Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update configuration and templates for SINEC Security Guard solution #11464

Merged
merged 2 commits into from
Nov 21, 2024
Merged

Update configuration and templates for SINEC Security Guard solution #11464

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
8f5efb5
Update configuration and templates for SINEC Security Guard solution
XiFneg Nov 21, 2024
9a3cee4
Solution packaged
v-prasadboke Nov 21, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
168 changes: 84 additions & 84 deletions Solutions/SINEC Security Guard/Data Connectors/data_connector_GenericUI.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,84 +1,84 @@
{
"id": "SSG",
"title": "SINEC Security Guard",
"publisher": "Siemens AG",
"descriptionMarkdown": "The SINEC Security Guard solution for Microsoft Sentinel allows you to ingest security events of your industrial networks from the [SINEC Security Guard](https://siemens.com/sinec-security-guard) into Microsoft Sentinel",
"graphQueriesTableName": "SINECSecurityGuard_CL",
"logo": "SSG.svg",
"graphQueries": [
{
"metricName": "Total events received",
"legend": "SINECSecurityGuard_CL",
"baseQuery": "SINECSecurityGuard_CL\n | summarize count()"
}
],
"sampleQueries": [
{
"description": "List of Attacks",
"query": "SINECSecurityGuard_CL\n | summarize count()"
}
],
"connectivityCriterias": [
{
"type": "IsConnectedQuery",
"value": ["SINECSecurityGuard_CL\n | summarize lastLogGenerated = max(TimeGenerated) | project IsConnected = lastLogGenerated > ago(30d)"]
}
],
"dataTypes": [
{
"name": "SINECSecurityGuard_CL",
"lastDataReceivedQuery": "SINECSecurityGuard_CL\n | summarize Time = max(TimeGenerated) | where isnotempty(Time)"
}
],
"availability": {
"isPreview": true,
"status": 1
},
"permissions": {
"resourceProvider": [
{
"provider": "Microsoft.OperationalInsights/workspaces",
"permissionsDisplayText": "read and write permissions are required.",
"providerDisplayName": "Workspace",
"scope": "Workspace",
"requiredPermissions": {
"write": true,
"read": true,
"delete": true
}
},
{
"provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
"permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
"providerDisplayName": "Keys",
"scope": "Workspace",
"requiredPermissions": {
"action": true
}
}
]
},
"instructionSteps": [
{
"description": "This Data Connector relies on the SINEC Security Guard Sensor Package to be able to receive Sensor events in Microsoft Sentinel. The Sensor Package can be purchased in the Siemens Xcelerator Marketplace.",
"instructions": [
{
"parameters": {
"title": "1. Please follow the steps to configure the data connector",
"instructionSteps": [
{
"title": "Set up the SINEC Security Guard Sensor",
"description": "Detailed step for setting up the sensor."
},
{
"title": "Create the Data Connector and configure it in the SINEC Security Guard web interface",
"description": "Instructions on configuring the data connector."
}
]
},
"type": "InstructionStepsGroup"
}
]
}
]
}
{
"id": "SSG",
"title": "SINEC Security Guard",
"publisher": "Siemens AG",
"descriptionMarkdown": "The SINEC Security Guard solution for Microsoft Sentinel allows you to ingest security events of your industrial networks from the [SINEC Security Guard](https://siemens.com/sinec-security-guard) into Microsoft Sentinel",
"graphQueriesTableName": "SINECSecurityGuard_CL",
"logo": "SSG.svg",
"graphQueries": [
{
"metricName": "Total events received",
"legend": "SINECSecurityGuard_CL",
"baseQuery": "SINECSecurityGuard_CL\n | summarize count()"
}
],
"sampleQueries": [
{
"description": "List of Attacks",
"query": "SINECSecurityGuard_CL\n | summarize count()"
}
],
"connectivityCriterias": [
{
"type": "IsConnectedQuery",
"value": ["SINECSecurityGuard_CL\n | summarize lastLogGenerated = max(TimeGenerated) | project IsConnected = lastLogGenerated > ago(30d)"]
}
],
"dataTypes": [
{
"name": "SINECSecurityGuard_CL",
"lastDataReceivedQuery": "SINECSecurityGuard_CL\n | summarize Time = max(TimeGenerated) | where isnotempty(Time)"
}
],
"availability": {
"isPreview": true,
"status": 1
},
"permissions": {
"resourceProvider": [
{
"provider": "Microsoft.OperationalInsights/workspaces",
"permissionsDisplayText": "read and write permissions are required.",
"providerDisplayName": "Workspace",
"scope": "Workspace",
"requiredPermissions": {
"write": true,
"read": true,
"delete": true
}
},
{
"provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
"permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
"providerDisplayName": "Keys",
"scope": "Workspace",
"requiredPermissions": {
"action": true
}
}
]
},
"instructionSteps": [
{
"description": "This Data Connector relies on the SINEC Security Guard Sensor Package to be able to receive Sensor events in Microsoft Sentinel. The Sensor Package can be purchased in the Siemens Xcelerator Marketplace.",
"instructions": [
{
"parameters": {
"title": "1. Please follow the steps to configure the data connector",
"instructionSteps": [
{
"title": "Set up the SINEC Security Guard Sensor",
"description": "Detailed step for setting up the sensor."
},
{
"title": "Create the Data Connector and configure it in the SINEC Security Guard web interface",
"description": "Instructions on configuring the data connector."
}
]
},
"type": "InstructionStepsGroup"
}
]
}
]
}
32 changes: 16 additions & 16 deletions Solutions/SINEC Security Guard/Data/Solution_Sinec Security Guard.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,17 +1,17 @@
{
"Name": "SINEC Security Guard",
"Author": "Siemens AG",
"Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/SSG.svg\" width=\"75px\" height=\"75px\">",
"Description": "The SINEC Security Guard solution for Microsoft Sentinel allows you to ingest security events of your industrial networks from the (SINEC Security Guard)[https://siemens.com/sinec-security-guard] into Microsoft Sentinel",
"Analytic Rules": [
"Analytic Rules/SSG_Azure_Sentinel_analytic_rule.yaml"
],
"Data Connectors": [
"Data Connectors/data_connector_GenericUI.json"
],
"Metadata": "SolutionMetadata.json",
"BasePath": "D:\\Sentinel_GIT\\Azure-Sentinel\\Solutions\\SINEC Security Guard",
"Version": "3.0.3",
"TemplateSpec": true,
"Is1PConnector": false
{
"Name": "SINEC Security Guard",
"Author": "Siemens AG",
"Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/SSG.svg\" width=\"75px\" height=\"75px\">",
"Description": "The SINEC Security Guard solution for Microsoft Sentinel allows you to ingest security events of your industrial networks from the [SINEC Security Guard](https://siemens.com/sinec-security-guard) into Microsoft Sentinel",
"Analytic Rules": [
"Analytic Rules/SSG_Azure_Sentinel_analytic_rule.yaml"
],
"Data Connectors": [
"Data Connectors/data_connector_GenericUI.json"
],
"Metadata": "SolutionMetadata.json",
"BasePath": "D:\\Sentinel_GIT\\Azure-Sentinel\\Solutions\\SINEC Security Guard",
"Version": "3.0.3",
"TemplateSpec": true,
"Is1PConnector": false
}
Binary file modified Solutions/SINEC Security Guard/Package/3.0.0.zip
View file
Open in desktop
Binary file not shown.
Loading
Loading