Skip to content

Commit

Permalink
Repackage - PingFederate
Browse files Browse the repository at this point in the history
  • Loading branch information
@v-rusraut
v-rusraut committed Nov 22, 2024
1 parent 3e97abb commit e1558fc
Show file tree
Hide file tree
Showing 26 changed files with 116 additions and 1,100 deletions.
8 changes: 1 addition & 7 deletions Solutions/PingFederate/Analytic Rules/PingFederateAbnormalPasswordResetsAttempts.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,12 +5,6 @@ description: |
severity: High
status: Available
requiredDataConnectors:
- connectorId: PingFederate
dataTypes:
- PingFederateEvent
- connectorId: PingFederateAma
dataTypes:
- PingFederateEvent
- connectorId: CefAma
dataTypes:
- CommonSecurityLog
Expand All @@ -34,5 +28,5 @@ entityMappings:
fieldMappings:
- identifier: Name
columnName: AccountCustomEntity
version: 1.0.2
version: 1.0.3
kind: Scheduled
8 changes: 1 addition & 7 deletions Solutions/PingFederate/Analytic Rules/PingFederateAuthFromNewSource.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,12 +5,6 @@ description: |
severity: Low
status: Available
requiredDataConnectors:
- connectorId: PingFederate
dataTypes:
- PingFederateEvent
- connectorId: PingFederateAma
dataTypes:
- PingFederateEvent
- connectorId: CefAma
dataTypes:
- CommonSecurityLog
Expand Down Expand Up @@ -44,5 +38,5 @@ entityMappings:
fieldMappings:
- identifier: Address
columnName: IpCustomEntity
version: 1.0.2
version: 1.0.3
kind: Scheduled
8 changes: 1 addition & 7 deletions Solutions/PingFederate/Analytic Rules/PingFederateForbiddenCountry.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,12 +5,6 @@ description: |
severity: High
status: Available
requiredDataConnectors:
- connectorId: PingFederate
dataTypes:
- PingFederateEvent
- connectorId: PingFederateAma
dataTypes:
- PingFederateEvent
- connectorId: CefAma
dataTypes:
- CommonSecurityLog
Expand Down Expand Up @@ -38,5 +32,5 @@ entityMappings:
fieldMappings:
- identifier: Address
columnName: IpCustomEntity
version: 1.0.2
version: 1.0.3
kind: Scheduled
8 changes: 1 addition & 7 deletions Solutions/PingFederate/Analytic Rules/PingFederateMultiplePasswordResetsForUser.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,12 +5,6 @@ description: |
severity: High
status: Available
requiredDataConnectors:
- connectorId: PingFederate
dataTypes:
- PingFederateEvent
- connectorId: PingFederateAma
dataTypes:
- PingFederateEvent
- connectorId: CefAma
dataTypes:
- CommonSecurityLog
Expand Down Expand Up @@ -38,5 +32,5 @@ entityMappings:
fieldMappings:
- identifier: Name
columnName: AccountCustomEntity
version: 1.0.2
version: 1.0.3
kind: Scheduled
8 changes: 1 addition & 7 deletions Solutions/PingFederate/Analytic Rules/PingFederateNewUserSSO.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,12 +5,6 @@ description: |
severity: Low
status: Available
requiredDataConnectors:
- connectorId: PingFederate
dataTypes:
- PingFederateEvent
- connectorId: PingFederateAma
dataTypes:
- PingFederateEvent
- connectorId: CefAma
dataTypes:
- CommonSecurityLog
Expand Down Expand Up @@ -40,5 +34,5 @@ entityMappings:
fieldMappings:
- identifier: Name
columnName: AccountCustomEntity
version: 1.0.2
version: 1.0.3
kind: Scheduled
8 changes: 1 addition & 7 deletions Solutions/PingFederate/Analytic Rules/PingFederateOauthOld.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,12 +5,6 @@ description: |
severity: Medium
status: Available
requiredDataConnectors:
- connectorId: PingFederate
dataTypes:
- PingFederateEvent
- connectorId: PingFederateAma
dataTypes:
- PingFederateEvent
- connectorId: CefAma
dataTypes:
- CommonSecurityLog
Expand Down Expand Up @@ -40,5 +34,5 @@ entityMappings:
fieldMappings:
- identifier: Address
columnName: IpCustomEntity
version: 1.0.2
version: 1.0.3
kind: Scheduled
8 changes: 1 addition & 7 deletions Solutions/PingFederate/Analytic Rules/PingFederatePasswordRstReqUnexpectedSource.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,12 +5,6 @@ description: |
severity: Medium
status: Available
requiredDataConnectors:
- connectorId: PingFederate
dataTypes:
- PingFederateEvent
- connectorId: PingFederateAma
dataTypes:
- PingFederateEvent
- connectorId: CefAma
dataTypes:
- CommonSecurityLog
Expand Down Expand Up @@ -43,5 +37,5 @@ entityMappings:
fieldMappings:
- identifier: Address
columnName: IpCustomEntity
version: 1.0.2
version: 1.0.3
kind: Scheduled
8 changes: 1 addition & 7 deletions Solutions/PingFederate/Analytic Rules/PingFederateSamlOld.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,12 +5,6 @@ description: |
severity: Medium
status: Available
requiredDataConnectors:
- connectorId: PingFederate
dataTypes:
- PingFederateEvent
- connectorId: PingFederateAma
dataTypes:
- PingFederateEvent
- connectorId: CefAma
dataTypes:
- CommonSecurityLog
Expand Down Expand Up @@ -40,5 +34,5 @@ entityMappings:
fieldMappings:
- identifier: Address
columnName: IpCustomEntity
version: 1.0.2
version: 1.0.3
kind: Scheduled
8 changes: 1 addition & 7 deletions Solutions/PingFederate/Analytic Rules/PingFederateUnexpectedAuthUrl.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,12 +5,6 @@ description: |
severity: Medium
status: Available
requiredDataConnectors:
- connectorId: PingFederate
dataTypes:
- PingFederateEvent
- connectorId: PingFederateAma
dataTypes:
- PingFederateEvent
- connectorId: CefAma
dataTypes:
- CommonSecurityLog
Expand Down Expand Up @@ -46,5 +40,5 @@ entityMappings:
fieldMappings:
- identifier: Address
columnName: IpCustomEntity
version: 1.0.2
version: 1.0.3
kind: Scheduled
8 changes: 1 addition & 7 deletions Solutions/PingFederate/Analytic Rules/PingFederateUnexpectedUserCountry.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,12 +5,6 @@ description: |
severity: Medium
status: Available
requiredDataConnectors:
- connectorId: PingFederate
dataTypes:
- PingFederateEvent
- connectorId: PingFederateAma
dataTypes:
- PingFederateEvent
- connectorId: CefAma
dataTypes:
- CommonSecurityLog
Expand Down Expand Up @@ -42,5 +36,5 @@ entityMappings:
fieldMappings:
- identifier: Address
columnName: IpCustomEntity
version: 1.0.2
version: 1.0.3
kind: Scheduled
8 changes: 1 addition & 7 deletions Solutions/PingFederate/Analytic Rules/PingFederateUnusualMailDomain.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,12 +5,6 @@ description: |
severity: Medium
status: Available
requiredDataConnectors:
- connectorId: PingFederate
dataTypes:
- PingFederateEvent
- connectorId: PingFederateAma
dataTypes:
- PingFederateEvent
- connectorId: CefAma
dataTypes:
- CommonSecurityLog
Expand Down Expand Up @@ -46,5 +40,5 @@ entityMappings:
fieldMappings:
- identifier: Address
columnName: IpCustomEntity
version: 1.0.2
version: 1.0.3
kind: Scheduled
8 changes: 2 additions & 6 deletions Solutions/PingFederate/Data/Solution_PingFederate.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
"Name": "PingFederate",
"Author": "Microsoft - support@microsoft.com",
"Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/PingFederate/Data%20Connectors/Logo/PingIdentity.svg\" width=\"75px\" height=\"75px\">",
"Description": "The [PingFederate](https://www.pingidentity.com/en/pingone/pingfederate.html) solution provides the capability to ingest [PingFederate](https://docs.pingidentity.com/bundle/pingfederate-102/page/lly1564002980532.html) events into Microsoft Sentinel. Refer to [PingFederate documentation](https://docs.pingidentity.com/bundle/pingfederate-102/page/tle1564002955874.html) for more information.\n\nThis solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.\n\n**NOTE:** Microsoft recommends installation of CEF via AMA Connector. The existing connectors are about to be deprecated by **Aug 31, 2024**.",
"Description": "The [PingFederate](https://www.pingidentity.com/en/pingone/pingfederate.html) solution provides the capability to ingest [PingFederate](https://docs.pingidentity.com/bundle/pingfederate-102/page/lly1564002980532.html) events into Microsoft Sentinel. Refer to [PingFederate documentation](https://docs.pingidentity.com/bundle/pingfederate-102/page/tle1564002955874.html) for more information.\n\nThis solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.\n\n**NOTE:** Microsoft recommends installation of CEF via AMA Connector. The existing connectors were deprecated on **Aug 31, 2024**.",
"Workbooks": [
"Workbooks/PingFederate.json"
],
Expand All @@ -18,10 +18,6 @@
"Hunting Queries/PingFederateUnusualSources.yaml",
"Hunting Queries/PingFederateUsersPaswordsReset.yaml"
],
"Data Connectors": [
"Data Connectors/Connector_CEF_PingFederate.json",
"Data Connectors/template_PingFederateAMA.json"
],
"Analytic Rules": [
"Analytic Rules/PingFederateAbnormalPasswordResetsAttempts.yaml",
"Analytic Rules/PingFederateAuthFromNewSource.yaml",
Expand All @@ -43,7 +39,7 @@
],

"BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\PingFederate",
"Version": "3.0.1",
"Version": "3.0.2",
"Metadata": "SolutionMetadata.json",
"TemplateSpec": true,
"Is1Pconnector": false
Expand Down
6 changes: 0 additions & 6 deletions Solutions/PingFederate/Hunting Queries/PingFederateAuthUrls.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,12 +4,6 @@ description: |
'Query searches for authentication URLs used.'
severity: Low
requiredDataConnectors:
- connectorId: PingFederate
dataTypes:
- PingFederateEvent
- connectorId: PingFederateAma
dataTypes:
- PingFederateEvent
- connectorId: CefAma
dataTypes:
- CommonSecurityLog
Expand Down
6 changes: 0 additions & 6 deletions Solutions/PingFederate/Hunting Queries/PingFederateFailedAuthentications.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,12 +4,6 @@ description: |
'Query searches for failed authentication events'
severity: Low
requiredDataConnectors:
- connectorId: PingFederate
dataTypes:
- PingFederateEvent
- connectorId: PingFederateAma
dataTypes:
- PingFederateEvent
- connectorId: CefAma
dataTypes:
- CommonSecurityLog
Expand Down
6 changes: 0 additions & 6 deletions Solutions/PingFederate/Hunting Queries/PingFederateNewUsers.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,12 +4,6 @@ description: |
'Query searches for new users.'
severity: Low
requiredDataConnectors:
- connectorId: PingFederate
dataTypes:
- PingFederateEvent
- connectorId: PingFederateAma
dataTypes:
- PingFederateEvent
- connectorId: CefAma
dataTypes:
- CommonSecurityLog
Expand Down
6 changes: 0 additions & 6 deletions Solutions/PingFederate/Hunting Queries/PingFederatePasswordResetRequests.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,12 +4,6 @@ description: |
'Query searches for password reset requests events.'
severity: Low
requiredDataConnectors:
- connectorId: PingFederate
dataTypes:
- PingFederateEvent
- connectorId: PingFederateAma
dataTypes:
- PingFederateEvent
- connectorId: CefAma
dataTypes:
- CommonSecurityLog
Expand Down
6 changes: 0 additions & 6 deletions Solutions/PingFederate/Hunting Queries/PingFederateRareSources.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,12 +4,6 @@ description: |
'Query searches for rare source IP addresses of requests'
severity: Medium
requiredDataConnectors:
- connectorId: PingFederate
dataTypes:
- PingFederateEvent
- connectorId: PingFederateAma
dataTypes:
- PingFederateEvent
- connectorId: CefAma
dataTypes:
- CommonSecurityLog
Expand Down
6 changes: 0 additions & 6 deletions Solutions/PingFederate/Hunting Queries/PingFederateSAMLSubjects.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,12 +4,6 @@ description: |
'Query searches for SAML subjects used in requests'
severity: Low
requiredDataConnectors:
- connectorId: PingFederate
dataTypes:
- PingFederateEvent
- connectorId: PingFederateAma
dataTypes:
- PingFederateEvent
- connectorId: CefAma
dataTypes:
- CommonSecurityLog
Expand Down
6 changes: 0 additions & 6 deletions Solutions/PingFederate/Hunting Queries/PingFederateTopSources.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,12 +4,6 @@ description: |
'Query searches for source IP addresses with the most requests'
severity: Low
requiredDataConnectors:
- connectorId: PingFederate
dataTypes:
- PingFederateEvent
- connectorId: PingFederateAma
dataTypes:
- PingFederateEvent
- connectorId: CefAma
dataTypes:
- CommonSecurityLog
Expand Down
6 changes: 0 additions & 6 deletions Solutions/PingFederate/Hunting Queries/PingFederateUnusualCountry.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,12 +4,6 @@ description: |
'Query searches for requests from unusual countries.'
severity: Medium
requiredDataConnectors:
- connectorId: PingFederate
dataTypes:
- PingFederateEvent
- connectorId: PingFederateAma
dataTypes:
- PingFederateEvent
- connectorId: CefAma
dataTypes:
- CommonSecurityLog
Expand Down
6 changes: 0 additions & 6 deletions Solutions/PingFederate/Hunting Queries/PingFederateUnusualSources.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,12 +4,6 @@ description: |
'Query searches for unusual sources of authentication.'
severity: Medium
requiredDataConnectors:
- connectorId: PingFederate
dataTypes:
- PingFederateEvent
- connectorId: PingFederateAma
dataTypes:
- PingFederateEvent
- connectorId: CefAma
dataTypes:
- CommonSecurityLog
Expand Down
6 changes: 0 additions & 6 deletions Solutions/PingFederate/Hunting Queries/PingFederateUsersPaswordsReset.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,12 +4,6 @@ description: |
'Query searches for users who recently reseted their passwords.'
severity: Medium
requiredDataConnectors:
- connectorId: PingFederate
dataTypes:
- PingFederateEvent
- connectorId: PingFederateAma
dataTypes:
- PingFederateEvent
- connectorId: CefAma
dataTypes:
- CommonSecurityLog
Expand Down
Binary file added Solutions/PingFederate/Package/3.0.2.zip
View file
Binary file not shown.
Loading

0 comments on commit e1558fc

Please sign in to comment.