Repackage - OracleWebLogicServer
This commit is contained in:
v-rusraut
Родитель
ff47460465
Коммит
4ed0179932
|
|
@ -8,6 +8,9 @@ requiredDataConnectors:
|
|||
- connectorId: OracleWebLogicServer
|
||||
dataTypes:
|
||||
- OracleWebLogicServerEvent
|
||||
- connectorId: CustomLogsAma
|
||||
dataTypes:
|
||||
- OracleWebLogicServer_CL
|
||||
queryFrequency: 15m
|
||||
queryPeriod: 15m
|
||||
triggerOperator: gt
|
||||
|
|
@ -26,5 +29,5 @@ entityMappings:
|
|||
fieldMappings:
|
||||
- identifier: Url
|
||||
columnName: UrlCustomEntity
|
||||
version: 1.0.1
|
||||
version: 1.0.2
|
||||
kind: Scheduled
|
||||
|
|
@ -8,6 +8,9 @@ requiredDataConnectors:
|
|||
- connectorId: OracleWebLogicServer
|
||||
dataTypes:
|
||||
- OracleWebLogicServerEvent
|
||||
- connectorId: CustomLogsAma
|
||||
dataTypes:
|
||||
- OracleWebLogicServer_CL
|
||||
queryFrequency: 1h
|
||||
queryPeriod: 1h
|
||||
triggerOperator: gt
|
||||
|
|
@ -29,5 +32,5 @@ entityMappings:
|
|||
fieldMappings:
|
||||
- identifier: Address
|
||||
columnName: IPCustomEntity
|
||||
version: 1.0.1
|
||||
version: 1.0.2
|
||||
kind: Scheduled
|
||||
|
|
@ -8,6 +8,9 @@ requiredDataConnectors:
|
|||
- connectorId: OracleWebLogicServer
|
||||
dataTypes:
|
||||
- OracleWebLogicServerEvent
|
||||
- connectorId: CustomLogsAma
|
||||
dataTypes:
|
||||
- OracleWebLogicServer_CL
|
||||
queryFrequency: 10m
|
||||
queryPeriod: 10m
|
||||
triggerOperator: gt
|
||||
|
|
@ -26,5 +29,5 @@ entityMappings:
|
|||
fieldMappings:
|
||||
- identifier: Url
|
||||
columnName: UrlCustomEntity
|
||||
version: 1.0.1
|
||||
version: 1.0.2
|
||||
kind: Scheduled
|
||||
|
|
@ -8,6 +8,9 @@ requiredDataConnectors:
|
|||
- connectorId: OracleWebLogicServer
|
||||
dataTypes:
|
||||
- OracleWebLogicServerEvent
|
||||
- connectorId: CustomLogsAma
|
||||
dataTypes:
|
||||
- OracleWebLogicServer_CL
|
||||
queryFrequency: 15m
|
||||
queryPeriod: 15m
|
||||
triggerOperator: gt
|
||||
|
|
@ -27,5 +30,5 @@ entityMappings:
|
|||
fieldMappings:
|
||||
- identifier: Address
|
||||
columnName: IPCustomEntity
|
||||
version: 1.0.1
|
||||
version: 1.0.2
|
||||
kind: Scheduled
|
||||
|
|
@ -8,6 +8,9 @@ requiredDataConnectors:
|
|||
- connectorId: OracleWebLogicServer
|
||||
dataTypes:
|
||||
- OracleWebLogicServerEvent
|
||||
- connectorId: CustomLogsAma
|
||||
dataTypes:
|
||||
- OracleWebLogicServer_CL
|
||||
queryFrequency: 1h
|
||||
queryPeriod: 1h
|
||||
triggerOperator: gt
|
||||
|
|
@ -29,5 +32,5 @@ entityMappings:
|
|||
fieldMappings:
|
||||
- identifier: Address
|
||||
columnName: IPCustomEntity
|
||||
version: 1.0.1
|
||||
version: 1.0.2
|
||||
kind: Scheduled
|
||||
|
|
@ -8,6 +8,9 @@ requiredDataConnectors:
|
|||
- connectorId: OracleWebLogicServer
|
||||
dataTypes:
|
||||
- OracleWebLogicServerEvent
|
||||
- connectorId: CustomLogsAma
|
||||
dataTypes:
|
||||
- OracleWebLogicServer_CL
|
||||
queryFrequency: 1h
|
||||
queryPeriod: 1h
|
||||
triggerOperator: gt
|
||||
|
|
@ -31,5 +34,5 @@ entityMappings:
|
|||
fieldMappings:
|
||||
- identifier: Address
|
||||
columnName: IPCustomEntity
|
||||
version: 1.0.1
|
||||
version: 1.0.2
|
||||
kind: Scheduled
|
||||
|
|
@ -8,6 +8,9 @@ requiredDataConnectors:
|
|||
- connectorId: OracleWebLogicServer
|
||||
dataTypes:
|
||||
- OracleWebLogicServerEvent
|
||||
- connectorId: CustomLogsAma
|
||||
dataTypes:
|
||||
- OracleWebLogicServer_CL
|
||||
queryFrequency: 1h
|
||||
queryPeriod: 1h
|
||||
triggerOperator: gt
|
||||
|
|
@ -31,5 +34,5 @@ entityMappings:
|
|||
fieldMappings:
|
||||
- identifier: Address
|
||||
columnName: IPCustomEntity
|
||||
version: 1.0.1
|
||||
version: 1.0.2
|
||||
kind: Scheduled
|
||||
|
|
@ -8,6 +8,9 @@ requiredDataConnectors:
|
|||
- connectorId: OracleWebLogicServer
|
||||
dataTypes:
|
||||
- OracleWebLogicServerEvent
|
||||
- connectorId: CustomLogsAma
|
||||
dataTypes:
|
||||
- OracleWebLogicServer_CL
|
||||
queryFrequency: 1h
|
||||
queryPeriod: 1h
|
||||
triggerOperator: gt
|
||||
|
|
@ -40,5 +43,5 @@ entityMappings:
|
|||
fieldMappings:
|
||||
- identifier: Url
|
||||
columnName: UrlCustomEntity
|
||||
version: 1.0.0
|
||||
version: 1.0.1
|
||||
kind: Scheduled
|
||||
|
|
|
|||
|
|
@ -8,6 +8,9 @@ requiredDataConnectors:
|
|||
- connectorId: OracleWebLogicServer
|
||||
dataTypes:
|
||||
- OracleWebLogicServerEvent
|
||||
- connectorId: CustomLogsAma
|
||||
dataTypes:
|
||||
- OracleWebLogicServer_CL
|
||||
queryFrequency: 1h
|
||||
queryPeriod: 1h
|
||||
triggerOperator: gt
|
||||
|
|
@ -39,5 +42,5 @@ entityMappings:
|
|||
fieldMappings:
|
||||
- identifier: Address
|
||||
columnName: IPCustomEntity
|
||||
version: 1.0.1
|
||||
version: 1.0.2
|
||||
kind: Scheduled
|
||||
|
|
@ -8,6 +8,9 @@ requiredDataConnectors:
|
|||
- connectorId: OracleWebLogicServer
|
||||
dataTypes:
|
||||
- OracleWebLogicServerEvent
|
||||
- connectorId: CustomLogsAma
|
||||
dataTypes:
|
||||
- OracleWebLogicServer_CL
|
||||
queryFrequency: 15m
|
||||
queryPeriod: 15m
|
||||
triggerOperator: gt
|
||||
|
|
@ -32,5 +35,5 @@ entityMappings:
|
|||
fieldMappings:
|
||||
- identifier: Url
|
||||
columnName: UrlCustomEntity
|
||||
version: 1.0.1
|
||||
version: 1.0.2
|
||||
kind: Scheduled
|
||||
|
|
@ -1,6 +1,6 @@
|
|||
{
|
||||
"id": "OracleWebLogicServer",
|
||||
"title": "Oracle WebLogic Server",
|
||||
"title": "[Deprecated] Oracle WebLogic Server",
|
||||
"publisher": "Oracle",
|
||||
"descriptionMarkdown": "OracleWebLogicServer data connector provides the capability to ingest [OracleWebLogicServer](https://docs.oracle.com/en/middleware/standalone/weblogic-server/index.html) events into Microsoft Sentinel. Refer to [OracleWebLogicServer documentation](https://docs.oracle.com/en/middleware/standalone/weblogic-server/14.1.1.0/index.html) for more information.",
|
||||
"additionalRequirementBanner": "These queries are dependent on a parser based on a Kusto Function deployed as part of the solution.",
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
"Name": "OracleWebLogicServer",
|
||||
"Author": "Microsoft - support@microsoft.com",
|
||||
"Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">",
|
||||
"Description": "The [Oracle](https://www.oracle.com/index.html) WebLogic Server solution for Microsoft Sentinel provides the capability to ingest [Oracle Web Logic Server](https://docs.oracle.com/en/middleware/standalone/weblogic-server/index.html) events into Microsoft Sentinel. Oracle WebLogic Server is a server for building and deploying enterprise Java EE applications with support for new features for lowering cost of operations, improving performance, enhancing scalability, and supporting the Oracle Applications portfolio.\r\n \r\n **Underlying Microsoft Technologies used:** \r\n\r\n This solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\r\n\n a. [Azure Monitor HTTP Data Collector API](https://docs.microsoft.com/azure/azure-monitor/logs/data-collector-api)\r\n\n",
|
||||
"Description": "The [Oracle](https://www.oracle.com/index.html) WebLogic Server solution for Microsoft Sentinel provides the capability to ingest [Oracle Web Logic Server](https://docs.oracle.com/en/middleware/standalone/weblogic-server/index.html) events into Microsoft Sentinel. Oracle WebLogic Server is a server for building and deploying enterprise Java EE applications with support for new features for lowering cost of operations, improving performance, enhancing scalability, and supporting the Oracle Applications portfolio.\n\n This solution is dependent on the Custom logs via AMA connector to collect the logs. The Custom logs solution will be installed as part of this solution installation. \n\n **NOTE**: Microsoft recommends installation of Custom logs via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by **Aug 31, 2024**. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/azure/sentinel/ama-migrate?WT.mc_id=Portal-fx).",
|
||||
"Workbooks": [
|
||||
"Workbooks/OracleWorkbook.json"
|
||||
],
|
||||
|
|
@ -35,10 +35,13 @@
|
|||
"Analytic Rules/OracleWebLogicPutAndGetFileFromSameIP.yaml",
|
||||
"Analytic Rules/OracleWebLogicPutSuspiciousFiles.yaml",
|
||||
"Analytic Rules/OracleWebLogicRequestToSensitiveFiles.yaml"
|
||||
],
|
||||
"dependentDomainSolutionIds": [
|
||||
"azuresentinel.azure-sentinel-solution-customlogsviaama"
|
||||
],
|
||||
"Metadata": "SolutionMetadata.json",
|
||||
"BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\OracleWebLogicServer",
|
||||
"Version": "3.0.0",
|
||||
"Version": "3.0.1",
|
||||
"TemplateSpec": true,
|
||||
"Is1PConnector": false
|
||||
}
|
||||
|
|
@ -7,6 +7,9 @@ requiredDataConnectors:
|
|||
- connectorId: OracleWebLogicServer
|
||||
dataTypes:
|
||||
- OracleWebLogicServerEvent
|
||||
- connectorId: CustomLogsAma
|
||||
dataTypes:
|
||||
- OracleWebLogicServer_CL
|
||||
tactics:
|
||||
- InitialAccess
|
||||
relevantTechniques:
|
||||
|
|
|
|||
|
|
@ -7,6 +7,9 @@ requiredDataConnectors:
|
|||
- connectorId: OracleWebLogicServer
|
||||
dataTypes:
|
||||
- OracleWebLogicServerEvent
|
||||
- connectorId: CustomLogsAma
|
||||
dataTypes:
|
||||
- OracleWebLogicServer_CL
|
||||
tactics:
|
||||
- Exfiltration
|
||||
- Collection
|
||||
|
|
|
|||
|
|
@ -7,6 +7,9 @@ requiredDataConnectors:
|
|||
- connectorId: OracleWebLogicServer
|
||||
dataTypes:
|
||||
- OracleWebLogicServerEvent
|
||||
- connectorId: CustomLogsAma
|
||||
dataTypes:
|
||||
- OracleWebLogicServer_CL
|
||||
tactics:
|
||||
- InitialAccess
|
||||
relevantTechniques:
|
||||
|
|
|
|||
|
|
@ -7,6 +7,9 @@ requiredDataConnectors:
|
|||
- connectorId: OracleWebLogicServer
|
||||
dataTypes:
|
||||
- OracleWebLogicServerEvent
|
||||
- connectorId: CustomLogsAma
|
||||
dataTypes:
|
||||
- OracleWebLogicServer_CL
|
||||
tactics:
|
||||
- DefenseEvasion
|
||||
relevantTechniques:
|
||||
|
|
|
|||
|
|
@ -7,6 +7,9 @@ requiredDataConnectors:
|
|||
- connectorId: OracleWebLogicServer
|
||||
dataTypes:
|
||||
- OracleWebLogicServerEvent
|
||||
- connectorId: CustomLogsAma
|
||||
dataTypes:
|
||||
- OracleWebLogicServer_CL
|
||||
tactics:
|
||||
- InitialAccess
|
||||
relevantTechniques:
|
||||
|
|
|
|||
|
|
@ -7,6 +7,9 @@ requiredDataConnectors:
|
|||
- connectorId: OracleWebLogicServer
|
||||
dataTypes:
|
||||
- OracleWebLogicServerEvent
|
||||
- connectorId: CustomLogsAma
|
||||
dataTypes:
|
||||
- OracleWebLogicServer_CL
|
||||
tactics:
|
||||
- InitialAccess
|
||||
relevantTechniques:
|
||||
|
|
|
|||
|
|
@ -7,6 +7,9 @@ requiredDataConnectors:
|
|||
- connectorId: OracleWebLogicServer
|
||||
dataTypes:
|
||||
- OracleWebLogicServerEvent
|
||||
- connectorId: CustomLogsAma
|
||||
dataTypes:
|
||||
- OracleWebLogicServer_CL
|
||||
tactics:
|
||||
- InitialAccess
|
||||
relevantTechniques:
|
||||
|
|
|
|||
|
|
@ -7,6 +7,9 @@ requiredDataConnectors:
|
|||
- connectorId: OracleWebLogicServer
|
||||
dataTypes:
|
||||
- OracleWebLogicServerEvent
|
||||
- connectorId: CustomLogsAma
|
||||
dataTypes:
|
||||
- OracleWebLogicServer_CL
|
||||
tactics:
|
||||
- InitialAccess
|
||||
relevantTechniques:
|
||||
|
|
|
|||
|
|
@ -7,6 +7,9 @@ requiredDataConnectors:
|
|||
- connectorId: OracleWebLogicServer
|
||||
dataTypes:
|
||||
- OracleWebLogicServerEvent
|
||||
- connectorId: CustomLogsAma
|
||||
dataTypes:
|
||||
- OracleWebLogicServer_CL
|
||||
tactics:
|
||||
- Impact
|
||||
- InitialAccess
|
||||
|
|
|
|||
|
|
@ -7,6 +7,9 @@ requiredDataConnectors:
|
|||
- connectorId: OracleWebLogicServer
|
||||
dataTypes:
|
||||
- OracleWebLogicServerEvent
|
||||
- connectorId: CustomLogsAma
|
||||
dataTypes:
|
||||
- OracleWebLogicServer_CL
|
||||
tactics:
|
||||
- Impact
|
||||
- InitialAccess
|
||||
|
|
|
|||
Двоичные данные
Solutions/OracleWebLogicServer/Package/3.0.0.zip
Двоичные данные
Solutions/OracleWebLogicServer/Package/3.0.0.zip
Двоичный файл не отображается.
|
|
@ -6,7 +6,7 @@
|
|||
"config": {
|
||||
"isWizard": false,
|
||||
"basics": {
|
||||
"description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \r \n • Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/OracleWebLogicServer/ReleaseNotes.md)\r \n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Oracle](https://www.oracle.com/index.html) WebLogic Server solution for Microsoft Sentinel provides the capability to ingest [Oracle Web Logic Server](https://docs.oracle.com/en/middleware/standalone/weblogic-server/index.html) events into Microsoft Sentinel. Oracle WebLogic Server is a server for building and deploying enterprise Java EE applications with support for new features for lowering cost of operations, improving performance, enhancing scalability, and supporting the Oracle Applications portfolio.\r\n \r\n **Underlying Microsoft Technologies used:** \r\n\r\n This solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\r\n\n a. [Azure Monitor HTTP Data Collector API](https://docs.microsoft.com/azure/azure-monitor/logs/data-collector-api)\r\n\n\n\n**Data Connectors:** 1, **Parsers:** 1, **Workbooks:** 1, **Analytic Rules:** 10, **Hunting Queries:** 10\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
|
||||
"description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/OracleWebLogicServer/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Oracle](https://www.oracle.com/index.html) WebLogic Server solution for Microsoft Sentinel provides the capability to ingest [Oracle Web Logic Server](https://docs.oracle.com/en/middleware/standalone/weblogic-server/index.html) events into Microsoft Sentinel. Oracle WebLogic Server is a server for building and deploying enterprise Java EE applications with support for new features for lowering cost of operations, improving performance, enhancing scalability, and supporting the Oracle Applications portfolio.\n\n This solution is dependent on the Custom logs via AMA connector to collect the logs. The Custom logs solution will be installed as part of this solution installation. \n\n **NOTE**: Microsoft recommends installation of Custom logs via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by **Aug 31, 2024**. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/azure/sentinel/ama-migrate?WT.mc_id=Portal-fx).\n\n**Data Connectors:** 1, **Parsers:** 1, **Workbooks:** 1, **Analytic Rules:** 10, **Hunting Queries:** 10\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
|
||||
"subscription": {
|
||||
"resourceProviders": [
|
||||
"Microsoft.OperationsManagement/solutions",
|
||||
|
|
@ -323,7 +323,7 @@
|
|||
"name": "huntingquery1-text",
|
||||
"type": "Microsoft.Common.TextBlock",
|
||||
"options": {
|
||||
"text": "Query shows request to forbidden files. This hunting query depends on OracleWebLogicServer data connector (OracleWebLogicServerEvent Parser or Table)"
|
||||
"text": "Query shows request to forbidden files. This hunting query depends on OracleWebLogicServer CustomLogsAma data connector (OracleWebLogicServerEvent OracleWebLogicServer_CL Parser or Table)"
|
||||
}
|
||||
}
|
||||
]
|
||||
|
|
@ -337,7 +337,7 @@
|
|||
"name": "huntingquery2-text",
|
||||
"type": "Microsoft.Common.TextBlock",
|
||||
"options": {
|
||||
"text": "Query shows abnormal request size. This hunting query depends on OracleWebLogicServer data connector (OracleWebLogicServerEvent Parser or Table)"
|
||||
"text": "Query shows abnormal request size. This hunting query depends on OracleWebLogicServer CustomLogsAma data connector (OracleWebLogicServerEvent OracleWebLogicServer_CL Parser or Table)"
|
||||
}
|
||||
}
|
||||
]
|
||||
|
|
@ -351,7 +351,7 @@
|
|||
"name": "huntingquery3-text",
|
||||
"type": "Microsoft.Common.TextBlock",
|
||||
"options": {
|
||||
"text": "Query shows critical event severity This hunting query depends on OracleWebLogicServer data connector (OracleWebLogicServerEvent Parser or Table)"
|
||||
"text": "Query shows critical event severity This hunting query depends on OracleWebLogicServer CustomLogsAma data connector (OracleWebLogicServerEvent OracleWebLogicServer_CL Parser or Table)"
|
||||
}
|
||||
}
|
||||
]
|
||||
|
|
@ -365,7 +365,7 @@
|
|||
"name": "huntingquery4-text",
|
||||
"type": "Microsoft.Common.TextBlock",
|
||||
"options": {
|
||||
"text": "Query shows error messages. This hunting query depends on OracleWebLogicServer data connector (OracleWebLogicServerEvent Parser or Table)"
|
||||
"text": "Query shows error messages. This hunting query depends on OracleWebLogicServer CustomLogsAma data connector (OracleWebLogicServerEvent OracleWebLogicServer_CL Parser or Table)"
|
||||
}
|
||||
}
|
||||
]
|
||||
|
|
@ -379,7 +379,7 @@
|
|||
"name": "huntingquery5-text",
|
||||
"type": "Microsoft.Common.TextBlock",
|
||||
"options": {
|
||||
"text": "Query shows list of files with error requests. This hunting query depends on OracleWebLogicServer data connector (OracleWebLogicServerEvent Parser or Table)"
|
||||
"text": "Query shows list of files with error requests. This hunting query depends on OracleWebLogicServer CustomLogsAma data connector (OracleWebLogicServerEvent OracleWebLogicServer_CL Parser or Table)"
|
||||
}
|
||||
}
|
||||
]
|
||||
|
|
@ -393,7 +393,7 @@
|
|||
"name": "huntingquery6-text",
|
||||
"type": "Microsoft.Common.TextBlock",
|
||||
"options": {
|
||||
"text": "Query shows rare user agent strings with client errors This hunting query depends on OracleWebLogicServer data connector (OracleWebLogicServerEvent Parser or Table)"
|
||||
"text": "Query shows rare user agent strings with client errors This hunting query depends on OracleWebLogicServer CustomLogsAma data connector (OracleWebLogicServerEvent OracleWebLogicServer_CL Parser or Table)"
|
||||
}
|
||||
}
|
||||
]
|
||||
|
|
@ -407,7 +407,7 @@
|
|||
"name": "huntingquery7-text",
|
||||
"type": "Microsoft.Common.TextBlock",
|
||||
"options": {
|
||||
"text": "Query shows rare URLs requested. This hunting query depends on OracleWebLogicServer data connector (OracleWebLogicServerEvent Parser or Table)"
|
||||
"text": "Query shows rare URLs requested. This hunting query depends on OracleWebLogicServer CustomLogsAma data connector (OracleWebLogicServerEvent OracleWebLogicServer_CL Parser or Table)"
|
||||
}
|
||||
}
|
||||
]
|
||||
|
|
@ -421,7 +421,7 @@
|
|||
"name": "huntingquery8-text",
|
||||
"type": "Microsoft.Common.TextBlock",
|
||||
"options": {
|
||||
"text": "Query shows rare user agents This hunting query depends on OracleWebLogicServer data connector (OracleWebLogicServerEvent Parser or Table)"
|
||||
"text": "Query shows rare user agents This hunting query depends on OracleWebLogicServer CustomLogsAma data connector (OracleWebLogicServerEvent OracleWebLogicServer_CL Parser or Table)"
|
||||
}
|
||||
}
|
||||
]
|
||||
|
|
@ -435,7 +435,7 @@
|
|||
"name": "huntingquery9-text",
|
||||
"type": "Microsoft.Common.TextBlock",
|
||||
"options": {
|
||||
"text": "Query shows URLs list with client errors. This hunting query depends on OracleWebLogicServer data connector (OracleWebLogicServerEvent Parser or Table)"
|
||||
"text": "Query shows URLs list with client errors. This hunting query depends on OracleWebLogicServer CustomLogsAma data connector (OracleWebLogicServerEvent OracleWebLogicServer_CL Parser or Table)"
|
||||
}
|
||||
}
|
||||
]
|
||||
|
|
@ -449,7 +449,7 @@
|
|||
"name": "huntingquery10-text",
|
||||
"type": "Microsoft.Common.TextBlock",
|
||||
"options": {
|
||||
"text": "Query shows URLs list with server errors. This hunting query depends on OracleWebLogicServer data connector (OracleWebLogicServerEvent Parser or Table)"
|
||||
"text": "Query shows URLs list with server errors. This hunting query depends on OracleWebLogicServer CustomLogsAma data connector (OracleWebLogicServerEvent OracleWebLogicServer_CL Parser or Table)"
|
||||
}
|
||||
}
|
||||
]
|
||||
|
|
|
|||
|
|
@ -118,74 +118,74 @@
|
|||
"dataConnectorVersion1": "1.0.0",
|
||||
"_dataConnectorcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentId1'),'-', variables('dataConnectorVersion1'))))]",
|
||||
"analyticRuleObject1": {
|
||||
"analyticRuleVersion1": "1.0.1",
|
||||
"analyticRuleVersion1": "1.0.2",
|
||||
"_analyticRulecontentId1": "6ae36a5e-573f-11ec-bf63-0242ac130002",
|
||||
"analyticRuleId1": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '6ae36a5e-573f-11ec-bf63-0242ac130002')]",
|
||||
"analyticRuleTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('6ae36a5e-573f-11ec-bf63-0242ac130002')))]",
|
||||
"_analyticRulecontentProductId1": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','6ae36a5e-573f-11ec-bf63-0242ac130002','-', '1.0.1')))]"
|
||||
"_analyticRulecontentProductId1": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','6ae36a5e-573f-11ec-bf63-0242ac130002','-', '1.0.2')))]"
|
||||
},
|
||||
"analyticRuleObject2": {
|
||||
"analyticRuleVersion2": "1.0.1",
|
||||
"analyticRuleVersion2": "1.0.2",
|
||||
"_analyticRulecontentId2": "44c7d12a-573f-11ec-bf63-0242ac130002",
|
||||
"analyticRuleId2": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '44c7d12a-573f-11ec-bf63-0242ac130002')]",
|
||||
"analyticRuleTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('44c7d12a-573f-11ec-bf63-0242ac130002')))]",
|
||||
"_analyticRulecontentProductId2": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','44c7d12a-573f-11ec-bf63-0242ac130002','-', '1.0.1')))]"
|
||||
"_analyticRulecontentProductId2": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','44c7d12a-573f-11ec-bf63-0242ac130002','-', '1.0.2')))]"
|
||||
},
|
||||
"analyticRuleObject3": {
|
||||
"analyticRuleVersion3": "1.0.1",
|
||||
"analyticRuleVersion3": "1.0.2",
|
||||
"_analyticRulecontentId3": "67950168-5740-11ec-bf63-0242ac130002",
|
||||
"analyticRuleId3": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '67950168-5740-11ec-bf63-0242ac130002')]",
|
||||
"analyticRuleTemplateSpecName3": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('67950168-5740-11ec-bf63-0242ac130002')))]",
|
||||
"_analyticRulecontentProductId3": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','67950168-5740-11ec-bf63-0242ac130002','-', '1.0.1')))]"
|
||||
"_analyticRulecontentProductId3": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','67950168-5740-11ec-bf63-0242ac130002','-', '1.0.2')))]"
|
||||
},
|
||||
"analyticRuleObject4": {
|
||||
"analyticRuleVersion4": "1.0.1",
|
||||
"analyticRuleVersion4": "1.0.2",
|
||||
"_analyticRulecontentId4": "51d050ee-5740-11ec-bf63-0242ac130002",
|
||||
"analyticRuleId4": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '51d050ee-5740-11ec-bf63-0242ac130002')]",
|
||||
"analyticRuleTemplateSpecName4": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('51d050ee-5740-11ec-bf63-0242ac130002')))]",
|
||||
"_analyticRulecontentProductId4": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','51d050ee-5740-11ec-bf63-0242ac130002','-', '1.0.1')))]"
|
||||
"_analyticRulecontentProductId4": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','51d050ee-5740-11ec-bf63-0242ac130002','-', '1.0.2')))]"
|
||||
},
|
||||
"analyticRuleObject5": {
|
||||
"analyticRuleVersion5": "1.0.1",
|
||||
"analyticRuleVersion5": "1.0.2",
|
||||
"_analyticRulecontentId5": "41775080-5740-11ec-bf63-0242ac130002",
|
||||
"analyticRuleId5": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '41775080-5740-11ec-bf63-0242ac130002')]",
|
||||
"analyticRuleTemplateSpecName5": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('41775080-5740-11ec-bf63-0242ac130002')))]",
|
||||
"_analyticRulecontentProductId5": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','41775080-5740-11ec-bf63-0242ac130002','-', '1.0.1')))]"
|
||||
"_analyticRulecontentProductId5": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','41775080-5740-11ec-bf63-0242ac130002','-', '1.0.2')))]"
|
||||
},
|
||||
"analyticRuleObject6": {
|
||||
"analyticRuleVersion6": "1.0.1",
|
||||
"analyticRuleVersion6": "1.0.2",
|
||||
"_analyticRulecontentId6": "268f4fde-5740-11ec-bf63-0242ac130002",
|
||||
"analyticRuleId6": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '268f4fde-5740-11ec-bf63-0242ac130002')]",
|
||||
"analyticRuleTemplateSpecName6": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('268f4fde-5740-11ec-bf63-0242ac130002')))]",
|
||||
"_analyticRulecontentProductId6": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','268f4fde-5740-11ec-bf63-0242ac130002','-', '1.0.1')))]"
|
||||
"_analyticRulecontentProductId6": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','268f4fde-5740-11ec-bf63-0242ac130002','-', '1.0.2')))]"
|
||||
},
|
||||
"analyticRuleObject7": {
|
||||
"analyticRuleVersion7": "1.0.1",
|
||||
"analyticRuleVersion7": "1.0.2",
|
||||
"_analyticRulecontentId7": "153ce6d8-5740-11ec-bf63-0242ac130002",
|
||||
"analyticRuleId7": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '153ce6d8-5740-11ec-bf63-0242ac130002')]",
|
||||
"analyticRuleTemplateSpecName7": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('153ce6d8-5740-11ec-bf63-0242ac130002')))]",
|
||||
"_analyticRulecontentProductId7": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','153ce6d8-5740-11ec-bf63-0242ac130002','-', '1.0.1')))]"
|
||||
"_analyticRulecontentProductId7": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','153ce6d8-5740-11ec-bf63-0242ac130002','-', '1.0.2')))]"
|
||||
},
|
||||
"analyticRuleObject8": {
|
||||
"analyticRuleVersion8": "1.0.0",
|
||||
"analyticRuleVersion8": "1.0.1",
|
||||
"_analyticRulecontentId8": "033e98d2-5740-11ec-bf63-0242ac130002",
|
||||
"analyticRuleId8": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '033e98d2-5740-11ec-bf63-0242ac130002')]",
|
||||
"analyticRuleTemplateSpecName8": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('033e98d2-5740-11ec-bf63-0242ac130002')))]",
|
||||
"_analyticRulecontentProductId8": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','033e98d2-5740-11ec-bf63-0242ac130002','-', '1.0.0')))]"
|
||||
"_analyticRulecontentProductId8": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','033e98d2-5740-11ec-bf63-0242ac130002','-', '1.0.1')))]"
|
||||
},
|
||||
"analyticRuleObject9": {
|
||||
"analyticRuleVersion9": "1.0.1",
|
||||
"analyticRuleVersion9": "1.0.2",
|
||||
"_analyticRulecontentId9": "edc2f2b4-573f-11ec-bf63-0242ac130002",
|
||||
"analyticRuleId9": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'edc2f2b4-573f-11ec-bf63-0242ac130002')]",
|
||||
"analyticRuleTemplateSpecName9": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('edc2f2b4-573f-11ec-bf63-0242ac130002')))]",
|
||||
"_analyticRulecontentProductId9": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','edc2f2b4-573f-11ec-bf63-0242ac130002','-', '1.0.1')))]"
|
||||
"_analyticRulecontentProductId9": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','edc2f2b4-573f-11ec-bf63-0242ac130002','-', '1.0.2')))]"
|
||||
},
|
||||
"analyticRuleObject10": {
|
||||
"analyticRuleVersion10": "1.0.1",
|
||||
"analyticRuleVersion10": "1.0.2",
|
||||
"_analyticRulecontentId10": "9cc9ed36-573f-11ec-bf63-0242ac130002",
|
||||
"analyticRuleId10": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '9cc9ed36-573f-11ec-bf63-0242ac130002')]",
|
||||
"analyticRuleTemplateSpecName10": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('9cc9ed36-573f-11ec-bf63-0242ac130002')))]",
|
||||
"_analyticRulecontentProductId10": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','9cc9ed36-573f-11ec-bf63-0242ac130002','-', '1.0.1')))]"
|
||||
"_analyticRulecontentProductId10": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','9cc9ed36-573f-11ec-bf63-0242ac130002','-', '1.0.2')))]"
|
||||
},
|
||||
"_solutioncontentProductId": "[concat(take(variables('_solutionId'),50),'-','sl','-', uniqueString(concat(variables('_solutionId'),'-','Solution','-',variables('_solutionId'),'-', variables('_solutionVersion'))))]"
|
||||
},
|
||||
|
|
@ -1285,7 +1285,7 @@
|
|||
"properties": {
|
||||
"connectorUiConfig": {
|
||||
"id": "[variables('_uiConfigId1')]",
|
||||
"title": "Oracle WebLogic Server (using Azure Functions)",
|
||||
"title": "[Deprecated] Oracle WebLogic Server",
|
||||
"publisher": "Oracle",
|
||||
"descriptionMarkdown": "OracleWebLogicServer data connector provides the capability to ingest [OracleWebLogicServer](https://docs.oracle.com/en/middleware/standalone/weblogic-server/index.html) events into Microsoft Sentinel. Refer to [OracleWebLogicServer documentation](https://docs.oracle.com/en/middleware/standalone/weblogic-server/14.1.1.0/index.html) for more information.",
|
||||
"additionalRequirementBanner": "These queries are dependent on a parser based on a Kusto Function deployed as part of the solution.",
|
||||
|
|
@ -1476,7 +1476,7 @@
|
|||
"contentSchemaVersion": "3.0.0",
|
||||
"contentId": "[variables('_dataConnectorContentId1')]",
|
||||
"contentKind": "DataConnector",
|
||||
"displayName": "Oracle WebLogic Server (using Azure Functions)",
|
||||
"displayName": "[Deprecated] Oracle WebLogic Server",
|
||||
"contentProductId": "[variables('_dataConnectorcontentProductId1')]",
|
||||
"id": "[variables('_dataConnectorcontentProductId1')]",
|
||||
"version": "[variables('dataConnectorVersion1')]"
|
||||
|
|
@ -1520,7 +1520,7 @@
|
|||
"kind": "GenericUI",
|
||||
"properties": {
|
||||
"connectorUiConfig": {
|
||||
"title": "Oracle WebLogic Server (using Azure Functions)",
|
||||
"title": "[Deprecated] Oracle WebLogic Server",
|
||||
"publisher": "Oracle",
|
||||
"descriptionMarkdown": "OracleWebLogicServer data connector provides the capability to ingest [OracleWebLogicServer](https://docs.oracle.com/en/middleware/standalone/weblogic-server/index.html) events into Microsoft Sentinel. Refer to [OracleWebLogicServer documentation](https://docs.oracle.com/en/middleware/standalone/weblogic-server/14.1.1.0/index.html) for more information.",
|
||||
"graphQueries": [
|
||||
|
|
@ -1696,7 +1696,7 @@
|
|||
{
|
||||
"type": "Microsoft.SecurityInsights/AlertRuleTemplates",
|
||||
"name": "[variables('analyticRuleObject1')._analyticRulecontentId1]",
|
||||
"apiVersion": "2022-04-01-preview",
|
||||
"apiVersion": "2023-02-01-preview",
|
||||
"kind": "Scheduled",
|
||||
"location": "[parameters('workspace-location')]",
|
||||
"properties": {
|
||||
|
|
@ -1714,10 +1714,16 @@
|
|||
"status": "Available",
|
||||
"requiredDataConnectors": [
|
||||
{
|
||||
"connectorId": "OracleWebLogicServer",
|
||||
"dataTypes": [
|
||||
"OracleWebLogicServerEvent"
|
||||
],
|
||||
"connectorId": "OracleWebLogicServer"
|
||||
]
|
||||
},
|
||||
{
|
||||
"connectorId": "CustomLogsAma",
|
||||
"dataTypes": [
|
||||
"OracleWebLogicServerEvent"
|
||||
]
|
||||
}
|
||||
],
|
||||
"tactics": [
|
||||
|
|
@ -1729,13 +1735,13 @@
|
|||
],
|
||||
"entityMappings": [
|
||||
{
|
||||
"entityType": "URL",
|
||||
"fieldMappings": [
|
||||
{
|
||||
"identifier": "Url",
|
||||
"columnName": "UrlCustomEntity"
|
||||
"columnName": "UrlCustomEntity",
|
||||
"identifier": "Url"
|
||||
}
|
||||
]
|
||||
],
|
||||
"entityType": "URL"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
|
@ -1801,7 +1807,7 @@
|
|||
{
|
||||
"type": "Microsoft.SecurityInsights/AlertRuleTemplates",
|
||||
"name": "[variables('analyticRuleObject2')._analyticRulecontentId2]",
|
||||
"apiVersion": "2022-04-01-preview",
|
||||
"apiVersion": "2023-02-01-preview",
|
||||
"kind": "Scheduled",
|
||||
"location": "[parameters('workspace-location')]",
|
||||
"properties": {
|
||||
|
|
@ -1819,10 +1825,16 @@
|
|||
"status": "Available",
|
||||
"requiredDataConnectors": [
|
||||
{
|
||||
"connectorId": "OracleWebLogicServer",
|
||||
"dataTypes": [
|
||||
"OracleWebLogicServerEvent"
|
||||
],
|
||||
"connectorId": "OracleWebLogicServer"
|
||||
]
|
||||
},
|
||||
{
|
||||
"connectorId": "CustomLogsAma",
|
||||
"dataTypes": [
|
||||
"OracleWebLogicServer_CL"
|
||||
]
|
||||
}
|
||||
],
|
||||
"tactics": [
|
||||
|
|
@ -1834,13 +1846,13 @@
|
|||
],
|
||||
"entityMappings": [
|
||||
{
|
||||
"entityType": "IP",
|
||||
"fieldMappings": [
|
||||
{
|
||||
"identifier": "Address",
|
||||
"columnName": "IPCustomEntity"
|
||||
"columnName": "IPCustomEntity",
|
||||
"identifier": "Address"
|
||||
}
|
||||
]
|
||||
],
|
||||
"entityType": "IP"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
|
@ -1906,7 +1918,7 @@
|
|||
{
|
||||
"type": "Microsoft.SecurityInsights/AlertRuleTemplates",
|
||||
"name": "[variables('analyticRuleObject3')._analyticRulecontentId3]",
|
||||
"apiVersion": "2022-04-01-preview",
|
||||
"apiVersion": "2023-02-01-preview",
|
||||
"kind": "Scheduled",
|
||||
"location": "[parameters('workspace-location')]",
|
||||
"properties": {
|
||||
|
|
@ -1924,10 +1936,16 @@
|
|||
"status": "Available",
|
||||
"requiredDataConnectors": [
|
||||
{
|
||||
"connectorId": "OracleWebLogicServer",
|
||||
"dataTypes": [
|
||||
"OracleWebLogicServerEvent"
|
||||
],
|
||||
"connectorId": "OracleWebLogicServer"
|
||||
]
|
||||
},
|
||||
{
|
||||
"connectorId": "CustomLogsAma",
|
||||
"dataTypes": [
|
||||
"OracleWebLogicServer_CL"
|
||||
]
|
||||
}
|
||||
],
|
||||
"tactics": [
|
||||
|
|
@ -1938,13 +1956,13 @@
|
|||
],
|
||||
"entityMappings": [
|
||||
{
|
||||
"entityType": "URL",
|
||||
"fieldMappings": [
|
||||
{
|
||||
"identifier": "Url",
|
||||
"columnName": "UrlCustomEntity"
|
||||
"columnName": "UrlCustomEntity",
|
||||
"identifier": "Url"
|
||||
}
|
||||
]
|
||||
],
|
||||
"entityType": "URL"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
|
@ -2010,7 +2028,7 @@
|
|||
{
|
||||
"type": "Microsoft.SecurityInsights/AlertRuleTemplates",
|
||||
"name": "[variables('analyticRuleObject4')._analyticRulecontentId4]",
|
||||
"apiVersion": "2022-04-01-preview",
|
||||
"apiVersion": "2023-02-01-preview",
|
||||
"kind": "Scheduled",
|
||||
"location": "[parameters('workspace-location')]",
|
||||
"properties": {
|
||||
|
|
@ -2028,10 +2046,16 @@
|
|||
"status": "Available",
|
||||
"requiredDataConnectors": [
|
||||
{
|
||||
"connectorId": "OracleWebLogicServer",
|
||||
"dataTypes": [
|
||||
"OracleWebLogicServerEvent"
|
||||
],
|
||||
"connectorId": "OracleWebLogicServer"
|
||||
]
|
||||
},
|
||||
{
|
||||
"connectorId": "CustomLogsAma",
|
||||
"dataTypes": [
|
||||
"OracleWebLogicServer_CL"
|
||||
]
|
||||
}
|
||||
],
|
||||
"tactics": [
|
||||
|
|
@ -2043,13 +2067,13 @@
|
|||
],
|
||||
"entityMappings": [
|
||||
{
|
||||
"entityType": "IP",
|
||||
"fieldMappings": [
|
||||
{
|
||||
"identifier": "Address",
|
||||
"columnName": "IPCustomEntity"
|
||||
"columnName": "IPCustomEntity",
|
||||
"identifier": "Address"
|
||||
}
|
||||
]
|
||||
],
|
||||
"entityType": "IP"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
|
@ -2115,7 +2139,7 @@
|
|||
{
|
||||
"type": "Microsoft.SecurityInsights/AlertRuleTemplates",
|
||||
"name": "[variables('analyticRuleObject5')._analyticRulecontentId5]",
|
||||
"apiVersion": "2022-04-01-preview",
|
||||
"apiVersion": "2023-02-01-preview",
|
||||
"kind": "Scheduled",
|
||||
"location": "[parameters('workspace-location')]",
|
||||
"properties": {
|
||||
|
|
@ -2133,10 +2157,16 @@
|
|||
"status": "Available",
|
||||
"requiredDataConnectors": [
|
||||
{
|
||||
"connectorId": "OracleWebLogicServer",
|
||||
"dataTypes": [
|
||||
"OracleWebLogicServerEvent"
|
||||
],
|
||||
"connectorId": "OracleWebLogicServer"
|
||||
]
|
||||
},
|
||||
{
|
||||
"connectorId": "CustomLogsAma",
|
||||
"dataTypes": [
|
||||
"OracleWebLogicServer_CL"
|
||||
]
|
||||
}
|
||||
],
|
||||
"tactics": [
|
||||
|
|
@ -2148,13 +2178,13 @@
|
|||
],
|
||||
"entityMappings": [
|
||||
{
|
||||
"entityType": "IP",
|
||||
"fieldMappings": [
|
||||
{
|
||||
"identifier": "Address",
|
||||
"columnName": "IPCustomEntity"
|
||||
"columnName": "IPCustomEntity",
|
||||
"identifier": "Address"
|
||||
}
|
||||
]
|
||||
],
|
||||
"entityType": "IP"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
|
@ -2220,7 +2250,7 @@
|
|||
{
|
||||
"type": "Microsoft.SecurityInsights/AlertRuleTemplates",
|
||||
"name": "[variables('analyticRuleObject6')._analyticRulecontentId6]",
|
||||
"apiVersion": "2022-04-01-preview",
|
||||
"apiVersion": "2023-02-01-preview",
|
||||
"kind": "Scheduled",
|
||||
"location": "[parameters('workspace-location')]",
|
||||
"properties": {
|
||||
|
|
@ -2238,10 +2268,16 @@
|
|||
"status": "Available",
|
||||
"requiredDataConnectors": [
|
||||
{
|
||||
"connectorId": "OracleWebLogicServer",
|
||||
"dataTypes": [
|
||||
"OracleWebLogicServerEvent"
|
||||
],
|
||||
"connectorId": "OracleWebLogicServer"
|
||||
]
|
||||
},
|
||||
{
|
||||
"connectorId": "CustomLogsAma",
|
||||
"dataTypes": [
|
||||
"OracleWebLogicServer_CL"
|
||||
]
|
||||
}
|
||||
],
|
||||
"tactics": [
|
||||
|
|
@ -2255,13 +2291,13 @@
|
|||
],
|
||||
"entityMappings": [
|
||||
{
|
||||
"entityType": "IP",
|
||||
"fieldMappings": [
|
||||
{
|
||||
"identifier": "Address",
|
||||
"columnName": "IPCustomEntity"
|
||||
"columnName": "IPCustomEntity",
|
||||
"identifier": "Address"
|
||||
}
|
||||
]
|
||||
],
|
||||
"entityType": "IP"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
|
@ -2327,7 +2363,7 @@
|
|||
{
|
||||
"type": "Microsoft.SecurityInsights/AlertRuleTemplates",
|
||||
"name": "[variables('analyticRuleObject7')._analyticRulecontentId7]",
|
||||
"apiVersion": "2022-04-01-preview",
|
||||
"apiVersion": "2023-02-01-preview",
|
||||
"kind": "Scheduled",
|
||||
"location": "[parameters('workspace-location')]",
|
||||
"properties": {
|
||||
|
|
@ -2345,10 +2381,16 @@
|
|||
"status": "Available",
|
||||
"requiredDataConnectors": [
|
||||
{
|
||||
"connectorId": "OracleWebLogicServer",
|
||||
"dataTypes": [
|
||||
"OracleWebLogicServerEvent"
|
||||
],
|
||||
"connectorId": "OracleWebLogicServer"
|
||||
]
|
||||
},
|
||||
{
|
||||
"connectorId": "CustomLogsAma",
|
||||
"dataTypes": [
|
||||
"OracleWebLogicServer_CL"
|
||||
]
|
||||
}
|
||||
],
|
||||
"tactics": [
|
||||
|
|
@ -2360,22 +2402,22 @@
|
|||
],
|
||||
"entityMappings": [
|
||||
{
|
||||
"entityType": "URL",
|
||||
"fieldMappings": [
|
||||
{
|
||||
"identifier": "Url",
|
||||
"columnName": "UrlCustomEntity"
|
||||
"columnName": "UrlCustomEntity",
|
||||
"identifier": "Url"
|
||||
}
|
||||
]
|
||||
],
|
||||
"entityType": "URL"
|
||||
},
|
||||
{
|
||||
"entityType": "IP",
|
||||
"fieldMappings": [
|
||||
{
|
||||
"identifier": "Address",
|
||||
"columnName": "IPCustomEntity"
|
||||
"columnName": "IPCustomEntity",
|
||||
"identifier": "Address"
|
||||
}
|
||||
]
|
||||
],
|
||||
"entityType": "IP"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
|
@ -2441,7 +2483,7 @@
|
|||
{
|
||||
"type": "Microsoft.SecurityInsights/AlertRuleTemplates",
|
||||
"name": "[variables('analyticRuleObject8')._analyticRulecontentId8]",
|
||||
"apiVersion": "2022-04-01-preview",
|
||||
"apiVersion": "2023-02-01-preview",
|
||||
"kind": "Scheduled",
|
||||
"location": "[parameters('workspace-location')]",
|
||||
"properties": {
|
||||
|
|
@ -2459,10 +2501,16 @@
|
|||
"status": "Available",
|
||||
"requiredDataConnectors": [
|
||||
{
|
||||
"connectorId": "OracleWebLogicServer",
|
||||
"dataTypes": [
|
||||
"OracleWebLogicServerEvent"
|
||||
],
|
||||
"connectorId": "OracleWebLogicServer"
|
||||
]
|
||||
},
|
||||
{
|
||||
"connectorId": "CustomLogsAma",
|
||||
"dataTypes": [
|
||||
"OracleWebLogicServer_CL"
|
||||
]
|
||||
}
|
||||
],
|
||||
"tactics": [
|
||||
|
|
@ -2474,22 +2522,22 @@
|
|||
],
|
||||
"entityMappings": [
|
||||
{
|
||||
"entityType": "IP",
|
||||
"fieldMappings": [
|
||||
{
|
||||
"identifier": "Address",
|
||||
"columnName": "IPCustomEntity"
|
||||
"columnName": "IPCustomEntity",
|
||||
"identifier": "Address"
|
||||
}
|
||||
]
|
||||
],
|
||||
"entityType": "IP"
|
||||
},
|
||||
{
|
||||
"entityType": "URL",
|
||||
"fieldMappings": [
|
||||
{
|
||||
"identifier": "Url",
|
||||
"columnName": "UrlCustomEntity"
|
||||
"columnName": "UrlCustomEntity",
|
||||
"identifier": "Url"
|
||||
}
|
||||
]
|
||||
],
|
||||
"entityType": "URL"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
|
@ -2555,7 +2603,7 @@
|
|||
{
|
||||
"type": "Microsoft.SecurityInsights/AlertRuleTemplates",
|
||||
"name": "[variables('analyticRuleObject9')._analyticRulecontentId9]",
|
||||
"apiVersion": "2022-04-01-preview",
|
||||
"apiVersion": "2023-02-01-preview",
|
||||
"kind": "Scheduled",
|
||||
"location": "[parameters('workspace-location')]",
|
||||
"properties": {
|
||||
|
|
@ -2573,10 +2621,16 @@
|
|||
"status": "Available",
|
||||
"requiredDataConnectors": [
|
||||
{
|
||||
"connectorId": "OracleWebLogicServer",
|
||||
"dataTypes": [
|
||||
"OracleWebLogicServerEvent"
|
||||
],
|
||||
"connectorId": "OracleWebLogicServer"
|
||||
]
|
||||
},
|
||||
{
|
||||
"connectorId": "CustomLogsAma",
|
||||
"dataTypes": [
|
||||
"OracleWebLogicServer_CL"
|
||||
]
|
||||
}
|
||||
],
|
||||
"tactics": [
|
||||
|
|
@ -2590,31 +2644,31 @@
|
|||
],
|
||||
"entityMappings": [
|
||||
{
|
||||
"entityType": "File",
|
||||
"fieldMappings": [
|
||||
{
|
||||
"identifier": "Name",
|
||||
"columnName": "FileCustomEntity"
|
||||
"columnName": "FileCustomEntity",
|
||||
"identifier": "Name"
|
||||
}
|
||||
]
|
||||
],
|
||||
"entityType": "File"
|
||||
},
|
||||
{
|
||||
"entityType": "URL",
|
||||
"fieldMappings": [
|
||||
{
|
||||
"identifier": "Url",
|
||||
"columnName": "UrlCustomEntity"
|
||||
"columnName": "UrlCustomEntity",
|
||||
"identifier": "Url"
|
||||
}
|
||||
]
|
||||
],
|
||||
"entityType": "URL"
|
||||
},
|
||||
{
|
||||
"entityType": "IP",
|
||||
"fieldMappings": [
|
||||
{
|
||||
"identifier": "Address",
|
||||
"columnName": "IPCustomEntity"
|
||||
"columnName": "IPCustomEntity",
|
||||
"identifier": "Address"
|
||||
}
|
||||
]
|
||||
],
|
||||
"entityType": "IP"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
|
@ -2680,7 +2734,7 @@
|
|||
{
|
||||
"type": "Microsoft.SecurityInsights/AlertRuleTemplates",
|
||||
"name": "[variables('analyticRuleObject10')._analyticRulecontentId10]",
|
||||
"apiVersion": "2022-04-01-preview",
|
||||
"apiVersion": "2023-02-01-preview",
|
||||
"kind": "Scheduled",
|
||||
"location": "[parameters('workspace-location')]",
|
||||
"properties": {
|
||||
|
|
@ -2698,10 +2752,16 @@
|
|||
"status": "Available",
|
||||
"requiredDataConnectors": [
|
||||
{
|
||||
"connectorId": "OracleWebLogicServer",
|
||||
"dataTypes": [
|
||||
"OracleWebLogicServerEvent"
|
||||
],
|
||||
"connectorId": "OracleWebLogicServer"
|
||||
]
|
||||
},
|
||||
{
|
||||
"connectorId": "CustomLogsAma",
|
||||
"dataTypes": [
|
||||
"OracleWebLogicServer_CL"
|
||||
]
|
||||
}
|
||||
],
|
||||
"tactics": [
|
||||
|
|
@ -2712,22 +2772,22 @@
|
|||
],
|
||||
"entityMappings": [
|
||||
{
|
||||
"entityType": "File",
|
||||
"fieldMappings": [
|
||||
{
|
||||
"identifier": "Name",
|
||||
"columnName": "FileCustomEntity"
|
||||
"columnName": "FileCustomEntity",
|
||||
"identifier": "Name"
|
||||
}
|
||||
]
|
||||
],
|
||||
"entityType": "File"
|
||||
},
|
||||
{
|
||||
"entityType": "URL",
|
||||
"fieldMappings": [
|
||||
{
|
||||
"identifier": "Url",
|
||||
"columnName": "UrlCustomEntity"
|
||||
"columnName": "UrlCustomEntity",
|
||||
"identifier": "Url"
|
||||
}
|
||||
]
|
||||
],
|
||||
"entityType": "URL"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
|
@ -2784,7 +2844,7 @@
|
|||
"contentSchemaVersion": "3.0.0",
|
||||
"displayName": "OracleWebLogicServer",
|
||||
"publisherDisplayName": "Microsoft Sentinel, Microsoft Corporation",
|
||||
"descriptionHtml": "<p><strong>Note:</strong> <em>There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</em></p>\n<p>The <a href=\"https://www.oracle.com/index.html\">Oracle</a> WebLogic Server solution for Microsoft Sentinel provides the capability to ingest <a href=\"https://docs.oracle.com/en/middleware/standalone/weblogic-server/index.html\">Oracle Web Logic Server</a> events into Microsoft Sentinel. Oracle WebLogic Server is a server for building and deploying enterprise Java EE applications with support for new features for lowering cost of operations, improving performance, enhancing scalability, and supporting the Oracle Applications portfolio.</p>\n<p><strong>Underlying Microsoft Technologies used:</strong></p>\n<p>This solution takes a dependency on the following technologies, and some of these dependencies either may be in <a href=\"https://azure.microsoft.com/support/legal/preview-supplemental-terms/\">Preview</a> state or might result in additional ingestion or operational costs:</p>\n<ol type=\"a\">\n<li><a href=\"https://docs.microsoft.com/azure/azure-monitor/logs/data-collector-api\">Azure Monitor HTTP Data Collector API</a></li>\n</ol>\n<p><strong>Data Connectors:</strong> 1, <strong>Parsers:</strong> 1, <strong>Workbooks:</strong> 1, <strong>Analytic Rules:</strong> 10, <strong>Hunting Queries:</strong> 10</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
|
||||
"descriptionHtml": "<p><strong>Note:</strong> Please refer to the following before installing the solution:</p>\n<p>• Review the solution <a href=\"https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/OracleWebLogicServer/ReleaseNotes.md\">Release Notes</a></p>\n<p>• There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</p>\n<p>The <a href=\"https://www.oracle.com/index.html\">Oracle</a> WebLogic Server solution for Microsoft Sentinel provides the capability to ingest <a href=\"https://docs.oracle.com/en/middleware/standalone/weblogic-server/index.html\">Oracle Web Logic Server</a> events into Microsoft Sentinel. Oracle WebLogic Server is a server for building and deploying enterprise Java EE applications with support for new features for lowering cost of operations, improving performance, enhancing scalability, and supporting the Oracle Applications portfolio.</p>\n<p>This solution is dependent on the Custom logs via AMA connector to collect the logs. The Custom logs solution will be installed as part of this solution installation.</p>\n<p><strong>NOTE</strong>: Microsoft recommends installation of Custom logs via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by <strong>Aug 31, 2024</strong>. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost <a href=\"https://learn.microsoft.com/azure/sentinel/ama-migrate?WT.mc_id=Portal-fx\">more details</a>.</p>\n<p><strong>Data Connectors:</strong> 1, <strong>Parsers:</strong> 1, <strong>Workbooks:</strong> 1, <strong>Analytic Rules:</strong> 10, <strong>Hunting Queries:</strong> 10</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
|
||||
"contentKind": "Solution",
|
||||
"contentProductId": "[variables('_solutioncontentProductId')]",
|
||||
"id": "[variables('_solutioncontentProductId')]",
|
||||
|
|
@ -2807,7 +2867,6 @@
|
|||
"link": "https://support.microsoft.com"
|
||||
},
|
||||
"dependencies": {
|
||||
"operator": "AND",
|
||||
"criteria": [
|
||||
{
|
||||
"kind": "Workbook",
|
||||
|
|
@ -2923,6 +2982,10 @@
|
|||
"kind": "AnalyticsRule",
|
||||
"contentId": "[variables('analyticRuleObject10')._analyticRulecontentId10]",
|
||||
"version": "[variables('analyticRuleObject10').analyticRuleVersion10]"
|
||||
},
|
||||
{
|
||||
"kind": "Solution",
|
||||
"contentId": "azuresentinel.azure-sentinel-solution-customlogsviaama"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
|
|
|||
|
|
@ -1,3 +1,4 @@
|
|||
| **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** |
|
||||
|-------------|--------------------------------|------------------------------------------------------------------------------|
|
||||
| 3.0.1 | 09-08-2024 | Deprecating data connectors |
|
||||
| 3.0.0 | 15-12-2023 | Updated the **Parser** field TreadId to ThreadId |
|
||||
Загрузка…
Ссылка в новой задаче