Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Google Cloud Platform Security Command Center Packaging #8986

Merged
merged 23 commits into from
Feb 7, 2024
Merged
Show file tree
Hide file tree
Changes from 18 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
@@ -0,0 +1,103 @@
{
"id": "GoogleSCCDefinition",
"title": "Google Security Command Center",
"publisher": "Microsoft",
"descriptionMarkdown": "The Google Cloud Platform (GCP) Security Command Center is a comprehensive security and risk management platform for Google Cloud, ingested from Sentinel's connector. It offers features such as asset inventory and discovery, vulnerability and threat detection, and risk mitigation and remediation to help you gain insight into your organization's security and data attack surface. This integration enables you to perform tasks related to findings and assets more effectively.",
"graphQueriesTableName": "GoogleCloudSCC",
"graphQueries": [
{
"metricName": "Total events received",
"legend": "Google Security Command Center",
"baseQuery": "{{graphQueriesTableName}}"
}
],
"sampleQueries": [
{
"description": "Get Sample of Google SCC",
"query": "{{graphQueriesTableName}}\n | take 10"
}
],
"dataTypes": [
{
"name": "{{graphQueriesTableName}}",
"lastDataReceivedQuery": "{{graphQueriesTableName}}\n | where TimeGenerated > ago(12h) | where name_s == \"no data test\" | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)"
}
],
"connectivityCriteria": [
{
"type": "HasDataConnectors",
"value": null
}
],
"availability": {
"status": 1,
"isPreview": false
},
"permissions": {
"tenant": null,
"licenses": null,
"resourceProvider": [
{
"provider": "Microsoft.OperationalInsights/workspaces",
"permissionsDisplayText": "Read and Write permissions are required.",
"providerDisplayName": "Workspace",
"scope": "Workspace",
"requiredPermissions": {
"read": true,
"write": true,
"delete": true,
"action": false
}
},
{
"provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
"permissionsDisplayText": "Read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key)",
"providerDisplayName": "Keys",
"scope": "Workspace",
"requiredPermissions": {
"read": false,
"write": false,
"delete": false,
"action": true
}
}
]
},
"instructionSteps": [
{
"instructions": [
{
"type": "Markdown",
"parameters": {
"content": "#### 1. Set up your GCP environment \n You must have the following GCP resources defined and configured: topic, subscription for the topic, workload identity pool, workload identity provider and service account with permissions to get and consume from subscription. \n Terraform provides API for the IAM that creates the resources. [Link to Terraform scripts](https://github.com/Azure/Azure-Sentinel/tree/master/DataConnectors/GCP/Terraform/sentinel_resources_creation)."
}
},
{
"type": "CopyableLabel",
"parameters": {
"label": "Tenant ID: A unique identifier that is used as an input in the Terraform configuration within a GCP environment.",
"fillWith": [
"TenantId"
],
"name": "PoolId",
"disabled": true
}
},
{
"type": "Markdown",
"parameters": {
"content": "#### 2. Connect new collectors \n To enable GCP SCC for Microsoft Sentinel, click the Add new collector button, fill the required information in the context pane and click on Connect."
}
},
{
"type": "GCPGrid",
"parameters": {}
},
{
"type": "GCPContextPane",
"parameters": {}
}
]
}
]
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
{
"Name": "Google Cloud Platform Security Command Center",
"Author": "Microsoft - support@microsoft.com",
"Logo": "<img src ='https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/google_logo.svg' width='75px' height='75px'>",
"Description": "The Google Cloud Platform (GCP) Security Command Center is a comprehensive security and risk management platform for Google Cloud, ingested from Sentinel's connector. It offers features such as asset inventory and discovery, vulnerability and threat detection, and risk mitigation and remediation to help you gain insight into your organization's security and data attack surface. This integration enables you to perform tasks related to findings and assets more effectively.",
"Data Connectors": [
"Data Connectors/GCPSecurityCommandCenter.json"
],
"BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\Google Cloud Platform Security Command Center\\",
"Version": "3.0.0",
"TemplateSpec": true,
"Is1PConnector": true,
"Metadata": "SolutionMetadata.json"
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
{
"Name": "Google Cloud Platform Security Command Center",
"Author": "Microsoft - support@microsoft.com",
"Logo": "<img src ='https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/google_logo.svg' width='75px' height='75px'>",
"Description": "The Google Cloud Platform (GCP) Security Command Center is a comprehensive security and risk management platform for Google Cloud, ingested from Sentinel's connector. It offers features such as asset inventory and discovery, vulnerability and threat detection, and risk mitigation and remediation to help you gain insight into your organization's security and data attack surface. This integration enables you to perform tasks related to findings and assets more effectively.",
"BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\Google Cloud Platform Security Command Center\\",
"Version": "3.0.0",
"TemplateSpec": true,
"Is1PConnector": true,
"Metadata": "SolutionMetadata.json",
"publisherId": "azuresentinel",
"offerId": "azure-sentinel-solution-gcpsecuritycommandcenter",
"providers": [
"Microsoft"
],
"categories": {
"domains": [
"Security - Cloud Security"
]
},
"firstPublishDate": "2023-09-11",
"support": {
"name": "Microsoft Corporation",
"email": "support@microsoft.com",
"tier": "Microsoft",
"link": "https://support.microsoft.com"
},
"Data Connectors": "[\n \"Data Connectors/GCPSecurityCommandCenter.json\"\n]"
}
Binary file not shown.
Original file line number Diff line number Diff line change
@@ -0,0 +1,85 @@
{
"$schema": "https://schema.management.azure.com/schemas/0.1.2-preview/CreateUIDefinition.MultiVm.json#",
"handler": "Microsoft.Azure.CreateUIDef",
"version": "0.1.2-preview",
"parameters": {
"config": {
"isWizard": false,
"basics": {
"description": "<img src ='https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/google_logo.svg' width='75px' height='75px'>\n\n**Note:** Please refer to the following before installing the solution: \r \n • Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Google Cloud Platform Security Command Center/ReleaseNotes.md)\r \n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe Google Cloud Platform (GCP) Security Command Center is a comprehensive security and risk management platform for Google Cloud, ingested from Sentinel's connector. It offers features such as asset inventory and discovery, vulnerability and threat detection, and risk mitigation and remediation to help you gain insight into your organization's security and data attack surface. This integration enables you to perform tasks related to findings and assets more effectively.\n\n**Data Connectors:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
"subscription": {
"resourceProviders": [
"Microsoft.OperationsManagement/solutions",
"Microsoft.OperationalInsights/workspaces/providers/alertRules",
"Microsoft.Insights/workbooks",
"Microsoft.Logic/workflows"
]
},
"location": {
"metadata": {
"hidden": "Hiding location, we get it from the log analytics workspace"
},
"visible": false
},
"resourceGroup": {
"allowExisting": true
}
}
},
"basics": [
{
"name": "getLAWorkspace",
"type": "Microsoft.Solutions.ArmApiControl",
"toolTip": "This filters by workspaces that exist in the Resource Group selected",
"condition": "[greater(length(resourceGroup().name),0)]",
"request": {
"method": "GET",
"path": "[concat(subscription().id,'/providers/Microsoft.OperationalInsights/workspaces?api-version=2020-08-01')]"
}
},
{
"name": "workspace",
"type": "Microsoft.Common.DropDown",
"label": "Workspace",
"placeholder": "Select a workspace",
"toolTip": "This dropdown will list only workspace that exists in the Resource Group selected",
"constraints": {
"allowedValues": "[map(filter(basics('getLAWorkspace').value, (filter) => contains(toLower(filter.id), toLower(resourceGroup().name))), (item) => parse(concat('{\"label\":\"', item.name, '\",\"value\":\"', item.name, '\"}')))]",
"required": true
},
"visible": true
}
],
"steps": [
{
"name": "dataconnectors",
"label": "Data Connectors",
"bladeTitle": "Data Connectors",
"elements": [
{
"name": "dataconnectors1-text",
"type": "Microsoft.Common.TextBlock",
"options": {
"text": "This Solution installs the data connector for Google Cloud Platform Security Command Center. You can get Google Cloud Platform Security Command Center custom log data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
}
},
{
"name": "dataconnectors-link2",
"type": "Microsoft.Common.TextBlock",
"options": {
"link": {
"label": "Learn more about connecting data sources",
"uri": "https://docs.microsoft.com/azure/sentinel/connect-data-sources"
}
}
}
]
}
],
"outputs": {
"workspace-location": "[first(map(filter(basics('getLAWorkspace').value, (filter) => and(contains(toLower(filter.id), toLower(resourceGroup().name)),equals(filter.name,basics('workspace')))), (item) => item.location))]",
"location": "[location()]",
"workspace": "[basics('workspace')]"
}
}
}
Loading
Loading