Merge pull request #11610 from riskive/zerofox/update-alerts-version

Zerofox/update alerts version

Solutions/ZeroFox/Data Connectors/Alerts/alerts_connector.json

@@ -1,6 +1,6 @@
 {
   "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-  "contentVersion": "1.0.0.0",
+  "contentVersion": "1.0.1.0",
   "parameters": {
     "workspace": {
       "type": "string",

Solutions/ZeroFox/Data/Solution_ZeroFox.json

@@ -1,22 +1,21 @@
 {
-    "Name": "ZeroFox",
-    "Author": "ZeroFox - [email protected]",
-    "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/foxy-mark.svg\" width=\"75px\" height=\"75px\">",
-    "Description": "The [ZeroFox](https://www.zerofox.com/) solution for Microsoft Sentinel enables you to ingest [ZeroFox Alerts](https://www.zerofox.com/platform/) and [ZeroFox CTI events](https://www.zerofox.com/threat-intelligence/) into Microsoft Sentinel using the ZeroFox API. \n\n**Underlying Microsoft Technologies used:**\n\nThis solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\n\na. [Azure Monitor HTTP Data Collector API](https://docs.microsoft.com/azure/azure-monitor/logs/data-collector-api)\n\nb. [Azure Functions](https://azure.microsoft.com/services/functions/#overview)",
-    "Data Connectors": [
-      "Data Connectors/CTI/ZeroFoxCTI.json",
-      "Data Connectors/Alerts/alerts_connector.json"
-    ],
-    "Analytic Rules": [
-      "Analytic Rules/ZF_Alerts_HighSeverityRule.yaml",
-      "Analytic Rules/ZF_Alerts_InformationalSeverityRule.yaml",
-      "Analytic Rules/ZF_Alerts_LowSeverityRule.yaml",
-      "Analytic Rules/ZF_Alerts_MediumSeverityRule.yaml"
-    ],
-    "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\ZeroFox",
-    "Version": "3.2.0",
-    "Metadata": "SolutionMetadata.json",
-    "TemplateSpec": true,
-    "Is1Pconnector": false
-  }
-
+  "Name": "ZeroFox",
+  "Author": "ZeroFox - [email protected]",
+  "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/foxy-mark.svg\" width=\"75px\" height=\"75px\">",
+  "Description": "The [ZeroFox](https://www.zerofox.com/) solution for Microsoft Sentinel enables you to ingest [ZeroFox Alerts](https://www.zerofox.com/platform/) and [ZeroFox CTI events](https://www.zerofox.com/threat-intelligence/) into Microsoft Sentinel using the ZeroFox API. \n\n**Underlying Microsoft Technologies used:**\n\nThis solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\n\na. [Azure Monitor HTTP Data Collector API](https://docs.microsoft.com/azure/azure-monitor/logs/data-collector-api)\n\nb. [Azure Functions](https://azure.microsoft.com/services/functions/#overview)",
+  "Data Connectors": [
+    "Data Connectors/CTI/ZeroFoxCTI.json",
+    "Data Connectors/Alerts/alerts_connector.json"
+  ],
+  "Analytic Rules": [
+    "Analytic Rules/ZF_Alerts_HighSeverityRule.yaml",
+    "Analytic Rules/ZF_Alerts_InformationalSeverityRule.yaml",
+    "Analytic Rules/ZF_Alerts_LowSeverityRule.yaml",
+    "Analytic Rules/ZF_Alerts_MediumSeverityRule.yaml"
+  ],
+  "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\ZeroFox",
+  "Version": "3.2.1",
+  "Metadata": "SolutionMetadata.json",
+  "TemplateSpec": true,
+  "Is1Pconnector": false
+}

Solutions/ZeroFox/Package/mainTemplate.json

@@ -33,7 +33,7 @@
     "email": "[email protected]",
     "_email": "[variables('email')]",
     "_solutionName": "ZeroFox",
-    "_solutionVersion": "3.2.0",
+    "_solutionVersion": "3.2.1",
     "solutionId": "zerofoxinc1695922129370.zerofox-sentinel-connector",
     "_solutionId": "[variables('solutionId')]",
     "uiConfigId1": "ZeroFoxCTIDataConnector",
@@ -52,35 +52,35 @@
     "dataConnectorId2": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId2'))]",
     "_dataConnectorId2": "[variables('dataConnectorId2')]",
     "dataConnectorTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId2'))))]",
-    "dataConnectorVersion2": "1.0.0",
+    "dataConnectorVersion2": "1.0.1",
     "_dataConnectorcontentProductId2": "[concat(take(variables('_solutionId'),50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentId2'),'-', variables('dataConnectorVersion2'))))]",
     "analyticRuleObject1": {
-      "analyticRuleVersion1": "1.0.0",
+      "analyticRuleVersion1": "1.0.1",
       "_analyticRulecontentId1": "deb45e6d-892f-40bf-9118-e2a6f26b788d",
       "analyticRuleId1": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'deb45e6d-892f-40bf-9118-e2a6f26b788d')]",
       "analyticRuleTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('deb45e6d-892f-40bf-9118-e2a6f26b788d')))]",
-      "_analyticRulecontentProductId1": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','deb45e6d-892f-40bf-9118-e2a6f26b788d','-', '1.0.0')))]"
+      "_analyticRulecontentProductId1": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','deb45e6d-892f-40bf-9118-e2a6f26b788d','-', '1.0.1')))]"
     },
     "analyticRuleObject2": {
-      "analyticRuleVersion2": "1.0.0",
+      "analyticRuleVersion2": "1.0.1",
       "_analyticRulecontentId2": "6f7a7413-b72f-4361-84ee-897baeb9c6d4",
       "analyticRuleId2": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '6f7a7413-b72f-4361-84ee-897baeb9c6d4')]",
       "analyticRuleTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('6f7a7413-b72f-4361-84ee-897baeb9c6d4')))]",
-      "_analyticRulecontentProductId2": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','6f7a7413-b72f-4361-84ee-897baeb9c6d4','-', '1.0.0')))]"
+      "_analyticRulecontentProductId2": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','6f7a7413-b72f-4361-84ee-897baeb9c6d4','-', '1.0.1')))]"
     },
     "analyticRuleObject3": {
-      "analyticRuleVersion3": "1.0.0",
+      "analyticRuleVersion3": "1.0.1",
       "_analyticRulecontentId3": "e0c7a91a-7aa1-498a-9c20-cd6c721f9345",
       "analyticRuleId3": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'e0c7a91a-7aa1-498a-9c20-cd6c721f9345')]",
       "analyticRuleTemplateSpecName3": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('e0c7a91a-7aa1-498a-9c20-cd6c721f9345')))]",
-      "_analyticRulecontentProductId3": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','e0c7a91a-7aa1-498a-9c20-cd6c721f9345','-', '1.0.0')))]"
+      "_analyticRulecontentProductId3": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','e0c7a91a-7aa1-498a-9c20-cd6c721f9345','-', '1.0.1')))]"
     },
     "analyticRuleObject4": {
-      "analyticRuleVersion4": "1.0.0",
+      "analyticRuleVersion4": "1.0.1",
       "_analyticRulecontentId4": "a6496de5-911b-4199-b7db-d34ac9d70df3",
       "analyticRuleId4": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'a6496de5-911b-4199-b7db-d34ac9d70df3')]",
       "analyticRuleTemplateSpecName4": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('a6496de5-911b-4199-b7db-d34ac9d70df3')))]",
-      "_analyticRulecontentProductId4": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','a6496de5-911b-4199-b7db-d34ac9d70df3','-', '1.0.0')))]"
+      "_analyticRulecontentProductId4": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','a6496de5-911b-4199-b7db-d34ac9d70df3','-', '1.0.1')))]"
     },
     "_solutioncontentProductId": "[concat(take(variables('_solutionId'),50),'-','sl','-', uniqueString(concat(variables('_solutionId'),'-','Solution','-',variables('_solutionId'),'-', variables('_solutionVersion'))))]"
   },

Solutions/ZeroFox/ReleaseNotes.md

@@ -1,5 +1,6 @@
 | **Version**   | **Date Modified (DD-MM-YYYY)**   | **Change History**                                                                                  |
 |---------------|----------------------------------|-----------------------------------------------------------------------------------------------------|
+| 3.2.1         | 26-12-2024                       | Update alerts data connector version that fix issues in fetching updates                            |
 | 3.2.0         | 26-09-2024                       | Changed query parameter in alerts connector for fetching updates                                    |
 | 3.1.0         | 26-07-2024                       | Updated ZeroFox connector to generate result batches and implemented async Sentinel connector logic |
 | 3.0.1         | 30-04-2024                       | Fixed Solution Metadata for deployment                                                              |