39 строки
3.1 KiB
JSON
39 строки
3.1 KiB
JSON
{
|
|
"Name": "PaloAlto-PAN-OS",
|
|
"Author": "Microsoft - support@microsoft.com",
|
|
"Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/PaloAlto-PAN-OS/logo/Palo-alto-logo.png\" width=\"75px\" height=\"75px\">",
|
|
"Description": "The [Palo Alto Networks (Firewall)](https://www.paloaltonetworks.com/network-security/next-generation-firewall) Solution for Microsoft Sentinel allows you to easily connect your Palo Alto Networks Firewall logs with Microsoft Sentinel, to view dashboards, create custom alerts, and improve investigation. This gives you more insight into your organization's network and improves your security operation capabilities. This solution also contains playbooks to help in automated remediation. \n\n**Underlying Microsoft Technologies used:**\n\nThis solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs: \n\na. [Agent-based log collection (CEF over Syslog)](https://docs.microsoft.com/azure/sentinel/connect-common-event-format)",
|
|
"Data Connectors": [
|
|
"Solutions/PaloAlto-PAN-OS/Data Connectors/PaloAltoNetworks.json"
|
|
],
|
|
"Hunting Queries": [
|
|
"Solutions/PaloAlto-PAN-OS/Hunting Queries/PaloAlto-HighRiskPorts.yaml",
|
|
"Solutions/PaloAlto-PAN-OS/Hunting Queries/Palo Alto - potential beaconing detected.yaml"
|
|
],
|
|
"Workbooks": [
|
|
"Solutions/PaloAlto-PAN-OS/Workbooks/PaloAltoOverview.json",
|
|
"Solutions/PaloAlto-PAN-OS/Workbooks/PaloAltoNetworkThreat.json"
|
|
],
|
|
"Analytic Rules": [
|
|
"Solutions/PaloAlto-PAN-OS/Analytic Rules/PaloAlto-UnusualThreatSignatures.yaml",
|
|
"Solutions/PaloAlto-PAN-OS/Analytic Rules/FileHashEntity_Covid19_CommonSecurityLog.yaml",
|
|
"Solutions/PaloAlto-PAN-OS/Analytic Rules/PaloAlto-NetworkBeaconing.yaml",
|
|
"Solutions/PaloAlto-PAN-OS/Analytic Rules/PaloAlto-PortScanning.yaml"
|
|
],
|
|
"Playbooks": [
|
|
"Solutions/PaloAlto-PAN-OS/Playbooks/PaloAltoCustomConnector/PaloAlto_PAN-OS_Rest_API_CustomConnector/azuredeploy.json",
|
|
"Solutions/PaloAlto-PAN-OS/Playbooks/PaloAltoCustomConnector/PaloAlto_PAN-OS_XML_API_CustomConnector/azuredeploy.json",
|
|
"Solutions/PaloAlto-PAN-OS/Playbooks/PaloAltoPlaybooks/PaloAlto-PAN-OS-GetSystemInfo/azuredeploy.json",
|
|
"Solutions/PaloAlto-PAN-OS/Playbooks/PaloAltoPlaybooks/PaloAlto-PAN-OS-GetThreatPCAP/azuredeploy.json",
|
|
"Solutions/PaloAlto-PAN-OS/Playbooks/PaloAltoPlaybooks/PaloAlto-PAN-OS-GetURLCategoryInfo/azuredeploy.json",
|
|
"Solutions/PaloAlto-PAN-OS/Playbooks/PaloAltoPlaybooks/PaloAlto-PAN-OS-BlockIP/azuredeploy.json",
|
|
"Solutions/PaloAlto-PAN-OS/Playbooks/PaloAltoPlaybooks/PaloAlto-PAN-OS-BlockURL/azuredeploy.json",
|
|
"Solutions/PaloAlto-PAN-OS/Playbooks/PaloAltoPlaybooks/PaloAlto-PAN-OS-BlockURL-EntityTrigger/azuredeploy.json",
|
|
"Solutions/PaloAlto-PAN-OS/Playbooks/PaloAltoPlaybooks/PaloAlto-PAN-OS-BlockIP-EntityTrigger/azuredeploy.json"
|
|
],
|
|
"BasePath": "C:\\One\\Azure\\Azure-Sentinel",
|
|
"Version": "3.0.1",
|
|
"Metadata": "SolutionMetadata.json",
|
|
"TemplateSpec": true,
|
|
"Is1Pconnector": false
|
|
} |