Solution packaged

2024-08-21 16:26:03 +05:30 · 2024-08-21 16:26:03 +05:30 · 5b213fb435
--- a/Events/ReleaseNotes.md
+++ b/Events/ReleaseNotes.md
@ -1,6 +1,4 @@
 | **Version** | **Date Modified (DD-MM-YYYY)** | **Change History**                                                 |
 |-------------|--------------------------------|--------------------------------------------------------------------|
 | 3.0.1       | 08-07-2024                     |	Deprecated **Data Connector**   								|	 
-| 3.0.0       | 20-09-2023                     |	Addition of new Akamai Security Events AMA **Data Connector**   | 	                                                            |  
-         
-                                                                                                                 
+| 3.0.0       | 20-09-2023                     |	Addition of new Akamai Security Events AMA **Data Connector**   |
--- a/Solutions/Cribl/Data/Solution_Cribl.json
+++ b/Solutions/Cribl/Data/Solution_Cribl.json
@ -4,7 +4,7 @@
    "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Cribl-Logo.svg\" width=\"75px\" height=\"75px\">",
    "Description": "- Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Cribl/ReleaseNotes.md)\r\n\r\nCribl i is a vendor neutral, purpose-built processing engine for data security and IT operations focused on centralized parsing and processing of event data.",
    "Data Connectors": [
-      "Data Connectors/Solution_Cribl.json"
+      "Data Connectors/Connector_Cribl.json"
    ],
    "Parsers": [
      "Parsers/CriblAccess.yaml",
@ -13,7 +13,7 @@
      "Parsers/CriblUIAccess.yaml"
    ],
    "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\Cribl",
-    "Version": "1.0.0",
+    "Version": "3.0.0",
    "Metadata": "SolutionMetadata.json",
    "TemplateSpec": true,
    "Is1Pconnector": false
--- a/Solutions/Cribl/Package/3.0.0.zip
+++ b/Solutions/Cribl/Package/3.0.0.zip
--- a/Solutions/Cribl/Package/createUiDefinition.json
+++ b/Solutions/Cribl/Package/createUiDefinition.json
@ -6,7 +6,7 @@
    "config": {
      "isWizard": false,
      "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \r \n • Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/cribl/ReleaseNotes.md)\r \n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Cribl](https://about.cribl.com/solutions/devops-platform/) solution allows you to easily connect your cribl (cribl Enterprise Edition - Standalone) logs into Microsoft Sentinel. This gives you more security insight into your organization's DevOps pipelines.  .\r\n \r\n**Underlying Microsoft Technologies used:**\n\nThis solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs: \r\n \r\n a. [Agent-based log collection (Syslog)](https://docs.microsoft.com/azure/sentinel/connect-syslog)\n\n**Data Connectors:** 1, **Parsers:** 3, **Analytic Rules:** 9\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Cribl-Logo.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Cribl/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\n- Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Cribl/ReleaseNotes.md)\r\n\r\nCribl i is a vendor neutral, purpose-built processing engine for data security and IT operations focused on centralized parsing and processing of event data.\n\n**Data Connectors:** 1, **Parsers:** 4\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
        "subscription": {
          "resourceProviders": [
            "Microsoft.OperationsManagement/solutions",
@ -60,14 +60,14 @@
            "name": "dataconnectors1-text",
            "type": "Microsoft.Common.TextBlock",
            "options": {
-              "text": "This solution installs the data connector that allows to connect your Cribl (Cribl Enterprise Edition - Standalone) logs into Microsoft Sentinel. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
+              "text": "This Solution installs the data connector for Cribl. You can get Cribl custom log data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
            }
          },
          {
            "name": "dataconnectors-parser-text",
            "type": "Microsoft.Common.TextBlock",
            "options": {
-              "text": "The solution installs a parser that transforms ingested data. The transformed logs can be accessed using the CriblAudit, CriblAccess and CriblApp Kusto Function alias."
+              "text": "The Solution installs a parser that transforms the ingested data into Microsoft Sentinel normalized format. The normalized format enables better correlation of different types of data from different data sources to drive end-to-end outcomes seamlessly in security monitoring, hunting, incident investigation and response scenarios in Microsoft Sentinel."
            }
          },
          {
@ -89,4 +89,4 @@
      "workspace": "[basics('workspace')]"
    }
  }
-}
+}
--- a/Solutions/Cribl/Package/mainTemplate.json
+++ b/Solutions/Cribl/Package/mainTemplate.json
--- a/Solutions/Cribl/Package/testParameters.json
+++ b/Solutions/Cribl/Package/testParameters.json
@ -0,0 +1,24 @@
+{
+  "location": {
+    "type": "string",
+    "minLength": 1,
+    "defaultValue": "[resourceGroup().location]",
+    "metadata": {
+      "description": "Not used, but needed to pass arm-ttk test `Location-Should-Not-Be-Hardcoded`.  We instead use the `workspace-location` which is derived from the LA workspace"
+    }
+  },
+  "workspace-location": {
+    "type": "string",
+    "defaultValue": "",
+    "metadata": {
+      "description": "[concat('Region to deploy solution resources -- separate from location selection',parameters('location'))]"
+    }
+  },
+  "workspace": {
+    "defaultValue": "",
+    "type": "string",
+    "metadata": {
+      "description": "Workspace name for Log Analytics where Microsoft Sentinel is setup"
+    }
+  }
+}