Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
Azure-Sentinel/DataConnectors/alcide_kaudit.json

124 строки
4.7 KiB
JSON
Исходник Ответственный История

{
"id": "Alcide_kAudit",
"title": "Alcide kAudit (Preview)",
"publisher": "Alcide",
"descriptionMarkdown": "Alcide kAudit connector allows you to automatically export your Kubernetes cluster audit logs into Azure Sentinel in real-time. This enables enhanced visibility and observability into your Kubernetes audit logs, providing robust security and monitoring capabilities for forensics purposes.",
"graphQueries": [
{
"metricName": "Anomalies and Incidents - All Data",
"legend": "alcide_kaudit_detections_1_CL",
"baseQuery": "alcide_kaudit_detections_1_CL"
}
],
"sampleQueries": [
{
"description" : "All detections (anomalies and incidents) entries",
"query": "\nalcide_kaudit_detections_1_CL\n| sort by TimeGenerated\n"
},
{
"description" : "All audit activity for a Secret resource type, summarized count by resource namespace",
"query": "\nalcide_kaudit_activity_1_CL\n| where resource_type_s == \"secrets\"\n| summarize count() by resource_namespace_s"
},
{
"description" : "Audit activity, summarized by principal, Type and Caller IP",
"query": "\nalcide_kaudit_selections_details_1_CL\n| summarize count() by principal_s, Type, caller_ip_s"
}
],
"dataTypes": [
{
"name": "alcide_kaudit_activity_1_CL",
"lastDataReceivedQuery": "alcide_kaudit_activity_1_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)"
},
{
"name": "alcide_kaudit_detections_1_CL",
"lastDataReceivedQuery": "alcide_kaudit_detections_1_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)"
},
{
"name": "alcide_kaudit_selections_count_1_CL",
"lastDataReceivedQuery": "alcide_kaudit_selections_count_1_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)"
},
{
"name": "alcide_kaudit_selections_details_1_CL",
"lastDataReceivedQuery": "alcide_kaudit_selections_details_1_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)"
}
],
"connectivityCriterias": [
{
"type": "IsConnectedQuery",
"value": [
"alcide_kaudit_activity_1_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)"
]
}
],
"availability": {
"status": 1,
"isPreview": true
},
"permissions": {
"resourceProvider": [
{
"provider": "Microsoft.OperationalInsights/workspaces",
"permissionsDisplayText": "read and write permissions are required.",
"providerDisplayName": "Workspace",
"scope": "Workspace",
"requiredPermissions": {
"write": true,
"read": true,
"delete": true
}
},
{
"provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
"permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
"providerDisplayName": "Keys",
"scope": "Workspace",
"requiredPermissions": {
"action": true
}
}
]
},
"instructionSteps": [
{
"title": "",
"description": "Follow the step-by-step instructions provided in the [Alcide kAudit Installation Guide](https://get.alcide.io/hubfs/Azure%20Sentinel%20Integration%20with%20kAudit.pdf)",
"instructions": [
{
"parameters": {
"fillWith": [
"WorkspaceId"
],
"label": "Workspace ID"
},
"type": "CopyableLabel"
},
{
"parameters": {
"fillWith": [
"PrimaryKey"
],
"label": "Primary Key"
},
"type": "CopyableLabel"
}
]
}
],
"metadata" : {
"id": "ffaeb3c2-6c9a-4d55-8852-e13da1162ec6",
"version": "1.0.0",
"kind": "dataConnector",
"source": {
"kind": "community"
},
"author": {
"name": "Alcide"
},
"support": {
"name": "Alcide",
"link": "https://www.alcide.io/company/contact-us/",
"tier": "developer"
}
}
}
Ссылка в новой задаче Показать git blame Копировать постоянную ссылку