diff --git a/Solutions/Auth0/Data Connectors/Auth0_CCP/DataConnectorDefinition.json b/Solutions/Auth0/Data Connectors/Auth0_CCP/DataConnectorDefinition.json index 84fc49b93b8..25d12da3894 100644 --- a/Solutions/Auth0/Data Connectors/Auth0_CCP/DataConnectorDefinition.json +++ b/Solutions/Auth0/Data Connectors/Auth0_CCP/DataConnectorDefinition.json @@ -7,7 +7,7 @@ "properties": { "connectorUiConfig": { "id": "Auth0ConnectorCCPDefinition", - "title": "Auth0 Logs (Preview)", + "title": "Auth0 Logs", "publisher": "Microsoft", "descriptionMarkdown": "The [Auth0](https://auth0.com/docs/api/management/v2/logs/get-logs) data connector allows ingesting logs from Auth0 API into Microsoft Sentinel. The data connector is built on Microsoft Sentinel Codeless Connector Platform. It uses Auth0 API to fetch logs and it supports DCR-based [ingestion time transformations](https://docs.microsoft.com/azure/azure-monitor/logs/custom-logs-overview) that parses the received security data into a custom table so that queries don't need to parse it again, thus resulting in better performance.", "graphQueries": [ diff --git a/Solutions/Auth0/Data Connectors/Auth0_FunctionApp.json b/Solutions/Auth0/Data Connectors/Auth0_FunctionApp.json index dbcc4cbf8ea..a58e338517c 100644 --- a/Solutions/Auth0/Data Connectors/Auth0_FunctionApp.json +++ b/Solutions/Auth0/Data Connectors/Auth0_FunctionApp.json @@ -1,6 +1,6 @@ { "id": "Auth0", - "title": "Auth0 Access Management(using Azure Function)", + "title": "Auth0 Access Management", "publisher": "Auth0", "descriptionMarkdown": "The [Auth0 Access Management](https://auth0.com/access-management) data connector provides the capability to ingest [Auth0 log events](https://auth0.com/docs/api/management/v2/#!/Logs/get_logs) into Microsoft Sentinel", "additionalRequirementBanner": "These queries are dependent on a parser based on a Kusto Function deployed as part of the solution.", diff --git a/Solutions/Auth0/Package/3.1.2.zip b/Solutions/Auth0/Package/3.1.2.zip new file mode 100644 index 00000000000..c355e46b3f7 Binary files /dev/null and b/Solutions/Auth0/Package/3.1.2.zip differ diff --git a/Solutions/Auth0/Package/mainTemplate.json b/Solutions/Auth0/Package/mainTemplate.json index a8e6dde87fa..c060c531f18 100644 --- a/Solutions/Auth0/Package/mainTemplate.json +++ b/Solutions/Auth0/Package/mainTemplate.json @@ -47,7 +47,7 @@ "email": "support@microsoft.com", "_email": "[variables('email')]", "_solutionName": "Auth0", - "_solutionVersion": "3.1.1", + "_solutionVersion": "3.1.2", "solutionId": "azuresentinel.azure-sentinel-solution-auth0", "_solutionId": "[variables('solutionId')]", "uiConfigId1": "Auth0", @@ -92,7 +92,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "Auth0 data connector with template version 3.1.1", + "description": "Auth0 data connector with template version 3.1.2", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('dataConnectorVersion1')]", @@ -108,7 +108,7 @@ "properties": { "connectorUiConfig": { "id": "[variables('_uiConfigId1')]", - "title": "Auth0 Access Management(using Azure Function) (using Azure Functions)", + "title": "Auth0 Access Management (using Azure Functions)", "publisher": "Auth0", "descriptionMarkdown": "The [Auth0 Access Management](https://auth0.com/access-management) data connector provides the capability to ingest [Auth0 log events](https://auth0.com/docs/api/management/v2/#!/Logs/get_logs) into Microsoft Sentinel", "additionalRequirementBanner": "These queries are dependent on a parser based on a Kusto Function deployed as part of the solution.", @@ -279,7 +279,7 @@ "contentSchemaVersion": "3.0.0", "contentId": "[variables('_dataConnectorContentId1')]", "contentKind": "DataConnector", - "displayName": "Auth0 Access Management(using Azure Function) (using Azure Functions)", + "displayName": "Auth0 Access Management (using Azure Functions)", "contentProductId": "[variables('_dataConnectorcontentProductId1')]", "id": "[variables('_dataConnectorcontentProductId1')]", "version": "[variables('dataConnectorVersion1')]" @@ -323,7 +323,7 @@ "kind": "GenericUI", "properties": { "connectorUiConfig": { - "title": "Auth0 Access Management(using Azure Function) (using Azure Functions)", + "title": "Auth0 Access Management (using Azure Functions)", "publisher": "Auth0", "descriptionMarkdown": "The [Auth0 Access Management](https://auth0.com/access-management) data connector provides the capability to ingest [Auth0 log events](https://auth0.com/docs/api/management/v2/#!/Logs/get_logs) into Microsoft Sentinel", "graphQueries": [ @@ -454,7 +454,7 @@ ], "properties": { "contentId": "[variables('_dataConnectorContentIdConnectorDefinition2')]", - "displayName": "Auth0 Logs (Preview)", + "displayName": "Auth0 Logs", "contentKind": "DataConnector", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", @@ -471,7 +471,7 @@ "properties": { "connectorUiConfig": { "id": "Auth0ConnectorCCPDefinition", - "title": "Auth0 Logs (Preview)", + "title": "Auth0 Logs", "publisher": "Microsoft", "descriptionMarkdown": "The [Auth0](https://auth0.com/docs/api/management/v2/logs/get-logs) data connector allows ingesting logs from Auth0 API into Microsoft Sentinel. The data connector is built on Microsoft Sentinel Codeless Connector Platform. It uses Auth0 API to fetch logs and it supports DCR-based [ingestion time transformations](https://docs.microsoft.com/azure/azure-monitor/logs/custom-logs-overview) that parses the received security data into a custom table so that queries don't need to parse it again, thus resulting in better performance.", "graphQueries": [ @@ -852,7 +852,7 @@ "properties": { "connectorUiConfig": { "id": "Auth0ConnectorCCPDefinition", - "title": "Auth0 Logs (Preview)", + "title": "Auth0 Logs", "publisher": "Microsoft", "descriptionMarkdown": "The [Auth0](https://auth0.com/docs/api/management/v2/logs/get-logs) data connector allows ingesting logs from Auth0 API into Microsoft Sentinel. The data connector is built on Microsoft Sentinel Codeless Connector Platform. It uses Auth0 API to fetch logs and it supports DCR-based [ingestion time transformations](https://docs.microsoft.com/azure/azure-monitor/logs/custom-logs-overview) that parses the received security data into a custom table so that queries don't need to parse it again, thus resulting in better performance.", "graphQueries": [ @@ -1001,14 +1001,24 @@ ], "properties": { "contentId": "[variables('_dataConnectorContentIdConnections2')]", - "displayName": "Auth0 Logs (Preview)", + "displayName": "Auth0 Logs", "contentKind": "ResourcesDataConnector", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('dataConnectorCCPVersion')]", "parameters": { + "ClientId": { + "defaultValue": "-NA-", + "type": "securestring", + "minLength": 4 + }, + "ClientSecret": { + "defaultValue": "-NA-", + "type": "securestring", + "minLength": 4 + }, "connectorDefinitionName": { - "defaultValue": "Auth0 Logs (Preview)", + "defaultValue": "Auth0 Logs", "type": "string", "minLength": 1 }, @@ -1027,16 +1037,6 @@ "defaultValue": "Domain", "type": "string", "minLength": 1 - }, - "ClientId": { - "defaultValue": "ClientId", - "type": "string", - "minLength": 1 - }, - "ClientSecret": { - "defaultValue": "ClientSecret", - "type": "securestring", - "minLength": 1 } }, "variables": { @@ -1136,7 +1136,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "Auth0AM Data Parser with template version 3.1.1", + "description": "Auth0AM Data Parser with template version 3.1.2", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('parserObject1').parserVersion1]", @@ -1268,7 +1268,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "Auth0 Data Parser with template version 3.1.1", + "description": "Auth0 Data Parser with template version 3.1.2", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('parserObject2').parserVersion2]", @@ -1396,7 +1396,7 @@ "apiVersion": "2023-04-01-preview", "location": "[parameters('workspace-location')]", "properties": { - "version": "3.1.1", + "version": "3.1.2", "kind": "Solution", "contentSchemaVersion": "3.0.0", "displayName": "Auth0", diff --git a/Solutions/Auth0/ReleaseNotes.md b/Solutions/Auth0/ReleaseNotes.md index a6ca0d78599..99a5ff5d443 100644 --- a/Solutions/Auth0/ReleaseNotes.md +++ b/Solutions/Auth0/ReleaseNotes.md @@ -1,7 +1,8 @@ | **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** | |-------------|--------------------------------|--------------------------------------------------------| -| 3.1.1 | 22-01-2025 | Added Preview tag to CCP **Data Connector**| -| 3.1.0 | 13-12-2024 | Added new CCP **Data Connector** to the Solution | +| 3.1.2 | 10-02-2025 | Advancing CCP **Data Connector** from Public preview to Global Availability. | +| 3.1.1 | 22-01-2025 | Added Preview tag to CCP **Data Connector** | +| 3.1.0 | 13-12-2024 | Added new CCP **Data Connector** to the Solution | | 3.0.0 | 24-08-2024 | Updated the **Data Connector** Function app python runtime version to 3.11 | -| | 11-12-2023 | Added new **Parser** (Auth0AM) | +| | 11-12-2023 | Added new **Parser** (Auth0AM) | diff --git a/Solutions/Box/Data Connectors/BoxEvents_ccp/BoxEvents_DataConnectorDefinition.json b/Solutions/Box/Data Connectors/BoxEvents_ccp/BoxEvents_DataConnectorDefinition.json index d3c6be1fb74..ba994dacc3c 100644 --- a/Solutions/Box/Data Connectors/BoxEvents_ccp/BoxEvents_DataConnectorDefinition.json +++ b/Solutions/Box/Data Connectors/BoxEvents_ccp/BoxEvents_DataConnectorDefinition.json @@ -8,7 +8,7 @@ "properties": { "connectorUiConfig": { "id": "BoxEventsCCPDefinition", - "title": "Box Events (CCP) (Preview)", + "title": "Box Events (CCP)", "publisher": "Microsoft", "descriptionMarkdown": "The Box data connector provides the capability to ingest [Box enterprise's events](https://developer.box.com/guides/events/#admin-events) into Microsoft Sentinel using the Box REST API. Refer to [Box documentation](https://developer.box.com/guides/events/enterprise-events/for-enterprise/) for more information.", "graphQueriesTableName": "BoxEventsV2_CL", diff --git a/Solutions/Box/Package/3.1.1.zip b/Solutions/Box/Package/3.1.1.zip new file mode 100644 index 00000000000..417adad6462 Binary files /dev/null and b/Solutions/Box/Package/3.1.1.zip differ diff --git a/Solutions/Box/Package/mainTemplate.json b/Solutions/Box/Package/mainTemplate.json index f275a635619..2a4495bf265 100644 --- a/Solutions/Box/Package/mainTemplate.json +++ b/Solutions/Box/Package/mainTemplate.json @@ -55,7 +55,7 @@ "email": "support@microsoft.com", "_email": "[variables('email')]", "_solutionName": "Box", - "_solutionVersion": "3.1.0", + "_solutionVersion": "3.1.1", "solutionId": "azuresentinel.azure-sentinel-solution-box", "_solutionId": "[variables('solutionId')]", "workbookVersion1": "1.0.0", @@ -221,7 +221,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "Box Workbook with template version 3.1.0", + "description": "Box Workbook with template version 3.1.1", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('workbookVersion1')]", @@ -309,7 +309,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "BoxEvents Data Parser with template version 3.1.0", + "description": "BoxEvents Data Parser with template version 3.1.1", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('parserObject1').parserVersion1]", @@ -441,7 +441,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "BoxAdminIpAddress_HuntingQueries Hunting Query with template version 3.1.0", + "description": "BoxAdminIpAddress_HuntingQueries Hunting Query with template version 3.1.1", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('huntingQueryObject1').huntingQueryVersion1]", @@ -526,7 +526,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "BoxDeletedUsers_HuntingQueries Hunting Query with template version 3.1.0", + "description": "BoxDeletedUsers_HuntingQueries Hunting Query with template version 3.1.1", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('huntingQueryObject2').huntingQueryVersion2]", @@ -611,7 +611,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "BoxInactiveAdmins_HuntingQueries Hunting Query with template version 3.1.0", + "description": "BoxInactiveAdmins_HuntingQueries Hunting Query with template version 3.1.1", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('huntingQueryObject3').huntingQueryVersion3]", @@ -696,7 +696,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "BoxInactiveUsers_HuntingQueries Hunting Query with template version 3.1.0", + "description": "BoxInactiveUsers_HuntingQueries Hunting Query with template version 3.1.1", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('huntingQueryObject4').huntingQueryVersion4]", @@ -781,7 +781,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "BoxNewUsers_HuntingQueries Hunting Query with template version 3.1.0", + "description": "BoxNewUsers_HuntingQueries Hunting Query with template version 3.1.1", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('huntingQueryObject5').huntingQueryVersion5]", @@ -866,7 +866,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "BoxSuspiciousFiles_HuntingQueries Hunting Query with template version 3.1.0", + "description": "BoxSuspiciousFiles_HuntingQueries Hunting Query with template version 3.1.1", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('huntingQueryObject6').huntingQueryVersion6]", @@ -951,7 +951,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "BoxUserDownloadsByVolume_HuntingQueries Hunting Query with template version 3.1.0", + "description": "BoxUserDownloadsByVolume_HuntingQueries Hunting Query with template version 3.1.1", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('huntingQueryObject7').huntingQueryVersion7]", @@ -1036,7 +1036,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "BoxUserGroupChanges_HuntingQueries Hunting Query with template version 3.1.0", + "description": "BoxUserGroupChanges_HuntingQueries Hunting Query with template version 3.1.1", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('huntingQueryObject8').huntingQueryVersion8]", @@ -1121,7 +1121,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "BoxUserUploadsByVolume_HuntingQueries Hunting Query with template version 3.1.0", + "description": "BoxUserUploadsByVolume_HuntingQueries Hunting Query with template version 3.1.1", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('huntingQueryObject9').huntingQueryVersion9]", @@ -1206,7 +1206,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "BoxUsersWithOwnerPermissions_HuntingQueries Hunting Query with template version 3.1.0", + "description": "BoxUsersWithOwnerPermissions_HuntingQueries Hunting Query with template version 3.1.1", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('huntingQueryObject10').huntingQueryVersion10]", @@ -1291,7 +1291,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "Box data connector with template version 3.1.0", + "description": "Box data connector with template version 3.1.1", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('dataConnectorVersion1')]", @@ -1687,7 +1687,7 @@ ], "properties": { "contentId": "[variables('_dataConnectorContentIdConnectorDefinition2')]", - "displayName": "Box Events (CCP) (Preview)", + "displayName": "Box Events (CCP)", "contentKind": "DataConnector", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", @@ -1704,7 +1704,7 @@ "properties": { "connectorUiConfig": { "id": "BoxEventsCCPDefinition", - "title": "Box Events (CCP) (Preview)", + "title": "Box Events (CCP)", "publisher": "Microsoft", "descriptionMarkdown": "The Box data connector provides the capability to ingest [Box enterprise's events](https://developer.box.com/guides/events/#admin-events) into Microsoft Sentinel using the Box REST API. Refer to [Box documentation](https://developer.box.com/guides/events/enterprise-events/for-enterprise/) for more information.", "graphQueriesTableName": "BoxEventsV2_CL", @@ -2099,7 +2099,7 @@ "properties": { "connectorUiConfig": { "id": "BoxEventsCCPDefinition", - "title": "Box Events (CCP) (Preview)", + "title": "Box Events (CCP)", "publisher": "Microsoft", "descriptionMarkdown": "The Box data connector provides the capability to ingest [Box enterprise's events](https://developer.box.com/guides/events/#admin-events) into Microsoft Sentinel using the Box REST API. Refer to [Box documentation](https://developer.box.com/guides/events/enterprise-events/for-enterprise/) for more information.", "graphQueriesTableName": "BoxEventsV2_CL", @@ -2241,24 +2241,24 @@ ], "properties": { "contentId": "[variables('_dataConnectorContentIdConnections2')]", - "displayName": "Box Events (CCP) (Preview)", + "displayName": "Box Events (CCP)", "contentKind": "ResourcesDataConnector", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('dataConnectorCCPVersion')]", "parameters": { - "ClientId": { + "clientId": { "defaultValue": "-NA-", "type": "securestring", - "minLength": 1 + "minLength": 4 }, - "ClientSecret": { + "clientSecret": { "defaultValue": "-NA-", "type": "securestring", - "minLength": 1 + "minLength": 4 }, "connectorDefinitionName": { - "defaultValue": "Box Events (CCP) (Preview)", + "defaultValue": "Box Events (CCP)", "type": "string", "minLength": 1 }, @@ -2336,8 +2336,8 @@ }, "auth": { "type": "OAuth2", - "clientSecret": "[[parameters('ClientSecret')]", - "clientId": "[[parameters('ClientId')]", + "clientSecret": "[[parameters('clientSecret')]", + "clientId": "[[parameters('clientId')]", "grantType": "client_credentials", "TokenEndpoint": "https://api.box.com/oauth2/token", "TokenEndpointHeaders": { @@ -2345,7 +2345,7 @@ }, "tokenEndpointQueryParameters": { "box_subject_type": "enterprise", - "box_subject_id": "[[parameters('boxEnterpriseId']]" + "box_subject_id": "[[parameters('boxEnterpriseId')]" } }, "request": { @@ -2391,7 +2391,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "BoxAbnormalUserActivity_AnalyticalRules Analytics Rule with template version 3.1.0", + "description": "BoxAbnormalUserActivity_AnalyticalRules Analytics Rule with template version 3.1.1", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject1').analyticRuleVersion1]", @@ -2495,7 +2495,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "BoxBinaryFile_AnalyticalRules Analytics Rule with template version 3.1.0", + "description": "BoxBinaryFile_AnalyticalRules Analytics Rule with template version 3.1.1", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject2').analyticRuleVersion2]", @@ -2599,7 +2599,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "BoxDownloadForbiddenFiles_AnalyticalRules Analytics Rule with template version 3.1.0", + "description": "BoxDownloadForbiddenFiles_AnalyticalRules Analytics Rule with template version 3.1.1", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject3').analyticRuleVersion3]", @@ -2712,7 +2712,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "BoxInactiveUserLogin_AnalyticalRules Analytics Rule with template version 3.1.0", + "description": "BoxInactiveUserLogin_AnalyticalRules Analytics Rule with template version 3.1.1", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject4').analyticRuleVersion4]", @@ -2816,7 +2816,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "BoxItemSharedToExternalUser_AnalyticalRules Analytics Rule with template version 3.1.0", + "description": "BoxItemSharedToExternalUser_AnalyticalRules Analytics Rule with template version 3.1.1", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject5').analyticRuleVersion5]", @@ -2920,7 +2920,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "BoxMultipleItemsDeletedByUser_AnalyticalRules Analytics Rule with template version 3.1.0", + "description": "BoxMultipleItemsDeletedByUser_AnalyticalRules Analytics Rule with template version 3.1.1", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject6').analyticRuleVersion6]", @@ -3024,7 +3024,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "BoxNewExternalUser_AnalyticalRules Analytics Rule with template version 3.1.0", + "description": "BoxNewExternalUser_AnalyticalRules Analytics Rule with template version 3.1.1", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject7').analyticRuleVersion7]", @@ -3138,7 +3138,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "BoxSensitiveFile_AnalyticalRules Analytics Rule with template version 3.1.0", + "description": "BoxSensitiveFile_AnalyticalRules Analytics Rule with template version 3.1.1", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject8').analyticRuleVersion8]", @@ -3251,7 +3251,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "BoxUserLoginAsAdmin_AnalyticalRules Analytics Rule with template version 3.1.0", + "description": "BoxUserLoginAsAdmin_AnalyticalRules Analytics Rule with template version 3.1.1", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject9').analyticRuleVersion9]", @@ -3364,7 +3364,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "BoxUserRoleChangedToOwner_AnalyticalRules Analytics Rule with template version 3.1.0", + "description": "BoxUserRoleChangedToOwner_AnalyticalRules Analytics Rule with template version 3.1.1", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject10').analyticRuleVersion10]", @@ -3464,7 +3464,7 @@ "apiVersion": "2023-04-01-preview", "location": "[parameters('workspace-location')]", "properties": { - "version": "3.1.0", + "version": "3.1.1", "kind": "Solution", "contentSchemaVersion": "3.0.0", "displayName": "Box", diff --git a/Solutions/Box/ReleaseNotes.md b/Solutions/Box/ReleaseNotes.md index 8c560b94fe9..29945246d61 100644 --- a/Solutions/Box/ReleaseNotes.md +++ b/Solutions/Box/ReleaseNotes.md @@ -1,5 +1,6 @@ | **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** | |-------------|--------------------------------|--------------------------------------------------------------------| -| 3.1.0 | 06-12-2024 | Added new CCP **Data Connector** and modified **Parser** | -| 3.0.1 | 18-08-2023 | Added text 'using Azure Functions' in **Data Connector** page | -| 3.0.0 | 19-07-2023 | Manual deployment instructions updated for **Data Connector** | \ No newline at end of file +| 3.1.1 | 10-02-2025 | Advancing CCP **Data Connector** from Public preview to Global Availability.| +| 3.1.0 | 06-12-2024 | Added new CCP **Data Connector** and modified **Parser**. | +| 3.0.1 | 18-08-2023 | Added text 'using Azure Functions' in **Data Connector** page. | +| 3.0.0 | 19-07-2023 | Manual deployment instructions updated for **Data Connector**. | \ No newline at end of file diff --git a/Solutions/Palo Alto Cortex XDR CCP/Data Connectors/CortexXDR_ccp/DataConnectorDefinition.json b/Solutions/Palo Alto Cortex XDR CCP/Data Connectors/CortexXDR_ccp/DataConnectorDefinition.json index 4d73813fae2..26bcd2701a5 100644 --- a/Solutions/Palo Alto Cortex XDR CCP/Data Connectors/CortexXDR_ccp/DataConnectorDefinition.json +++ b/Solutions/Palo Alto Cortex XDR CCP/Data Connectors/CortexXDR_ccp/DataConnectorDefinition.json @@ -7,7 +7,7 @@ "properties": { "connectorUiConfig": { "id": "CortexXDRDataConnector", - "title": "Palo Alto Cortex XDR (Preview)", + "title": "Palo Alto Cortex XDR", "publisher": "Microsoft", "descriptionMarkdown": "The [Palo Alto Cortex XDR](https://cortex-panw.stoplight.io/docs/cortex-xdr/branches/main/09agw06t5dpvw-cortex-xdr-rest-api) data connector allows ingesting logs from the Palo Alto Cortex XDR API into Microsoft Sentinel. The data connector is built on Microsoft Sentinel Codeless Connector Platform. It uses the Palo Alto Cortex XDR API to fetch logs and it supports DCR-based [ingestion time transformations](https://docs.microsoft.com/azure/azure-monitor/logs/custom-logs-overview) that parses the received security data into a custom table so that queries don't need to parse it again, thus resulting in better performance.", "graphQueries": [ diff --git a/Solutions/Palo Alto Cortex XDR CCP/Package/3.0.2.zip b/Solutions/Palo Alto Cortex XDR CCP/Package/3.0.2.zip new file mode 100644 index 00000000000..3181e4e4ba9 Binary files /dev/null and b/Solutions/Palo Alto Cortex XDR CCP/Package/3.0.2.zip differ diff --git a/Solutions/Palo Alto Cortex XDR CCP/Package/createUiDefinition.json b/Solutions/Palo Alto Cortex XDR CCP/Package/createUiDefinition.json index 88649dfffc5..1a502aa6784 100644 --- a/Solutions/Palo Alto Cortex XDR CCP/Package/createUiDefinition.json +++ b/Solutions/Palo Alto Cortex XDR CCP/Package/createUiDefinition.json @@ -64,7 +64,7 @@ } }, { - "name": "dataconnectors-link2", + "name": "dataconnectors-link1", "type": "Microsoft.Common.TextBlock", "options": { "link": { diff --git a/Solutions/Palo Alto Cortex XDR CCP/Package/mainTemplate.json b/Solutions/Palo Alto Cortex XDR CCP/Package/mainTemplate.json index c91006517cf..34fa0b38e6c 100644 --- a/Solutions/Palo Alto Cortex XDR CCP/Package/mainTemplate.json +++ b/Solutions/Palo Alto Cortex XDR CCP/Package/mainTemplate.json @@ -45,7 +45,7 @@ }, "variables": { "_solutionName": "Palo Alto Cortex XDR CCP", - "_solutionVersion": "3.0.1", + "_solutionVersion": "3.0.2", "solutionId": "azuresentinel.azure-sentinel-solution-cortexccp", "_solutionId": "[variables('solutionId')]", "workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]", @@ -68,7 +68,7 @@ ], "properties": { "contentId": "[variables('_dataConnectorContentIdConnectorDefinition1')]", - "displayName": "Palo Alto Cortex XDR (Preview)", + "displayName": "Palo Alto Cortex XDR", "contentKind": "DataConnector", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", @@ -85,7 +85,7 @@ "properties": { "connectorUiConfig": { "id": "CortexXDRDataConnector", - "title": "Palo Alto Cortex XDR (Preview)", + "title": "Palo Alto Cortex XDR", "publisher": "Microsoft", "descriptionMarkdown": "The [Palo Alto Cortex XDR](https://cortex-panw.stoplight.io/docs/cortex-xdr/branches/main/09agw06t5dpvw-cortex-xdr-rest-api) data connector allows ingesting logs from the Palo Alto Cortex XDR API into Microsoft Sentinel. The data connector is built on Microsoft Sentinel Codeless Connector Platform. It uses the Palo Alto Cortex XDR API to fetch logs and it supports DCR-based [ingestion time transformations](https://docs.microsoft.com/azure/azure-monitor/logs/custom-logs-overview) that parses the received security data into a custom table so that queries don't need to parse it again, thus resulting in better performance.", "graphQueries": [ @@ -2156,7 +2156,7 @@ "properties": { "connectorUiConfig": { "id": "CortexXDRDataConnector", - "title": "Palo Alto Cortex XDR (Preview)", + "title": "Palo Alto Cortex XDR", "publisher": "Microsoft", "descriptionMarkdown": "The [Palo Alto Cortex XDR](https://cortex-panw.stoplight.io/docs/cortex-xdr/branches/main/09agw06t5dpvw-cortex-xdr-rest-api) data connector allows ingesting logs from the Palo Alto Cortex XDR API into Microsoft Sentinel. The data connector is built on Microsoft Sentinel Codeless Connector Platform. It uses the Palo Alto Cortex XDR API to fetch logs and it supports DCR-based [ingestion time transformations](https://docs.microsoft.com/azure/azure-monitor/logs/custom-logs-overview) that parses the received security data into a custom table so that queries don't need to parse it again, thus resulting in better performance.", "graphQueries": [ @@ -2362,14 +2362,14 @@ ], "properties": { "contentId": "[variables('_dataConnectorContentIdConnections1')]", - "displayName": "Palo Alto Cortex XDR (Preview)", + "displayName": "Palo Alto Cortex XDR", "contentKind": "ResourcesDataConnector", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('dataConnectorCCPVersion')]", "parameters": { "connectorDefinitionName": { - "defaultValue": "Palo Alto Cortex XDR (Preview)", + "defaultValue": "Palo Alto Cortex XDR", "type": "string", "minLength": 1 }, @@ -2664,7 +2664,7 @@ "apiVersion": "2023-04-01-preview", "location": "[parameters('workspace-location')]", "properties": { - "version": "3.0.1", + "version": "3.0.2", "kind": "Solution", "contentSchemaVersion": "3.0.0", "displayName": "Palo Alto Cortex XDR CCP", diff --git a/Solutions/Palo Alto Cortex XDR CCP/ReleaseNotes.md b/Solutions/Palo Alto Cortex XDR CCP/ReleaseNotes.md index 84bd3f02018..0372f0c651b 100644 --- a/Solutions/Palo Alto Cortex XDR CCP/ReleaseNotes.md +++ b/Solutions/Palo Alto Cortex XDR CCP/ReleaseNotes.md @@ -1,4 +1,5 @@ | **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** | |-------------|--------------------------------|--------------------------------------------------------------------------| +| 3.0.2 | 10-02-2025 | Advancing CCP **Data Connector** from Public preview to Global Availability.| | 3.0.1 | 22-01-2025 | Added Preview tag to **Data Connector** | | 3.0.0 | 17-12-2024 | Initial Solution Release | diff --git a/Solutions/SentinelOne/Data Connectors/SentinelOne_ccp/connectorDefinition.json b/Solutions/SentinelOne/Data Connectors/SentinelOne_ccp/connectorDefinition.json index d8008a62274..f07f9667945 100644 --- a/Solutions/SentinelOne/Data Connectors/SentinelOne_ccp/connectorDefinition.json +++ b/Solutions/SentinelOne/Data Connectors/SentinelOne_ccp/connectorDefinition.json @@ -6,7 +6,7 @@ "properties": { "connectorUiConfig": { "id": "SentinelOneCCP", - "title": "SentinelOne (Preview)", + "title": "SentinelOne", "publisher": "Microsoft", "descriptionMarkdown": "The [SentinelOne](https://usea1-nessat.sentinelone.net/api-doc/overview) data connector allows ingesting logs from the SentinelOne API into Microsoft Sentinel. The data connector is built on Microsoft Sentinel Codeless Connector Platform. It uses the SentinelOne API to fetch logs and it supports DCR-based [ingestion time transformations](https://docs.microsoft.com/azure/azure-monitor/logs/custom-logs-overview) that parses the received security data into a custom table so that queries don't need to parse it again, thus resulting in better performance.", "graphQueries": [ diff --git a/Solutions/SentinelOne/Package/3.0.6.zip b/Solutions/SentinelOne/Package/3.0.6.zip new file mode 100644 index 00000000000..0a9034cbbc5 Binary files /dev/null and b/Solutions/SentinelOne/Package/3.0.6.zip differ diff --git a/Solutions/SentinelOne/Package/mainTemplate.json b/Solutions/SentinelOne/Package/mainTemplate.json index 0b20e2e2637..df45fa48f89 100644 --- a/Solutions/SentinelOne/Package/mainTemplate.json +++ b/Solutions/SentinelOne/Package/mainTemplate.json @@ -55,7 +55,7 @@ "email": "support@microsoft.com", "_email": "[variables('email')]", "_solutionName": "SentinelOne", - "_solutionVersion": "3.0.5", + "_solutionVersion": "3.0.6", "solutionId": "azuresentinel.azure-sentinel-solution-sentinelone", "_solutionId": "[variables('solutionId')]", "workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]", @@ -227,7 +227,7 @@ ], "properties": { "contentId": "[variables('_dataConnectorContentIdConnectorDefinition1')]", - "displayName": "SentinelOne (Preview)", + "displayName": "SentinelOne", "contentKind": "DataConnector", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", @@ -244,7 +244,7 @@ "properties": { "connectorUiConfig": { "id": "SentinelOneCCP", - "title": "SentinelOne (Preview)", + "title": "SentinelOne", "publisher": "Microsoft", "descriptionMarkdown": "The [SentinelOne](https://usea1-nessat.sentinelone.net/api-doc/overview) data connector allows ingesting logs from the SentinelOne API into Microsoft Sentinel. The data connector is built on Microsoft Sentinel Codeless Connector Platform. It uses the SentinelOne API to fetch logs and it supports DCR-based [ingestion time transformations](https://docs.microsoft.com/azure/azure-monitor/logs/custom-logs-overview) that parses the received security data into a custom table so that queries don't need to parse it again, thus resulting in better performance.", "graphQueries": [ @@ -320,7 +320,8 @@ ], "connectivityCriteria": [ { - "type": "HasDataConnectors" + "type": "HasDataConnectors", + "value": null } ], "availability": { @@ -2033,7 +2034,7 @@ "properties": { "connectorUiConfig": { "id": "SentinelOneCCP", - "title": "SentinelOne (Preview)", + "title": "SentinelOne", "publisher": "Microsoft", "descriptionMarkdown": "The [SentinelOne](https://usea1-nessat.sentinelone.net/api-doc/overview) data connector allows ingesting logs from the SentinelOne API into Microsoft Sentinel. The data connector is built on Microsoft Sentinel Codeless Connector Platform. It uses the SentinelOne API to fetch logs and it supports DCR-based [ingestion time transformations](https://docs.microsoft.com/azure/azure-monitor/logs/custom-logs-overview) that parses the received security data into a custom table so that queries don't need to parse it again, thus resulting in better performance.", "graphQueries": [ @@ -2230,14 +2231,14 @@ ], "properties": { "contentId": "[variables('_dataConnectorContentIdConnections1')]", - "displayName": "SentinelOne (Preview)", + "displayName": "SentinelOne", "contentKind": "ResourcesDataConnector", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('dataConnectorCCPVersion')]", "parameters": { "connectorDefinitionName": { - "defaultValue": "SentinelOne (Preview)", + "defaultValue": "SentinelOne", "type": "string", "minLength": 1 }, @@ -2670,7 +2671,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "SentinelOne data connector with template version 3.0.5", + "description": "SentinelOne data connector with template version 3.0.6", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('dataConnectorVersion2')]", @@ -3027,7 +3028,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "SentinelOne Workbook with template version 3.0.5", + "description": "SentinelOne Workbook with template version 3.0.6", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('workbookVersion1')]", @@ -3115,7 +3116,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "SentinelOne Data Parser with template version 3.0.5", + "description": "SentinelOne Data Parser with template version 3.0.6", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('parserObject1').parserVersion1]", @@ -3247,7 +3248,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "SentinelOneAdminLoginNewIP_AnalyticalRules Analytics Rule with template version 3.0.5", + "description": "SentinelOneAdminLoginNewIP_AnalyticalRules Analytics Rule with template version 3.0.6", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject1').analyticRuleVersion1]", @@ -3275,10 +3276,10 @@ "status": "Available", "requiredDataConnectors": [ { + "connectorId": "SentinelOne", "dataTypes": [ "SentinelOne" - ], - "connectorId": "SentinelOne" + ] } ], "tactics": [ @@ -3361,7 +3362,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "SentinelOneAgentUninstalled_AnalyticalRules Analytics Rule with template version 3.0.5", + "description": "SentinelOneAgentUninstalled_AnalyticalRules Analytics Rule with template version 3.0.6", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject2').analyticRuleVersion2]", @@ -3389,10 +3390,10 @@ "status": "Available", "requiredDataConnectors": [ { + "connectorId": "SentinelOne", "dataTypes": [ "SentinelOne" - ], - "connectorId": "SentinelOne" + ] } ], "tactics": [ @@ -3465,7 +3466,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "SentinelOneAlertFromCustomRule_AnalyticalRules Analytics Rule with template version 3.0.5", + "description": "SentinelOneAlertFromCustomRule_AnalyticalRules Analytics Rule with template version 3.0.6", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject3').analyticRuleVersion3]", @@ -3493,10 +3494,10 @@ "status": "Available", "requiredDataConnectors": [ { + "connectorId": "SentinelOne", "dataTypes": [ "SentinelOne" - ], - "connectorId": "SentinelOne" + ] } ], "tactics": [ @@ -3569,7 +3570,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "SentinelOneBlacklistHashDeleted_AnalyticalRules Analytics Rule with template version 3.0.5", + "description": "SentinelOneBlacklistHashDeleted_AnalyticalRules Analytics Rule with template version 3.0.6", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject4').analyticRuleVersion4]", @@ -3597,10 +3598,10 @@ "status": "Available", "requiredDataConnectors": [ { + "connectorId": "SentinelOne", "dataTypes": [ "SentinelOne" - ], - "connectorId": "SentinelOne" + ] } ], "tactics": [ @@ -3686,7 +3687,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "SentinelOneExclusionAdded_AnalyticalRules Analytics Rule with template version 3.0.5", + "description": "SentinelOneExclusionAdded_AnalyticalRules Analytics Rule with template version 3.0.6", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject5').analyticRuleVersion5]", @@ -3714,10 +3715,10 @@ "status": "Available", "requiredDataConnectors": [ { + "connectorId": "SentinelOne", "dataTypes": [ "SentinelOne" - ], - "connectorId": "SentinelOne" + ] } ], "tactics": [ @@ -3790,7 +3791,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "SentinelOneMultipleAlertsOnHost_AnalyticalRules Analytics Rule with template version 3.0.5", + "description": "SentinelOneMultipleAlertsOnHost_AnalyticalRules Analytics Rule with template version 3.0.6", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject6').analyticRuleVersion6]", @@ -3818,10 +3819,10 @@ "status": "Available", "requiredDataConnectors": [ { + "connectorId": "SentinelOne", "dataTypes": [ "SentinelOne" - ], - "connectorId": "SentinelOne" + ] } ], "tactics": [ @@ -3894,7 +3895,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "SentinelOneNewAdmin_AnalyticalRules Analytics Rule with template version 3.0.5", + "description": "SentinelOneNewAdmin_AnalyticalRules Analytics Rule with template version 3.0.6", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject7').analyticRuleVersion7]", @@ -3922,10 +3923,10 @@ "status": "Available", "requiredDataConnectors": [ { + "connectorId": "SentinelOne", "dataTypes": [ "SentinelOne" - ], - "connectorId": "SentinelOne" + ] } ], "tactics": [ @@ -3998,7 +3999,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "SentinelOneRuleDeleted_AnalyticalRules Analytics Rule with template version 3.0.5", + "description": "SentinelOneRuleDeleted_AnalyticalRules Analytics Rule with template version 3.0.6", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject8').analyticRuleVersion8]", @@ -4026,10 +4027,10 @@ "status": "Available", "requiredDataConnectors": [ { + "connectorId": "SentinelOne", "dataTypes": [ "SentinelOne" - ], - "connectorId": "SentinelOne" + ] } ], "tactics": [ @@ -4102,7 +4103,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "SentinelOneRuleDisabled_AnalyticalRules Analytics Rule with template version 3.0.5", + "description": "SentinelOneRuleDisabled_AnalyticalRules Analytics Rule with template version 3.0.6", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject9').analyticRuleVersion9]", @@ -4130,10 +4131,10 @@ "status": "Available", "requiredDataConnectors": [ { + "connectorId": "SentinelOne", "dataTypes": [ "SentinelOne" - ], - "connectorId": "SentinelOne" + ] } ], "tactics": [ @@ -4206,7 +4207,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "SentinelOneSameCustomRuleHitOnDiffHosts_AnalyticalRules Analytics Rule with template version 3.0.5", + "description": "SentinelOneSameCustomRuleHitOnDiffHosts_AnalyticalRules Analytics Rule with template version 3.0.6", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject10').analyticRuleVersion10]", @@ -4234,10 +4235,10 @@ "status": "Available", "requiredDataConnectors": [ { + "connectorId": "SentinelOne", "dataTypes": [ "SentinelOne" - ], - "connectorId": "SentinelOne" + ] } ], "tactics": [ @@ -4312,7 +4313,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "SentinelOneViewAgentPassphrase_AnalyticalRules Analytics Rule with template version 3.0.5", + "description": "SentinelOneViewAgentPassphrase_AnalyticalRules Analytics Rule with template version 3.0.6", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject11').analyticRuleVersion11]", @@ -4340,10 +4341,10 @@ "status": "Available", "requiredDataConnectors": [ { + "connectorId": "SentinelOne", "dataTypes": [ "SentinelOne" - ], - "connectorId": "SentinelOne" + ] } ], "tactics": [ @@ -4425,7 +4426,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "SentinelOneAgentNotUpdated_HuntingQueries Hunting Query with template version 3.0.5", + "description": "SentinelOneAgentNotUpdated_HuntingQueries Hunting Query with template version 3.0.6", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('huntingQueryObject1').huntingQueryVersion1]", @@ -4510,7 +4511,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "SentinelOneAgentStatus_HuntingQueries Hunting Query with template version 3.0.5", + "description": "SentinelOneAgentStatus_HuntingQueries Hunting Query with template version 3.0.6", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('huntingQueryObject2').huntingQueryVersion2]", @@ -4595,7 +4596,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "SentinelOneAlertTriggers_HuntingQueries Hunting Query with template version 3.0.5", + "description": "SentinelOneAlertTriggers_HuntingQueries Hunting Query with template version 3.0.6", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('huntingQueryObject3').huntingQueryVersion3]", @@ -4680,7 +4681,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "SentinelOneHostNotScanned_HuntingQueries Hunting Query with template version 3.0.5", + "description": "SentinelOneHostNotScanned_HuntingQueries Hunting Query with template version 3.0.6", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('huntingQueryObject4').huntingQueryVersion4]", @@ -4765,7 +4766,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "SentinelOneNewRules_HuntingQueries Hunting Query with template version 3.0.5", + "description": "SentinelOneNewRules_HuntingQueries Hunting Query with template version 3.0.6", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('huntingQueryObject5').huntingQueryVersion5]", @@ -4850,7 +4851,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "SentinelOneRulesDeleted_HuntingQueries Hunting Query with template version 3.0.5", + "description": "SentinelOneRulesDeleted_HuntingQueries Hunting Query with template version 3.0.6", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('huntingQueryObject6').huntingQueryVersion6]", @@ -4935,7 +4936,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "SentinelOneScannedHosts_HuntingQueries Hunting Query with template version 3.0.5", + "description": "SentinelOneScannedHosts_HuntingQueries Hunting Query with template version 3.0.6", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('huntingQueryObject7').huntingQueryVersion7]", @@ -5020,7 +5021,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "SentinelOneSourcesByAlertCount_HuntingQueries Hunting Query with template version 3.0.5", + "description": "SentinelOneSourcesByAlertCount_HuntingQueries Hunting Query with template version 3.0.6", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('huntingQueryObject8').huntingQueryVersion8]", @@ -5105,7 +5106,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "SentinelOneUninstalledAgents_HuntingQueries Hunting Query with template version 3.0.5", + "description": "SentinelOneUninstalledAgents_HuntingQueries Hunting Query with template version 3.0.6", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('huntingQueryObject9').huntingQueryVersion9]", @@ -5190,7 +5191,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "SentinelOneUsersByAlertCount_HuntingQueries Hunting Query with template version 3.0.5", + "description": "SentinelOneUsersByAlertCount_HuntingQueries Hunting Query with template version 3.0.6", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('huntingQueryObject10').huntingQueryVersion10]", @@ -5271,7 +5272,7 @@ "apiVersion": "2023-04-01-preview", "location": "[parameters('workspace-location')]", "properties": { - "version": "3.0.5", + "version": "3.0.6", "kind": "Solution", "contentSchemaVersion": "3.0.0", "displayName": "SentinelOne", diff --git a/Solutions/SentinelOne/ReleaseNotes.md b/Solutions/SentinelOne/ReleaseNotes.md index 7db9a1bd0e7..753b668f5ab 100644 --- a/Solutions/SentinelOne/ReleaseNotes.md +++ b/Solutions/SentinelOne/ReleaseNotes.md @@ -1,5 +1,6 @@ | **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** | |-------------|--------------------------------|---------------------------------------------| +| 3.0.6 | 10-02-2025 | Advancing CCP **Data Connector** from Public preview to Global Availability.| | 3.0.5 | 20-01-2025 | Updated "Sentinel One - Agent uninstalled from multiple hosts" **Analytic Rule** with ActivityType | | 3.0.4 | 15-01-2025 | Added older Function app **Data Connector** again to SOlution until final deprecation of Function app happens | | 3.0.3 | 12-12-2024 | Added new CCP **Data Connector** and Updated **Parser** |