diff --git a/Solutions/Check Point CloudGuard/Data Connectors/CloudGuard_ccp/CloudGuard_DCR.json b/Solutions/Check Point CloudGuard/Data Connectors/CloudGuard_ccp/CloudGuard_DCR.json new file mode 100644 index 00000000000..fa64fd83bd0 --- /dev/null +++ b/Solutions/Check Point CloudGuard/Data Connectors/CloudGuard_ccp/CloudGuard_DCR.json @@ -0,0 +1,213 @@ +{ + "name": "CloudGuardDCRV1", + "apiVersion": "2021-09-01-preview", + "type": "Microsoft.Insights/dataCollectionRules", + "location": "{{location}}", + "kind": null, + "properties": { + "streamDeclarations": { + "Custom-CloudGuard_SecurityEvents_CL": { + "columns": [ + { + "name": "id", + "type": "string" + }, + { + "name": "findingKey", + "type": "string" + }, + { + "name": "createdTime", + "type": "datetime" + }, + { + "name": "updatedTime", + "type": "datetime" + }, + { + "name": "cloudAccountType", + "type": "string" + }, + { + "name": "comments", + "type": "dynamic" + }, + { + "name": "cloudAccountId", + "type": "string" + }, + { + "name": "cloudAccountExternalId", + "type": "string" + }, + { + "name": "organizationalUnitId", + "type": "string" + }, + { + "name": "organizationalUnitPath", + "type": "string" + }, + { + "name": "bundleId", + "type": "int" + }, + { + "name": "alertType", + "type": "string" + }, + { + "name": "ruleId", + "type": "string" + }, + { + "name": "ruleName", + "type": "string" + }, + { + "name": "ruleLogic", + "type": "string" + }, + { + "name": "entityDome9Id", + "type": "string" + }, + { + "name": "entityExternalId", + "type": "string" + }, + { + "name": "entityType", + "type": "string" + }, + { + "name": "entityTypeByEnvironmentType", + "type": "string" + }, + { + "name": "entityName", + "type": "string" + }, + { + "name": "entityNetwork", + "type": "dynamic" + }, + { + "name": "entityTags", + "type": "dynamic" + }, + { + "name": "severity", + "type": "string" + }, + { + "name": "description", + "type": "string" + }, + { + "name": "remediation", + "type": "string" + }, + { + "name": "tag", + "type": "string" + }, + { + "name": "region", + "type": "string" + }, + { + "name": "bundleName", + "type": "string" + }, + { + "name": "acknowledged", + "type": "boolean" + }, + { + "name": "origin", + "type": "string" + }, + { + "name": "lastSeenTime", + "type": "datetime" + }, + { + "name": "ownerUserName", + "type": "dynamic" + }, + { + "name": "magellan", + "type": "dynamic" + }, + { + "name": "isExcluded", + "type": "boolean" + }, + { + "name": "webhookResponses", + "type": "dynamic" + }, + { + "name": "remediationActions", + "type": "dynamic" + }, + { + "name": "additionalFields", + "type": "dynamic" + }, + { + "name": "occurrences", + "type": "dynamic" + }, + { + "name": "scanId", + "type": "dynamic" + }, + { + "name": "status", + "type": "string" + }, + { + "name": "statusReason", + "type": "string" + }, + { + "name": "category", + "type": "string" + }, + { + "name": "action", + "type": "string" + }, + { + "name": "labels", + "type": "dynamic" + } + ] + } + }, + "dataSources": {}, + "destinations": { + "logAnalytics": [ + { + "workspaceResourceId": "{{workspaceResourceId}}", + "name": "clv2ws1" + } + ] + }, + "dataFlows": [ + { + "streams": [ + "Custom-CloudGuard_SecurityEvents_CL" + ], + "destinations": [ + "clv2ws1" + ], + "transformKql": "source\n| extend TimeGenerated = todatetime(createdTime)\n| project-rename EventId = id\n| project-away createdTime\n\n", + "outputStream": "Custom-CloudGuard_SecurityEvents_CL" + } + ], + "dataCollectionEndpointId": "{{dataCollectionEndpointId}}" + } +} \ No newline at end of file diff --git a/Solutions/Check Point CloudGuard/Data Connectors/CloudGuard_ccp/CloudGuard_DataConnectorDefinition.json b/Solutions/Check Point CloudGuard/Data Connectors/CloudGuard_ccp/CloudGuard_DataConnectorDefinition.json new file mode 100644 index 00000000000..5102f875f0d --- /dev/null +++ b/Solutions/Check Point CloudGuard/Data Connectors/CloudGuard_ccp/CloudGuard_DataConnectorDefinition.json @@ -0,0 +1,119 @@ +{ + "name": "CloudGuardCCPDefinition", + "apiVersion": "2022-09-01-preview", + "type": "Microsoft.SecurityInsights/dataConnectorDefinitions", + "location": "{{location}}", + "kind": "Customizable", + "properties": { + "connectorUiConfig": { + "id": "CloudGuardCCPDefinition", + "title": "CloudGuard Security Events", + "publisher": "CheckPoint", + "descriptionMarkdown": "The [CloudGuard](https://sc1.checkpoint.com/documents/CloudGuard_Dome9/Documentation/Overview/CloudGuard-CSPM-Introduction.htm?cshid=help_center_documentation) data connector enables the ingestion of security events from the CloudGuard API into Microsoft Sentinel™, using Microsoft Sentinel’s Codeless Connector Platform. The connector supports DCR-based [ingestion time transformations](https://docs.microsoft.com/azure/azure-monitor/logs/custom-logs-overview) which parses incoming security event data into custom columns. This pre-parsing process eliminates the need for query-time parsing, resulting in improved performance for data queries.", + "graphQueriesTableName": "CloudGuard_SecurityEvents_CL", + "graphQueries": [ + { + "metricName": "Total data received", + "legend": "CloudGuard Events", + "baseQuery": "{{graphQueriesTableName}}" + } + ], + "sampleQueries": [ + { + "description": "Get Sample of CloudGuard Events", + "query": "{{graphQueriesTableName}}\n | take 10" + }, + { + "description": "Total Events by uuid", + "query": "{{graphQueriesTableName}}\n | summarize count() by OriginalEventUid" + } + ], + "dataTypes": [ + { + "name": "{{graphQueriesTableName}}", + "lastDataReceivedQuery": "{{graphQueriesTableName}}|summarize Time = max (TimeGenerated)\n|where isnotempty(Time)" + } + ], + "connectivityCriteria": [ + { + "type": "HasDataConnectors" + } + ], + "availability": { + "isPreview": false + }, + "permissions": { + "resourceProvider": [ + { + "provider": "Microsoft.OperationalInsights/workspaces", + "permissionsDisplayText": "Read and Write permissions are required.", + "providerDisplayName": "Workspace", + "scope": "Workspace", + "requiredPermissions": { + "write": true, + "read": true, + "delete": true + } + } + ], + "customs": [ + { + "name": "CloudGuard API Key", + "description": "Refer to the instructions provided [here](https://sc1.checkpoint.com/documents/CloudGuard_Dome9/Documentation/Settings/Users-Roles.htm#add_service) to generate an API key." + } + ] + }, + "instructionSteps": [ + { + "description": "To enable the CloudGuard connector for Microsoft Sentinel, enter the required information below and select Connect.\n>", + "instructions": [ + { + "type": "Textbox", + "parameters": { + "label": "API Key ID", + "placeholder": "api_key", + "type": "text", + "name": "api_key" + } + }, + { + "type": "Textbox", + "parameters": { + "label": "API Key Secret", + "placeholder": "api_secret", + "type": "password", + "name": "api_secret" + } + }, + { + "type": "Textbox", + "parameters": { + "label": "endpoint URL", + "placeholder": "https://api.dome9.com", + "type": "text", + "name": "endpoint_url" + } + }, + { + "type": "Textbox", + "parameters": { + "label": "Filter", + "placeholder": "Paste filter from CloudGuard or leave empty to get all security events", + "type": "text", + "name": "query_filter" + } + }, + { + "parameters": { + "label": "toggle", + "name": "toggle" + }, + "type": "ConnectionToggleButton" + } + ], + "title": "Connect CloudGuard Security Events to Microsoft Sentinel" + } + ] + } + } +} \ No newline at end of file diff --git a/Solutions/Check Point CloudGuard/Data Connectors/CloudGuard_ccp/CloudGuard_PollingConfig.json b/Solutions/Check Point CloudGuard/Data Connectors/CloudGuard_ccp/CloudGuard_PollingConfig.json new file mode 100644 index 00000000000..bab96c30289 --- /dev/null +++ b/Solutions/Check Point CloudGuard/Data Connectors/CloudGuard_ccp/CloudGuard_PollingConfig.json @@ -0,0 +1,50 @@ +{ + "name": "CloudGuardCCPAlertsPolling", + "apiVersion": "2022-12-01-preview", + "type": "Microsoft.SecurityInsights/dataConnectors", + "location": "{{location}}", + "kind": "RestApiPoller", + "properties": { + "dataType": "CloudGuard Events API", + "response": { + "eventsJsonPaths": [ + "$.findings" + ], + "format": "json" + }, + "connectorDefinitionName": "CloudGuardCCPDefinition", + "auth": { + "type": "Basic", + "userName": "[[parameters('api_key')]", + "password": "[[parameters('api_secret')]" + }, + "request": { + "queryParametersTemplate": "[[concat('{\"skipAggregations\": true, \"filter\": {\"updatedTime\": {\"from\": \"{_QueryWindowStartTime}\", \"to\": \"{_QueryWindowEndTime}\"}, \"fields\": [ {\"name\": \"origin\", \"value\": 1}, {\"name\": \"origin\", \"value\": 2}, {\"name\": \"origin\", \"value\": 105}, {\"name\": \"alertType\", \"value\": 0}', if(not(empty(parameters('query_filter'))), concat(',', parameters('query_filter')), ''), ']}}')]", + "queryTimeFormat": "yyyy-MM-ddTHH:mm:ssZ", + "apiEndpoint": "[[concat(parameters('endpoint_url'), '/v2/Compliance/Finding/searchFromSentinel')]", + "rateLimitQPS": 10, + "queryWindowInMin": 5, + "isPostPayloadJson": true, + "httpMethod": "Post", + "retryCount": 3, + "timeoutInSeconds": 60, + "headers": { + "Accept": "application/json", + "Content-type": "application/json", + "User-Agent": "Sentinel-CloudGuard", + "Version": "1.0.0" + } + }, + "paging": { + "pagingType": "NextPageToken", + "nextPageTokenJsonPath": "$.searchAfter", + "nextPageParaName": "searchAfter" + }, + "dcrConfig": { + "dataCollectionEndpoint": "{{dataCollectionEndpoint}}", + "dataCollectionRuleImmutableId": "{{dataCollectionRuleImmutableId}}", + "streamName": "Custom-CloudGuard_SecurityEvents_CL" + }, + "isActive": true + } +} \ No newline at end of file diff --git a/Solutions/Check Point CloudGuard/Data Connectors/CloudGuard_ccp/CloudGuard_Tables.json b/Solutions/Check Point CloudGuard/Data Connectors/CloudGuard_ccp/CloudGuard_Tables.json new file mode 100644 index 00000000000..10e3595b47d --- /dev/null +++ b/Solutions/Check Point CloudGuard/Data Connectors/CloudGuard_ccp/CloudGuard_Tables.json @@ -0,0 +1,277 @@ +{ + "name": "CloudGuard_SecurityEvents_CL", + "apiVersion": "2022-10-01", + "type": "Microsoft.OperationalInsights/workspaces/tables", + "location": "{{location}}", + "properties": { + "schema": { + "name": "CloudGuard_SecurityEvents_CL", + "columns": [ + { + "name": "acknowledged", + "type": "boolean", + "isDefaultDisplay": false, + "isHidden": false + }, + { + "name": "action", + "type": "string", + "isDefaultDisplay": false, + "isHidden": false + }, + { + "name": "additionalFields", + "type": "dynamic", + "isDefaultDisplay": false, + "isHidden": false + }, + { + "name": "alertType", + "type": "string", + "isDefaultDisplay": false, + "isHidden": false + }, + { + "name": "bundleId", + "type": "int", + "isDefaultDisplay": false, + "isHidden": false + }, + { + "name": "bundleName", + "type": "string", + "isDefaultDisplay": false, + "isHidden": false + }, + { + "name": "category", + "type": "string", + "isDefaultDisplay": false, + "isHidden": false + }, + { + "name": "cloudAccountExternalId", + "type": "string", + "isDefaultDisplay": false, + "isHidden": false + }, + { + "name": "cloudAccountId", + "type": "string", + "isDefaultDisplay": false, + "isHidden": false + }, + { + "name": "cloudAccountType", + "type": "string", + "isDefaultDisplay": false, + "isHidden": false + }, + { + "name": "comments", + "type": "dynamic", + "isDefaultDisplay": false, + "isHidden": false + }, + { + "name": "description", + "type": "string", + "isDefaultDisplay": false, + "isHidden": false + }, + { + "name": "entityDome9Id", + "type": "string", + "isDefaultDisplay": false, + "isHidden": false + }, + { + "name": "entityExternalId", + "type": "string", + "isDefaultDisplay": false, + "isHidden": false + }, + { + "name": "entityName", + "type": "string", + "isDefaultDisplay": false, + "isHidden": false + }, + { + "name": "entityNetwork", + "type": "dynamic", + "isDefaultDisplay": false, + "isHidden": false + }, + { + "name": "entityTags", + "type": "dynamic", + "isDefaultDisplay": false, + "isHidden": false + }, + { + "name": "entityType", + "type": "string", + "isDefaultDisplay": false, + "isHidden": false + }, + { + "name": "entityTypeByEnvironmentType", + "type": "string", + "isDefaultDisplay": false, + "isHidden": false + }, + { + "name": "findingKey", + "type": "string", + "isDefaultDisplay": false, + "isHidden": false + }, + { + "name": "EventId", + "type": "string", + "isDefaultDisplay": false, + "isHidden": false + }, + { + "name": "isExcluded", + "type": "boolean", + "isDefaultDisplay": false, + "isHidden": false + }, + { + "name": "labels", + "type": "dynamic", + "isDefaultDisplay": false, + "isHidden": false + }, + { + "name": "lastSeenTime", + "type": "datetime", + "isDefaultDisplay": false, + "isHidden": false + }, + { + "name": "magellan", + "type": "dynamic", + "isDefaultDisplay": false, + "isHidden": false + }, + { + "name": "occurrences", + "type": "dynamic", + "isDefaultDisplay": false, + "isHidden": false + }, + { + "name": "organizationalUnitId", + "type": "string", + "isDefaultDisplay": false, + "isHidden": false + }, + { + "name": "organizationalUnitPath", + "type": "string", + "isDefaultDisplay": false, + "isHidden": false + }, + { + "name": "origin", + "type": "string", + "isDefaultDisplay": false, + "isHidden": false + }, + { + "name": "ownerUserName", + "type": "dynamic", + "isDefaultDisplay": false, + "isHidden": false + }, + { + "name": "region", + "type": "string", + "isDefaultDisplay": false, + "isHidden": false + }, + { + "name": "remediation", + "type": "string", + "isDefaultDisplay": false, + "isHidden": false + }, + { + "name": "remediationActions", + "type": "dynamic", + "isDefaultDisplay": false, + "isHidden": false + }, + { + "name": "ruleId", + "type": "string", + "isDefaultDisplay": false, + "isHidden": false + }, + { + "name": "ruleLogic", + "type": "string", + "isDefaultDisplay": false, + "isHidden": false + }, + { + "name": "ruleName", + "type": "string", + "isDefaultDisplay": false, + "isHidden": false + }, + { + "name": "scanId", + "type": "dynamic", + "isDefaultDisplay": false, + "isHidden": false + }, + { + "name": "severity", + "type": "string", + "isDefaultDisplay": false, + "isHidden": false + }, + { + "name": "status", + "type": "string", + "isDefaultDisplay": false, + "isHidden": false + }, + { + "name": "statusReason", + "type": "string", + "isDefaultDisplay": false, + "isHidden": false + }, + { + "name": "tag", + "type": "string", + "isDefaultDisplay": false, + "isHidden": false + }, + { + "name": "updatedTime", + "type": "datetime", + "isDefaultDisplay": false, + "isHidden": false + }, + { + "name": "webhookResponses", + "type": "dynamic", + "isDefaultDisplay": false, + "isHidden": false + }, + { + "name": "TimeGenerated", + "type": "datetime", + "isDefaultDisplay": false, + "isHidden": false + } + ] + } + } +} \ No newline at end of file diff --git a/Solutions/Check Point CloudGuard/Data/Solution_CloudGuard.json b/Solutions/Check Point CloudGuard/Data/Solution_CloudGuard.json new file mode 100644 index 00000000000..4e2feb1dbf4 --- /dev/null +++ b/Solutions/Check Point CloudGuard/Data/Solution_CloudGuard.json @@ -0,0 +1,13 @@ +{ + "Name": "Check Point CloudGuard", + "Author": "Yohai Nirenberg - yohain@checkpoint.com", + "Logo": "", + "Description": "The [CloudGuard](https://sc1.checkpoint.com/documents/CloudGuard_Dome9/Documentation/Overview/CloudGuard-CSPM-Introduction.htm?cshid=help_center_documentation) data connector enables the ingestion of security events from the CloudGuard API into Microsoft Sentinel™, using Microsoft Sentinel’s Codeless Connector Platform. The connector supports DCR-based [ingestion time transformations](https://docs.microsoft.com/azure/azure-monitor/logs/custom-logs-overview) which parses incoming security event data into custom columns. This pre-parsing process eliminates the need for query-time parsing, resulting in improved performance for data queries", + "Data Connectors": [ + "Data Connectors/CloudGuard_ccp/CloudGuard_DataConnectorDefinition.json" +], + "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\Check Point CloudGuard", + "Version": "3.0.0", + "Metadata": "SolutionMetadata.json", + "TemplateSpec": true +} \ No newline at end of file diff --git a/Solutions/Check Point CloudGuard/Package/3.0.0.zip b/Solutions/Check Point CloudGuard/Package/3.0.0.zip new file mode 100644 index 00000000000..d40584a3794 Binary files /dev/null and b/Solutions/Check Point CloudGuard/Package/3.0.0.zip differ diff --git a/Solutions/Check Point CloudGuard/Package/createUiDefinition.json b/Solutions/Check Point CloudGuard/Package/createUiDefinition.json new file mode 100644 index 00000000000..e76ce9e14e9 --- /dev/null +++ b/Solutions/Check Point CloudGuard/Package/createUiDefinition.json @@ -0,0 +1,85 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/0.1.2-preview/CreateUIDefinition.MultiVm.json#", + "handler": "Microsoft.Azure.CreateUIDef", + "version": "0.1.2-preview", + "parameters": { + "config": { + "isWizard": false, + "basics": { + "description": "\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Check%20Point%20CloudGuard/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [CloudGuard](https://sc1.checkpoint.com/documents/CloudGuard_Dome9/Documentation/Overview/CloudGuard-CSPM-Introduction.htm?cshid=help_center_documentation) data connector enables the ingestion of security events from the CloudGuard API into Microsoft Sentinel™, using Microsoft Sentinel’s Codeless Connector Platform. The connector supports DCR-based [ingestion time transformations](https://docs.microsoft.com/azure/azure-monitor/logs/custom-logs-overview) which parses incoming security event data into custom columns. This pre-parsing process eliminates the need for query-time parsing, resulting in improved performance for data queries\n\n**Data Connectors:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)", + "subscription": { + "resourceProviders": [ + "Microsoft.OperationsManagement/solutions", + "Microsoft.OperationalInsights/workspaces/providers/alertRules", + "Microsoft.Insights/workbooks", + "Microsoft.Logic/workflows" + ] + }, + "location": { + "metadata": { + "hidden": "Hiding location, we get it from the log analytics workspace" + }, + "visible": false + }, + "resourceGroup": { + "allowExisting": true + } + } + }, + "basics": [ + { + "name": "getLAWorkspace", + "type": "Microsoft.Solutions.ArmApiControl", + "toolTip": "This filters by workspaces that exist in the Resource Group selected", + "condition": "[greater(length(resourceGroup().name),0)]", + "request": { + "method": "GET", + "path": "[concat(subscription().id,'/providers/Microsoft.OperationalInsights/workspaces?api-version=2020-08-01')]" + } + }, + { + "name": "workspace", + "type": "Microsoft.Common.DropDown", + "label": "Workspace", + "placeholder": "Select a workspace", + "toolTip": "This dropdown will list only workspace that exists in the Resource Group selected", + "constraints": { + "allowedValues": "[map(filter(basics('getLAWorkspace').value, (filter) => contains(toLower(filter.id), toLower(resourceGroup().name))), (item) => parse(concat('{\"label\":\"', item.name, '\",\"value\":\"', item.name, '\"}')))]", + "required": true + }, + "visible": true + } + ], + "steps": [ + { + "name": "dataconnectors", + "label": "Data Connectors", + "bladeTitle": "Data Connectors", + "elements": [ + { + "name": "dataconnectors1-text", + "type": "Microsoft.Common.TextBlock", + "options": { + "text": "This Solution installs the data connector for Check Point CloudGuard. You can get Check Point CloudGuard data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view." + } + }, + { + "name": "dataconnectors-link2", + "type": "Microsoft.Common.TextBlock", + "options": { + "link": { + "label": "Learn more about connecting data sources", + "uri": "https://docs.microsoft.com/azure/sentinel/connect-data-sources" + } + } + } + ] + } + ], + "outputs": { + "workspace-location": "[first(map(filter(basics('getLAWorkspace').value, (filter) => and(contains(toLower(filter.id), toLower(resourceGroup().name)),equals(filter.name,basics('workspace')))), (item) => item.location))]", + "location": "[location()]", + "workspace": "[basics('workspace')]" + } + } +} diff --git a/Solutions/Check Point CloudGuard/Data Connectors/CloudGuardDataConnector.json b/Solutions/Check Point CloudGuard/Package/mainTemplate.json similarity index 70% rename from Solutions/Check Point CloudGuard/Data Connectors/CloudGuardDataConnector.json rename to Solutions/Check Point CloudGuard/Package/mainTemplate.json index 98724a56cd7..71f45fb03b0 100644 --- a/Solutions/Check Point CloudGuard/Data Connectors/CloudGuardDataConnector.json +++ b/Solutions/Check Point CloudGuard/Package/mainTemplate.json @@ -1,13 +1,17 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", + "metadata": { + "author": "Yohai Nirenberg - yohain@checkpoint.com", + "comments": "Solution template for Check Point CloudGuard" + }, "parameters": { "location": { "type": "string", "minLength": 1, "defaultValue": "[resourceGroup().location]", "metadata": { - "description": "Not used, but needed to pass the arm-ttk test, 'Location-Should-Not-Be-Hardcoded'. Instead the `workspace-location` derived from the log analytics workspace is used." + "description": "Not used, but needed to pass arm-ttk test `Location-Should-Not-Be-Hardcoded`. We instead use the `workspace-location` which is derived from the LA workspace" } }, "workspace-location": { @@ -17,89 +21,212 @@ "description": "[concat('Region to deploy solution resources -- separate from location selection',parameters('location'))]" } }, - "subscription": { - "defaultValue": "[last(split(subscription().id, '/'))]", + "workspace": { + "defaultValue": "", "type": "string", "metadata": { - "description": "subscription id where Microsoft Sentinel is configured" + "description": "Workspace name for Log Analytics where Microsoft Sentinel is setup" } }, "resourceGroupName": { - "defaultValue": "[resourceGroup().name]", "type": "string", + "defaultValue": "[resourceGroup().name]", "metadata": { - "description": "resource group name where Microsoft Sentinel is configured" + "description": "resource group name where Microsoft Sentinel is setup" } }, - "workspace": { - "defaultValue": "", + "subscription": { "type": "string", + "defaultValue": "[last(split(subscription().id, '/'))]", "metadata": { - "description": "the log analytics workspace enabled for Microsoft Sentinel" + "description": "subscription id where Microsoft Sentinel is setup" } } }, "variables": { - "workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]", - "_solutionName": "CloudGuard Security Events Solution", + "email": "yohain@checkpoint.com", + "_email": "[variables('email')]", + "_solutionName": "Check Point CloudGuard", "_solutionVersion": "3.0.0", - "_solutionAuthor": "CheckPoint", - "_packageIcon": "", - "_solutionId": "azuresentinel.azure-sentinel-solution-azuresentinel.azure-sentinel-cloud-guard", - "dataConnectorVersionConnectorDefinition": "1.0.0", - "dataConnectorVersionConnections": "1.0.0", - "_solutionTier": "Community", - "_dataConnectorContentIdConnectorDefinition": "CloudGuardTemplateConnectorDefinition", - "dataConnectorTemplateNameConnectorDefinition": "[concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentIdConnectorDefinition')))]", - "_dataConnectorContentIdConnections": "CloudGuardTemplateConnections", - "dataConnectorTemplateNameConnections": "[concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentIdConnections')))]", - "_logAnalyticsTableId1": "CloudGuard_SecurityEvents_CL" + "solutionId": "checkpointCloudGuard.checkpoint-sentinel-solutions-cloud-guard", + "_solutionId": "[variables('solutionId')]", + "workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]", + "dataConnectorCCPVersion": "1.0.0", + "_dataConnectorContentIdConnectorDefinition1": "CloudGuardCCPDefinition", + "dataConnectorTemplateNameConnectorDefinition1": "[concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentIdConnectorDefinition1')))]", + "_dataConnectorContentIdConnections1": "CloudGuardCCPDefinitionConnections", + "dataConnectorTemplateNameConnections1": "[concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentIdConnections1')))]", + "dataCollectionEndpointId1": "[concat('/subscriptions/',parameters('subscription'),'/resourceGroups/',parameters('resourceGroupName'),'/providers/Microsoft.Insights/dataCollectionEndpoints/',parameters('workspace'))]", + "blanks": "[replace('b', 'b', '')]", + "TemplateEmptyObject": "[json('{}')]", + "_solutioncontentProductId": "[concat(take(variables('_solutionId'),50),'-','sl','-', uniqueString(concat(variables('_solutionId'),'-','Solution','-',variables('_solutionId'),'-', variables('_solutionVersion'))))]" }, "resources": [ { "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", "apiVersion": "2023-04-01-preview", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/', variables('dataConnectorTemplateNameConnectorDefinition'), variables('dataConnectorVersionConnectorDefinition'))]", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/', variables('dataConnectorTemplateNameConnectorDefinition1'), variables('dataConnectorCCPVersion'))]", "location": "[parameters('workspace-location')]", "dependsOn": [ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "contentId": "[variables('_dataConnectorContentIdConnectorDefinition')]", - "displayName": "[concat(variables('_solutionName'), variables('dataConnectorTemplateNameConnectorDefinition'))]", + "contentId": "[variables('_dataConnectorContentIdConnectorDefinition1')]", + "displayName": "CloudGuard Security Events", "contentKind": "DataConnector", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "[variables('dataConnectorVersionConnectorDefinition')]", + "contentVersion": "[variables('dataConnectorCCPVersion')]", "parameters": {}, "variables": {}, "resources": [ { - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', variables('_dataConnectorContentIdConnectorDefinition')))]", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentIdConnectorDefinition1'))]", + "apiVersion": "2022-09-01-preview", + "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectorDefinitions", + "location": "[parameters('workspace-location')]", + "kind": "Customizable", + "properties": { + "connectorUiConfig": { + "id": "CloudGuardCCPDefinition", + "title": "CloudGuard Security Events", + "publisher": "CheckPoint", + "descriptionMarkdown": "The [CloudGuard](https://sc1.checkpoint.com/documents/CloudGuard_Dome9/Documentation/Overview/CloudGuard-CSPM-Introduction.htm?cshid=help_center_documentation) data connector enables the ingestion of security events from the CloudGuard API into Microsoft Sentinel™, using Microsoft Sentinel’s Codeless Connector Platform. The connector supports DCR-based [ingestion time transformations](https://docs.microsoft.com/azure/azure-monitor/logs/custom-logs-overview) which parses incoming security event data into custom columns. This pre-parsing process eliminates the need for query-time parsing, resulting in improved performance for data queries.", + "graphQueriesTableName": "CloudGuard_SecurityEvents_CL", + "graphQueries": [ + { + "metricName": "Total data received", + "legend": "CloudGuard Events", + "baseQuery": "{{graphQueriesTableName}}" + } + ], + "sampleQueries": [ + { + "description": "Get Sample of CloudGuard Events", + "query": "{{graphQueriesTableName}}\n | take 10" + }, + { + "description": "Total Events by uuid", + "query": "{{graphQueriesTableName}}\n | summarize count() by OriginalEventUid" + } + ], + "dataTypes": [ + { + "name": "{{graphQueriesTableName}}", + "lastDataReceivedQuery": "{{graphQueriesTableName}}|summarize Time = max (TimeGenerated)\n|where isnotempty(Time)" + } + ], + "connectivityCriteria": [ + { + "type": "HasDataConnectors" + } + ], + "availability": { + "isPreview": false + }, + "permissions": { + "resourceProvider": [ + { + "provider": "Microsoft.OperationalInsights/workspaces", + "permissionsDisplayText": "Read and Write permissions are required.", + "providerDisplayName": "Workspace", + "scope": "Workspace", + "requiredPermissions": { + "write": true, + "read": true, + "delete": true + } + } + ], + "customs": [ + { + "name": "CloudGuard API Key", + "description": "Refer to the instructions provided [here](https://sc1.checkpoint.com/documents/CloudGuard_Dome9/Documentation/Settings/Users-Roles.htm#add_service) to generate an API key." + } + ] + }, + "instructionSteps": [ + { + "description": "To enable the CloudGuard connector for Microsoft Sentinel, enter the required information below and select Connect.\n>", + "instructions": [ + { + "type": "Textbox", + "parameters": { + "label": "API Key ID", + "placeholder": "api_key", + "type": "text", + "name": "api_key" + } + }, + { + "type": "Textbox", + "parameters": { + "label": "API Key Secret", + "placeholder": "api_secret", + "type": "password", + "name": "api_secret" + } + }, + { + "type": "Textbox", + "parameters": { + "label": "endpoint URL", + "placeholder": "https://api.dome9.com", + "type": "text", + "name": "endpoint_url" + } + }, + { + "type": "Textbox", + "parameters": { + "label": "Filter", + "placeholder": "Paste filter from CloudGuard or leave empty to get all security events", + "type": "text", + "name": "query_filter" + } + }, + { + "parameters": { + "label": "toggle", + "name": "toggle" + }, + "type": "ConnectionToggleButton" + } + ], + "title": "Connect CloudGuard Security Events to Microsoft Sentinel" + } + ] + } + } + }, + { + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', variables('_dataConnectorContentIdConnectorDefinition1')))]", "apiVersion": "2022-01-01-preview", "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", "properties": { - "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectorDefinitions', variables('_dataConnectorContentIdConnectorDefinition'))]", - "contentId": "[variables('_dataConnectorContentIdConnectorDefinition')]", + "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectorDefinitions', variables('_dataConnectorContentIdConnectorDefinition1'))]", + "contentId": "[variables('_dataConnectorContentIdConnectorDefinition1')]", "kind": "DataConnector", - "version": "[variables('dataConnectorVersionConnectorDefinition')]", + "version": "[variables('dataConnectorCCPVersion')]", "source": { "sourceId": "[variables('_solutionId')]", "name": "[variables('_solutionName')]", "kind": "Solution" }, "author": { - "name": "[variables('_solutionAuthor')]" + "name": "Yohai Nirenberg", + "email": "[variables('_email')]" }, "support": { - "name": "[variables('_solutionAuthor')]", - "tier": "[variables('_solutionTier')]" + "name": "Check Point", + "tier": "Partner", + "link": "https://www.checkpoint.com/support-services/contact-support/" }, "dependencies": { "criteria": [ { - "version": "[variables('dataConnectorVersionConnections')]", - "contentId": "[variables('_dataConnectorContentIdConnections')]", + "version": "[variables('dataConnectorCCPVersion')]", + "contentId": "[variables('_dataConnectorContentIdConnections1')]", "kind": "ResourcesDataConnector" } ] @@ -108,10 +235,10 @@ }, { "name": "CloudGuardDCRV1", - "apiVersion": "2021-09-01-preview", + "apiVersion": "2022-06-01", "type": "Microsoft.Insights/dataCollectionRules", "location": "[parameters('workspace-location')]", - "kind": null, + "kind": "[variables('blanks')]", "properties": { "streamDeclarations": { "Custom-CloudGuard_SecurityEvents_CL": { @@ -295,7 +422,7 @@ ] } }, - "dataSources": {}, + "dataSources": "[variables('TemplateEmptyObject')]", "destinations": { "logAnalytics": [ { @@ -316,18 +443,18 @@ "outputStream": "Custom-CloudGuard_SecurityEvents_CL" } ], - "dataCollectionEndpointId": "[concat('/subscriptions/',parameters('subscription'),'/resourceGroups/',parameters('resourceGroupName'),'/providers/Microsoft.Insights/dataCollectionEndpoints/',parameters('workspace'))]" + "dataCollectionEndpointId": "[variables('dataCollectionEndpointId1')]" } }, { - "name": "[variables('_logAnalyticsTableId1')]", + "name": "CloudGuard_SecurityEvents_CL", "apiVersion": "2022-10-01", "type": "Microsoft.OperationalInsights/workspaces/tables", "location": "[parameters('workspace-location')]", "kind": null, "properties": { "schema": { - "name": "[variables('_logAnalyticsTableId1')]", + "name": "CloudGuard_SecurityEvents_CL", "columns": [ { "name": "acknowledged", @@ -602,20 +729,21 @@ "packageKind": "Solution", "packageVersion": "[variables('_solutionVersion')]", "packageName": "[variables('_solutionName')]", - "contentProductId": "[concat(substring(variables('_solutionId'), 0, 50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentIdConnectorDefinition'),'-', variables('dataConnectorVersionConnectorDefinition'))))]", + "contentProductId": "[concat(take(variables('_solutionId'), 50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentIdConnectorDefinition1'),'-', variables('dataConnectorCCPVersion'))))]", "packageId": "[variables('_solutionId')]", "contentSchemaVersion": "3.0.0", - "version": "[variables('_solutionVersion')]" + "version": "[variables('dataConnectorCCPVersion')]" } }, { - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentIdConnectorDefinition'))]", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentIdConnectorDefinition1'))]", "apiVersion": "2022-09-01-preview", "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectorDefinitions", "location": "[parameters('workspace-location')]", "kind": "Customizable", "properties": { "connectorUiConfig": { + "id": "CloudGuardCCPDefinition", "title": "CloudGuard Security Events", "publisher": "CheckPoint", "descriptionMarkdown": "The [CloudGuard](https://sc1.checkpoint.com/documents/CloudGuard_Dome9/Documentation/Overview/CloudGuard-CSPM-Introduction.htm?cshid=help_center_documentation) data connector enables the ingestion of security events from the CloudGuard API into Microsoft Sentinel™, using Microsoft Sentinel’s Codeless Connector Platform. The connector supports DCR-based [ingestion time transformations](https://docs.microsoft.com/azure/azure-monitor/logs/custom-logs-overview) which parses incoming security event data into custom columns. This pre-parsing process eliminates the need for query-time parsing, resulting in improved performance for data queries.", @@ -727,31 +855,33 @@ } }, { - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', variables('_dataConnectorContentIdConnectorDefinition')))]", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', variables('_dataConnectorContentIdConnectorDefinition1')))]", "apiVersion": "2022-01-01-preview", "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", "properties": { - "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectorDefinitions', variables('_dataConnectorContentIdConnectorDefinition'))]", - "contentId": "[variables('_dataConnectorContentIdConnectorDefinition')]", + "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectorDefinitions', variables('_dataConnectorContentIdConnectorDefinition1'))]", + "contentId": "[variables('_dataConnectorContentIdConnectorDefinition1')]", "kind": "DataConnector", - "version": "[variables('dataConnectorVersionConnectorDefinition')]", + "version": "[variables('dataConnectorCCPVersion')]", "source": { "sourceId": "[variables('_solutionId')]", "name": "[variables('_solutionName')]", "kind": "Solution" }, "author": { - "name": "[variables('_solutionAuthor')]" + "name": "Yohai Nirenberg", + "email": "[variables('_email')]" }, "support": { - "name": "[variables('_solutionAuthor')]", - "tier": "[variables('_solutionTier')]" + "name": "Check Point", + "tier": "Partner", + "link": "https://www.checkpoint.com/support-services/contact-support/" }, "dependencies": { "criteria": [ { - "version": "[variables('dataConnectorVersionConnections')]", - "contentId": "[variables('_dataConnectorContentIdConnections')]", + "version": "[variables('dataConnectorCCPVersion')]", + "contentId": "[variables('_dataConnectorContentIdConnections1')]", "kind": "ResourcesDataConnector" } ] @@ -761,21 +891,21 @@ { "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", "apiVersion": "2023-04-01-preview", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/', variables('dataConnectorTemplateNameConnections'), variables('dataConnectorVersionConnections'))]", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/', variables('dataConnectorTemplateNameConnections1'), variables('dataConnectorCCPVersion'))]", "location": "[parameters('workspace-location')]", "dependsOn": [ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "contentId": "[variables('_dataConnectorContentIdConnections')]", - "displayName": "[concat(variables('_solutionName'), variables('dataConnectorTemplateNameConnections'))]", + "contentId": "[variables('_dataConnectorContentIdConnections1')]", + "displayName": "CloudGuard Security Events", "contentKind": "ResourcesDataConnector", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "[variables('dataConnectorVersionConnections')]", + "contentVersion": "[variables('dataConnectorCCPVersion')]", "parameters": { "connectorDefinitionName": { - "defaultValue": "connectorDefinitionName", + "defaultValue": "CloudGuard Security Events", "type": "string", "minLength": 1 }, @@ -791,17 +921,18 @@ "type": "object" }, "api_key": { + "defaultValue": "", "type": "string", "minLength": 1 }, "api_secret": { + "defaultValue": "", "type": "string", "minLength": 1 }, "endpoint_url": { "defaultValue": "https://api.dome9.com", - "type": "string", - "minLength": 1 + "type": "string" }, "query_filter": { "defaultValue": "", @@ -809,35 +940,37 @@ } }, "variables": { - "_dataConnectorContentIdConnections": "[variables('_dataConnectorContentIdConnections')]" + "_dataConnectorContentIdConnections1": "[variables('_dataConnectorContentIdConnections1')]" }, "resources": [ { - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', variables('_dataConnectorContentIdConnections')))]", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', variables('_dataConnectorContentIdConnections1')))]", "apiVersion": "2022-01-01-preview", "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", "properties": { - "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentIdConnections'))]", - "contentId": "[variables('_dataConnectorContentIdConnections')]", + "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentIdConnections1'))]", + "contentId": "[variables('_dataConnectorContentIdConnections1')]", "kind": "ResourcesDataConnector", - "version": "[variables('dataConnectorVersionConnections')]", + "version": "[variables('dataConnectorCCPVersion')]", "source": { "sourceId": "[variables('_solutionId')]", "name": "[variables('_solutionName')]", "kind": "Solution" }, "author": { - "name": "[variables('_solutionAuthor')]" + "name": "Yohai Nirenberg", + "email": "[variables('_email')]" }, "support": { - "name": "[variables('_solutionAuthor')]", - "tier": "[variables('_solutionTier')]" + "name": "Check Point", + "tier": "Partner", + "link": "https://www.checkpoint.com/support-services/contact-support/" } } }, { - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/', 'CloudGuardDCV1')]", - "apiVersion": "2022-12-01-preview", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/', 'CloudGuardCCPAlertsPolling')]", + "apiVersion": "2023-02-01-preview", "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors", "location": "[parameters('workspace-location')]", "kind": "RestApiPoller", @@ -849,7 +982,7 @@ ], "format": "json" }, - "connectorDefinitionName": "[[parameters('connectorDefinitionName')]", + "connectorDefinitionName": "CloudGuardCCPDefinition", "auth": { "type": "Basic", "userName": "[[parameters('api_key')]", @@ -890,55 +1023,65 @@ "packageKind": "Solution", "packageVersion": "[variables('_solutionVersion')]", "packageName": "[variables('_solutionName')]", - "contentProductId": "[concat(substring(variables('_solutionId'), 0, 50),'-','rdc','-', uniqueString(concat(variables('_solutionId'),'-','ResourcesDataConnector','-',variables('_dataConnectorContentIdConnections'),'-', variables('dataConnectorVersionConnections'))))]", + "contentProductId": "[concat(take(variables('_solutionId'), 50),'-','rdc','-', uniqueString(concat(variables('_solutionId'),'-','ResourcesDataConnector','-',variables('_dataConnectorContentIdConnections1'),'-', variables('dataConnectorCCPVersion'))))]", "packageId": "[variables('_solutionId')]", "contentSchemaVersion": "3.0.0", - "version": "[variables('_solutionVersion')]" + "version": "[variables('dataConnectorCCPVersion')]" } }, { "type": "Microsoft.OperationalInsights/workspaces/providers/contentPackages", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/', variables('_solutionId'))]", - "location": "[parameters('workspace-location')]", "apiVersion": "2023-04-01-preview", + "location": "[parameters('workspace-location')]", "properties": { - "version": "[variables('_solutionVersion')]", + "version": "3.0.0", "kind": "Solution", "contentSchemaVersion": "3.0.0", + "displayName": "Check Point CloudGuard", + "publisherDisplayName": "Check Point", + "descriptionHtml": "

Note: Please refer to the following before installing the solution:

\n

• Review the solution Release Notes

\n

• There may be known issues pertaining to this Solution, please refer to them before installing.

\n

The CloudGuard data connector enables the ingestion of security events from the CloudGuard API into Microsoft Sentinel™, using Microsoft Sentinel’s Codeless Connector Platform. The connector supports DCR-based ingestion time transformations which parses incoming security event data into custom columns. This pre-parsing process eliminates the need for query-time parsing, resulting in improved performance for data queries

\n

Data Connectors: 1

\n

Learn more about Microsoft Sentinel | Learn more about Solutions

\n", + "contentKind": "Solution", + "contentProductId": "[variables('_solutioncontentProductId')]", + "id": "[variables('_solutioncontentProductId')]", + "icon": "", "contentId": "[variables('_solutionId')]", + "parentId": "[variables('_solutionId')]", "source": { "kind": "Solution", - "name": "[variables('_solutionName')]", + "name": "Check Point CloudGuard", "sourceId": "[variables('_solutionId')]" }, "author": { - "name": "[variables('_solutionAuthor')]" + "name": "Yohai Nirenberg", + "email": "[variables('_email')]" }, "support": { - "name": "[variables('_solutionAuthor')]" + "name": "Check Point", + "tier": "Partner", + "link": "https://www.checkpoint.com/support-services/contact-support/" }, "dependencies": { "operator": "AND", "criteria": [ { "kind": "DataConnector", - "contentId": "[variables('dataConnectorVersionConnectorDefinition')]", - "version": "[variables('_dataConnectorContentIdConnectorDefinition')]" + "contentId": "[variables('_dataConnectorContentIdConnections1')]", + "version": "[variables('dataConnectorCCPVersion')]" } ] }, - "firstPublishDate": "2023-12-05", + "firstPublishDate": "2024-11-12", "providers": [ - "[variables('_solutionAuthor')]" + "checkpoint" ], - "contentKind": "Solution", - "packageId": "[variables('_solutionId')]", - "contentProductId": "[concat(substring(variables('_solutionId'), 0, 50),'-','sl','-', uniqueString(concat(variables('_solutionId'),'-','Solution','-',variables('_solutionId'),'-', variables('_solutionVersion'))))]", - "displayName": "[variables('_solutionName')]", - "publisherDisplayName": "[variables('_solutionId')]", - "descriptionHtml": "test", - "icon": "[variables('_packageIcon')]" - } + "categories": { + "domains": [ + "Security - Threat Protection" + ] + } + }, + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/', variables('_solutionId'))]" } - ] + ], + "outputs": {} } diff --git a/Solutions/Check Point CloudGuard/Package/testParameters.json b/Solutions/Check Point CloudGuard/Package/testParameters.json new file mode 100644 index 00000000000..554801e41b7 --- /dev/null +++ b/Solutions/Check Point CloudGuard/Package/testParameters.json @@ -0,0 +1,38 @@ +{ + "location": { + "type": "string", + "minLength": 1, + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Not used, but needed to pass arm-ttk test `Location-Should-Not-Be-Hardcoded`. We instead use the `workspace-location` which is derived from the LA workspace" + } + }, + "workspace-location": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "[concat('Region to deploy solution resources -- separate from location selection',parameters('location'))]" + } + }, + "workspace": { + "defaultValue": "", + "type": "string", + "metadata": { + "description": "Workspace name for Log Analytics where Microsoft Sentinel is setup" + } + }, + "resourceGroupName": { + "type": "string", + "defaultValue": "[resourceGroup().name]", + "metadata": { + "description": "resource group name where Microsoft Sentinel is setup" + } + }, + "subscription": { + "type": "string", + "defaultValue": "[last(split(subscription().id, '/'))]", + "metadata": { + "description": "subscription id where Microsoft Sentinel is setup" + } + } +} diff --git a/Solutions/Check Point CloudGuard/SolutionMetadata.json b/Solutions/Check Point CloudGuard/SolutionMetadata.json new file mode 100644 index 00000000000..6867889347d --- /dev/null +++ b/Solutions/Check Point CloudGuard/SolutionMetadata.json @@ -0,0 +1,14 @@ +{ + "publisherId": "checkpointCloudGuard", + "offerId": "checkpoint-sentinel-solutions-cloud-guard", + "firstPublishDate": "2024-11-12", + "providers": ["checkpoint"], + "categories": { + "domains" : ["Security - Threat Protection"] + }, + "support": { + "name": "Check Point", + "tier": "Partner", + "link": "https://www.checkpoint.com/support-services/contact-support/" + } +} \ No newline at end of file