Gitlab Solution

2024-07-24 16:17:18 +05:30 · 2024-07-24 16:17:18 +05:30 · 32ed617e8b
--- a/Connectors/Connector_Syslog_GitLab.json
+++ b/Connectors/Connector_Syslog_GitLab.json
@ -1,6 +1,6 @@
 {
    "id": "GitLab",
-    "title": "GitLab",
+    "title": "[Deprecated] GitLab",
    "publisher": "Microsoft",
    "descriptionMarkdown": "The [GitLab](https://about.gitlab.com/solutions/devops-platform/) connector allows you to easily connect your GitLab (GitLab Enterprise Edition - Standalone) logs with Microsoft Sentinel. This gives you more security insight into your organization's DevOps pipelines.",
    "additionalRequirementBanner": "This data connector depends on three parsers based on a Kusto Function to work as expected [**GitLab Access Logs**](https://aka.ms/sentinel-GitLabAccess-parser), [**GitLab Audit Logs**](https://aka.ms/sentinel-GitLabAudit-parser) and [**GitLab Application Logs**](https://aka.ms/sentinel-GitLabApp-parser) which are deployed with the Microsoft Sentinel Solution.",
--- a/Solutions/GitLab/Data/Solution_Gitlab.json
+++ b/Solutions/GitLab/Data/Solution_Gitlab.json
@ -2,29 +2,32 @@
  "Name": "GitLab",
  "Author": "Microsoft - support@microsoft.com",
  "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">",
-  "Description": "The [GitLab](https://about.gitlab.com/solutions/devops-platform/) solution allows you to easily connect your GitLab (GitLab Enterprise Edition - Standalone) logs into Microsoft Sentinel. This gives you more security insight into your organization's DevOps pipelines.  .\r\n \r\n**Underlying Microsoft Technologies used:**\n\nThis solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs: \r\n \r\n a. [Agent-based log collection (Syslog)](https://docs.microsoft.com/azure/sentinel/connect-syslog)",
+  "Description": "The [GitLab](https://about.gitlab.com/solutions/devops-platform/) solution allows you to easily connect your GitLab (GitLab Enterprise Edition - Standalone) logs into Microsoft Sentinel. This gives you more security insight into your organization's DevOps pipelines.\n\nThis solution is dependent on the Syslog solution containing the Syslog via AMA connector to collect the logs. The Syslog  solution will be installed as part of this solution installation. \n\n **NOTE**: Microsoft recommends installation of Syslog via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by **Aug 31, 2024**. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).",
  "Data Connectors": [
    "Data Connectors/Connector_Syslog_GitLab.json"
  ],
  "Parsers": [
    "Parsers/GitLabAccess.yaml",
-	"Parsers/GitLabApp.yaml",
-	"Parsers/GitLabAudit.yaml"
+    "Parsers/GitLabApp.yaml",
+    "Parsers/GitLabAudit.yaml"
  ],
  "Analytic Rules": [
    "Analytic Rules/GitLab_BruteForce.yaml",
    "Analytic Rules/GitLab_ExternalUser.yaml",
-	"Analytic Rules/GitLab_Impersonation.yaml",
-	"Analytic Rules/GitLab_LocalAuthNoMFA.yaml",
-	"Analytic Rules/GitLab_MaliciousIP.yaml",
-	"Analytic Rules/GitLab_PAT_Repo.yaml",
-	"Analytic Rules/GitLab_RepoVisibilityChange.yaml",
-	"Analytic Rules/GitLab_Repo_Deletion.yaml",
-	"Analytic Rules/GitLab_SignInBurst.yaml"
+    "Analytic Rules/GitLab_Impersonation.yaml",
+    "Analytic Rules/GitLab_LocalAuthNoMFA.yaml",
+    "Analytic Rules/GitLab_MaliciousIP.yaml",
+    "Analytic Rules/GitLab_PAT_Repo.yaml",
+    "Analytic Rules/GitLab_RepoVisibilityChange.yaml",
+    "Analytic Rules/GitLab_Repo_Deletion.yaml",
+    "Analytic Rules/GitLab_SignInBurst.yaml"
+  ],
+  "dependentDomainSolutionIds": [
+    "azuresentinel.azure-sentinel-solution-syslog"
  ],
  "Metadata": "SolutionMetadata.json",
  "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\GitLab",
-  "Version": "3.0.0",
+  "Version": "3.0.1",
  "TemplateSpec": true,
  "Is1PConnector": false
 }
--- a/Solutions/GitLab/Package/3.0.1.zip
+++ b/Solutions/GitLab/Package/3.0.1.zip
--- a/Solutions/GitLab/Package/createUiDefinition.json
+++ b/Solutions/GitLab/Package/createUiDefinition.json
@ -6,7 +6,7 @@
    "config": {
      "isWizard": false,
      "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \r \n • Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/GitLab/ReleaseNotes.md)\r \n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [GitLab](https://about.gitlab.com/solutions/devops-platform/) solution allows you to easily connect your GitLab (GitLab Enterprise Edition - Standalone) logs into Microsoft Sentinel. This gives you more security insight into your organization's DevOps pipelines.  .\r\n \r\n**Underlying Microsoft Technologies used:**\n\nThis solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs: \r\n \r\n a. [Agent-based log collection (Syslog)](https://docs.microsoft.com/azure/sentinel/connect-syslog)\n\n**Data Connectors:** 1, **Parsers:** 3, **Analytic Rules:** 9\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/GitLab/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [GitLab](https://about.gitlab.com/solutions/devops-platform/) solution allows you to easily connect your GitLab (GitLab Enterprise Edition - Standalone) logs into Microsoft Sentinel. This gives you more security insight into your organization's DevOps pipelines.\n\nThis solution is dependent on the Syslog solution containing the Syslog via AMA connector to collect the logs. The Syslog  solution will be installed as part of this solution installation. \n\n **NOTE**: Microsoft recommends installation of Syslog via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by **Aug 31, 2024**. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).\n\n**Data Connectors:** 1, **Parsers:** 3, **Analytic Rules:** 9\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
        "subscription": {
          "resourceProviders": [
            "Microsoft.OperationsManagement/solutions",
@ -60,14 +60,14 @@
            "name": "dataconnectors1-text",
            "type": "Microsoft.Common.TextBlock",
            "options": {
-              "text": "This solution installs the data connector that allows to connect your GitLab (GitLab Enterprise Edition - Standalone) logs into Microsoft Sentinel. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
+              "text": "This Solution installs the data connector for GitLab. You can get GitLab Syslog data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
            }
          },
          {
            "name": "dataconnectors-parser-text",
            "type": "Microsoft.Common.TextBlock",
            "options": {
-              "text": "The solution installs a parser that transforms ingested data. The transformed logs can be accessed using the GitLabAudit, GitLabAccess and GitLabApp Kusto Function alias."
+              "text": "The Solution installs a parser that transforms the ingested data into Microsoft Sentinel normalized format. The normalized format enables better correlation of different types of data from different data sources to drive end-to-end outcomes seamlessly in security monitoring, hunting, incident investigation and response scenarios in Microsoft Sentinel."
            }
          },
          {
@ -145,7 +145,7 @@
                "name": "analytic3-text",
                "type": "Microsoft.Common.TextBlock",
                "options": {
-                  "text": "This queries GitLab Audit Logs for user impersonation. A malicious operator or a compromised admin account could leverage the impersonation feature of GitLab to change code or\nrepository settings bypassing usual processes. This hunting queries allows you to track the audit actions done under impersonation."
+                  "text": "This queries GitLab Audit Logs for user impersonation. A malicious operator or a compromised admin account could leverage the impersonation feature of GitLab to change code or repository settings bypassing usual processes. This hunting queries allows you to track the audit actions done under impersonation."
                }
              }
            ]
--- a/Solutions/GitLab/Package/mainTemplate.json
+++ b/Solutions/GitLab/Package/mainTemplate.json
--- a/Solutions/GitLab/Package/testParameters.json
+++ b/Solutions/GitLab/Package/testParameters.json
@ -0,0 +1,24 @@
+{
+  "location": {
+    "type": "string",
+    "minLength": 1,
+    "defaultValue": "[resourceGroup().location]",
+    "metadata": {
+      "description": "Not used, but needed to pass arm-ttk test `Location-Should-Not-Be-Hardcoded`.  We instead use the `workspace-location` which is derived from the LA workspace"
+    }
+  },
+  "workspace-location": {
+    "type": "string",
+    "defaultValue": "",
+    "metadata": {
+      "description": "[concat('Region to deploy solution resources -- separate from location selection',parameters('location'))]"
+    }
+  },
+  "workspace": {
+    "defaultValue": "",
+    "type": "string",
+    "metadata": {
+      "description": "Workspace name for Log Analytics where Microsoft Sentinel is setup"
+    }
+  }
+}
--- a/Solutions/GitLab/ReleaseNotes.md
+++ b/Solutions/GitLab/ReleaseNotes.md
@ -1,5 +1,5 @@
 | **Version** | **Date Modified (DD-MM-YYYY)** | **Change History**                                                         |
 |-------------|--------------------------------|----------------------------------------------------------------------------|
+| 3.0.1       | 07-24-2023                     | Deprecated data connectors   |
 | 3.0.0       | 07-11-2023                     | Modifying text as there is rebranding from Azure Active Directory to Microsoft Entra ID   |                             
-         
-                                                                                                                 
+