Updating underlying technologies for solutions

This commit is contained in:
v-sabiraj 2024-02-02 15:13:12 +05:30
Родитель 871953a5ea
Коммит f56276df2a
2 изменённых файлов: 19 добавлений и 19 удалений

Просмотреть файл

@ -2,7 +2,7 @@
"Name": "CrowdStrike Falcon Endpoint Protection",
"Author": "Microsoft - support@microsoft.com",
"Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/CrowdStrike%20Falcon%20Endpoint%20Protection/Data%20Connectors/Logo/crowdstrike.svg\" width=\"75px\" height=\"75px\">",
"Description": "The [CrowdStrike Falcon Endpoint Protection](https://www.crowdstrike.com/products/) solution allows you to easily connect your CrowdStrike Falcon Event Stream with Microsoft Sentinel, to create custom dashboards, alerts, and improve investigation. This gives you more insight into your organization's endpoints and improves your security operation capabilities.\n\n**Underlying Microsoft Technologies used:**\n\nThis solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\n\n1. [Agent-based log collection (Syslog)](https://docs.microsoft.com/azure/sentinel/connect-syslog)\n2. [Azure Monitor Logs: DCR-based Custom Logs](https://learn.microsoft.com/azure/azure-monitor/logs/custom-logs-overview)\n3. [Codeless Connector Platform (CCP)](https://learn.microsoft.com/azure/sentinel/create-codeless-connector?tabs=deploy-via-arm-template%2Cconnect-via-the-azure-portal)",
"Description": "The [CrowdStrike Falcon Endpoint Protection](https://www.crowdstrike.com/products/) solution allows you to easily connect your CrowdStrike Falcon Event Stream with Microsoft Sentinel, to create custom dashboards, alerts, and improve investigation. This gives you more insight into your organization's endpoints and improves your security operation capabilities.\n\n**Underlying Microsoft Technologies used:**\n\nThis solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\n\n1. [Agent-based log collection (Syslog)](https://docs.microsoft.com/azure/sentinel/connect-syslog)\n2. [Azure Monitor Logs: DCR-based Custom Logs](https://learn.microsoft.com/azure/azure-monitor/logs/custom-logs-overview)",
"Data Connectors": [
"Data Connectors/CrowdstrikeReplicator/CrowdstrikeReplicator_API_FunctionApp.json",
"Data Connectors/Connector_Syslog_CrowdStrikeFalconEndpointProtection.json",

Просмотреть файл

@ -2,7 +2,7 @@
"Name": "Zscaler Private Access (ZPA)",
"Author": "Microsoft - support@microsoft.com",
"Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/ZscalerLogo.svg\" width=\"75px\" height=\"75px\">",
"Description": "The [Zscaler Private Access (ZPA)](https://www.zscaler.com/) solution provides the capability to ingest [Zscaler Private Access events](https://help.zscaler.com/zpa/what-zscaler-private-access) into Microsoft Sentinel.\n\n**Underlying Microsoft Technologies used:**\n\nThis solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs\n\n a. [Azure Monitor HTTP Data Collector API](https://docs.microsoft.com/azure/azure-monitor/logs/data-collector-api)",
"Description": "The [Zscaler Private Access (ZPA)](https://www.zscaler.com/) solution provides the capability to ingest [Zscaler Private Access events](https://help.zscaler.com/zpa/what-zscaler-private-access) into Microsoft Sentinel.\n\n**Underlying Microsoft Technologies used:**\n\nThis solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs\n\n a. a. [Agent-based log collection (CEF over Syslog)](https://learn.microsoft.com/en-us/azure/sentinel/connect-common-event-format?WT.mc_id=Portal-fx)",
"Workbooks": [
"Workbooks/ZscalerZPA.json"
],
@ -12,29 +12,29 @@
"Hunting Queries": [
"Hunting Queries/ZscalerAbnormalTotalBytesSize.yaml",
"Hunting Queries/ZscalerApplicationByUsers.yaml",
"Hunting Queries/ZscalerConnectionCloseReason.yaml",
"Hunting Queries/ZscalerIPsByPorts.yaml",
"Hunting Queries/ZscalerSourceLocation.yaml",
"Hunting Queries/ZscalerTopConnectors.yaml",
"Hunting Queries/ZscalerTopSourceIP.yaml",
"Hunting Queries/ZscalerUrlhostname.yaml",
"Hunting Queries/ZscalerUserAccessGroups.yaml",
"Hunting Queries/ZscalerUserServerErrors.yaml"
],
"Hunting Queries/ZscalerConnectionCloseReason.yaml",
"Hunting Queries/ZscalerIPsByPorts.yaml",
"Hunting Queries/ZscalerSourceLocation.yaml",
"Hunting Queries/ZscalerTopConnectors.yaml",
"Hunting Queries/ZscalerTopSourceIP.yaml",
"Hunting Queries/ZscalerUrlhostname.yaml",
"Hunting Queries/ZscalerUserAccessGroups.yaml",
"Hunting Queries/ZscalerUserServerErrors.yaml"
],
"Parsers": [
"Parsers/ZPAEvent.txt"
],
"Analytic Rules": [
"Analytic Rules/ZscalerSharedZPASession.yaml",
"Analytic Rules/ZscalerUnexpectedCountEventResult.yaml",
"Analytic Rules/ZscalerUnexpectedCountries.yaml",
"Analytic Rules/ZscalerUnexpectedUpdateOperation.yaml",
"Analytic Rules/ZscalerZPAConnectionsByDormantUser.yaml",
"Analytic Rules/ZscalerZPAConnectionsByNewUser.yaml",
"Analytic Rules/ZscalerZPAConnectionsFromNewCountry.yaml",
"Analytic Rules/ZscalerZPAConnectionsFromNewIP.yaml",
"Analytic Rules/ZscalerZPAConnectionsOutsideOperationalHours.yaml",
"Analytic Rules/ZscalerZPAUnexpectedSessionDuration.yaml"
"Analytic Rules/ZscalerUnexpectedCountries.yaml",
"Analytic Rules/ZscalerUnexpectedUpdateOperation.yaml",
"Analytic Rules/ZscalerZPAConnectionsByDormantUser.yaml",
"Analytic Rules/ZscalerZPAConnectionsByNewUser.yaml",
"Analytic Rules/ZscalerZPAConnectionsFromNewCountry.yaml",
"Analytic Rules/ZscalerZPAConnectionsFromNewIP.yaml",
"Analytic Rules/ZscalerZPAConnectionsOutsideOperationalHours.yaml",
"Analytic Rules/ZscalerZPAUnexpectedSessionDuration.yaml"
],
"Metadata": "SolutionMetadata.json",
"BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\Zscaler Private Access (ZPA)",