Azure-Sentinel/Solutions
rahul0216 c50c6568dc
Merge pull request #10738 from Azure/origins/users/rahul/proofpointtap-bugfix
ProofpointTAP - Update Analytic rules
2024-07-05 12:47:51 +05:30
..
1Password Hyperlinks corrected 2024-06-27 14:22:59 +05:30
42Crunch API Protection
AI Analyst Darktrace
AIShield AI Security Monitoring
ALC-WebCTRL
ARGOSCloudSecurity
AWS Systems Manager
AWSAthena
AWS_IAM
AbnormalSecurity updated zip file with one file only 2024-05-28 08:49:46 +00:00
AbuseIPDB
Agari
AgileSec Analytics Connector
Akamai Security Events
Alibaba Cloud
Alsid For AD
Amazon Web Services Merge branch 'master' into v-prasadboke-awshunting 2024-05-27 18:43:39 +05:30
Apache Log4j Vulnerability Detection Merge pull request #10580 from Azure/WebSession/NetworkSession-DomainSoln 2024-06-07 17:57:10 +05:30
ApacheHTTPServer
AristaAwakeSecurity
Armis release note update 2024-05-03 17:05:26 +05:30
Armorblox
Aruba ClearPass
AtlassianConfluenceAudit repackaged 2024-05-03 17:16:09 +05:30
AtlassianJiraAudit Update readme.md 2024-06-28 10:25:55 +05:30
Attacker Tools Threat Protection Essentials Merge pull request #10609 from Azure/v-shukore/AttackerToolsThreatProtectionEssentials 2024-06-11 18:04:27 +05:30
Australian Cyber Security Centre
Auth0 Merge pull request #10608 from Azure/v-sudkharat/Update-python-version 2024-06-24 12:22:14 +05:30
Authomize
Azure Activity Update AnalyticsRulesAdministrativeOperations.yaml 2024-06-07 11:49:52 +05:30
Azure Batch Account
Azure Cloud NGFW by Palo Alto Networks Update versions 2024-05-10 12:36:09 +10:00
Azure Cognitive Search
Azure DDoS Protection
Azure Data Lake Storage Gen1
Azure Event Hubs
Azure Firewall
Azure Key Vault Update versions 2024-05-10 12:36:09 +10:00
Azure Logic Apps
Azure Network Security Groups
Azure SQL Database solution for sentinel Update versions 2024-05-10 12:36:09 +10:00
Azure Service Bus
Azure Storage
Azure Stream Analytics
Azure Web Application Firewall (WAF) Update ReleaseNotes.md 2024-06-10 16:06:59 +05:30
Azure kubernetes Service
AzureDevOpsAuditing Update NewPAPCAPCASaddedtoADO.yaml 2024-05-16 10:15:05 -07:00
AzureSecurityBenchmark
BETTER Mobile Threat Defense (MTD)
Barracuda CloudGen Firewall
Barracuda WAF
Beyond Security beSECURE
BitSight Fix the Solution ID and updated the package version. 2024-05-29 18:09:58 +05:30
Bitglass
Bitwarden Solution packaged and release notes corrected 2024-06-07 15:10:43 +05:30
Blackberry CylancePROTECT
BloodHound Enterprise
Box UpdatedPackageandZip 2024-06-12 18:15:03 +05:30
Broadcom SymantecDLP
Business Email Compromise - Financial Fraud Merge pull request #10580 from Azure/WebSession/NetworkSession-DomainSoln 2024-06-07 17:57:10 +05:30
CTM360
Check Point
CheckPhish by Bolster
Cisco ACI
Cisco ETD
Cisco Firepower EStreamer
Cisco ISE
Cisco Meraki Events via REST API version corrected 2024-04-24 17:19:28 +05:30
Cisco SD-WAN
Cisco Secure Cloud Analytics link updated 2024-05-14 16:55:21 +05:30
Cisco Secure Endpoint
Cisco UCS
CiscoASA release notes 2024-05-22 15:38:28 +05:30
CiscoDuoSecurity Update ReleaseNotes.md 2024-05-03 12:50:24 +05:30
CiscoMeraki Merge pull request #10716 from tduarte14/patch-12 2024-07-05 11:58:26 +05:30
CiscoSEG Adding release notes 2024-05-03 16:29:33 +05:30
CiscoUmbrella Update ReleaseNotes.md 2024-05-03 12:50:41 +05:30
CiscoWSA Solution packaged 2024-05-29 15:39:23 +05:30
Citrix ADC
Citrix Analytics for Security
Citrix Web App Firewall
Claroty
Claroty xDome repackage 2024-05-13 10:11:43 +03:00
Cloud Identity Threat Protection Essentials 🐛 Remove preceding newlines in queries 2024-06-14 14:23:17 +01:00
Cloud Service Threat Protection Essentials
Cloudflare Update CloudflareConn.zip 2024-05-28 14:32:32 +05:30
CofenseIntelligence
CofenseTriage Updated PR with the fix of 400 Bad Request issue while creating the Threat Indicator in Sentinel. 2024-06-25 10:55:46 +05:30
Cognni
CognyteLuminar
CohesitySecurity
Common Event Format updated createUiDefinition and zip file 2024-07-04 14:02:15 +05:30
Commvault Security IQ Update powershell to python in README.md 2024-06-20 16:48:39 +05:30
ContinuousDiagnostics&Mitigation
Contrast Protect
Corelight fixed validation error on hyperlink 2024-05-03 16:50:01 +05:30
Cortex XDR Remove space added in cortex metadata file 2024-06-26 12:04:06 -04:00
CrowdStrike Falcon Endpoint Protection Solution packaged and shortlink corrected 2024-06-21 18:05:10 +05:30
CyberArk Enterprise Password Vault (EPV) Events
CyberArkAudit Update CyberArkAuditConnector.zip 2024-05-31 13:53:12 +05:30
CyberArkEPM
CybersecurityMaturityModelCertification(CMMC)2.0
Cybersixgill-Actionable-Alerts Solution packaged 2024-04-24 16:02:48 +05:30
Cyborg Security HUNTER
Cynerio
DEV-0537DetectionandHunting
DNS Essentials
Darktrace
Datalake2Sentinel
Dataminr Pulse Update ReleaseNotes.md 2024-05-03 16:50:19 +05:30
Delinea Secret Server
Dev 0270 Detection and Hunting Dev0270 packaged 2024-06-07 22:12:20 +05:30
Digital Shadows
DigitalGuardianDLP
DomainTools
Dynamics 365
Dynatrace Adding release notes 2024-05-03 16:29:33 +05:30
ESET Inspect
ESETPROTECT
EatonForeseer
EclecticIQ
Egress Defend
Egress Iris
Elastic Search
ElasticAgent
Endpoint Threat Protection Essentials EndpointThreatProtection packaged 2024-06-10 12:12:46 +05:30
Entrust identity as Service
Ermes Browser Security
Eset Security Management Center
Exabeam Advanced Analytics
ExtraHop Reveal(x)
F5 BIG-IP
F5 Networks
FalconFriday Fix indentation 2024-05-10 14:45:15 +10:00
Farsight DNSDB/Playbooks
Feedly
FireEye Network Security
Flare
Forcepoint CASB
Forcepoint CSG
Forcepoint DLP
Forcepoint NGFW
Forescout (Legacy) Solution packaged for description change 2024-06-20 15:52:08 +05:30
ForescoutHostPropertyMonitor
ForgeRock Common Audit for CEF
Fortinet FortiGate Next-Generation Firewall connector for Microsoft Sentinel
Fortinet FortiNDR Cloud Code refactor 2024-06-04 09:11:28 -04:00
Fortinet FortiWeb Cloud WAF-as-a-Service connector for Microsoft Sentinel Repackaged fortinet fortiweb solution 2024-04-30 15:32:51 +05:30
Gigamon Connector
GitHub Updated solution packages 2024-04-26 18:17:46 +05:30
GitLab Update versions 2024-05-10 12:36:09 +10:00
Google Apigee
Google Cloud Platform Audit Logs
Google Cloud Platform BigQuery
Google Cloud Platform Cloud Monitoring
Google Cloud Platform Security Command Center updated release note 2024-05-16 17:33:11 +05:30
GoogleCloudPlatformDNS
GoogleCloudPlatformIAM Entity Work April 22 2024-04-22 10:34:53 -07:00
GoogleDirectory/Playbooks
GoogleWorkspaceReports
GreyNoiseThreatIntelligence update zip 2024-06-26 15:32:18 +05:30
Group-IB/Playbooks
HYAS
HYAS Protect Updated contentSchemaVersion for HYAS Protect 2024-06-26 12:08:05 +05:30
HolmSecurity updating zip 2024-05-10 07:47:02 +02:00
HoneyTokens
IONIX
IPQualityScore
ISC Bind
Illumio Core
IllumioSaaS Added shortlinks for WEBSITE_RUN_FROM_PACKAGE 2024-06-04 11:12:48 +05:30
Illusive Active Defense
Illusive Platform
Images
Imperva WAF Gateway
ImpervaCloudWAF
Infoblox Cloud Data Connector updated infoblox cloud data connector solution 2024-04-30 15:21:05 +05:30
Infoblox NIOS
Infoblox SOC Insights Updated type as securestring in maintemplate 2024-05-03 16:45:12 +05:30
InsightVM/Package
Integration for Atlassian Beacon
Intel471
IoTOTThreatMonitoringwithDefenderforIoT
IronNet IronDefense
Island
Ivanti Unified Endpoint Management
JBoss
Jamf Protect Repackaged Jamf Protect solution 2024-04-30 15:45:36 +05:30
Joshua-Cyberiskvision
Juniper SRX
JuniperIDP
KQL Training
KasperskySecurityCenter
LastPass
Legacy IOC based Threat Protection 🐛 Remove preceding newlines in queries 2024-06-14 14:23:17 +01:00
Lookout Update LookoutAPISentinelConnector.zip 2024-06-27 14:07:15 +05:30
Lookout Cloud Security Platform for Microsoft Sentinel Update LookoutCSConn.zip 2024-06-26 13:34:03 +05:30
MISP2Sentinel
MailGuard 365
MailRisk
Malware Protection Essentials
MarkLogicAudit
MaturityModelForEventLogManagementM2131
McAfee Network Security Platform
McAfee ePolicy Orchestrator
Microsoft 365 Merge pull request #10644 from Azure/v-shukore/PR10606_PR10638 2024-06-19 16:31:13 +05:30
Microsoft Defender For Identity
Microsoft Defender Threat Intelligence
Microsoft Defender XDR Updated package to fix conflict 2024-06-20 13:01:46 +05:30
Microsoft Defender for Cloud Update MicrosoftDefenderForCloudTenantBased.json 2024-04-26 13:35:29 -07:00
Microsoft Defender for Cloud Apps
Microsoft Defender for Office 365
Microsoft Entra ID EntraID packaged 2024-06-12 13:42:25 +05:30
Microsoft Entra ID Protection
Microsoft Exchange Security - Exchange On-Premises Correct bad XPath 2024-06-11 17:13:51 +02:00
Microsoft Exchange Security - Exchange Online Repackaged solution 2024-05-21 12:58:10 +05:30
Microsoft PowerBI
Microsoft Project
Microsoft Purview
Microsoft Purview Information Protection
Microsoft Sysmon For Linux
Microsoft Windows SQL Server Database Audit
MicrosoftDefenderForEndpoint
MicrosoftPurviewInsiderRiskManagement
MimecastAudit
MimecastSEG
MimecastTIRegional
MimecastTTP
Minemeld
MongoDBAudit
Morphisec
Mulesoft Updated package 2024-06-13 21:15:23 +05:30
Multi Cloud Attack Coverage Essentials - Resource Abuse Merge pull request #10580 from Azure/WebSession/NetworkSession-DomainSoln 2024-06-07 17:57:10 +05:30
NGINX HTTP Server
NISTSP80053
NXLog BSM macOS
NXLog FIM
NXLog LinuxAudit
NXLogAixAudit
NXLogDnsLogs
Nasuni
NetClean ProActive
Netskope Fix formatting issue in azuredeploy_Netskope_API_FunctionApp.json 2024-04-22 22:16:46 +02:00
Netskopev2 Update ReleaseNotes.md 2024-06-03 14:55:47 +05:30
Network Session Essentials Merge branch 'master' into domain-solution-change 2024-06-07 15:22:47 +05:30
Network Threat Protection Essentials updated data file. 2024-05-20 13:44:32 +05:30
Netwrix Auditor
Neustar IP GeoPoint
NonameSecurity
NozomiNetworks
OSSEC
Okta Single Sign-On updated package for solutions 2024-04-26 11:50:10 +05:30
Onapsis Platform
OneIdentity
OneLoginIAM
OpenCTI
OpenVPN
Oracle Cloud Infrastructure Handling Test Events 2024-05-20 11:23:03 +05:30
OracleDatabaseAudit Updated solution packages 2024-04-26 18:17:46 +05:30
OracleWebLogicServer
Orca Security Alerts
PCI DSS Compliance
PDNS Block Data Connector
Palo Alto - XDR (Cortex)
Palo Alto Prisma Cloud CWPP
PaloAlto-PAN-OS Update versions 2024-05-10 12:36:09 +10:00
PaloAltoCDL Updated link 2024-06-12 14:08:40 +05:30
PaloAltoPrismaCloud Update PrismaCloudConn.zip 2024-05-09 10:29:45 +05:30
Perimeter 81
PingFederate
PostgreSQL
Prancer PenSuiteAI Integration
ProofPointTap Update Analytic rules 2024-07-04 20:03:35 +05:30
Proofpoint On demand(POD) Email Security update ui link 2024-05-09 14:37:55 +05:30
Pulse Connect Secure
Pure Storage validation reolved 2024-05-09 15:08:26 +05:30
Qualys VM Knowledgebase Updated ReleaseNotes 2024-05-03 14:50:01 +05:30
QualysVM Update ReleaseNotes.md 2024-04-22 16:24:59 +05:30
RSA SecurID
Radiflow Solution packaged and minor corrections done 2024-07-02 15:18:39 +05:30
Rapid7InsightVM Merge pull request #10336 from Azure/dependabot/pip/Solutions/Rapid7InsightVM/Data-Connectors/aiohttp-3.9.4 2024-05-09 12:44:59 +05:30
Recorded Future
Recorded Future Identity Minor changes 2024-07-04 17:12:47 +05:30
Red Canary
ReversingLabs
RidgeSecurity
RiskIQ
RubrikSecurityCloud Updated version of aiohttp module from 3.9.1 to 3.9.5 2024-04-30 22:57:14 +05:30
SAP SAP V 3.1.7 release notes 2024-06-16 16:57:01 +03:00
SAP BTP Update ReleaseNotes.md 2024-06-21 13:44:43 +01:00
SIGNL4
SOC Handbook
SOC-Process-Framework
SailPointIdentityNow
SalemCyber
Salesforce Service Cloud Update versions 2024-05-10 12:36:09 +10:00
SecurityBridge App 🐛 Remove preceding newlines in queries 2024-06-14 14:23:17 +01:00
SecurityScorecard Cybersecurity Ratings
SecurityThreatEssentialSolution Merge branch 'master' into domain-solution-change 2024-06-07 15:22:47 +05:30
Semperis Directory Services Protector
SenservaPro Update versions 2024-05-10 12:36:09 +10:00
SentinelOne Updating python version 2024-06-17 16:52:39 +05:30
SentinelSOARessentials
SeraphicSecurity
Servicenow
SevcoSecurity
ShadowByte Aria
Shodan
SlackAudit
SlashNext
SlashNext SIEM hyperlink issue resolved 2024-05-16 14:34:26 +05:30
Snowflake
SonicWall Firewall
SonraiSecurity
Sophos Cloud Optix
Sophos Endpoint Protection Update Solution_EP.json 2024-04-26 12:13:26 +05:30
Sophos XG Firewall
SpyCloud Enterprise Protection
Squadra Technologies SecRmm
SquidProxy
Symantec Endpoint Protection Updated solution packages 2024-04-26 18:17:46 +05:30
Symantec Integrated Cyber Defense
Symantec VIP 🐛 Remove preceding newlines in queries 2024-06-14 14:23:17 +01:00
SymantecProxySG Update ReleaseNotes.md 2024-05-23 10:04:50 +05:30
Synack
Syslog Update ReleaseNotes.md 2024-06-27 12:18:04 +05:30
Talon
Tanium
Teams
Templates
Tenable App Update 3.0.0.zip 2024-07-03 13:53:44 +05:30
TenableAD
TenableIO Update TenableIOAzureSentinelConnector.zip 2024-05-31 11:21:27 +05:30
TheHive
Theom
Threat Intelligence Update Solution_ThreatIntelligenceTemplateSpec.json 2024-05-31 16:20:19 +05:30
Threat Intelligence Solution for Azure Government
ThreatAnalysis&Response
ThreatConnect Threatconnect packaged 2024-06-10 17:57:56 +05:30
ThreatXCloud
Tomcat
Training/Azure-Sentinel-Training-Lab
Trend Micro Apex One
Trend Micro Cloud App Security
Trend Micro Deep Security
Trend Micro TippingPoint
Trend Micro Vision One UpdatedZip 2024-06-12 16:15:31 +05:30
UEBA Essentials
URLhaus
Ubiquiti UniFi
VMWareESXi Repackaged VmWareESXi solution 2024-04-30 20:58:56 +05:30
VMware Carbon Black Cloud Link updated 2024-04-24 14:50:13 +05:30
VMware SD-WAN and SASE Update vmw_sdwan_sase_funcapp.zip 2024-06-25 15:55:26 +05:30
VMware vCenter repackaged after permission block update 2024-05-28 12:32:03 +05:30
Valence Security
VaronisSaaS
Vectra AI Detect
Vectra AI Stream
Vectra XDR Repackage - Vectra XDR , Dataminr Pulse 2024-05-03 14:38:59 +05:30
Veritas NetBackup
VirusTotal
Votiro
Watchguard Firebox
Watchlists Utilities
Web Session Essentials Merge pull request #10580 from Azure/WebSession/NetworkSession-DomainSoln 2024-06-07 17:57:10 +05:30
Web Shells Threat Protection WebShell packaged 2024-06-10 18:02:14 +05:30
Windows Firewall windows firewall packaged 2024-06-07 15:13:27 +05:30
Windows Forwarded Events Update versions 2024-05-10 12:36:09 +10:00
Windows Security Events package updated 2024-06-25 16:58:47 +05:30
Windows Server DNS Update versions 2024-05-10 12:36:09 +10:00
WireX Network Forensics Platform
WithSecureElementsViaConnector
WithSecureElementsViaFunction
Wiz Added shortlinks for WEBSITE_RUN_FROM_PACKAGE 2024-06-04 11:12:48 +05:30
Workday
Workplace from Facebook WFFB repackaged 2024-05-03 15:18:05 +05:30
ZeroFox fix pr comments 2024-06-27 15:34:50 -04:00
ZeroNetworks Added shortlinks for WEBSITE_RUN_FROM_PACKAGE 2024-06-04 11:12:48 +05:30
ZeroTrust(TIC3.0)
Zimperium Mobile Threat Defense
Zinc Open Source Merge branch 'master' into domain-solution-change 2024-06-07 15:22:47 +05:30
ZoomReports Updated solution packages 2024-04-26 18:17:46 +05:30
Zscaler Internet Access Update versions 2024-05-10 12:36:09 +10:00
Zscaler Private Access (ZPA)
archTIS
iboss
vArmour Application Controller
ContentHubCatalog.xlsx
ContentHubSolutionsCatalog.md
README.md Update README.md 2024-05-29 20:57:28 +05:30
ReleaseNotesGuidance.md
ReleaseNotesSample.md
azuredeploy_parameters.json
known_issues.md

README.md

Guide to building Microsoft Sentinel solutions

This guide provides an overview of Microsoft Sentinel solutions, and how to build and publish a solution for Microsoft Sentinel.

Microsoft Sentinel solutions provide an in-product experience for central discoverability, single-step deployment, and enablement of end-to-end product, domain, and/or vertical scenarios in Microsoft Sentinel. This experience is powered by:

Providers and partners can deliver combined product, domain, or vertical value via solutions in Microsoft Sentinel in order to productize investments. More details are covered in the Microsoft Sentinel documentation. Review the catalog for complete list of out-of-the-box Microsoft Sentinel solutions.

Microsoft Sentinel solutions include packaged content, integrations, or service offerings for Microsoft Sentinel. This guide focuses on how to build packaged content into solutions, including combinations of data connectors, workbooks, analytic rules, playbooks, hunting queries, parsers, watchlists, and more for Microsoft Sentinel. Reach out to the Microsoft Sentinel Solutions Onboarding Team if you are planning or building another type of integration or service offering, or want to include other types of content in your solution that isn't listed here.

The following image shows the steps in the solution building process, including content creation, packaging, and publishing:

Microsoft Sentinel solutions build process

Step 1 – Create your content

Start with the Get started documentation on the Microsoft Sentinel GitHub Wiki to identify the content types you plan to include in your solution package. For example, supported content types include data connectors, workbooks, analytic rules, playbooks, hunting queries, and more. Each content type has its own contribution guidance for development and validation.

The guidance for each content type in the Wiki describes how to contribute individual pieces of content. However, you want to contribute your content in a packaged solution. Therefore, hold off on submitting your content to the relevant folders as described in the Wiki guidance, and instead place your content in the Solutions folder of the Microsoft Sentinel GitHub repo.

Use the following steps to create your content structure:

  1. In the Microsoft Sentinel Solutions folder, create a new folder with your solution name.

  2. In your solution folder, create a blank folder structure as follows to store the content you've developed:

  • Data Connectors – the data connector json files or Azure Functions, etc. goes in this folder.
  • Workbooks – workbook json files and black and white preview images of the workbook goes here.
  • Analytic Rules – yaml file templates of analytic rules goes in this folder.
  • Hunting queries – yaml file templates of hunting queries goes in this folder.
  • Playbooks – json playbook and Azure Logic Apps custom connectors can go in this folder.
  • Parser – yaml file for Kusto Functions or Parsers can go in this folder. Use this as reference.

For example, see the folder structure for our Cisco ISE solution.

  1. Store your logo, in SVG format, in the central Logos folder.

  2. Store sample data in the sample data folder, within the relevant content type folder, depending on your data connector type.

  3. Submit a PR with all of your solution content. The PR will go through automated GitHub validation. Address potential errors as needed.

After your content has been succesfully validated, the Microsoft Sentinel team will review your PR and reply with any feedback as needed. You can expect an initial response within five business days.

The PR will be approved and merged after any feedback has been incorportated and the full review is successful.

Step 2 – Package your content

The solution content package is called a solution template, and has the following files:

  • mainTemplate.json: The Azure Resource Manager (ARM) template that includes the resources offered by the solution. Each piece of content that you want to package in your solution must first be converted to ARM format. The mainTemplate file is the overall ARM template file that combines each invididual ARM content file.

  • createUIDefinition.json: The deployment experience definition provided to customers installing your solution. This is a step-by-step wizard experience.

For more information, see the solution template documentation (deployment package).

After creating both the mainTemplate.json and the createUIDefinition.json files, validate them, and package them into a .zip file that you can upload as part of the publishing process (Step 3).

Use the package creation tool to help you create and validate the package, following the solutions packaging tool guidance to use the tool and package your content.

Updating your solution

If you already have an Microsoft Sentinel solution and want to update your package, use the package creation tool with updated content to create a new version of the package.

For your solution's versioning format, always use {Major}.{Minor}.{Revision} syntax, such as 1.0.1, to align with the Azure Marketplace recommendation and versioning support.

When updating your package, make sure to raise the version value, regardless of how small or trivial the change is, including typo fixes in a content or solution definition file.

For example, if your original package version is 1.0.1, you might update your versions as follows:

  • Major updates have a new version of 2.0.0 - this is usually reserved for major tooling or package level changes
  • Minor updates, for changes in content of the package, might have a new version of 1.1.0
  • Revisions, such as those scoped to a single piece of content or just metadata or text updates, might have a new version of 1.0.2

Since solutions use ARM templates, you can customize the solution text as well as tabs as needed to cater to specific scenarios.

Step 3 – Publish your solution

The Microsoft Sentinel solution publishing experience is powered by the Microsoft Partner Center.

Registration (one-time)

If you or your company is a first-time app publisher on Azure Marketplace, follow the steps to register and create a Commercial Marketplace account in Partner Center. This process provides you with a unique Publisher ID and access to the Commercial Marketplace authoring and publishing experience, where you'll create, certify, and publish your solution.

Author and publish a solution offer

The following steps reference the Partner Center's more detailed documentation.

  1. Create an Azure application type offer and configure the offer setup details as per the relevant guidance.

Ensure that the OfferID contains the keyword "sentinel". Consider using the format: microsoft-sentinel-solution-<productname>

  1. Configure the Offer properties.

  2. Configure the Offer listing details, including the title, description, pictures, videos, support information, and so on.

    • As one of your search keywords, add f1de974b-f438-4719-b423-8bf704ba2aef to have your solution appear in the Microsoft Sentinel content hub.
    • Ensure to provide CSP (Cloud Solution Provider) Program contact and relevant CSP information as requested. This will enable you to offer the solution to CSP subscriptions and increased visibility and adoption of your solution. Refer to the CSP FAQs for further details on why this is recommended for Microsoft Sentinel solutions.
    • If you want to start your solution in Preview (Public Preview), you can do so by appending "(Preview)" in the solution / offer title. This will ensure your offer gets tagged with Preview tag in Microsoft Sentinel Content hub.
  3. Create a plan and select Solution Template as the plan type.

    • If your offer needs to be available for customers from U.S. federal, state, local, or tribal entities, follow the steps to select the Azure Government check box and subsquent guidance.
  4. Configure the Solutions template plan. This is where youll upload the zip file that you'd created in step two and set a version for your package. Make sure to follow the versioning guidance described in step 2, above.

  5. Enable CSP for your offer by going to the Resell through CSPs tab in Partner Center and selecting Any partner in the CSP program. This will enable you to offer the solution to CSP subscriptions and increased visibility and adoption of your solution. Refer to the CSP FAQs for further details on why this is recommended for Microsoft Sentinel solutions.

  6. Validate and test your solution offer.

  7. After the validation passes, publish the offer live. This will trigger the certification process, which can take up to 3 business days.

Note: You must make the offer public in order for it to show up in the Microsoft Sentinel content hub so that customers can find it.

Feedback

Email Azure Sentinel Solutions Onboarding Team with any feedback on this process, for new scenarios not covered in this guide, or with any constraints you may encounter.

FAQs

CSP (Cloud Solution Provider)

What is CSP?

Microsoft Azure Customers may purchase their Azure Subscriptions either directly from Microsoft, or via an Azure Reseller who is part of the Microsoft Cloud Solution Provider (CSP) program. Microsoft Sentinel Solutions are valid for both subscription purchase paths.

Why is there a “CSP Opt-in” option on Microsoft Sentinel solution offers?

“CSP Opt-in” is a general feature of the Azure Marketplace and applies to multiple offer types, including the Azure App offer type used by Microsoft Sentinel solutions. For some publishers, there is occasionally a desire to restrict individual offers to only be deployable in subscriptions that were purchased directly through Microsoft. This is controllable via the “CSP opt-in” flag for each individual offer.

Is Microsoft Sentinel available to customers who purchased their Azure subscription from a CSP Reseller partner?

Yes. There are many customers purchasing directly from Microsoft, via a CSP Reseller and even some who purchase Azure via both programs.

What happens when you enable “CSP opt-in” for your Microsoft Sentinel Solution offer?

Quite simply, it permits your Microsoft Sentinel solution to be deployed into Microsoft Sentinel Workspaces regardless of how the customer acquired it. It is more of a pro-active stance to eliminate an message for your customers who are trying to deploy your Microsoft Sentinel Solution into a CSP purchase subscription.

What does not happen when you enable “CSP opt-in” for your Microsoft Sentinel solution offer?

You are not joining the CSP program. Each offer is individually enabled or disabled for deployability in CSP sourced subscriptions, and setting this flag for your Microsoft Sentinel solution does not affect any other offer in your Marketplace publishing account.

What will happen if you do not enable “CSP opt-in” for your Microsoft Sentinel solution offer?

If the customer who wants to deploy your solution offer, purchased their subscription from a CSP Reseller partner, the solution will not deploy and the customer will get an error message about why.