Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

[SOAR] threatx solution package submition

This commit is contained in:
Manish Kumar 2022-09-26 17:24:10 +05:30
Родитель e8c62c6980
Коммит fff0677290
5 изменённых файлов: 3164 добавлений и 0 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

Двоичные данные
Solutions/ThreatXCloud/Package/2.0.0.zip Normal file
Просмотреть файл

Двоичный файл не отображается.

89
Solutions/ThreatXCloud/Package/createUiDefinition.json Normal file
Просмотреть файл

@ -0,0 +1,89 @@
{
"$schema": "https://schema.management.azure.com/schemas/0.1.2-preview/CreateUIDefinition.MultiVm.json#",
"handler": "Microsoft.Azure.CreateUIDef",
"version": "0.1.2-preview",
"parameters": {
"config": {
"isWizard": false,
"basics": {
"description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/threatx_logo.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** _There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing._\n\nThe [ThreatX](https://www.threatx.com/products/) solution for Microsoft Sentinel provides an automation approach to analyst for remediate the attacks happening at application level by blocking the suspicious ip and url and also empowers them to gather the threat intelligence data for the malicious ip activity. This solution includes SOAR Connector and Playbooks by which the analyst can automate the security operations tasks\n\n**Custom Azure Logic Apps Connectors:** 1, **Playbooks:** 2\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
"subscription": {
"resourceProviders": [
"Microsoft.OperationsManagement/solutions",
"Microsoft.OperationalInsights/workspaces/providers/alertRules",
"Microsoft.Insights/workbooks",
"Microsoft.Logic/workflows"
]
},
"location": {
"metadata": {
"hidden": "Hiding location, we get it from the log analytics workspace"
},
"visible": false
},
"resourceGroup": {
"allowExisting": true
}
}
},
"basics": [
{
"name": "getLAWorkspace",
"type": "Microsoft.Solutions.ArmApiControl",
"toolTip": "This filters by workspaces that exist in the Resource Group selected",
"condition": "[greater(length(resourceGroup().name),0)]",
"request": {
"method": "GET",
"path": "[concat(subscription().id,'/providers/Microsoft.OperationalInsights/workspaces?api-version=2020-08-01')]"
}
},
{
"name": "workspace",
"type": "Microsoft.Common.DropDown",
"label": "Workspace",
"placeholder": "Select a workspace",
"toolTip": "This dropdown will list only workspace that exists in the Resource Group selected",
"constraints": {
"allowedValues": "[map(filter(basics('getLAWorkspace').value, (filter) => contains(toLower(filter.id), toLower(resourceGroup().name))), (item) => parse(concat('{\"label\":\"', item.name, '\",\"value\":\"', item.name, '\"}')))]",
"required": true
},
"visible": true
}
],
"steps": [
{
"name": "playbooks",
"label": "Playbooks",
"subLabel": {
"preValidation": "Configure the playbooks",
"postValidation": "Done"
},
"bladeTitle": "Playbooks",
"elements": [
{
"name": "playbooks-text",
"type": "Microsoft.Common.TextBlock",
"options": {
"text": "This solution installs the Playbook templates to help implement your Security Orchestration, Automation and Response (SOAR) operations. After installing the solution, these will be deployed under Playbook Templates in the Automation blade in Microsoft Sentinel. They can be configured and managed from the Manage solution view in Content Hub."
}
},
{
"name": "playbooks-link",
"type": "Microsoft.Common.TextBlock",
"options": {
"link": {
"label": "Learn more",
"uri": "https://docs.microsoft.com/azure/sentinel/tutorial-respond-threats-playbook?WT.mc_id=Portal-Microsoft_Azure_CreateUIDef"
}
}
}
]
}
],
"outputs": {
"workspace-location": "[first(map(filter(basics('getLAWorkspace').value, (filter) => and(contains(toLower(filter.id), toLower(resourceGroup().name)),equals(filter.name,basics('workspace')))), (item) => item.location))]",
"location": "[location()]",
"workspace": "[basics('workspace')]"
}
}
}

3043
Solutions/ThreatXCloud/Package/mainTemplate.json Normal file
Просмотреть файл

Различия файлов скрыты, потому что одна или несколько строк слишком длинны

16
Solutions/ThreatXCloud/SolutionMetadata.json Normal file
Просмотреть файл

@ -0,0 +1,16 @@
{
"publisherId": "azuresentinel",
"offerId": "azure-sentinel-threatxcloud",
"firstPublishDate": "2022-09-23",
"lastPublishDate": "2022-09-23",
"providers": ["ThreatXCloud"],
"categories": {
"domains": ["Security – Automation (SOAR)","Security - Threat Protection"]
},
"support": {
"name": "Microsoft Corporation",
"email": "support@microsoft.com",
"tier": "Microsoft",
"link": "https://support.microsoft.com"
}
}

16
Solutions/ThreatXCloud/data/Solution_ThreatXCloud.json Normal file
Просмотреть файл

@ -0,0 +1,16 @@
{
"Name": "ThreatXCloud",
"Author": "Microsoft - support@microsoft.com",
"Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/threatx_logo.svg\" width=\"75px\" height=\"75px\">",
"Description": "The [ThreatX](https://www.threatx.com/products/) solution for Microsoft Sentinel provides an automation approach to analyst for remediate the attacks happening at application level by blocking the suspicious ip and url and also empowers them to gather the threat intelligence data for the malicious ip activity. This solution includes SOAR Connector and Playbooks by which the analyst can automate the security operations tasks",
"Playbooks": [
"Playbooks/CustomConnector/ThreatXCustomConnector/azuredeploy.json",
"Playbooks/ThreatXPlaybooks/ThreatX-BlockIP-URL/azuredeploy.json",
"Playbooks/ThreatXPlaybooks/ThreatX-Enrichment/azuredeploy.json"
],
"Metadata": "SolutionMetadata.json",
"BasePath": "C:\\One\\Azure-Sentinel\\Solutions\\ThreatXCloud",
"Version": "2.0.0",
"TemplateSpec": true,
"Is1PConnector": false
}