Skip to content

Commit 7a85fc3

Browse files
v-atulyadavv-atulyadav
authored
Merge pull request #12898 from Prasanna92Sekar/cloudflare-ccf-solution
Add Cloudflare CCF connector solution
2 parents ed00966 + 4002d95 commit 7a85fc3

File tree

11 files changed

+9145
-0
lines changed

11 files changed

+9145
-0
lines changed

Solutions/Cloudflare CCF/Data Connectors/CloudflareLog_CCF/CloudflareLog_ConnectorDefinition.json

Lines changed: 155 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,155 @@
1+
{
2+
"name": "CloudflareDefinition",
3+
"apiVersion": "2022-09-01-preview",
4+
"type": "Microsoft.SecurityInsights/dataConnectorDefinitions",
5+
"location": "{{location}}",
6+
"kind": "Customizable",
7+
"properties": {
8+
"connectorUiConfig": {
9+
"id": "CloudflareDefinition",
10+
"title": "Cloudflare (Using Blob Container) (via Codeless Connector Framework)",
11+
"publisher": "Microsoft",
12+
"descriptionMarkdown": " The Cloudflare data connector provides the capability to ingest Cloudflare logs into Microsoft Sentinel using the Cloudflare Logpush and Azure Blob Storage. Refer to [Cloudflare documentation](https://developers.cloudflare.com/logs/about/)for more information.",
13+
"graphQueriesTableName": "CloudflareV2_CL",
14+
"graphQueries": [
15+
{
16+
"metricName": "Total events received",
17+
"legend": "Cloudflare logs",
18+
"baseQuery": "{{graphQueriesTableName}}"
19+
}
20+
],
21+
"sampleQueries": [
22+
{
23+
"description": "Cloudflare Logs",
24+
"query": "{{graphQueriesTableName}}\n | take 10"
25+
}
26+
],
27+
"dataTypes": [
28+
{
29+
"name": "{{graphQueriesTableName}}",
30+
"lastDataReceivedQuery": "{{graphQueriesTableName}}\n|summarize Time = max(TimeGenerated)\n|where isnotempty(Time)"
31+
}
32+
],
33+
"connectivityCriteria": [
34+
{
35+
"type": "HasDataConnectors"
36+
}
37+
],
38+
"availability": {
39+
"status": 1,
40+
"isPreview": false
41+
},
42+
"permissions": {
43+
"resourceProvider": [
44+
{
45+
"provider": "Microsoft.OperationalInsights/workspaces",
46+
"permissionsDisplayText": "Read and Write permissions are required.",
47+
"providerDisplayName": "Workspace",
48+
"scope": "Workspace",
49+
"requiredPermissions": {
50+
"read": true,
51+
"write": true,
52+
"delete": true,
53+
"action": false
54+
}
55+
}
56+
],
57+
"customs": [
58+
{
59+
"name": "Create a storage account and a container",
60+
"description": "Before setting up logpush in Cloudflare, first create a storage account and a container in Microsoft Azure. Use [this guide](https://learn.microsoft.com/en-us/azure/storage/blobs/storage-blobs-introduction) to know more about Container and Blob. Follow the steps in the [documentation](https://learn.microsoft.com/en-us/azure/storage/common/storage-account-create?tabs=azure-portal) to create an Azure Storage account."
61+
},
62+
{
63+
"name": "Generate a Blob SAS URL",
64+
"description": "Create and Write permissions are required. Refer the [documentation](https://learn.microsoft.com/en-us/azure/ai-services/translator/document-translation/how-to-guides/create-sas-tokens?tabs=Containers) to know more about Blob SAS token and url."
65+
},
66+
{
67+
"name": "Collecting logs from Cloudflare to your Blob container",
68+
"description": "Follow the steps in the [documentation](https://developers.cloudflare.com/logs/get-started/enable-destinations/azure/) for collecting logs from Cloudflare to your Blob container."
69+
}
70+
]
71+
},
72+
"instructionSteps": [
73+
{
74+
"title": "Connect Cloudflare Logs to Microsoft Sentinel",
75+
"description": "To enable Cloudflare logs for Microsoft Sentinel, provide the required information below and click on Connect.\n>",
76+
"instructions": [
77+
{
78+
"parameters": {
79+
"tenantId": "[subscription().tenantId]",
80+
"name": "principalId",
81+
"appId": "4f05ce56-95b6-4612-9d98-a45c8cc33f9f"
82+
},
83+
"type": "ServicePrincipalIDTextBox_test"
84+
},
85+
{
86+
"parameters": {
87+
"label": "The Blob container's URL you want to collect data from",
88+
"type": "text",
89+
"name": "blobContainerUri",
90+
"validations": {
91+
"required": true
92+
}
93+
},
94+
"type": "Textbox"
95+
},
96+
{
97+
"parameters": {
98+
"label": "The Blob container's storage account resource group name",
99+
"type": "text",
100+
"name": "StorageAccountResourceGroupName",
101+
"validations": {
102+
"required": true
103+
}
104+
},
105+
"type": "Textbox"
106+
},
107+
{
108+
"parameters": {
109+
"label": "The Blob container's storage account location",
110+
"type": "text",
111+
"name": "StorageAccountLocation",
112+
"validations": {
113+
"required": true
114+
}
115+
},
116+
"type": "Textbox"
117+
},
118+
{
119+
"parameters": {
120+
"label": "The Blob container's storage account subscription id",
121+
"type": "text",
122+
"name": "StorageAccountSubscription",
123+
"validations": {
124+
"required": true
125+
}
126+
},
127+
"type": "Textbox"
128+
},
129+
{
130+
"parameters": {
131+
"label": "The event grid topic name of the blob container's storage account if exist. else keep empty.",
132+
"description": "The data flow using event grid to send 'blob-created event' notifications. There could be only one event grid topic for each storage account.\nGo to your blob container's storage account and look in the 'Events' section. If you already have a topic, please provide it's name. Else, keep the text box empty.",
133+
"type": "text",
134+
"name": "EGSystemTopicName",
135+
"validations": {
136+
"required": false
137+
}
138+
},
139+
"type": "Textbox"
140+
},
141+
{
142+
"parameters": {
143+
"label": "toggle",
144+
"name": "toggle"
145+
},
146+
"type": "ConnectionToggleButton"
147+
}
148+
]
149+
}
150+
],
151+
"isConnectivityCriteriasMatchSome": false
152+
}
153+
},
154+
"dependsOn": null
155+
}

0 commit comments

Comments
 (0)