Infoblox NIOS package update 1.0.3

2022-06-06 18:13:30 +05:30 · 2022-06-06 18:13:30 +05:30 · e4dff9aa49
--- a/NIOS/Data/Solution_InfobloxNIOS.json
+++ b/NIOS/Data/Solution_InfobloxNIOS.json
@ -10,11 +10,12 @@
 	"Workbooks/Infoblox-Workbook-V2.json"
 	],
  "Parsers": [
-	"Parser/InfobloxNIOS.txt",
-	"Parser/Infoblox_all.txt",
+	"Parser/Infoblox.txt",
 	"Parser/Infoblox_allotherdhcpdTypes.txt",
 	"Parser/Infoblox_allotherdnsTypes.txt",
+	"Parser/Infoblox_allotherlogTypes.txt",
 	"Parser/Infoblox_dhcp_consolidated.txt",
+	"Parser/Infoblox_dhcpack.txt",
 	"Parser/Infoblox_dhcpadded.txt",
 	"Parser/Infoblox_dhcpbindupdate.txt",
 	"Parser/Infoblox_dhcpdiscover.txt",
@ -23,7 +24,6 @@
 	"Parser/Infoblox_dhcpoffer.txt",
 	"Parser/Infoblox_dhcpoption.txt",
 	"Parser/Infoblox_dhcpother.txt",
-	"Parser/Infoblox_dhcppack.txt",
 	"Parser/Infoblox_dhcprelease.txt",
 	"Parser/Infoblox_dhcpremoved.txt",
 	"Parser/Infoblox_dhcprequest.txt",
@ -38,9 +38,9 @@
 	"Analytic Rules/PotentialDHCPStarvationAttack.yaml"
 	],
  "Watchlists": [
-	"Workbooks/Watchlist/InfobloxDevices-watchlist.json"
+	"Workbooks/Watchlist/Sources_by_SourceType.json"
 	],
  "Metadata": "SolutionMetadata.json",
  "BasePath": "C:\\GitHub\\azure\\Solutions\\Infoblox NIOS\\",
-  "Version": "1.0.2"
+  "Version": "1.0.3"
 }
--- a/NIOS/Package/1.0.3.zip
+++ b/NIOS/Package/1.0.3.zip
--- a/NIOS/Package/createUiDefinition.json
+++ b/NIOS/Package/createUiDefinition.json
@ -6,7 +6,7 @@
    "config": {
      "isWizard": false,
      "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/infoblox_logo.svg\"width=\"75px\"height=\"75px\">\n\n**Important:** _This Microsoft Sentinel Solution is currently in public preview. This feature is provided without a service level agreement, and it's not recommended for production workloads. Certain features might not be supported or might have constrained capabilities. For more information, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/)._\n\n**Note:** _There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing._\n\nThe [Infoblox NIOS](https://www.infoblox.com/glossary/network-identity-operating-system-nios/) Solution for Microsoft Sentinel enables you to ingest network infrastructure operational logs into Microsoft Sentinel to improve your Security Monitoring/Operations capabilities.\r\n\r\nUnderlying Technologies used:\r\n\r\n • [Syslog](https://docs.microsoft.com/azure/sentinel/connect-syslog#:~:text=Configure%20your%20Linux%20machine%20or%20appliance%20From%20the,your%20device%20instead%20of%20the%20generic%20Syslog%20connector.)\n\n**Data Connectors:** 1, **Parsers:** 22, **Workbooks:** 1, **Analytic Rules:** 2, **Watchlists:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/infoblox_logo.svg\"width=\"75px\"height=\"75px\">\n\n**Important:** _This Microsoft Sentinel Solution is currently in public preview. This feature is provided without a service level agreement, and it's not recommended for production workloads. Certain features might not be supported or might have constrained capabilities. For more information, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/)._\n\n**Note:** _There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing._\n\nThe [Infoblox Network Identity Operating System (NIOS)](https://www.infoblox.com/glossary/network-identity-operating-system-nios/) is the operating system that powers Infoblox core network services, ensuring non-stop operation of network infrastructure. The basis for Next Level Networking, NIOS automates the error-prone and time-consuming manual tasks associated with deploying and managing DNS, DHCP, and IP address management (IPAM) required for continuous network availability and business uptime.\n\nMicrosoft Sentinel Solutions provide a consolidated way to acquire Microsoft Sentinel content like data connectors, workbooks, analytics, and automations in your workspace with a single deployment step.\n\n**Data Connectors:** 1, **Parsers:** 22, **Workbooks:** 1, **Analytic Rules:** 2, **Watchlists:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
        "subscription": {
          "resourceProviders": [
            "Microsoft.OperationsManagement/solutions",
@ -60,14 +60,14 @@
            "name": "dataconnectors1-text",
            "type": "Microsoft.Common.TextBlock",
            "options": {
-              "text": "This solution installs the data connector for ingesting Infoblox NIOS network infrastructure operational logs into Microsoft Sentinel using Syslog. After installing the solution, configure and enable this data connector from the Data Connector gallery. The Infoblox NIOS logs will be received in the Syslog table in your Microsoft Sentinel workspace."
+              "text": "This Solution installs the data connector for Infoblox NIOS. You can get Infoblox NIOS Syslog data in your Microsoft Sentinel workspace. Configure and enable this data connector in the Data Connector gallery after this Solution deploys. The logs will be received in the Syslog table in your Microsoft Sentinel / Azure Log Analytics workspace."
            }
          },
          {
            "name": "dataconnectors-parser-text",
            "type": "Microsoft.Common.TextBlock",
            "options": {
-              "text": "The solution installs multiple parsers that transforms the ingested data. The transformed logs can be accessed using the installed Kusto Function aliases."
+              "text": "The Solution installs a parser that transforms the ingested data into Microsoft Sentinel normalized format. The normalized format enables better correlation of different types of data from different data sources to drive end-to-end outcomes seamlessly in security monitoring, hunting, incident investigation and response scenarios in Microsoft Sentinel."
            }
          },
          {
@ -105,13 +105,7 @@
            "name": "workbooks-text",
            "type": "Microsoft.Common.TextBlock",
            "options": {
-              "text": "The workbook(s) installed with the Infoblox NIOS solution provides insights into network operations by correlating DHCP and DNS data. After installation, the workbook(s) will be saved in the My Workbooks gallery in your Microsoft Sentinel workbook gallery."
-            }
-          },
-			{
-            "name": "Workbook-LearnMore",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
+              "text": "This Microsoft Sentinel Solution installs workbooks. Workbooks provide a flexible canvas for data monitoring, analysis, and the creation of rich visual reports within the Azure portal. They allow you to tap into one or many data sources from Microsoft Sentinel and combine them into unified interactive experiences.",
              "link": {
                "label": "Learn more",
                "uri": "https://docs.microsoft.com/azure/sentinel/tutorial-monitor-your-data"
@ -126,9 +120,6 @@
              {
                "name": "workbook1-text",
                "type": "Microsoft.Common.TextBlock"
-							
-							
-				 
              },
              {
                "name": "workbook1-name",
@ -159,13 +150,7 @@
            "name": "analytics-text",
            "type": "Microsoft.Common.TextBlock",
            "options": {
-              "text": "The Analytic Rule(s) installed with this solution will be deployed in disabled mode in the analytic rules gallery of your Microsoft Sentinel workspace. Configure and enable these rules in the analytic rules gallery after this solution deploys."
-            }
-          },
-		  {
-            "name": "Analytics-LearnMore",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
+              "text": "This Microsoft Sentinel Solution installs analytic rules for Infoblox NIOS that you can enable for custom alert generation in Microsoft Sentinel. These analytic rules will be deployed in disabled mode in the analytics rules gallery of your Microsoft Sentinel workspace. Configure and enable these rules in the analytic rules gallery after this Solution deploys.",
              "link": {
                "label": "Learn more",
                "uri": "https://docs.microsoft.com/azure/sentinel/tutorial-detect-threats-custom?WT.mc_id=Portal-Microsoft_Azure_CreateUIDef"
@ -215,13 +200,7 @@
            "name": "watchlists-text",
            "type": "Microsoft.Common.TextBlock",
            "options": {
-              "text": "This solution installs a Watchlist of Infoblox devices for lookup. Once deployment is successful, the installed watchlists will be available in the Watchlists blade under 'My Watchlists'."
-            }
-          },
-		  {
-            "name": "Watchlists-LearnMore",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
+              "text": "Microsoft Sentinel watchlists enable the collection of data from external data sources for correlation with the events in your Microsoft Sentinel environment. Once created, you can use watchlists in your search, detection rules, threat hunting, and response playbooks. Watchlists are stored in your Microsoft Sentinel workspace as name-value pairs and are cached for optimal query performance and low latency. Once deployment is successful, the installed watchlists will be available in the Watchlists blade under 'My Watchlists'.",
              "link": {
                "label": "Learn more",
                "uri": "https://aka.ms/sentinelwatchlists"
@ -231,13 +210,13 @@
          {
            "name": "watchlist1",
            "type": "Microsoft.Common.Section",
-            "label": "InfobloxDevices",
+            "label": "Sources_by_SourceType",
            "elements": [
              {
                "name": "watchlist1-text",
                "type": "Microsoft.Common.TextBlock",
                "options": {
-                  "text": "Watchlist provide lookup for different hostnames of Infoblox devices."
+                  "text": "The watchlist is used by parsers to specify Sources and their types."
                }
              }
            ]
--- a/NIOS/Package/mainTemplate.json
+++ b/NIOS/Package/mainTemplate.json
--- a/Tools/Create-Azure-Sentinel-Solution/input/Solution_GitHub.json
+++ b/Tools/Create-Azure-Sentinel-Solution/input/Solution_GitHub.json
@ -1,42 +0,0 @@
-{
-  "Name": "GitHub",
-  "Author": "Nikhil Tripathi - v-ntripathi@microsoft.com",
-  "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Workbooks/Images/Logos/GitHub.svg\"width=\"75px\"height=\"75px\">",
-  "Description": "",
-  "Workbooks": [
-	  "Workbooks/GithubWorkbook.json"
-  ],
-  "Analytic Rules": [
-    "Detections/(Preview) GitHub - A payment method was removed.yaml",
-    "Detections/(Preview) GitHub - Activities from Infrequent Country.yaml",
-	"Detections/(Preview) GitHub - Oauth application - a client secret was removed.yaml",
-	"Detections/(Preview) GitHub - Repository was created.yaml",
-	"Detections/(Preview) GitHub - Repository was destroyed.yaml",
-	"Detections/(Preview) GitHub - Two Factor Authentication Disabled in GitHub.yaml",
-	"Detections/(Preview) GitHub - User visibility Was changed.yaml",
-	"Detections/(Preview) GitHub - User was added to the organization.yaml",
-	"Detections/(Preview) GitHub - User was blocked.yaml",
-	"Detections/(Preview) GitHub - User was invited to the repository .yaml",
-	"Detections/(Preview) GitHub - pull request was created.yaml",
-	"Detections/(Preview) GitHub - pull request was merged.yaml"
-  ],
-  "Hunting Queries": [
-	  "Hunting Queries/First Time User Invite and Add Member to Org.yaml",
-	  "Hunting Queries/Inactive or New Account Usage.yaml",
-	  "Hunting Queries/Mass Deletion of Repositories .yaml",
-	  "Hunting Queries/Oauth App Restrictions Disabled.yaml",
-	  "Hunting Queries/Org Repositories Default Permissions Change.yaml",
-	  "Hunting Queries/Repository Permission Switched to Public.yaml",
-	  "Hunting Queries/User First Time Repository Delete Activity.yaml",
-	  "Hunting Queries/User Grant Access and Grants Other Access.yaml"
-  ],
-  "Parsers": [
-	  "Parsers/GitHubAuditData.txt"
-	  ],
-  "Data Connectors": [
-    "Data Connectors/azuredeploy_GitHub_native_poller_connector.json"
-  ],
-  "Metadata": "SolutionMetadata.json",
-  "BasePath": "C:\\GitHub\\azure\\Solutions\\GitHub",
-  "Version": "1.0.49"
-}