![](\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/akamai.svg\"width=\"75px\"height=\"75px\")
\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Akamai%20Security%20Events/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe Akamai Security Solution for Microsoft Sentinel enables ingestion of [Akamai Security Solutions](https://www.akamai.com/solutions/security) events using the Common Event Format (CEF) into Microsoft Sentinel for Security Monitoring. \n\nThis solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.\n\n**NOTE:** Microsoft recommends installation of CEF via AMA Connector. The existing connectors are about to be deprecated by **Aug 31, 2024.**\n\n **Data connector:** 1,**Parsers:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+ "description": "\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Akamai%20Security%20Events/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe Akamai Security Solution for Microsoft Sentinel enables ingestion of [Akamai Security Solutions](https://www.akamai.com/solutions/security) events using the Common Event Format (CEF) into Microsoft Sentinel for Security Monitoring. \n\nThis solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.\n\n**NOTE:** Microsoft recommends installation of CEF via AMA Connector. The existing connectors are about to be deprecated by **Aug 31, 2024.**\n\n**Parsers:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
"subscription": {
"resourceProviders": [
"Microsoft.OperationsManagement/solutions",
diff --git a/Solutions/Akamai Security Events/Package/mainTemplate.json b/Solutions/Akamai Security Events/Package/mainTemplate.json
index ad2858a91af..e7238551be5 100644
--- a/Solutions/Akamai Security Events/Package/mainTemplate.json
+++ b/Solutions/Akamai Security Events/Package/mainTemplate.json
@@ -188,7 +188,7 @@
"contentSchemaVersion": "3.0.0",
"displayName": "Akamai Security Events",
"publisherDisplayName": "Microsoft Sentinel, Microsoft Corporation",
- "descriptionHtml": "Note: Please refer to the following before installing the solution:
\n• Review the solution Release Notes
\n• There may be known issues pertaining to this Solution, please refer to them before installing.
\nThe Akamai Security Solution for Microsoft Sentinel enables ingestion of Akamai Security Solutions events using the Common Event Format (CEF) into Microsoft Sentinel for Security Monitoring.
\nThis solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.
\nNOTE: Microsoft recommends installation of CEF via AMA Connector. The existing connectors are about to be deprecated by Aug 31, 2024.
\nData Connector: 1,Parsers: 1
\nLearn more about Microsoft Sentinel | Learn more about Solutions
\n", + "descriptionHtml": "Note: Please refer to the following before installing the solution:
\n• Review the solution Release Notes
\n• There may be known issues pertaining to this Solution, please refer to them before installing.
\nThe Akamai Security Solution for Microsoft Sentinel enables ingestion of Akamai Security Solutions events using the Common Event Format (CEF) into Microsoft Sentinel for Security Monitoring.
\nThis solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.
\nNOTE: Microsoft recommends installation of CEF via AMA Connector. The existing connectors are about to be deprecated by Aug 31, 2024.
\nParsers: 1
\nLearn more about Microsoft Sentinel | Learn more about Solutions
\n", "contentKind": "Solution", "contentProductId": "[variables('_solutioncontentProductId')]", "id": "[variables('_solutioncontentProductId')]", diff --git a/Solutions/CrowdStrike Falcon Endpoint Protection/Package/3.0.9.zip b/Solutions/CrowdStrike Falcon Endpoint Protection/Package/3.0.9.zip index c33daac9077..33525ef31fc 100644 Binary files a/Solutions/CrowdStrike Falcon Endpoint Protection/Package/3.0.9.zip and b/Solutions/CrowdStrike Falcon Endpoint Protection/Package/3.0.9.zip differ diff --git a/Solutions/CrowdStrike Falcon Endpoint Protection/Package/createUiDefinition.json b/Solutions/CrowdStrike Falcon Endpoint Protection/Package/createUiDefinition.json index 02bd9cc1667..8fef81e4130 100644 --- a/Solutions/CrowdStrike Falcon Endpoint Protection/Package/createUiDefinition.json +++ b/Solutions/CrowdStrike Falcon Endpoint Protection/Package/createUiDefinition.json @@ -6,7 +6,7 @@ "config": { "isWizard": false, "basics": { - "description": "![](\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/CrowdStrike%20Falcon%20Endpoint%20Protection/Data%20Connectors/Logo/crowdstrike.svg\"){kind=logo}
\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/CrowdStrike%20Falcon%20Endpoint%20Protection/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [CrowdStrike Falcon Endpoint Protection](https://www.crowdstrike.com/products/) solution allows you to easily connect your CrowdStrike Falcon Event Stream with Microsoft Sentinel, to create custom dashboards, alerts, and improve investigation. This gives you more insight into your organization's endpoints and improves your security operation capabilities. \n\nThis solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.\n\n**NOTE:** Microsoft recommends installation of CEF via AMA Connector. The existing connectors are about to be deprecated by **Aug 31, 2024**.\n\n**Data Connectors:** 4, **Parsers:** 3, **Workbooks:** 1, **Analytic Rules:** 2, **Playbooks:** 3\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+ "description": "\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/CrowdStrike%20Falcon%20Endpoint%20Protection/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [CrowdStrike Falcon Endpoint Protection](https://www.crowdstrike.com/products/) solution allows you to easily connect your CrowdStrike Falcon Event Stream with Microsoft Sentinel, to create custom dashboards, alerts, and improve investigation. This gives you more insight into your organization's endpoints and improves your security operation capabilities. \n\nThis solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.\n\n**NOTE:** Microsoft recommends installation of CEF via AMA Connector. The existing connectors are about to be deprecated by **Aug 31, 2024**.\n\n**Data Connectors:** 3, **Parsers:** 3, **Workbooks:** 1, **Analytic Rules:** 2, **Playbooks:** 3\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
"subscription": {
"resourceProviders": [
"Microsoft.OperationsManagement/solutions",
diff --git a/Solutions/CrowdStrike Falcon Endpoint Protection/Package/mainTemplate.json b/Solutions/CrowdStrike Falcon Endpoint Protection/Package/mainTemplate.json
index fd1a26eaca1..f68139b0e70 100644
--- a/Solutions/CrowdStrike Falcon Endpoint Protection/Package/mainTemplate.json
+++ b/Solutions/CrowdStrike Falcon Endpoint Protection/Package/mainTemplate.json
@@ -4911,7 +4911,7 @@
"contentSchemaVersion": "3.0.0",
"displayName": "CrowdStrike Falcon Endpoint Protection",
"publisherDisplayName": "Microsoft Sentinel, Microsoft Corporation",
- "descriptionHtml": "Note: Please refer to the following before installing the solution:
\n• Review the solution Release Notes
\n• There may be known issues pertaining to this Solution, please refer to them before installing.
\nThe CrowdStrike Falcon Endpoint Protection solution allows you to easily connect your CrowdStrike Falcon Event Stream with Microsoft Sentinel, to create custom dashboards, alerts, and improve investigation. This gives you more insight into your organization's endpoints and improves your security operation capabilities.
\nThis solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.
\nNOTE: Microsoft recommends installation of CEF via AMA Connector. The existing connectors are about to be deprecated by Aug 31, 2024.
\nData Connectors: 4, Parsers: 3, Workbooks: 1, Analytic Rules: 2, Playbooks: 3
\nLearn more about Microsoft Sentinel | Learn more about Solutions
\n", + "descriptionHtml": "Note: Please refer to the following before installing the solution:
\n• Review the solution Release Notes
\n• There may be known issues pertaining to this Solution, please refer to them before installing.
\nThe CrowdStrike Falcon Endpoint Protection solution allows you to easily connect your CrowdStrike Falcon Event Stream with Microsoft Sentinel, to create custom dashboards, alerts, and improve investigation. This gives you more insight into your organization's endpoints and improves your security operation capabilities.
\nThis solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.
\nNOTE: Microsoft recommends installation of CEF via AMA Connector. The existing connectors are about to be deprecated by Aug 31, 2024.
\nData Connectors: 3, Parsers: 3, Workbooks: 1, Analytic Rules: 2, Playbooks: 3
\nLearn more about Microsoft Sentinel | Learn more about Solutions
\n", "contentKind": "Solution", "contentProductId": "[variables('_solutioncontentProductId')]", "id": "[variables('_solutioncontentProductId')]", diff --git a/Solutions/Fortinet FortiGate Next-Generation Firewall connector for Microsoft Sentinel/Package/3.0.7.zip b/Solutions/Fortinet FortiGate Next-Generation Firewall connector for Microsoft Sentinel/Package/3.0.7.zip index 22f9405089b..854fd5bb7f3 100644 Binary files a/Solutions/Fortinet FortiGate Next-Generation Firewall connector for Microsoft Sentinel/Package/3.0.7.zip and b/Solutions/Fortinet FortiGate Next-Generation Firewall connector for Microsoft Sentinel/Package/3.0.7.zip differ diff --git a/Solutions/Fortinet FortiGate Next-Generation Firewall connector for Microsoft Sentinel/Package/createUiDefinition.json b/Solutions/Fortinet FortiGate Next-Generation Firewall connector for Microsoft Sentinel/Package/createUiDefinition.json index a683207bed8..7d2195bb346 100644 --- a/Solutions/Fortinet FortiGate Next-Generation Firewall connector for Microsoft Sentinel/Package/createUiDefinition.json +++ b/Solutions/Fortinet FortiGate Next-Generation Firewall connector for Microsoft Sentinel/Package/createUiDefinition.json @@ -6,7 +6,7 @@ "config": { "isWizard": false, "basics": { - "description": "![](\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\")
\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Fortinet%20FortiGate%20Next-Generation%20Firewall%20connector%20for%20Microsoft%20Sentinel/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nGain insight into your organization's network and improve your security operation capabilities with the [Fortinet FortiGate Next-generation Firewall](https://www.fortinet.com/products/next-generation-firewall) Solution for Microsoft Sentinel. It allows you to easily connect your FortiGate logs with Microsoft Sentinel. This enables you to view dashboards, create custom alerts, and improve investigation. \n\n Playbooks are included to help in automated remediation \n\n For questions about [FortiGate](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/fortinet.fortinet_fortigate-vm_v5?tab=Overview), please contact Fortinet at [azuresales@fortinet.com](mailto:azuresales@fortinet.com).\n\n This solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation. \n\n**NOTE:** Microsoft recommends installation of CEF via AMA Connector. The existing connectors are about to be deprecated by **Aug 31, 2024**.\n\n**Data Connector:** 1,**Workbooks:** 1, **Custom Azure Logic Apps Connectors:** 1, **Function Apps:** 1, **Playbooks:** 3\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+ "description": "\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Fortinet%20FortiGate%20Next-Generation%20Firewall%20connector%20for%20Microsoft%20Sentinel/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nGain insight into your organization's network and improve your security operation capabilities with the [Fortinet FortiGate Next-generation Firewall](https://www.fortinet.com/products/next-generation-firewall) Solution for Microsoft Sentinel. It allows you to easily connect your FortiGate logs with Microsoft Sentinel. This enables you to view dashboards, create custom alerts, and improve investigation. \n\n Playbooks are included to help in automated remediation \n\n For questions about [FortiGate](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/fortinet.fortinet_fortigate-vm_v5?tab=Overview), please contact Fortinet at [azuresales@fortinet.com](mailto:azuresales@fortinet.com).\n\n This solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation. \n\n**NOTE:** Microsoft recommends installation of CEF via AMA Connector. The existing connectors are about to be deprecated by **Aug 31, 2024**.\n\n**Workbooks:** 1, **Custom Azure Logic Apps Connectors:** 1, **Function Apps:** 1, **Playbooks:** 3\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
"subscription": {
"resourceProviders": [
"Microsoft.OperationsManagement/solutions",
diff --git a/Solutions/Fortinet FortiGate Next-Generation Firewall connector for Microsoft Sentinel/Package/mainTemplate.json b/Solutions/Fortinet FortiGate Next-Generation Firewall connector for Microsoft Sentinel/Package/mainTemplate.json
index bab28c10f6b..40c6f96b18a 100644
--- a/Solutions/Fortinet FortiGate Next-Generation Firewall connector for Microsoft Sentinel/Package/mainTemplate.json
+++ b/Solutions/Fortinet FortiGate Next-Generation Firewall connector for Microsoft Sentinel/Package/mainTemplate.json
@@ -1991,7 +1991,7 @@
],
"metadata": {
"comments": "This Fortinet custom connector uses Fortinet-Fortigate API to perform different actions on Forinet VM",
- "lastUpdateTime": "2024-11-11T16:34:06.399Z",
+ "lastUpdateTime": "2024-11-14T15:07:30.498Z",
"releaseNotes": {
"version": "1.0",
"title": "[variables('blanks')]",
@@ -11364,7 +11364,7 @@
"contentSchemaVersion": "3.0.0",
"displayName": "Fortinet FortiGate Next-Generation Firewall connector for Microsoft Sentinel",
"publisherDisplayName": "Microsoft Sentinel, Microsoft Corporation",
- "descriptionHtml": "Note: Please refer to the following before installing the solution:
\n• Review the solution Release Notes
\n• There may be known issues pertaining to this Solution, please refer to them before installing.
\nGain insight into your organization's network and improve your security operation capabilities with the Fortinet FortiGate Next-generation Firewall Solution for Microsoft Sentinel. It allows you to easily connect your FortiGate logs with Microsoft Sentinel. This enables you to view dashboards, create custom alerts, and improve investigation.
\nPlaybooks are included to help in automated remediation
\nFor questions about FortiGate, please contact Fortinet at azuresales@fortinet.com.
\nThis solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.
\nNOTE: Microsoft recommends installation of CEF via AMA Connector. The existing connectors are about to be deprecated by Aug 31, 2024.
\nData Connector: 1,Workbooks: 1, Custom Azure Logic Apps Connectors: 1, Function Apps: 1, Playbooks: 3
\nLearn more about Microsoft Sentinel | Learn more about Solutions
\n", + "descriptionHtml": "Note: Please refer to the following before installing the solution:
\n• Review the solution Release Notes
\n• There may be known issues pertaining to this Solution, please refer to them before installing.
\nGain insight into your organization's network and improve your security operation capabilities with the Fortinet FortiGate Next-generation Firewall Solution for Microsoft Sentinel. It allows you to easily connect your FortiGate logs with Microsoft Sentinel. This enables you to view dashboards, create custom alerts, and improve investigation.
\nPlaybooks are included to help in automated remediation
\nFor questions about FortiGate, please contact Fortinet at azuresales@fortinet.com.
\nThis solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.
\nNOTE: Microsoft recommends installation of CEF via AMA Connector. The existing connectors are about to be deprecated by Aug 31, 2024.
\nWorkbooks: 1, Custom Azure Logic Apps Connectors: 1, Function Apps: 1, Playbooks: 3
\nLearn more about Microsoft Sentinel | Learn more about Solutions
\n", "contentKind": "Solution", "contentProductId": "[variables('_solutioncontentProductId')]", "id": "[variables('_solutioncontentProductId')]", diff --git a/Solutions/PaloAlto-PAN-OS/Package/3.0.8.zip b/Solutions/PaloAlto-PAN-OS/Package/3.0.8.zip new file mode 100644 index 00000000000..d5a1c72196c Binary files /dev/null and b/Solutions/PaloAlto-PAN-OS/Package/3.0.8.zip differ diff --git a/Solutions/PaloAlto-PAN-OS/Package/createUiDefinition.json b/Solutions/PaloAlto-PAN-OS/Package/createUiDefinition.json index 4bf8c64ce83..4e9d6017922 100644 --- a/Solutions/PaloAlto-PAN-OS/Package/createUiDefinition.json +++ b/Solutions/PaloAlto-PAN-OS/Package/createUiDefinition.json @@ -6,7 +6,7 @@ "config": { "isWizard": false, "basics": { - "description": "![](\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/PaloAlto-PAN-OS/logo/Palo-alto-logo.png\"){kind=logo}
\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/PaloAlto-PAN-OS/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Palo Alto Networks (Firewall)](https://www.paloaltonetworks.com/network-security/next-generation-firewall) Solution for Microsoft Sentinel allows you to easily connect your Palo Alto Networks Firewall logs with Microsoft Sentinel, to view dashboards, create custom alerts, and improve investigation. This gives you more insight into your organization's network and improves your security operation capabilities. This solution also contains playbooks to help in automated remediation.\n\nThis solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.\n\n**NOTE:** Microsoft recommends installation of CEF via AMA Connector. The existing connectors are about to be deprecated by **Aug 31, 2024**.\n\n**Data Connector:** 1,**Workbooks:** 2, **Analytic Rules:** 4, **Hunting Queries:** 2, **Custom Azure Logic Apps Connectors:** 2, **Playbooks:** 7\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+ "description": "\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/PaloAlto-PAN-OS/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Palo Alto Networks (Firewall)](https://www.paloaltonetworks.com/network-security/next-generation-firewall) Solution for Microsoft Sentinel allows you to easily connect your Palo Alto Networks Firewall logs with Microsoft Sentinel, to view dashboards, create custom alerts, and improve investigation. This gives you more insight into your organization's network and improves your security operation capabilities. This solution also contains playbooks to help in automated remediation.\n\nThis solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.\n\n**NOTE:** Microsoft recommends installation of CEF via AMA Connector. The existing connectors are about to be deprecated by **Aug 31, 2024**.\n\n**Workbooks:** 2, **Analytic Rules:** 4, **Hunting Queries:** 2, **Custom Azure Logic Apps Connectors:** 2, **Playbooks:** 7\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
"subscription": {
"resourceProviders": [
"Microsoft.OperationsManagement/solutions",
diff --git a/Solutions/PaloAlto-PAN-OS/Package/mainTemplate.json b/Solutions/PaloAlto-PAN-OS/Package/mainTemplate.json
index e680cbaff9d..935a0545101 100644
--- a/Solutions/PaloAlto-PAN-OS/Package/mainTemplate.json
+++ b/Solutions/PaloAlto-PAN-OS/Package/mainTemplate.json
@@ -49,7 +49,7 @@
"email": "support@microsoft.com",
"_email": "[variables('email')]",
"_solutionName": "PaloAlto-PAN-OS",
- "_solutionVersion": "3.0.7",
+ "_solutionVersion": "3.0.8",
"solutionId": "azuresentinel.azure-sentinel-solution-paloaltopanos",
"_solutionId": "[variables('solutionId')]",
"huntingQueryObject1": {
@@ -188,7 +188,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
- "description": "PaloAlto-HighRiskPorts_HuntingQueries Hunting Query with template version 3.0.7",
+ "description": "PaloAlto-HighRiskPorts_HuntingQueries Hunting Query with template version 3.0.8",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('huntingQueryObject1').huntingQueryVersion1]",
@@ -269,7 +269,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
- "description": "Palo Alto - potential beaconing detected_HuntingQueries Hunting Query with template version 3.0.7",
+ "description": "Palo Alto - potential beaconing detected_HuntingQueries Hunting Query with template version 3.0.8",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('huntingQueryObject2').huntingQueryVersion2]",
@@ -354,7 +354,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
- "description": "PaloAltoOverview Workbook with template version 3.0.7",
+ "description": "PaloAltoOverview Workbook with template version 3.0.8",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('workbookVersion1')]",
@@ -410,10 +410,6 @@
"contentId": "CommonSecurityLog",
"kind": "DataType"
},
- {
- "contentId": "PaloAltoNetworks",
- "kind": "DataConnector"
- },
{
"contentId": "CefAma",
"kind": "DataConnector"
@@ -446,7 +442,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
- "description": "PaloAltoNetworkThreat Workbook with template version 3.0.7",
+ "description": "PaloAltoNetworkThreat Workbook with template version 3.0.8",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('workbookVersion2')]",
@@ -502,10 +498,6 @@
"contentId": "CommonSecurityLog",
"kind": "DataType"
},
- {
- "contentId": "PaloAltoNetworks",
- "kind": "DataConnector"
- },
{
"contentId": "CefAma",
"kind": "DataConnector"
@@ -538,7 +530,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
- "description": "PaloAlto-UnusualThreatSignatures_AnalyticalRules Analytics Rule with template version 3.0.7",
+ "description": "PaloAlto-UnusualThreatSignatures_AnalyticalRules Analytics Rule with template version 3.0.8",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('analyticRuleObject1').analyticRuleVersion1]",
@@ -589,8 +581,8 @@
{
"fieldMappings": [
{
- "columnName": "SourceIP",
- "identifier": "Address"
+ "identifier": "Address",
+ "columnName": "SourceIP"
}
],
"entityType": "IP"
@@ -649,7 +641,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
- "description": "FileHashEntity_Covid19_CommonSecurityLog_AnalyticalRules Analytics Rule with template version 3.0.7",
+ "description": "FileHashEntity_Covid19_CommonSecurityLog_AnalyticalRules Analytics Rule with template version 3.0.8",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('analyticRuleObject2').analyticRuleVersion2]",
@@ -696,16 +688,16 @@
{
"fieldMappings": [
{
- "columnName": "SourceUserName",
- "identifier": "FullName"
+ "identifier": "FullName",
+ "columnName": "SourceUserName"
},
{
- "columnName": "AccountName",
- "identifier": "Name"
+ "identifier": "Name",
+ "columnName": "AccountName"
},
{
- "columnName": "AccountUPNSuffix",
- "identifier": "UPNSuffix"
+ "identifier": "UPNSuffix",
+ "columnName": "AccountUPNSuffix"
}
],
"entityType": "Account"
@@ -713,16 +705,16 @@
{
"fieldMappings": [
{
- "columnName": "DeviceName",
- "identifier": "FullName"
+ "identifier": "FullName",
+ "columnName": "DeviceName"
},
{
- "columnName": "HostName",
- "identifier": "HostName"
+ "identifier": "HostName",
+ "columnName": "HostName"
},
{
- "columnName": "HostNameDomain",
- "identifier": "DnsDomain"
+ "identifier": "DnsDomain",
+ "columnName": "HostNameDomain"
}
],
"entityType": "Host"
@@ -730,8 +722,8 @@
{
"fieldMappings": [
{
- "columnName": "SourceIP",
- "identifier": "Address"
+ "identifier": "Address",
+ "columnName": "SourceIP"
}
],
"entityType": "IP"
@@ -739,12 +731,12 @@
{
"fieldMappings": [
{
- "columnName": "FileHashValue",
- "identifier": "Value"
+ "identifier": "Value",
+ "columnName": "FileHashValue"
},
{
- "columnName": "FileHashType",
- "identifier": "Algorithm"
+ "identifier": "Algorithm",
+ "columnName": "FileHashType"
}
],
"entityType": "FileHash"
@@ -803,7 +795,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
- "description": "PaloAlto-NetworkBeaconing_AnalyticalRules Analytics Rule with template version 3.0.7",
+ "description": "PaloAlto-NetworkBeaconing_AnalyticalRules Analytics Rule with template version 3.0.8",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('analyticRuleObject3').analyticRuleVersion3]",
@@ -848,8 +840,8 @@
{
"fieldMappings": [
{
- "columnName": "AccountCustomEntity",
- "identifier": "FullName"
+ "identifier": "FullName",
+ "columnName": "AccountCustomEntity"
}
],
"entityType": "Account"
@@ -857,8 +849,8 @@
{
"fieldMappings": [
{
- "columnName": "HostCustomEntity",
- "identifier": "FullName"
+ "identifier": "FullName",
+ "columnName": "HostCustomEntity"
}
],
"entityType": "Host"
@@ -866,8 +858,8 @@
{
"fieldMappings": [
{
- "columnName": "IPCustomEntity",
- "identifier": "Address"
+ "identifier": "Address",
+ "columnName": "IPCustomEntity"
}
],
"entityType": "IP"
@@ -926,7 +918,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
- "description": "PaloAlto-PortScanning_AnalyticalRules Analytics Rule with template version 3.0.7",
+ "description": "PaloAlto-PortScanning_AnalyticalRules Analytics Rule with template version 3.0.8",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('analyticRuleObject4').analyticRuleVersion4]",
@@ -970,8 +962,8 @@
{
"fieldMappings": [
{
- "columnName": "AccountCustomEntity",
- "identifier": "FullName"
+ "identifier": "FullName",
+ "columnName": "AccountCustomEntity"
}
],
"entityType": "Account"
@@ -979,8 +971,8 @@
{
"fieldMappings": [
{
- "columnName": "HostCustomEntity",
- "identifier": "FullName"
+ "identifier": "FullName",
+ "columnName": "HostCustomEntity"
}
],
"entityType": "Host"
@@ -988,8 +980,8 @@
{
"fieldMappings": [
{
- "columnName": "IPCustomEntity",
- "identifier": "Address"
+ "identifier": "Address",
+ "columnName": "IPCustomEntity"
}
],
"entityType": "IP"
@@ -1048,7 +1040,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
- "description": "PaloAlto_PAN-OS_Rest_API_CustomConnector Playbook with template version 3.0.7",
+ "description": "PaloAlto_PAN-OS_Rest_API_CustomConnector Playbook with template version 3.0.8",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('playbookVersion1')]",
@@ -3243,7 +3235,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
- "description": "PaloAlto_PAN-OS_XML_API_CustomConnector Playbook with template version 3.0.7",
+ "description": "PaloAlto_PAN-OS_XML_API_CustomConnector Playbook with template version 3.0.8",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('playbookVersion2')]",
@@ -3430,7 +3422,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
- "description": "PaloAlto-PAN-OS-GetSystemInfo Playbook with template version 3.0.7",
+ "description": "PaloAlto-PAN-OS-GetSystemInfo Playbook with template version 3.0.8",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('playbookVersion3')]",
@@ -3677,7 +3669,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
- "description": "PaloAlto-PAN-OS-GetThreatPcap Playbook with template version 3.0.7",
+ "description": "PaloAlto-PAN-OS-GetThreatPcap Playbook with template version 3.0.8",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('playbookVersion4')]",
@@ -4213,7 +4205,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
- "description": "PaloAlto-PAN-OS-GetURLCategoryInfo Playbook with template version 3.0.7",
+ "description": "PaloAlto-PAN-OS-GetURLCategoryInfo Playbook with template version 3.0.8",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('playbookVersion5')]",
@@ -4651,7 +4643,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
- "description": "PaloAlto-PAN-OS-BlockIP Playbook with template version 3.0.7",
+ "description": "PaloAlto-PAN-OS-BlockIP Playbook with template version 3.0.8",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('playbookVersion6')]",
@@ -5803,7 +5795,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
- "description": "PaloAlto-PAN-OS-BlockURL Playbook with template version 3.0.7",
+ "description": "PaloAlto-PAN-OS-BlockURL Playbook with template version 3.0.8",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('playbookVersion7')]",
@@ -6955,7 +6947,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
- "description": "PaloAlto-PAN-OS-BlockURL-EntityTrigger Playbook with template version 3.0.7",
+ "description": "PaloAlto-PAN-OS-BlockURL-EntityTrigger Playbook with template version 3.0.8",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('playbookVersion8')]",
@@ -8059,7 +8051,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
- "description": "PaloAlto-PAN-OS-BlockIP-EntityTrigger Playbook with template version 3.0.7",
+ "description": "PaloAlto-PAN-OS-BlockIP-EntityTrigger Playbook with template version 3.0.8",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('playbookVersion9')]",
@@ -9160,12 +9152,12 @@
"apiVersion": "2023-04-01-preview",
"location": "[parameters('workspace-location')]",
"properties": {
- "version": "3.0.7",
+ "version": "3.0.8",
"kind": "Solution",
"contentSchemaVersion": "3.0.0",
"displayName": "PaloAlto-PAN-OS",
"publisherDisplayName": "Microsoft Sentinel, Microsoft Corporation",
- "descriptionHtml": "Note: Please refer to the following before installing the solution:
\n• Review the solution Release Notes
\n• There may be known issues pertaining to this Solution, please refer to them before installing.
\nThe Palo Alto Networks (Firewall) Solution for Microsoft Sentinel allows you to easily connect your Palo Alto Networks Firewall logs with Microsoft Sentinel, to view dashboards, create custom alerts, and improve investigation. This gives you more insight into your organization's network and improves your security operation capabilities. This solution also contains playbooks to help in automated remediation.
\nThis solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.
\nNOTE: Microsoft recommends installation of CEF via AMA Connector. The existing connectors are about to be deprecated by Aug 31, 2024.
\nData Connector: 1Workbooks: 2, Analytic Rules: 4, Hunting Queries: 2, Custom Azure Logic Apps Connectors: 2, Playbooks: 7
\nLearn more about Microsoft Sentinel | Learn more about Solutions
\n", + "descriptionHtml": "Note: Please refer to the following before installing the solution:
\n• Review the solution Release Notes
\n• There may be known issues pertaining to this Solution, please refer to them before installing.
\nThe Palo Alto Networks (Firewall) Solution for Microsoft Sentinel allows you to easily connect your Palo Alto Networks Firewall logs with Microsoft Sentinel, to view dashboards, create custom alerts, and improve investigation. This gives you more insight into your organization's network and improves your security operation capabilities. This solution also contains playbooks to help in automated remediation.
\nThis solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.
\nNOTE: Microsoft recommends installation of CEF via AMA Connector. The existing connectors are about to be deprecated by Aug 31, 2024.
\nWorkbooks: 2, Analytic Rules: 4, Hunting Queries: 2, Custom Azure Logic Apps Connectors: 2, Playbooks: 7
\nLearn more about Microsoft Sentinel | Learn more about Solutions
\n", "contentKind": "Solution", "contentProductId": "[variables('_solutioncontentProductId')]", "id": "[variables('_solutioncontentProductId')]", diff --git a/Solutions/PaloAlto-PAN-OS/ReleaseNotes.md b/Solutions/PaloAlto-PAN-OS/ReleaseNotes.md index ddaabecabd5..f061d7ff4f4 100644 --- a/Solutions/PaloAlto-PAN-OS/ReleaseNotes.md +++ b/Solutions/PaloAlto-PAN-OS/ReleaseNotes.md @@ -1,5 +1,6 @@ | **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** | |-------------|--------------------------------|--------------------------------------------------------------------| +| 3.0.8 | 15-11-2024 | Corrected **Data Connector** count in CreateUiDefinition | | 3.0.7 | 11-11-2024 | Removed Deprecated **Data Connector** | | | | Updated **Analytic Rule** for entity mappings | | 3.0.6 | 12-07-2024 | Deprecated **Data Connector** | diff --git a/Solutions/PaloAltoCDL/Package/3.0.3.zip b/Solutions/PaloAltoCDL/Package/3.0.3.zip index 8f1142309f3..1358d9006c9 100644 Binary files a/Solutions/PaloAltoCDL/Package/3.0.3.zip and b/Solutions/PaloAltoCDL/Package/3.0.3.zip differ diff --git a/Solutions/PaloAltoCDL/Package/createUiDefinition.json b/Solutions/PaloAltoCDL/Package/createUiDefinition.json index 5a4f27d54d1..98e2ba3938d 100644 --- a/Solutions/PaloAltoCDL/Package/createUiDefinition.json +++ b/Solutions/PaloAltoCDL/Package/createUiDefinition.json @@ -6,7 +6,7 @@ "config": { "isWizard": false, "basics": { - "description": "![](\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/PaloAltoCDL/logo/Palo-alto-logo.png\"){kind=logo}
\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/PaloAltoCDL/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Palo Alto Networks CDL](https://www.paloaltonetworks.com/cortex/cortex-data-lake) solution provides the capability to ingest [CDL logs](https://docs.paloaltonetworks.com/strata-logging-service/log-reference/log-forwarding-schema-overview) into Microsoft Sentinel.\n\nThis solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.\n\n**NOTE:** Microsoft recommends installation of CEF via AMA Connector. The existing connectors are about to be deprecated by **Aug 31, 2024**.\n\n**Data Connector:** 1,**Parsers:** 1, **Workbooks:** 1, **Analytic Rules:** 10, **Hunting Queries:** 10\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+ "description": "\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/PaloAltoCDL/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Palo Alto Networks CDL](https://www.paloaltonetworks.com/cortex/cortex-data-lake) solution provides the capability to ingest [CDL logs](https://docs.paloaltonetworks.com/strata-logging-service/log-reference/log-forwarding-schema-overview) into Microsoft Sentinel.\n\nThis solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.\n\n**NOTE:** Microsoft recommends installation of CEF via AMA Connector. The existing connectors are about to be deprecated by **Aug 31, 2024**.\n\n**Parsers:** 1, **Workbooks:** 1, **Analytic Rules:** 10, **Hunting Queries:** 10\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
"subscription": {
"resourceProviders": [
"Microsoft.OperationsManagement/solutions",
diff --git a/Solutions/PaloAltoCDL/Package/mainTemplate.json b/Solutions/PaloAltoCDL/Package/mainTemplate.json
index 6e694a165ae..56d81de475d 100644
--- a/Solutions/PaloAltoCDL/Package/mainTemplate.json
+++ b/Solutions/PaloAltoCDL/Package/mainTemplate.json
@@ -1296,10 +1296,10 @@
"status": "Available",
"requiredDataConnectors": [
{
- "connectorId": "CefAma",
"dataTypes": [
"CommonSecurityLog"
- ]
+ ],
+ "connectorId": "CefAma"
}
],
"tactics": [
@@ -1311,22 +1311,22 @@
],
"entityMappings": [
{
+ "entityType": "Account",
"fieldMappings": [
{
- "identifier": "Name",
- "columnName": "AccountCustomEntity"
+ "columnName": "AccountCustomEntity",
+ "identifier": "Name"
}
- ],
- "entityType": "Account"
+ ]
},
{
+ "entityType": "IP",
"fieldMappings": [
{
- "identifier": "Address",
- "columnName": "IPCustomEntity"
+ "columnName": "IPCustomEntity",
+ "identifier": "Address"
}
- ],
- "entityType": "IP"
+ ]
}
]
}
@@ -1410,10 +1410,10 @@
"status": "Available",
"requiredDataConnectors": [
{
- "connectorId": "CefAma",
"dataTypes": [
"CommonSecurityLog"
- ]
+ ],
+ "connectorId": "CefAma"
}
],
"tactics": [
@@ -1425,22 +1425,22 @@
],
"entityMappings": [
{
+ "entityType": "Account",
"fieldMappings": [
{
- "identifier": "Name",
- "columnName": "AccountCustomEntity"
+ "columnName": "AccountCustomEntity",
+ "identifier": "Name"
}
- ],
- "entityType": "Account"
+ ]
},
{
+ "entityType": "IP",
"fieldMappings": [
{
- "identifier": "Address",
- "columnName": "IPCustomEntity"
+ "columnName": "IPCustomEntity",
+ "identifier": "Address"
}
- ],
- "entityType": "IP"
+ ]
}
]
}
@@ -1524,10 +1524,10 @@
"status": "Available",
"requiredDataConnectors": [
{
- "connectorId": "CefAma",
"dataTypes": [
"CommonSecurityLog"
- ]
+ ],
+ "connectorId": "CefAma"
}
],
"tactics": [
@@ -1539,22 +1539,22 @@
],
"entityMappings": [
{
+ "entityType": "Account",
"fieldMappings": [
{
- "identifier": "Name",
- "columnName": "AccountCustomEntity"
+ "columnName": "AccountCustomEntity",
+ "identifier": "Name"
}
- ],
- "entityType": "Account"
+ ]
},
{
+ "entityType": "File",
"fieldMappings": [
{
- "identifier": "Name",
- "columnName": "FileCustomEntity"
+ "columnName": "FileCustomEntity",
+ "identifier": "Name"
}
- ],
- "entityType": "File"
+ ]
}
]
}
@@ -1638,10 +1638,10 @@
"status": "Available",
"requiredDataConnectors": [
{
- "connectorId": "CefAma",
"dataTypes": [
"CommonSecurityLog"
- ]
+ ],
+ "connectorId": "CefAma"
}
],
"tactics": [
@@ -1653,13 +1653,13 @@
],
"entityMappings": [
{
+ "entityType": "IP",
"fieldMappings": [
{
- "identifier": "Address",
- "columnName": "IPCustomEntity"
+ "columnName": "IPCustomEntity",
+ "identifier": "Address"
}
- ],
- "entityType": "IP"
+ ]
}
]
}
@@ -1743,10 +1743,10 @@
"status": "Available",
"requiredDataConnectors": [
{
- "connectorId": "CefAma",
"dataTypes": [
"CommonSecurityLog"
- ]
+ ],
+ "connectorId": "CefAma"
}
],
"tactics": [
@@ -1758,31 +1758,31 @@
],
"entityMappings": [
{
+ "entityType": "Account",
"fieldMappings": [
{
- "identifier": "Name",
- "columnName": "AccountCustomEntity"
+ "columnName": "AccountCustomEntity",
+ "identifier": "Name"
}
- ],
- "entityType": "Account"
+ ]
},
{
+ "entityType": "IP",
"fieldMappings": [
{
- "identifier": "Address",
- "columnName": "IPCustomEntity"
+ "columnName": "IPCustomEntity",
+ "identifier": "Address"
}
- ],
- "entityType": "IP"
+ ]
},
{
+ "entityType": "URL",
"fieldMappings": [
{
- "identifier": "Url",
- "columnName": "UrlCustomEntity"
+ "columnName": "UrlCustomEntity",
+ "identifier": "Url"
}
- ],
- "entityType": "URL"
+ ]
}
]
}
@@ -1866,10 +1866,10 @@
"status": "Available",
"requiredDataConnectors": [
{
- "connectorId": "CefAma",
"dataTypes": [
"CommonSecurityLog"
- ]
+ ],
+ "connectorId": "CefAma"
}
],
"tactics": [
@@ -1881,22 +1881,22 @@
],
"entityMappings": [
{
+ "entityType": "Account",
"fieldMappings": [
{
- "identifier": "Name",
- "columnName": "AccountCustomEntity"
+ "columnName": "AccountCustomEntity",
+ "identifier": "Name"
}
- ],
- "entityType": "Account"
+ ]
},
{
+ "entityType": "IP",
"fieldMappings": [
{
- "identifier": "Address",
- "columnName": "IPCustomEntity"
+ "columnName": "IPCustomEntity",
+ "identifier": "Address"
}
- ],
- "entityType": "IP"
+ ]
}
]
}
@@ -1980,10 +1980,10 @@
"status": "Available",
"requiredDataConnectors": [
{
- "connectorId": "CefAma",
"dataTypes": [
"CommonSecurityLog"
- ]
+ ],
+ "connectorId": "CefAma"
}
],
"tactics": [
@@ -1994,13 +1994,13 @@
],
"entityMappings": [
{
+ "entityType": "IP",
"fieldMappings": [
{
- "identifier": "Address",
- "columnName": "IPCustomEntity"
+ "columnName": "IPCustomEntity",
+ "identifier": "Address"
}
- ],
- "entityType": "IP"
+ ]
}
]
}
@@ -2084,10 +2084,10 @@
"status": "Available",
"requiredDataConnectors": [
{
- "connectorId": "CefAma",
"dataTypes": [
"CommonSecurityLog"
- ]
+ ],
+ "connectorId": "CefAma"
}
],
"tactics": [
@@ -2099,13 +2099,13 @@
],
"entityMappings": [
{
+ "entityType": "Account",
"fieldMappings": [
{
- "identifier": "Name",
- "columnName": "AccountCustomEntity"
+ "columnName": "AccountCustomEntity",
+ "identifier": "Name"
}
- ],
- "entityType": "Account"
+ ]
}
]
}
@@ -2189,10 +2189,10 @@
"status": "Available",
"requiredDataConnectors": [
{
- "connectorId": "CefAma",
"dataTypes": [
"CommonSecurityLog"
- ]
+ ],
+ "connectorId": "CefAma"
}
],
"tactics": [
@@ -2204,13 +2204,13 @@
],
"entityMappings": [
{
+ "entityType": "File",
"fieldMappings": [
{
- "identifier": "Name",
- "columnName": "FileCustomEntity"
+ "columnName": "FileCustomEntity",
+ "identifier": "Name"
}
- ],
- "entityType": "File"
+ ]
}
]
}
@@ -2294,10 +2294,10 @@
"status": "Available",
"requiredDataConnectors": [
{
- "connectorId": "CefAma",
"dataTypes": [
"CommonSecurityLog"
- ]
+ ],
+ "connectorId": "CefAma"
}
],
"tactics": [
@@ -2309,22 +2309,22 @@
],
"entityMappings": [
{
+ "entityType": "Account",
"fieldMappings": [
{
- "identifier": "Name",
- "columnName": "AccountCustomEntity"
+ "columnName": "AccountCustomEntity",
+ "identifier": "Name"
}
- ],
- "entityType": "Account"
+ ]
},
{
+ "entityType": "IP",
"fieldMappings": [
{
- "identifier": "Address",
- "columnName": "IPCustomEntity"
+ "columnName": "IPCustomEntity",
+ "identifier": "Address"
}
- ],
- "entityType": "IP"
+ ]
}
]
}
@@ -2381,7 +2381,7 @@
"contentSchemaVersion": "3.0.0",
"displayName": "PaloAltoCDL",
"publisherDisplayName": "Microsoft Sentinel, Microsoft Corporation",
- "descriptionHtml": "Note: Please refer to the following before installing the solution:
\n• Review the solution Release Notes
\n• There may be known issues pertaining to this Solution, please refer to them before installing.
\nThe Palo Alto Networks CDL solution provides the capability to ingest CDL logs into Microsoft Sentinel.
\nThis solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.
\nNOTE: Microsoft recommends installation of CEF via AMA Connector. The existing connectors are about to be deprecated by Aug 31, 2024.
\nData Connector: 1,Parsers: 1, Workbooks: 1, Analytic Rules: 10, Hunting Queries: 10
\nLearn more about Microsoft Sentinel | Learn more about Solutions
\n", + "descriptionHtml": "Note: Please refer to the following before installing the solution:
\n• Review the solution Release Notes
\n• There may be known issues pertaining to this Solution, please refer to them before installing.
\nThe Palo Alto Networks CDL solution provides the capability to ingest CDL logs into Microsoft Sentinel.
\nThis solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.
\nNOTE: Microsoft recommends installation of CEF via AMA Connector. The existing connectors are about to be deprecated by Aug 31, 2024.
\nParsers: 1, Workbooks: 1, Analytic Rules: 10, Hunting Queries: 10
\nLearn more about Microsoft Sentinel | Learn more about Solutions
\n", "contentKind": "Solution", "contentProductId": "[variables('_solutioncontentProductId')]", "id": "[variables('_solutioncontentProductId')]", diff --git a/Tools/Create-Azure-Sentinel-Solution/V2/WorkbookMetadata/WorkbooksMetadata.json b/Tools/Create-Azure-Sentinel-Solution/V2/WorkbookMetadata/WorkbooksMetadata.json index 2f41145c5b5..58a7edf349c 100644 --- a/Tools/Create-Azure-Sentinel-Solution/V2/WorkbookMetadata/WorkbooksMetadata.json +++ b/Tools/Create-Azure-Sentinel-Solution/V2/WorkbookMetadata/WorkbooksMetadata.json @@ -241,8 +241,7 @@ "CommonSecurityLog" ], "dataConnectorsDependencies": [ - "Fortinet", - "FortinetAma" + "CefAma" ], "previewImagesFileNames": [ "FortigateWhite.png", @@ -1021,8 +1020,7 @@ "CommonSecurityLog" ], "dataConnectorsDependencies": [ - "Fortinet", - "FortinetAma" + "CefAma" ], "previewImagesFileNames": [ "workbook-iotassetdiscovery-screenshot-Black.PNG", @@ -4569,9 +4567,7 @@ "Corelight", "AIVectraStream", "CheckPoint", - "Fortinet", "CiscoMeraki", - "FortinetAma", "CefAma" ], "previewImagesFileNames": [], diff --git a/Workbooks/WorkbooksMetadata.json b/Workbooks/WorkbooksMetadata.json index 13faefaf474..27859f9c19e 100644 --- a/Workbooks/WorkbooksMetadata.json +++ b/Workbooks/WorkbooksMetadata.json @@ -3617,8 +3617,6 @@ "CommonSecurityLog" ], "dataConnectorsDependencies": [ - "PaloAltoCDL", - "PaloAltoCDLAma", "CefAma" ], "previewImagesFileNames": [