[skip ci] Github Bot Added package to Pull Request!

Solutions/Microsoft Exchange Security - Exchange On-Premises/Data/system_generated_metadata.json

@@ -0,0 +1,33 @@
+{
+  "Name": "Microsoft Exchange Security - Exchange On-Premises",
+  "Author": "Microsoft - [email protected]",
+  "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\"width=\"75px\"height=\"75px\">",
+  "Description": "The Exchange Security Audit and Configuration Insight solution analyze Exchange On-Premises configuration and logs from a security lens to provide insights and alerts.\n\n**Underlying Microsoft Technologies used:**\n\nThis solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\n\na. [Windows Event logs collection, including MS Exchange Management Event logs](https://learn.microsoft.com/azure/azure-monitor/agents/data-sources-windows-events)\n\nb. [Custom logs ingestion via Data Collector REST API](https://learn.microsoft.com/en-us/azure/azure-monitor/logs/data-collector-api?tabs=powershell)",
+  "BasePath": "C:\\Git Repositories\\Azure-Sentinel\\Solutions\\Microsoft Exchange Security - Exchange On-Premises\\",
+  "Version": "3.1.2",
+  "Metadata": "SolutionMetadata.json",
+  "TemplateSpec": true,
+  "Is1Pconnector": false,
+  "publisherId": "microsoftsentinelcommunity",
+  "offerId": "azure-sentinel-solution-exchangesecurityinsights",
+  "providers": [
+    "Microsoft"
+  ],
+  "categories": {
+    "domains": [
+      "Application"
+    ],
+    "verticals": []
+  },
+  "firstPublishDate": "2022-12-21",
+  "support": {
+    "name": "Community",
+    "tier": "Community",
+    "link": "https://github.com/Azure/Azure-Sentinel/issues"
+  },
+  "Data Connectors": "[\n  \"Data Connectors/ESI-ExchangeAdminAuditLogEvents.json\",\n  \"Data Connectors/ESI-ExchangeOnPremisesCollector.json\"\n]",
+  "Parsers": "[\n  \"ExchangeAdminAuditLogs.yaml\",\n  \"ExchangeConfiguration.yaml\",\n  \"ExchangeEnvironmentList.yaml\",\n  \"MESCheckVIP.yaml\"\n]",
+  "Workbooks": "[\n  \"Workbooks/Microsoft Exchange Least Privilege with RBAC.json\",\n  \"Workbooks/Microsoft Exchange Search AdminAuditLog.json\",\n  \"Workbooks/Microsoft Exchange Admin Activity.json\",\n  \"Workbooks/Microsoft Exchange Security Review.json\"\n]",
+  "Analytic Rules": "[\n  \"CriticalCmdletsUsageDetection.yaml\",\n  \"ServerOrientedWithUserOrientedAdministration.yaml\"\n]",
+  "Watchlists": "[\n  \"ExchangeServicesMonitoring.json\",\n  \"ExchangeVIP.json\"\n]"
+}

Solutions/Microsoft Exchange Security - Exchange On-Premises/Package/createUiDefinition.json

@@ -60,57 +60,15 @@
             "name": "dataconnectors1-text",
             "type": "Microsoft.Common.TextBlock",
             "options": {
-              "text": "This solution installs two (2) data connectors for ingesting Microsoft Exchange on-premises events to provide security insights. Each of these data connectors help ingest a different set of logs/events."
+              "text": "This Solution installs the data connector for Microsoft Exchange Security - Exchange On-Premises. You can get Microsoft Exchange Security - Exchange On-Premises custom log data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
             }
           },
-          {
-            "name": "dataconnectors2-text",
-"type": "Microsoft.Common.Section",
-            "label": "1. Exchange Security Insights On-Premises Collector",
-            "elements": [
-              {
-                "name": "dataconnectors3-text",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
-              "text": "This data connector collects security configuration, RBAC information and audit information from your on-premises Exchange environment(s). It uses a scheduled script that needs to be manually deployed in your environment. This connects directly (via proxy if needed) to Log Analytics/Microsoft Sentinel to ingest data."
-            }
-              }
-            ]
-          },
-          {
-            "name": "dataconnectors4-text",
-            "type": "Microsoft.Common.Section",
-            "label": "2. Exchange Audit Event logs via Legacy Agent",
-            "elements": [
-              {
-                "name": "dataconnectors5-text",
-                "type": "Microsoft.Common.TextBlock",
-                "options": {
-                  "text": "This data connector uses Log Analytics Agent or Azure Monitor Agent to collect MSExchange Management Eventlogs, Exchange Security logs, Domain Controllers Security logs, IIS Logs, Exchange logs. Not all logs are required but it depends on your needs and on what you want to collect and secure for hunting in case of compromise. The first important logs consumed by this solution are “MSExchange Management” Event logs."
-                }
-              }
-            ]
-          },
-          {
-            "name": "dataconnectors6-text",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
-              "text": "After installing the solution, configure and enable the data connector that’s most relevant to your Exchange environment by following guidance in Manage solution view."
-            }
-          },
-          {
-"name": "dataconnectors-parser",
-            "type": "Microsoft.Common.Section",
-            "label": "Parsers",
-            "elements": [
           {
             "name": "dataconnectors-parser-text",
             "type": "Microsoft.Common.TextBlock",
             "options": {
-              "text": "The solution installs three (4) parsers that transform ingested data. The transformed logs can be accessed using the ExchangeConfiguration, ExchangeAdminAuditLogs, MESCheckVIP and ExchangeEnvironmentList Kusto Function aliases."
+              "text": "The Solution installs a parser that transforms the ingested data into Microsoft Sentinel normalized format. The normalized format enables better correlation of different types of data from different data sources to drive end-to-end outcomes seamlessly in security monitoring, hunting, incident investigation and response scenarios in Microsoft Sentinel."
             }
-}
-            ]
           },
           {
             "name": "dataconnectors-link2",
@@ -121,6 +79,13 @@
                 "uri": "https://docs.microsoft.com/azure/sentinel/connect-data-sources"
               }
             }
+          },
+          {
+            "name": "dataconnectors2-text",
+            "type": "Microsoft.Common.TextBlock",
+            "options": {
+              "text": "This Solution installs the data connector for Microsoft Exchange Security - Exchange On-Premises. You can get Microsoft Exchange Security - Exchange On-Premises custom log data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
+            }
           }
         ]
       },
@@ -307,7 +272,7 @@
                 "name": "watchlist2-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "ExchangeVIP Watchlist contains a list of VIP users that are allowed to perform privileged operations on Exchange Servers. This watchlist is used by the ServerOrientedWithUserOrientedAdministration rule to detect suspicious activity by VIP users."
+                  "text": "Specific VIP Monitored in Exchange."
                 }
               }
             ]