diff --git a/Solutions/ZoomReports/Data/Solution_ZoomReports.json b/Solutions/ZoomReports/Data/Solution_ZoomReports.json
index 5ed3894fc7b..4993d36932e 100644
--- a/Solutions/ZoomReports/Data/Solution_ZoomReports.json
+++ b/Solutions/ZoomReports/Data/Solution_ZoomReports.json
@@ -1,8 +1,8 @@
{
- "Name": "Zoom Reports",
+ "Name": "ZoomReports",
"Author": "Microsoft - support@microsoft.com",
"Logo": "![](\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\")
",
- "Description": "The [Zoom](https://zoom.us/) Reports solution enables you to ingest Zoom Reports' events into Microsoft Sentinel through the [Zoom Report REST API](https://marketplace.zoom.us/docs/api-reference/zoom-api/methods/#operation/reportSignInSignOutActivities)\r\n \r\n **Underlying Microsoft Technologies used:**\r\n\n This solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\r\n\n a.\t [Azure Monitor HTTP Data Collector API](https://docs.microsoft.com/azure/azure-monitor/logs/data-collector-api)\r\n\n b.\t [Azure Functions](https://azure.microsoft.com/services/functions/#overview)",
+ "Description": "The [Zoom](https://zoom.us/) Reports solution enables you to ingest Zoom Reports events into Microsoft Sentinel through the [Zoom Report REST API](https://marketplace.zoom.us/docs/api-reference/zoom-api/methods/#operation/reportSignInSignOutActivities).\r\n \r\n **Underlying Microsoft Technologies used:**\r\n\n This solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\r\n\n a.\t [Azure Monitor HTTP Data Collector API](https://docs.microsoft.com/azure/azure-monitor/logs/data-collector-api)\r\n\n b.\t [Azure Functions](https://azure.microsoft.com/services/functions/#overview)",
"Data Connectors": [
"Data Connectors/ZoomReports_API_FunctionApp.json"
],
@@ -10,7 +10,7 @@
"Parsers/Zoom.txt"
],
"BasePath": "C:\\GitHub\\Azure-Sentinel\\solutions\\ZoomReports",
- "Version": "2.0.1",
+ "Version": "2.0.2",
"Metadata": "SolutionMetadata.json",
"TemplateSpec": true,
"Is1PConnector": false
diff --git a/Solutions/ZoomReports/Package/2.0.2.zip b/Solutions/ZoomReports/Package/2.0.2.zip
new file mode 100644
index 00000000000..8866ce52892
Binary files /dev/null and b/Solutions/ZoomReports/Package/2.0.2.zip differ
diff --git a/Solutions/ZoomReports/Package/createUiDefinition.json b/Solutions/ZoomReports/Package/createUiDefinition.json
index 3d20378741c..9ca00efa7dc 100644
--- a/Solutions/ZoomReports/Package/createUiDefinition.json
+++ b/Solutions/ZoomReports/Package/createUiDefinition.json
@@ -6,7 +6,7 @@
"config": {
"isWizard": false,
"basics": {
- "description": "\n\n**Note:** _There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing._\n\nThe [Zoom](https://zoom.us/) Reports solution enables you to ingest Zoom Reports' events into Microsoft Sentinel through the [Zoom Report REST API](https://marketplace.zoom.us/docs/api-reference/zoom-api/methods/#operation/reportSignInSignOutActivities)\r\n \r\n **Underlying Microsoft Technologies used:**\r\n\n This solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\r\n\n a.\t [Azure Monitor HTTP Data Collector API](https://docs.microsoft.com/azure/azure-monitor/logs/data-collector-api)\r\n\n b.\t [Azure Functions](https://azure.microsoft.com/services/functions/#overview)\n\n**Data Connectors:** 1, **Parsers:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+ "description": "\n\n**Note:** _There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing._\n\nThe [Zoom](https://zoom.us/) Reports solution enables you to ingest Zoom Reports events into Microsoft Sentinel through the [Zoom Report REST API](https://marketplace.zoom.us/docs/api-reference/zoom-api/methods/#operation/reportSignInSignOutActivities).\r\n \r\n **Underlying Microsoft Technologies used:**\r\n\n This solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\r\n\n a.\t [Azure Monitor HTTP Data Collector API](https://docs.microsoft.com/azure/azure-monitor/logs/data-collector-api)\r\n\n b.\t [Azure Functions](https://azure.microsoft.com/services/functions/#overview)\n\n**Data Connectors:** 1, **Parsers:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
"subscription": {
"resourceProviders": [
"Microsoft.OperationsManagement/solutions",
diff --git a/Solutions/ZoomReports/Package/mainTemplate.json b/Solutions/ZoomReports/Package/mainTemplate.json
index 7ddada13ce9..80970a867ba 100644
--- a/Solutions/ZoomReports/Package/mainTemplate.json
+++ b/Solutions/ZoomReports/Package/mainTemplate.json
@@ -55,7 +55,7 @@
"resources": [
{
"type": "Microsoft.Resources/templateSpecs",
- "apiVersion": "2021-05-01",
+ "apiVersion": "2022-02-01",
"name": "[variables('dataConnectorTemplateSpecName1')]",
"location": "[parameters('workspace-location')]",
"tags": {
@@ -69,7 +69,7 @@
},
{
"type": "Microsoft.Resources/templateSpecs/versions",
- "apiVersion": "2021-05-01",
+ "apiVersion": "2022-02-01",
"name": "[concat(variables('dataConnectorTemplateSpecName1'),'/',variables('dataConnectorVersion1'))]",
"location": "[parameters('workspace-location')]",
"tags": {
@@ -80,7 +80,7 @@
"[resourceId('Microsoft.Resources/templateSpecs', variables('dataConnectorTemplateSpecName1'))]"
],
"properties": {
- "description": "ZoomReports data connector with template version 2.0.1",
+ "description": "ZoomReports data connector with template version 2.0.2",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('dataConnectorVersion1')]",
@@ -89,16 +89,16 @@
"resources": [
{
"name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId1'))]",
- "apiVersion": "2021-03-01-preview",
+ "apiVersion": "2022-10-01",
"type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
"location": "[parameters('workspace-location')]",
"kind": "GenericUI",
"properties": {
"connectorUiConfig": {
"id": "[variables('_uiConfigId1')]",
- "title": "Zoom Reports (using Azure Function)",
+ "title": "Zoom Reports (using Azure Functions)",
"publisher": "Zoom",
- "descriptionMarkdown": "The [Zoom](https://zoom.us/) Reports data connector provides the capability to ingest [Zoom Reports](https://marketplace.zoom.us/docs/api-reference/zoom-api/reports/) events into Microsoft Sentinel through the REST API. Refer to [API documentation](https://marketplace.zoom.us/docs/api-reference/introduction) for more information. The connector provides ability to get events which helps to examine potential security risks, analyze your team's use of collaboration, diagnose configuration problems and more.",
+ "descriptionMarkdown": "The [Zoom](https://zoom.us/) Reports data connector provides the capability to ingest [Zoom Reports](https://developers.zoom.us/docs/api/rest/reference/zoom-api/methods/#tag/Reports) events into Microsoft Sentinel through the REST API. Refer to [API documentation](https://developers.zoom.us/docs/api/) for more information. The connector provides ability to get events which helps to examine potential security risks, analyze your team's use of collaboration, diagnose configuration problems and more.",
"additionalRequirementBanner": "These queries and workbooks are dependent on a parser based on Kusto to work as expected. Follow the steps to use this Kusto functions alias **Zoom** in queries and workbooks [Follow steps to get this Kusto functions>](https://aka.ms/sentinel-ZoomAPI-parser).",
"graphQueries": [
{
@@ -161,7 +161,7 @@
},
{
"name": "REST API Credentials/permissions",
- "description": "**ZoomApiKey** and **ZoomApiSecret** are required for Zoom API. [See the documentation to learn more about API](https://marketplace.zoom.us/docs/guides/auth/jwt). Check all [requirements and follow the instructions](https://marketplace.zoom.us/docs/guides/auth/jwt) for obtaining credentials."
+ "description": "**ZoomApiKey** and **ZoomApiSecret** are required for Zoom API. [See the documentation to learn more about API](https://developers.zoom.us/docs/internal-apps/jwt/#generating-jwts). Check all [requirements and follow the instructions](https://developers.zoom.us/docs/internal-apps/jwt/#generating-jwts) for obtaining credentials."
}
]
},
@@ -176,7 +176,7 @@
"description": ">**NOTE:** This data connector depends on a parser based on a Kusto Function to work as expected. [Follow these steps](https://aka.ms/sentinel-ZoomAPI-parser) to create the Kusto functions alias, **Zoom**"
},
{
- "description": "**STEP 1 - Configuration steps for the Zoom API**\n\n [Follow the instructions](https://marketplace.zoom.us/docs/guides/auth/jwt) to obtain the credentials. \n"
+ "description": "**STEP 1 - Configuration steps for the Zoom API**\n\n [Follow the instructions](https://developers.zoom.us/docs/internal-apps/jwt/#generating-jwts) to obtain the credentials. \n"
},
{
"description": "**STEP 2 - Choose ONE from the following two deployment options to deploy the connector and the associated Azure Function**\n\n>**IMPORTANT:** Before deploying the Zoom Reports data connector, have the Workspace ID and Workspace Primary Key (can be copied from the following).",
@@ -230,7 +230,7 @@
"version": "[variables('dataConnectorVersion1')]",
"source": {
"kind": "Solution",
- "name": "ZoomRe ports",
+ "name": "ZoomReports",
"sourceId": "[variables('_solutionId')]"
},
"author": {
@@ -287,9 +287,9 @@
"kind": "GenericUI",
"properties": {
"connectorUiConfig": {
- "title": "Zoom Reports (using Azure Function)",
+ "title": "Zoom Reports (using Azure Functions)",
"publisher": "Zoom",
- "descriptionMarkdown": "The [Zoom](https://zoom.us/) Reports data connector provides the capability to ingest [Zoom Reports](https://marketplace.zoom.us/docs/api-reference/zoom-api/reports/) events into Microsoft Sentinel through the REST API. Refer to [API documentation](https://marketplace.zoom.us/docs/api-reference/introduction) for more information. The connector provides ability to get events which helps to examine potential security risks, analyze your team's use of collaboration, diagnose configuration problems and more.",
+ "descriptionMarkdown": "The [Zoom](https://zoom.us/) Reports data connector provides the capability to ingest [Zoom Reports](https://developers.zoom.us/docs/api/rest/reference/zoom-api/methods/#tag/Reports) events into Microsoft Sentinel through the REST API. Refer to [API documentation](https://developers.zoom.us/docs/api/) for more information. The connector provides ability to get events which helps to examine potential security risks, analyze your team's use of collaboration, diagnose configuration problems and more.",
"graphQueries": [
{
"metricName": "Total data received",
@@ -307,7 +307,7 @@
{
"type": "IsConnectedQuery",
"value": [
- "Zoom_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)"
+ "Zoom_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(7d)"
]
}
],
@@ -351,7 +351,7 @@
},
{
"name": "REST API Credentials/permissions",
- "description": "**ZoomApiKey** and **ZoomApiSecret** are required for Zoom API. [See the documentation to learn more about API](https://marketplace.zoom.us/docs/guides/auth/jwt). Check all [requirements and follow the instructions](https://marketplace.zoom.us/docs/guides/auth/jwt) for obtaining credentials."
+ "description": "**ZoomApiKey** and **ZoomApiSecret** are required for Zoom API. [See the documentation to learn more about API](https://developers.zoom.us/docs/internal-apps/jwt/#generating-jwts). Check all [requirements and follow the instructions](https://developers.zoom.us/docs/internal-apps/jwt/#generating-jwts) for obtaining credentials."
}
]
},
@@ -366,7 +366,7 @@
"description": ">**NOTE:** This data connector depends on a parser based on a Kusto Function to work as expected. [Follow these steps](https://aka.ms/sentinel-ZoomAPI-parser) to create the Kusto functions alias, **Zoom**"
},
{
- "description": "**STEP 1 - Configuration steps for the Zoom API**\n\n [Follow the instructions](https://marketplace.zoom.us/docs/guides/auth/jwt) to obtain the credentials. \n"
+ "description": "**STEP 1 - Configuration steps for the Zoom API**\n\n [Follow the instructions](https://developers.zoom.us/docs/internal-apps/jwt/#generating-jwts) to obtain the credentials. \n"
},
{
"description": "**STEP 2 - Choose ONE from the following two deployment options to deploy the connector and the associated Azure Function**\n\n>**IMPORTANT:** Before deploying the Zoom Reports data connector, have the Workspace ID and Workspace Primary Key (can be copied from the following).",
@@ -413,7 +413,7 @@
},
{
"type": "Microsoft.Resources/templateSpecs",
- "apiVersion": "2021-05-01",
+ "apiVersion": "2022-02-01",
"name": "[variables('parserTemplateSpecName1')]",
"location": "[parameters('workspace-location')]",
"tags": {
@@ -427,7 +427,7 @@
},
{
"type": "Microsoft.Resources/templateSpecs/versions",
- "apiVersion": "2021-05-01",
+ "apiVersion": "2022-02-01",
"name": "[concat(variables('parserTemplateSpecName1'),'/',variables('parserVersion1'))]",
"location": "[parameters('workspace-location')]",
"tags": {
@@ -438,7 +438,7 @@
"[resourceId('Microsoft.Resources/templateSpecs', variables('parserTemplateSpecName1'))]"
],
"properties": {
- "description": "Zoom Data Parser with template version 2.0.1",
+ "description": "Zoom Data Parser with template version 2.0.2",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('parserVersion1')]",
@@ -500,7 +500,7 @@
},
{
"type": "Microsoft.OperationalInsights/workspaces/savedSearches",
- "apiVersion": "2021-06-01",
+ "apiVersion": "2022-10-01",
"name": "[variables('_parserName1')]",
"location": "[parameters('workspace-location')]",
"properties": {
@@ -547,7 +547,7 @@
"apiVersion": "2022-01-01-preview",
"location": "[parameters('workspace-location')]",
"properties": {
- "version": "2.0.1",
+ "version": "2.0.2",
"kind": "Solution",
"contentSchemaVersion": "2.0.0",
"contentId": "[variables('_solutionId')]",