updated title and description
This commit is contained in:
v-rusraut
Родитель
68e11a13d6
Коммит
ae0c8b0d91
|
|
@ -1,6 +1,6 @@
|
|||
{
|
||||
"id": "CyberArk",
|
||||
"title": "[Deprecated] CyberArk Enterprise Password Vault (EPV) Events via Legacy Agent ",
|
||||
"title": "[Deprecated] CyberArk Enterprise Password Vault (EPV) Events via Legacy Agent",
|
||||
"publisher": "Cyber-Ark",
|
||||
"descriptionMarkdown": "CyberArk Enterprise Password Vault generates an xml Syslog message for every action taken against the Vault. The EPV will send the xml messages through the Microsoft Sentinel.xsl translator to be converted into CEF standard format and sent to a syslog staging server of your choice (syslog-ng, rsyslog). The Log Analytics agent installed on your syslog staging server will import the messages into Microsoft Log Analytics. Refer to the [CyberArk documentation](https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/DV-Integrating-with-SIEM-Applications.htm) for more guidance on SIEM integrations.",
|
||||
"graphQueries": [{
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
{
|
||||
"id": "CyberArkAma",
|
||||
"title": "[Deprecated] CyberArk Privilege Access Manager (PAM) Events via AMA ",
|
||||
"title": "[Deprecated] CyberArk Privilege Access Manager (PAM) Events via AMA",
|
||||
"publisher": "Cyber-Ark",
|
||||
"descriptionMarkdown": "CyberArk Privilege Access Manager generates an xml Syslog message for every action taken against the Vault. The PAM will send the xml messages through the Microsoft Sentinel.xsl translator to be converted into CEF standard format and sent to a syslog staging server of your choice (syslog-ng, rsyslog). The Log Analytics agent installed on your syslog staging server will import the messages into Microsoft Log Analytics. Refer to the [CyberArk documentation](https://docs.cyberark.com/privilege-cloud-standard/Latest/en/Content/Privilege%20Cloud/privCloud-connect-siem.htm) for more guidance on SIEM integrations.",
|
||||
"graphQueries": [{
|
||||
|
|
|
|||
|
|
@ -1,8 +1,8 @@
|
|||
{
|
||||
"Name": "CyberArk Enterprise Password Vault (EPV) Events",
|
||||
"Name": "CyberArk Privilege Access Manager (PAM) Events",
|
||||
"Author": "Cyberark",
|
||||
"Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/CyberArk_Logo.svg\" width=\"75px\" height=\"75px\">",
|
||||
"Description": "[CyberArk Enterprise Password Vault](https://docs.cyberark.com/Product-Doc/OnlineHelp/AAM-CP/Latest/en/Content/CP%20for%20zOS/Installing-the-Enterprise-Password-Vault.htm?TocPath=Installation%7Cz%2FOS%20Credential%20Provider%7C_____2#:~:text=%20Enterprise%20Password%20Vault%20%201%20Install%20the,applications%20and%20create%2C%20request%2C%20access%20and...%20More%20) Solution for Microsoft Sentinel enables ingestion of Common Event Format (CEF) logs into Microsoft Sentinel. The EPV generates an xml Syslog message for every action taken against the Vault. The EPV will send the xml messages through the Sentinel.xsl translator to be converted into CEF standard format and sent to a syslog server of your choice (syslog-ng, rsyslog). The Log Analytics agent installed on your syslog staging server will import the messages into Azure Log Analytics. Refer to the [CyberArk documentation](https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/DV-Integrating-with-SIEM-Applications.htm) for more guidance on SIEM integrations.\n\n This solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.\n\n**NOTE:** Microsoft recommends installation of CEFvia AMA Connector. The existing connectors are about to be deprecated by **Aug 31, 2024.**",
|
||||
"Description": "[CyberArk Enterprise Password Vault](https://docs.cyberark.com/Product-Doc/OnlineHelp/AAM-CP/Latest/en/Content/CP%20for%20zOS/Installing-the-Enterprise-Password-Vault.htm?TocPath=Installation%7Cz%2FOS%20Credential%20Provider%7C_____2#:~:text=%20Enterprise%20Password%20Vault%20%201%20Install%20the,applications%20and%20create%2C%20request%2C%20access%20and...%20More%20) Solution for Microsoft Sentinel enables ingestion of Common Event Format (CEF) logs into Microsoft Sentinel. The EPV generates an xml Syslog message for every action taken against the Vault. The EPV will send the xml messages through the Sentinel.xsl translator to be converted into CEF standard format and sent to a syslog server of your choice (syslog-ng, rsyslog). The Log Analytics agent installed on your syslog staging server will import the messages into Azure Log Analytics. Refer to the [CyberArk documentation](https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/DV-Integrating-with-SIEM-Applications.htm) for more guidance on SIEM integrations.\n\n This solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.\n\n**NOTE:** Microsoft recommends installation of CEF via AMA Connector. The existing connectors are about to be deprecated by **Aug 31, 2024.**",
|
||||
"Data Connectors": [
|
||||
"Data Connectors/CyberArk Data Connector.json",
|
||||
"Data Connectors/template_CyberArkAMA.json"
|
||||
|
|
|
|||
Двоичный файл не отображается.
|
|
@ -6,7 +6,7 @@
|
|||
"config": {
|
||||
"isWizard": false,
|
||||
"basics": {
|
||||
"description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/CyberArk_Logo.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/CyberArk%20Enterprise%20Password%20Vault%20%28EPV%29%20Events/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\n[CyberArk Enterprise Password Vault](https://docs.cyberark.com/Product-Doc/OnlineHelp/AAM-CP/Latest/en/Content/CP%20for%20zOS/Installing-the-Enterprise-Password-Vault.htm?TocPath=Installation%7Cz%2FOS%20Credential%20Provider%7C_____2#:~:text=%20Enterprise%20Password%20Vault%20%201%20Install%20the,applications%20and%20create%2C%20request%2C%20access%20and...%20More%20) Solution for Microsoft Sentinel enables ingestion of Common Event Format (CEF) logs into Microsoft Sentinel. The EPV generates an xml Syslog message for every action taken against the Vault. The EPV will send the xml messages through the Sentinel.xsl translator to be converted into CEF standard format and sent to a syslog server of your choice (syslog-ng, rsyslog). The Log Analytics agent installed on your syslog staging server will import the messages into Azure Log Analytics. Refer to the [CyberArk documentation](https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/DV-Integrating-with-SIEM-Applications.htm) for more guidance on SIEM integrations.\n\n This solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.\n\n**NOTE:** Microsoft recommends installation of CEFvia AMA Connector. The existing connectors are about to be deprecated by **Aug 31, 2024.**\n\n**Data Connectors:** 2, **Workbooks:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
|
||||
"description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/CyberArk_Logo.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/CyberArk%20Enterprise%20Password%20Vault%20%28EPV%29%20Events/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\n[CyberArk Enterprise Password Vault](https://docs.cyberark.com/Product-Doc/OnlineHelp/AAM-CP/Latest/en/Content/CP%20for%20zOS/Installing-the-Enterprise-Password-Vault.htm?TocPath=Installation%7Cz%2FOS%20Credential%20Provider%7C_____2#:~:text=%20Enterprise%20Password%20Vault%20%201%20Install%20the,applications%20and%20create%2C%20request%2C%20access%20and...%20More%20) Solution for Microsoft Sentinel enables ingestion of Common Event Format (CEF) logs into Microsoft Sentinel. The EPV generates an xml Syslog message for every action taken against the Vault. The EPV will send the xml messages through the Sentinel.xsl translator to be converted into CEF standard format and sent to a syslog server of your choice (syslog-ng, rsyslog). The Log Analytics agent installed on your syslog staging server will import the messages into Azure Log Analytics. Refer to the [CyberArk documentation](https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/DV-Integrating-with-SIEM-Applications.htm) for more guidance on SIEM integrations.\n\n This solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.\n\n**NOTE:** Microsoft recommends installation of CEF via AMA Connector. The existing connectors are about to be deprecated by **Aug 31, 2024.**\n\n**Data Connectors:** 2, **Workbooks:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
|
||||
"subscription": {
|
||||
"resourceProviders": [
|
||||
"Microsoft.OperationsManagement/solutions",
|
||||
|
|
@ -60,7 +60,7 @@
|
|||
"name": "dataconnectors1-text",
|
||||
"type": "Microsoft.Common.TextBlock",
|
||||
"options": {
|
||||
"text": "This Solution installs the data connector for CyberArk Enterprise Password Vault (EPV) Events. You can get CyberArk Enterprise Password Vault (EPV) Events CommonSecurityLog data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
|
||||
"text": "This solution installs the data connector for ingesting CyberArk Privilege Access Manager (PAM) Events in the CEF format into Microsoft Sentinel. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
|
||||
}
|
||||
},
|
||||
{
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
"contentVersion": "1.0.0.0",
|
||||
"metadata": {
|
||||
"author": "Cyberark",
|
||||
"comments": "Solution template for CyberArk Enterprise Password Vault (EPV) Events"
|
||||
"comments": "Solution template for CyberArk Privilege Access Manager (PAM) Events"
|
||||
},
|
||||
"parameters": {
|
||||
"location": {
|
||||
|
|
@ -30,7 +30,7 @@
|
|||
},
|
||||
"workbook1-name": {
|
||||
"type": "string",
|
||||
"defaultValue": "CyberArk EPV Events",
|
||||
"defaultValue": "CyberArk PAM Events",
|
||||
"minLength": 1,
|
||||
"metadata": {
|
||||
"description": "Name for the workbook"
|
||||
|
|
@ -38,7 +38,7 @@
|
|||
}
|
||||
},
|
||||
"variables": {
|
||||
"_solutionName": "CyberArk Enterprise Password Vault (EPV) Events",
|
||||
"_solutionName": "CyberArk Privilege Access Manager (PAM) Events",
|
||||
"_solutionVersion": "3.0.2",
|
||||
"solutionId": "cyberark.cyberark_epv_events_mss",
|
||||
"_solutionId": "[variables('solutionId')]",
|
||||
|
|
@ -79,7 +79,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "CyberArk Enterprise Password Vault (EPV) Events data connector with template version 3.0.2",
|
||||
"description": "CyberArk Privilege Access Manager (PAM) Events data connector with template version 3.0.2",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('dataConnectorVersion1')]",
|
||||
|
|
@ -95,9 +95,9 @@
|
|||
"properties": {
|
||||
"connectorUiConfig": {
|
||||
"id": "[variables('_uiConfigId1')]",
|
||||
"title": "[Deprecated] CyberArk Enterprise Password Vault (EPV) Events via Legacy Agent ",
|
||||
"title": "[Deprecated] CyberArk Privilege Access Manager (PAM) Events via Legacy Agent",
|
||||
"publisher": "Cyber-Ark",
|
||||
"descriptionMarkdown": "CyberArk Enterprise Password Vault generates an xml Syslog message for every action taken against the Vault. The EPV will send the xml messages through the Microsoft Sentinel.xsl translator to be converted into CEF standard format and sent to a syslog staging server of your choice (syslog-ng, rsyslog). The Log Analytics agent installed on your syslog staging server will import the messages into Microsoft Log Analytics. Refer to the [CyberArk documentation](https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/DV-Integrating-with-SIEM-Applications.htm) for more guidance on SIEM integrations.",
|
||||
"descriptionMarkdown": "CyberArk Privilege Access Manager generates an xml Syslog message for every action taken against the Vault. The PAM will send the xml messages through the Microsoft Sentinel.xsl translator to be converted into CEF standard format and sent to a syslog staging server of your choice (syslog-ng, rsyslog). The Log Analytics agent installed on your syslog staging server will import the messages into Microsoft Log Analytics. Refer to the [CyberArk documentation](https://docs.cyberark.com/privilege-cloud-standard/Latest/en/Content/Privilege%20Cloud/privCloud-connect-siem.htm) for more guidance on SIEM integrations.",
|
||||
"graphQueries": [
|
||||
{
|
||||
"metricName": "Total data received",
|
||||
|
|
@ -182,7 +182,7 @@
|
|||
"title": "1. Linux Syslog agent configuration"
|
||||
},
|
||||
{
|
||||
"description": "On the EPV configure the dbparm.ini to send Syslog messages in CEF format to the proxy machine. Make sure you to send the logs to port 514 TCP on the machines IP address.",
|
||||
"description": "On the PAM configure the dbparm.ini to send Syslog messages in CEF format to the proxy machine. Make sure you to send the logs to port 514 TCP on the machines IP address.",
|
||||
"title": "2. Forward Common Event Format (CEF) logs to Syslog agent"
|
||||
},
|
||||
{
|
||||
|
|
@ -236,7 +236,7 @@
|
|||
"version": "[variables('dataConnectorVersion1')]",
|
||||
"source": {
|
||||
"kind": "Solution",
|
||||
"name": "CyberArk Enterprise Password Vault (EPV) Events",
|
||||
"name": "CyberArk Privilege Access Manager (PAM) Events",
|
||||
"sourceId": "[variables('_solutionId')]"
|
||||
},
|
||||
"author": {
|
||||
|
|
@ -258,7 +258,7 @@
|
|||
"contentSchemaVersion": "3.0.0",
|
||||
"contentId": "[variables('_dataConnectorContentId1')]",
|
||||
"contentKind": "DataConnector",
|
||||
"displayName": "[Deprecated] CyberArk Enterprise Password Vault (EPV) Events via Legacy Agent ",
|
||||
"displayName": "[Deprecated] CyberArk Enterprise Password Vault (EPV) Events via Legacy Agent",
|
||||
"contentProductId": "[variables('_dataConnectorcontentProductId1')]",
|
||||
"id": "[variables('_dataConnectorcontentProductId1')]",
|
||||
"version": "[variables('dataConnectorVersion1')]"
|
||||
|
|
@ -279,7 +279,7 @@
|
|||
"version": "[variables('dataConnectorVersion1')]",
|
||||
"source": {
|
||||
"kind": "Solution",
|
||||
"name": "CyberArk Enterprise Password Vault (EPV) Events",
|
||||
"name": "CyberArk Privilege Access Manager (PAM) Events",
|
||||
"sourceId": "[variables('_solutionId')]"
|
||||
},
|
||||
"author": {
|
||||
|
|
@ -300,9 +300,9 @@
|
|||
"kind": "GenericUI",
|
||||
"properties": {
|
||||
"connectorUiConfig": {
|
||||
"title": "[Deprecated] CyberArk Enterprise Password Vault (EPV) Events via Legacy Agent ",
|
||||
"title": "[Deprecated] CyberArk Privilege Access Manager (PAM) Events via Legacy Agent",
|
||||
"publisher": "Cyber-Ark",
|
||||
"descriptionMarkdown": "CyberArk Enterprise Password Vault generates an xml Syslog message for every action taken against the Vault. The EPV will send the xml messages through the Microsoft Sentinel.xsl translator to be converted into CEF standard format and sent to a syslog staging server of your choice (syslog-ng, rsyslog). The Log Analytics agent installed on your syslog staging server will import the messages into Microsoft Log Analytics. Refer to the [CyberArk documentation](https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/DV-Integrating-with-SIEM-Applications.htm) for more guidance on SIEM integrations.",
|
||||
"descriptionMarkdown": "CyberArk Privilege Access Manager generates an xml Syslog message for every action taken against the Vault. The PAM will send the xml messages through the Microsoft Sentinel.xsl translator to be converted into CEF standard format and sent to a syslog staging server of your choice (syslog-ng, rsyslog). The Log Analytics agent installed on your syslog staging server will import the messages into Microsoft Log Analytics. Refer to the [CyberArk documentation](https://docs.cyberark.com/privilege-cloud-standard/Latest/en/Content/Privilege%20Cloud/privCloud-connect-siem.htm) for more guidance on SIEM integrations.",
|
||||
"graphQueries": [
|
||||
{
|
||||
"metricName": "Total data received",
|
||||
|
|
@ -387,7 +387,7 @@
|
|||
"title": "1. Linux Syslog agent configuration"
|
||||
},
|
||||
{
|
||||
"description": "On the EPV configure the dbparm.ini to send Syslog messages in CEF format to the proxy machine. Make sure you to send the logs to port 514 TCP on the machines IP address.",
|
||||
"description": "On the PAM configure the dbparm.ini to send Syslog messages in CEF format to the proxy machine. Make sure you to send the logs to port 514 TCP on the machines IP address.",
|
||||
"title": "2. Forward Common Event Format (CEF) logs to Syslog agent"
|
||||
},
|
||||
{
|
||||
|
|
@ -424,7 +424,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "CyberArk Enterprise Password Vault (EPV) Events data connector with template version 3.0.2",
|
||||
"description": "CyberArk Privilege Access Manager (PAM) Events data connector with template version 3.0.2",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('dataConnectorVersion2')]",
|
||||
|
|
@ -440,7 +440,7 @@
|
|||
"properties": {
|
||||
"connectorUiConfig": {
|
||||
"id": "[variables('_uiConfigId2')]",
|
||||
"title": "[Deprecated] CyberArk Privilege Access Manager (PAM) Events via AMA ",
|
||||
"title": "[Deprecated] CyberArk Privilege Access Manager (PAM) Events via AMA",
|
||||
"publisher": "Cyber-Ark",
|
||||
"descriptionMarkdown": "CyberArk Privilege Access Manager generates an xml Syslog message for every action taken against the Vault. The PAM will send the xml messages through the Microsoft Sentinel.xsl translator to be converted into CEF standard format and sent to a syslog staging server of your choice (syslog-ng, rsyslog). The Log Analytics agent installed on your syslog staging server will import the messages into Microsoft Log Analytics. Refer to the [CyberArk documentation](https://docs.cyberark.com/privilege-cloud-standard/Latest/en/Content/Privilege%20Cloud/privCloud-connect-siem.htm) for more guidance on SIEM integrations.",
|
||||
"graphQueries": [
|
||||
|
|
@ -520,7 +520,7 @@
|
|||
},
|
||||
{
|
||||
"title": "Step B. Forward Common Event Format (CEF) logs to Syslog agent",
|
||||
"description": "On the EPV configure the dbparm.ini to send Syslog messages in CEF format to the proxy machine. Make sure you to send the logs to port 514 TCP on the machines IP address."
|
||||
"description": "On the PAM configure the dbparm.ini to send Syslog messages in CEF format to the proxy machine. Make sure you to send the logs to port 514 TCP on the machines IP address."
|
||||
|
||||
},
|
||||
{
|
||||
|
|
@ -577,7 +577,7 @@
|
|||
"version": "[variables('dataConnectorVersion2')]",
|
||||
"source": {
|
||||
"kind": "Solution",
|
||||
"name": "CyberArk Enterprise Password Vault (EPV) Events",
|
||||
"name": "CyberArk Privilege Access Manager (PAM) Events",
|
||||
"sourceId": "[variables('_solutionId')]"
|
||||
},
|
||||
"author": {
|
||||
|
|
@ -599,7 +599,7 @@
|
|||
"contentSchemaVersion": "3.0.0",
|
||||
"contentId": "[variables('_dataConnectorContentId2')]",
|
||||
"contentKind": "DataConnector",
|
||||
"displayName": "[Deprecated] CyberArk Privilege Access Manager (PAM) Events via AMA ",
|
||||
"displayName": "[Deprecated] CyberArk Privilege Access Manager (PAM) Events via AMA",
|
||||
"contentProductId": "[variables('_dataConnectorcontentProductId2')]",
|
||||
"id": "[variables('_dataConnectorcontentProductId2')]",
|
||||
"version": "[variables('dataConnectorVersion2')]"
|
||||
|
|
@ -620,7 +620,7 @@
|
|||
"version": "[variables('dataConnectorVersion2')]",
|
||||
"source": {
|
||||
"kind": "Solution",
|
||||
"name": "CyberArk Enterprise Password Vault (EPV) Events",
|
||||
"name": "CyberArk Privilege Access Manager (PAM) Events",
|
||||
"sourceId": "[variables('_solutionId')]"
|
||||
},
|
||||
"author": {
|
||||
|
|
@ -641,7 +641,7 @@
|
|||
"kind": "GenericUI",
|
||||
"properties": {
|
||||
"connectorUiConfig": {
|
||||
"title": "[Deprecated] CyberArk Privilege Access Manager (PAM) Events via AMA ",
|
||||
"title": "[Deprecated] CyberArk Privilege Access Manager (PAM) Events via AMA",
|
||||
"publisher": "Cyber-Ark",
|
||||
"descriptionMarkdown": "CyberArk Privilege Access Manager generates an xml Syslog message for every action taken against the Vault. The PAM will send the xml messages through the Microsoft Sentinel.xsl translator to be converted into CEF standard format and sent to a syslog staging server of your choice (syslog-ng, rsyslog). The Log Analytics agent installed on your syslog staging server will import the messages into Microsoft Log Analytics. Refer to the [CyberArk documentation](https://docs.cyberark.com/privilege-cloud-standard/Latest/en/Content/Privilege%20Cloud/privCloud-connect-siem.htm) for more guidance on SIEM integrations.",
|
||||
"graphQueries": [
|
||||
|
|
@ -721,7 +721,7 @@
|
|||
},
|
||||
{
|
||||
"title": "Step B. Forward Common Event Format (CEF) logs to Syslog agent",
|
||||
"description": "On the EPV configure the dbparm.ini to send Syslog messages in CEF format to the proxy machine. Make sure you to send the logs to port 514 TCP on the machines IP address."
|
||||
"description": "On the PAM configure the dbparm.ini to send Syslog messages in CEF format to the proxy machine. Make sure you to send the logs to port 514 TCP on the machines IP address."
|
||||
|
||||
},
|
||||
{
|
||||
|
|
@ -850,9 +850,9 @@
|
|||
"version": "3.0.2",
|
||||
"kind": "Solution",
|
||||
"contentSchemaVersion": "3.0.0",
|
||||
"displayName": "CyberArk Enterprise Password Vault (EPV) Events",
|
||||
"displayName": "CyberArk Privilege Access Manager (PAM) Events",
|
||||
"publisherDisplayName": "Cyberark",
|
||||
"descriptionHtml": "<p><strong>Note:</strong> Please refer to the following before installing the solution:</p>\n<p>• Review the solution <a href=\"https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/CyberArk%20Enterprise%20Password%20Vault%20%28EPV%29%20Events/ReleaseNotes.md\">Release Notes</a></p>\n<p>• There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</p>\n<p><a href=\"https://docs.cyberark.com/Product-Doc/OnlineHelp/AAM-CP/Latest/en/Content/CP%20for%20zOS/Installing-the-Enterprise-Password-Vault.htm?TocPath=Installation%7Cz%2FOS%20Credential%20Provider%7C_____2#:%7E:text=%20Enterprise%20Password%20Vault%20%201%20Install%20the,applications%20and%20create%2C%20request%2C%20access%20and...%20More%20\">CyberArk Enterprise Password Vault</a> Solution for Microsoft Sentinel enables ingestion of Common Event Format (CEF) logs into Microsoft Sentinel. The EPV generates an xml Syslog message for every action taken against the Vault. The EPV will send the xml messages through the Sentinel.xsl translator to be converted into CEF standard format and sent to a syslog server of your choice (syslog-ng, rsyslog). The Log Analytics agent installed on your syslog staging server will import the messages into Azure Log Analytics. Refer to the <a href=\"https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/DV-Integrating-with-SIEM-Applications.htm\">CyberArk documentation</a> for more guidance on SIEM integrations.</p>\n<p>This solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.</p>\n<p><strong>NOTE:</strong> Microsoft recommends installation of CEFvia AMA Connector. The existing connectors are about to be deprecated by <strong>Aug 31, 2024.</strong></p>\n<p><strong>Data Connectors:</strong> 2, <strong>Workbooks:</strong> 1</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
|
||||
"descriptionHtml": "<p><strong>Note:</strong> Please refer to the following before installing the solution:</p>\n<p>• Review the solution <a href=\"https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/CyberArk%20Enterprise%20Password%20Vault%20%28EPV%29%20Events/ReleaseNotes.md\">Release Notes</a></p>\n<p>• There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</p>\n<p><a href=\"https://docs.cyberark.com/Product-Doc/OnlineHelp/AAM-CP/Latest/en/Content/CP%20for%20zOS/Installing-the-Enterprise-Password-Vault.htm?TocPath=Installation%7Cz%2FOS%20Credential%20Provider%7C_____2#:%7E:text=%20Enterprise%20Password%20Vault%20%201%20Install%20the,applications%20and%20create%2C%20request%2C%20access%20and...%20More%20\">CyberArk Enterprise Password Vault</a> Solution for Microsoft Sentinel enables ingestion of Common Event Format (CEF) logs into Microsoft Sentinel. The EPV generates an xml Syslog message for every action taken against the Vault. The EPV will send the xml messages through the Sentinel.xsl translator to be converted into CEF standard format and sent to a syslog server of your choice (syslog-ng, rsyslog). The Log Analytics agent installed on your syslog staging server will import the messages into Azure Log Analytics. Refer to the <a href=\"https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/DV-Integrating-with-SIEM-Applications.htm\">CyberArk documentation</a> for more guidance on SIEM integrations.</p>\n<p>This solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.</p>\n<p><strong>NOTE:</strong> Microsoft recommends installation of CEF via AMA Connector. The existing connectors are about to be deprecated by <strong>Aug 31, 2024.</strong></p>\n<p><strong>Data Connectors:</strong> 2, <strong>Workbooks:</strong> 1</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
|
||||
"contentKind": "Solution",
|
||||
"contentProductId": "[variables('_solutioncontentProductId')]",
|
||||
"id": "[variables('_solutioncontentProductId')]",
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче