Repackage - Cisco WSA

v-rusraut · v-rusraut · commit 91365cc9bc57 · 2024-12-19T16:30:54.000+05:30
diff --git a/Solutions/CiscoWSA/Analytic Rules/CiscoWSAAccessToUnwantedSite.yaml b/Solutions/CiscoWSA/Analytic Rules/CiscoWSAAccessToUnwantedSite.yaml
@@ -5,9 +5,6 @@ description: |
 severity: High
 status: Available
 requiredDataConnectors:
-  - connectorId: CiscoWSA
-    dataTypes:
-      - CiscoWSAEvent
   - connectorId: SyslogAma
     datatypes:
       - Syslog
@@ -30,5 +27,5 @@ entityMappings:
     fieldMappings:
       - identifier: Name
         columnName: AccountCustomEntity
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled
diff --git a/Solutions/CiscoWSA/Analytic Rules/CiscoWSADataExfiltration.yaml b/Solutions/CiscoWSA/Analytic Rules/CiscoWSADataExfiltration.yaml
@@ -5,9 +5,6 @@ description: |
 severity: High
 status: Available
 requiredDataConnectors:
-  - connectorId: CiscoWSA
-    dataTypes:
-      - CiscoWSAEvent
   - connectorId: SyslogAma
     datatypes:
       - Syslog
@@ -35,5 +32,5 @@ entityMappings:
     fieldMappings:
       - identifier: Name
         columnName: AccountCustomEntity
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled
diff --git a/Solutions/CiscoWSA/Analytic Rules/CiscoWSAMultipleErrorsToUnwantedCategory.yaml b/Solutions/CiscoWSA/Analytic Rules/CiscoWSAMultipleErrorsToUnwantedCategory.yaml
@@ -5,9 +5,6 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: CiscoWSA
-    dataTypes:
-      - CiscoWSAEvent
   - connectorId: SyslogAma
     datatypes:
       - Syslog
@@ -39,5 +36,5 @@ entityMappings:
     fieldMappings:
       - identifier: Name
         columnName: AccountCustomEntity
-version: 1.0.1
+version: 1.0.2
 kind: Scheduled
diff --git a/Solutions/CiscoWSA/Analytic Rules/CiscoWSAMultipleErrorsToUrl.yaml b/Solutions/CiscoWSA/Analytic Rules/CiscoWSAMultipleErrorsToUrl.yaml
@@ -5,9 +5,6 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: CiscoWSA
-    dataTypes:
-      - CiscoWSAEvent
   - connectorId: SyslogAma
     datatypes:
       - Syslog
@@ -35,5 +32,5 @@ entityMappings:
     fieldMappings:
       - identifier: Name
         columnName: AccountCustomEntity
-version: 1.0.1
+version: 1.0.2
 kind: Scheduled
diff --git a/Solutions/CiscoWSA/Analytic Rules/CiscoWSAMultipleInfectedFiles.yaml b/Solutions/CiscoWSA/Analytic Rules/CiscoWSAMultipleInfectedFiles.yaml
@@ -5,9 +5,6 @@ description: |
 severity: High
 status: Available
 requiredDataConnectors:
-  - connectorId: CiscoWSA
-    dataTypes:
-      - CiscoWSAEvent
   - connectorId: SyslogAma
     datatypes:
       - Syslog
@@ -35,5 +32,5 @@ entityMappings:
     fieldMappings:
       - identifier: Name
         columnName: AccountCustomEntity
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled
diff --git a/Solutions/CiscoWSA/Analytic Rules/CiscoWSAMultipleUnwantedFileTypes.yaml b/Solutions/CiscoWSA/Analytic Rules/CiscoWSAMultipleUnwantedFileTypes.yaml
@@ -5,9 +5,6 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: CiscoWSA
-    dataTypes:
-      - CiscoWSAEvent
   - connectorId: SyslogAma
     datatypes:
       - Syslog
@@ -35,5 +32,5 @@ entityMappings:
     fieldMappings:
       - identifier: Url
         columnName: UrlCustomEntity
-version: 1.0.1
+version: 1.0.2
 kind: Scheduled
diff --git a/Solutions/CiscoWSA/Analytic Rules/CiscoWSAProtocolAbuse.yaml b/Solutions/CiscoWSA/Analytic Rules/CiscoWSAProtocolAbuse.yaml
@@ -5,9 +5,6 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: CiscoWSA
-    dataTypes:
-      - CiscoWSAEvent
   - connectorId: SyslogAma
     datatypes:
       - Syslog
@@ -33,5 +30,5 @@ entityMappings:
     fieldMappings:
       - identifier: Name
         columnName: AccountCustomEntity
-version: 1.0.1
+version: 1.0.2
 kind: Scheduled
diff --git a/Solutions/CiscoWSA/Analytic Rules/CiscoWSAPublicIPSource.yaml b/Solutions/CiscoWSA/Analytic Rules/CiscoWSAPublicIPSource.yaml
@@ -5,9 +5,6 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: CiscoWSA
-    dataTypes:
-      - CiscoWSAEvent
   - connectorId: SyslogAma
     datatypes:
       - Syslog
@@ -29,5 +26,5 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: IPCustomEntity
-version: 1.0.1
+version: 1.0.2
 kind: Scheduled
diff --git a/Solutions/CiscoWSA/Analytic Rules/CiscoWSAUnexpectedFileType.yaml b/Solutions/CiscoWSA/Analytic Rules/CiscoWSAUnexpectedFileType.yaml
@@ -5,9 +5,6 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: CiscoWSA
-    dataTypes:
-      - CiscoWSAEvent
   - connectorId: SyslogAma
     datatypes:
       - Syslog
@@ -35,5 +32,5 @@ entityMappings:
     fieldMappings:
       - identifier: Name
         columnName: AccountCustomEntity
-version: 1.0.1
+version: 1.0.2
 kind: Scheduled
diff --git a/Solutions/CiscoWSA/Analytic Rules/CiscoWSAUnexpectedUrl.yaml b/Solutions/CiscoWSA/Analytic Rules/CiscoWSAUnexpectedUrl.yaml
@@ -5,9 +5,6 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: CiscoWSA
-    dataTypes:
-      - CiscoWSAEvent
   - connectorId: SyslogAma
     datatypes:
       - Syslog
@@ -33,5 +30,5 @@ entityMappings:
     fieldMappings:
       - identifier: Name
         columnName: AccountCustomEntity
-version: 1.0.1
+version: 1.0.2
 kind: Scheduled
diff --git a/Solutions/CiscoWSA/Analytic Rules/CiscoWSAUnscannableFile.yaml b/Solutions/CiscoWSA/Analytic Rules/CiscoWSAUnscannableFile.yaml
@@ -5,9 +5,6 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: CiscoWSA
-    dataTypes:
-      - CiscoWSAEvent
   - connectorId: SyslogAma
     datatypes:
       - Syslog
@@ -37,5 +34,5 @@ entityMappings:
     fieldMappings:
       - identifier: Name
         columnName: AccountCustomEntity
-version: 1.0.1
+version: 1.0.2
 kind: Scheduled
diff --git a/Solutions/CiscoWSA/Data/Solution_CiscoWSA.json b/Solutions/CiscoWSA/Data/Solution_CiscoWSA.json
@@ -2,7 +2,7 @@
 	"Name": "CiscoWSA",
 	"Author": "Microsoft - support@microsoft.com",
 	"Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/cisco-logo-72px.svg\" width=\"75px\" height=\"75px\">",
-	"Description": "The [Cisco Web Security Appliance (WSA)](https://www.cisco.com/c/en/us/products/security/web-security-appliance/index.html) solution provides the capability to ingest [Cisco WSA Access Logs](https://www.cisco.com/c/en/us/td/docs/security/wsa/wsa_14-0/User-Guide/b_WSA_UserGuide_14_0/b_WSA_UserGuide_11_7_chapter_010101.html) into Microsoft Sentinel.\n\n This solution is dependent on the Syslog solution containing the Syslog via AMA connector to collect the logs. The Syslog solution will be installed as part of this solution installation.\n\n **NOTE**: Microsoft recommends installation of Syslog via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by **Aug 31, 2024**. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).",
+	"Description": "The [Cisco Web Security Appliance (WSA)](https://www.cisco.com/c/en/us/products/security/web-security-appliance/index.html) solution provides the capability to ingest [Cisco WSA Access Logs](https://www.cisco.com/c/en/us/td/docs/security/wsa/wsa_14-0/User-Guide/b_WSA_UserGuide_14_0/b_WSA_UserGuide_11_7_chapter_010101.html) into Microsoft Sentinel.\n\n This solution is dependent on the Syslog solution containing the Syslog via AMA connector to collect the logs. The Syslog solution will be installed as part of this solution installation.\n\n **NOTE**: Microsoft recommends installation of Syslog via AMA Connector.Legacy connector uses the Log Analytics agent which were deprecated on **Aug 31, 2024.** Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).",
 	"Workbooks": [
 		"Workbooks/CiscoWSA.json"
 	],
@@ -21,9 +21,6 @@
 		"Hunting Queries/CiscoWSAUrlSuspiciousResources.yaml",
 		"Hunting Queries/CiscoWSAUrlUsersWithErrors.yaml"
 	],
-	"Data Connectors": [
-		"Data Connectors/Connector_WSA_Syslog.json"
-	],
 	"Analytic Rules": [
 		"Analytic Rules/CiscoWSAAccessToUnwantedSite.yaml",
 		"Analytic Rules/CiscoWSADataExfiltration.yaml",
diff --git a/Solutions/CiscoWSA/Hunting Queries/CiscoWSABlockedFiles.yaml b/Solutions/CiscoWSA/Hunting Queries/CiscoWSABlockedFiles.yaml
@@ -4,9 +4,6 @@ description: |
   'Query searches for blocked files.'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: CiscoWSA
-    dataTypes:
-      - CiscoWSAEvent
   - connectorId: SyslogAma
     datatypes:
       - Syslog
diff --git a/Solutions/CiscoWSA/Hunting Queries/CiscoWSARareApplications.yaml b/Solutions/CiscoWSA/Hunting Queries/CiscoWSARareApplications.yaml
@@ -4,9 +4,6 @@ description: |
   'Query searches for rare applications.'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: CiscoWSA
-    dataTypes:
-      - CiscoWSAEvent
   - connectorId: SyslogAma
     datatypes:
       - Syslog
diff --git a/Solutions/CiscoWSA/Hunting Queries/CiscoWSATopApplications.yaml b/Solutions/CiscoWSA/Hunting Queries/CiscoWSATopApplications.yaml
@@ -4,9 +4,6 @@ description: |
   'Query searches for top applications.'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: CiscoWSA
-    dataTypes:
-      - CiscoWSAEvent
   - connectorId: SyslogAma
     datatypes:
       - Syslog
diff --git a/Solutions/CiscoWSA/Hunting Queries/CiscoWSATopResources.yaml b/Solutions/CiscoWSA/Hunting Queries/CiscoWSATopResources.yaml
@@ -4,9 +4,6 @@ description: |
   'Query searches for top URLs.'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: CiscoWSA
-    dataTypes:
-      - CiscoWSAEvent
   - connectorId: SyslogAma
     datatypes:
       - Syslog
diff --git a/Solutions/CiscoWSA/Hunting Queries/CiscoWSAUncategorizedResources.yaml b/Solutions/CiscoWSA/Hunting Queries/CiscoWSAUncategorizedResources.yaml
@@ -4,9 +4,6 @@ description: |
   'Query searches for uncategorized URLs.'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: CiscoWSA
-    dataTypes:
-      - CiscoWSAEvent
   - connectorId: SyslogAma
     datatypes:
       - Syslog
diff --git a/Solutions/CiscoWSA/Hunting Queries/CiscoWSAUploadedFiles.yaml b/Solutions/CiscoWSA/Hunting Queries/CiscoWSAUploadedFiles.yaml
@@ -4,9 +4,6 @@ description: |
   'Query searches for uploaded files.'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: CiscoWSA
-    dataTypes:
-      - CiscoWSAEvent
   - connectorId: SyslogAma
     datatypes:
       - Syslog
diff --git a/Solutions/CiscoWSA/Hunting Queries/CiscoWSAUrlRareErrorUrl.yaml b/Solutions/CiscoWSA/Hunting Queries/CiscoWSAUrlRareErrorUrl.yaml
@@ -4,9 +4,6 @@ description: |
   'Query searches for rare URLs with errors.'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: CiscoWSA
-    dataTypes:
-      - CiscoWSAEvent
   - connectorId: SyslogAma
     datatypes:
       - Syslog
diff --git a/Solutions/CiscoWSA/Hunting Queries/CiscoWSAUrlShortenerLinks.yaml b/Solutions/CiscoWSA/Hunting Queries/CiscoWSAUrlShortenerLinks.yaml
@@ -4,9 +4,6 @@ description: |
   'Query searches connections to Url shorteners resources.'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: CiscoWSA
-    dataTypes:
-      - CiscoWSAEvent
   - connectorId: SyslogAma
     datatypes:
       - Syslog
diff --git a/Solutions/CiscoWSA/Hunting Queries/CiscoWSAUrlSuspiciousResources.yaml b/Solutions/CiscoWSA/Hunting Queries/CiscoWSAUrlSuspiciousResources.yaml
@@ -4,9 +4,6 @@ description: |
   'Query searches for potentially risky resources.'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: CiscoWSA
-    dataTypes:
-      - CiscoWSAEvent
   - connectorId: SyslogAma
     datatypes:
       - Syslog
diff --git a/Solutions/CiscoWSA/Hunting Queries/CiscoWSAUrlUsersWithErrors.yaml b/Solutions/CiscoWSA/Hunting Queries/CiscoWSAUrlUsersWithErrors.yaml
@@ -4,9 +4,6 @@ description: |
   'Query searches for user errors during accessing resource.'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: CiscoWSA
-    dataTypes:
-      - CiscoWSAEvent
   - connectorId: SyslogAma
     datatypes:
       - Syslog
diff --git a/Solutions/CiscoWSA/Package/3.0.2.zip b/Solutions/CiscoWSA/Package/3.0.2.zip
diff --git a/Solutions/CiscoWSA/Package/createUiDefinition.json b/Solutions/CiscoWSA/Package/createUiDefinition.json
diff --git a/Solutions/CiscoWSA/Package/mainTemplate.json b/Solutions/CiscoWSA/Package/mainTemplate.json
diff --git a/Solutions/CiscoWSA/ReleaseNotes.md b/Solutions/CiscoWSA/ReleaseNotes.md
