Repackaging-BoxSolution

Azure · Jun 14, 2023 · c204dd7 · c204dd7
1 parent 1c58ab2
commit c204dd7
Show file tree

Hide file tree

Showing 4 changed files with 154 additions and 109 deletions.
diff --git a/Solutions/Box/Data/Solution_Box.json b/Solutions/Box/Data/Solution_Box.json
@@ -37,7 +37,7 @@
 	"Analytic Rules/BoxUserRoleChangedToOwner.yaml"
   ],
   "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\Box",
-  "Version": "2.0.0",
+  "Version": "2.0.2",
   "Metadata": "SolutionMetadata.json",
    "TemplateSpec": true,
   "Is1PConnector": false

diff --git a/Solutions/Box/Package/2.0.2.zip b/Solutions/Box/Package/2.0.2.zip
diff --git a/Solutions/Box/Package/createUiDefinition.json b/Solutions/Box/Package/createUiDefinition.json
@@ -6,7 +6,7 @@
     "config": {
       "isWizard": false,
       "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/Box/Workbooks/Images/Logo/box.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** _There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing._\n\nThe [Box](https://developer.box.com/guides/events/enterprise-events/for-enterprise/) solution connector provides the capability to ingest [Box enterprise's events](https://developer.box.com/guides/events/#admin-events) into Microsoft Sentinel using the Box REST API \r\n \r\n \r\n  **Underlying Microsoft Technologies used:** \r\n \r\n This solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\r\n \r\n a. [Azure Monitor HTTP Data Collector API](https://docs.microsoft.com/azure/azure-monitor/logs/data-collector-api) \r\n \r\n b. [Azure Functions ](https://azure.microsoft.com/services/functions/#overview)\n\n**Data Connectors:** 1, **Parsers:** 1, **Workbooks:** 1, **Analytic Rules:** 10, **Hunting Queries:** 10\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/Box/Workbooks/Images/Logo/box.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** _There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing._\n\nThe [Box](https://developer.box.com/guides/events/enterprise-events/for-enterprise/) solution connector provides the capability to ingest [Box enterprise's events](https://developer.box.com/guides/events/#admin-events) into Microsoft Sentinel using the Box REST API \r\n \r\n **Underlying Microsoft Technologies used:** \r\n \r\n This solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\r\n \r\n a. [Azure Monitor HTTP Data Collector API](https://docs.microsoft.com/azure/azure-monitor/logs/data-collector-api) \r\n \r\n b. [Azure Functions ](https://azure.microsoft.com/services/functions/#overview)\n\n**Data Connectors:** 1, **Parsers:** 1, **Workbooks:** 1, **Analytic Rules:** 10, **Hunting Queries:** 10\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
         "subscription": {
           "resourceProviders": [
             "Microsoft.OperationsManagement/solutions",
@@ -107,6 +107,20 @@
                 "uri": "https://docs.microsoft.com/azure/sentinel/tutorial-monitor-your-data"
               }
             }
+          },
+          {
+            "name": "workbook1",
+            "type": "Microsoft.Common.Section",
+            "label": "Box",
+            "elements": [
+              {
+                "name": "workbook1-text",
+                "type": "Microsoft.Common.TextBlock",
+                "options": {
+                  "text": "Sets the time name for analysis"
+                }
+              }
+            ]
           }
         ]
       },
@@ -309,7 +323,7 @@
                 "name": "huntingquery1-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Query shows iplist for admin users. You can check for suspicious IPs or new IPs. It depends on the BoxDataConnector data connector and BoxEvents_CL data type and BoxDataConnector parser."
+                  "text": "Query shows iplist for admin users. You can check for suspicious IPs or new IPs. This hunting query depends on BoxDataConnector data connector (BoxEvents_CL Parser or Table)"
                 }
               }
             ]
@@ -323,7 +337,7 @@
                 "name": "huntingquery2-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Query shows deleted user accounts. It depends on the BoxDataConnector data connector and BoxEvents_CL data type and BoxDataConnector parser."
+                  "text": "Query shows deleted user accounts. This hunting query depends on BoxDataConnector data connector (BoxEvents_CL Parser or Table)"
                 }
               }
             ]
@@ -337,7 +351,7 @@
                 "name": "huntingquery3-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Query shows inactive admin accounts (admin users which last login time is more than 30 days). It depends on the BoxDataConnector data connector and BoxEvents_CL data type and BoxDataConnector parser."
+                  "text": "Query shows inactive admin accounts (admin users which last login time is more than 30 days). This hunting query depends on BoxDataConnector data connector (BoxEvents_CL Parser or Table)"
                 }
               }
             ]
@@ -351,7 +365,7 @@
                 "name": "huntingquery4-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Query shows inactive user accounts (users which last login time is more than 30 days). It depends on the BoxDataConnector data connector and BoxEvents_CL data type and BoxDataConnector parser."
+                  "text": "Query shows inactive user accounts (users which last login time is more than 30 days). This hunting query depends on BoxDataConnector data connector (BoxEvents_CL Parser or Table)"
                 }
               }
             ]
@@ -365,7 +379,7 @@
                 "name": "huntingquery5-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Query shows new user accounts. It depends on the BoxDataConnector data connector and BoxEvents_CL data type and BoxDataConnector parser."
+                  "text": "Query shows new user accounts. This hunting query depends on BoxDataConnector data connector (BoxEvents_CL Parser or Table)"
                 }
               }
             ]
@@ -379,7 +393,7 @@
                 "name": "huntingquery6-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Query searches for potentially suspicious files or files which can contain sensitive information such as passwords, secrets. It depends on the BoxDataConnector data connector and BoxEvents_CL data type and BoxDataConnector parser."
+                  "text": "Query searches for potentially suspicious files or files which can contain sensitive information such as passwords, secrets. This hunting query depends on BoxDataConnector data connector (BoxEvents_CL Parser or Table)"
                 }
               }
             ]
@@ -393,7 +407,7 @@
                 "name": "huntingquery7-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Query shows downloaded data volume per user. It depends on the BoxDataConnector data connector and BoxEvents_CL data type and BoxDataConnector parser."
+                  "text": "Query shows downloaded data volume per user. This hunting query depends on BoxDataConnector data connector (BoxEvents_CL Parser or Table)"
                 }
               }
             ]
@@ -407,7 +421,7 @@
                 "name": "huntingquery8-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Query shows user permissions(groups) changes. It depends on the BoxDataConnector data connector and BoxEvents_CL data type and BoxDataConnector parser."
+                  "text": "Query shows user permissions(groups) changes. This hunting query depends on BoxDataConnector data connector (BoxEvents_CL Parser or Table)"
                 }
               }
             ]
@@ -421,7 +435,7 @@
                 "name": "huntingquery9-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Query shows uploaded data volume per user. It depends on the BoxDataConnector data connector and BoxEvents_CL data type and BoxDataConnector parser."
+                  "text": "Query shows uploaded data volume per user. This hunting query depends on BoxDataConnector data connector (BoxEvents_CL Parser or Table)"
                 }
               }
             ]
@@ -435,7 +449,7 @@
                 "name": "huntingquery10-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Query shows users with newly added owner permissions. It depends on the BoxDataConnector data connector and BoxEvents_CL data type and BoxDataConnector parser."
+                  "text": "Query shows users with newly added owner permissions. This hunting query depends on BoxDataConnector data connector (BoxEvents_CL Parser or Table)"
                 }
               }
             ]