Merge pull request #6 from cohesity/build
update the build related stuff.
This commit is contained in:
yinghuang123
GitHub
Коммит
4243ee1498
|
|
@ -13,7 +13,7 @@
|
|||
"Playbooks/Cohesity_CreateOrUpdate_ServiceNow_Incident/azuredeploy.json",
|
||||
"Playbooks/Cohesity_Delete_Incident_Blobs/azuredeploy.json"
|
||||
],
|
||||
"BasePath": "/home/cohesity/workspace/Azure-Sentinel/Solutions/CohesitySecurity",
|
||||
"BasePath": "Solutions/CohesitySecurity",
|
||||
"Version": "2.0.0",
|
||||
"Metadata": "SolutionMetadata.json",
|
||||
"TemplateSpec": true,
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@
|
|||
"config": {
|
||||
"isWizard": false,
|
||||
"basics": {
|
||||
"description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Cohesity-Logo.svg\" width=\"75px\"height=\"75px\">\n\n**Note:** _There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing._\n\nThis product integrates Cohesity Helios with Microsoft Sentinel to stay updated with the security events from your Cohesity environment and immediately respond to a ransomware attack or an anomaly\n\n**Data Connectors:** 1, **Playbooks:** 5\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
|
||||
"description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Cohesity-Logo.svg\" width=\"75px\"height=\"75px\">\n\n**Important:** _This Microsoft Sentinel Solution is currently in public preview. This feature is provided without a service level agreement, and it's not recommended for production workloads. Certain features might not be supported or might have constrained capabilities. For more information, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/)._\n\n**Note:** _There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing._\n\nThis product integrates Cohesity Helios with Microsoft Sentinel to stay updated with the security events from your Cohesity environment and immediately respond to a ransomware attack or an anomaly\n\nMicrosoft Sentinel Solutions provide a consolidated way to acquire Microsoft Sentinel content like data connectors, workbooks, analytics, and automations in your workspace with a single deployment step.\n\n**Data Connectors:** 1, **Playbooks:** 5\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
|
||||
"subscription": {
|
||||
"resourceProviders": [
|
||||
"Microsoft.OperationsManagement/solutions",
|
||||
|
|
@ -63,6 +63,16 @@
|
|||
"text": "This product integrates Cohesity Helios with Microsoft Sentinel to stay updated with the security events from your Cohesity environment and immediately respond to a ransomware attack or an anomaly."
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "dataconnectors-link1",
|
||||
"type": "Microsoft.Common.TextBlock",
|
||||
"options": {
|
||||
"link": {
|
||||
"label": "Learn more about normalized format",
|
||||
"uri": "https://docs.microsoft.com/azure/sentinel/normalization-schema"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "dataconnectors-link2",
|
||||
"type": "Microsoft.Common.TextBlock",
|
||||
|
|
@ -88,18 +98,154 @@
|
|||
"name": "playbooks-text",
|
||||
"type": "Microsoft.Common.TextBlock",
|
||||
"options": {
|
||||
"text": "This solution installs the Playbook templates to help implement your Security Orchestration, Automation and Response (SOAR) operations. After installing the solution, these will be deployed under Playbook Templates in the Automation blade in Microsoft Sentinel. They can be configured and managed from the Manage solution view in Content Hub."
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "playbooks-link",
|
||||
"type": "Microsoft.Common.TextBlock",
|
||||
"options": {
|
||||
"text": "This solution installs playbook resources. A security playbook is a collection of procedures that can be run from Microsoft Sentinel in response to an alert. A security playbook can help automate and orchestrate your response, and can be run manually or set to run automatically when specific alerts are triggered. Security playbooks in Microsoft Sentinel are based on Azure Logic Apps, which means that you get all the power, customizability, and built-in templates of Logic Apps. Each playbook is created for the specific subscription you choose, but when you look at the Playbooks page, you will see all the playbooks across any selected subscriptions.",
|
||||
"link": {
|
||||
"label": "Learn more",
|
||||
"uri": "https://docs.microsoft.com/azure/sentinel/tutorial-respond-threats-playbook?WT.mc_id=Portal-Microsoft_Azure_CreateUIDef"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "playbook1",
|
||||
"type": "Microsoft.Common.Section",
|
||||
"label": "My_Cohesity_Send_Incident_Email",
|
||||
"elements": [
|
||||
{
|
||||
"name": "playbook1-text",
|
||||
"type": "Microsoft.Common.TextBlock",
|
||||
"options": {
|
||||
"text": "This playbook ingests events from CohesitySecurity into Log Analytics using the API."
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "playbook1-PlaybookName",
|
||||
"type": "Microsoft.Common.TextBox",
|
||||
"label": "Playbook Name",
|
||||
"defaultValue": "My_Cohesity_Send_Incident_Email",
|
||||
"toolTip": "Resource name for the logic app playbook. No spaces are allowed",
|
||||
"constraints": {
|
||||
"required": true,
|
||||
"regex": "[a-z0-9A-Z]{1,256}$",
|
||||
"validationMessage": "Please enter a playbook resource name"
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "playbook1-EmailID",
|
||||
"type": "Microsoft.Common.TextBox",
|
||||
"label": "Email I D",
|
||||
"defaultValue": "",
|
||||
"toolTip": "Please enter Email I D",
|
||||
"constraints": {
|
||||
"required": true,
|
||||
"regex": "[a-z0-9A-Z]{1,256}$",
|
||||
"validationMessage": "Please enter the Email I D"
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "playbook2",
|
||||
"type": "Microsoft.Common.Section",
|
||||
"label": "My_Cohesity_Restore_From_Last_Snapshot",
|
||||
"elements": [
|
||||
{
|
||||
"name": "playbook2-text",
|
||||
"type": "Microsoft.Common.TextBlock",
|
||||
"options": {
|
||||
"text": "This playbook ingests events from CohesitySecurity into Log Analytics using the API."
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "playbook2-PlaybookName",
|
||||
"type": "Microsoft.Common.TextBox",
|
||||
"label": "Playbook Name",
|
||||
"defaultValue": "My_Cohesity_Restore_From_Last_Snapshot",
|
||||
"toolTip": "Resource name for the logic app playbook. No spaces are allowed",
|
||||
"constraints": {
|
||||
"required": true,
|
||||
"regex": "[a-z0-9A-Z]{1,256}$",
|
||||
"validationMessage": "Please enter a playbook resource name"
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "playbook3",
|
||||
"type": "Microsoft.Common.Section",
|
||||
"label": "My_Cohesity_Close_Helios_Incident",
|
||||
"elements": [
|
||||
{
|
||||
"name": "playbook3-text",
|
||||
"type": "Microsoft.Common.TextBlock",
|
||||
"options": {
|
||||
"text": "This playbook ingests events from CohesitySecurity into Log Analytics using the API."
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "playbook3-PlaybookName",
|
||||
"type": "Microsoft.Common.TextBox",
|
||||
"label": "Playbook Name",
|
||||
"defaultValue": "My_Cohesity_Close_Helios_Incident",
|
||||
"toolTip": "Resource name for the logic app playbook. No spaces are allowed",
|
||||
"constraints": {
|
||||
"required": true,
|
||||
"regex": "[a-z0-9A-Z]{1,256}$",
|
||||
"validationMessage": "Please enter a playbook resource name"
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "playbook4",
|
||||
"type": "Microsoft.Common.Section",
|
||||
"label": "My_Cohesity_CreateOrUpdate_ServiceNow_Incident",
|
||||
"elements": [
|
||||
{
|
||||
"name": "playbook4-text",
|
||||
"type": "Microsoft.Common.TextBlock",
|
||||
"options": {
|
||||
"text": "This playbook ingests events from CohesitySecurity into Log Analytics using the API."
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "playbook4-PlaybookName",
|
||||
"type": "Microsoft.Common.TextBox",
|
||||
"label": "Playbook Name",
|
||||
"defaultValue": "My_Cohesity_CreateOrUpdate_ServiceNow_Incident",
|
||||
"toolTip": "Resource name for the logic app playbook. No spaces are allowed",
|
||||
"constraints": {
|
||||
"required": true,
|
||||
"regex": "[a-z0-9A-Z]{1,256}$",
|
||||
"validationMessage": "Please enter a playbook resource name"
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "playbook5",
|
||||
"type": "Microsoft.Common.Section",
|
||||
"label": "My_Cohesity_Delete_Incident_Blobs",
|
||||
"elements": [
|
||||
{
|
||||
"name": "playbook5-text",
|
||||
"type": "Microsoft.Common.TextBlock",
|
||||
"options": {
|
||||
"text": "This playbook ingests events from CohesitySecurity into Log Analytics using the API."
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "playbook5-PlaybookName",
|
||||
"type": "Microsoft.Common.TextBox",
|
||||
"label": "Playbook Name",
|
||||
"defaultValue": "My_Cohesity_Delete_Incident_Blobs",
|
||||
"toolTip": "Resource name for the logic app playbook. No spaces are allowed",
|
||||
"constraints": {
|
||||
"required": true,
|
||||
"regex": "[a-z0-9A-Z]{1,256}$",
|
||||
"validationMessage": "Please enter a playbook resource name"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
|
|
@ -107,7 +253,13 @@
|
|||
"outputs": {
|
||||
"workspace-location": "[first(map(filter(basics('getLAWorkspace').value, (filter) => and(contains(toLower(filter.id), toLower(resourceGroup().name)),equals(filter.name,basics('workspace')))), (item) => item.location))]",
|
||||
"location": "[location()]",
|
||||
"workspace": "[basics('workspace')]"
|
||||
"workspace": "[basics('workspace')]",
|
||||
"playbook1-PlaybookName": "[steps('playbooks').playbook1.playbook1-PlaybookName]",
|
||||
"playbook1-EmailID": "[steps('playbooks').playbook1.playbook1-EmailID]",
|
||||
"playbook2-PlaybookName": "[steps('playbooks').playbook2.playbook2-PlaybookName]",
|
||||
"playbook3-PlaybookName": "[steps('playbooks').playbook3.playbook3-PlaybookName]",
|
||||
"playbook4-PlaybookName": "[steps('playbooks').playbook4.playbook4-PlaybookName]",
|
||||
"playbook5-PlaybookName": "[steps('playbooks').playbook5.playbook5-PlaybookName]"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Разница между файлами не показана из-за своего большого размера
Загрузить разницу
|
|
@ -0,0 +1,14 @@
|
|||
#!/bin/zsh
|
||||
SCRIPT=$(realpath "$0")
|
||||
SCRIPTPATH=$(dirname "$SCRIPT")
|
||||
cd "$SCRIPTPATH"
|
||||
|
||||
. ../json_parser.sh
|
||||
|
||||
az deployment group create \
|
||||
--name ExampleDeployment \
|
||||
--resource-group "$resourcegroup" \
|
||||
--template-file ./mainTemplate.json \
|
||||
--parameters EmailID=cohesity-siem@outlook.com \
|
||||
--parameters connector1-name=$(uuidgen) \
|
||||
--parameters location=eastasia
|
||||
|
|
@ -8,8 +8,8 @@
|
|||
},
|
||||
"support": {
|
||||
"tier": "Partner",
|
||||
"name": "Microsoft Corporation",
|
||||
"email": "support@microsoft.com",
|
||||
"link": "https://support.cohesity.com"
|
||||
"name": "Cohesity",
|
||||
"email": "support@cohesity.com",
|
||||
"link": "https://support.cohesity.com/"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@ $jsonConversionDepth = 50
|
|||
$SolutionJsonPath = $args[0]
|
||||
$RepoRoot = Split-path -Parent $PSScriptRoot | Split-Path -Parent
|
||||
$SolutionRoot = Join-Path -Path $RepoRoot -ChildPath "Tools" | Join-Path -ChildPath "Create-Azure-Sentinel-Solution"
|
||||
$path = Join-Path -Path $SolutionRoot -ChildPath "input"
|
||||
$path = Join-Path -Path $RepoRoot -ChildPath "Solutions" | Join-Path -ChildPath "CohesitySecurity" | Join-Path -ChildPath "Data"
|
||||
|
||||
function handleEmptyInstructionProperties ($inputObj) {
|
||||
$outputObj = $inputObj |
|
||||
|
|
@ -696,7 +696,7 @@ foreach ($objectProperties in $contentToImport.PsObject.Properties) {
|
|||
$customLogsText = "$baseDescriptionText This data connector creates custom log table(s) $(getAllDataTypeNames $connectorData.dataTypes) in your Microsoft Sentinel / Azure Log Analytics workspace."
|
||||
$syslogText = "$baseDescriptionText The logs will be received in the Syslog table in your Microsoft Sentinel / Azure Log Analytics workspace."
|
||||
$commonSecurityLogText = "$baseDescriptionText The logs will be received in the CommonSecurityLog table in your Microsoft Sentinel / Azure Log Analytics workspace."
|
||||
$connectorDescriptionText = $(if ($connectorDataType -eq $commonSecurityLog) { $commonSecurityLogText } elseif ($connectorDataType -eq $syslog) { $syslogText } else { $customLogsText })
|
||||
$connectorDescriptionText = "This product integrates Cohesity Helios with Microsoft Sentinel to stay updated with the security events from your Cohesity environment and immediately respond to a ransomware attack or an anomaly."
|
||||
|
||||
$baseDataConnectorStep = [PSCustomObject] @{
|
||||
name = "dataconnectors";
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче