": "GCP_MONITORING_CL\n| extend EventVendor = 'GCP'\n| extend EventProduct = 'Cloud Monitoring'\n| project-rename MetricLabelsInstanceName=metric_labels_instance_name_s,\n MetricType=metric_type_s,\n ResourceType=resource_type_s,\n ResourceLabelsProjectId=resource_labels_project_id_s,\n ResourceLabelsInstanceId=resource_labels_instance_id_s,\n ResourceLabelsZone=resource_labels_zone_s,\n MetricKind=metricKind_s,\n ValueType=valueType_s,\n IntervalStartTime=interval_startTime_t,\n IntervalEndTime=interval_endTime_t,\n ValueInt64Value=value_int64Value_d\n",
|
||||
"functionParameters": "",
|
||||
"version": 2,
|
||||
"tags": [
|
||||
{
|
||||
"name": "description",
|
||||
"value": ""
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
|
||||
"apiVersion": "2022-01-01-preview",
|
||||
"name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject1')._parserId1,'/'))))]",
|
||||
"dependsOn": [
|
||||
"[variables('parserObject1')._parserId1]"
|
||||
],
|
||||
"properties": {
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Google Cloud Platform Cloud Monitoring Data Parser')]",
|
||||
"contentId": "[variables('parserObject1').parserContentId1]",
|
||||
"kind": "Parser",
|
||||
"version": "[variables('parserObject1').parserVersion1]",
|
||||
"source": {
|
||||
"name": "Google Cloud Platform Cloud Monitoring",
|
||||
"kind": "Solution",
|
||||
"sourceId": "[variables('_solutionId')]"
|
||||
},
|
||||
"author": {
|
||||
"name": "Microsoft",
|
||||
"email": "[variables('_email')]"
|
||||
},
|
||||
"support": {
|
||||
"name": "Microsoft Corporation",
|
||||
"email": "support@microsoft.com",
|
||||
"tier": "Microsoft",
|
||||
"link": "https://support.microsoft.com"
|
||||
}
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"packageKind": "Solution",
|
||||
"packageVersion": "[variables('_solutionVersion')]",
|
||||
"packageName": "[variables('_solutionName')]",
|
||||
"packageId": "[variables('_solutionId')]",
|
||||
"contentSchemaVersion": "3.0.0",
|
||||
"contentId": "[variables('parserObject1').parserContentId1]",
|
||||
"contentKind": "Parser",
|
||||
"displayName": "Google Cloud Platform Cloud Monitoring Data Parser",
|
||||
"contentProductId": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject1').parserContentId1,'-', '1.0.0')))]",
|
||||
"id": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject1').parserContentId1,'-', '1.0.0')))]",
|
||||
"version": "[variables('parserObject1').parserVersion1]"
|
||||
}
|
||||
},
|
||||
{
|
||||
"type": "Microsoft.OperationalInsights/workspaces/savedSearches",
|
||||
"apiVersion": "2022-10-01",
|
||||
"name": "[variables('parserObject1')._parserName1]",
|
||||
"location": "[parameters('workspace-location')]",
|
||||
"properties": {
|
||||
"eTag": "*",
|
||||
"displayName": "Google Cloud Platform Cloud Monitoring Data Parser",
|
||||
"category": "Microsoft Sentinel Parser",
|
||||
"functionAlias": "GCP_MONITOR",
|
||||
"query": "GCP_MONITORING_CL\n| extend EventVendor = 'GCP'\n| extend EventProduct = 'Cloud Monitoring'\n| project-rename MetricLabelsInstanceName=metric_labels_instance_name_s,\n MetricType=metric_type_s,\n ResourceType=resource_type_s,\n ResourceLabelsProjectId=resource_labels_project_id_s,\n ResourceLabelsInstanceId=resource_labels_instance_id_s,\n ResourceLabelsZone=resource_labels_zone_s,\n MetricKind=metricKind_s,\n ValueType=valueType_s,\n IntervalStartTime=interval_startTime_t,\n IntervalEndTime=interval_endTime_t,\n ValueInt64Value=value_int64Value_d\n",
|
||||
"functionParameters": "",
|
||||
"version": 2,
|
||||
"tags": [
|
||||
{
|
||||
"name": "description",
|
||||
"value": ""
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
|
||||
"apiVersion": "2022-01-01-preview",
|
||||
"location": "[parameters('workspace-location')]",
|
||||
"name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject1')._parserId1,'/'))))]",
|
||||
"dependsOn": [
|
||||
"[variables('parserObject1')._parserId1]"
|
||||
],
|
||||
"properties": {
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Google Cloud Platform Cloud Monitoring Data Parser')]",
|
||||
"contentId": "[variables('parserObject1').parserContentId1]",
|
||||
"kind": "Parser",
|
||||
"version": "[variables('parserObject1').parserVersion1]",
|
||||
"source": {
|
||||
"kind": "Solution",
|
||||
"name": "Google Cloud Platform Cloud Monitoring",
|
||||
"sourceId": "[variables('_solutionId')]"
|
||||
},
|
||||
"author": {
|
||||
"name": "Microsoft",
|
||||
"email": "[variables('_email')]"
|
||||
},
|
||||
"support": {
|
||||
"name": "Microsoft Corporation",
|
||||
"email": "support@microsoft.com",
|
||||
"tier": "Microsoft",
|
||||
"link": "https://support.microsoft.com"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
|
||||
"apiVersion": "2023-04-01-preview",
|
||||
|
@ -409,7 +548,7 @@
|
|||
"contentSchemaVersion": "3.0.0",
|
||||
"displayName": "Google Cloud Platform Cloud Monitoring",
|
||||
"publisherDisplayName": "Microsoft Sentinel, Microsoft Corporation",
|
||||
"descriptionHtml": "<p><strong>Note:</strong> Please refer to the following before installing the solution:</p>\n<p>• Review the solution <a href=\"https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Google%20Cloud%20Platform%20Cloud%20Monitoring/ReleaseNotes.md\">Release Notes</a></p>\n<p>• There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</p>\n<p>The <a href=\"https://cloud.google.com/gcp\">Google Cloud Platform</a> Cloud Monitoring data connector provides the capability to ingest <a href=\"https://cloud.google.com/monitoring/api/metrics_gcp\">GCP Monitoring metrics</a> into Microsoft Sentinel using the GCP Monitoring API. Refer to <a href=\"https://cloud.google.com/monitoring/api/v3\">GCP Monitoring API documentation</a> for more information.</p>\n<p><strong>Underlying Microsoft Technologies used:</strong></p>\n<p>This solution takes a dependency on the following technologies, and some of these dependencies either may be in <a href=\"https://azure.microsoft.com/support/legal/preview-supplemental-terms/\">Preview</a> state or might result in additional ingestion or operational costs:</p>\n<ol type=\"a\">\n<li><p><a href=\"https://docs.microsoft.com/azure/azure-monitor/logs/data-collector-api\">Azure Monitor HTTP Data Collector API</a></p>\n</li>\n<li><p><a href=\"https://azure.microsoft.com/services/functions/#overview\">Azure Functions</a></p>\n</li>\n</ol>\n<p><strong>Data Connectors:</strong> 1</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
|
||||
"descriptionHtml": "<p><strong>Note:</strong> Please refer to the following before installing the solution:</p>\n<p>• Review the solution <a href=\"https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Google%20Cloud%20Platform%20Cloud%20Monitoring/ReleaseNotes.md\">Release Notes</a></p>\n<p>• There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</p>\n<p>The <a href=\"https://cloud.google.com/gcp\">Google Cloud Platform</a> Cloud Monitoring data connector provides the capability to ingest <a href=\"https://cloud.google.com/monitoring/api/metrics_gcp\">GCP Monitoring metrics</a> into Microsoft Sentinel using the GCP Monitoring API. Refer to <a href=\"https://cloud.google.com/monitoring/api/v3\">GCP Monitoring API documentation</a> for more information.</p>\n<p><strong>Underlying Microsoft Technologies used:</strong></p>\n<p>This solution takes a dependency on the following technologies, and some of these dependencies either may be in <a href=\"https://azure.microsoft.com/support/legal/preview-supplemental-terms/\">Preview</a> state or might result in additional ingestion or operational costs:</p>\n<ol type=\"a\">\n<li><p><a href=\"https://docs.microsoft.com/azure/azure-monitor/logs/data-collector-api\">Azure Monitor HTTP Data Collector API</a></p>\n</li>\n<li><p><a href=\"https://azure.microsoft.com/services/functions/#overview\">Azure Functions</a></p>\n</li>\n</ol>\n<p><strong>Data Connectors:</strong> 1, <strong>Parsers:</strong> 1</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
|
||||
"contentKind": "Solution",
|
||||
"contentProductId": "[variables('_solutioncontentProductId')]",
|
||||
"id": "[variables('_solutioncontentProductId')]",
|
||||
|
@ -434,6 +573,11 @@
|
|||
"dependencies": {
|
||||
"operator": "AND",
|
||||
"criteria": [
|
||||
{
|
||||
"kind": "Parser",
|
||||
"contentId": "[variables('parserObject1').parserContentId1]",
|
||||
"version": "[variables('parserObject1').parserVersion1]"
|
||||
},
|
||||
{
|
||||
"kind": "DataConnector",
|
||||
"contentId": "[variables('_dataConnectorContentId1')]",
|
||||
|
|
Загрузка…
Ссылка в новой задаче