Repackage - Gitlab

Azure · Dec 12, 2024 · 5331b39 · 5331b39
1 parent 5891abc
commit 5331b39
Show file tree

Hide file tree

Showing 13 changed files with 63 additions and 503 deletions.
diff --git a/Solutions/GitLab/Analytic Rules/GitLab_BruteForce.yaml b/Solutions/GitLab/Analytic Rules/GitLab_BruteForce.yaml
@@ -5,7 +5,7 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: Syslog
+  - connectorId: SyslogAma
     dataTypes: 
       - Syslog
 queryFrequency: 1h
@@ -44,5 +44,5 @@ entityMappings:
     fieldMappings:
       - identifier: FullName
         columnName: User
-version: 1.0.0
+version: 1.0.1
 kind: Scheduled
diff --git a/Solutions/GitLab/Analytic Rules/GitLab_ExternalUser.yaml b/Solutions/GitLab/Analytic Rules/GitLab_ExternalUser.yaml
@@ -5,7 +5,7 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: Syslog
+  - connectorId: SyslogAma
     dataTypes: 
       - Syslog
 queryFrequency: 1h
@@ -45,5 +45,5 @@ entityMappings:
     fieldMappings:
       - identifier: DomainName
         columnName: DomainName        
-version: 1.0.0
+version: 1.0.1
 kind: Scheduled
diff --git a/Solutions/GitLab/Analytic Rules/GitLab_Impersonation.yaml b/Solutions/GitLab/Analytic Rules/GitLab_Impersonation.yaml
@@ -5,7 +5,7 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: Syslog
+  - connectorId: SyslogAma
     dataTypes: 
       - Syslog
 queryFrequency: 1h
@@ -44,5 +44,5 @@ entityMappings:
     fieldMappings:
       - identifier: FullName
         columnName: TargetDetails
-version: 1.0.1
+version: 1.0.2
 kind: Scheduled
diff --git a/Solutions/GitLab/Analytic Rules/GitLab_LocalAuthNoMFA.yaml b/Solutions/GitLab/Analytic Rules/GitLab_LocalAuthNoMFA.yaml
@@ -5,7 +5,7 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: Syslog
+  - connectorId: SyslogAma
     dataTypes: 
       - Syslog
 queryFrequency: 1h
@@ -29,5 +29,5 @@ entityMappings:
     fieldMappings:
       - identifier: FullName
         columnName: AuthorUserName
-version: 1.0.0
+version: 1.0.1
 kind: Scheduled
diff --git a/Solutions/GitLab/Analytic Rules/GitLab_MaliciousIP.yaml b/Solutions/GitLab/Analytic Rules/GitLab_MaliciousIP.yaml
@@ -11,7 +11,7 @@ requiredDataConnectors:
   - connectorId: ThreatIntelligenceTaxii
     dataTypes:
       - ThreatIntelligenceIndicator
-  - connectorId: Syslog
+  - connectorId: SyslogAma
     dataTypes: 
       - Syslog
 queryFrequency: 1h
@@ -45,5 +45,5 @@ entityMappings:
     fieldMappings:
       - identifier: Url
         columnName: Url
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled
diff --git a/Solutions/GitLab/Analytic Rules/GitLab_PAT_Repo.yaml b/Solutions/GitLab/Analytic Rules/GitLab_PAT_Repo.yaml
@@ -7,7 +7,7 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: Syslog
+  - connectorId: SyslogAma
     dataTypes: 
       - Syslog
 queryFrequency: 1h
@@ -32,5 +32,5 @@ entityMappings:
     fieldMappings:
       - identifier: FullName
         columnName: AuthorName
-version: 1.0.0
+version: 1.0.1
 kind: Scheduled
diff --git a/Solutions/GitLab/Analytic Rules/GitLab_RepoVisibilityChange.yaml b/Solutions/GitLab/Analytic Rules/GitLab_RepoVisibilityChange.yaml
@@ -5,7 +5,7 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: Syslog
+  - connectorId: SyslogAma
     dataTypes: 
       - Syslog
 queryFrequency: 1h
@@ -35,5 +35,5 @@ entityMappings:
     fieldMappings:
       - identifier: Url
         columnName: EntityName        
-version: 1.0.0
+version: 1.0.1
 kind: Scheduled
diff --git a/Solutions/GitLab/Analytic Rules/GitLab_Repo_Deletion.yaml b/Solutions/GitLab/Analytic Rules/GitLab_Repo_Deletion.yaml
@@ -5,7 +5,7 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: Syslog
+  - connectorId: SyslogAma
     dataTypes: 
       - Syslog
 queryFrequency: 1h
@@ -48,5 +48,5 @@ entityMappings:
     fieldMappings:
       - identifier: FullName
         columnName: AuthorName
-version: 1.0.0
+version: 1.0.1
 kind: Scheduled
diff --git a/Solutions/GitLab/Data/Solution_Gitlab.json b/Solutions/GitLab/Data/Solution_Gitlab.json
@@ -2,10 +2,7 @@
   "Name": "GitLab",
   "Author": "Microsoft - support@microsoft.com",
   "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">",
-  "Description": "The [GitLab](https://about.gitlab.com/solutions/devops-platform/) solution allows you to easily connect your GitLab (GitLab Enterprise Edition - Standalone) logs into Microsoft Sentinel. This gives you more security insight into your organization's DevOps pipelines.\n\nThis solution is dependent on the Syslog solution containing the Syslog via AMA connector to collect the logs. The Syslog  solution will be installed as part of this solution installation. \n\n **NOTE**: Microsoft recommends installation of Syslog via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by **Aug 31, 2024**. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).",
-  "Data Connectors": [
-    "Data Connectors/Connector_Syslog_GitLab.json"
-  ],
+  "Description": "The [GitLab](https://about.gitlab.com/solutions/devops-platform/) solution allows you to easily connect your GitLab (GitLab Enterprise Edition - Standalone) logs into Microsoft Sentinel. This gives you more security insight into your organization's DevOps pipelines.\n\nThis solution is dependent on the Syslog solution containing the Syslog via AMA connector to collect the logs. The Syslog  solution will be installed as part of this solution installation. \n\n **NOTE**: Microsoft recommends installation of Syslog via AMA Connector. Legacy connector uses the Log Analytics agent which were deprecated on **Aug 31, 2024.** Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).",
   "Parsers": [
     "Parsers/GitLabAccess.yaml",
     "Parsers/GitLabApp.yaml",
@@ -27,7 +24,7 @@
   ],
   "Metadata": "SolutionMetadata.json",
   "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\GitLab",
-  "Version": "3.0.1",
+  "Version": "3.0.2",
   "TemplateSpec": true,
   "Is1PConnector": false
 }
diff --git a/Solutions/GitLab/Package/3.0.2.zip b/Solutions/GitLab/Package/3.0.2.zip
diff --git a/Solutions/GitLab/Package/createUiDefinition.json b/Solutions/GitLab/Package/createUiDefinition.json
@@ -6,7 +6,7 @@
     "config": {
       "isWizard": false,
       "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/GitLab/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [GitLab](https://about.gitlab.com/solutions/devops-platform/) solution allows you to easily connect your GitLab (GitLab Enterprise Edition - Standalone) logs into Microsoft Sentinel. This gives you more security insight into your organization's DevOps pipelines.\n\nThis solution is dependent on the Syslog solution containing the Syslog via AMA connector to collect the logs. The Syslog  solution will be installed as part of this solution installation. \n\n **NOTE**: Microsoft recommends installation of Syslog via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by **Aug 31, 2024**. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).\n\n**Data Connectors:** 1, **Parsers:** 3, **Analytic Rules:** 9\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/GitLab/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [GitLab](https://about.gitlab.com/solutions/devops-platform/) solution allows you to easily connect your GitLab (GitLab Enterprise Edition - Standalone) logs into Microsoft Sentinel. This gives you more security insight into your organization's DevOps pipelines.\n\nThis solution is dependent on the Syslog solution containing the Syslog via AMA connector to collect the logs. The Syslog  solution will be installed as part of this solution installation. \n\n **NOTE**: Microsoft recommends installation of Syslog via AMA Connector. Legacy connector uses the Log Analytics agent which were deprecated on **Aug 31, 2024.** Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).\n\n**Parsers:** 3, **Analytic Rules:** 9\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
         "subscription": {
           "resourceProviders": [
             "Microsoft.OperationsManagement/solutions",
@@ -51,37 +51,6 @@
       }
     ],
     "steps": [
-      {
-        "name": "dataconnectors",
-        "label": "Data Connectors",
-        "bladeTitle": "Data Connectors",
-        "elements": [
-          {
-            "name": "dataconnectors1-text",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
-              "text": "This Solution installs the data connector for GitLab. You can get GitLab Syslog data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
-            }
-          },
-          {
-            "name": "dataconnectors-parser-text",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
-              "text": "The Solution installs a parser that transforms the ingested data into Microsoft Sentinel normalized format. The normalized format enables better correlation of different types of data from different data sources to drive end-to-end outcomes seamlessly in security monitoring, hunting, incident investigation and response scenarios in Microsoft Sentinel."
-            }
-          },
-          {
-            "name": "dataconnectors-link2",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
-              "link": {
-                "label": "Learn more about connecting data sources",
-                "uri": "https://docs.microsoft.com/azure/sentinel/connect-data-sources"
-              }
-            }
-          }
-        ]
-      },
       {
         "name": "analytics",
         "label": "Analytics",