Updated solution packages
This commit is contained in:
v-amolpatil
Родитель
3a2c56770d
Коммит
c159d79f05
Двоичный файл не отображается.
|
|
@ -49,7 +49,7 @@
|
|||
"email": "support@microsoft.com",
|
||||
"_email": "[variables('email')]",
|
||||
"_solutionName": "GitHub",
|
||||
"_solutionVersion": "3.0.5",
|
||||
"_solutionVersion": "3.0.6",
|
||||
"solutionId": "microsoftcorporation1622712991604.sentinel4github",
|
||||
"_solutionId": "[variables('solutionId')]",
|
||||
"workbookVersion1": "1.0.0",
|
||||
|
|
@ -203,29 +203,29 @@
|
|||
"huntingQueryTemplateSpecName8": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('f18c4dfb-4fa6-4a9d-9bd3-f7569d1d685a')))]"
|
||||
},
|
||||
"parserObject1": {
|
||||
"_parserName1": "[concat(parameters('workspace'),'/','Parser-for-GitHubAuditData')]",
|
||||
"_parserId1": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser-for-GitHubAuditData')]",
|
||||
"_parserName1": "[concat(parameters('workspace'),'/','GitHubAuditData')]",
|
||||
"_parserId1": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'GitHubAuditData')]",
|
||||
"parserTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring('GitHubAuditData-Parser')))]",
|
||||
"parserVersion1": "1.0.0",
|
||||
"parserContentId1": "GitHubAuditData-Parser"
|
||||
},
|
||||
"parserObject2": {
|
||||
"_parserName2": "[concat(parameters('workspace'),'/','Parser-for-GitHubCodeScanningData')]",
|
||||
"_parserId2": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser-for-GitHubCodeScanningData')]",
|
||||
"_parserName2": "[concat(parameters('workspace'),'/','GitHubCodeScanningData')]",
|
||||
"_parserId2": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'GitHubCodeScanningData')]",
|
||||
"parserTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring('GitHubCodeScanningData-Parser')))]",
|
||||
"parserVersion2": "1.0.0",
|
||||
"parserContentId2": "GitHubCodeScanningData-Parser"
|
||||
},
|
||||
"parserObject3": {
|
||||
"_parserName3": "[concat(parameters('workspace'),'/','Parser-for-GitHubDependabotData')]",
|
||||
"_parserId3": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser-for-GitHubDependabotData')]",
|
||||
"_parserName3": "[concat(parameters('workspace'),'/','GitHubDependabotData')]",
|
||||
"_parserId3": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'GitHubDependabotData')]",
|
||||
"parserTemplateSpecName3": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring('GitHubDependabotData-Parser')))]",
|
||||
"parserVersion3": "1.0.0",
|
||||
"parserContentId3": "GitHubDependabotData-Parser"
|
||||
},
|
||||
"parserObject4": {
|
||||
"_parserName4": "[concat(parameters('workspace'),'/','Parser-for-GitHubSecretScanningData')]",
|
||||
"_parserId4": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser-for-GitHubSecretScanningData')]",
|
||||
"_parserName4": "[concat(parameters('workspace'),'/','GitHubSecretScanningData')]",
|
||||
"_parserId4": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'GitHubSecretScanningData')]",
|
||||
"parserTemplateSpecName4": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring('GitHubSecretScanningData-Parser')))]",
|
||||
"parserVersion4": "1.0.0",
|
||||
"parserContentId4": "GitHubSecretScanningData-Parser"
|
||||
|
|
@ -260,7 +260,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "GitHubAdvancedSecurity Workbook with template version 3.0.5",
|
||||
"description": "GitHubAdvancedSecurity Workbook with template version 3.0.6",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('workbookVersion1')]",
|
||||
|
|
@ -348,7 +348,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "GitHub Workbook with template version 3.0.5",
|
||||
"description": "GitHub Workbook with template version 3.0.6",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('workbookVersion2')]",
|
||||
|
|
@ -436,7 +436,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "(Preview) GitHub - A payment method was removed_AnalyticalRules Analytics Rule with template version 3.0.5",
|
||||
"description": "(Preview) GitHub - A payment method was removed_AnalyticalRules Analytics Rule with template version 3.0.6",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('analyticRuleObject1').analyticRuleVersion1]",
|
||||
|
|
@ -474,16 +474,16 @@
|
|||
"entityType": "Account",
|
||||
"fieldMappings": [
|
||||
{
|
||||
"columnName": "Actor",
|
||||
"identifier": "FullName"
|
||||
"identifier": "FullName",
|
||||
"columnName": "Actor"
|
||||
},
|
||||
{
|
||||
"columnName": "AccountName",
|
||||
"identifier": "Name"
|
||||
"identifier": "Name",
|
||||
"columnName": "AccountName"
|
||||
},
|
||||
{
|
||||
"columnName": "AccountUPNSuffix",
|
||||
"identifier": "UPNSuffix"
|
||||
"identifier": "UPNSuffix",
|
||||
"columnName": "AccountUPNSuffix"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
|
@ -541,7 +541,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "(Preview) GitHub - Activities from Infrequent Country_AnalyticalRules Analytics Rule with template version 3.0.5",
|
||||
"description": "(Preview) GitHub - Activities from Infrequent Country_AnalyticalRules Analytics Rule with template version 3.0.6",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('analyticRuleObject2').analyticRuleVersion2]",
|
||||
|
|
@ -579,16 +579,16 @@
|
|||
"entityType": "Account",
|
||||
"fieldMappings": [
|
||||
{
|
||||
"columnName": "Actor",
|
||||
"identifier": "FullName"
|
||||
"identifier": "FullName",
|
||||
"columnName": "Actor"
|
||||
},
|
||||
{
|
||||
"columnName": "AccountName",
|
||||
"identifier": "Name"
|
||||
"identifier": "Name",
|
||||
"columnName": "AccountName"
|
||||
},
|
||||
{
|
||||
"columnName": "AccountUPNSuffix",
|
||||
"identifier": "UPNSuffix"
|
||||
"identifier": "UPNSuffix",
|
||||
"columnName": "AccountUPNSuffix"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
|
@ -646,7 +646,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "(Preview) GitHub - Oauth application - a client secret was removed_AnalyticalRules Analytics Rule with template version 3.0.5",
|
||||
"description": "(Preview) GitHub - Oauth application - a client secret was removed_AnalyticalRules Analytics Rule with template version 3.0.6",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('analyticRuleObject3').analyticRuleVersion3]",
|
||||
|
|
@ -684,16 +684,16 @@
|
|||
"entityType": "Account",
|
||||
"fieldMappings": [
|
||||
{
|
||||
"columnName": "Actor",
|
||||
"identifier": "FullName"
|
||||
"identifier": "FullName",
|
||||
"columnName": "Actor"
|
||||
},
|
||||
{
|
||||
"columnName": "AccountName",
|
||||
"identifier": "Name"
|
||||
"identifier": "Name",
|
||||
"columnName": "AccountName"
|
||||
},
|
||||
{
|
||||
"columnName": "AccountUPNSuffix",
|
||||
"identifier": "UPNSuffix"
|
||||
"identifier": "UPNSuffix",
|
||||
"columnName": "AccountUPNSuffix"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
|
@ -751,7 +751,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "(Preview) GitHub - Repository was created_AnalyticalRules Analytics Rule with template version 3.0.5",
|
||||
"description": "(Preview) GitHub - Repository was created_AnalyticalRules Analytics Rule with template version 3.0.6",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('analyticRuleObject4').analyticRuleVersion4]",
|
||||
|
|
@ -789,16 +789,16 @@
|
|||
"entityType": "Account",
|
||||
"fieldMappings": [
|
||||
{
|
||||
"columnName": "Actor",
|
||||
"identifier": "FullName"
|
||||
"identifier": "FullName",
|
||||
"columnName": "Actor"
|
||||
},
|
||||
{
|
||||
"columnName": "AccountName",
|
||||
"identifier": "Name"
|
||||
"identifier": "Name",
|
||||
"columnName": "AccountName"
|
||||
},
|
||||
{
|
||||
"columnName": "AccountUPNSuffix",
|
||||
"identifier": "UPNSuffix"
|
||||
"identifier": "UPNSuffix",
|
||||
"columnName": "AccountUPNSuffix"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
|
@ -856,7 +856,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "(Preview) GitHub - Repository was destroyed_AnalyticalRules Analytics Rule with template version 3.0.5",
|
||||
"description": "(Preview) GitHub - Repository was destroyed_AnalyticalRules Analytics Rule with template version 3.0.6",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('analyticRuleObject5').analyticRuleVersion5]",
|
||||
|
|
@ -894,16 +894,16 @@
|
|||
"entityType": "Account",
|
||||
"fieldMappings": [
|
||||
{
|
||||
"columnName": "Actor",
|
||||
"identifier": "FullName"
|
||||
"identifier": "FullName",
|
||||
"columnName": "Actor"
|
||||
},
|
||||
{
|
||||
"columnName": "AccountName",
|
||||
"identifier": "Name"
|
||||
"identifier": "Name",
|
||||
"columnName": "AccountName"
|
||||
},
|
||||
{
|
||||
"columnName": "AccountUPNSuffix",
|
||||
"identifier": "UPNSuffix"
|
||||
"identifier": "UPNSuffix",
|
||||
"columnName": "AccountUPNSuffix"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
|
@ -961,7 +961,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "(Preview) GitHub - Two Factor Authentication Disabled in GitHub_AnalyticalRules Analytics Rule with template version 3.0.5",
|
||||
"description": "(Preview) GitHub - Two Factor Authentication Disabled in GitHub_AnalyticalRules Analytics Rule with template version 3.0.6",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('analyticRuleObject6').analyticRuleVersion6]",
|
||||
|
|
@ -999,16 +999,16 @@
|
|||
"entityType": "Account",
|
||||
"fieldMappings": [
|
||||
{
|
||||
"columnName": "Actor",
|
||||
"identifier": "FullName"
|
||||
"identifier": "FullName",
|
||||
"columnName": "Actor"
|
||||
},
|
||||
{
|
||||
"columnName": "Name",
|
||||
"identifier": "Name"
|
||||
"identifier": "Name",
|
||||
"columnName": "Name"
|
||||
},
|
||||
{
|
||||
"columnName": "UPNSuffix",
|
||||
"identifier": "UPNSuffix"
|
||||
"identifier": "UPNSuffix",
|
||||
"columnName": "UPNSuffix"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
|
@ -1066,7 +1066,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "(Preview) GitHub - User visibility Was changed_AnalyticalRules Analytics Rule with template version 3.0.5",
|
||||
"description": "(Preview) GitHub - User visibility Was changed_AnalyticalRules Analytics Rule with template version 3.0.6",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('analyticRuleObject7').analyticRuleVersion7]",
|
||||
|
|
@ -1104,16 +1104,16 @@
|
|||
"entityType": "Account",
|
||||
"fieldMappings": [
|
||||
{
|
||||
"columnName": "Actor",
|
||||
"identifier": "FullName"
|
||||
"identifier": "FullName",
|
||||
"columnName": "Actor"
|
||||
},
|
||||
{
|
||||
"columnName": "Name",
|
||||
"identifier": "Name"
|
||||
"identifier": "Name",
|
||||
"columnName": "Name"
|
||||
},
|
||||
{
|
||||
"columnName": "UPNSuffix",
|
||||
"identifier": "UPNSuffix"
|
||||
"identifier": "UPNSuffix",
|
||||
"columnName": "UPNSuffix"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
|
@ -1171,7 +1171,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "(Preview) GitHub - User was added to the organization_AnalyticalRules Analytics Rule with template version 3.0.5",
|
||||
"description": "(Preview) GitHub - User was added to the organization_AnalyticalRules Analytics Rule with template version 3.0.6",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('analyticRuleObject8').analyticRuleVersion8]",
|
||||
|
|
@ -1209,16 +1209,16 @@
|
|||
"entityType": "Account",
|
||||
"fieldMappings": [
|
||||
{
|
||||
"columnName": "Actor",
|
||||
"identifier": "FullName"
|
||||
"identifier": "FullName",
|
||||
"columnName": "Actor"
|
||||
},
|
||||
{
|
||||
"columnName": "Name",
|
||||
"identifier": "Name"
|
||||
"identifier": "Name",
|
||||
"columnName": "Name"
|
||||
},
|
||||
{
|
||||
"columnName": "UPNSuffix",
|
||||
"identifier": "UPNSuffix"
|
||||
"identifier": "UPNSuffix",
|
||||
"columnName": "UPNSuffix"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
|
@ -1276,7 +1276,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "(Preview) GitHub - User was blocked_AnalyticalRules Analytics Rule with template version 3.0.5",
|
||||
"description": "(Preview) GitHub - User was blocked_AnalyticalRules Analytics Rule with template version 3.0.6",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('analyticRuleObject9').analyticRuleVersion9]",
|
||||
|
|
@ -1314,16 +1314,16 @@
|
|||
"entityType": "Account",
|
||||
"fieldMappings": [
|
||||
{
|
||||
"columnName": "Actor",
|
||||
"identifier": "FullName"
|
||||
"identifier": "FullName",
|
||||
"columnName": "Actor"
|
||||
},
|
||||
{
|
||||
"columnName": "Name",
|
||||
"identifier": "Name"
|
||||
"identifier": "Name",
|
||||
"columnName": "Name"
|
||||
},
|
||||
{
|
||||
"columnName": "UPNSuffix",
|
||||
"identifier": "UPNSuffix"
|
||||
"identifier": "UPNSuffix",
|
||||
"columnName": "UPNSuffix"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
|
@ -1381,7 +1381,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "(Preview) GitHub - User was invited to the repository_AnalyticalRules Analytics Rule with template version 3.0.5",
|
||||
"description": "(Preview) GitHub - User was invited to the repository_AnalyticalRules Analytics Rule with template version 3.0.6",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('analyticRuleObject10').analyticRuleVersion10]",
|
||||
|
|
@ -1419,16 +1419,16 @@
|
|||
"entityType": "Account",
|
||||
"fieldMappings": [
|
||||
{
|
||||
"columnName": "Actor",
|
||||
"identifier": "FullName"
|
||||
"identifier": "FullName",
|
||||
"columnName": "Actor"
|
||||
},
|
||||
{
|
||||
"columnName": "Name",
|
||||
"identifier": "Name"
|
||||
"identifier": "Name",
|
||||
"columnName": "Name"
|
||||
},
|
||||
{
|
||||
"columnName": "UPNSuffix",
|
||||
"identifier": "UPNSuffix"
|
||||
"identifier": "UPNSuffix",
|
||||
"columnName": "UPNSuffix"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
|
@ -1486,7 +1486,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "(Preview) GitHub - pull request was created_AnalyticalRules Analytics Rule with template version 3.0.5",
|
||||
"description": "(Preview) GitHub - pull request was created_AnalyticalRules Analytics Rule with template version 3.0.6",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('analyticRuleObject11').analyticRuleVersion11]",
|
||||
|
|
@ -1524,16 +1524,16 @@
|
|||
"entityType": "Account",
|
||||
"fieldMappings": [
|
||||
{
|
||||
"columnName": "Actor",
|
||||
"identifier": "FullName"
|
||||
"identifier": "FullName",
|
||||
"columnName": "Actor"
|
||||
},
|
||||
{
|
||||
"columnName": "AccountName",
|
||||
"identifier": "Name"
|
||||
"identifier": "Name",
|
||||
"columnName": "AccountName"
|
||||
},
|
||||
{
|
||||
"columnName": "AccountUPNSuffix",
|
||||
"identifier": "UPNSuffix"
|
||||
"identifier": "UPNSuffix",
|
||||
"columnName": "AccountUPNSuffix"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
|
@ -1591,7 +1591,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "(Preview) GitHub - pull request was merged_AnalyticalRules Analytics Rule with template version 3.0.5",
|
||||
"description": "(Preview) GitHub - pull request was merged_AnalyticalRules Analytics Rule with template version 3.0.6",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('analyticRuleObject12').analyticRuleVersion12]",
|
||||
|
|
@ -1629,16 +1629,16 @@
|
|||
"entityType": "Account",
|
||||
"fieldMappings": [
|
||||
{
|
||||
"columnName": "Actor",
|
||||
"identifier": "FullName"
|
||||
"identifier": "FullName",
|
||||
"columnName": "Actor"
|
||||
},
|
||||
{
|
||||
"columnName": "AccountName",
|
||||
"identifier": "Name"
|
||||
"identifier": "Name",
|
||||
"columnName": "AccountName"
|
||||
},
|
||||
{
|
||||
"columnName": "AccountUPNSuffix",
|
||||
"identifier": "UPNSuffix"
|
||||
"identifier": "UPNSuffix",
|
||||
"columnName": "AccountUPNSuffix"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
|
@ -1696,7 +1696,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "NRT Two Factor Authentication Disabled_AnalyticalRules Analytics Rule with template version 3.0.5",
|
||||
"description": "NRT Two Factor Authentication Disabled_AnalyticalRules Analytics Rule with template version 3.0.6",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('analyticRuleObject13').analyticRuleVersion13]",
|
||||
|
|
@ -1730,16 +1730,16 @@
|
|||
"entityType": "Account",
|
||||
"fieldMappings": [
|
||||
{
|
||||
"columnName": "Actor",
|
||||
"identifier": "FullName"
|
||||
"identifier": "FullName",
|
||||
"columnName": "Actor"
|
||||
},
|
||||
{
|
||||
"columnName": "Name",
|
||||
"identifier": "Name"
|
||||
"identifier": "Name",
|
||||
"columnName": "Name"
|
||||
},
|
||||
{
|
||||
"columnName": "UPNSuffix",
|
||||
"identifier": "UPNSuffix"
|
||||
"identifier": "UPNSuffix",
|
||||
"columnName": "UPNSuffix"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
|
@ -1747,8 +1747,8 @@
|
|||
"entityType": "IP",
|
||||
"fieldMappings": [
|
||||
{
|
||||
"columnName": "IPaddress",
|
||||
"identifier": "Address"
|
||||
"identifier": "Address",
|
||||
"columnName": "IPaddress"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
|
@ -1806,7 +1806,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "Security Vulnerability in Repo_AnalyticalRules Analytics Rule with template version 3.0.5",
|
||||
"description": "Security Vulnerability in Repo_AnalyticalRules Analytics Rule with template version 3.0.6",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('analyticRuleObject14').analyticRuleVersion14]",
|
||||
|
|
@ -1838,8 +1838,8 @@
|
|||
"entityType": "URL",
|
||||
"fieldMappings": [
|
||||
{
|
||||
"columnName": "Link",
|
||||
"identifier": "Url"
|
||||
"identifier": "Url",
|
||||
"columnName": "Link"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
|
@ -1897,7 +1897,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "First Time User Invite and Add Member to Org_HuntingQueries Hunting Query with template version 3.0.5",
|
||||
"description": "First Time User Invite and Add Member to Org_HuntingQueries Hunting Query with template version 3.0.6",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('huntingQueryObject1').huntingQueryVersion1]",
|
||||
|
|
@ -1982,7 +1982,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "Inactive or New Account Usage_HuntingQueries Hunting Query with template version 3.0.5",
|
||||
"description": "Inactive or New Account Usage_HuntingQueries Hunting Query with template version 3.0.6",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('huntingQueryObject2').huntingQueryVersion2]",
|
||||
|
|
@ -2067,7 +2067,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "Mass Deletion of Repositories _HuntingQueries Hunting Query with template version 3.0.5",
|
||||
"description": "Mass Deletion of Repositories _HuntingQueries Hunting Query with template version 3.0.6",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('huntingQueryObject3').huntingQueryVersion3]",
|
||||
|
|
@ -2152,7 +2152,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "Oauth App Restrictions Disabled_HuntingQueries Hunting Query with template version 3.0.5",
|
||||
"description": "Oauth App Restrictions Disabled_HuntingQueries Hunting Query with template version 3.0.6",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('huntingQueryObject4').huntingQueryVersion4]",
|
||||
|
|
@ -2237,7 +2237,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "Org Repositories Default Permissions Change_HuntingQueries Hunting Query with template version 3.0.5",
|
||||
"description": "Org Repositories Default Permissions Change_HuntingQueries Hunting Query with template version 3.0.6",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('huntingQueryObject5').huntingQueryVersion5]",
|
||||
|
|
@ -2322,7 +2322,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "Repository Permission Switched to Public_HuntingQueries Hunting Query with template version 3.0.5",
|
||||
"description": "Repository Permission Switched to Public_HuntingQueries Hunting Query with template version 3.0.6",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('huntingQueryObject6').huntingQueryVersion6]",
|
||||
|
|
@ -2407,7 +2407,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "User First Time Repository Delete Activity_HuntingQueries Hunting Query with template version 3.0.5",
|
||||
"description": "User First Time Repository Delete Activity_HuntingQueries Hunting Query with template version 3.0.6",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('huntingQueryObject7').huntingQueryVersion7]",
|
||||
|
|
@ -2492,7 +2492,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "User Grant Access and Grants Other Access_HuntingQueries Hunting Query with template version 3.0.5",
|
||||
"description": "User Grant Access and Grants Other Access_HuntingQueries Hunting Query with template version 3.0.6",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('huntingQueryObject8').huntingQueryVersion8]",
|
||||
|
|
@ -2577,7 +2577,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "GitHubAuditData Data Parser with template version 3.0.5",
|
||||
"description": "GitHubAuditData Data Parser with template version 3.0.6",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('parserObject1').parserVersion1]",
|
||||
|
|
@ -2613,7 +2613,7 @@
|
|||
"[variables('parserObject1')._parserId1]"
|
||||
],
|
||||
"properties": {
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser-for-GitHubAuditData')]",
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'GitHubAuditData')]",
|
||||
"contentId": "[variables('parserObject1').parserContentId1]",
|
||||
"kind": "Parser",
|
||||
"version": "[variables('parserObject1').parserVersion1]",
|
||||
|
|
@ -2679,7 +2679,7 @@
|
|||
"[variables('parserObject1')._parserId1]"
|
||||
],
|
||||
"properties": {
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser-for-GitHubAuditData')]",
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'GitHubAuditData')]",
|
||||
"contentId": "[variables('parserObject1').parserContentId1]",
|
||||
"kind": "Parser",
|
||||
"version": "[variables('parserObject1').parserVersion1]",
|
||||
|
|
@ -2709,7 +2709,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "GitHubCodeScanningData Data Parser with template version 3.0.5",
|
||||
"description": "GitHubCodeScanningData Data Parser with template version 3.0.6",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('parserObject2').parserVersion2]",
|
||||
|
|
@ -2745,7 +2745,7 @@
|
|||
"[variables('parserObject2')._parserId2]"
|
||||
],
|
||||
"properties": {
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser-for-GitHubCodeScanningData')]",
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'GitHubCodeScanningData')]",
|
||||
"contentId": "[variables('parserObject2').parserContentId2]",
|
||||
"kind": "Parser",
|
||||
"version": "[variables('parserObject2').parserVersion2]",
|
||||
|
|
@ -2811,7 +2811,7 @@
|
|||
"[variables('parserObject2')._parserId2]"
|
||||
],
|
||||
"properties": {
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser-for-GitHubCodeScanningData')]",
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'GitHubCodeScanningData')]",
|
||||
"contentId": "[variables('parserObject2').parserContentId2]",
|
||||
"kind": "Parser",
|
||||
"version": "[variables('parserObject2').parserVersion2]",
|
||||
|
|
@ -2841,7 +2841,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "GitHubDependabotData Data Parser with template version 3.0.5",
|
||||
"description": "GitHubDependabotData Data Parser with template version 3.0.6",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('parserObject3').parserVersion3]",
|
||||
|
|
@ -2877,7 +2877,7 @@
|
|||
"[variables('parserObject3')._parserId3]"
|
||||
],
|
||||
"properties": {
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser-for-GitHubDependabotData')]",
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'GitHubDependabotData')]",
|
||||
"contentId": "[variables('parserObject3').parserContentId3]",
|
||||
"kind": "Parser",
|
||||
"version": "[variables('parserObject3').parserVersion3]",
|
||||
|
|
@ -2943,7 +2943,7 @@
|
|||
"[variables('parserObject3')._parserId3]"
|
||||
],
|
||||
"properties": {
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser-for-GitHubDependabotData')]",
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'GitHubDependabotData')]",
|
||||
"contentId": "[variables('parserObject3').parserContentId3]",
|
||||
"kind": "Parser",
|
||||
"version": "[variables('parserObject3').parserVersion3]",
|
||||
|
|
@ -2973,7 +2973,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "GithubSecretScanningData Data Parser with template version 3.0.5",
|
||||
"description": "GithubSecretScanningData Data Parser with template version 3.0.6",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('parserObject4').parserVersion4]",
|
||||
|
|
@ -3009,7 +3009,7 @@
|
|||
"[variables('parserObject4')._parserId4]"
|
||||
],
|
||||
"properties": {
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser-for-GitHubSecretScanningData')]",
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'GitHubSecretScanningData')]",
|
||||
"contentId": "[variables('parserObject4').parserContentId4]",
|
||||
"kind": "Parser",
|
||||
"version": "[variables('parserObject4').parserVersion4]",
|
||||
|
|
@ -3075,7 +3075,7 @@
|
|||
"[variables('parserObject4')._parserId4]"
|
||||
],
|
||||
"properties": {
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser-for-GitHubSecretScanningData')]",
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'GitHubSecretScanningData')]",
|
||||
"contentId": "[variables('parserObject4').parserContentId4]",
|
||||
"kind": "Parser",
|
||||
"version": "[variables('parserObject4').parserVersion4]",
|
||||
|
|
@ -3105,7 +3105,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "GitHub data connector with template version 3.0.5",
|
||||
"description": "GitHub data connector with template version 3.0.6",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('dataConnectorVersion1')]",
|
||||
|
|
@ -3450,7 +3450,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "GitHub data connector with template version 3.0.5",
|
||||
"description": "GitHub data connector with template version 3.0.6",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('dataConnectorVersion2')]",
|
||||
|
|
@ -3885,7 +3885,7 @@
|
|||
"apiVersion": "2023-04-01-preview",
|
||||
"location": "[parameters('workspace-location')]",
|
||||
"properties": {
|
||||
"version": "3.0.5",
|
||||
"version": "3.0.6",
|
||||
"kind": "Solution",
|
||||
"contentSchemaVersion": "3.0.0",
|
||||
"displayName": "GitHub",
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
| **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** |
|
||||
|-------------|--------------------------------|--------------------------------------------------------------------------|
|
||||
| 3.0.6 | 26-04-2024 | Repackaged for fix on parser in maintemplate to have old parsername and parentid |
|
||||
| 3.0.5 | 18-04-2024 | Repackaged to fix parser issue |
|
||||
| 3.0.4 | 04-04-2024 | Updated Entity Mappings |
|
||||
| 3.0.3 | 31-01-2024 | Updated the solution to fix Analytic Rules deployment issue |
|
||||
|
|
|
|||
|
|
@ -45,7 +45,7 @@
|
|||
],
|
||||
"Metadata": "SolutionMetadata.json",
|
||||
"BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\GitHub",
|
||||
"Version": "3.0.5",
|
||||
"Version": "3.0.6",
|
||||
"TemplateSpec": true,
|
||||
"Is1PConnector": false
|
||||
}
|
||||
|
|
@ -28,7 +28,7 @@
|
|||
"Watchlists/ExchangeVIP.json"
|
||||
],
|
||||
"BasePath": "C:\\Git Repositories\\Azure-Sentinel\\Solutions\\Microsoft Exchange Security - Exchange On-Premises\\",
|
||||
"Version": "3.1.4",
|
||||
"Version": "3.1.5",
|
||||
"Metadata": "SolutionMetadata.json",
|
||||
"TemplateSpec": true,
|
||||
"Is1Pconnector": false
|
||||
|
|
|
|||
Двоичные данные
Solutions/Microsoft Exchange Security - Exchange On-Premises/Package/3.1.5.zip
Normal file
Двоичные данные
Solutions/Microsoft Exchange Security - Exchange On-Premises/Package/3.1.5.zip
Normal file
Двоичный файл не отображается.
|
|
@ -81,7 +81,7 @@
|
|||
"email": "support@microsoft.com",
|
||||
"_email": "[variables('email')]",
|
||||
"_solutionName": "Microsoft Exchange Security - Exchange On-Premises",
|
||||
"_solutionVersion": "3.1.4",
|
||||
"_solutionVersion": "3.1.5",
|
||||
"solutionId": "microsoftsentinelcommunity.azure-sentinel-solution-exchangesecurityinsights",
|
||||
"_solutionId": "[variables('solutionId')]",
|
||||
"uiConfigId1": "ESI-ExchangeAdminAuditLogEvents",
|
||||
|
|
@ -103,29 +103,29 @@
|
|||
"dataConnectorVersion2": "1.2.1",
|
||||
"_dataConnectorcontentProductId2": "[concat(take(variables('_solutionId'),50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentId2'),'-', variables('dataConnectorVersion2'))))]",
|
||||
"parserObject1": {
|
||||
"_parserName1": "[concat(parameters('workspace'),'/','Parser-for-ExchangeAdminAuditLogs')]",
|
||||
"_parserId1": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser-for-ExchangeAdminAuditLogs')]",
|
||||
"_parserName1": "[concat(parameters('workspace'),'/','ExchangeAdminAuditLogs')]",
|
||||
"_parserId1": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'ExchangeAdminAuditLogs')]",
|
||||
"parserTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring('ExchangeAdminAuditLogs-Parser')))]",
|
||||
"parserVersion1": "1.3.0",
|
||||
"parserContentId1": "ExchangeAdminAuditLogs-Parser"
|
||||
},
|
||||
"parserObject2": {
|
||||
"_parserName2": "[concat(parameters('workspace'),'/','Parser-for-ExchangeConfiguration')]",
|
||||
"_parserId2": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser-for-ExchangeConfiguration')]",
|
||||
"_parserName2": "[concat(parameters('workspace'),'/','ExchangeConfiguration')]",
|
||||
"_parserId2": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'ExchangeConfiguration')]",
|
||||
"parserTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring('ExchangeConfiguration-Parser')))]",
|
||||
"parserVersion2": "1.6.1",
|
||||
"parserContentId2": "ExchangeConfiguration-Parser"
|
||||
},
|
||||
"parserObject3": {
|
||||
"_parserName3": "[concat(parameters('workspace'),'/','Parser-for-ExchangeEnvironmentList')]",
|
||||
"_parserId3": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser-for-ExchangeEnvironmentList')]",
|
||||
"_parserName3": "[concat(parameters('workspace'),'/','ExchangeEnvironmentList')]",
|
||||
"_parserId3": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'ExchangeEnvironmentList')]",
|
||||
"parserTemplateSpecName3": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring('ExchangeEnvironmentList-Parser')))]",
|
||||
"parserVersion3": "1.0.1",
|
||||
"parserContentId3": "ExchangeEnvironmentList-Parser"
|
||||
},
|
||||
"parserObject4": {
|
||||
"_parserName4": "[concat(parameters('workspace'),'/','Parser-for-VIP-Check-for-Exchange')]",
|
||||
"_parserId4": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser-for-VIP-Check-for-Exchange')]",
|
||||
"_parserName4": "[concat(parameters('workspace'),'/','MESCheckVIP')]",
|
||||
"_parserId4": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'MESCheckVIP')]",
|
||||
"parserTemplateSpecName4": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring('MESCheckVIP-Parser')))]",
|
||||
"parserVersion4": "1.0.0",
|
||||
"parserContentId4": "MESCheckVIP-Parser"
|
||||
|
|
@ -184,7 +184,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "Microsoft Exchange Security - Exchange On-Premises data connector with template version 3.1.4",
|
||||
"description": "Microsoft Exchange Security - Exchange On-Premises data connector with template version 3.1.5",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('dataConnectorVersion1')]",
|
||||
|
|
@ -1692,7 +1692,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "Microsoft Exchange Security - Exchange On-Premises data connector with template version 3.1.4",
|
||||
"description": "Microsoft Exchange Security - Exchange On-Premises data connector with template version 3.1.5",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('dataConnectorVersion2')]",
|
||||
|
|
@ -2126,7 +2126,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "ExchangeAdminAuditLogs Data Parser with template version 3.1.4",
|
||||
"description": "ExchangeAdminAuditLogs Data Parser with template version 3.1.5",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('parserObject1').parserVersion1]",
|
||||
|
|
@ -2162,7 +2162,7 @@
|
|||
"[variables('parserObject1')._parserId1]"
|
||||
],
|
||||
"properties": {
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser-for-ExchangeAdminAuditLogs')]",
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'ExchangeAdminAuditLogs')]",
|
||||
"contentId": "[variables('parserObject1').parserContentId1]",
|
||||
"kind": "Parser",
|
||||
"version": "[variables('parserObject1').parserVersion1]",
|
||||
|
|
@ -2227,7 +2227,7 @@
|
|||
"[variables('parserObject1')._parserId1]"
|
||||
],
|
||||
"properties": {
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser-for-ExchangeAdminAuditLogs')]",
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'ExchangeAdminAuditLogs')]",
|
||||
"contentId": "[variables('parserObject1').parserContentId1]",
|
||||
"kind": "Parser",
|
||||
"version": "[variables('parserObject1').parserVersion1]",
|
||||
|
|
@ -2256,7 +2256,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "ExchangeConfiguration Data Parser with template version 3.1.4",
|
||||
"description": "ExchangeConfiguration Data Parser with template version 3.1.5",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('parserObject2').parserVersion2]",
|
||||
|
|
@ -2274,7 +2274,7 @@
|
|||
"category": "Microsoft Sentinel Parser",
|
||||
"functionAlias": "ExchangeConfiguration",
|
||||
"query": "// Version: 1.6.1\n// Last Updated: 19/12/2023\n// \n// DESCRIPTION:\n// This parser takes raw ESI Exchange Configuration Collector to pivot raw information and retrieve a specific date configuration. This is the same parser for Exchange On-Premises version and Exchange online version of the solution.\n//\n// USAGE:\n// Parameters : 4 parameters to add during creation. \n// 1. SpecificSectionList, type string, default value \"\"\n// 2. SpecificConfigurationDate, type string, default value \"lastdate\"\n// 3. Target, type string, default value \"On-Premises\"\n// 4. SpecificConfigurationEnv, type string, default value \"All\"\n//\n// Parameters simulation\n// If you need to test the parser execution without saving it as a function, uncomment the bellow variable to simulate parameters values.\n//\n// let SpecificSectionList = '';\n// let SpecificConfigurationDate = 'lastdate';\n// let SpecificConfigurationEnv = 'All';\n// let Target = 'On-Premises';\n//\n// Parameters definition\nlet _SpecificSectionList = split(SpecificSectionList,',');\nlet _configurationDate = iff(isnull(SpecificConfigurationDate) or isempty(SpecificConfigurationDate),\"lastdate\",tostring(SpecificConfigurationDate));\nlet _configurationEnv = split(iff(isnull(SpecificConfigurationEnv) or isempty(SpecificConfigurationEnv) or tolower(SpecificConfigurationEnv) == \"all\",\"All\",tostring(SpecificConfigurationEnv)),',');\nlet _target = iff(isnull(Target) or isempty(Target),\"On-Premises\",Target);\n// Building Base Request\nlet _targetDate = iff(_configurationDate == \"lastdate\", ago(7d), iif(_configurationDate == \"alllife\",ago(1080d),todatetime(_configurationDate)));\nlet baseRequest = materialize (union isfuzzy=true withsource=TableName ESIAPIExchange*,ESIExchange* \n | where TimeGenerated > _targetDate\n | extend Source = iff (TableName contains \"Online\", \"Online\", \"On-Premises\")\n | where _target == 'All' or Source == _target\n | extend ScopedEnvironment = iff(_configurationEnv contains \"All\", \"All\",ESIEnvironment_s) \n | where ScopedEnvironment in (_configurationEnv)\n | extend EntryDate = todatetime(EntryDate_s)\n | project-away EntryDate_s);\n// Find Config Id (can be multiple id in all)\nlet findConfigDate = baseRequest\n | extend Env =strcat(Source, \"_\",ESIEnvironment_s)\n | summarize count() by GenerationInstanceID_g,Env,EntryDate\n | extend distance = iff(_configurationDate == \"lastdate\" or _configurationDate == \"alllife\", now() - EntryDate, (EntryDate - todatetime(_configurationDate)))\n | top-nested of Env by Ignore0=max(1), \n top-nested 1 of distance by Ignore1 = min(distance) asc nulls last, \n top-nested of GenerationInstanceID_g by Ignore2=max(2) \n | project GenerationInstanceID_g;\n// Parse Result\nlet ParseExchangeConfig = () { baseRequest \n | join kind=leftsemi (findConfigDate) on $left.GenerationInstanceID_g == $right.GenerationInstanceID_g\n | where isempty(_SpecificSectionList[0]) or Section_s in (_SpecificSectionList)\n | extend TimeGenerated = EntryDate\n | extend Identity = IdentityString_s\n | extend CmdletResultValue = parse_json(rawData_s)\n | project-rename ConfigurationInstanceID = GenerationInstanceID_g, ESIEnvironment = ESIEnvironment_s, Section = Section_s, PSCmdlet = PSCmdL_s, CmdletResultType = ExecutionResult_s, WhenChanged = WhenChanged_t, WhenCreated = WhenCreated_t, Name = Name_s\n | project-away TenantId,SourceSystem,Type,EntryDate\n};\nParseExchangeConfig\n",
|
||||
"functionParameters": "SpecificSectionList:string = \"\", SpecificConfigurationDate:string = \"lastdate\", Target:string = \"On-Premises\", SpecificConfigurationEnv:string = \"All\"",
|
||||
"functionParameters": "SpecificSectionList:string='',SpecificConfigurationDate:string='lastdate',SpecificConfigurationEnv:string='All',Target:string='On-Premises'",
|
||||
"version": 2,
|
||||
"tags": [
|
||||
{
|
||||
|
|
@ -2292,7 +2292,7 @@
|
|||
"[variables('parserObject2')._parserId2]"
|
||||
],
|
||||
"properties": {
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser-for-ExchangeConfiguration')]",
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'ExchangeConfiguration')]",
|
||||
"contentId": "[variables('parserObject2').parserContentId2]",
|
||||
"kind": "Parser",
|
||||
"version": "[variables('parserObject2').parserVersion2]",
|
||||
|
|
@ -2338,7 +2338,7 @@
|
|||
"category": "Microsoft Sentinel Parser",
|
||||
"functionAlias": "ExchangeConfiguration",
|
||||
"query": "// Version: 1.6.1\n// Last Updated: 19/12/2023\n// \n// DESCRIPTION:\n// This parser takes raw ESI Exchange Configuration Collector to pivot raw information and retrieve a specific date configuration. This is the same parser for Exchange On-Premises version and Exchange online version of the solution.\n//\n// USAGE:\n// Parameters : 4 parameters to add during creation. \n// 1. SpecificSectionList, type string, default value \"\"\n// 2. SpecificConfigurationDate, type string, default value \"lastdate\"\n// 3. Target, type string, default value \"On-Premises\"\n// 4. SpecificConfigurationEnv, type string, default value \"All\"\n//\n// Parameters simulation\n// If you need to test the parser execution without saving it as a function, uncomment the bellow variable to simulate parameters values.\n//\n// let SpecificSectionList = '';\n// let SpecificConfigurationDate = 'lastdate';\n// let SpecificConfigurationEnv = 'All';\n// let Target = 'On-Premises';\n//\n// Parameters definition\nlet _SpecificSectionList = split(SpecificSectionList,',');\nlet _configurationDate = iff(isnull(SpecificConfigurationDate) or isempty(SpecificConfigurationDate),\"lastdate\",tostring(SpecificConfigurationDate));\nlet _configurationEnv = split(iff(isnull(SpecificConfigurationEnv) or isempty(SpecificConfigurationEnv) or tolower(SpecificConfigurationEnv) == \"all\",\"All\",tostring(SpecificConfigurationEnv)),',');\nlet _target = iff(isnull(Target) or isempty(Target),\"On-Premises\",Target);\n// Building Base Request\nlet _targetDate = iff(_configurationDate == \"lastdate\", ago(7d), iif(_configurationDate == \"alllife\",ago(1080d),todatetime(_configurationDate)));\nlet baseRequest = materialize (union isfuzzy=true withsource=TableName ESIAPIExchange*,ESIExchange* \n | where TimeGenerated > _targetDate\n | extend Source = iff (TableName contains \"Online\", \"Online\", \"On-Premises\")\n | where _target == 'All' or Source == _target\n | extend ScopedEnvironment = iff(_configurationEnv contains \"All\", \"All\",ESIEnvironment_s) \n | where ScopedEnvironment in (_configurationEnv)\n | extend EntryDate = todatetime(EntryDate_s)\n | project-away EntryDate_s);\n// Find Config Id (can be multiple id in all)\nlet findConfigDate = baseRequest\n | extend Env =strcat(Source, \"_\",ESIEnvironment_s)\n | summarize count() by GenerationInstanceID_g,Env,EntryDate\n | extend distance = iff(_configurationDate == \"lastdate\" or _configurationDate == \"alllife\", now() - EntryDate, (EntryDate - todatetime(_configurationDate)))\n | top-nested of Env by Ignore0=max(1), \n top-nested 1 of distance by Ignore1 = min(distance) asc nulls last, \n top-nested of GenerationInstanceID_g by Ignore2=max(2) \n | project GenerationInstanceID_g;\n// Parse Result\nlet ParseExchangeConfig = () { baseRequest \n | join kind=leftsemi (findConfigDate) on $left.GenerationInstanceID_g == $right.GenerationInstanceID_g\n | where isempty(_SpecificSectionList[0]) or Section_s in (_SpecificSectionList)\n | extend TimeGenerated = EntryDate\n | extend Identity = IdentityString_s\n | extend CmdletResultValue = parse_json(rawData_s)\n | project-rename ConfigurationInstanceID = GenerationInstanceID_g, ESIEnvironment = ESIEnvironment_s, Section = Section_s, PSCmdlet = PSCmdL_s, CmdletResultType = ExecutionResult_s, WhenChanged = WhenChanged_t, WhenCreated = WhenCreated_t, Name = Name_s\n | project-away TenantId,SourceSystem,Type,EntryDate\n};\nParseExchangeConfig\n",
|
||||
"functionParameters": "SpecificSectionList:string = \"\", SpecificConfigurationDate:string = \"lastdate\", Target:string = \"On-Premises\", SpecificConfigurationEnv:string = \"All\"",
|
||||
"functionParameters": "SpecificSectionList:string='',SpecificConfigurationDate:string='lastdate',SpecificConfigurationEnv:string='All',Target:string='On-Premises'",
|
||||
"version": 2,
|
||||
"tags": [
|
||||
{
|
||||
|
|
@ -2357,7 +2357,7 @@
|
|||
"[variables('parserObject2')._parserId2]"
|
||||
],
|
||||
"properties": {
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser-for-ExchangeConfiguration')]",
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'ExchangeConfiguration')]",
|
||||
"contentId": "[variables('parserObject2').parserContentId2]",
|
||||
"kind": "Parser",
|
||||
"version": "[variables('parserObject2').parserVersion2]",
|
||||
|
|
@ -2386,7 +2386,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "ExchangeEnvironmentList Data Parser with template version 3.1.4",
|
||||
"description": "ExchangeEnvironmentList Data Parser with template version 3.1.5",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('parserObject3').parserVersion3]",
|
||||
|
|
@ -2404,7 +2404,7 @@
|
|||
"category": "Microsoft Sentinel Parser",
|
||||
"functionAlias": "ExchangeEnvironmentList",
|
||||
"query": "// Parameters simulation\n// If you need to test the parser execution without saving it as a function, uncomment the bellow variable to simulate parameters values.\n//\n// let Target = 'On-Premises';\n//\n// Parameters definition\nlet _target = iff(isnull(Target) or isempty(Target),\"On-Premises\",Target);\nlet ScalarbaseRequest = union isfuzzy=true withsource=TableName ESIAPIExchange*,ESIExchange*\n | extend Source = iff (TableName contains \"Online\", \"Online\", \"On-Premises\")\n | where _target == 'All' or Source == _target;\n// Base Request\nScalarbaseRequest | summarize by ESIEnvironment_s | project-rename ESIEnvironment = ESIEnvironment_s\n",
|
||||
"functionParameters": "Target:string = \"On-Premises\"",
|
||||
"functionParameters": "Target:string='On-Premises'",
|
||||
"version": 2,
|
||||
"tags": [
|
||||
{
|
||||
|
|
@ -2422,7 +2422,7 @@
|
|||
"[variables('parserObject3')._parserId3]"
|
||||
],
|
||||
"properties": {
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser-for-ExchangeEnvironmentList')]",
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'ExchangeEnvironmentList')]",
|
||||
"contentId": "[variables('parserObject3').parserContentId3]",
|
||||
"kind": "Parser",
|
||||
"version": "[variables('parserObject3').parserVersion3]",
|
||||
|
|
@ -2468,7 +2468,7 @@
|
|||
"category": "Microsoft Sentinel Parser",
|
||||
"functionAlias": "ExchangeEnvironmentList",
|
||||
"query": "// Parameters simulation\n// If you need to test the parser execution without saving it as a function, uncomment the bellow variable to simulate parameters values.\n//\n// let Target = 'On-Premises';\n//\n// Parameters definition\nlet _target = iff(isnull(Target) or isempty(Target),\"On-Premises\",Target);\nlet ScalarbaseRequest = union isfuzzy=true withsource=TableName ESIAPIExchange*,ESIExchange*\n | extend Source = iff (TableName contains \"Online\", \"Online\", \"On-Premises\")\n | where _target == 'All' or Source == _target;\n// Base Request\nScalarbaseRequest | summarize by ESIEnvironment_s | project-rename ESIEnvironment = ESIEnvironment_s\n",
|
||||
"functionParameters": "Target:string = \"On-Premises\"",
|
||||
"functionParameters": "Target:string='On-Premises'",
|
||||
"version": 2,
|
||||
"tags": [
|
||||
{
|
||||
|
|
@ -2487,7 +2487,7 @@
|
|||
"[variables('parserObject3')._parserId3]"
|
||||
],
|
||||
"properties": {
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser-for-ExchangeEnvironmentList')]",
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'ExchangeEnvironmentList')]",
|
||||
"contentId": "[variables('parserObject3').parserContentId3]",
|
||||
"kind": "Parser",
|
||||
"version": "[variables('parserObject3').parserVersion3]",
|
||||
|
|
@ -2516,7 +2516,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "MESCheckVIP Data Parser with template version 3.1.4",
|
||||
"description": "MESCheckVIP Data Parser with template version 3.1.5",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('parserObject4').parserVersion4]",
|
||||
|
|
@ -2534,7 +2534,7 @@
|
|||
"category": "Microsoft Sentinel Parser",
|
||||
"functionAlias": "MESCheckVIP",
|
||||
"query": "//let UserToCheck = \"SampleEntry\";\nlet _UserToCheck = iif(UserToCheck == \"\" or UserToCheck == \"All\",\"All\",tolower(UserToCheck));\nlet fuzzyWatchlist = datatable(displayName:string, userPrincipalName:string, sAMAccountName:string, objectSID:string, objectGUID:guid, canonicalName:string, comment:string) [\n \"NONE\",\"NONE\",\"NONE\",\"NONE\",\"00000001-0000-1000-0000-100000000000\",\"NONE\",\"NONE\"];\nlet Watchlist = union isfuzzy=true withsource=TableName _GetWatchlist('ExchangeVIP'), fuzzyWatchlist | where objectGUID != \"00000001-0000-1000-0000-100000000000\" | project-away TableName;\nlet SearchUser = Watchlist | where _UserToCheck =~ canonicalName \n or _UserToCheck =~ displayName \n or _UserToCheck =~ userPrincipalName \n or _UserToCheck =~ sAMAccountName \n or _UserToCheck =~ objectSID \n or _UserToCheck == tostring(objectGUID) \n or _UserToCheck =~ distinguishedName\n or _UserToCheck == \"All\"\n | extend ValueChecked = iif(_UserToCheck==\"All\",strcat(\"#\",displayName,\"#\",userPrincipalName,\"#\",sAMAccountName,\"#\",objectGUID,\"#\",objectSID,\"#\",distinguishedName,\"#\"),_UserToCheck);\nSearchUser\n",
|
||||
"functionParameters": "UserToCheck:string = \"All\"",
|
||||
"functionParameters": "UserToCheck:string='All'",
|
||||
"version": 2,
|
||||
"tags": [
|
||||
{
|
||||
|
|
@ -2552,7 +2552,7 @@
|
|||
"[variables('parserObject4')._parserId4]"
|
||||
],
|
||||
"properties": {
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser-for-VIP-Check-for-Exchange')]",
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'MESCheckVIP')]",
|
||||
"contentId": "[variables('parserObject4').parserContentId4]",
|
||||
"kind": "Parser",
|
||||
"version": "[variables('parserObject4').parserVersion4]",
|
||||
|
|
@ -2598,7 +2598,7 @@
|
|||
"category": "Microsoft Sentinel Parser",
|
||||
"functionAlias": "MESCheckVIP",
|
||||
"query": "//let UserToCheck = \"SampleEntry\";\nlet _UserToCheck = iif(UserToCheck == \"\" or UserToCheck == \"All\",\"All\",tolower(UserToCheck));\nlet fuzzyWatchlist = datatable(displayName:string, userPrincipalName:string, sAMAccountName:string, objectSID:string, objectGUID:guid, canonicalName:string, comment:string) [\n \"NONE\",\"NONE\",\"NONE\",\"NONE\",\"00000001-0000-1000-0000-100000000000\",\"NONE\",\"NONE\"];\nlet Watchlist = union isfuzzy=true withsource=TableName _GetWatchlist('ExchangeVIP'), fuzzyWatchlist | where objectGUID != \"00000001-0000-1000-0000-100000000000\" | project-away TableName;\nlet SearchUser = Watchlist | where _UserToCheck =~ canonicalName \n or _UserToCheck =~ displayName \n or _UserToCheck =~ userPrincipalName \n or _UserToCheck =~ sAMAccountName \n or _UserToCheck =~ objectSID \n or _UserToCheck == tostring(objectGUID) \n or _UserToCheck =~ distinguishedName\n or _UserToCheck == \"All\"\n | extend ValueChecked = iif(_UserToCheck==\"All\",strcat(\"#\",displayName,\"#\",userPrincipalName,\"#\",sAMAccountName,\"#\",objectGUID,\"#\",objectSID,\"#\",distinguishedName,\"#\"),_UserToCheck);\nSearchUser\n",
|
||||
"functionParameters": "UserToCheck:string = \"All\"",
|
||||
"functionParameters": "UserToCheck:string='All'",
|
||||
"version": 2,
|
||||
"tags": [
|
||||
{
|
||||
|
|
@ -2617,7 +2617,7 @@
|
|||
"[variables('parserObject4')._parserId4]"
|
||||
],
|
||||
"properties": {
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser-for-VIP-Check-for-Exchange')]",
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'MESCheckVIP')]",
|
||||
"contentId": "[variables('parserObject4').parserContentId4]",
|
||||
"kind": "Parser",
|
||||
"version": "[variables('parserObject4').parserVersion4]",
|
||||
|
|
@ -2646,7 +2646,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "Microsoft Exchange Least Privilege with RBAC Workbook with template version 3.1.4",
|
||||
"description": "Microsoft Exchange Least Privilege with RBAC Workbook with template version 3.1.5",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('workbookVersion1')]",
|
||||
|
|
@ -2737,7 +2737,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "Microsoft Exchange Search AdminAuditLog Workbook with template version 3.1.4",
|
||||
"description": "Microsoft Exchange Search AdminAuditLog Workbook with template version 3.1.5",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('workbookVersion2')]",
|
||||
|
|
@ -2828,7 +2828,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "Microsoft Exchange Admin Activity Workbook with template version 3.1.4",
|
||||
"description": "Microsoft Exchange Admin Activity Workbook with template version 3.1.5",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('workbookVersion3')]",
|
||||
|
|
@ -2919,7 +2919,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "Microsoft Exchange Security Review Workbook with template version 3.1.4",
|
||||
"description": "Microsoft Exchange Security Review Workbook with template version 3.1.5",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('workbookVersion4')]",
|
||||
|
|
@ -3010,7 +3010,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "CriticalCmdletsUsageDetection_AnalyticalRules Analytics Rule with template version 3.1.4",
|
||||
"description": "CriticalCmdletsUsageDetection_AnalyticalRules Analytics Rule with template version 3.1.5",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('analyticRuleObject1').analyticRuleVersion1]",
|
||||
|
|
@ -3038,10 +3038,10 @@
|
|||
"status": "Available",
|
||||
"requiredDataConnectors": [
|
||||
{
|
||||
"connectorId": "ESI-ExchangeAdminAuditLogEvents",
|
||||
"dataTypes": [
|
||||
"Event"
|
||||
],
|
||||
"connectorId": "ESI-ExchangeAdminAuditLogEvents"
|
||||
]
|
||||
}
|
||||
],
|
||||
"tactics": [
|
||||
|
|
@ -3056,25 +3056,24 @@
|
|||
],
|
||||
"entityMappings": [
|
||||
{
|
||||
"entityType": "Mailbox",
|
||||
"fieldMappings": [
|
||||
{
|
||||
"columnName": "TargetObject",
|
||||
"identifier": "MailboxPrimaryAddress"
|
||||
}
|
||||
]
|
||||
],
|
||||
"entityType": "Mailbox"
|
||||
},
|
||||
{
|
||||
"entityType": "Host",
|
||||
"fieldMappings": [
|
||||
{
|
||||
"columnName": "Computer",
|
||||
"identifier": "FullName"
|
||||
}
|
||||
]
|
||||
],
|
||||
"entityType": "Host"
|
||||
},
|
||||
{
|
||||
"entityType": "Account",
|
||||
"fieldMappings": [
|
||||
{
|
||||
"columnName": "TargetObject",
|
||||
|
|
@ -3088,22 +3087,23 @@
|
|||
"columnName": "TargetObject",
|
||||
"identifier": "FullName"
|
||||
}
|
||||
]
|
||||
],
|
||||
"entityType": "Account"
|
||||
},
|
||||
{
|
||||
"entityType": "Account",
|
||||
"fieldMappings": [
|
||||
{
|
||||
"columnName": "Caller",
|
||||
"identifier": "Name"
|
||||
}
|
||||
]
|
||||
],
|
||||
"entityType": "Account"
|
||||
}
|
||||
],
|
||||
"alertDetailsOverride": {
|
||||
"alertDisplayNameFormat": "{{CmdletName}} executed on {{TargetObject}}",
|
||||
"alertSeverityColumnName": "Level",
|
||||
"alertDescriptionFormat": "Alert from Microsoft Exchange Security as {{CmdletName}} with parameters {{CmdletParameters}} was executed on {{TargetObject}}",
|
||||
"alertSeverityColumnName": "Level"
|
||||
"alertDisplayNameFormat": "{{CmdletName}} executed on {{TargetObject}}"
|
||||
}
|
||||
}
|
||||
},
|
||||
|
|
@ -3157,7 +3157,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "ServerOrientedWithUserOrientedAdministration_AnalyticalRules Analytics Rule with template version 3.1.4",
|
||||
"description": "ServerOrientedWithUserOrientedAdministration_AnalyticalRules Analytics Rule with template version 3.1.5",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('analyticRuleObject2').analyticRuleVersion2]",
|
||||
|
|
@ -3185,10 +3185,10 @@
|
|||
"status": "Available",
|
||||
"requiredDataConnectors": [
|
||||
{
|
||||
"connectorId": "ESI-ExchangeAdminAuditLogEvents",
|
||||
"dataTypes": [
|
||||
"Event"
|
||||
],
|
||||
"connectorId": "ESI-ExchangeAdminAuditLogEvents"
|
||||
]
|
||||
}
|
||||
],
|
||||
"tactics": [
|
||||
|
|
@ -3203,7 +3203,6 @@
|
|||
],
|
||||
"entityMappings": [
|
||||
{
|
||||
"entityType": "Mailbox",
|
||||
"fieldMappings": [
|
||||
{
|
||||
"columnName": "userPrincipalName",
|
||||
|
|
@ -3213,28 +3212,28 @@
|
|||
"columnName": "userPrincipalName",
|
||||
"identifier": "Upn"
|
||||
}
|
||||
]
|
||||
],
|
||||
"entityType": "Mailbox"
|
||||
},
|
||||
{
|
||||
"entityType": "Host",
|
||||
"fieldMappings": [
|
||||
{
|
||||
"columnName": "Computer",
|
||||
"identifier": "FullName"
|
||||
}
|
||||
]
|
||||
],
|
||||
"entityType": "Host"
|
||||
},
|
||||
{
|
||||
"entityType": "Host",
|
||||
"fieldMappings": [
|
||||
{
|
||||
"columnName": "ServerCmdletTargetObject",
|
||||
"identifier": "HostName"
|
||||
}
|
||||
]
|
||||
],
|
||||
"entityType": "Host"
|
||||
},
|
||||
{
|
||||
"entityType": "Account",
|
||||
"fieldMappings": [
|
||||
{
|
||||
"columnName": "Caller",
|
||||
|
|
@ -3244,7 +3243,8 @@
|
|||
"columnName": "objectGUID",
|
||||
"identifier": "ObjectGuid"
|
||||
}
|
||||
]
|
||||
],
|
||||
"entityType": "Account"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
|
@ -3331,7 +3331,7 @@
|
|||
"apiVersion": "2023-04-01-preview",
|
||||
"location": "[parameters('workspace-location')]",
|
||||
"properties": {
|
||||
"version": "3.1.4",
|
||||
"version": "3.1.5",
|
||||
"kind": "Solution",
|
||||
"contentSchemaVersion": "3.0.0",
|
||||
"displayName": "Microsoft Exchange Security - Exchange On-Premises",
|
||||
|
|
@ -3423,12 +3423,12 @@
|
|||
{
|
||||
"kind": "Watchlist",
|
||||
"contentId": "[variables('_Exchange Services Monitoring')]",
|
||||
"version": "3.1.4"
|
||||
"version": "3.1.5"
|
||||
},
|
||||
{
|
||||
"kind": "Watchlist",
|
||||
"contentId": "[variables('_Exchange VIP')]",
|
||||
"version": "3.1.4"
|
||||
"version": "3.1.5"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
|
|
|||
|
|
@ -10,19 +10,19 @@ FunctionParams:
|
|||
- Name: SpecificSectionList
|
||||
Type: string
|
||||
Description: The list of section to query. Default is all.
|
||||
DefaultValue: ''
|
||||
Default: ''
|
||||
- Name: SpecificConfigurationDate
|
||||
Type: string
|
||||
Description: The date to query. Default is last 7 days.
|
||||
DefaultValue: 'lastdate'
|
||||
Default: 'lastdate'
|
||||
- Name: SpecificConfigurationEnv
|
||||
Type: string
|
||||
Description: The environment to query. Default is all.
|
||||
DefaultValue: 'All'
|
||||
Default: 'All'
|
||||
- Name: Target
|
||||
Type: string
|
||||
Description: The target environment to query. Valid values are "On-Premises" or "Online". Default is "On-Premises".
|
||||
DefaultValue: 'On-Premises'
|
||||
Default: 'On-Premises'
|
||||
FunctionQuery: |
|
||||
// Version: 1.6.1
|
||||
// Last Updated: 19/12/2023
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ FunctionParams:
|
|||
- Name: Target
|
||||
Type: string
|
||||
Description: The target environment to query. Valid values are "On-Premises" or "Online". Default is "On-Premises".
|
||||
DefaultValue: 'On-Premises'
|
||||
Default: 'On-Premises'
|
||||
FunctionQuery: |
|
||||
// Parameters simulation
|
||||
// If you need to test the parser execution without saving it as a function, uncomment the bellow variable to simulate parameters values.
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ FunctionParams:
|
|||
- Name: UserToCheck
|
||||
Type: string
|
||||
Description: The user to verifiy if is a VIP or not. Default value is "all".
|
||||
DefaultValue: 'All'
|
||||
Default: 'All'
|
||||
FunctionQuery: |
|
||||
//let UserToCheck = "SampleEntry";
|
||||
let _UserToCheck = iif(UserToCheck == "" or UserToCheck == "All","All",tolower(UserToCheck));
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
| **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** |
|
||||
|-------------|--------------------------------|---------------------------------------------|
|
||||
| 3.1.5 | 26-04-2024 | Repackaged for fix on parser in maintemplate to have old parsername and parentid |
|
||||
| 3.1.4 | 18-04-2024 | Repackaged for parser issue while redeployment |
|
||||
| 3.1.3 | 10-04-2024 | Updated DataConnector last Log indicator and IsConnected queries by including Application and System Log Event Types |
|
||||
| 3.1.2 | 20-02-2024 | Correct DataConnector last Log indicator and IsConnected queries |
|
||||
|
|
|
|||
|
|
@ -38,7 +38,7 @@
|
|||
],
|
||||
"Metadata": "SolutionMetadata.json",
|
||||
"BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\OracleDatabaseAudit",
|
||||
"Version": "3.0.0",
|
||||
"Version": "3.0.1",
|
||||
"TemplateSpec": true,
|
||||
"Is1PConnector": false
|
||||
}
|
||||
Двоичный файл не отображается.
|
|
@ -6,7 +6,7 @@
|
|||
"config": {
|
||||
"isWizard": false,
|
||||
"basics": {
|
||||
"description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/oracle_logo.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \r \n • Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/OracleDatabaseAudit/ReleaseNotes.md)\r \n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\r \n •The Oracle Database Audit solution provides the capability to ingest [Oracle Database](https://www.oracle.com/database/technologies/) audit events into Microsoft Sentinel through the syslog. Refer to [documentation](https://docs.oracle.com/en/database/oracle/oracle-database/21/dbseg/introduction-to-auditing.html#GUID-94381464-53A3-421B-8F13-BD171C867405) for more information.\r\n \r\n **Underlying Microsoft Technologies used:** \r\n\r\n This solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\r\n\n a. [Agent-based log collection (Syslog)](https://docs.microsoft.com/azure/sentinel/connect-syslog)\r\n\n\n\n\n\n**Data Connectors:** 1, **Parsers:** 1, **Workbooks:** 1, **Analytic Rules:** 10, **Hunting Queries:** 10\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
|
||||
"description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/oracle_logo.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/OracleDatabaseAudit/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe Oracle Database Audit solution provides the capability to ingest [Oracle Database](https://www.oracle.com/database/technologies/) audit events into Microsoft Sentinel through the syslog. Refer to [documentation](https://docs.oracle.com/en/database/oracle/oracle-database/21/dbseg/introduction-to-auditing.html#GUID-94381464-53A3-421B-8F13-BD171C867405) for more information.\r\n \r\n **Underlying Microsoft Technologies used:** \r\n\r\n This solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\r\n\n a. [Agent-based log collection (Syslog)](https://docs.microsoft.com/azure/sentinel/connect-syslog)\r\n\n\n\n\n\n**Data Connectors:** 1, **Parsers:** 1, **Workbooks:** 1, **Analytic Rules:** 10, **Hunting Queries:** 10\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
|
||||
"subscription": {
|
||||
"resourceProviders": [
|
||||
"Microsoft.OperationsManagement/solutions",
|
||||
|
|
@ -57,7 +57,7 @@
|
|||
"bladeTitle": "Data Connectors",
|
||||
"elements": [
|
||||
{
|
||||
"name": "dataconnectors1-text",
|
||||
"name": "dataconnectors-text1",
|
||||
"type": "Microsoft.Common.TextBlock",
|
||||
"options": {
|
||||
"text": "This Solution installs the data connector for OracleDatabaseAudit. You can get OracleDatabaseAudit Syslog data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
|
||||
|
|
|
|||
Различия файлов скрыты, потому что одна или несколько строк слишком длинны
|
|
@ -1,4 +1,5 @@
|
|||
| **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** |
|
||||
|-------------|--------------------------------|---------------------------------------------|
|
||||
| 3.0.1 | 26-04-2024 | Repackaged for fix on parser in maintemplate to have old parsername and parentid |
|
||||
| 3.0.0 | 19-12-2023 | Documentation changes for oracle data base audit
|
||||
|
||||
|
|
|
|||
|
|
@ -23,7 +23,7 @@
|
|||
"Solutions/ProofPointTap/Playbooks/ProofpointTAP-CheckAccountInVAP/azuredeploy.json"
|
||||
],
|
||||
"BasePath": "C:\\GitHub\\Azure-Sentinel",
|
||||
"Version": "3.0.3",
|
||||
"Version": "3.0.4",
|
||||
"Metadata": "SolutionMetadata.json",
|
||||
"TemplateSpec": true,
|
||||
"Is1PConnector": false
|
||||
|
|
|
|||
Двоичный файл не отображается.
|
|
@ -41,7 +41,7 @@
|
|||
"email": "support@microsoft.com",
|
||||
"_email": "[variables('email')]",
|
||||
"_solutionName": "ProofPointTap",
|
||||
"_solutionVersion": "3.0.3",
|
||||
"_solutionVersion": "3.0.4",
|
||||
"solutionId": "azuresentinel.azure-sentinel-proofpoint",
|
||||
"_solutionId": "[variables('solutionId')]",
|
||||
"uiConfigId1": "ProofpointTAP",
|
||||
|
|
@ -54,8 +54,8 @@
|
|||
"dataConnectorVersion1": "1.0.0",
|
||||
"_dataConnectorcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentId1'),'-', variables('dataConnectorVersion1'))))]",
|
||||
"parserObject1": {
|
||||
"_parserName1": "[concat(parameters('workspace'),'/','Parser-for-ProofpointTAPEvent')]",
|
||||
"_parserId1": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser-for-ProofpointTAPEvent')]",
|
||||
"_parserName1": "[concat(parameters('workspace'),'/','ProofpointTAPEvent')]",
|
||||
"_parserId1": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'ProofpointTAPEvent')]",
|
||||
"parserTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring('ProofpointTAPEvent-Parser')))]",
|
||||
"parserVersion1": "1.0.0",
|
||||
"parserContentId1": "ProofpointTAPEvent-Parser"
|
||||
|
|
@ -124,7 +124,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "ProofPointTap data connector with template version 3.0.3",
|
||||
"description": "ProofPointTap data connector with template version 3.0.4",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('dataConnectorVersion1')]",
|
||||
|
|
@ -595,7 +595,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "ProofpointTAPEvent Data Parser with template version 3.0.3",
|
||||
"description": "ProofpointTAPEvent Data Parser with template version 3.0.4",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('parserObject1').parserVersion1]",
|
||||
|
|
@ -631,7 +631,7 @@
|
|||
"[variables('parserObject1')._parserId1]"
|
||||
],
|
||||
"properties": {
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser-for-ProofpointTAPEvent')]",
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'ProofpointTAPEvent')]",
|
||||
"contentId": "[variables('parserObject1').parserContentId1]",
|
||||
"kind": "Parser",
|
||||
"version": "[variables('parserObject1').parserVersion1]",
|
||||
|
|
@ -697,7 +697,7 @@
|
|||
"[variables('parserObject1')._parserId1]"
|
||||
],
|
||||
"properties": {
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser-for-ProofpointTAPEvent')]",
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'ProofpointTAPEvent')]",
|
||||
"contentId": "[variables('parserObject1').parserContentId1]",
|
||||
"kind": "Parser",
|
||||
"version": "[variables('parserObject1').parserVersion1]",
|
||||
|
|
@ -727,7 +727,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "MalwareAttachmentDelivered_AnalyticalRules Analytics Rule with template version 3.0.3",
|
||||
"description": "MalwareAttachmentDelivered_AnalyticalRules Analytics Rule with template version 3.0.4",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('analyticRuleObject1').analyticRuleVersion1]",
|
||||
|
|
@ -772,22 +772,22 @@
|
|||
],
|
||||
"entityMappings": [
|
||||
{
|
||||
"entityType": "Account",
|
||||
"fieldMappings": [
|
||||
{
|
||||
"columnName": "AccountCustomEntity",
|
||||
"identifier": "FullName"
|
||||
}
|
||||
]
|
||||
],
|
||||
"entityType": "Account"
|
||||
},
|
||||
{
|
||||
"entityType": "IP",
|
||||
"fieldMappings": [
|
||||
{
|
||||
"columnName": "IPCustomEntity",
|
||||
"identifier": "Address"
|
||||
}
|
||||
]
|
||||
],
|
||||
"entityType": "IP"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
|
@ -843,7 +843,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "MalwareLinkClicked_AnalyticalRules Analytics Rule with template version 3.0.3",
|
||||
"description": "MalwareLinkClicked_AnalyticalRules Analytics Rule with template version 3.0.4",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('analyticRuleObject2').analyticRuleVersion2]",
|
||||
|
|
@ -888,31 +888,31 @@
|
|||
],
|
||||
"entityMappings": [
|
||||
{
|
||||
"entityType": "Account",
|
||||
"fieldMappings": [
|
||||
{
|
||||
"columnName": "AccountCustomEntity",
|
||||
"identifier": "FullName"
|
||||
}
|
||||
]
|
||||
],
|
||||
"entityType": "Account"
|
||||
},
|
||||
{
|
||||
"entityType": "IP",
|
||||
"fieldMappings": [
|
||||
{
|
||||
"columnName": "IPCustomEntity",
|
||||
"identifier": "Address"
|
||||
}
|
||||
]
|
||||
],
|
||||
"entityType": "IP"
|
||||
},
|
||||
{
|
||||
"entityType": "URL",
|
||||
"fieldMappings": [
|
||||
{
|
||||
"columnName": "URLCustomEntity",
|
||||
"identifier": "Url"
|
||||
}
|
||||
]
|
||||
],
|
||||
"entityType": "URL"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
|
@ -968,7 +968,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "ProofpointTAP Workbook with template version 3.0.3",
|
||||
"description": "ProofpointTAP Workbook with template version 3.0.4",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('workbookVersion1')]",
|
||||
|
|
@ -1068,7 +1068,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "ProofpointTAPConnector Playbook with template version 3.0.3",
|
||||
"description": "ProofpointTAPConnector Playbook with template version 3.0.4",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('playbookVersion1')]",
|
||||
|
|
@ -1092,8 +1092,7 @@
|
|||
"workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]",
|
||||
"playbookContentId1": "ProofpointTAPConnector",
|
||||
"playbookId1": "[[resourceId('Microsoft.Web/customApis', parameters('customApis_ProofpointTAP_name'))]",
|
||||
"workspace-name": "[parameters('workspace')]",
|
||||
"workspaceResourceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]"
|
||||
"workspace-name": "[parameters('workspace')]"
|
||||
},
|
||||
"resources": [
|
||||
{
|
||||
|
|
@ -2038,7 +2037,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "Get-ProofpointTAPEvents Playbook with template version 3.0.3",
|
||||
"description": "Get-ProofpointTAPEvents Playbook with template version 3.0.4",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('playbookVersion2')]",
|
||||
|
|
@ -2065,8 +2064,7 @@
|
|||
"connection-1": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/azureloganalyticsdatacollector')]",
|
||||
"_connection-1": "[[variables('connection-1')]",
|
||||
"workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]",
|
||||
"workspace-name": "[parameters('workspace')]",
|
||||
"workspaceResourceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]"
|
||||
"workspace-name": "[parameters('workspace')]"
|
||||
},
|
||||
"resources": [
|
||||
{
|
||||
|
|
@ -2091,7 +2089,7 @@
|
|||
],
|
||||
"tags": {
|
||||
"LogicAppsCategory": "security",
|
||||
"hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
|
||||
"hidden-SentinelWorkspaceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]"
|
||||
},
|
||||
"properties": {
|
||||
"state": "Enabled",
|
||||
|
|
@ -2340,7 +2338,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "ProofpointTAP-AddForensicsInfoToIncident Playbook with template version 3.0.3",
|
||||
"description": "ProofpointTAP-AddForensicsInfoToIncident Playbook with template version 3.0.4",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('playbookVersion3')]",
|
||||
|
|
@ -2362,8 +2360,7 @@
|
|||
"connection-2": "[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', parameters('customApis_proofpointtap_name'))]",
|
||||
"_connection-2": "[[variables('connection-2')]",
|
||||
"workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]",
|
||||
"workspace-name": "[parameters('workspace')]",
|
||||
"workspaceResourceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]"
|
||||
"workspace-name": "[parameters('workspace')]"
|
||||
},
|
||||
"resources": [
|
||||
{
|
||||
|
|
@ -2624,7 +2621,7 @@
|
|||
}
|
||||
},
|
||||
"tags": {
|
||||
"hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
|
||||
"hidden-SentinelWorkspaceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]"
|
||||
}
|
||||
},
|
||||
{
|
||||
|
|
@ -2717,7 +2714,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "ProofpointTAP-CheckAccountInVAP Playbook with template version 3.0.3",
|
||||
"description": "ProofpointTAP-CheckAccountInVAP Playbook with template version 3.0.4",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('playbookVersion4')]",
|
||||
|
|
@ -2739,8 +2736,7 @@
|
|||
"connection-2": "[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', parameters('customApis_proofpointtap_name'))]",
|
||||
"_connection-2": "[[variables('connection-2')]",
|
||||
"workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]",
|
||||
"workspace-name": "[parameters('workspace')]",
|
||||
"workspaceResourceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]"
|
||||
"workspace-name": "[parameters('workspace')]"
|
||||
},
|
||||
"resources": [
|
||||
{
|
||||
|
|
@ -3044,7 +3040,7 @@
|
|||
}
|
||||
},
|
||||
"tags": {
|
||||
"hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
|
||||
"hidden-SentinelWorkspaceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]"
|
||||
}
|
||||
},
|
||||
{
|
||||
|
|
@ -3136,7 +3132,7 @@
|
|||
"apiVersion": "2023-04-01-preview",
|
||||
"location": "[parameters('workspace-location')]",
|
||||
"properties": {
|
||||
"version": "3.0.3",
|
||||
"version": "3.0.4",
|
||||
"kind": "Solution",
|
||||
"contentSchemaVersion": "3.0.0",
|
||||
"displayName": "ProofPointTap",
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
| **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** |
|
||||
|-------------|--------------------------------|--------------------------------------------------------------|
|
||||
| 3.0.4 | 26-04-2024 | Repackaged for fix on parser in maintemplate to have old parsername and parentid |
|
||||
| 3.0.3 | 16-04-2024 | Repackaged for parser issue in maintemplate |
|
||||
| 3.0.2 | 10-04-2024 | Added Azure Deploy button for government portal deployments |
|
||||
| 3.0.1 | 10-10-2023 | Manual deployment instructions updated for **Data Connector**|
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@
|
|||
"Parsers/SymantecEndpointProtection.yaml"
|
||||
],
|
||||
"BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\Symantec Endpoint Protection",
|
||||
"Version": "3.0.1",
|
||||
"Version": "3.0.2",
|
||||
"Metadata": "SolutionMetadata.json",
|
||||
"TemplateSpec": true,
|
||||
"Is1Pconnector": false
|
||||
|
|
|
|||
Двоичный файл не отображается.
|
|
@ -41,7 +41,7 @@
|
|||
"email": "support@microsoft.com",
|
||||
"_email": "[variables('email')]",
|
||||
"_solutionName": "Symantec Endpoint Protection",
|
||||
"_solutionVersion": "3.0.1",
|
||||
"_solutionVersion": "3.0.2",
|
||||
"solutionId": "azuresentinel.azure-sentinel-solution-symantecendpointprotection",
|
||||
"_solutionId": "[variables('solutionId')]",
|
||||
"analyticRuleObject1": {
|
||||
|
|
@ -74,8 +74,8 @@
|
|||
"_workbookContentId1": "[variables('workbookContentId1')]",
|
||||
"_workbookcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','wb','-', uniqueString(concat(variables('_solutionId'),'-','Workbook','-',variables('_workbookContentId1'),'-', variables('workbookVersion1'))))]",
|
||||
"parserObject1": {
|
||||
"_parserName1": "[concat(parameters('workspace'),'/','Parser-for-SymantecEndpointProtection')]",
|
||||
"_parserId1": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser-for-SymantecEndpointProtection')]",
|
||||
"_parserName1": "[concat(parameters('workspace'),'/','SymantecEndpointProtection')]",
|
||||
"_parserId1": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'SymantecEndpointProtection')]",
|
||||
"parserTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring('SymantecEndpointProtection-Parser')))]",
|
||||
"parserVersion1": "1.0.1",
|
||||
"parserContentId1": "SymantecEndpointProtection-Parser"
|
||||
|
|
@ -92,7 +92,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "ExcessiveBlockedTrafficGeneratedbyUser_AnalyticalRules Analytics Rule with template version 3.0.1",
|
||||
"description": "ExcessiveBlockedTrafficGeneratedbyUser_AnalyticalRules Analytics Rule with template version 3.0.2",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('analyticRuleObject1').analyticRuleVersion1]",
|
||||
|
|
@ -128,31 +128,31 @@
|
|||
],
|
||||
"entityMappings": [
|
||||
{
|
||||
"entityType": "Account",
|
||||
"fieldMappings": [
|
||||
{
|
||||
"columnName": "AccountCustomEntity",
|
||||
"identifier": "FullName"
|
||||
}
|
||||
]
|
||||
],
|
||||
"entityType": "Account"
|
||||
},
|
||||
{
|
||||
"entityType": "IP",
|
||||
"fieldMappings": [
|
||||
{
|
||||
"columnName": "IPCustomEntity",
|
||||
"identifier": "Address"
|
||||
}
|
||||
]
|
||||
],
|
||||
"entityType": "IP"
|
||||
},
|
||||
{
|
||||
"entityType": "Host",
|
||||
"fieldMappings": [
|
||||
{
|
||||
"columnName": "HostCustomEntity",
|
||||
"identifier": "FullName"
|
||||
}
|
||||
]
|
||||
],
|
||||
"entityType": "Host"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
|
@ -208,7 +208,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "MalwareDetected_AnalyticalRules Analytics Rule with template version 3.0.1",
|
||||
"description": "MalwareDetected_AnalyticalRules Analytics Rule with template version 3.0.2",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('analyticRuleObject2').analyticRuleVersion2]",
|
||||
|
|
@ -247,31 +247,31 @@
|
|||
],
|
||||
"entityMappings": [
|
||||
{
|
||||
"entityType": "Account",
|
||||
"fieldMappings": [
|
||||
{
|
||||
"columnName": "AccountCustomEntity",
|
||||
"identifier": "FullName"
|
||||
}
|
||||
]
|
||||
],
|
||||
"entityType": "Account"
|
||||
},
|
||||
{
|
||||
"entityType": "IP",
|
||||
"fieldMappings": [
|
||||
{
|
||||
"columnName": "IPCustomEntity",
|
||||
"identifier": "Address"
|
||||
}
|
||||
]
|
||||
],
|
||||
"entityType": "IP"
|
||||
},
|
||||
{
|
||||
"entityType": "Host",
|
||||
"fieldMappings": [
|
||||
{
|
||||
"columnName": "HostCustomEntity",
|
||||
"identifier": "FullName"
|
||||
}
|
||||
]
|
||||
],
|
||||
"entityType": "Host"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
|
@ -327,7 +327,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "Symantec Endpoint Protection data connector with template version 3.0.1",
|
||||
"description": "Symantec Endpoint Protection data connector with template version 3.0.2",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('dataConnectorVersion1')]",
|
||||
|
|
@ -674,7 +674,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "SymantecEndpointProtection Workbook with template version 3.0.1",
|
||||
"description": "SymantecEndpointProtection Workbook with template version 3.0.2",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('workbookVersion1')]",
|
||||
|
|
@ -762,7 +762,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "SymantecEndpointProtection Data Parser with template version 3.0.1",
|
||||
"description": "SymantecEndpointProtection Data Parser with template version 3.0.2",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('parserObject1').parserVersion1]",
|
||||
|
|
@ -798,7 +798,7 @@
|
|||
"[variables('parserObject1')._parserId1]"
|
||||
],
|
||||
"properties": {
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser-for-SymantecEndpointProtection')]",
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'SymantecEndpointProtection')]",
|
||||
"contentId": "[variables('parserObject1').parserContentId1]",
|
||||
"kind": "Parser",
|
||||
"version": "[variables('parserObject1').parserVersion1]",
|
||||
|
|
@ -864,7 +864,7 @@
|
|||
"[variables('parserObject1')._parserId1]"
|
||||
],
|
||||
"properties": {
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser-for-SymantecEndpointProtection')]",
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'SymantecEndpointProtection')]",
|
||||
"contentId": "[variables('parserObject1').parserContentId1]",
|
||||
"kind": "Parser",
|
||||
"version": "[variables('parserObject1').parserVersion1]",
|
||||
|
|
@ -890,7 +890,7 @@
|
|||
"apiVersion": "2023-04-01-preview",
|
||||
"location": "[parameters('workspace-location')]",
|
||||
"properties": {
|
||||
"version": "3.0.1",
|
||||
"version": "3.0.2",
|
||||
"kind": "Solution",
|
||||
"contentSchemaVersion": "3.0.0",
|
||||
"displayName": "Symantec Endpoint Protection",
|
||||
|
|
|
|||
|
|
@ -1,4 +1,5 @@
|
|||
| **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** |
|
||||
|-------------|--------------------------------|---------------------------------------------|
|
||||
| 3.0.2 | 26-04-2024 | Repackaged for fix on parser in maintemplate to have old parsername and parentid |
|
||||
| 3.0.1 | 18-04-2024 | Repackaged for fix in parser in maintemplate |
|
||||
| 3.0.0 | 15-04-2024 | Updated **Parser** SymantecEndpointProtection.yaml to automatic update applicable logs |
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@
|
|||
"Workbooks/ZoomReports.json"
|
||||
],
|
||||
"BasePath": "C:\\GitHub\\Azure-Sentinel\\solutions\\ZoomReports",
|
||||
"Version": "3.0.3",
|
||||
"Version": "3.0.4",
|
||||
"Metadata": "SolutionMetadata.json",
|
||||
"TemplateSpec": true,
|
||||
"Is1PConnector": false
|
||||
|
|
|
|||
Двоичный файл не отображается.
|
|
@ -41,7 +41,7 @@
|
|||
"email": "support@microsoft.com",
|
||||
"_email": "[variables('email')]",
|
||||
"_solutionName": "ZoomReports",
|
||||
"_solutionVersion": "3.0.3",
|
||||
"_solutionVersion": "3.0.4",
|
||||
"solutionId": "azuresentinel.azure-sentinel-solution-zoomreports",
|
||||
"_solutionId": "[variables('solutionId')]",
|
||||
"uiConfigId1": "Zoom",
|
||||
|
|
@ -54,8 +54,8 @@
|
|||
"dataConnectorVersion1": "1.0.0",
|
||||
"_dataConnectorcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentId1'),'-', variables('dataConnectorVersion1'))))]",
|
||||
"parserObject1": {
|
||||
"_parserName1": "[concat(parameters('workspace'),'/','Parser-for-Zoom')]",
|
||||
"_parserId1": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser-for-Zoom')]",
|
||||
"_parserName1": "[concat(parameters('workspace'),'/','Zoom')]",
|
||||
"_parserId1": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Zoom')]",
|
||||
"parserTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring('Zoom-Parser')))]",
|
||||
"parserVersion1": "1.0.0",
|
||||
"parserContentId1": "Zoom-Parser"
|
||||
|
|
@ -78,7 +78,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "ZoomReports data connector with template version 3.0.3",
|
||||
"description": "ZoomReports data connector with template version 3.0.4",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('dataConnectorVersion1')]",
|
||||
|
|
@ -473,7 +473,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "Zoom Data Parser with template version 3.0.3",
|
||||
"description": "Zoom Data Parser with template version 3.0.4",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('parserObject1').parserVersion1]",
|
||||
|
|
@ -509,7 +509,7 @@
|
|||
"[variables('parserObject1')._parserId1]"
|
||||
],
|
||||
"properties": {
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser-for-Zoom')]",
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Zoom')]",
|
||||
"contentId": "[variables('parserObject1').parserContentId1]",
|
||||
"kind": "Parser",
|
||||
"version": "[variables('parserObject1').parserVersion1]",
|
||||
|
|
@ -575,7 +575,7 @@
|
|||
"[variables('parserObject1')._parserId1]"
|
||||
],
|
||||
"properties": {
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser-for-Zoom')]",
|
||||
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Zoom')]",
|
||||
"contentId": "[variables('parserObject1').parserContentId1]",
|
||||
"kind": "Parser",
|
||||
"version": "[variables('parserObject1').parserVersion1]",
|
||||
|
|
@ -605,7 +605,7 @@
|
|||
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "ZoomReports Workbook with template version 3.0.3",
|
||||
"description": "ZoomReports Workbook with template version 3.0.4",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('workbookVersion1')]",
|
||||
|
|
@ -689,7 +689,7 @@
|
|||
"apiVersion": "2023-04-01-preview",
|
||||
"location": "[parameters('workspace-location')]",
|
||||
"properties": {
|
||||
"version": "3.0.3",
|
||||
"version": "3.0.4",
|
||||
"kind": "Solution",
|
||||
"contentSchemaVersion": "3.0.0",
|
||||
"displayName": "ZoomReports",
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
| **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** |
|
||||
|-------------|--------------------------------|---------------------------------------------|
|
||||
| 3.0.4 | 26-04-2024 | Repackaged for fix on parser in maintemplate to have old parsername and parentid |
|
||||
| 3.0.3 | 18-04-2024 | Repackaged for fix on parser in maintemplate |
|
||||
| 3.0.2 | 10-04-2024 | Added Azure Deploy button for government portal deployments |
|
||||
| 3.0.1 | 04-12-2023 | Authentication changes for zoom reports with server to server **Oauth app** |
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче