![](\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\")
\n\n**Note:** _There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing._\n\nThe [Prisma Cloud Compute CWPP](https://prisma.pan.dev/api/cloud/cwpp/audits/#operation/get-audits-incidents) solution for Microsoft Sentinel allows you to connect to your Prisma Cloud CWPP instance and ingest alerts into your Microsoft Sentinel workspace using the Prisma Cloud API.\n\n**Underlying Microsoft Technologies used:**\n\nThis solution takes a dependency on the following technologies, and some of these dependencies either may be in Preview state or might result in additional ingestion or operational costs:\n\na. [Codeless Connector Platform (CCP)](https://learn.microsoft.com/en-us/azure/sentinel/create-custom-connector#connect-with-the-codeless-connector-platform)\n\n**Data Connectors:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+ "description": "\n\n**Note:** _There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing._\n\nThe [Prisma Cloud Compute CWPP](https://prisma.pan.dev/api/cloud/cwpp/audits/#operation/get-audits-incidents) solution for Microsoft Sentinel allows you to connect to your Palo Alto Prisma Cloud CWPP instance and ingest alerts into your Microsoft Sentinel workspace using the Prisma Cloud API.\n\n**Underlying Microsoft Technologies used:**\n\nThis solution takes a dependency on the following technologies, and some of these dependencies either may be in Preview state or might result in additional ingestion or operational costs:\n\na. [Codeless Connector Platform (CCP)](https://learn.microsoft.com/en-us/azure/sentinel/create-custom-connector#connect-with-the-codeless-connector-platform)\n\n**Data Connectors:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
"subscription": {
"resourceProviders": [
"Microsoft.OperationsManagement/solutions",
@@ -60,7 +60,7 @@
"name": "dataconnectors1-text",
"type": "Microsoft.Common.TextBlock",
"options": {
- "text": "This Solution installs the data connector for PrismaCloudCompute. You can get PrismaCloudCompute custom log data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
+ "text": "This Solution installs the data connector for Prisma Cloud Compute CWPP. You can get Prisma Cloud Compute CWPP custom log data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
}
},
{
diff --git a/Solutions/PrismaCloudCompute/Package/mainTemplate.json b/Solutions/Palo Alto Prisma Cloud CWPP/Package/mainTemplate.json
similarity index 92%
rename from Solutions/PrismaCloudCompute/Package/mainTemplate.json
rename to Solutions/Palo Alto Prisma Cloud CWPP/Package/mainTemplate.json
index 2dbef4de0c9..3f06490ebab 100644
--- a/Solutions/PrismaCloudCompute/Package/mainTemplate.json
+++ b/Solutions/Palo Alto Prisma Cloud CWPP/Package/mainTemplate.json
@@ -43,7 +43,7 @@
"email": "support@microsoft.com",
"_email": "[variables('email')]",
"workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]",
- "_solutionName": "PrismaCloudCompute",
+ "_solutionName": "Palo Alto Prisma Cloud CWPP",
"_solutionVersion": "3.0.0",
"_solutionAuthor": "Microsoft",
"_packageIcon": "icon icon icon icon",
@@ -51,9 +51,9 @@
"_solutionId": "[variables('solutionId')]",
"dataConnectorVersionConnectorDefinition": "1.0.0",
"dataConnectorVersionConnections": "1.0.0",
- "_dataConnectorContentIdConnectorDefinition": "PrismaCloudComputeTemplateNameConnectorDefinition",
+ "_dataConnectorContentIdConnectorDefinition": "PaloAltoPrismaCloudCWPP",
"dataConnectorTemplateNameConnectorDefinition": "[concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentIdConnectorDefinition')))]",
- "_dataConnectorContentIdConnections": "PrismaCloudComputeTemplateNameConnections",
+ "_dataConnectorContentIdConnections": "PaloAltoPrismaCloudCWPPTemplateNameConnections",
"dataConnectorTemplateNameConnections": "[concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentIdConnections')))]",
"_logAnalyticsTableId1": "PrismaCloudCompute_CL"
},
@@ -118,9 +118,10 @@
"kind": "Customizable",
"properties": {
"connectorUiConfig": {
+ "id": "[variables('_dataConnectorContentIdConnectorDefinition')]",
"title": "Prisma Cloud Compute CWPP (using REST API)",
"publisher": "Microsoft",
- "descriptionMarkdown": "The [Prisma Cloud Compute CWPP](https://prisma.pan.dev/api/cloud/cwpp/audits/#operation/get-audits-incidents) data connector allows you to connect to your Prisma Cloud CWPP instance and ingesting alerts into Microsoft Sentinel. The data connector is built on Microsoft Sentinel’s Codeless Connector Platform and uses the Prisma Cloud API to fetch security events and supports DCR-based [ingestion time transformations](https://docs.microsoft.com/azure/azure-monitor/logs/custom-logs-overview) that parses the received security event data into a custom columns so that queries don't need to parse it again, thus resulting in better performance.",
+ "descriptionMarkdown": "The [Prisma Cloud Compute CWPP](https://prisma.pan.dev/api/cloud/cwpp/audits/#operation/get-audits-incidents) data connector allows you to connect to your Palo Alto Prisma Cloud CWPP instance and ingesting alerts into Microsoft Sentinel. The data connector is built on Microsoft Sentinel’s Codeless Connector Platform and uses the Prisma Cloud API to fetch security events and supports DCR-based [ingestion time transformations](https://docs.microsoft.com/azure/azure-monitor/logs/custom-logs-overview) that parses the received security event data into a custom columns so that queries don't need to parse it again, thus resulting in better performance.",
"graphQueriesTableName": "PrismaCloudCompute_CL",
"graphQueries": [
{
@@ -178,14 +179,14 @@
],
"customs": [
{
- "name": "PrismaCloudCompute API Key",
- "description": "A Prisma Cloud Compute CWPP Monitor API username and password is required. [See the documentation to learn more about PrismaCloudCompute SIEM API](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/PrismaCloudCompute/Data%20Connectors/readme.md)."
+ "name": "Palo Alto Prisma Cloud CWPP API Key",
+ "description": "A Palo Alto Prisma Cloud CWPP Monitor API username and password is required. [See the documentation to learn more about Palo Alto Prisma Cloud CWPP SIEM API](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Palo%20Alto%20Prisma%20Cloud%20CWPP/Data%20Connectors/readme.md)."
}
]
},
"instructionSteps": [
{
- "description": "To enable the Prisma Cloud Compute CWPP Security Events for Microsoft Sentinel, provide the required information below and click on Connect.\n>",
+ "description": "To enable the Palo Alto Prisma Cloud CWPP Security Events for Microsoft Sentinel, provide the required information below and click on Connect.\n>",
"instructions": [
{
"type": "Textbox",
@@ -229,14 +230,14 @@
}
},
{
- "name": "PrismaCloudComputeDCR",
+ "name": "PaloAltoPrismaCloudCWPP_DCR",
"apiVersion": "2021-09-01-preview",
"type": "Microsoft.Insights/dataCollectionRules",
"location": "[parameters('workspace-location')]",
"kind": null,
"properties": {
"streamDeclarations": {
- "Custom-PrismaCloudCompute_IncidentsApi": {
+ "Custom-PaloAltoPrismaCloudCWPP_IncidentsApi": {
"columns": [
{
"name": "_id",
@@ -342,7 +343,7 @@
"dataFlows": [
{
"streams": [
- "Custom-PrismaCloudCompute_IncidentsApi"
+ "Custom-PaloAltoPrismaCloudCWPP_IncidentsApi"
],
"destinations": [
"clv2ws1"
@@ -478,9 +479,10 @@
"kind": "Customizable",
"properties": {
"connectorUiConfig": {
+ "id": "[variables('_dataConnectorContentIdConnectorDefinition')]",
"title": "Prisma Cloud Compute CWPP (using REST API)",
"publisher": "Microsoft",
- "descriptionMarkdown": "The [Prisma Cloud Compute CWPP](https://prisma.pan.dev/api/cloud/cwpp/audits/#operation/get-audits-incidents) data connector allows you to connect to your Prisma Cloud CWPP instance and ingesting alerts into Microsoft Sentinel. The data connector is built on Microsoft Sentinel’s Codeless Connector Platform and uses the Prisma Cloud API to fetch security events and supports DCR-based [ingestion time transformations](https://docs.microsoft.com/azure/azure-monitor/logs/custom-logs-overview) that parses the received security event data into a custom columns so that queries don't need to parse it again, thus resulting in better performance.",
+ "descriptionMarkdown": "The [Prisma Cloud Compute CWPP](https://prisma.pan.dev/api/cloud/cwpp/audits/#operation/get-audits-incidents) data connector allows you to connect to your Palo Alto Prisma Cloud CWPP instance and ingesting alerts into Microsoft Sentinel. The data connector is built on Microsoft Sentinel’s Codeless Connector Platform and uses the Prisma Cloud API to fetch security events and supports DCR-based [ingestion time transformations](https://docs.microsoft.com/azure/azure-monitor/logs/custom-logs-overview) that parses the received security event data into a custom columns so that queries don't need to parse it again, thus resulting in better performance.",
"graphQueriesTableName": "PrismaCloudCompute_CL",
"graphQueries": [
{
@@ -538,14 +540,14 @@
],
"customs": [
{
- "name": "PrismaCloudCompute API Key",
- "description": "A Prisma Cloud Compute CWPP Monitor API username and password is required. [See the documentation to learn more about PrismaCloudCompute SIEM API](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/PrismaCloudCompute/Data%20Connectors/readme.md)."
+ "name": "Palo Alto Prisma Cloud CWPP API Key",
+ "description": "A Palo Alto Prisma Cloud CWPP Monitor API username and password is required. [See the documentation to learn more about Palo Alto Prisma Cloud CWPP SIEM API](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Palo%20Alto%20Prisma%20Cloud/Data%20Connectors/readme.md)."
}
]
},
"instructionSteps": [
{
- "description": "To enable the Prisma Cloud Compute CWPP Security Events for Microsoft Sentinel, provide the required information below and click on Connect.\n>",
+ "description": "To enable the Palo Alto Prisma Cloud CWPP Security Events for Microsoft Sentinel, provide the required information below and click on Connect.\n>",
"instructions": [
{
"type": "Textbox",
@@ -709,7 +711,7 @@
"connectorDefinitionName": "[[parameters('connectorDefinitionName')]",
"dataType": "PrismaCloudCompute_CL",
"dcrConfig": {
- "streamName": "Custom-PrismaCloudCompute_IncidentsApi",
+ "streamName": "Custom-PaloAltoPrismaCloudCWPP_IncidentsApi",
"dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]",
"dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]"
},
@@ -808,7 +810,7 @@
"contentProductId": "[concat(substring(variables('_solutionId'), 0, 50),'-','sl','-', uniqueString(concat(variables('_solutionId'),'-','Solution','-',variables('_solutionId'),'-', variables('_solutionVersion'))))]",
"displayName": "[variables('_solutionName')]",
"publisherDisplayName": "[variables('_solutionId')]",
- "descriptionHtml": "Note: There may be known issues pertaining to this Solution, please refer to them before installing.
\nThe Prisma Cloud Compute CWPP solution for Microsoft Sentinel allows you to connect to your Prisma Cloud CWPP instance and ingest alerts into your Microsoft Sentinel workspace using the Prisma Cloud API.
\nUnderlying Microsoft Technologies used:
\nThis solution takes a dependency on the following technologies, and some of these dependencies either may be in Preview state or might result in additional ingestion or operational costs:
\n\nData Connectors: 1
\nLearn more about Microsoft Sentinel | Learn more about Solutions
\n", + "descriptionHtml": "Note: There may be known issues pertaining to this Solution, please refer to them before installing.
\nThe Prisma Cloud Compute CWPP solution for Microsoft Sentinel allows you to connect to your Palo Alto Prisma Cloud CWPP instance and ingest alerts into your Microsoft Sentinel workspace using the Prisma Cloud API.
\nUnderlying Microsoft Technologies used:
\nThis solution takes a dependency on the following technologies, and some of these dependencies either may be in Preview state or might result in additional ingestion or operational costs:
\n\nData Connectors: 1
\nLearn more about Microsoft Sentinel | Learn more about Solutions
\n", "icon": "[variables('_packageIcon')]" } } diff --git a/Solutions/PrismaCloudCompute/ReleaseNotes.md b/Solutions/Palo Alto Prisma Cloud CWPP/ReleaseNotes.md similarity index 100% rename from Solutions/PrismaCloudCompute/ReleaseNotes.md rename to Solutions/Palo Alto Prisma Cloud CWPP/ReleaseNotes.md diff --git a/Solutions/PrismaCloudCompute/SolutionMetadata.json b/Solutions/Palo Alto Prisma Cloud CWPP/SolutionMetadata.json similarity index 77% rename from Solutions/PrismaCloudCompute/SolutionMetadata.json rename to Solutions/Palo Alto Prisma Cloud CWPP/SolutionMetadata.json index c4e73a7d155..6456439f9f7 100644 --- a/Solutions/PrismaCloudCompute/SolutionMetadata.json +++ b/Solutions/Palo Alto Prisma Cloud CWPP/SolutionMetadata.json @@ -11,8 +11,5 @@ "email": "support@microsoft.com", "tier": "Microsoft", "link": "https://support.microsoft.com/" - }, - "SolutionName":"PrismaCloudCompute", - "SolutionAuthor": "Microsoft", - "PackageIcon":"icon icon icon icon" + } } \ No newline at end of file diff --git a/Solutions/Palo Alto Prisma Cloud CWPP/data/PrismaCloud.json b/Solutions/Palo Alto Prisma Cloud CWPP/data/PrismaCloud.json new file mode 100644 index 00000000000..723037bd854 --- /dev/null +++ b/Solutions/Palo Alto Prisma Cloud CWPP/data/PrismaCloud.json @@ -0,0 +1,16 @@ +{ + "Name": "Palo Alto Prisma Cloud CWPP", + "Author": "Microsoft - support@microsoft.com", + "Logo": "",
+ "Description": "The [Prisma Alto Prisma Cloud CWPP](https://prisma.pan.dev/api/cloud/cwpp/audits/#operation/get-audits-incidents) solution for Microsoft Sentinel allows you to connect to your Palo Alto Prisma Cloud CWPP instance and ingest alerts into your Microsoft Sentinel workspace using the Prisma Cloud API.\n\n**Underlying Microsoft Technologies used:**\n\nThis solution takes a dependency on the following technologies, and some of these dependencies either may be in Preview state or might result in additional ingestion or operational costs:\n\na. [Codeless Connector Platform (CCP)](https://learn.microsoft.com/en-us/azure/sentinel/create-custom-connector#connect-with-the-codeless-connector-platform)",
+ "Data Connectors": [
+ "Data Connectors/PrismaCloudCompute_CLV2.json",
+ "Data Connectors/connectorDefinition.json"
+ ],
+ "Metadata": "SolutionMetadata.json",
+ "BasePath": "C:\\Github\\Azure-Sentinel\\Solutions\\Palo Alto Prisma Cloud CWPP",
+ "Version": "3.0.0",
+ "TemplateSpec": true,
+ "Is1PConnector": false,
+ "createPackage": false
+}
\ No newline at end of file
diff --git a/Solutions/PrismaCloudCompute/Package/3.0.0.zip b/Solutions/PrismaCloudCompute/Package/3.0.0.zip
deleted file mode 100644
index fb9cad35538..00000000000
Binary files a/Solutions/PrismaCloudCompute/Package/3.0.0.zip and /dev/null differ
diff --git a/Solutions/PrismaCloudCompute/data/PrismaCloud.json b/Solutions/PrismaCloudCompute/data/PrismaCloud.json
deleted file mode 100644
index 99c81334755..00000000000
--- a/Solutions/PrismaCloudCompute/data/PrismaCloud.json
+++ /dev/null
@@ -1,16 +0,0 @@
-{
- "Name": "PrismaCloudCompute",
- "Author": "Microsoft - support@microsoft.com",
- "Logo": "",
- "Description": "The [Prisma Cloud Compute CWPP](https://prisma.pan.dev/api/cloud/cwpp/audits/#operation/get-audits-incidents) solution for Microsoft Sentinel allows you to connect to your Prisma Cloud CWPP instance and ingest alerts into your Microsoft Sentinel workspace using the Prisma Cloud API.\n\n**Underlying Microsoft Technologies used:**\n\nThis solution takes a dependency on the following technologies, and some of these dependencies either may be in Preview state or might result in additional ingestion or operational costs:\n\na. [Codeless Connector Platform (CCP)](https://learn.microsoft.com/en-us/azure/sentinel/create-custom-connector#connect-with-the-codeless-connector-platform)",
- "Data Connectors": [
- "Data Connectors/PrismaCloudCompute_CLV2.json",
- "Data Connectors/connectorDefinition.json"
- ],
- "Metadata": "SolutionMetadata.json",
- "BasePath": "C:\\Github\\Azure-Sentinel\\Solutions\\PrismaCloudCompute",
- "Version": "3.0.0",
- "TemplateSpec": true,
- "Is1PConnector": false,
- "createPackage": false
-}
\ No newline at end of file