Azure · v-atulyadav · Oct 4, 2024 · Oct 3, 2024 · Oct 4, 2024
@@ -14,7 +14,7 @@
         "Playbooks/Cohesity_Delete_Incident_Blobs/azuredeploy.json"
     ],
     "BasePath": "/home/cohesity/workspace/Azure-Sentinel/Solutions/CohesitySecurity",
-    "Version": "3.1.0",
+    "Version": "3.1.1",
     "Metadata": "SolutionMetadata.json",
     "TemplateSpec": true,
     "Is1Pconnector": false

@@ -6,7 +6,7 @@
     "config": {
       "isWizard": false,
       "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Cohesity-Logo.svg\" width=\"75px\"height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \r \n • Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/CohesitySecurity/ReleaseNotes.md)\r \n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution.\n\nThis product integrates Cohesity Helios with Microsoft Sentinel to stay updated with the security events from your Cohesity environment and immediately respond to a ransomware attack or an anomaly\n\n**Data Connectors:** 1, **Playbooks:** 5\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Cohesity-Logo.svg\" width=\"75px\"height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/CohesitySecurity/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThis product integrates Cohesity Helios with Microsoft Sentinel to stay updated with the security events from your Cohesity environment and immediately respond to a ransomware attack or an anomaly\n\n**Data Connectors:** 1, **Playbooks:** 5\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
         "subscription": {
           "resourceProviders": [
             "Microsoft.OperationsManagement/solutions",
@@ -60,7 +60,7 @@
             "name": "dataconnectors1-text",
             "type": "Microsoft.Common.TextBlock",
             "options": {
-              "text": "This product integrates Cohesity Helios with Microsoft Sentinel to stay updated with the security events from your Cohesity environment and immediately respond to a ransomware attack or an anomaly."
+              "text": "This Solution installs the data connector for CohesitySecurity. You can get CohesitySecurity custom log data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
             }
           },
           {

@@ -33,7 +33,7 @@
     "email": "[email protected]",
     "_email": "[variables('email')]",
     "_solutionName": "CohesitySecurity",
-    "_solutionVersion": "3.1.0",
+    "_solutionVersion": "3.1.1",
     "solutionId": "cohesitydev1592001764720.cohesity_sentinel_data_connector",
     "_solutionId": "[variables('solutionId')]",
     "uiConfigId1": "CohesityDataConnector",
@@ -99,7 +99,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "CohesitySecurity data connector with template version 3.1.0",
+        "description": "CohesitySecurity data connector with template version 3.1.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('dataConnectorVersion1')]",
@@ -189,7 +189,7 @@
                       "description": ">**NOTE:** This connector uses Azure Functions that connect to the Azure Blob Storage and KeyVault. This might result in additional costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/), [Azure Blob Storage pricing page](https://azure.microsoft.com/pricing/details/storage/blobs/) and [Azure KeyVault pricing page](https://azure.microsoft.com/pricing/details/key-vault/) for details."
                     },
                     {
-                      "description": ">**(Optional Step)** Securely store workspace and API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. [Follow these instructions](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) to use Azure Key Vault with an Azure Functions App."
+                      "description": ">**(Optional Step)** Securely store workspace and API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. [Follow these instructions](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) to use Azure Key Vault with an Azure Function App."
                     },
                     {
                       "description": "**STEP 1 - Get a Cohesity DataHawk API key (see troubleshooting [instruction 1](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/CohesitySecurity/Data%20Connectors/Helios2Sentinel/IncidentProducer))**"
@@ -360,7 +360,7 @@
               "description": ">**NOTE:** This connector uses Azure Functions that connect to the Azure Blob Storage and KeyVault. This might result in additional costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/), [Azure Blob Storage pricing page](https://azure.microsoft.com/pricing/details/storage/blobs/) and [Azure KeyVault pricing page](https://azure.microsoft.com/pricing/details/key-vault/) for details."
             },
             {
-              "description": ">**(Optional Step)** Securely store workspace and API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. [Follow these instructions](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) to use Azure Key Vault with an Azure Functions App."
+              "description": ">**(Optional Step)** Securely store workspace and API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. [Follow these instructions](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) to use Azure Key Vault with an Azure Function App."
             },
             {
               "description": "**STEP 1 - Get a Cohesity DataHawk API key (see troubleshooting [instruction 1](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/CohesitySecurity/Data%20Connectors/Helios2Sentinel/IncidentProducer))**"
@@ -390,7 +390,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "My_Cohesity_Send_Incident_Email Playbook with template version 3.1.0",
+        "description": "My_Cohesity_Send_Incident_Email Playbook with template version 3.1.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('playbookVersion1')]",
@@ -639,7 +639,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "My_Cohesity_Restore_From_Last_Snapshot Playbook with template version 3.1.0",
+        "description": "My_Cohesity_Restore_From_Last_Snapshot Playbook with template version 3.1.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('playbookVersion2')]",
@@ -712,7 +712,7 @@
                   "actions": {
                     "Get_cid_from_blob_content": {
                       "runAfter": {
-                        "Get_jobId_from_blob_content": [
+                        "Get_job_id_from_blob_content": [
                           "Succeeded"
                         ]
                       },
@@ -732,9 +732,9 @@
                         }
                       }
                     },
-                    "Get_entityId_from_blob_content": {
+                    "Get_entity_id_from_blob_content": {
                       "runAfter": {
-                        "Get_jobInstanceId_from_blob_content": [
+                        "Get_job_instance_id_from_blob_content": [
                           "Succeeded"
                         ]
                       },
@@ -749,12 +749,12 @@
                         "path": "/v2/datasets/@{encodeURIComponent(encodeURIComponent('AccountNameFromSettings'))}/GetFileContentByPath",
                         "queries": {
                           "inferContentType": true,
-                          "path": "/cohesity-extra-parameters/@{variables('helioID')}/entityId",
+                          "path": "/cohesity-extra-parameters/@{variables('helioID')}/entity_id",
                           "queryParametersSingleEncoded": true
                         }
                       }
                     },
-                    "Get_jobId_from_blob_content": {
+                    "Get_job_id_from_blob_content": {
                       "runAfter": {
                         "Initialize_HelioID": [
                           "Succeeded"
@@ -771,14 +771,14 @@
                         "path": "/v2/datasets/@{encodeURIComponent(encodeURIComponent('AccountNameFromSettings'))}/GetFileContentByPath",
                         "queries": {
                           "inferContentType": true,
-                          "path": "/cohesity-extra-parameters/@{variables('helioID')}/jobId",
+                          "path": "/cohesity-extra-parameters/@{variables('helioID')}/job_id",
                           "queryParametersSingleEncoded": true
                         }
                       }
                     },
-                    "Get_jobInstanceId_from_blob_content": {
+                    "Get_job_instance_id_from_blob_content": {
                       "runAfter": {
-                        "Get_jobStartTimeUsecs_from_blob_content": [
+                        "Get_job_start_time_usecs_from_blob_content": [
                           "Succeeded"
                         ]
                       },
@@ -793,12 +793,12 @@
                         "path": "/v2/datasets/@{encodeURIComponent(encodeURIComponent('AccountNameFromSettings'))}/GetFileContentByPath",
                         "queries": {
                           "inferContentType": true,
-                          "path": "/cohesity-extra-parameters/@{variables('helioID')}/jobInstanceId",
+                          "path": "/cohesity-extra-parameters/@{variables('helioID')}/job_instance_id",
                           "queryParametersSingleEncoded": true
                         }
                       }
                     },
-                    "Get_jobStartTimeUsecs_from_blob_content": {
+                    "Get_job_start_time_usecs_from_blob_content": {
                       "runAfter": {
                         "Get_cid_from_blob_content": [
                           "Succeeded"
@@ -815,14 +815,14 @@
                         "path": "/v2/datasets/@{encodeURIComponent(encodeURIComponent('AccountNameFromSettings'))}/GetFileContentByPath",
                         "queries": {
                           "inferContentType": true,
-                          "path": "/cohesity-extra-parameters/@{variables('helioID')}/jobStartTimeUsecs",
+                          "path": "/cohesity-extra-parameters/@{variables('helioID')}/job_start_time_usecs",
                           "queryParametersSingleEncoded": true
                         }
                       }
                     },
                     "Get_object_from_blob_content": {
                       "runAfter": {
-                        "Get_entityId_from_blob_content": [
+                        "Get_entity_id_from_blob_content": [
                           "Succeeded"
                         ]
                       },
@@ -871,11 +871,11 @@
                           "name": "Sentinel_triggered_restore_task_@{body('Get_object_from_blob_content')}",
                           "objects": [
                             {
-                              "jobId": "@int(string(body('Get_jobId_from_blob_content')))",
-                              "jobRunId": "@int(string(body('Get_jobInstanceId_from_blob_content')))",
-                              "protectionSourceId": "@int(string(body('Get_entityId_from_blob_content')))",
+                              "job_id": "@int(string(body('Get_job_id_from_blob_content')))",
+                              "jobRunId": "@int(string(body('Get_job_instance_id_from_blob_content')))",
+                              "protectionSourceId": "@int(string(body('Get_entity_id_from_blob_content')))",
                               "sourceName": "@{body('Get_object_from_blob_content')}",
-                              "startedTimeUsecs": "@int(string(body('Get_jobStartTimeUsecs_from_blob_content')))"
+                              "startedTimeUsecs": "@int(string(body('Get_job_start_time_usecs_from_blob_content')))"
                             }
                           ],
                           "type": "kRecoverVMs",
@@ -1082,7 +1082,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "My_Cohesity_Close_Helios_Incident Playbook with template version 3.1.0",
+        "description": "My_Cohesity_Close_Helios_Incident Playbook with template version 3.1.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('playbookVersion3')]",
@@ -1355,7 +1355,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "My_Cohesity_CreateOrUpdate_ServiceNow_Incident Playbook with template version 3.1.0",
+        "description": "My_Cohesity_CreateOrUpdate_ServiceNow_Incident Playbook with template version 3.1.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('playbookVersion4')]",
@@ -2136,7 +2136,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "My_Cohesity_Delete_Incident_Blobs Playbook with template version 3.1.0",
+        "description": "My_Cohesity_Delete_Incident_Blobs Playbook with template version 3.1.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('playbookVersion5')]",
@@ -2419,7 +2419,7 @@
       "apiVersion": "2023-04-01-preview",
       "location": "[parameters('workspace-location')]",
       "properties": {
-        "version": "3.1.0",
+        "version": "3.1.1",
         "kind": "Solution",
         "contentSchemaVersion": "3.0.0",
         "displayName": "CohesitySecurity",

@@ -0,0 +1,24 @@
+{
+  "location": {
+    "type": "string",
+    "minLength": 1,
+    "defaultValue": "[resourceGroup().location]",
+    "metadata": {
+      "description": "Not used, but needed to pass arm-ttk test `Location-Should-Not-Be-Hardcoded`.  We instead use the `workspace-location` which is derived from the LA workspace"
+    }
+  },
+  "workspace-location": {
+    "type": "string",
+    "defaultValue": "",
+    "metadata": {
+      "description": "[concat('Region to deploy solution resources -- separate from location selection',parameters('location'))]"
+    }
+  },
+  "workspace": {
+    "defaultValue": "",
+    "type": "string",
+    "metadata": {
+      "description": "Workspace name for Log Analytics where Microsoft Sentinel is setup"
+    }
+  }
+}