Repackaged VmWareESXi solution
This commit is contained in:
Родитель
50c985881c
Коммит
7c8a2e7e13
|
@ -39,7 +39,7 @@
|
|||
],
|
||||
"Metadata": "SolutionMetadata.json",
|
||||
"BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\VMWareESXi",
|
||||
"Version": "2.0.4",
|
||||
"Version": "3.0.1",
|
||||
"TemplateSpec": true,
|
||||
"Is1PConnector": false
|
||||
}
|
Двоичный файл не отображается.
|
@ -41,7 +41,7 @@
|
|||
"email": "support@microsoft.com",
|
||||
"_email": "[variables('email')]",
|
||||
"_solutionName": "VMWareESXi",
|
||||
"_solutionVersion": "3.0.0",
|
||||
"_solutionVersion": "3.0.1",
|
||||
"solutionId": "azuresentinel.azure-sentinel-solution-vmwareesxi",
|
||||
"_solutionId": "[variables('solutionId')]",
|
||||
"workbookVersion1": "1.0.0",
|
||||
|
@ -52,8 +52,8 @@
|
|||
"workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]",
|
||||
"_workbookcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','wb','-', uniqueString(concat(variables('_solutionId'),'-','Workbook','-',variables('_workbookContentId1'),'-', variables('workbookVersion1'))))]",
|
||||
"parserObject1": {
|
||||
"_parserName1": "[concat(parameters('workspace'),'/','VMwareESXi Data Parser')]",
|
||||
"_parserId1": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'VMwareESXi Data Parser')]",
|
||||
"_parserName1": "[concat(parameters('workspace'),'/','VMware ESXi Data Parser')]",
|
||||
"_parserId1": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'VMware ESXi Data Parser')]",
|
||||
"parserTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring('VMwareESXi-Parser')))]",
|
||||
"parserVersion1": "1.0.1",
|
||||
"parserContentId1": "VMwareESXi-Parser"
|
||||
|
@ -206,7 +206,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "VMwareESXi Workbook with template version 3.0.0",
|
||||
"description": "VMwareESXi Workbook with template version 3.0.1",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('workbookVersion1')]",
|
||||
|
@ -294,7 +294,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "VMwareESXi Data Parser with template version 3.0.0",
|
||||
"description": "VMwareESXi Data Parser with template version 3.0.1",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('parserObject1').parserVersion1]",
|
||||
|
@ -426,7 +426,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "ESXiDormantUsers_HuntingQueries Hunting Query with template version 3.0.0",
|
||||
"description": "ESXiDormantUsers_HuntingQueries Hunting Query with template version 3.0.1",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('huntingQueryObject1').huntingQueryVersion1]",
|
||||
|
@ -511,7 +511,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "ESXiDownloadErrors_HuntingQueries Hunting Query with template version 3.0.0",
|
||||
"description": "ESXiDownloadErrors_HuntingQueries Hunting Query with template version 3.0.1",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('huntingQueryObject2').huntingQueryVersion2]",
|
||||
|
@ -596,7 +596,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "ESXiNFCDownloadActivities_HuntingQueries Hunting Query with template version 3.0.0",
|
||||
"description": "ESXiNFCDownloadActivities_HuntingQueries Hunting Query with template version 3.0.1",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('huntingQueryObject3').huntingQueryVersion3]",
|
||||
|
@ -681,7 +681,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "ESXiRootLoginFailure_HuntingQueries Hunting Query with template version 3.0.0",
|
||||
"description": "ESXiRootLoginFailure_HuntingQueries Hunting Query with template version 3.0.1",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('huntingQueryObject4').huntingQueryVersion4]",
|
||||
|
@ -766,7 +766,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "ESXiRootLogins_HuntingQueries Hunting Query with template version 3.0.0",
|
||||
"description": "ESXiRootLogins_HuntingQueries Hunting Query with template version 3.0.1",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('huntingQueryObject5').huntingQueryVersion5]",
|
||||
|
@ -851,7 +851,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "ESXiUnusedVMs_HuntingQueries Hunting Query with template version 3.0.0",
|
||||
"description": "ESXiUnusedVMs_HuntingQueries Hunting Query with template version 3.0.1",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('huntingQueryObject6').huntingQueryVersion6]",
|
||||
|
@ -936,7 +936,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "ESXiVMHighLoad_HuntingQueries Hunting Query with template version 3.0.0",
|
||||
"description": "ESXiVMHighLoad_HuntingQueries Hunting Query with template version 3.0.1",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('huntingQueryObject7').huntingQueryVersion7]",
|
||||
|
@ -1021,7 +1021,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "ESXiVMPoweredOff_HuntingQueries Hunting Query with template version 3.0.0",
|
||||
"description": "ESXiVMPoweredOff_HuntingQueries Hunting Query with template version 3.0.1",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('huntingQueryObject8').huntingQueryVersion8]",
|
||||
|
@ -1106,7 +1106,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "ESXiVMPoweredOn_HuntingQueries Hunting Query with template version 3.0.0",
|
||||
"description": "ESXiVMPoweredOn_HuntingQueries Hunting Query with template version 3.0.1",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('huntingQueryObject9').huntingQueryVersion9]",
|
||||
|
@ -1191,7 +1191,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "ESXiVirtualImagesList_HuntingQueries Hunting Query with template version 3.0.0",
|
||||
"description": "ESXiVirtualImagesList_HuntingQueries Hunting Query with template version 3.0.1",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('huntingQueryObject10').huntingQueryVersion10]",
|
||||
|
@ -1276,7 +1276,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "VMWareESXi data connector with template version 3.0.0",
|
||||
"description": "VMWareESXi data connector with template version 3.0.1",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('dataConnectorVersion1')]",
|
||||
|
@ -1623,7 +1623,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "ESXiDormantVMStarted_AnalyticalRules Analytics Rule with template version 3.0.0",
|
||||
"description": "ESXiDormantVMStarted_AnalyticalRules Analytics Rule with template version 3.0.1",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('analyticRuleObject1').analyticRuleVersion1]",
|
||||
|
@ -1665,17 +1665,17 @@
|
|||
],
|
||||
"entityMappings": [
|
||||
{
|
||||
"entityType": "Host",
|
||||
"fieldMappings": [
|
||||
{
|
||||
"identifier": "HostName",
|
||||
"columnName": "HostName"
|
||||
"columnName": "HostName",
|
||||
"identifier": "HostName"
|
||||
},
|
||||
{
|
||||
"identifier": "NTDomain",
|
||||
"columnName": "NTDomain"
|
||||
"columnName": "NTDomain",
|
||||
"identifier": "NTDomain"
|
||||
}
|
||||
],
|
||||
"entityType": "Host"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -1731,7 +1731,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "ESXiLowPatchDiskSpace_AnalyticalRules Analytics Rule with template version 3.0.0",
|
||||
"description": "ESXiLowPatchDiskSpace_AnalyticalRules Analytics Rule with template version 3.0.1",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('analyticRuleObject2').analyticRuleVersion2]",
|
||||
|
@ -1773,13 +1773,13 @@
|
|||
],
|
||||
"entityMappings": [
|
||||
{
|
||||
"entityType": "Host",
|
||||
"fieldMappings": [
|
||||
{
|
||||
"identifier": "FullName",
|
||||
"columnName": "HostCustomEntity"
|
||||
"columnName": "HostCustomEntity",
|
||||
"identifier": "FullName"
|
||||
}
|
||||
],
|
||||
"entityType": "Host"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -1835,7 +1835,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "ESXiLowTempDirSpace_AnalyticalRules Analytics Rule with template version 3.0.0",
|
||||
"description": "ESXiLowTempDirSpace_AnalyticalRules Analytics Rule with template version 3.0.1",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('analyticRuleObject3').analyticRuleVersion3]",
|
||||
|
@ -1877,13 +1877,13 @@
|
|||
],
|
||||
"entityMappings": [
|
||||
{
|
||||
"entityType": "Host",
|
||||
"fieldMappings": [
|
||||
{
|
||||
"identifier": "FullName",
|
||||
"columnName": "HostCustomEntity"
|
||||
"columnName": "HostCustomEntity",
|
||||
"identifier": "FullName"
|
||||
}
|
||||
],
|
||||
"entityType": "Host"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -1939,7 +1939,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "ESXiMultipleNewVM_AnalyticalRules Analytics Rule with template version 3.0.0",
|
||||
"description": "ESXiMultipleNewVM_AnalyticalRules Analytics Rule with template version 3.0.1",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('analyticRuleObject4').analyticRuleVersion4]",
|
||||
|
@ -1981,17 +1981,17 @@
|
|||
],
|
||||
"entityMappings": [
|
||||
{
|
||||
"entityType": "Host",
|
||||
"fieldMappings": [
|
||||
{
|
||||
"identifier": "HostName",
|
||||
"columnName": "HostName"
|
||||
"columnName": "HostName",
|
||||
"identifier": "HostName"
|
||||
},
|
||||
{
|
||||
"identifier": "NTDomain",
|
||||
"columnName": "NTDomain"
|
||||
"columnName": "NTDomain",
|
||||
"identifier": "NTDomain"
|
||||
}
|
||||
],
|
||||
"entityType": "Host"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -2047,7 +2047,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "ESXiMultipleVMStopped_AnalyticalRules Analytics Rule with template version 3.0.0",
|
||||
"description": "ESXiMultipleVMStopped_AnalyticalRules Analytics Rule with template version 3.0.1",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('analyticRuleObject5').analyticRuleVersion5]",
|
||||
|
@ -2089,30 +2089,30 @@
|
|||
],
|
||||
"entityMappings": [
|
||||
{
|
||||
"entityType": "Account",
|
||||
"fieldMappings": [
|
||||
{
|
||||
"identifier": "Name",
|
||||
"columnName": "Name"
|
||||
"columnName": "Name",
|
||||
"identifier": "Name"
|
||||
},
|
||||
{
|
||||
"identifier": "DnsDomain",
|
||||
"columnName": "DnsDomain"
|
||||
"columnName": "DnsDomain",
|
||||
"identifier": "DnsDomain"
|
||||
}
|
||||
],
|
||||
"entityType": "Account"
|
||||
]
|
||||
},
|
||||
{
|
||||
"entityType": "Host",
|
||||
"fieldMappings": [
|
||||
{
|
||||
"identifier": "HostName",
|
||||
"columnName": "HostName"
|
||||
"columnName": "HostName",
|
||||
"identifier": "HostName"
|
||||
},
|
||||
{
|
||||
"identifier": "NTDomain",
|
||||
"columnName": "NTDomain"
|
||||
"columnName": "NTDomain",
|
||||
"identifier": "NTDomain"
|
||||
}
|
||||
],
|
||||
"entityType": "Host"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -2168,7 +2168,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "ESXiNewVM_AnalyticalRules Analytics Rule with template version 3.0.0",
|
||||
"description": "ESXiNewVM_AnalyticalRules Analytics Rule with template version 3.0.1",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('analyticRuleObject6').analyticRuleVersion6]",
|
||||
|
@ -2210,13 +2210,13 @@
|
|||
],
|
||||
"entityMappings": [
|
||||
{
|
||||
"entityType": "Host",
|
||||
"fieldMappings": [
|
||||
{
|
||||
"identifier": "FullName",
|
||||
"columnName": "HostCustomEntity"
|
||||
"columnName": "HostCustomEntity",
|
||||
"identifier": "FullName"
|
||||
}
|
||||
],
|
||||
"entityType": "Host"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -2272,7 +2272,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "ESXiRootImpersonation_AnalyticalRules Analytics Rule with template version 3.0.0",
|
||||
"description": "ESXiRootImpersonation_AnalyticalRules Analytics Rule with template version 3.0.1",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('analyticRuleObject7').analyticRuleVersion7]",
|
||||
|
@ -2314,13 +2314,13 @@
|
|||
],
|
||||
"entityMappings": [
|
||||
{
|
||||
"entityType": "Account",
|
||||
"fieldMappings": [
|
||||
{
|
||||
"identifier": "Name",
|
||||
"columnName": "AccountCustomEntity"
|
||||
"columnName": "AccountCustomEntity",
|
||||
"identifier": "Name"
|
||||
}
|
||||
],
|
||||
"entityType": "Account"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -2376,7 +2376,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "ESXiRootLogin_AnalyticalRules Analytics Rule with template version 3.0.0",
|
||||
"description": "ESXiRootLogin_AnalyticalRules Analytics Rule with template version 3.0.1",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('analyticRuleObject8').analyticRuleVersion8]",
|
||||
|
@ -2419,13 +2419,13 @@
|
|||
],
|
||||
"entityMappings": [
|
||||
{
|
||||
"entityType": "IP",
|
||||
"fieldMappings": [
|
||||
{
|
||||
"identifier": "Address",
|
||||
"columnName": "IPCustomEntity"
|
||||
"columnName": "IPCustomEntity",
|
||||
"identifier": "Address"
|
||||
}
|
||||
],
|
||||
"entityType": "IP"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -2481,7 +2481,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "ESXiSharedOrStolenRootAccount_AnalyticalRules Analytics Rule with template version 3.0.0",
|
||||
"description": "ESXiSharedOrStolenRootAccount_AnalyticalRules Analytics Rule with template version 3.0.1",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('analyticRuleObject9').analyticRuleVersion9]",
|
||||
|
@ -2524,13 +2524,13 @@
|
|||
],
|
||||
"entityMappings": [
|
||||
{
|
||||
"entityType": "IP",
|
||||
"fieldMappings": [
|
||||
{
|
||||
"identifier": "Address",
|
||||
"columnName": "IPCustomEntity"
|
||||
"columnName": "IPCustomEntity",
|
||||
"identifier": "Address"
|
||||
}
|
||||
],
|
||||
"entityType": "IP"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -2586,7 +2586,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "ESXiUnexpectedDiskImage_AnalyticalRules Analytics Rule with template version 3.0.0",
|
||||
"description": "ESXiUnexpectedDiskImage_AnalyticalRules Analytics Rule with template version 3.0.1",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('analyticRuleObject10').analyticRuleVersion10]",
|
||||
|
@ -2628,13 +2628,13 @@
|
|||
],
|
||||
"entityMappings": [
|
||||
{
|
||||
"entityType": "Host",
|
||||
"fieldMappings": [
|
||||
{
|
||||
"identifier": "FullName",
|
||||
"columnName": "HostCustomEntity"
|
||||
"columnName": "HostCustomEntity",
|
||||
"identifier": "FullName"
|
||||
}
|
||||
],
|
||||
"entityType": "Host"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -2690,7 +2690,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "ESXiVMStopped_AnalyticalRules Analytics Rule with template version 3.0.0",
|
||||
"description": "ESXiVMStopped_AnalyticalRules Analytics Rule with template version 3.0.1",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('analyticRuleObject11').analyticRuleVersion11]",
|
||||
|
@ -2732,22 +2732,22 @@
|
|||
],
|
||||
"entityMappings": [
|
||||
{
|
||||
"entityType": "Host",
|
||||
"fieldMappings": [
|
||||
{
|
||||
"identifier": "FullName",
|
||||
"columnName": "HostCustomEntity"
|
||||
"columnName": "HostCustomEntity",
|
||||
"identifier": "FullName"
|
||||
}
|
||||
],
|
||||
"entityType": "Host"
|
||||
]
|
||||
},
|
||||
{
|
||||
"entityType": "Account",
|
||||
"fieldMappings": [
|
||||
{
|
||||
"identifier": "Name",
|
||||
"columnName": "AccountCustomEntity"
|
||||
"columnName": "AccountCustomEntity",
|
||||
"identifier": "Name"
|
||||
}
|
||||
],
|
||||
"entityType": "Account"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -2799,7 +2799,7 @@
|
|||
"apiVersion": "2023-04-01-preview",
|
||||
"location": "[parameters('workspace-location')]",
|
||||
"properties": {
|
||||
"version": "3.0.0",
|
||||
"version": "3.0.1",
|
||||
"kind": "Solution",
|
||||
"contentSchemaVersion": "3.0.0",
|
||||
"displayName": "VMWareESXi",
|
||||
|
|
Загрузка…
Ссылка в новой задаче