Skip to content

Commit

Permalink
Revert "Revert "Repackage Zero Networks Segment""
Browse files Browse the repository at this point in the history 
This reverts commit b0d9948.
  • Loading branch information
@v-atulyadav
v-atulyadav committed Nov 9, 2022
1 parent b0d9948 commit 138758b
Show file tree
Hide file tree
Showing 6 changed files with 3,170 additions and 6,170 deletions.
4,429 changes: 2 additions & 4,427 deletions Solutions/CrowdStrike Falcon Endpoint Protection/Package/mainTemplate.json
View file

Large diffs are not rendered by default.

4 changes: 2 additions & 2 deletions Solutions/ZeroNetworks/Data/Solution_ZeroNetworks.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
"Name": "ZeroNetworks",
"Author": "Nicholas DiCola - nicholas@zeronetworks.com",
"Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/ZeroNetworks.svg\" width=\"75px\" height=\"75px\">",
"Description": "The [Zero Networks Segment](https://zeronetworks.com/product/) solution for Microsoft Sentinel allows monitoring Zero Networks Segment Audit activity. Audit log data is ingested in Microsoft Sentinel using REST API.\n\n**Underlying Microsoft Technologies used:**\n\nThis solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs\n\n a. [Azure Monitor HTTP Data Collector API ](https://learn.microsoft.com/azure/azure-monitor/logs/data-collector-api)\n\n b .[Azure Functions](https://azure.microsoft.com/products/functions/#overview)",
"Description": "The [Zero Networks Segment](https://zeronetworks.com/product/) solution for Microsoft Sentinel allows monitoring Zero Networks Segment Audit activity. Audit log data is ingested in Microsoft Sentinel using REST API.\n\n**Underlying Microsoft Technologies used:**\n\nThis solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs\n\n a. [Azure Monitor HTTP Data Collector API ](https://learn.microsoft.com/azure/azure-monitor/logs/data-collector-api)\n\n b. [Azure Functions](https://azure.microsoft.com/products/functions/#overview)",
"Workbooks": [
"Workbooks/ZNSegmentAudit.json"
],
Expand Down Expand Up @@ -30,7 +30,7 @@
"Playbooks/ZeroNetworksSegment-AddBlockOutboundRule/azuredeploy.json",
"Playbooks/ZeroNetworksSegment-EnrichIncident/azuredeploy.json"
],
"BasePath": "/Volumes/Repos/Azure-Sentinel/Solutions/ZeroNetworks",
"BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\ZeroNetworks",
"Metadata": "SolutionMetadata.json",
"Version": "2.0.1",
"TemplateSpec": true,
Expand Down
Binary file modified Solutions/ZeroNetworks/Package/2.0.1.zip
View file
Binary file not shown.
233 changes: 30 additions & 203 deletions Solutions/ZeroNetworks/Package/createUiDefinition.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
"config": {
"isWizard": false,
"basics": {
"description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/ZeroNetworks.svg\" width=\"75px\" height=\"75px\">\n\n**Important:** _This Microsoft Sentinel Solution is currently in public preview. This feature is provided without a service level agreement, and it's not recommended for production workloads. Certain features might not be supported or might have constrained capabilities. For more information, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/)._\n\n**Note:** _There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing._\n\nThe [Zero Networks Segment](https://zeronetworks.com/product/) solution for Microsoft Sentinel allows monitoring Zero Networks Segment Audit activity. Audit log data is ingested in Microsoft Sentinel using REST API.\n\n**Underlying Microsoft Technologies used:**\n\nThis solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs\n\n a. [Azure Monitor HTTP Data Collector API ](https://learn.microsoft.com/azure/azure-monitor/logs/data-collector-api)\n\n b .[Azure Functions](https://azure.microsoft.com/products/functions/#overview)\n\nMicrosoft Sentinel Solutions provide a consolidated way to acquire Microsoft Sentinel content like data connectors, workbooks, analytics, and automations in your workspace with a single deployment step.\n\n**Data Connectors:** 2, **Parsers:** 1, **Workbooks:** 1, **Analytic Rules:** 3, **Hunting Queries:** 4, **Playbooks:** 4\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
"description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/ZeroNetworks.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** _There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing._\n\nThe [Zero Networks Segment](https://zeronetworks.com/product/) solution for Microsoft Sentinel allows monitoring Zero Networks Segment Audit activity. Audit log data is ingested in Microsoft Sentinel using REST API.\n\n**Underlying Microsoft Technologies used:**\n\nThis solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs\n\n a. [Azure Monitor HTTP Data Collector API ](https://learn.microsoft.com/azure/azure-monitor/logs/data-collector-api)\n\n b. [Azure Functions](https://azure.microsoft.com/products/functions/#overview)\n\n**Data Connectors:** 2, **Parsers:** 1, **Workbooks:** 1, **Analytic Rules:** 3, **Hunting Queries:** 4, **Custom Azure Logic Apps Connectors:** 1, **Playbooks:** 3\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
"subscription": {
"resourceProviders": [
"Microsoft.OperationsManagement/solutions",
Expand Down Expand Up @@ -77,16 +77,6 @@
"text": "The Solution installs a parser that transforms the ingested data into Microsoft Sentinel normalized format. The normalized format enables better correlation of different types of data from different data sources to drive end-to-end outcomes seamlessly in security monitoring, hunting, incident investigation and response scenarios in Microsoft Sentinel."
}
},
{
"name": "dataconnectors-link1",
"type": "Microsoft.Common.TextBlock",
"options": {
"link": {
"label": "Learn more about normalized format",
"uri": "https://docs.microsoft.com/azure/sentinel/normalization-schema"
}
}
},
{
"name": "dataconnectors-link2",
"type": "Microsoft.Common.TextBlock",
Expand All @@ -112,38 +102,18 @@
"name": "workbooks-text",
"type": "Microsoft.Common.TextBlock",
"options": {
"text": "This Microsoft Sentinel Solution installs workbooks. Workbooks provide a flexible canvas for data monitoring, analysis, and the creation of rich visual reports within the Azure portal. They allow you to tap into one or many data sources from Microsoft Sentinel and combine them into unified interactive experiences.",
"text": "This Microsoft Sentinel Solution installs workbooks. Workbooks provide a flexible canvas for data monitoring, analysis, and the creation of rich visual reports within the Azure portal. They allow you to tap into one or many data sources from Microsoft Sentinel and combine them into unified interactive experiences."
}
},
{
"name": "workbooks-link",
"type": "Microsoft.Common.TextBlock",
"options": {
"link": {
"label": "Learn more",
"uri": "https://docs.microsoft.com/azure/sentinel/tutorial-monitor-your-data"
}
}
},
{
"name": "workbook1",
"type": "Microsoft.Common.Section",
"label": "ZeroNetworks",
"elements": [
{
"name": "workbook1-text",
"type": "Microsoft.Common.TextBlock",
"options": {
"text": ""
}
},
{
"name": "workbook1-name",
"type": "Microsoft.Common.TextBox",
"label": "Display Name",
"defaultValue": "ZeroNetworks",
"toolTip": "Display name for the workbook.",
"constraints": {
"required": true,
"regex": "[a-z0-9A-Z]{1,256}$",
"validationMessage": "Please enter a workbook name"
}
}
]
}
]
},
Expand All @@ -160,7 +130,13 @@
"name": "analytics-text",
"type": "Microsoft.Common.TextBlock",
"options": {
"text": "This Microsoft Sentinel Solution installs analytic rules for ZeroNetworks that you can enable for custom alert generation in Microsoft Sentinel. These analytic rules will be deployed in disabled mode in the analytics rules gallery of your Microsoft Sentinel workspace. Configure and enable these rules in the analytic rules gallery after this Solution deploys.",
"text": "This solution installs the following analytic rule templates. After installing the solution, create and enable analytic rules in Manage solution view."
}
},
{
"name": "analytics-link",
"type": "Microsoft.Common.TextBlock",
"options": {
"link": {
"label": "Learn more",
"uri": "https://docs.microsoft.com/azure/sentinel/tutorial-detect-threats-custom?WT.mc_id=Portal-Microsoft_Azure_CreateUIDef"
Expand Down Expand Up @@ -220,7 +196,13 @@
"name": "huntingqueries-text",
"type": "Microsoft.Common.TextBlock",
"options": {
"text": "This Microsoft Sentinel Solution installs hunting queries for ZeroNetworks that you can run in Microsoft Sentinel. These hunting queries will be deployed in the Hunting gallery of your Microsoft Sentinel workspace. Run these hunting queries to hunt for threats in the Hunting gallery after this Solution deploys.",
"text": "This solution installs the following hunting queries. After installing the solution, run these hunting queries to hunt for threats in Manage solution view. "
}
},
{
"name": "huntingqueries-link",
"type": "Microsoft.Common.TextBlock",
"options": {
"link": {
"label": "Learn more",
"uri": "https://docs.microsoft.com/azure/sentinel/hunting"
Expand Down Expand Up @@ -298,181 +280,26 @@
"name": "playbooks-text",
"type": "Microsoft.Common.TextBlock",
"options": {
"text": "This solution installs playbook resources. A security playbook is a collection of procedures that can be run from Microsoft Sentinel in response to an alert. A security playbook can help automate and orchestrate your response, and can be run manually or set to run automatically when specific alerts are triggered. Security playbooks in Microsoft Sentinel are based on Azure Logic Apps, which means that you get all the power, customizability, and built-in templates of Logic Apps. Each playbook is created for the specific subscription you choose, but when you look at the Playbooks page, you will see all the playbooks across any selected subscriptions.",
"text": "This solution installs the Playbook templates to help implement your Security Orchestration, Automation and Response (SOAR) operations. After installing the solution, these will be deployed under Playbook Templates in the Automation blade in Microsoft Sentinel. They can be configured and managed from the Manage solution view in Content Hub."
}
},
{
"name": "playbooks-link",
"type": "Microsoft.Common.TextBlock",
"options": {
"link": {
"label": "Learn more",
"uri": "https://docs.microsoft.com/azure/sentinel/tutorial-respond-threats-playbook?WT.mc_id=Portal-Microsoft_Azure_CreateUIDef"
}
}
},
{
"name": "playbook1",
"type": "Microsoft.Common.Section",
"label": null,
"elements": [
{
"name": "playbook1-text",
"type": "Microsoft.Common.TextBlock",
"options": {
"text": "This playbook ingests events from ZeroNetworks into Log Analytics using the API."
}
},
{
"name": "playbook1-Custom Connector Name",
"type": "Microsoft.Common.TextBox",
"label": "Custom Connector Name",
"defaultValue": "ZeroNetworksConnector",
"toolTip": "Please enter Custom Connector Name",
"constraints": {
"required": true,
"regex": "[a-z0-9A-Z]{1,256}$",
"validationMessage": "Please enter the Custom Connector Name"
}
},
{
"name": "playbook1-Service Endpoint",
"type": "Microsoft.Common.TextBox",
"label": "Service Endpoint",
"defaultValue": "https://portal.zeronetworks.com/api/v1",
"toolTip": "Please enter Service Endpoint",
"constraints": {
"required": true,
"regex": "[a-z0-9A-Z]{1,256}$",
"validationMessage": "Please enter the Service Endpoint"
}
}
]
},
{
"name": "playbook2",
"type": "Microsoft.Common.Section",
"label": "ZNSegment-AddAssettoProtection",
"elements": [
{
"name": "playbook2-text",
"type": "Microsoft.Common.TextBlock",
"options": {
"text": "This playbook ingests events from ZeroNetworks into Log Analytics using the API."
}
},
{
"name": "playbook2-PlaybookName",
"type": "Microsoft.Common.TextBox",
"label": "Playbook Name",
"defaultValue": "ZNSegment-AddAssettoProtection",
"toolTip": "Resource name for the logic app playbook. No spaces are allowed",
"constraints": {
"required": true,
"regex": "[a-z0-9A-Z]{1,256}$",
"validationMessage": "Please enter a playbook resource name"
}
},
{
"name": "playbook2-ConnectorName",
"type": "Microsoft.Common.TextBox",
"label": "Connector Name",
"defaultValue": "ZeroNetworksConnector",
"toolTip": "Please enter Connector Name",
"constraints": {
"required": true,
"regex": "[a-z0-9A-Z]{1,256}$",
"validationMessage": "Please enter the Connector Name"
}
}
]
},
{
"name": "playbook3",
"type": "Microsoft.Common.Section",
"label": "ZNSegment-AddBlockOutboundRule",
"elements": [
{
"name": "playbook3-text",
"type": "Microsoft.Common.TextBlock",
"options": {
"text": "This playbook ingests events from ZeroNetworks into Log Analytics using the API."
}
},
{
"name": "playbook3-PlaybookName",
"type": "Microsoft.Common.TextBox",
"label": "Playbook Name",
"defaultValue": "ZNSegment-AddBlockOutboundRule",
"toolTip": "Resource name for the logic app playbook. No spaces are allowed",
"constraints": {
"required": true,
"regex": "[a-z0-9A-Z]{1,256}$",
"validationMessage": "Please enter a playbook resource name"
}
},
{
"name": "playbook3-ConnectorName",
"type": "Microsoft.Common.TextBox",
"label": "Connector Name",
"defaultValue": "ZeroNetworksConnector",
"toolTip": "Please enter Connector Name",
"constraints": {
"required": true,
"regex": "[a-z0-9A-Z]{1,256}$",
"validationMessage": "Please enter the Connector Name"
}
}
]
},
{
"name": "playbook4",
"type": "Microsoft.Common.Section",
"label": "ZeroNetworksSegment-EnrichIncident",
"elements": [
{
"name": "playbook4-text",
"type": "Microsoft.Common.TextBlock",
"options": {
"text": "This playbook ingests events from ZeroNetworks into Log Analytics using the API."
}
},
{
"name": "playbook4-PlaybookName",
"type": "Microsoft.Common.TextBox",
"label": "Playbook Name",
"defaultValue": "ZeroNetworksSegment-EnrichIncident",
"toolTip": "Resource name for the logic app playbook. No spaces are allowed",
"constraints": {
"required": true,
"regex": "[a-z0-9A-Z]{1,256}$",
"validationMessage": "Please enter a playbook resource name"
}
},
{
"name": "playbook4-ConnectorName",
"type": "Microsoft.Common.TextBox",
"label": "Connector Name",
"defaultValue": "ZeroNetworksConnector",
"toolTip": "Please enter Connector Name",
"constraints": {
"required": true,
"regex": "[a-z0-9A-Z]{1,256}$",
"validationMessage": "Please enter the Connector Name"
}
}
]
}
]
}
],
"outputs": {
"workspace-location": "[first(map(filter(basics('getLAWorkspace').value, (filter) => and(contains(toLower(filter.id), toLower(resourceGroup().name)),equals(filter.name,basics('workspace')))), (item) => item.location))]",
"location": "[location()]",
"workspace": "[basics('workspace')]",
"workbook1-name": "[steps('workbooks').workbook1.workbook1-name]",
"playbook1-Custom Connector Name": "[steps('playbooks').playbook1.playbook1-Custom Connector Name]",
"playbook1-Service Endpoint": "[steps('playbooks').playbook1.playbook1-Service Endpoint]",
"playbook2-PlaybookName": "[steps('playbooks').playbook2.playbook2-PlaybookName]",
"playbook2-ConnectorName": "[steps('playbooks').playbook2.playbook2-ConnectorName]",
"playbook3-PlaybookName": "[steps('playbooks').playbook3.playbook3-PlaybookName]",
"playbook3-ConnectorName": "[steps('playbooks').playbook3.playbook3-ConnectorName]",
"playbook4-PlaybookName": "[steps('playbooks').playbook4.playbook4-PlaybookName]",
"playbook4-ConnectorName": "[steps('playbooks').playbook4.playbook4-ConnectorName]"
"workspace": "[basics('workspace')]"
}
}
}
Loading

0 comments on commit 138758b

Please sign in to comment.