-
Notifications
You must be signed in to change notification settings - Fork 3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
4 changed files
with
538 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| { | ||
| "Name": "HYAS Protect", | ||
| "Author": "Hyas", | ||
| "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Hyas.svg\" width=\"75px\" height=\"75px\">", | ||
| "Description": "Built on the underpinning technology of HYAS Insight threat intelligence, HYAS Protect is a protective DNS solution that combines authoritative knowledge of attacker infrastructure and unrivaled domain-based intelligence to proactively enforce security and block the command and control (C2) communication used by malware, ransomware, phishing, and other forms of cyber attacks.", | ||
| "Workbooks": [], | ||
| "Playbooks": [], | ||
| "Data Connectors": [ | ||
| "Data Connectors/HYASProtect_FunctionApp.json" | ||
| ], | ||
| "Hunting Queries": [], | ||
| "BasePath": "D:/GitHub/Azure-Sentinel/Solutions/HYAS Protect", | ||
| "Version": "3.0.0", | ||
| "Metadata": "SolutionMetadata.json", | ||
| "TemplateSpec": true, | ||
| "Is1PConnector": false | ||
| } |
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,85 @@ | ||
| { | ||
| "$schema": "https://schema.management.azure.com/schemas/0.1.2-preview/CreateUIDefinition.MultiVm.json#", | ||
| "handler": "Microsoft.Azure.CreateUIDef", | ||
| "version": "0.1.2-preview", | ||
| "parameters": { | ||
| "config": { | ||
| "isWizard": false, | ||
| "basics": { | ||
| "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Hyas.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** _There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing._\n\nBuilt on the underpinning technology of HYAS Insight threat intelligence, HYAS Protect is a protective DNS solution that combines authoritative knowledge of attacker infrastructure and unrivaled domain-based intelligence to proactively enforce security and block the command and control (C2) communication used by malware, ransomware, phishing, and other forms of cyber attacks.\n\n**Data Connectors:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)", | ||
| "subscription": { | ||
| "resourceProviders": [ | ||
| "Microsoft.OperationsManagement/solutions", | ||
| "Microsoft.OperationalInsights/workspaces/providers/alertRules", | ||
| "Microsoft.Insights/workbooks", | ||
| "Microsoft.Logic/workflows" | ||
| ] | ||
| }, | ||
| "location": { | ||
| "metadata": { | ||
| "hidden": "Hiding location, we get it from the log analytics workspace" | ||
| }, | ||
| "visible": false | ||
| }, | ||
| "resourceGroup": { | ||
| "allowExisting": true | ||
| } | ||
| } | ||
| }, | ||
| "basics": [ | ||
| { | ||
| "name": "getLAWorkspace", | ||
| "type": "Microsoft.Solutions.ArmApiControl", | ||
| "toolTip": "This filters by workspaces that exist in the Resource Group selected", | ||
| "condition": "[greater(length(resourceGroup().name),0)]", | ||
| "request": { | ||
| "method": "GET", | ||
| "path": "[concat(subscription().id,'/providers/Microsoft.OperationalInsights/workspaces?api-version=2020-08-01')]" | ||
| } | ||
| }, | ||
| { | ||
| "name": "workspace", | ||
| "type": "Microsoft.Common.DropDown", | ||
| "label": "Workspace", | ||
| "placeholder": "Select a workspace", | ||
| "toolTip": "This dropdown will list only workspace that exists in the Resource Group selected", | ||
| "constraints": { | ||
| "allowedValues": "[map(filter(basics('getLAWorkspace').value, (filter) => contains(toLower(filter.id), toLower(resourceGroup().name))), (item) => parse(concat('{\"label\":\"', item.name, '\",\"value\":\"', item.name, '\"}')))]", | ||
| "required": true | ||
| }, | ||
| "visible": true | ||
| } | ||
| ], | ||
| "steps": [ | ||
| { | ||
| "name": "dataconnectors", | ||
| "label": "Data Connectors", | ||
| "bladeTitle": "Data Connectors", | ||
| "elements": [ | ||
| { | ||
| "name": "dataconnectors1-text", | ||
| "type": "Microsoft.Common.TextBlock", | ||
| "options": { | ||
| "text": "This Solution installs the data connector for HYAS Protect. You can get HYAS Protect custom log data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view." | ||
| } | ||
| }, | ||
| { | ||
| "name": "dataconnectors-link2", | ||
| "type": "Microsoft.Common.TextBlock", | ||
| "options": { | ||
| "link": { | ||
| "label": "Learn more about connecting data sources", | ||
| "uri": "https://docs.microsoft.com/azure/sentinel/connect-data-sources" | ||
| } | ||
| } | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "outputs": { | ||
| "workspace-location": "[first(map(filter(basics('getLAWorkspace').value, (filter) => and(contains(toLower(filter.id), toLower(resourceGroup().name)),equals(filter.name,basics('workspace')))), (item) => item.location))]", | ||
| "location": "[location()]", | ||
| "workspace": "[basics('workspace')]" | ||
| } | ||
| } | ||
| } |
Oops, something went wrong.