diff --git a/Solutions/ZeroFox/Data Connectors/Alerts/alerts_connector.json b/Solutions/ZeroFox/Data Connectors/Alerts/alerts_connector.json index 861e945c1e3..1d38f557d8e 100644 --- a/Solutions/ZeroFox/Data Connectors/Alerts/alerts_connector.json +++ b/Solutions/ZeroFox/Data Connectors/Alerts/alerts_connector.json @@ -104,10 +104,13 @@ "apiEndpoint": "https://api.zerofox.com/1.0/alerts/", "httpMethod": "Get", "queryTimeFormat": "yyyy-MM-ddTHH:mm:ssZ", - "startTimeAttributeName": "min_timestamp", - "endTimeAttributeName": "max_timestamp", + "startTimeAttributeName": "last_modified_min_date", + "endTimeAttributeName": "last_modified_max_date", "queryParameters": { "sort_direction": "asc" + }, + "headers": { + "zf-source": "Microsoft-Sentinel" } }, "response": { diff --git a/Solutions/ZeroFox/Data/Solution_ZeroFox.json b/Solutions/ZeroFox/Data/Solution_ZeroFox.json index 0eac1e75af9..0d061f1a7f8 100644 --- a/Solutions/ZeroFox/Data/Solution_ZeroFox.json +++ b/Solutions/ZeroFox/Data/Solution_ZeroFox.json @@ -14,7 +14,7 @@ "Analytic Rules/ZF_Alerts_MediumSeverityRule.yaml" ], "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\ZeroFox", - "Version": "3.0.1", + "Version": "3.2.0", "Metadata": "SolutionMetadata.json", "TemplateSpec": true, "Is1Pconnector": false diff --git a/Solutions/ZeroFox/Package/3.2.0.zip b/Solutions/ZeroFox/Package/3.2.0.zip new file mode 100644 index 00000000000..85555703cc3 Binary files /dev/null and b/Solutions/ZeroFox/Package/3.2.0.zip differ diff --git a/Solutions/ZeroFox/Package/mainTemplate.json b/Solutions/ZeroFox/Package/mainTemplate.json index 4534e890f77..36fd832d2ad 100644 --- a/Solutions/ZeroFox/Package/mainTemplate.json +++ b/Solutions/ZeroFox/Package/mainTemplate.json @@ -33,7 +33,7 @@ "email": "integration-support@zerofox.com", "_email": "[variables('email')]", "_solutionName": "ZeroFox", - "_solutionVersion": "3.0.0", + "_solutionVersion": "3.2.0", "solutionId": "zerofoxinc1695922129370.zerofox-sentinel-connector", "_solutionId": "[variables('solutionId')]", "uiConfigId1": "ZeroFoxCTIDataConnector", @@ -94,7 +94,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "ZeroFox data connector with template version 3.0.0", + "description": "ZeroFox data connector with template version 3.2.0", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('dataConnectorVersion1')]", @@ -811,7 +811,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "ZeroFox data connector with template version 3.0.0", + "description": "ZeroFox data connector with template version 3.2.0", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('dataConnectorVersion2')]", @@ -914,10 +914,13 @@ "apiEndpoint": "https://api.zerofox.com/1.0/alerts/", "httpMethod": "Get", "queryTimeFormat": "yyyy-MM-ddTHH:mm:ssZ", - "startTimeAttributeName": "min_timestamp", - "endTimeAttributeName": "max_timestamp", + "startTimeAttributeName": "last_modified_min_date", + "endTimeAttributeName": "last_modified_max_date", "queryParameters": { "sort_direction": "asc" + }, + "headers": { + "zf-source": "Microsoft-Sentinel" } }, "response": { @@ -1101,10 +1104,13 @@ "apiEndpoint": "https://api.zerofox.com/1.0/alerts/", "httpMethod": "Get", "queryTimeFormat": "yyyy-MM-ddTHH:mm:ssZ", - "startTimeAttributeName": "min_timestamp", - "endTimeAttributeName": "max_timestamp", + "startTimeAttributeName": "last_modified_min_date", + "endTimeAttributeName": "last_modified_max_date", "queryParameters": { "sort_direction": "asc" + }, + "headers": { + "zf-source": "Microsoft-Sentinel" } }, "response": { @@ -1130,7 +1136,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "ZF_Alerts_HighSeverityRule_AnalyticalRules Analytics Rule with template version 3.0.0", + "description": "ZF_Alerts_HighSeverityRule_AnalyticalRules Analytics Rule with template version 3.2.0", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject1').analyticRuleVersion1]", @@ -1178,8 +1184,8 @@ "entityType": "Account", "fieldMappings": [ { - "columnName": "entity_name_s", - "identifier": "FullName" + "identifier": "FullName", + "columnName": "entity_name_s" } ] } @@ -1240,7 +1246,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "ZF_Alerts_InformationalSeverityRule_AnalyticalRules Analytics Rule with template version 3.0.0", + "description": "ZF_Alerts_InformationalSeverityRule_AnalyticalRules Analytics Rule with template version 3.2.0", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject2').analyticRuleVersion2]", @@ -1288,8 +1294,8 @@ "entityType": "Account", "fieldMappings": [ { - "columnName": "entity_name_s", - "identifier": "FullName" + "identifier": "FullName", + "columnName": "entity_name_s" } ] } @@ -1350,7 +1356,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "ZF_Alerts_LowSeverityRule_AnalyticalRules Analytics Rule with template version 3.0.0", + "description": "ZF_Alerts_LowSeverityRule_AnalyticalRules Analytics Rule with template version 3.2.0", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject3').analyticRuleVersion3]", @@ -1398,8 +1404,8 @@ "entityType": "Account", "fieldMappings": [ { - "columnName": "entity_name_s", - "identifier": "FullName" + "identifier": "FullName", + "columnName": "entity_name_s" } ] } @@ -1460,7 +1466,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "ZF_Alerts_MediumSeverityRule_AnalyticalRules Analytics Rule with template version 3.0.0", + "description": "ZF_Alerts_MediumSeverityRule_AnalyticalRules Analytics Rule with template version 3.2.0", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject4').analyticRuleVersion4]", @@ -1508,8 +1514,8 @@ "entityType": "Account", "fieldMappings": [ { - "columnName": "entity_name_s", - "identifier": "FullName" + "identifier": "FullName", + "columnName": "entity_name_s" } ] } @@ -1566,7 +1572,7 @@ "apiVersion": "2023-04-01-preview", "location": "[parameters('workspace-location')]", "properties": { - "version": "3.0.0", + "version": "3.2.0", "kind": "Solution", "contentSchemaVersion": "3.0.0", "displayName": "ZeroFox", diff --git a/Solutions/ZeroFox/ReleaseNotes.md b/Solutions/ZeroFox/ReleaseNotes.md index b1d8655bd13..406f8bcce9e 100644 --- a/Solutions/ZeroFox/ReleaseNotes.md +++ b/Solutions/ZeroFox/ReleaseNotes.md @@ -1,5 +1,6 @@ -| **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** | -|---------------|----------------------------------|---------------------------------------------------------------------------------------------------------------| -| 3.1.0 | 26-07-2024 | Updated ZeroFox connector to generate result batches and implemented async Sentinel connector logic | -| 3.0.1 | 30-04-2024 | Fixed Solution Metadata for deployment | -| 3.0.0 | 04-08-2023 | Added **Data Connectors** for ZeroFox's Alerts and CTI feeds | \ No newline at end of file +| **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** | +|---------------|----------------------------------|-----------------------------------------------------------------------------------------------------| +| 3.2.0 | 26-09-2024 | Changed query parameter in alerts connector for fetching updates | +| 3.1.0 | 26-07-2024 | Updated ZeroFox connector to generate result batches and implemented async Sentinel connector logic | +| 3.0.1 | 30-04-2024 | Fixed Solution Metadata for deployment | +| 3.0.0 | 04-08-2023 | Added **Data Connectors** for ZeroFox's Alerts and CTI feeds | \ No newline at end of file