45 строки
2.5 KiB
JSON
45 строки
2.5 KiB
JSON
{
|
|
"Name": "Tomcat",
|
|
"Author": "Microsoft - support@microsoft.com",
|
|
"Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">",
|
|
"Description": "The Apache Tomcat solution provides the capability to ingest [Apache Tomcat](http://tomcat.apache.org/) events into Microsoft Sentinel. Refer to [Apache Tomcat documentation](http://tomcat.apache.org/tomcat-10.0-doc/logging.html) for more information.\r\n \r\n**Underlying Microsoft Technologies used:** \r\n \r\n This solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\r\n \r\na. [Azure Monitor HTTP Data Collector API](https://docs.microsoft.com/azure/azure-monitor/logs/data-collector-api)",
|
|
"Data Connectors": [
|
|
"Data Connectors/Connector_Tomcat_agent.json"
|
|
],
|
|
"Parsers": [
|
|
"Parsers/TomcatEvent.txt"
|
|
],
|
|
"Workbooks": [
|
|
"Workbooks/Tomcat.json"
|
|
],
|
|
"Analytic Rules": [
|
|
"Analytic Rules/TomcatCommandsinRequest.yaml",
|
|
"Analytic Rules/TomcatKnownMaliciousUserAgent.yaml",
|
|
"Analytic Rules/TomcatMultipleClientErrorsFromSingleIP.yaml",
|
|
"Analytic Rules/TomcatMultipleEmptyRequestsFromSameIP.yaml",
|
|
"Analytic Rules/TomcatMultipleServerErrorsFromSingleIP.yaml",
|
|
"Analytic Rules/TomcatPutAndGetFileFromSameIP.yaml",
|
|
"Analytic Rules/TomcatRequestFromLocalhostIP.yaml",
|
|
"Analytic Rules/TomcatRequestSensitiveFiles.yaml",
|
|
"Analytic Rules/TomcatSQLiPattern.yaml",
|
|
"Analytic Rules/TomcatServerErrorsAfterMultipleRequestsFromSameIP.yaml"
|
|
],
|
|
"Hunting Queries": [
|
|
"Hunting Queries/Tomcat403RequestsFiles.yaml",
|
|
"Hunting Queries/TomcatAbnormalRequestSize.yaml",
|
|
"Hunting Queries/TomcatERRORs.yaml",
|
|
"Hunting Queries/TomcatRareFilesRequested.yaml",
|
|
"Hunting Queries/TomcatRareURLsRequested.yaml",
|
|
"Hunting Queries/TomcatTopFilesWithErrorRequests.yaml",
|
|
"Hunting Queries/TomcatTopURLsClientErrors.yaml",
|
|
"Hunting Queries/TomcatTopURLsServerErrors.yaml",
|
|
"Hunting Queries/TomcatUncommonUAs.yaml",
|
|
"Hunting Queries/TomcatUncommonUAsWithClientErrors.yaml",
|
|
"Hunting Queries/TomcatUncommonUAsWithServerErrors.yaml"
|
|
],
|
|
"BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\Tomcat",
|
|
"Version": "2.0.1",
|
|
"Metadata": "SolutionMetadata.json",
|
|
"TemplateSpec": true,
|
|
"Is1PConnector": false
|
|
} |