Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Microsoft Project Template Package

This commit is contained in:
Eli Forbes 2022-05-25 12:51:10 -07:00
Родитель 0a935c11c8
Коммит b86ebfa6ab
6 изменённых файлов: 439 добавлений и 0 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

79
Solutions/Microsoft Project/Data Connectors/template_Office365Project.JSON Normal file
Просмотреть файл

@ -0,0 +1,79 @@
{
"id": "Office365Project",
"title": "Microsoft Project",
"publisher": "Microsoft",
"logo": "Project.svg",
"descriptionMarkdown": "Microsoft Project (MSP) is a project management software solution. Depending on your plan, Microsoft Project lets you plan projects, assign tasks, manage resources, create reports and more. This connector allows you to stream your Azure Project audit logs into Microsoft Sentinel in order to track your project activities.",
"graphQueries": [
{
"metricName": "Total data received",
"legend": "Microsoft Project",
"baseQuery": "ProjectActivity"
}
],
"sampleQueries": [
{
"description": "Office Project Logs",
"query": "ProjectActivity\n | sort by TimeGenerated"
}
],
"connectivityCriterias": [
{
"type": "SentinelKinds",
"value": [
"Office365Project"
]
}
],
"dataTypes": [
{
"name": "ProjectActivity",
"lastDataReceivedQuery": "ProjectActivity\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)"
}
],
"availability": {
"status": 1,
"isPreview": false
},
"permissions": {
"resourceProvider": [
{
"provider": "Microsoft.OperationalInsights/workspaces",
"permissionsDisplayText": "read and write permissions.",
"providerDisplayName": "Workspace",
"scope": "Workspace",
"requiredPermissions": {
"read": true,
"write": true,
"delete": true
}
}
],
"tenant": [
"GlobalAdmin",
"SecurityAdmin"
],
"customs": [
{
"name": "License",
"description": "\"Microsoft Project eligible license is required.\""
}
]
},
"instructionSteps": [
{
"title": "Connect Microsoft Project audit logs to Microsoft Sentinel",
"description": "This connector uses the Office Management API to get your Project audit logs. The logs will be stored and processed in your existing Microsoft Sentinel workspace. You can find the data in the **ProjectActivity** table.",
"instructions": [
{
"parameters": {
"connectorKind": "Office365Project",
"title": "Microsoft Project",
"enable": true
},
"type": "SentinelResourceProvider"
}
]
}
]
}

14
Solutions/Microsoft Project/Data/Solution_MicrosoftProject.json Normal file
Просмотреть файл

@ -0,0 +1,14 @@
{
"Name": "Microsoft Project",
"Author": "Microsoft",
"Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Workbooks/Images/Logos/Microsoft_logo.svg\" width=\"75px\" height=\"75px\">",
"Description": "The [Microsoft Project](https://www.microsoft.com/en-us/microsoft-365/project/project-management-software) solution allows you to stream your Microsoft Project audit logs into Microsoft Sentinel in order to track your project activities.\n\n**Underlying Microsoft Technologies used:**\n\nThis solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\n\n- [Office Management API](https://docs.microsoft.com/office/office-365-management-api/office-365-management-apis-overview)",
"Data Connectors": [
"Solutions/Microsoft Project/Data Connectors/template_Office365Project.JSON"
],
"BasePath": "C:\\Users\\v-eliforbes\\Azure-Sentinel",
"Version": "2.0.0",
"Metadata": "SolutionMetadata.json",
"TemplateSpec": true,
"Is1PConnector": true
}

Двоичные данные
Solutions/Microsoft Project/Package/2.0.0.zip Normal file
Просмотреть файл

Двоичный файл не отображается.

75
Solutions/Microsoft Project/Package/createUiDefinition.json Normal file
Просмотреть файл

@ -0,0 +1,75 @@
{
"$schema": "https://schema.management.azure.com/schemas/0.1.2-preview/CreateUIDefinition.MultiVm.json#",
"handler": "Microsoft.Azure.CreateUIDef",
"version": "0.1.2-preview",
"parameters": {
"config": {
"isWizard": false,
"basics": {
"description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Workbooks/Images/Logos/Microsoft_logo.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** _There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing._\n\nThe [Microsoft Project](https://www.microsoft.com/en-us/microsoft-365/project/project-management-software) solution allows you to stream your Microsoft Project audit logs into Microsoft Sentinel in order to track your project activities.\n\n**Underlying Microsoft Technologies used:**\n\nThis solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\n\n- [Office Management API](https://docs.microsoft.com/office/office-365-management-api/office-365-management-apis-overview)\n\n**Data Connectors:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
"subscription": {
"resourceProviders": [
"Microsoft.OperationsManagement/solutions",
"Microsoft.OperationalInsights/workspaces/providers/alertRules",
"Microsoft.Insights/workbooks",
"Microsoft.Logic/workflows"
]
},
"location": {
"metadata": {
"hidden": "Hiding location, we get it from the log analytics workspace"
},
"visible": false
},
"resourceGroup": {
"allowExisting": true
}
}
},
"basics": [
{
"name": "getLAWorkspace",
"type": "Microsoft.Solutions.ArmApiControl",
"toolTip": "This filters by workspaces that exist in the Resource Group selected",
"condition": "[greater(length(resourceGroup().name),0)]",
"request": {
"method": "GET",
"path": "[concat(subscription().id,'/providers/Microsoft.OperationalInsights/workspaces?api-version=2020-08-01')]"
}
},
{
"name": "workspace",
"type": "Microsoft.Common.DropDown",
"label": "Workspace",
"placeholder": "Select a workspace",
"toolTip": "This dropdown will list only workspace that exists in the Resource Group selected",
"constraints": {
"allowedValues": "[map(filter(basics('getLAWorkspace').value, (filter) => contains(toLower(filter.id), toLower(resourceGroup().name))), (item) => parse(concat('{\"label\":\"', item.name, '\",\"value\":\"', item.name, '\"}')))]",
"required": true
},
"visible": true
}
],
"steps": [
{
"name": "dataconnectors",
"label": "Data Connectors",
"bladeTitle": "Data Connectors",
"elements": [
{
"name": "dataconnectors1-text",
"type": "Microsoft.Common.TextBlock",
"options": {
"text": "This solution installs the data connector to enable ingestion of your Microsoft Project audit logs. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
}
}
]
}
],
"outputs": {
"workspace-location": "[first(map(filter(basics('getLAWorkspace').value, (filter) => and(contains(toLower(filter.id), toLower(resourceGroup().name)),equals(filter.name,basics('workspace')))), (item) => item.location))]",
"location": "[location()]",
"workspace": "[basics('workspace')]"
}
}
}

256
Solutions/Microsoft Project/Package/mainTemplate.json Normal file
Просмотреть файл

@ -0,0 +1,256 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"metadata": {
"author": "Microsoft",
"comments": "Solution template for Microsoft Project"
},
"parameters": {
"location": {
"type": "string",
"minLength": 1,
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Not used, but needed to pass arm-ttk test `Location-Should-Not-Be-Hardcoded`. We instead use the `workspace-location` which is derived from the LA workspace"
}
},
"workspace-location": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "[concat('Region to deploy solution resources -- separate from location selection',parameters('location'))]"
}
},
"workspace": {
"defaultValue": "",
"type": "string",
"metadata": {
"description": "Workspace name for Log Analytics where Microsoft Sentinel is setup"
}
}
},
"variables": {
"solutionId": "azuresentinel.azure-sentinel-solution-microsoftproject",
"_solutionId": "[variables('solutionId')]",
"workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]",
"uiConfigId1": "Office365Project",
"_uiConfigId1": "[variables('uiConfigId1')]",
"dataConnectorContentId1": "Office365Project",
"_dataConnectorContentId1": "[variables('dataConnectorContentId1')]",
"dataConnectorId1": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
"_dataConnectorId1": "[variables('dataConnectorId1')]",
"dataConnectorTemplateSpecName1": "[concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId1')))]",
"dataConnectorVersion1": "1.0.0"
},
"resources": [
{
"type": "Microsoft.Resources/templateSpecs",
"apiVersion": "2021-05-01",
"name": "[variables('dataConnectorTemplateSpecName1')]",
"location": "[parameters('workspace-location')]",
"tags": {
"hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
"hidden-sentinelContentType": "DataConnector"
},
"properties": {
"description": "Microsoft Project data connector with template",
"displayName": "Microsoft Project template"
}
},
{
"type": "Microsoft.Resources/templateSpecs/versions",
"apiVersion": "2021-05-01",
"name": "[concat(variables('dataConnectorTemplateSpecName1'),'/',variables('dataConnectorVersion1'))]",
"location": "[parameters('workspace-location')]",
"tags": {
"hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
"hidden-sentinelContentType": "DataConnector"
},
"dependsOn": [
"[resourceId('Microsoft.Resources/templateSpecs', variables('dataConnectorTemplateSpecName1'))]"
],
"properties": {
"description": "Microsoft Project data connector with template version 2.0.0",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('dataConnectorVersion1')]",
"parameters": {},
"variables": {},
"resources": [
{
"name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId1'))]",
"apiVersion": "2021-03-01-preview",
"type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
"location": "[parameters('workspace-location')]",
"kind": "StaticUI",
"properties": {
"connectorUiConfig": {
"id": "[variables('_uiConfigId1')]",
"title": "Microsoft Project",
"publisher": "Microsoft",
"descriptionMarkdown": "Microsoft Project (MSP) is a project management software solution. Depending on your plan, Microsoft Project lets you plan projects, assign tasks, manage resources, create reports and more. This connector allows you to stream your Azure Project audit logs into Microsoft Sentinel in order to track your project activities.",
"graphQueries": [
{
"metricName": "Total data received",
"legend": "Microsoft Project",
"baseQuery": "ProjectActivity"
}
],
"connectivityCriterias": [
{
"type": "SentinelKinds",
"value": [
"Office365Project"
]
}
],
"dataTypes": [
{
"name": "ProjectActivity",
"lastDataReceivedQuery": "ProjectActivity\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)"
}
]
}
}
},
{
"type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
"apiVersion": "2022-01-01-preview",
"name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]",
"properties": {
"parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
"contentId": "[variables('_dataConnectorContentId1')]",
"kind": "DataConnector",
"version": "[variables('dataConnectorVersion1')]",
"source": {
"kind": "Solution",
"name": "Microsoft Project",
"sourceId": "[variables('_solutionId')]"
},
"author": {
"name": "Microsoft"
},
"support": {
"name": "Microsoft",
"email": "support@microsoft.com",
"tier": "Microsoft",
"link": "https://support.microsoft.com"
}
}
}
]
}
}
},
{
"type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
"apiVersion": "2022-01-01-preview",
"name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]",
"dependsOn": [
"[variables('_dataConnectorId1')]"
],
"properties": {
"parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
"contentId": "[variables('_dataConnectorContentId1')]",
"kind": "DataConnector",
"version": "[variables('dataConnectorVersion1')]",
"source": {
"kind": "Solution",
"name": "Microsoft Project",
"sourceId": "[variables('_solutionId')]"
},
"author": {
"name": "Microsoft"
},
"support": {
"name": "Microsoft",
"email": "support@microsoft.com",
"tier": "Microsoft",
"link": "https://support.microsoft.com"
}
}
},
{
"name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId1'))]",
"apiVersion": "2021-03-01-preview",
"type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
"location": "[parameters('workspace-location')]",
"kind": "StaticUI",
"properties": {
"connectorUiConfig": {
"title": "Microsoft Project",
"publisher": "Microsoft",
"descriptionMarkdown": "Microsoft Project (MSP) is a project management software solution. Depending on your plan, Microsoft Project lets you plan projects, assign tasks, manage resources, create reports and more. This connector allows you to stream your Azure Project audit logs into Microsoft Sentinel in order to track your project activities.",
"graphQueries": [
{
"metricName": "Total data received",
"legend": "Microsoft Project",
"baseQuery": "ProjectActivity"
}
],
"dataTypes": [
{
"name": "ProjectActivity",
"lastDataReceivedQuery": "ProjectActivity\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)"
}
],
"connectivityCriterias": [
{
"type": "SentinelKinds",
"value": [
"Office365Project"
]
}
],
"id": "[variables('_uiConfigId1')]"
}
}
},
{
"type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
"apiVersion": "2022-01-01-preview",
"properties": {
"version": "2.0.0",
"kind": "Solution",
"contentSchemaVersion": "2.0.0",
"contentId": "[variables('_solutionId')]",
"parentId": "[variables('_solutionId')]",
"source": {
"kind": "Solution",
"name": "Microsoft Project",
"sourceId": "[variables('_solutionId')]"
},
"author": {
"name": "Microsoft"
},
"support": {
"name": "Microsoft",
"email": "support@microsoft.com",
"tier": "Microsoft",
"link": "https://support.microsoft.com"
},
"dependencies": {
"operator": "AND",
"criteria": [
{
"kind": "DataConnector",
"contentId": "[variables('_dataConnectorContentId1')]",
"version": "[variables('dataConnectorVersion1')]"
}
]
},
"firstPublishDate": "2022-05-23",
"providers": [
"Microsoft"
],
"categories": {
"domains": [
"Application"
]
}
},
"name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/', variables('_solutionId'))]"
}
],
"outputs": {}
}

15
Solutions/Microsoft Project/SolutionMetadata.json Normal file
Просмотреть файл

@ -0,0 +1,15 @@
{
"publisherId": "azuresentinel",
"offerId": "azure-sentinel-solution-microsoftproject",
"firstPublishDate": "2022-05-23",
"providers": ["Microsoft"],
"categories": {
"domains" : ["Application"]
},
"support": {
"name": "Microsoft",
"email": "support@microsoft.com",
"tier": "Microsoft",
"link": "https://support.microsoft.com"
}
}