diff --git a/Solutions/ESET Protect Platform/ReleaseNotes.md b/Solutions/ESET Protect Platform/ReleaseNotes.md new file mode 100644 index 00000000000..e5dd5cf78c4 --- /dev/null +++ b/Solutions/ESET Protect Platform/ReleaseNotes.md @@ -0,0 +1,3 @@ +| **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** | +|-------------|--------------------------------|---------------------------------------------| +| 3.0.0 | 04-11-2024 | Initial Solution Release | \ No newline at end of file diff --git a/Solutions/Syslog/Data Connectors/template_Syslog.json b/Solutions/Syslog/Data Connectors/template_Syslog.json index 72adbdf7134..604a041b47c 100644 --- a/Solutions/Syslog/Data Connectors/template_Syslog.json +++ b/Solutions/Syslog/Data Connectors/template_Syslog.json @@ -1,9 +1,8 @@ { "id": "Syslog", - "title": "Syslog", + "title": "Syslog via Legacy Agent", "publisher": "Microsoft", - "descriptionMarkdown": "Syslog is an event logging protocol that is common to Linux. Applications will send messages that may be stored on the local machine or delivered to a Syslog collector. When the Agent for Linux is installed, it configures the local Syslog daemon to forward messages to the agent. The agent then sends the message to the workspace. For more information, see the [Microsoft Sentinel documentation](https://go.microsoft.com/fwlink/p/?linkid=2223807&wt.mc_id=sentinel_dataconnectordocs_content_cnl_csasci).", - "additionalRequirementBanner": "[Learn more](https://aka.ms/sysLogInfo)", + "descriptionMarkdown": "Syslog is an event logging protocol that is common to Linux. Applications will send messages that may be stored on the local machine or delivered to a Syslog collector. When the Agent for Linux is installed, it configures the local Syslog daemon to forward messages to the agent. The agent then sends the message to the workspace.\n\n[Learn more >](https://aka.ms/sysLogInfo)", "graphQueries": [ { "metricName": "Total data received", @@ -56,7 +55,7 @@ "instructionSteps": [ { "title": "1. Install and onboard the agent for Linux", - "description": "Typically, you should install the agent on a different computer from the one on which the logs are generated.\n\n> Syslog logs are collected only from **Linux** agents.", + "description": "You can collect Syslog events from your local machine by installing the agent on it. You can also collect Syslog generated on a different source by running the installation script below on the local machine, where the agent is installed.\n\n> Syslog logs are collected only from **Linux** agents.", "instructions": [ { "parameters": { @@ -105,4 +104,4 @@ ] } ] -} \ No newline at end of file +} diff --git a/Solutions/Syslog/Package/3.0.7.zip b/Solutions/Syslog/Package/3.0.7.zip new file mode 100644 index 00000000000..8b8a91a502c Binary files /dev/null and b/Solutions/Syslog/Package/3.0.7.zip differ diff --git a/Solutions/Syslog/Package/mainTemplate.json b/Solutions/Syslog/Package/mainTemplate.json index e49e0bc701c..261c15d9624 100644 --- a/Solutions/Syslog/Package/mainTemplate.json +++ b/Solutions/Syslog/Package/mainTemplate.json @@ -49,7 +49,7 @@ "email": "support@microsoft.com", "_email": "[variables('email')]", "_solutionName": "Syslog", - "_solutionVersion": "3.0.6", + "_solutionVersion": "3.0.7", "solutionId": "azuresentinel.azure-sentinel-solution-syslog", "_solutionId": "[variables('solutionId')]", "uiConfigId1": "Syslog", @@ -203,7 +203,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "Syslog data connector with template version 3.0.6", + "description": "Syslog data connector with template version 3.0.7", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('dataConnectorVersion1')]", @@ -219,9 +219,9 @@ "properties": { "connectorUiConfig": { "id": "[variables('_uiConfigId1')]", - "title": "Syslog", + "title": "Syslog via Legacy Agent", "publisher": "Microsoft", - "descriptionMarkdown": "Syslog is an event logging protocol that is common to Linux. Applications will send messages that may be stored on the local machine or delivered to a Syslog collector. When the Agent for Linux is installed, it configures the local Syslog daemon to forward messages to the agent. The agent then sends the message to the workspace. For more information, see the [Microsoft Sentinel documentation](https://go.microsoft.com/fwlink/p/?linkid=2223807&wt.mc_id=sentinel_dataconnectordocs_content_cnl_csasci).", + "descriptionMarkdown": "Syslog is an event logging protocol that is common to Linux. Applications will send messages that may be stored on the local machine or delivered to a Syslog collector. When the Agent for Linux is installed, it configures the local Syslog daemon to forward messages to the agent. The agent then sends the message to the workspace.\n\n[Learn more >](https://aka.ms/sysLogInfo)", "graphQueries": [ { "metricName": "Total data received", @@ -281,7 +281,7 @@ "contentSchemaVersion": "3.0.0", "contentId": "[variables('_dataConnectorContentId1')]", "contentKind": "DataConnector", - "displayName": "Syslog", + "displayName": "Syslog via Legacy Agent", "contentProductId": "[variables('_dataConnectorcontentProductId1')]", "id": "[variables('_dataConnectorcontentProductId1')]", "version": "[variables('dataConnectorVersion1')]" @@ -325,9 +325,9 @@ "kind": "StaticUI", "properties": { "connectorUiConfig": { - "title": "Syslog", + "title": "Syslog via Legacy Agent", "publisher": "Microsoft", - "descriptionMarkdown": "Syslog is an event logging protocol that is common to Linux. Applications will send messages that may be stored on the local machine or delivered to a Syslog collector. When the Agent for Linux is installed, it configures the local Syslog daemon to forward messages to the agent. The agent then sends the message to the workspace. For more information, see the [Microsoft Sentinel documentation](https://go.microsoft.com/fwlink/p/?linkid=2223807&wt.mc_id=sentinel_dataconnectordocs_content_cnl_csasci).", + "descriptionMarkdown": "Syslog is an event logging protocol that is common to Linux. Applications will send messages that may be stored on the local machine or delivered to a Syslog collector. When the Agent for Linux is installed, it configures the local Syslog daemon to forward messages to the agent. The agent then sends the message to the workspace.\n\n[Learn more >](https://aka.ms/sysLogInfo)", "graphQueries": [ { "metricName": "Total data received", @@ -349,8 +349,7 @@ ] } ], - "id": "[variables('_uiConfigId1')]", - "additionalRequirementBanner": "[Learn more](https://aka.ms/sysLogInfo)" + "id": "[variables('_uiConfigId1')]" } } }, @@ -363,7 +362,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "Syslog data connector with template version 3.0.6", + "description": "Syslog data connector with template version 3.0.7", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('dataConnectorVersion2')]", @@ -522,7 +521,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "LinuxMachines Workbook with template version 3.0.6", + "description": "LinuxMachines Workbook with template version 3.0.7", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('workbookVersion1')]", @@ -610,7 +609,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "SyslogConnectorsOverviewWorkbook Workbook with template version 3.0.6", + "description": "SyslogConnectorsOverviewWorkbook Workbook with template version 3.0.7", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('workbookVersion2')]", @@ -702,7 +701,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "FailedLogonAttempts_UnknownUser_AnalyticalRules Analytics Rule with template version 3.0.6", + "description": "FailedLogonAttempts_UnknownUser_AnalyticalRules Analytics Rule with template version 3.0.7", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject1').analyticRuleVersion1]", @@ -730,16 +729,16 @@ "status": "Available", "requiredDataConnectors": [ { + "connectorId": "Syslog", "dataTypes": [ "Syslog" - ], - "connectorId": "Syslog" + ] }, { + "connectorId": "SyslogAma", "dataTypes": [ "Syslog" - ], - "connectorId": "SyslogAma" + ] } ], "tactics": [ @@ -750,22 +749,22 @@ ], "entityMappings": [ { + "entityType": "Host", "fieldMappings": [ { - "identifier": "FullName", - "columnName": "Computer" + "columnName": "Computer", + "identifier": "FullName" } - ], - "entityType": "Host" + ] }, { + "entityType": "IP", "fieldMappings": [ { - "identifier": "Address", - "columnName": "HostIP" + "columnName": "HostIP", + "identifier": "Address" } - ], - "entityType": "IP" + ] } ] } @@ -821,7 +820,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "NRT_squid_events_for_mining_pools_AnalyticalRules Analytics Rule with template version 3.0.6", + "description": "NRT_squid_events_for_mining_pools_AnalyticalRules Analytics Rule with template version 3.0.7", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject2').analyticRuleVersion2]", @@ -845,16 +844,16 @@ "status": "Available", "requiredDataConnectors": [ { + "connectorId": "Syslog", "dataTypes": [ "Syslog" - ], - "connectorId": "Syslog" + ] }, { + "connectorId": "SyslogAma", "dataTypes": [ "Syslog" - ], - "connectorId": "SyslogAma" + ] } ], "tactics": [ @@ -865,31 +864,31 @@ ], "entityMappings": [ { + "entityType": "Account", "fieldMappings": [ { - "identifier": "FullName", - "columnName": "User" + "columnName": "User", + "identifier": "FullName" } - ], - "entityType": "Account" + ] }, { + "entityType": "IP", "fieldMappings": [ { - "identifier": "Address", - "columnName": "SourceIP" + "columnName": "SourceIP", + "identifier": "Address" } - ], - "entityType": "IP" + ] }, { + "entityType": "URL", "fieldMappings": [ { - "identifier": "Url", - "columnName": "URL" + "columnName": "URL", + "identifier": "Url" } - ], - "entityType": "URL" + ] } ] } @@ -945,7 +944,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "squid_cryptomining_pools_AnalyticalRules Analytics Rule with template version 3.0.6", + "description": "squid_cryptomining_pools_AnalyticalRules Analytics Rule with template version 3.0.7", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject3').analyticRuleVersion3]", @@ -973,16 +972,16 @@ "status": "Available", "requiredDataConnectors": [ { + "connectorId": "Syslog", "dataTypes": [ "Syslog" - ], - "connectorId": "Syslog" + ] }, { + "connectorId": "SyslogAma", "dataTypes": [ "Syslog" - ], - "connectorId": "SyslogAma" + ] } ], "tactics": [ @@ -993,39 +992,39 @@ ], "entityMappings": [ { + "entityType": "Account", "fieldMappings": [ { - "identifier": "FullName", - "columnName": "User" + "columnName": "User", + "identifier": "FullName" }, { - "identifier": "Name", - "columnName": "AccountName" + "columnName": "AccountName", + "identifier": "Name" }, { - "identifier": "UPNSuffix", - "columnName": "AccountUPNSuffix" + "columnName": "AccountUPNSuffix", + "identifier": "UPNSuffix" } - ], - "entityType": "Account" + ] }, { + "entityType": "IP", "fieldMappings": [ { - "identifier": "Address", - "columnName": "SourceIP" + "columnName": "SourceIP", + "identifier": "Address" } - ], - "entityType": "IP" + ] }, { + "entityType": "URL", "fieldMappings": [ { - "identifier": "Url", - "columnName": "URL" + "columnName": "URL", + "identifier": "Url" } - ], - "entityType": "URL" + ] } ] } @@ -1081,7 +1080,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "squid_tor_proxies_AnalyticalRules Analytics Rule with template version 3.0.6", + "description": "squid_tor_proxies_AnalyticalRules Analytics Rule with template version 3.0.7", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject4').analyticRuleVersion4]", @@ -1109,16 +1108,16 @@ "status": "Available", "requiredDataConnectors": [ { + "connectorId": "Syslog", "dataTypes": [ "Syslog" - ], - "connectorId": "Syslog" + ] }, { + "connectorId": "SyslogAma", "dataTypes": [ "Syslog" - ], - "connectorId": "SyslogAma" + ] } ], "tactics": [ @@ -1130,39 +1129,39 @@ ], "entityMappings": [ { + "entityType": "Account", "fieldMappings": [ { - "identifier": "FullName", - "columnName": "User" + "columnName": "User", + "identifier": "FullName" }, { - "identifier": "Name", - "columnName": "AccountName" + "columnName": "AccountName", + "identifier": "Name" }, { - "identifier": "UPNSuffix", - "columnName": "AccountUPNSuffix" + "columnName": "AccountUPNSuffix", + "identifier": "UPNSuffix" } - ], - "entityType": "Account" + ] }, { + "entityType": "IP", "fieldMappings": [ { - "identifier": "Address", - "columnName": "SourceIP" + "columnName": "SourceIP", + "identifier": "Address" } - ], - "entityType": "IP" + ] }, { + "entityType": "URL", "fieldMappings": [ { - "identifier": "Url", - "columnName": "URL" + "columnName": "URL", + "identifier": "Url" } - ], - "entityType": "URL" + ] } ] } @@ -1218,7 +1217,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "ssh_potentialBruteForce_AnalyticalRules Analytics Rule with template version 3.0.6", + "description": "ssh_potentialBruteForce_AnalyticalRules Analytics Rule with template version 3.0.7", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject5').analyticRuleVersion5]", @@ -1246,16 +1245,16 @@ "status": "Available", "requiredDataConnectors": [ { + "connectorId": "Syslog", "dataTypes": [ "Syslog" - ], - "connectorId": "Syslog" + ] }, { + "connectorId": "SyslogAma", "dataTypes": [ "Syslog" - ], - "connectorId": "SyslogAma" + ] } ], "tactics": [ @@ -1266,40 +1265,40 @@ ], "entityMappings": [ { + "entityType": "Account", "fieldMappings": [ { - "identifier": "Name", - "columnName": "Account" + "columnName": "Account", + "identifier": "Name" } - ], - "entityType": "Account" + ] }, { + "entityType": "IP", "fieldMappings": [ { - "identifier": "Address", - "columnName": "IPAddress" + "columnName": "IPAddress", + "identifier": "Address" } - ], - "entityType": "IP" + ] }, { + "entityType": "Host", "fieldMappings": [ { - "identifier": "HostName", - "columnName": "HostName" + "columnName": "HostName", + "identifier": "HostName" } - ], - "entityType": "Host" + ] }, { + "entityType": "AzureResource", "fieldMappings": [ { - "identifier": "ResourceId", - "columnName": "ResourceId" + "columnName": "ResourceId", + "identifier": "ResourceId" } - ], - "entityType": "AzureResource" + ] } ] } @@ -1355,7 +1354,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "sftp_file_transfer_above_threshold_AnalyticalRules Analytics Rule with template version 3.0.6", + "description": "sftp_file_transfer_above_threshold_AnalyticalRules Analytics Rule with template version 3.0.7", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject6').analyticRuleVersion6]", @@ -1383,16 +1382,16 @@ "status": "Available", "requiredDataConnectors": [ { + "connectorId": "Syslog", "dataTypes": [ "Syslog" - ], - "connectorId": "Syslog" + ] }, { + "connectorId": "SyslogAma", "dataTypes": [ "Syslog" - ], - "connectorId": "SyslogAma" + ] } ], "tactics": [ @@ -1403,49 +1402,49 @@ ], "entityMappings": [ { + "entityType": "Account", "fieldMappings": [ { - "identifier": "Name", - "columnName": "username" + "columnName": "username", + "identifier": "Name" } - ], - "entityType": "Account" + ] }, { + "entityType": "IP", "fieldMappings": [ { - "identifier": "Address", - "columnName": "src_ip" + "columnName": "src_ip", + "identifier": "Address" } - ], - "entityType": "IP" + ] }, { + "entityType": "Host", "fieldMappings": [ { - "identifier": "HostName", - "columnName": "Computer" + "columnName": "Computer", + "identifier": "HostName" } - ], - "entityType": "Host" + ] }, { + "entityType": "File", "fieldMappings": [ { - "identifier": "Name", - "columnName": "FileSample" + "columnName": "FileSample", + "identifier": "Name" } - ], - "entityType": "File" + ] } ], "customDetails": { - "FilesList": "fileslist", - "TransferCount": "count_distinct_filepath" + "TransferCount": "count_distinct_filepath", + "FilesList": "fileslist" }, "incidentConfiguration": { "groupingConfiguration": { - "matchingMethod": "Selected", + "enabled": true, "lookbackDuration": "5h", "groupByEntities": [ "Account", @@ -1509,7 +1508,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "sftp_file_transfer_folders_above_threshold_AnalyticalRules Analytics Rule with template version 3.0.6", + "description": "sftp_file_transfer_folders_above_threshold_AnalyticalRules Analytics Rule with template version 3.0.7", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject7').analyticRuleVersion7]", @@ -1537,16 +1536,16 @@ "status": "Available", "requiredDataConnectors": [ { + "connectorId": "Syslog", "dataTypes": [ "Syslog" - ], - "connectorId": "Syslog" + ] }, { + "connectorId": "SyslogAma", "dataTypes": [ "Syslog" - ], - "connectorId": "SyslogAma" + ] } ], "tactics": [ @@ -1557,49 +1556,49 @@ ], "entityMappings": [ { + "entityType": "Account", "fieldMappings": [ { - "identifier": "Name", - "columnName": "username" + "columnName": "username", + "identifier": "Name" } - ], - "entityType": "Account" + ] }, { + "entityType": "IP", "fieldMappings": [ { - "identifier": "Address", - "columnName": "src_ip" + "columnName": "src_ip", + "identifier": "Address" } - ], - "entityType": "IP" + ] }, { + "entityType": "Host", "fieldMappings": [ { - "identifier": "HostName", - "columnName": "Computer" + "columnName": "Computer", + "identifier": "HostName" } - ], - "entityType": "Host" + ] }, { + "entityType": "File", "fieldMappings": [ { - "identifier": "Name", - "columnName": "DirSample" + "columnName": "DirSample", + "identifier": "Name" } - ], - "entityType": "File" + ] } ], "customDetails": { - "FilesList": "dirlist", - "TransferCount": "count_distinct_dirpath" + "TransferCount": "count_distinct_dirpath", + "FilesList": "dirlist" }, "incidentConfiguration": { "groupingConfiguration": { - "matchingMethod": "Selected", + "enabled": true, "lookbackDuration": "5h", "groupByEntities": [ "Account", @@ -1663,7 +1662,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "CryptoCurrencyMiners_HuntingQueries Hunting Query with template version 3.0.6", + "description": "CryptoCurrencyMiners_HuntingQueries Hunting Query with template version 3.0.7", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('huntingQueryObject1').huntingQueryVersion1]", @@ -1748,7 +1747,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "SCXExecuteRunAsProviders_HuntingQueries Hunting Query with template version 3.0.6", + "description": "SCXExecuteRunAsProviders_HuntingQueries Hunting Query with template version 3.0.7", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('huntingQueryObject2').huntingQueryVersion2]", @@ -1833,7 +1832,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "CryptoThreatActivity_HuntingQueries Hunting Query with template version 3.0.6", + "description": "CryptoThreatActivity_HuntingQueries Hunting Query with template version 3.0.7", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('huntingQueryObject3').huntingQueryVersion3]", @@ -1918,7 +1917,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "RareProcess_ForLxHost_HuntingQueries Hunting Query with template version 3.0.6", + "description": "RareProcess_ForLxHost_HuntingQueries Hunting Query with template version 3.0.7", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('huntingQueryObject4').huntingQueryVersion4]", @@ -2003,7 +2002,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "SchedTaskAggregation_HuntingQueries Hunting Query with template version 3.0.6", + "description": "SchedTaskAggregation_HuntingQueries Hunting Query with template version 3.0.7", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('huntingQueryObject5').huntingQueryVersion5]", @@ -2088,7 +2087,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "SchedTaskEditViaCrontab_HuntingQueries Hunting Query with template version 3.0.6", + "description": "SchedTaskEditViaCrontab_HuntingQueries Hunting Query with template version 3.0.7", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('huntingQueryObject6').huntingQueryVersion6]", @@ -2173,7 +2172,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "squid_abused_tlds_HuntingQueries Hunting Query with template version 3.0.6", + "description": "squid_abused_tlds_HuntingQueries Hunting Query with template version 3.0.7", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('huntingQueryObject7').huntingQueryVersion7]", @@ -2258,7 +2257,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "squid_malformed_requests_HuntingQueries Hunting Query with template version 3.0.6", + "description": "squid_malformed_requests_HuntingQueries Hunting Query with template version 3.0.7", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('huntingQueryObject8').huntingQueryVersion8]", @@ -2343,7 +2342,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "squid_volume_anomalies_HuntingQueries Hunting Query with template version 3.0.6", + "description": "squid_volume_anomalies_HuntingQueries Hunting Query with template version 3.0.7", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('huntingQueryObject9').huntingQueryVersion9]", @@ -2428,7 +2427,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "SyslogConnectorsOverallStatus Data Parser with template version 3.0.6", + "description": "SyslogConnectorsOverallStatus Data Parser with template version 3.0.7", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('parserObject1').parserVersion1]", @@ -2560,7 +2559,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "SyslogConnectorsEventVolumebyDeviceProduct Data Parser with template version 3.0.6", + "description": "SyslogConnectorsEventVolumebyDeviceProduct Data Parser with template version 3.0.7", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('parserObject2').parserVersion2]", @@ -2688,7 +2687,7 @@ "apiVersion": "2023-04-01-preview", "location": "[parameters('workspace-location')]", "properties": { - "version": "3.0.6", + "version": "3.0.7", "kind": "Solution", "contentSchemaVersion": "3.0.0", "displayName": "Syslog", diff --git a/Solutions/Syslog/ReleaseNotes.md b/Solutions/Syslog/ReleaseNotes.md index a070085aedd..1137f4b7e77 100644 --- a/Solutions/Syslog/ReleaseNotes.md +++ b/Solutions/Syslog/ReleaseNotes.md @@ -1,5 +1,6 @@ | **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** | |-------------|--------------------------------|--------------------------------------------------------------------| +| 3.0.7 | 04-11-2024 | Updated the Syslog **Data Connector** template to latest version | | 3.0.6 | 01-08-2024 | Updated **Analytic rules** for entity mappings and parameter for parser function | | 3.0.5 | 16-07-2024 | Added 2 new Workspace Function **Parsers** and a new **Workbook** | | 3.0.4 | 27-06-2024 | Updated Connectivity criteria query for **Data Connector** |