AWS Systems Manager solution

2023-07-04 10:22:08 +05:30 · 2023-07-04 10:22:08 +05:30 · f11957ea24
--- a/Manager/Data/Solution_AWSSystemsManager.json
+++ b/Manager/Data/Solution_AWSSystemsManager.json
@ -0,0 +1,21 @@
+{
+  "Name": "AWS Systems Manager",
+  "Author": "Microsoft - support@microsoft.com",
+  "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/AWS%20Systems%20Manager/Playbooks/aws-logo.svg\" width=\"75px\" height=\"75px\">",
+  "Description": "[AWS Systems Manager](https://docs.aws.amazon.com/systems-manager/latest/userguide/what-is-systems-manager.html) is the operations hub for your AWS applications and resources and a secure end-to-end management solution for [hybrid and multicloud](https://docs.aws.amazon.com/systems-manager/latest/userguide/operating-systems-and-machine-types.html#supported-machine-types) environments that enables secure operations at scale. This solution helps to enhance your SOAR capabilities by integrating Sentinel with AWS manager.",
+  "Playbooks": [
+    "Playbooks/CustomConnector/AWS_SSM_FunctionAppConnector/azuredeploy.json",
+    "Playbooks/AWSSystemsManagerPlaybooks/AWS-SSM-GetInstancePatches/azuredeploy.json",
+    "Playbooks/AWSSystemsManagerPlaybooks/AWS-SSM-GetInstancePatches-HostEntityTrigger/azuredeploy.json",
+    "Playbooks/AWSSystemsManagerPlaybooks/AWS-SSM-GetInstancePatches-IPEntityTrigger/azuredeploy.json",
+    "Playbooks/AWSSystemsManagerPlaybooks/AWS-SSM-RunAutomationRunbook/azuredeploy.json",
+    "Playbooks/AWSSystemsManagerPlaybooks/AWS-SSM-StopManagedInstance/azuredeploy.json",
+    "Playbooks/AWSSystemsManagerPlaybooks/AWS-SSM-StopManagedInstance-HostEntityTrigger/azuredeploy.json",
+    "Playbooks/AWSSystemsManagerPlaybooks/AWS-SSM-StopManagedInstance-IPEntityTrigger/azuredeploy.json"
+  ],
+  "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\AWS Systems Manager",
+  "Version": "3.0.0",
+  "Metadata": "SolutionMetadata.json",
+  "TemplateSpec": true,
+  "Is1Pconnector": false
+}
--- a/Manager/Package/3.0.0.zip
+++ b/Manager/Package/3.0.0.zip
--- a/Manager/Package/createUiDefinition.json
+++ b/Manager/Package/createUiDefinition.json
@ -0,0 +1,89 @@
+{
+  "$schema": "https://schema.management.azure.com/schemas/0.1.2-preview/CreateUIDefinition.MultiVm.json#",
+  "handler": "Microsoft.Azure.CreateUIDef",
+  "version": "0.1.2-preview",
+  "parameters": {
+    "config": {
+      "isWizard": false,
+      "basics": {
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/AWS%20Systems%20Manager/Playbooks/aws-logo.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** _There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing._\n\n[AWS Systems Manager](https://docs.aws.amazon.com/systems-manager/latest/userguide/what-is-systems-manager.html) is the operations hub for your AWS applications and resources and a secure end-to-end management solution for [hybrid and multicloud](https://docs.aws.amazon.com/systems-manager/latest/userguide/operating-systems-and-machine-types.html#supported-machine-types) environments that enables secure operations at scale. This solution helps to enhance your SOAR capabilities by integrating Sentinel with AWS manager.\n\n**Function Apps:** 1, **Playbooks:** 7\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "subscription": {
+          "resourceProviders": [
+            "Microsoft.OperationsManagement/solutions",
+            "Microsoft.OperationalInsights/workspaces/providers/alertRules",
+            "Microsoft.Insights/workbooks",
+            "Microsoft.Logic/workflows"
+          ]
+        },
+        "location": {
+          "metadata": {
+            "hidden": "Hiding location, we get it from the log analytics workspace"
+          },
+          "visible": false
+        },
+        "resourceGroup": {
+          "allowExisting": true
+        }
+      }
+    },
+    "basics": [
+      {
+        "name": "getLAWorkspace",
+        "type": "Microsoft.Solutions.ArmApiControl",
+        "toolTip": "This filters by workspaces that exist in the Resource Group selected",
+        "condition": "[greater(length(resourceGroup().name),0)]",
+        "request": {
+          "method": "GET",
+          "path": "[concat(subscription().id,'/providers/Microsoft.OperationalInsights/workspaces?api-version=2020-08-01')]"
+        }
+      },
+      {
+        "name": "workspace",
+        "type": "Microsoft.Common.DropDown",
+        "label": "Workspace",
+        "placeholder": "Select a workspace",
+        "toolTip": "This dropdown will list only workspace that exists in the Resource Group selected",
+        "constraints": {
+          "allowedValues": "[map(filter(basics('getLAWorkspace').value, (filter) => contains(toLower(filter.id), toLower(resourceGroup().name))), (item) => parse(concat('{\"label\":\"', item.name, '\",\"value\":\"', item.name, '\"}')))]",
+          "required": true
+        },
+        "visible": true
+      }
+    ],
+    "steps": [
+      {
+        "name": "playbooks",
+        "label": "Playbooks",
+        "subLabel": {
+          "preValidation": "Configure the playbooks",
+          "postValidation": "Done"
+        },
+        "bladeTitle": "Playbooks",
+        "elements": [
+          {
+            "name": "playbooks-text",
+            "type": "Microsoft.Common.TextBlock",
+            "options": {
+              "text": "This solution installs the Playbook templates to help implement your Security Orchestration, Automation and Response (SOAR) operations. After installing the solution, these will be deployed under Playbook Templates in the Automation blade in Microsoft Sentinel. They can be configured and managed from the Manage solution view in Content Hub."
+            }
+          },
+          {
+            "name": "playbooks-link",
+            "type": "Microsoft.Common.TextBlock",
+            "options": {
+              "link": {
+                "label": "Learn more",
+                "uri": "https://docs.microsoft.com/azure/sentinel/tutorial-respond-threats-playbook?WT.mc_id=Portal-Microsoft_Azure_CreateUIDef"
+              }
+            }
+          }
+        ]
+      }
+    ],
+    "outputs": {
+      "workspace-location": "[first(map(filter(basics('getLAWorkspace').value, (filter) => and(contains(toLower(filter.id), toLower(resourceGroup().name)),equals(filter.name,basics('workspace')))), (item) => item.location))]",
+      "location": "[location()]",
+      "workspace": "[basics('workspace')]"
+    }
+  }
+}
--- a/Manager/Package/mainTemplate.json
+++ b/Manager/Package/mainTemplate.json
--- a/Manager/SolutionMetadata.json
+++ b/Manager/SolutionMetadata.json
@ -0,0 +1,15 @@
+{
+	"publisherId": "azuresentinel",
+	"offerId": "azure-sentinel-solution-awssystemsmanager",
+	"firstPublishDate": "",
+	"providers": ["Amazon Web Services"],
+	"categories": {
+		"domains" : ["Security - Automation (SOAR)"]
+	},
+	"support": {
+		"tier": "Microsoft",
+		"name": "Microsoft Corporation",
+		"email": "support@microsoft.com",
+		"link": "https://support.microsoft.com/"
+	}
+}