Updated createUiDefinition and Release Notes

Azure · Sep 22, 2023 · b57445f · b57445f
1 parent d90b9da
commit b57445f
Show file tree

Hide file tree

Showing 5 changed files with 254 additions and 109 deletions.
diff --git a/Solutions/Trend Micro Apex One/Data/Solution_Trend Micro Apex One.json b/Solutions/Trend Micro Apex One/Data/Solution_Trend Micro Apex One.json
@@ -8,7 +8,7 @@
 	"Data Connectors/template_TrendMicro_ApexOneAMA.json"
   ],
   "Parsers": [
-    "Parsers/TMApexOneEvent.txt"
+    "Parsers/TMApexOneEvent.yaml"
   ],
   "Workbooks": [
     "Workbooks/TrendMicroApexOne.json"

diff --git a/Solutions/Trend Micro Apex One/Package/3.0.0.zip b/Solutions/Trend Micro Apex One/Package/3.0.0.zip
diff --git a/Solutions/Trend Micro Apex One/Package/createUiDefinition.json b/Solutions/Trend Micro Apex One/Package/createUiDefinition.json
@@ -6,7 +6,7 @@
     "config": {
       "isWizard": false,
       "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Trend_Micro_Logo.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** _There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing._\n\nThe [Trend Micro Apex One](https://www.trendmicro.com/business/products/user-protection/sps/endpoint.htmlhttps:/www.trendmicro.com/business/products/user-protection/sps/endpoint.html) solution for Microsoft Sentinel enables ingestion of [Trend Micro Apex One events](https://docs.trendmicro.com/enterprise/trend-micro-apex-central-2019-online-help/appendices/syslog-mapping-cef.aspx) into Microsoft Sentinel. Refer to [Trend Micro Apex Central](https://docs.trendmicro.com/enterprise/trend-micro-apex-central-2019-online-help/preface_001.aspx) for more information. \n\r\n1. **Trend Micro Apex One via AMA** - This data connector helps in ingesting Trend Micro Apex One logs into your Log Analytics Workspace using the new Azure Monitor Agent. Learn more about ingesting using the new Azure Monitor Agent [here](https://learn.microsoft.com/azure/sentinel/connect-cef-ama). **Microsoft recommends using this Data Connector**.\n\r\n2. **Trend Micro Apex One via Legacy Agent** - This data connector helps in ingesting Trend Micro Apex One logs into your Log Analytics Workspace using the legacy Log Analytics agent.\n\n**NOTE:** Microsoft recommends installation of Trend Micro Apex One via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by **Aug 31, 2024,** and thus should only be installed where AMA is not supported. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).\n\n**Data Connectors:** 2, **Workbooks:** 1, **Analytic Rules:** 10, **Hunting Queries:** 10\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Trend_Micro_Logo.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \r \n • Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/OSSEC/ReleaseNotes.md)\r \n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Trend Micro Apex One](https://www.trendmicro.com/business/products/user-protection/sps/endpoint.htmlhttps:/www.trendmicro.com/business/products/user-protection/sps/endpoint.html) solution for Microsoft Sentinel enables ingestion of [Trend Micro Apex One events](https://docs.trendmicro.com/enterprise/trend-micro-apex-central-2019-online-help/appendices/syslog-mapping-cef.aspx) into Microsoft Sentinel. Refer to [Trend Micro Apex Central](https://docs.trendmicro.com/enterprise/trend-micro-apex-central-2019-online-help/preface_001.aspx) for more information. \n\r\n1. **Trend Micro Apex One via AMA** - This data connector helps in ingesting Trend Micro Apex One logs into your Log Analytics Workspace using the new Azure Monitor Agent. Learn more about ingesting using the new Azure Monitor Agent [here](https://learn.microsoft.com/azure/sentinel/connect-cef-ama). **Microsoft recommends using this Data Connector**.\n\r\n2. **Trend Micro Apex One via Legacy Agent** - This data connector helps in ingesting Trend Micro Apex One logs into your Log Analytics Workspace using the legacy Log Analytics agent.\n\n**NOTE:** Microsoft recommends installation of Trend Micro Apex One via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by **Aug 31, 2024,** and thus should only be installed where AMA is not supported. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).\n\n**Data Connectors:** 2, **Parsers:** 1, **Workbooks:** 1, **Analytic Rules:** 10, **Hunting Queries:** 10\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
         "subscription": {
           "resourceProviders": [
             "Microsoft.OperationsManagement/solutions",
@@ -60,14 +60,15 @@
             "name": "dataconnectors1-text",
             "type": "Microsoft.Common.TextBlock",
             "options": {
-              "text": "This Solution installs the data connector for Trend Micro Apex One. You can get Trend Micro Apex One CommonSecurityLog data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
+              "text": "The Trend Micro Apex One connector allows you to easily connect your Trend Micro Apex One events logs with Microsoft Sentinel. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
             }
           },
+
           {
             "name": "dataconnectors-parser-text",
             "type": "Microsoft.Common.TextBlock",
             "options": {
-              "text": "The Solution installs a parser that transforms the ingested data into Microsoft Sentinel normalized format. The normalized format enables better correlation of different types of data from different data sources to drive end-to-end outcomes seamlessly in security monitoring, hunting, incident investigation and response scenarios in Microsoft Sentinel."
+              "text": "The solution installs a parser that transforms ingested data. The transformed logs can be accessed using the TMApexOneEvent Kusto Function alias."
             }
           },
           {
@@ -79,13 +80,6 @@
                 "uri": "https://docs.microsoft.com/azure/sentinel/connect-data-sources"
               }
             }
-          },
-          {
-            "name": "dataconnectors2-text",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
-              "text": "This Solution installs the data connector for Trend Micro Apex One. You can get Trend Micro Apex One CommonSecurityLog data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
-            }
           }
         ]
       },
@@ -102,7 +96,7 @@
             "name": "workbooks-text",
             "type": "Microsoft.Common.TextBlock",
             "options": {
-              "text": "This solution installs workbook(s) to help you gain insights into the telemetry collected in Microsoft Sentinel. After installing the solution, start using the workbook in Manage solution view."
+              "text": "The workbook installed with the Trend Micro Apex One help’s you gain insights into the telemetry collected in Microsoft Sentinel. After installing the solution, start using the workbook in Manage solution view."
             }
           },
           {
@@ -308,7 +302,7 @@
             "name": "huntingqueries-text",
             "type": "Microsoft.Common.TextBlock",
             "options": {
-              "text": "This solution installs the following hunting queries. After installing the solution, run these hunting queries to hunt for threats in Manage solution view. "
+              "text": "This solution installs the following hunting queries. After installing the solution, run these hunting queries to hunt for threats in Manage solution view."
             }
           },
           {
@@ -330,7 +324,7 @@
                 "name": "huntingquery1-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Shows behavior monitoring actions taken for files. This hunting query depends on TrendMicroApexOne TrendMicroApexOneAma data connector (TMApexOneEvent TMApexOneEvent Parser or Table)"
+                  "text": "Shows behavior monitoring actions taken for files. This hunting query depends on TrendMicroApexOne data connector (TMApexOneEvent Parser or Table)"
                 }
               }
             ]
@@ -344,7 +338,7 @@
                 "name": "huntingquery2-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Shows behavior monitoring operations by users. This hunting query depends on TrendMicroApexOne TrendMicroApexOneAma data connector (TMApexOneEvent TMApexOneEvent Parser or Table)"
+                  "text": "Shows behavior monitoring operations by users. This hunting query depends on TrendMicroApexOne data connector (TMApexOneEvent Parser or Table)"
                 }
               }
             ]
@@ -358,7 +352,7 @@
                 "name": "huntingquery3-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Shows behavior monitoring triggered policy by command line. This hunting query depends on TrendMicroApexOne TrendMicroApexOneAma data connector (TMApexOneEvent TMApexOneEvent Parser or Table)"
+                  "text": "Shows behavior monitoring triggered policy by command line. This hunting query depends on TrendMicroApexOne data connector (TMApexOneEvent Parser or Table)"
                 }
               }
             ]
@@ -372,7 +366,7 @@
                 "name": "huntingquery4-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Shows behavior monitoring event types. This hunting query depends on TrendMicroApexOne TrendMicroApexOneAma data connector (TMApexOneEvent TMApexOneEvent Parser or Table)"
+                  "text": "Shows behavior monitoring event types. This hunting query depends on TrendMicroApexOne data connector (TMApexOneEvent Parser or Table)"
                 }
               }
             ]
@@ -386,7 +380,7 @@
                 "name": "huntingquery5-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Shows channel type. This hunting query depends on TrendMicroApexOne TrendMicroApexOneAma data connector (TMApexOneEvent TMApexOneEvent Parser or Table)"
+                  "text": "Shows channel type. This hunting query depends on TrendMicroApexOne data connector (TMApexOneEvent Parser or Table)"
                 }
               }
             ]
@@ -400,7 +394,7 @@
                 "name": "huntingquery6-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Shows data loss prevention action by IP address. This hunting query depends on TrendMicroApexOne TrendMicroApexOneAma data connector (TMApexOneEvent TMApexOneEvent Parser or Table)"
+                  "text": "Shows data loss prevention action by IP address. This hunting query depends on TrendMicroApexOne data connector (TMApexOneEvent Parser or Table)"
                 }
               }
             ]
@@ -414,7 +408,7 @@
                 "name": "huntingquery7-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Query searches rare application protocols by Ip address. This hunting query depends on TrendMicroApexOne TrendMicroApexOneAma data connector (TMApexOneEvent TMApexOneEvent Parser or Table)"
+                  "text": "Query searches rare application protocols by Ip address. This hunting query depends on TrendMicroApexOne data connector (TMApexOneEvent Parser or Table)"
                 }
               }
             ]
@@ -428,7 +422,7 @@
                 "name": "huntingquery8-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Query searches spyware detection events. This hunting query depends on TrendMicroApexOne TrendMicroApexOneAma data connector (TMApexOneEvent TMApexOneEvent Parser or Table)"
+                  "text": "Query searches spyware detection events. This hunting query depends on TrendMicroApexOne data connector (TMApexOneEvent Parser or Table)"
                 }
               }
             ]
@@ -442,7 +436,7 @@
                 "name": "huntingquery9-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Query searches suspicious files events. This hunting query depends on TrendMicroApexOne TrendMicroApexOneAma data connector (TMApexOneEvent TMApexOneEvent Parser or Table)"
+                  "text": "Query searches suspicious files events. This hunting query depends on TrendMicroApexOne data connector (TMApexOneEvent Parser or Table)"
                 }
               }
             ]
@@ -456,7 +450,7 @@
                 "name": "huntingquery10-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Query shows list of top sources with alerts. This hunting query depends on TrendMicroApexOne TrendMicroApexOneAma data connector (TMApexOneEvent TMApexOneEvent Parser or Table)"
+                  "text": "Query shows list of top sources with alerts. This hunting query depends on TrendMicroApexOne data connector (TMApexOneEvent Parser or Table)"
                 }
               }
             ]