Azure · v-atulyadav · Nov 19, 2024 · Nov 15, 2024 · Nov 19, 2024 · Nov 19, 2024
@@ -0,0 +1,117 @@
+{
+ "Name": "vectra_match",
+ "Properties": [
+  {
+   "Name": "TimeGenerated",
+   "Type": "DateTime"
+  },
+  {
+   "Name": "id_orig_h",
+   "Type": "String"
+  },
+  {
+   "Name": "id_orig_p",
+   "Type": "Int"
+  },
+  {
+   "Name": "id_resp_h",
+   "Type": "String"
+  },
+  {
+   "Name": "id_resp_p",
+   "Type": "Int"
+  },
+  {
+   "Name": "id_ip_ver",
+   "Type": "String"
+  },
+  {
+   "Name": "beacon_uid",
+   "Type": "String"
+  },
+  {
+   "Name": "beacon_type",
+   "Type": "String"
+  },
+  {
+   "Name": "duration",
+   "Type": "Long"
+  },
+  {
+   "Name": "first_event_time",
+   "Type": "DateTime"
+  },
+  {
+   "Name": "ja3",
+   "Type": "String"
+  },
+  {
+   "Name": "last_event_time",
+   "Type": "DateTime"
+  },
+  {
+   "Name": "local_orig",
+   "Type": "Boolean"
+  },
+  {
+   "Name": "local_resp",
+   "Type": "Boolean"
+  },
+  {
+   "Name": "orig_hostname",
+   "Type": "String"
+  },
+  {
+   "Name": "orig_huid",
+   "Type": "String"
+  },
+  {
+   "Name": "orig_ip_bytes",
+   "Type": "Long"
+  },
+  {
+   "Name": "proto",
+   "Type": "Int"
+  },
+  {
+   "Name": "protoName",
+   "Type": "String"
+  },
+  {
+   "Name": "resp_domains",
+   "Type": "Dynamic"
+  },
+  {
+   "Name": "resp_ip_bytes",
+   "Type": "Long"
+  },
+  {
+   "Name": "service",
+   "Type": "String"
+  },
+  {
+   "Name": "session_count",
+   "Type": "Long"
+  },
+  {
+   "Name": "uid",
+   "Type": "String"
+  },
+  {
+   "Name": "ts",
+   "Type": "DateTime"
+  },
+  {
+   "Name": "orig_sluid",
+   "Type": "String"
+  },
+  {
+   "Name": "resp_sluid",
+   "Type": "String"
+  },
+  {
+   "Name": "sensor_uid",
+   "Type": "String"
+  }
+]
+}
@@ -0,0 +1,117 @@
+{
+ "Name": "vectra_match_CL",
+ "Properties": [
+  {
+   "Name": "TimeGenerated",
+   "Type": "DateTime"
+  },
+  {
+   "Name": "id_orig_h",
+   "Type": "String"
+  },
+  {
+   "Name": "id_orig_p",
+   "Type": "Int"
+  },
+  {
+   "Name": "id_resp_h",
+   "Type": "String"
+  },
+  {
+   "Name": "id_resp_p",
+   "Type": "Int"
+  },
+  {
+   "Name": "id_ip_ver",
+   "Type": "String"
+  },
+  {
+   "Name": "beacon_uid",
+   "Type": "String"
+  },
+  {
+   "Name": "beacon_type",
+   "Type": "String"
+  },
+  {
+   "Name": "duration",
+   "Type": "Long"
+  },
+  {
+   "Name": "first_event_time",
+   "Type": "DateTime"
+  },
+  {
+   "Name": "ja3",
+   "Type": "String"
+  },
+  {
+   "Name": "last_event_time",
+   "Type": "DateTime"
+  },
+  {
+   "Name": "local_orig",
+   "Type": "Boolean"
+  },
+  {
+   "Name": "local_resp",
+   "Type": "Boolean"
+  },
+  {
+   "Name": "orig_hostname",
+   "Type": "String"
+  },
+  {
+   "Name": "orig_huid",
+   "Type": "String"
+  },
+  {
+   "Name": "orig_ip_bytes",
+   "Type": "Long"
+  },
+  {
+   "Name": "proto",
+   "Type": "Int"
+  },
+  {
+   "Name": "protoName",
+   "Type": "String"
+  },
+  {
+   "Name": "resp_domains",
+   "Type": "Dynamic"
+  },
+  {
+   "Name": "resp_ip_bytes",
+   "Type": "Long"
+  },
+  {
+   "Name": "service",
+   "Type": "String"
+  },
+  {
+   "Name": "session_count",
+   "Type": "Long"
+  },
+  {
+   "Name": "uid",
+   "Type": "String"
+  },
+  {
+   "Name": "ts",
+   "Type": "DateTime"
+  },
+  {
+   "Name": "orig_sluid",
+   "Type": "String"
+  },
+  {
+   "Name": "resp_sluid",
+   "Type": "String"
+  },
+  {
+   "Name": "sensor_uid",
+   "Type": "String"
+  }
+]
+}
@@ -26,12 +26,13 @@
         "Vectra AI Stream/Parsers/vectra_ssh.yaml",
         "Vectra AI Stream/Parsers/vectra_ssl.yaml",
         "Vectra AI Stream/Parsers/vectra_stream.yaml",
-        "Vectra AI Stream/Parsers/vectra_x509.yaml"
+        "Vectra AI Stream/Parsers/vectra_x509.yaml",
+        "Vectra AI Stream/Parsers/vectra_match.yaml"
     ],
 
     "Metadata": "SolutionMetadata.json",
     "BasePath": "C:\\Users\\fguillot\\Documents\\GitHub\\Azure-Sentinel\\Solutions\\Vectra AI Stream",
-    "Version": "3.0.0",
+    "Version": "3.0.1",
     "TemplateSpec": true,
     "Is1Pconnector": false
   }
@@ -6,7 +6,7 @@
     "config": {
       "isWizard": false,
       "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/AIVectraDetect.svg\"width=\"75px\"height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Vectra%20AI%20Stream/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\n**Note:** Please refer to the following before installing the solution: \n\n• There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Vectra AI Stream](https://www.vectra.ai/products/platform) solution allows you to easily connect your Vectra Platform with Microsoft Sentinel, to ingest network metadata collected at scale throughout your environment by Vectra sensors (On-premise or Cloud). This gives you deep insight into your organization's network traffic and improves your security operation capabilities. For a complete list of protocols and attributes supported, check out our [Network Metadata reference guide]( https://support.vectra.ai/s/article/KB-VS-1245)\n\r\n1. ** Vectra AI Stream (Network Enriched Metadata) via AMA** - This data connector helps ingest Vectra AI Stream events into your Log Analytics Workspace using the new Azure Monitor Agent. Learn more about ingesting using the new Azure Monitor Agent [here]( https://learn.microsoft.com/en-us/azure/sentinel/connect-cef-syslog-ama). **Microsoft recommends using this Data Connector**.\n\r\n2. ** Vectra AI Stream (Network Enriched Metadata) via Legacy Agent** - This data connector helps ingest Vectra AI Stream events into your Log Analytics Workspace using the legacy Log Analytics agent.\n\n**NOTE:** Microsoft recommends installation of ** Vectra AI Stream (Network Enriched Metadata) via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by **Aug 31, 2024,** and thus should only be installed where AMA is not supported. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).\n\n**Data Connectors:** 2, **Parsers:** 19\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/AIVectraDetect.svg\"width=\"75px\"height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Vectra%20AI%20Stream/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\n**Note:** Please refer to the following before installing the solution: \n\n• There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Vectra AI Stream](https://www.vectra.ai/products/platform) solution allows you to easily connect your Vectra Platform with Microsoft Sentinel, to ingest network metadata collected at scale throughout your environment by Vectra sensors (On-premise or Cloud). This gives you deep insight into your organization's network traffic and improves your security operation capabilities. For a complete list of protocols and attributes supported, check out our [Network Metadata reference guide]( https://support.vectra.ai/s/article/KB-VS-1245)\n\r\n1. ** Vectra AI Stream (Network Enriched Metadata) via AMA** - This data connector helps ingest Vectra AI Stream events into your Log Analytics Workspace using the new Azure Monitor Agent. Learn more about ingesting using the new Azure Monitor Agent [here]( https://learn.microsoft.com/en-us/azure/sentinel/connect-cef-syslog-ama). **Microsoft recommends using this Data Connector**.\n\r\n2. ** Vectra AI Stream (Network Enriched Metadata) via Legacy Agent** - This data connector helps ingest Vectra AI Stream events into your Log Analytics Workspace using the legacy Log Analytics agent.\n\n**NOTE:** Microsoft recommends installation of ** Vectra AI Stream (Network Enriched Metadata) via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by **Aug 31, 2024,** and thus should only be installed where AMA is not supported. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).\n\n**Data Connectors:** 2, **Parsers:** 20\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
         "subscription": {
           "resourceProviders": [
             "Microsoft.OperationsManagement/solutions",