Merge pull request Azure#10164 from Azure/v-rusraut-SecurityThreatEss…

…ential Repackaging - SecurityThreatEssentialSolution
joanabmartins · Mar 22, 2024 · a8e7b54 · a8e7b54
2 parents eb1234e + 3d023db
commit a8e7b54
Show file tree

Hide file tree

Showing 7 changed files with 519 additions and 429 deletions.
diff --git a/Solutions/SecurityThreatEssentialSolution/Data/Solution_SecurityThreatEssentialSolution.json b/Solutions/SecurityThreatEssentialSolution/Data/Solution_SecurityThreatEssentialSolution.json
@@ -17,7 +17,7 @@
 	"Analytic Rules/PossibleAiTMPhishingAttemptAgainstAAD.yaml"	
   ],
   "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\SecurityThreatEssentialSolution",
-  "Version": "3.0.0",
+  "Version": "3.0.2",
   "Metadata": "SolutionMetadata.json",
   "TemplateSpec": true,
   "Is1PConnector": true

diff --git a/Solutions/SecurityThreatEssentialSolution/Data/system_generated_metadata.json b/Solutions/SecurityThreatEssentialSolution/Data/system_generated_metadata.json
@@ -0,0 +1,30 @@
+{
+  "Name": "SecurityThreatEssentialSolution",
+  "Author": "Microsoft Corporation - support@microsoft.com",
+  "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">",
+  "Description": "This solution published by Microsoft is based on the continuous evaluation of threat campaigns and provides out-of-the-box security content that helps you to enhance your security posture.\r\nThis solution leverages the following tables:\r \n • AuditLogs \r \n • AzureActivity \r \n • CommonSecurityLog \r \n • OfficeActivity \r \n • SigninLogs \r \n • VMConnection\r\n",
+  "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\SecurityThreatEssentialSolution",
+  "Version": "3.0.2",
+  "Metadata": "SolutionMetadata.json",
+  "TemplateSpec": true,
+  "Is1PConnector": true,
+  "publisherId": "azuresentinel",
+  "offerId": "azure-sentinel-solution-securitythreatessentialsol",
+  "providers": [
+    "Microsoft"
+  ],
+  "categories": {
+    "domains": [
+      "Security - Others"
+    ]
+  },
+  "firstPublishDate": "2022-03-30",
+  "support": {
+    "name": "Microsoft Corporation",
+    "email": "support@microsoft.com",
+    "tier": "Microsoft",
+    "link": "https://support.microsoft.com"
+  },
+  "Analytic Rules": "[\n  \"Threat_Essentials_Mail_redirect_via_ExO_transport_rule.yaml\",\n  \"Threat_Essentials_MultipleAdmin_membership_removals_from_NewAdmin.yaml\",\n  \"Threat_Essentials_NRT_UseraddedtoPrivilgedGroups.yaml\",\n  \"Threat_Essentials_TimeSeriesAnomaly_Mass_Cloud_Resource_Deletions.yaml\",\n  \"Threat_Essentials_TimeSeriesAnomaly-MultiVendor_DataExfiltration.yaml\",\n  \"Threat_Essentials_UserAssignedPrivilegedRole.yaml\",\n  \"PossibleAiTMPhishingAttemptAgainstAAD.yaml\"\n]",
+  "Hunting Queries": "[\n  \"Signins-from-NordVPN-Providers.yaml\",\n  \"Signins-From-VPS-Providers.yaml\"\n]"
+}
diff --git a/Solutions/SecurityThreatEssentialSolution/Package/3.0.2.zip b/Solutions/SecurityThreatEssentialSolution/Package/3.0.2.zip
diff --git a/Solutions/SecurityThreatEssentialSolution/Package/createUiDefinition.json b/Solutions/SecurityThreatEssentialSolution/Package/createUiDefinition.json
@@ -6,7 +6,7 @@
     "config": {
       "isWizard": false,
       "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \r \n • Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/SecurityThreatEssentialSolution/ReleaseNotes.md)\r \n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThis solution published by Microsoft is based on the continuous evaluation of threat campaigns and provides out-of-the-box security content that helps you to enhance your security posture.\r\nThis solution leverages the following tables:\r \n • AuditLogs \r \n • AzureActivity \r \n • CommonSecurityLog \r \n • OfficeActivity \r \n • SigninLogs \r \n • VMConnection\r\n\n\n**Analytic Rules:** 7, **Hunting Queries:** 2\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/SecurityThreatEssentialSolution/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThis solution published by Microsoft is based on the continuous evaluation of threat campaigns and provides out-of-the-box security content that helps you to enhance your security posture.\r\nThis solution leverages the following tables:\r \n • AuditLogs \r \n • AzureActivity \r \n • CommonSecurityLog \r \n • OfficeActivity \r \n • SigninLogs \r \n • VMConnection\r\n\n\n**Analytic Rules:** 7, **Hunting Queries:** 2\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
         "subscription": {
           "resourceProviders": [
             "Microsoft.OperationsManagement/solutions",