Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Update Neustar package and Logo

This commit is contained in:
Anki Narravula 2022-09-27 15:38:53 +05:30
Родитель 993c2db856
Коммит dad535c0ff
7 изменённых файлов: 683 добавлений и 6 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

24
Logos/NeustarLogo.svg Normal file
Просмотреть файл

@ -0,0 +1,24 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
<svg xmlns="http://www.w3.org/2000/svg" version="1.1" width="400px" height="400px" style="shape-rendering:geometricPrecision; text-rendering:geometricPrecision; image-rendering:optimizeQuality; fill-rule:evenodd; clip-rule:evenodd" xmlns:xlink="http://www.w3.org/1999/xlink">
<g><path fill="#008654" d="M -0.5,-0.5 C 132.833,-0.5 266.167,-0.5 399.5,-0.5C 399.5,132.833 399.5,266.167 399.5,399.5C 266.167,399.5 132.833,399.5 -0.5,399.5C -0.5,266.167 -0.5,132.833 -0.5,-0.5 Z"/></g>
<g><path fill="#f9fcfb" d="M 256.5,168.5 C 258.436,172.715 259.103,177.381 258.5,182.5C 262.833,182.5 267.167,182.5 271.5,182.5C 271.5,185.833 271.5,189.167 271.5,192.5C 267.167,192.5 262.833,192.5 258.5,192.5C 258.334,200.174 258.5,207.841 259,215.5C 259.5,216 260,216.5 260.5,217C 264.486,217.499 268.486,217.666 272.5,217.5C 272.5,220.833 272.5,224.167 272.5,227.5C 265.785,228.996 259.119,228.83 252.5,227C 249.533,224.9 247.7,222.066 247,218.5C 246.333,204.5 246.333,190.5 247,176.5C 250.358,173.969 253.524,171.302 256.5,168.5 Z"/></g>
<g><path fill="#86c6ae" d="M 330.5,177.5 C 334.298,176.517 338.298,176.183 342.5,176.5C 342.205,178.735 342.539,180.735 343.5,182.5C 343.44,183.043 343.107,183.376 342.5,183.5C 341.534,181.604 341.201,179.604 341.5,177.5C 338.167,177.5 334.833,177.5 331.5,177.5C 331.167,177.5 330.833,177.5 330.5,177.5 Z"/></g>
<g><path fill="#fbfdfd" d="M 82.5,189.5 C 82.5,202.167 82.5,214.833 82.5,227.5C 78.8333,227.5 75.1667,227.5 71.5,227.5C 71.8281,215.988 71.4948,204.654 70.5,193.5C 70.607,191.097 69.607,189.264 67.5,188C 58.7607,185.414 53.5941,188.581 52,197.5C 51.5002,207.828 51.3335,218.161 51.5,228.5C 47.5,228.5 43.5,228.5 39.5,228.5C 39.5,211.5 39.5,194.5 39.5,177.5C 43.1667,177.5 46.8333,177.5 50.5,177.5C 49.8131,183.599 51.1465,184.099 54.5,179C 63.3146,173.79 71.4812,174.623 79,181.5C 81.2342,183.704 82.4009,186.37 82.5,189.5 Z"/></g>
<g><path fill="#fbfdfc" d="M 156.5,177.5 C 156.333,188.838 156.5,200.172 157,211.5C 159.528,218.181 164.028,220.014 170.5,217C 172.726,215.773 174.226,213.939 175,211.5C 176.409,200.23 176.909,188.896 176.5,177.5C 180.167,177.5 183.833,177.5 187.5,177.5C 187.5,192.833 187.5,208.167 187.5,223.5C 184.545,226.116 181.545,228.782 178.5,231.5C 177.679,228.553 177.179,225.553 177,222.5C 167.292,231.826 157.626,231.826 148,222.5C 146.589,220.35 145.755,218.016 145.5,215.5C 145.5,202.833 145.5,190.167 145.5,177.5C 149.167,177.5 152.833,177.5 156.5,177.5 Z"/></g>
<g><path fill="#f7fbfa" d="M 213.5,175.5 C 222.856,174.496 230.856,177.163 237.5,183.5C 235.249,186.295 232.582,188.628 229.5,190.5C 222.802,184.467 215.969,184.134 209,189.5C 208.08,192.308 208.913,194.475 211.5,196C 218.587,196.855 225.587,198.188 232.5,200C 239.564,205.259 241.397,212.092 238,220.5C 228.344,229.793 217.177,231.96 204.5,227C 200.59,225.093 197.256,222.427 194.5,219C 196.983,216.594 199.65,214.427 202.5,212.5C 210.189,220.524 218.689,221.524 228,215.5C 228.896,212.975 228.396,210.808 226.5,209C 220.245,207.593 213.912,206.593 207.5,206C 198.397,201.365 195.564,194.199 199,184.5C 203.015,179.946 207.848,176.946 213.5,175.5 Z"/></g>
<g><path fill="#fcfdfd" d="M 343.5,199.5 C 342.506,208.652 342.173,217.985 342.5,227.5C 338.833,227.5 335.167,227.5 331.5,227.5C 331.5,210.833 331.5,194.167 331.5,177.5C 334.833,177.5 338.167,177.5 341.5,177.5C 341.201,179.604 341.534,181.604 342.5,183.5C 343.107,183.376 343.44,183.043 343.5,182.5C 347.91,177.361 353.577,175.361 360.5,176.5C 360.5,180.167 360.5,183.833 360.5,187.5C 350.901,186.116 345.235,190.116 343.5,199.5 Z"/></g>
<g><path fill="#f7fbfa" d="M 108.5,175.5 C 121.672,174.001 130.839,179.335 136,191.5C 136.499,196.489 136.666,201.489 136.5,206.5C 125.167,206.5 113.833,206.5 102.5,206.5C 103.19,217.35 108.856,221.517 119.5,219C 123.63,213.797 128.963,212.297 135.5,214.5C 130.363,226.18 121.363,231.013 108.5,229C 99.3598,226.526 93.5264,220.693 91,211.5C 88.0699,199.306 90.9032,188.806 99.5,180C 102.592,178.454 105.592,176.954 108.5,175.5 Z"/></g>
<g><path fill="#f8fbfa" d="M 321.5,191.5 C 321.5,203.5 321.5,215.5 321.5,227.5C 317.833,227.5 314.167,227.5 310.5,227.5C 310.768,225.901 310.434,224.568 309.5,223.5C 299.459,231.688 289.626,231.355 280,222.5C 275.229,211.214 278.396,203.047 289.5,198C 296.177,197.547 302.844,197.047 309.5,196.5C 310.308,186.166 305.641,182.666 295.5,186C 293.531,187.5 292.198,189.333 291.5,191.5C 287.351,192.08 283.684,191.414 280.5,189.5C 283.667,179.81 290.5,175.143 301,175.5C 306.511,175.781 311.678,177.281 316.5,180C 319.812,183.099 321.479,186.933 321.5,191.5 Z"/></g>
<g><path fill="#b9e1d3" d="M 156.5,177.5 C 152.833,177.5 149.167,177.5 145.5,177.5C 145.5,190.167 145.5,202.833 145.5,215.5C 144.505,202.677 144.171,189.677 144.5,176.5C 148.702,176.183 152.702,176.517 156.5,177.5 Z"/></g>
<g><path fill="#c0e1d4" d="M 176.5,177.5 C 180.298,176.517 184.298,176.183 188.5,176.5C 188.83,192.342 188.496,208.009 187.5,223.5C 187.5,208.167 187.5,192.833 187.5,177.5C 183.833,177.5 180.167,177.5 176.5,177.5 Z"/></g>
<g><path fill="#b6ddce" d="M 330.5,177.5 C 330.833,177.5 331.167,177.5 331.5,177.5C 331.5,194.167 331.5,210.833 331.5,227.5C 335.167,227.5 338.833,227.5 342.5,227.5C 342.173,217.985 342.506,208.652 343.5,199.5C 343.5,209.167 343.5,218.833 343.5,228.5C 339.167,228.5 334.833,228.5 330.5,228.5C 330.5,211.5 330.5,194.5 330.5,177.5 Z"/></g>
<g><path fill="#0c8758" d="M 109.5,185.5 C 119.127,184.11 124.127,188.11 124.5,197.5C 117.167,197.5 109.833,197.5 102.5,197.5C 102.34,192.004 104.673,188.004 109.5,185.5 Z"/></g>
<g><path fill="#aad5c4" d="M 280.5,189.5 C 283.684,191.414 287.351,192.08 291.5,191.5C 287.702,192.483 283.702,192.817 279.5,192.5C 279.263,191.209 279.596,190.209 280.5,189.5 Z"/></g>
<g><path fill="#9dd3be" d="M 82.5,189.5 C 83.4955,202.323 83.8288,215.323 83.5,228.5C 79.1667,228.5 74.8333,228.5 70.5,228.5C 70.5,216.833 70.5,205.167 70.5,193.5C 71.4948,204.654 71.8281,215.988 71.5,227.5C 75.1667,227.5 78.8333,227.5 82.5,227.5C 82.5,214.833 82.5,202.167 82.5,189.5 Z"/></g>
<g><path fill="#92cdb8" d="M 321.5,191.5 C 322.495,203.655 322.829,215.989 322.5,228.5C 318.167,228.5 313.833,228.5 309.5,228.5C 309.5,226.833 309.5,225.167 309.5,223.5C 310.434,224.568 310.768,225.901 310.5,227.5C 314.167,227.5 317.833,227.5 321.5,227.5C 321.5,215.5 321.5,203.5 321.5,191.5 Z"/></g>
<g><path fill="#0e8758" d="M 303.5,205.5 C 305.5,205.5 307.5,205.5 309.5,205.5C 310.185,214.15 306.185,218.817 297.5,219.5C 291.231,219.624 288.731,216.624 290,210.5C 291.214,208.951 292.714,207.785 294.5,207C 297.695,206.819 300.695,206.319 303.5,205.5 Z"/></g>
<g><path fill="#b5e1cf" d="M 359.5,225.5 C 359.88,223.302 359.213,221.635 357.5,220.5C 355.362,219.192 353.362,219.525 351.5,221.5C 351.414,220.504 351.748,219.671 352.5,219C 358.817,217.487 361.15,219.654 359.5,225.5 Z"/></g>
<g><path fill="#52a885" d="M 357.5,220.5 C 359.213,221.635 359.88,223.302 359.5,225.5C 356.887,229.501 354.054,229.501 351,225.5C 350.235,223.934 350.402,222.601 351.5,221.5C 353.362,219.525 355.362,219.192 357.5,220.5 Z"/></g>
<g><path fill="#b2decd" d="M 357.5,220.5 C 357.66,222.199 357.494,223.866 357,225.5C 354.175,224.416 354.008,223.249 356.5,222C 354.068,220.913 354.402,220.413 357.5,220.5 Z"/></g>
</svg>
Режим "рядом"

После

Ширина:  |  Высота:  |  Размер: 7.2 KiB

Двоичные данные
Solutions/Neustar IP GeoPoint/Package/2.0.0.zip Normal file
Просмотреть файл

Двоичный файл не отображается.

89
Solutions/Neustar IP GeoPoint/Package/createUiDefinition.json Normal file
Просмотреть файл

@ -0,0 +1,89 @@
{
"$schema": "https://schema.management.azure.com/schemas/0.1.2-preview/CreateUIDefinition.MultiVm.json#",
"handler": "Microsoft.Azure.CreateUIDef",
"version": "0.1.2-preview",
"parameters": {
"config": {
"isWizard": false,
"basics": {
"description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/Neustar%20IP%20GeoPoint/Playbooks/NeustarLogo.jpeg\" width=\"75px\" height=\"75px\">\n\n**Note:** _There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing._\n\nThe [Neustar IP GeoPoint](https://www.home.neustar/fraud-solutions/ip-geopoint) Solution for Microsoft Sentinel contains playbook to allows you to easily lookup for IP address to enrich Microsoft Sentinel's incident and to help auto remediation scenarios\n\n**Playbooks:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
"subscription": {
"resourceProviders": [
"Microsoft.OperationsManagement/solutions",
"Microsoft.OperationalInsights/workspaces/providers/alertRules",
"Microsoft.Insights/workbooks",
"Microsoft.Logic/workflows"
]
},
"location": {
"metadata": {
"hidden": "Hiding location, we get it from the log analytics workspace"
},
"visible": false
},
"resourceGroup": {
"allowExisting": true
}
}
},
"basics": [
{
"name": "getLAWorkspace",
"type": "Microsoft.Solutions.ArmApiControl",
"toolTip": "This filters by workspaces that exist in the Resource Group selected",
"condition": "[greater(length(resourceGroup().name),0)]",
"request": {
"method": "GET",
"path": "[concat(subscription().id,'/providers/Microsoft.OperationalInsights/workspaces?api-version=2020-08-01')]"
}
},
{
"name": "workspace",
"type": "Microsoft.Common.DropDown",
"label": "Workspace",
"placeholder": "Select a workspace",
"toolTip": "This dropdown will list only workspace that exists in the Resource Group selected",
"constraints": {
"allowedValues": "[map(filter(basics('getLAWorkspace').value, (filter) => contains(toLower(filter.id), toLower(resourceGroup().name))), (item) => parse(concat('{\"label\":\"', item.name, '\",\"value\":\"', item.name, '\"}')))]",
"required": true
},
"visible": true
}
],
"steps": [
{
"name": "playbooks",
"label": "Playbooks",
"subLabel": {
"preValidation": "Configure the playbooks",
"postValidation": "Done"
},
"bladeTitle": "Playbooks",
"elements": [
{
"name": "playbooks-text",
"type": "Microsoft.Common.TextBlock",
"options": {
"text": "This solution installs the Playbook templates to help implement your Security Orchestration, Automation and Response (SOAR) operations. After installing the solution, these will be deployed under Playbook Templates in the Automation blade in Microsoft Sentinel. They can be configured and managed from the Manage solution view in Content Hub."
}
},
{
"name": "playbooks-link",
"type": "Microsoft.Common.TextBlock",
"options": {
"link": {
"label": "Learn more",
"uri": "https://docs.microsoft.com/azure/sentinel/tutorial-respond-threats-playbook?WT.mc_id=Portal-Microsoft_Azure_CreateUIDef"
}
}
}
]
}
],
"outputs": {
"workspace-location": "[first(map(filter(basics('getLAWorkspace').value, (filter) => and(contains(toLower(filter.id), toLower(resourceGroup().name)),equals(filter.name,basics('workspace')))), (item) => item.location))]",
"location": "[location()]",
"workspace": "[basics('workspace')]"
}
}
}

534
Solutions/Neustar IP GeoPoint/Package/mainTemplate.json Normal file
Просмотреть файл

@ -0,0 +1,534 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"metadata": {
"author": "Microsoft - support@microsoft.com",
"comments": "Solution template for Neustar IP GeoPoint"
},
"parameters": {
"location": {
"type": "string",
"minLength": 1,
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Not used, but needed to pass arm-ttk test `Location-Should-Not-Be-Hardcoded`. We instead use the `workspace-location` which is derived from the LA workspace"
}
},
"workspace-location": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "[concat('Region to deploy solution resources -- separate from location selection',parameters('location'))]"
}
},
"workspace": {
"defaultValue": "",
"type": "string",
"metadata": {
"description": "Workspace name for Log Analytics where Microsoft Sentinel is setup"
}
}
},
"variables": {
"solutionId": "azuresentinel.azure-sentinel-solution-neustaripgeopoint",
"_solutionId": "[variables('solutionId')]",
"email": "support@microsoft.com",
"_email": "[variables('email')]",
"Neustar-GetIPGeoInfo": "Neustar-GetIPGeoInfo",
"_Neustar-GetIPGeoInfo": "[variables('Neustar-GetIPGeoInfo')]",
"playbookVersion1": "1.0",
"playbookContentId1": "Neustar-GetIPGeoInfo",
"_playbookContentId1": "[variables('playbookContentId1')]",
"playbookId1": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId1'))]",
"playbookTemplateSpecName1": "[concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId1')))]",
"workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]",
"blanks": "[replace('b', 'b', '')]"
},
"resources": [
{
"type": "Microsoft.Resources/templateSpecs",
"apiVersion": "2021-05-01",
"name": "[variables('playbookTemplateSpecName1')]",
"location": "[parameters('workspace-location')]",
"tags": {
"hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
"hidden-sentinelContentType": "Playbook"
},
"properties": {
"description": "EnrichIP-GetIPGeoInfo-Neustar playbook",
"displayName": "EnrichIP-GetIPGeoInfo-Neustar playbook"
}
},
{
"type": "Microsoft.Resources/templateSpecs/versions",
"apiVersion": "2021-05-01",
"name": "[concat(variables('playbookTemplateSpecName1'),'/',variables('playbookVersion1'))]",
"location": "[parameters('workspace-location')]",
"tags": {
"hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
"hidden-sentinelContentType": "Playbook"
},
"dependsOn": [
"[resourceId('Microsoft.Resources/templateSpecs', variables('playbookTemplateSpecName1'))]"
],
"properties": {
"description": "EnrichIP-GetIPGeoInfo-Neustar Playbook with template version 2.0.0",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('playbookVersion1')]",
"parameters": {
"PlaybookName": {
"defaultValue": "EnrichIP-GetIPGeoInfo-Neustar",
"type": "string"
},
"FunctionAppName": {
"defaultValue": "neuipgp",
"type": "string"
}
},
"variables": {
"functionAppName": "[[concat(parameters('FunctionAppName'), uniqueString(resourceGroup().id))]",
"MicrosoftSentinelConnectionName": "[[concat('MicrosoftSentinel-', parameters('PlaybookName'))]",
"NeustarIPGeoPointFuntionAppId": "[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/sites/', variables('functionAppName'))]",
"connection-2": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Azuresentinel')]",
"_connection-2": "[[variables('connection-2')]",
"workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]",
"workspace-name": "[parameters('workspace')]",
"workspaceResourceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]"
},
"resources": [
{
"properties": {
"provisioningState": "Succeeded",
"state": "Enabled",
"definition": {
"$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"$connections": {
"type": "Object"
}
},
"triggers": {
"Microsoft_Sentinel_incident": {
"type": "ApiConnectionWebhook",
"inputs": {
"body": {
"callback_url": "@{listCallbackUrl()}"
},
"host": {
"connection": {
"name": "@parameters('$connections')['azuresentinel']['connectionId']"
}
},
"path": "/incident-creation"
}
}
},
"actions": {
"Add_comment_to_incident_(V3)": {
"runAfter": {
"Create_HTML_table": [
"Succeeded"
]
},
"type": "ApiConnection",
"inputs": {
"body": {
"incidentArmId": "@triggerBody()?['object']?['id']",
"message": "<p>@{body('Create_HTML_table')}</p>"
},
"host": {
"connection": {
"name": "@parameters('$connections')['azuresentinel']['connectionId']"
}
},
"method": "post",
"path": "/Incidents/Comment"
}
},
"Create_HTML_table": {
"runAfter": {
"For_each_IP_Address": [
"Succeeded"
]
},
"type": "Table",
"inputs": {
"format": "HTML",
"from": "@variables('GeoData')"
}
},
"Entities_-_Get_IPs": {
"type": "ApiConnection",
"inputs": {
"body": "@triggerBody()?['object']?['properties']?['relatedEntities']",
"host": {
"connection": {
"name": "@parameters('$connections')['azuresentinel']['connectionId']"
}
},
"method": "post",
"path": "/entities/ip"
}
},
"For_each_IP_Address": {
"foreach": "@body('Entities_-_Get_IPs')?['IPs']",
"actions": {
"Append_to_GeoData_Array": {
"runAfter": {
"Compose": [
"Succeeded"
]
},
"type": "AppendToArrayVariable",
"inputs": {
"name": "GeoData",
"value": "@outputs('Compose')"
}
},
"Compose": {
"runAfter": {
"Parse_Geo_Info_JSON": [
"Succeeded"
]
},
"type": "Compose",
"inputs": {
"City": "@body('Parse_Geo_Info_JSON')?['ipinfo']?['Location']?['CityData']?['city']",
"Country": "@body('Parse_Geo_Info_JSON')?['ipinfo']?['Location']?['CountryData']?['country']",
"IPAddress": "@items('For_each_IP_Address')?['Address']",
"IPRoutingType": "@body('Parse_Geo_Info_JSON')?['ipinfo']?['Network']?['ip_routing_type']",
"Orgnization": "@body('Parse_Geo_Info_JSON')?['ipinfo']?['Network']?['organization']",
"PostalCode": "@body('Parse_Geo_Info_JSON')?['ipinfo']?['Location']?['CityData']?['postal_code']",
"State": "@body('Parse_Geo_Info_JSON')?['ipinfo']?['Location']?['StateData']?['state']"
}
},
"GetIPGeoInfo": {
"type": "Function",
"inputs": {
"function": {
"id": "[[concat(variables('NeustarIPGeoPointFuntionAppId'), '/functions/GetIPGeoInfo')]"
},
"method": "GET",
"queries": {
"IPAddress": "@items('For_each_IP_Address')?['Address']"
},
"retryPolicy": {
"type": "none"
}
}
},
"Parse_Geo_Info_JSON": {
"runAfter": {
"GetIPGeoInfo": [
"Succeeded"
]
},
"type": "ParseJson",
"inputs": {
"content": "@body('GetIPGeoInfo')",
"schema": {
"properties": {
"ipinfo": {
"properties": {
"Location": {
"properties": {
"CityData": {
"properties": {
"city": {
"type": [
"string",
"null"
]
},
"postal_code": {
"type": [
"string",
"null"
]
}
},
"type": "object"
},
"CountryData": {
"properties": {
"country": {
"type": [
"string",
"null"
]
}
},
"type": [
"object",
"null"
]
},
"StateData": {
"properties": {
"state": {
"type": [
"string",
"null"
]
}
},
"type": [
"object",
"null"
]
}
},
"type": [
"object",
"null"
]
},
"Network": {
"properties": {
"ip_routing_type": {
"type": [
"string",
"null"
]
},
"organization": {
"type": [
"string",
"null"
]
}
},
"type": [
"object",
"null"
]
},
"ip_address": {
"type": [
"string",
"null"
]
},
"ip_type": {
"type": [
"string",
"null"
]
}
},
"type": [
"object",
"null"
]
}
},
"type": [
"object",
"null"
]
}
}
},
"Sleep_for_2_seconds_to_avoid_throttling_": {
"runAfter": {
"Append_to_GeoData_Array": [
"Succeeded"
]
},
"type": "Wait",
"inputs": {
"interval": {
"count": 2,
"unit": "Second"
}
}
}
},
"runAfter": {
"Initialize_Array_-_GeoData": [
"Succeeded"
]
},
"type": "Foreach",
"runtimeConfiguration": {
"concurrency": {
"repetitions": 1
}
}
},
"Initialize_Array_-_GeoData": {
"runAfter": {
"Entities_-_Get_IPs": [
"Succeeded"
]
},
"type": "InitializeVariable",
"inputs": {
"variables": [
{
"name": "GeoData",
"type": "array"
}
]
}
}
}
},
"parameters": {
"$connections": {
"value": {
"azuresentinel": {
"connectionId": "[[resourceId('Microsoft.Web/connections', variables('MicrosoftSentinelConnectionName'))]",
"connectionName": "[[variables('MicrosoftSentinelConnectionName')]",
"id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Azuresentinel')]",
"connectionProperties": {
"authentication": {
"type": "ManagedServiceIdentity"
}
}
}
}
}
}
},
"name": "[[parameters('PlaybookName')]",
"type": "Microsoft.Logic/workflows",
"location": "[[variables('workspace-location-inline')]",
"identity": {
"type": "SystemAssigned"
},
"tags": {
"hidden-SentinelTemplateName": "Neustar-GetIPGeoInfo",
"hidden-SentinelTemplateVersion": "1.0",
"hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
},
"apiVersion": "2019-05-01",
"dependsOn": [
"[[resourceId('Microsoft.Web/connections', variables('MicrosoftSentinelConnectionName'))]"
]
},
{
"type": "Microsoft.Web/connections",
"apiVersion": "2016-06-01",
"name": "[[variables('MicrosoftSentinelConnectionName')]",
"location": "[[variables('workspace-location-inline')]",
"kind": "V1",
"properties": {
"displayName": "[[variables('MicrosoftSentinelConnectionName')]",
"parameterValueType": "Alternative",
"api": {
"id": "[[variables('_connection-2')]"
}
}
},
{
"type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
"apiVersion": "2022-01-01-preview",
"name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId1'),'/'))))]",
"properties": {
"parentId": "[variables('playbookId1')]",
"contentId": "[variables('_playbookContentId1')]",
"kind": "Playbook",
"version": "[variables('playbookVersion1')]",
"source": {
"kind": "Solution",
"name": "Neustar IP GeoPoint",
"sourceId": "[variables('_solutionId')]"
},
"author": {
"name": "Microsoft",
"email": "[variables('_email')]"
},
"support": {
"name": "Microsoft Corporation",
"email": "support@microsoft.com",
"tier": "Microsoft",
"link": "https://support.microsoft.com"
}
}
}
],
"metadata": {
"title": "EnrichIP-GetIPGeoInfo-Neustar",
"description": "When a new sentinel incident is created, this playbook gets triggered and performs the following actions: \n 1. Gets IP Addresses from incident. \n 2. Gets Geographical location information from Neustart IP GeoPoint API. \n 3. Summarize the details and add as a comment to the incident.",
"prerequisites": [
"1. Prior to the deployment of this playbook, Neustar IP GeoPoint API Function App Connector needs to be deployed under the same subscription. \n Use https://aka.ms/sentinel-neustar-functionapp-connector to deploy (for public cloud) \n Use https://aka.ms/sentinel-neustar-functionapp-connector-gov to deploy (for FFX env)",
"2. Refer to Neustar IP GeoPoint API Function App Connector documentation to obtain Neustar IP GeoPoint API Key and Shared Secret."
],
"postDeployment": [
"None"
],
"lastUpdateTime": "2022-08-29T05:32:46Z",
"entities": [
"IP"
],
"tags": [
"Neustar",
"GeoPoint",
"Enrichment"
],
"releaseNotes": {
"version": "1.0",
"title": "[variables('blanks')]",
"notes": [
"Initial version"
]
}
}
}
}
},
{
"type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
"apiVersion": "2022-01-01-preview",
"location": "[parameters('workspace-location')]",
"properties": {
"version": "2.0.0",
"kind": "Solution",
"contentSchemaVersion": "2.0.0",
"contentId": "[variables('_solutionId')]",
"parentId": "[variables('_solutionId')]",
"source": {
"kind": "Solution",
"name": "Neustar IP GeoPoint",
"sourceId": "[variables('_solutionId')]"
},
"author": {
"name": "Microsoft",
"email": "[variables('_email')]"
},
"support": {
"name": "Microsoft Corporation",
"email": "support@microsoft.com",
"tier": "Microsoft",
"link": "https://support.microsoft.com"
},
"dependencies": {
"operator": "AND",
"criteria": [
{
"kind": "Playbook",
"contentId": "[variables('_Neustar-GetIPGeoInfo')]",
"version": "[variables('playbookVersion1')]"
}
]
},
"firstPublishDate": "2022-09-30",
"lastPublishDate": "2022-09-30",
"providers": [
"Neustar"
],
"categories": {
"domains": [
"Security – Automation (SOAR)",
"Security – Others"
]
}
},
"name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/', variables('_solutionId'))]"
}
],
"outputs": {}
}

12
Solutions/Neustar IP GeoPoint/Playbooks/Neustar-GetIPGeoInfo/azuredeploy.json
Просмотреть файл

@ -2,11 +2,11 @@
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"metadata": {
"title": "Neustar-GetIPGeoInfo",
"title": "EnrichIP-GetIPGeoInfo-Neustar",
"description": "When a new sentinel incident is created, this playbook gets triggered and performs the following actions: \n 1. Gets IP Addresses from incident. \n 2. Gets Geographical location information from Neustart IP GeoPoint API. \n 3. Summarize the details and add as a comment to the incident.",
"prerequisites":
"1. Prior to the deployment of this playbook, Neustar IP GeoPoint API Function App Connector needs to be deployed under the same subscription. \n 2. Refer to Neustar IP GeoPoint API Function App Connector documentation to obtain Neustar IP GeoPoint API Key and Shared Secret.",
"postDeployment": [
"prerequisites": ["1. Prior to the deployment of this playbook, Neustar IP GeoPoint API Function App Connector needs to be deployed under the same subscription. \n Use https://aka.ms/sentinel-neustar-functionapp-connector to deploy (for public cloud) \n Use https://aka.ms/sentinel-neustar-functionapp-connector-gov to deploy (for FFX env)",
"2. Refer to Neustar IP GeoPoint API Function App Connector documentation to obtain Neustar IP GeoPoint API Key and Shared Secret."],
"postDeployment": ["None"
],
"prerequisitesDeployTemplateFile": "../NeustarIPGeoPoint_FunctionAppConnector/azuredeploy.json",
"lastUpdateTime": "2022-08-29T05:32:46Z",
@ -27,7 +27,7 @@
},
"parameters": {
"PlaybookName": {
"defaultValue": "Neustar-GetIPGeoInfo",
"defaultValue": "EnrichIP-GetIPGeoInfo-Neustar",
"type": "string"
},
"FunctionAppName": {
@ -351,7 +351,7 @@
"hidden-SentinelTemplateName": "Neustar-GetIPGeoInfo",
"hidden-SentinelTemplateVersion": "1.0"
},
"apiVersion": "2017-07-01",
"apiVersion": "2019-05-01",
"dependsOn": [
"[resourceId('Microsoft.Web/connections', variables('MicrosoftSentinelConnectionName'))]"
]

16
Solutions/Neustar IP GeoPoint/SolutionMetadata.json Normal file
Просмотреть файл

@ -0,0 +1,16 @@
{
"publisherId": "azuresentinel",
"offerId": "azure-sentinel-solution-neustaripgeopoint",
"firstPublishDate": "2022-09-30",
"lastPublishDate": "2022-09-30",
"providers": ["Neustar"],
"categories": {
"domains": ["Security – Automation (SOAR)","Security – Others"]
},
"support": {
"name": "Microsoft Corporation",
"email": "support@microsoft.com",
"tier": "Microsoft",
"link": "https://support.microsoft.com"
}
}

14
Solutions/Neustar IP GeoPoint/data/Solution_NeustarIPGeoPoint.json Normal file
Просмотреть файл

@ -0,0 +1,14 @@
{
"Name": "Neustar IP GeoPoint",
"Author": "Microsoft - support@microsoft.com",
"Logo": "<img src=\"https://github.com/Azure/Azure-Sentinel/raw/master/Playbooks/PaloAlto-PAN-OS/PaloAltoCustomConnector/PAN-OS_CustomConnector.png\" width=\"75px\" height=\"75px\">",
"Description": "The [Neustar IP GeoPoint](https://www.home.neustar/fraud-solutions/ip-geopoint) Solution for Microsoft Sentinel contains playbook to allows you to easily lookup for IP address to enrich Microsoft Sentinel's incident and to help auto remediation scenarios",
"Playbooks": [
"Playbooks/Neustar-GetIPGeoInfo/azuredeploy.json"
],
"BasePath": "C:\\Repositories\\Azure-Sentinel\\Solutions\\Neustar IP GeoPoint",
"Version": "2.0.0",
"Metadata": "SolutionMetadata.json",
"TemplateSpec": true,
"Is1Pconnector": false
}