Merge pull request #11519 from Azure/v-rusraut/Ubiquiti,zscalar,apach…

…ehttpserver-removeDC

Repackage - Ubiquiti UniFi

Solutions/Ubiquiti UniFi/Analytic Rules/UbiquitiCryptominer.yaml

@@ -5,9 +5,6 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: UbiquitiUnifi
-    dataTypes:
-      - UbiquitiAuditEvent
   - connectorId: CustomLogsAma
     dataTypes:
       - Ubiquiti_CL
@@ -33,5 +30,5 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: IPCustomEntity
-version: 1.0.1
+version: 1.0.2
 kind: Scheduled

Solutions/Ubiquiti UniFi/Analytic Rules/UbiquitiDestinationInTiList.yaml

@@ -5,9 +5,6 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: UbiquitiUnifi
-    dataTypes:
-      - UbiquitiAuditEvent
   - connectorId: CustomLogsAma
     dataTypes:
       - Ubiquiti_CL
@@ -39,5 +36,5 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: IPCustomEntity
-version: 1.0.1
+version: 1.0.2
 kind: Scheduled

Solutions/Ubiquiti UniFi/Analytic Rules/UbiquitiL2RFTP.yaml

@@ -5,9 +5,6 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: UbiquitiUnifi
-    dataTypes:
-      - UbiquitiAuditEvent
   - connectorId: CustomLogsAma
     dataTypes:
       - Ubiquiti_CL
@@ -35,5 +32,5 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: IPCustomEntity
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled

Solutions/Ubiquiti UniFi/Analytic Rules/UbiquitiL2RLargeIcmp.yaml

@@ -5,9 +5,6 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: UbiquitiUnifi
-    dataTypes:
-      - UbiquitiAuditEvent
   - connectorId: CustomLogsAma
     dataTypes:
       - Ubiquiti_CL
@@ -42,5 +39,5 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: IPCustomEntity
-version: 1.0.1
+version: 1.0.2
 kind: Scheduled

Solutions/Ubiquiti UniFi/Analytic Rules/UbiquitiNonCorpDns.yaml

@@ -5,9 +5,6 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: UbiquitiUnifi
-    dataTypes:
-      - UbiquitiAuditEvent
   - connectorId: CustomLogsAma
     dataTypes:
       - Ubiquiti_CL
@@ -32,5 +29,5 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: IPCustomEntity
-version: 1.0.1
+version: 1.0.2
 kind: Scheduled

Solutions/Ubiquiti UniFi/Analytic Rules/UbiquitiR2LDns.yaml

@@ -5,9 +5,6 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: UbiquitiUnifi
-    dataTypes:
-      - UbiquitiAuditEvent
   - connectorId: CustomLogsAma
     dataTypes:
       - Ubiquiti_CL
@@ -35,5 +32,5 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: IPCustomEntity
-version: 1.0.1
+version: 1.0.2
 kind: Scheduled

Solutions/Ubiquiti UniFi/Analytic Rules/UbiquitiR2LRDP.yaml

@@ -5,9 +5,6 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: UbiquitiUnifi
-    dataTypes:
-      - UbiquitiAuditEvent
   - connectorId: CustomLogsAma
     dataTypes:
       - Ubiquiti_CL
@@ -31,5 +28,5 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: IPCustomEntity
-version: 1.0.1
+version: 1.0.2
 kind: Scheduled

Solutions/Ubiquiti UniFi/Analytic Rules/UbiquitiR2LSSH.yaml

@@ -5,9 +5,6 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: UbiquitiUnifi
-    dataTypes:
-      - UbiquitiAuditEvent
   - connectorId: CustomLogsAma
     dataTypes:
       - Ubiquiti_CL
@@ -31,5 +28,5 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: IPCustomEntity
-version: 1.0.1
+version: 1.0.2
 kind: Scheduled

Solutions/Ubiquiti UniFi/Analytic Rules/UbiquitiUnknownMacJoined.yaml

@@ -5,9 +5,6 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: UbiquitiUnifi
-    dataTypes:
-      - UbiquitiAuditEvent
   - connectorId: CustomLogsAma
     dataTypes:
       - Ubiquiti_CL
@@ -36,5 +33,5 @@ entityMappings:
     fieldMappings:
       - identifier: FullName
         columnName: HostCustomEntity
-version: 1.0.1
+version: 1.0.2
 kind: Scheduled

Solutions/Ubiquiti UniFi/Analytic Rules/UbiquitiUnusualTraffic.yaml

@@ -5,9 +5,6 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: UbiquitiUnifi
-    dataTypes:
-      - UbiquitiAuditEvent
   - connectorId: CustomLogsAma
     dataTypes:
       - Ubiquiti_CL
@@ -30,5 +27,5 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: IPCustomEntity
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled

Solutions/Ubiquiti UniFi/Data/Solution_Ubiquiti UniFi.json

@@ -2,7 +2,7 @@
   "Name": "Ubiquiti UniFi",
   "Author": "Microsoft - support@microsoft.com",
   "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/Ubiquiti%20UniFi/Data%20Connectors/Logo/ubiquiti.svg\" width=\"75px\" height=\"75px\">",
-  "Description": "The [Ubiquiti UniFi](https://www.ui.com/) solution provides the capability to ingest [Ubiquiti UniFi firewall, dns, ssh, AP events](https://help.ui.com/hc/articles/204959834-UniFi-How-to-View-Log-Files) into Microsoft Sentinel.\n\n This solution is dependent on the Custom logs via AMA connector to collect the logs. The Custom logs solution will be installed as part of this solution installation.\n\n **NOTE**: Microsoft recommends installation of Custom logs via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by Aug 31, 2024. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).",
+  "Description": "The [Ubiquiti UniFi](https://www.ui.com/) solution provides the capability to ingest [Ubiquiti UniFi firewall, dns, ssh, AP events](https://help.ui.com/hc/articles/204959834-UniFi-How-to-View-Log-Files) into Microsoft Sentinel.\n\n This solution is dependent on the Custom logs via AMA connector to collect the logs. The Custom logs solution will be installed as part of this solution installation.\n\n **NOTE**: Microsoft recommends installation of Custom logs via AMA Connector. Legacy connector uses the Log Analytics agent which were deprecated on **Aug 31, 2024.** Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).",
   "Workbooks": [
     "Workbooks/Ubiquiti.json"
   ],
@@ -18,9 +18,6 @@
     "Hunting Queries/UbiquitiUnusualSubdomains.yaml",
     "Hunting Queries/UbiquitiVulnerableDevices.yaml"
   ],
-  "Data Connectors": [
-    "Data Connectors/Connector_Ubiquiti_agent.json"
-  ],
   "Analytic Rules": [
     "Analytic Rules/UbiquitiCryptominer.yaml",
     "Analytic Rules/UbiquitiDestinationInTiList.yaml",
@@ -40,7 +37,7 @@
     "azuresentinel.azure-sentinel-solution-customlogsviaama"
   ],
   "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\Ubiquiti UniFi",
-  "Version": "3.0.2",
+  "Version": "3.0.3",
   "Metadata": "SolutionMetadata.json",
   "TemplateSpec": true,
   "Is1Pconnector": false

Solutions/Ubiquiti UniFi/Hunting Queries/UbiquitiDnsTimeOut.yaml

@@ -4,9 +4,6 @@ description: |
   'Query shows failed DNS requests due to timeout.'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: UbiquitiUnifi
-    dataTypes:
-      - UbiquitiAuditEvent
   - connectorId: CustomLogsAma
     dataTypes:
       - Ubiquiti_CL

Solutions/Ubiquiti UniFi/Hunting Queries/UbiquitiInternalDnsServer.yaml

@@ -4,9 +4,6 @@ description: |
   'Query shows list of unaccounted internal DNS servers.'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: UbiquitiUnifi
-    dataTypes:
-      - UbiquitiAuditEvent
   - connectorId: CustomLogsAma
     dataTypes:
       - Ubiquiti_CL

Solutions/Ubiquiti UniFi/Hunting Queries/UbiquitiRareInternalPorts.yaml

@@ -4,9 +4,6 @@ description: |
   'Query shows list of least used internal destination ports.'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: UbiquitiUnifi
-    dataTypes:
-      - UbiquitiAuditEvent
   - connectorId: CustomLogsAma
     dataTypes:
       - Ubiquiti_CL

Solutions/Ubiquiti UniFi/Hunting Queries/UbiquitiTopBlockedDst.yaml

@@ -4,9 +4,6 @@ description: |
   'Query shows list of top destinations connections to which were blocked by firewall.'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: UbiquitiUnifi
-    dataTypes:
-      - UbiquitiAuditEvent
   - connectorId: CustomLogsAma
     dataTypes:
       - Ubiquiti_CL

Solutions/Ubiquiti UniFi/Hunting Queries/UbiquitiTopBlockedExternalServices.yaml

@@ -4,9 +4,6 @@ description: |
   'Query shows list of top blocked connections to external services.'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: UbiquitiUnifi
-    dataTypes:
-      - UbiquitiAuditEvent
   - connectorId: CustomLogsAma
     dataTypes:
       - Ubiquiti_CL

Solutions/Ubiquiti UniFi/Hunting Queries/UbiquitiTopBlockedInternalServices.yaml

@@ -4,9 +4,6 @@ description: |
   'Query shows list of top blocked connections to internal services.'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: UbiquitiUnifi
-    dataTypes:
-      - UbiquitiAuditEvent
   - connectorId: CustomLogsAma
     dataTypes:
       - Ubiquiti_CL

Solutions/Ubiquiti UniFi/Hunting Queries/UbiquitiTopBlockedSrc.yaml

@@ -4,9 +4,6 @@ description: |
   'Query shows list of top sources with blocked connections.'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: UbiquitiUnifi
-    dataTypes:
-      - UbiquitiAuditEvent
   - connectorId: CustomLogsAma
     dataTypes:
       - Ubiquiti_CL

Solutions/Ubiquiti UniFi/Hunting Queries/UbiquitiTopFirewallRules.yaml

@@ -4,9 +4,6 @@ description: |
   'Query shows list of top triggered firewall rules.'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: UbiquitiUnifi
-    dataTypes:
-      - UbiquitiAuditEvent
   - connectorId: CustomLogsAma
     dataTypes:
       - Ubiquiti_CL

Solutions/Ubiquiti UniFi/Hunting Queries/UbiquitiUnusualSubdomains.yaml

@@ -4,9 +4,6 @@ description: |
   'Query counts the number of unique subdomains for each TLD.'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: UbiquitiUnifi
-    dataTypes:
-      - UbiquitiAuditEvent
   - connectorId: CustomLogsAma
     dataTypes:
       - Ubiquiti_CL

Solutions/Ubiquiti UniFi/Hunting Queries/UbiquitiVulnerableDevices.yaml

@@ -4,9 +4,6 @@ description: |
   'Query shows list of devices (APs) which do not have the latest version of firmware installed.'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: UbiquitiUnifi
-    dataTypes:
-      - UbiquitiAuditEvent
   - connectorId: CustomLogsAma
     dataTypes:
       - Ubiquiti_CL