Repackaged VmWareESXi solution

This commit is contained in:
v-amolpatil 2024-04-30 20:58:56 +05:30
Родитель 50c985881c
Коммит 7c8a2e7e13
3 изменённых файлов: 89 добавлений и 89 удалений

Просмотреть файл

@ -39,7 +39,7 @@
],
"Metadata": "SolutionMetadata.json",
"BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\VMWareESXi",
"Version": "2.0.4",
"Version": "3.0.1",
"TemplateSpec": true,
"Is1PConnector": false
}

Двоичные данные
Solutions/VMWareESXi/Package/3.0.1.zip Normal file

Двоичный файл не отображается.

Просмотреть файл

@ -41,7 +41,7 @@
"email": "support@microsoft.com",
"_email": "[variables('email')]",
"_solutionName": "VMWareESXi",
"_solutionVersion": "3.0.0",
"_solutionVersion": "3.0.1",
"solutionId": "azuresentinel.azure-sentinel-solution-vmwareesxi",
"_solutionId": "[variables('solutionId')]",
"workbookVersion1": "1.0.0",
@ -52,8 +52,8 @@
"workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]",
"_workbookcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','wb','-', uniqueString(concat(variables('_solutionId'),'-','Workbook','-',variables('_workbookContentId1'),'-', variables('workbookVersion1'))))]",
"parserObject1": {
"_parserName1": "[concat(parameters('workspace'),'/','VMwareESXi Data Parser')]",
"_parserId1": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'VMwareESXi Data Parser')]",
"_parserName1": "[concat(parameters('workspace'),'/','VMware ESXi Data Parser')]",
"_parserId1": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'VMware ESXi Data Parser')]",
"parserTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring('VMwareESXi-Parser')))]",
"parserVersion1": "1.0.1",
"parserContentId1": "VMwareESXi-Parser"
@ -206,7 +206,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "VMwareESXi Workbook with template version 3.0.0",
"description": "VMwareESXi Workbook with template version 3.0.1",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('workbookVersion1')]",
@ -294,7 +294,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "VMwareESXi Data Parser with template version 3.0.0",
"description": "VMwareESXi Data Parser with template version 3.0.1",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('parserObject1').parserVersion1]",
@ -426,7 +426,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "ESXiDormantUsers_HuntingQueries Hunting Query with template version 3.0.0",
"description": "ESXiDormantUsers_HuntingQueries Hunting Query with template version 3.0.1",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('huntingQueryObject1').huntingQueryVersion1]",
@ -511,7 +511,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "ESXiDownloadErrors_HuntingQueries Hunting Query with template version 3.0.0",
"description": "ESXiDownloadErrors_HuntingQueries Hunting Query with template version 3.0.1",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('huntingQueryObject2').huntingQueryVersion2]",
@ -596,7 +596,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "ESXiNFCDownloadActivities_HuntingQueries Hunting Query with template version 3.0.0",
"description": "ESXiNFCDownloadActivities_HuntingQueries Hunting Query with template version 3.0.1",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('huntingQueryObject3').huntingQueryVersion3]",
@ -681,7 +681,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "ESXiRootLoginFailure_HuntingQueries Hunting Query with template version 3.0.0",
"description": "ESXiRootLoginFailure_HuntingQueries Hunting Query with template version 3.0.1",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('huntingQueryObject4').huntingQueryVersion4]",
@ -766,7 +766,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "ESXiRootLogins_HuntingQueries Hunting Query with template version 3.0.0",
"description": "ESXiRootLogins_HuntingQueries Hunting Query with template version 3.0.1",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('huntingQueryObject5').huntingQueryVersion5]",
@ -851,7 +851,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "ESXiUnusedVMs_HuntingQueries Hunting Query with template version 3.0.0",
"description": "ESXiUnusedVMs_HuntingQueries Hunting Query with template version 3.0.1",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('huntingQueryObject6').huntingQueryVersion6]",
@ -936,7 +936,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "ESXiVMHighLoad_HuntingQueries Hunting Query with template version 3.0.0",
"description": "ESXiVMHighLoad_HuntingQueries Hunting Query with template version 3.0.1",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('huntingQueryObject7').huntingQueryVersion7]",
@ -1021,7 +1021,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "ESXiVMPoweredOff_HuntingQueries Hunting Query with template version 3.0.0",
"description": "ESXiVMPoweredOff_HuntingQueries Hunting Query with template version 3.0.1",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('huntingQueryObject8').huntingQueryVersion8]",
@ -1106,7 +1106,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "ESXiVMPoweredOn_HuntingQueries Hunting Query with template version 3.0.0",
"description": "ESXiVMPoweredOn_HuntingQueries Hunting Query with template version 3.0.1",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('huntingQueryObject9').huntingQueryVersion9]",
@ -1191,7 +1191,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "ESXiVirtualImagesList_HuntingQueries Hunting Query with template version 3.0.0",
"description": "ESXiVirtualImagesList_HuntingQueries Hunting Query with template version 3.0.1",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('huntingQueryObject10').huntingQueryVersion10]",
@ -1276,7 +1276,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "VMWareESXi data connector with template version 3.0.0",
"description": "VMWareESXi data connector with template version 3.0.1",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('dataConnectorVersion1')]",
@ -1623,7 +1623,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "ESXiDormantVMStarted_AnalyticalRules Analytics Rule with template version 3.0.0",
"description": "ESXiDormantVMStarted_AnalyticalRules Analytics Rule with template version 3.0.1",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('analyticRuleObject1').analyticRuleVersion1]",
@ -1665,17 +1665,17 @@
],
"entityMappings": [
{
"entityType": "Host",
"fieldMappings": [
{
"identifier": "HostName",
"columnName": "HostName"
"columnName": "HostName",
"identifier": "HostName"
},
{
"identifier": "NTDomain",
"columnName": "NTDomain"
"columnName": "NTDomain",
"identifier": "NTDomain"
}
],
"entityType": "Host"
]
}
]
}
@ -1731,7 +1731,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "ESXiLowPatchDiskSpace_AnalyticalRules Analytics Rule with template version 3.0.0",
"description": "ESXiLowPatchDiskSpace_AnalyticalRules Analytics Rule with template version 3.0.1",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('analyticRuleObject2').analyticRuleVersion2]",
@ -1773,13 +1773,13 @@
],
"entityMappings": [
{
"entityType": "Host",
"fieldMappings": [
{
"identifier": "FullName",
"columnName": "HostCustomEntity"
"columnName": "HostCustomEntity",
"identifier": "FullName"
}
],
"entityType": "Host"
]
}
]
}
@ -1835,7 +1835,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "ESXiLowTempDirSpace_AnalyticalRules Analytics Rule with template version 3.0.0",
"description": "ESXiLowTempDirSpace_AnalyticalRules Analytics Rule with template version 3.0.1",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('analyticRuleObject3').analyticRuleVersion3]",
@ -1877,13 +1877,13 @@
],
"entityMappings": [
{
"entityType": "Host",
"fieldMappings": [
{
"identifier": "FullName",
"columnName": "HostCustomEntity"
"columnName": "HostCustomEntity",
"identifier": "FullName"
}
],
"entityType": "Host"
]
}
]
}
@ -1939,7 +1939,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "ESXiMultipleNewVM_AnalyticalRules Analytics Rule with template version 3.0.0",
"description": "ESXiMultipleNewVM_AnalyticalRules Analytics Rule with template version 3.0.1",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('analyticRuleObject4').analyticRuleVersion4]",
@ -1981,17 +1981,17 @@
],
"entityMappings": [
{
"entityType": "Host",
"fieldMappings": [
{
"identifier": "HostName",
"columnName": "HostName"
"columnName": "HostName",
"identifier": "HostName"
},
{
"identifier": "NTDomain",
"columnName": "NTDomain"
"columnName": "NTDomain",
"identifier": "NTDomain"
}
],
"entityType": "Host"
]
}
]
}
@ -2047,7 +2047,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "ESXiMultipleVMStopped_AnalyticalRules Analytics Rule with template version 3.0.0",
"description": "ESXiMultipleVMStopped_AnalyticalRules Analytics Rule with template version 3.0.1",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('analyticRuleObject5').analyticRuleVersion5]",
@ -2089,30 +2089,30 @@
],
"entityMappings": [
{
"entityType": "Account",
"fieldMappings": [
{
"identifier": "Name",
"columnName": "Name"
"columnName": "Name",
"identifier": "Name"
},
{
"identifier": "DnsDomain",
"columnName": "DnsDomain"
"columnName": "DnsDomain",
"identifier": "DnsDomain"
}
],
"entityType": "Account"
]
},
{
"entityType": "Host",
"fieldMappings": [
{
"identifier": "HostName",
"columnName": "HostName"
"columnName": "HostName",
"identifier": "HostName"
},
{
"identifier": "NTDomain",
"columnName": "NTDomain"
"columnName": "NTDomain",
"identifier": "NTDomain"
}
],
"entityType": "Host"
]
}
]
}
@ -2168,7 +2168,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "ESXiNewVM_AnalyticalRules Analytics Rule with template version 3.0.0",
"description": "ESXiNewVM_AnalyticalRules Analytics Rule with template version 3.0.1",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('analyticRuleObject6').analyticRuleVersion6]",
@ -2210,13 +2210,13 @@
],
"entityMappings": [
{
"entityType": "Host",
"fieldMappings": [
{
"identifier": "FullName",
"columnName": "HostCustomEntity"
"columnName": "HostCustomEntity",
"identifier": "FullName"
}
],
"entityType": "Host"
]
}
]
}
@ -2272,7 +2272,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "ESXiRootImpersonation_AnalyticalRules Analytics Rule with template version 3.0.0",
"description": "ESXiRootImpersonation_AnalyticalRules Analytics Rule with template version 3.0.1",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('analyticRuleObject7').analyticRuleVersion7]",
@ -2314,13 +2314,13 @@
],
"entityMappings": [
{
"entityType": "Account",
"fieldMappings": [
{
"identifier": "Name",
"columnName": "AccountCustomEntity"
"columnName": "AccountCustomEntity",
"identifier": "Name"
}
],
"entityType": "Account"
]
}
]
}
@ -2376,7 +2376,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "ESXiRootLogin_AnalyticalRules Analytics Rule with template version 3.0.0",
"description": "ESXiRootLogin_AnalyticalRules Analytics Rule with template version 3.0.1",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('analyticRuleObject8').analyticRuleVersion8]",
@ -2419,13 +2419,13 @@
],
"entityMappings": [
{
"entityType": "IP",
"fieldMappings": [
{
"identifier": "Address",
"columnName": "IPCustomEntity"
"columnName": "IPCustomEntity",
"identifier": "Address"
}
],
"entityType": "IP"
]
}
]
}
@ -2481,7 +2481,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "ESXiSharedOrStolenRootAccount_AnalyticalRules Analytics Rule with template version 3.0.0",
"description": "ESXiSharedOrStolenRootAccount_AnalyticalRules Analytics Rule with template version 3.0.1",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('analyticRuleObject9').analyticRuleVersion9]",
@ -2524,13 +2524,13 @@
],
"entityMappings": [
{
"entityType": "IP",
"fieldMappings": [
{
"identifier": "Address",
"columnName": "IPCustomEntity"
"columnName": "IPCustomEntity",
"identifier": "Address"
}
],
"entityType": "IP"
]
}
]
}
@ -2586,7 +2586,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "ESXiUnexpectedDiskImage_AnalyticalRules Analytics Rule with template version 3.0.0",
"description": "ESXiUnexpectedDiskImage_AnalyticalRules Analytics Rule with template version 3.0.1",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('analyticRuleObject10').analyticRuleVersion10]",
@ -2628,13 +2628,13 @@
],
"entityMappings": [
{
"entityType": "Host",
"fieldMappings": [
{
"identifier": "FullName",
"columnName": "HostCustomEntity"
"columnName": "HostCustomEntity",
"identifier": "FullName"
}
],
"entityType": "Host"
]
}
]
}
@ -2690,7 +2690,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "ESXiVMStopped_AnalyticalRules Analytics Rule with template version 3.0.0",
"description": "ESXiVMStopped_AnalyticalRules Analytics Rule with template version 3.0.1",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('analyticRuleObject11').analyticRuleVersion11]",
@ -2732,22 +2732,22 @@
],
"entityMappings": [
{
"entityType": "Host",
"fieldMappings": [
{
"identifier": "FullName",
"columnName": "HostCustomEntity"
"columnName": "HostCustomEntity",
"identifier": "FullName"
}
],
"entityType": "Host"
]
},
{
"entityType": "Account",
"fieldMappings": [
{
"identifier": "Name",
"columnName": "AccountCustomEntity"
"columnName": "AccountCustomEntity",
"identifier": "Name"
}
],
"entityType": "Account"
]
}
]
}
@ -2799,7 +2799,7 @@
"apiVersion": "2023-04-01-preview",
"location": "[parameters('workspace-location')]",
"properties": {
"version": "3.0.0",
"version": "3.0.1",
"kind": "Solution",
"contentSchemaVersion": "3.0.0",
"displayName": "VMWareESXi",