Merge pull request #11792 from malowe101/ApigeeConnector

Add GCPApigee CCP connector

Author: v-atulyadav

.script/tests/KqlvalidationsTests/CustomTables/ApigeeXV2_CL.json

@@ -0,0 +1,41 @@
+{
+    "Name": "ApigeeXV2_CL",
+    "properties": [
+        {
+            "name": "protoPayload",
+            "type": "dynamic"
+        },
+        {
+            "name": "insertId",
+            "type": "string"
+        },
+        {
+            "name": "resource",
+            "type": "dynamic"
+        },
+        {
+            "name": "timestamp",
+            "type": "datetime"
+        },
+        {
+            "name": "severity",
+            "type": "string"
+        },
+        {
+            "name": "logName",
+            "type": "string"
+        },
+        {
+            "name": "receiveTimestamp",
+            "type": "datetime"
+        },
+        {
+            "name": "TimeGenerated",
+            "type": "datetime"
+        },
+        {
+            "name": "payload_request_name_s",
+            "type": "string"
+        }
+    ]
+}

.script/tests/KqlvalidationsTests/CustomTables/ApigeeX_CL.json

@@ -92,10 +92,6 @@
     "Name": "log_name",
     "Type": "string"
   },
-  {
-    "Name": "insert_id_",
-    "Type": "string"
-  },
   {
     "Name": "severity",
     "Type": "string"
@@ -244,10 +240,6 @@
     "Name": "log_name",
     "Type": "string"
   },
-  {
-    "Name": "insert_id",
-    "Type": "string"
-  },
   {
     "Name": "severity",
     "Type": "string"
@@ -329,12 +321,140 @@
     "Type": "datetime"
   },
   {
-    "Name": "Type",
+    "Name": "_ResourceId",
     "Type": "string"
   },
   {
-    "Name": "_ResourceId",
+    "Name": "payload_request_name_s",
+    "Type": "string"
+  },
+  {
+    "Name": "payload_request_environment_apiProxyType_s",
+    "Type": "string"
+  },
+  {
+    "Name": "payload_request_environment_deploymentType_s",
+    "Type": "string"
+  },
+  {
+    "Name": "payload_request_environment_description_s",
+    "Type": "string"
+  },
+  {
+    "Name": "payload_request_environment_displayname_s",
+    "Type": "string"
+  },
+  {
+    "Name": "payload_request_environment_name_s",
+    "Type": "string"
+  },
+  {
+    "Name": "payload_response_type_s",
     "Type": "string"
+  },
+  {
+    "Name": "payload_response_name_s",
+    "Type": "string"
+  },
+  {
+    "Name": "payload_response_displayName_s",
+    "Type": "string"
+  },
+  {
+    "Name": "payload_response_apiProxyType_s",
+    "Type": "string"
+  },
+  {
+    "Name": "payload_status_message_s",
+    "Type": "string"
+  },
+  {
+    "Name": "payload_request_reportTime_s",
+    "Type": "string"
+  },
+  {
+    "Name": "insert_id_s",
+    "Type": "string"
+  },
+  {
+    "Name": "resource_type_s",
+    "Type": "string"
+  },
+  {
+    "Name": "severity_s",
+    "Type": "string"
+  },
+  {
+    "Name": "payload__type_s",
+    "Type": "string"
+  },
+  {
+    "Name": "log_name_s",
+    "Type": "string"
+  },
+  {
+    "Name": "payload_methodName_s",
+    "Type": "string"
+  },
+  {
+    "Name": "resource_labels_project_id_s",
+    "Type": "string"
+  },
+  {
+    "Name": "resource_labels_service_s",
+    "Type": "string"
+  },
+  {
+    "Name": "resource_labels_method_s",
+    "Type": "string"
+  },
+  {
+    "Name": "payload_authenticationInfo_principalEmail_s",
+    "Type": "string"
+  },
+  {
+    "Name": "payload_requestMetadata_callerIp_s",
+    "Type": "string"
+  },
+  {
+    "Name": "payload_requestMetadata_callerSuppliedUserAgent_s",
+    "Type": "string"
+  },
+  {
+    "Name": "payload_requestMetadata_requestAttributes_time_s",
+    "Type": "string"
+  },
+  {
+    "Name": "payload_serviceName_s",
+    "Type": "string"
+  },
+  {
+    "Name": "payload_authorizationInfo_s",
+    "Type": "string"
+  },
+  {
+    "Name": "payload_resourceName_s",
+    "Type": "string"
+  },
+  {
+    "Name": "payload_request_type_s",
+    "Type": "string"
+  },
+  {
+    "Name": "payload_request_instanceUid_g",
+    "Type": "string"
+  },
+  {
+    "Name": "payload_requestMetadata_requestAttributes_time_t",
+    "Type": "datetime"
+  },
+  {
+    "Name": "timestamp_t",
+    "Type": "datetime"
+  },
+  {
+    "Name": "payload_status_code_d",
+    "Type": "real"
   }
 ]
 }

Sample Data/Custom/ApigeeXV2.json

@@ -0,0 +1,52 @@
+[
+  {
+  "protoPayload": {
+    "@type": "type.googleapis.com/google.cloud.audit.AuditLog",
+    "authenticationInfo": {
+      "principalEmail": "sanitized@sanitized.com",
+      "principalSubject": "sanitized@sanitized.com"
+    },
+    "requestMetadata": {
+      "callerIp": "gce-internal-ip",
+      "callerSuppliedUserAgent": "Go-http-client/1.1,gzip(gfe)",
+      "requestAttributes": {
+        "time": "2024-12-11T18:36:57.957393509Z",
+        "auth": {}
+      },
+      "destinationAttributes": {}
+    },
+    "serviceName": "apigee.googleapis.com",
+    "methodName": "google.cloud.apigee.v1.RuntimeService.ReportInstanceStatus",
+    "authorizationInfo": [
+      {
+        "resource": "organizations/project-id/instances/eval-instance",
+        "permission": "apigee.instances.reportStatus",
+        "granted": true,
+        "resourceAttributes": {},
+        "permissionType": "ADMIN_WRITE"
+      }
+    ],
+    "resourceName": "organizations/project-id/instances/eval-instance",
+    "request": {
+      "@type": "type.googleapis.com/google.cloud.apigee.v1.ReportInstanceStatusRequest",
+      "instanceUid": "1bd146a8-523d-4f4b-bb4f-82df179d1152",
+      "instance": "organizations/project-id/instances/eval-instance",
+      "reportTime": "2024-12-11T18:36:57.910622476Z"
+    },
+    "resourceLocation": {}
+  },
+  "insertId": "y59wnoe38mgg",
+  "resource": {
+    "type": "audited_resource",
+    "labels": {
+      "project_id": "project-id",
+      "method": "google.cloud.apigee.v1.RuntimeService.ReportInstanceStatus",
+      "service": "apigee.googleapis.com"
+    }
+  },
+  "timestamp": "2024-12-11T18:36:58.766977706Z",
+  "severity": "NOTICE",
+  "logName": "projects/project-id/logs/cloudaudit.googleapis.com%2Factivity",
+  "receiveTimestamp": "2024-12-11T18:36:58.766977706Z"
+  }
+]

Solutions/Google Apigee/Data Connectors/Apigee_GCP_CCP/ApigeeXV2_Config.json

@@ -0,0 +1,27 @@
+{
+    "name": "GCPApigeeXV2CCP",
+    "apiVersion": "2022-12-01-preview",
+    "type": "Microsoft.SecurityInsights/dataConnectors",
+    "location": "{{location}}",
+    "kind": "GCP",
+    "properties": {
+        "connectorDefinitionName": "GoogleApigeeCCPDefinition",
+        "dcrConfig": {
+            "streamName": "Custom-ApigeeXV2_CL",
+            "dataCollectionEndpoint": "{{dataCollectionEndpointResourceID}}",
+            "dataCollectionRuleImmutableId": "{{dataCollectionRuleImmutableId}}"
+        },
+        "dataType": "ApigeeXV2_CL",
+        "auth": {
+            "serviceAccountEmail": "{{GCPServiceAccountEmail}}",
+            "projectNumber": "{{GCPProjectNumber}}",
+            "workloadIdentityProviderId": "{{GCPWorkloadIdentityProviderId}}"
+        },
+        "request": {
+            "projectId": "{{GCPProjectId'}}",
+            "subscriptionNames": [
+                "{{GCPSubscriptionName}}"
+            ]
+        }
+    }
+}

Solutions/Google Apigee/Data Connectors/Apigee_GCP_CCP/ApigeeXV2_DCR.json

@@ -0,0 +1,66 @@
+[
+    {
+        "type": "Microsoft.Insights/dataCollectionRules",
+        "apiVersion": "2023-03-11",
+        "name": "ApigeeXV2_CL",
+        "location": "{{location}}",
+        "properties": {
+            "dataCollectionEndpointId": "{{dataCollectionEndpointResourceId}}",
+            "streamDeclarations": {
+                "Custom-ApigeeXV2_CL": {
+                    "columns": [
+                        {
+                            "name": "protoPayload",
+                            "type": "dynamic"
+                        },
+                        {
+                            "name": "insertId",
+                            "type": "string"
+                        },
+                        {
+                            "name": "resource",
+                            "type": "dynamic"
+                        },
+                        {
+                            "name": "timestamp",
+                            "type": "datetime"
+                        },
+                        {
+                            "name": "severity",
+                            "type": "string"
+                        },
+                        {
+                            "name": "logName",
+                            "type": "string"
+                        },
+                        {
+                            "name": "receiveTimestamp",
+                            "type": "datetime"
+                        }
+                    ]
+                }
+            },
+            "dataSources": {},
+            "destinations": {
+                "logAnalytics": [
+                    {
+                        "workspaceResourceId": "[variables('logAnalyticsWorkspaceResourceId)]",
+                        "name": "SentinelWorkspace"
+                    }
+                ]
+            },
+            "dataFlows": [
+                {
+                    "streams": [
+                        "Custom-ApigeeXV2_CL"
+                    ],
+                    "destinations": [
+                        "SentinelWorkspace"
+                    ],
+                    "transformKql": "source\n| extend TimeGenerated = timestamp\n",
+                    "outputStream": "Custom-ApigeeXV2_CL"
+                }
+            ]
+        }
+    }
+]