Skip to content

Commit

Permalink
Merge pull request #10 from Samsung/feature-Samsung-Solution-update
Browse files Browse the repository at this point in the history 
Update Samsung Knox Asset Intelligence Solution offerId
  • Loading branch information
@sean-mcclelland
sean-mcclelland authored Jan 3, 2025
2 parents d3be8e3 + 164e009 commit a116c9c
Show file tree
Hide file tree
Showing 5 changed files with 54 additions and 52 deletions.
2 changes: 1 addition & 1 deletion Solutions/Samsung Knox Asset Intelligence/Data/Solution_Samsung.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@
"Solutions/Samsung Knox Asset Intelligence/Analytic Rules/SamsungKnoxSuspiciousURLs.yaml"
],
"BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\Samsung Knox Asset Intelligence",
"Version": "3.0.0",
"Version": "3.0.1",
"Metadata": "SolutionMetadata.json",
"TemplateSpec": true,
"Is1PConnector": false
Expand Down
Binary file added Solutions/Samsung Knox Asset Intelligence/Package/3.0.1.zip
View file
Binary file not shown.
94 changes: 47 additions & 47 deletions Solutions/Samsung Knox Asset Intelligence/Package/mainTemplate.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,8 +41,8 @@
"email": "[email protected]",
"_email": "[variables('email')]",
"_solutionName": "Samsung Knox Asset Intelligence",
"_solutionVersion": "3.0.0",
"solutionId": "samsungelectronics1734042706970.azure-sentinel-solution-samsung-knox-asset-intelligence",
"_solutionVersion": "3.0.1",
"solutionId": "samsungelectronics1734042706970.azure-sentinel-solution-samsung-knox-kai",
"_solutionId": "[variables('solutionId')]",
"uiConfigId1": "SamsungDCDefinition",
"_uiConfigId1": "[variables('uiConfigId1')]",
Expand Down Expand Up @@ -121,7 +121,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "Samsung Knox Asset Intelligence data connector with template version 3.0.0",
"description": "Samsung Knox Asset Intelligence data connector with template version 3.0.1",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('dataConnectorVersion1')]",
Expand Down Expand Up @@ -451,7 +451,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "SamsungKnoxAssetIntelligence Workbook with template version 3.0.0",
"description": "SamsungKnoxAssetIntelligence Workbook with template version 3.0.1",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('workbookVersion1')]",
Expand Down Expand Up @@ -559,7 +559,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "SamsungKnoxApplicationPrivilegeEscalationOrChange_AnalyticalRules Analytics Rule with template version 3.0.0",
"description": "SamsungKnoxApplicationPrivilegeEscalationOrChange_AnalyticalRules Analytics Rule with template version 3.0.1",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('analyticRuleObject1').analyticRuleVersion1]",
Expand All @@ -583,10 +583,10 @@
"status": "Available",
"requiredDataConnectors": [
{
"connectorId": "SamsungDCDefinition",
"dataTypes": [
"Samsung_Knox_Process_CL"
],
"connectorId": "SamsungDCDefinition"
]
}
],
"tactics": [
Expand All @@ -599,13 +599,13 @@
"aggregationKind": "SingleAlert"
},
"incidentConfiguration": {
"createIncident": true,
"groupingConfiguration": {
"enabled": false,
"lookbackDuration": "5H",
"reopenClosedIncident": false,
"lookbackDuration": "5H",
"matchingMethod": "AllEntities"
},
"createIncident": true
}
}
}
},
Expand Down Expand Up @@ -660,7 +660,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "SamsungKnoxKeyguardDisabledFeatureSet_AnalyticalRules Analytics Rule with template version 3.0.0",
"description": "SamsungKnoxKeyguardDisabledFeatureSet_AnalyticalRules Analytics Rule with template version 3.0.1",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('analyticRuleObject2').analyticRuleVersion2]",
Expand All @@ -684,10 +684,10 @@
"status": "Available",
"requiredDataConnectors": [
{
"connectorId": "SamsungDCDefinition",
"dataTypes": [
"Samsung_Knox_Audit_CL"
],
"connectorId": "SamsungDCDefinition"
]
}
],
"tactics": [
Expand All @@ -700,13 +700,13 @@
"aggregationKind": "SingleAlert"
},
"incidentConfiguration": {
"createIncident": true,
"groupingConfiguration": {
"enabled": false,
"lookbackDuration": "5H",
"reopenClosedIncident": false,
"lookbackDuration": "5H",
"matchingMethod": "AllEntities"
},
"createIncident": true
}
}
}
},
Expand Down Expand Up @@ -761,7 +761,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "SamsungKnoxMobileDeviceBootCompromise_AnalyticalRules Analytics Rule with template version 3.0.0",
"description": "SamsungKnoxMobileDeviceBootCompromise_AnalyticalRules Analytics Rule with template version 3.0.1",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('analyticRuleObject3').analyticRuleVersion3]",
Expand All @@ -785,10 +785,10 @@
"status": "Available",
"requiredDataConnectors": [
{
"connectorId": "SamsungDCDefinition",
"dataTypes": [
"Samsung_Knox_System_CL"
],
"connectorId": "SamsungDCDefinition"
]
}
],
"tactics": [
Expand All @@ -801,13 +801,13 @@
"aggregationKind": "SingleAlert"
},
"incidentConfiguration": {
"createIncident": true,
"groupingConfiguration": {
"enabled": false,
"lookbackDuration": "5H",
"reopenClosedIncident": false,
"lookbackDuration": "5H",
"matchingMethod": "AllEntities"
},
"createIncident": true
}
}
}
},
Expand Down Expand Up @@ -862,7 +862,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "SamsungKnoxPasswordLockout_AnalyticalRules Analytics Rule with template version 3.0.0",
"description": "SamsungKnoxPasswordLockout_AnalyticalRules Analytics Rule with template version 3.0.1",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('analyticRuleObject4').analyticRuleVersion4]",
Expand All @@ -886,10 +886,10 @@
"status": "Available",
"requiredDataConnectors": [
{
"connectorId": "SamsungDCDefinition",
"dataTypes": [
"Samsung_Knox_User_CL"
],
"connectorId": "SamsungDCDefinition"
]
}
],
"tactics": [
Expand All @@ -902,13 +902,13 @@
"aggregationKind": "SingleAlert"
},
"incidentConfiguration": {
"createIncident": true,
"groupingConfiguration": {
"enabled": false,
"lookbackDuration": "5H",
"reopenClosedIncident": false,
"lookbackDuration": "5H",
"matchingMethod": "AllEntities"
},
"createIncident": true
}
}
}
},
Expand Down Expand Up @@ -963,7 +963,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "SamsungKnoxPeripheralAccessDetectionWithCamera_AnalyticalRules Analytics Rule with template version 3.0.0",
"description": "SamsungKnoxPeripheralAccessDetectionWithCamera_AnalyticalRules Analytics Rule with template version 3.0.1",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('analyticRuleObject5').analyticRuleVersion5]",
Expand All @@ -987,23 +987,23 @@
"status": "Available",
"requiredDataConnectors": [
{
"connectorId": "SamsungDCDefinition",
"dataTypes": [
"Samsung_Knox_System_CL"
],
"connectorId": "SamsungDCDefinition"
]
}
],
"eventGroupingSettings": {
"aggregationKind": "SingleAlert"
},
"incidentConfiguration": {
"createIncident": true,
"groupingConfiguration": {
"enabled": false,
"lookbackDuration": "5H",
"reopenClosedIncident": false,
"lookbackDuration": "5H",
"matchingMethod": "AllEntities"
},
"createIncident": true
}
}
}
},
Expand Down Expand Up @@ -1058,7 +1058,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "SamsungKnoxPeripheralAccessDetectionWithMic_AnalyticalRules Analytics Rule with template version 3.0.0",
"description": "SamsungKnoxPeripheralAccessDetectionWithMic_AnalyticalRules Analytics Rule with template version 3.0.1",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('analyticRuleObject6').analyticRuleVersion6]",
Expand All @@ -1082,10 +1082,10 @@
"status": "Available",
"requiredDataConnectors": [
{
"connectorId": "SamsungDCDefinition",
"dataTypes": [
"Samsung_Knox_System_CL"
],
"connectorId": "SamsungDCDefinition"
]
}
],
"eventGroupingSettings": {
Expand All @@ -1095,13 +1095,13 @@
"alertDynamicProperties": []
},
"incidentConfiguration": {
"createIncident": true,
"groupingConfiguration": {
"enabled": false,
"lookbackDuration": "5H",
"reopenClosedIncident": false,
"lookbackDuration": "5H",
"matchingMethod": "AllEntities"
},
"createIncident": true
}
}
}
},
Expand Down Expand Up @@ -1156,7 +1156,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "SamsungKnoxSuspiciousURLs_AnalyticalRules Analytics Rule with template version 3.0.0",
"description": "SamsungKnoxSuspiciousURLs_AnalyticalRules Analytics Rule with template version 3.0.1",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('analyticRuleObject7').analyticRuleVersion7]",
Expand All @@ -1180,10 +1180,10 @@
"status": "Available",
"requiredDataConnectors": [
{
"connectorId": "SamsungDCDefinition",
"dataTypes": [
"Samsung_Knox_User_CL"
],
"connectorId": "SamsungDCDefinition"
]
}
],
"tactics": [
Expand All @@ -1196,13 +1196,13 @@
"aggregationKind": "SingleAlert"
},
"incidentConfiguration": {
"createIncident": true,
"groupingConfiguration": {
"enabled": false,
"lookbackDuration": "5H",
"reopenClosedIncident": false,
"lookbackDuration": "5H",
"matchingMethod": "AllEntities"
},
"createIncident": true
}
}
}
},
Expand Down Expand Up @@ -1253,7 +1253,7 @@
"apiVersion": "2023-04-01-preview",
"location": "[parameters('workspace-location')]",
"properties": {
"version": "3.0.0",
"version": "3.0.1",
"kind": "Solution",
"contentSchemaVersion": "3.0.0",
"displayName": "Samsung Knox Asset Intelligence",
Expand Down
8 changes: 5 additions & 3 deletions Solutions/Samsung Knox Asset Intelligence/ReleaseNotes.md
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
| **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** |
|-------------|--------------------------------|----------------------------------------------------|
| 3.0.0 | 30-12-2024 | Initial Solution Release |
| **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** |
|-------------|--------------------------------|--------------------------|
| 3.0.0 | 30-12-2024 | Initial Solution Release |
| 3.0.1 | 03-01-2025 | Updated Solution offerId |

2 changes: 1 addition & 1 deletion Solutions/Samsung Knox Asset Intelligence/SolutionMetadata.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"publisherId": "samsungelectronics1734042706970",
"offerId": "azure-sentinel-solution-samsung-knox-asset-intelligence",
"offerId": "azure-sentinel-solution-samsung-knox-kai",
"firstPublishDate": "2025-01-15",
"providers": ["Samsung"],
"categories": {
Expand Down

0 comments on commit a116c9c

Please sign in to comment.