Azure · v-sabiraj · Sep 26, 2023 · Sep 26, 2023 · Sep 27, 2023 · Oct 5, 2023
@@ -6,7 +6,7 @@
     "config": {
       "isWizard": false,
       "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/GitHub.svg\"width=\"75px\"height=\"75px\">\n\n**Note:** _There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing._\n\nThe [GitHub](https://github.com/) Solution for Microsoft Sentinel enables you to easily ingest events and logs from GitHub to Microsoft Sentinel using GitHub audit log API and  webhooks. This enables you to view and analyze this data in your workbooks, query it to create custom alerts, and incorporate it to improve your investigation process, giving you more insight into your platform security.\r\n \r\n **Underlying Microsoft Technologies used:** \r\n \r\n This solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\r\n \r\n 1. [Codeless Connector Platform (CCP) (used in GitHub Enterprise Audit Log data connector)](https://docs.microsoft.com/azure/sentinel/create-codeless-connector?tabs=deploy-via-arm-template%2Cconnect-via-the-azure-portal) \r\n \r\n 2. [Azure Functions ](https://azure.microsoft.com/services/functions/#overview)\n\n**Data Connectors:** 2, **Parsers:** 4, **Workbooks:** 2, **Analytic Rules:** 14, **Hunting Queries:** 8\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/GitHub.svg\"width=\"75px\"height=\"75px\">\n\n**Note:** _There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing._\n\nThe [GitHub](https://github.com/) Solution for Microsoft Sentinel enables you to easily ingest events and logs from GitHub to Microsoft Sentinel using GitHub audit log API and  webhooks. This enables you to view and analyze this data in your workbooks, query it to create custom alerts, and incorporate it to improve your investigation process, giving you more insight into your platform security.\r\n \r\n **Underlying Microsoft Technologies used:** \r\n \r\n This solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\r\n \r\n 1. [Codeless Connector Platform (CCP) (used in GitHub Enterprise Audit Log data connector)](https://docs.microsoft.com/azure/sentinel/create-codeless-connector?tabs=deploy-via-arm-template%2Cconnect-via-the-azure-portal) \r\n \r\n 2. [Azure Functions ](https://azure.microsoft.com/services/functions/#overview)\n\n**Data Connectors:** 1, **Parsers:** 3, **Workbooks:** 2, **Analytic Rules:** 14, **Hunting Queries:** 8\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
         "subscription": {
           "resourceProviders": [
             "Microsoft.OperationsManagement/solutions",
@@ -63,13 +63,6 @@
               "text": "This Solution installs the data connector for GitHub. You can get GitHub custom log data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
             }
           },
-          {
-            "name": "dataconnectors2-text",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
-              "text": "This Solution installs the data connector for GitHub. You can get GitHub custom log data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
-            }
-          },
           {
             "name": "dataconnectors-parser-text",
             "type": "Microsoft.Common.TextBlock",
@@ -132,13 +125,13 @@
           {
             "name": "workbook2",
             "type": "Microsoft.Common.Section",
-            "label": "GithubWorkbook",
+            "label": null,
             "elements": [
               {
                 "name": "workbook2-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Gain insights to GitHub activities that may be interesting for security."
+                  "text": null
                 }
               }
             ]

@@ -5,7 +5,7 @@
 	"Description": "The [GitHub](https://github.com/) Solution for Microsoft Sentinel enables you to easily ingest events and logs from GitHub to Microsoft Sentinel using GitHub audit log API and  webhooks. This enables you to view and analyze this data in your workbooks, query it to create custom alerts, and incorporate it to improve your investigation process, giving you more insight into your platform security.\r\n \r\n **Underlying Microsoft Technologies used:** \r\n \r\n This solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\r\n \r\n 1. [Codeless Connector Platform (CCP) (used in GitHub Enterprise Audit Log data connector)](https://docs.microsoft.com/azure/sentinel/create-codeless-connector?tabs=deploy-via-arm-template%2Cconnect-via-the-azure-portal) \r\n \r\n 2. [Azure Functions ](https://azure.microsoft.com/services/functions/#overview)",
 	"Workbooks": [
 		"Workbooks/GitHubAdvancedSecurity.json",
-		"Workbooks/GitHubWorkbook.json"
+		"Workbooks/GitHub.json"
 	],
 	"Analytic Rules": [
 		"Analytic Rules/(Preview) GitHub - A payment method was removed.yaml",
@@ -45,7 +45,7 @@
 	],
 	"Metadata": "SolutionMetadata.json",
 	"BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\GitHub",
-	"Version": "2.0.3",
+	"Version": "3.0.0",
 	"TemplateSpec": true,
 	"Is1PConnector": false
 }
@@ -0,0 +1,33 @@
+{
+  "Name": "GitHub",
+  "Author": "Microsoft - support@microsoft.com",
+  "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/GitHub.svg\"width=\"75px\"height=\"75px\">",
+  "Description": "The [GitHub](https://github.com/) Solution for Microsoft Sentinel enables you to easily ingest events and logs from GitHub to Microsoft Sentinel using GitHub audit log API and  webhooks. This enables you to view and analyze this data in your workbooks, query it to create custom alerts, and incorporate it to improve your investigation process, giving you more insight into your platform security.\r\n \r\n **Underlying Microsoft Technologies used:** \r\n \r\n This solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\r\n \r\n 1. [Codeless Connector Platform (CCP) (used in GitHub Enterprise Audit Log data connector)](https://docs.microsoft.com/azure/sentinel/create-codeless-connector?tabs=deploy-via-arm-template%2Cconnect-via-the-azure-portal) \r\n \r\n 2. [Azure Functions ](https://azure.microsoft.com/services/functions/#overview)",
+  "Metadata": "SolutionMetadata.json",
+  "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\GitHub",
+  "TemplateSpec": true,
+  "Is1PConnector": false,
+  "Version": "3.0.1",
+  "publisherId": "microsoftcorporation1622712991604",
+  "offerId": "sentinel4github",
+  "providers": [
+    "Microsoft"
+  ],
+  "categories": {
+    "domains": [
+      "DevOps"
+    ]
+  },
+  "firstPublishDate": "2021-10-18",
+  "support": {
+    "name": "Microsoft Corporation",
+    "email": "support@microsoft.com",
+    "tier": "Microsoft",
+    "link": "https://support.microsoft.com"
+  },
+  "Data Connectors": "[\n  \"Data Connectors/GithubWebhook/GithubWebhook_API_FunctionApp.json\"\n]",
+  "Parsers": "[\n  \"GitHubAuditData.txt\",\n  \"GitHubCodeScanningData.txt\",\n  \"GitHubDependabotData.txt\",\n  \"GithubSecretScanningData.txt\"\n]",
+  "Workbooks": "[\n  \"Workbooks/GitHubAdvancedSecurity.json\",\n  \"Workbooks/GitHub.json\"\n]",
+  "Analytic Rules": "[\n  \"(Preview) GitHub - A payment method was removed.yaml\",\n  \"(Preview) GitHub - Activities from Infrequent Country.yaml\",\n  \"(Preview) GitHub - Oauth application - a client secret was removed.yaml\",\n  \"(Preview) GitHub - Repository was created.yaml\",\n  \"(Preview) GitHub - Repository was destroyed.yaml\",\n  \"(Preview) GitHub - Two Factor Authentication Disabled in GitHub.yaml\",\n  \"(Preview) GitHub - User visibility Was changed.yaml\",\n  \"(Preview) GitHub - User was added to the organization.yaml\",\n  \"(Preview) GitHub - User was blocked.yaml\",\n  \"(Preview) GitHub - User was invited to the repository.yaml\",\n  \"(Preview) GitHub - pull request was created.yaml\",\n  \"(Preview) GitHub - pull request was merged.yaml\",\n  \"NRT Two Factor Authentication Disabled.yaml\",\n  \"Security Vulnerability in Repo.yaml\"\n]",
+  "Hunting Queries": "[\n  \"First Time User Invite and Add Member to Org.yaml\",\n  \"Inactive or New Account Usage.yaml\",\n  \"Mass Deletion of Repositories .yaml\",\n  \"Oauth App Restrictions Disabled.yaml\",\n  \"Org Repositories Default Permissions Change.yaml\",\n  \"Repository Permission Switched to Public.yaml\",\n  \"User First Time Repository Delete Activity.yaml\",\n  \"User Grant Access and Grants Other Access.yaml\"\n]"
+}
@@ -1963,7 +1963,7 @@
         ],
         "version": "1.0.0",
         "title": "Forcepoint Cloud Security Gateway Workbook",
-        "templateRelativePath": "ForcepointCloudSecuirtyGatewayworkbook.json",
+        "templateRelativePath": "ForcepointCloudSecuirtyGateway.json",
         "subtitle": "",
         "provider": "Forcepoint"
     },
@@ -3796,7 +3796,7 @@
         "previewImagesFileNames": [],
         "version": "1.0.0",
         "title": "GithubWorkbook",
-        "templateRelativePath": "GitHubWorkbook.json",
+        "templateRelativePath": "GitHub.json",
         "subtitle": "",
         "provider": "Microsoft"
     },

@@ -2298,7 +2298,7 @@
     ],
     "version": "1.0.0",
     "title": "Forcepoint Cloud Security Gateway Workbook",
-    "templateRelativePath": "ForcepointCloudSecuirtyGatewayworkbook.json",
+    "templateRelativePath": "ForcepointCloudSecuirtyGateway.json",
     "subtitle": "",
     "provider": "Forcepoint"
   },
@@ -2880,7 +2880,19 @@
     "title": "Microsoft Defender For Office 365",
     "templateRelativePath": "MicrosoftDefenderForOffice365.json",
     "subtitle": "",
-    "provider": "Microsoft Sentinel Community"
+    "provider": "Microsoft Sentinel Community",
+    "support": {
+        "tier": "Community"
+      },
+      "author": {
+        "name": "Brian Delaney"
+      },
+      "source": {
+        "kind": "Community"
+      },
+      "categories": {
+        "domains": [ "Security - Others" ]
+      }
   },
   {
     "workbookKey": "ProofPointThreatDashboard",
@@ -6648,31 +6660,5 @@
         "IT Operations"
       ]
 }
-},
-{
-    "workbookKey": "WizFindingsWorkbook",
-    "logoFileName": "Wiz_logo.svg",
-    "description": "A visualized overview of Wiz Findings.\nExplore, analize and learn about your security posture using Wiz Findings Overview",
-    "dataTypesDependencies": [
-      "WizIssues_CL",
-      "WizVulnerabilities_CL",
-      "WizAuditLogs_CL"
-    ],
-    "dataConnectorsDependencies": [
-      "Wiz"
-    ],
-    "previewImagesFileNames": [
-      "WizFindingsBlack1.png",
-      "WizFindingsBlack2.png",
-      "WizFindingsBlack3.png",
-      "WizFindingsWhite1.png",
-      "WizFindingsWhite2.png",
-      "WizFindingsWhite3.png"
-    ],
-    "version": "1.0.0",
-    "title": "Wiz Findings overview",
-    "templateRelativePath": "WizFindings.json",
-    "subtitle": "",
-    "provider": "Wiz"
 }
 ]