141 строка
6.3 KiB
JSON
Executable File
141 строка
6.3 KiB
JSON
Executable File
{
|
|
"id": "OpenVPN",
|
|
"title": "OpenVPN Server",
|
|
"publisher": "OpenVPN",
|
|
"descriptionMarkdown": "The [OpenVPN](https://github.com/OpenVPN) data connector provides the capability to ingest OpenVPN Server logs into Microsoft Sentinel.",
|
|
"additionalRequirementBanner": "This data connector depends on a parser based on a Kusto Function to work as expected [**OpenVpnEvent**](https://aka.ms/sentinel-openvpn-parser) which is deployed with the Microsoft Sentinel Solution.",
|
|
"graphQueries": [{
|
|
"metricName": "Total data received",
|
|
"legend": "OpenVPN",
|
|
"baseQuery": "OpenVpnEvent"
|
|
}],
|
|
"sampleQueries": [{
|
|
"description": "Top 10 Sources",
|
|
"query": "OpenVpnEvent\n | summarize count() by tostring(SrcIpAddr)\n | top 10 by count_"
|
|
}],
|
|
"dataTypes": [{
|
|
"name": "Syslog(OpenVPN)",
|
|
"lastDataReceivedQuery": "OpenVpnEvent\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)"
|
|
}],
|
|
"connectivityCriterias": [{
|
|
"type": "IsConnectedQuery",
|
|
"value": [
|
|
"OpenVpnEvent\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)"
|
|
]
|
|
}],
|
|
"availability": {
|
|
"status": 1,
|
|
"isPreview": false
|
|
},
|
|
"permissions": {
|
|
"resourceProvider": [{
|
|
"provider": "Microsoft.OperationalInsights/workspaces",
|
|
"permissionsDisplayText": "write permission is required.",
|
|
"providerDisplayName": "Workspace",
|
|
"scope": "Workspace",
|
|
"requiredPermissions": {
|
|
"write": true,
|
|
"delete": true
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"instructionSteps": [{
|
|
"title": "",
|
|
"description": ">**NOTE:** This data connector depends on a parser based on a Kusto Function to work as expected [**OpenVpnEvent**](https://aka.ms/sentinel-openvpn-parser) which is deployed with the Microsoft Sentinel Solution.",
|
|
"instructions": []
|
|
},
|
|
{
|
|
"title": "1. Install and onboard the agent for Linux or Windows",
|
|
"description": "Install the agent on the Server where the OpenVPN are forwarded.\n\n> Logs from OpenVPN Server deployed on Linux or Windows servers are collected by **Linux** or **Windows** agents.",
|
|
"instructions": [{
|
|
"parameters": {
|
|
"title": "Choose where to install the Linux agent:",
|
|
"instructionSteps": [{
|
|
"title": "Install agent on Azure Linux Virtual Machine",
|
|
"description": "Select the machine to install the agent on and then click **Connect**.",
|
|
"instructions": [{
|
|
"parameters": {
|
|
"linkType": "InstallAgentOnLinuxVirtualMachine"
|
|
},
|
|
"type": "InstallAgent"
|
|
}]
|
|
},
|
|
{
|
|
"title": "Install agent on a non-Azure Linux Machine",
|
|
"description": "Download the agent on the relevant machine and follow the instructions.",
|
|
"instructions": [{
|
|
"parameters": {
|
|
"linkType": "InstallAgentOnLinuxNonAzure"
|
|
},
|
|
"type": "InstallAgent"
|
|
}]
|
|
}
|
|
]
|
|
},
|
|
"type": "InstructionStepsGroup"
|
|
}]
|
|
},
|
|
{
|
|
"instructions": [{
|
|
"parameters": {
|
|
"title": "Choose where to install the Windows agent:",
|
|
"instructionSteps": [{
|
|
"title": "Install agent on Azure Windows Virtual Machine",
|
|
"description": "Select the machine to install the agent on and then click **Connect**.",
|
|
"instructions": [{
|
|
"parameters": {
|
|
"linkType": "InstallAgentOnVirtualMachine"
|
|
},
|
|
"type": "InstallAgent"
|
|
}]
|
|
},
|
|
{
|
|
"title": "Install agent on a non-Azure Windows Machine",
|
|
"description": "Download the agent on the relevant machine and follow the instructions.",
|
|
"instructions": [{
|
|
"parameters": {
|
|
"linkType": "InstallAgentOnNonAzure"
|
|
},
|
|
"type": "InstallAgent"
|
|
}]
|
|
}
|
|
]
|
|
},
|
|
"type": "InstructionStepsGroup"
|
|
}]
|
|
},
|
|
{
|
|
"title": "2. Configure the logs to be collected",
|
|
"description": "Configure the facilities you want to collect and their severities.\n\n1. Under workspace advanced settings **Configuration**, select **Data** and then **Syslog**.\n2. Select **Apply below configuration to my machines** and select the facilities and severities.\n3. Click **Save**.",
|
|
"instructions": [
|
|
{
|
|
"parameters": {
|
|
"linkType": "OpenSyslogSettings"
|
|
},
|
|
"type": "InstallAgent"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"title": "3. Check your OpenVPN logs.",
|
|
"description": "OpenVPN server logs are written into common syslog file (depending on the Linux distribution used: e.g. /var/log/messages)"
|
|
}
|
|
],
|
|
"metadata" : {
|
|
"id": "67650481-6078-457a-9056-c5b7883fb9f9",
|
|
"version": "1.0.0",
|
|
"kind": "dataConnector",
|
|
"source": {
|
|
"kind": "solution"
|
|
},
|
|
"author": {
|
|
"name": "Microsoft"
|
|
},
|
|
"support": {
|
|
"name": "Microsoft",
|
|
"link": "https://support.microsoft.com/",
|
|
"tier": "Microsoft"
|
|
}
|
|
}
|
|
} |