add varonis logo, sample data, update references to downloading files

2024-01-05 16:06:45 +02:00 · 2024-01-05 16:06:45 +02:00 · 9fe373ae49
--- a/Logos/VaronisLogo.svg
+++ b/Logos/VaronisLogo.svg
--- a/Data/VaronisAlerts_CL.csv
+++ b/Data/VaronisAlerts_CL.csv
@ -0,0 +1,11 @@
+"TimeGenerated [UTC]","DeviceName_s","ID_g","Name_s","Time_t [UTC]","Severity_s","SeverityId_d","Status_s","StatusId_d","NumOfAlertedEvents_d","UserName_s","SamAccountName_s","Asset_s","AssetContainsFlaggedData_s","AssetContainsSensitiveData_s","Platform_s","FileServerOrDomain_s","EventUTC_t [UTC]","IngestTime_t [UTC]",Category
+"12/15/2023, 11:00:06.143 AM","[""dev3cf41col01""]","534a1d7f-21bf-4a05-8574-cc6d46b80616","Capture Account authentication for varadm","12/15/2023, 10:54:00.000 AM",Medium,1,New,1,1,"[""varadm (dev3cf41.com)""]","[""varadm""]","[""dev3cf41.com(AD-dev3cf41.com)""]","[false]","[false]","[""Active Directory""]","[""AD-dev3cf41.com""]","12/15/2023, 10:53:00.000 AM","12/15/2023, 10:59:34.000 AM","Privilege Escalation"
+"12/15/2023, 11:00:06.143 AM","[""dev3cf41col01""]","b871d1e2-eb98-4ae1-b2e0-202bf46d6dab","Capture Access request for varadm","12/15/2023, 10:54:00.000 AM",Low,2,New,1,1,"[""varadm (dev3cf41.com)""]","[""varadm""]","[""dev3cf41.com(AD-dev3cf41.com)""]","[false]","[false]","[""Active Directory""]","[""AD-dev3cf41.com""]","12/15/2023, 10:53:00.000 AM","12/15/2023, 10:59:31.000 AM","Privilege Escalation"
+"12/15/2023, 11:10:05.152 AM","[""dev3cf41col01""]","811a536a-e64c-45f2-b66f-45c799ef1604","Capture Access request for varadm","12/15/2023, 11:04:00.000 AM",Low,2,New,1,1,"[""varadm (dev3cf41.com)""]","[""varadm""]","[""dev3cf41.com(AD-dev3cf41.com)""]","[false]","[false]","[""Active Directory""]","[""AD-dev3cf41.com""]","12/15/2023, 11:03:00.000 AM","12/15/2023, 11:09:34.000 AM","Privilege Escalation"
+"12/15/2023, 11:10:05.152 AM","[""dev3cf41col01""]","8d8c3027-06ea-4e18-b22a-49f1dd84e5ab","Capture Account authentication for varadm","12/15/2023, 11:04:00.000 AM",Medium,1,New,1,1,"[""varadm (dev3cf41.com)""]","[""varadm""]","[""dev3cf41.com(AD-dev3cf41.com)""]","[false]","[false]","[""Active Directory""]","[""AD-dev3cf41.com""]","12/15/2023, 11:03:00.000 AM","12/15/2023, 11:09:31.000 AM","Privilege Escalation"
+"12/15/2023, 11:11:04.496 AM",,"ee030abc-9127-4fb1-a0da-061db55eb8a7","Capture Network Service activity","12/15/2023, 11:05:00.000 AM",Low,2,New,1,1,"[""Network Service (Abstract)""]","[""Network Service""]","[""dev3cf41.com(AD-dev3cf41.com)""]","[false]","[false]","[""Active Directory""]","[""AD-dev3cf41.com""]","12/15/2023, 11:04:00.000 AM","12/15/2023, 11:10:08.000 AM","Privilege Escalation"
+"12/15/2023, 11:12:04.977 AM","[""dev3cf41col01""]","d5dc935e-c36d-47f8-a734-8ed274e74700","Capture Account authentication for varadm","12/15/2023, 11:06:00.000 AM",Medium,1,New,1,1,"[""varadm (dev3cf41.com)""]","[""varadm""]","[""dev3cf41.com(AD-dev3cf41.com)""]","[false]","[false]","[""Active Directory""]","[""AD-dev3cf41.com""]","12/15/2023, 11:05:00.000 AM","12/15/2023, 11:11:34.000 AM","Privilege Escalation"
+"12/15/2023, 11:12:04.977 AM","[""dev3cf41col01""]","8a218cb7-7a34-47fb-8ac8-796034e0d565","Capture Access request for varadm","12/15/2023, 11:06:00.000 AM",Low,2,New,1,1,"[""varadm (dev3cf41.com)""]","[""varadm""]","[""dev3cf41.com(AD-dev3cf41.com)""]","[false]","[false]","[""Active Directory""]","[""AD-dev3cf41.com""]","12/15/2023, 11:05:00.000 AM","12/15/2023, 11:11:31.000 AM","Privilege Escalation"
+"12/15/2023, 11:14:04.411 AM","[""dev3cf41col01""]","83616a14-81a3-46f5-85e7-3ce110ef3878","Capture Access request for varadm","12/15/2023, 11:08:00.000 AM",Low,2,New,1,1,"[""varadm (dev3cf41.com)""]","[""varadm""]","[""dev3cf41.com(AD-dev3cf41.com)""]","[false]","[false]","[""Active Directory""]","[""AD-dev3cf41.com""]","12/15/2023, 11:07:00.000 AM","12/15/2023, 11:13:34.000 AM","Privilege Escalation"
+"12/15/2023, 11:14:04.411 AM","[""dev3cf41col01""]","46366252-ce0a-4b72-9b09-abd7be7a5d79","Capture Account authentication for varadm","12/15/2023, 11:08:00.000 AM",Medium,1,New,1,1,"[""varadm (dev3cf41.com)""]","[""varadm""]","[""dev3cf41.com(AD-dev3cf41.com)""]","[false]","[false]","[""Active Directory""]","[""AD-dev3cf41.com""]","12/15/2023, 11:07:00.000 AM","12/15/2023, 11:13:31.000 AM","Privilege Escalation"
+"12/15/2023, 11:26:04.737 AM","[""dev3cf41col01""]","d81abc48-0ace-408e-89e7-512bcf2cdb35","Capture Access request for varadm","12/15/2023, 11:20:00.000 AM",Low,2,New,1,1,"[""varadm (dev3cf41.com)""]","[""varadm""]","[""dev3cf41.com(AD-dev3cf41.com)""]","[false]","[false]","[""Active Directory""]","[""AD-dev3cf41.com""]","12/15/2023, 11:20:00.000 AM","12/15/2023, 11:25:35.000 AM","Privilege Escalation"
--- a/Connectors/VaronisSaaS_API_FunctionApp.json
+++ b/Connectors/VaronisSaaS_API_FunctionApp.json
@ -2,7 +2,7 @@
  "id": "VaronisSaaS",
  "title": "Varonis SaaS",
  "publisher": "Varonis",
-  "descriptionMarkdown": "Varonis SaaS provides the capability to ingest [Varonis Alerts](https://varonisdatalertservicemockwebapi20230907161659.azurewebsites.net/Alert/alerts) into Microsoft Sentinel.",
+  "descriptionMarkdown": "Varonis SaaS provides the capability to ingest [Varonis Alerts](https://www.varonis.com/products/datalert) into Microsoft Sentinel.",
  "graphQueriesTableName": "VaronisAlerts_CL",
  "graphQueries": [
    {
@ -78,12 +78,7 @@
    },
    {
      "title": "",
-      "description": "**For Azure function and related services installation use:**\n\n [![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2Fvkorenkov-varonis%2Fsentinel%2Fmaster%2Fazuredeploy.json)"
-    },
-
-    {
-      "title": "",
-      "description": ">**NOTE:** This data connector depends on a parser based on a Kusto Function to work as expected [**CiscoSecureEndpoint**](https://aka.ms/sentinel-ciscosecureendpoint-parser) which is deployed with the Microsoft Sentinel Solution."
+      "description": "**For Azure function and related services installation use:**\n\n [![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FVaronisSaaS%2FData%2520Connectors%2Fazuredeploy.json)"
    },
    {
      "title": "",
--- a/Connectors/azuredeploy.json
+++ b/Connectors/azuredeploy.json
@ -78,7 +78,7 @@
    },
    "packageUri": {
      "type": "string",
-      "defaultValue": "https://github.com/vkorenkov-varonis/sentinel/raw/master/Varonis.Sentinel.Functions.zip",
+      "defaultValue": "https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/VaronisSaaS/Data%20Connectors/Varonis.Sentinel.Functions.zip",
      "metadata": {
        "description": "The zip content url."
      }
--- a/Solutions/VaronisSaaS/Data/Solution_VaronisSaaS.json
+++ b/Solutions/VaronisSaaS/Data/Solution_VaronisSaaS.json
@ -1,7 +1,7 @@
 {
  "Name": "VaronisSaaS",
  "Author": "Varonis",
-  "Logo": "<img src=\"\" width=\"75px\" height=\"75px\">",
+  "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/VaronisLogo.svg\" width=\"75px\" height=\"75px\">",
  "Description": "The Varonis SaaS integration allows you to retrieve Varonis DatAlert alerts, create incident and pull activities related to the alerts for conducting investigations.",
  "Workbooks": ["Workbooks/VaronisSaaS.json"],
  "Data Connectors": ["Data Connectors/VaronisSaaS_API_FunctionApp.json"],
--- a/Solutions/VaronisSaaS/README.md
+++ b/Solutions/VaronisSaaS/README.md