From 1601252b4fe3262bc55ee131d619526795216490 Mon Sep 17 00:00:00 2001 From: Steven Bronkhorst Date: Tue, 23 May 2023 15:30:13 +0200 Subject: [PATCH] extended instructions for data connector --- .../NetClean ProActive/Data Connectors/Connector_NetClean.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Solutions/NetClean ProActive/Data Connectors/Connector_NetClean.json b/Solutions/NetClean ProActive/Data Connectors/Connector_NetClean.json index efcaf975be..e0afcde4fa 100644 --- a/Solutions/NetClean ProActive/Data Connectors/Connector_NetClean.json +++ b/Solutions/NetClean ProActive/Data Connectors/Connector_NetClean.json @@ -84,7 +84,7 @@ }, { "title": " Option 1: deploy Logic app (requires NetClean Proactive)", - "description": "1. Download and install the Logic app here:\n https://portal.azure.com/#create/netcleantechnologiesab1651557549734.netcleanlogicappnetcleanproactivelogicapp)\n2. Once deployed modify it in accordance with the instructions found on my.netclean.com\n3. Copy the HTTP POST URL\n4. Add URL to the webhook configuration in your NetClean ProActive Webconsole\n5. Verify functionality by triggering a Demo Incident." + "description": "1. Download and install the Logic app here:\n https://portal.azure.com/#create/netcleantechnologiesab1651557549734.netcleanlogicappnetcleanproactivelogicapp)\n2. Configure Send Data: \n2.1 Go to your newly created logic app \n In your Logic app designer, click +New Step and search for “Azure Log Analytics Data Collector” click it and select “Send Data” \n Enter the Custom Log Name: Netclean_Incidents and a dummy value in the Json request body and click save \n Go to code view on the top ribbon and scroll down to line ~100 it should start with \"Body\" \n replace the line entirly with: \n \"body\": \"{\\n\\\"Hostname\\\":\\\"@{variables('machineName')}\\\",\\n\\\"agentType\\\":\\\"@{triggerBody()['value']['agent']['type']}\\\",\\n\\\"Identifier\\\":\\\"@{triggerBody()?['key']?['identifier']}\\\",\\n\\\"type\\\":\\\"@{triggerBody()?['key']?['type']}\\\",\\n\\\"version\\\":\\\"@{triggerBody()?['value']?['incidentVersion']}\\\",\\n\\\"foundTime\\\":\\\"@{triggerBody()?['value']?['foundTime']}\\\",\\n\\\"detectionMethod\\\":\\\"@{triggerBody()?['value']?['detectionHashType']}\\\",\\n\\\"agentInformatonIdentifier\\\":\\\"@{triggerBody()?['value']?['device']?['identifier']}\\\",\\n\\\"osVersion\\\":\\\"@{triggerBody()?['value']?['device']?['operatingSystemVersion']}\\\",\\n\\\"machineName\\\":\\\"@{variables('machineName')}\\\",\\n\\\"microsoftCultureId\\\":\\\"@{triggerBody()?['value']?['device']?['microsoftCultureId']}\\\",\\n\\\"timeZoneId\\\":\\\"@{triggerBody()?['value']?['device']?['timeZoneName']}\\\",\\n\\\"microsoftGeoId\\\":\\\"@{triggerBody()?['value']?['device']?['microsoftGeoId']}\\\",\\n\\\"domainname\\\":\\\"@{variables('domain')}\\\",\\n\\\"Agentversion\\\":\\\"@{triggerBody()['value']['agent']['version']}\\\",\\n\\\"Agentidentifier\\\":\\\"@{triggerBody()['value']['identifier']}\\\",\\n\\\"loggedOnUsers\\\":\\\"@{variables('Usernames')}\\\",\\n\\\"size\\\":\\\"@{triggerBody()?['value']?['file']?['size']}\\\",\\n\\\"creationTime\\\":\\\"@{triggerBody()?['value']?['file']?['creationTime']}\\\",\\n\\\"lastAccessTime\\\":\\\"@{triggerBody()?['value']?['file']?['lastAccessTime']}\\\",\\n\\\"lastWriteTime\\\":\\\"@{triggerBody()?['value']?['file']?['lastModifiedTime']}\\\",\\n\\\"sha1\\\":\\\"@{triggerBody()?['value']?['file']?['calculatedHashes']?['sha1']}\\\",\\n\\\"nearbyFiles_sha1\\\":\\\"@{variables('nearbyFiles_sha1s')}\\\",\\n\\\"externalIP\\\":\\\"@{triggerBody()?['value']?['device']?['resolvedExternalIp']}\\\",\\n\\\"domain\\\":\\\"@{variables('domain')}\\\",\\n\\\"hasCollectedNearbyFiles\\\":\\\"@{variables('hasCollectedNearbyFiles')}\\\",\\n\\\"filePath\\\":\\\"@{replace(triggerBody()['value']['file']['path'], '\\\\', '\\\\\\\\')}\\\",\\n\\\"m365WebUrl\\\":\\\"@{triggerBody()?['value']?['file']?['microsoft365']?['webUrl']}\\\",\\n\\\"m365CreatedBymail\\\":\\\"@{triggerBody()?['value']?['file']?['createdBy']?['graphIdentity']?['user']?['mail']}\\\",\\n\\\"m365LastModifiedByMail\\\":\\\"@{triggerBody()?['value']?['file']?['lastModifiedBy']?['graphIdentity']?['user']?['mail']}\\\",\\n\\\"m365LibraryId\\\":\\\"@{triggerBody()?['value']?['file']?['microsoft365']?['library']?['id']}\\\",\\n\\\"m365LibraryDisplayName\\\":\\\"@{triggerBody()?['value']?['file']?['microsoft365']?['library']?['displayName']}\\\",\\n\\\"m365Librarytype\\\":\\\"@{triggerBody()?['value']?['file']?['microsoft365']?['library']?['type']}\\\",\\n\\\"m365siteid\\\":\\\"@{triggerBody()?['value']?['file']?['microsoft365']?['site']?['id']}\\\",\\n\\\"m365sitedisplayName\\\":\\\"@{triggerBody()?['value']?['file']?['microsoft365']?['site']?['displayName']}\\\",\\n\\\"m365sitename\\\":\\\"@{triggerBody()?['value']?['file']?['microsoft365']?['parent']?['name']}\\\",\\n\\\"countOfAllNearByFiles\\\":\\\"@{variables('countOfAllNearByFiles')}\\\",\\n\\n}\", \n click save \n3. Copy the HTTP POST URL\n4. Go to your NetClean ProActive web console, and go to settings, Under Webhook configure a new webhook using the URL copied from step 3 \n 5. Verify functionality by triggering a Demo Incident." }, { "title": " Option 2 (Testing only)",