[SOLUTION: NXLog AIX Audit]
This PR addresses the feedback received from Microsoft regarding broken links CHANGES: - Corrected outdated NXLog documentation and support URLs - Updated Package 2.0.0.zip to 2.0.1.zip - Updated all mentions of Microsoft Azure Sentinel to Microsoft Sentinel REASONS FOR CHANGE(S): - To address the findings raised by Microsoft for this and other solutions - I took over the maintenance tasks from former colleagues who worked on this earlier VERSION UPDATED: - Yes, to version 2.0.1 TESTING COMPLETED: - Need Help / I did not do any actual tests on this, but compared to the in-repo data created by my former colleagues, I only made metadata changes RAN VALIDATIONS: - Yes, all validations returned passed This work is associated with NXLog's Jira Issue IN-272 Signed-off-by: Janos Szigetvari <janos.szigetvari@nxlog.org>
This commit is contained in:
Janos Szigetvari
Родитель
558195b8ac
Коммит
ee43c1a2fc
|
|
@ -1,6 +0,0 @@
|
|||
<svg xmlns="http://www.w3.org/2000/svg" width="75" height="75">
|
||||
<path fill="#0088C5" d="M37.501 75C58.155 75 75 58.154 75 37.5S58.155 0 37.501 0 0 16.846 0 37.5 16.847 75 37.501 75z"/>
|
||||
<path fill="#FFF" fill-rule="evenodd" d="M43.446 45.693c-1.485 2.116-3.016 4.438-4.496 6.591H28.572l10.04-14.292 4.834 7.701z" clip-rule="evenodd"/>
|
||||
<path fill="#FFF" fill-rule="evenodd" d="M50.029 52.176c-3.111-4.747-6.14-9.722-9.281-14.448-2.295-3.455-5.17-9.178-9.932-9.088-3.873.073-7.743 3.833-7.743 8.714V52.46h-8.712V22.37h8.341v2.823c0 1.091.021 1.637.063 1.637 0-.038.021-.056.06-.056 3.388-4.238 9.252-6.035 13.99-4.302 2.779 1.019 4.534 2.88 6.247 5.12 5.554 8.256 9.821 15.646 15.44 24.583h-8.473zM45.926 29l4.58-6.805h10.132c-3.366 4.507-6.85 9.014-10.204 13.635L45.926 29z" clip-rule="evenodd"/>
|
||||
<path fill="#FFF" fill-rule="evenodd" d="M43.446 45.693c-1.485 2.116-3.02 4.438-4.496 6.591H28.572l10.037-14.291 4.837 7.7z" clip-rule="evenodd"/>
|
||||
</svg>
|
||||
|
До Ширина: | Высота: | Размер: 956 B |
|
|
@ -2,7 +2,7 @@
|
|||
"id": "NXLogAixAudit",
|
||||
"title": "NXLog AIX Audit",
|
||||
"publisher": "NXLog",
|
||||
"descriptionMarkdown": "The NXLog [AIX Audit](https://nxlog.co/documentation/nxlog-user-guide/im_aixaudit.html) data connector uses the AIX Audit subsystem to read events directly from the kernel for capturing audit events on the AIX platform. This REST API connector can efficiently export AIX Audit events to Microsoft Sentinel in real time.",
|
||||
"descriptionMarkdown": "The [NXLog AIX Audit](https://docs.nxlog.co/refman/current/im/aixaudit.html) data connector uses the AIX Audit subsystem to read events directly from the kernel for capturing audit events on the AIX platform. This REST API connector can efficiently export AIX Audit events to Microsoft Sentinel in real time.",
|
||||
"additionalRequirementBanner": "This data connector depends on a parser based on a Kusto Function to work as expected [**NXLog_parsed_AIX_Audit_view**](https://aka.ms/sentinel-nxlogaixaudit-parser) which is deployed with the Microsoft Sentinel Solution.",
|
||||
"graphQueries": [
|
||||
{
|
||||
|
|
@ -84,7 +84,7 @@
|
|||
},
|
||||
{
|
||||
"title": "",
|
||||
"description": "Follow the step-by-step instructions in the *NXLog User Guide* Integration Topic [Microsoft Microsoft Sentinel](https://nxlog.co/documentation/nxlog-user-guide/sentinel.html) to configure this connector.",
|
||||
"description": "Follow the step-by-step instructions in the *NXLog User Guide* Integration Guide [Microsoft Sentinel](https://docs.nxlog.co/userguide/integrate/microsoft-azure-sentinel.html) to configure this connector.",
|
||||
"instructions": [
|
||||
{
|
||||
"parameters": {
|
||||
|
|
|
|||
|
|
@ -2,16 +2,16 @@
|
|||
"Name": "NXLogAixAudit",
|
||||
"Author": "NXLog",
|
||||
"Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/NXLog.svg\" width=\"75px\" height=\"75px\">",
|
||||
"Description": "The [NXLog AIX Audit](https://docs.nxlog.co/refman/v5.5/im/aixaudit.html) solution uses the AIX Audit subsystem to read events directly from the kernel for capturing audit events into Microsoft Sentinel on the AIX platform.\n\n**Underlying Microsoft Technologies used:**\n\nThis solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs\n\n a. [Azure Monitor HTTP Data Collector API](https://docs.microsoft.com/azure/azure-monitor/logs/data-collector-api)",
|
||||
"Description": "The [NXLog AIX Audit](https://docs.nxlog.co/refman/current/im/aixaudit.html) solution uses the AIX Audit subsystem to read events directly from the kernel for capturing audit events into Microsoft Sentinel on the AIX platform.\n\n**Underlying Microsoft Technologies used:**\n\nThis solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs\n\n a. [Azure Monitor HTTP Data Collector API](https://docs.microsoft.com/azure/azure-monitor/logs/data-collector-api)",
|
||||
"Data Connectors": [
|
||||
"Solutions/NXLogAixAudit/Data Connectors/NXLogAixAudit.json"
|
||||
"Data Connectors/NXLogAixAudit.json"
|
||||
],
|
||||
"Parsers": [
|
||||
"Solutions/NXLogAixAudit/Parsers/NXLog_parsed_AIX_Audit_view.txt"
|
||||
"Parsers/NXLog_parsed_AIX_Audit_view.txt"
|
||||
],
|
||||
"BasePath": "C:\\GitHub\\Azure-Sentinel",
|
||||
"Version": "2.0.0",
|
||||
"BasePath": "C:\\One\\Azure-Sentinel-jszigetvari\\Solutions\\NXLogAixAudit",
|
||||
"Version": "2.0.1",
|
||||
"Metadata": "SolutionMetadata.json",
|
||||
"TemplateSpec": true,
|
||||
"Is1PConnector": false
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Двоичный файл не отображается.
|
|
@ -6,7 +6,7 @@
|
|||
"config": {
|
||||
"isWizard": false,
|
||||
"basics": {
|
||||
"description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/NXLog.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** _There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing._\n\nThe [NXLog AIX Audit](https://docs.nxlog.co/refman/v5.5/im/aixaudit.html) solution uses the AIX Audit subsystem to read events directly from the kernel for capturing audit events into Microsoft Sentinel on the AIX platform.\n\n**Underlying Microsoft Technologies used:**\n\nThis solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs\n\n a. [Azure Monitor HTTP Data Collector API](https://docs.microsoft.com/azure/azure-monitor/logs/data-collector-api)\n\n**Data Connectors:** 1, **Parsers:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
|
||||
"description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/NXLog.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** _There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing._\n\nThe [NXLog AIX Audit](https://docs.nxlog.co/refman/current/im/aixaudit.html) solution uses the AIX Audit subsystem to read events directly from the kernel for capturing audit events into Microsoft Sentinel on the AIX platform.\n\n**Underlying Microsoft Technologies used:**\n\nThis solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs\n\n a. [Azure Monitor HTTP Data Collector API](https://docs.microsoft.com/azure/azure-monitor/logs/data-collector-api)\n\n**Data Connectors:** 1, **Parsers:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
|
||||
"subscription": {
|
||||
"resourceProviders": [
|
||||
"Microsoft.OperationsManagement/solutions",
|
||||
|
|
|
|||
|
|
@ -53,7 +53,7 @@
|
|||
"resources": [
|
||||
{
|
||||
"type": "Microsoft.Resources/templateSpecs",
|
||||
"apiVersion": "2021-05-01",
|
||||
"apiVersion": "2022-02-01",
|
||||
"name": "[variables('dataConnectorTemplateSpecName1')]",
|
||||
"location": "[parameters('workspace-location')]",
|
||||
"tags": {
|
||||
|
|
@ -67,7 +67,7 @@
|
|||
},
|
||||
{
|
||||
"type": "Microsoft.Resources/templateSpecs/versions",
|
||||
"apiVersion": "2021-05-01",
|
||||
"apiVersion": "2022-02-01",
|
||||
"name": "[concat(variables('dataConnectorTemplateSpecName1'),'/',variables('dataConnectorVersion1'))]",
|
||||
"location": "[parameters('workspace-location')]",
|
||||
"tags": {
|
||||
|
|
@ -78,7 +78,7 @@
|
|||
"[resourceId('Microsoft.Resources/templateSpecs', variables('dataConnectorTemplateSpecName1'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "NXLogAixAudit data connector with template version 2.0.0",
|
||||
"description": "NXLogAixAudit data connector with template version 2.0.1",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('dataConnectorVersion1')]",
|
||||
|
|
@ -96,7 +96,7 @@
|
|||
"id": "[variables('_uiConfigId1')]",
|
||||
"title": "NXLog AIX Audit",
|
||||
"publisher": "NXLog",
|
||||
"descriptionMarkdown": "The NXLog [AIX Audit](https://nxlog.co/documentation/nxlog-user-guide/im_aixaudit.html) data connector uses the AIX Audit subsystem to read events directly from the kernel for capturing audit events on the AIX platform. This REST API connector can efficiently export AIX Audit events to Microsoft Sentinel in real time.",
|
||||
"descriptionMarkdown": "The [NXLog AIX Audit](https://docs.nxlog.co/refman/current/im/aixaudit.html) data connector uses the AIX Audit subsystem to read events directly from the kernel for capturing audit events on the AIX platform. This REST API connector can efficiently export AIX Audit events to Microsoft Sentinel in real time.",
|
||||
"additionalRequirementBanner": "This data connector depends on a parser based on a Kusto Function to work as expected [**NXLog_parsed_AIX_Audit_view**](https://aka.ms/sentinel-nxlogaixaudit-parser) which is deployed with the Microsoft Sentinel Solution.",
|
||||
"graphQueries": [
|
||||
{
|
||||
|
|
@ -174,7 +174,7 @@
|
|||
"description": ">**NOTE:** This data connector depends on a parser based on a Kusto Function to work as expected [**NXLog_parsed_AIX_Audit_view**](https://aka.ms/sentinel-nxlogaixaudit-parser) which is deployed with the Microsoft Sentinel Solution."
|
||||
},
|
||||
{
|
||||
"description": "Follow the step-by-step instructions in the *NXLog User Guide* Integration Topic [Microsoft Microsoft Sentinel](https://nxlog.co/documentation/nxlog-user-guide/sentinel.html) to configure this connector.",
|
||||
"description": "Follow the step-by-step instructions in the *NXLog User Guide* Integration Guide [Microsoft Sentinel](https://docs.nxlog.co/userguide/integrate/microsoft-azure-sentinel.html) to configure this connector.",
|
||||
"instructions": [
|
||||
{
|
||||
"parameters": {
|
||||
|
|
@ -220,7 +220,7 @@
|
|||
"support": {
|
||||
"name": "NXLog",
|
||||
"tier": "Partner",
|
||||
"link": "https://nxlog.co/user?destination=node/add/support-ticket"
|
||||
"link": "https://nxlog.co/support-tickets/add/support-ticket"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -252,7 +252,7 @@
|
|||
"support": {
|
||||
"name": "NXLog",
|
||||
"tier": "Partner",
|
||||
"link": "https://nxlog.co/user?destination=node/add/support-ticket"
|
||||
"link": "https://nxlog.co/support-tickets/add/support-ticket"
|
||||
}
|
||||
}
|
||||
},
|
||||
|
|
@ -266,7 +266,7 @@
|
|||
"connectorUiConfig": {
|
||||
"title": "NXLog AIX Audit",
|
||||
"publisher": "NXLog",
|
||||
"descriptionMarkdown": "The NXLog [AIX Audit](https://nxlog.co/documentation/nxlog-user-guide/im_aixaudit.html) data connector uses the AIX Audit subsystem to read events directly from the kernel for capturing audit events on the AIX platform. This REST API connector can efficiently export AIX Audit events to Microsoft Sentinel in real time.",
|
||||
"descriptionMarkdown": "The [NXLog AIX Audit](https://docs.nxlog.co/refman/current/im/aixaudit.html) data connector uses the AIX Audit subsystem to read events directly from the kernel for capturing audit events on the AIX platform. This REST API connector can efficiently export AIX Audit events to Microsoft Sentinel in real time.",
|
||||
"graphQueries": [
|
||||
{
|
||||
"metricName": "Total data received",
|
||||
|
|
@ -343,7 +343,7 @@
|
|||
"description": ">**NOTE:** This data connector depends on a parser based on a Kusto Function to work as expected [**NXLog_parsed_AIX_Audit_view**](https://aka.ms/sentinel-nxlogaixaudit-parser) which is deployed with the Microsoft Sentinel Solution."
|
||||
},
|
||||
{
|
||||
"description": "Follow the step-by-step instructions in the *NXLog User Guide* Integration Topic [Microsoft Microsoft Sentinel](https://nxlog.co/documentation/nxlog-user-guide/sentinel.html) to configure this connector.",
|
||||
"description": "Follow the step-by-step instructions in the *NXLog User Guide* Integration Guide [Microsoft Sentinel](https://docs.nxlog.co/userguide/integrate/microsoft-azure-sentinel.html) to configure this connector.",
|
||||
"instructions": [
|
||||
{
|
||||
"parameters": {
|
||||
|
|
@ -373,7 +373,7 @@
|
|||
},
|
||||
{
|
||||
"type": "Microsoft.Resources/templateSpecs",
|
||||
"apiVersion": "2021-05-01",
|
||||
"apiVersion": "2022-02-01",
|
||||
"name": "[variables('parserTemplateSpecName1')]",
|
||||
"location": "[parameters('workspace-location')]",
|
||||
"tags": {
|
||||
|
|
@ -387,7 +387,7 @@
|
|||
},
|
||||
{
|
||||
"type": "Microsoft.Resources/templateSpecs/versions",
|
||||
"apiVersion": "2021-05-01",
|
||||
"apiVersion": "2022-02-01",
|
||||
"name": "[concat(variables('parserTemplateSpecName1'),'/',variables('parserVersion1'))]",
|
||||
"location": "[parameters('workspace-location')]",
|
||||
"tags": {
|
||||
|
|
@ -398,7 +398,7 @@
|
|||
"[resourceId('Microsoft.Resources/templateSpecs', variables('parserTemplateSpecName1'))]"
|
||||
],
|
||||
"properties": {
|
||||
"description": "NXLog_parsed_AIX_Audit_view Data Parser with template version 2.0.0",
|
||||
"description": "NXLog_parsed_AIX_Audit_view Data Parser with template version 2.0.1",
|
||||
"mainTemplate": {
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "[variables('parserVersion1')]",
|
||||
|
|
@ -415,7 +415,7 @@
|
|||
"displayName": "NXLogAixAudit Data Parser",
|
||||
"category": "Samples",
|
||||
"functionAlias": "NXLog_parsed_AIX_Audit_view",
|
||||
"query": "\nlet NXLog_parsed_AIX_Audit_view = view () {\r\n AIX_Audit_CL\r\n | project-rename\r\n CommandLine=Command_s,\r\n EventReceivedTime=EventReceivedTime_t,\r\n EventEndTime=EventTime_t,\r\n EventType=EventType_s,\r\n DvcHostname=Hostname_s,\r\n Username=Login_s,\r\n UserId=LoginUID_d,\r\n MessageSourceAddress=MessageSourceAddress_s,\r\n ParentProcessId=ParentPID_d,\r\n ProcessId=PID_d,\r\n RealUsername=Real_s,\r\n RealUserId=RealUID_d,\r\n SourceModuleName=SourceModuleName_s,\r\n SourceModuleType=SourceModuleType_s,\r\n EventResultDetails=Status_d,\r\n Thread=Thread_d,\r\n Verbose=Verbose_s,\r\n WPARkey=WPARkey_d,\r\n WPARname=WPARname_s\r\n};\r\nNXLog_parsed_AIX_Audit_view();",
|
||||
"query": "\nlet NXLog_parsed_AIX_Audit_view = view () {\n AIX_Audit_CL\n | project-rename\n CommandLine=Command_s,\n EventReceivedTime=EventReceivedTime_t,\n EventEndTime=EventTime_t,\n EventType=EventType_s,\n DvcHostname=Hostname_s,\n Username=Login_s,\n UserId=LoginUID_d,\n MessageSourceAddress=MessageSourceAddress_s,\n ParentProcessId=ParentPID_d,\n ProcessId=PID_d,\n RealUsername=Real_s,\n RealUserId=RealUID_d,\n SourceModuleName=SourceModuleName_s,\n SourceModuleType=SourceModuleType_s,\n EventResultDetails=Status_d,\n Thread=Thread_d,\n Verbose=Verbose_s,\n WPARkey=WPARkey_d,\n WPARname=WPARname_s\n};\nNXLog_parsed_AIX_Audit_view();",
|
||||
"version": 1,
|
||||
"tags": [
|
||||
{
|
||||
|
|
@ -448,7 +448,7 @@
|
|||
"support": {
|
||||
"name": "NXLog",
|
||||
"tier": "Partner",
|
||||
"link": "https://nxlog.co/user?destination=node/add/support-ticket"
|
||||
"link": "https://nxlog.co/support-tickets/add/support-ticket"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -458,7 +458,7 @@
|
|||
},
|
||||
{
|
||||
"type": "Microsoft.OperationalInsights/workspaces/savedSearches",
|
||||
"apiVersion": "2021-06-01",
|
||||
"apiVersion": "2022-10-01",
|
||||
"name": "[variables('_parserName1')]",
|
||||
"location": "[parameters('workspace-location')]",
|
||||
"properties": {
|
||||
|
|
@ -466,7 +466,7 @@
|
|||
"displayName": "NXLogAixAudit Data Parser",
|
||||
"category": "Samples",
|
||||
"functionAlias": "NXLog_parsed_AIX_Audit_view",
|
||||
"query": "\nlet NXLog_parsed_AIX_Audit_view = view () {\r\n AIX_Audit_CL\r\n | project-rename\r\n CommandLine=Command_s,\r\n EventReceivedTime=EventReceivedTime_t,\r\n EventEndTime=EventTime_t,\r\n EventType=EventType_s,\r\n DvcHostname=Hostname_s,\r\n Username=Login_s,\r\n UserId=LoginUID_d,\r\n MessageSourceAddress=MessageSourceAddress_s,\r\n ParentProcessId=ParentPID_d,\r\n ProcessId=PID_d,\r\n RealUsername=Real_s,\r\n RealUserId=RealUID_d,\r\n SourceModuleName=SourceModuleName_s,\r\n SourceModuleType=SourceModuleType_s,\r\n EventResultDetails=Status_d,\r\n Thread=Thread_d,\r\n Verbose=Verbose_s,\r\n WPARkey=WPARkey_d,\r\n WPARname=WPARname_s\r\n};\r\nNXLog_parsed_AIX_Audit_view();",
|
||||
"query": "\nlet NXLog_parsed_AIX_Audit_view = view () {\n AIX_Audit_CL\n | project-rename\n CommandLine=Command_s,\n EventReceivedTime=EventReceivedTime_t,\n EventEndTime=EventTime_t,\n EventType=EventType_s,\n DvcHostname=Hostname_s,\n Username=Login_s,\n UserId=LoginUID_d,\n MessageSourceAddress=MessageSourceAddress_s,\n ParentProcessId=ParentPID_d,\n ProcessId=PID_d,\n RealUsername=Real_s,\n RealUserId=RealUID_d,\n SourceModuleName=SourceModuleName_s,\n SourceModuleType=SourceModuleType_s,\n EventResultDetails=Status_d,\n Thread=Thread_d,\n Verbose=Verbose_s,\n WPARkey=WPARkey_d,\n WPARname=WPARname_s\n};\nNXLog_parsed_AIX_Audit_view();",
|
||||
"version": 1
|
||||
}
|
||||
},
|
||||
|
|
@ -494,7 +494,7 @@
|
|||
"support": {
|
||||
"name": "NXLog",
|
||||
"tier": "Partner",
|
||||
"link": "https://nxlog.co/user?destination=node/add/support-ticket"
|
||||
"link": "https://nxlog.co/support-tickets/add/support-ticket"
|
||||
}
|
||||
}
|
||||
},
|
||||
|
|
@ -503,7 +503,7 @@
|
|||
"apiVersion": "2022-01-01-preview",
|
||||
"location": "[parameters('workspace-location')]",
|
||||
"properties": {
|
||||
"version": "2.0.0",
|
||||
"version": "2.0.1",
|
||||
"kind": "Solution",
|
||||
"contentSchemaVersion": "2.0.0",
|
||||
"contentId": "[variables('_solutionId')]",
|
||||
|
|
@ -519,7 +519,7 @@
|
|||
"support": {
|
||||
"name": "NXLog",
|
||||
"tier": "Partner",
|
||||
"link": "https://nxlog.co/user?destination=node/add/support-ticket"
|
||||
"link": "https://nxlog.co/support-tickets/add/support-ticket"
|
||||
},
|
||||
"dependencies": {
|
||||
"operator": "AND",
|
||||
|
|
|
|||
|
|
@ -10,10 +10,6 @@
|
|||
"support": {
|
||||
"name": "NXLog",
|
||||
"tier": "Partner",
|
||||
"link": "https://nxlog.co/user?destination=node/add/support-ticket"
|
||||
"link": "https://nxlog.co/support-tickets/add/support-ticket"
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче