Armoblox & Flare repackaging
This commit is contained in:
PrasadBoke
Родитель
696a9a3722
Коммит
5df9fe069a
|
|
@ -13,11 +13,11 @@
|
|||
"Analytic Rules/ArmorbloxNeedsReviewAlert.yaml"
|
||||
],
|
||||
"Playbooks": [
|
||||
"Playbooks/azuredeploy.json"
|
||||
"Playbooks/Needs-Review-Incident-Email-Notification/azuredeploy.json"
|
||||
],
|
||||
"Metadata": "SolutionMetadata.json",
|
||||
"BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\Armorblox",
|
||||
"Version": "2.0.1",
|
||||
"Version": "2.0.2",
|
||||
"TemplateSpec": true,
|
||||
"Is1PConnector": false
|
||||
}
|
||||
|
|
|
|||
Двоичный файл не отображается.
|
|
@ -100,6 +100,20 @@
|
|||
"uri": "https://docs.microsoft.com/azure/sentinel/tutorial-monitor-your-data"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "workbook1",
|
||||
"type": "Microsoft.Common.Section",
|
||||
"label": "Armorblox",
|
||||
"elements": [
|
||||
{
|
||||
"name": "workbook1-text",
|
||||
"type": "Microsoft.Common.TextBlock",
|
||||
"options": {
|
||||
"text": "INCIDENTS FROM SELECTED TIME RANGE"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
|
|
|
|||
|
|
@ -38,10 +38,10 @@
|
|||
}
|
||||
},
|
||||
"variables": {
|
||||
"IncidentId" :"id_s",
|
||||
"_IncidentId":"[variables('IncidentId')]",
|
||||
"solutionId": "armorblox1601081599926.armorblox_sentinel_1",
|
||||
"_solutionId": "[variables('solutionId')]",
|
||||
"IncidentId" :"id_s",
|
||||
"_IncidentId":"[variables('IncidentId')]",
|
||||
"email": "support@armorblox.com",
|
||||
"_email": "[variables('email')]",
|
||||
"workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]",
|
||||
|
|
@ -63,10 +63,10 @@
|
|||
"_analyticRulecontentId1": "[variables('analyticRulecontentId1')]",
|
||||
"analyticRuleId1": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', variables('analyticRulecontentId1'))]",
|
||||
"analyticRuleTemplateSpecName1": "[concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId1')))]",
|
||||
"Playbooks": "Playbooks",
|
||||
"_Playbooks": "[variables('Playbooks')]",
|
||||
"Needs-Review-Incident-Email-Notification": "Needs-Review-Incident-Email-Notification",
|
||||
"_Needs-Review-Incident-Email-Notification": "[variables('Needs-Review-Incident-Email-Notification')]",
|
||||
"playbookVersion1": "1.0",
|
||||
"playbookContentId1": "Playbooks",
|
||||
"playbookContentId1": "Needs-Review-Incident-Email-Notification",
|
||||
"_playbookContentId1": "[variables('playbookContentId1')]",
|
||||
"playbookId1": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId1'))]",
|
||||
"playbookTemplateSpecName1": "[concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId1')))]"
|
||||
|
|
@ -99,7 +99,7 @@
|
|||
"[resourceId('Microsoft.Resources/templateSpecs', variables('dataConnectorTemplateSpecName1'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "Armorblox data connector with template version 2.0.1",
|
||||
"description": "Armorblox data connector with template version 2.0.2",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('dataConnectorVersion1')]",
|
||||
|
|
@ -455,7 +455,7 @@
|
|||
"[resourceId('Microsoft.Resources/templateSpecs', variables('workbookTemplateSpecName1'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "ArmorbloxOverviewWorkbook Workbook with template version 2.0.1",
|
||||
"description": "ArmorbloxOverviewWorkbook with template version 2.0.2",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('workbookVersion1')]",
|
||||
|
|
@ -549,7 +549,7 @@
|
|||
"[resourceId('Microsoft.Resources/templateSpecs', variables('analyticRuleTemplateSpecName1'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "ArmorbloxNeedsReviewAlert_AnalyticalRules Analytics Rule with template version 2.0.1",
|
||||
"description": "ArmorbloxNeedsReviewAlert_AnalyticalRules Analytics Rule with template version 2.0.2",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('analyticRuleVersion1')]",
|
||||
|
|
@ -587,22 +587,22 @@
|
|||
"aggregationKind": "AlertPerResult"
|
||||
},
|
||||
"customDetails": {
|
||||
"IncidentId": "[variables('_IncidentId')]",
|
||||
"RemediationAction": "remediation_actions_s"
|
||||
"RemediationAction": "remediation_actions_s",
|
||||
"IncidentId": "[variables('_IncidentId')]"
|
||||
},
|
||||
"alertDetailsOverride": {
|
||||
"alertSeverityColumnName": "priority_s",
|
||||
"alertDescriptionFormat": "Incident {{id_s}} generated at {{date_t}} needs review ",
|
||||
"alertDisplayNameFormat": "Alert from Armorblox",
|
||||
"alertDescriptionFormat": "Incident {{id_s}} generated at {{date_t}} needs review "
|
||||
"alertSeverityColumnName": "priority_s"
|
||||
},
|
||||
"incidentConfiguration": {
|
||||
"createIncident": true,
|
||||
"groupingConfiguration": {
|
||||
"enabled": false,
|
||||
"reopenClosedIncident": false,
|
||||
"matchingMethod": "AllEntities",
|
||||
"matchingMethod": "AllEntities",
|
||||
"lookbackDuration": "10m"
|
||||
},
|
||||
"createIncident": true
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
|
|
@ -663,7 +663,7 @@
|
|||
"[resourceId('Microsoft.Resources/templateSpecs', variables('playbookTemplateSpecName1'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "Armorblox Playbook with template version 2.0.1",
|
||||
"description": "Armorblox Playbook with template version 2.0.2",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('playbookVersion1')]",
|
||||
|
|
@ -863,7 +863,7 @@
|
|||
"apiVersion": "2022-01-01-preview",
|
||||
"location": "[parameters('workspace-location')]",
|
||||
"properties": {
|
||||
"version": "2.0.1",
|
||||
"version": "2.0.2",
|
||||
"kind": "Solution",
|
||||
"contentSchemaVersion": "2.0.0",
|
||||
"contentId": "[variables('_solutionId')]",
|
||||
|
|
@ -902,7 +902,7 @@
|
|||
},
|
||||
{
|
||||
"kind": "Playbook",
|
||||
"contentId": "[variables('_Playbooks')]",
|
||||
"contentId": "[variables('_Needs-Review-Incident-Email-Notification')]",
|
||||
"version": "[variables('playbookVersion1')]"
|
||||
}
|
||||
]
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
# Needs-Review-Incident-Email-Notification
|
||||
**Author:** Armorblox
|
||||
|
||||
This playbook will send an email notification when a new incident is created in Azure Sentinel.
|
||||
This playbook will send an email notification when a new incident is created in Microsoft Sentinel.
|
||||
## Pre-requisites
|
||||
An O365 account to be used to send email notification. The user account will be used in O365 connector (Send an email).
|
||||
|
||||
|
До Ширина: | Высота: | Размер: 24 KiB После Ширина: | Высота: | Размер: 24 KiB |
|
|
@ -10,13 +10,13 @@
|
|||
"Workbooks/FlareSystemsFireworkOverview.json"
|
||||
],
|
||||
"Playbooks": [
|
||||
"Playbooks/azuredeploy.json"
|
||||
"Playbooks/credential-warning/azuredeploy.json"
|
||||
],
|
||||
"Analytic Rules": [
|
||||
"Analytic Rules/FlareCredentialLeaks.yaml"
|
||||
],
|
||||
"BasePath": "C:\\GitHub\\azure-sentinel\\Solutions\\Flare",
|
||||
"Version": "2.0.2",
|
||||
"Version": "2.0.3",
|
||||
"Metadata": "SolutionMetadata.json",
|
||||
"TemplateSpec": true,
|
||||
"Is1PConnector": false
|
||||
|
|
|
|||
Двоичный файл не отображается.
|
|
@ -100,6 +100,20 @@
|
|||
"uri": "https://docs.microsoft.com/azure/sentinel/tutorial-monitor-your-data"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "workbook1",
|
||||
"type": "Microsoft.Common.Section",
|
||||
"label": "FlareSystemsFirework",
|
||||
"elements": [
|
||||
{
|
||||
"name": "workbook1-text",
|
||||
"type": "Microsoft.Common.TextBlock",
|
||||
"options": {
|
||||
"text": "Select the time range for this Overview."
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
|
|
@ -180,4 +194,4 @@
|
|||
"workspace": "[basics('workspace')]"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -56,10 +56,10 @@
|
|||
"workbookId1": "[resourceId('Microsoft.Insights/workbooks', variables('workbookContentId1'))]",
|
||||
"workbookTemplateSpecName1": "[concat(parameters('workspace'),'-wb-',uniquestring(variables('_workbookContentId1')))]",
|
||||
"_workbookContentId1": "[variables('workbookContentId1')]",
|
||||
"Playbooks": "Playbooks",
|
||||
"_Playbooks": "[variables('Playbooks')]",
|
||||
"credential-warning": "credential-warning",
|
||||
"_credential-warning": "[variables('credential-warning')]",
|
||||
"playbookVersion1": "1.0",
|
||||
"playbookContentId1": "Playbooks",
|
||||
"playbookContentId1": "credential-warning",
|
||||
"_playbookContentId1": "[variables('playbookContentId1')]",
|
||||
"playbookId1": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId1'))]",
|
||||
"playbookTemplateSpecName1": "[concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId1')))]",
|
||||
|
|
@ -97,7 +97,7 @@
|
|||
"[resourceId('Microsoft.Resources/templateSpecs', variables('dataConnectorTemplateSpecName1'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "Flare data connector with template version 2.0.2",
|
||||
"description": "Flare data connector with template version 2.0.3",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('dataConnectorVersion1')]",
|
||||
|
|
@ -453,7 +453,7 @@
|
|||
"[resourceId('Microsoft.Resources/templateSpecs', variables('workbookTemplateSpecName1'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "FlareSystemsFireworkOverviewWorkbook Workbook with template version 2.0.2",
|
||||
"description": "FlareSystemsFireworkOverviewWorkbook with template version 2.0.3",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('workbookVersion1')]",
|
||||
|
|
@ -548,7 +548,7 @@
|
|||
"[resourceId('Microsoft.Resources/templateSpecs', variables('playbookTemplateSpecName1'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "credential-warning Playbook with template version 2.0.2",
|
||||
"description": "credential-warning Playbook with template version 2.0.3",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('playbookVersion1')]",
|
||||
|
|
@ -914,7 +914,7 @@
|
|||
"[resourceId('Microsoft.Resources/templateSpecs', variables('analyticRuleTemplateSpecName1'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "FlareCredentialLeaks_AnalyticalRules Analytics Rule with template version 2.0.2",
|
||||
"description": "FlareCredentialLeaks_AnalyticalRules Analytics Rule with template version 2.0.3",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('analyticRuleVersion1')]",
|
||||
|
|
@ -942,10 +942,10 @@
|
|||
"status": "Available",
|
||||
"requiredDataConnectors": [
|
||||
{
|
||||
"connectorId": "Flare",
|
||||
"dataTypes": [
|
||||
"Firework_CL"
|
||||
],
|
||||
"connectorId": "Flare"
|
||||
]
|
||||
}
|
||||
],
|
||||
"tactics": [
|
||||
|
|
@ -992,7 +992,7 @@
|
|||
"apiVersion": "2022-01-01-preview",
|
||||
"location": "[parameters('workspace-location')]",
|
||||
"properties": {
|
||||
"version": "2.0.2",
|
||||
"version": "2.0.3",
|
||||
"kind": "Solution",
|
||||
"contentSchemaVersion": "2.0.0",
|
||||
"contentId": "[variables('_solutionId')]",
|
||||
|
|
@ -1027,7 +1027,7 @@
|
|||
},
|
||||
{
|
||||
"kind": "Playbook",
|
||||
"contentId": "[variables('_Playbooks')]",
|
||||
"contentId": "[variables('_credential-warning')]",
|
||||
"version": "[variables('playbookVersion1')]"
|
||||
},
|
||||
{
|
||||
|
|
@ -1051,4 +1051,4 @@
|
|||
}
|
||||
],
|
||||
"outputs": {}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче