Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Solution repackaged and createui added

This commit is contained in:
PrasadBoke 2024-01-23 14:10:08 +05:30
Родитель 8ae5d97f04
Коммит feabedc0b8
4 изменённых файлов: 38 добавлений и 36 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

Двоичные данные
Solutions/BitSight/Package/3.0.0.zip
Просмотреть файл

Двоичный файл не отображается.

2
Solutions/BitSight/Package/createUiDefinition.json
Просмотреть файл

@ -6,7 +6,7 @@
"config": {
"isWizard": false,
"basics": {
"description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/BitSight.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** _There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing._\n\nThe BitSight solution enables security operations teams to integrate insights from BitSights Data Observability services into Microsoft Sentinel. The insights include Security Ratings, Count of Observations by Risk Vector, Compromised Systems, Infections, Count of Diligence Observations and Vulnerabilities for companies in your portfolio.\n\n**Data Connectors:** 1, **Parsers:** 11, **Workbooks:** 1, **Analytic Rules:** 6\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
"description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/BitSight.svg\" width=\"75px\" height=\"75px\">\n\n***Note:** Please refer to the following before installing the solution: \r \n • Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/BitSight/ReleaseNotes.md)\r \n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe BitSight solution enables security operations teams to integrate insights from BitSight's Data Observability services into Microsoft Sentinel. The insights include Security Ratings, Count of Observations by Risk Vector, Compromised Systems, Infections, Count of Diligence Observations and Vulnerabilities for companies in your portfolio.\n\n**Data Connectors:** 1, **Parsers:** 11, **Workbooks:** 1, **Analytic Rules:** 6\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
"subscription": {
"resourceProviders": [
"Microsoft.OperationsManagement/solutions",

64
Solutions/BitSight/Package/mainTemplate.json
Просмотреть файл

@ -347,10 +347,10 @@
"status": "Available",
"requiredDataConnectors": [
{
"connectorId": "BitSight",
"dataTypes": [
"BitSightGraphData"
],
"connectorId": "BitSight"
]
}
],
"tactics": [
@ -360,8 +360,8 @@
"aggregationKind": "AlertPerResult"
},
"customDetails": {
"CompanyName": "CompanyName",
"CompanyRating": "Rating"
"CompanyRating": "Rating",
"CompanyName": "CompanyName"
},
"alertDetailsOverride": {
"alertDisplayNameFormat": "BitSight : Alert for >10% drop in ratings of {{CompanyName}}.",
@ -451,10 +451,10 @@
"status": "Available",
"requiredDataConnectors": [
{
"connectorId": "BitSight",
"dataTypes": [
"BitSightAlerts"
],
"connectorId": "BitSight"
]
}
],
"tactics": [
@ -462,22 +462,22 @@
],
"entityMappings": [
{
"entityType": "URL",
"fieldMappings": [
{
"identifier": "Url",
"columnName": "CompanyURL"
}
],
"entityType": "URL"
]
}
],
"eventGroupingSettings": {
"aggregationKind": "AlertPerResult"
},
"alertDetailsOverride": {
"alertDisplayNameFormat": "BitSight: Alert for {{Trigger}} in {{CompanyName}} from bitsight.",
"alertDescriptionFormat": "Alert generated on {{AlertDate}} in BitSight.\\n\\nCompany URL: {{CompanyURL}}\\nAlert GUID: {{GUID}}",
"alertSeverityColumnName": "Severity",
"alertDescriptionFormat": "Alert generated on {{AlertDate}} in BitSight.\\n\\nCompany URL: {{CompanyURL}}\\nAlert GUID: {{GUID}}"
"alertDisplayNameFormat": "BitSight: Alert for {{Trigger}} in {{CompanyName}} from bitsight."
},
"incidentConfiguration": {
"createIncident": false
@ -563,10 +563,10 @@
"status": "Available",
"requiredDataConnectors": [
{
"connectorId": "BitSight",
"dataTypes": [
"BitSightFindingsData"
],
"connectorId": "BitSight"
]
}
],
"tactics": [
@ -574,6 +574,7 @@
],
"entityMappings": [
{
"entityType": "Malware",
"fieldMappings": [
{
"identifier": "Name",
@ -583,17 +584,16 @@
"identifier": "Category",
"columnName": "RiskCategory"
}
],
"entityType": "Malware"
]
}
],
"eventGroupingSettings": {
"aggregationKind": "AlertPerResult"
},
"alertDetailsOverride": {
"alertDisplayNameFormat": "BitSight: Alert for {{RiskVector}} in {{CompanyName}} from BitSight",
"alertDescriptionFormat": "Alert is generated for {{CompanyName}}.\\n\\nRisk Vector: {{RiskVector}}\\nTemporaryId: {{TemporaryId}}\\nRisk Category: Compromised Systems",
"alertSeverityColumnName": "Severity",
"alertDescriptionFormat": "Alert is generated for {{CompanyName}}.\\n\\nRisk Vector: {{RiskVector}}\\nTemporaryId: {{TemporaryId}}\\nRisk Category: Compromised Systems"
"alertDisplayNameFormat": "BitSight: Alert for {{RiskVector}} in {{CompanyName}} from BitSight"
},
"incidentConfiguration": {
"createIncident": true
@ -679,10 +679,10 @@
"status": "Available",
"requiredDataConnectors": [
{
"connectorId": "BitSight",
"dataTypes": [
"BitSightFindingsData"
],
"connectorId": "BitSight"
]
}
],
"tactics": [
@ -690,6 +690,7 @@
],
"entityMappings": [
{
"entityType": "Malware",
"fieldMappings": [
{
"identifier": "Name",
@ -699,17 +700,16 @@
"identifier": "Category",
"columnName": "RiskCategory"
}
],
"entityType": "Malware"
]
}
],
"eventGroupingSettings": {
"aggregationKind": "AlertPerResult"
},
"alertDetailsOverride": {
"alertDisplayNameFormat": "BitSight: Alert for {{RiskVector}} in {{CompanyName}} from BitSight",
"alertDescriptionFormat": "Alert is generated for {{CompanyName}}.\\n\\nRisk Vector: {{RiskVector}}\\nTemporaryId: {{TemporaryId}}\\nRisk Category: Diligence",
"alertSeverityColumnName": "Severity",
"alertDescriptionFormat": "Alert is generated for {{CompanyName}}.\\n\\nRisk Vector: {{RiskVector}}\\nTemporaryId: {{TemporaryId}}\\nRisk Category: Diligence"
"alertDisplayNameFormat": "BitSight: Alert for {{RiskVector}} in {{CompanyName}} from BitSight"
},
"incidentConfiguration": {
"createIncident": false
@ -795,10 +795,10 @@
"status": "Available",
"requiredDataConnectors": [
{
"connectorId": "BitSight",
"dataTypes": [
"BitSightGraphData"
],
"connectorId": "BitSight"
]
}
],
"tactics": [
@ -808,8 +808,8 @@
"aggregationKind": "AlertPerResult"
},
"customDetails": {
"CompanyName": "CompanyName",
"CompanyRating": "Rating"
"CompanyRating": "Rating",
"CompanyName": "CompanyName"
},
"alertDetailsOverride": {
"alertDisplayNameFormat": "BitSight : Alert for drop in the headline rating of {{CompanyName}}.",
@ -899,10 +899,10 @@
"status": "Available",
"requiredDataConnectors": [
{
"connectorId": "BitSight",
"dataTypes": [
"BitSightBreaches"
],
"connectorId": "BitSight"
]
}
],
"tactics": [
@ -910,22 +910,22 @@
],
"entityMappings": [
{
"entityType": "URL",
"fieldMappings": [
{
"identifier": "Url",
"columnName": "PreviwURL"
}
],
"entityType": "URL"
]
}
],
"eventGroupingSettings": {
"aggregationKind": "AlertPerResult"
},
"alertDetailsOverride": {
"alertDisplayNameFormat": "BitSight: Alert for new breach in {{Companyname}}.",
"alertDescriptionFormat": "Alert is generated on {{DateCreated}} at BitSight.\\n\\nGUID: {{GUID}}\\nPreview URL: {{PreviwURL}}",
"alertSeverityColumnName": "Severity",
"alertDescriptionFormat": "Alert is generated on {{DateCreated}} at BitSight.\\n\\nGUID: {{GUID}}\\nPreview URL: {{PreviwURL}}"
"alertDisplayNameFormat": "BitSight: Alert for new breach in {{Companyname}}."
},
"incidentConfiguration": {
"createIncident": false

8
Solutions/BitSight/ReleaseNotes.md
Просмотреть файл

@ -1,3 +1,5 @@
| **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** |
|-------------|--------------------------------|---------------------------------------------|
| 3.0.0 | 12-01-2024 | Updated data connector code with the fix of pagination and checkpoint related issue and repackaged it with v3 tool |
| **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** |
|-------------|--------------------------------|--------------------------------------------------------------------|
| 3.0.0 | 23-01-2024 | Updated **Data Connector** code with the fix of Pagination and Checkpoint related issue |