Merge pull request #8986 from Azure/v-atulyadav/GCPCommandCenter

Google Cloud Platform Security Command Center Packaging

Solutions/Google Cloud Platform Security Command Center/Data Connectors/GCPSecurityCommandCenter.json

@@ -0,0 +1,103 @@
+{
+"id": "GoogleSCCDefinition",
+"title": "Google Security Command Center",
+"publisher": "Microsoft",
+"descriptionMarkdown": "The Google Cloud Platform (GCP) Security Command Center is a comprehensive security and risk management platform for Google Cloud, ingested from Sentinel's connector. It offers features such as asset inventory and discovery, vulnerability and threat detection, and risk mitigation and remediation to help you gain insight into your organization's security and data attack surface. This integration enables you to perform tasks related to findings and assets more effectively.",
+"graphQueriesTableName": "GoogleCloudSCC",
+"graphQueries": [
+	{
+		"metricName": "Total events received",
+		"legend": "Google Security Command Center",
+		"baseQuery": "{{graphQueriesTableName}}"
+	}
+],
+"sampleQueries": [
+	{
+		"description": "Get Sample of Google SCC",
+		"query": "{{graphQueriesTableName}}\n | take 10"
+	}
+],
+"dataTypes": [
+	{
+		"name": "{{graphQueriesTableName}}",
+		"lastDataReceivedQuery": "{{graphQueriesTableName}}\n            | where TimeGenerated > ago(12h) | where name_s == \"no data test\"               | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
+	}
+],
+"connectivityCriteria": [
+	{
+		"type": "HasDataConnectors",
+		"value": null
+	}
+],
+"availability": {
+	"status": 1,
+	"isPreview": true
+},
+"permissions": {
+	"tenant": null,
+	"licenses": null,
+	"resourceProvider": [
+		{
+			"provider": "Microsoft.OperationalInsights/workspaces",
+			"permissionsDisplayText": "Read and Write permissions are required.",
+			"providerDisplayName": "Workspace",
+			"scope": "Workspace",
+			"requiredPermissions": {
+				"read": true,
+				"write": true,
+				"delete": true,
+				"action": false
+			}
+		},
+		{
+			"provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
+			"permissionsDisplayText": "Read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key)",
+			"providerDisplayName": "Keys",
+			"scope": "Workspace",
+			"requiredPermissions": {
+				"read": false,
+				"write": false,
+				"delete": false,
+				"action": true
+			}
+		}
+	]
+},
+"instructionSteps": [
+				{
+					"instructions": [
+						{
+							"type": "Markdown",
+							"parameters": {
+								"content": "#### 1. Set up your GCP environment \n You must have the following GCP resources defined and configured: topic, subscription for the topic, workload identity pool, workload identity provider and service account with permissions to get and consume from subscription. \n Terraform provides API for the IAM that creates the resources. [Link to Terraform scripts](https://github.com/Azure/Azure-Sentinel/tree/master/DataConnectors/GCP/Terraform/sentinel_resources_creation)."
+							}
+						},
+						{
+							"type": "CopyableLabel",
+							"parameters": {
+								"label": "Tenant ID: A unique identifier that is used as an input in the Terraform configuration within a GCP environment.",
+								"fillWith": [
+									"TenantId"
+								],
+								"name": "PoolId",
+								"disabled": true
+							}
+						},
+						{
+							"type": "Markdown",
+							"parameters": {
+								"content": "#### 2. Connect new collectors \n To enable GCP SCC for Microsoft Sentinel, click the Add new collector button, fill the required information in the context pane and click on Connect."
+							}
+						},
+						{
+							"type": "GCPGrid",
+							"parameters": {}
+						},
+						{
+							"type": "GCPContextPane",
+							"parameters": {}
+						}
+					]
+				}
+			]
+}

Solutions/Google Cloud Platform Security Command Center/Data/Solution_Google Cloud Platform Security Command Center.json

@@ -0,0 +1,14 @@
+{
+  "Name": "Google Cloud Platform Security Command Center",
+  "Author": "Microsoft - support@microsoft.com",
+  "Logo": "<img src ='https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/google_logo.svg' width='75px' height='75px'>",
+  "Description": "The Google Cloud Platform (GCP) Security Command Center is a comprehensive security and risk management platform for Google Cloud, ingested from Sentinel's connector. It offers features such as asset inventory and discovery, vulnerability and threat detection, and risk mitigation and remediation to help you gain insight into your organization's security and data attack surface. This integration enables you to perform tasks related to findings and assets more effectively.",
+   "Data Connectors": [
+    "Data Connectors/GCPSecurityCommandCenter.json"
+  ],
+  "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\Google Cloud Platform Security Command Center\\",
+  "Version": "3.0.0",
+  "TemplateSpec": true,
+  "Is1PConnector": true,
+  "Metadata": "SolutionMetadata.json"
+}

Solutions/Google Cloud Platform Security Command Center/Data/system_generated_metadata.json

@@ -0,0 +1,29 @@
+{
+  "Name": "Google Cloud Platform Security Command Center",
+  "Author": "Microsoft - support@microsoft.com",
+  "Logo": "<img src ='https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/google_logo.svg' width='75px' height='75px'>",
+  "Description": "The Google Cloud Platform (GCP) Security Command Center is a comprehensive security and risk management platform for Google Cloud, ingested from Sentinel's connector. It offers features such as asset inventory and discovery, vulnerability and threat detection, and risk mitigation and remediation to help you gain insight into your organization's security and data attack surface. This integration enables you to perform tasks related to findings and assets more effectively.",
+  "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\Google Cloud Platform Security Command Center\\",
+  "Version": "3.0.0",
+  "TemplateSpec": true,
+  "Is1PConnector": true,
+  "Metadata": "SolutionMetadata.json",
+  "publisherId": "azuresentinel",
+  "offerId": "azure-sentinel-solution-gcpsecuritycommandcenter",
+  "providers": [
+    "Microsoft"
+  ],
+  "categories": {
+    "domains": [
+      "Security - Cloud Security"
+    ]
+  },
+  "firstPublishDate": "2023-09-11",
+  "support": {
+    "name": "Microsoft Corporation",
+    "email": "support@microsoft.com",
+    "tier": "Microsoft",
+    "link": "https://support.microsoft.com"
+  },
+  "Data Connectors": "[\n  \"Data Connectors/GCPSecurityCommandCenter.json\"\n]"
+}

Solutions/Google Cloud Platform Security Command Center/Package/createUiDefinition.json

@@ -0,0 +1,85 @@
+{
+  "$schema": "https://schema.management.azure.com/schemas/0.1.2-preview/CreateUIDefinition.MultiVm.json#",
+  "handler": "Microsoft.Azure.CreateUIDef",
+  "version": "0.1.2-preview",
+  "parameters": {
+    "config": {
+      "isWizard": false,
+      "basics": {
+        "description": "<img src ='https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/google_logo.svg' width='75px' height='75px'>\n\n**Note:** Please refer to the following before installing the solution: \r \n • Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Google Cloud Platform Security Command Center/ReleaseNotes.md)\r \n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe Google Cloud Platform (GCP) Security Command Center is a comprehensive security and risk management platform for Google Cloud, ingested from Sentinel's connector. It offers features such as asset inventory and discovery, vulnerability and threat detection, and risk mitigation and remediation to help you gain insight into your organization's security and data attack surface. This integration enables you to perform tasks related to findings and assets more effectively.\n\n**Data Connectors:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "subscription": {
+          "resourceProviders": [
+            "Microsoft.OperationsManagement/solutions",
+            "Microsoft.OperationalInsights/workspaces/providers/alertRules",
+            "Microsoft.Insights/workbooks",
+            "Microsoft.Logic/workflows"
+          ]
+        },
+        "location": {
+          "metadata": {
+            "hidden": "Hiding location, we get it from the log analytics workspace"
+          },
+          "visible": false
+        },
+        "resourceGroup": {
+          "allowExisting": true
+        }
+      }
+    },
+    "basics": [
+      {
+        "name": "getLAWorkspace",
+        "type": "Microsoft.Solutions.ArmApiControl",
+        "toolTip": "This filters by workspaces that exist in the Resource Group selected",
+        "condition": "[greater(length(resourceGroup().name),0)]",
+        "request": {
+          "method": "GET",
+          "path": "[concat(subscription().id,'/providers/Microsoft.OperationalInsights/workspaces?api-version=2020-08-01')]"
+        }
+      },
+      {
+        "name": "workspace",
+        "type": "Microsoft.Common.DropDown",
+        "label": "Workspace",
+        "placeholder": "Select a workspace",
+        "toolTip": "This dropdown will list only workspace that exists in the Resource Group selected",
+        "constraints": {
+          "allowedValues": "[map(filter(basics('getLAWorkspace').value, (filter) => contains(toLower(filter.id), toLower(resourceGroup().name))), (item) => parse(concat('{\"label\":\"', item.name, '\",\"value\":\"', item.name, '\"}')))]",
+          "required": true
+        },
+        "visible": true
+      }
+    ],
+    "steps": [
+      {
+        "name": "dataconnectors",
+        "label": "Data Connectors",
+        "bladeTitle": "Data Connectors",
+        "elements": [
+          {
+            "name": "dataconnectors1-text",
+            "type": "Microsoft.Common.TextBlock",
+            "options": {
+              "text": "This Solution installs the data connector for Google Cloud Platform Security Command Center. You can get Google Cloud Platform Security Command Center custom log data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
+            }
+          },
+          {
+            "name": "dataconnectors-link2",
+            "type": "Microsoft.Common.TextBlock",
+            "options": {
+              "link": {
+                "label": "Learn more about connecting data sources",
+                "uri": "https://docs.microsoft.com/azure/sentinel/connect-data-sources"
+              }
+            }
+          }
+        ]
+      }
+    ],
+    "outputs": {
+      "workspace-location": "[first(map(filter(basics('getLAWorkspace').value, (filter) => and(contains(toLower(filter.id), toLower(resourceGroup().name)),equals(filter.name,basics('workspace')))), (item) => item.location))]",
+      "location": "[location()]",
+      "workspace": "[basics('workspace')]"
+    }
+  }
+}