Merge pull request #11559 from Azure/v-rusraut-SAPBTP,SquidProxy-RemoveDC

v-dvedak · web-flow · commit f372d27d3180 · 2024-12-13T16:36:02.000+05:30
Repackaged - Nginx
diff --git a/Solutions/NGINX HTTP Server/Analytic Rules/NGINXCommandsInRequest.yaml b/Solutions/NGINX HTTP Server/Analytic Rules/NGINXCommandsInRequest.yaml
@@ -5,9 +5,6 @@ description: |
 severity: High
 status: Available
 requiredDataConnectors:
-  - connectorId: NGINXHTTPServer
-    dataTypes:
-      - NGINXHTTPServer
   - connectorId: CustomLogsAma
     dataTypes:
       - NGINX_CL
@@ -30,5 +27,5 @@ entityMappings:
     fieldMappings:
       - identifier: Url
         columnName: UrlCustomEntity
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled
diff --git a/Solutions/NGINX HTTP Server/Analytic Rules/NGINXCoreDump.yaml b/Solutions/NGINX HTTP Server/Analytic Rules/NGINXCoreDump.yaml
@@ -5,9 +5,6 @@ description: |
 severity: High
 status: Available
 requiredDataConnectors:
-  - connectorId: NGINXHTTPServer
-    dataTypes:
-      - NGINXHTTPServer
   - connectorId: CustomLogsAma
     dataTypes:
       - NGINX_CL
@@ -29,5 +26,5 @@ entityMappings:
     fieldMappings:
       - identifier: ProcessId
         columnName: ProcessIdCustomEntity
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled
diff --git a/Solutions/NGINX HTTP Server/Analytic Rules/NGINXDifferentUAsFromSingleIP.yaml b/Solutions/NGINX HTTP Server/Analytic Rules/NGINXDifferentUAsFromSingleIP.yaml
@@ -5,9 +5,6 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: NGINXHTTPServer
-    dataTypes:
-      - NGINXHTTPServer
   - connectorId: CustomLogsAma
     dataTypes:
       - NGINX_CL
@@ -32,5 +29,5 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: IPCustomEntity
-version: 1.0.1
+version: 1.0.2
 kind: Scheduled
diff --git a/Solutions/NGINX HTTP Server/Analytic Rules/NGINXKnownMaliciousUserAgent.yaml b/Solutions/NGINX HTTP Server/Analytic Rules/NGINXKnownMaliciousUserAgent.yaml
@@ -5,9 +5,6 @@ description: |
 severity: High
 status: Available
 requiredDataConnectors:
-  - connectorId: NGINXHTTPServer
-    dataTypes:
-      - NGINXHTTPServer
   - connectorId: CustomLogsAma
     dataTypes:
       - NGINX_CL
@@ -34,5 +31,5 @@ entityMappings:
     fieldMappings:
       - identifier: Name
         columnName: MalwareCustomEntity
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled
diff --git a/Solutions/NGINX HTTP Server/Analytic Rules/NGINXMultipleClientErrorsFromSingleIP.yaml b/Solutions/NGINX HTTP Server/Analytic Rules/NGINXMultipleClientErrorsFromSingleIP.yaml
@@ -5,9 +5,6 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: NGINXHTTPServer
-    dataTypes:
-      - NGINXHTTPServer
   - connectorId: CustomLogsAma
     dataTypes:
       - NGINX_CL
@@ -32,5 +29,5 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: IPCustomEntity
-version: 1.0.1
+version: 1.0.2
 kind: Scheduled
diff --git a/Solutions/NGINX HTTP Server/Analytic Rules/NGINXMultipleServerErrorsFromSingleIP.yaml b/Solutions/NGINX HTTP Server/Analytic Rules/NGINXMultipleServerErrorsFromSingleIP.yaml
@@ -5,9 +5,6 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: NGINXHTTPServer
-    dataTypes:
-      - NGINXHTTPServer
   - connectorId: CustomLogsAma
     dataTypes:
       - NGINX_CL
@@ -34,5 +31,5 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: IPCustomEntity
-version: 1.0.1
+version: 1.0.2
 kind: Scheduled
diff --git a/Solutions/NGINX HTTP Server/Analytic Rules/NGINXPrivateIPinUrl.yaml b/Solutions/NGINX HTTP Server/Analytic Rules/NGINXPrivateIPinUrl.yaml
@@ -5,9 +5,6 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: NGINXHTTPServer
-    dataTypes:
-      - NGINXHTTPServer
   - connectorId: CustomLogsAma
     dataTypes:
       - NGINX_CL
@@ -29,5 +26,5 @@ entityMappings:
     fieldMappings:
       - identifier: Url
         columnName: UrlCustomEntity
-version: 1.0.1
+version: 1.0.2
 kind: Scheduled
diff --git a/Solutions/NGINX HTTP Server/Analytic Rules/NGINXPutAndGetFileFromSameIP.yaml b/Solutions/NGINX HTTP Server/Analytic Rules/NGINXPutAndGetFileFromSameIP.yaml
@@ -5,9 +5,6 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: NGINXHTTPServer
-    dataTypes:
-      - NGINXHTTPServer
   - connectorId: CustomLogsAma
     dataTypes:
       - NGINX_CL
@@ -43,5 +40,5 @@ entityMappings:
     fieldMappings:
       - identifier: Url
         columnName: UrlCustomEntity
-version: 1.0.1
+version: 1.0.2
 kind: Scheduled
diff --git a/Solutions/NGINX HTTP Server/Analytic Rules/NGINXRequestToSensitiveFiles.yaml b/Solutions/NGINX HTTP Server/Analytic Rules/NGINXRequestToSensitiveFiles.yaml
@@ -5,9 +5,6 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: NGINXHTTPServer
-    dataTypes:
-      - NGINXHTTPServer
   - connectorId: CustomLogsAma
     dataTypes:
       - NGINX_CL
@@ -34,5 +31,5 @@ entityMappings:
     fieldMappings:
       - identifier: Url
         columnName: UrlCustomEntity
-version: 1.0.1
+version: 1.0.2
 kind: Scheduled
diff --git a/Solutions/NGINX HTTP Server/Analytic Rules/NGINXSqlPattern.yaml b/Solutions/NGINX HTTP Server/Analytic Rules/NGINXSqlPattern.yaml
@@ -5,9 +5,6 @@ description: |
 severity: High
 status: Available
 requiredDataConnectors:
-  - connectorId: NGINXHTTPServer
-    dataTypes:
-      - NGINXHTTPServer
   - connectorId: CustomLogsAma
     dataTypes:
       - NGINX_CL
@@ -33,5 +30,5 @@ entityMappings:
     fieldMappings:
       - identifier: Url
         columnName: UrlCustomEntity
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled
diff --git a/Solutions/NGINX HTTP Server/Data/Solution_Nginx.json b/Solutions/NGINX HTTP Server/Data/Solution_Nginx.json
@@ -2,7 +2,7 @@
   "Name": "NGINX HTTP Server",
   "Author": "Microsoft - support@microsoft.com",
    "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">",
-  "Description": "The [NGINX](https://nginx.org/) HTTP Server data connector provides the capability to ingest [NGINX HTTP Server](https://nginx.org/#basic_http_features) events into Microsoft Sentinel. Refer to [NGINX Logs documentation](https://nginx.org/en/docs/http/ngx_http_log_module.html) for more information.\n\n This solution is dependent on the Custom logs via AMA connector to collect the logs. The Custom logs solution will be installed as part of this solution installation. \n\n **NOTE**: Microsoft recommends installation of Custom logs via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by **Aug 31, 2024**. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/azure/sentinel/ama-migrate?WT.mc_id=Portal-fx).",
+  "Description": "The [NGINX](https://nginx.org/) HTTP Server data connector provides the capability to ingest [NGINX HTTP Server](https://nginx.org/#basic_http_features) events into Microsoft Sentinel. Refer to [NGINX Logs documentation](https://nginx.org/en/docs/http/ngx_http_log_module.html) for more information.\n\n This solution is dependent on the Custom logs via AMA connector to collect the logs. The Custom logs solution will be installed as part of this solution installation. \n\n **NOTE**: Microsoft recommends installation of Custom logs via AMA Connector. Legacy connector uses the Log Analytics agent which were deprecated on **Aug 31, 2024.** Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/azure/sentinel/ama-migrate?WT.mc_id=Portal-fx).",
   "Workbooks": [
     "Workbooks/NGINX.json"
   ],
@@ -21,9 +21,6 @@
 	"Hunting Queries/NGINXTopURLsClientErrors.yaml",
 	"Hunting Queries/NGINXTopURLsServerErrors.yaml"
  ],
-  "Data Connectors": [
-    "Data Connectors/Connector_NGINX_agent.json"
-  ],
   "Analytic Rules": [
     "Analytic Rules/NGINXCommandsInRequest.yaml",
     "Analytic Rules/NGINXCoreDump.yaml",
@@ -41,7 +38,7 @@
   ],
   "Metadata": "SolutionMetadata.json",
   "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\NGINX HTTP Server",
-  "Version": "3.0.0",
+  "Version": "3.0.1",
   "TemplateSpec": true,
   "Is1Pconnector": false
 }
diff --git a/Solutions/NGINX HTTP Server/Hunting Queries/NGINXAbnormalRequestSize.yaml b/Solutions/NGINX HTTP Server/Hunting Queries/NGINXAbnormalRequestSize.yaml
@@ -4,9 +4,6 @@ description: |
   'Query shows abnormal request size.'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: NGINXHTTPServer
-    dataTypes:
-      - NGINXHTTPServer
   - connectorId: CustomLogsAma
     dataTypes:
       - NGINX_CL
diff --git a/Solutions/NGINX HTTP Server/Hunting Queries/NGINXRareFilesRequested.yaml b/Solutions/NGINX HTTP Server/Hunting Queries/NGINXRareFilesRequested.yaml
@@ -4,9 +4,6 @@ description: |
   'Query shows rare files requested'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: NGINXHTTPServer
-    dataTypes:
-      - NGINXHTTPServer
   - connectorId: CustomLogsAma
     dataTypes:
       - NGINX_CL
diff --git a/Solutions/NGINX HTTP Server/Hunting Queries/NGINXRareURLsRequested.yaml b/Solutions/NGINX HTTP Server/Hunting Queries/NGINXRareURLsRequested.yaml
@@ -4,9 +4,6 @@ description: |
   'Query shows rare URLs requested.'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: NGINXHTTPServer
-    dataTypes:
-      - NGINXHTTPServer
   - connectorId: CustomLogsAma
     dataTypes:
       - NGINX_CL
diff --git a/Solutions/NGINX HTTP Server/Hunting Queries/NGINXRequestsFromBotsCrawlers.yaml b/Solutions/NGINX HTTP Server/Hunting Queries/NGINXRequestsFromBotsCrawlers.yaml
@@ -4,9 +4,6 @@ description: |
   'Query searches requests from bots and crawlers.'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: NGINXHTTPServer
-    dataTypes:
-      - NGINXHTTPServer
   - connectorId: CustomLogsAma
     dataTypes:
       - NGINX_CL
diff --git a/Solutions/NGINX HTTP Server/Hunting Queries/NGINXRequestsToUnexistingFiles.yaml b/Solutions/NGINX HTTP Server/Hunting Queries/NGINXRequestsToUnexistingFiles.yaml
@@ -4,9 +4,6 @@ description: |
   'Query shows list of requests to unexisting files'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: NGINXHTTPServer
-    dataTypes:
-      - NGINXHTTPServer
   - connectorId: CustomLogsAma
     dataTypes:
       - NGINX_CL
diff --git a/Solutions/NGINX HTTP Server/Hunting Queries/NGINXTopFilesRequested.yaml b/Solutions/NGINX HTTP Server/Hunting Queries/NGINXTopFilesRequested.yaml
@@ -4,9 +4,6 @@ description: |
   'Query shows list of files requested'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: NGINXHTTPServer
-    dataTypes:
-      - NGINXHTTPServer
   - connectorId: CustomLogsAma
     dataTypes:
       - NGINX_CL
diff --git a/Solutions/NGINX HTTP Server/Hunting Queries/NGINXTopFilesWithErrorRequests.yaml b/Solutions/NGINX HTTP Server/Hunting Queries/NGINXTopFilesWithErrorRequests.yaml
@@ -4,9 +4,6 @@ description: |
   'Query shows list of files with error requests.'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: NGINXHTTPServer
-    dataTypes:
-      - NGINXHTTPServer
   - connectorId: CustomLogsAma
     dataTypes:
       - NGINX_CL
diff --git a/Solutions/NGINX HTTP Server/Hunting Queries/NGINXTopURLsClientErrors.yaml b/Solutions/NGINX HTTP Server/Hunting Queries/NGINXTopURLsClientErrors.yaml
@@ -4,9 +4,6 @@ description: |
   'Query shows URLs list with client errors.'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: NGINXHTTPServer
-    dataTypes:
-      - NGINXHTTPServer
   - connectorId: CustomLogsAma
     dataTypes:
       - NGINX_CL
diff --git a/Solutions/NGINX HTTP Server/Hunting Queries/NGINXTopURLsServerErrors.yaml b/Solutions/NGINX HTTP Server/Hunting Queries/NGINXTopURLsServerErrors.yaml
@@ -4,9 +4,6 @@ description: |
   'Query shows URLs list with server errors.'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: NGINXHTTPServer
-    dataTypes:
-      - NGINXHTTPServer
   - connectorId: CustomLogsAma
     dataTypes:
       - NGINX_CL
diff --git a/Solutions/NGINX HTTP Server/Hunting Queries/NGINXUncommonUAsString.yaml b/Solutions/NGINX HTTP Server/Hunting Queries/NGINXUncommonUAsString.yaml
@@ -4,9 +4,6 @@ description: |
   'Query searches uncommon user agent strings.'
 severity: Low
 requiredDataConnectors:
-  - connectorId: NGINXHTTPServer
-    dataTypes:
-      - NGINXHTTPServer
   - connectorId: CustomLogsAma
     dataTypes:
       - NGINX_CL
diff --git a/Solutions/NGINX HTTP Server/Package/3.0.1.zip b/Solutions/NGINX HTTP Server/Package/3.0.1.zip
diff --git a/Solutions/NGINX HTTP Server/Package/createUiDefinition.json b/Solutions/NGINX HTTP Server/Package/createUiDefinition.json
diff --git a/Solutions/NGINX HTTP Server/Package/mainTemplate.json b/Solutions/NGINX HTTP Server/Package/mainTemplate.json
diff --git a/Solutions/NGINX HTTP Server/ReleaseNotes.md b/Solutions/NGINX HTTP Server/ReleaseNotes.md
diff --git a/Tools/Create-Azure-Sentinel-Solution/V2/WorkbookMetadata/WorkbooksMetadata.json b/Tools/Create-Azure-Sentinel-Solution/V2/WorkbookMetadata/WorkbooksMetadata.json
diff --git a/Workbooks/WorkbooksMetadata.json b/Workbooks/WorkbooksMetadata.json
