updated CreateUiDefinition and Release Notes

Azure · Sep 18, 2023 · e6d6be8 · e6d6be8
1 parent ce93a38
commit e6d6be8
Show file tree

Hide file tree

Showing 5 changed files with 716 additions and 8 deletions.
diff --git a/Solutions/AI Analyst Darktrace/Data/Solution_AIAnalystDarktrace.json b/Solutions/AI Analyst Darktrace/Data/Solution_AIAnalystDarktrace.json
@@ -7,10 +7,10 @@
 		"Solutions/AI Analyst Darktrace/Workbooks/AIA-Darktrace.json"
 	],
 	"Data Connectors": [
-		"Solutions/AI Analyst Darktrace/DataConnectors/AIA-Darktrace.json",
-		"Solutions/AI Analyst Darktrace/DataConnectors/template_AIA-DarktraceAMA.json"
+		"Solutions/AI Analyst Darktrace/Data Connectors/AIA-Darktrace.json",
+		"Solutions/AI Analyst Darktrace/Data Connectors/template_AIA-DarktraceAMA.json"
 	],
-	"BasePath": "C:\\Sentinel-Repos\\Azure-Sentinel",
+	"BasePath": "C:\\Github\\Azure-Sentinel\\Solutions",
 	"Version": "3.0.0",
 	"Metadata": "SolutionMetadata.json",
 	"TemplateSpec": true,

diff --git a/Solutions/AI Analyst Darktrace/Package/3.0.0.zip b/Solutions/AI Analyst Darktrace/Package/3.0.0.zip
diff --git a/Solutions/AI Analyst Darktrace/Package/createUiDefinition.json b/Solutions/AI Analyst Darktrace/Package/createUiDefinition.json
@@ -6,7 +6,7 @@
     "config": {
       "isWizard": false,
       "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Darktrace.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** _There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing._\n\nThe [AI Analyst Darktrace](https://www.darktrace.com/en/cyber-ai-analyst/) Solution for Microsoft Sentinel lets users connect Darktrace Model Breaches in real-time with Microsoft Sentinel, allowing creation of custom Dashboards, Workbooks, Notebooks and Custom Alerts to improve investigation. Microsoft Sentinel's enhanced visibility into Darktrace logs enables monitoring and mitigation of security threats.\n\r\n1. **AI Analyst Darktrace via AMA** - This data connector helps in ingesting AI Analyst Darktrace logs into your Log Analytics Workspace using the new Azure Monitor Agent. Learn more about ingesting using the new Azure Monitor Agent [here](https://learn.microsoft.com/azure/sentinel/connect-cef-ama). **Microsoft recommends using this Data Connector**.\n\r\n2. **AI Analyst Darktrace via Legacy Agent** - This data connector helps in ingesting AI Analyst Darktrace logs into your Log Analytics Workspace using the legacy Log Analytics agent.\n\n**NOTE:** Microsoft recommends installation of AI Analyst Darktrace via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by **Aug 31, 2024,** and thus should only be installed where AMA is not supported. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).\n\n**Workbooks:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Darktrace.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \r \n • Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/AI%20Analyst%20Darktrace/ReleaseNotes.md)\r \n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [AI Analyst Darktrace](https://www.darktrace.com/en/cyber-ai-analyst/) Solution for Microsoft Sentinel lets users connect Darktrace Model Breaches in real-time with Microsoft Sentinel, allowing creation of custom Dashboards, Workbooks, Notebooks and Custom Alerts to improve investigation. Microsoft Sentinel's enhanced visibility into Darktrace logs enables monitoring and mitigation of security threats.\n\r\n1. **AI Analyst Darktrace via AMA** - This data connector helps in ingesting AI Analyst Darktrace logs into your Log Analytics Workspace using the new Azure Monitor Agent. Learn more about ingesting using the new Azure Monitor Agent [here](https://learn.microsoft.com/azure/sentinel/connect-cef-ama). **Microsoft recommends using this Data Connector**.\n\r\n2. **AI Analyst Darktrace via Legacy Agent** - This data connector helps in ingesting AI Analyst Darktrace logs into your Log Analytics Workspace using the legacy Log Analytics agent.\n\n**NOTE:** Microsoft recommends installation of AI Analyst Darktrace via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by **Aug 31, 2024,** and thus should only be installed where AMA is not supported. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).\n\n**Data Connectors:** 2, **Workbooks:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
         "subscription": {
           "resourceProviders": [
             "Microsoft.OperationsManagement/solutions",
@@ -51,6 +51,31 @@
       }
     ],
     "steps": [
+      {
+        "name": "dataconnectors",
+        "label": "Data Connectors",
+        "bladeTitle": "Data Connectors",
+        "elements": [
+          {
+            "name": "dataconnectors1-text",
+            "type": "Microsoft.Common.TextBlock",
+            "options": {
+              "text": "This solution installs the data connector for ingesting AI Analyst Darktrace Events in the CEF format into Microsoft Sentinel. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
+            }
+          },
+
+          {
+            "name": "dataconnectors-link2",
+            "type": "Microsoft.Common.TextBlock",
+            "options": {
+              "link": {
+                "label": "Learn more about connecting data sources",
+                "uri": "https://docs.microsoft.com/azure/sentinel/connect-data-sources"
+              }
+            }
+          }
+        ]
+      },
       {
         "name": "workbooks",
         "label": "Workbooks",

diff --git a/Solutions/AI Analyst Darktrace/Package/mainTemplate.json b/Solutions/AI Analyst Darktrace/Package/mainTemplate.json
diff --git a/Solutions/AI Analyst Darktrace/ReleaseNotes.md b/Solutions/AI Analyst Darktrace/ReleaseNotes.md
@@ -0,0 +1,5 @@
+| **Version** | **Date Modified (DD-MM-YYYY)** | **Change History**                                                 |
+|-------------|--------------------------------|--------------------------------------------------------------------|
+| 3.0.0       | 18-09-2023                     |	Addition of new AI Analyst Darktrace AMA **Data Connector**     | 	                                                            |  
+         
+