Merge pull request #2503 from libarson/azure-purview

Create AzurePurview.json to enable Azure Purview to be a data connector within Azure Sentinel.
2021-06-28 13:13:14 -07:00 · 2021-06-28 13:13:14 -07:00 · 78dd1dabc6
--- a/DataConnectors/Purview/AzurePurview.json
+++ b/DataConnectors/Purview/AzurePurview.json
@ -0,0 +1,59 @@
+{
+    "id": "MicrosoftAzurePurview",
+    "title": "Azure Purview",
+    "publisher": "Microsoft",
+    "descriptionMarkdown": "Connect to Azure Purview. Azure Purview is a unified data governance service that helps you manage and govern your on-premises, multicloud, and software-as-a-service (SaaS) data. It creates a holistic, up-to-date map of your data landscape with automated data discovery, sensitive data classification, and end-to-end data lineage that empowers you to find valuable and trustworthy data.",
+    "graphQueries": [
+        {
+            "metricName": "Total data received",
+            "legend": "PurviewDataSensitivityLogs",
+            "baseQuery": "PurviewDataSensitivityLogs"
+        }
+    ],
+    "sampleQueries": [
+        {
+            "description" : "View files that contain a specific classification (example shows Social Security Number)",
+            "query": "PurviewDataSensitivityLogs\n | where Classification has \"Social Security Number\""
+        }
+    ],
+    "dataTypes": [
+        {
+            "name": "AzureDiagnostics (PurviewDataSensitivityLogs)",
+            "lastDataReceivedQuery": "PurviewDataSensitivityLogs\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
+        }
+    ],
+    "connectivityCriterias": [
+        {
+            "type": "IsConnectedQuery",
+            "value": [
+                "PurviewDataSensitivityLogs\n            | summarize LastLogReceived = max(TimeGenerated)\n            | project IsConnected = LastLogReceived > ago(30d)"
+            ]
+        }
+    ],
+    "availability": {
+        "status": 1,
+        "isPreview": true
+    },
+    "permissions": {
+        "resourceProvider": [
+            {
+                "provider": "Microsoft.OperationalInsights/workspaces",
+                "permissionsDisplayText": "read and write permissions are required.",
+                "providerDisplayName": "Workspace",
+                "scope": "Workspace",
+                "requiredPermissions": {
+                    "write": true,
+                    "read": true,
+                    "delete": true
+                }
+            }
+        ]
+    },
+    "instructionSteps": [
+        {
+            "title": "Connect Azure Purview to Azure Sentinel",
+            "description": "Within the Azure Portal, navigate to your Purview resource:\n 1. In the search bar, search for **Purview accounts.**\n 2. Select the specific account that you would like to be set up with Sentinel.\n\nInside your Azure Purview resource:\n 3. Select **Diagnostic Settings.**\n 4. Select **+ Add diagnostic setting.**\n 5. In the **Diagnostic setting** blade:\n   - Select the Log Category as **DataSensitivityLogEvent**.\n   - Select **Send to Log Analytics**.\n   - Chose the log destination workspace. This should be the same workspace that is used by **Azure Sentinel.**\n  - Click **Save**.",
+            "instructions": []
+        }
+    ]
+}