Adding version 1.0.6 (#7120)
This commit is contained in:
Anki Narravula
GitHub
Родитель
befbcc3665
Коммит
4b7d79dd0b
|
|
@ -0,0 +1 @@
|
|||
{"validation": {"validators": ["best_practice_validation", "data_model_mapping_validation", "field_extract_validation", "app_cert_validation"], "status": "job_started", "validation_id": "v_1646665462_11"}}
|
||||
|
|
@ -0,0 +1,19 @@
|
|||
This is an add-on powered by the Splunk Add-on Builder.
|
||||
# Binary File Declaration
|
||||
C:\Program Files\Splunk\var\data\tabuilder\package\Azure-Sentinel-add-on\bin\ta_sentinel2\aob_py2\markupsafe\_speedups.so: this file does not require any source code
|
||||
C:\Program Files\Splunk\var\data\tabuilder\package\Azure-Sentinel-add-on\bin\ta_sentinel2\aob_py3\markupsafe\_speedups.cpython-37m-x86_64-linux-gnu.so: this file does not require any source code
|
||||
C:\Program Files\Splunk\var\data\tabuilder\package\Azure-Sentinel-add-on\bin\ta_sentinel2\markupsafe\_speedups.so: this file does not require any source code
|
||||
# Binary File Declaration
|
||||
C:\Program Files\Splunk\var\data\tabuilder\package\Azure-Sentinel-add-on\bin\ta_sentinel2\aob_py2\markupsafe\_speedups.so: this file does not require any source code
|
||||
C:\Program Files\Splunk\var\data\tabuilder\package\Azure-Sentinel-add-on\bin\ta_sentinel2\aob_py3\markupsafe\_speedups.cpython-37m-x86_64-linux-gnu.so: this file does not require any source code
|
||||
C:\Program Files\Splunk\var\data\tabuilder\package\Azure-Sentinel-add-on\bin\ta_sentinel2\markupsafe\_speedups.so: this file does not require any source code
|
||||
# Binary File Declaration
|
||||
/opt/splunk/var/data/tabuilder/package/Azure-Sentinel-add-on/bin/ta_sentinel2/mmap.cpython-38-x86_64-linux-gnu.so: this file does not require any source code
|
||||
/opt/splunk/var/data/tabuilder/package/Azure-Sentinel-add-on/bin/ta_sentinel2/mmap.cpython-37m-x86_64-linux-gnu.so: this file does not require any source code
|
||||
/opt/splunk/var/data/tabuilder/package/Azure-Sentinel-add-on/bin/ta_sentinel2/yarl/_quoting_c.cpython-38-x86_64-linux-gnu.so: this file does not require any source code
|
||||
/opt/splunk/var/data/tabuilder/package/Azure-Sentinel-add-on/bin/ta_sentinel2/aob_py2/markupsafe/_speedups.so: this file does not require any source code
|
||||
/opt/splunk/var/data/tabuilder/package/Azure-Sentinel-add-on/bin/ta_sentinel2/aob_py3/markupsafe/_speedups.cpython-37m-x86_64-linux-gnu.so: this file does not require any source code
|
||||
/opt/splunk/var/data/tabuilder/package/Azure-Sentinel-add-on/bin/ta_sentinel2/cryptography/hazmat/bindings/_rust.abi3.so: this file does not require any source code
|
||||
/opt/splunk/var/data/tabuilder/package/Azure-Sentinel-add-on/bin/ta_sentinel2/cryptography/hazmat/bindings/_openssl.abi3.so: this file does not require any source code
|
||||
/opt/splunk/var/data/tabuilder/package/Azure-Sentinel-add-on/bin/ta_sentinel2/cryptography/hazmat/bindings/_padding.abi3.so: this file does not require any source code
|
||||
/opt/splunk/var/data/tabuilder/package/Azure-Sentinel-add-on/bin/ta_sentinel2/markupsafe/_speedups.so: this file does not require any source code
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
[base]
|
||||
builder_version = <string>
|
||||
builder_build = <string>
|
||||
is_edited = <bool>
|
||||
|
|
@ -0,0 +1,11 @@
|
|||
|
||||
|
||||
[send_to_sentinel]
|
||||
python.version = python3
|
||||
param.customer_id = <string> customer_id.
|
||||
param.shared_key = <string> shared_key.
|
||||
param.log_type = <string> log type.
|
||||
param.remove_mvfield = <string> remove_mvfield.
|
||||
param.remove_rawdata = <string> remove_rawdata.
|
||||
param.remove_emptyfields = <string> remove_emptyfields.
|
||||
param.capture_missingdata = <string> remove_capture_missingdata.
|
||||
Двоичный файл не отображается.
|
После Ширина: | Высота: | Размер: 7.8 KiB |
Двоичный файл не отображается.
|
После Ширина: | Высота: | Размер: 8.8 KiB |
|
|
@ -0,0 +1,5 @@
|
|||
[base]
|
||||
builder_version = 4.1.0
|
||||
builder_build = 0
|
||||
is_edited = 0
|
||||
|
||||
|
|
@ -0,0 +1,9 @@
|
|||
[send_to_sentinel]
|
||||
is_custom = 1
|
||||
label = Send to Microsoft Sentinel
|
||||
description = Sends Splunk alert data to Microsoft Sentinel
|
||||
icon_path = alert_send_to_sentinel.png
|
||||
python.version = python3
|
||||
payload_format = json
|
||||
maxtime = 10m
|
||||
|
||||
|
|
@ -0,0 +1,27 @@
|
|||
# this add-on is powered by splunk Add-on builder
|
||||
[install]
|
||||
state_change_requires_restart = true
|
||||
is_configured = 0
|
||||
state = enabled
|
||||
build = 3
|
||||
install_source_checksum = d718abb089a60fa3d469477f8bd3d2f3b48a104f
|
||||
|
||||
[launcher]
|
||||
author = Microsoft
|
||||
version = 1.0.6
|
||||
description = This add-on sends Splunk alert data to Microsoft Sentinel Log Analytics
|
||||
|
||||
[ui]
|
||||
is_visible = 1
|
||||
label = Microsoft-Sentinel-add-on
|
||||
docs_section_override = AddOns:released
|
||||
|
||||
[package]
|
||||
id = Azure-Sentinel-add-on
|
||||
|
||||
[triggers]
|
||||
reload.addon_builder = simple
|
||||
reload.ta_sentinel2_account = simple
|
||||
reload.ta_sentinel2_settings = simple
|
||||
reload.passwords = simple
|
||||
|
||||
|
|
@ -0,0 +1,84 @@
|
|||
<form class="form-horizontal form-complex">
|
||||
|
||||
<div class="control-group">
|
||||
|
||||
<label class="control-label" for="send_to_sentinel_customer_id">customer_id </label>
|
||||
|
||||
<div class="controls">
|
||||
|
||||
<input type="text" required name="action.send_to_sentinel.param.customer_id" id="send_to_sentinel_customer_id"/>
|
||||
|
||||
</div>
|
||||
|
||||
</div>
|
||||
|
||||
<div class="control-group">
|
||||
|
||||
<label class="control-label" for="send_to_sentinel_shared_key">shared_key </label>
|
||||
|
||||
<div class="controls">
|
||||
|
||||
<input type="password" required name="action.send_to_sentinel.param.shared_key" id="send_to_sentinel_shared_key"/>
|
||||
|
||||
</div>
|
||||
|
||||
</div>
|
||||
|
||||
<div class="control-group">
|
||||
|
||||
<label class="control-label" for="send_to_sentinel_log_type">log type </label>
|
||||
|
||||
<div class="controls">
|
||||
|
||||
<input type="text" name="action.send_to_sentinel.param.log_type" id="send_to_sentinel_log_type"/>
|
||||
|
||||
</div>
|
||||
|
||||
</div>
|
||||
|
||||
<!-- <div class="control-group">
|
||||
|
||||
<label class="control-label" for="send_to_sentinel_remove_mvfield">remove _mvfield </label>
|
||||
<div class="controls">
|
||||
<input type="checkbox" name="action.send_to_sentinel.param.remove_mvfield" id="send_to_sentinel_remove_mvfield" value="1"/>
|
||||
</div>
|
||||
</div> -->
|
||||
|
||||
<div>
|
||||
<div style="display: inline-block"><label class="control-label" for="send_to_sentinel_remove_mvfield">remove <br>_mv fields</label> <input type="checkbox" name="action.send_to_sentinel.param.remove_mvfield" id="send_to_sentinel_remove_mvfield" value="1"/></div>
|
||||
<div style="display: inline-block"><label class="control-label" for="send_to_sentinel_remove_rawdata">remove <br>_raw field</label> <input type="checkbox" name="action.send_to_sentinel.param.remove_rawdata" id="send_to_sentinel_remove_rawdata" value="1"/></div>
|
||||
<div style="display: inline-block"><label class="control-label" for="send_to_sentinel_remove_emptyfields">remove <br>empty fields</label> <input type="checkbox" name="action.send_to_sentinel.param.remove_emptyfields" id="send_to_sentinel_remove_emptyfields" value="1"/></div>
|
||||
<div style="display: inline-block"><label class="control-label" for="send_to_sentinel_remove_emptymvfields">remove <br>empty mv fields</label> <input type="checkbox" name="action.send_to_sentinel.param.remove_emptymvfields" id="send_to_sentinel_remove_emptymvfields" value="1"/></div>
|
||||
|
||||
</div>
|
||||
|
||||
<div>
|
||||
<label class="control-label" for="send_to_sentinel_capture_missingdata">Store<br>Failed To Ingest Data</label>
|
||||
<div class="controls">
|
||||
<input type="checkbox" name="action.send_to_sentinel.param.capture_missingdata" id="send_to_sentinel_capture_missingdata" value="1"/>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<!-- <div class="control-group">
|
||||
|
||||
<label class="control-label" for="send_to_sentinel_remove_rawdata">remove _rawdata </label>
|
||||
|
||||
<div class="controls">
|
||||
|
||||
<input type="checkbox" name="action.send_to_sentinel.param.remove_rawdata" id="send_to_sentinel_remove_rawdata" value="1"/>
|
||||
|
||||
</div> -->
|
||||
|
||||
<!-- <div class="control-group">
|
||||
|
||||
<label class="control-label" for="send_to_sentinel_remove_emptyfields">remove empty fields </label>
|
||||
|
||||
<div class="controls">
|
||||
|
||||
<input type="checkbox" name="action.send_to_sentinel.param.remove_emptyfields" id="send_to_sentinel_remove_emptyfields" value="1"/>
|
||||
|
||||
</div> -->
|
||||
|
||||
</div>
|
||||
|
||||
</form>
|
||||
|
|
@ -0,0 +1,3 @@
|
|||
<nav color="#3c6188">
|
||||
<view name="home" default="true" label="Home" />
|
||||
</nav>
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
<form version="1.1">
|
||||
<label>TA-sentinel2</label>
|
||||
<description>This is updated an example view in add-on TA-sentinel2</description>
|
||||
</form>
|
||||
|
|
@ -0,0 +1,3 @@
|
|||
|
||||
[source::...send_to_sentinel_modalert.log*]
|
||||
sourcetype = ta:sentinel2:log
|
||||
|
|
@ -0,0 +1,2 @@
|
|||
[send_to_sentinel]
|
||||
dispatch.max_count = 1000000
|
||||
Двоичный файл не отображается.
|
После Ширина: | Высота: | Размер: 2.4 KiB |
Двоичный файл не отображается.
|
После Ширина: | Высота: | Размер: 2.4 KiB |
Двоичный файл не отображается.
|
После Ширина: | Высота: | Размер: 7.8 KiB |
Двоичный файл не отображается.
|
После Ширина: | Высота: | Размер: 7.8 KiB |
Загрузка…
Ссылка в новой задаче