Cognni TemplateSpec Solution
This commit is contained in:
v-sabiraj
Родитель
c4926e1b3b
Коммит
62f55951f6
Двоичный файл не отображается.
|
|
@ -0,0 +1,351 @@
|
|||
{
|
||||
"$schema": "https://schema.management.azure.com/schemas/0.1.2-preview/CreateUIDefinition.MultiVm.json#",
|
||||
"handler": "Microsoft.Azure.CreateUIDef",
|
||||
"version": "0.1.2-preview",
|
||||
"parameters": {
|
||||
"config": {
|
||||
"isWizard": false,
|
||||
"basics": {
|
||||
"description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/cognni-logo.svg\"width=\"75px\" height=\"75px\">\n\n**Note:** _There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing._\n\nThe [Cognni](https://cognni.ai/) solution for Microsoft Sentinel enables you to ingest critical information-based incidents from the Cognni platform into Microsoft Sentinel.\n\n**Underlying Microsoft Technologies used:**\n\nThis solution is dependent on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\n\na. [Azure Monitor HTTP Data Collector API](https://docs.microsoft.com/azure/azure-monitor/logs/data-collector-api)\n\n**Data Connectors:** 1, **Workbooks:** 1, **Analytic Rules:** 15\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
|
||||
"subscription": {
|
||||
"resourceProviders": [
|
||||
"Microsoft.OperationsManagement/solutions",
|
||||
"Microsoft.OperationalInsights/workspaces/providers/alertRules",
|
||||
"Microsoft.Insights/workbooks",
|
||||
"Microsoft.Logic/workflows"
|
||||
]
|
||||
},
|
||||
"location": {
|
||||
"metadata": {
|
||||
"hidden": "Hiding location, we get it from the log analytics workspace"
|
||||
},
|
||||
"visible": false
|
||||
},
|
||||
"resourceGroup": {
|
||||
"allowExisting": true
|
||||
}
|
||||
}
|
||||
},
|
||||
"basics": [
|
||||
{
|
||||
"name": "getLAWorkspace",
|
||||
"type": "Microsoft.Solutions.ArmApiControl",
|
||||
"toolTip": "This filters by workspaces that exist in the Resource Group selected",
|
||||
"condition": "[greater(length(resourceGroup().name),0)]",
|
||||
"request": {
|
||||
"method": "GET",
|
||||
"path": "[concat(subscription().id,'/providers/Microsoft.OperationalInsights/workspaces?api-version=2020-08-01')]"
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "workspace",
|
||||
"type": "Microsoft.Common.DropDown",
|
||||
"label": "Workspace",
|
||||
"placeholder": "Select a workspace",
|
||||
"toolTip": "This dropdown will list only workspace that exists in the Resource Group selected",
|
||||
"constraints": {
|
||||
"allowedValues": "[map(filter(basics('getLAWorkspace').value, (filter) => contains(toLower(filter.id), toLower(resourceGroup().name))), (item) => parse(concat('{\"label\":\"', item.name, '\",\"value\":\"', item.name, '\"}')))]",
|
||||
"required": true
|
||||
},
|
||||
"visible": true
|
||||
}
|
||||
],
|
||||
"steps": [
|
||||
{
|
||||
"name": "dataconnectors",
|
||||
"label": "Data Connectors",
|
||||
"bladeTitle": "Data Connectors",
|
||||
"elements": [
|
||||
{
|
||||
"name": "dataconnectors1-text",
|
||||
"type": "Microsoft.Common.TextBlock",
|
||||
"options": {
|
||||
"text": "This solution installs the data connector for ingesting Cognni incidents into Microsoft Sentinel, using the Cognni API. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "dataconnectors-link2",
|
||||
"type": "Microsoft.Common.TextBlock",
|
||||
"options": {
|
||||
"link": {
|
||||
"label": "Learn more about connecting data sources",
|
||||
"uri": "https://docs.microsoft.com/azure/sentinel/connect-data-sources"
|
||||
}
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "workbooks",
|
||||
"label": "Workbooks",
|
||||
"subLabel": {
|
||||
"preValidation": "Configure the workbooks",
|
||||
"postValidation": "Done"
|
||||
},
|
||||
"bladeTitle": "Workbooks",
|
||||
"elements": [
|
||||
{
|
||||
"name": "workbooks-text",
|
||||
"type": "Microsoft.Common.TextBlock",
|
||||
"options": {
|
||||
"text": "This solution installs workbook to help you gain insights into the telemetry collected in Microsoft Sentinel. After installing the solution, start using the workbook in Manage solution view."
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "workbooks-link",
|
||||
"type": "Microsoft.Common.TextBlock",
|
||||
"options": {
|
||||
"link": {
|
||||
"label": "Learn more",
|
||||
"uri": "https://docs.microsoft.com/azure/sentinel/tutorial-monitor-your-data"
|
||||
}
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "analytics",
|
||||
"label": "Analytics",
|
||||
"subLabel": {
|
||||
"preValidation": "Configure the analytics",
|
||||
"postValidation": "Done"
|
||||
},
|
||||
"bladeTitle": "Analytics",
|
||||
"elements": [
|
||||
{
|
||||
"name": "analytics-text",
|
||||
"type": "Microsoft.Common.TextBlock",
|
||||
"options": {
|
||||
"text": "This solution installs the following analytic rule templates. After installing the solution, create and enable analytic rules in Manage solution view."
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "analytics-link",
|
||||
"type": "Microsoft.Common.TextBlock",
|
||||
"options": {
|
||||
"link": {
|
||||
"label": "Learn more",
|
||||
"uri": "https://docs.microsoft.com/azure/sentinel/tutorial-detect-threats-custom?WT.mc_id=Portal-Microsoft_Azure_CreateUIDef"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "analytic1",
|
||||
"type": "Microsoft.Common.Section",
|
||||
"label": "Cognni Incidents for Highly Sensitive Business Information",
|
||||
"elements": [
|
||||
{
|
||||
"name": "analytic1-text",
|
||||
"type": "Microsoft.Common.TextBlock",
|
||||
"options": {
|
||||
"text": "Display incidents in which highly sensitive business information was placed at risk by user sharing."
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "analytic2",
|
||||
"type": "Microsoft.Common.Section",
|
||||
"label": "Cognni Incidents for Highly Sensitive Financial Information",
|
||||
"elements": [
|
||||
{
|
||||
"name": "analytic2-text",
|
||||
"type": "Microsoft.Common.TextBlock",
|
||||
"options": {
|
||||
"text": "Display incidents in which highly sensitive financial information was placed at risk by user sharing."
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "analytic3",
|
||||
"type": "Microsoft.Common.Section",
|
||||
"label": "Cognni Incidents for Highly Sensitive Governance Information",
|
||||
"elements": [
|
||||
{
|
||||
"name": "analytic3-text",
|
||||
"type": "Microsoft.Common.TextBlock",
|
||||
"options": {
|
||||
"text": "Display incidents in which highly sensitive governance information was placed at risk by user sharing."
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "analytic4",
|
||||
"type": "Microsoft.Common.Section",
|
||||
"label": "Cognni Incidents for Highly Sensitive HR Information",
|
||||
"elements": [
|
||||
{
|
||||
"name": "analytic4-text",
|
||||
"type": "Microsoft.Common.TextBlock",
|
||||
"options": {
|
||||
"text": "Display incidents in which highly sensitive HR information was placed at risk by user sharing."
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "analytic5",
|
||||
"type": "Microsoft.Common.Section",
|
||||
"label": "Cognni Incidents for Highly Sensitive Legal Information",
|
||||
"elements": [
|
||||
{
|
||||
"name": "analytic5-text",
|
||||
"type": "Microsoft.Common.TextBlock",
|
||||
"options": {
|
||||
"text": "Display incidents in which highly sensitive legal information was placed at risk by user sharing."
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "analytic6",
|
||||
"type": "Microsoft.Common.Section",
|
||||
"label": "Cognni Incidents for Low Sensitivity Business Information",
|
||||
"elements": [
|
||||
{
|
||||
"name": "analytic6-text",
|
||||
"type": "Microsoft.Common.TextBlock",
|
||||
"options": {
|
||||
"text": "Display incidents in which low sensitivity business information] was placed at risk by user sharing."
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "analytic7",
|
||||
"type": "Microsoft.Common.Section",
|
||||
"label": "Cognni Incidents for Low Sensitivity Financial Information",
|
||||
"elements": [
|
||||
{
|
||||
"name": "analytic7-text",
|
||||
"type": "Microsoft.Common.TextBlock",
|
||||
"options": {
|
||||
"text": "Display incidents in which low sensitivity financial information was placed at risk by user sharing."
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "analytic8",
|
||||
"type": "Microsoft.Common.Section",
|
||||
"label": "Cognni Incidents for Low Sensitivity Governance Information",
|
||||
"elements": [
|
||||
{
|
||||
"name": "analytic8-text",
|
||||
"type": "Microsoft.Common.TextBlock",
|
||||
"options": {
|
||||
"text": "Display incidents in which low sensitivity governance information] was placed at risk by user sharing."
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "analytic9",
|
||||
"type": "Microsoft.Common.Section",
|
||||
"label": "Cognni Incidents for Low Sensitivity HR Information",
|
||||
"elements": [
|
||||
{
|
||||
"name": "analytic9-text",
|
||||
"type": "Microsoft.Common.TextBlock",
|
||||
"options": {
|
||||
"text": "Display incidents in which low sensitive HR information was placed at risk by user sharing."
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "analytic10",
|
||||
"type": "Microsoft.Common.Section",
|
||||
"label": "Cognni Incidents for Low Sensitivity Legal Information",
|
||||
"elements": [
|
||||
{
|
||||
"name": "analytic10-text",
|
||||
"type": "Microsoft.Common.TextBlock",
|
||||
"options": {
|
||||
"text": "Display incidents in which low sensitivity legal information was placed at risk by user sharing."
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "analytic11",
|
||||
"type": "Microsoft.Common.Section",
|
||||
"label": "Cognni Incidents for Medium Sensitivity Business Information",
|
||||
"elements": [
|
||||
{
|
||||
"name": "analytic11-text",
|
||||
"type": "Microsoft.Common.TextBlock",
|
||||
"options": {
|
||||
"text": "Display incidents in which medium sensitivity business information was placed at risk by user sharing."
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "analytic12",
|
||||
"type": "Microsoft.Common.Section",
|
||||
"label": "Cognni Incidents for Medium Sensitivity Financial Information",
|
||||
"elements": [
|
||||
{
|
||||
"name": "analytic12-text",
|
||||
"type": "Microsoft.Common.TextBlock",
|
||||
"options": {
|
||||
"text": "Display incidents in which medium sensitive financial information was placed at risk by user sharing."
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "analytic13",
|
||||
"type": "Microsoft.Common.Section",
|
||||
"label": "Cognni Incidents for Medium Sensitivity Governance Information",
|
||||
"elements": [
|
||||
{
|
||||
"name": "analytic13-text",
|
||||
"type": "Microsoft.Common.TextBlock",
|
||||
"options": {
|
||||
"text": "Display incidents in which medium sensitivity governance information was placed at risk by user sharing."
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "analytic14",
|
||||
"type": "Microsoft.Common.Section",
|
||||
"label": "Cognni Incidents for Medium Sensitivity HR Information",
|
||||
"elements": [
|
||||
{
|
||||
"name": "analytic14-text",
|
||||
"type": "Microsoft.Common.TextBlock",
|
||||
"options": {
|
||||
"text": "Display incidents in which medium sensitivity HR information was placed at risk by user sharing."
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "analytic15",
|
||||
"type": "Microsoft.Common.Section",
|
||||
"label": "Cognni Incidents for Medium Sensitivity Legal Information",
|
||||
"elements": [
|
||||
{
|
||||
"name": "analytic15-text",
|
||||
"type": "Microsoft.Common.TextBlock",
|
||||
"options": {
|
||||
"text": "Display incidents in which medium sensitivity legal information was placed at risk by user sharing."
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"outputs": {
|
||||
"workspace-location": "[first(map(filter(basics('getLAWorkspace').value, (filter) => and(contains(toLower(filter.id), toLower(resourceGroup().name)),equals(filter.name,basics('workspace')))), (item) => item.location))]",
|
||||
"location": "[location()]",
|
||||
"workspace": "[basics('workspace')]"
|
||||
}
|
||||
}
|
||||
}
|
||||
Различия файлов скрыты, потому что одна или несколько строк слишком длинны
|
|
@ -0,0 +1,15 @@
|
|||
{
|
||||
"publisherId": "azuresentinel",
|
||||
"offerId": "azure-sentinel-solution-isvtesting8",
|
||||
"firstPublishDate": "2022-05-06",
|
||||
"providers": ["Cognni"],
|
||||
"categories": {
|
||||
"domains" : ["Security - Information Protection"]
|
||||
},
|
||||
"support": {
|
||||
"name": "Cognni",
|
||||
"email": "isv@email.com",
|
||||
"tier": "Partner",
|
||||
"link": "https://cognni.ai/contact-support/"
|
||||
}
|
||||
}
|
||||
Загрузка…
Ссылка в новой задаче