|
6 | 6 | "config": { |
7 | 7 | "isWizard": false, |
8 | 8 | "basics": { |
9 | | - "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/PaloAlto-PAN-OS/logo/Palo-alto-logo.png\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/PaloAlto-PAN-OS/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Palo Alto Networks (Firewall)](https://www.paloaltonetworks.com/network-security/next-generation-firewall) Solution for Microsoft Sentinel allows you to easily connect your Palo Alto Networks Firewall logs with Microsoft Sentinel, to view dashboards, create custom alerts, and improve investigation. This gives you more insight into your organization's network and improves your security operation capabilities. This solution also contains playbooks to help in automated remediation.\n\nThis solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.\n\n**NOTE:** Microsoft recommends installation of CEF via AMA Connector. The existing connectors are about to be deprecated by **Aug 31, 2024**.\n\n**Data Connectors:** 2, **Workbooks:** 2, **Analytic Rules:** 4, **Hunting Queries:** 2, **Custom Azure Logic Apps Connectors:** 2, **Playbooks:** 7\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)", |
| 9 | + "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/PaloAlto-PAN-OS/logo/Palo-alto-logo.png\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/PaloAlto-PAN-OS/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Palo Alto Networks (Firewall)](https://www.paloaltonetworks.com/network-security/next-generation-firewall) Solution for Microsoft Sentinel allows you to easily connect your Palo Alto Networks Firewall logs with Microsoft Sentinel, to view dashboards, create custom alerts, and improve investigation. This gives you more insight into your organization's network and improves your security operation capabilities. This solution also contains playbooks to help in automated remediation.\n\nThis solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.\n\n**NOTE:** Microsoft recommends installation of CEF via AMA Connector. The existing connectors are about to be deprecated by **Aug 31, 2024**.\n\n**Data Connector:** 1,**Workbooks:** 2, **Analytic Rules:** 4, **Hunting Queries:** 2, **Custom Azure Logic Apps Connectors:** 2, **Playbooks:** 7\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)", |
10 | 10 | "subscription": { |
11 | 11 | "resourceProviders": [ |
12 | 12 | "Microsoft.OperationsManagement/solutions", |
|
51 | 51 | } |
52 | 52 | ], |
53 | 53 | "steps": [ |
54 | | - { |
55 | | - "name": "dataconnectors", |
56 | | - "label": "Data Connectors", |
57 | | - "bladeTitle": "Data Connectors", |
58 | | - "elements": [ |
59 | | - { |
60 | | - "name": "dataconnectors1-text", |
61 | | - "type": "Microsoft.Common.TextBlock", |
62 | | - "options": { |
63 | | - "text": "This Solution installs the data connector for PaloAlto-PAN-OS. You can get PaloAlto-PAN-OS CommonSecurityLog data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view." |
64 | | - } |
65 | | - }, |
66 | | - { |
67 | | - "name": "dataconnectors-link2", |
68 | | - "type": "Microsoft.Common.TextBlock", |
69 | | - "options": { |
70 | | - "link": { |
71 | | - "label": "Learn more about connecting data sources", |
72 | | - "uri": "https://docs.microsoft.com/azure/sentinel/connect-data-sources" |
73 | | - } |
74 | | - } |
75 | | - } |
76 | | - ] |
77 | | - }, |
78 | 54 | { |
79 | 55 | "name": "workbooks", |
80 | 56 | "label": "Workbooks", |
|
246 | 222 | "name": "huntingquery1-text", |
247 | 223 | "type": "Microsoft.Common.TextBlock", |
248 | 224 | "options": { |
249 | | - "text": "Identifies network connections whose ports are frequent targets of attacks and should not cross network boundaries or reach untrusted public networks.\nConsider updating the firewall policies to block the connections. This hunting query depends on PaloAltoNetworks PaloAltoNetworksAma CefAma data connector (CommonSecurityLog CommonSecurityLog CommonSecurityLog Parser or Table)" |
| 225 | + "text": "Identifies network connections whose ports are frequent targets of attacks and should not cross network boundaries or reach untrusted public networks.\nConsider updating the firewall policies to block the connections. This hunting query depends on CefAma data connector (CommonSecurityLog Parser or Table)" |
250 | 226 | } |
251 | 227 | } |
252 | 228 | ] |
|
260 | 236 | "name": "huntingquery2-text", |
261 | 237 | "type": "Microsoft.Common.TextBlock", |
262 | 238 | "options": { |
263 | | - "text": "Identifies beaconing patterns from PAN traffic logs based on recurrent timedelta patterns.\n Reference Blog:https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/detect-network-beaconing-via-intra-request-time-delta-patterns/ba-p/779586 This hunting query depends on PaloAltoNetworks PaloAltoNetworksAma CefAma data connector (CommonSecurityLog CommonSecurityLog CommonSecurityLog Parser or Table)" |
| 239 | + "text": "Identifies beaconing patterns from PAN traffic logs based on recurrent timedelta patterns.\n Reference Blog:https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/detect-network-beaconing-via-intra-request-time-delta-patterns/ba-p/779586 This hunting query depends on CefAma data connector (CommonSecurityLog Parser or Table)" |
264 | 240 | } |
265 | 241 | } |
266 | 242 | ] |
|
0 commit comments