Merge branch 'master' into v-pb-okta

Solutions/GitLab/Analytic Rules/GitLab_BruteForce.yaml

@@ -5,7 +5,7 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: Syslog
+  - connectorId: SyslogAma
     dataTypes: 
       - Syslog
 queryFrequency: 1h
@@ -44,5 +44,5 @@ entityMappings:
     fieldMappings:
       - identifier: FullName
         columnName: User
-version: 1.0.0
+version: 1.0.1
 kind: Scheduled

Solutions/GitLab/Analytic Rules/GitLab_ExternalUser.yaml

@@ -5,7 +5,7 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: Syslog
+  - connectorId: SyslogAma
     dataTypes: 
       - Syslog
 queryFrequency: 1h
@@ -45,5 +45,5 @@ entityMappings:
     fieldMappings:
       - identifier: DomainName
         columnName: DomainName        
-version: 1.0.0
+version: 1.0.1
 kind: Scheduled

Solutions/GitLab/Analytic Rules/GitLab_Impersonation.yaml

@@ -5,7 +5,7 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: Syslog
+  - connectorId: SyslogAma
     dataTypes: 
       - Syslog
 queryFrequency: 1h
@@ -44,5 +44,5 @@ entityMappings:
     fieldMappings:
       - identifier: FullName
         columnName: TargetDetails
-version: 1.0.1
+version: 1.0.2
 kind: Scheduled

Solutions/GitLab/Analytic Rules/GitLab_LocalAuthNoMFA.yaml

@@ -5,7 +5,7 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: Syslog
+  - connectorId: SyslogAma
     dataTypes: 
       - Syslog
 queryFrequency: 1h
@@ -29,5 +29,5 @@ entityMappings:
     fieldMappings:
       - identifier: FullName
         columnName: AuthorUserName
-version: 1.0.0
+version: 1.0.1
 kind: Scheduled

Solutions/GitLab/Analytic Rules/GitLab_MaliciousIP.yaml

@@ -11,7 +11,7 @@ requiredDataConnectors:
   - connectorId: ThreatIntelligenceTaxii
     dataTypes:
       - ThreatIntelligenceIndicator
-  - connectorId: Syslog
+  - connectorId: SyslogAma
     dataTypes: 
       - Syslog
 queryFrequency: 1h
@@ -45,5 +45,5 @@ entityMappings:
     fieldMappings:
       - identifier: Url
         columnName: Url
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled

Solutions/GitLab/Analytic Rules/GitLab_PAT_Repo.yaml

@@ -7,7 +7,7 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: Syslog
+  - connectorId: SyslogAma
     dataTypes: 
       - Syslog
 queryFrequency: 1h
@@ -32,5 +32,5 @@ entityMappings:
     fieldMappings:
       - identifier: FullName
         columnName: AuthorName
-version: 1.0.0
+version: 1.0.1
 kind: Scheduled

Solutions/GitLab/Analytic Rules/GitLab_RepoVisibilityChange.yaml

@@ -5,7 +5,7 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: Syslog
+  - connectorId: SyslogAma
     dataTypes: 
       - Syslog
 queryFrequency: 1h
@@ -35,5 +35,5 @@ entityMappings:
     fieldMappings:
       - identifier: Url
         columnName: EntityName        
-version: 1.0.0
+version: 1.0.1
 kind: Scheduled

Solutions/GitLab/Analytic Rules/GitLab_Repo_Deletion.yaml

@@ -5,7 +5,7 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: Syslog
+  - connectorId: SyslogAma
     dataTypes: 
       - Syslog
 queryFrequency: 1h
@@ -48,5 +48,5 @@ entityMappings:
     fieldMappings:
       - identifier: FullName
         columnName: AuthorName
-version: 1.0.0
+version: 1.0.1
 kind: Scheduled

Solutions/GitLab/Data/Solution_Gitlab.json

@@ -2,10 +2,7 @@
   "Name": "GitLab",
   "Author": "Microsoft - support@microsoft.com",
   "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">",
-  "Description": "The [GitLab](https://about.gitlab.com/solutions/devops-platform/) solution allows you to easily connect your GitLab (GitLab Enterprise Edition - Standalone) logs into Microsoft Sentinel. This gives you more security insight into your organization's DevOps pipelines.\n\nThis solution is dependent on the Syslog solution containing the Syslog via AMA connector to collect the logs. The Syslog  solution will be installed as part of this solution installation. \n\n **NOTE**: Microsoft recommends installation of Syslog via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by **Aug 31, 2024**. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).",
-  "Data Connectors": [
-    "Data Connectors/Connector_Syslog_GitLab.json"
-  ],
+  "Description": "The [GitLab](https://about.gitlab.com/solutions/devops-platform/) solution allows you to easily connect your GitLab (GitLab Enterprise Edition - Standalone) logs into Microsoft Sentinel. This gives you more security insight into your organization's DevOps pipelines.\n\nThis solution is dependent on the Syslog solution containing the Syslog via AMA connector to collect the logs. The Syslog  solution will be installed as part of this solution installation. \n\n **NOTE**: Microsoft recommends installation of Syslog via AMA Connector. Legacy connector uses the Log Analytics agent which were deprecated on **Aug 31, 2024.** Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).",
   "Parsers": [
     "Parsers/GitLabAccess.yaml",
     "Parsers/GitLabApp.yaml",
@@ -27,7 +24,7 @@
   ],
   "Metadata": "SolutionMetadata.json",
   "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\GitLab",
-  "Version": "3.0.1",
+  "Version": "3.0.2",
   "TemplateSpec": true,
   "Is1PConnector": false
 }

Solutions/GitLab/Package/createUiDefinition.json

@@ -6,7 +6,7 @@
     "config": {
       "isWizard": false,
       "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/GitLab/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [GitLab](https://about.gitlab.com/solutions/devops-platform/) solution allows you to easily connect your GitLab (GitLab Enterprise Edition - Standalone) logs into Microsoft Sentinel. This gives you more security insight into your organization's DevOps pipelines.\n\nThis solution is dependent on the Syslog solution containing the Syslog via AMA connector to collect the logs. The Syslog  solution will be installed as part of this solution installation. \n\n **NOTE**: Microsoft recommends installation of Syslog via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by **Aug 31, 2024**. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).\n\n**Data Connectors:** 1, **Parsers:** 3, **Analytic Rules:** 9\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/GitLab/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [GitLab](https://about.gitlab.com/solutions/devops-platform/) solution allows you to easily connect your GitLab (GitLab Enterprise Edition - Standalone) logs into Microsoft Sentinel. This gives you more security insight into your organization's DevOps pipelines.\n\nThis solution is dependent on the Syslog solution containing the Syslog via AMA connector to collect the logs. The Syslog  solution will be installed as part of this solution installation. \n\n **NOTE**: Microsoft recommends installation of Syslog via AMA Connector. Legacy connector uses the Log Analytics agent which were deprecated on **Aug 31, 2024.** Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).\n\n**Parsers:** 3, **Analytic Rules:** 9\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
         "subscription": {
           "resourceProviders": [
             "Microsoft.OperationsManagement/solutions",
@@ -51,37 +51,6 @@
       }
     ],
     "steps": [
-      {
-        "name": "dataconnectors",
-        "label": "Data Connectors",
-        "bladeTitle": "Data Connectors",
-        "elements": [
-          {
-            "name": "dataconnectors1-text",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
-              "text": "This Solution installs the data connector for GitLab. You can get GitLab Syslog data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
-            }
-          },
-          {
-            "name": "dataconnectors-parser-text",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
-              "text": "The Solution installs a parser that transforms the ingested data into Microsoft Sentinel normalized format. The normalized format enables better correlation of different types of data from different data sources to drive end-to-end outcomes seamlessly in security monitoring, hunting, incident investigation and response scenarios in Microsoft Sentinel."
-            }
-          },
-          {
-            "name": "dataconnectors-link2",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
-              "link": {
-                "label": "Learn more about connecting data sources",
-                "uri": "https://docs.microsoft.com/azure/sentinel/connect-data-sources"
-              }
-            }
-          }
-        ]
-      },
       {
         "name": "analytics",
         "label": "Analytics",