From a4a23db58ddff13ee0b14a63bb11cd2764e31bf2 Mon Sep 17 00:00:00 2001 From: Sentinel Date: Wed, 11 Sep 2024 11:48:17 +0530 Subject: [PATCH] Updated solution --- .../Armorblox_API_FunctionApp.json | 2 +- ...azuredeploy_Armorblox_API_FunctionApp.json | 2 +- .../Armorblox/Data/Solution_Armorblox.json | 2 +- Solutions/Armorblox/Package/3.0.1.zip | Bin 0 -> 12267 bytes .../Armorblox/Package/createUiDefinition.json | 2 +- Solutions/Armorblox/Package/mainTemplate.json | 67 +++++++++--------- .../Armorblox/Package/testParameters.json | 32 +++++++++ Solutions/Armorblox/ReleaseNotes.md | 1 + 8 files changed, 71 insertions(+), 37 deletions(-) create mode 100644 Solutions/Armorblox/Package/3.0.1.zip create mode 100644 Solutions/Armorblox/Package/testParameters.json diff --git a/Solutions/Armorblox/Data Connectors/Armorblox_API_FunctionApp.json b/Solutions/Armorblox/Data Connectors/Armorblox_API_FunctionApp.json index 7c06959b4f3..999e4141505 100644 --- a/Solutions/Armorblox/Data Connectors/Armorblox_API_FunctionApp.json +++ b/Solutions/Armorblox/Data Connectors/Armorblox_API_FunctionApp.json @@ -115,7 +115,7 @@ }, { "title": "", - "description": "**1. Deploy a Function App**\n\n> **NOTE:** You will need to [prepare VS code](https://docs.microsoft.com/azure/azure-functions/functions-create-first-function-python#prerequisites) for Azure function development.\n\n1. Download the [Azure Function App](https://aka.ms/sentinel-armorblox-functionapp) file. Extract archive to your local development computer.\n2. Start VS Code. Choose File in the main menu and select Open Folder.\n3. Select the top level folder from extracted files.\n4. Choose the Azure icon in the Activity bar, then in the **Azure: Functions** area, choose the **Deploy to function app** button.\nIf you aren't already signed in, choose the Azure icon in the Activity bar, then in the **Azure: Functions** area, choose **Sign in to Azure**\nIf you're already signed in, go to the next step.\n5. Provide the following information at the prompts:\n\n\ta. **Select folder:** Choose a folder from your workspace or browse to one that contains your function app.\n\n\tb. **Select Subscription:** Choose the subscription to use.\n\n\tc. Select **Create new Function App in Azure** (Don't choose the Advanced option)\n\n\td. **Enter a globally unique name for the function app:** Type a name that is valid in a URL path. The name you type is validated to make sure that it's unique in Azure Functions. (e.g. Armorblox).\n\n\te. **Select a runtime:** Choose Python 3.8.\n\n\tf. Select a location for new resources. For better performance and lower costs choose the same [region](https://azure.microsoft.com/regions/) where Microsoft Sentinel is located.\n\n6. Deployment will begin. A notification is displayed after your function app is created and the deployment package is applied.\n7. Go to Azure Portal for the Function App configuration." + "description": "**1. Deploy a Function App**\n\n> **NOTE:** You will need to [prepare VS code](https://docs.microsoft.com/azure/azure-functions/functions-create-first-function-python#prerequisites) for Azure function development.\n\n1. Download the [Azure Function App](https://aka.ms/sentinel-armorblox-functionapp) file. Extract archive to your local development computer.\n2. Start VS Code. Choose File in the main menu and select Open Folder.\n3. Select the top level folder from extracted files.\n4. Choose the Azure icon in the Activity bar, then in the **Azure: Functions** area, choose the **Deploy to function app** button.\nIf you aren't already signed in, choose the Azure icon in the Activity bar, then in the **Azure: Functions** area, choose **Sign in to Azure**\nIf you're already signed in, go to the next step.\n5. Provide the following information at the prompts:\n\n\ta. **Select folder:** Choose a folder from your workspace or browse to one that contains your function app.\n\n\tb. **Select Subscription:** Choose the subscription to use.\n\n\tc. Select **Create new Function App in Azure** (Don't choose the Advanced option)\n\n\td. **Enter a globally unique name for the function app:** Type a name that is valid in a URL path. The name you type is validated to make sure that it's unique in Azure Functions. (e.g. Armorblox).\n\n\te. **Select a runtime:** Choose Python 3.11.\n\n\tf. Select a location for new resources. For better performance and lower costs choose the same [region](https://azure.microsoft.com/regions/) where Microsoft Sentinel is located.\n\n6. Deployment will begin. A notification is displayed after your function app is created and the deployment package is applied.\n7. Go to Azure Portal for the Function App configuration." }, { "title": "", diff --git a/Solutions/Armorblox/Data Connectors/azuredeploy_Armorblox_API_FunctionApp.json b/Solutions/Armorblox/Data Connectors/azuredeploy_Armorblox_API_FunctionApp.json index cd39cb41c49..99ec58f8daa 100644 --- a/Solutions/Armorblox/Data Connectors/azuredeploy_Armorblox_API_FunctionApp.json +++ b/Solutions/Armorblox/Data Connectors/azuredeploy_Armorblox_API_FunctionApp.json @@ -146,7 +146,7 @@ "alwaysOn": true, "reserved": true, "siteConfig": { - "linuxFxVersion": "python|3.8" + "linuxFxVersion": "python|3.11" } }, "resources": [ diff --git a/Solutions/Armorblox/Data/Solution_Armorblox.json b/Solutions/Armorblox/Data/Solution_Armorblox.json index a4b8c49b7d0..0c695a6b18e 100644 --- a/Solutions/Armorblox/Data/Solution_Armorblox.json +++ b/Solutions/Armorblox/Data/Solution_Armorblox.json @@ -17,7 +17,7 @@ ], "Metadata": "SolutionMetadata.json", "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\Armorblox", - "Version": "3.0.0", + "Version": "3.0.1", "TemplateSpec": true, "Is1PConnector": false } diff --git a/Solutions/Armorblox/Package/3.0.1.zip b/Solutions/Armorblox/Package/3.0.1.zip new file mode 100644 index 0000000000000000000000000000000000000000..a74e17674e25237ecb933f2dd4543fc1b7ddb9e7 GIT binary patch literal 12267 zcmbW7Q*>@yx29ur#kOtRcGik*J6W-9+qP}nwr%4}YVXtPRQ;`5-Bk77hb{)@&FJqO z?NO8g1w#db`p5fpXf%NSr?nFU0bu|U0vS1)7&x1#S%{jLTG(1RTiDssTRPdHplUEE=TfWiKq{9o0!2Eg`^{nt;g;I6;oEfP;%F=^jELca~HUcwE8 zWP{Lwt3y~IINdxtLsD6SYL_j}UQTiB3Pn4X^pXVWsgc{F)>G`W_>sLSXV&|){oCZK z9`XS|ER;#6tW}|FElu_oQi$n*g0)yCrEcl%=~SCZAW4d=G!V~sbr;7hV%xC=1_8A& z1YqwqhR%B&GPxu$9lS3<{_Wc&+j}prt}eSM$r#)q?@?Bi0(+=HdkYbo@RmXa9~IX| zR+TkVRshW+2!`rP!-zTI+@Jak1m^&V`H@uv3xuU+#ZhB%s_-bw9Ad;|!lTYfSAG!i zXdu-Lt~E_|LDhMeu|4q0u__TP5Q5FOxss3Ay(fcvND2pv0+)tJRX!S1g+xh~WW#t6 zv6qAgT<*;H%c`Jbmpj`Nr!wco^sTl|rc0>vGBZ)$z4n?A?6H`7VP#%?ZfbDLw6@L` z8GLST9%(aHU@2MmqcSC=rNsxM3fH)IkUF)*MIh%`iUju|XRQ|7eu8-bzIS)Wf}5SK z60~*d0yrWTRzb~T2hcO&^-+xwHS&$E+CQXNMe(4hnWC}IGUnLI`Zu#+(aT+UBXJ8GJ4F!~UWSo+}y1R`Ao5n~wss`v~a8&IqGgmxf?mad&b1rt}Su z0z4O}syGnpElOn6OqPY8mW&7dBpGD))WRI_iOj>~GAU9L7+i?h6W_`?rcU+7n(lAX40!~rih~oeykHq-T#;-x98k&#^wv1vC zm}jUPoELXykKZ=M<;famRXPAw+iTDx1!jbP^CZ-3HRTAZQ5|>mR19tXZIP494Z}3O zG9tLwAV#xBAq!B$XhBwyFaxDXjwJ?geB#&2;_87V!8&J)1EI;V!2DPq+!)u8Ro%@c z0ig^wZ~0#`Rh?a{5{oTn!q29LG{{GRo^Toc&;jnO8zi1& zUq)Sxo!~I9**9nTD%yPaK#0a5_BRC7>3G7^^9AV6Ghhj?o+9M>q$$MI(g!l0{Bfon zVLhkd$dXZYqaogCtKZI>I>M;ED49|G@%+azBz*$h0|YMb4u!^gbv&Z={zONl4 z;kI1dl-E?6Ka3j#BXpeKuo4e%qg1le`e;b^lSE98@Sy>>TsC;5KbFznN-4=MnQ)|7 z^{lc_Y@bZMH3i}XUT}Cac-vDJ*%h3RWdEvF{WWbUrw-;@T2`;^IGjlr84ccA2^*O3 zzLv5X^XNU|hKSYq-RAQb<~+&dx@aytMAltdxhWr`h6ku~kB(l8Kouc0rY#@hiMegE zX%%mxNkf0zCM4DeJ{J}@+0>WU_zc0A(*)vg*zdcva5$q}S|Ti>WIC#dPIk@ZwQ1~T z@?-dDF?MAh!Fx*HzB*?6SyvYMcnr9&jXQSS-mv;^``_c z-}{#&ZTxIpJlR-;@u#<^Fm2fxT>_8oXSdj_)#p+n2ba;S&;zO4r%_>t+B$`xgMYtZ zIN4MW1hw@uRGzKCu`2TqNGr(|lz^t|I*nE1iKW8=Ls)Gy+t1S*HdEkmV)*>VUv1R6 z-R{f}ska=7+L_{k6RYOM*A|`kp7*lH_xrWwuC7H0xVE7}V zGpoyr1jxhrV(&44%OM(Jr`@~12A(gpMcdX~Qm!q6V9_PMY28xj)N@SNP*XlvO6UNN z9R=;&2VSP3p<(&Q8!sO9zN70$^akgH6skv@R?kbVE(}>ndle#&5LHyC^D%T<1E-K4dh zQ?%a=)3aTIIqs|q-K8bQ5MPCkBZO;P;5{-bfXRiDOl{z&gYtvlvr4&8N3zRhWQ!QY+nRBcwF+&;Dd<1NE zo29fD`t30kd=j0KB2%}UI0A`j}+bA7E)1XW~2e9 zaC`sP4q$OR-)J`b5zBLbDn$9)VQw;(sAEn@UfQ|sbjE6z$8E&Zbr#5_BxI*pz34R@ z7785yE|#DR9VejuCt>5`Pl)A+gBr#c%95xvfpp1k&rh5*S^{v*VD&V_$g9A-%Gq0mnuW#E8auks2ohisgiTf$LQv76DQA zi?fGCnoi|9UAlIo+H!|Y?8fxUmeV)asjza@l1N{L1$u(_-+D)bz9dyK1d!dFSi^*b zJMk581>k~4iOYFz;T>zXYo$aV149rALy!hUBPYv_!a?G{e3MkJucbEqPaQVv6DtIbx16EtV{w~jvteSub=lr1B5 zb4*fuO7h{JA_|wV?VdhgP7+6BH$=YO*LJ)<-Yh<`b~)`{*>f~APjPT&tv~Bm5_goi zc#g;1H;;vau2Dnxq&Y65YLzr0f_8(~s|Y8p+05!QG9=~;wj!dc^(~lVmaT%so|Nt6 z4g1KEv(og%&wUWtb=UZhDC0IgcgE@sGOl%&xaNzTX0q1`D)cx~Kq8-NWEwlJov|Q; zTy^RgjwcqGo$tBOUJFHXYn8yvxI6=tj-$*gdE5Y%Q|iB21^c0TVPB`W8meoM9+pP( zEw{i&r?-l^ZUh73cR3?U;x;)OhSIW&u^D+L$;h$j1*DE=CKQ-|r=lfKtdEadh}&O1 z`@Ls{ah*oLcbq7?p}(c}r3$SjpGCM)dT*w4Wz=u#-P%Dh7ud&9EOhI$TRTQ2 z?(DNNs2mo>p=^ZTp3ojwr#Z|bymo`pJpo=@anbNJ3t_FML-=3Mm9Y2*xmZUOz_*k3?l|2@4nL5Q2L%Om;ay zV#G)oen{Nh_hEUj(Uch(hPDaIz7Z7ZRkq2Hn! zT}^M1Z=+pgCm4kjuqE9EC3H*}_9 zz}kz5xO62}rm(r`<48Z&41T$T?MvFwq24@M?S&svh9Kb6+67S{%@y?#;K_mb^5-c2 zgmy}dT7T--4k8_Z5H`(^@)~|6jG&#Oquk60)9&Y1Q8`bW@;e3@wbLd=4S`T}L1|4r zSVI6k!~jPh_GQR@vqN@J8`?fUw!byrS%6BNd=1D_wHVyDEv+0I(Npr+a<~Ipiu&hZ zxCZ`a|C7RwO3ofNn23d8ix_&r$)i5y@l?MW&DBfsKQUkdgocAwu2-^L&_HWM)**r0 z{YCMhF+xvtYz7RSXUCDJng&6(gChI~?nf^igGtQ_GbR-BE|X) z8{(M2thq-Ar`VeEj|)6P8Rl{)=&NUJcR0#nO&ABu#&y`^p8Pli@ttB`TW+RheV6+; z^b}xOzGj$aMHpdd9XVN0%ncLIzr$7ay$$uYnQ`!G-2m!8srr;M`{o-1aoHp^8KLEm zt+MbGym1$OPOi4?L<|*fMr-Bnj4r}Uj03+glUAGwU4k2)KeZd`8jHMbz=vgJEbiR0 zkmyE@>LBYrffQyOX4`~8%rwP9N~a%0m2pQk`%Hmyoo9OFKMY{u23@Er1 z1OYKs^!Ik27oG^_zjc~wfv_oY3m30pP_2Hbzh(%;^^clSytnE%`@n24ja;ZEYD7;k z2raEh)#6R4>e}|ENEIX=86Qgb8-(R8P@va+js|U^qOdNS)FMivU|h}7O$D{E3c&=T z{SxvE(0olc8?i#-X~injfh|!k+b!q84?4Bp_t4JH7tGi9`#^7m-*mJhKb5u#L943k z0V3*(Z~J$2Nfu{auj~H)!@7fl1Du+!j&qaszWv=DeK?qAzyJ`raeaAJd(``Noi&o$ zm6e@af?NJjDO?48?C^0eME~K4Hld|Hz4*PwKf_4f?U&4uQOc_Xq2z_FB;uI|HG%mS zP8ieXrt2*vuA~ORu%I|x7Du5?ImSYn{{7*)!B|lDLFGY-bkk}LrmN^p z+smAh>}2oTLnh?Z+F++NpDbJo+GA>c{OuiWp3{Qb5an{nq-X`|K~dbj(BmMUbJA@S z_ON2uL%YDfAQW}eb$X20)ro+-cjO=$zeXwoIoet1(k8yeHBLi62;SZz_~iI>;57k{ z!_FGt;5S4u(c+>JO=W9#t58gPCTT!Sr^V+le=Eo@Tx-@iC`K$G2oko&yF|B@2WIE+ zhqoPdE1T;x_gBB?Kbg>WtGsdZ31b2E=!pk`&CM!^RmEUBRL1*9LAFGizjphGUF(!; zMI54HQq35n)<7eOaN`m!lExU#H*fvcO2`WgBcrt;+rY{DNcK7$+FBr%*$*uL0*fS4 zSokyMw*;W9gS8~)>P2QNrYO6`a$B#07N-7H6-Mfl@Q%0xbHO+B{G)|JPpRluv&gC6 zqL^NWNS*P~ax6@tzM#4cdrO`_aN2YMrS4pO zV6Q}`|4pmwgO!a_oaGgU{AC!NFW@+qpIG7~q)y2HvV(U;fN$3;Al?oD6_BVw(^;sa zs*oZn9wrYHtx6D`ySbiQ8xIZaOV{jYW7?U3db0_$pTXrL=FTxqr?0ZpFla9<(6*tA zFyv6@chmkS!#T829IK_5Sl*_;+TJ^@RA8<)hiu7}-}-GV$lFa!iyi;^3-1*m|Juqb z7{0Re@o`6E0WEnxGgldZiZOgs@LjnHlYy92>G$_nX!kC;KcuCfK=RCvXhT*ib9Yig zn;m|S(Y=4cmTizZI?g~$lFR}E$T@SCM0_j=P+Iq3-MEGG!!1R_L48#jl{SXD8TQ2E zWl=!;<~_1(=0)U4Wm7Spl6=70ilk8AH8|;=7iJ-hTVgYti{UioCm5kb zd`nBof{1=2$eCWf=&l${3XVir|MLXH=*XH7Z0jG0hFUEDj1OqbL>0fk-k0u=3UEnj zam74+N0FGu-{a5@Zqv@PpB&f$4zUdc6v8g@*qQjf6HO>uZVjvGn#6RC{%Y1<(37%P zBOupd#opg@$|JS0FHvXd~! zqda}7QK9guL>7F|$`8%GKHT;OY1SMl;o<5%KmznbdIt1jFiYI&_JzZJtzdnua(RR> zhtW0~t@e~|c`(CNH6J*j4;2X|)q;|{!NxfY{Sc@W+`edLpXoZsWQVaKBmmU3{u_5u-1}ZM6V}bUXbznnNdRKQ8!<9c68H z6(1gdacfHyBnKlNpOUpDkH#y<+W1%(uw<^2p>aDHn1A8O2t#*B3LlbR#11fcmhmPG9KqRG! zT$VUKzMTmRO-7g>d`0k4NQH@ZBD-+f@lr=$ zIb=m)85T8CR+S9NRUO(6mRkbAP|YyRin8SoBjh^MF}4q)q;q|=d@Y4m)+lFlg0@0d zZH;lCpPl`@N04O3y`SV{A_65L=bN-VC*FF|OBPgj>DDRvMP6t%Ekk17A$vcdtDNbdK)>PcVyy0CiS~$aO~dYG-~@Q@ZL@u(V5A?gn)8Jdub%LC*=xhQ#N< zYk$ofRbxi9I8gi+{hQ&6Te8OHzR8xpVHO3}xfW2IT4lAE)U*2zsr*I9H zPz;76rAFFWGpGyCkd`K;hF@Zmj62$q+UcaR2EA}ZyGSOIJbY81;t{w?`Tn?CAm)*b z9}Ge3zIf3M4K0gZgp64WviO<|lS_K7lYhg8x)jS>Z>!O)=TK}x&4y=)+4|_iN$ZX= z#CKYIrvMw3kK@-c9dC5P4uLRgp<)_FhT&tO@B6;wQb;^~cHe89h`tT*{LFjvin?vk z_(u5j8P}&8bU)R4DE3$)J`UGBq}Z-)fi!8${x$+zsW7`Zi^p^!d=6C)}DQ zu*0S3Ns)Sbj{fET}$rKN+e4t-7w_b$(JJPeRLosz-yK{VY+#;{wlGU%u-&;6A- zpjSoFS>QD{d_=fr?a|J;N2CYj*`lS`0$U^K`m&$$a5e88_;PK4wlHBu3{fmm?x~ad z(ucPYx7fhDhZ77*4eG{G3vK^Y-h|_7+&(}6Ttr(EWn*f^@ zkHHt+`s&};YLRw_<=KVqn>DyiFYMXaQ+0H|W7Ip~8Cn55suNASH0iefq#d74{wviJi>j*Tv)7 z%?WKV08O`~rsv{><`n6LiuBP2$!}>FW_6Qa>S_;aJL~fuwP@9nHGd^5sD!#l>O1EOq^1t2`?6RjAOd* z_F;}A+HAG`E3NeSIU-}CtiYyOk>G9{nM_SFUI6zQ7xnm0n8}Z{HEegemJO&7)!tPTnKw{ z%vO>!{85slGbXU|{MpqOciQl^=wbqG?4swgxUsWd2tizue?o(xU~mpofi6&mjbRq% zbPKrb&fb0+3{?hL}=apY12A9YvHb^ORS6+QGU3qVnT)` z+0{Pfu)Pf%XXDSUn7dsZc~tS@O*i7$)-?k(&2!uM_4C2!pMg;mEA`d#z0sCqeh1u2 zo-BQI-u{6=+YG&ZLG*R+{Lw3o#xW16Q<{dFu3$$o3Yu@8T#k=DbF>7{GgMxdXjD+O z3JI;);e2;>T9o$tn*uJKyFB~jjEGwEqAz@Z^$Tu-io50PXZ+4(QGjKdD<*162UV1*DN;4DgvF|)Oll&7mCmFSva*iO46UKJ4JkJAsQH6 zZZwB55b%~Is@?sokJy~&)%#O%glzFPMY4F4b3DV~SXB(12Je?omciE@6_NfCBbCT$ zIg#-b@mK4|+=2kK7-R>hlC+303kY&8$tU6ZPOaNiLn<)|?X{rr3@Nt>bMtiP$u19*ATn|C)X@qe7#I=y)nH$V2?ZXrA6mdV!b z*)!ku4fGo6948_mk%miw514U-=vJ)qH;0dPON^Vh_2^PHUlAF0Nt-~6tCj`&(<4;Bro&bR9)1aG-6eBaFTn0Wy82Q<<#?9TC_3_ zr1y8JehTf^NZ*jc2tfyp4|DL8Ga^2R?k#*s?TXTF;rSMjSuv|G5`|n4_g8|Qbl?dS zR~wD3V9t=gI_U7G3c2`Ld(i^j()?QG=4`Nl_@jXNh22{t$n7a9>_zYFuufHecUQ(y za*NdbAY(q1gf)M-O=_Bp>^ZbJ2H!yUO5+;DJDn;^EI`YsC1aqwR*ri~%CD|rtuG@C zZ%i<)t0U~!!Qvrys?dO`N-Nl0HD5uE^!OJ)R^0Gh6x*3db(x1`LK~7&%(y3#Ak4;% z^hi3ZN|sOLy;;)#x;*S3OYM@Bt*&}M`PJOj+RI0KxB>WXy!bHl=}sou#BkR?GeScA zYtov4`f=y@6=30Qqt^MPTgNHo89L+138jK>i>Cuhq`>n@%AznM+I$od_|V}P{Ziu2 zUARYEMltSF8R~}Ijf5k?yp3`HK0y@fn=Rv`FP6y59oDIv2Sdv3p8tz8py)^=*-Pc|T?e2{l%(nA>Sn{l$VMbp!@=yQ^5l_j#ixRds0kM6bM$5JyFFmY z>FJ^qkE;7k+VnBOz3i2~d12YAqyPG51Tj>GR592-8Jqx|cz&kml+TRl&+LXn`IzIx z!&@}G;hKLeINYs4e;{D&fQviW+gr|<#G`8s*s{YNkOxyb>InAnQ* zMTluXaG>vK5yAl-rOIW4vd3e{y|!W}ZJrpTqGRO( zbBmdEog)nltb=*_W3R3Cdq(>eNY!AMz82FF$?1T&Y=oz8*=vJw9kXv|44G#kmEsdn zUh!@F%q;HDg8!(mw|MVc1ogh>Ziq%A!p@b`M~SjKe6tD*tkkN()-v4u+xFd?o#(t0 z1>QA?>a+DIf~#769N=;>`bFsOm}|YkN?D;HVZr{ z(pbL0>DFfT8(xhW*G1THf-4oG5?8rI)NYeqIcHs+nD)SO61iGmuZvYv2p(}uxk`v{DJy$WWIb%k+n~DLBtVi zdDXRi0Td|^C0yNXuEPfhN4=)L(ZbH@>;W8Xk7pADj7cb+Q!^lUMTsC2wag@=`+50- ztE|NBe0Y_I~aGac~5ta$y>`sXR$|RO>fAmyQ!VD)BDa;pzHR2kDwd&=j>sD z@REZKCeTD~QF_(FdktmOJXz-X#e2tpOr;x8uU*$Rg2)xFH?%x~Kw8sFMNvVV*U=tk z@xH6b8Shv^x%rKIEBPg+o2A=QK8))s8lQ|74oDkD*ORHE;W(L9^FD#pp@mk&~?n30WADtB2K2<`ysbuo&|4QEf#U89u{`LPlY^hNj@ zG03k}oMR9X>Md(VhS|2Y$tlAN;pJrX*1$4ddYYN|e3l&@bL^zD$h3Aa)cxS+pxZv> zzxdQ9THqVTA-nRORH4uYfc+T2=L+9Ccmf<8W}KtMyWknLAh}avZ zD43Bm_?Id0q&WiHb>0mZVzv*c`zaQBP(1G@wZ|tT>5bsI`~=1CvVEUD*+(W{`?e>0 zU&dx5Tdbef_^Mf%3p#0i&`yiA5D+ za-q;iO&4II^k4}q$crre(U|Ux`>BYWJtdouiI5D&FzhFs5I;(F&1tS*h{|Y8ge#x} zwa75F^Z_8X(NuE4 zJ0WtIl$N0gL{$KXmFlRep*-wf78NGCIX#ow2(!=1vo`z8+UBrLjI?PuR=DqyfRxDQ z?+-wZL?TtH4Nt=7N#K+xPJQ)HFaVZ^$L}KNb`cAd509^w6}DUeE0YFy7fUEVK0g|c z$Sax}fZ4WnHT`Bn7EJA zGvWwq`0|$trnt61tp2q9K(qU0!>;#lY@!AzGqkd{;*?}A!h)R_?A{6UlYykY3VnL- z@Q0UgfQ3IeP**RkQD@z0APkz~=r*pMVNBMa^xA`nHC*JHLX!KUnVf}#+rX3L<7Y?* z0_^pvE`}lHBN@fo{-!qY`4wj{b3C7InGDC^oz$f&g8}grDz9oL2W$QImVeTy44Zf$ zZ}y@WVobOl35fJN|5U%i#h>e!@`)10;w7lalktj?=SSn^B#dy*3SO_vc{vM-Qm+?zOGeW{HGGz(cS?L z8rqHv0eQB0`a!p@f>kmn!XkWOss}mt7QPn5OvFZUXMdy|K18mQ-*bzQVEXvn_m&{! z21D0N!0gS=#--yloHP<2s*NGPZ&9zZKj!4mftwjJkg zBJdLu;mZ}^EEtqOXTA&@MLo>~O*Q1<7Ku8Xv_QCirNM>iP9|=DxVL)^J&%6WQClO{ zF@!WZ=VOQImuzl2Snx+{%kaxE51ZxP6`=6V&2Udn^~HT<(Z;j4#1f$NX>c(a)!NNDf8N5J`S)JdUg;b^2kB1@%nJ2d+zd5) z(bM9{I00gQP3t0SBT= zvz*wu`#7_hFR)>i80}Ml4Cj8oeD+3$@|y~)OR*Nf1QWc6!$&OP{hwdnVp7I#-|`@v zhnz^%(KpKcq0^sNfuG8Pre~O|e_qGup4In{Esk(de?~%lIbb+{ zV-!;@g>1VQY>UX%xs|+F943DaoGnh)JX3=&Gm+sdR9kI@KkgattgHBiV&wQ9a~Vj! z&h!@aroEv^^hwkyW`=Q4uI-}M(XClJQD&bot%vuEig6%n><9u28uB8cGG!ccj7#O# znXb$^+*@>vrQUXp!uXW&otKzpM3zR&+D(Y``U?=ik{#Kxnu?Q(K?lSycbNA2L5vXjgR*nR$|l z!i3B?^d|->4Wo_3Cr^a1Ts=0Lyq5M~9I2%r2Ki%~xkE7=%!O2JsKH1GoI6hA5h&o{ zLvUfSN)i#eglhCo&xZkNugM7EWuN^!>=yS8tyW9kdyeue5B3eF(>$t0!cU4hbA!+z zzV7V2)U5#j^Zf12&)|a1v-)B`!fI+6TvB?EO0?9z+KR#2wfFI`6J5^)zkM=x`FWeQ zT?$Cev5kD`FI@@s@NY(RjLIz3iEfsqa5|Q5P9mQ~St+gsg8;jBG{0q$i)$pk^XW&d z_}Sh+-SkEp;E{Su-n4uusww5nCZA~|&>8~jXHsBWL0w0&qY%cvpFP-I^C<-|G3+wY>K<>h`-F46s2(dptYAVyLH1*^^ z7E+0ZzQ(}>4HNAxZM#e+8mOOGG?3NTzh&V~??}{R)Gs)+XY||?)d#0u&ysg@e>>Xg zey*^-Yg9cQcA8Di0fs1k^oir@j^o>w-zOD*QBtJY~3(RE>* zQZ}fDmM6s=2VR&MYWvid6e)bFrtenpXa-XANU-3IGqkLSC{}Lqvf0%sSQqvTci`s~ zRF5#ddfq2{0RsQhTFnqj$qHmZK>spXiZZ|;sG$EFiT_WM>t7`Pzpcgp-`@WxApf76 p{0oKs=K=nO!v5P@{EeW2{@)QXMHz62f0qFH$A|uDks1CS{SSp8zNP>G literal 0 HcmV?d00001 diff --git a/Solutions/Armorblox/Package/createUiDefinition.json b/Solutions/Armorblox/Package/createUiDefinition.json index 0d1261776cf..0b74c1dd694 100644 --- a/Solutions/Armorblox/Package/createUiDefinition.json +++ b/Solutions/Armorblox/Package/createUiDefinition.json @@ -6,7 +6,7 @@ "config": { "isWizard": false, "basics": { - "description": "\n\n**Note:** Please refer to the following before installing the solution: \r \n • Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Armorblox/ReleaseNotes.md)\r \n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Armorblox](https://www.armorblox.com/) solution provides the capability to ingest incidents from your Armorblox instance into Microsoft Sentinel through the REST API.\r\n \r\n **Underlying Microsoft Technologies used:** \r\n\r\nThis solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\r\n\n a. [Azure Monitor HTTP Data Collector API](https://docs.microsoft.com/azure/azure-monitor/logs/data-collector-api)\r\n\n \r\n\n b. [Azure Functions](https://azure.microsoft.com/services/functions/#overview)\r\n\n\n\n**Data Connectors:** 1, **Workbooks:** 1, **Analytic Rules:** 1, **Playbooks:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)", + "description": "\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Armorblox/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Armorblox](https://www.armorblox.com/) solution provides the capability to ingest incidents from your Armorblox instance into Microsoft Sentinel through the REST API.\r\n \r\n **Underlying Microsoft Technologies used:** \r\n\r\nThis solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\r\n\n a. [Azure Monitor HTTP Data Collector API](https://docs.microsoft.com/azure/azure-monitor/logs/data-collector-api)\r\n\n \r\n\n b. [Azure Functions](https://azure.microsoft.com/services/functions/#overview)\r\n\n\n\n**Data Connectors:** 1, **Workbooks:** 1, **Analytic Rules:** 1, **Playbooks:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)", "subscription": { "resourceProviders": [ "Microsoft.OperationsManagement/solutions", diff --git a/Solutions/Armorblox/Package/mainTemplate.json b/Solutions/Armorblox/Package/mainTemplate.json index 49d9fe6db5b..557ccce0fb5 100644 --- a/Solutions/Armorblox/Package/mainTemplate.json +++ b/Solutions/Armorblox/Package/mainTemplate.json @@ -41,7 +41,7 @@ "email": "support@armorblox.com", "_email": "[variables('email')]", "_solutionName": "Armorblox", - "_solutionVersion": "3.0.0", + "_solutionVersion": "3.0.1", "solutionId": "armorblox1601081599926.armorblox_sentinel_1", "_solutionId": "[variables('solutionId')]", "uiConfigId1": "Armorblox", @@ -60,12 +60,13 @@ "_workbookContentId1": "[variables('workbookContentId1')]", "workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]", "_workbookcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','wb','-', uniqueString(concat(variables('_solutionId'),'-','Workbook','-',variables('_workbookContentId1'),'-', variables('workbookVersion1'))))]", - "analyticRuleVersion1": "1.0.2", - "analyticRulecontentId1": "322d4765-be6b-4868-9e3f-138a4f339dd6", - "_analyticRulecontentId1": "[variables('analyticRulecontentId1')]", - "analyticRuleId1": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', variables('analyticRulecontentId1'))]", - "analyticRuleTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId1'))))]", - "_analyticRulecontentProductId1": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-',variables('_analyticRulecontentId1'),'-', variables('analyticRuleVersion1'))))]", + "analyticRuleObject1": { + "analyticRuleVersion1": "1.0.2", + "_analyticRulecontentId1": "322d4765-be6b-4868-9e3f-138a4f339dd6", + "analyticRuleId1": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '322d4765-be6b-4868-9e3f-138a4f339dd6')]", + "analyticRuleTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('322d4765-be6b-4868-9e3f-138a4f339dd6')))]", + "_analyticRulecontentProductId1": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','322d4765-be6b-4868-9e3f-138a4f339dd6','-', '1.0.2')))]" + }, "Needs-Review-Incident-Email-Notification": "Needs-Review-Incident-Email-Notification", "_Needs-Review-Incident-Email-Notification": "[variables('Needs-Review-Incident-Email-Notification')]", "playbookVersion1": "1.0", @@ -86,7 +87,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "Armorblox data connector with template version 3.0.0", + "description": "Armorblox data connector with template version 3.0.1", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('dataConnectorVersion1')]", @@ -216,7 +217,7 @@ "title": "Option 2 - Manual Deployment of Azure Functions" }, { - "description": "**1. Deploy a Function App**\n\n> **NOTE:** You will need to [prepare VS code](https://docs.microsoft.com/azure/azure-functions/functions-create-first-function-python#prerequisites) for Azure function development.\n\n1. Download the [Azure Function App](https://aka.ms/sentinel-armorblox-functionapp) file. Extract archive to your local development computer.\n2. Start VS Code. Choose File in the main menu and select Open Folder.\n3. Select the top level folder from extracted files.\n4. Choose the Azure icon in the Activity bar, then in the **Azure: Functions** area, choose the **Deploy to function app** button.\nIf you aren't already signed in, choose the Azure icon in the Activity bar, then in the **Azure: Functions** area, choose **Sign in to Azure**\nIf you're already signed in, go to the next step.\n5. Provide the following information at the prompts:\n\n\ta. **Select folder:** Choose a folder from your workspace or browse to one that contains your function app.\n\n\tb. **Select Subscription:** Choose the subscription to use.\n\n\tc. Select **Create new Function App in Azure** (Don't choose the Advanced option)\n\n\td. **Enter a globally unique name for the function app:** Type a name that is valid in a URL path. The name you type is validated to make sure that it's unique in Azure Functions. (e.g. Armorblox).\n\n\te. **Select a runtime:** Choose Python 3.8.\n\n\tf. Select a location for new resources. For better performance and lower costs choose the same [region](https://azure.microsoft.com/regions/) where Microsoft Sentinel is located.\n\n6. Deployment will begin. A notification is displayed after your function app is created and the deployment package is applied.\n7. Go to Azure Portal for the Function App configuration." + "description": "**1. Deploy a Function App**\n\n> **NOTE:** You will need to [prepare VS code](https://docs.microsoft.com/azure/azure-functions/functions-create-first-function-python#prerequisites) for Azure function development.\n\n1. Download the [Azure Function App](https://aka.ms/sentinel-armorblox-functionapp) file. Extract archive to your local development computer.\n2. Start VS Code. Choose File in the main menu and select Open Folder.\n3. Select the top level folder from extracted files.\n4. Choose the Azure icon in the Activity bar, then in the **Azure: Functions** area, choose the **Deploy to function app** button.\nIf you aren't already signed in, choose the Azure icon in the Activity bar, then in the **Azure: Functions** area, choose **Sign in to Azure**\nIf you're already signed in, go to the next step.\n5. Provide the following information at the prompts:\n\n\ta. **Select folder:** Choose a folder from your workspace or browse to one that contains your function app.\n\n\tb. **Select Subscription:** Choose the subscription to use.\n\n\tc. Select **Create new Function App in Azure** (Don't choose the Advanced option)\n\n\td. **Enter a globally unique name for the function app:** Type a name that is valid in a URL path. The name you type is validated to make sure that it's unique in Azure Functions. (e.g. Armorblox).\n\n\te. **Select a runtime:** Choose Python 3.11.\n\n\tf. Select a location for new resources. For better performance and lower costs choose the same [region](https://azure.microsoft.com/regions/) where Microsoft Sentinel is located.\n\n6. Deployment will begin. A notification is displayed after your function app is created and the deployment package is applied.\n7. Go to Azure Portal for the Function App configuration." }, { "description": "**2. Configure the Function App**\n\n1. In the Function App, select the Function App Name and select **Configuration**.\n2. In the **Application settings** tab, select ** New application setting**.\n3. Add each of the following application settings individually, with their respective string values (case-sensitive): \n\t\tArmorbloxAPIToken\n\t\tArmorbloxInstanceName OR ArmorbloxInstanceURL\n\t\tWorkspaceID\n\t\tWorkspaceKey\n\t\tLogAnalyticsUri (optional)\n> - Use LogAnalyticsUri to override the log analytics API endpoint for dedicated cloud. For example, for public cloud, leave the value empty; for Azure GovUS cloud environment, specify the value in the following format: `https://.ods.opinsights.azure.us`.\n4. Once all application settings have been entered, click **Save**." @@ -416,7 +417,7 @@ "title": "Option 2 - Manual Deployment of Azure Functions" }, { - "description": "**1. Deploy a Function App**\n\n> **NOTE:** You will need to [prepare VS code](https://docs.microsoft.com/azure/azure-functions/functions-create-first-function-python#prerequisites) for Azure function development.\n\n1. Download the [Azure Function App](https://aka.ms/sentinel-armorblox-functionapp) file. Extract archive to your local development computer.\n2. Start VS Code. Choose File in the main menu and select Open Folder.\n3. Select the top level folder from extracted files.\n4. Choose the Azure icon in the Activity bar, then in the **Azure: Functions** area, choose the **Deploy to function app** button.\nIf you aren't already signed in, choose the Azure icon in the Activity bar, then in the **Azure: Functions** area, choose **Sign in to Azure**\nIf you're already signed in, go to the next step.\n5. Provide the following information at the prompts:\n\n\ta. **Select folder:** Choose a folder from your workspace or browse to one that contains your function app.\n\n\tb. **Select Subscription:** Choose the subscription to use.\n\n\tc. Select **Create new Function App in Azure** (Don't choose the Advanced option)\n\n\td. **Enter a globally unique name for the function app:** Type a name that is valid in a URL path. The name you type is validated to make sure that it's unique in Azure Functions. (e.g. Armorblox).\n\n\te. **Select a runtime:** Choose Python 3.8.\n\n\tf. Select a location for new resources. For better performance and lower costs choose the same [region](https://azure.microsoft.com/regions/) where Microsoft Sentinel is located.\n\n6. Deployment will begin. A notification is displayed after your function app is created and the deployment package is applied.\n7. Go to Azure Portal for the Function App configuration." + "description": "**1. Deploy a Function App**\n\n> **NOTE:** You will need to [prepare VS code](https://docs.microsoft.com/azure/azure-functions/functions-create-first-function-python#prerequisites) for Azure function development.\n\n1. Download the [Azure Function App](https://aka.ms/sentinel-armorblox-functionapp) file. Extract archive to your local development computer.\n2. Start VS Code. Choose File in the main menu and select Open Folder.\n3. Select the top level folder from extracted files.\n4. Choose the Azure icon in the Activity bar, then in the **Azure: Functions** area, choose the **Deploy to function app** button.\nIf you aren't already signed in, choose the Azure icon in the Activity bar, then in the **Azure: Functions** area, choose **Sign in to Azure**\nIf you're already signed in, go to the next step.\n5. Provide the following information at the prompts:\n\n\ta. **Select folder:** Choose a folder from your workspace or browse to one that contains your function app.\n\n\tb. **Select Subscription:** Choose the subscription to use.\n\n\tc. Select **Create new Function App in Azure** (Don't choose the Advanced option)\n\n\td. **Enter a globally unique name for the function app:** Type a name that is valid in a URL path. The name you type is validated to make sure that it's unique in Azure Functions. (e.g. Armorblox).\n\n\te. **Select a runtime:** Choose Python 3.11.\n\n\tf. Select a location for new resources. For better performance and lower costs choose the same [region](https://azure.microsoft.com/regions/) where Microsoft Sentinel is located.\n\n6. Deployment will begin. A notification is displayed after your function app is created and the deployment package is applied.\n7. Go to Azure Portal for the Function App configuration." }, { "description": "**2. Configure the Function App**\n\n1. In the Function App, select the Function App Name and select **Configuration**.\n2. In the **Application settings** tab, select ** New application setting**.\n3. Add each of the following application settings individually, with their respective string values (case-sensitive): \n\t\tArmorbloxAPIToken\n\t\tArmorbloxInstanceName OR ArmorbloxInstanceURL\n\t\tWorkspaceID\n\t\tWorkspaceKey\n\t\tLogAnalyticsUri (optional)\n> - Use LogAnalyticsUri to override the log analytics API endpoint for dedicated cloud. For example, for public cloud, leave the value empty; for Azure GovUS cloud environment, specify the value in the following format: `https://.ods.opinsights.azure.us`.\n4. Once all application settings have been entered, click **Save**." @@ -435,7 +436,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "ArmorbloxOverviewWorkbook Workbook with template version 3.0.0", + "description": "ArmorbloxOverview Workbook with template version 3.0.1", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('workbookVersion1')]", @@ -516,23 +517,23 @@ { "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", "apiVersion": "2023-04-01-preview", - "name": "[variables('analyticRuleTemplateSpecName1')]", + "name": "[variables('analyticRuleObject1').analyticRuleTemplateSpecName1]", "location": "[parameters('workspace-location')]", "dependsOn": [ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "ArmorbloxNeedsReviewAlert_AnalyticalRules Analytics Rule with template version 3.0.0", + "description": "ArmorbloxNeedsReviewAlert_AnalyticalRules Analytics Rule with template version 3.0.1", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "[variables('analyticRuleVersion1')]", + "contentVersion": "[variables('analyticRuleObject1').analyticRuleVersion1]", "parameters": {}, "variables": {}, "resources": [ { "type": "Microsoft.SecurityInsights/AlertRuleTemplates", - "name": "[variables('analyticRulecontentId1')]", - "apiVersion": "2022-04-01-preview", + "name": "[variables('analyticRuleObject1')._analyticRulecontentId1]", + "apiVersion": "2023-02-01-preview", "kind": "Scheduled", "location": "[parameters('workspace-location')]", "properties": { @@ -575,12 +576,12 @@ "aggregationKind": "AlertPerResult" }, "customDetails": { - "IncidentId": "id_s", - "RemediationAction": "remediation_actions_s" + "RemediationAction": "remediation_actions_s", + "IncidentId": "id_s" }, "alertDetailsOverride": { - "alertSeverityColumnName": "priority_s", "alertDisplayNameFormat": "Alert from Armorblox", + "alertSeverityColumnName": "priority_s", "alertDescriptionFormat": "Incident {{id_s}} generated at {{date_t}} needs review " } } @@ -588,13 +589,13 @@ { "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", "apiVersion": "2022-01-01-preview", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleId1'),'/'))))]", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject1').analyticRuleId1,'/'))))]", "properties": { "description": "Armorblox Analytics Rule 1", - "parentId": "[variables('analyticRuleId1')]", - "contentId": "[variables('_analyticRulecontentId1')]", + "parentId": "[variables('analyticRuleObject1').analyticRuleId1]", + "contentId": "[variables('analyticRuleObject1')._analyticRulecontentId1]", "kind": "AnalyticsRule", - "version": "[variables('analyticRuleVersion1')]", + "version": "[variables('analyticRuleObject1').analyticRuleVersion1]", "source": { "kind": "Solution", "name": "Armorblox", @@ -618,12 +619,12 @@ "packageName": "[variables('_solutionName')]", "packageId": "[variables('_solutionId')]", "contentSchemaVersion": "3.0.0", - "contentId": "[variables('_analyticRulecontentId1')]", + "contentId": "[variables('analyticRuleObject1')._analyticRulecontentId1]", "contentKind": "AnalyticsRule", "displayName": "Armorblox Needs Review Alert", - "contentProductId": "[variables('_analyticRulecontentProductId1')]", - "id": "[variables('_analyticRulecontentProductId1')]", - "version": "[variables('analyticRuleVersion1')]" + "contentProductId": "[variables('analyticRuleObject1')._analyticRulecontentProductId1]", + "id": "[variables('analyticRuleObject1')._analyticRulecontentProductId1]", + "version": "[variables('analyticRuleObject1').analyticRuleVersion1]" } }, { @@ -635,7 +636,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "Armorblox Playbook with template version 3.0.0", + "description": "Armorblox Playbook with template version 3.0.1", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('playbookVersion1')]", @@ -846,12 +847,12 @@ "apiVersion": "2023-04-01-preview", "location": "[parameters('workspace-location')]", "properties": { - "version": "3.0.0", + "version": "3.0.1", "kind": "Solution", "contentSchemaVersion": "3.0.0", "displayName": "Armorblox", - "publisherDisplayName": "armorblox", - "descriptionHtml": "

Note: There may be known issues pertaining to this Solution, please refer to them before installing.

\n

The Armorblox solution provides the capability to ingest incidents from your Armorblox instance into Microsoft Sentinel through the REST API.

\n

Underlying Microsoft Technologies used:

\n

This solution takes a dependency on the following technologies, and some of these dependencies either may be in Preview state or might result in additional ingestion or operational costs:

\n
    \n
  1. Azure Monitor HTTP Data Collector API

    \n
  2. \n
  3. Azure Functions

    \n
  4. \n
\n

Data Connectors: 1, Workbooks: 1, Analytic Rules: 1, Playbooks: 1

\n

Learn more about Microsoft Sentinel | Learn more about Solutions

\n", + "publisherDisplayName": "Armorblox", + "descriptionHtml": "

Note: Please refer to the following before installing the solution:

\n

• Review the solution Release Notes

\n

• There may be known issues pertaining to this Solution, please refer to them before installing.

\n

The Armorblox solution provides the capability to ingest incidents from your Armorblox instance into Microsoft Sentinel through the REST API.

\n

Underlying Microsoft Technologies used:

\n

This solution takes a dependency on the following technologies, and some of these dependencies either may be in Preview state or might result in additional ingestion or operational costs:

\n
    \n
  1. Azure Monitor HTTP Data Collector API

    \n
  2. \n
  3. Azure Functions

    \n
  4. \n
\n

Data Connectors: 1, Workbooks: 1, Analytic Rules: 1, Playbooks: 1

\n

Learn more about Microsoft Sentinel | Learn more about Solutions

\n", "contentKind": "Solution", "contentProductId": "[variables('_solutioncontentProductId')]", "id": "[variables('_solutioncontentProductId')]", @@ -887,8 +888,8 @@ }, { "kind": "AnalyticsRule", - "contentId": "[variables('analyticRulecontentId1')]", - "version": "[variables('analyticRuleVersion1')]" + "contentId": "[variables('analyticRuleObject1')._analyticRulecontentId1]", + "version": "[variables('analyticRuleObject1').analyticRuleVersion1]" }, { "kind": "Playbook", diff --git a/Solutions/Armorblox/Package/testParameters.json b/Solutions/Armorblox/Package/testParameters.json new file mode 100644 index 00000000000..364809847c0 --- /dev/null +++ b/Solutions/Armorblox/Package/testParameters.json @@ -0,0 +1,32 @@ +{ + "location": { + "type": "string", + "minLength": 1, + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Not used, but needed to pass arm-ttk test `Location-Should-Not-Be-Hardcoded`. We instead use the `workspace-location` which is derived from the LA workspace" + } + }, + "workspace-location": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "[concat('Region to deploy solution resources -- separate from location selection',parameters('location'))]" + } + }, + "workspace": { + "defaultValue": "", + "type": "string", + "metadata": { + "description": "Workspace name for Log Analytics where Microsoft Sentinel is setup" + } + }, + "workbook1-name": { + "type": "string", + "defaultValue": "Armorblox", + "minLength": 1, + "metadata": { + "description": "Name for the workbook" + } + } +} diff --git a/Solutions/Armorblox/ReleaseNotes.md b/Solutions/Armorblox/ReleaseNotes.md index f205fd0ba45..20547598aac 100644 --- a/Solutions/Armorblox/ReleaseNotes.md +++ b/Solutions/Armorblox/ReleaseNotes.md @@ -1,3 +1,4 @@ | **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** | |-------------|--------------------------------|---------------------------------------------| +| 3.0.1 | 11-09-2024 | Updated the python runtime version to 3.11 | | 3.0.0 | 23-11-2023 | Added entity mapping in **Analytical Rule** [Armorblox Needs Review Alert] | \ No newline at end of file