Merge pull request #9238 from Azure/v-sabiraj-fixCiscoasa

Updating connectivity criteria for Cisco ASA

Solutions/CiscoASA/Data Connectors/template_CiscoAsaAma.JSON

@@ -18,8 +18,10 @@
   ],
   "connectivityCriterias": [
     {
-      "type": "CommonSecurityEvents",
-      "value": null
+      "type": "IsConnectedQuery",
+      "value": [
+        "\nCommonSecurityLog\n| where DeviceVendor =~ \"Cisco\"\n| where DeviceProduct == \"ASA\"\n\n            | summarize LastLogReceived = max(TimeGenerated)\n            | project IsConnected = LastLogReceived > ago(7d)"
+      ]
     }
   ],
   "dataTypes": [

Solutions/CiscoASA/Data/Solution_Cisco asa.json

@@ -8,20 +8,20 @@
   ],
   "Data Connectors": [
     "Solutions/CiscoASA/Data Connectors/CiscoASA.json",
-	"Solutions/CiscoASA/Data Connectors/template_CiscoAsaAma.json"
+    "Solutions/CiscoASA/Data Connectors/template_CiscoAsaAma.json"
   ],
   "Playbooks": [
-  "Solutions/CiscoASA/Playbooks/CiscoASAConnector/azuredeploy.json",
+    "Solutions/CiscoASA/Playbooks/CiscoASAConnector/azuredeploy.json",
     "Solutions/CiscoASA/Playbooks/CiscoASA-AddIPtoNetworkObjectGroup/azuredeploy.json",
     "Solutions/CiscoASA/Playbooks/CiscoASA-CreateACEInACL/azuredeploy.json",
-    "Solutions/CiscoASA/Playbooks/CiscoASA-CreateInboundAccessRuleOnInterface/azuredeploy.json"  
+    "Solutions/CiscoASA/Playbooks/CiscoASA-CreateInboundAccessRuleOnInterface/azuredeploy.json"
   ],
   "Analytic Rules": [
     "Solutions/CiscoASA/Analytic Rules/CiscoASA-ThreatDetectionMessage.yaml",
     "Solutions/CiscoASA/Analytic Rules/CiscoASA-AvgAttackDetectRateIncrease.yaml"
   ],
   "BasePath": "C:\\GitHub\\Azure-Sentinel\\",
-  "Version": "2.0.4",
+  "Version": "3.0.1",
   "Metadata": "SolutionMetadata.json",
   "TemplateSpec": true,
   "Is1PConnector": false

Solutions/CiscoASA/Package/createUiDefinition.json

@@ -6,7 +6,7 @@
     "config": {
       "isWizard": false,
       "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/cisco-logo-72px.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** _There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing._\n\nThe [Cisco ASA](https://www.cisco.com/c/en_in/products/security/adaptive-security-appliance-asa-software/index.html) solution for Microsoft Sentinel enables you to ingest [Cisco ASA logs](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/b_syslog/messages-listed-by-severity-level.html) into Microsoft Sentinel. \n\n**Underlying Microsoft Technologies used:**\n\nThis solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\n\n a. [Agent-based log collection (Syslog)](https://docs.microsoft.com/azure/sentinel/connect-syslog)\n\n**Data Connectors:** 1, **Workbooks:** 1, **Analytic Rules:** 2, **Custom Azure Logic Apps Connectors:** 1, **Playbooks:** 3\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/cisco-logo-72px.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \r \n • Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/CiscoASA/ReleaseNotes.md)\r \n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Cisco ASA](https://www.cisco.com/c/en_in/products/security/adaptive-security-appliance-asa-software/index.html) solution for Microsoft Sentinel enables you to ingest [Cisco ASA logs](https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/b_syslog/messages-listed-by-severity-level.html) into Microsoft Sentinel. This solution includes two (2) data connectors to help ingest the logs.\n\r\n1. **Cisco ASA/FTD via AMA** - This data connector helps in ingesting Cisco ASA logs into your Log Analytics Workspace using the new Azure Monitor Agent. Learn more about ingesting using the new Azure Monitor Agent [here](https://learn.microsoft.com/azure/sentinel/connect-cef-ama). **Microsoft recommends using this Data Connector**\n\r\n2. **Cisco ASA via Legacy Agent** - This data connector helps in ingesting Cisco ASA logs into your Log Analytics Workspace using the legacy Log Analytics agent.\n\n<P style=\"color:red\">**NOTE:** Microsoft recommends Installation of Cisco ASA/FTD via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by **Aug 31,2024** and thus should only be installed where AMA is not supported.</p>\n\n**Underlying Microsoft Technologies used:**\n\nThis solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\n\n a. [Agent-based log collection (Syslog)](https://docs.microsoft.com/azure/sentinel/connect-syslog)\n\n**Data Connectors:** 2, **Workbooks:** 1, **Analytic Rules:** 2, **Custom Azure Logic Apps Connectors:** 1, **Playbooks:** 3\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
         "subscription": {
           "resourceProviders": [
             "Microsoft.OperationsManagement/solutions",
@@ -56,11 +56,39 @@
         "label": "Data Connectors",
         "bladeTitle": "Data Connectors",
         "elements": [
+          {
+            "name": "dataconnectors4-text",
+            "type": "Microsoft.Common.TextBlock",
+            "options": {
+              "text": "Installing this solution will deploy two data connectors,"
+            }
+          },
           {
             "name": "dataconnectors1-text",
             "type": "Microsoft.Common.TextBlock",
             "options": {
-              "text": "This solution installs the data connector for ingesting logs from Cisco Adaptive Security Appliance (ASA) in syslog format. After installing the solution, configure and enable this data connector by following guidance in Manage solution view. "
+              "text": "Cisco ASA/FTD via AMA - This data connector helps in ingesting Cisco ASA logs into your Log Analytics Workspace using the new Azure Monitor Agent. Microsoft recommends using this Data Connector."
+            }
+          },
+          {
+            "name": "dataconnectors2-text",
+            "type": "Microsoft.Common.TextBlock",
+            "options": {
+              "text": "Cisco ASA via Legacy Agent - This data connector helps in ingesting Cisco ASA logs into your Log Analytics Workspace using the legacy Log Analytics agent."
+            }
+          },
+          {
+            "name": "dataconnectors3-text",
+            "type": "Microsoft.Common.TextBlock",
+            "options": {
+              "text": "NOTE: Microsoft recommends Installation of Cisco ASA/FTD via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by Aug 31,2024 and thus should only be installed where AMA is not supported."
+            }
+          },
+          {
+            "name": "dataconnectors5-text",
+            "type": "Microsoft.Common.TextBlock",
+            "options": {
+              "text": "After installing the solution, configure and enable the data connector(s) by following guidance in Manage solution view."
             }
           },
           {
@@ -208,4 +236,4 @@
       "workspace": "[basics('workspace')]"
     }
   }
-}
+}