From 21335081510c66441f5dea3a8a6a6e25f1603faf Mon Sep 17 00:00:00 2001 From: Yohai Nirenberg Date: Thu, 2 Jan 2025 16:35:56 +0200 Subject: [PATCH 1/3] CloudGuard - Fixed publisherId --- .../Package/3.0.0.zip | Bin 7788 -> 7784 bytes .../Package/mainTemplate.json | 4 ++-- .../SolutionMetadata.json | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Solutions/Check Point CloudGuard CNAPP/Package/3.0.0.zip b/Solutions/Check Point CloudGuard CNAPP/Package/3.0.0.zip index 2bf2f2a1afe6f5eb16b411109436300704b54c74..98b7f78d80994c4a34dfd763e1a5ea1ec0b25159 100644 GIT binary patch delta 5512 zcmV;36?f|FJm@?QP)h>@6aWAK2mob-B3iKy)&>n_gd$qS7J^~L761UVlko;&0vw66 zR0n$je-}Y$Kw@&pX7nu+vNgHRKrUgz^|fQ#=YkRvA;^SD*^#_q!~)@?C>1D3h@S)& z9{be6-_|yBsaao>@7Fdq-q+(^K)C`lv$Qor`6oFa2>?*OA`Zho*$r%e9D5D}Uebt? zSDq7vEWC=z2`ncspgyvf(Ks0yQ7MS=YZ!exe=bfe2L!bJQjnvNJ`N+WogO!qT&kl_ zgO+czc%6-W5B^m~0|Y%-uWLOnCT+1)M}@m^#N z&$40G*Z9M=9IwuWTv(}mbSl;HL@#9n`6k~!kUwdI0~g<^FlN76ETx4d8#Bwn8Ld7} ze>pjs7)wPbf1~1*E#c!-}x+ng5}{bA7joqk@q&m$vE z14{jBKxuQ$avf`JGYPz36Dn5FxxCLO=da9maz2ZKlzC#Fm1qEDgJ)z}!mr)enc(D7kUZ#7xnRx4AEDx-g z^-JFlu35UCfa(riU%P}=BK}dAq2$W5;V2%zx%>rYU0?fnr&U9#VR{sWe{SLc z*;J~<_BAc=MqU1!-)$i?*EZLfzs7$df~O~fr|B5R?!2qCP{jb1ZHew}y6{mVQWGQ9 zRFF^#zwKPZArHqfiJ)S@zRxiOxd6aoPc<0$i*(@04YZX; zSBQvY^uTtq$4%@8l8wjh+evGvFmMX&OE2Ky?yC?M8iFkoNYN@H{27kWe`Ro$wRYA- zmJ7t3INshBUlt6((mRc6kv|2B%yXqrZ4;ER)+?$VYwLThqRP6=pfL;J=D;z{EYoV3 zY=G-jg!d8_hePi-B$=j}Y1yhGCg6SR0q9p=U*8T|dTs-|u}n-a_UF5VRos$G-(zqH z$|m6B8(J%esaJM%?S{9UfB2{1xH!updcU5p=xyad!56X{ItlkU_3{oE`{9s&-`h`L zagO!g+|UTcOKE5AogBTg4uV)%AJD2hh=>1h*uZn245&Z4aG*PlE?jk_4T3U7GA0ok z@U_AHEns?pRf&he@CpumVkHrJgAnFk8HL)rM+eXe93PV;{_|gde}GZLU`XA|-~Y{k zNiMiPz_pZf>j)GVaBSEmNW~n;^!Uig{@$^5X@if7oaMmA9-PkO$PO6xcyU$7fIve-@5_Jz)vKGG~PP9*l&R5T`3T+_=1g9T<%*j#b)a6Fo`b55V3Y z9My-YBA_*_M2>O*o(k;AfxzytJi7+5?ML=#@K4d^6nUR*in$0%E&7bJ{$lU2!B~?T zUH)iSKkpAZD)Jl&z-buUzQ7@(4n<#}eqP?!r+u)DihvUVe{e-F6dnY4j2%CI)Dq+F zF0)sPKdINF_>-G7g^8FA+c2GhHYH!pj}(><9}^d68Wp$1I?1*5VrTr?8Jt#Yt($ zn8mF^%E9l4e@5kTx*+Oh_ft-jQ&b^O$k6^k$U6S&=FKHUM@=}A_PIsepj8|t zv|?;Ny6rYR95+&7E$=-WO$Cbn`>HTARMI(%j2?G1#&hTfLeoz*A;>Yu z>Y9$bowkH;p$rtvPhvWnhedE2rp9~ODtBs5Kbz1GlrrxomjIfEC&34ScQ5Ho&$PE1GJIPCXzu1o`pY4b|tszpFjHjlfW@-cr%;uyB> zDJ(yeiC1ulirG{{K)P|{v0Lk?Yjv2Kd^pjr^q@?ug}M1OvBGKF8Y zBdhC9*HPqVn7T?b$P@&P4$s){JP?Z5-^qSq8RkvBjC$EY80rOe=*f18VZ z&$eRIgr=&IrJzc!S9ByU&DNLi*%07*x7~2t`8#YojkX&@F4b{@LHY%Tl2ulUR4je_ z+N})y3e+C%Q^&^)>MH+T8ostFgIQ*8Y#Owi)n!%{+L%oHHM*TPXMq9sG8aa#bJu+q zSl~pBQ3nh#Gy(?Xlw$mILEt1Ke|MR{;d#Wn4v%1AkZB3{B`?A>qRtq)dCq4b4r~zj zPZ|ZDXJAxEXeTcLTw&C=1IXGDmit?^dT z$C8i07+400K{$9Ya48@;4Evzj?j00#)x={S@LC2Q32>H4`w57aV_Lb`OKJLOiwHKbzFB^SuKT(IIs`dpUrK?f(4( z5%Jr{%VJV3hi0*z>ma=KsoSqgAyuHc3?Wm*4i;twV?yHnlLeCrPbdwR<=`9Mg0mDe zbs9^}Vs-A&?o%K9R7(Jgf5)DEaQwtw3i-XImxD081}EwWTyHgbgP(^!%094Lyls1r zKtYlj4X+MA|gU2l1Sf>_TNB-lDnCZVEDke}NB~AT@CnKkR3p zd6_0&X!_2D0YTvh7*Jc_s=!hiq6Q&ZbC`2w7D|k{ZRT3{qntN|~4D zxvObr96!5e_wrZqVHeJ*^WYQV873|%Tr(k0Am>OLk?Tqn2=AX@0yv7L1=|yTUx(v- zfPFkyeQn>`W1{pue-F-$nxPXW@hFK;IPrO8bxIOzghodb;}Y~(ejsva*q7ZOKgOM_0`oF2vMo!$6NtX06RvHd?`e>JQWn)OkuRpw%SY_Jd+ zTs_pPy)CQEy7~jmN@LeD_28l4`d7g5;i}X6T%wiU3>!tqR+)bda}QP@#fPp^n}q%! z0Dg7p1S_p=nxrT^1Oy-KZa7tP&?+O`Bn^F)@k_my4->g2QRtQSM%Bf4R$7-fOZS*e z_E;qx>r*yXf0~7j!uP9E>x!z&b6n|FSAR2QrCC>#8M^wo)n%KmGKQ5ma#k6! zMxQKL?W272TLvqwJ_`wwOU}!AeF#VWQ|Ye~u`?2de}rC^KP{zcV<=xUS=s8nuJ`Mf z-@WQgU*?Nsb-r9@>N;PAPZmuU`)c!1vx#D0=IT`&dg8VD)|e#R2~W8+RbQO)Yf^?< zo7wtXrs_d0ss=5#TF~@$$f~OYRTlHAt_IYm3eZBT|1_)m^QGF)muf#NRPARTReox! z`%Ks<~>Cm()PSxDi)o-e+-jpgjR#v%bRNY4V?czCAvsq9To2jbTG^|?F zrdmyXm73b>G<8*J>dtoMTX9uYXLOuyS7qiQe^r+$6S88F)mM*cuoEmtwU`D~V)UZk zs0>4+5&>F$+wN*iyR|6@` zW~lyAU-hH9+Q+=Bd=y}=s_Icu&13R#Fo)_L^RL>`u3E?Rs(uE|nBpuyuEeTT^EcMk zw|dn)r@h7)$dlmVax7B4Ves$$JVHi7e^}X@peT?_uuI5*t_W$CHwRVwDeB{WvuM}6 zmPE%bx|Ze^@sdEktX^zt574B6l&J}|^L6$`olND4CtZkC0C~}U(zSm}A}Vwrf5&<| zTif4@1=0gS@xw8{2A59K{RJ|VzA7o!6z+Gksjf7$=WoK=@A911*(!p?;@Q+rB)mt776ILMN51Dqp?xvshC?}m%eLc7%LdFO*9`Bk~vNa#cnk9`Y z%EgGe6q_GxX1Yz#N#u=RWPgGGsWEOYmz+g5wOxh9+@fwVM&Ut(jM#8<@+g}{Il05^ z(%$)a-eK3?Xt&>wXkUCUfBIbJiIDS-Fh=nSG*m91q)#x6hQFS7K3?#os-Hj}!rPM= zT%y?Q?!1Ge#G$4UoXgTCcVZ^|R4TSR!;w+jh)&sOM#We+Xf5NLtvgUA-qku}UagDN zE0vPf0pZ>zIgFyIDEv| z{~LM(x77n{#taoI^`OGx>D}z~_CjExhl!uP=VIaY7_}p3@ErIcT?l5VF%{(yvQOiG z9-ZJ3VXFc;!J~uVm4}M%JAF$?5DOXj&&GaeyQnav}i4%5=h5; zm|6%8zcGX%f%st(e;)*}#f0EqgqD9d;4^^Kr|PKbuH(=V=Y>520t@Bc?;nqzJ_eN)2K}e6!K@1<12Fr%mE0Sx}}V5WNv0XslN!-oA1Q0cl&5~sO2IL&Mq_ng4 zPL5t#2SF@u;6f|Ry8eg52A=z5K>g8$!*i4`Ty-SCJs*N&p2l=!Bu?Z*i|bf`6jsgw zc?ho{e~&rMJQF8kku+FJo5pllegSMUmiOns{s2wSFMnxX{{C+U(Ll_)XZVW*<_L~x zctFM*WO%j=SLh3Ir(k}o-^Q=)PQJSe*m)}ipzd8E)!L$U2r4K3C|Qovz@m! zEjCV2x#ECqhhU2aWQfbdzJzm$hU1)epGdPIvqcOn)eWENn_O8`1^27AgW`R5-IiW% zSl-~p)!pg3LIbY#y&;HDw90L{d5&M+=SxQ3{4(;; zkh3uagx4otm+qLf%GayS5M5YK-t?wTY6b^Wciy=`sp6c?K` z)5~P*D_csf6FswpHK&i!oXa!ugIfx5Q`qQVX z@yP|=X*oQOE delta 5516 zcmV;76?5w7JnTFUP)h>@6aWAK2mlI!lUcD2)&>mublf&jlqULXZiQvLkuJhy}t&Q7TZ75I+el zJoc%B|61G3rDlCizF*tecwdiu0p$wJ%+l5f<)7qyBmhA9iZ~4WWH+$=aqKw^cu6Bl zUU^OwvhXSt5Ehpy{!>X9&Z&dWM)qI>vU)oU$KKw*bsqPgNPLSKPAHcL-sxpo`0`Clo&KGK#_*4-5g;%hXUe6K_3? z<$?9Ge(Br6HA~kMP~D;HYnQM}#4mLjO0GN`j^go~%U@tN-VIIC^|g<8T8)(2f2c=M z=q3)3O{H3FU(*6_)aAeV-4-%)ZF7zJYy2NX@bpCRG#$g(op+VSsu-ZMEz!MA7d}cv zYHg%SJu_ecpEH5;jO>qk*DaPovod3#3{iVMfAp_w@Opo zmK&`VMVL;glSE!T&fqJOq?Kxdf1!3#3KB};x1DP^@8LKm5map1_c>-D7XVo7skQ@ukq$h$ zfwt1<3K5Zv9+*+~xQPitvhld7J82jd22O!}=>;6zeHFq&LojOsDOyE@e?P-%x(u$e z*3O#9a)Fo=C*8Z^%Ysc@~1$Nd9L)SZGsZkdPTKkZGEp*R9Tl9G-d(Z95|+# zWm*lB4RD=`@Ls~=aOnMpB-1oAEn8K@1iWuO0R77A>)Sy~&uw5gmWk=b{(P6Pid%B& zdkoG)*#vxiLu=(+^~#Q}f8Fqw6aN%^7-u;|@7MDcy{#N5_(FC=C*jVgUf$tiKOEBU zd;94t&avK`8ycZ_DebJilcQJGK@bb;16p+l@$erG8+h)M0rf{04s@r{g{zLVK~Sbh z#w0=mzBah)1xydHD)C$xUcuQ zEivxyGJB=?lR7|(Ke!IWLHXBObk76wiQs{SY;T!R z-<%PC!CV0>xg3)u0rfvK&@34aVSE1#l|>T7>l--qo5<_Ky7KvCZ(*9*xrst~3j6p} zoRoHqS==h5e;izZXjC4j3!+|jKjkzzMHTXd4DAnutm7X)(f}Ta9|pM>MjV?l_~ zj(E&lY|MdJsowT(K!fao8UYCHY3L>mrx!LW*wt(fFxofZX0$Io@U0>_4M21}c9hz6 zkI0qnGpcK+UmG1z&O?u(sc0~j3KsEEYV?^2RY59Yf0xPrjV(>H+!ev!7pJFFICJ9g z#~9tQ1DE`S%q2=g2pCb&-M=PYL|wxMRDw4hTkZjwGqbWYbHE5~-dsX-)Py5xpIgKY zTE$U9E5_!d+is(VXzpZVnpSG{P{M zFfhSse<_SrG>NzbfGLNHXg+rG360T6V!gKv4nNj$2nHsa#b4R3djXGbJcn)|H2qW) zf*fvkCn`Df4b}X#i_7uHtDtD`du2Sq2y^s3lGW<{_e{F`SyRk8-d^r8V*r_CwgZ=8^aRT%k z4?;gxuHXT<0BNc1Cb5W7Yt}WEYfTPb)!e8b%vRcR(Hu?}5sjyzJ8RZcB7->$u-mz< z$e+&fAUU8O8`3}ud3$U)-I-ZIyZtVa>KbU)bx{?o!QJ_;3Yx-tkwpH(WXyBVhc0dT ze{ckc1338ezQR9~Gk7ta;K#BHG2`dw#B{Wc!+u}q$~2&uHm^jkS_C9z^SJ9NAM=MK zj$!Mb!tyhjcm;>3m`ybVq#H*byS0wGR)?v{hZF5e56ZM!n44cls|!cPa_n=;oPe4D z!1lrd09i`U6pnbHV;)Ak_i&*plral~e>D7AO#E;nNMelhWi4-J3$dl62nHD=D20q6 zQ}|Uovbyec9Yt=2sjDP|OhM4-5S@<9Gj#RnWGBw-^ki-($q?v<(4XWbETn`?*-Rti1+sPwtUb{L9)`Ls)(}N4m=PqdQEW?c>^?XjQRmrf65Hb zxw**qY%4ZRXsQ}n3aZq4MMvV&Y<>Bj4FRrq+YPs!zr(iEXuC1wQXMB4q+ehtS!Jb2 z#nQL0-O9kPK<(i^b$m>wuJYfd;cKfhm}U0Hra`+|U1n9GjmZpPquXh778qbJb7Ay4 zcim@!1y0l$b-(~aBVa&IDaJn+e*{i4a+e7lo=3dv@CX(LnU;WG@=i=6>WrbA=X?g@ zzy@*uq*35`21a#+cJdOy6-IqKfUF&1xxWQFb~&Lsvg5)1!*!Viu8)Ru6G+hRTMQVs z58K{yEcpnGfn|^wgo6hImjaT*un(H;-a$cEO+4lSuVvto0B4!BpMYpNe^ycs%Masc z!HpM%0nf`_BH)%|fu*p}7|#_;U}~g{v-`_n_b^B+#8b=tvq=p*-#ai79a7h`mjjsC z?%zKU5x;t>S z+qU-z6eOAP@R995_o(kK14y9*&QFK~)@6HsCZoo&@nZZE00Q}f3A=xdEZ~5ITDA;Z zIQaBwKZN}9dxr!srcEt(7Mf2JTa82FG0QWID4 z!+!R~mucdKrte%RAZwabNB44{?9I+C+nzO?XQJ?P$c8oIY>Fg_kX2SFehZ#JA#p^uH0adL=~1lS*^QsaS_Rx1f7|~PR>Ml6Ss%4pWiHmo z1`CnF)kCe?+p@~6t3SZ3G$rFChu zbdSkok5$64e?DbnrCHc0e81Wlwz{{l%F49uU5M4jwL0T%rEzPPwYJi$vM#A~mHF2w zh4_IWSeqNS+EQ9`XKAIGSbzIy)zN#nuBf^^$CX}n^*2*insqgqp{tKuUAE~eV_113 zXO$6a^vQzNKFT-0Ww6rfvydRU)>lNa$tx(^8r?hVnI&m95_E zdcSV@-K);@WxhyO=gW1buJcv+WYJ`?uQnewnToHs@2q2sj00_Q&*Ly?rc}S6<1YtM#t%Pe^q84QgxX!AuASHef5|IJHc{Pi)m0L zMlb4($}lu45zwXzOv~yojjAd%s`k?G3i#)zRdw~2_ElRNS8HinrDf?T*Rtx$?A2D< zNnveum8BzSb+wdvR7q(^!P=@QGf}V|ZK|uCG^ui8s9@H*s>uY>lNadcUcJQVY5rX9 zf5OF9A!$*4WWH5L%nrW4Se21QR2QkQDl%KO1w$2)sj7!eQ8lEhT1X)Rq^}NATNR{v zHITw=hUy>nRX?h$eayScM*-%lsvZ^9JSGnZbEw`i|EeABs&!1S>Sxf5DbDiaN~}sX ze`9TZt5?l)+G~t~JP95y$0F4m2LImAecyt^08JW5nVL{LUuR#`$yAZ&xS^KfOpTc-@rIaqkkf5ki7 zPv#wyY?Q6kfpF3x4f^o_T5XqyA}xPm*N32=oDa|W)$tDI?1jUsHYVNJQmRRAQ7 zfL8Iqdq1$Jn0+Z1y0C*hn}!{8Ee={$YOwCuqU-XdI;e&yU#f%7(QlBc*aG`UJyh_|Nms#|xfR^%KZL zczY6qOB9>kop*4QIMg(Pb6MKtPRxX#O2u|(I5KJ*(JA}Ps2J-8tz~?(bqC7CyIP0L zt96ljrBYP2rO_zcBogDzk}*z z0_k`UQwyQtH-<1Ie-J-R;)4LTm=N5H(DLsFd9Y8$z`VCS#9LWp;-jM4n8GpaMGebrtKk*ah%)%cZ)e;PX*X>Fsc?_*kpwJxWo z6P3D}<`WeNvb}Pu58-Qx=`sAQz>O(q@XO_|^5w5+hTC8ILuJcrU^4pi7rOp6dyr3t zho+11O&vBf2A6KCC^!*gpN^Ul-s3E__(_w1(ya8LOie}kbt1|&6b+Sd?cV_*pixFkjl zYe)o;ISz*en1cUB#Gg0=X1d1^(BqUsVtR~7EWkjXr1fx;#N7-`08swh?G;JHr*)E`|qJV*J$RYwBc^C39qX-r2(;zT~QxQ+!# zVdWfFMGEtS<1vk>1@JvxO z+j(2lV&eprD-OtZ2)1ZIhPXWJOE{NkIL>MJi8LEBTg1Rp-SC;d$(2P_aKCChDBfq+ zZRzEPMXj4qdSAhR}374c!%4^`cQe|OnU|GYzP ze?2!Izy$yE-RJ}SIiR@rXMY#&C{)A;%yv#81+rNeLq=ZJF0M~atK62G=lJD)zGURh zFCz~PIU7Sjczxn^>5fUOe7)KX(S_yYO>df~)N1nWk1H<%capFn0Y#cx*WX&(+t&6@ zaj{7=y-c=FZg40dsIF*P9!AG1xKjZ(J(0%e4W62Gf3si*!zy$Hlv*r^R=`!8gSgP7 zKYgkipIqRbmc!%d!ejXVe*jQR0Rj{N6aWAK2mlI!lUbAA9YGBWfs0000)wynSb diff --git a/Solutions/Check Point CloudGuard CNAPP/Package/mainTemplate.json b/Solutions/Check Point CloudGuard CNAPP/Package/mainTemplate.json index 779939b7f7c..b9a385dcb70 100644 --- a/Solutions/Check Point CloudGuard CNAPP/Package/mainTemplate.json +++ b/Solutions/Check Point CloudGuard CNAPP/Package/mainTemplate.json @@ -48,7 +48,7 @@ "_email": "[variables('email')]", "_solutionName": "Check Point CloudGuard CNAPP", "_solutionVersion": "3.0.0", - "solutionId": "checkpoint-cloudguard.checkpoint-sentinel-solutions-cloud-guard", + "solutionId": "checkpoint.checkpoint-sentinel-solutions-cloud-guard", "_solutionId": "[variables('solutionId')]", "workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]", "dataConnectorCCPVersion": "1.0.0", @@ -1004,7 +1004,7 @@ "Accept": "application/json", "Content-type": "application/json", "User-Agent": "Sentinel-CloudGuard", - "Version": "[variables('_solutionVersion')]" + "Version": "[variables('dataConnectorCCPVersion')]" } }, "paging": { diff --git a/Solutions/Check Point CloudGuard CNAPP/SolutionMetadata.json b/Solutions/Check Point CloudGuard CNAPP/SolutionMetadata.json index d58b502f0ed..5b12dff7c29 100644 --- a/Solutions/Check Point CloudGuard CNAPP/SolutionMetadata.json +++ b/Solutions/Check Point CloudGuard CNAPP/SolutionMetadata.json @@ -1,5 +1,5 @@ { - "publisherId": "checkpoint-cloudguard", + "publisherId": "checkpoint", "offerId": "checkpoint-sentinel-solutions-cloud-guard", "firstPublishDate": "2024-11-12", "providers": [ From 4ba0091f264305ec5f2477d4d8a8382c1532f11b Mon Sep 17 00:00:00 2001 From: v-rusraut Date: Tue, 7 Jan 2025 15:09:32 +0530 Subject: [PATCH 2/3] Update WorkbooksMetadata.json --- Workbooks/WorkbooksMetadata.json | 16 ++-------------- 1 file changed, 2 insertions(+), 14 deletions(-) diff --git a/Workbooks/WorkbooksMetadata.json b/Workbooks/WorkbooksMetadata.json index 4741a281eb2..252fd0c3a0e 100644 --- a/Workbooks/WorkbooksMetadata.json +++ b/Workbooks/WorkbooksMetadata.json @@ -1066,7 +1066,6 @@ "CommonSecurityLog" ], "dataConnectorsDependencies": [ - "TrendMicro", "CefAma" ], "previewImagesFileNames": [ @@ -1087,7 +1086,6 @@ "CommonSecurityLog" ], "dataConnectorsDependencies": [ - "TrendMicro", "CefAma" ], "previewImagesFileNames": [ @@ -1133,7 +1131,6 @@ "Syslog" ], "dataConnectorsDependencies": [ - "BarracudaCloudFirewall", "SyslogAma" ], "previewImagesFileNames": [ @@ -1601,7 +1598,6 @@ "Syslog" ], "dataConnectorsDependencies": [ - "SymantecProxySG", "SyslogAma" ], "previewImagesFileNames": [ @@ -3681,7 +3677,6 @@ "CommonSecurityLog" ], "dataConnectorsDependencies": [ - "AristaAwakeSecurity", "CefAma" ], "previewImagesFileNames": [ @@ -3973,8 +3968,6 @@ "CommonSecurityLog" ], "dataConnectorsDependencies": [ - "InfobloxCloudDataConnector", - "InfobloxCloudDataConnectorAma", "CefAma" ], "previewImagesFileNames": [ @@ -4104,7 +4097,7 @@ "SecurityBridgeLogs" ], "dataConnectorsDependencies": [ - "SecurityBridgeSAP" + "CustomLogsAma" ], "previewImagesFileNames": [ "" @@ -4166,7 +4159,6 @@ "McAfeeEPOEvent" ], "dataConnectorsDependencies": [ - "McAfeeePO", "SyslogAma" ], "previewImagesFileNames": [ @@ -4642,7 +4634,6 @@ "DigitalGuardianDLPEvent" ], "dataConnectorsDependencies": [ - "DigitalGuardianDLP", "SyslogAma" ], "previewImagesFileNames": [ @@ -4703,7 +4694,6 @@ "Syslog" ], "dataConnectorsDependencies": [ - "CiscoWSA", "SyslogAma" ], "previewImagesFileNames": [ @@ -5790,7 +5780,6 @@ "description": "A workbook providing insights into malware and C2 activity detected by iboss.", "dataTypesDependencies": [], "dataConnectorsDependencies": [ - "ibossAma", "CefAma" ], "previewImagesFileNames": [ @@ -5808,7 +5797,6 @@ "description": "A workbook providing insights into web usage activity detected by iboss.", "dataTypesDependencies": [], "dataConnectorsDependencies": [ - "ibossAma", "CefAma" ], "previewImagesFileNames": [ @@ -7944,7 +7932,7 @@ "Infoblox_Config_Insight_Details_CL" ], "dataConnectorsDependencies": [ - "InfobloxCloudDataConnectorAma", + "CefAma", "InfobloxSOCInsightsDataConnector_AMA", "InfobloxSOCInsightsDataConnector_API", "InfobloxSOCInsightsDataConnector_Legacy" From c94b514ec870aa8b27252d5fcaf4935703652b6e Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <> Date: Wed, 8 Jan 2025 06:22:49 +0000 Subject: [PATCH 3/3] [ASIM Parsers] Generate deployable ARM templates from KQL function YAML files. --- .../ARM/ASimAuditEventNative/ASimAuditEventNative.json | 2 +- .../ARM/vimAuditEventNative/vimAuditEventNative.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Parsers/ASimAuditEvent/ARM/ASimAuditEventNative/ASimAuditEventNative.json b/Parsers/ASimAuditEvent/ARM/ASimAuditEventNative/ASimAuditEventNative.json index af0b92d41c0..4468c5a6361 100644 --- a/Parsers/ASimAuditEvent/ARM/ASimAuditEventNative/ASimAuditEventNative.json +++ b/Parsers/ASimAuditEvent/ARM/ASimAuditEventNative/ASimAuditEventNative.json @@ -27,7 +27,7 @@ "displayName": "Audit Event ASIM parser for Microsoft Sentinel native Audit Event table", "category": "ASIM", "FunctionAlias": "ASimAuditEventNative", - "query": "let parser=(disabled:bool=false) \n{\n ASimAuditEventLogs | where not(disabled)\n | extend EventSchema = \"AuditEvent\"\n | extend\n Value\t= NewValue,\n User = ActorUsername,\n Application = TargetAppName,\n Dst = coalesce (TargetDvcId, TargetHostname, TargetIpAddr, TargetAppId, TargetAppName),\n Dvc = coalesce (DvcFQDN, DvcHostname, DvcIpAddr, DvcId, _ResourceId, strcat (EventVendor,'/', EventProduct)), \n Rule=RuleName,\n EventStartTime = TimeGenerated,\n EventEndTime = TimeGenerated\n | project-rename\n EventUid = _ItemId\n | project-away\n _ResourceId, _SubscriptionId\n};\nparser (disabled=disabled)\n", + "query": "let parser=(disabled:bool=false) \n{\n ASimAuditEventLogs | where not(disabled)\n | extend EventSchema = \"AuditEvent\"\n | extend\n Value\t= NewValue,\n User = ActorUsername,\n Application = TargetAppName,\n Dst = coalesce (TargetDvcId, TargetHostname, TargetIpAddr, TargetAppId, TargetAppName),\n Dvc = coalesce (DvcFQDN, DvcHostname, DvcIpAddr, DvcId, _ResourceId, strcat (EventVendor,'/', EventProduct)), \n Rule=RuleName,\n EventStartTime = TimeGenerated,\n EventEndTime = TimeGenerated\n | project-away\n _ResourceId, _SubscriptionId\n};\nparser (disabled=disabled)\n", "version": 1, "functionParameters": "disabled:bool=False" } diff --git a/Parsers/ASimAuditEvent/ARM/vimAuditEventNative/vimAuditEventNative.json b/Parsers/ASimAuditEvent/ARM/vimAuditEventNative/vimAuditEventNative.json index bf52e9fd7c8..eab0d785946 100644 --- a/Parsers/ASimAuditEvent/ARM/vimAuditEventNative/vimAuditEventNative.json +++ b/Parsers/ASimAuditEvent/ARM/vimAuditEventNative/vimAuditEventNative.json @@ -27,7 +27,7 @@ "displayName": "Audit Event ASIM filtering parser for Microsoft Sentinel native Audit Event table", "category": "ASIM", "FunctionAlias": "vimAuditEventNative", - "query": "let parser=\n(\n starttime: datetime=datetime(null), \n endtime: datetime=datetime(null),\n srcipaddr_has_any_prefix: dynamic=dynamic([]), \n eventtype_in: dynamic=dynamic([]),\n eventresult: string='*',\n actorusername_has_any: dynamic=dynamic([]),\n operation_has_any: dynamic=dynamic([]),\n object_has_any: dynamic=dynamic([]),\n newvalue_has_any: dynamic=dynamic([]),\n disabled: bool = false\n)\n{\n ASimAuditEventLogs | where not(disabled)\n | where (isnull(starttime) or TimeGenerated >= starttime) \n and (isnull(endtime) or TimeGenerated <= endtime)\n and ((array_length(srcipaddr_has_any_prefix) == 0) or SrcIpAddr has_any (srcipaddr_has_any_prefix))\n and (array_length(actorusername_has_any) == 0 or ActorUsername has_any (actorusername_has_any))\n and (array_length(newvalue_has_any) == 0 or NewValue has_any (newvalue_has_any))\n and (array_length(eventtype_in) == 0 or EventType has_any (eventtype_in))\n and (array_length(operation_has_any) == 0 or Operation has_any (operation_has_any))\n and (eventresult == '*' or EventResult == eventresult)\n and (array_length(object_has_any) == 0 or Object has_any (object_has_any))\n | extend EventSchema = \"AuditEvent\"\n | extend\n Value\t= NewValue,\n User = ActorUsername,\n Application = TargetAppName,\n Dst = coalesce (TargetDvcId, TargetHostname, TargetIpAddr, TargetAppId, TargetAppName),\n Dvc = coalesce (DvcFQDN, DvcHostname, DvcIpAddr, DvcId, _ResourceId, strcat (EventVendor,'/', EventProduct)),\n Rule=RuleName,\n EventStartTime = TimeGenerated,\n EventEndTime = TimeGenerated\n | project-rename\n EventUid = _ItemId\n | project-away \n _ResourceId, _SubscriptionId\n };\n parser(\n starttime=starttime, \n endtime=endtime, \n srcipaddr_has_any_prefix=srcipaddr_has_any_prefix, \n eventtype_in=eventtype_in, \n eventresult=eventresult, \n actorusername_has_any=actorusername_has_any, \n operation_has_any=operation_has_any, \n object_has_any=object_has_any, \n newvalue_has_any=newvalue_has_any, \n disabled=disabled\n )\n ", + "query": "let parser=\n(\n starttime: datetime=datetime(null), \n endtime: datetime=datetime(null),\n srcipaddr_has_any_prefix: dynamic=dynamic([]), \n eventtype_in: dynamic=dynamic([]),\n eventresult: string='*',\n actorusername_has_any: dynamic=dynamic([]),\n operation_has_any: dynamic=dynamic([]),\n object_has_any: dynamic=dynamic([]),\n newvalue_has_any: dynamic=dynamic([]),\n disabled: bool = false\n)\n{\n ASimAuditEventLogs | where not(disabled)\n | where (isnull(starttime) or TimeGenerated >= starttime) \n and (isnull(endtime) or TimeGenerated <= endtime)\n and ((array_length(srcipaddr_has_any_prefix) == 0) or SrcIpAddr has_any (srcipaddr_has_any_prefix))\n and (array_length(actorusername_has_any) == 0 or ActorUsername has_any (actorusername_has_any))\n and (array_length(newvalue_has_any) == 0 or NewValue has_any (newvalue_has_any))\n and (array_length(eventtype_in) == 0 or EventType has_any (eventtype_in))\n and (array_length(operation_has_any) == 0 or Operation has_any (operation_has_any))\n and (eventresult == '*' or EventResult == eventresult)\n and (array_length(object_has_any) == 0 or Object has_any (object_has_any))\n | extend EventSchema = \"AuditEvent\"\n | extend\n Value\t= NewValue,\n User = ActorUsername,\n Application = TargetAppName,\n Dst = coalesce (TargetDvcId, TargetHostname, TargetIpAddr, TargetAppId, TargetAppName),\n Dvc = coalesce (DvcFQDN, DvcHostname, DvcIpAddr, DvcId, _ResourceId, strcat (EventVendor,'/', EventProduct)),\n Rule=RuleName,\n EventStartTime = TimeGenerated,\n EventEndTime = TimeGenerated\n | project-away \n _ResourceId, _SubscriptionId\n };\n parser(\n starttime=starttime, \n endtime=endtime, \n srcipaddr_has_any_prefix=srcipaddr_has_any_prefix, \n eventtype_in=eventtype_in, \n eventresult=eventresult, \n actorusername_has_any=actorusername_has_any, \n operation_has_any=operation_has_any, \n object_has_any=object_has_any, \n newvalue_has_any=newvalue_has_any, \n disabled=disabled\n )\n ", "version": 1, "functionParameters": "starttime:datetime=datetime(null),endtime:datetime=datetime(null),srcipaddr_has_any_prefix:dynamic=dynamic([]),actorusername_has_any:dynamic=dynamic([]),operation_has_any:dynamic=dynamic([]),eventtype_in:dynamic=dynamic([]),eventresult:string='*',object_has_any:dynamic=dynamic([]),newvalue_has_any:dynamic=dynamic([]),disabled:bool=False" }