Package Updated for Elastic Agent

2022-06-13 18:07:16 +05:30 · 2022-06-13 18:07:16 +05:30 · 6355dc784c
--- a/Connectors/Connector_ElasticAgent.json
+++ b/Connectors/Connector_ElasticAgent.json
@ -2,8 +2,8 @@
    "id": "ElasticAgent",
    "title": "Elastic Agent (Standalone)",
    "publisher": "Elastic",
-    "descriptionMarkdown": "The [Elastic Agent](https://www.elastic.co/security) data connector provides the capability to ingest Elastic Agent logs, metrics, and security data into Azure Sentinel.",
-    "additionalRequirementBanner": "This data connector depends on a parser based on a Kusto Function to work as expected [**ElasticAgentEvent**](https://aka.ms/sentinel-ElasticAgent-parser) which is deployed with the Azure Sentinel Solution.",
+    "descriptionMarkdown": "The [Elastic Agent](https://www.elastic.co/security) data connector provides the capability to ingest Elastic Agent logs, metrics, and security data into Microsoft Sentinel.",
+    "additionalRequirementBanner": "This data connector depends on a parser based on a Kusto Function to work as expected [**ElasticAgentEvent**](https://aka.ms/sentinel-ElasticAgent-parser) which is deployed with the Microsoft Sentinel Solution.",
    "graphQueries": [
        {
            "metricName": "Total data received",
@ -33,7 +33,7 @@
    ],
    "availability": {
        "status": 1,
-        "isPreview": true
+        "isPreview": false
    },
    "permissions": {
        "resourceProvider": [
@ -51,7 +51,7 @@
    },
    "instructionSteps": [{
        "title": "",
-        "description": ">**NOTE:** This data connector depends on a parser based on a Kusto Function to work as expected [**ElasticAgentEvent**](https://aka.ms/sentinel-ElasticAgent-parser) which is deployed with the Azure Sentinel Solution.",
+        "description": ">**NOTE:** This data connector depends on a parser based on a Kusto Function to work as expected [**ElasticAgentEvent**](https://aka.ms/sentinel-ElasticAgent-parser) which is deployed with the Microsoft Sentinel Solution.",
        "instructions": []
    },
    {
--- a/Solutions/ElasticAgent/Data/Solution_ElasticAgent.json
+++ b/Solutions/ElasticAgent/Data/Solution_ElasticAgent.json
@ -0,0 +1,17 @@
+{
+  "Name": "ElasticAgent",
+  "Author": "Microsoft - support@microsoft.com",
+   "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Workbooks/Images/Logos/Azure_Sentinel.svg\"width=\"75px\"height=\"75px\">",
+  "Description": "The [Elastic Agent](https://www.elastic.co/security) solution provides the capability to ingest Elastic Agent logs, metrics, and security data into Microsoft Sentinel.\r\n  \r\n  **Underlying Microsoft Technologies used:** \r\n\r\n This solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\r\n\n  a. [Agent based logs collection from Windows and Linux machines](https://docs.microsoft.com/azure/azure-monitor/agents/data-sources-custom-logs)\r\n\n\n\n ",
+   "Data Connectors": [
+    "Data Connectors/Connector_ElasticAgent.json"
+  ],
+   "Parsers": [
+    "Parsers/ElasticAgentEvent.txt"
+  ],
+ "Metadata": "SolutionMetadata.json",
+  "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\ElasticAgent",
+  "Version": "2.0.0",
+  "TemplateSpec": true,
+  "Is1PConnector": false
+}
--- a/Solutions/ElasticAgent/Package/2.0.0.zip
+++ b/Solutions/ElasticAgent/Package/2.0.0.zip
--- a/Solutions/ElasticAgent/Package/createUiDefinition.json
+++ b/Solutions/ElasticAgent/Package/createUiDefinition.json
@ -0,0 +1,92 @@
+{
+  "$schema": "https://schema.management.azure.com/schemas/0.1.2-preview/CreateUIDefinition.MultiVm.json#",
+  "handler": "Microsoft.Azure.CreateUIDef",
+  "version": "0.1.2-preview",
+  "parameters": {
+    "config": {
+      "isWizard": false,
+      "basics": {
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Workbooks/Images/Logos/Azure_Sentinel.svg\"width=\"75px\"height=\"75px\">\n\n**Note:** _There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing._\n\nThe [Elastic Agent](https://www.elastic.co/security) solution provides the capability to ingest Elastic Agent logs, metrics, and security data into Microsoft Sentinel.\r\n  \r\n  **Underlying Microsoft Technologies used:** \r\n\r\n This solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\r\n\n  a. [Agent based logs collection from Windows and Linux machines](https://docs.microsoft.com/azure/azure-monitor/agents/data-sources-custom-logs)\r\n\n\n\n \n\n**Data Connectors:** 1, **Parsers:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "subscription": {
+          "resourceProviders": [
+            "Microsoft.OperationsManagement/solutions",
+            "Microsoft.OperationalInsights/workspaces/providers/alertRules",
+            "Microsoft.Insights/workbooks",
+            "Microsoft.Logic/workflows"
+          ]
+        },
+        "location": {
+          "metadata": {
+            "hidden": "Hiding location, we get it from the log analytics workspace"
+          },
+          "visible": false
+        },
+        "resourceGroup": {
+          "allowExisting": true
+        }
+      }
+    },
+    "basics": [
+      {
+        "name": "getLAWorkspace",
+        "type": "Microsoft.Solutions.ArmApiControl",
+        "toolTip": "This filters by workspaces that exist in the Resource Group selected",
+        "condition": "[greater(length(resourceGroup().name),0)]",
+        "request": {
+          "method": "GET",
+          "path": "[concat(subscription().id,'/providers/Microsoft.OperationalInsights/workspaces?api-version=2020-08-01')]"
+        }
+      },
+      {
+        "name": "workspace",
+        "type": "Microsoft.Common.DropDown",
+        "label": "Workspace",
+        "placeholder": "Select a workspace",
+        "toolTip": "This dropdown will list only workspace that exists in the Resource Group selected",
+        "constraints": {
+          "allowedValues": "[map(filter(basics('getLAWorkspace').value, (filter) => contains(toLower(filter.id), toLower(resourceGroup().name))), (item) => parse(concat('{\"label\":\"', item.name, '\",\"value\":\"', item.name, '\"}')))]",
+          "required": true
+        },
+        "visible": true
+      }
+    ],
+    "steps": [
+      {
+        "name": "dataconnectors",
+        "label": "Data Connectors",
+        "bladeTitle": "Data Connectors",
+        "elements": [
+          {
+            "name": "dataconnectors1-text",
+            "type": "Microsoft.Common.TextBlock",
+            "options": {
+              "text": "This solution installs the data connector for ingesting Elastic Agent logs, metrics, and security data into Microsoft Sentinel. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
+            }
+          },
+          {
+            "name": "dataconnectors-parser-text",
+            "type": "Microsoft.Common.TextBlock",
+            "options": {
+              "text": "The solution installs a parser that transforms ingested data. The transformed logs can be accessed using the ElasticAgentEvent Kusto Function alias."
+            }
+          },
+          {
+            "name": "dataconnectors-link2",
+            "type": "Microsoft.Common.TextBlock",
+            "options": {
+              "link": {
+                "label": "Learn more about connecting data sources",
+                "uri": "https://docs.microsoft.com/azure/sentinel/connect-data-sources"
+              }
+            }
+          }
+        ]
+      }
+    ],
+    "outputs": {
+      "workspace-location": "[first(map(filter(basics('getLAWorkspace').value, (filter) => and(contains(toLower(filter.id), toLower(resourceGroup().name)),equals(filter.name,basics('workspace')))), (item) => item.location))]",
+      "location": "[location()]",
+      "workspace": "[basics('workspace')]"
+    }
+  }
+}
--- a/Solutions/ElasticAgent/Package/mainTemplate.json
+++ b/Solutions/ElasticAgent/Package/mainTemplate.json
--- a/Solutions/ElasticAgent/SolutionMetadata.json
+++ b/Solutions/ElasticAgent/SolutionMetadata.json
@ -0,0 +1,15 @@
+{
+	"publisherId": "azuresentinel",
+	"offerId": "azure-sentinel-solution-elasticagent",
+	"firstPublishDate": "2021-11-12",
+	"providers": ["Elastic"],
+	"categories": {
+		"domains" : ["Security - Threat Protection"]
+	},
+	"support": {
+	  "name": "Microsoft Corporation",
+	  "email": "support@microsoft.com",
+	  "tier": "Microsoft",
+	  "link": "https://support.microsoft.com"
+	}
+}