* Update Tanium playbooks to remove the forwarder
Previously the Tanium solution playbooks required a separate service to
handle communication to and from the Tanium APIs. These new/updated
playbooks talk directly to the Tanium APIs.
* Update wording as required
* Update Sentinel reference in Analytic Rules
* Update Tanium Workbook in solution
* Add new build scripts
Based on other solutions I think these can live happily in our solution
directory and will be ignored by builds.
* Add previous 1.0.9 zip file
Other solutions have their historic builds so we can do the same.
* Rename AlertsApi to ThreatResponseAlertsApi
It's better to make the variable names as easy to read as possible.
* Rename ApiGatewayUri variable
It's better to make the variable names as readable as possible.
* Switch ResolveThreatResponseAlert to API Gateway
* Add diff commands to check output
* Tanium Solution version 1.0.10
* Use different default integration account names
Jenu ran into this error with the build
```
{
"code": "InvalidTemplate",
"message": "Deployment template validation failed: 'The resource 'Microsoft.Logic/integrationAccounts/Tanium-LogicApp' at line '272' and column '9' is defined multiple times in a template. Please see https://aka.ms/arm-template/#resources for usage details.'."
}
```
* Switch const to var for inline JavaScript
The const declaration worked just fine in playbooks, even importing
playbooks: but Jenu ran into this error
```json
{
"code": "InlineCodeParsingFailure",
"message": "'The input parameter 'code' for inline code action 'Flatten_API_Gateway_endpoints' contains invalid code. Parsing the code failed with error 'Line 1: Unexpected token const'.'. Status code: 'BadRequest'."
},
```
* Error the build if the version already exists
* Update build 1.0.10
* Code JavaScriptCode to a strict standard
* only var (no let or const)
* semicolons for all statements
* windows line endings
* indent with tab characters
* only old style `function` functions
* Explain how to rebuild a version if needed
* Update Tanium 1.0.10 solution package
The key change here is that the JavaScriptCode actions are now using a
strict form of JavaScript to hopefully help with the import validations
* semicolons on all statements
* only var: no let or const
* windows line endings
* tab characters for indentation
* es5 style functions i.e. `function() {}` instead of `() => {}`
* Update Tanium solution README
* Remove locale from README documentation links
* Replace "SecureString" with "securestring"
Per spec: https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json
```
["string","securestring","int","bool","object","secureObject","array"]
```
* Update the Tanium solution 1.0.10 build
* Provide "endCursor: null" unless paginating
This ensures the API Gateway doesn't get confused and return an error
"must refer to an active cursor"
* Fix TDS "allNamespaces" option
* Add playbook to gather SCCM Client Health
* Fix header of SCCMClientHealth README
* Add playbook to gather Microsoft Defender health
* Add playbook for Comply Findings
* Add new playbooks to solution build
* Remove explicit endCursor: null declaration
That declaration is just fine to Logic Apps, but the Sentinel Solutions
build declares errors
```
Template Should Not Contain Blanks
[-] Template Should Not Contain Blanks (5033 ms)
Empty property: null Line: 685, Column: 200
Empty property: null Line: 1096, Column: 200
Empty property: null Line: 1493, Column: 200
Empty property: null Line: 1904, Column: 200
Empty property: null Line: 2301, Column: 200
Empty property: null Line: 2712, Column: 200
Empty property: null Line: 4572, Column: 200
Empty property: null Line: 5209, Column: 200
Empty property: null Line: 5845, Column: 200
Empty property: null Line: 6256, Column: 200
Empty property: null Line: 8116, Column: 200
Empty property: null Line: 8715, Column: 200
```
* Update the Tanium Solution v1.0.10 build
* Fix whitespace in build script
* Use Tanium logo from the "Logos" directory
As required.
* Move input.json into Data directory
As required by PR https://github.com/Azure/Azure-Sentinel/pull/6016
* Move build scripts to Solution/Tanium
This aligns our solution to others e.g.
* Solutions/SAP
* Solutions/HoneyTokens
As required by PR https://github.com/Azure/Azure-Sentinel/pull/6016
* Update 1.0.10 Tanium solution build
* Updated logo
* Add "Deploy to Azure" and "Deploy to Azure Gov"
As required by the PR: https://github.com/Azure/Azure-Sentinel/pull/6016
* Add screenshots to each Tanium playbook README
* Update Tanium solution README
* Update Tanium solution package v1.0.10
* Add sample data for additional Tanium tables
* TaniumHighUptime_CL
* TaniumPatchListApplicability_CL
* TaniumPatchListCompliance_CL
* Update TaniumThreatResponse_CL sample data
* Add JSON representation of TaniumThreatResponse_CL
* Add Tanium Workbook metadata to V2 tooling
* Add screenshots for the Tanium Solution workbook
* Add Tanium logo to Workbooks
* Update Tanium solution last published date
* Update Tanium solution metadata for V2 build
* Update Tanium build_solution for V2
* Update playbook API versions per documentation
as in: Tools/Create-Azure-Sentinel-Solution/V2/README.md
* Build 2.0.0 version of Tanium solution
This is still what was going into the 1.0.10 version but now using the
V2 build process. While I was updating all of the metadata for V2 I
figured this solution build is different enough from 1.0.9 that we
should bump a major version. This is the solution build that no longer
requires the forwarder VM.
* Rebuild Solutions/Tanium from latest master
* Fix note to run check_build.sh
* Check for unzip when running check_build.sh
* Add steps explaining how to check files manually
* Expand declared metadata for Tanium playbooks
As required: https://github.com/Azure/Azure-Sentinel/tree/master/docs/New%20Playbooks%20Contribution%20Guide#add-metadata
* Build Tanium solution 2.0.0 with playbook metadata
* Remove the unused Data Connector
* Tanium Solution 2.0.0 without data connector
* Tanium Solution 2.0.0 after rebasing with upstream
* Fix workbooks missing from Tanium solution
alex collins
NikTripathi
Stephen Ball
Ian Hands