Skip to content

Commit

Permalink
Merge pull request #9179 from Azure/v-rusraut/DigitalGuardianDLP-BUG7399
Browse files Browse the repository at this point in the history 
Repackaging - DigitalGuardianDLP
  • Loading branch information
@v-atulyadav
v-atulyadav authored Oct 16, 2023
2 parents 7ef9e52 + 56c681f commit 7989483
Show file tree
Hide file tree
Showing 8 changed files with 609 additions and 634 deletions.
4 changes: 2 additions & 2 deletions Solutions/DigitalGuardianDLP/Data/Solution_DigitalGuardianDLP.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,14 +31,14 @@
"Hunting Queries/DigitalGuardianUrlByUser.yaml"
],
"Parsers": [
"Parsers/DigitalGuardianDLPEvent.txt"
"Parsers/DigitalGuardianDLPEvent.yaml"
],
"Data Connectors": [
"Data Connectors/Connector_DigitalGuardian_Syslog.json"
],
"Metadata": "SolutionMetadata.json",
"BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\DigitalGuardianDLP",
"Version": "2.0.1",
"Version": "3.0.0",
"TemplateSpec": true,
"Is1PConnector": false
}
33 changes: 33 additions & 0 deletions Solutions/DigitalGuardianDLP/Data/system_generated_metadata.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
{
"Name": "Digital Guardian Data Loss Prevention",
"Author": "Microsoft - support@microsoft.com",
"Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">",
"Description": "The [Digital Guardian Data Loss Prevention (DLP)](https://digitalguardian.com/platform-overview) data connector provides the capability to ingest Digital Guardian DLP logs into Microsoft Sentinel.\r\n \r\n **Underlying Microsoft Technologies used:** \r\n \r\n This solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\r\n \r\n a. [Agent-based log collection (Syslog) ](https://docs.microsoft.com/azure/sentinel/connect-syslog)",
"Metadata": "SolutionMetadata.json",
"BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\DigitalGuardianDLP",
"Version": "3.0.0",
"TemplateSpec": true,
"Is1PConnector": false,
"publisherId": "azuresentinel",
"offerId": "azure-sentinel-solution-digitalguardiandlp",
"providers": [
"Digital Guardian"
],
"categories": {
"domains": [
"Security – Information Protection"
]
},
"firstPublishDate": "2021-07-23",
"support": {
"name": "Microsoft Corporation",
"email": "support@microsoft.com",
"tier": "Microsoft",
"link": "https://support.microsoft.com"
},
"Data Connectors": "[\n \"Data Connectors/Connector_DigitalGuardian_Syslog.json\"\n]",
"Parsers": "[\n \"DigitalGuardianDLPEvent.yaml\"\n]",
"Workbooks": "[\n \"Workbooks/DigitalGuardian.json\"\n]",
"Analytic Rules": "[\n \"DigitalGuardianClassifiedDataInsecureTransfer.yaml\",\n \"DigitalGuardianExfiltrationOverDNS.yaml\",\n \"DigitalGuardianExfiltrationToFileShareServices.yaml\",\n \"DigitalGuardianFileSentToExternal.yaml\",\n \"DigitalGuardianFileSentToExternalDomain.yaml\",\n \"DigitalGuardianFilesSentToExternalDomain.yaml\",\n \"DigitalGuardianMultipleIncidentsFromUser.yaml\",\n \"DigitalGuardianPossibleProtocolAbuse.yaml\",\n \"DigitalGuardianUnexpectedProtocol.yaml\",\n \"DigitalGuardianViolationNotBlocked.yaml\"\n]",
"Hunting Queries": "[\n \"DigitalGuardianDomains.yaml\",\n \"DigitalGuardianFilesSentByUsers.yaml\",\n \"DigitalGuardianIncidentsByUser.yaml\",\n \"DigitalGuardianInsecureProtocolSources.yaml\",\n \"DigitalGuardianInspectedFiles.yaml\",\n \"DigitalGuardianNewIncidents.yaml\",\n \"DigitalGuardianRareDestinationPorts.yaml\",\n \"DigitalGuardianRareNetworkProtocols.yaml\",\n \"DigitalGuardianRareUrls.yaml\",\n \"DigitalGuardianUrlByUser.yaml\"\n]"
}
Binary file added Solutions/DigitalGuardianDLP/Package/3.0.0.zip
View file
Binary file not shown.
36 changes: 25 additions & 11 deletions Solutions/DigitalGuardianDLP/Package/createUiDefinition.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
"config": {
"isWizard": false,
"basics": {
"description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** _There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing._\n\nThe [Digital Guardian Data Loss Prevention (DLP)](https://digitalguardian.com/platform-overview) solution provides the capability to ingest Digital Guardian DLP logs into Microsoft Sentinel.\r\n \r\n \r\n **Underlying Microsoft Technologies used:** \r\n \r\n This solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\r\n \r\n a. [Agent-based log collection (Syslog) ](https://docs.microsoft.com/azure/sentinel/connect-syslog)\n\n**Data Connectors:** 1, **Parsers:** 1, **Workbooks:** 1, **Analytic Rules:** 10, **Hunting Queries:** 10\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
"description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \r \n • Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/DigitalGuardianDLP/ReleaseNotes.md)\r \n There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Digital Guardian Data Loss Prevention (DLP)](https://digitalguardian.com/platform-overview) data connector provides the capability to ingest Digital Guardian DLP logs into Microsoft Sentinel.\r\n \r\n **Underlying Microsoft Technologies used:** \r\n \r\n This solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\r\n \r\n a. [Agent-based log collection (Syslog) ](https://docs.microsoft.com/azure/sentinel/connect-syslog)\n\n**Data Connectors:** 1, **Parsers:** 1, **Workbooks:** 1, **Analytic Rules:** 10, **Hunting Queries:** 10\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
"subscription": {
"resourceProviders": [
"Microsoft.OperationsManagement/solutions",
Expand Down Expand Up @@ -107,6 +107,20 @@
"uri": "https://docs.microsoft.com/azure/sentinel/tutorial-monitor-your-data"
}
}
},
{
"name": "workbook1",
"type": "Microsoft.Common.Section",
"label": "DigitalGuardianDLP",
"elements": [
{
"name": "workbook1-text",
"type": "Microsoft.Common.TextBlock",
"options": {
"text": "Sets the time name for analysis"
}
}
]
}
]
},
Expand Down Expand Up @@ -309,7 +323,7 @@
"name": "huntingquery1-text",
"type": "Microsoft.Common.TextBlock",
"options": {
"text": "Query searches for incident domains. It depends on the DigitalGuardianDLP data connector and DigitalGuardianDLPEvent data type and DigitalGuardianDLP parser."
"text": "Query searches for incident domains. This hunting query depends on DigitalGuardianDLP data connector (DigitalGuardianDLPEvent Parser or Table)"
}
}
]
Expand All @@ -323,7 +337,7 @@
"name": "huntingquery2-text",
"type": "Microsoft.Common.TextBlock",
"options": {
"text": "Query searches for files sent by users. It depends on the DigitalGuardianDLP data connector and DigitalGuardianDLPEvent data type and DigitalGuardianDLP parser."
"text": "Query searches for files sent by users. This hunting query depends on DigitalGuardianDLP data connector (DigitalGuardianDLPEvent Parser or Table)"
}
}
]
Expand All @@ -337,7 +351,7 @@
"name": "huntingquery3-text",
"type": "Microsoft.Common.TextBlock",
"options": {
"text": "Query searches for users' incidents. It depends on the DigitalGuardianDLP data connector and DigitalGuardianDLPEvent data type and DigitalGuardianDLP parser."
"text": "Query searches for users' incidents. This hunting query depends on DigitalGuardianDLP data connector (DigitalGuardianDLPEvent Parser or Table)"
}
}
]
Expand All @@ -351,7 +365,7 @@
"name": "huntingquery4-text",
"type": "Microsoft.Common.TextBlock",
"options": {
"text": "Query searches for insecure file transfer sources. It depends on the DigitalGuardianDLP data connector and DigitalGuardianDLPEvent data type and DigitalGuardianDLP parser."
"text": "Query searches for insecure file transfer sources. This hunting query depends on DigitalGuardianDLP data connector (DigitalGuardianDLPEvent Parser or Table)"
}
}
]
Expand All @@ -365,7 +379,7 @@
"name": "huntingquery5-text",
"type": "Microsoft.Common.TextBlock",
"options": {
"text": "Query searches for inspected files. It depends on the DigitalGuardianDLP data connector and DigitalGuardianDLPEvent data type and DigitalGuardianDLP parser."
"text": "Query searches for inspected files. This hunting query depends on DigitalGuardianDLP data connector (DigitalGuardianDLPEvent Parser or Table)"
}
}
]
Expand All @@ -379,7 +393,7 @@
"name": "huntingquery6-text",
"type": "Microsoft.Common.TextBlock",
"options": {
"text": "Query searches for new incidents. It depends on the DigitalGuardianDLP data connector and DigitalGuardianDLPEvent data type and DigitalGuardianDLP parser."
"text": "Query searches for new incidents. This hunting query depends on DigitalGuardianDLP data connector (DigitalGuardianDLPEvent Parser or Table)"
}
}
]
Expand All @@ -393,7 +407,7 @@
"name": "huntingquery7-text",
"type": "Microsoft.Common.TextBlock",
"options": {
"text": "Query searches for rare destination ports. It depends on the DigitalGuardianDLP data connector and DigitalGuardianDLPEvent data type and DigitalGuardianDLP parser."
"text": "Query searches for rare destination ports. This hunting query depends on DigitalGuardianDLP data connector (DigitalGuardianDLPEvent Parser or Table)"
}
}
]
Expand All @@ -407,7 +421,7 @@
"name": "huntingquery8-text",
"type": "Microsoft.Common.TextBlock",
"options": {
"text": "Query searches rare network protocols. It depends on the DigitalGuardianDLP data connector and DigitalGuardianDLPEvent data type and DigitalGuardianDLP parser."
"text": "Query searches rare network protocols. This hunting query depends on DigitalGuardianDLP data connector (DigitalGuardianDLPEvent Parser or Table)"
}
}
]
Expand All @@ -421,7 +435,7 @@
"name": "huntingquery9-text",
"type": "Microsoft.Common.TextBlock",
"options": {
"text": "Query searches for rare Urls. It depends on the DigitalGuardianDLP data connector and DigitalGuardianDLPEvent data type and DigitalGuardianDLP parser."
"text": "Query searches for rare Urls. This hunting query depends on DigitalGuardianDLP data connector (DigitalGuardianDLPEvent Parser or Table)"
}
}
]
Expand All @@ -435,7 +449,7 @@
"name": "huntingquery10-text",
"type": "Microsoft.Common.TextBlock",
"options": {
"text": "Query searches for URLs used. It depends on the DigitalGuardianDLP data connector and DigitalGuardianDLPEvent data type and DigitalGuardianDLP parser."
"text": "Query searches for URLs used. This hunting query depends on DigitalGuardianDLP data connector (DigitalGuardianDLPEvent Parser or Table)"
}
}
]
Expand Down
Loading

0 comments on commit 7989483

Please sign in to comment.