Azure
diff --git a/‎Solutions/GoogleCloudPlatformIAM/Data Connectors/GCPIAMLog_CCP/GCPIAMLog_ConnectorDefinition.json‎
Lines changed: 105 additions & 105 deletions b/‎Solutions/GoogleCloudPlatformIAM/Data Connectors/GCPIAMLog_CCP/GCPIAMLog_ConnectorDefinition.json‎
Lines changed: 105 additions & 105 deletions
@@ -1,111 +1,111 @@
 {
-  "name": "GCPIAMCCPDefinition",
-  "apiVersion": "2022-09-01-preview",
-  "type": "Microsoft.SecurityInsights/dataConnectorDefinitions",
-  "location": "{{location}}",
-  "kind": "Customizable",
-  "properties": {
-    "connectorUiConfig": {
-      "id": "GCPIAMCCPDefinition",
-      "title": "Google Cloud Platform IAM (via Codeless Connector Platform) (Preview)",
-      "publisher": "Microsoft",
-      "descriptionMarkdown": "The Google Cloud Platform IAM data connector provides the capability to ingest the Audit logs relating to Identity and Access Management (IAM) activities within Google Cloud into Microsoft Sentinel using the Google IAM API. Refer to [GCP IAM API](https://cloud.google.com/iam/docs/reference/rest) documentation for more information.",
-      "graphQueriesTableName": "GCP_IAMV2_CL",
-      "graphQueries": [
-        {
-          "metricName": "Total incident logs received",
-          "legend": "GCP IAM logs",
-          "baseQuery": "{{graphQueriesTableName}}"
-        }
-      ],
-      "sampleQueries": [
-        {
-          "description": "Get sample of GcpIAM logs",
-          "query": "{{graphQueriesTableName}}\n| take 10"
-        }
-      ],
-      "dataTypes": [
-        {
-          "name": "{{graphQueriesTableName}}",
-          "lastDataReceivedQuery": "{{graphQueriesTableName}}\n | summarize Time = max(TimeGenerated)\n  | where isnotempty(Time)"
-        }
-      ],
-      "connectivityCriteria": [
-        {
-          "type": "HasDataConnectors"
-        }
-      ],
-      "availability": {
-        "status": 1,
-        "isPreview": false
-      },
-      "permissions": {
-        "resourceProvider": [
-          {
-            "provider": "Microsoft.OperationalInsights/workspaces",
-            "permissionsDisplayText": "Read and Write permissions are required.",
-            "providerDisplayName": "Workspace",
-            "scope": "Workspace",
-            "requiredPermissions": {
-              "read": true,
-              "write": true,
-              "delete": true,
-              "action": false
-            }
-          }
-        ]
-      },
-      "instructionSteps": [
-        {
-          "instructions": [
-            {
-              "type": "Markdown",
-              "parameters": {
-                "content": ">**NOTE:** If both Azure Function and CCP connector are running parallelly, duplicate data is populated in the tables."
-              }
-            },
-            {
-              "type": "MarkdownControlEnvBased",
-              "parameters": {
-                "prodScript": "#### 1. Setup the GCP environment \n Ensure to have the following resources from the GCP Console:\n Project ID, Project Name, GCP Subscription name for the project, Workload Identity Pool ID, Workspace Identity Provider ID, and a Service Account to establish the connection.\n For more information, refer the [Connector tutorial](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/GoogleCloudPlatformIAM/Data%20Connectors/README.md) for log setup and authentication setup tutorial.\n Log set up script: [Click Here](https://github.com/Azure/Azure-Sentinel/tree/master/DataConnectors/GCP/Terraform/sentinel_resources_creation/GCPIAMCCPLogsSetup)\nAuthentication set up script: [Click here](https://github.com/Azure/Azure-Sentinel/tree/master/DataConnectors/GCP/Terraform/sentinel_resources_creation/GCPInitialAuthenticationSetup)",
-                "govScript": "#### 1. Setup the GCP environment \n Ensure to have the following resources from the GCP Console:\n Project ID, Project Name, GCP Subscription name for the project, Workload Identity Pool ID, Workspace Identity Provider ID, and a Service Account to establish the connection.\n For more information, refer the [Connector tutorial](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/GoogleCloudPlatformIAM/Data%20Connectors/README.md) for log setup and authentication setup tutorial.\n Log set up script: [Click Here](https://github.com/Azure/Azure-Sentinel/tree/master/DataConnectors/GCP/Terraform/sentinel_resources_creation_gov/GCPIAMCCPLogsSetup)\nAuthentication set up script: [Click here](https://github.com/Azure/Azure-Sentinel/tree/master/DataConnectors/GCP/Terraform/sentinel_resources_creation_gov/GCPInitialAuthenticationSetupGov)"
-              }
-            },
-            {
-              "type": "CopyableLabel",
-              "parameters": {
-                "label": "Tenant ID: A unique identifier that is used as an input in the Terraform configuration within a GCP environment.",
-                "fillWith": [
-                  "TenantId"
-                ],
-                "name": "TenantId",
-                "disabled": true
-              }
-            },
-            {
-              "type": "Markdown",
-              "parameters": {
-                "content": "#### 2. To enable IAM logs \n In your GCP account, navigate to the IAM section. From there, you can either create a new user or modify an existing user's role that you want to monitor. Be sure to save your changes..\n\nFor more information: [Link to documentation](https://cloud.google.com/assured-workloads/docs/iam-roles?hl=en)"
-              }
-            },
-            {
-              "type": "Markdown",
-              "parameters": {
-                "content": "#### 3. Connect new collectors \n To enable GCPIAM Logs for Microsoft Sentinel, click the Add new collector button, fill the required information in the context pane and click on Connect."
-              }
+    "name": "GCPIAMCCPDefinition",
+    "apiVersion": "2022-09-01-preview",
+    "type": "Microsoft.SecurityInsights/dataConnectorDefinitions",
+    "location": "{{location}}",
+    "kind": "Customizable",
+    "properties": {
+        "connectorUiConfig": {
+            "id": "GCPIAMCCPDefinition",
+            "title": "Google Cloud Platform IAM (via Codeless Connector Framework) (Preview)",
+            "publisher": "Microsoft",
+            "descriptionMarkdown": "The Google Cloud Platform IAM data connector provides the capability to ingest the Audit logs relating to Identity and Access Management (IAM) activities within Google Cloud into Microsoft Sentinel using the Google IAM API. Refer to [GCP IAM API](https://cloud.google.com/iam/docs/reference/rest) documentation for more information.",
+            "graphQueriesTableName": "GCPIAM",
+            "graphQueries": [
+                {
+                    "metricName": "Total incident logs received",
+                    "legend": "GCP IAM logs",
+                    "baseQuery": "{{graphQueriesTableName}}"
+                }
+            ],
+            "sampleQueries": [
+                {
+                    "description": "Get sample of GcpIAM logs",
+                    "query": "{{graphQueriesTableName}}\n| take 10"
+                }
+            ],
+            "dataTypes": [
+                {
+                    "name": "{{graphQueriesTableName}}",
+                    "lastDataReceivedQuery": "{{graphQueriesTableName}}\n | summarize Time = max(TimeGenerated)\n  | where isnotempty(Time)"
+                }
+            ],
+            "connectivityCriteria": [
+                {
+                    "type": "HasDataConnectors"
+                }
+            ],
+            "availability": {
+                "status": 1,
+                "isPreview": false
             },
-            {
-              "type": "GCPGrid",
-              "parameters": {}
+            "permissions": {
+                "resourceProvider": [
+                    {
+                        "provider": "Microsoft.OperationalInsights/workspaces",
+                        "permissionsDisplayText": "Read and Write permissions are required.",
+                        "providerDisplayName": "Workspace",
+                        "scope": "Workspace",
+                        "requiredPermissions": {
+                            "read": true,
+                            "write": true,
+                            "delete": true,
+                            "action": false
+                        }
+                    }
+                ]
             },
-            {
-              "type": "GCPContextPane",
-              "parameters": {}
-            }
-          ],
-          "title": "Connect GCP IAM to Microsoft Sentinel"
+            "instructionSteps": [
+                {
+                    "instructions": [
+                        {
+                            "type": "Markdown",
+                            "parameters": {
+                                "content": ">**NOTE:** If both Azure Function and CCP connector are running parallelly, duplicate data is populated in the tables."
+                            }
+                        },
+                        {
+                            "type": "MarkdownControlEnvBased",
+                            "parameters": {
+                                "prodScript": "#### 1. Setup the GCP environment \n Ensure to have the following resources from the GCP Console:\n Project ID, Project Name, GCP Subscription name for the project, Workload Identity Pool ID, Workspace Identity Provider ID, and a Service Account to establish the connection.\n For more information, refer the [Connector tutorial](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/GoogleCloudPlatformIAM/Data%20Connectors/README.md) for log setup and authentication setup tutorial.\n Log set up script: [Click Here](https://github.com/Azure/Azure-Sentinel/tree/master/DataConnectors/GCP/Terraform/sentinel_resources_creation/GCPIAMCCPLogsSetup)\nAuthentication set up script: [Click here](https://github.com/Azure/Azure-Sentinel/tree/master/DataConnectors/GCP/Terraform/sentinel_resources_creation/GCPInitialAuthenticationSetup)",
+                                "govScript": "#### 1. Setup the GCP environment \n Ensure to have the following resources from the GCP Console:\n Project ID, Project Name, GCP Subscription name for the project, Workload Identity Pool ID, Workspace Identity Provider ID, and a Service Account to establish the connection.\n For more information, refer the [Connector tutorial](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/GoogleCloudPlatformIAM/Data%20Connectors/README.md) for log setup and authentication setup tutorial.\n Log set up script: [Click Here](https://github.com/Azure/Azure-Sentinel/tree/master/DataConnectors/GCP/Terraform/sentinel_resources_creation_gov/GCPIAMCCPLogsSetup)\nAuthentication set up script: [Click here](https://github.com/Azure/Azure-Sentinel/tree/master/DataConnectors/GCP/Terraform/sentinel_resources_creation_gov/GCPInitialAuthenticationSetupGov)"
+                            }
+                        },
+                        {
+                            "type": "CopyableLabel",
+                            "parameters": {
+                                "label": "Tenant ID: A unique identifier that is used as an input in the Terraform configuration within a GCP environment.",
+                                "fillWith": [
+                                    "TenantId"
+                                ],
+                                "name": "TenantId",
+                                "disabled": true
+                            }
+                        },
+                        {
+                            "type": "Markdown",
+                            "parameters": {
+                                "content": "#### 2. To enable IAM logs \n In your GCP account, navigate to the IAM section. From there, you can either create a new user or modify an existing user's role that you want to monitor. Be sure to save your changes..\n\nFor more information: [Link to documentation](https://cloud.google.com/assured-workloads/docs/iam-roles?hl=en)"
+                            }
+                        },
+                        {
+                            "type": "Markdown",
+                            "parameters": {
+                                "content": "#### 3. Connect new collectors \n To enable GCPIAM Logs for Microsoft Sentinel, click the Add new collector button, fill the required information in the context pane and click on Connect."
+                            }
+                        },
+                        {
+                            "type": "GCPGrid",
+                            "parameters": {}
+                        },
+                        {
+                            "type": "GCPContextPane",
+                            "parameters": {}
+                        }
+                    ],
+                    "title": "Connect GCP IAM to Microsoft Sentinel"
+                }
+            ]
         }
-      ]
     }
-  }
 }