-
Notifications
You must be signed in to change notification settings - Fork 3.1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Repackaged VMware VCenter (OMS Migration)
- Loading branch information
Showing
9 changed files
with
57 additions
and
68 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2 changes: 1 addition & 1 deletion
2
Solutions/VMware vCenter/Data Connectors/Connector_Syslog_vcenter.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -2,7 +2,7 @@ | |
| "Name": "VMware vCenter", | ||
| "Author": "Microsoft - [email protected]", | ||
| "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">", | ||
| "Description": "The [VMware vCenter Server](https://www.vmware.com/products/vcenter-server.html) solution allows you ingest logs from your vCenter platform using Syslog into Microsoft Sentinel.\r\n \r\n **Underlying Microsoft Technologies used:** \r\n\r\n This solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\r\n\n a. [Agent-based log collection (Syslog)](https://docs.microsoft.com/azure/sentinel/connect-syslog)\r\n\n", | ||
| "Description": "The [VMware vCenter Server](https://www.vmware.com/products/vcenter-server.html) solution allows you ingest logs from your vCenter platform using Syslog into Microsoft Sentinel.\n\n This solution is dependent on the Custom logs via AMA connector to collect the logs. The Custom logs solution will be installed as part of this solution installation.\n\n **NOTE**: Microsoft recommends installation of Custom logs via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by Aug 31, 2024. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).", | ||
| "Workbooks": [ | ||
| "Workbooks/vCenter.json" | ||
| ], | ||
|
|
@@ -15,10 +15,13 @@ | |
| "Analytic Rules": [ | ||
| "Analytic Rules/vCenter-Root impersonation.yaml", | ||
| "Analytic Rules/vCenterRootLogin.yaml" | ||
| ], | ||
| "dependentDomainSolutionIds": [ | ||
| "azuresentinel.azure-sentinel-solution-customlogsviaama" | ||
| ], | ||
| "Metadata": "SolutionMetadata.json", | ||
| "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\VMware vCenter", | ||
| "Version": "3.0.1", | ||
| "Version": "3.0.2", | ||
| "TemplateSpec": true, | ||
| "Is1PConnector": false | ||
| } | ||
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -41,7 +41,7 @@ | |
| "email": "[email protected]", | ||
| "_email": "[variables('email')]", | ||
| "_solutionName": "VMware vCenter", | ||
| "_solutionVersion": "3.0.1", | ||
| "_solutionVersion": "3.0.2", | ||
| "solutionId": "azuresentinel.azure-sentinel-solution-vcenter", | ||
| "_solutionId": "[variables('solutionId')]", | ||
| "workbookVersion1": "1.0.0", | ||
|
|
@@ -68,18 +68,18 @@ | |
| "dataConnectorVersion1": "1.0.0", | ||
| "_dataConnectorcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentId1'),'-', variables('dataConnectorVersion1'))))]", | ||
| "analyticRuleObject1": { | ||
| "analyticRuleVersion1": "1.0.0", | ||
| "analyticRuleVersion1": "1.0.1", | ||
| "_analyticRulecontentId1": "f1fcb22c-b459-42f2-a7ee-7276b5f1309c", | ||
| "analyticRuleId1": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'f1fcb22c-b459-42f2-a7ee-7276b5f1309c')]", | ||
| "analyticRuleTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('f1fcb22c-b459-42f2-a7ee-7276b5f1309c')))]", | ||
| "_analyticRulecontentProductId1": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','f1fcb22c-b459-42f2-a7ee-7276b5f1309c','-', '1.0.0')))]" | ||
| "_analyticRulecontentProductId1": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','f1fcb22c-b459-42f2-a7ee-7276b5f1309c','-', '1.0.1')))]" | ||
| }, | ||
| "analyticRuleObject2": { | ||
| "analyticRuleVersion2": "1.0.0", | ||
| "analyticRuleVersion2": "1.0.1", | ||
| "_analyticRulecontentId2": "03e8a895-b5ba-49a0-aed3-f9a997d92fbe", | ||
| "analyticRuleId2": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '03e8a895-b5ba-49a0-aed3-f9a997d92fbe')]", | ||
| "analyticRuleTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('03e8a895-b5ba-49a0-aed3-f9a997d92fbe')))]", | ||
| "_analyticRulecontentProductId2": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','03e8a895-b5ba-49a0-aed3-f9a997d92fbe','-', '1.0.0')))]" | ||
| "_analyticRulecontentProductId2": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','03e8a895-b5ba-49a0-aed3-f9a997d92fbe','-', '1.0.1')))]" | ||
| }, | ||
| "_solutioncontentProductId": "[concat(take(variables('_solutionId'),50),'-','sl','-', uniqueString(concat(variables('_solutionId'),'-','Solution','-',variables('_solutionId'),'-', variables('_solutionVersion'))))]" | ||
| }, | ||
|
|
@@ -93,7 +93,7 @@ | |
| "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" | ||
| ], | ||
| "properties": { | ||
| "description": "vCenter Workbook with template version 3.0.1", | ||
| "description": "vCenter Workbook with template version 3.0.2", | ||
| "mainTemplate": { | ||
| "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", | ||
| "contentVersion": "[variables('workbookVersion1')]", | ||
|
|
@@ -181,7 +181,7 @@ | |
| "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" | ||
| ], | ||
| "properties": { | ||
| "description": "vCenter Data Parser with template version 3.0.1", | ||
| "description": "vCenter Data Parser with template version 3.0.2", | ||
| "mainTemplate": { | ||
| "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", | ||
| "contentVersion": "[variables('parserObject1').parserVersion1]", | ||
|
|
@@ -313,7 +313,7 @@ | |
| "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" | ||
| ], | ||
| "properties": { | ||
| "description": "VMware vCenter data connector with template version 3.0.1", | ||
| "description": "VMware vCenter data connector with template version 3.0.2", | ||
| "mainTemplate": { | ||
| "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", | ||
| "contentVersion": "[variables('dataConnectorVersion1')]", | ||
|
|
@@ -329,7 +329,7 @@ | |
| "properties": { | ||
| "connectorUiConfig": { | ||
| "id": "[variables('_uiConfigId1')]", | ||
| "title": "VMware vCenter", | ||
| "title": "[Deprecated] VMware vCenter", | ||
| "publisher": "VMware", | ||
| "descriptionMarkdown": "The [vCenter](https://www.vmware.com/in/products/vcenter-server.html) connector allows you to easily connect your vCenter server logs with Microsoft Sentinel. This gives you more insight into your organization's data centers and improves your security operation capabilities.", | ||
| "additionalRequirementBanner": "These queries are dependent on a parser based on a Kusto Function deployed as part of the solution.", | ||
|
|
@@ -515,7 +515,7 @@ | |
| "contentSchemaVersion": "3.0.0", | ||
| "contentId": "[variables('_dataConnectorContentId1')]", | ||
| "contentKind": "DataConnector", | ||
| "displayName": "VMware vCenter", | ||
| "displayName": "[Deprecated] VMware vCenter", | ||
| "contentProductId": "[variables('_dataConnectorcontentProductId1')]", | ||
| "id": "[variables('_dataConnectorcontentProductId1')]", | ||
| "version": "[variables('dataConnectorVersion1')]" | ||
|
|
@@ -559,7 +559,7 @@ | |
| "kind": "GenericUI", | ||
| "properties": { | ||
| "connectorUiConfig": { | ||
| "title": "VMware vCenter", | ||
| "title": "[Deprecated] VMware vCenter", | ||
| "publisher": "VMware", | ||
| "descriptionMarkdown": "The [vCenter](https://www.vmware.com/in/products/vcenter-server.html) connector allows you to easily connect your vCenter server logs with Microsoft Sentinel. This gives you more insight into your organization's data centers and improves your security operation capabilities.", | ||
| "graphQueries": [ | ||
|
|
@@ -703,7 +703,7 @@ | |
| "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" | ||
| ], | ||
| "properties": { | ||
| "description": "vCenter-Root impersonation_AnalyticalRules Analytics Rule with template version 3.0.1", | ||
| "description": "vCenter-Root impersonation_AnalyticalRules Analytics Rule with template version 3.0.2", | ||
| "mainTemplate": { | ||
| "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", | ||
| "contentVersion": "[variables('analyticRuleObject1').analyticRuleVersion1]", | ||
|
|
@@ -735,6 +735,12 @@ | |
| "dataTypes": [ | ||
| "vCenter" | ||
| ] | ||
| }, | ||
| { | ||
| "connectorId": "CustomLogsAma", | ||
| "dataTypes": [ | ||
| "vcenter_CL" | ||
| ] | ||
| } | ||
| ], | ||
| "tactics": [ | ||
|
|
@@ -745,13 +751,13 @@ | |
| ], | ||
| "entityMappings": [ | ||
| { | ||
| "entityType": "Account", | ||
| "fieldMappings": [ | ||
| { | ||
| "identifier": "Name", | ||
| "columnName": "user" | ||
| "columnName": "user", | ||
| "identifier": "Name" | ||
| } | ||
| ] | ||
| ], | ||
| "entityType": "Account" | ||
| } | ||
| ] | ||
| } | ||
|
|
@@ -807,7 +813,7 @@ | |
| "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" | ||
| ], | ||
| "properties": { | ||
| "description": "vCenterRootLogin_AnalyticalRules Analytics Rule with template version 3.0.1", | ||
| "description": "vCenterRootLogin_AnalyticalRules Analytics Rule with template version 3.0.2", | ||
| "mainTemplate": { | ||
| "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", | ||
| "contentVersion": "[variables('analyticRuleObject2').analyticRuleVersion2]", | ||
|
|
@@ -839,6 +845,12 @@ | |
| "dataTypes": [ | ||
| "vCenter" | ||
| ] | ||
| }, | ||
| { | ||
| "connectorId": "CustomLogsAma", | ||
| "dataTypes": [ | ||
| "vcenter_CL" | ||
| ] | ||
| } | ||
| ], | ||
| "tactics": [ | ||
|
|
@@ -850,13 +862,13 @@ | |
| ], | ||
| "entityMappings": [ | ||
| { | ||
| "entityType": "IP", | ||
| "fieldMappings": [ | ||
| { | ||
| "identifier": "Address", | ||
| "columnName": "SourceIP" | ||
| "columnName": "SourceIP", | ||
| "identifier": "Address" | ||
| } | ||
| ] | ||
| ], | ||
| "entityType": "IP" | ||
| } | ||
| ] | ||
| } | ||
|
|
@@ -908,12 +920,12 @@ | |
| "apiVersion": "2023-04-01-preview", | ||
| "location": "[parameters('workspace-location')]", | ||
| "properties": { | ||
| "version": "3.0.1", | ||
| "version": "3.0.2", | ||
| "kind": "Solution", | ||
| "contentSchemaVersion": "3.0.0", | ||
| "displayName": "VMware vCenter", | ||
| "publisherDisplayName": "Microsoft Sentinel, Microsoft Corporation", | ||
| "descriptionHtml": "<p><strong>Note:</strong> Please refer to the following before installing the solution:</p>\n<p>• Review the solution <a href=\"https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/VMware%20vCenter/ReleaseNotes.md\">Release Notes</a></p>\n<p>• There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</p>\n<p>The <a href=\"https://www.vmware.com/products/vcenter-server.html\">VMware vCenter Server</a> solution allows you ingest logs from your vCenter platform using Syslog into Microsoft Sentinel.</p>\n<p><strong>Underlying Microsoft Technologies used:</strong></p>\n<p>This solution takes a dependency on the following technologies, and some of these dependencies either may be in <a href=\"https://azure.microsoft.com/support/legal/preview-supplemental-terms/\">Preview</a> state or might result in additional ingestion or operational costs:</p>\n<ol type=\"a\">\n<li><a href=\"https://docs.microsoft.com/azure/sentinel/connect-syslog\">Agent-based log collection (Syslog)</a></li>\n</ol>\n<p><strong>Data Connectors:</strong> 1, <strong>Parsers:</strong> 1, <strong>Workbooks:</strong> 1, <strong>Analytic Rules:</strong> 2</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n", | ||
| "descriptionHtml": "<p><strong>Note:</strong> Please refer to the following before installing the solution:</p>\n<p>• Review the solution <a href=\"https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/VMware%20vCenter/ReleaseNotes.md\">Release Notes</a></p>\n<p>• There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</p>\n<p>The <a href=\"https://www.vmware.com/products/vcenter-server.html\">VMware vCenter Server</a> solution allows you ingest logs from your vCenter platform using Syslog into Microsoft Sentinel.</p>\n<p>This solution is dependent on the Custom logs via AMA connector to collect the logs. The Custom logs solution will be installed as part of this solution installation.</p>\n<p><strong>NOTE</strong>: Microsoft recommends installation of Custom logs via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by Aug 31, 2024. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost <a href=\"https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate\">more details</a>.</p>\n<p><strong>Data Connectors:</strong> 1, <strong>Parsers:</strong> 1, <strong>Workbooks:</strong> 1, <strong>Analytic Rules:</strong> 2</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n", | ||
| "contentKind": "Solution", | ||
| "contentProductId": "[variables('_solutioncontentProductId')]", | ||
| "id": "[variables('_solutioncontentProductId')]", | ||
|
|
@@ -936,7 +948,6 @@ | |
| "link": "https://support.microsoft.com" | ||
| }, | ||
| "dependencies": { | ||
| "operator": "AND", | ||
| "criteria": [ | ||
| { | ||
| "kind": "Workbook", | ||
|
|
@@ -962,6 +973,10 @@ | |
| "kind": "AnalyticsRule", | ||
| "contentId": "[variables('analyticRuleObject2')._analyticRulecontentId2]", | ||
| "version": "[variables('analyticRuleObject2').analyticRuleVersion2]" | ||
| }, | ||
| { | ||
| "kind": "Solution", | ||
| "contentId": "azuresentinel.azure-sentinel-solution-customlogsviaama" | ||
| } | ||
| ] | ||
| }, | ||
|
|
||
Oops, something went wrong.