Skip to content

Commit

Permalink
adding solution SentinelOne
Browse files Browse the repository at this point in the history
  • Loading branch information
@idoshabi07
idoshabi07 committed Nov 26, 2024
1 parent 5e1336f commit 813613c
Show file tree
Hide file tree
Showing 17 changed files with 5,830 additions and 608 deletions.
688 changes: 688 additions & 0 deletions Solutions/SentinelOne/Data Connectors/SentinelOne_ccp/DCR.json
View file

Large diffs are not rendered by default.

338 changes: 338 additions & 0 deletions Solutions/SentinelOne/Data Connectors/SentinelOne_ccp/PollerConfig.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,338 @@
[{
"name": "SentinelOnePoller_activities_created_events",
"apiVersion": "2022-10-01-preview",
"type": "Microsoft.SecurityInsights/dataConnectors",
"kind": "RestApiPoller",
"properties": {
"connectorDefinitionName": "SentinelOne",
"dcrConfig": {
"streamName": "Custom-SentinelOneActivities_API",
"dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]",
"dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]"
},
"dataType": "SentinelOne API",
"auth": {
"type": "APIKey",
"ApiKey": "[[parameters('apitoken')]",
"ApiKeyName" : "Authorization",
"ApiKeyIdentifier": "ApiToken"
},
"request": {
"apiEndpoint": "[[concat(parameters('managementUrl'), '/web/api/','v2.1', '/', 'activities')]",
"rateLimitQPS": 10,
"queryWindowInMin": 5,
"httpMethod": "GET",
"queryTimeFormat": "yyyy-MM-ddTHH:mm:ssZ",
"queryParameters": {
"createdAt__gt" : "{_QueryWindowStartTime}",
"createdAt__lt" : "{_QueryWindowEndTime}"
},
"retryCount": 3,
"timeoutInSeconds": 60,
"headers": {
"Accept": "application/json",
"User-Agent": "Scuba"
}
},
"paging": {
"pagingType": "NextPageToken",
"PageSize": "1000",
"PageSizeParameterName": "limit",
"NextPageTokenJsonPath": "$.pagination.nextCursor",
"NextPageParaName": "cursor"
},
"response": {
"eventsJsonPaths": ["$.data"]
}
}
},
{
"name": "SentinelOnePoller_agents_created_events",
"apiVersion": "2022-10-01-preview",
"type": "Microsoft.SecurityInsights/dataConnectors",
"kind": "RestApiPoller",
"properties": {
"connectorDefinitionName": "SentinelOne",
"dcrConfig": {
"streamName": "Custom-SentinelOneAgents_API",
"dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]",
"dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]"
},
"dataType": "SentinelOne API",
"auth": {
"type": "APIKey",
"ApiKey": "[[parameters('apitoken')]",
"ApiKeyName" : "Authorization",
"ApiKeyIdentifier": "ApiToken"
},
"request": {
"apiEndpoint": "[[concat(parameters('managementUrl'), '/web/api/','v2.1', '/', 'agents')]",
"rateLimitQPS": 10,
"queryWindowInMin": 5,
"httpMethod": "GET",
"queryTimeFormat": "yyyy-MM-ddTHH:mm:ssZ",
"queryParameters": {
"createdAt__gt" : "{_QueryWindowStartTime}",
"createdAt__lt" : "{_QueryWindowEndTime}"
},
"retryCount": 3,
"timeoutInSeconds": 60,
"headers": {
"Accept": "application/json",
"User-Agent": "Scuba"
}
},
"paging": {
"pagingType": "NextPageToken",
"PageSize": "1000",
"PageSizeParameterName": "limit",
"NextPageTokenJsonPath": "$.pagination.nextCursor",
"NextPageParaName": "cursor"
},
"response": {
"eventsJsonPaths": ["$.data"]
}
}
}
,
{
"name": "SentinelOnePoller_agents_updated_events",
"apiVersion": "2022-10-01-preview",
"type": "Microsoft.SecurityInsights/dataConnectors",
"kind": "RestApiPoller",
"properties": {
"connectorDefinitionName": "SentinelOne",
"dcrConfig": {
"streamName": "Custom-SentinelOneAgents_API",
"dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]",
"dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]"
},
"dataType": "SentinelOne API",
"auth": {
"type": "APIKey",
"ApiKey": "[[parameters('apitoken')]",
"ApiKeyName" : "Authorization",
"ApiKeyIdentifier": "ApiToken"
},
"request": {
"apiEndpoint": "[[concat(parameters('managementUrl'), '/web/api/','v2.1', '/', 'agents')]",
"rateLimitQPS": 10,
"queryWindowInMin": 5,
"httpMethod": "GET",
"queryTimeFormat": "yyyy-MM-ddTHH:mm:ssZ",
"queryParameters": {
"updatedAt__gt" : "{_QueryWindowStartTime}",
"updatedAt__lt" : "{_QueryWindowEndTime}"
},
"retryCount": 3,
"timeoutInSeconds": 60,
"headers": {
"Accept": "application/json",
"User-Agent": "Scuba"
}
},
"paging": {
"pagingType": "NextPageToken",
"PageSize": "200",
"PageSizeParameterName": "limit",
"NextPageTokenJsonPath": "$.pagination.nextCursor",
"NextPageParaName": "cursor"
},
"response": {
"eventsJsonPaths": ["$.data"]
}
}
},
{
"name": "SentinelOnePoller_alerts_created_events",
"apiVersion": "2022-10-01-preview",
"type": "Microsoft.SecurityInsights/dataConnectors",
"kind": "RestApiPoller",
"properties": {
"connectorDefinitionName": "SentinelOne",
"dcrConfig": {
"streamName": "Custom-SentinelOneAlerts_API",
"dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]",
"dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]"
},
"dataType": "SentinelOne API",
"auth": {
"type": "APIKey",
"ApiKey": "[[parameters('apitoken')]",
"ApiKeyName" : "Authorization",
"ApiKeyIdentifier": "ApiToken"
},
"request": {
"apiEndpoint": "[[concat(parameters('managementUrl'), '/web/api/','v2.1', '/', 'cloud-detection/alerts')]",
"rateLimitQPS": 10,
"queryWindowInMin": 5,
"httpMethod": "GET",
"queryTimeFormat": "yyyy-MM-ddTHH:mm:ssZ",
"queryParameters": {
"createdAt__gt" : "{_QueryWindowStartTime}",
"createdAt__lt" : "{_QueryWindowEndTime}"
},
"retryCount": 3,
"timeoutInSeconds": 60,
"headers": {
"Accept": "application/json",
"User-Agent": "Scuba"
}
},
"paging": {
"pagingType": "NextPageToken",
"PageSize": "1000",
"PageSizeParameterName": "limit",
"NextPageTokenJsonPath": "$.pagination.nextCursor",
"NextPageParaName": "cursor"
},
"response": {
"eventsJsonPaths": ["$.data"]
}
}
},
{
"name": "SentinelOnePoller_groups_updated_events",
"apiVersion": "2022-10-01-preview",
"type": "Microsoft.SecurityInsights/dataConnectors",
"kind": "RestApiPoller",
"properties": {
"connectorDefinitionName": "SentinelOne",
"dcrConfig": {
"streamName": "Custom-SentinelOneGroups_API",
"dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]",
"dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]"
},
"dataType": "SentinelOne API",
"auth": {
"type": "APIKey",
"ApiKey": "[[parameters('apitoken')]",
"ApiKeyName" : "Authorization",
"ApiKeyIdentifier": "ApiToken"
},
"request": {
"apiEndpoint": "[[concat(parameters('managementUrl'), '/web/api/','v2.1', '/', 'groups')]",
"rateLimitQPS": 10,
"queryWindowInMin": 5,
"httpMethod": "GET",
"queryTimeFormat": "yyyy-MM-ddTHH:mm:ssZ",
"queryParameters": {
"updatedAt__gt" : "{_QueryWindowStartTime}",
"updatedAt__lt" : "{_QueryWindowEndTime}"
},
"retryCount": 3,
"timeoutInSeconds": 60,
"headers": {
"Accept": "application/json",
"User-Agent": "Scuba"
}
},
"paging": {
"pagingType": "NextPageToken",
"PageSize": "200",
"PageSizeParameterName": "limit",
"NextPageTokenJsonPath": "$.pagination.nextCursor",
"NextPageParaName": "cursor"
},
"response": {
"eventsJsonPaths": ["$.data"]
}
}
},
{
"name": "SentinelOnePoller_threats_created_events",
"apiVersion": "2022-10-01-preview",
"type": "Microsoft.SecurityInsights/dataConnectors",
"kind": "RestApiPoller",
"properties": {
"connectorDefinitionName": "SentinelOne",
"dcrConfig": {
"streamName": "Custom-SentinelOneThreats_API",
"dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]",
"dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]"
},
"dataType": "SentinelOne API",
"auth": {
"type": "APIKey",
"ApiKey": "[[parameters('apitoken')]",
"ApiKeyName" : "Authorization",
"ApiKeyIdentifier": "ApiToken"
},
"request": {
"apiEndpoint": "[[concat(parameters('managementUrl'), '/web/api/','v2.1', '/', 'threats')]",
"rateLimitQPS": 10,
"queryWindowInMin": 5,
"httpMethod": "GET",
"queryTimeFormat": "yyyy-MM-ddTHH:mm:ssZ",
"queryParameters": {
"createdAt__gt" : "{_QueryWindowStartTime}",
"createdAt__lt" : "{_QueryWindowEndTime}"
},
"retryCount": 3,
"timeoutInSeconds": 60,
"headers": {
"Accept": "application/json",
"User-Agent": "Scuba"
}
},
"paging": {
"pagingType": "NextPageToken",
"PageSize": "1000",
"PageSizeParameterName": "limit",
"NextPageTokenJsonPath": "$.pagination.nextCursor",
"NextPageParaName": "cursor"
},
"response": {
"eventsJsonPaths": ["$.data"]
}
}
},
{
"name": "SentinelOnePoller_threats_updated_events",
"apiVersion": "2022-10-01-preview",
"type": "Microsoft.SecurityInsights/dataConnectors",
"kind": "RestApiPoller",
"properties": {
"connectorDefinitionName": "SentinelOne",
"dcrConfig": {
"streamName": "Custom-SentinelOneThreats_API",
"dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]",
"dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]"
},
"dataType": "SentinelOne API",
"auth": {
"type": "APIKey",
"ApiKey": "[[parameters('apitoken')]",
"ApiKeyName" : "Authorization",
"ApiKeyIdentifier": "ApiToken"
},
"request": {
"apiEndpoint": "[[concat(parameters('managementUrl'), '/web/api/','v2.1', '/', 'threats')]",
"rateLimitQPS": 10,
"queryWindowInMin": 5,
"httpMethod": "GET",
"queryTimeFormat": "yyyy-MM-ddTHH:mm:ssZ",
"queryParameters": {
"updatedAt__gt" : "{_QueryWindowStartTime}",
"updatedAt__lt" : "{_QueryWindowEndTime}"
},
"retryCount": 3,
"timeoutInSeconds": 60,
"headers": {
"Accept": "application/json",
"User-Agent": "Scuba"
}
},
"paging": {
"pagingType": "NextPageToken",
"PageSize": "200",
"PageSizeParameterName": "limit",
"NextPageTokenJsonPath": "$.pagination.nextCursor",
"NextPageParaName": "cursor"
},
"response": {
"eventsJsonPaths": ["$.data"]
}
}
}
]
Loading

0 comments on commit 813613c

Please sign in to comment.