Files moved back to standalone folder
Files moved back to standalone folder
This commit is contained in:
Родитель
181ba50317
Коммит
dd9cf20242
|
@ -1,29 +0,0 @@
|
|||
{
|
||||
"Name": "Dynamics 365",
|
||||
"Author": "Microsoft",
|
||||
"Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/DynamicsLogo.svg\" width=\"75px\" height=\"75px\">",
|
||||
"Description": "The [Dynamics 365](https://dynamics.microsoft.com) continuous Threat Monitoring Solution for Microsoft Sentinel provides you with ability to collect Dynamics 365 CRM logs, gain visibility of activities within Dynamics 365 and analyze them to detect threats and malicious activities. You can view admin, user and support activities, as well as Microsoft Social Engagement logging events data in workbooks, use it to create custom alerts, and improve your investigation process. /r /n/n /r **Underlying Microsoft Technologies used:** /r/n/n/r This solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:a. [Office 365 Management APIs](https://docs.microsoft.com/office/office-365-management-api/office-365-management-apis-overview)",
|
||||
"Data Connectors": [
|
||||
"Data Connectors/template_Dynamics365.JSON"
|
||||
],
|
||||
"Workbooks": [
|
||||
"Workbooks/Dynamics365Workbooks.json"
|
||||
],
|
||||
"Analytic Rules": [
|
||||
"Analytic Rules/DynamicsEncryptionSettingsChanged.yaml",
|
||||
"Analytic Rules/MassExportOfDynamicstoExcel.yaml",
|
||||
"Analytic Rules/NewDynamicsAdminActivity.yaml",
|
||||
"Analytic Rules/NewDynamicsUserAgent.yaml",
|
||||
"Analytic Rules/NewOfficeUserAgentinDynamics.yaml",
|
||||
"Analytic Rules/UserBulkRetreivalOutsideNormalActivity.yaml"
|
||||
],
|
||||
"Hunting Queries": [
|
||||
"Hunting Queries/DynamicsActivityAfterAADAlert.yaml",
|
||||
"Hunting Queries/DynamicsActivityAfterFailedLogons.yaml"
|
||||
],
|
||||
"BasePath": "C:\\GitHub\\azure-Sentinel\\Solutions\\Dynamics 365",
|
||||
"Version": "2.0.0",
|
||||
"Metadata": "SolutionMetadata.json",
|
||||
"TemplateSpec": true,
|
||||
"Is1PConnector": true
|
||||
}
|
Двоичные данные
Solutions/Dynamics 365/Package/2.0.0.zip
Двоичные данные
Solutions/Dynamics 365/Package/2.0.0.zip
Двоичный файл не отображается.
|
@ -1,277 +0,0 @@
|
|||
{
|
||||
"$schema": "https://schema.management.azure.com/schemas/0.1.2-preview/CreateUIDefinition.MultiVm.json#",
|
||||
"handler": "Microsoft.Azure.CreateUIDef",
|
||||
"version": "0.1.2-preview",
|
||||
"parameters": {
|
||||
"config": {
|
||||
"isWizard": false,
|
||||
"basics": {
|
||||
"description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/DynamicsLogo.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** _There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing._\n\nThe [Dynamics 365](https://dynamics.microsoft.com) continuous Threat Monitoring Solution for Microsoft Sentinel provides you with ability to collect Dynamics 365 CRM logs, gain visibility of activities within Dynamics 365 and analyze them to detect threats and malicious activities. You can view admin, user and support activities, as well as Microsoft Social Engagement logging events data in workbooks, use it to create custom alerts, and improve your investigation process. \r\n \r\n **Underlying Microsoft Technologies used:** \r\n \r\n This solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs::\r\n\n a. [Office 365 Management APIs](https://docs.microsoft.com/office/office-365-management-api/office-365-management-apis-overview)\n\n**Data Connectors:** 1, **Workbooks:** 1, **Analytic Rules:** 6, **Hunting Queries:** 2\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
|
||||
"subscription": {
|
||||
"resourceProviders": [
|
||||
"Microsoft.OperationsManagement/solutions",
|
||||
"Microsoft.OperationalInsights/workspaces/providers/alertRules",
|
||||
"Microsoft.Insights/workbooks",
|
||||
"Microsoft.Logic/workflows"
|
||||
]
|
||||
},
|
||||
"location": {
|
||||
"metadata": {
|
||||
"hidden": "Hiding location, we get it from the log analytics workspace"
|
||||
},
|
||||
"visible": false
|
||||
},
|
||||
"resourceGroup": {
|
||||
"allowExisting": true
|
||||
}
|
||||
}
|
||||
},
|
||||
"basics": [
|
||||
{
|
||||
"name": "getLAWorkspace",
|
||||
"type": "Microsoft.Solutions.ArmApiControl",
|
||||
"toolTip": "This filters by workspaces that exist in the Resource Group selected",
|
||||
"condition": "[greater(length(resourceGroup().name),0)]",
|
||||
"request": {
|
||||
"method": "GET",
|
||||
"path": "[concat(subscription().id,'/providers/Microsoft.OperationalInsights/workspaces?api-version=2020-08-01')]"
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "workspace",
|
||||
"type": "Microsoft.Common.DropDown",
|
||||
"label": "Workspace",
|
||||
"placeholder": "Select a workspace",
|
||||
"toolTip": "This dropdown will list only workspace that exists in the Resource Group selected",
|
||||
"constraints": {
|
||||
"allowedValues": "[map(filter(basics('getLAWorkspace').value, (filter) => contains(toLower(filter.id), toLower(resourceGroup().name))), (item) => parse(concat('{\"label\":\"', item.name, '\",\"value\":\"', item.name, '\"}')))]",
|
||||
"required": true
|
||||
},
|
||||
"visible": true
|
||||
}
|
||||
],
|
||||
"steps": [
|
||||
{
|
||||
"name": "dataconnectors",
|
||||
"label": "Data Connectors",
|
||||
"bladeTitle": "Data Connectors",
|
||||
"elements": [
|
||||
{
|
||||
"name": "dataconnectors1-text",
|
||||
"type": "Microsoft.Common.TextBlock",
|
||||
"options": {
|
||||
"text": "This solution installs the data connector for ingesting Dynamics 365 CRM logs into Microsoft Sentinel. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "dataconnectors-link2",
|
||||
"type": "Microsoft.Common.TextBlock",
|
||||
"options": {
|
||||
"link": {
|
||||
"label": "Learn more about connecting data sources",
|
||||
"uri": "https://docs.microsoft.com/azure/sentinel/connect-data-sources"
|
||||
}
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "workbooks",
|
||||
"label": "Workbooks",
|
||||
"subLabel": {
|
||||
"preValidation": "Configure the workbooks",
|
||||
"postValidation": "Done"
|
||||
},
|
||||
"bladeTitle": "Workbooks",
|
||||
"elements": [
|
||||
{
|
||||
"name": "workbooks-text",
|
||||
"type": "Microsoft.Common.TextBlock",
|
||||
"options": {
|
||||
"text": "This solution installs workbook to help you gain insights into the telemetry collected in Microsoft Sentinel. After installing the solution, start using the workbook in Manage solution view."
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "workbooks-link",
|
||||
"type": "Microsoft.Common.TextBlock",
|
||||
"options": {
|
||||
"link": {
|
||||
"label": "Learn more",
|
||||
"uri": "https://docs.microsoft.com/azure/sentinel/tutorial-monitor-your-data"
|
||||
}
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "analytics",
|
||||
"label": "Analytics",
|
||||
"subLabel": {
|
||||
"preValidation": "Configure the analytics",
|
||||
"postValidation": "Done"
|
||||
},
|
||||
"bladeTitle": "Analytics",
|
||||
"elements": [
|
||||
{
|
||||
"name": "analytics-text",
|
||||
"type": "Microsoft.Common.TextBlock",
|
||||
"options": {
|
||||
"text": "This solution installs the following analytic rule templates. After installing the solution, create and enable analytic rules in Manage solution view."
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "analytics-link",
|
||||
"type": "Microsoft.Common.TextBlock",
|
||||
"options": {
|
||||
"link": {
|
||||
"label": "Learn more",
|
||||
"uri": "https://docs.microsoft.com/azure/sentinel/tutorial-detect-threats-custom?WT.mc_id=Portal-Microsoft_Azure_CreateUIDef"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "analytic1",
|
||||
"type": "Microsoft.Common.Section",
|
||||
"label": "Dynamics Encryption Settings Changed",
|
||||
"elements": [
|
||||
{
|
||||
"name": "analytic1-text",
|
||||
"type": "Microsoft.Common.TextBlock",
|
||||
"options": {
|
||||
"text": "This query looks for changes to the Data Encryption settings for Dynamics 365.\nReference: https://docs.microsoft.com/microsoft-365/compliance/office-365-encryption-in-microsoft-dynamics-365"
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "analytic2",
|
||||
"type": "Microsoft.Common.Section",
|
||||
"label": "Mass Export of Dynamics 365 Records to Excel",
|
||||
"elements": [
|
||||
{
|
||||
"name": "analytic2-text",
|
||||
"type": "Microsoft.Common.TextBlock",
|
||||
"options": {
|
||||
"text": "The query detects user exporting a large amount of records from Dynamics 365 to Excel, significantly more records exported than any other recent activity by that user."
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "analytic3",
|
||||
"type": "Microsoft.Common.Section",
|
||||
"label": "New Dynamics 365 Admin Activity",
|
||||
"elements": [
|
||||
{
|
||||
"name": "analytic3-text",
|
||||
"type": "Microsoft.Common.TextBlock",
|
||||
"options": {
|
||||
"text": "Detects users conducting administrative activity in Dynamics 365 where they have not had admin rights before."
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "analytic4",
|
||||
"type": "Microsoft.Common.Section",
|
||||
"label": "New Dynamics 365 User Agent",
|
||||
"elements": [
|
||||
{
|
||||
"name": "analytic4-text",
|
||||
"type": "Microsoft.Common.TextBlock",
|
||||
"options": {
|
||||
"text": "Detects users accessing Dynamics from a User Agent that has not been seen the 14 days. Has configurable filter for known good user agents such as PowerApps. Also includes optional section to exclude User Agents to indicate a browser being used."
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "analytic5",
|
||||
"type": "Microsoft.Common.Section",
|
||||
"label": "New Office User Agent in Dynamics 365",
|
||||
"elements": [
|
||||
{
|
||||
"name": "analytic5-text",
|
||||
"type": "Microsoft.Common.TextBlock",
|
||||
"options": {
|
||||
"text": "Detects users accessing Dynamics from a User Agent that has not been seen in any Office 365 workloads in the last 7 days. Has configurable filter for known good user agents such as PowerApps."
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "analytic6",
|
||||
"type": "Microsoft.Common.Section",
|
||||
"label": "Dynamics 365 - User Bulk Retrieval Outside Normal Activity",
|
||||
"elements": [
|
||||
{
|
||||
"name": "analytic6-text",
|
||||
"type": "Microsoft.Common.TextBlock",
|
||||
"options": {
|
||||
"text": "This query detects users retrieving significantly more records from Dynamics 365 than they have in the past 2 weeks. This could indicate potentially unauthorized access to data within Dynamics 365."
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "huntingqueries",
|
||||
"label": "Hunting Queries",
|
||||
"bladeTitle": "Hunting Queries",
|
||||
"elements": [
|
||||
{
|
||||
"name": "huntingqueries-text",
|
||||
"type": "Microsoft.Common.TextBlock",
|
||||
"options": {
|
||||
"text": "This solution installs the following hunting queries. After installing the solution, run these hunting queries to hunt for threats in Manage solution view. "
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "huntingqueries-link",
|
||||
"type": "Microsoft.Common.TextBlock",
|
||||
"options": {
|
||||
"link": {
|
||||
"label": "Learn more",
|
||||
"uri": "https://docs.microsoft.com/azure/sentinel/hunting"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "huntingquery1",
|
||||
"type": "Microsoft.Common.Section",
|
||||
"label": "Dynamics 365 Activity After Azure AD Alerts",
|
||||
"elements": [
|
||||
{
|
||||
"name": "huntingquery1-text",
|
||||
"type": "Microsoft.Common.TextBlock",
|
||||
"options": {
|
||||
"text": "This hunting query looks for users conducting Dynamics 365 activity shortly after Azn Azure AD Identity Protection alert for that user. The query only looks for users not seen before or conducting Dynamics activity not previously seen. It depends on the Dynamics365 data connector and Dynamics365Activity data type and Dynamics365 parser."
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "huntingquery2",
|
||||
"type": "Microsoft.Common.Section",
|
||||
"label": "Dynamics 365 Activity After Failed Logons",
|
||||
"elements": [
|
||||
{
|
||||
"name": "huntingquery2-text",
|
||||
"type": "Microsoft.Common.TextBlock",
|
||||
"options": {
|
||||
"text": "This hunting query looks for users conducting Dynamics 365 activity shortly after a number of failed logons. Use this to look for potential post brute force activity. Adjust the threshold figure based on false positive rate. It depends on the Dynamics365 data connector and Dynamics365Activity data type and Dynamics365 parser."
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"outputs": {
|
||||
"workspace-location": "[first(map(filter(basics('getLAWorkspace').value, (filter) => and(contains(toLower(filter.id), toLower(resourceGroup().name)),equals(filter.name,basics('workspace')))), (item) => item.location))]",
|
||||
"location": "[location()]",
|
||||
"workspace": "[basics('workspace')]"
|
||||
}
|
||||
}
|
||||
}
|
Различия файлов скрыты, потому что одна или несколько строк слишком длинны
|
@ -1,15 +0,0 @@
|
|||
{
|
||||
"publisherId": "azuresentinel",
|
||||
"offerId": "azure-sentinel-solution-dynamics365",
|
||||
"firstPublishDate": "2022-05-24",
|
||||
"providers": ["Microsoft"],
|
||||
"categories": {
|
||||
"domains": [ "Cloud Provider","IT Operations","Storage"]
|
||||
},
|
||||
"support": {
|
||||
"name": "Microsoft Corporation",
|
||||
"email": "support@microsoft.com",
|
||||
"tier": "Microsoft",
|
||||
"link": "https://support.microsoft.com"
|
||||
}
|
||||
}
|
До Ширина: | Высота: | Размер: 71 KiB После Ширина: | Высота: | Размер: 71 KiB |
До Ширина: | Высота: | Размер: 70 KiB После Ширина: | Высота: | Размер: 70 KiB |
Загрузка…
Ссылка в новой задаче