Netskopev2 repackaged
This commit is contained in:
v-atulyadav
Родитель
950dffece2
Коммит
261064c0dc
|
|
@ -37,7 +37,7 @@
|
|||
"Data Connectors/NetskopeWebTransactionsDataConnector/Netskope_WebTransactions.json"
|
||||
],
|
||||
"BasePath": "C:\\Azure-Sentinel\\Solutions\\Netskopev2",
|
||||
"Version": "3.0.0",
|
||||
"Version": "3.0.1",
|
||||
"Metadata": "SolutionMetadata.json",
|
||||
"TemplateSpec": true,
|
||||
"Is1PConnector": false
|
||||
|
|
|
|||
Двоичный файл не отображается.
|
|
@ -60,14 +60,7 @@
|
|||
"name": "dataconnectors1-text",
|
||||
"type": "Microsoft.Common.TextBlock",
|
||||
"options": {
|
||||
"text": "This Solution installs the data connector for Netskope. You can get Netskope custom log data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "dataconnectors2-text",
|
||||
"type": "Microsoft.Common.TextBlock",
|
||||
"options": {
|
||||
"text": "This Solution installs the data connector for Netskope. You can get Netskope custom log data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
|
||||
"text": "This Solution installs the data connector for Netskopev2. You can get Netskopev2 custom log data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
|
||||
}
|
||||
},
|
||||
{
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
"contentVersion": "1.0.0.0",
|
||||
"metadata": {
|
||||
"author": "Netskope",
|
||||
"comments": "Solution template for Netskope"
|
||||
"comments": "Solution template for Netskopev2"
|
||||
},
|
||||
"parameters": {
|
||||
"location": {
|
||||
|
|
@ -39,7 +39,7 @@
|
|||
},
|
||||
"variables": {
|
||||
"_solutionName": "Netskopev2",
|
||||
"_solutionVersion": "3.0.0",
|
||||
"_solutionVersion": "3.0.1",
|
||||
"solutionId": "netskope.netskope_mss",
|
||||
"_solutionId": "[variables('solutionId')]",
|
||||
"analyticRuleObject1": {
|
||||
|
|
@ -75,120 +75,120 @@
|
|||
"playbookTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId2'))))]",
|
||||
"_playbookcontentProductId2": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId2'),'-', variables('playbookVersion2'))))]",
|
||||
"parserObject1": {
|
||||
"_parserName1": "[concat(parameters('workspace'),'/','AlertsCompromisedCredential Data Parser')]",
|
||||
"_parserId1": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'AlertsCompromisedCredential Data Parser')]",
|
||||
"_parserName1": "[concat(parameters('workspace'),'/','AlertsCompromisedCredential')]",
|
||||
"_parserId1": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'AlertsCompromisedCredential')]",
|
||||
"parserTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring('AlertsCompromisedCredential-Parser')))]",
|
||||
"parserVersion1": "1.0.0",
|
||||
"parserContentId1": "AlertsCompromisedCredential-Parser"
|
||||
},
|
||||
"parserObject2": {
|
||||
"_parserName2": "[concat(parameters('workspace'),'/','AlertsCtep Data Parser')]",
|
||||
"_parserId2": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'AlertsCtep Data Parser')]",
|
||||
"_parserName2": "[concat(parameters('workspace'),'/','AlertsCtep')]",
|
||||
"_parserId2": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'AlertsCtep')]",
|
||||
"parserTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring('AlertsCtep-Parser')))]",
|
||||
"parserVersion2": "1.0.0",
|
||||
"parserContentId2": "AlertsCtep-Parser"
|
||||
},
|
||||
"parserObject3": {
|
||||
"_parserName3": "[concat(parameters('workspace'),'/','AlertsDLP Data Parser')]",
|
||||
"_parserId3": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'AlertsDLP Data Parser')]",
|
||||
"_parserName3": "[concat(parameters('workspace'),'/','AlertsDLP')]",
|
||||
"_parserId3": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'AlertsDLP')]",
|
||||
"parserTemplateSpecName3": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring('AlertsDLP-Parser')))]",
|
||||
"parserVersion3": "1.0.0",
|
||||
"parserContentId3": "AlertsDLP-Parser"
|
||||
},
|
||||
"parserObject4": {
|
||||
"_parserName4": "[concat(parameters('workspace'),'/','AlertsMalsite Data Parser')]",
|
||||
"_parserId4": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'AlertsMalsite Data Parser')]",
|
||||
"_parserName4": "[concat(parameters('workspace'),'/','AlertsMalsite')]",
|
||||
"_parserId4": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'AlertsMalsite')]",
|
||||
"parserTemplateSpecName4": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring('AlertsMalsite-Parser')))]",
|
||||
"parserVersion4": "1.0.0",
|
||||
"parserContentId4": "AlertsMalsite-Parser"
|
||||
},
|
||||
"parserObject5": {
|
||||
"_parserName5": "[concat(parameters('workspace'),'/','AlertsMalware Data Parser')]",
|
||||
"_parserId5": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'AlertsMalware Data Parser')]",
|
||||
"_parserName5": "[concat(parameters('workspace'),'/','AlertsMalware')]",
|
||||
"_parserId5": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'AlertsMalware')]",
|
||||
"parserTemplateSpecName5": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring('AlertsMalware-Parser')))]",
|
||||
"parserVersion5": "1.0.0",
|
||||
"parserContentId5": "AlertsMalware-Parser"
|
||||
},
|
||||
"parserObject6": {
|
||||
"_parserName6": "[concat(parameters('workspace'),'/','AlertsPolicy Data Parser')]",
|
||||
"_parserId6": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'AlertsPolicy Data Parser')]",
|
||||
"_parserName6": "[concat(parameters('workspace'),'/','AlertsPolicy')]",
|
||||
"_parserId6": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'AlertsPolicy')]",
|
||||
"parserTemplateSpecName6": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring('AlertsPolicy-Parser')))]",
|
||||
"parserVersion6": "1.0.0",
|
||||
"parserContentId6": "AlertsPolicy-Parser"
|
||||
},
|
||||
"parserObject7": {
|
||||
"_parserName7": "[concat(parameters('workspace'),'/','AlertsQuarantine Data Parser')]",
|
||||
"_parserId7": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'AlertsQuarantine Data Parser')]",
|
||||
"_parserName7": "[concat(parameters('workspace'),'/','AlertsQuarantine')]",
|
||||
"_parserId7": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'AlertsQuarantine')]",
|
||||
"parserTemplateSpecName7": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring('AlertsQuarantine-Parser')))]",
|
||||
"parserVersion7": "1.0.0",
|
||||
"parserContentId7": "AlertsQuarantine-Parser"
|
||||
},
|
||||
"parserObject8": {
|
||||
"_parserName8": "[concat(parameters('workspace'),'/','AlertsRemediation Data Parser')]",
|
||||
"_parserId8": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'AlertsRemediation Data Parser')]",
|
||||
"_parserName8": "[concat(parameters('workspace'),'/','AlertsRemediation')]",
|
||||
"_parserId8": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'AlertsRemediation')]",
|
||||
"parserTemplateSpecName8": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring('AlertsRemediation-Parser')))]",
|
||||
"parserVersion8": "1.0.0",
|
||||
"parserContentId8": "AlertsRemediation-Parser"
|
||||
},
|
||||
"parserObject9": {
|
||||
"_parserName9": "[concat(parameters('workspace'),'/','AlertsSecurityAssessment Data Parser')]",
|
||||
"_parserId9": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'AlertsSecurityAssessment Data Parser')]",
|
||||
"_parserName9": "[concat(parameters('workspace'),'/','AlertsSecurityAssessment')]",
|
||||
"_parserId9": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'AlertsSecurityAssessment')]",
|
||||
"parserTemplateSpecName9": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring('AlertsSecurityAssessment-Parser')))]",
|
||||
"parserVersion9": "1.0.0",
|
||||
"parserContentId9": "AlertsSecurityAssessment-Parser"
|
||||
},
|
||||
"parserObject10": {
|
||||
"_parserName10": "[concat(parameters('workspace'),'/','AlertsUba Data Parser')]",
|
||||
"_parserId10": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'AlertsUba Data Parser')]",
|
||||
"_parserName10": "[concat(parameters('workspace'),'/','AlertsUba')]",
|
||||
"_parserId10": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'AlertsUba')]",
|
||||
"parserTemplateSpecName10": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring('AlertsUba-Parser')))]",
|
||||
"parserVersion10": "1.0.0",
|
||||
"parserContentId10": "AlertsUba-Parser"
|
||||
},
|
||||
"parserObject11": {
|
||||
"_parserName11": "[concat(parameters('workspace'),'/','EventIncident Data Parser')]",
|
||||
"_parserId11": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'EventIncident Data Parser')]",
|
||||
"_parserName11": "[concat(parameters('workspace'),'/','EventIncident')]",
|
||||
"_parserId11": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'EventIncident')]",
|
||||
"parserTemplateSpecName11": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring('EventIncident-Parser')))]",
|
||||
"parserVersion11": "1.0.0",
|
||||
"parserContentId11": "EventIncident-Parser"
|
||||
},
|
||||
"parserObject12": {
|
||||
"_parserName12": "[concat(parameters('workspace'),'/','EventsApplication Data Parser')]",
|
||||
"_parserId12": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'EventsApplication Data Parser')]",
|
||||
"_parserName12": "[concat(parameters('workspace'),'/','EventsApplication')]",
|
||||
"_parserId12": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'EventsApplication')]",
|
||||
"parserTemplateSpecName12": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring('EventsApplication-Parser')))]",
|
||||
"parserVersion12": "1.0.0",
|
||||
"parserContentId12": "EventsApplication-Parser"
|
||||
},
|
||||
"parserObject13": {
|
||||
"_parserName13": "[concat(parameters('workspace'),'/','EventsAudit Data Parser')]",
|
||||
"_parserId13": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'EventsAudit Data Parser')]",
|
||||
"_parserName13": "[concat(parameters('workspace'),'/','EventsAudit')]",
|
||||
"_parserId13": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'EventsAudit')]",
|
||||
"parserTemplateSpecName13": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring('EventsAudit-Parser')))]",
|
||||
"parserVersion13": "1.0.0",
|
||||
"parserContentId13": "EventsAudit-Parser"
|
||||
},
|
||||
"parserObject14": {
|
||||
"_parserName14": "[concat(parameters('workspace'),'/','EventsConnection Data Parser')]",
|
||||
"_parserId14": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'EventsConnection Data Parser')]",
|
||||
"_parserName14": "[concat(parameters('workspace'),'/','EventsConnection')]",
|
||||
"_parserId14": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'EventsConnection')]",
|
||||
"parserTemplateSpecName14": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring('EventsConnection-Parser')))]",
|
||||
"parserVersion14": "1.0.0",
|
||||
"parserContentId14": "EventsConnection-Parser"
|
||||
},
|
||||
"parserObject15": {
|
||||
"_parserName15": "[concat(parameters('workspace'),'/','EventsNetwork Data Parser')]",
|
||||
"_parserId15": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'EventsNetwork Data Parser')]",
|
||||
"_parserName15": "[concat(parameters('workspace'),'/','EventsNetwork')]",
|
||||
"_parserId15": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'EventsNetwork')]",
|
||||
"parserTemplateSpecName15": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring('EventsNetwork-Parser')))]",
|
||||
"parserVersion15": "1.0.0",
|
||||
"parserContentId15": "EventsNetwork-Parser"
|
||||
},
|
||||
"parserObject16": {
|
||||
"_parserName16": "[concat(parameters('workspace'),'/','EventsPage Data Parser')]",
|
||||
"_parserId16": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'EventsPage Data Parser')]",
|
||||
"_parserName16": "[concat(parameters('workspace'),'/','EventsPage')]",
|
||||
"_parserId16": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'EventsPage')]",
|
||||
"parserTemplateSpecName16": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring('EventsPage-Parser')))]",
|
||||
"parserVersion16": "1.0.0",
|
||||
"parserContentId16": "EventsPage-Parser"
|
||||
},
|
||||
"parserObject17": {
|
||||
"_parserName17": "[concat(parameters('workspace'),'/','NetskopeWebTransactions Data Parser')]",
|
||||
"_parserId17": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'NetskopeWebTransactions Data Parser')]",
|
||||
"_parserName17": "[concat(parameters('workspace'),'/','NetskopeWebTransactions')]",
|
||||
"_parserId17": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'NetskopeWebTransactions')]",
|
||||
"parserTemplateSpecName17": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring('NetskopeWebTransactions-Parser')))]",
|
||||
"parserVersion17": "1.0.0",
|
||||
"parserContentId17": "NetskopeWebTransactions-Parser"
|
||||
|
|
@ -223,7 +223,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "NetskopeWebTxErrors_AnalyticalRules Analytics Rule with template version 3.0.0",
|
||||
"description": "NetskopeWebTxErrors_AnalyticalRules Analytics Rule with template version 3.0.1",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('analyticRuleObject1').analyticRuleVersion1]",
|
||||
|
|
@ -271,17 +271,17 @@
|
|||
"ErrorMessage": "error_s"
|
||||
},
|
||||
"alertDetailsOverride": {
|
||||
"alertDisplayNameFormat": "Netskope Error at {{TimeGenerated}}",
|
||||
"alertDescriptionFormat": "Error Message: {{error_s}}"
|
||||
"alertDescriptionFormat": "Error Message: {{error_s}}",
|
||||
"alertDisplayNameFormat": "Netskope Error at {{TimeGenerated}}"
|
||||
},
|
||||
"incidentConfiguration": {
|
||||
"createIncident": true,
|
||||
"groupingConfiguration": {
|
||||
"matchingMethod": "AnyAlert",
|
||||
"reopenClosedIncident": false,
|
||||
"enabled": true,
|
||||
"lookbackDuration": "PT5M",
|
||||
"matchingMethod": "AnyAlert"
|
||||
}
|
||||
"lookbackDuration": "5m",
|
||||
"enabled": true
|
||||
},
|
||||
"createIncident": true
|
||||
}
|
||||
}
|
||||
},
|
||||
|
|
@ -290,7 +290,7 @@
|
|||
"apiVersion": "2022-01-01-preview",
|
||||
"name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject1').analyticRuleId1,'/'))))]",
|
||||
"properties": {
|
||||
"description": "Netskope Analytics Rule 1",
|
||||
"description": "Netskopev2 Analytics Rule 1",
|
||||
"parentId": "[variables('analyticRuleObject1').analyticRuleId1]",
|
||||
"contentId": "[variables('analyticRuleObject1')._analyticRulecontentId1]",
|
||||
"kind": "AnalyticsRule",
|
||||
|
|
@ -334,7 +334,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "NetskopeDashboard Workbook with template version 3.0.0",
|
||||
"description": "NetskopeDashboard Workbook with template version 3.0.1",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('workbookVersion1')]",
|
||||
|
|
@ -464,7 +464,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "NetskopeDataConnectorsTriggerSync Playbook with template version 3.0.0",
|
||||
"description": "NetskopeDataConnectorsTriggerSync Playbook with template version 3.0.1",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('playbookVersion1')]",
|
||||
|
|
@ -1143,7 +1143,7 @@
|
|||
"Timer",
|
||||
"Trigger"
|
||||
],
|
||||
"lastUpdateTime": "2024-04-19T15:19:39.319Z",
|
||||
"lastUpdateTime": "2024-05-03T13:41:12.740Z",
|
||||
"releaseNotes": {
|
||||
"version": "1.0",
|
||||
"title": "[variables('blanks')]",
|
||||
|
|
@ -1175,7 +1175,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "NetskopeWebTxErrorEmail Playbook with template version 3.0.0",
|
||||
"description": "NetskopeWebTxErrorEmail Playbook with template version 3.0.1",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('playbookVersion2')]",
|
||||
|
|
@ -1379,7 +1379,7 @@
|
|||
"Email",
|
||||
"WebTransaction"
|
||||
],
|
||||
"lastUpdateTime": "2024-04-19T15:19:40.065Z",
|
||||
"lastUpdateTime": "2024-05-03T13:41:13.128Z",
|
||||
"releaseNotes": {
|
||||
"version": "1.0",
|
||||
"title": "[variables('blanks')]",
|
||||
|
|
@ -1411,7 +1411,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "AlertsCompromisedCredential Data Parser with template version 3.0.0",
|
||||
"description": "AlertsCompromisedCredential Data Parser with template version 3.0.1",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('parserObject1').parserVersion1]",
|
||||
|
|
@ -1447,7 +1447,7 @@
|
|||
"[variables('parserObject1')._parserId1]"
|
||||
],
|
||||
"properties": {
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser for AlertsCompromisedCredential')]",
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'AlertsCompromisedCredential')]",
|
||||
"contentId": "[variables('parserObject1').parserContentId1]",
|
||||
"kind": "Parser",
|
||||
"version": "[variables('parserObject1').parserVersion1]",
|
||||
|
|
@ -1511,7 +1511,7 @@
|
|||
"[variables('parserObject1')._parserId1]"
|
||||
],
|
||||
"properties": {
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser for AlertsCompromisedCredential')]",
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'AlertsCompromisedCredential')]",
|
||||
"contentId": "[variables('parserObject1').parserContentId1]",
|
||||
"kind": "Parser",
|
||||
"version": "[variables('parserObject1').parserVersion1]",
|
||||
|
|
@ -1539,7 +1539,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "AlertsCtep Data Parser with template version 3.0.0",
|
||||
"description": "AlertsCtep Data Parser with template version 3.0.1",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('parserObject2').parserVersion2]",
|
||||
|
|
@ -1575,7 +1575,7 @@
|
|||
"[variables('parserObject2')._parserId2]"
|
||||
],
|
||||
"properties": {
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser for AlertsCtep')]",
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'AlertsCtep')]",
|
||||
"contentId": "[variables('parserObject2').parserContentId2]",
|
||||
"kind": "Parser",
|
||||
"version": "[variables('parserObject2').parserVersion2]",
|
||||
|
|
@ -1639,7 +1639,7 @@
|
|||
"[variables('parserObject2')._parserId2]"
|
||||
],
|
||||
"properties": {
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser for AlertsCtep')]",
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'AlertsCtep')]",
|
||||
"contentId": "[variables('parserObject2').parserContentId2]",
|
||||
"kind": "Parser",
|
||||
"version": "[variables('parserObject2').parserVersion2]",
|
||||
|
|
@ -1667,7 +1667,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "AlertsDLP Data Parser with template version 3.0.0",
|
||||
"description": "AlertsDLP Data Parser with template version 3.0.1",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('parserObject3').parserVersion3]",
|
||||
|
|
@ -1703,7 +1703,7 @@
|
|||
"[variables('parserObject3')._parserId3]"
|
||||
],
|
||||
"properties": {
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser for AlertsDLP')]",
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'AlertsDLP')]",
|
||||
"contentId": "[variables('parserObject3').parserContentId3]",
|
||||
"kind": "Parser",
|
||||
"version": "[variables('parserObject3').parserVersion3]",
|
||||
|
|
@ -1767,7 +1767,7 @@
|
|||
"[variables('parserObject3')._parserId3]"
|
||||
],
|
||||
"properties": {
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser for AlertsDLP')]",
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'AlertsDLP')]",
|
||||
"contentId": "[variables('parserObject3').parserContentId3]",
|
||||
"kind": "Parser",
|
||||
"version": "[variables('parserObject3').parserVersion3]",
|
||||
|
|
@ -1795,7 +1795,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "AlertsMalsite Data Parser with template version 3.0.0",
|
||||
"description": "AlertsMalsite Data Parser with template version 3.0.1",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('parserObject4').parserVersion4]",
|
||||
|
|
@ -1831,7 +1831,7 @@
|
|||
"[variables('parserObject4')._parserId4]"
|
||||
],
|
||||
"properties": {
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser for AlertsMalsite')]",
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'AlertsMalsite')]",
|
||||
"contentId": "[variables('parserObject4').parserContentId4]",
|
||||
"kind": "Parser",
|
||||
"version": "[variables('parserObject4').parserVersion4]",
|
||||
|
|
@ -1895,7 +1895,7 @@
|
|||
"[variables('parserObject4')._parserId4]"
|
||||
],
|
||||
"properties": {
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser for AlertsMalsite')]",
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'AlertsMalsite')]",
|
||||
"contentId": "[variables('parserObject4').parserContentId4]",
|
||||
"kind": "Parser",
|
||||
"version": "[variables('parserObject4').parserVersion4]",
|
||||
|
|
@ -1923,7 +1923,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "AlertsMalware Data Parser with template version 3.0.0",
|
||||
"description": "AlertsMalware Data Parser with template version 3.0.1",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('parserObject5').parserVersion5]",
|
||||
|
|
@ -1959,7 +1959,7 @@
|
|||
"[variables('parserObject5')._parserId5]"
|
||||
],
|
||||
"properties": {
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser for AlertsMalware')]",
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'AlertsMalware')]",
|
||||
"contentId": "[variables('parserObject5').parserContentId5]",
|
||||
"kind": "Parser",
|
||||
"version": "[variables('parserObject5').parserVersion5]",
|
||||
|
|
@ -2023,7 +2023,7 @@
|
|||
"[variables('parserObject5')._parserId5]"
|
||||
],
|
||||
"properties": {
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser for AlertsMalware')]",
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'AlertsMalware')]",
|
||||
"contentId": "[variables('parserObject5').parserContentId5]",
|
||||
"kind": "Parser",
|
||||
"version": "[variables('parserObject5').parserVersion5]",
|
||||
|
|
@ -2051,7 +2051,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "AlertsPolicy Data Parser with template version 3.0.0",
|
||||
"description": "AlertsPolicy Data Parser with template version 3.0.1",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('parserObject6').parserVersion6]",
|
||||
|
|
@ -2087,7 +2087,7 @@
|
|||
"[variables('parserObject6')._parserId6]"
|
||||
],
|
||||
"properties": {
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser for AlertsPolicy')]",
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'AlertsPolicy')]",
|
||||
"contentId": "[variables('parserObject6').parserContentId6]",
|
||||
"kind": "Parser",
|
||||
"version": "[variables('parserObject6').parserVersion6]",
|
||||
|
|
@ -2151,7 +2151,7 @@
|
|||
"[variables('parserObject6')._parserId6]"
|
||||
],
|
||||
"properties": {
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser for AlertsPolicy')]",
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'AlertsPolicy')]",
|
||||
"contentId": "[variables('parserObject6').parserContentId6]",
|
||||
"kind": "Parser",
|
||||
"version": "[variables('parserObject6').parserVersion6]",
|
||||
|
|
@ -2179,7 +2179,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "AlertsQuarantine Data Parser with template version 3.0.0",
|
||||
"description": "AlertsQuarantine Data Parser with template version 3.0.1",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('parserObject7').parserVersion7]",
|
||||
|
|
@ -2215,7 +2215,7 @@
|
|||
"[variables('parserObject7')._parserId7]"
|
||||
],
|
||||
"properties": {
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser for AlertsQuarantine')]",
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'AlertsQuarantine')]",
|
||||
"contentId": "[variables('parserObject7').parserContentId7]",
|
||||
"kind": "Parser",
|
||||
"version": "[variables('parserObject7').parserVersion7]",
|
||||
|
|
@ -2279,7 +2279,7 @@
|
|||
"[variables('parserObject7')._parserId7]"
|
||||
],
|
||||
"properties": {
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser for AlertsQuarantine')]",
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'AlertsQuarantine')]",
|
||||
"contentId": "[variables('parserObject7').parserContentId7]",
|
||||
"kind": "Parser",
|
||||
"version": "[variables('parserObject7').parserVersion7]",
|
||||
|
|
@ -2307,7 +2307,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "AlertsRemediation Data Parser with template version 3.0.0",
|
||||
"description": "AlertsRemediation Data Parser with template version 3.0.1",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('parserObject8').parserVersion8]",
|
||||
|
|
@ -2343,7 +2343,7 @@
|
|||
"[variables('parserObject8')._parserId8]"
|
||||
],
|
||||
"properties": {
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser for AlertsRemediation')]",
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'AlertsRemediation')]",
|
||||
"contentId": "[variables('parserObject8').parserContentId8]",
|
||||
"kind": "Parser",
|
||||
"version": "[variables('parserObject8').parserVersion8]",
|
||||
|
|
@ -2407,7 +2407,7 @@
|
|||
"[variables('parserObject8')._parserId8]"
|
||||
],
|
||||
"properties": {
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser for AlertsRemediation')]",
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'AlertsRemediation')]",
|
||||
"contentId": "[variables('parserObject8').parserContentId8]",
|
||||
"kind": "Parser",
|
||||
"version": "[variables('parserObject8').parserVersion8]",
|
||||
|
|
@ -2435,7 +2435,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "AlertsSecurityAssessment Data Parser with template version 3.0.0",
|
||||
"description": "AlertsSecurityAssessment Data Parser with template version 3.0.1",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('parserObject9').parserVersion9]",
|
||||
|
|
@ -2471,7 +2471,7 @@
|
|||
"[variables('parserObject9')._parserId9]"
|
||||
],
|
||||
"properties": {
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser for AlertsSecurityAssessment')]",
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'AlertsSecurityAssessment')]",
|
||||
"contentId": "[variables('parserObject9').parserContentId9]",
|
||||
"kind": "Parser",
|
||||
"version": "[variables('parserObject9').parserVersion9]",
|
||||
|
|
@ -2535,7 +2535,7 @@
|
|||
"[variables('parserObject9')._parserId9]"
|
||||
],
|
||||
"properties": {
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser for AlertsSecurityAssessment')]",
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'AlertsSecurityAssessment')]",
|
||||
"contentId": "[variables('parserObject9').parserContentId9]",
|
||||
"kind": "Parser",
|
||||
"version": "[variables('parserObject9').parserVersion9]",
|
||||
|
|
@ -2563,7 +2563,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "AlertsUba Data Parser with template version 3.0.0",
|
||||
"description": "AlertsUba Data Parser with template version 3.0.1",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('parserObject10').parserVersion10]",
|
||||
|
|
@ -2599,7 +2599,7 @@
|
|||
"[variables('parserObject10')._parserId10]"
|
||||
],
|
||||
"properties": {
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser for AlertsUba')]",
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'AlertsUba')]",
|
||||
"contentId": "[variables('parserObject10').parserContentId10]",
|
||||
"kind": "Parser",
|
||||
"version": "[variables('parserObject10').parserVersion10]",
|
||||
|
|
@ -2663,7 +2663,7 @@
|
|||
"[variables('parserObject10')._parserId10]"
|
||||
],
|
||||
"properties": {
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser for AlertsUba')]",
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'AlertsUba')]",
|
||||
"contentId": "[variables('parserObject10').parserContentId10]",
|
||||
"kind": "Parser",
|
||||
"version": "[variables('parserObject10').parserVersion10]",
|
||||
|
|
@ -2691,7 +2691,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "EventIncident Data Parser with template version 3.0.0",
|
||||
"description": "EventIncident Data Parser with template version 3.0.1",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('parserObject11').parserVersion11]",
|
||||
|
|
@ -2727,7 +2727,7 @@
|
|||
"[variables('parserObject11')._parserId11]"
|
||||
],
|
||||
"properties": {
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser for EventIncident')]",
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'EventIncident')]",
|
||||
"contentId": "[variables('parserObject11').parserContentId11]",
|
||||
"kind": "Parser",
|
||||
"version": "[variables('parserObject11').parserVersion11]",
|
||||
|
|
@ -2791,7 +2791,7 @@
|
|||
"[variables('parserObject11')._parserId11]"
|
||||
],
|
||||
"properties": {
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser for EventIncident')]",
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'EventIncident')]",
|
||||
"contentId": "[variables('parserObject11').parserContentId11]",
|
||||
"kind": "Parser",
|
||||
"version": "[variables('parserObject11').parserVersion11]",
|
||||
|
|
@ -2819,7 +2819,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "EventsApplication Data Parser with template version 3.0.0",
|
||||
"description": "EventsApplication Data Parser with template version 3.0.1",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('parserObject12').parserVersion12]",
|
||||
|
|
@ -2855,7 +2855,7 @@
|
|||
"[variables('parserObject12')._parserId12]"
|
||||
],
|
||||
"properties": {
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser for EventsApplication')]",
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'EventsApplication')]",
|
||||
"contentId": "[variables('parserObject12').parserContentId12]",
|
||||
"kind": "Parser",
|
||||
"version": "[variables('parserObject12').parserVersion12]",
|
||||
|
|
@ -2919,7 +2919,7 @@
|
|||
"[variables('parserObject12')._parserId12]"
|
||||
],
|
||||
"properties": {
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser for EventsApplication')]",
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'EventsApplication')]",
|
||||
"contentId": "[variables('parserObject12').parserContentId12]",
|
||||
"kind": "Parser",
|
||||
"version": "[variables('parserObject12').parserVersion12]",
|
||||
|
|
@ -2947,7 +2947,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "EventsAudit Data Parser with template version 3.0.0",
|
||||
"description": "EventsAudit Data Parser with template version 3.0.1",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('parserObject13').parserVersion13]",
|
||||
|
|
@ -2983,7 +2983,7 @@
|
|||
"[variables('parserObject13')._parserId13]"
|
||||
],
|
||||
"properties": {
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser for EventsAudit')]",
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'EventsAudit')]",
|
||||
"contentId": "[variables('parserObject13').parserContentId13]",
|
||||
"kind": "Parser",
|
||||
"version": "[variables('parserObject13').parserVersion13]",
|
||||
|
|
@ -3047,7 +3047,7 @@
|
|||
"[variables('parserObject13')._parserId13]"
|
||||
],
|
||||
"properties": {
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser for EventsAudit')]",
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'EventsAudit')]",
|
||||
"contentId": "[variables('parserObject13').parserContentId13]",
|
||||
"kind": "Parser",
|
||||
"version": "[variables('parserObject13').parserVersion13]",
|
||||
|
|
@ -3075,7 +3075,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "EventsConnection Data Parser with template version 3.0.0",
|
||||
"description": "EventsConnection Data Parser with template version 3.0.1",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('parserObject14').parserVersion14]",
|
||||
|
|
@ -3111,7 +3111,7 @@
|
|||
"[variables('parserObject14')._parserId14]"
|
||||
],
|
||||
"properties": {
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser for EventsConnection')]",
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'EventsConnection')]",
|
||||
"contentId": "[variables('parserObject14').parserContentId14]",
|
||||
"kind": "Parser",
|
||||
"version": "[variables('parserObject14').parserVersion14]",
|
||||
|
|
@ -3175,7 +3175,7 @@
|
|||
"[variables('parserObject14')._parserId14]"
|
||||
],
|
||||
"properties": {
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser for EventsConnection')]",
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'EventsConnection')]",
|
||||
"contentId": "[variables('parserObject14').parserContentId14]",
|
||||
"kind": "Parser",
|
||||
"version": "[variables('parserObject14').parserVersion14]",
|
||||
|
|
@ -3203,7 +3203,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "EventsNetwork Data Parser with template version 3.0.0",
|
||||
"description": "EventsNetwork Data Parser with template version 3.0.1",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('parserObject15').parserVersion15]",
|
||||
|
|
@ -3239,7 +3239,7 @@
|
|||
"[variables('parserObject15')._parserId15]"
|
||||
],
|
||||
"properties": {
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser for EventsNetwork')]",
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'EventsNetwork')]",
|
||||
"contentId": "[variables('parserObject15').parserContentId15]",
|
||||
"kind": "Parser",
|
||||
"version": "[variables('parserObject15').parserVersion15]",
|
||||
|
|
@ -3303,7 +3303,7 @@
|
|||
"[variables('parserObject15')._parserId15]"
|
||||
],
|
||||
"properties": {
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser for EventsNetwork')]",
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'EventsNetwork')]",
|
||||
"contentId": "[variables('parserObject15').parserContentId15]",
|
||||
"kind": "Parser",
|
||||
"version": "[variables('parserObject15').parserVersion15]",
|
||||
|
|
@ -3331,7 +3331,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "EventsPage Data Parser with template version 3.0.0",
|
||||
"description": "EventsPage Data Parser with template version 3.0.1",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('parserObject16').parserVersion16]",
|
||||
|
|
@ -3367,7 +3367,7 @@
|
|||
"[variables('parserObject16')._parserId16]"
|
||||
],
|
||||
"properties": {
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser for EventsPage')]",
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'EventsPage')]",
|
||||
"contentId": "[variables('parserObject16').parserContentId16]",
|
||||
"kind": "Parser",
|
||||
"version": "[variables('parserObject16').parserVersion16]",
|
||||
|
|
@ -3431,7 +3431,7 @@
|
|||
"[variables('parserObject16')._parserId16]"
|
||||
],
|
||||
"properties": {
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser for EventsPage')]",
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'EventsPage')]",
|
||||
"contentId": "[variables('parserObject16').parserContentId16]",
|
||||
"kind": "Parser",
|
||||
"version": "[variables('parserObject16').parserVersion16]",
|
||||
|
|
@ -3459,7 +3459,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "NetskopeWebTransactions Data Parser with template version 3.0.0",
|
||||
"description": "NetskopeWebTransactions Data Parser with template version 3.0.1",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('parserObject17').parserVersion17]",
|
||||
|
|
@ -3495,7 +3495,7 @@
|
|||
"[variables('parserObject17')._parserId17]"
|
||||
],
|
||||
"properties": {
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser for NetskopeWebTransactions')]",
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'NetskopeWebTransactions')]",
|
||||
"contentId": "[variables('parserObject17').parserContentId17]",
|
||||
"kind": "Parser",
|
||||
"version": "[variables('parserObject17').parserVersion17]",
|
||||
|
|
@ -3559,7 +3559,7 @@
|
|||
"[variables('parserObject17')._parserId17]"
|
||||
],
|
||||
"properties": {
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser for NetskopeWebTransactions')]",
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'NetskopeWebTransactions')]",
|
||||
"contentId": "[variables('parserObject17').parserContentId17]",
|
||||
"kind": "Parser",
|
||||
"version": "[variables('parserObject17').parserVersion17]",
|
||||
|
|
@ -3587,7 +3587,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "Netskope data connector with template version 3.0.0",
|
||||
"description": "Netskopev2 data connector with template version 3.0.1",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('dataConnectorVersion1')]",
|
||||
|
|
@ -4538,7 +4538,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "Netskope data connector with template version 3.0.0",
|
||||
"description": "Netskopev2 data connector with template version 3.0.1",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('dataConnectorVersion2')]",
|
||||
|
|
@ -4933,7 +4933,7 @@
|
|||
"apiVersion": "2023-04-01-preview",
|
||||
"location": "[parameters('workspace-location')]",
|
||||
"properties": {
|
||||
"version": "3.0.0",
|
||||
"version": "3.0.1",
|
||||
"kind": "Solution",
|
||||
"contentSchemaVersion": "3.0.0",
|
||||
"displayName": "Netskopev2",
|
||||
|
|
|
|||
|
|
@ -1,3 +1,4 @@
|
|||
| **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** |
|
||||
|-------------|--------------------------------|---------------------------------------------|
|
||||
| 3.0.1 | 03-05-2024 | Repackaged for parser issue fix on reinstall |
|
||||
| 3.0.0 | 03-04-2024 | Initial Solution Release |
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче