Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Repackaging - DigitalGuardianDLP #9179

Merged
merged 5 commits into from
Oct 16, 2023
Merged

Repackaging - DigitalGuardianDLP #9179

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
fc5d3b3
Repackaging - DigitalGuardianDLP
v-rusraut Oct 9, 2023
f746726
[skip ci] Github Bot Added package to Pull Request!
web-flow Oct 9, 2023
898d522
updated createUiDefinition and added Release Notes
v-rusraut Oct 9, 2023
a41b8f5
update mainTemplate and zip
v-rusraut Oct 9, 2023
56c681f
corrected domain info in mainTemplate
v-rusraut Oct 9, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions Solutions/DigitalGuardianDLP/Data/Solution_DigitalGuardianDLP.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,14 +31,14 @@
"Hunting Queries/DigitalGuardianUrlByUser.yaml"
],
"Parsers": [
"Parsers/DigitalGuardianDLPEvent.txt"
"Parsers/DigitalGuardianDLPEvent.yaml"
],
"Data Connectors": [
"Data Connectors/Connector_DigitalGuardian_Syslog.json"
],
"Metadata": "SolutionMetadata.json",
"BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\DigitalGuardianDLP",
"Version": "2.0.1",
"Version": "3.0.0",
"TemplateSpec": true,
"Is1PConnector": false
}
33 changes: 33 additions & 0 deletions Solutions/DigitalGuardianDLP/Data/system_generated_metadata.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
{
"Name": "Digital Guardian Data Loss Prevention",
"Author": "Microsoft - support@microsoft.com",
"Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">",
"Description": "The [Digital Guardian Data Loss Prevention (DLP)](https://digitalguardian.com/platform-overview) data connector provides the capability to ingest Digital Guardian DLP logs into Microsoft Sentinel.\r\n \r\n **Underlying Microsoft Technologies used:** \r\n \r\n This solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\r\n \r\n a. [Agent-based log collection (Syslog) ](https://docs.microsoft.com/azure/sentinel/connect-syslog)",
"Metadata": "SolutionMetadata.json",
"BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\DigitalGuardianDLP",
"Version": "3.0.0",
"TemplateSpec": true,
"Is1PConnector": false,
"publisherId": "azuresentinel",
"offerId": "azure-sentinel-solution-digitalguardiandlp",
"providers": [
"Digital Guardian"
],
"categories": {
"domains": [
"Security – Information Protection"
]
},
"firstPublishDate": "2021-07-23",
"support": {
"name": "Microsoft Corporation",
"email": "support@microsoft.com",
"tier": "Microsoft",
"link": "https://support.microsoft.com"
},
"Data Connectors": "[\n \"Data Connectors/Connector_DigitalGuardian_Syslog.json\"\n]",
"Parsers": "[\n \"DigitalGuardianDLPEvent.yaml\"\n]",
"Workbooks": "[\n \"Workbooks/DigitalGuardian.json\"\n]",
"Analytic Rules": "[\n \"DigitalGuardianClassifiedDataInsecureTransfer.yaml\",\n \"DigitalGuardianExfiltrationOverDNS.yaml\",\n \"DigitalGuardianExfiltrationToFileShareServices.yaml\",\n \"DigitalGuardianFileSentToExternal.yaml\",\n \"DigitalGuardianFileSentToExternalDomain.yaml\",\n \"DigitalGuardianFilesSentToExternalDomain.yaml\",\n \"DigitalGuardianMultipleIncidentsFromUser.yaml\",\n \"DigitalGuardianPossibleProtocolAbuse.yaml\",\n \"DigitalGuardianUnexpectedProtocol.yaml\",\n \"DigitalGuardianViolationNotBlocked.yaml\"\n]",
"Hunting Queries": "[\n \"DigitalGuardianDomains.yaml\",\n \"DigitalGuardianFilesSentByUsers.yaml\",\n \"DigitalGuardianIncidentsByUser.yaml\",\n \"DigitalGuardianInsecureProtocolSources.yaml\",\n \"DigitalGuardianInspectedFiles.yaml\",\n \"DigitalGuardianNewIncidents.yaml\",\n \"DigitalGuardianRareDestinationPorts.yaml\",\n \"DigitalGuardianRareNetworkProtocols.yaml\",\n \"DigitalGuardianRareUrls.yaml\",\n \"DigitalGuardianUrlByUser.yaml\"\n]"
}
Binary file added Solutions/DigitalGuardianDLP/Package/3.0.0.zip
View file
Open in desktop
Binary file not shown.
36 changes: 25 additions & 11 deletions Solutions/DigitalGuardianDLP/Package/createUiDefinition.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
"config": {
"isWizard": false,
"basics": {
"description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** _There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing._\n\nThe [Digital Guardian Data Loss Prevention (DLP)](https://digitalguardian.com/platform-overview) solution provides the capability to ingest Digital Guardian DLP logs into Microsoft Sentinel.\r\n \r\n \r\n **Underlying Microsoft Technologies used:** \r\n \r\n This solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\r\n \r\n a. [Agent-based log collection (Syslog) ](https://docs.microsoft.com/azure/sentinel/connect-syslog)\n\n**Data Connectors:** 1, **Parsers:** 1, **Workbooks:** 1, **Analytic Rules:** 10, **Hunting Queries:** 10\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
"description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \r \n • Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/DigitalGuardianDLP/ReleaseNotes.md)\r \n There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Digital Guardian Data Loss Prevention (DLP)](https://digitalguardian.com/platform-overview) data connector provides the capability to ingest Digital Guardian DLP logs into Microsoft Sentinel.\r\n \r\n **Underlying Microsoft Technologies used:** \r\n \r\n This solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\r\n \r\n a. [Agent-based log collection (Syslog) ](https://docs.microsoft.com/azure/sentinel/connect-syslog)\n\n**Data Connectors:** 1, **Parsers:** 1, **Workbooks:** 1, **Analytic Rules:** 10, **Hunting Queries:** 10\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
"subscription": {
"resourceProviders": [
"Microsoft.OperationsManagement/solutions",
Expand Down Expand Up @@ -107,6 +107,20 @@
"uri": "https://docs.microsoft.com/azure/sentinel/tutorial-monitor-your-data"
}
}
},
{
"name": "workbook1",
"type": "Microsoft.Common.Section",
"label": "DigitalGuardianDLP",
"elements": [
{
"name": "workbook1-text",
"type": "Microsoft.Common.TextBlock",
"options": {
"text": "Sets the time name for analysis"
}
}
]
}
]
},
Expand Down Expand Up @@ -309,7 +323,7 @@
"name": "huntingquery1-text",
"type": "Microsoft.Common.TextBlock",
"options": {
"text": "Query searches for incident domains. It depends on the DigitalGuardianDLP data connector and DigitalGuardianDLPEvent data type and DigitalGuardianDLP parser."
"text": "Query searches for incident domains. This hunting query depends on DigitalGuardianDLP data connector (DigitalGuardianDLPEvent Parser or Table)"
}
}
]
Expand All @@ -323,7 +337,7 @@
"name": "huntingquery2-text",
"type": "Microsoft.Common.TextBlock",
"options": {
"text": "Query searches for files sent by users. It depends on the DigitalGuardianDLP data connector and DigitalGuardianDLPEvent data type and DigitalGuardianDLP parser."
"text": "Query searches for files sent by users. This hunting query depends on DigitalGuardianDLP data connector (DigitalGuardianDLPEvent Parser or Table)"
}
}
]
Expand All @@ -337,7 +351,7 @@
"name": "huntingquery3-text",
"type": "Microsoft.Common.TextBlock",
"options": {
"text": "Query searches for users' incidents. It depends on the DigitalGuardianDLP data connector and DigitalGuardianDLPEvent data type and DigitalGuardianDLP parser."
"text": "Query searches for users' incidents. This hunting query depends on DigitalGuardianDLP data connector (DigitalGuardianDLPEvent Parser or Table)"
}
}
]
Expand All @@ -351,7 +365,7 @@
"name": "huntingquery4-text",
"type": "Microsoft.Common.TextBlock",
"options": {
"text": "Query searches for insecure file transfer sources. It depends on the DigitalGuardianDLP data connector and DigitalGuardianDLPEvent data type and DigitalGuardianDLP parser."
"text": "Query searches for insecure file transfer sources. This hunting query depends on DigitalGuardianDLP data connector (DigitalGuardianDLPEvent Parser or Table)"
}
}
]
Expand All @@ -365,7 +379,7 @@
"name": "huntingquery5-text",
"type": "Microsoft.Common.TextBlock",
"options": {
"text": "Query searches for inspected files. It depends on the DigitalGuardianDLP data connector and DigitalGuardianDLPEvent data type and DigitalGuardianDLP parser."
"text": "Query searches for inspected files. This hunting query depends on DigitalGuardianDLP data connector (DigitalGuardianDLPEvent Parser or Table)"
}
}
]
Expand All @@ -379,7 +393,7 @@
"name": "huntingquery6-text",
"type": "Microsoft.Common.TextBlock",
"options": {
"text": "Query searches for new incidents. It depends on the DigitalGuardianDLP data connector and DigitalGuardianDLPEvent data type and DigitalGuardianDLP parser."
"text": "Query searches for new incidents. This hunting query depends on DigitalGuardianDLP data connector (DigitalGuardianDLPEvent Parser or Table)"
}
}
]
Expand All @@ -393,7 +407,7 @@
"name": "huntingquery7-text",
"type": "Microsoft.Common.TextBlock",
"options": {
"text": "Query searches for rare destination ports. It depends on the DigitalGuardianDLP data connector and DigitalGuardianDLPEvent data type and DigitalGuardianDLP parser."
"text": "Query searches for rare destination ports. This hunting query depends on DigitalGuardianDLP data connector (DigitalGuardianDLPEvent Parser or Table)"
}
}
]
Expand All @@ -407,7 +421,7 @@
"name": "huntingquery8-text",
"type": "Microsoft.Common.TextBlock",
"options": {
"text": "Query searches rare network protocols. It depends on the DigitalGuardianDLP data connector and DigitalGuardianDLPEvent data type and DigitalGuardianDLP parser."
"text": "Query searches rare network protocols. This hunting query depends on DigitalGuardianDLP data connector (DigitalGuardianDLPEvent Parser or Table)"
}
}
]
Expand All @@ -421,7 +435,7 @@
"name": "huntingquery9-text",
"type": "Microsoft.Common.TextBlock",
"options": {
"text": "Query searches for rare Urls. It depends on the DigitalGuardianDLP data connector and DigitalGuardianDLPEvent data type and DigitalGuardianDLP parser."
"text": "Query searches for rare Urls. This hunting query depends on DigitalGuardianDLP data connector (DigitalGuardianDLPEvent Parser or Table)"
}
}
]
Expand All @@ -435,7 +449,7 @@
"name": "huntingquery10-text",
"type": "Microsoft.Common.TextBlock",
"options": {
"text": "Query searches for URLs used. It depends on the DigitalGuardianDLP data connector and DigitalGuardianDLPEvent data type and DigitalGuardianDLP parser."
"text": "Query searches for URLs used. This hunting query depends on DigitalGuardianDLP data connector (DigitalGuardianDLPEvent Parser or Table)"
}
}
]
Expand Down
Loading
Loading