[skip ci] Github Bot Added package to Pull Request!

Azure · Sep 4, 2023 · 9627f4e · 9627f4e
1 parent 85b2d71
commit 9627f4e
Show file tree

Hide file tree

Showing 4 changed files with 2,173 additions and 1,796 deletions.
diff --git a/Solutions/PingFederate/Data/system_generated_metadata.json b/Solutions/PingFederate/Data/system_generated_metadata.json
@@ -0,0 +1,33 @@
+{
+  "Name": "PingFederate",
+  "Author": "Microsoft - support@microsoft.com",
+  "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/PingFederate/Data%20Connectors/Logo/PingIdentity.svg\" width=\"75px\" height=\"75px\">",
+  "Description": "The [PingFederate](https://www.pingidentity.com/en/pingone/pingfederate.html) solution provides the capability to ingest [PingFederate](https://docs.pingidentity.com/bundle/pingfederate-102/page/lly1564002980532.html) events into Microsoft Sentinel. Refer to [PingFederate documentation](https://docs.pingidentity.com/bundle/pingfederate-102/page/tle1564002955874.html) for more information.\n\n**Underlying Microsoft Technologies used:**\n\nThis solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\n\na. [Agent-based log collection (CEF over Syslog)](https://docs.microsoft.com/azure/sentinel/connect-common-event-format)",
+  "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\PingFederate",
+  "Version": "3.0.0",
+  "Metadata": "SolutionMetadata.json",
+  "TemplateSpec": true,
+  "Is1Pconnector": false,
+  "publisherId": "azuresentinel",
+  "offerId": "azure-sentinel-solution-pingfederate",
+  "providers": [
+    "Ping Identity"
+  ],
+  "categories": {
+    "domains": [
+      "Identity"
+    ]
+  },
+  "firstPublishDate": "2022-06-01",
+  "support": {
+    "name": "Microsoft Corporation",
+    "email": "support@microsoft.com",
+    "tier": "Microsoft",
+    "link": "https://support.microsoft.com"
+  },
+  "Data Connectors": "[\n  \"Data Connectors/Connector_CEF_PingFederate.json\",\n  \"Data Connectors/template_CEF_PingFederateAMA.json\"\n]",
+  "Parsers": "[\n  \"PingFederateEvent.yaml\"\n]",
+  "Workbooks": "[\n  \"Workbooks/PingFederate.json\"\n]",
+  "Analytic Rules": "[\n  \"PingFederateAbnormalPasswordResetsAttempts.yaml\",\n  \"PingFederateAuthFromNewSource.yaml\",\n  \"PingFederateForbiddenCountry.yaml\",\n  \"PingFederateMultiplePasswordResetsForUser.yaml\",\n  \"PingFederateNewUserSSO.yaml\",\n  \"PingFederateOauthOld.yaml\",\n  \"PingFederatePasswordRstReqUnexpectedSource.yaml\",\n  \"PingFederateSamlOld.yaml\",\n  \"PingFederateUnexpectedAuthUrl.yaml\",\n  \"PingFederateUnexpectedUserCountry.yaml\",\n  \"PingFederateUnusualMailDomain.yaml\"\n]",
+  "Hunting Queries": "[\n  \"PingFederateAuthUrls.yaml\",\n  \"PingFederateFailedAuthentications.yaml\",\n  \"PingFederateNewUsers.yaml\",\n  \"PingFederatePasswordResetRequests.yaml\",\n  \"PingFederateRareSources.yaml\",\n  \"PingFederateSAMLSubjects.yaml\",\n  \"PingFederateTopSources.yaml\",\n  \"PingFederateUnusualCountry.yaml\",\n  \"PingFederateUnusualSources.yaml\",\n  \"PingFederateUsersPaswordsReset.yaml\"\n]"
+}
diff --git a/Solutions/PingFederate/Package/3.0.0.zip b/Solutions/PingFederate/Package/3.0.0.zip
diff --git a/Solutions/PingFederate/Package/createUiDefinition.json b/Solutions/PingFederate/Package/createUiDefinition.json
@@ -6,7 +6,7 @@
     "config": {
       "isWizard": false,
       "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/PingFederate/Data%20Connectors/Logo/PingIdentity.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** _There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing._\n\nThe [PingFederate](https://www.pingidentity.com/en/pingone/pingfederate.html) solution provides the capability to ingest [PingFederate](https://docs.pingidentity.com/bundle/pingfederate-102/page/lly1564002980532.html) events into Microsoft Sentinel. Refer to [PingFederate documentation](https://docs.pingidentity.com/bundle/pingfederate-102/page/tle1564002955874.html) for more information.\n\n**Underlying Microsoft Technologies used:**\n\nThis solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\n\na. [Agent-based log collection (CEF over Syslog)](https://docs.microsoft.com/azure/sentinel/connect-common-event-format)\n\n**Data Connectors:** 1, **Parsers:** 1, **Workbooks:** 1, **Analytic Rules:** 11, **Hunting Queries:** 10\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/PingFederate/Data%20Connectors/Logo/PingIdentity.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** _There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing._\n\nThe [PingFederate](https://www.pingidentity.com/en/pingone/pingfederate.html) solution provides the capability to ingest [PingFederate](https://docs.pingidentity.com/bundle/pingfederate-102/page/lly1564002980532.html) events into Microsoft Sentinel. Refer to [PingFederate documentation](https://docs.pingidentity.com/bundle/pingfederate-102/page/tle1564002955874.html) for more information.\n\n**Underlying Microsoft Technologies used:**\n\nThis solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\n\na. [Agent-based log collection (CEF over Syslog)](https://docs.microsoft.com/azure/sentinel/connect-common-event-format)\n\n**Data Connectors:** 2, **Parsers:** 1, **Workbooks:** 1, **Analytic Rules:** 11, **Hunting Queries:** 10\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
         "subscription": {
           "resourceProviders": [
             "Microsoft.OperationsManagement/solutions",
@@ -60,14 +60,14 @@
             "name": "dataconnectors1-text",
             "type": "Microsoft.Common.TextBlock",
             "options": {
-              "text": "This solution installs the data connector that ingest PingFederate events into Microsoft Sentinel. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
+              "text": "This Solution installs the data connector for PingFederate. You can get PingFederate CommonSecurityLog data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
             }
           },
           {
             "name": "dataconnectors-parser-text",
             "type": "Microsoft.Common.TextBlock",
             "options": {
-              "text": "The solution installs a parser that transforms ingested data. The transformed logs can be accessed using the PingFederateEvent Kusto Function alias."
+              "text": "The Solution installs a parser that transforms the ingested data into Microsoft Sentinel normalized format. The normalized format enables better correlation of different types of data from different data sources to drive end-to-end outcomes seamlessly in security monitoring, hunting, incident investigation and response scenarios in Microsoft Sentinel."
             }
           },
           {
@@ -79,6 +79,13 @@
                 "uri": "https://docs.microsoft.com/azure/sentinel/connect-data-sources"
               }
             }
+          },
+          {
+            "name": "dataconnectors2-text",
+            "type": "Microsoft.Common.TextBlock",
+            "options": {
+              "text": "This Solution installs the data connector for PingFederate. You can get PingFederate CommonSecurityLog data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
+            }
           }
         ]
       },
@@ -95,7 +102,7 @@
             "name": "workbooks-text",
             "type": "Microsoft.Common.TextBlock",
             "options": {
-              "text": "The workbook installed with the PingFederate help’s you gain insights into the telemetry collected in Microsoft Sentinel. After installing the solution, start using the workbook in Manage solution view."
+              "text": "This solution installs workbook(s) to help you gain insights into the telemetry collected in Microsoft Sentinel. After installing the solution, start using the workbook in Manage solution view."
             }
           },
           {
@@ -107,6 +114,20 @@
                 "uri": "https://docs.microsoft.com/azure/sentinel/tutorial-monitor-your-data"
               }
             }
+          },
+          {
+            "name": "workbook1",
+            "type": "Microsoft.Common.Section",
+            "label": "PingFederate",
+            "elements": [
+              {
+                "name": "workbook1-text",
+                "type": "Microsoft.Common.TextBlock",
+                "options": {
+                  "text": "Sets the time name for analysis"
+                }
+              }
+            ]
           }
         ]
       },
@@ -323,7 +344,7 @@
                 "name": "huntingquery1-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Query searches for authentication URLs used. It depends on the PingFederate data connector and PingFederateEvent data type and PingFederate parser."
+                  "text": "Query searches for authentication URLs used. This hunting query depends on PingFederate PingFederateAma data connector (PingFederateEvent PingFederateEvent Parser or Table)"
                 }
               }
             ]
@@ -337,7 +358,7 @@
                 "name": "huntingquery2-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Query searches for failed authentication events It depends on the PingFederate data connector and PingFederateEvent data type and PingFederate parser."
+                  "text": "Query searches for failed authentication events This hunting query depends on PingFederate PingFederateAma data connector (PingFederateEvent PingFederateEvent Parser or Table)"
                 }
               }
             ]
@@ -351,7 +372,7 @@
                 "name": "huntingquery3-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Query searches for new users. It depends on the PingFederate data connector and PingFederateEvent data type and PingFederate parser."
+                  "text": "Query searches for new users. This hunting query depends on PingFederate PingFederateAma data connector (PingFederateEvent PingFederateEvent Parser or Table)"
                 }
               }
             ]
@@ -365,7 +386,7 @@
                 "name": "huntingquery4-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Query searches for password reset requests events. It depends on the PingFederate data connector and PingFederateEvent data type and PingFederate parser."
+                  "text": "Query searches for password reset requests events. This hunting query depends on PingFederate PingFederateAma data connector (PingFederateEvent PingFederateEvent Parser or Table)"
                 }
               }
             ]
@@ -379,7 +400,7 @@
                 "name": "huntingquery5-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Query searches for rare source IP addresses of requests It depends on the PingFederate data connector and PingFederateEvent data type and PingFederate parser."
+                  "text": "Query searches for rare source IP addresses of requests This hunting query depends on PingFederate PingFederateAma data connector (PingFederateEvent PingFederateEvent Parser or Table)"
                 }
               }
             ]
@@ -393,7 +414,7 @@
                 "name": "huntingquery6-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Query searches for SAML subjects used in requests It depends on the PingFederate data connector and PingFederateEvent data type and PingFederate parser."
+                  "text": "Query searches for SAML subjects used in requests This hunting query depends on PingFederate PingFederateAma data connector (PingFederateEvent PingFederateEvent Parser or Table)"
                 }
               }
             ]
@@ -407,7 +428,7 @@
                 "name": "huntingquery7-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Query searches for source IP addresses with the most requests It depends on the PingFederate data connector and PingFederateEvent data type and PingFederate parser."
+                  "text": "Query searches for source IP addresses with the most requests This hunting query depends on PingFederate PingFederateAma data connector (PingFederateEvent PingFederateEvent Parser or Table)"
                 }
               }
             ]
@@ -421,7 +442,7 @@
                 "name": "huntingquery8-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Query searches for requests from unusual countries. It depends on the PingFederate data connector and PingFederateEvent data type and PingFederate parser."
+                  "text": "Query searches for requests from unusual countries. This hunting query depends on PingFederate PingFederateAma data connector (PingFederateEvent PingFederateEvent Parser or Table)"
                 }
               }
             ]
@@ -435,7 +456,7 @@
                 "name": "huntingquery9-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Query searches for unusual sources of authentication. It depends on the PingFederate data connector and PingFederateEvent data type and PingFederate parser."
+                  "text": "Query searches for unusual sources of authentication. This hunting query depends on PingFederate PingFederateAma data connector (PingFederateEvent PingFederateEvent Parser or Table)"
                 }
               }
             ]
@@ -449,7 +470,7 @@
                 "name": "huntingquery10-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Query searches for users who recently reseted their passwords. It depends on the PingFederate data connector and PingFederateEvent data type and PingFederate parser."
+                  "text": "Query searches for users who recently reseted their passwords. This hunting query depends on PingFederate PingFederateAma data connector (PingFederateEvent PingFederateEvent Parser or Table)"
                 }
               }
             ]