Merge pull request #11628 from Azure/v-rusraut/InfobloxCloud,InfobloxSOC-DCRemove

Repackaged - Infoblox Cloud Data Connector

Author: v-atulyadav

Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-DataExfiltrationAttack.yaml

@@ -5,12 +5,6 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: InfobloxCloudDataConnector
-    dataTypes: 
-      - CommonSecurityLog (InfobloxCDC)
-  - connectorId: InfobloxCloudDataConnectorAma
-    dataTypes: 
-      - CommonSecurityLog (InfobloxCDC)
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
@@ -68,5 +62,5 @@ incidentConfiguration:
     reopenClosedIncident: true
     lookbackDuration: 7d
     matchingMethod: AllEntities
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled

Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-HighThreatLevelQueryNotBlockedDetected.yaml

@@ -5,12 +5,6 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: InfobloxCloudDataConnector
-    dataTypes: 
-      - CommonSecurityLog (InfobloxCDC)
-  - connectorId: InfobloxCloudDataConnectorAma
-    dataTypes: 
-      - CommonSecurityLog (InfobloxCDC)
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
@@ -69,5 +63,5 @@ eventGroupingSettings:
   aggregationKind: SingleAlert
 incidentConfiguration:
   createIncident: true
-version: 1.0.3
+version: 1.0.4
 kind: Scheduled

Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-ManyHighThreatLevelQueriesFromSingleHostDetected.yaml

@@ -5,12 +5,6 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: InfobloxCloudDataConnector
-    dataTypes: 
-      - CommonSecurityLog (InfobloxCDC)
-  - connectorId: InfobloxCloudDataConnectorAma
-    dataTypes: 
-      - CommonSecurityLog (InfobloxCDC)
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
@@ -53,5 +47,5 @@ eventGroupingSettings:
   aggregationKind: SingleAlert
 incidentConfiguration:
   createIncident: true
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled

Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-ManyHighThreatLevelSingleQueryDetected.yaml

@@ -5,12 +5,6 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: InfobloxCloudDataConnector
-    dataTypes: 
-      - CommonSecurityLog (InfobloxCDC)
-  - connectorId: InfobloxCloudDataConnectorAma
-    dataTypes: 
-      - CommonSecurityLog (InfobloxCDC)
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
@@ -53,5 +47,5 @@ eventGroupingSettings:
   aggregationKind: SingleAlert
 incidentConfiguration:
   createIncident: true
-version: 1.0.3
+version: 1.0.4
 kind: Scheduled

Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-ManyNXDOMAINDNSResponsesDetected.yaml

@@ -5,12 +5,6 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: InfobloxCloudDataConnector
-    dataTypes: 
-      - CommonSecurityLog (InfobloxCDC)
-  - connectorId: InfobloxCloudDataConnectorAma
-    dataTypes: 
-      - CommonSecurityLog (InfobloxCDC)
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
@@ -53,5 +47,5 @@ eventGroupingSettings:
   aggregationKind: SingleAlert
 incidentConfiguration:
   createIncident: true
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled

Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-TI-CommonSecurityLogMatchFound-MalwareC2.yaml

@@ -5,18 +5,9 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: CEF
-    dataTypes: 
-      - CommonSecurityLog
   - connectorId: ThreatIntelligence
     dataTypes: 
       - ThreatIntelligenceIndicator
-  - connectorId: InfobloxCloudDataConnectorAma
-    dataTypes: 
-      - CommonSecurityLog (InfobloxCDC)
-  - connectorId: InfobloxCloudDataConnector
-    dataTypes: 
-      - CommonSecurityLog (InfobloxCDC)
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
@@ -72,5 +63,5 @@ eventGroupingSettings:
   aggregationKind: SingleAlert
 incidentConfiguration:
   createIncident: true
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled

Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-TI-InfobloxCDCMatchFound-LookalikeDomains.yaml

@@ -5,15 +5,9 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: InfobloxCloudDataConnector
-    dataTypes: 
-      - CommonSecurityLog (InfobloxCDC)
   - connectorId: ThreatIntelligence
     dataTypes: 
       - ThreatIntelligenceIndicator
-  - connectorId: InfobloxCloudDataConnectorAma
-    dataTypes: 
-      - CommonSecurityLog (InfobloxCDC)
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
@@ -81,5 +75,5 @@ eventGroupingSettings:
   aggregationKind: SingleAlert
 incidentConfiguration:
   createIncident: true
-version: 1.0.3
+version: 1.0.4
 kind: Scheduled

Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-TI-SyslogMatchFound-URL.yaml

@@ -11,12 +11,6 @@ requiredDataConnectors:
   - connectorId: ThreatIntelligence
     dataTypes: 
       - ThreatIntelligenceIndicator
-  - connectorId: InfobloxCloudDataConnectorAma
-    dataTypes: 
-      - CommonSecurityLog (InfobloxCDC)
-  - connectorId: InfobloxCloudDataConnector
-    dataTypes: 
-      - CommonSecurityLog (InfobloxCDC)
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
@@ -71,5 +65,5 @@ eventGroupingSettings:
   aggregationKind: SingleAlert
 incidentConfiguration:
   createIncident: true
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled

Solutions/Infoblox Cloud Data Connector/Data/Solution_Infoblox.json

@@ -2,7 +2,7 @@
     "Name": "Infoblox Cloud Data Connector",
     "Author": "Microsoft - [email protected]",
     "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/infoblox_logo.svg\" width=\"75px\" height=\"75px\">",
-    "Description": "The [Infoblox](https://www.infoblox.com/) Cloud solution allows you to easily connect your Infoblox BloxOne data with Microsoft Sentinel. By connecting your logs to Microsoft Sentinel, you can take advantage of search & correlation, alerting, and threat intelligence enrichment for each log.\n\n This solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.\n\n**NOTE:** Microsoft recommends installation of CEF via AMA Connector. The existing connectors are about to be deprecated by **Aug 31, 2024.**",
+    "Description": "The [Infoblox](https://www.infoblox.com/) Cloud solution allows you to easily connect your Infoblox BloxOne data with Microsoft Sentinel. By connecting your logs to Microsoft Sentinel, you can take advantage of search & correlation, alerting, and threat intelligence enrichment for each log.\n\n This solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.\n\n**NOTE:** Microsoft recommends installation of CEF via AMA Connector. The existing connectors were deprecated on **Aug 31, 2024.**",
     "Workbooks": [
         "Workbooks/InfobloxCDCB1TDWorkbook.json"
     ],
@@ -16,10 +16,6 @@
         "Analytic Rules/Infoblox-TI-InfobloxCDCMatchFound-LookalikeDomains.yaml",
         "Analytic Rules/Infoblox-TI-SyslogMatchFound-URL.yaml"
     ],
-    "Data Connectors": [
-        "Data Connectors/InfobloxCloudDataConnector.json",
-		"Data Connectors/template_InfobloxCloudDataConnectorAMA.json"
-    ],
     "Parsers": [
         "Parsers/InfobloxCDC.yaml"
     ],