Link updated
This commit is contained in:
v-shukore
Родитель
3fdea962c4
Коммит
5ddba29fee
Двоичные данные
Solutions/VMware Carbon Black Cloud/Package/3.0.1.zip
Двоичные данные
Solutions/VMware Carbon Black Cloud/Package/3.0.1.zip
Двоичный файл не отображается.
|
|
@ -561,10 +561,10 @@
|
|||
"status": "Available",
|
||||
"requiredDataConnectors": [
|
||||
{
|
||||
"connectorId": "VMwareCarbonBlack",
|
||||
"dataTypes": [
|
||||
"CarbonBlackNotifications_CL"
|
||||
],
|
||||
"connectorId": "VMwareCarbonBlack"
|
||||
]
|
||||
}
|
||||
],
|
||||
"tactics": [
|
||||
|
|
@ -575,22 +575,22 @@
|
|||
],
|
||||
"entityMappings": [
|
||||
{
|
||||
"entityType": "Host",
|
||||
"fieldMappings": [
|
||||
{
|
||||
"columnName": "HostCustomEntity",
|
||||
"identifier": "FullName"
|
||||
"identifier": "FullName",
|
||||
"columnName": "HostCustomEntity"
|
||||
}
|
||||
],
|
||||
"entityType": "Host"
|
||||
]
|
||||
},
|
||||
{
|
||||
"entityType": "IP",
|
||||
"fieldMappings": [
|
||||
{
|
||||
"columnName": "IPCustomEntity",
|
||||
"identifier": "Address"
|
||||
"identifier": "Address",
|
||||
"columnName": "IPCustomEntity"
|
||||
}
|
||||
],
|
||||
"entityType": "IP"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
|
|
@ -674,10 +674,10 @@
|
|||
"status": "Available",
|
||||
"requiredDataConnectors": [
|
||||
{
|
||||
"connectorId": "VMwareCarbonBlack",
|
||||
"dataTypes": [
|
||||
"CarbonBlackEvents_CL"
|
||||
],
|
||||
"connectorId": "VMwareCarbonBlack"
|
||||
]
|
||||
}
|
||||
],
|
||||
"tactics": [
|
||||
|
|
@ -688,31 +688,31 @@
|
|||
],
|
||||
"entityMappings": [
|
||||
{
|
||||
"entityType": "Account",
|
||||
"fieldMappings": [
|
||||
{
|
||||
"columnName": "AccountCustomEntity",
|
||||
"identifier": "FullName"
|
||||
"identifier": "FullName",
|
||||
"columnName": "AccountCustomEntity"
|
||||
}
|
||||
],
|
||||
"entityType": "Account"
|
||||
]
|
||||
},
|
||||
{
|
||||
"entityType": "Host",
|
||||
"fieldMappings": [
|
||||
{
|
||||
"columnName": "HostCustomEntity",
|
||||
"identifier": "FullName"
|
||||
"identifier": "FullName",
|
||||
"columnName": "HostCustomEntity"
|
||||
}
|
||||
],
|
||||
"entityType": "Host"
|
||||
]
|
||||
},
|
||||
{
|
||||
"entityType": "IP",
|
||||
"fieldMappings": [
|
||||
{
|
||||
"columnName": "IPCustomEntity",
|
||||
"identifier": "Address"
|
||||
"identifier": "Address",
|
||||
"columnName": "IPCustomEntity"
|
||||
}
|
||||
],
|
||||
"entityType": "IP"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
|
|
@ -2498,7 +2498,7 @@
|
|||
],
|
||||
"metadata": {
|
||||
"comments": "This connector used to perform different actions on alerts , device and threats using CarbonBlack cloud endpoint API.",
|
||||
"lastUpdateTime": "2024-04-17T12:33:54.110Z",
|
||||
"lastUpdateTime": "2024-04-24T14:40:25.488Z",
|
||||
"releaseNotes": {
|
||||
"version": "1.0",
|
||||
"title": "[variables('blanks')]",
|
||||
|
|
@ -5041,7 +5041,7 @@
|
|||
"Remediation"
|
||||
],
|
||||
"postDeployment": [
|
||||
"** Authorize connections ** \n\n Once deployment is complete, you will need to authorize each connection. \n\n 1. Click the Microsoft Sentinel connection resource \n\n 2. Click edit API connection \n\n 3. Click Authorize \n\n 4. Sign in \n\n 5. Click Save \n\n 6. Repeat step 2&3 while for CarbonBlack connector Connection to authorize connector API of the playbook (For authorizing the CarbonBlack API connection, API Key needs to be provided. API Key Value is the combination of API Key / API ID) \n\n ** Configurations in Sentinel ** \n\n 1. In Microsoft Sentinel analytical rules should be configured to trigger an incident with risky device \n\n 2. Configure the automation rules to trigger this playbook \n\n [](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FCarbonBlack%2FPlaybooks%2FCarbonBlack-QuarantineDevice%2Fazuredeploy.json) \n\n [](https://portal.azure.us/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FCarbonBlack%2FPlaybooks%2FCarbonBlack-QuarantineDevice%2Fazuredeploy.json)"
|
||||
"** Authorize connections ** \n\n Once deployment is complete, you will need to authorize each connection. \n\n 1. Click the Microsoft Sentinel connection resource \n\n 2. Click edit API connection \n\n 3. Click Authorize \n\n 4. Sign in \n\n 5. Click Save \n\n 6. Repeat step 2&3 while for CarbonBlack connector Connection to authorize connector API of the playbook (For authorizing the CarbonBlack API connection, API Key needs to be provided. API Key Value is the combination of API Key / API ID) \n\n ** Configurations in Sentinel ** \n\n 1. In Microsoft Sentinel analytical rules should be configured to trigger an incident with risky device \n\n 2. Configure the automation rules to trigger this playbook \n\n [](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FVMware%2520Carbon%2520Black%2520Cloud%2FPlaybooks%2FCarbonBlack-QuarantineDevice%2Fazuredeploy.json) \n\n [](https://portal.azure.us/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FVMware%2520Carbon%2520Black%2520Cloud%2FPlaybooks%2FCarbonBlack-QuarantineDevice%2Fazuredeploy.json)"
|
||||
],
|
||||
"releaseNotes": [
|
||||
{
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@
|
|||
"lastUpdateTime": "2022-07-29T00:00:00.000Z",
|
||||
"entities": ["Host"],
|
||||
"tags": ["Remediation"],
|
||||
"postDeployment": ["** Authorize connections ** \n\n Once deployment is complete, you will need to authorize each connection. \n\n 1. Click the Microsoft Sentinel connection resource \n\n 2. Click edit API connection \n\n 3. Click Authorize \n\n 4. Sign in \n\n 5. Click Save \n\n 6. Repeat step 2&3 while for CarbonBlack connector Connection to authorize connector API of the playbook (For authorizing the CarbonBlack API connection, API Key needs to be provided. API Key Value is the combination of API Key / API ID) \n\n ** Configurations in Sentinel ** \n\n 1. In Microsoft Sentinel analytical rules should be configured to trigger an incident with risky device \n\n 2. Configure the automation rules to trigger this playbook \n\n [](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FCarbonBlack%2FPlaybooks%2FCarbonBlack-QuarantineDevice%2Fazuredeploy.json) \n\n [](https://portal.azure.us/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FCarbonBlack%2FPlaybooks%2FCarbonBlack-QuarantineDevice%2Fazuredeploy.json)"],
|
||||
"postDeployment": ["** Authorize connections ** \n\n Once deployment is complete, you will need to authorize each connection. \n\n 1. Click the Microsoft Sentinel connection resource \n\n 2. Click edit API connection \n\n 3. Click Authorize \n\n 4. Sign in \n\n 5. Click Save \n\n 6. Repeat step 2&3 while for CarbonBlack connector Connection to authorize connector API of the playbook (For authorizing the CarbonBlack API connection, API Key needs to be provided. API Key Value is the combination of API Key / API ID) \n\n ** Configurations in Sentinel ** \n\n 1. In Microsoft Sentinel analytical rules should be configured to trigger an incident with risky device \n\n 2. Configure the automation rules to trigger this playbook \n\n [](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FVMware%2520Carbon%2520Black%2520Cloud%2FPlaybooks%2FCarbonBlack-QuarantineDevice%2Fazuredeploy.json) \n\n [](https://portal.azure.us/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FVMware%2520Carbon%2520Black%2520Cloud%2FPlaybooks%2FCarbonBlack-QuarantineDevice%2Fazuredeploy.json)"],
|
||||
"support": {
|
||||
"tier": "community"
|
||||
},
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче