Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Merge pull request #11193 from nipun-crestdatasystem/InfobloxSolutionPublishErrorFixes 

Adding infoblox solution publishing fixes
This commit is contained in:
v-prasadboke 2024-10-07 10:14:48 +05:30 коммит произвёл GitHub
Родитель 39e73200d0 4e0057db64
Коммит a3da44d02c
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: B5690EEEBB952194
4 изменённых файлов: 31 добавлений и 29 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

Двоичные данные
Solutions/Infoblox/Package/3.0.0.zip
Просмотреть файл

Двоичный файл не отображается.

58
Solutions/Infoblox/Package/mainTemplate.json
Просмотреть файл

@ -48,7 +48,7 @@
"variables": {
"_solutionName": "Infoblox",
"_solutionVersion": "3.0.0",
"solutionId": "infoblox.infoblox-sentinel",
"solutionId": "infoblox.infoblox-app-for-microsoft-sentinel",
"_solutionId": "[variables('solutionId')]",
"uiConfigId1": "InfobloxDataConnector",
"_uiConfigId1": "[variables('uiConfigId1')]",
@ -302,7 +302,9 @@
"playbookId17": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId17'))]",
"playbookTemplateSpecName17": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId17'))))]",
"_playbookcontentProductId17": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId17'),'-', variables('playbookVersion17'))))]",
"_solutioncontentProductId": "[concat(take(variables('_solutionId'),50),'-','sl','-', uniqueString(concat(variables('_solutionId'),'-','Solution','-',variables('_solutionId'),'-', variables('_solutionVersion'))))]"
"_solutioncontentProductId": "[concat(take(variables('_solutionId'),50),'-','sl','-', uniqueString(concat(variables('_solutionId'),'-','Solution','-',variables('_solutionId'),'-', variables('_solutionVersion'))))]",
"InfobloxInsightID": "InfobloxInsightID",
"_Infoblox_Insight_ID": "[variables('InfobloxInsightID')]"
},
"resources": [
{
@ -3283,10 +3285,10 @@
"status": "Available",
"requiredDataConnectors": [
{
"connectorId": "InfobloxSOCInsightsDataConnector_API",
"dataTypes": [
"InfobloxInsight"
]
],
"connectorId": "InfobloxSOCInsightsDataConnector_API"
}
],
"tactics": [
@ -3298,16 +3300,15 @@
],
"entityMappings": [
{
"entityType": "SecurityGroup",
"fieldMappings": [
{
"columnName": "InfobloxInsightID",
"identifier": "ObjectGuid"
}
]
],
"entityType": "SecurityGroup"
},
{
"entityType": "Malware",
"fieldMappings": [
{
"columnName": "ThreatClass",
@ -3317,29 +3318,30 @@
"columnName": "ThreatProperty",
"identifier": "Category"
}
]
],
"entityType": "Malware"
}
],
"eventGroupingSettings": {
"aggregationKind": "AlertPerResult"
},
"customDetails": {
"UnblockedHits": "NotBlockedCount",
"Status": "Status",
"Severity": "Priority",
"PersistentDate": "PersistentDate",
"BlockedHits": "BlockedCount",
"FirstSeen": "FirstSeen",
"SpreadingDate": "SpreadingDate",
"LastSeen": "LastSeen",
"FeedSource": "FeedSource",
"Status": "Status",
"BlockedHits": "BlockedCount",
"InfobloxInsightID": "InfobloxInsightID",
"InfobloxInsightID": "[variables('_Infoblox_Insight_ID')]",
"TotalHits": "EventsCount",
"PersistentDate": "PersistentDate"
"UnblockedHits": "NotBlockedCount"
},
"alertDetailsOverride": {
"alertDescriptionFormat": "Observed via API. {{ThreatFamily}}. Last Observation: {{LastSeen}}",
"alertDisplayNameFormat": "Infoblox - SOC Insight - {{ThreatClass}} {{ThreatProperty}}",
"alertSeverityColumnName": "IncidentSeverity",
"alertDisplayNameFormat": "Infoblox - SOC Insight - {{ThreatClass}} {{ThreatProperty}}"
"alertDescriptionFormat": "Observed via API. {{ThreatFamily}}. Last Observation: {{LastSeen}}"
},
"incidentConfiguration": {
"createIncident": true
@ -3423,16 +3425,16 @@
"status": "Available",
"requiredDataConnectors": [
{
"connectorId": "InfobloxSOCInsightsDataConnector_Legacy",
"dataTypes": [
"CommonSecurityLog (InfobloxCDC_SOCInsights)"
]
],
"connectorId": "InfobloxSOCInsightsDataConnector_Legacy"
},
{
"connectorId": "InfobloxSOCInsightsDataConnector_AMA",
"dataTypes": [
"CommonSecurityLog (InfobloxCDC_SOCInsights)"
]
],
"connectorId": "InfobloxSOCInsightsDataConnector_AMA"
}
],
"tactics": [
@ -3444,16 +3446,15 @@
],
"entityMappings": [
{
"entityType": "SecurityGroup",
"fieldMappings": [
{
"columnName": "InfobloxInsightID",
"identifier": "ObjectGuid"
}
]
],
"entityType": "SecurityGroup"
},
{
"entityType": "Malware",
"fieldMappings": [
{
"columnName": "ThreatClass",
@ -3463,24 +3464,25 @@
"columnName": "ThreatProperty",
"identifier": "Category"
}
]
],
"entityType": "Malware"
}
],
"eventGroupingSettings": {
"aggregationKind": "AlertPerResult"
},
"customDetails": {
"Status": "Status",
"UnblockedHits": "NotBlockedCount",
"BlockedHits": "BlockedCount",
"TotalHits": "EventsCount",
"FeedSource": "FeedSource",
"Status": "Status",
"BlockedHits": "BlockedCount",
"InfobloxInsightID": "InfobloxInsightID"
"InfobloxInsightID": "[variables('_Infoblox_Insight_ID')]"
},
"alertDetailsOverride": {
"alertDescriptionFormat": "Observed via CDC. {{ThreatFamily}}. {{Message}}",
"alertDisplayNameFormat": "Infoblox - SOC Insight - {{ThreatClass}} {{ThreatProperty}}",
"alertSeverityColumnName": "IncidentSeverity",
"alertDisplayNameFormat": "Infoblox - SOC Insight - {{ThreatClass}} {{ThreatProperty}}"
"alertDescriptionFormat": "Observed via CDC. {{ThreatFamily}}. {{Message}}"
},
"incidentConfiguration": {
"createIncident": true

0
Solutions/Infoblox/ReleaseNotes → Solutions/Infoblox/ReleaseNotes.md
Просмотреть файл

2
Solutions/Infoblox/SolutionMetadata.json
Просмотреть файл

@ -1,6 +1,6 @@
{
"publisherId": "infoblox",
"offerId": "infoblox-sentinel",
"offerId": "infoblox-app-for-microsoft-sentinel",
"firstPublishDate": "2024-07-15",
"lastPublishDate": "2024-07-15",
"providers": [