Repackaged Zero nw & Armorblox
This commit is contained in:
v-atulyadav
Родитель
838c77bfc0
Коммит
2c342b9e0a
Двоичные данные
Solutions/Armorblox/Package/2.0.2.zip
Двоичные данные
Solutions/Armorblox/Package/2.0.2.zip
Двоичный файл не отображается.
|
|
@ -60,7 +60,7 @@
|
|||
"name": "dataconnectors1-text",
|
||||
"type": "Microsoft.Common.TextBlock",
|
||||
"options": {
|
||||
"text": "This solution installs the data connector for ingesting Armorblox logs into Microsoft Sentinel, using the Armorblox API. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
|
||||
"text": "This Solution installs the data connector for Armorblox. You can get Armorblox custom log data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
|
||||
}
|
||||
},
|
||||
{
|
||||
|
|
|
|||
|
|
@ -38,10 +38,10 @@
|
|||
}
|
||||
},
|
||||
"variables": {
|
||||
"IncidentId" :"id_s",
|
||||
"_IncidentId":"[variables('IncidentId')]",
|
||||
"solutionId": "armorblox1601081599926.armorblox_sentinel_1",
|
||||
"_solutionId": "[variables('solutionId')]",
|
||||
"IncidentId" :"id_s",
|
||||
"_IncidentId":"[variables('IncidentId')]",
|
||||
"email": "support@armorblox.com",
|
||||
"_email": "[variables('email')]",
|
||||
"workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]",
|
||||
|
|
@ -74,7 +74,7 @@
|
|||
"resources": [
|
||||
{
|
||||
"type": "Microsoft.Resources/templateSpecs",
|
||||
"apiVersion": "2021-05-01",
|
||||
"apiVersion": "2022-02-01",
|
||||
"name": "[variables('dataConnectorTemplateSpecName1')]",
|
||||
"location": "[parameters('workspace-location')]",
|
||||
"tags": {
|
||||
|
|
@ -88,7 +88,7 @@
|
|||
},
|
||||
{
|
||||
"type": "Microsoft.Resources/templateSpecs/versions",
|
||||
"apiVersion": "2021-05-01",
|
||||
"apiVersion": "2022-02-01",
|
||||
"name": "[concat(variables('dataConnectorTemplateSpecName1'),'/',variables('dataConnectorVersion1'))]",
|
||||
"location": "[parameters('workspace-location')]",
|
||||
"tags": {
|
||||
|
|
@ -115,7 +115,7 @@
|
|||
"properties": {
|
||||
"connectorUiConfig": {
|
||||
"id": "[variables('_uiConfigId1')]",
|
||||
"title": "Armorblox (using Azure Function)",
|
||||
"title": "Armorblox (using Azure Functions)",
|
||||
"publisher": "Armorblox",
|
||||
"descriptionMarkdown": "The [Armorblox](https://www.armorblox.com/) data connector provides the capability to ingest incidents from your Armorblox instance into Microsoft Sentinel through the REST API. The connector provides ability to get events which helps to examine potential security risks, and more.",
|
||||
"graphQueries": [
|
||||
|
|
@ -304,7 +304,7 @@
|
|||
"kind": "GenericUI",
|
||||
"properties": {
|
||||
"connectorUiConfig": {
|
||||
"title": "Armorblox (using Azure Function)",
|
||||
"title": "Armorblox (using Azure Functions)",
|
||||
"publisher": "Armorblox",
|
||||
"descriptionMarkdown": "The [Armorblox](https://www.armorblox.com/) data connector provides the capability to ingest incidents from your Armorblox instance into Microsoft Sentinel through the REST API. The connector provides ability to get events which helps to examine potential security risks, and more.",
|
||||
"graphQueries": [
|
||||
|
|
@ -430,7 +430,7 @@
|
|||
},
|
||||
{
|
||||
"type": "Microsoft.Resources/templateSpecs",
|
||||
"apiVersion": "2021-05-01",
|
||||
"apiVersion": "2022-02-01",
|
||||
"name": "[variables('workbookTemplateSpecName1')]",
|
||||
"location": "[parameters('workspace-location')]",
|
||||
"tags": {
|
||||
|
|
@ -444,7 +444,7 @@
|
|||
},
|
||||
{
|
||||
"type": "Microsoft.Resources/templateSpecs/versions",
|
||||
"apiVersion": "2021-05-01",
|
||||
"apiVersion": "2022-02-01",
|
||||
"name": "[concat(variables('workbookTemplateSpecName1'),'/',variables('workbookVersion1'))]",
|
||||
"location": "[parameters('workspace-location')]",
|
||||
"tags": {
|
||||
|
|
@ -473,7 +473,7 @@
|
|||
},
|
||||
"properties": {
|
||||
"displayName": "[parameters('workbook1-name')]",
|
||||
"serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## INCIDENTS FROM ARMORBLOX\"},\"name\":\"text - 0\",\"styleSettings\":{\"margin\":\"5px\",\"padding\":\"5px\"}},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"57bfc245-223e-4ef2-892a-35f9b3049ee0\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"TimeRange\",\"type\":4,\"description\":\"INCIDENTS FROM SELECTED TIME RANGE\",\"isRequired\":true,\"value\":{\"durationMs\":259200000},\"typeSettings\":{\"selectableValues\":[{\"durationMs\":300000},{\"durationMs\":900000},{\"durationMs\":1800000},{\"durationMs\":3600000},{\"durationMs\":14400000},{\"durationMs\":43200000},{\"durationMs\":86400000},{\"durationMs\":172800000},{\"durationMs\":259200000},{\"durationMs\":604800000},{\"durationMs\":1209600000},{\"durationMs\":2419200000},{\"durationMs\":2592000000},{\"durationMs\":5184000000},{\"durationMs\":7776000000}]},\"timeContext\":{\"durationMs\":86400000}}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 1\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Armorblox_CL\\r\\n| sort by TimeGenerated desc\\r\\n| where TimeGenerated {TimeRange}\\r\\n| summarize count() by priority_s\\r\\n\",\"size\":1,\"timeContext\":{\"durationMs\":259200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"chartSettings\":{\"yAxis\":[\"count_\"],\"showLegend\":true}},\"customWidth\":\"50\",\"name\":\"query - 3\",\"styleSettings\":{\"margin\":\"5\",\"padding\":\"5\",\"showBorder\":true}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Armorblox_CL\\r\\n| sort by TimeGenerated desc\\r\\n| where TimeGenerated {TimeRange}\\r\\n| summarize count() by incident_type_s\\r\\n\",\"size\":1,\"timeContext\":{\"durationMs\":259200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\"},\"customWidth\":\"50\",\"name\":\"query - 4\",\"styleSettings\":{\"margin\":\"5\",\"padding\":\"5\",\"showBorder\":true}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Armorblox_CL\\r\\n| sort by TimeGenerated desc\\r\\n| where TimeGenerated {TimeRange} and incident_type_s=='THREAT_INCIDENT_TYPE'\\r\\n| extend policy = substring(policy_names_s, 1, strlen(policy_names_s)-2)\\r\\n| summarize count() by policy\\r\\n\",\"size\":1,\"timeContext\":{\"durationMs\":259200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"policy_names_s\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}}},\"customWidth\":\"50\",\"name\":\"query - 6\",\"styleSettings\":{\"margin\":\"5\",\"padding\":\"5\",\"showBorder\":true}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Armorblox_CL\\r\\n| sort by TimeGenerated desc\\r\\n| where TimeGenerated {TimeRange} and incident_type_s=='DLP_INCIDENT_TYPE'\\r\\n| extend policy = substring(policy_names_s, 1, strlen(policy_names_s)-2)\\r\\n| summarize count() by policy\\r\\n\",\"size\":1,\"timeContext\":{\"durationMs\":259200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\"},\"customWidth\":\"50\",\"name\":\"query - 7\",\"styleSettings\":{\"margin\":\"5\",\"padding\":\"5\",\"showBorder\":true}},{\"type\":1,\"content\":{\"json\":\"## INCIDENTS\"},\"name\":\"text - 5\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Armorblox_CL\\r\\n| project TimeGenerated, date_t, id_s, priority_s, policy_names_s, title_s, remediation_actions_s, resolution_state_s, research_status_s\\r\\n| project-rename OccurredDate=date_t, IncidentId=id_s, Priority=priority_s, Subject=title_s, RemediationAction=remediation_actions_s, ResolutionState=resolution_state_s, ResearchStatus=research_status_s\\r\\n| where TimeGenerated {TimeRange}\\r\\n| sort by TimeGenerated desc\\r\\n\",\"size\":0,\"timeContext\":{\"durationMs\":259200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"query - 2\",\"styleSettings\":{\"margin\":\"5\",\"padding\":\"5\",\"showBorder\":true}}],\"fromTemplateId\":\"sentinel-ArmorbloxOverview\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\r\n",
|
||||
"serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## INCIDENTS FROM ARMORBLOX\"},\"name\":\"text - 0\",\"styleSettings\":{\"margin\":\"5px\",\"padding\":\"5px\"}},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"57bfc245-223e-4ef2-892a-35f9b3049ee0\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"TimeRange\",\"type\":4,\"description\":\"INCIDENTS FROM SELECTED TIME RANGE\",\"isRequired\":true,\"value\":{\"durationMs\":259200000},\"typeSettings\":{\"selectableValues\":[{\"durationMs\":300000},{\"durationMs\":900000},{\"durationMs\":1800000},{\"durationMs\":3600000},{\"durationMs\":14400000},{\"durationMs\":43200000},{\"durationMs\":86400000},{\"durationMs\":172800000},{\"durationMs\":259200000},{\"durationMs\":604800000},{\"durationMs\":1209600000},{\"durationMs\":2419200000},{\"durationMs\":2592000000},{\"durationMs\":5184000000},{\"durationMs\":7776000000}]},\"timeContext\":{\"durationMs\":86400000}}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 1\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Armorblox_CL\\r\\n| sort by TimeGenerated desc\\r\\n| where TimeGenerated {TimeRange}\\r\\n| summarize count() by priority_s\\r\\n\",\"size\":1,\"timeContext\":{\"durationMs\":259200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"chartSettings\":{\"yAxis\":[\"count_\"],\"showLegend\":true}},\"customWidth\":\"50\",\"name\":\"query - 3\",\"styleSettings\":{\"margin\":\"5\",\"padding\":\"5\",\"showBorder\":true}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Armorblox_CL\\r\\n| sort by TimeGenerated desc\\r\\n| where TimeGenerated {TimeRange}\\r\\n| summarize count() by incident_type_s\\r\\n\",\"size\":1,\"timeContext\":{\"durationMs\":259200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\"},\"customWidth\":\"50\",\"name\":\"query - 4\",\"styleSettings\":{\"margin\":\"5\",\"padding\":\"5\",\"showBorder\":true}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Armorblox_CL\\r\\n| sort by TimeGenerated desc\\r\\n| where TimeGenerated {TimeRange} and incident_type_s=='THREAT_INCIDENT_TYPE'\\r\\n| extend policy = substring(policy_names_s, 1, strlen(policy_names_s)-2)\\r\\n| summarize count() by policy\\r\\n\",\"size\":1,\"timeContext\":{\"durationMs\":259200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"policy_names_s\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}}},\"customWidth\":\"50\",\"name\":\"query - 6\",\"styleSettings\":{\"margin\":\"5\",\"padding\":\"5\",\"showBorder\":true}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Armorblox_CL\\r\\n| sort by TimeGenerated desc\\r\\n| where TimeGenerated {TimeRange} and incident_type_s=='DLP_INCIDENT_TYPE'\\r\\n| extend policy = substring(policy_names_s, 1, strlen(policy_names_s)-2)\\r\\n| summarize count() by policy\\r\\n\",\"size\":1,\"timeContext\":{\"durationMs\":259200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\"},\"customWidth\":\"50\",\"name\":\"query - 7\",\"styleSettings\":{\"margin\":\"5\",\"padding\":\"5\",\"showBorder\":true}},{\"type\":1,\"content\":{\"json\":\"## INCIDENTS\"},\"name\":\"text - 5\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Armorblox_CL\\r\\n| project TimeGenerated, date_t, id_s, priority_s, policy_names_s, title_s, remediation_actions_s, resolution_state_s, research_status_s\\r\\n| project-rename OccurredDate=date_t, IncidentId=id_s, Priority=priority_s, Subject=title_s, RemediationAction=remediation_actions_s, ResolutionState=resolution_state_s, ResearchStatus=research_status_s\\r\\n| where TimeGenerated {TimeRange}\\r\\n| sort by TimeGenerated desc\\r\\n\",\"size\":0,\"timeContext\":{\"durationMs\":259200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"query - 2\",\"styleSettings\":{\"margin\":\"5\",\"padding\":\"5\",\"showBorder\":true}}],\"fallbackResourceIds\":\"[variables('TemplateEmptyArray')]\",\"fromTemplateId\":\"sentinel-ArmorbloxOverview\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\r\n",
|
||||
"version": "1.0",
|
||||
"sourceId": "[variables('workspaceResourceId')]",
|
||||
"category": "sentinel"
|
||||
|
|
@ -524,7 +524,7 @@
|
|||
},
|
||||
{
|
||||
"type": "Microsoft.Resources/templateSpecs",
|
||||
"apiVersion": "2021-05-01",
|
||||
"apiVersion": "2022-02-01",
|
||||
"name": "[variables('analyticRuleTemplateSpecName1')]",
|
||||
"location": "[parameters('workspace-location')]",
|
||||
"tags": {
|
||||
|
|
@ -538,7 +538,7 @@
|
|||
},
|
||||
{
|
||||
"type": "Microsoft.Resources/templateSpecs/versions",
|
||||
"apiVersion": "2021-05-01",
|
||||
"apiVersion": "2022-02-01",
|
||||
"name": "[concat(variables('analyticRuleTemplateSpecName1'),'/',variables('analyticRuleVersion1'))]",
|
||||
"location": "[parameters('workspace-location')]",
|
||||
"tags": {
|
||||
|
|
@ -577,31 +577,31 @@
|
|||
"status": "Available",
|
||||
"requiredDataConnectors": [
|
||||
{
|
||||
"connectorId": "Armorblox",
|
||||
"dataTypes": [
|
||||
"Armorblox_CL"
|
||||
]
|
||||
],
|
||||
"connectorId": "Armorblox"
|
||||
}
|
||||
],
|
||||
"eventGroupingSettings": {
|
||||
"aggregationKind": "AlertPerResult"
|
||||
},
|
||||
"customDetails": {
|
||||
"RemediationAction": "remediation_actions_s",
|
||||
"IncidentId": "[variables('_IncidentId')]"
|
||||
"IncidentId": "[variables('_IncidentId')]",
|
||||
"RemediationAction": "remediation_actions_s"
|
||||
},
|
||||
"alertDetailsOverride": {
|
||||
"alertDescriptionFormat": "Incident {{id_s}} generated at {{date_t}} needs review ",
|
||||
"alertDisplayNameFormat": "Alert from Armorblox",
|
||||
"alertSeverityColumnName": "priority_s"
|
||||
"alertDescriptionFormat": "Incident {{id_s}} generated at {{date_t}} needs review ",
|
||||
"alertSeverityColumnName": "priority_s",
|
||||
"alertDisplayNameFormat": "Alert from Armorblox"
|
||||
},
|
||||
"incidentConfiguration": {
|
||||
"createIncident": true,
|
||||
"groupingConfiguration": {
|
||||
"enabled": false,
|
||||
"reopenClosedIncident": false,
|
||||
"matchingMethod": "AllEntities",
|
||||
"lookbackDuration": "10m"
|
||||
"lookbackDuration": "10m",
|
||||
"enabled": false
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -638,7 +638,7 @@
|
|||
},
|
||||
{
|
||||
"type": "Microsoft.Resources/templateSpecs",
|
||||
"apiVersion": "2021-05-01",
|
||||
"apiVersion": "2022-02-01",
|
||||
"name": "[variables('playbookTemplateSpecName1')]",
|
||||
"location": "[parameters('workspace-location')]",
|
||||
"tags": {
|
||||
|
|
@ -652,7 +652,7 @@
|
|||
},
|
||||
{
|
||||
"type": "Microsoft.Resources/templateSpecs/versions",
|
||||
"apiVersion": "2021-05-01",
|
||||
"apiVersion": "2022-02-01",
|
||||
"name": "[concat(variables('playbookTemplateSpecName1'),'/',variables('playbookVersion1'))]",
|
||||
"location": "[parameters('workspace-location')]",
|
||||
"tags": {
|
||||
|
|
|
|||
|
|
@ -32,7 +32,7 @@
|
|||
],
|
||||
"BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\ZeroNetworks",
|
||||
"Metadata": "SolutionMetadata.json",
|
||||
"Version": "2.0.3",
|
||||
"Version": "2.0.4",
|
||||
"TemplateSpec": true,
|
||||
"Is1Pconnector": false
|
||||
}
|
||||
Двоичный файл не отображается.
|
|
@ -60,14 +60,14 @@
|
|||
"name": "dataconnectors1-text",
|
||||
"type": "Microsoft.Common.TextBlock",
|
||||
"options": {
|
||||
"text": "This Solution installs the data connector for ZeroNetworks. You can get ZeroNetworks custom log data in your Microsoft Sentinel workspace. Configure and enable this data connector in the Data Connector gallery after this Solution deploys. This data connector creates custom log table(s) in your Microsoft Sentinel / Azure Log Analytics workspace."
|
||||
"text": "This Solution installs the data connector for ZeroNetworks. You can get ZeroNetworks custom log data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "dataconnectors2-text",
|
||||
"type": "Microsoft.Common.TextBlock",
|
||||
"options": {
|
||||
"text": "This Solution installs the data connector for ZeroNetworks. You can get ZeroNetworks custom log data in your Microsoft Sentinel workspace. Configure and enable this data connector in the Data Connector gallery after this Solution deploys. This data connector creates custom log table(s) ZNSegmentAudit_CL in your Microsoft Sentinel / Azure Log Analytics workspace."
|
||||
"text": "This Solution installs the data connector for ZeroNetworks. You can get ZeroNetworks custom log data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
|
||||
}
|
||||
},
|
||||
{
|
||||
|
|
|
|||
|
|
@ -36,7 +36,7 @@
|
|||
"description": "Name for the workbook"
|
||||
}
|
||||
},
|
||||
"uri": {
|
||||
"uri": {
|
||||
"type": "string",
|
||||
"defaultValue": "https://portal.zeronetworks.com/api/v1/audit"
|
||||
}
|
||||
|
|
@ -113,6 +113,7 @@
|
|||
"dataConnectorVersion2": "1.0.0",
|
||||
"ZeroNetworksConnector": "ZeroNetworksConnector",
|
||||
"_ZeroNetworksConnector": "[variables('ZeroNetworksConnector')]",
|
||||
"blanks": "[replace('b', 'b', '')]",
|
||||
"playbookVersion1": "1.0",
|
||||
"playbookContentId1": "ZeroNetworksConnector",
|
||||
"_playbookContentId1": "[variables('playbookContentId1')]",
|
||||
|
|
@ -124,7 +125,6 @@
|
|||
"_playbookContentId2": "[variables('playbookContentId2')]",
|
||||
"playbookId2": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId2'))]",
|
||||
"playbookTemplateSpecName2": "[concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId2')))]",
|
||||
"blanks": "[replace('b', 'b', '')]",
|
||||
"ZeroNetworksSegment-AddBlockOutboundRule": "ZeroNetworksSegment-AddBlockOutboundRule",
|
||||
"_ZeroNetworksSegment-AddBlockOutboundRule": "[variables('ZeroNetworksSegment-AddBlockOutboundRule')]",
|
||||
"playbookVersion3": "1.0",
|
||||
|
|
@ -138,12 +138,14 @@
|
|||
"playbookContentId4": "ZeroNetworksSegment-EnrichIncident",
|
||||
"_playbookContentId4": "[variables('playbookContentId4')]",
|
||||
"playbookId4": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId4'))]",
|
||||
"playbookTemplateSpecName4": "[concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId4')))]"
|
||||
"playbookTemplateSpecName4": "[concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId4')))]",
|
||||
"operationId-Encode IP Address to AssetId": "Encode IP Address to AssetId",
|
||||
"_operationId-Encode IP Address to AssetId": "[variables('operationId-Encode IP Address to AssetId')]"
|
||||
},
|
||||
"resources": [
|
||||
{
|
||||
"type": "Microsoft.Resources/templateSpecs",
|
||||
"apiVersion": "2021-05-01",
|
||||
"apiVersion": "2022-02-01",
|
||||
"name": "[variables('workbookTemplateSpecName1')]",
|
||||
"location": "[parameters('workspace-location')]",
|
||||
"tags": {
|
||||
|
|
@ -157,7 +159,7 @@
|
|||
},
|
||||
{
|
||||
"type": "Microsoft.Resources/templateSpecs/versions",
|
||||
"apiVersion": "2021-05-01",
|
||||
"apiVersion": "2022-02-01",
|
||||
"name": "[concat(variables('workbookTemplateSpecName1'),'/',variables('workbookVersion1'))]",
|
||||
"location": "[parameters('workspace-location')]",
|
||||
"tags": {
|
||||
|
|
@ -168,7 +170,7 @@
|
|||
"[resourceId('Microsoft.Resources/templateSpecs', variables('workbookTemplateSpecName1'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "ZNSegmentAuditWorkbook with template version 2.0.3",
|
||||
"description": "ZNSegmentAuditWorkbook with template version 2.0.4",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('workbookVersion1')]",
|
||||
|
|
@ -246,7 +248,7 @@
|
|||
},
|
||||
{
|
||||
"type": "Microsoft.Resources/templateSpecs",
|
||||
"apiVersion": "2021-05-01",
|
||||
"apiVersion": "2022-02-01",
|
||||
"name": "[variables('analyticRuleTemplateSpecName1')]",
|
||||
"location": "[parameters('workspace-location')]",
|
||||
"tags": {
|
||||
|
|
@ -260,7 +262,7 @@
|
|||
},
|
||||
{
|
||||
"type": "Microsoft.Resources/templateSpecs/versions",
|
||||
"apiVersion": "2021-05-01",
|
||||
"apiVersion": "2022-02-01",
|
||||
"name": "[concat(variables('analyticRuleTemplateSpecName1'),'/',variables('analyticRuleVersion1'))]",
|
||||
"location": "[parameters('workspace-location')]",
|
||||
"tags": {
|
||||
|
|
@ -271,7 +273,7 @@
|
|||
"[resourceId('Microsoft.Resources/templateSpecs', variables('analyticRuleTemplateSpecName1'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "ZNSegmentMachineRemovedfromProtection_AnalyticalRules Analytics Rule with template version 2.0.3",
|
||||
"description": "ZNSegmentMachineRemovedfromProtection_AnalyticalRules Analytics Rule with template version 2.0.4",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('analyticRuleVersion1')]",
|
||||
|
|
@ -319,22 +321,22 @@
|
|||
],
|
||||
"entityMappings": [
|
||||
{
|
||||
"entityType": "Account",
|
||||
"fieldMappings": [
|
||||
{
|
||||
"columnName": "PerformedByName",
|
||||
"identifier": "Name"
|
||||
}
|
||||
]
|
||||
],
|
||||
"entityType": "Account"
|
||||
},
|
||||
{
|
||||
"entityType": "Host",
|
||||
"fieldMappings": [
|
||||
{
|
||||
"columnName": "DestinationEntityName",
|
||||
"identifier": "HostName"
|
||||
}
|
||||
]
|
||||
],
|
||||
"entityType": "Host"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
|
@ -372,7 +374,7 @@
|
|||
},
|
||||
{
|
||||
"type": "Microsoft.Resources/templateSpecs",
|
||||
"apiVersion": "2021-05-01",
|
||||
"apiVersion": "2022-02-01",
|
||||
"name": "[variables('analyticRuleTemplateSpecName2')]",
|
||||
"location": "[parameters('workspace-location')]",
|
||||
"tags": {
|
||||
|
|
@ -386,7 +388,7 @@
|
|||
},
|
||||
{
|
||||
"type": "Microsoft.Resources/templateSpecs/versions",
|
||||
"apiVersion": "2021-05-01",
|
||||
"apiVersion": "2022-02-01",
|
||||
"name": "[concat(variables('analyticRuleTemplateSpecName2'),'/',variables('analyticRuleVersion2'))]",
|
||||
"location": "[parameters('workspace-location')]",
|
||||
"tags": {
|
||||
|
|
@ -397,7 +399,7 @@
|
|||
"[resourceId('Microsoft.Resources/templateSpecs', variables('analyticRuleTemplateSpecName2'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "ZNSegmentNewAPIToken_AnalyticalRules Analytics Rule with template version 2.0.3",
|
||||
"description": "ZNSegmentNewAPIToken_AnalyticalRules Analytics Rule with template version 2.0.4",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('analyticRuleVersion2')]",
|
||||
|
|
@ -445,13 +447,13 @@
|
|||
],
|
||||
"entityMappings": [
|
||||
{
|
||||
"entityType": "Account",
|
||||
"fieldMappings": [
|
||||
{
|
||||
"columnName": "PerformedByName",
|
||||
"identifier": "Name"
|
||||
}
|
||||
]
|
||||
],
|
||||
"entityType": "Account"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
|
@ -489,7 +491,7 @@
|
|||
},
|
||||
{
|
||||
"type": "Microsoft.Resources/templateSpecs",
|
||||
"apiVersion": "2021-05-01",
|
||||
"apiVersion": "2022-02-01",
|
||||
"name": "[variables('analyticRuleTemplateSpecName3')]",
|
||||
"location": "[parameters('workspace-location')]",
|
||||
"tags": {
|
||||
|
|
@ -503,7 +505,7 @@
|
|||
},
|
||||
{
|
||||
"type": "Microsoft.Resources/templateSpecs/versions",
|
||||
"apiVersion": "2021-05-01",
|
||||
"apiVersion": "2022-02-01",
|
||||
"name": "[concat(variables('analyticRuleTemplateSpecName3'),'/',variables('analyticRuleVersion3'))]",
|
||||
"location": "[parameters('workspace-location')]",
|
||||
"tags": {
|
||||
|
|
@ -514,7 +516,7 @@
|
|||
"[resourceId('Microsoft.Resources/templateSpecs', variables('analyticRuleTemplateSpecName3'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "ZNSegmentRareJITRuleCreation_AnalyticalRules Analytics Rule with template version 2.0.3",
|
||||
"description": "ZNSegmentRareJITRuleCreation_AnalyticalRules Analytics Rule with template version 2.0.4",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('analyticRuleVersion3')]",
|
||||
|
|
@ -562,22 +564,22 @@
|
|||
],
|
||||
"entityMappings": [
|
||||
{
|
||||
"entityType": "Account",
|
||||
"fieldMappings": [
|
||||
{
|
||||
"columnName": "PerformedByName",
|
||||
"identifier": "Name"
|
||||
}
|
||||
]
|
||||
],
|
||||
"entityType": "Account"
|
||||
},
|
||||
{
|
||||
"entityType": "Host",
|
||||
"fieldMappings": [
|
||||
{
|
||||
"columnName": "DestinationEntityName",
|
||||
"identifier": "HostName"
|
||||
}
|
||||
]
|
||||
],
|
||||
"entityType": "Host"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
|
@ -615,7 +617,7 @@
|
|||
},
|
||||
{
|
||||
"type": "Microsoft.Resources/templateSpecs",
|
||||
"apiVersion": "2021-05-01",
|
||||
"apiVersion": "2022-02-01",
|
||||
"name": "[variables('parserTemplateSpecName1')]",
|
||||
"location": "[parameters('workspace-location')]",
|
||||
"tags": {
|
||||
|
|
@ -629,7 +631,7 @@
|
|||
},
|
||||
{
|
||||
"type": "Microsoft.Resources/templateSpecs/versions",
|
||||
"apiVersion": "2021-05-01",
|
||||
"apiVersion": "2022-02-01",
|
||||
"name": "[concat(variables('parserTemplateSpecName1'),'/',variables('parserVersion1'))]",
|
||||
"location": "[parameters('workspace-location')]",
|
||||
"tags": {
|
||||
|
|
@ -640,7 +642,7 @@
|
|||
"[resourceId('Microsoft.Resources/templateSpecs', variables('parserTemplateSpecName1'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "ZNSegmentAudit Data Parser with template version 2.0.3",
|
||||
"description": "ZNSegmentAudit Data Parser with template version 2.0.4",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('parserVersion1')]",
|
||||
|
|
@ -746,7 +748,7 @@
|
|||
},
|
||||
{
|
||||
"type": "Microsoft.Resources/templateSpecs",
|
||||
"apiVersion": "2021-05-01",
|
||||
"apiVersion": "2022-02-01",
|
||||
"name": "[variables('huntingQueryTemplateSpecName1')]",
|
||||
"location": "[parameters('workspace-location')]",
|
||||
"tags": {
|
||||
|
|
@ -760,7 +762,7 @@
|
|||
},
|
||||
{
|
||||
"type": "Microsoft.Resources/templateSpecs/versions",
|
||||
"apiVersion": "2021-05-01",
|
||||
"apiVersion": "2022-02-01",
|
||||
"name": "[concat(variables('huntingQueryTemplateSpecName1'),'/',variables('huntingQueryVersion1'))]",
|
||||
"location": "[parameters('workspace-location')]",
|
||||
"tags": {
|
||||
|
|
@ -771,7 +773,7 @@
|
|||
"[resourceId('Microsoft.Resources/templateSpecs', variables('huntingQueryTemplateSpecName1'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "ZNSegmentExcessiveAccessbyUser_HuntingQueries Hunting Query with template version 2.0.3",
|
||||
"description": "ZNSegmentExcessiveAccessbyUser_HuntingQueries Hunting Query with template version 2.0.4",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('huntingQueryVersion1')]",
|
||||
|
|
@ -838,7 +840,7 @@
|
|||
},
|
||||
{
|
||||
"type": "Microsoft.Resources/templateSpecs",
|
||||
"apiVersion": "2021-05-01",
|
||||
"apiVersion": "2022-02-01",
|
||||
"name": "[variables('huntingQueryTemplateSpecName2')]",
|
||||
"location": "[parameters('workspace-location')]",
|
||||
"tags": {
|
||||
|
|
@ -852,7 +854,7 @@
|
|||
},
|
||||
{
|
||||
"type": "Microsoft.Resources/templateSpecs/versions",
|
||||
"apiVersion": "2021-05-01",
|
||||
"apiVersion": "2022-02-01",
|
||||
"name": "[concat(variables('huntingQueryTemplateSpecName2'),'/',variables('huntingQueryVersion2'))]",
|
||||
"location": "[parameters('workspace-location')]",
|
||||
"tags": {
|
||||
|
|
@ -863,7 +865,7 @@
|
|||
"[resourceId('Microsoft.Resources/templateSpecs', variables('huntingQueryTemplateSpecName2'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "ZNSegmentExcessiveAccesstoBuiltinGroupbyUser_HuntingQueries Hunting Query with template version 2.0.3",
|
||||
"description": "ZNSegmentExcessiveAccesstoBuiltinGroupbyUser_HuntingQueries Hunting Query with template version 2.0.4",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('huntingQueryVersion2')]",
|
||||
|
|
@ -930,7 +932,7 @@
|
|||
},
|
||||
{
|
||||
"type": "Microsoft.Resources/templateSpecs",
|
||||
"apiVersion": "2021-05-01",
|
||||
"apiVersion": "2022-02-01",
|
||||
"name": "[variables('huntingQueryTemplateSpecName3')]",
|
||||
"location": "[parameters('workspace-location')]",
|
||||
"tags": {
|
||||
|
|
@ -944,7 +946,7 @@
|
|||
},
|
||||
{
|
||||
"type": "Microsoft.Resources/templateSpecs/versions",
|
||||
"apiVersion": "2021-05-01",
|
||||
"apiVersion": "2022-02-01",
|
||||
"name": "[concat(variables('huntingQueryTemplateSpecName3'),'/',variables('huntingQueryVersion3'))]",
|
||||
"location": "[parameters('workspace-location')]",
|
||||
"tags": {
|
||||
|
|
@ -955,7 +957,7 @@
|
|||
"[resourceId('Microsoft.Resources/templateSpecs', variables('huntingQueryTemplateSpecName3'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "ZNSegmentInboundBlockRulesDeleted_HuntingQueries Hunting Query with template version 2.0.3",
|
||||
"description": "ZNSegmentInboundBlockRulesDeleted_HuntingQueries Hunting Query with template version 2.0.4",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('huntingQueryVersion3')]",
|
||||
|
|
@ -1022,7 +1024,7 @@
|
|||
},
|
||||
{
|
||||
"type": "Microsoft.Resources/templateSpecs",
|
||||
"apiVersion": "2021-05-01",
|
||||
"apiVersion": "2022-02-01",
|
||||
"name": "[variables('huntingQueryTemplateSpecName4')]",
|
||||
"location": "[parameters('workspace-location')]",
|
||||
"tags": {
|
||||
|
|
@ -1036,7 +1038,7 @@
|
|||
},
|
||||
{
|
||||
"type": "Microsoft.Resources/templateSpecs/versions",
|
||||
"apiVersion": "2021-05-01",
|
||||
"apiVersion": "2022-02-01",
|
||||
"name": "[concat(variables('huntingQueryTemplateSpecName4'),'/',variables('huntingQueryVersion4'))]",
|
||||
"location": "[parameters('workspace-location')]",
|
||||
"tags": {
|
||||
|
|
@ -1047,7 +1049,7 @@
|
|||
"[resourceId('Microsoft.Resources/templateSpecs', variables('huntingQueryTemplateSpecName4'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "ZNSegmentOutboundBlockRulesDeleted_HuntingQueries Hunting Query with template version 2.0.3",
|
||||
"description": "ZNSegmentOutboundBlockRulesDeleted_HuntingQueries Hunting Query with template version 2.0.4",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('huntingQueryVersion4')]",
|
||||
|
|
@ -1114,7 +1116,7 @@
|
|||
},
|
||||
{
|
||||
"type": "Microsoft.Resources/templateSpecs",
|
||||
"apiVersion": "2021-05-01",
|
||||
"apiVersion": "2022-02-01",
|
||||
"name": "[variables('dataConnectorTemplateSpecName1')]",
|
||||
"location": "[parameters('workspace-location')]",
|
||||
"tags": {
|
||||
|
|
@ -1128,7 +1130,7 @@
|
|||
},
|
||||
{
|
||||
"type": "Microsoft.Resources/templateSpecs/versions",
|
||||
"apiVersion": "2021-05-01",
|
||||
"apiVersion": "2022-02-01",
|
||||
"name": "[concat(variables('dataConnectorTemplateSpecName1'),'/',variables('dataConnectorVersion1'))]",
|
||||
"location": "[parameters('workspace-location')]",
|
||||
"tags": {
|
||||
|
|
@ -1139,7 +1141,7 @@
|
|||
"[resourceId('Microsoft.Resources/templateSpecs', variables('dataConnectorTemplateSpecName1'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "ZeroNetworks data connector with template version 2.0.3",
|
||||
"description": "ZeroNetworks data connector with template version 2.0.4",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('dataConnectorVersion1')]",
|
||||
|
|
@ -1444,7 +1446,7 @@
|
|||
},
|
||||
{
|
||||
"type": "Microsoft.Resources/templateSpecs",
|
||||
"apiVersion": "2021-05-01",
|
||||
"apiVersion": "2022-02-01",
|
||||
"name": "[variables('dataConnectorTemplateSpecName2')]",
|
||||
"location": "[parameters('workspace-location')]",
|
||||
"tags": {
|
||||
|
|
@ -1458,7 +1460,7 @@
|
|||
},
|
||||
{
|
||||
"type": "Microsoft.Resources/templateSpecs/versions",
|
||||
"apiVersion": "2021-05-01",
|
||||
"apiVersion": "2022-02-01",
|
||||
"name": "[concat(variables('dataConnectorTemplateSpecName2'),'/',variables('dataConnectorVersion2'))]",
|
||||
"location": "[parameters('workspace-location')]",
|
||||
"tags": {
|
||||
|
|
@ -1469,7 +1471,7 @@
|
|||
"[resourceId('Microsoft.Resources/templateSpecs', variables('dataConnectorTemplateSpecName2'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "ZeroNetworks data connector with template version 2.0.3",
|
||||
"description": "ZeroNetworks data connector with template version 2.0.4",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('dataConnectorVersion2')]",
|
||||
|
|
@ -1485,7 +1487,7 @@
|
|||
"properties": {
|
||||
"connectorUiConfig": {
|
||||
"id": "[variables('_uiConfigId2')]",
|
||||
"title": "Zero Networks Segment Audit (Function) (using Azure Function)",
|
||||
"title": "Zero Networks Segment Audit (Function) (using Azure Functions)",
|
||||
"publisher": "Zero Networks",
|
||||
"descriptionMarkdown": "The [Zero Networks Segment](https://zeronetworks.com/product/) Audit data connector provides the capability to ingest Audit events into Microsoft Sentinel through the REST API. Refer to API guide for more information. The connector provides ability to get events which helps to examine potential security risks, analyze your team's use of collaboration, diagnose configuration problems and more.",
|
||||
"graphQueries": [
|
||||
|
|
@ -1689,7 +1691,7 @@
|
|||
"kind": "GenericUI",
|
||||
"properties": {
|
||||
"connectorUiConfig": {
|
||||
"title": "Zero Networks Segment Audit (Function) (using Azure Function)",
|
||||
"title": "Zero Networks Segment Audit (Function) (using Azure Functions)",
|
||||
"publisher": "Zero Networks",
|
||||
"descriptionMarkdown": "The [Zero Networks Segment](https://zeronetworks.com/product/) Audit data connector provides the capability to ingest Audit events into Microsoft Sentinel through the REST API. Refer to API guide for more information. The connector provides ability to get events which helps to examine potential security risks, analyze your team's use of collaboration, diagnose configuration problems and more.",
|
||||
"graphQueries": [
|
||||
|
|
@ -1811,7 +1813,7 @@
|
|||
},
|
||||
{
|
||||
"type": "Microsoft.Resources/templateSpecs",
|
||||
"apiVersion": "2021-05-01",
|
||||
"apiVersion": "2022-02-01",
|
||||
"name": "[variables('playbookTemplateSpecName1')]",
|
||||
"location": "[parameters('workspace-location')]",
|
||||
"tags": {
|
||||
|
|
@ -1825,7 +1827,7 @@
|
|||
},
|
||||
{
|
||||
"type": "Microsoft.Resources/templateSpecs/versions",
|
||||
"apiVersion": "2021-05-01",
|
||||
"apiVersion": "2022-02-01",
|
||||
"name": "[concat(variables('playbookTemplateSpecName1'),'/',variables('playbookVersion1'))]",
|
||||
"location": "[parameters('workspace-location')]",
|
||||
"tags": {
|
||||
|
|
@ -1836,7 +1838,7 @@
|
|||
"[resourceId('Microsoft.Resources/templateSpecs', variables('playbookTemplateSpecName1'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "ZeroNetworksConnector Playbook with template version 2.0.3",
|
||||
"description": "ZeroNetworksConnector Playbook with template version 2.0.4",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('playbookVersion1')]",
|
||||
|
|
@ -1971,7 +1973,7 @@
|
|||
}
|
||||
}
|
||||
},
|
||||
"operationId": "[[variables('_operationId-Encode IP Address to AssetId')]",
|
||||
"operationId": "[variables('_operationId-Encode IP Address to AssetId')]",
|
||||
"parameters": [
|
||||
{
|
||||
"name": "ip",
|
||||
|
|
@ -2493,7 +2495,7 @@
|
|||
},
|
||||
{
|
||||
"type": "Microsoft.Resources/templateSpecs",
|
||||
"apiVersion": "2021-05-01",
|
||||
"apiVersion": "2022-02-01",
|
||||
"name": "[variables('playbookTemplateSpecName2')]",
|
||||
"location": "[parameters('workspace-location')]",
|
||||
"tags": {
|
||||
|
|
@ -2507,7 +2509,7 @@
|
|||
},
|
||||
{
|
||||
"type": "Microsoft.Resources/templateSpecs/versions",
|
||||
"apiVersion": "2021-05-01",
|
||||
"apiVersion": "2022-02-01",
|
||||
"name": "[concat(variables('playbookTemplateSpecName2'),'/',variables('playbookVersion2'))]",
|
||||
"location": "[parameters('workspace-location')]",
|
||||
"tags": {
|
||||
|
|
@ -2518,7 +2520,7 @@
|
|||
"[resourceId('Microsoft.Resources/templateSpecs', variables('playbookTemplateSpecName2'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "ZNSegment-AddAssettoProtection Playbook with template version 2.0.3",
|
||||
"description": "ZNSegment-AddAssettoProtection Playbook with template version 2.0.4",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('playbookVersion2')]",
|
||||
|
|
@ -2853,7 +2855,7 @@
|
|||
},
|
||||
{
|
||||
"type": "Microsoft.Resources/templateSpecs",
|
||||
"apiVersion": "2021-05-01",
|
||||
"apiVersion": "2022-02-01",
|
||||
"name": "[variables('playbookTemplateSpecName3')]",
|
||||
"location": "[parameters('workspace-location')]",
|
||||
"tags": {
|
||||
|
|
@ -2867,7 +2869,7 @@
|
|||
},
|
||||
{
|
||||
"type": "Microsoft.Resources/templateSpecs/versions",
|
||||
"apiVersion": "2021-05-01",
|
||||
"apiVersion": "2022-02-01",
|
||||
"name": "[concat(variables('playbookTemplateSpecName3'),'/',variables('playbookVersion3'))]",
|
||||
"location": "[parameters('workspace-location')]",
|
||||
"tags": {
|
||||
|
|
@ -2878,7 +2880,7 @@
|
|||
"[resourceId('Microsoft.Resources/templateSpecs', variables('playbookTemplateSpecName3'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "ZNSegment-AddBlockOutboundRule Playbook with template version 2.0.3",
|
||||
"description": "ZNSegment-AddBlockOutboundRule Playbook with template version 2.0.4",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('playbookVersion3')]",
|
||||
|
|
@ -3198,7 +3200,7 @@
|
|||
},
|
||||
{
|
||||
"type": "Microsoft.Resources/templateSpecs",
|
||||
"apiVersion": "2021-05-01",
|
||||
"apiVersion": "2022-02-01",
|
||||
"name": "[variables('playbookTemplateSpecName4')]",
|
||||
"location": "[parameters('workspace-location')]",
|
||||
"tags": {
|
||||
|
|
@ -3212,7 +3214,7 @@
|
|||
},
|
||||
{
|
||||
"type": "Microsoft.Resources/templateSpecs/versions",
|
||||
"apiVersion": "2021-05-01",
|
||||
"apiVersion": "2022-02-01",
|
||||
"name": "[concat(variables('playbookTemplateSpecName4'),'/',variables('playbookVersion4'))]",
|
||||
"location": "[parameters('workspace-location')]",
|
||||
"tags": {
|
||||
|
|
@ -3223,7 +3225,7 @@
|
|||
"[resourceId('Microsoft.Resources/templateSpecs', variables('playbookTemplateSpecName4'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "ZeroNetworksSegment-EnrichIncident Playbook with template version 2.0.3",
|
||||
"description": "ZeroNetworksSegment-EnrichIncident Playbook with template version 2.0.4",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('playbookVersion4')]",
|
||||
|
|
@ -3538,7 +3540,7 @@
|
|||
"apiVersion": "2022-01-01-preview",
|
||||
"location": "[parameters('workspace-location')]",
|
||||
"properties": {
|
||||
"version": "2.0.3",
|
||||
"version": "2.0.4",
|
||||
"kind": "Solution",
|
||||
"contentSchemaVersion": "2.0.0",
|
||||
"contentId": "[variables('_solutionId')]",
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче