Merge pull request #11690 from Azure/v-rusraut/ApacheLog4j-ICM-587873612

Update UserAgentSearch_log4j.yaml

Author: v-dvedak

Solutions/Apache Log4j Vulnerability Detection/Analytic Rules/UserAgentSearch_log4j.yaml

@@ -59,7 +59,7 @@ query: |
   (AzureDiagnostics
   | where Category in ("FrontdoorWebApplicationFirewallLog", "FrontdoorAccessLog", "ApplicationGatewayFirewallLog", "ApplicationGatewayAccessLog")
   | where userAgent_s has_any (UserAgentString) or userAgent_s matches regex UARegex
-  | summarize StartTime = min(TimeGenerated), EndTime = max(TimeGenerated) by UserAgent = userAgent_s, SourceIP = column_ifexists("clientIp_s",clientIP_s), Type, column_ifexists("originalHost_s",host_s), Url = requestUri_s, HttpStatus = column_ifexists("httpStatusDetails_s",httpStatus_d), column_ifexists("transactionId_g",trackingReference_s), ruleName_s, ResourceType, ResourceId
+  | summarize StartTime = min(TimeGenerated), EndTime = max(TimeGenerated) by UserAgent = userAgent_s, SourceIP = column_ifexists("clientIp_s",clientIP_s), Type, column_ifexists("originalHost_s",host_s), Url = requestUri_s, HttpStatus = column_ifexists("httpStatusDetails_s",httpStatus_d), column_ifexists("trackingReference_s",transactionId_g), ruleName_s, ResourceType, ResourceId
   ),
   (
   W3CIISLog
@@ -97,5 +97,5 @@ entityMappings:
     fieldMappings:
       - identifier: Name
         columnName: Account
-version: 1.0.8
+version: 1.0.9
 kind: Scheduled

Solutions/Apache Log4j Vulnerability Detection/Data/Solution_Log4j.json

@@ -50,7 +50,7 @@
   ],
   "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\Apache Log4j Vulnerability Detection",
   "Metadata": "SolutionMetadata.json",
-  "Version": "3.0.5",
+  "Version": "3.0.6",
   "TemplateSpec": true,
-  "Is1Pconnector": true
+  "StaticDataConnector": true
 }