Merge pull request #8899 from Azure/v-mchatla/JuniperSRX-ParserUpdate

Juniper SRX - Parser change as part of IcM 409297750
Azure · Aug 31, 2023 · d519917 · d519917
2 parents 7a47b36 + 2569701
commit d519917
Show file tree

Hide file tree

Showing 6 changed files with 81 additions and 70 deletions.
diff --git a/Solutions/Juniper SRX/Data/Solution_Juniper SRX.json b/Solutions/Juniper SRX/Data/Solution_Juniper SRX.json
@@ -10,7 +10,7 @@
     "Parsers/JuniperSRX.txt"
   ],
   "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\Juniper SRX",
-  "Version": "2.0.3",
+  "Version": "3.0.0",
   "Metadata": "SolutionMetadata.json",
   "TemplateSpec": true,
   "Is1Pconnector": false

diff --git a/Solutions/Juniper SRX/Package/3.0.0.zip b/Solutions/Juniper SRX/Package/3.0.0.zip
diff --git a/Solutions/Juniper SRX/Package/createUiDefinition.json b/Solutions/Juniper SRX/Package/createUiDefinition.json
@@ -6,7 +6,7 @@
     "config": {
       "isWizard": false,
       "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** _There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing._\n\nThe [Juniper SRX](https://www.juniper.net/us/en/products/security/srx-series.html) solution for Microsoft Sentinel enables you to ingest Juniper SRX traffic and system logs into Microsoft Sentinel.\n\n**Underlying Microsoft Technologies used:**\n\nThis solution is dependent on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\n\na. [Agent-based log collection (Syslog)](https://docs.microsoft.com/azure/sentinel/connect-syslog)\n\n**Data Connectors:** 1, **Parsers:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \r \n • Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Juniper%20SRX/ReleaseNotes.md)\r \n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution.\n\nThe [Juniper SRX](https://www.juniper.net/us/en/products/security/srx-series.html) solution for Microsoft Sentinel enables you to ingest Juniper SRX traffic and system logs into Microsoft Sentinel.\n\n**Underlying Microsoft Technologies used:**\n\nThis solution is dependent on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\n\na. [Agent-based log collection (Syslog)](https://docs.microsoft.com/azure/sentinel/connect-syslog)\n\n**Data Connectors:** 1, **Parsers:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
         "subscription": {
           "resourceProviders": [
             "Microsoft.OperationsManagement/solutions",
@@ -89,4 +89,4 @@
       "workspace": "[basics('workspace')]"
     }
   }
-}
+}
diff --git a/Solutions/Juniper SRX/Package/mainTemplate.json b/Solutions/Juniper SRX/Package/mainTemplate.json
diff --git a/Solutions/Juniper SRX/Parsers/JuniperSRX.yaml b/Solutions/Juniper SRX/Parsers/JuniperSRX.yaml
@@ -86,10 +86,12 @@ FunctionQuery: |
              Substring = tostring(Parser[12])
     | extend Parser2 = extract_all(@"(0x0/s)?([\S]+)\s([\S]+)\s([\S]+)\s([\S]+)\s(\d+)\s([\S]+)\s([\S]+)\s([\S]+)\s(\d+)",dynamic([1,2,3,4,5,6,7,8,9,10]), Substring)
     | mvexpand Parser2
-    | extend ProtocolId = toint(Parser2[5]),
+    | extend SrcNatRuleName = tostring(Parser2[2]),
+             DstNatRuleName = tostring(Parser2[4]),
+             ProtocolId = toint(Parser2[5]),
              PolicyName = tostring(Parser2[6]),
-             SrcNatRuleName = tostring(Parser2[7]),
-             DstNatRuleName = tostring(Parser2[8]),
+             SourceZoneName = tostring(Parser2[7]),
+             DestinationZoneName = tostring(Parser2[8]),
              SessionId = toint(Parser2[9])
     | project-away Parser, Parser2, Substring;
     let AllOtherEvents = LogHeader

diff --git a/Solutions/Juniper SRX/ReleaseNotes.md b/Solutions/Juniper SRX/ReleaseNotes.md
@@ -0,0 +1,4 @@
+| **Version** | **Date Modified (DD-MM-YYYY)** | **Change History**                               |
+|-------------|--------------------------------|--------------------------------------------------|
+| 3.0.0       | 29-08-2023                     | Modified the **Parser** to process Zone Details  | 
+