Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Added Preview tag for data connector of MDO365

This commit is contained in:
v-sabiraj 2023-09-01 14:06:18 +05:30
Родитель 5c7e834ed4
Коммит 19be2931f4
4 изменённых файлов: 16 добавлений и 16 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

4
Solutions/Microsoft Defender for Office 365/Data Connectors/template_OfficeATP.JSON
Просмотреть файл

@ -1,6 +1,6 @@
{
"id": "OfficeATP",
"title": "Microsoft Defender for Office 365",
"title": "Microsoft Defender for Office 365 (Preview)",
"publisher": "Microsoft",
"logo": "Office365Logo.svg",
"descriptionMarkdown": "Microsoft Defender for Office 365 safeguards your organization against malicious threats posed by email messages, links (URLs) and collaboration tools. By ingesting Microsoft Defender for Office 365 alerts into Microsoft Sentinel, you can incorporate information about email- and URL-based threats into your broader risk analysis and build response scenarios accordingly.\n \nThe following types of alerts will be imported:\n\n- A potentially malicious URL click was detected \n- Email messages containing malware removed after delivery\n- Email messages containing phish URLs removed after delivery\n- Email reported by user as malware or phish \n- Suspicious email sending patterns detected \n- User restricted from sending email \n\nThese alerts can be seen by Office customers in the ** Office Security and Compliance Center**.\n\nFor more information, see the [Microsoft Sentinel documentation](https://go.microsoft.com/fwlink/p/?linkid=2219942&wt.mc_id=sentinel_dataconnectordocs_content_cnl_csasci).",
@ -94,4 +94,4 @@
]
}
]
}
}

2
Solutions/Microsoft Defender for Office 365/Data/Solution_MicrosoftDefenderforOffice365.json
Просмотреть файл

@ -17,7 +17,7 @@
"Solutions/Microsoft Defender for Office 365/Playbooks/O365DefenderPlaybooks/o365-BlockSpamDomain/azuredeploy.json"
],
"BasePath": "C:\\GitHub\\Azure-Sentinel",
"Version": "2.0.1",
"Version": "3.0.0",
"Metadata": "SolutionMetadata.json",
"TemplateSpec": true,
"Is1PConnector": true

Двоичные данные
Solutions/Microsoft Defender for Office 365/Package/3.0.0.zip
Просмотреть файл

Двоичный файл не отображается.

26
Solutions/Microsoft Defender for Office 365/Package/mainTemplate.json
Просмотреть файл

@ -44,21 +44,21 @@
"_solutionVersion": "3.0.0",
"solutionId": "azuresentinel.azure-sentinel-solution-microsoftdefenderforo365",
"_solutionId": "[variables('solutionId')]",
"workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]",
"uiConfigId1": "OfficeATP",
"_uiConfigId1": "[variables('uiConfigId1')]",
"dataConnectorContentId1": "OfficeATP",
"_dataConnectorContentId1": "[variables('dataConnectorContentId1')]",
"dataConnectorId1": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
"_dataConnectorId1": "[variables('dataConnectorId1')]",
"dataConnectorTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId1'))),variables('dataConnectorVersion1')))]",
"dataConnectorTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId1'))))]",
"dataConnectorVersion1": "1.0.0",
"_dataConnectorcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentId1'),'-', variables('dataConnectorVersion1'))))]",
"workbookVersion1": "1.0.0",
"workbookContentId1": "MicrosoftDefenderForOffice365",
"workbookId1": "[resourceId('Microsoft.Insights/workbooks', variables('workbookContentId1'))]",
"workbookTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(concat(parameters('workspace'),'-wb-',uniquestring(variables('_workbookContentId1'))),variables('workbookVersion1')))]",
"workbookTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-wb-',uniquestring(variables('_workbookContentId1'))))]",
"_workbookContentId1": "[variables('workbookContentId1')]",
"workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]",
"_workbookcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','wb','-', uniqueString(concat(variables('_solutionId'),'-','Workbook','-',variables('_workbookContentId1'),'-', variables('workbookVersion1'))))]",
"O365_Defender_FunctionAppConnector": "O365_Defender_FunctionAppConnector",
"_O365_Defender_FunctionAppConnector": "[variables('O365_Defender_FunctionAppConnector')]",
@ -66,7 +66,7 @@
"playbookVersion1": "1.0",
"playbookContentId1": "O365_Defender_FunctionAppConnector",
"_playbookContentId1": "[variables('playbookContentId1')]",
"playbookTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(concat(parameters('workspace'),'-fa-',uniquestring(variables('_playbookContentId1'))),variables('playbookVersion1')))]",
"playbookTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-fa-',uniquestring(variables('_playbookContentId1'))))]",
"_playbookcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','fa','-', uniqueString(concat(variables('_solutionId'),'-','AzureFunction','-',variables('_playbookContentId1'),'-', variables('playbookVersion1'))))]",
"o365-BlockMalwareFileExtension": "o365-BlockMalwareFileExtension",
"_o365-BlockMalwareFileExtension": "[variables('o365-BlockMalwareFileExtension')]",
@ -74,7 +74,7 @@
"playbookContentId2": "o365-BlockMalwareFileExtension",
"_playbookContentId2": "[variables('playbookContentId2')]",
"playbookId2": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId2'))]",
"playbookTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId2'))),variables('playbookVersion2')))]",
"playbookTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId2'))))]",
"_playbookcontentProductId2": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId2'),'-', variables('playbookVersion2'))))]",
"blanks": "[replace('b', 'b', '')]",
"o365-BlockSender": "o365-BlockSender",
@ -83,7 +83,7 @@
"playbookContentId3": "o365-BlockSender",
"_playbookContentId3": "[variables('playbookContentId3')]",
"playbookId3": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId3'))]",
"playbookTemplateSpecName3": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId3'))),variables('playbookVersion3')))]",
"playbookTemplateSpecName3": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId3'))))]",
"_playbookcontentProductId3": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId3'),'-', variables('playbookVersion3'))))]",
"o365-BlockSender-EntityTrigger": "o365-BlockSender-EntityTrigger",
"_o365-BlockSender-EntityTrigger": "[variables('o365-BlockSender-EntityTrigger')]",
@ -91,7 +91,7 @@
"playbookContentId4": "o365-BlockSender-EntityTrigger",
"_playbookContentId4": "[variables('playbookContentId4')]",
"playbookId4": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId4'))]",
"playbookTemplateSpecName4": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId4'))),variables('playbookVersion4')))]",
"playbookTemplateSpecName4": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId4'))))]",
"_playbookcontentProductId4": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId4'),'-', variables('playbookVersion4'))))]",
"o365-BlockSpamDomain": "o365-BlockSpamDomain",
"_o365-BlockSpamDomain": "[variables('o365-BlockSpamDomain')]",
@ -99,7 +99,7 @@
"playbookContentId5": "o365-BlockSpamDomain",
"_playbookContentId5": "[variables('playbookContentId5')]",
"playbookId5": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId5'))]",
"playbookTemplateSpecName5": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId5'))),variables('playbookVersion5')))]",
"playbookTemplateSpecName5": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId5'))))]",
"_playbookcontentProductId5": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId5'),'-', variables('playbookVersion5'))))]",
"_solutioncontentProductId": "[concat(take(variables('_solutionId'),50),'-','sl','-', uniqueString(concat(variables('_solutionId'),'-','Solution','-',variables('_solutionId'),'-', variables('_solutionVersion'))))]"
},
@ -129,7 +129,7 @@
"properties": {
"connectorUiConfig": {
"id": "[variables('_uiConfigId1')]",
"title": "Microsoft Defender for Office 365",
"title": "Microsoft Defender for Office 365 (Preview)",
"publisher": "Microsoft",
"descriptionMarkdown": "Microsoft Defender for Office 365 safeguards your organization against malicious threats posed by email messages, links (URLs) and collaboration tools. By ingesting Microsoft Defender for Office 365 alerts into Microsoft Sentinel, you can incorporate information about email- and URL-based threats into your broader risk analysis and build response scenarios accordingly.\n \nThe following types of alerts will be imported:\n\n- A potentially malicious URL click was detected \n- Email messages containing malware removed after delivery\n- Email messages containing phish URLs removed after delivery\n- Email reported by user as malware or phish \n- Suspicious email sending patterns detected \n- User restricted from sending email \n\nThese alerts can be seen by Office customers in the ** Office Security and Compliance Center**.\n\nFor more information, see the [Microsoft Sentinel documentation](https://go.microsoft.com/fwlink/p/?linkid=2219942&wt.mc_id=sentinel_dataconnectordocs_content_cnl_csasci).",
"graphQueries": [
@ -235,7 +235,7 @@
"kind": "StaticUI",
"properties": {
"connectorUiConfig": {
"title": "Microsoft Defender for Office 365",
"title": "Microsoft Defender for Office 365 (Preview)",
"publisher": "Microsoft",
"descriptionMarkdown": "Microsoft Defender for Office 365 safeguards your organization against malicious threats posed by email messages, links (URLs) and collaboration tools. By ingesting Microsoft Defender for Office 365 alerts into Microsoft Sentinel, you can incorporate information about email- and URL-based threats into your broader risk analysis and build response scenarios accordingly.\n \nThe following types of alerts will be imported:\n\n- A potentially malicious URL click was detected \n- Email messages containing malware removed after delivery\n- Email messages containing phish URLs removed after delivery\n- Email reported by user as malware or phish \n- Suspicious email sending patterns detected \n- User restricted from sending email \n\nThese alerts can be seen by Office customers in the ** Office Security and Compliance Center**.\n\nFor more information, see the [Microsoft Sentinel documentation](https://go.microsoft.com/fwlink/p/?linkid=2219942&wt.mc_id=sentinel_dataconnectordocs_content_cnl_csasci).",
"graphQueries": [
@ -3289,11 +3289,11 @@
"contentSchemaVersion": "3.0.0",
"displayName": "Microsoft Defender for Office 365",
"publisherDisplayName": "Microsoft Sentinel, Microsoft Corporation",
"descriptionHtml": "<p><strong>Note:</strong> <em>Please refer to the following before installing the solution: \r \n • Review the solution <a href=\"https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Microsoft%20Defender%20for%20Office%20365/ReleaseNotes.md\">Release Notes</a>\r \n • There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution.</em></p>\n<p>The <a href=\"https://www.microsoft.com/security/business/threat-protection/office-365-defender\">Microsoft Defender for Office 365</a> solution for Microsoft Sentinel enables you to ingest security alerts from the Defender for Office 365 platform, providing visibility into threats within email messages, links (URLs) and collaboration tools.</p>\n<p><strong>Underlying Microsoft Technologies used:</strong></p>\n<p>This solution is dependent on the following technologies, and some of these dependencies either may be in <a href=\"https://azure.microsoft.com/support/legal/preview-supplemental-terms/\">Preview</a> state or might result in additional ingestion or operational costs:</p>\n<ol type=\"a\">\n<li><a href=\"https://docs.microsoft.com/azure/sentinel/create-codeless-connector?tabs=deploy-via-arm-template%2Cconnect-via-the-azure-portal\">Codeless Connector Platform/Native Sentinel Polling</a></li>\n</ol>\n<p><strong>Data Connectors:</strong> 1, <strong>Workbooks:</strong> 1, <strong>Function Apps:</strong> 1, <strong>Playbooks:</strong> 4</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
"descriptionHtml": "<p><strong>Note:</strong> <em>There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</em></p>\n<p>The <a href=\"https://www.microsoft.com/security/business/threat-protection/office-365-defender\">Microsoft Defender for Office 365</a> solution for Microsoft Sentinel enables you to ingest security alerts from the Defender for Office 365 platform, providing visibility into threats within email messages, links (URLs) and collaboration tools.</p>\n<p><strong>Underlying Microsoft Technologies used:</strong></p>\n<p>This solution is dependent on the following technologies, and some of these dependencies either may be in <a href=\"https://azure.microsoft.com/support/legal/preview-supplemental-terms/\">Preview</a> state or might result in additional ingestion or operational costs:</p>\n<ol type=\"a\">\n<li><a href=\"https://docs.microsoft.com/azure/sentinel/create-codeless-connector?tabs=deploy-via-arm-template%2Cconnect-via-the-azure-portal\">Codeless Connector Platform/Native Sentinel Polling</a></li>\n</ol>\n<p><strong>Data Connectors:</strong> 1, <strong>Workbooks:</strong> 1, <strong>Function Apps:</strong> 1, <strong>Playbooks:</strong> 4</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
"contentKind": "Solution",
"contentProductId": "[variables('_solutioncontentProductId')]",
"id": "[variables('_solutioncontentProductId')]",
"icon": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Workbooks/Images/Logos/Azure_Sentinel.svg\"width=\"75px\" height=\"75px\">",
"icon": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Workbooks/Images/Logos/office365_logo.svg\"width=\"75px\" height=\"75px\">",
"contentId": "[variables('_solutionId')]",
"parentId": "[variables('_solutionId')]",
"source": {
@ -3365,4 +3365,4 @@
}
],
"outputs": {}
}
}