Updating underlying technologies for solutions
This commit is contained in:
Родитель
871953a5ea
Коммит
f56276df2a
|
@ -2,7 +2,7 @@
|
|||
"Name": "CrowdStrike Falcon Endpoint Protection",
|
||||
"Author": "Microsoft - support@microsoft.com",
|
||||
"Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/CrowdStrike%20Falcon%20Endpoint%20Protection/Data%20Connectors/Logo/crowdstrike.svg\" width=\"75px\" height=\"75px\">",
|
||||
"Description": "The [CrowdStrike Falcon Endpoint Protection](https://www.crowdstrike.com/products/) solution allows you to easily connect your CrowdStrike Falcon Event Stream with Microsoft Sentinel, to create custom dashboards, alerts, and improve investigation. This gives you more insight into your organization's endpoints and improves your security operation capabilities.\n\n**Underlying Microsoft Technologies used:**\n\nThis solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\n\n1. [Agent-based log collection (Syslog)](https://docs.microsoft.com/azure/sentinel/connect-syslog)\n2. [Azure Monitor Logs: DCR-based Custom Logs](https://learn.microsoft.com/azure/azure-monitor/logs/custom-logs-overview)\n3. [Codeless Connector Platform (CCP)](https://learn.microsoft.com/azure/sentinel/create-codeless-connector?tabs=deploy-via-arm-template%2Cconnect-via-the-azure-portal)",
|
||||
"Description": "The [CrowdStrike Falcon Endpoint Protection](https://www.crowdstrike.com/products/) solution allows you to easily connect your CrowdStrike Falcon Event Stream with Microsoft Sentinel, to create custom dashboards, alerts, and improve investigation. This gives you more insight into your organization's endpoints and improves your security operation capabilities.\n\n**Underlying Microsoft Technologies used:**\n\nThis solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\n\n1. [Agent-based log collection (Syslog)](https://docs.microsoft.com/azure/sentinel/connect-syslog)\n2. [Azure Monitor Logs: DCR-based Custom Logs](https://learn.microsoft.com/azure/azure-monitor/logs/custom-logs-overview)",
|
||||
"Data Connectors": [
|
||||
"Data Connectors/CrowdstrikeReplicator/CrowdstrikeReplicator_API_FunctionApp.json",
|
||||
"Data Connectors/Connector_Syslog_CrowdStrikeFalconEndpointProtection.json",
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
"Name": "Zscaler Private Access (ZPA)",
|
||||
"Author": "Microsoft - support@microsoft.com",
|
||||
"Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/ZscalerLogo.svg\" width=\"75px\" height=\"75px\">",
|
||||
"Description": "The [Zscaler Private Access (ZPA)](https://www.zscaler.com/) solution provides the capability to ingest [Zscaler Private Access events](https://help.zscaler.com/zpa/what-zscaler-private-access) into Microsoft Sentinel.\n\n**Underlying Microsoft Technologies used:**\n\nThis solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs\n\n a. [Azure Monitor HTTP Data Collector API](https://docs.microsoft.com/azure/azure-monitor/logs/data-collector-api)",
|
||||
"Description": "The [Zscaler Private Access (ZPA)](https://www.zscaler.com/) solution provides the capability to ingest [Zscaler Private Access events](https://help.zscaler.com/zpa/what-zscaler-private-access) into Microsoft Sentinel.\n\n**Underlying Microsoft Technologies used:**\n\nThis solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs\n\n a. a. [Agent-based log collection (CEF over Syslog)](https://learn.microsoft.com/en-us/azure/sentinel/connect-common-event-format?WT.mc_id=Portal-fx)",
|
||||
"Workbooks": [
|
||||
"Workbooks/ZscalerZPA.json"
|
||||
],
|
||||
|
@ -12,29 +12,29 @@
|
|||
"Hunting Queries": [
|
||||
"Hunting Queries/ZscalerAbnormalTotalBytesSize.yaml",
|
||||
"Hunting Queries/ZscalerApplicationByUsers.yaml",
|
||||
"Hunting Queries/ZscalerConnectionCloseReason.yaml",
|
||||
"Hunting Queries/ZscalerIPsByPorts.yaml",
|
||||
"Hunting Queries/ZscalerSourceLocation.yaml",
|
||||
"Hunting Queries/ZscalerTopConnectors.yaml",
|
||||
"Hunting Queries/ZscalerTopSourceIP.yaml",
|
||||
"Hunting Queries/ZscalerUrlhostname.yaml",
|
||||
"Hunting Queries/ZscalerUserAccessGroups.yaml",
|
||||
"Hunting Queries/ZscalerUserServerErrors.yaml"
|
||||
],
|
||||
"Hunting Queries/ZscalerConnectionCloseReason.yaml",
|
||||
"Hunting Queries/ZscalerIPsByPorts.yaml",
|
||||
"Hunting Queries/ZscalerSourceLocation.yaml",
|
||||
"Hunting Queries/ZscalerTopConnectors.yaml",
|
||||
"Hunting Queries/ZscalerTopSourceIP.yaml",
|
||||
"Hunting Queries/ZscalerUrlhostname.yaml",
|
||||
"Hunting Queries/ZscalerUserAccessGroups.yaml",
|
||||
"Hunting Queries/ZscalerUserServerErrors.yaml"
|
||||
],
|
||||
"Parsers": [
|
||||
"Parsers/ZPAEvent.txt"
|
||||
],
|
||||
"Analytic Rules": [
|
||||
"Analytic Rules/ZscalerSharedZPASession.yaml",
|
||||
"Analytic Rules/ZscalerUnexpectedCountEventResult.yaml",
|
||||
"Analytic Rules/ZscalerUnexpectedCountries.yaml",
|
||||
"Analytic Rules/ZscalerUnexpectedUpdateOperation.yaml",
|
||||
"Analytic Rules/ZscalerZPAConnectionsByDormantUser.yaml",
|
||||
"Analytic Rules/ZscalerZPAConnectionsByNewUser.yaml",
|
||||
"Analytic Rules/ZscalerZPAConnectionsFromNewCountry.yaml",
|
||||
"Analytic Rules/ZscalerZPAConnectionsFromNewIP.yaml",
|
||||
"Analytic Rules/ZscalerZPAConnectionsOutsideOperationalHours.yaml",
|
||||
"Analytic Rules/ZscalerZPAUnexpectedSessionDuration.yaml"
|
||||
"Analytic Rules/ZscalerUnexpectedCountries.yaml",
|
||||
"Analytic Rules/ZscalerUnexpectedUpdateOperation.yaml",
|
||||
"Analytic Rules/ZscalerZPAConnectionsByDormantUser.yaml",
|
||||
"Analytic Rules/ZscalerZPAConnectionsByNewUser.yaml",
|
||||
"Analytic Rules/ZscalerZPAConnectionsFromNewCountry.yaml",
|
||||
"Analytic Rules/ZscalerZPAConnectionsFromNewIP.yaml",
|
||||
"Analytic Rules/ZscalerZPAConnectionsOutsideOperationalHours.yaml",
|
||||
"Analytic Rules/ZscalerZPAUnexpectedSessionDuration.yaml"
|
||||
],
|
||||
"Metadata": "SolutionMetadata.json",
|
||||
"BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\Zscaler Private Access (ZPA)",
|
||||
|
|
Загрузка…
Ссылка в новой задаче