![](\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/AtlassianBeacon_Logo.svg\"){kind=tracking}
",
- "Description": "Custom Data connector from DEFEND Ltd. that is used to visualize the alerts ingested from Atlassian Beacon into Microsoft Sentinel.",
+ "Description": "Atlassian Beacon is a cloud product that is built for Intelligent threat detection across the Atlassian platforms (Jira, Confluence, and Atlassian Admin). This can help users detect, investigate and respond to risky user activity for the Atlassian suite of products. The solution is a custom data connector from DEFEND Ltd. that is used to visualize the alerts ingested from Atlassian Beacon to Microsoft Sentinel via a Logic App.",
"Analytic Rules": [
"Analytic Rules/AtlassianBeacon_High.yaml"
],
diff --git a/Solutions/Atlassian Beacon/Package/3.0.0.zip b/Solutions/Atlassian Beacon/Package/3.0.0.zip
index edae1c27810..0458bc0b825 100644
Binary files a/Solutions/Atlassian Beacon/Package/3.0.0.zip and b/Solutions/Atlassian Beacon/Package/3.0.0.zip differ
diff --git a/Solutions/Atlassian Beacon/Package/createUiDefinition.json b/Solutions/Atlassian Beacon/Package/createUiDefinition.json
index b9a0b05ddaf..5782d849c89 100644
--- a/Solutions/Atlassian Beacon/Package/createUiDefinition.json
+++ b/Solutions/Atlassian Beacon/Package/createUiDefinition.json
@@ -6,7 +6,7 @@
"config": {
"isWizard": false,
"basics": {
- "description": "\n\n**Note:** Please refer to the following before installing the solution: \r \n • Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Atlassian%20Beacon/ReleaseNotes.md)\r \n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nCustom Data connector from DEFEND Ltd. that is used to visualize the alerts ingested from Atlassian Beacon into Microsoft Sentinel.\n\n**Data Connectors:** 1, **Analytic Rules:** 1, **Playbooks:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+ "description": "\n\n**Note:** Please refer to the following before installing the solution: \r \n • Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Atlassian%20Beacon/ReleaseNotes.md)\r \n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nAtlassian Beacon is a cloud product that is built for Intelligent threat detection across the Atlassian platforms (Jira, Confluence, and Atlassian Admin). This can help users detect, investigate and respond to risky user activity for the Atlassian suite of products. The solution is a custom data connector from DEFEND Ltd. that is used to visualize the alerts ingested from Atlassian Beacon to Microsoft Sentinel via a Logic App.\n\n**Data Connectors:** 1, **Analytic Rules:** 1, **Playbooks:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
"subscription": {
"resourceProviders": [
"Microsoft.OperationsManagement/solutions",
diff --git a/Solutions/Atlassian Beacon/Package/mainTemplate.json b/Solutions/Atlassian Beacon/Package/mainTemplate.json
index f81473f9771..581a2106929 100644
--- a/Solutions/Atlassian Beacon/Package/mainTemplate.json
+++ b/Solutions/Atlassian Beacon/Package/mainTemplate.json
@@ -58,6 +58,7 @@
"playbookTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId1'))))]",
"workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]",
"_playbookcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId1'),'-', variables('playbookVersion1'))))]",
+ "blanks": "[replace('b', 'b', '')]",
"_solutioncontentProductId": "[concat(take(variables('_solutionId'),50),'-','sl','-', uniqueString(concat(variables('_solutionId'),'-','Solution','-',variables('_solutionId'),'-', variables('_solutionVersion'))))]"
},
"resources": [
@@ -98,10 +99,10 @@
"status": "Available",
"requiredDataConnectors": [
{
+ "connectorId": "AtlassianBeaconAlerts",
"dataTypes": [
"atlassian_beacon_alerts_CL"
- ],
- "connectorId": "AtlassianBeaconAlerts"
+ ]
}
],
"eventGroupingSettings": {
@@ -113,10 +114,10 @@
"incidentConfiguration": {
"createIncident": true,
"groupingConfiguration": {
+ "matchingMethod": "AllEntities",
"enabled": true,
- "lookbackDuration": "5h",
"reopenClosedIncident": false,
- "matchingMethod": "AllEntities"
+ "lookbackDuration": "5h"
}
}
}
@@ -188,7 +189,7 @@
"id": "[variables('_uiConfigId1')]",
"title": "Atlassian Beacon Alerts",
"publisher": "DEFEND Ltd.",
- "descriptionMarkdown": "Custom Data connector from DEFEND Ltd. that is used to visualize the alerts ingested from Atlassian Beacon into Microsoft Sentinel.",
+ "descriptionMarkdown": "Atlassian Beacon is a cloud product that is built for Intelligent threat detection across the Atlassian platforms (Jira, Confluence, and Atlassian Admin). This can help users detect, investigate and respond to risky user activity for the Atlassian suite of products. The solution is a custom data connector from DEFEND Ltd. that is used to visualize the alerts ingested from Atlassian Beacon to Microsoft Sentinel via a Logic App.",
"graphQueries": [
{
"baseQuery": "atlassian_beacon_alerts_CL",
@@ -234,7 +235,7 @@
"scope": "Workspace"
},
{
- "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key)",
+ "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
"provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
"providerDisplayName": "Keys",
"requiredPermissions": {
@@ -338,7 +339,7 @@
"connectorUiConfig": {
"title": "Atlassian Beacon Alerts",
"publisher": "DEFEND Ltd.",
- "descriptionMarkdown": "Custom Data connector from DEFEND Ltd. that is used to visualize the alerts ingested from Atlassian Beacon into Microsoft Sentinel.",
+ "descriptionMarkdown": "Atlassian Beacon is a cloud product that is built for Intelligent threat detection across the Atlassian platforms (Jira, Confluence, and Atlassian Admin). This can help users detect, investigate and respond to risky user activity for the Atlassian suite of products. The solution is a custom data connector from DEFEND Ltd. that is used to visualize the alerts ingested from Atlassian Beacon to Microsoft Sentinel via a Logic App.",
"graphQueries": [
{
"baseQuery": "atlassian_beacon_alerts_CL",
@@ -384,7 +385,7 @@
"scope": "Workspace"
},
{
- "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key)",
+ "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
"provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
"providerDisplayName": "Keys",
"requiredPermissions": {
@@ -476,8 +477,6 @@
"name": "[[parameters('PlaybookName')]",
"location": "[[variables('workspace-location-inline')]",
"tags": {
- "CreatedBy": "iCE Engineering Team",
- "Description": "Logic app to recieve webhook from Atlassian Beacon and ingest the payload into Microsoft Sentinel's log analytics workspace",
"hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
},
"dependsOn": [
@@ -597,7 +596,25 @@
}
}
}
- ]
+ ],
+ "metadata": {
+ "title": "Atlassian Beacon Integration",
+ "description": "This Logic App recieves a webhook from Atlassian Beacon and ingest the payload into Microsoft Sentinel's log analytics workspace",
+ "prerequisites": [
+ "1. Log Analytics Workspace ID and Workspace Key. To get these secrets, login into your Microsoft Sentinel instance and navigate to Settings --> Workspace settings --> Agents"
+ ],
+ "postDeployment": [
+ "1. Please refer to the 'Configuration' part of the Data Connector once the solution is installed."
+ ],
+ "lastUpdateTime": "2023-10-10T16:38:49.064Z",
+ "releaseNotes": {
+ "version": "1.0",
+ "title": "[variables('blanks')]",
+ "notes": [
+ "Initial version"
+ ]
+ }
+ }
},
"packageKind": "Solution",
"packageVersion": "[variables('_solutionVersion')]",
@@ -622,7 +639,7 @@
"contentSchemaVersion": "3.0.0",
"displayName": "Atlassian Beacon",
"publisherDisplayName": "DEFEND Ltd.",
- "descriptionHtml": "Note: There may be known issues pertaining to this Solution, please refer to them before installing.
\nCustom Data connector from DEFEND Ltd. that is used to visualize the alerts ingested from Atlassian Beacon into Microsoft Sentinel.
\nData Connectors: 1, Analytic Rules: 1, Playbooks: 1
\nLearn more about Microsoft Sentinel | Learn more about Solutions
\n", + "descriptionHtml": "Note: There may be known issues pertaining to this Solution, please refer to them before installing.
\nAtlassian Beacon is a cloud product that is built for Intelligent threat detection across the Atlassian platforms (Jira, Confluence, and Atlassian Admin). This can help users detect, investigate and respond to risky user activity for the Atlassian suite of products. The solution is a custom data connector from DEFEND Ltd. that is used to visualize the alerts ingested from Atlassian Beacon to Microsoft Sentinel via a Logic App.
\nData Connectors: 1, Analytic Rules: 1, Playbooks: 1
\nLearn more about Microsoft Sentinel | Learn more about Solutions
\n", "contentKind": "Solution", "contentProductId": "[variables('_solutioncontentProductId')]", "id": "[variables('_solutioncontentProductId')]", diff --git a/Solutions/Atlassian Beacon/Playbooks/Sync Alerts/azuredeploy.json b/Solutions/Atlassian Beacon/Playbooks/Sync Alerts/azuredeploy.json index b84ca3b5ede..4c559f8e03c 100644 --- a/Solutions/Atlassian Beacon/Playbooks/Sync Alerts/azuredeploy.json +++ b/Solutions/Atlassian Beacon/Playbooks/Sync Alerts/azuredeploy.json @@ -1,6 +1,27 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", + "metadata": { + "title": "Atlassian Beacon Integration", + "description": "This Logic App recieves a webhook from Atlassian Beacon and ingest the payload into Microsoft Sentinel's log analytics workspace", + "prerequisites": [ + "1. Log Analytics Workspace ID and Workspace Key. To get these secrets, login into your Microsoft Sentinel instance and navigate to Settings --> Workspace settings --> Agents" + ], + "postDeployment": [ + "1. Please refer to the 'Configuration' part of the Data Connector once the solution is installed." + ], + "lastUpdateTime": "2023-10-10T16:38:49.064Z", + "entities": [], + "tags": [], + "support": { + "name": "DEFEND Ltd.", + "tier": "Partner", + "link": "https://www.defend.co.nz/" + }, + "author": { + "name": "DEFEND Ltd." + } + }, "parameters": { "PlaybookName": { "defaultValue": "Atlassian-Beacon-Integration", @@ -47,10 +68,7 @@ "apiVersion": "2017-07-01", "name": "[parameters('PlaybookName')]", "location": "[resourceGroup().location]", - "tags": { - "CreatedBy": "iCE Engineering Team", - "Description": "Logic app to recieve webhook from Atlassian Beacon and ingest the payload into Microsoft Sentinel's log analytics workspace" - }, + "tags": {}, "dependsOn": [ "[resourceId('Microsoft.Web/connections', variables('azureloganalyticsdatacollectorConnectionName'))]" ], diff --git a/Solutions/Atlassian Beacon/ReleaseNotes.md b/Solutions/Atlassian Beacon/ReleaseNotes.md new file mode 100644 index 00000000000..cf511b3757b --- /dev/null +++ b/Solutions/Atlassian Beacon/ReleaseNotes.md @@ -0,0 +1,3 @@ +| **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** | +|-------------|--------------------------------|--------------------------------------------------------------------------| +| 3.0.0 | 24-10-2023 | Initial solution release | \ No newline at end of file