Phosphorus-Data-Connector
This commit is contained in:
Heartlin Machado
Родитель
9d71014981
Коммит
ccbb1c6d9f
|
|
@ -0,0 +1,18 @@
|
|||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!-- Generator: Adobe Illustrator 26.3.1, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->
|
||||
<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
|
||||
viewBox="0 0 625.1 595.1" style="enable-background:new 0 0 625.1 595.1;" xml:space="preserve">
|
||||
<style type="text/css">
|
||||
.st0{fill:#2E6CF8;}
|
||||
</style>
|
||||
<g id="Group_5846_00000038385461218923118170000008493217337833163943_" transform="translate(0 -1)">
|
||||
<path id="Path_39756_00000114752979260757953500000006883936457412485807_" class="st0" d="M348.2,141.4h110v132.7h-110V141.4z"/>
|
||||
<g id="Group_5839_00000135654825337587275380000004631655640537965749_" transform="translate(143.441 11)">
|
||||
<path id="Path_39745_00000075160462985118770550000002971994100546168214_" class="st0" d="M2.8,175H83c11.1,0,22.3,1.1,33.2,3.4
|
||||
c10,2,19.5,5.8,28.1,11.3c8.1,5.3,14.8,12.6,19.4,21.2c5.2,10.3,7.6,21.7,7.2,33.2c0,15.1-2.6,27.2-7.7,36.4
|
||||
c-4.9,8.9-12.1,16.3-20.9,21.4c-9.4,5.3-19.8,8.8-30.5,10.3c-12,1.8-24.1,2.7-36.2,2.7H45.3v98.7H2.8V175z M70.9,278.4
|
||||
c6.1,0,12.4-0.2,18.9-0.7c6.2-0.4,12.3-1.7,18-4c5.3-2.1,10-5.6,13.5-10.1c3.8-5.5,5.6-12.2,5.2-18.9c0.3-6.2-1.3-12.4-4.7-17.7
|
||||
c-3.1-4.4-7.3-7.8-12.1-10.1c-5.2-2.4-10.8-4-16.5-4.5c-5.8-0.7-11.7-1-17.5-1H45.3v67L70.9,278.4z"/>
|
||||
</g>
|
||||
</g>
|
||||
</svg>
|
||||
|
После Ширина: | Высота: | Размер: 1.3 KiB |
|
|
@ -0,0 +1,6 @@
|
|||
"TimeGenerated [UTC]","alerts_s","device_id_g","ip_address_s","device_type_s","siteId_g","siteName_s","firmware_s","createdAt_t [UTC]","canChangePassword_b","canUpdate_b","mac_s","manufacturer_s","model_s","latestfirmware_s","metadata_mac_s","metadata_model_s","metadata_firmware_s","metadata_hostname_s","metadata_tls_tcp_443_version_s"
|
||||
"8/8/2024, 7:23:48.190 PM","[{""id"":""75d8a5ef-beba-4731-984b-a56cbfa34246"",""name"":""Discontinued Device"",""subtype"":""default"",""severity"":""low"",""last_seen"":""2024-08-08T19:19:36.813032"",""first_seen"":""2024-08-08T16:19:46.172"",""description"":""This device is discontinued as of 09/30/2021. https://www.axis.com/en-us/products/axis-q3505-v/support""},{""id"":""2274ead0-b734-44ab-bb4a-7e7aad4beeb5"",""name"":""Not Enrolled in PAM"",""subtype"":""default"",""severity"":""low"",""last_seen"":""2024-08-08T19:19:36.813032"",""first_seen"":""2024-08-08T16:19:46.172"",""description"":""This device has credentials that have not been enrolled into the PAM tool""},{""id"":""97735644-3093-456a-8dc0-05812c86fc06"",""name"":""Out of Date Firmware"",""subtype"":""default"",""severity"":""low"",""last_seen"":""2024-08-08T19:19:36.813032"",""first_seen"":""2024-08-08T16:19:46.172"",""description"":""This device has newer firmware available""},{""id"":""42759e8b-0402-4ab2-86ef-c67298e0922b"",""name"":""Vulnerable Firmware"",""subtype"":""default"",""severity"":""high"",""last_seen"":""2024-08-08T19:19:36.813032"",""first_seen"":""2024-08-08T16:19:46.172"",""description"":""This firmware is in the AXIS OS LTS 2016 Track. AXIS recommends upgrading to firmware in the same track, but it is possible to switch tracks. Please reference https://help.axis.com/axis-os#upgrade-paths before upgrading if planning to switch tracks.""}]","220653dd-3897-42a2-be8e-b4b2f5237832","192.168.97.21","IP Camera","4268b7fb-5d79-438d-8772-504976a39bd8",TrialSite,"6.50.1.3","8/8/2024, 4:19:46.201 PM",true,true,"ac:cc:8e:26:e3:fa",AXIS,Q3505,"6.50.5.8","ac:cc:8e:26:e3:fa",Q3505,"6.50.1.3","ip-192-168-97-21.us-west-1.compute.internal","TLS_1_2"
|
||||
"8/8/2024, 7:23:48.190 PM","[{""id"":""b1730897-84ef-42dc-8e82-725649e8541c"",""name"":""Not Enrolled in PAM"",""subtype"":""default"",""severity"":""low"",""last_seen"":""2024-08-08T19:19:35.05397"",""first_seen"":""2024-08-08T16:19:37.206"",""description"":""This device has credentials that have not been enrolled into the PAM tool""},{""id"":""8a088b55-6881-4be8-bcf1-733243409d2c"",""name"":""Out of Date Firmware"",""subtype"":""older-than-seven-years"",""severity"":""medium"",""last_seen"":""2024-08-08T19:19:35.05397"",""first_seen"":""2024-08-08T16:19:37.206"",""description"":""Current firmware on device is over seven years old""},{""id"":""2a0992c6-0645-4d36-b8da-18d1ebb4a8c8"",""name"":""Out of Date Firmware"",""subtype"":""default"",""severity"":""low"",""last_seen"":""2024-08-08T19:19:35.05397"",""first_seen"":""2024-08-08T16:19:37.206"",""description"":""This device has newer firmware available""},{""id"":""13459dea-b777-4907-9e68-b1dbe76ee2b5"",""name"":""Prohibited Device"",""subtype"":""default"",""severity"":""high"",""last_seen"":""2024-08-08T19:19:35.05397"",""first_seen"":""2024-08-08T16:19:37.206"",""description"":""Device prohibited by the United States Government was discovered https://www.fcc.gov/supplychain/coveredlist""},{""id"":""479c1bdb-531d-4aae-847a-f95b5f1a780f"",""name"":""Vulnerable Firmware"",""subtype"":""default"",""severity"":""medium"",""last_seen"":""2024-08-08T19:19:35.05397"",""first_seen"":""2024-08-08T16:19:37.206"",""description"":""All Hikvision firmware is unsupported due to risk of device bricking/damage caused by region lock on both device and firmware.""}]","24b49738-839c-4a10-9a43-f9331ccaa9f5","192.168.97.10","IP Camera","4268b7fb-5d79-438d-8772-504976a39bd8",TrialSite,"5.4.71","8/8/2024, 4:19:37.282 PM",true,false,"28:57:be:6d:58:67",Hikvision,"DS-2DE4220-AE","5.4.800","28:57:be:6d:58:67","DS-2DE4220-AE","5.4.71","ip-192-168-97-10.us-west-1.compute.internal",
|
||||
"8/8/2024, 7:23:48.190 PM","[{""id"":""3698e95f-8a01-4cdb-8ef1-c4f46f02b66a"",""name"":""Discontinued Device"",""subtype"":""default"",""severity"":""low"",""last_seen"":""2024-08-08T19:19:35.466734"",""first_seen"":""2024-08-08T16:19:37.514"",""description"":""This device is discontinued Support page: https://www.axis.com/products/axis-241q . Recommended replacements: P7304: https://www.axis.com/products/axis-p7304/ , Q7436: https://www.axis.com/products/axis-q7436-blade/ .""},{""id"":""5de6210f-d88c-4218-a54b-3f24d5003c2c"",""name"":""Not Enrolled in PAM"",""subtype"":""default"",""severity"":""low"",""last_seen"":""2024-08-08T19:19:35.466734"",""first_seen"":""2024-08-08T16:19:37.514"",""description"":""This device has credentials that have not been enrolled into the PAM tool""},{""id"":""a709b3d6-9bb1-4257-8c73-738c1798dfa5"",""name"":""Out of Date Firmware"",""subtype"":""older-than-seven-years"",""severity"":""medium"",""last_seen"":""2024-08-08T19:19:35.466734"",""first_seen"":""2024-08-08T16:19:37.514"",""description"":""Current firmware on device is over seven years old""},{""id"":""aeb7aa2c-cb75-4d2d-8590-e467f0ee76f3"",""name"":""Out of Date Firmware"",""subtype"":""default"",""severity"":""low"",""last_seen"":""2024-08-08T19:19:35.466734"",""first_seen"":""2024-08-08T16:19:37.514"",""description"":""This device has newer firmware available""}]","a77cd4f5-b69f-4a0c-b308-b8734143b97d","192.168.97.81","Video Server","4268b7fb-5d79-438d-8772-504976a39bd8",TrialSite,"4.47.2","8/8/2024, 4:19:37.542 PM",true,true,,AXIS,241Q,"4.47.5",,241Q,"4.47.2","ip-192-168-97-81.us-west-1.compute.internal",
|
||||
"8/8/2024, 7:23:48.190 PM","[{""id"":""545bd564-e1cd-4714-abd9-eaaa22787b56"",""name"":""Discontinued Device"",""subtype"":""default"",""severity"":""low"",""last_seen"":""2024-08-08T19:19:35.757878"",""first_seen"":""2024-08-08T16:19:49.596"",""description"":""This device is discontinued https://pro.sony/en_NO/products/minidome-cameras?discontinued=true""},{""id"":""f3cf9f40-9f91-48c9-9687-d2ca93467919"",""name"":""Not Enrolled in PAM"",""subtype"":""default"",""severity"":""low"",""last_seen"":""2024-08-08T19:19:35.757878"",""first_seen"":""2024-08-08T16:19:49.596"",""description"":""This device has credentials that have not been enrolled into the PAM tool""},{""id"":""60b77c25-5a94-429e-a1ff-328c0c79b661"",""name"":""Out of Date Firmware"",""subtype"":""older-than-seven-years"",""severity"":""medium"",""last_seen"":""2024-08-08T19:19:35.757878"",""first_seen"":""2024-08-08T16:19:49.596"",""description"":""Current firmware on device is over seven years old""},{""id"":""e5a61510-74af-4948-8b39-0139faff9707"",""name"":""Out of Date Firmware"",""subtype"":""default"",""severity"":""low"",""last_seen"":""2024-08-08T19:19:35.757878"",""first_seen"":""2024-08-08T16:19:49.596"",""description"":""This device has newer firmware available""}]","beb7612d-e5ef-4a61-b7a0-c9e076a46960","192.168.97.15","IP Camera","4268b7fb-5d79-438d-8772-504976a39bd8",TrialSite,"2.6.0","8/8/2024, 4:19:49.609 PM",true,false,,Sony,"SNC-EM601","3.2.0",,"SNC-EM601","2.6.0","ip-192-168-97-15.us-west-1.compute.internal","TLS_1_0"
|
||||
"8/8/2024, 7:23:48.190 PM","[{""id"":""49a3840e-bd27-4fbc-85ef-c46da9e6de71"",""name"":""Discontinued Device"",""subtype"":""default"",""severity"":""low"",""last_seen"":""2024-08-08T19:19:36.306106"",""first_seen"":""2024-08-08T16:19:29.245"",""description"":""This device is discontinued EOL per website listing here: https://www.dahuasecurity.com/products/All-Products/Discontinued-Products/Access-Control/AI""},{""id"":""71bd8bdb-aa85-490e-af03-ccaf099c7033"",""name"":""Not Enrolled in PAM"",""subtype"":""default"",""severity"":""low"",""last_seen"":""2024-08-08T19:19:36.306106"",""first_seen"":""2024-08-08T16:19:29.245"",""description"":""This device has credentials that have not been enrolled into the PAM tool""},{""id"":""bb2f553e-03d0-4974-b26e-95b0ff55ad2c"",""name"":""Out of Date Firmware"",""subtype"":""default"",""severity"":""low"",""last_seen"":""2024-08-08T19:19:36.306106"",""first_seen"":""2024-08-08T16:19:29.245"",""description"":""This device has newer firmware available""},{""id"":""fb1575a2-914d-43cb-b563-48ee48c42a28"",""name"":""Prohibited Device"",""subtype"":""default"",""severity"":""high"",""last_seen"":""2024-08-08T19:19:36.306106"",""first_seen"":""2024-08-08T16:19:29.245"",""description"":""Device prohibited by the United States Government was discovered https://www.fcc.gov/supplychain/coveredlist""}]","d8dfe693-de2c-4656-a191-0bfba8087834","192.168.97.66","Access Control","4268b7fb-5d79-438d-8772-504976a39bd8",TrialSite,"1.0.0.0","8/8/2024, 4:19:29.271 PM",true,true,,Dahua,"ASI7213X-T1","1.000.0000009.0",,"ASI7213X-T1","1.0.0.0","ip-192-168-97-66.us-west-1.compute.internal",
|
||||
|
|
|
@ -0,0 +1,144 @@
|
|||
{
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "1.0.0.0",
|
||||
"parameters": {
|
||||
"workspace": {
|
||||
"type": "string",
|
||||
"defaultValue": ""
|
||||
}
|
||||
},
|
||||
"resources": [
|
||||
{
|
||||
"id": "[concat('/subscriptions/',subscription().subscriptionId,'/resourceGroups/',resourceGroup().name,'/providers/Microsoft.OperationalInsights/workspaces/',parameters('workspace'),'/providers/Microsoft.SecurityInsights/dataConnectors/',guid(subscription().subscriptionId))]",
|
||||
"name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',guid(subscription().subscriptionId))]",
|
||||
"apiVersion": "2022-12-01-preview",
|
||||
"type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
|
||||
"kind": "APIPolling",
|
||||
"properties": {
|
||||
"connectorUiConfig": {
|
||||
"title": "Phosphorus Devices",
|
||||
"id":"Phosphorus_Polling",
|
||||
"publisher": "Phosphorus Inc.",
|
||||
"descriptionMarkdown": "The Phosphorus Device Connector provides the capability to Phosphorus to ingest device data logs into Microsoft Sentinel through the Phosphorus REST API. The Connector provides visibility into the devices enrolled in Phosphorus",
|
||||
"graphQueriesTableName": "Phosphorus_CL",
|
||||
"graphQueries": [
|
||||
{
|
||||
"metricName": "Total events received",
|
||||
"legend": "Phosphorus Audit events",
|
||||
"baseQuery": "Phosphorus_CL"
|
||||
}
|
||||
],
|
||||
"dataTypes": [
|
||||
{
|
||||
"name": "Phosphorus_CL",
|
||||
"lastDataReceivedQuery": "Phosphorus_CL \n | summarize Time = max(TimeGenerated)\n| where isnotempty(Time)"
|
||||
}
|
||||
],
|
||||
"connectivityCriteria": [
|
||||
{
|
||||
"type": "SentinelKindsV2",
|
||||
"value": [
|
||||
"APIPolling"
|
||||
]
|
||||
}
|
||||
],
|
||||
"availability": {
|
||||
"status": 1,
|
||||
"isPreview": false
|
||||
},
|
||||
"permissions": {
|
||||
"resourceProvider": [
|
||||
{
|
||||
"provider": "Microsoft.OperationalInsights/workspaces",
|
||||
"permissionsDisplayText": "read and write permissions are required.",
|
||||
"providerDisplayName": "Workspace",
|
||||
"scope": "Workspace",
|
||||
"requiredPermissions": {
|
||||
"action": true,
|
||||
"write": true,
|
||||
"read": true,
|
||||
"delete": true
|
||||
}
|
||||
}
|
||||
],
|
||||
"customs": [
|
||||
{
|
||||
"name": "REST API Credentials/permissions",
|
||||
"description": "**Phosphorus API Key** is required. Please make sure that the API Key associated with the User has the Manage Settings permisisons enabled."
|
||||
}
|
||||
]
|
||||
},
|
||||
"instructionSteps": [
|
||||
{
|
||||
"description": "**STEP 1 - Configuration steps for the Phosphorus API**\n\n Follow these instructions to create a Phosphorus API key.\n 1. Log into your Phosphorus instance\n 2. Navigate to Settings -> API \n 3. If the API key has not already been created, press the **Add button** to create the API key\n 4. The API key can now be copied and used during the Phosphorus Device connector configuration"
|
||||
},
|
||||
{
|
||||
"title": "Connect the Phosphorus Application with Microsoft Sentinel",
|
||||
"description": "**STEP 2 - Fill in the details below**\n\n>**IMPORTANT:** Before deploying the Phosphorus Device data connector, have the Phosphorus Instance Domain Name readily available as well as the Phosphorus API Key(s)",
|
||||
"instructions": [
|
||||
{
|
||||
"parameters": {
|
||||
"enable": "true",
|
||||
"userRequestPlaceHoldersInput": [
|
||||
{
|
||||
"displayText": "Domain Name",
|
||||
"requestObjectKey": "apiEndpoint",
|
||||
"placeHolderName": "{{urlPlaceHolder}}",
|
||||
"placeHolderValue": ""
|
||||
},
|
||||
{
|
||||
"displayText": "Integration Name",
|
||||
"requestObjectKey": "apiEndpoint",
|
||||
"placeHolderName": "{{integrationName}}",
|
||||
"placeHolderValue": ""
|
||||
}
|
||||
]
|
||||
},
|
||||
"type": "APIKey"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"sampleQueries": [
|
||||
{
|
||||
"description": "List all Phosphorus Device Logs",
|
||||
"query": "Phosphorus_CL \n | sort by TimeGenerated desc"
|
||||
}
|
||||
]
|
||||
},
|
||||
"pollingConfig": {
|
||||
"auth": {
|
||||
"authType": "APIKey",
|
||||
"apiKeyName": "X-API-KEY"
|
||||
},
|
||||
"request": {
|
||||
"apiEndpoint": "https://{{urlPlaceHolder}}/api/v2/integrations/{{integrationName}}/sentinel/getlogs",
|
||||
"headers": {
|
||||
"accept": "application/json"
|
||||
},
|
||||
"rateLimitQPS": 10,
|
||||
"queryWindowInMin": 3,
|
||||
"httpMethod": "GET",
|
||||
"retryCount": 3,
|
||||
"timeoutInSeconds": 100,
|
||||
"queryParameters": {
|
||||
"limit": 100,
|
||||
"offset": 0
|
||||
}
|
||||
},
|
||||
"paging": {
|
||||
"pagingType": "NextPageToken",
|
||||
"nextPageParaName": "page",
|
||||
"nextPageTokenJsonPath": "$.page"
|
||||
},
|
||||
"response": {
|
||||
"eventsJsonPaths": [ "$..devices" ],
|
||||
"successStatusJsonPath": "$.status",
|
||||
"successStatusValue": "ok",
|
||||
"format": "json"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
|
|
@ -0,0 +1,15 @@
|
|||
# Phosphorus Solution for Azure Sentinel
|
||||
This repository contains all resources for the Phosphorus Azure Sentinel Solution.
|
||||
The Phosphorus Solution is built in order to easily integrate Phosphorus with Azure Sentinel.
|
||||
|
||||
By deploying this solution, you'll be able to ingest device data from Phosphorus into Microsoft Sentinel
|
||||
|
||||
The solution consists out of the following resources:
|
||||
- A codeless API connector to ingest data into Sentinel.
|
||||
|
||||
## Data Connector Deployment
|
||||
The data connector will retrieve the Phosphorus device data through the Phosphorus REST API.
|
||||
|
||||
This is a codeless API connector. After the deployment of the ARM template, the connector will be available in the Data Connectors list to connect.
|
||||
|
||||
Input the Phosphorus Instance Domain name, Integration Name, API key , click Connect button and Microsoft Sentinel will start to pull in device data.
|
||||
Загрузка…
Ссылка в новой задаче