Azure
diff --git a/‎Solutions/CrowdStrike Falcon Endpoint Protection/Data Connectors/CrowdStrikeAPI_ccp/CrowdStrikeAPI_DCR.json‎
Lines changed: 12 additions & 825 deletions b/‎Solutions/CrowdStrike Falcon Endpoint Protection/Data Connectors/CrowdStrikeAPI_ccp/CrowdStrikeAPI_DCR.json‎
Lines changed: 12 additions & 825 deletions
diff --git a/‎Solutions/CrowdStrike Falcon Endpoint Protection/Data Connectors/CrowdStrikeAPI_ccp/CrowdStrikeAPI_Definition.json‎
Lines changed: 167 additions & 166 deletions b/‎Solutions/CrowdStrike Falcon Endpoint Protection/Data Connectors/CrowdStrikeAPI_ccp/CrowdStrikeAPI_Definition.json‎
Lines changed: 167 additions & 166 deletions
@@ -1,172 +1,173 @@
 {
-    "name": "CrowdStrikeAPICCPDefinition",
-    "apiVersion": "2023-04-01-preview",
-    "type": "Microsoft.SecurityInsights/dataConnectorDefinitions",
-    "location": "[parameters('workspace-location')]",
-    "kind": "Customizable",
-    "properties": {
-        "connectorUiConfig": {
-            "id": "CrowdStrikeAPICCPDefinition",
-            "title": "CrowdStrike API Data Connector (via Codeless Connector Framework) (Preview)",
-            "publisher": "Microsoft",
-            "descriptionMarkdown": "The [CrowdStrike Data Connector](https://www.crowdstrike.com/) allows ingesting logs from the CrowdStrike API into Microsoft Sentinel. This connector is built on the Microsoft Sentinel Codeless Connector Platform and uses the CrowdStrike API to fetch logs for Alerts, Detections, Hosts, Incidents, and Vulnerabilities. It supports DCR-based ingestion time transformations so that queries can run more efficiently.",
-            "graphQueriesTableName": "CrowdStrikeVulnerabilities",
-            "graphQueries": [
-                {
-                    "metricName": "Total Vulnerability logs received",
-                    "legend": "CrowdStrike Vulnerability Logs",
-                    "baseQuery": "{{graphQueriesTableName}}"
-                },
-                {
-                    "metricName": "Total Alert logs received",
-                    "legend": "CrowdStrike Alert Logs",
-                    "baseQuery": "CrowdStrikeAlerts"
-                },
-                {
-                    "metricName": "Total Incident logs received",
-                    "legend": "CrowdStrike Incident Logs",
-                    "baseQuery": "CrowdStrikeIncidents"
-                },
-                {
-                    "metricName": "Total Detection logs received",
-                    "legend": "CrowdStrike Detection Logs",
-                    "baseQuery": "CrowdStrikeDetections"
-                },
-                {
-                    "metricName": "Total Host logs received",
-                    "legend": "CrowdStrike Host Logs",
-                    "baseQuery": "CrowdStrikeHosts"
-                }
-            ],
-            "sampleQueries": [
-                {
-                    "description": "Get sample of CrowdStrike Vulnerability logs",
-                    "query": "{{graphQueriesTableName}}\n | take 10"
-                },
-                {
-                    "description": "Get sample of CrowdStrike Alert logs",
-                    "query": "CrowdStrikeAlerts\n | take 10"
-                },
-                {
-                    "description": "Get sample of CrowdStrike Incident logs",
-                    "query": "CrowdStrikeIncidents\n | take 10"
-                },
-                {
-                    "description": "Get sample of CrowdStrike Detection logs",
-                    "query": "CrowdStrikeDetections\n | take 10"
-                },
-                {
-                    "description": "Get sample of CrowdStrike Host logs",
-                    "query": "CrowdStrikeHosts\n | take 10"
-                }
-            ],
-            "dataTypes": [
-                {
-                    "name": "{{graphQueriesTableName}}",
-                    "lastDataReceivedQuery": "{{graphQueriesTableName}}\n | where TimeGenerated > ago(12h) | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)"
-                },
-                {
-                    "name": "CrowdStrikeAlerts",
-                    "lastDataReceivedQuery": "CrowdStrikeAlerts\n | where TimeGenerated > ago(12h) | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)"
-                },
-                {
-                    "name": "CrowdStrikeIncidents",
-                    "lastDataReceivedQuery": "CrowdStrikeIncidents\n | where TimeGenerated > ago(12h) | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)"
-                },
-                {
-                    "name": "CrowdStrikeDetections",
-                    "lastDataReceivedQuery": "CrowdStrikeDetections\n | where TimeGenerated > ago(12h) | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)"
-                },
-                {
-                    "name": "CrowdStrikeHosts",
-                    "lastDataReceivedQuery": "CrowdStrikeHosts\n | where TimeGenerated > ago(12h) | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)"
-                }
-            ],
-            "connectivityCriteria": [
-                {
-                    "type": "HasDataConnectors",
-                    "value": null
-                }
-            ],
-            "availability": {
-                "status": 1,
-                "isPreview": false
+  "name": "CrowdStrikeAPICCPDefinition",
+  "apiVersion": "2024-09-01",
+  "type": "Microsoft.SecurityInsights/dataConnectorDefinitions",
+  "location": "[parameters('workspace-location')]",
+  "kind": "Customizable",
+  "properties": {
+    "connectorUiConfig": {
+      "id": "CrowdStrikeAPICCPDefinition",
+      "title": "CrowdStrike API Data Connector (via Codeless Connector Framework)",
+      "publisher": "Microsoft",
+      "descriptionMarkdown": "The [CrowdStrike Data Connector](https://www.crowdstrike.com/) allows ingesting logs from the CrowdStrike API into Microsoft Sentinel. This connector is built on the Microsoft Sentinel Codeless Connector Platform and uses the CrowdStrike API to fetch logs for Alerts, Detections, Hosts, Incidents, and Vulnerabilities. It supports DCR-based ingestion time transformations so that queries can run more efficiently.",
+      "graphQueriesTableName": "CrowdStrikeVulnerabilities",
+      "graphQueries": [
+        {
+          "metricName": "Total Vulnerability logs received",
+          "legend": "CrowdStrike Vulnerability Logs",
+          "baseQuery": "{{graphQueriesTableName}}"
+        },
+        {
+          "metricName": "Total Alert logs received",
+          "legend": "CrowdStrike Alert Logs",
+          "baseQuery": "CrowdStrikeAlerts"
+        },
+        {
+          "metricName": "Total Incident logs received",
+          "legend": "CrowdStrike Incident Logs",
+          "baseQuery": "CrowdStrikeIncidents"
+        },
+        {
+          "metricName": "Total Detection logs received",
+          "legend": "CrowdStrike Detection Logs",
+          "baseQuery": "CrowdStrikeDetections"
+        },
+        {
+          "metricName": "Total Host logs received",
+          "legend": "CrowdStrike Host Logs",
+          "baseQuery": "CrowdStrikeHosts"
+        }
+      ],
+      "sampleQueries": [
+        {
+          "description": "Get sample of CrowdStrike Vulnerability logs",
+          "query": "{{graphQueriesTableName}}\n | take 10"
+        },
+        {
+          "description": "Get sample of CrowdStrike Alert logs",
+          "query": "CrowdStrikeAlerts\n | take 10"
+        },
+        {
+          "description": "Get sample of CrowdStrike Incident logs",
+          "query": "CrowdStrikeIncidents\n | take 10"
+        },
+        {
+          "description": "Get sample of CrowdStrike Detection logs",
+          "query": "CrowdStrikeDetections\n | take 10"
+        },
+        {
+          "description": "Get sample of CrowdStrike Host logs",
+          "query": "CrowdStrikeHosts\n | take 10"
+        }
+      ],
+      "dataTypes": [
+        {
+          "name": "{{graphQueriesTableName}}",
+          "lastDataReceivedQuery": "{{graphQueriesTableName}}\n | where TimeGenerated > ago(12h) | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)"
+        },
+        {
+          "name": "CrowdStrikeAlerts",
+          "lastDataReceivedQuery": "CrowdStrikeAlerts\n | where TimeGenerated > ago(12h) | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)"
+        },
+        {
+          "name": "CrowdStrikeIncidents",
+          "lastDataReceivedQuery": "CrowdStrikeIncidents\n | where TimeGenerated > ago(12h) | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)"
+        },
+        {
+          "name": "CrowdStrikeDetections",
+          "lastDataReceivedQuery": "CrowdStrikeDetections\n | where TimeGenerated > ago(12h) | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)"
+        },
+        {
+          "name": "CrowdStrikeHosts",
+          "lastDataReceivedQuery": "CrowdStrikeHosts\n | where TimeGenerated > ago(12h) | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)"
+        }
+      ],
+      "connectivityCriteria": [
+        {
+          "type": "HasDataConnectors"
+        }
+      ],
+      "availability": {
+        "isPreview": true,
+        "status": 1
+      },
+      "permissions": {
+        "resourceProvider": [
+          {
+            "provider": "Microsoft.OperationalInsights/workspaces",
+            "permissionsDisplayText": "Read and Write permissions are required.",
+            "providerDisplayName": "Workspace",
+            "scope": "Workspace",
+            "requiredPermissions": {
+              "write": true,
+              "read": true,
+              "delete": true
+            }
+          }
+        ]
+      },
+      "instructionSteps": [
+        {
+          "title": "Configuration steps for the CrowdStrike API",
+          "description": "Follow the instructions below to obtain your CrowdStrike API credentials.",
+          "instructions": [
+            {
+              "type": "Markdown",
+              "parameters": {
+                "content": "#### Configuration steps for the CrowdStrike API\nFollow the instructions below to obtain your CrowdStrike API credentials."
+              }
+            },
+            {
+              "type": "Markdown",
+              "parameters": {
+                "content": "#### 1. Retrieve API URL\nLog in to your CrowdStrike Console and navigate to the API section to copy your Base API URL."
+              }
+            },
+            {
+              "type": "Markdown",
+              "parameters": {
+                "content": "#### 2. Retrieve Client Credentials\nObtain your Client ID and Client Secret from the API credentials section in your CrowdStrike account."
+              }
+            },
+            {
+              "type": "Textbox",
+              "parameters": {
+                "label": "Base API URL",
+                "placeholder": "https://api.us-2.crowdstrike.com",
+                "type": "text",
+                "name": "apiUrl"
+              }
+            },
+            {
+              "type": "Textbox",
+              "parameters": {
+                "label": "Client ID",
+                "placeholder": "Your Client ID",
+                "type": "text",
+                "name": "clientId"
+              }
             },
-            "permissions": {
-                "resourceProvider": [
-                    {
-                        "provider": "Microsoft.OperationalInsights/workspaces",
-                        "permissionsDisplayText": "Read and Write permissions are required.",
-                        "providerDisplayName": "Workspace",
-                        "scope": "Workspace",
-                        "requiredPermissions": {
-                            "read": true,
-                            "write": true,
-                            "delete": true,
-                            "action": false
-                        }
-                    }
-                ]
+            {
+              "type": "Textbox",
+              "parameters": {
+                "label": "Client Secret",
+                "placeholder": "Your Client Secret",
+                "type": "password",
+                "name": "clientSecret"
+              }
             },
-            "instructionSteps": [
-                {
-                    "instructions": [
-                        {
-                            "type": "Markdown",
-                            "parameters": {
-                                "content": "#### Configuration steps for the CrowdStrike API\nFollow the instructions below to obtain your CrowdStrike API credentials."
-                            }
-                        },
-                        {
-                            "type": "Markdown",
-                            "parameters": {
-                                "content": "#### 1. Retrieve API URL\nLog in to your CrowdStrike Console and navigate to the API section to copy your Base API URL."
-                            }
-                        },
-                        {
-                            "type": "Markdown",
-                            "parameters": {
-                                "content": "#### 2. Retrieve Client Credentials\nObtain your Client ID and Client Secret from the API credentials section in your CrowdStrike account."
-                            }
-                        },
-                        {
-                            "parameters": {
-                                "label": "Base API URL",
-                                "placeholder": "https://api.us-2.crowdstrike.com",
-                                "type": "text",
-                                "name": "apiUrl"
-                            },
-                            "type": "Textbox"
-                        },
-                        {
-                            "parameters": {
-                                "label": "Client ID",
-                                "placeholder": "Your Client ID",
-                                "type": "text",
-                                "name": "clientId"
-                            },
-                            "type": "Textbox"
-                        },
-                        {
-                            "type": "Textbox",
-                            "parameters": {
-                                "label": "Client Secret",
-                                "placeholder": "Your Client Secret",
-                                "type": "password",
-                                "name": "clientSecret"
-                            }
-                        },
-                        {
-                            "parameters": {
-                                "label": "toggle",
-                                "name": "toggle"
-                            },
-                            "type": "ConnectionToggleButton"
-                        }
-                    ]
-                }
-            ],
-            "isConnectivityCriteriasMatchSome": false
+            {
+              "type": "ConnectionToggleButton",
+              "parameters": {
+                "connectLabel": "Connect",
+                "disconnectLabel": "Disconnect",
+                "name": "toggle"
+              }
+            }
+          ]
         }
+      ],
+      "isConnectivityCriteriasMatchSome": false
     }
+  }
 }