Solution packaged

Azure · Dec 26, 2024 · 0dd05dc · 0dd05dc
1 parent 2927778
commit 0dd05dc
Show file tree

Hide file tree

Showing 4 changed files with 627 additions and 568 deletions.
diff --git a/Solutions/CTERA/Data/Solution_CTERA.json b/Solutions/CTERA/Data/Solution_CTERA.json
@@ -13,7 +13,7 @@
     "Analytic Rules/RansomwareUserBlocked.yaml",
     "Analytic Rules/RansomwareDetected.yaml",
     "Analytic Rules/MassDeletions.yaml",
-    "Analytic Rules/MassPermissionsChange.yaml",
+    "Analytic Rules/MassPermissionChanges.yaml",
     "Analytic Rules/MassAccessDenied.yaml",
     "Analytic Rules/InfectedFileDetected.yaml"
   ],

diff --git a/Solutions/CTERA/Package/3.0.1.zip b/Solutions/CTERA/Package/3.0.1.zip
diff --git a/Solutions/CTERA/Package/createUiDefinition.json b/Solutions/CTERA/Package/createUiDefinition.json
@@ -6,7 +6,7 @@
     "config": {
       "isWizard": false,
       "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/CTERA_Logo.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/CTERA/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe CTERA solution allows you to ingest and analyze events from CTERA Edge Filers and Portal to Microsoft Sentinel. It detects ransomware incidents and potentially attacking users, abnormal user and excessive deletions  .\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)\n\n**Data Connectors:** 1, **Workbooks:** 1, **Analytic Rules:** 2, **Hunting Queries:** 3\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/CTERA_Logo.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/CTERA/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe CTERA solution allows you to ingest and analyze events from CTERA Edge Filers and Portal to Microsoft Sentinel. It detects ransomware incidents and potentially attacking users, abnormal user and excessive deletions  .\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)\n\n**Data Connectors:** 1, **Workbooks:** 1, **Analytic Rules:** 6, **Hunting Queries:** 3\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
         "subscription": {
           "resourceProviders": [
             "Microsoft.OperationsManagement/solutions",
@@ -166,63 +166,63 @@
                 "name": "analytic2-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Detects ransomware attacks detected by CTERA Ransom Protect AI engine."
+                  "text": "Monitors CTERA platform to detect potential ransomware attacks detected by CTERA Ransom Protect AI engine."
                 }
               }
             ]
           },
           {
             "name": "analytic3",
             "type": "Microsoft.Common.Section",
-            "label": "Mass Deletions",
+            "label": "CTERA Mass Deletions Detection Analytic",
             "elements": [
               {
                 "name": "analytic3-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Detects mass file deletions by monitoring delete operations."
+                  "text": "This analytic rule detects and alerts when large amount of deletion operations generated by the CTERA Edge Filer"
                 }
               }
             ]
           },
           {
             "name": "analytic4",
             "type": "Microsoft.Common.Section",
-            "label": "Mass Permissions Change",
+            "label": "CTERA Mass Permissions Changes Detection Analytic",
             "elements": [
               {
                 "name": "analytic4-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Detects mass permissions changes in files or folders."
+                  "text": "This analytic rule detects and alerts when access denied operations generated by the CTERA Edge Filer goes over a predefined threshold"
                 }
               }
             ]
           },
           {
             "name": "analytic5",
             "type": "Microsoft.Common.Section",
-            "label": "Mass Access Denied",
+            "label": "CTERA Mass Access Denied Detection Analytic",
             "elements": [
               {
                 "name": "analytic5-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Detects excessive access denied events."
+                  "text": "This analytic rule detects and alerts when access denied operations generated by the CTERA Edge Filer goes over a predefined threshold"
                 }
               }
             ]
           },
           {
             "name": "analytic6",
             "type": "Microsoft.Common.Section",
-            "label": "Infected File Detected",
+            "label": "Antivirus Detected an Infected File",
             "elements": [
               {
                 "name": "analytic6-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Detects infected files flagged by the CTERA platform."
+                  "text": "Monitors CTERA platform to detect files infected with viruses identified by the antivirus engine on Edge Filers."
                 }
               }
             ]
@@ -254,7 +254,7 @@
           {
             "name": "huntingquery1",
             "type": "Microsoft.Common.Section",
-            "label": "CTERA Mass File Deletions Detection",
+            "label": "CTERA Batch File Deletions Detection",
             "elements": [
               {
                 "name": "huntingquery1-text",
@@ -268,7 +268,7 @@
           {
             "name": "huntingquery2",
             "type": "Microsoft.Common.Section",
-            "label": "CTERA Mass Access Denied Detection",
+            "label": "CTERA Batch Access Denied Detection",
             "elements": [
               {
                 "name": "huntingquery2-text",
@@ -282,7 +282,7 @@
           {
             "name": "huntingquery3",
             "type": "Microsoft.Common.Section",
-            "label": "CTERA Mass Permission Change Detection",
+            "label": "CTERA Permission Change Detection",
             "elements": [
               {
                 "name": "huntingquery3-text",