Skip to content

Commit

Permalink
Merge branch 'master' into v-prasadboke-workbookmetadata-syncup
Browse files Browse the repository at this point in the history
  • Loading branch information
v-prasadboke committed Sep 7, 2023
2 parents b11d25d + 471a4df commit f397ae8
Show file tree
Hide file tree
Showing 10 changed files with 13 additions and 14 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
"Description": "The [Kaspersky Security Center](https://ksc.kaspersky.com/) solution provides the capability to ingest [Kaspersky Security Center logs](https://support.kaspersky.com/KSC/13/en-US/151336.htm) into Microsoft Sentinel.\n\r\n1. **KasperskySecurityCenter via AMA** - This data connector helps in ingesting KasperskySecurityCenter logs into your Log Analytics Workspace using the new Azure Monitor Agent. Learn more about ingesting using the new Azure Monitor Agent [here](https://learn.microsoft.com/azure/sentinel/connect-cef-ama). **Microsoft recommends using this Data Connector**.\n\r\n2. **KasperskySecurityCenter via Legacy Agent** - This data connector helps in ingesting KasperskySecurityCenter logs into your Log Analytics Workspace using the legacy Log Analytics agent.\n\n**NOTE:** Microsoft recommends installation of KasperskySecurityCenter via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by **Aug 31, 2024,** and thus should only be installed where AMA is not supported. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).",
"Data Connectors": [
"Data Connectors/Connector_KasperskySC_CEF.json",
"Data Connectors/template_KasperskySC_CEFAMA.json"
"Data Connectors/template_KasperskySCAMA.json"
],
"Parsers": [
"Parsers/KasperskySCEvent.yaml"
Expand Down
Binary file modified Solutions/KasperskySecurityCenter/Package/3.0.0.zip
Binary file not shown.
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@
"text": "This Solution installs the data connector for KasperskySecurityCenter. You can get KasperskySecurityCenter CommonSecurityLog data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
}
},

{
"name": "dataconnectors-parser-text",
"type": "Microsoft.Common.TextBlock",
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -706,7 +706,7 @@
{
"title": "Step A. Configure the Common Event Format (CEF) via AMA data connector",
"description": "_Note:- CEF logs are collected only from Linux Agents_\n\n1. Navigate to Microsoft Sentinel workspace ---> configuration ---> Data connector blade .\n\n2. Search for 'Common Event Format (CEF) via AMA' data connector and open it.\n\n3. Check If there is no existing DCR configured to collect required facility of logs, Create a new DCR (Data Collection Rule)\n\n\t_Note:- It is recommended to install minimum 1.27 version of AMA agent [Learn more](https://learn.microsoft.com/azure/azure-monitor/agents/azure-monitor-agent-manage?tabs=azure-portal ) and ensure there is no duplicate DCR as it can cause log duplicacy_\n\n4. Run the command provided in the CEF via AMA data connector page to configure the CEF collector on the machine"

},
{
"title": "Step B. Configure Kaspersky Security Center to send logs using CEF",
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
"Description": "This vArmour solution enables streaming of Application Controller Violation Alerts into Microsoft Sentinel, so you can take advantage of search & correlation, alerting, & threat intelligence enrichment for each log.\n\r\n1. **vArmour Application Controller via AMA** - This data connector helps in ingesting vArmour Application Controller logs into your Log Analytics Workspace using the new Azure Monitor Agent. Learn more about ingesting using the new Azure Monitor Agent [here](https://learn.microsoft.com/azure/sentinel/connect-cef-ama). **Microsoft recommends using this Data Connector**.\n\r\n2. **vArmour Application Controller via Legacy Agent** - This data connector helps in ingesting vArmour Application Controller logs into your Log Analytics Workspace using the legacy Log Analytics agent.\n\n**NOTE:** Microsoft recommends installation of vArmour Application Controller via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by **Aug 31, 2024,** and thus should only be installed where AMA is not supported. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).",
"Data Connectors": [
"Data Connectors/Connector_vArmour_AppController_CEF.json",
"Data Connectors/template_Connector_vArmour_AppController_CEFAMA.json"
"Data Connectors/template_vArmour_AppControllerAMA.json"
],
"Workbooks": [
"Workbooks/vArmour_AppContoller_Workbook.json"
Expand Down
Binary file modified Solutions/vArmour Application Controller/Package/3.0.0.zip
Binary file not shown.
Original file line number Diff line number Diff line change
Expand Up @@ -63,8 +63,7 @@
"text": "This Solution installs the data connector for vArmour Application Controller. You can get vArmour Application Controller CommonSecurityLog data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
}
},

{
{
"name": "dataconnectors-link2",
"type": "Microsoft.Common.TextBlock",
"options": {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -957,16 +957,16 @@
"status": "Available",
"requiredDataConnectors": [
{
"connectorId": "vArmourAC",
"dataTypes": [
"CommonSecurityLog"
]
],
"connectorId": "vArmourAC"
},
{
"connectorId": "vArmourACAma",
"dataTypes": [
"CommonSecurityLog"
]
],
"connectorId": "vArmourACAma"
}
],
"tactics": [
Expand All @@ -982,17 +982,17 @@
"entityType": "Host",
"fieldMappings": [
{
"identifier": "HostName",
"columnName": "DestinationHostName"
"columnName": "DestinationHostName",
"identifier": "HostName"
}
]
},
{
"entityType": "IP",
"fieldMappings": [
{
"identifier": "Address",
"columnName": "SourceIP"
"columnName": "SourceIP",
"identifier": "Address"
}
]
}
Expand Down

0 comments on commit f397ae8

Please sign in to comment.