Merge branch 'Azure:master' into master

Azure · Dec 8, 2024 · 7ddcbc4 · 7ddcbc4
2 parents fba9861 + c5402b7
commit 7ddcbc4
Show file tree

Hide file tree

Showing 51 changed files with 243 additions and 1,417 deletions.
diff --git a/Solutions/ApacheHTTPServer/Analytic Rules/ApacheCVE-2021-41773.yaml b/Solutions/ApacheHTTPServer/Analytic Rules/ApacheCVE-2021-41773.yaml
@@ -5,9 +5,6 @@ description: |
 severity: High
 status: Available
 requiredDataConnectors:
-  - connectorId: ApacheHTTPServer
-    dataTypes:
-      - ApacheHTTPServer
   - connectorId: CustomLogsAma
     datatypes:
       - ApacheHTTPServer_CL
@@ -33,5 +30,5 @@ entityMappings:
     fieldMappings:
       - identifier: Url
         columnName: UrlCustomEntity
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled
diff --git a/Solutions/ApacheHTTPServer/Analytic Rules/ApacheCommandInURI.yaml b/Solutions/ApacheHTTPServer/Analytic Rules/ApacheCommandInURI.yaml
@@ -5,9 +5,6 @@ description: |
 severity: High
 status: Available
 requiredDataConnectors:
-  - connectorId: ApacheHTTPServer
-    dataTypes:
-      - ApacheHTTPServer
   - connectorId: CustomLogsAma
     datatypes:
       - ApacheHTTPServer_CL
@@ -30,5 +27,5 @@ entityMappings:
     fieldMappings:
       - identifier: Url
         columnName: UrlCustomEntity
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled
diff --git a/Solutions/ApacheHTTPServer/Analytic Rules/ApacheKnownMaliciousUserAgents.yaml b/Solutions/ApacheHTTPServer/Analytic Rules/ApacheKnownMaliciousUserAgents.yaml
@@ -5,9 +5,6 @@ description: |
 severity: High
 status: Available
 requiredDataConnectors:
-  - connectorId: ApacheHTTPServer
-    dataTypes:
-      - ApacheHTTPServer
   - connectorId: CustomLogsAma
     datatypes:
       - ApacheHTTPServer_CL
@@ -30,5 +27,5 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: IPCustomEntity
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled
diff --git a/Solutions/ApacheHTTPServer/Analytic Rules/ApacheMultipleClientErrorsFromSingleIP.yaml b/Solutions/ApacheHTTPServer/Analytic Rules/ApacheMultipleClientErrorsFromSingleIP.yaml
@@ -5,9 +5,6 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: ApacheHTTPServer
-    dataTypes:
-      - ApacheHTTPServer
   - connectorId: CustomLogsAma
     datatypes:
       - ApacheHTTPServer_CL
@@ -32,5 +29,5 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: IPCustomEntity
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled
diff --git a/...tions/ApacheHTTPServer/Analytic Rules/ApacheMultipleServerErrorsRequestsFromSingleIP.yaml b/...tions/ApacheHTTPServer/Analytic Rules/ApacheMultipleServerErrorsRequestsFromSingleIP.yaml
@@ -5,9 +5,6 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: ApacheHTTPServer
-    dataTypes:
-      - ApacheHTTPServer
   - connectorId: CustomLogsAma
     datatypes:
       - ApacheHTTPServer_CL
@@ -34,5 +31,5 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: IPCustomEntity
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled
diff --git a/Solutions/ApacheHTTPServer/Analytic Rules/ApachePrivateIpInUrl.yaml b/Solutions/ApacheHTTPServer/Analytic Rules/ApachePrivateIpInUrl.yaml
@@ -5,9 +5,6 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: ApacheHTTPServer
-    dataTypes:
-      - ApacheHTTPServer
   - connectorId: CustomLogsAma
     datatypes:
       - ApacheHTTPServer_CL
@@ -29,5 +26,5 @@ entityMappings:
     fieldMappings:
       - identifier: Url
         columnName: UrlCustomEntity
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled
diff --git a/Solutions/ApacheHTTPServer/Analytic Rules/ApachePutSuspiciousFiles.yaml b/Solutions/ApacheHTTPServer/Analytic Rules/ApachePutSuspiciousFiles.yaml
@@ -5,9 +5,6 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: ApacheHTTPServer
-    dataTypes:
-      - ApacheHTTPServer
   - connectorId: CustomLogsAma
     datatypes:
       - ApacheHTTPServer_CL
@@ -38,5 +35,5 @@ entityMappings:
     fieldMappings:
       - identifier: Url
         columnName: UrlCustomEntity
-version: 1.0.1
+version: 1.0.2
 kind: Scheduled
diff --git a/Solutions/ApacheHTTPServer/Analytic Rules/ApacheRequestFromPrivateIP.yaml b/Solutions/ApacheHTTPServer/Analytic Rules/ApacheRequestFromPrivateIP.yaml
@@ -5,9 +5,6 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: ApacheHTTPServer
-    dataTypes:
-      - ApacheHTTPServer
   - connectorId: CustomLogsAma
     datatypes:
       - ApacheHTTPServer_CL
@@ -31,5 +28,5 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: IPCustomEntity
-version: 1.0.1
+version: 1.0.2
 kind: Scheduled
diff --git a/Solutions/ApacheHTTPServer/Analytic Rules/ApacheRequestToRareFile.yaml b/Solutions/ApacheHTTPServer/Analytic Rules/ApacheRequestToRareFile.yaml
@@ -5,9 +5,6 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: ApacheHTTPServer
-    dataTypes:
-      - ApacheHTTPServer
   - connectorId: CustomLogsAma
     datatypes:
       - ApacheHTTPServer_CL
@@ -41,5 +38,5 @@ entityMappings:
     fieldMappings:
       - identifier: Url
         columnName: UrlCustomEntity
-version: 1.0.1
+version: 1.0.2
 kind: Scheduled
diff --git a/Solutions/ApacheHTTPServer/Analytic Rules/ApacheRequestToSensitiveFiles.yaml b/Solutions/ApacheHTTPServer/Analytic Rules/ApacheRequestToSensitiveFiles.yaml
@@ -5,9 +5,6 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: ApacheHTTPServer
-    dataTypes:
-      - ApacheHTTPServer
   - connectorId: CustomLogsAma
     datatypes:
       - ApacheHTTPServer_CL
@@ -35,5 +32,5 @@ entityMappings:
     fieldMappings:
       - identifier: Url
         columnName: UrlCustomEntity
-version: 1.0.1
+version: 1.0.2
 kind: Scheduled
diff --git a/Solutions/ApacheHTTPServer/Data/Solution_Apache Http Server.json b/Solutions/ApacheHTTPServer/Data/Solution_Apache Http Server.json
@@ -2,7 +2,7 @@
   "Name": "ApacheHTTPServer",
   "Author": "Microsoft - support@microsoft.com",
   "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/ApacheHTTPServer/Workbooks/Images/Logo/apache.svg\" width=\"75px\" height=\"75px\">",
-  "Description": "The Apache HTTP Server solution provides the capability to ingest [Apache HTTP Server](http://httpd.apache.org/) events into Microsoft Sentinel. Refer to [Apache Logs documentation](https://httpd.apache.org/docs/2.4/logs.html) for more information.\n\n This solution is dependent on the Custom logs via AMA connector to collect the logs. The Custom logs solution will be installed as part of this solution installation. \n\n **NOTE**: Microsoft recommends installation of Custom logs via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by **Aug 31, 2024**. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/azure/sentinel/ama-migrate?WT.mc_id=Portal-fx).",
+  "Description": "The Apache HTTP Server solution provides the capability to ingest [Apache HTTP Server](http://httpd.apache.org/) events into Microsoft Sentinel. Refer to [Apache Logs documentation](https://httpd.apache.org/docs/2.4/logs.html) for more information.\n\n This solution is dependent on the Custom logs via AMA connector to collect the logs. The Custom logs solution will be installed as part of this solution installation. \n\n **NOTE**: Microsoft recommends installation of Custom logs via AMA Connector. Legacy connector uses the Log Analytics agent which were deprecated on **Aug 31, 2024.** Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/azure/sentinel/ama-migrate?WT.mc_id=Portal-fx).",
   "Workbooks": [ 
     "Workbooks/ApacheHTTPServer.json" 
   ],
@@ -21,9 +21,6 @@
     "Hunting Queries/ApacheUrlClienterrors.yaml",
     "Hunting Queries/ApacheUrlServerErrors.yaml"
   ],
-  "Data Connectors": [
-    "Data Connectors/Connector_ApacheHTTPServer_agent.json"
-  ],
   "Analytic Rules": [
     "Analytic Rules/ApacheCVE-2021-41773.yaml",
     "Analytic Rules/ApacheCommandInURI.yaml",
@@ -40,7 +37,7 @@
     "azuresentinel.azure-sentinel-solution-customlogsviaama"
   ],
   "BasePath": "C:\\GitHub\\azure\\Solutions\\ApacheHTTPServer",
-  "Version": "3.0.0",
+  "Version": "3.0.1",
   "Metadata": "SolutionMetadata.json",
   "TemplateSpec": true
 }
diff --git a/Solutions/ApacheHTTPServer/Hunting Queries/ApacheFilesErrorRequests.yaml b/Solutions/ApacheHTTPServer/Hunting Queries/ApacheFilesErrorRequests.yaml
@@ -4,9 +4,6 @@ description: |
   'Query shows list of files with error requests.'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: ApacheHTTPServer
-    dataTypes:
-      - ApacheHTTPServer
   - connectorId: CustomLogsAma
     datatypes:
       - ApacheHTTPServer_CL

diff --git a/Solutions/ApacheHTTPServer/Hunting Queries/ApacheFilesRequested.yaml b/Solutions/ApacheHTTPServer/Hunting Queries/ApacheFilesRequested.yaml
@@ -4,9 +4,6 @@ description: |
   'Query shows list of files requested'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: ApacheHTTPServer
-    dataTypes:
-      - ApacheHTTPServer
   - connectorId: CustomLogsAma
     datatypes:
       - ApacheHTTPServer_CL

diff --git a/Solutions/ApacheHTTPServer/Hunting Queries/ApacheRareFilesRequested.yaml b/Solutions/ApacheHTTPServer/Hunting Queries/ApacheRareFilesRequested.yaml
@@ -4,9 +4,6 @@ description: |
   'Query detects rare files requested'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: ApacheHTTPServer
-    dataTypes:
-      - ApacheHTTPServer
   - connectorId: CustomLogsAma
     datatypes:
       - ApacheHTTPServer_CL

diff --git a/Solutions/ApacheHTTPServer/Hunting Queries/ApacheRareUAWithClientErrors.yaml b/Solutions/ApacheHTTPServer/Hunting Queries/ApacheRareUAWithClientErrors.yaml
@@ -4,9 +4,6 @@ description: |
   'Query shows rare user agent strings with client errors'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: ApacheHTTPServer
-    dataTypes:
-      - ApacheHTTPServer
   - connectorId: CustomLogsAma
     datatypes:
       - ApacheHTTPServer_CL

diff --git a/Solutions/ApacheHTTPServer/Hunting Queries/ApacheRareURLsRequested.yaml b/Solutions/ApacheHTTPServer/Hunting Queries/ApacheRareURLsRequested.yaml
@@ -4,9 +4,6 @@ description: |
   'Query shows rare URLs requested.'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: ApacheHTTPServer
-    dataTypes:
-      - ApacheHTTPServer
   - connectorId: CustomLogsAma
     datatypes:
       - ApacheHTTPServer_CL

diff --git a/Solutions/ApacheHTTPServer/Hunting Queries/ApacheRareUserAgents.yaml b/Solutions/ApacheHTTPServer/Hunting Queries/ApacheRareUserAgents.yaml
@@ -4,9 +4,6 @@ description: |
   'Query shows rare user agents'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: ApacheHTTPServer
-    dataTypes:
-      - ApacheHTTPServer
   - connectorId: CustomLogsAma
     datatypes:
       - ApacheHTTPServer_CL

diff --git a/Solutions/ApacheHTTPServer/Hunting Queries/ApacheRequestsToUnexistingFiles.yaml b/Solutions/ApacheHTTPServer/Hunting Queries/ApacheRequestsToUnexistingFiles.yaml
@@ -4,9 +4,6 @@ description: |
   'Query shows list of requests to unexisting files'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: ApacheHTTPServer
-    dataTypes:
-      - ApacheHTTPServer
   - connectorId: CustomLogsAma
     datatypes:
       - ApacheHTTPServer_CL

diff --git a/Solutions/ApacheHTTPServer/Hunting Queries/ApacheUnexpectedPostRequests.yaml b/Solutions/ApacheHTTPServer/Hunting Queries/ApacheUnexpectedPostRequests.yaml
@@ -4,9 +4,6 @@ description: |
   'Query detects Unexpected Post Requests'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: ApacheHTTPServer
-    dataTypes:
-      - ApacheHTTPServer
   - connectorId: CustomLogsAma
     datatypes:
       - ApacheHTTPServer_CL

diff --git a/Solutions/ApacheHTTPServer/Hunting Queries/ApacheUrlClienterrors.yaml b/Solutions/ApacheHTTPServer/Hunting Queries/ApacheUrlClienterrors.yaml
@@ -4,9 +4,6 @@ description: |
   'Query shows URLs list with client errors.'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: ApacheHTTPServer
-    dataTypes:
-      - ApacheHTTPServer
   - connectorId: CustomLogsAma
     datatypes:
       - ApacheHTTPServer_CL

diff --git a/Solutions/ApacheHTTPServer/Hunting Queries/ApacheUrlServerErrors.yaml b/Solutions/ApacheHTTPServer/Hunting Queries/ApacheUrlServerErrors.yaml
@@ -4,9 +4,6 @@ description: |
   'Query shows URLs list with server errors.'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: ApacheHTTPServer
-    dataTypes:
-      - ApacheHTTPServer
   - connectorId: CustomLogsAma
     datatypes:
       - ApacheHTTPServer_CL

diff --git a/Solutions/ApacheHTTPServer/Package/3.0.1.zip b/Solutions/ApacheHTTPServer/Package/3.0.1.zip