Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Merge branch 'master' into pr/9980

This commit is contained in:
PrasadBoke 2024-04-25 14:31:52 +05:30
Родитель 842be40442 754d9371b8
Коммит 9aaeda5b94
9 изменённых файлов: 75 добавлений и 65 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

2
Solutions/SlashNext SIEM/Data/Solution_SlashNextSIEM.json
Просмотреть файл

@ -2,7 +2,7 @@
"Name" : "SlashNext SIEM",
"Author" : "SlashNext - support@slashnext.net",
"Logo" : "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/SlashNext%20SIEM/Playbook/logo/slashnext-logo.svg\" width=\"75px\" height=\"75px\">",
"Description": "{The Slashnext SIEM logic app retrieves incidents associated with a customer from various sources such as SMS, mobile devices, web extensions, and emails. These incidents are then presented and recorded within the Log Analytic Workspace.}",
"Description": "The Slashnext SIEM logic app retrieves incidents associated with a customer from various sources such as SMS, mobile devices, web extensions, and emails. These incidents are then presented and recorded within the Log Analytic Workspace.",
"Playbooks": [
"Playbook/SlashNextEventConnector/azuredeploy.json",
"Playbook/SlashNextSecurityEventForMSSentinel/azuredeploy.json"

Двоичные данные
Solutions/SlashNext SIEM/Package/3.0.0.zip
Просмотреть файл

Двоичный файл не отображается.

2
Solutions/SlashNext SIEM/Package/createUiDefinition.json
Просмотреть файл

@ -6,7 +6,7 @@
"config": {
"isWizard": false,
"basics": {
"description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/SlashNext%20SIEM/Playbook/logo/slashnext-logo.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** _There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing._\n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/SlashNext SIEM/ReleaseNotes.md)\r \n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing._\n\n{The Slashnext SIEM logic app retrieves incidents associated with a customer from various sources such as SMS, mobile devices, web extensions, and emails. These incidents are then presented and recorded within the Log Analytic Workspace.}\n\n**Custom Azure Logic Apps Connectors:** 1, **Playbooks:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
"description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/SlashNext%20SIEM/Playbook/logo/slashnext-logo.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** _There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing._\n\nThe Slashnext SIEM logic app retrieves incidents associated with a customer from various sources such as SMS, mobile devices, web extensions, and emails. These incidents are then presented and recorded within the Log Analytic Workspace.\n\n**Custom Azure Logic Apps Connectors:** 1, **Playbooks:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
"subscription": {
"resourceProviders": [
"Microsoft.OperationsManagement/solutions",

56
Solutions/SlashNext SIEM/Package/mainTemplate.json
Просмотреть файл

@ -34,7 +34,7 @@
"_email": "[variables('email')]",
"_solutionName": "SlashNext SIEM",
"_solutionVersion": "3.0.0",
"solutionId": "azuresentinelslashnext.slashnext-security-events-for-microsoft-sentinel",
"solutionId": "slashnext1598548183597.slashnext-security-events-for-microsoft-sentinel",
"_solutionId": "[variables('solutionId')]",
"SlashNextEventConnector": "SlashNextEventConnector",
"_SlashNextEventConnector": "[variables('SlashNextEventConnector')]",
@ -48,6 +48,7 @@
"_playbookcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','lc','-', uniqueString(concat(variables('_solutionId'),'-','LogicAppsCustomConnector','-',variables('_playbookContentId1'),'-', variables('playbookVersion1'))))]",
"SlashNextSecurityEventForMSSentinel": "SlashNextSecurityEventForMSSentinel",
"_SlashNextSecurityEventForMSSentinel": "[variables('SlashNextSecurityEventForMSSentinel')]",
"TemplateEmptyObject": "[json('{}')]",
"playbookVersion2": "1.0",
"playbookContentId2": "SlashNextSecurityEventForMSSentinel",
"_playbookContentId2": "[variables('playbookContentId2')]",
@ -131,7 +132,7 @@
"application/json"
],
"paths": {
"/api/integration/v7/incidents/list": {
"/api/integration/v4/incidents/list": {
"post": {
"summary": "Events list",
"description": "This will get list of incidents of a customer",
@ -353,7 +354,11 @@
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('playbookVersion2')]",
"parameters": {
"Playbook Name": {
"slashnext_connection": {
"defaultValue": "SlashNext-CMS",
"type": "String"
},
"PlaybookName": {
"defaultValue": "SlashNextSecurityEventsforMicrosoftSentinel",
"type": "String"
},
@ -364,7 +369,7 @@
}
},
"Storage Key": {
"type": "secureString",
"type": "String",
"metadata": {
"description": "Primary or secondary key of storage account"
}
@ -373,7 +378,7 @@
"metadata": {
"description": "Previous week from which scanning should start."
},
"type": "int",
"type": "String",
"defaultValue": 5
},
"Workspace ID": {
@ -383,48 +388,36 @@
}
},
"Workspace Key": {
"type": "secureString",
"type": "String",
"metadata": {
"description": "Primary or secondary key of storage account"
}
},
"Enable Email Incident": {
"type": "bool",
"type": "String",
"metadata": {
"description": "Enable email incidents logging."
},
"allowedValues": [
true,
false
],
"defaultValue": true
"defaultValue": "true"
},
"Enable Web Incident": {
"type": "bool",
"type": "String",
"metadata": {
"description": "Enable web incidents logging."
},
"allowedValues": [
true,
false
],
"defaultValue": true
"defaultValue": "true"
},
"Enable SMS Incident": {
"type": "bool",
"type": "String",
"metadata": {
"description": "Enable sms/mobile incidents logging."
},
"allowedValues": [
true,
false
],
"defaultValue": true
"defaultValue": "true"
}
},
"variables": {
"storage_path": "/v2/datasets/@{encodeURIComponent(encodeURIComponent('slashnextstorage'))}/files/@{encodeURIComponent(encodeURIComponent('JTJmb2Zmc2V0JTJmb2Zmc2V0LnR4dA=='))}/content",
"slashnext_connection": "SlashNext-CMS",
"slashnext_connection": "[[parameters('slashnext_connection')]",
"blob_connection_name": "[[concat('SNX-Storage-', substring(toLower(uniqueString(resourceGroup().id, concat('[resourceGroup().locatio', 'n]'))),0,5))]",
"workspace_connection_name": "[[concat('SNX-Workspace-', substring(toLower(uniqueString(resourceGroup().id, concat('[resourceGroup().locatio', 'n]'))),0,5))]",
"connection-1": "[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', variables('slashnext_connection'))]",
@ -498,7 +491,7 @@
{
"type": "Microsoft.Logic/workflows",
"apiVersion": "2017-07-01",
"name": "[[parameters('Playbook Name')]",
"name": "[[parameters('PlaybookName')]",
"location": "[[variables('workspace-location-inline')]",
"dependsOn": [
"[[resourceId('Microsoft.Web/connections', variables('blob_connection_name'))]",
@ -536,7 +529,8 @@
"actions": {
"Current_time": {
"type": "Expression",
"kind": "CurrentTime"
"kind": "CurrentTime",
"inputs": "[variables('TemplateEmptyObject')]"
},
"Email_vector_var": {
"runAfter": {
@ -955,7 +949,7 @@
}
},
"method": "post",
"path": "/api/integration/v7/incidents/list"
"path": "/api/integration/v4/incidents/list"
}
}
},
@ -1207,12 +1201,12 @@
},
"azureblob": {
"connectionId": "[[resourceId('Microsoft.Web/connections',variables('blob_connection_name'))]",
"connectionName": "[[concat(parameters('Playbook Name'),'-storage')]",
"connectionName": "[[concat(parameters('PlaybookName'),'-storage')]",
"id": "[[subscriptionResourceId('Microsoft.Web/locations/managedApis', variables('workspace-location-inline'), 'azureblob')]"
},
"azureloganalyticsdatacollector": {
"connectionId": "[[resourceId('Microsoft.Web/connections',variables('workspace_connection_name'))]",
"connectionName": "[[concat(parameters('Playbook Name'),'-workspace')]",
"connectionName": "[[concat(parameters('PlaybookName'),'-workspace')]",
"id": "[[subscriptionResourceId('Microsoft.Web/locations/managedApis', variables('workspace-location-inline'), 'azureloganalyticsdatacollector')]"
}
}
@ -1300,7 +1294,7 @@
"contentSchemaVersion": "3.0.0",
"displayName": "SlashNext SIEM",
"publisherDisplayName": "SlashNext",
"descriptionHtml": "<p><strong>Note:</strong> <em>There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</em></p>\n<p>{The Slashnext SIEM logic app retrieves incidents associated with a customer from various sources such as SMS, mobile devices, web extensions, and emails. These incidents are then presented and recorded within the Log Analytic Workspace.}</p>\n<p><strong>Custom Azure Logic Apps Connectors:</strong> 1, <strong>Playbooks:</strong> 1</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
"descriptionHtml": "<p><strong>Note:</strong> <em>There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</em></p>\n<p>The Slashnext SIEM logic app retrieves incidents associated with a customer from various sources such as SMS, mobile devices, web extensions, and emails. These incidents are then presented and recorded within the Log Analytic Workspace.</p>\n<p><strong>Custom Azure Logic Apps Connectors:</strong> 1, <strong>Playbooks:</strong> 1</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
"contentKind": "Solution",
"contentProductId": "[variables('_solutioncontentProductId')]",
"id": "[variables('_solutioncontentProductId')]",

24
Solutions/SlashNext SIEM/Package/testParameters.json Normal file
Просмотреть файл

@ -0,0 +1,24 @@
{
"location": {
"type": "string",
"minLength": 1,
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Not used, but needed to pass arm-ttk test `Location-Should-Not-Be-Hardcoded`. We instead use the `workspace-location` which is derived from the LA workspace"
}
},
"workspace-location": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "[concat('Region to deploy solution resources -- separate from location selection',parameters('location'))]"
}
},
"workspace": {
"defaultValue": "",
"type": "string",
"metadata": {
"description": "Workspace name for Log Analytics where Microsoft Sentinel is setup"
}
}
}

2
Solutions/SlashNext SIEM/Playbook/SlashNextEventConnector/azuredeploy.json
Просмотреть файл

@ -56,7 +56,7 @@
"application/json"
],
"paths": {
"/api/integration/v7/incidents/list": {
"/api/integration/v4/incidents/list": {
"post": {
"summary": "Events list",
"description": "This will get list of incidents of a customer",

46
Solutions/SlashNext SIEM/Playbook/SlashNextSecurityEventForMSSentinel/azuredeploy.json
Просмотреть файл

@ -34,7 +34,11 @@
]
},
"parameters": {
"Playbook Name": {
"slashnext_connection": {
"defaultValue": "SlashNext-CMS",
"type": "String"
},
"PlaybookName": {
"defaultValue": "SlashNextSecurityEventsforMicrosoftSentinel",
"type": "String"
},
@ -45,7 +49,7 @@
}
},
"Storage Key":{
"type": "secureString",
"type": "String",
"metadata":{
"description":"Primary or secondary key of storage account"
}
@ -54,7 +58,7 @@
"metadata": {
"description": "Previous week from which scanning should start."
},
"type": "int",
"type": "String",
"defaultValue": 5
},
"Workspace ID": {
@ -65,48 +69,36 @@
},
"Workspace Key":{
"type": "secureString",
"type": "String",
"metadata":{
"description":"Primary or secondary key of storage account"
}
},
"Enable Email Incident": {
"type": "bool",
"type": "String",
"metadata": {
"description": "Enable email incidents logging."
},
"allowedValues": [
true,
false
],
"defaultValue": true
"defaultValue": "true"
},
"Enable Web Incident": {
"type": "bool",
"type": "String",
"metadata": {
"description": "Enable web incidents logging."
},
"allowedValues": [
true,
false
],
"defaultValue": true
"defaultValue": "true"
},
"Enable SMS Incident": {
"type": "bool",
"type": "String",
"metadata": {
"description": "Enable sms/mobile incidents logging."
},
"allowedValues": [
true,
false
],
"defaultValue": true
"defaultValue": "true"
}
},
"variables": {
"storage_path": "/v2/datasets/@{encodeURIComponent(encodeURIComponent('slashnextstorage'))}/files/@{encodeURIComponent(encodeURIComponent('JTJmb2Zmc2V0JTJmb2Zmc2V0LnR4dA=='))}/content",
"slashnext_connection": "SlashNext-CMS",
"slashnext_connection": "[parameters('slashnext_connection')]",
"blob_connection_name": "[concat('SNX-Storage-', substring(toLower(uniqueString(resourceGroup().id, concat('[resourceGroup().locatio', 'n]'))),0,5))]",
"workspace_connection_name": "[concat('SNX-Workspace-', substring(toLower(uniqueString(resourceGroup().id, concat('[resourceGroup().locatio', 'n]'))),0,5))]"
},
@ -177,7 +169,7 @@
{
"type": "Microsoft.Logic/workflows",
"apiVersion": "2017-07-01",
"name": "[parameters('Playbook Name')]",
"name": "[parameters('PlaybookName')]",
"location": "[resourceGroup().location]",
"dependsOn": [
"[resourceId('Microsoft.Web/connections', variables('blob_connection_name'))]",
@ -644,7 +636,7 @@
}
},
"method": "post",
"path": "/api/integration/v7/incidents/list"
"path": "/api/integration/v4/incidents/list"
}
}
},
@ -899,12 +891,12 @@
},
"azureblob": {
"connectionId": "[resourceId('Microsoft.Web/connections',variables('blob_connection_name'))]",
"connectionName": "[concat(parameters('Playbook Name'),'-storage')]",
"connectionName": "[concat(parameters('PlaybookName'),'-storage')]",
"id": "[subscriptionResourceId('Microsoft.Web/locations/managedApis', resourceGroup().location, 'azureblob')]"
},
"azureloganalyticsdatacollector": {
"connectionId": "[resourceId('Microsoft.Web/connections',variables('workspace_connection_name'))]",
"connectionName": "[concat(parameters('Playbook Name'),'-workspace')]",
"connectionName": "[concat(parameters('PlaybookName'),'-workspace')]",
"id": "[subscriptionResourceId('Microsoft.Web/locations/managedApis', resourceGroup().location, 'azureloganalyticsdatacollector')]"
}
}

6
Solutions/SlashNext SIEM/ReleaseNotes.md
Просмотреть файл

@ -1,3 +1,3 @@
| **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** |
|-------------|--------------------------------|---------------------------------------------|
|3.0.0 | 25-07-2023 | Initial Solution Release. |
| **Version** | **Date** | **Change History** |
|-------------|-------------------|------------------------------------|
| 3.0.0 | 25-04-2024 | Initial Solution Release |

2
Solutions/SlashNext SIEM/SolutionMetadata.json
Просмотреть файл

@ -1,5 +1,5 @@
{
"publisherId": "azuresentinelslashnext",
"publisherId": "slashnext1598548183597",
"offerId": "slashnext-security-events-for-microsoft-sentinel",
"firstPublishDate": "2023-05-26",
"lastPublishDate": "2023-06-16",