Azure · v-atulyadav · Dec 4, 2024 · Dec 4, 2024 · Dec 4, 2024 · Dec 4, 2024
@@ -5,9 +5,6 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: UbiquitiUnifi
-    dataTypes:
-      - UbiquitiAuditEvent
   - connectorId: CustomLogsAma
     dataTypes:
       - Ubiquiti_CL
@@ -33,5 +30,5 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: IPCustomEntity
-version: 1.0.1
+version: 1.0.2
 kind: Scheduled
@@ -5,9 +5,6 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: UbiquitiUnifi
-    dataTypes:
-      - UbiquitiAuditEvent
   - connectorId: CustomLogsAma
     dataTypes:
       - Ubiquiti_CL
@@ -39,5 +36,5 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: IPCustomEntity
-version: 1.0.1
+version: 1.0.2
 kind: Scheduled
@@ -5,9 +5,6 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: UbiquitiUnifi
-    dataTypes:
-      - UbiquitiAuditEvent
   - connectorId: CustomLogsAma
     dataTypes:
       - Ubiquiti_CL
@@ -35,5 +32,5 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: IPCustomEntity
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled
@@ -5,9 +5,6 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: UbiquitiUnifi
-    dataTypes:
-      - UbiquitiAuditEvent
   - connectorId: CustomLogsAma
     dataTypes:
       - Ubiquiti_CL
@@ -42,5 +39,5 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: IPCustomEntity
-version: 1.0.1
+version: 1.0.2
 kind: Scheduled
@@ -5,9 +5,6 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: UbiquitiUnifi
-    dataTypes:
-      - UbiquitiAuditEvent
   - connectorId: CustomLogsAma
     dataTypes:
       - Ubiquiti_CL
@@ -32,5 +29,5 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: IPCustomEntity
-version: 1.0.1
+version: 1.0.2
 kind: Scheduled
@@ -5,9 +5,6 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: UbiquitiUnifi
-    dataTypes:
-      - UbiquitiAuditEvent
   - connectorId: CustomLogsAma
     dataTypes:
       - Ubiquiti_CL
@@ -35,5 +32,5 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: IPCustomEntity
-version: 1.0.1
+version: 1.0.2
 kind: Scheduled
@@ -5,9 +5,6 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: UbiquitiUnifi
-    dataTypes:
-      - UbiquitiAuditEvent
   - connectorId: CustomLogsAma
     dataTypes:
       - Ubiquiti_CL
@@ -31,5 +28,5 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: IPCustomEntity
-version: 1.0.1
+version: 1.0.2
 kind: Scheduled
@@ -5,9 +5,6 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: UbiquitiUnifi
-    dataTypes:
-      - UbiquitiAuditEvent
   - connectorId: CustomLogsAma
     dataTypes:
       - Ubiquiti_CL
@@ -31,5 +28,5 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: IPCustomEntity
-version: 1.0.1
+version: 1.0.2
 kind: Scheduled
@@ -5,9 +5,6 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: UbiquitiUnifi
-    dataTypes:
-      - UbiquitiAuditEvent
   - connectorId: CustomLogsAma
     dataTypes:
       - Ubiquiti_CL
@@ -36,5 +33,5 @@ entityMappings:
     fieldMappings:
       - identifier: FullName
         columnName: HostCustomEntity
-version: 1.0.1
+version: 1.0.2
 kind: Scheduled
@@ -5,9 +5,6 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: UbiquitiUnifi
-    dataTypes:
-      - UbiquitiAuditEvent
   - connectorId: CustomLogsAma
     dataTypes:
       - Ubiquiti_CL
@@ -30,5 +27,5 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: IPCustomEntity
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled
@@ -2,7 +2,7 @@
   "Name": "Ubiquiti UniFi",
   "Author": "Microsoft - support@microsoft.com",
   "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/Ubiquiti%20UniFi/Data%20Connectors/Logo/ubiquiti.svg\" width=\"75px\" height=\"75px\">",
-  "Description": "The [Ubiquiti UniFi](https://www.ui.com/) solution provides the capability to ingest [Ubiquiti UniFi firewall, dns, ssh, AP events](https://help.ui.com/hc/articles/204959834-UniFi-How-to-View-Log-Files) into Microsoft Sentinel.\n\n This solution is dependent on the Custom logs via AMA connector to collect the logs. The Custom logs solution will be installed as part of this solution installation.\n\n **NOTE**: Microsoft recommends installation of Custom logs via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by Aug 31, 2024. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).",
+  "Description": "The [Ubiquiti UniFi](https://www.ui.com/) solution provides the capability to ingest [Ubiquiti UniFi firewall, dns, ssh, AP events](https://help.ui.com/hc/articles/204959834-UniFi-How-to-View-Log-Files) into Microsoft Sentinel.\n\n This solution is dependent on the Custom logs via AMA connector to collect the logs. The Custom logs solution will be installed as part of this solution installation.\n\n **NOTE**: Microsoft recommends installation of Custom logs via AMA Connector. Legacy connector uses the Log Analytics agent which were deprecated on **Aug 31, 2024.** Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).",
   "Workbooks": [
     "Workbooks/Ubiquiti.json"
   ],
@@ -18,9 +18,6 @@
     "Hunting Queries/UbiquitiUnusualSubdomains.yaml",
     "Hunting Queries/UbiquitiVulnerableDevices.yaml"
   ],
-  "Data Connectors": [
-    "Data Connectors/Connector_Ubiquiti_agent.json"
-  ],
   "Analytic Rules": [
     "Analytic Rules/UbiquitiCryptominer.yaml",
     "Analytic Rules/UbiquitiDestinationInTiList.yaml",
@@ -40,7 +37,7 @@
     "azuresentinel.azure-sentinel-solution-customlogsviaama"
   ],
   "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\Ubiquiti UniFi",
-  "Version": "3.0.2",
+  "Version": "3.0.3",
   "Metadata": "SolutionMetadata.json",
   "TemplateSpec": true,
   "Is1Pconnector": false

@@ -4,9 +4,6 @@ description: |
   'Query shows failed DNS requests due to timeout.'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: UbiquitiUnifi
-    dataTypes:
-      - UbiquitiAuditEvent
   - connectorId: CustomLogsAma
     dataTypes:
       - Ubiquiti_CL

@@ -4,9 +4,6 @@ description: |
   'Query shows list of unaccounted internal DNS servers.'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: UbiquitiUnifi
-    dataTypes:
-      - UbiquitiAuditEvent
   - connectorId: CustomLogsAma
     dataTypes:
       - Ubiquiti_CL

@@ -4,9 +4,6 @@ description: |
   'Query shows list of least used internal destination ports.'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: UbiquitiUnifi
-    dataTypes:
-      - UbiquitiAuditEvent
   - connectorId: CustomLogsAma
     dataTypes:
       - Ubiquiti_CL

@@ -4,9 +4,6 @@ description: |
   'Query shows list of top destinations connections to which were blocked by firewall.'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: UbiquitiUnifi
-    dataTypes:
-      - UbiquitiAuditEvent
   - connectorId: CustomLogsAma
     dataTypes:
       - Ubiquiti_CL

@@ -4,9 +4,6 @@ description: |
   'Query shows list of top blocked connections to external services.'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: UbiquitiUnifi
-    dataTypes:
-      - UbiquitiAuditEvent
   - connectorId: CustomLogsAma
     dataTypes:
       - Ubiquiti_CL

@@ -4,9 +4,6 @@ description: |
   'Query shows list of top blocked connections to internal services.'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: UbiquitiUnifi
-    dataTypes:
-      - UbiquitiAuditEvent
   - connectorId: CustomLogsAma
     dataTypes:
       - Ubiquiti_CL

@@ -4,9 +4,6 @@ description: |
   'Query shows list of top sources with blocked connections.'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: UbiquitiUnifi
-    dataTypes:
-      - UbiquitiAuditEvent
   - connectorId: CustomLogsAma
     dataTypes:
       - Ubiquiti_CL

@@ -4,9 +4,6 @@ description: |
   'Query shows list of top triggered firewall rules.'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: UbiquitiUnifi
-    dataTypes:
-      - UbiquitiAuditEvent
   - connectorId: CustomLogsAma
     dataTypes:
       - Ubiquiti_CL

@@ -4,9 +4,6 @@ description: |
   'Query counts the number of unique subdomains for each TLD.'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: UbiquitiUnifi
-    dataTypes:
-      - UbiquitiAuditEvent
   - connectorId: CustomLogsAma
     dataTypes:
       - Ubiquiti_CL

@@ -4,9 +4,6 @@ description: |
   'Query shows list of devices (APs) which do not have the latest version of firmware installed.'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: UbiquitiUnifi
-    dataTypes:
-      - UbiquitiAuditEvent
   - connectorId: CustomLogsAma
     dataTypes:
       - Ubiquiti_CL