Windows Forwarded Events Repackaging changes

2023-02-02 17:24:16 +05:30 · 2023-02-02 17:24:16 +05:30 · b9f3a2dace
--- a/Connectors/WindowsForwardedEvents.JSON
+++ b/Connectors/WindowsForwardedEvents.JSON
@ -2,7 +2,7 @@
    "id": "WindowsForwardedEvents",
    "title": "Windows Forwarded Events",
    "publisher": "Microsoft",
-    "descriptionMarkdown": "You can stream all Windows Event Forwarding (WEF) logs from the Windows Servers connected to your Microsoft Sentinel workspace using Azure Monitor Agent (AMA).\n\tThis connection enables you to view dashboards, create custom alerts, and improve investigation.\n\tThis gives you more insight into your organization’s network and improves your security operation capabilities. For more information, see the [Microsoft Sentinel documentation >](https://go.microsoft.com/fwlink/p/?linkid=2219963&wt.mc_id=sentinel_dataconnectordocs_content_cnl_csasci).",
+    "descriptionMarkdown": "You can stream all Windows Event Forwarding (WEF) logs from the Windows Servers connected to your Microsoft Sentinel workspace using Azure Monitor Agent (AMA).\n\tThis connection enables you to view dashboards, create custom alerts, and improve investigation.\n\tThis gives you more insight into your organization’s network and improves your security operation capabilities. For more information, see the [Microsoft Sentinel documentation](https://go.microsoft.com/fwlink/p/?linkid=2219963&wt.mc_id=sentinel_dataconnectordocs_content_cnl_csasci).",
    "graphQueries": [
        {
            "metricName": "Total data received",
--- a/Events/Data/Solution_Windows
+++ b/Events/Data/Solution_Windows
@ -11,7 +11,7 @@
 	"Analytic Rules/SOURGUM_IOC_WindowsEvent.yaml"
  ],
  "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\Windows Forwarded Events",
-  "Version": "2.0.1",
+  "Version": "2.0.2",
  "Metadata": "SolutionMetadata.json",
  "TemplateSpec": true,
  "Is1Pconnector": true
--- a/Events/Package/2.0.2.zip
+++ b/Events/Package/2.0.2.zip
--- a/Events/Package/createUiDefinition.json
+++ b/Events/Package/createUiDefinition.json
@ -60,7 +60,7 @@
            "name": "dataconnectors1-text",
            "type": "Microsoft.Common.TextBlock",
            "options": {
-              "text": "This Solution installs the data connector for Windows Forwarded Events. You can get Windows Forwarded Events custom log data in your Microsoft Sentinel workspace. Configure and enable this data connector in the Data Connector gallery after this Solution deploys. This data connector creates custom log table(s) WindowsEvents in your Microsoft Sentinel / Azure Log Analytics workspace."
+              "text": "This Solution installs the data connector for Windows Forwarded Events. You can get Windows Forwarded Events custom log data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
            }
          },
          {
--- a/Events/Package/mainTemplate.json
+++ b/Events/Package/mainTemplate.json
@ -82,7 +82,7 @@
        "[resourceId('Microsoft.Resources/templateSpecs', variables('dataConnectorTemplateSpecName1'))]"
      ],
      "properties": {
-        "description": "Windows Forwarded Events data connector with template version 2.0.1",
+        "description": "Windows Forwarded Events data connector with template version 2.0.2",
        "mainTemplate": {
          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
          "contentVersion": "[variables('dataConnectorVersion1')]",
@ -100,7 +100,7 @@
                  "id": "[variables('_uiConfigId1')]",
                  "title": "Windows Forwarded Events",
                  "publisher": "Microsoft",
-                  "descriptionMarkdown": "You can stream all Windows Event Forwarding (WEF) logs from the Windows Servers connected to your Microsoft Sentinel workspace using Azure Monitor Agent (AMA).\n\tThis connection enables you to view dashboards, create custom alerts, and improve investigation.\n\tThis gives you more insight into your organization’s network and improves your security operation capabilities.",
+                  "descriptionMarkdown": "You can stream all Windows Event Forwarding (WEF) logs from the Windows Servers connected to your Microsoft Sentinel workspace using Azure Monitor Agent (AMA).\n\tThis connection enables you to view dashboards, create custom alerts, and improve investigation.\n\tThis gives you more insight into your organization’s network and improves your security operation capabilities. For more information, see the [Microsoft Sentinel documentation](https://go.microsoft.com/fwlink/p/?linkid=2219963&wt.mc_id=sentinel_dataconnectordocs_content_cnl_csasci).",
                  "graphQueries": [
                    {
                      "metricName": "Total data received",
@ -193,7 +193,7 @@
        "connectorUiConfig": {
          "title": "Windows Forwarded Events",
          "publisher": "Microsoft",
-          "descriptionMarkdown": "You can stream all Windows Event Forwarding (WEF) logs from the Windows Servers connected to your Microsoft Sentinel workspace using Azure Monitor Agent (AMA).\n\tThis connection enables you to view dashboards, create custom alerts, and improve investigation.\n\tThis gives you more insight into your organization’s network and improves your security operation capabilities.",
+          "descriptionMarkdown": "You can stream all Windows Event Forwarding (WEF) logs from the Windows Servers connected to your Microsoft Sentinel workspace using Azure Monitor Agent (AMA).\n\tThis connection enables you to view dashboards, create custom alerts, and improve investigation.\n\tThis gives you more insight into your organization’s network and improves your security operation capabilities. For more information, see the [Microsoft Sentinel documentation](https://go.microsoft.com/fwlink/p/?linkid=2219963&wt.mc_id=sentinel_dataconnectordocs_content_cnl_csasci).",
          "graphQueries": [
            {
              "metricName": "Total data received",
@ -244,7 +244,7 @@
        "[resourceId('Microsoft.Resources/templateSpecs', variables('analyticRuleTemplateSpecName1'))]"
      ],
      "properties": {
-        "description": "ChiaCryptoMining_WindowsEvent_AnalyticalRules Analytics Rule with template version 2.0.1",
+        "description": "ChiaCryptoMining_WindowsEvent_AnalyticalRules Analytics Rule with template version 2.0.2",
        "mainTemplate": {
          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
          "contentVersion": "[variables('analyticRuleVersion1')]",
@ -281,6 +281,9 @@
                "tactics": [
                  "Impact"
                ],
+                "techniques": [
+                  "T1496"
+                ],
                "entityMappings": [
                  {
                    "entityType": "Account",
@ -374,7 +377,7 @@
        "[resourceId('Microsoft.Resources/templateSpecs', variables('analyticRuleTemplateSpecName2'))]"
      ],
      "properties": {
-        "description": "SOURGUM_IOC_WindowsEvent_AnalyticalRules Analytics Rule with template version 2.0.1",
+        "description": "SOURGUM_IOC_WindowsEvent_AnalyticalRules Analytics Rule with template version 2.0.2",
        "mainTemplate": {
          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
          "contentVersion": "[variables('analyticRuleVersion2')]",
@ -411,6 +414,9 @@
                "tactics": [
                  "Persistence"
                ],
+                "techniques": [
+                  "T1546"
+                ],
                "entityMappings": [
                  {
                    "entityType": "Account",
@ -487,7 +493,7 @@
      "apiVersion": "2022-01-01-preview",
      "location": "[parameters('workspace-location')]",
      "properties": {
-        "version": "2.0.1",
+        "version": "2.0.2",
        "kind": "Solution",
        "contentSchemaVersion": "2.0.0",
        "contentId": "[variables('_solutionId')]",