Azure · v-atulyadav · Dec 5, 2024 · Dec 3, 2024 · Dec 4, 2024
@@ -5,9 +5,6 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: CiscoISE
-    dataTypes:
-      - Syslog
   - connectorId: SyslogAma
     datatypes:
       - Syslog
@@ -37,5 +34,5 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: IPCustomEntity
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled
@@ -5,9 +5,6 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: CiscoISE
-    dataTypes:
-      - Syslog
   - connectorId: SyslogAma
     datatypes:
       - Syslog
@@ -41,5 +38,5 @@ entityMappings:
     fieldMappings:
       - identifier: FullName
         columnName: HostCustomEntity
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled
@@ -5,9 +5,6 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: CiscoISE
-    dataTypes:
-      - Syslog
   - connectorId: SyslogAma
     datatypes:
       - Syslog
@@ -36,5 +33,5 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: IPCustomEntity
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled
@@ -5,9 +5,6 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: CiscoISE
-    dataTypes:
-      - Syslog
   - connectorId: SyslogAma
     datatypes:
       - Syslog
@@ -41,5 +38,5 @@ entityMappings:
     fieldMappings:
       - identifier: FullName
         columnName: HostCustomEntity
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled
@@ -5,9 +5,6 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: CiscoISE
-    dataTypes:
-      - Syslog
   - connectorId: SyslogAma
     datatypes:
       - Syslog
@@ -50,5 +47,5 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: IPCustomEntity
-version: 1.0.3
+version: 1.0.4
 kind: Scheduled
@@ -5,9 +5,6 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: CiscoISE
-    dataTypes:
-      - Syslog
   - connectorId: SyslogAma
     datatypes:
       - Syslog
@@ -50,5 +47,5 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: IPCustomEntity
-version: 1.0.3
+version: 1.0.4
 kind: Scheduled
@@ -5,9 +5,6 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: CiscoISE
-    dataTypes:
-      - Syslog
   - connectorId: SyslogAma
     datatypes:
       - Syslog
@@ -44,5 +41,5 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: IPCustomEntity
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled
@@ -5,9 +5,6 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: CiscoISE
-    dataTypes:
-      - Syslog
   - connectorId: SyslogAma
     datatypes:
       - Syslog
@@ -40,5 +37,5 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: IPCustomEntity
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled
@@ -5,9 +5,6 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: CiscoISE
-    dataTypes:
-      - Syslog
   - connectorId: SyslogAma
     datatypes:
       - Syslog
@@ -31,5 +28,5 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: IPCustomEntity
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled
@@ -5,9 +5,6 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: CiscoISE
-    dataTypes:
-      - Syslog
   - connectorId: SyslogAma
     datatypes:
       - Syslog
@@ -41,5 +38,5 @@ entityMappings:
     fieldMappings:
       - identifier: FullName
         columnName: HostCustomEntity
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled
@@ -2,7 +2,7 @@
   "Name": "Cisco ISE",
   "Author": "Microsoft - support@microsoft.com",
   "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/cisco-logo-72px.svg\" width=\"75px\" height=\"75px\">",
-  "Description": "The [Cisco ISE](https://www.cisco.com/c/en_in/products/security/identity-services-engine/index.html) solution for Microsoft Sentinel enables you to ingest Cisco ISE’s NAC logs into Microsoft Sentinel, providing insight into network threats and vulnerabilities.\n\n This solution is dependent on the Syslog solution containing the Syslog via AMA connector to collect the logs. The Syslog  solution will be installed as part of this solution installation. \n\n **NOTE**: Microsoft recommends installation of Syslog via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by **Aug 31, 2024**. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).",
+  "Description": "The [Cisco ISE](https://www.cisco.com/c/en_in/products/security/identity-services-engine/index.html) solution for Microsoft Sentinel enables you to ingest Cisco ISE’s NAC logs into Microsoft Sentinel, providing insight into network threats and vulnerabilities.\n\n This solution is dependent on the Syslog solution containing the Syslog via AMA connector to collect the logs. The Syslog  solution will be installed as part of this solution installation. \n\n **NOTE**: Microsoft recommends installation of Syslog via AMA Connector. Legacy connector uses the Log Analytics agent which were deprecated on **Aug 31, 2024.** Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).",
   "Workbooks": [
     "Workbooks/CiscoISE.json"
   ],
@@ -24,9 +24,7 @@
     "Playbooks/CiscoISE-SuspendGuestUser/azuredeploy.json",
     "Playbooks/CiscoISE-TakeEndpointActionFromTeams/azuredeploy.json"
   ],
-  "Data Connectors": [
-    "Data Connectors/Connector_Cisco_ISE.json"
-  ],
+
   "Parsers": [
     "Parsers/CiscoISEEvent.yaml"
   ],
@@ -46,7 +44,7 @@
     "azuresentinel.azure-sentinel-solution-syslog"
   ],
   "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\Cisco ISE",
-  "Version": "3.0.1",
+  "Version": "3.0.2",
   "Metadata": "SolutionMetadata.json",
   "TemplateSpec": true,
   "Is1Pconnector": false

@@ -3,9 +3,6 @@ name: CiscoISE - Authentication attempts to suspended user account
 description: |
   'Search authentication attempts to suspended user account.'
 requiredDataConnectors:
-  - connectorId: CiscoISE
-    dataTypes:
-      - Syslog
   - connectorId: SyslogAma
     datatypes:
       - Syslog

@@ -3,9 +3,6 @@ name: CiscoISE - Dynamic authorization failed
 description: |
   'Search for dynamic authorization failed events.'
 requiredDataConnectors:
-  - connectorId: CiscoISE
-    dataTypes:
-      - Syslog
   - connectorId: SyslogAma
     datatypes:
       - Syslog

@@ -3,9 +3,6 @@ name: CiscoISE - Expired certificate in the client certificates chain
 description: |
   'Search for expired certificates in the client certificates chain.'
 requiredDataConnectors:
-  - connectorId: CiscoISE
-    dataTypes:
-      - Syslog
   - connectorId: SyslogAma
     datatypes:
       - Syslog

@@ -3,9 +3,6 @@ name: CiscoISE - Failed authentication events
 description: |
   'Search for failed authentication events.'
 requiredDataConnectors:
-  - connectorId: CiscoISE
-    dataTypes:
-      - Syslog
   - connectorId: SyslogAma
     datatypes:
       - Syslog

@@ -3,9 +3,6 @@ name: CiscoISE - Failed login attempts via SSH CLI (users)
 description: |
   'Search for Failed login attempts via SSH CLI users.'
 requiredDataConnectors:
-  - connectorId: CiscoISE
-    dataTypes:
-      - Syslog
   - connectorId: SyslogAma
     datatypes:
       - Syslog

@@ -3,9 +3,6 @@ name: CiscoISE - Guest authentication failed
 description: |
   'Search Guest authentication failed events.'
 requiredDataConnectors:
-  - connectorId: CiscoISE
-    dataTypes:
-      - Syslog
   - connectorId: SyslogAma
     datatypes:
       - Syslog

@@ -3,9 +3,6 @@ name: CiscoISE - Guest authentication succeeded
 description: |
   'Search for successful Guest authentication events.'
 requiredDataConnectors:
-  - connectorId: CiscoISE
-    dataTypes:
-      - Syslog
   - connectorId: SyslogAma
     datatypes:
       - Syslog

@@ -3,9 +3,6 @@ name: CiscoISE - Rare or new useragent
 description: |
   'Search for rare useragent values.'
 requiredDataConnectors:
-  - connectorId: CiscoISE
-    dataTypes:
-      - Syslog
   - connectorId: SyslogAma
     datatypes:
       - Syslog

@@ -3,9 +3,6 @@ name: CiscoISE - Sources with high number of 'Failed Authentication' events
 description: |
   'Search sources with high number of Failed Authentication events.'
 requiredDataConnectors:
-  - connectorId: CiscoISE
-    dataTypes:
-      - Syslog
   - connectorId: SyslogAma
     datatypes:
       - Syslog

@@ -3,9 +3,6 @@ name: CiscoISE - Attempts to suspend the log collector
 description: |
   'Search for attempts to suspend the log collector.'
 requiredDataConnectors:
-  - connectorId: CiscoISE
-    dataTypes:
-      - Syslog
   - connectorId: SyslogAma
     datatypes:
       - Syslog