Merge pull request #11551 from Azure/v-rusraut/FortinetFortiWeb,Oracl…

…eDatabaseAudit-removeDC-

Repackage - Fortinet Fortiweb,OracleDatabaseAudit

Solutions/Fortinet FortiWeb Cloud WAF-as-a-Service connector for Microsoft Sentinel/Analytic Rules/Fortiweb - WAF Allowed threat.yaml

@@ -5,9 +5,6 @@ description: |
 severity: High
 status: Available
 requiredDataConnectors:
-  - connectorId: FortiWeb
-    dataTypes:
-      - Fortiweb
   - connectorId: FortinetFortiWebAma
     dataTypes:
       - Fortiweb
@@ -30,5 +27,5 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: SrcIpAddr
-version: 1.0.1
+version: 1.0.2
 kind: Scheduled

Solutions/Fortinet FortiWeb Cloud WAF-as-a-Service connector for Microsoft Sentinel/Data Connectors/template_FortiwebAma.json

@@ -1,6 +1,6 @@
 {
     "id": "FortinetFortiWebAma",
-    "title": "[Recommended] Fortinet FortiWeb Web Application Firewall via AMA",
+    "title": "Fortinet FortiWeb Web Application Firewall via AMA",
     "publisher": "Microsoft",
     "descriptionMarkdown": "The [fortiweb](https://www.fortinet.com/products/web-application-firewall/fortiweb) data connector provides the capability to ingest Threat Analytics and events into Microsoft Sentinel.",
     "graphQueries": [

Solutions/Fortinet FortiWeb Cloud WAF-as-a-Service connector for Microsoft Sentinel/Data/Solution_FortiWebCloud.json

@@ -2,14 +2,13 @@
   "Name": "Fortinet FortiWeb Cloud WAF-as-a-Service connector for Microsoft Sentinel",
   "Author": "Microsoft - support@microsoft.com",
   "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">",
-  "Description": "The [Fortinet FortiWeb Cloud WAF-as-a-Service connector](https://www.fortinet.com/products/web-application-firewall/fortiweb) solution for Microsoft Sentinel provides an automated approach for SecOps analysts to remediate attacks at application level by blocking suspicious IP and URL and also empowers to gather threat intelligence data for malicious IP activity. By leveraging the FortiWeb API, the connector can automate these security operations, tasks using Microsoft Sentinel Playbooks which can dramatically reduce the window that attackers can take advantage of.\n\n For questions about [FortiWeb Cloud](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/fortinet.fortinet_waas?tab=Overview), please contact Fortinet at [azuresales@fortinet.com](mailto:azuresales@fortinet.com).\n\r\n1. **Fortinet FortiWeb Cloud WAF via AMA** - This data connector helps in ingesting Fortinet FortiWeb Cloud WAF logs into your Log Analytics Workspace using the new Azure Monitor Agent. Learn more about ingesting using the new Azure Monitor Agent [here](https://learn.microsoft.com/azure/sentinel/connect-cef-ama). **Microsoft recommends using this Data Connector**.\n\r\n2. **Fortinet FortiWeb Cloud WAF via Legacy Agent** - This data connector helps in ingesting Fortinet FortiWeb Cloud WAF logs into your Log Analytics Workspace using the legacy Log Analytics agent.\n\n**NOTE:** Microsoft recommends installation of Fortinet FortiWeb Cloud WAF via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by **Aug 31, 2024,** and thus should only be installed where AMA is not supported. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).",
+  "Description": "The [Fortinet FortiWeb Cloud WAF-as-a-Service connector](https://www.fortinet.com/products/web-application-firewall/fortiweb) solution for Microsoft Sentinel provides an automated approach for SecOps analysts to remediate attacks at application level by blocking suspicious IP and URL and also empowers to gather threat intelligence data for malicious IP activity. By leveraging the FortiWeb API, the connector can automate these security operations, tasks using Microsoft Sentinel Playbooks which can dramatically reduce the window that attackers can take advantage of.\n\n For questions about [FortiWeb Cloud](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/fortinet.fortinet_waas?tab=Overview), please contact Fortinet at [azuresales@fortinet.com](mailto:azuresales@fortinet.com).\n\r\n1. **Fortinet FortiWeb Cloud WAF via AMA** - This data connector helps in ingesting Fortinet FortiWeb Cloud WAF logs into your Log Analytics Workspace using the new Azure Monitor Agent. Learn more about ingesting using the new Azure Monitor Agent [here](https://learn.microsoft.com/azure/sentinel/connect-cef-ama). **Microsoft recommends using this Data Connector**.\n\n**NOTE:** Microsoft recommends installation of Fortinet FortiWeb Cloud WAF via AMA Connector.Legacy connector uses the Log Analytics agent which were deprecated on **Aug 31, 2024.**. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).",
   "Playbooks": [
     "Playbooks/FortiWebCustomConnector/azuredeploy.json",
     "Playbooks/FortiWebPlaybooks/FortiWeb-BlockIP-URL/azuredeploy.json",
     "Playbooks/FortiWebPlaybooks/FortiWeb-enrichment/azuredeploy.json"
   ], 
   "Data Connectors": [
-    "Data Connectors/Fortiweb.json",
     "Data Connectors/template_FortiwebAma.json"
   ],
   "Parsers": [
@@ -26,7 +25,7 @@
 	"Workbooks/Fortiweb-workbook.json"
   ],
   "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\Fortinet FortiWeb Cloud WAF-as-a-Service connector for Microsoft Sentinel",
-  "Version": "3.0.2",
+  "Version": "3.0.3",
   "Metadata": "SolutionMetadata.json",
   "TemplateSpec": true,
   "Is1PConnector": false

Solutions/Fortinet FortiWeb Cloud WAF-as-a-Service connector for Microsoft Sentinel/Hunting Queries/Unexpected Countries.yaml

@@ -4,9 +4,6 @@ description: |
   'Query searches requests by country and helps to identify requests coming from unexpected countries.'
 severity: Low
 requiredDataConnectors:
-  - connectorId: FortiWeb
-    dataTypes:
-      - Fortiweb
   - connectorId: FortinetFortiWebAma
     dataTypes:
       - Fortiweb
@@ -27,4 +24,4 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: SrcIpAddr
-version: 1.0.0
+version: 1.0.1

Solutions/Fortinet FortiWeb Cloud WAF-as-a-Service connector for Microsoft Sentinel/Hunting Queries/owaspTop10-Threatsyaml.yaml

@@ -4,9 +4,6 @@ description: |
   'Query searches threats and helps to identify threats matching owaspTop10 vulnerabilities.'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: FortiWeb
-    dataTypes:
-      - Fortiweb
   - connectorId: FortinetFortiWebAma
     dataTypes:
       - Fortiweb
@@ -27,4 +24,4 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: SrcIpAddr
-version: 1.0.0
+version: 1.0.1

Solutions/Fortinet FortiWeb Cloud WAF-as-a-Service connector for Microsoft Sentinel/Package/createUiDefinition.json

@@ -6,7 +6,7 @@
     "config": {
       "isWizard": false,
       "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Fortinet%20FortiWeb%20Cloud%20WAF-as-a-Service%20connector%20for%20Microsoft%20Sentinel/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Fortinet FortiWeb Cloud WAF-as-a-Service connector](https://www.fortinet.com/products/web-application-firewall/fortiweb) solution for Microsoft Sentinel provides an automated approach for SecOps analysts to remediate attacks at application level by blocking suspicious IP and URL and also empowers to gather threat intelligence data for malicious IP activity. By leveraging the FortiWeb API, the connector can automate these security operations, tasks using Microsoft Sentinel Playbooks which can dramatically reduce the window that attackers can take advantage of.\n\n For questions about [FortiWeb Cloud](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/fortinet.fortinet_waas?tab=Overview), please contact Fortinet at [azuresales@fortinet.com](mailto:azuresales@fortinet.com).\n\r\n1. **Fortinet FortiWeb Cloud WAF via AMA** - This data connector helps in ingesting Fortinet FortiWeb Cloud WAF logs into your Log Analytics Workspace using the new Azure Monitor Agent. Learn more about ingesting using the new Azure Monitor Agent [here](https://learn.microsoft.com/azure/sentinel/connect-cef-ama). **Microsoft recommends using this Data Connector**.\n\r\n2. **Fortinet FortiWeb Cloud WAF via Legacy Agent** - This data connector helps in ingesting Fortinet FortiWeb Cloud WAF logs into your Log Analytics Workspace using the legacy Log Analytics agent.\n\n**NOTE:** Microsoft recommends installation of Fortinet FortiWeb Cloud WAF via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by **Aug 31, 2024,** and thus should only be installed where AMA is not supported. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).\n\n**Data Connectors:** 2, **Parsers:** 1, **Workbooks:** 1, **Analytic Rules:** 1, **Hunting Queries:** 2, **Custom Azure Logic Apps Connectors:** 1, **Playbooks:** 2\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Fortinet%20FortiWeb%20Cloud%20WAF-as-a-Service%20connector%20for%20Microsoft%20Sentinel/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Fortinet FortiWeb Cloud WAF-as-a-Service connector](https://www.fortinet.com/products/web-application-firewall/fortiweb) solution for Microsoft Sentinel provides an automated approach for SecOps analysts to remediate attacks at application level by blocking suspicious IP and URL and also empowers to gather threat intelligence data for malicious IP activity. By leveraging the FortiWeb API, the connector can automate these security operations, tasks using Microsoft Sentinel Playbooks which can dramatically reduce the window that attackers can take advantage of.\n\n For questions about [FortiWeb Cloud](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/fortinet.fortinet_waas?tab=Overview), please contact Fortinet at [azuresales@fortinet.com](mailto:azuresales@fortinet.com).\n\r\n1. **Fortinet FortiWeb Cloud WAF via AMA** - This data connector helps in ingesting Fortinet FortiWeb Cloud WAF logs into your Log Analytics Workspace using the new Azure Monitor Agent. Learn more about ingesting using the new Azure Monitor Agent [here](https://learn.microsoft.com/azure/sentinel/connect-cef-ama). **Microsoft recommends using this Data Connector**.\n\n**NOTE:** Microsoft recommends installation of Fortinet FortiWeb Cloud WAF via AMA Connector.Legacy connector uses the Log Analytics agent which were deprecated on **Aug 31, 2024.**. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).\n\n**Data Connectors:** 1, **Parsers:** 1, **Workbooks:** 1, **Analytic Rules:** 1, **Hunting Queries:** 2, **Custom Azure Logic Apps Connectors:** 1, **Playbooks:** 2\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
         "subscription": {
           "resourceProviders": [
             "Microsoft.OperationsManagement/solutions",
@@ -197,7 +197,7 @@
                 "name": "huntingquery1-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Query searches threats and helps to identify threats matching owaspTop10 vulnerabilities. This hunting query depends on FortiWeb FortinetFortiWebAma data connector (Fortiweb Fortiweb Parser or Table)"
+                  "text": "Query searches threats and helps to identify threats matching owaspTop10 vulnerabilities. This hunting query depends on FortinetFortiWebAma data connector (Fortiweb Parser or Table)"
                 }
               }
             ]
@@ -211,7 +211,7 @@
                 "name": "huntingquery2-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Query searches requests by country and helps to identify requests coming from unexpected countries. This hunting query depends on FortiWeb FortinetFortiWebAma data connector (Fortiweb Fortiweb Parser or Table)"
+                  "text": "Query searches requests by country and helps to identify requests coming from unexpected countries. This hunting query depends on FortinetFortiWebAma data connector (Fortiweb Parser or Table)"
                 }
               }
             ]