trend micro apex packaged

Solutions/Trend Micro Apex One/Analytic Rules/TMApexOneAttackDiscoveryDetectionRisks.yaml

@@ -11,6 +11,9 @@ requiredDataConnectors:
   - connectorId: TrendMicroApexOneAma
     dataTypes:
       - TMApexOneEvent
+  - connectorId: CefAma
+    dataTypes:
+      - CommonSecurityLog
 queryFrequency: 1h
 queryPeriod: 1h
 triggerOperator: gt
@@ -32,5 +35,5 @@ entityMappings:
     fieldMappings:
       - identifier: Name
         columnName: AccountCustomEntity
-version: 1.0.1
+version: 1.0.2
 kind: Scheduled

Solutions/Trend Micro Apex One/Analytic Rules/TMApexOneCommandLineSuspiciousRequests.yaml

@@ -11,6 +11,9 @@ requiredDataConnectors:
   - connectorId: TrendMicroApexOneAma
     dataTypes:
       - TMApexOneEvent
+  - connectorId: CefAma
+    dataTypes:
+      - CommonSecurityLog
 queryFrequency: 1h
 queryPeriod: 1h
 triggerOperator: gt
@@ -33,5 +36,5 @@ entityMappings:
     fieldMappings:
       - identifier: Name
         columnName: AccountCustomEntity
-version: 1.0.1
+version: 1.0.2
 kind: Scheduled

Solutions/Trend Micro Apex One/Analytic Rules/TMApexOneCommandsInRequest.yaml

@@ -11,6 +11,9 @@ requiredDataConnectors:
   - connectorId: TrendMicroApexOneAma
     dataTypes:
       - TMApexOneEvent
+  - connectorId: CefAma
+    dataTypes:
+      - CommonSecurityLog
 queryFrequency: 1h
 queryPeriod: 1h
 triggerOperator: gt
@@ -30,5 +33,5 @@ entityMappings:
     fieldMappings:
       - identifier: Url
         columnName: UrlCustomEntity
-version: 1.0.1
+version: 1.0.2
 kind: Scheduled

Solutions/Trend Micro Apex One/Analytic Rules/TMApexOneDvcAccessPermissionWasChanged.yaml

@@ -11,6 +11,9 @@ requiredDataConnectors:
   - connectorId: TrendMicroApexOneAma
     dataTypes:
       - TMApexOneEvent
+  - connectorId: CefAma
+    dataTypes:
+      - CommonSecurityLog
 queryFrequency: 1h
 queryPeriod: 1h
 triggerOperator: gt
@@ -45,5 +48,5 @@ entityMappings:
     fieldMappings:
       - identifier: Name
         columnName: AccountCustomEntity
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled

Solutions/Trend Micro Apex One/Analytic Rules/TMApexOneInboundRemoteAccess.yaml

@@ -11,6 +11,9 @@ requiredDataConnectors:
   - connectorId: TrendMicroApexOneAma
     dataTypes:
       - TMApexOneEvent
+  - connectorId: CefAma
+    dataTypes:
+      - CommonSecurityLog
 queryFrequency: 1h
 queryPeriod: 1h
 triggerOperator: gt
@@ -34,5 +37,5 @@ entityMappings:
     fieldMappings:
       - identifier: Name
         columnName: AccountCustomEntity
-version: 1.0.1
+version: 1.0.2
 kind: Scheduled

Solutions/Trend Micro Apex One/Analytic Rules/TMApexOneMultipleDenyOrTerminateActionOnSingleIp.yaml

@@ -11,6 +11,9 @@ requiredDataConnectors:
   - connectorId: TrendMicroApexOneAma
     dataTypes:
       - TMApexOneEvent
+  - connectorId: CefAma
+    dataTypes:
+      - CommonSecurityLog
 queryFrequency: 1h
 queryPeriod: 1h
 triggerOperator: gt
@@ -32,5 +35,5 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: IPCustomEntity
-version: 1.0.1
+version: 1.0.2
 kind: Scheduled

Solutions/Trend Micro Apex One/Analytic Rules/TMApexOnePossibleExploitOrExecuteOperation.yaml

@@ -11,6 +11,9 @@ requiredDataConnectors:
   - connectorId: TrendMicroApexOneAma
     dataTypes:
       - TMApexOneEvent
+  - connectorId: CefAma
+    dataTypes:
+      - CommonSecurityLog
 queryFrequency: 1h
 queryPeriod: 1h
 triggerOperator: gt
@@ -35,5 +38,5 @@ entityMappings:
     fieldMappings:
       - identifier: Name
         columnName: AccountCustomEntity
-version: 1.0.3
+version: 1.0.4
 kind: Scheduled 

Solutions/Trend Micro Apex One/Analytic Rules/TMApexOneRiskCnCEvents.yaml

@@ -11,6 +11,9 @@ requiredDataConnectors:
   - connectorId: TrendMicroApexOneAma
     dataTypes:
       - TMApexOneEvent
+  - connectorId: CefAma
+    dataTypes:
+      - CommonSecurityLog
 queryFrequency: 1h
 queryPeriod: 1h
 triggerOperator: gt
@@ -32,5 +35,5 @@ entityMappings:
     fieldMappings:
       - identifier: Name
         columnName: AccountCustomEntity
-version: 1.0.1
+version: 1.0.2
 kind: Scheduled

Solutions/Trend Micro Apex One/Analytic Rules/TMApexOneSpywareWithFailedResponse.yaml

@@ -11,6 +11,9 @@ requiredDataConnectors:
   - connectorId: TrendMicroApexOneAma
     dataTypes:
       - TMApexOneEvent
+  - connectorId: CefAma
+    dataTypes:
+      - CommonSecurityLog
 queryFrequency: 1h
 queryPeriod: 1h
 triggerOperator: gt
@@ -33,5 +36,5 @@ entityMappings:
     fieldMappings:
       - identifier: Name
         columnName: AccountCustomEntity
-version: 1.0.1
+version: 1.0.2
 kind: Scheduled

Solutions/Trend Micro Apex One/Analytic Rules/TMApexOneSuspiciousConnections.yaml

@@ -11,6 +11,9 @@ requiredDataConnectors:
   - connectorId: TrendMicroApexOneAma
     dataTypes:
       - TMApexOneEvent
+  - connectorId: CefAma
+    dataTypes:
+      - CommonSecurityLog
 queryFrequency: 1h
 queryPeriod: 1h
 triggerOperator: gt
@@ -34,5 +37,5 @@ entityMappings:
     fieldMappings:
       - identifier: Name
         columnName: AccountCustomEntity
-version: 1.0.1
+version: 1.0.2
 kind: Scheduled

Solutions/Trend Micro Apex One/Data Connectors/template_TrendMicro_ApexOneAMA.json

@@ -1,6 +1,6 @@
 {
     "id": "TrendMicroApexOneAma",
-    "title": "[Recommended] Trend Micro Apex One via AMA",
+    "title": "[Deprecated] Trend Micro Apex One via AMA",
     "publisher": "Trend Micro",
     "descriptionMarkdown": "The [Trend Micro Apex One](https://www.trendmicro.com/en_us/business/products/user-protection/sps/endpoint.html) data connector provides the capability to ingest [Trend Micro Apex One events](https://aka.ms/sentinel-TrendMicroApex-OneEvents) into Microsoft Sentinel. Refer to [Trend Micro Apex Central](https://aka.ms/sentinel-TrendMicroApex-OneCentral) for more information.",
     "additionalRequirementBanner": "This data connector depends on a parser based on Kusto Function to work as expected [**TMApexOneEvent**](https://aka.ms/sentinel-TMApexOneEvent-parser) which is deployed with the Microsoft Sentinel Solution.",

Solutions/Trend Micro Apex One/Data/Solution_Trend Micro Apex One.json

@@ -2,7 +2,7 @@
   "Name": "Trend Micro Apex One",
   "Author": "Microsoft - support@microsoft.com",
   "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Trend_Micro_Logo.svg\" width=\"75px\" height=\"75px\">",
-  "Description": "The [Trend Micro Apex One](https://www.trendmicro.com/business/products/user-protection/sps/endpoint.htmlhttps:/www.trendmicro.com/business/products/user-protection/sps/endpoint.html) solution for Microsoft Sentinel enables ingestion of [Trend Micro Apex One events](https://aka.ms/sentinel-TrendMicroApex-OneEvents) into Microsoft Sentinel. Refer to [Trend Micro Apex Central](https://aka.ms/sentinel-TrendMicroApex-OneCentral) for more information. \n\r\n1. **Trend Micro Apex One via AMA** - This data connector helps in ingesting Trend Micro Apex One logs into your Log Analytics Workspace using the new Azure Monitor Agent. Learn more about ingesting using the new Azure Monitor Agent [here](https://learn.microsoft.com/azure/sentinel/connect-cef-ama). **Microsoft recommends using this Data Connector**.\n\r\n2. **Trend Micro Apex One via Legacy Agent** - This data connector helps in ingesting Trend Micro Apex One logs into your Log Analytics Workspace using the legacy Log Analytics agent.\n\n**NOTE:** Microsoft recommends installation of Trend Micro Apex One via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by **Aug 31, 2024,** and thus should only be installed where AMA is not supported. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).",
+  "Description": "The [Trend Micro Apex One](https://www.trendmicro.com/business/products/user-protection/sps/endpoint.htmlhttps:/www.trendmicro.com/business/products/user-protection/sps/endpoint.html) solution for Microsoft Sentinel enables ingestion of [Trend Micro Apex One events](https://aka.ms/sentinel-TrendMicroApex-OneEvents) into Microsoft Sentinel. Refer to [Trend Micro Apex Central](https://aka.ms/sentinel-TrendMicroApex-OneCentral) for more information. \n\nThis solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.\n\n**NOTE:** Microsoft recommends installation of CEF via AMA Connector. The existing connectors are about to be deprecated by **Aug 31, 2024**.",
   "Data Connectors": [
     "Data Connectors/TrendMicro_ApexOne.json",
 	"Data Connectors/template_TrendMicro_ApexOneAMA.json"
@@ -37,8 +37,11 @@
     "Hunting Queries/TMApexOneSuspiciousFiles.yaml",
     "Hunting Queries/TMApexOneTopSources.yaml"
   ],
+  "dependentDomainSolutionIds": [
+   "azuresentinel.azure-sentinel-solution-commoneventformat"
+   ],
   "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\Trend Micro Apex One",
-  "Version": "3.0.1",
+  "Version": "3.0.2",
   "Metadata": "SolutionMetadata.json",
   "TemplateSpec": true,
   "Is1PConnector": false

Solutions/Trend Micro Apex One/Hunting Queries/TMApexOneBehaviorMonitoringTranslatedAction.yaml

@@ -10,6 +10,9 @@ requiredDataConnectors:
   - connectorId: TrendMicroApexOneAma
     dataTypes:
       - TMApexOneEvent
+  - connectorId: CefAma
+    dataTypes:
+      - CommonSecurityLog
 tactics:
   - Execution
 relevantTechniques:

Solutions/Trend Micro Apex One/Hunting Queries/TMApexOneBehaviorMonitoringTranslatedOperation.yaml

@@ -10,6 +10,9 @@ requiredDataConnectors:
   - connectorId: TrendMicroApexOneAma
     dataTypes:
       - TMApexOneEvent
+  - connectorId: CefAma
+    dataTypes:
+      - CommonSecurityLog
 tactics:
   - Execution
 relevantTechniques:

Solutions/Trend Micro Apex One/Hunting Queries/TMApexOneBehaviorMonitoringTriggeredPolicy.yaml

@@ -10,6 +10,9 @@ requiredDataConnectors:
   - connectorId: TrendMicroApexOneAma
     dataTypes:
       - TMApexOneEvent
+  - connectorId: CefAma
+    dataTypes:
+      - CommonSecurityLog
 tactics:
   - Execution
 relevantTechniques:

Solutions/Trend Micro Apex One/Hunting Queries/TMApexOneBehaviorMonitoringTypesOfEvent.yaml

@@ -10,6 +10,9 @@ requiredDataConnectors:
   - connectorId: TrendMicroApexOneAma
     dataTypes:
       - TMApexOneEvent
+  - connectorId: CefAma
+    dataTypes:
+      - CommonSecurityLog
 tactics:
   - Privilege Escalation
   - Persistence

Solutions/Trend Micro Apex One/Hunting Queries/TMApexOneChannelType.yaml

@@ -10,6 +10,9 @@ requiredDataConnectors:
   - connectorId: TrendMicroApexOneAma
     dataTypes:
       - TMApexOneEvent
+  - connectorId: CefAma
+    dataTypes:
+      - CommonSecurityLog
 tactics:
   - CommandandControl
 relevantTechniques:

Solutions/Trend Micro Apex One/Hunting Queries/TMApexOneDataLossPreventionAction.yaml

@@ -10,6 +10,9 @@ requiredDataConnectors:
   - connectorId: TrendMicroApexOneAma
     dataTypes:
       - TMApexOneEvent
+  - connectorId: CefAma
+    dataTypes:
+      - CommonSecurityLog
 tactics:
   - Collection
 relevantTechniques:

Solutions/Trend Micro Apex One/Hunting Queries/TMApexOneRareAppProtocolByIP.yaml

@@ -10,6 +10,9 @@ requiredDataConnectors:
   - connectorId: TrendMicroApexOneAma
     dataTypes:
       - TMApexOneEvent
+  - connectorId: CefAma
+    dataTypes:
+      - CommonSecurityLog
 tactics:
   - InitialAccess
 relevantTechniques:

Solutions/Trend Micro Apex One/Hunting Queries/TMApexOneSpywareDetection.yaml

@@ -10,6 +10,9 @@ requiredDataConnectors:
   - connectorId: TrendMicroApexOneAma
     dataTypes:
       - TMApexOneEvent
+  - connectorId: CefAma
+    dataTypes:
+      - CommonSecurityLog
 tactics:
   - Execution
 relevantTechniques:

Solutions/Trend Micro Apex One/Hunting Queries/TMApexOneSuspiciousFiles.yaml

@@ -10,6 +10,9 @@ requiredDataConnectors:
   - connectorId: TrendMicroApexOneAma
     dataTypes:
       - TMApexOneEvent
+  - connectorId: CefAma
+    dataTypes:
+      - CommonSecurityLog
 tactics:
   - Execution
 relevantTechniques:

Solutions/Trend Micro Apex One/Hunting Queries/TMApexOneTopSources.yaml

@@ -10,6 +10,9 @@ requiredDataConnectors:
   - connectorId: TrendMicroApexOneAma
     dataTypes:
       - TMApexOneEvent
+  - connectorId: CefAma
+    dataTypes:
+      - CommonSecurityLog
 tactics:
   - Execution
   - InitialAccess

Solutions/Trend Micro Apex One/Package/createUiDefinition.json

@@ -6,7 +6,7 @@
     "config": {
       "isWizard": false,
       "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Trend_Micro_Logo.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \r \n • Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Trend%20Micro%20Apex%20One/ReleaseNotes.md)\r \n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Trend Micro Apex One](https://www.trendmicro.com/business/products/user-protection/sps/endpoint.htmlhttps:/www.trendmicro.com/business/products/user-protection/sps/endpoint.html) solution for Microsoft Sentinel enables ingestion of [Trend Micro Apex One events](https://aka.ms/sentinel-TrendMicroApex-OneEvents) into Microsoft Sentinel. Refer to [Trend Micro Apex Central](https://aka.ms/sentinel-TrendMicroApex-OneCentral) for more information. \n\r\n1. **Trend Micro Apex One via AMA** - This data connector helps in ingesting Trend Micro Apex One logs into your Log Analytics Workspace using the new Azure Monitor Agent. Learn more about ingesting using the new Azure Monitor Agent [here](https://learn.microsoft.com/azure/sentinel/connect-cef-ama). **Microsoft recommends using this Data Connector**.\n\r\n2. **Trend Micro Apex One via Legacy Agent** - This data connector helps in ingesting Trend Micro Apex One logs into your Log Analytics Workspace using the legacy Log Analytics agent.\n\n**NOTE:** Microsoft recommends installation of Trend Micro Apex One via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by **Aug 31, 2024,** and thus should only be installed where AMA is not supported. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).\n\n**Data Connectors:** 2, **Parsers:** 1, **Workbooks:** 1, **Analytic Rules:** 10, **Hunting Queries:** 10\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Trend_Micro_Logo.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Trend%20Micro%20Apex%20One/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Trend Micro Apex One](https://www.trendmicro.com/business/products/user-protection/sps/endpoint.htmlhttps:/www.trendmicro.com/business/products/user-protection/sps/endpoint.html) solution for Microsoft Sentinel enables ingestion of [Trend Micro Apex One events](https://aka.ms/sentinel-TrendMicroApex-OneEvents) into Microsoft Sentinel. Refer to [Trend Micro Apex Central](https://aka.ms/sentinel-TrendMicroApex-OneCentral) for more information. \n\nThis solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.\n\n**NOTE:** Microsoft recommends installation of CEF via AMA Connector. The existing connectors are about to be deprecated by **Aug 31, 2024**.\n\n**Data Connectors:** 2, **Parsers:** 1, **Workbooks:** 1, **Analytic Rules:** 10, **Hunting Queries:** 10\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
         "subscription": {
           "resourceProviders": [
             "Microsoft.OperationsManagement/solutions",
@@ -323,7 +323,7 @@
                 "name": "huntingquery1-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Shows behavior monitoring actions taken for files. This hunting query depends on TrendMicroApexOne TrendMicroApexOneAma data connector (TMApexOneEvent TMApexOneEvent Parser or Table)"
+                  "text": "Shows behavior monitoring actions taken for files. This hunting query depends on TrendMicroApexOne TrendMicroApexOneAma CefAma data connector (TMApexOneEvent TMApexOneEvent CommonSecurityLog Parser or Table)"
                 }
               }
             ]
@@ -337,7 +337,7 @@
                 "name": "huntingquery2-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Shows behavior monitoring operations by users. This hunting query depends on TrendMicroApexOne TrendMicroApexOneAma data connector (TMApexOneEvent TMApexOneEvent Parser or Table)"
+                  "text": "Shows behavior monitoring operations by users. This hunting query depends on TrendMicroApexOne TrendMicroApexOneAma CefAma data connector (TMApexOneEvent TMApexOneEvent CommonSecurityLog Parser or Table)"
                 }
               }
             ]
@@ -351,7 +351,7 @@
                 "name": "huntingquery3-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Shows behavior monitoring triggered policy by command line. This hunting query depends on TrendMicroApexOne TrendMicroApexOneAma data connector (TMApexOneEvent TMApexOneEvent Parser or Table)"
+                  "text": "Shows behavior monitoring triggered policy by command line. This hunting query depends on TrendMicroApexOne TrendMicroApexOneAma CefAma data connector (TMApexOneEvent TMApexOneEvent CommonSecurityLog Parser or Table)"
                 }
               }
             ]
@@ -365,7 +365,7 @@
                 "name": "huntingquery4-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Shows behavior monitoring event types. This hunting query depends on TrendMicroApexOne TrendMicroApexOneAma data connector (TMApexOneEvent TMApexOneEvent Parser or Table)"
+                  "text": "Shows behavior monitoring event types. This hunting query depends on TrendMicroApexOne TrendMicroApexOneAma CefAma data connector (TMApexOneEvent TMApexOneEvent CommonSecurityLog Parser or Table)"
                 }
               }
             ]
@@ -379,7 +379,7 @@
                 "name": "huntingquery5-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Shows channel type. This hunting query depends on TrendMicroApexOne TrendMicroApexOneAma data connector (TMApexOneEvent TMApexOneEvent Parser or Table)"
+                  "text": "Shows channel type. This hunting query depends on TrendMicroApexOne TrendMicroApexOneAma CefAma data connector (TMApexOneEvent TMApexOneEvent CommonSecurityLog Parser or Table)"
                 }
               }
             ]
@@ -393,7 +393,7 @@
                 "name": "huntingquery6-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Shows data loss prevention action by IP address. This hunting query depends on TrendMicroApexOne TrendMicroApexOneAma data connector (TMApexOneEvent TMApexOneEvent Parser or Table)"
+                  "text": "Shows data loss prevention action by IP address. This hunting query depends on TrendMicroApexOne TrendMicroApexOneAma CefAma data connector (TMApexOneEvent TMApexOneEvent CommonSecurityLog Parser or Table)"
                 }
               }
             ]
@@ -407,7 +407,7 @@
                 "name": "huntingquery7-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Query searches rare application protocols by Ip address. This hunting query depends on TrendMicroApexOne TrendMicroApexOneAma data connector (TMApexOneEvent TMApexOneEvent Parser or Table)"
+                  "text": "Query searches rare application protocols by Ip address. This hunting query depends on TrendMicroApexOne TrendMicroApexOneAma CefAma data connector (TMApexOneEvent TMApexOneEvent CommonSecurityLog Parser or Table)"
                 }
               }
             ]
@@ -421,7 +421,7 @@
                 "name": "huntingquery8-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Query searches spyware detection events. This hunting query depends on TrendMicroApexOne TrendMicroApexOneAma data connector (TMApexOneEvent TMApexOneEvent Parser or Table)"
+                  "text": "Query searches spyware detection events. This hunting query depends on TrendMicroApexOne TrendMicroApexOneAma CefAma data connector (TMApexOneEvent TMApexOneEvent CommonSecurityLog Parser or Table)"
                 }
               }
             ]
@@ -435,7 +435,7 @@
                 "name": "huntingquery9-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Query searches suspicious files events. This hunting query depends on TrendMicroApexOne TrendMicroApexOneAma data connector (TMApexOneEvent TMApexOneEvent Parser or Table)"
+                  "text": "Query searches suspicious files events. This hunting query depends on TrendMicroApexOne TrendMicroApexOneAma CefAma data connector (TMApexOneEvent TMApexOneEvent CommonSecurityLog Parser or Table)"
                 }
               }
             ]
@@ -449,7 +449,7 @@
                 "name": "huntingquery10-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Query shows list of top sources with alerts. This hunting query depends on TrendMicroApexOne TrendMicroApexOneAma data connector (TMApexOneEvent TMApexOneEvent Parser or Table)"
+                  "text": "Query shows list of top sources with alerts. This hunting query depends on TrendMicroApexOne TrendMicroApexOneAma CefAma data connector (TMApexOneEvent TMApexOneEvent CommonSecurityLog Parser or Table)"
                 }
               }
             ]

Solutions/Trend Micro Apex One/Package/testParameters.json

@@ -0,0 +1,32 @@
+{
+  "location": {
+    "type": "string",
+    "minLength": 1,
+    "defaultValue": "[resourceGroup().location]",
+    "metadata": {
+      "description": "Not used, but needed to pass arm-ttk test `Location-Should-Not-Be-Hardcoded`.  We instead use the `workspace-location` which is derived from the LA workspace"
+    }
+  },
+  "workspace-location": {
+    "type": "string",
+    "defaultValue": "",
+    "metadata": {
+      "description": "[concat('Region to deploy solution resources -- separate from location selection',parameters('location'))]"
+    }
+  },
+  "workspace": {
+    "defaultValue": "",
+    "type": "string",
+    "metadata": {
+      "description": "Workspace name for Log Analytics where Microsoft Sentinel is setup"
+    }
+  },
+  "workbook1-name": {
+    "type": "string",
+    "defaultValue": "Trend Micro Apex One",
+    "minLength": 1,
+    "metadata": {
+      "description": "Name for the workbook"
+    }
+  }
+}

Solutions/Trend Micro Apex One/ReleaseNotes.md

@@ -1,4 +1,5 @@
 | **Version** | **Date Modified (DD-MM-YYYY)** | **Change History**                                                 |
 |-------------|--------------------------------|--------------------------------------------------------------------|
+| 3.0.2 	  | 12-07-2024 					   |  Deprecated **Data Connector** 									|
 | 3.0.1       | 25-10-2023                     |  **Hunting Query** column corrected                                |   
 | 3.0.0       | 22-09-2023                     |  Addition of new Trend Micro Apex One AMA **Data connector**     | 	                                                            |