009775e4b4
|
||
|---|---|---|
| .. | ||
| Analytic Rules | ||
| Data | ||
| Package | ||
| Playbooks | ||
| Workbooks | ||
| images | ||
| README.md | ||
| ReleaseNotes.md | ||
| SolutionMetadata.json | ||
| build_solution.sh | ||
| check_build.sh | ||
README.md
Tanium Solution for Microsoft Sentinel
Overview
Integrate Microsoft Sentinel with Tanium data and remediation.
Help
How do I find the correct workspace location?
- Open the Azure "Resource groups" page
- Ensure you have the correct
Subscriptionselected in the subscription filter - Click on your target/desired resource group
- Use the
Typefilter to filter onAPI Connection - Click on the desired
API Connection - Click on
JSON View(right side) - Observe the value of the
locationkey (at the bottom)
Developer notes
Prerequisites:
- Install powershell core
brew install --cask powershell - (in powershell) install powershell-yaml
Install-Module powershell-yaml - Install make
brew install make - Install arm-ttk in powershell: https://github.com/Azure/arm-ttk
Ensure that you add arm-ttk to your powershell profile e.g.
(in powershell)
> New-Item -Type File -Path $PROFILE -Force
> vim $PROFILE
(in that file add:)
Import-Module /full/path/to/import/module/for/arm-ttk
Building a solution:
- Clone the https://github.com/Tanium/Azure-Sentinel repo
cdinto the repo- Run the build script
./Solutions/Tanium/build_solution.sh
The Tanium solution manifest is located within ./Solutions/Tanium/Data/Solution_Tanium.json
Checking a solution:
- Run the check build script
./Solutions/Tanium/check_build.sh