forked from Azure/Azure-Sentinel
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
d9b77e2
commit c3c933a
Showing
54 changed files
with
14,342 additions
and
0 deletions.
There are no files selected for viewing
Binary file not shown.
145 changes: 145 additions & 0 deletions
145
Solutions/SpyCloud Enterprise Protection/Package/createUiDefinition.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,145 @@ | ||
{ | ||
"$schema": "https://schema.management.azure.com/schemas/0.1.2-preview/CreateUIDefinition.MultiVm.json#", | ||
"handler": "Microsoft.Azure.CreateUIDef", | ||
"version": "0.1.2-preview", | ||
"parameters": { | ||
"config": { | ||
"isWizard": false, | ||
"basics": { | ||
"description": "<img src=\"https://raw.githubusercontent.com/azure/azure-sentinel/blob/master/Logos/SpyCloud_Enterprise_Protection.svg\" width=\"75\" height=\"75\" >\n\n**Note:** Please refer to the following before installing the solution: \r \n • Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/SpyCloud%20Enterprise%20Protection/ReleaseNotes.md)\r \n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nCybercriminals continue to utilize stolen corporate credentials as the number one technique for account takeover (ATO). In fact, the FBI estimated that this resulted in estimated losses totaling more than $2.7 billion in 2022. SpyCloud helps prevent account takeover and ransomware attacks by identifying exposed credentials related to a company’s domains, IP addresses and emails. Through this integration, breach and malware data from SpyCloud can be loaded into Sentinel.\n\n**Analytic Rules:** 2, **Custom Azure Logic Apps Connectors:** 1, **Playbooks:** 8\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)", | ||
"subscription": { | ||
"resourceProviders": [ | ||
"Microsoft.OperationsManagement/solutions", | ||
"Microsoft.OperationalInsights/workspaces/providers/alertRules", | ||
"Microsoft.Insights/workbooks", | ||
"Microsoft.Logic/workflows" | ||
] | ||
}, | ||
"location": { | ||
"metadata": { | ||
"hidden": "Hiding location, we get it from the log analytics workspace" | ||
}, | ||
"visible": false | ||
}, | ||
"resourceGroup": { | ||
"allowExisting": true | ||
} | ||
} | ||
}, | ||
"basics": [ | ||
{ | ||
"name": "getLAWorkspace", | ||
"type": "Microsoft.Solutions.ArmApiControl", | ||
"toolTip": "This filters by workspaces that exist in the Resource Group selected", | ||
"condition": "[greater(length(resourceGroup().name),0)]", | ||
"request": { | ||
"method": "GET", | ||
"path": "[concat(subscription().id,'/providers/Microsoft.OperationalInsights/workspaces?api-version=2020-08-01')]" | ||
} | ||
}, | ||
{ | ||
"name": "workspace", | ||
"type": "Microsoft.Common.DropDown", | ||
"label": "Workspace", | ||
"placeholder": "Select a workspace", | ||
"toolTip": "This dropdown will list only workspace that exists in the Resource Group selected", | ||
"constraints": { | ||
"allowedValues": "[map(filter(basics('getLAWorkspace').value, (filter) => contains(toLower(filter.id), toLower(resourceGroup().name))), (item) => parse(concat('{\"label\":\"', item.name, '\",\"value\":\"', item.name, '\"}')))]", | ||
"required": true | ||
}, | ||
"visible": true | ||
} | ||
], | ||
"steps": [ | ||
{ | ||
"name": "analytics", | ||
"label": "Analytics", | ||
"subLabel": { | ||
"preValidation": "Configure the analytics", | ||
"postValidation": "Done" | ||
}, | ||
"bladeTitle": "Analytics", | ||
"elements": [ | ||
{ | ||
"name": "analytics-text", | ||
"type": "Microsoft.Common.TextBlock", | ||
"options": { | ||
"text": "This solution installs the following analytic rule templates. After installing the solution, create and enable analytic rules in Manage solution view." | ||
} | ||
}, | ||
{ | ||
"name": "analytics-link", | ||
"type": "Microsoft.Common.TextBlock", | ||
"options": { | ||
"link": { | ||
"label": "Learn more", | ||
"uri": "https://docs.microsoft.com/azure/sentinel/tutorial-detect-threats-custom?WT.mc_id=Portal-Microsoft_Azure_CreateUIDef" | ||
} | ||
} | ||
}, | ||
{ | ||
"name": "analytic1", | ||
"type": "Microsoft.Common.Section", | ||
"label": "SpyCloud Enterprise Breach Detection", | ||
"elements": [ | ||
{ | ||
"name": "analytic1-text", | ||
"type": "Microsoft.Common.TextBlock", | ||
"options": { | ||
"text": "This alert creates an incident when an malware record is detected in the SpyCloud watchlist data" | ||
} | ||
} | ||
] | ||
}, | ||
{ | ||
"name": "analytic2", | ||
"type": "Microsoft.Common.Section", | ||
"label": "SpyCloud Enterprise Malware Detection", | ||
"elements": [ | ||
{ | ||
"name": "analytic2-text", | ||
"type": "Microsoft.Common.TextBlock", | ||
"options": { | ||
"text": "This alert creates an incident when an malware record is detected in the SpyCloud watchlist data" | ||
} | ||
} | ||
] | ||
} | ||
] | ||
}, | ||
{ | ||
"name": "playbooks", | ||
"label": "Playbooks", | ||
"subLabel": { | ||
"preValidation": "Configure the playbooks", | ||
"postValidation": "Done" | ||
}, | ||
"bladeTitle": "Playbooks", | ||
"elements": [ | ||
{ | ||
"name": "playbooks-text", | ||
"type": "Microsoft.Common.TextBlock", | ||
"options": { | ||
"text": "This solution installs the Playbook templates to help implement your Security Orchestration, Automation and Response (SOAR) operations. After installing the solution, these will be deployed under Playbook Templates in the Automation blade in Microsoft Sentinel. They can be configured and managed from the Manage solution view in Content Hub." | ||
} | ||
}, | ||
{ | ||
"name": "playbooks-link", | ||
"type": "Microsoft.Common.TextBlock", | ||
"options": { | ||
"link": { | ||
"label": "Learn more", | ||
"uri": "https://docs.microsoft.com/azure/sentinel/tutorial-respond-threats-playbook?WT.mc_id=Portal-Microsoft_Azure_CreateUIDef" | ||
} | ||
} | ||
} | ||
] | ||
} | ||
], | ||
"outputs": { | ||
"workspace-location": "[first(map(filter(basics('getLAWorkspace').value, (filter) => and(contains(toLower(filter.id), toLower(resourceGroup().name)),equals(filter.name,basics('workspace')))), (item) => item.location))]", | ||
"location": "[location()]", | ||
"workspace": "[basics('workspace')]" | ||
} | ||
} | ||
} |
Oops, something went wrong.