From adf667dd21244814ff88e46ff81d795396c562ce Mon Sep 17 00:00:00 2001 From: adutt Date: Thu, 9 Jan 2025 18:43:04 +0530 Subject: [PATCH 01/17] Changes to track usage and change analytics rule name Changes to track usage and change analytics rule name --- .../CommvaultSecurityIQ_Alert.yaml | 4 +-- .../AzureFunctionCommvaultSecurityIQ/main.py | 31 +++++++++++++++--- .../CommvaultSecurityIQDataConnector.zip | Bin 10399762 -> 10400084 bytes 3 files changed, 28 insertions(+), 7 deletions(-) diff --git a/Solutions/Commvault Security IQ/Analytic Rules/CommvaultSecurityIQ_Alert.yaml b/Solutions/Commvault Security IQ/Analytic Rules/CommvaultSecurityIQ_Alert.yaml index 1dcdb3f5139..e288fc8e926 100644 --- a/Solutions/Commvault Security IQ/Analytic Rules/CommvaultSecurityIQ_Alert.yaml +++ b/Solutions/Commvault Security IQ/Analytic Rules/CommvaultSecurityIQ_Alert.yaml @@ -1,7 +1,7 @@ id: 317e757e-c320-448e-8837-fc61a70fe609 -name: CommvaultSecurityIQ Alert +name: Commvault Cloud Alert description: | - 'This query identifies CommvaultSecurityIQ Alerts.' + 'This query identifies Alerts from Commvault Cloud.' severity: Medium status: Available requiredDataConnectors: [] diff --git a/Solutions/Commvault Security IQ/Data Connectors/AzureFunctionCommvaultSecurityIQ/main.py b/Solutions/Commvault Security IQ/Data Connectors/AzureFunctionCommvaultSecurityIQ/main.py index 1a82b242c66..66bafd596e7 100644 --- a/Solutions/Commvault Security IQ/Data Connectors/AzureFunctionCommvaultSecurityIQ/main.py +++ b/Solutions/Commvault Security IQ/Data Connectors/AzureFunctionCommvaultSecurityIQ/main.py @@ -20,9 +20,11 @@ blob_name = "timestamp" cs = os.environ.get('AzureWebJobsStorage') +backfill_days = int(os.environ.get('NumberOfDaysToBackfill', "2")) # this is just for testing customer_id = os.environ.get('AzureSentinelWorkspaceId','') shared_key = os.environ.get('AzureSentinelSharedKey') + verify = False logAnalyticsUri = 'https://' + customer_id + '.ods.opinsights.azure.com' @@ -114,19 +116,34 @@ def main(mytimer: func.TimerRequest) -> None: secret_name = "access-token" qsdk_token = client.get_secret(secret_name).value headers["authtoken"] = "QSDK " + qsdk_token + + companyId_url = f"{url}/v2/WhoAmI" + company_response = requests.get(companyId_url, headers=headers, verify=verify) + if company_response.status_code == 200: + company_data = company_response.json().get("company", {}) + companyId = company_data.get("companyId") + audit_url = f"{url}/V4/Company/{companyId}/SecurityPartners/Register/6" + logging.info(f"Company Id : {companyId}") + audit_response = requests.put(audit_url, headers=headers, verify=verify) + if audit_response.status_code == 200: + logging.info(f"Audit Log request sent Successfully. Audit Response : {audit_response.json()}" ) + else: + logging.error(f"Failed to send Audit Log request with status code : {audit_response.status_code}") + else: + logging.error(f"Failed to get Company Id with status code : {company_response.status_code}") ustring = "/events?level=10&showInfo=false&showMinor=false&showMajor=true&showCritical=true&showAnomalous=true" f_url = url + ustring current_date = datetime.now(timezone.utc) to_time = int(current_date.timestamp()) fromtime = read_blob(cs, container_name, blob_name) if fromtime is None: - fromtime = int((current_date - timedelta(days=2)).timestamp()) + fromtime = int((current_date - timedelta(days=backfill_days)).timestamp()) logging.info("From Time : [{}] , since the time read from blob is None".format(fromtime)) else: fromtime_dt = datetime.fromtimestamp(fromtime, tz=timezone.utc) time_diff = current_date - fromtime_dt - if time_diff > timedelta(days=2): - updatedfromtime = int((current_date - timedelta(days=2)).timestamp()) + if time_diff > timedelta(days=backfill_days): + updatedfromtime = int((current_date - timedelta(days=backfill_days)).timestamp()) logging.info("From Time : [{}] , since the time read from blob : [{}] is older than 2 days".format(updatedfromtime,fromtime)) fromtime = updatedfromtime elif time_diff < timedelta(minutes = 5): @@ -140,6 +157,7 @@ def main(mytimer: func.TimerRequest) -> None: logging.info("Event endpoint : [{}]".format(event_endpoint)) response = requests.get(event_endpoint, headers=headers, verify=verify) logging.info("Response Status Code : " + str(response.status_code)) + if response.status_code == 200: events = response.json() logging.info("Events Data") @@ -625,8 +643,11 @@ def upload_timestamp_blob(connection_string, container_name, blob_name, timestam timestamp_str = str(timestamp) blob_service_client = BlobServiceClient.from_connection_string(connection_string) - + container_client = blob_service_client.get_container_client(container_name) + + if not container_client.exists(): + container_client.create_container() blob_client = container_client.get_blob_client(blob_name) @@ -667,4 +688,4 @@ def read_blob(connection_string, container_name, blob_name): except Exception as e: logging.error(f"An error occurred: {str(e)}") - raise e + raise e \ No newline at end of file diff --git a/Solutions/Commvault Security IQ/Data Connectors/CommvaultSecurityIQDataConnector.zip b/Solutions/Commvault Security IQ/Data Connectors/CommvaultSecurityIQDataConnector.zip index 84d8897ce735f4e56c4e54ecbf4f64b17001afc0..d2108b354375449727855f1bfdb7bc90c5374dd4 100644 GIT binary patch delta 6764 zcmZA6u9WpV$n54FBorV66o3jK01ZIFGk^{-04Bf!*Z>FM0zB{>-~$3c2#5eNAOWO+ z43Gl~KnbV-HJ|~sfDX_D2EYiI05f0#tbh%$0}j9mxBxfc0la_@@B;zx0tf;jAPhu+ zC=dhUKmtetDIg7A0vR9+7i%IMz&5Cv)lMD$d%PezgJ4XX{DCz9E^u2yfYU?TVY*kN>VYr6LMNnTN zA+^!7J0u`B)7$R4>Y zp7_w#vEo*usi5SNR{taP2b>))yqhZ}eWw_IWi zW`3C0N&=m6if5K2!=lGp$z3m%HzlL3vpvG(UDM!+4}2+Dt`^!stPLf~N@w0F-O4ed zLHVUB2s%ajq?j}3_|w-35!M;UHaoH~j&k8FF*ee(I|8eKY^pB;BJtEy#r7J+EOcGt zINT$v3}j|9%?;+s6EY`(oqQwV=h;-|XinJm;}2K6inT`3$ip?)aw=Z1I(W`_d@@Nd zAFk!ev)<99exr%k@y)GaIzmWg5M!D#QX2fB0q?$LAD=hXAV zXr)rL@jTS#Ek|L>s2-uBSMQGuwJk``J+r&WU!o>$ZI|~tdV}VJrln1of^@u$LbjiU zZ7UgT`A`_84x=S>Bt^`N1=H}ocS+lIV2ZgdowPsMcX94*o=;Fd8F{jVCHF-1GgAK* z26FQeK?=s{Sj&ts+z9jI!Jb2yc%tI(8Yc*Gl~X=%{l9qwHOc3~sdx&NnZTIWSm8a1 zdMRIt3GyCy3C=RMibUfLXPiI0-_7WWqM|dwH)(7SvL+ShDW-x-_4kOk+aK;E+tI;t zj~2{-{WR7aYnA_I=ogW?-SZKm!9Vt%^6;I)CYkH@!3C`S%gAS{La~Z4g%GT&sRK6n zBfg0`1 zMb!)aj1PC`8JnmE);>J^wj^2MS86>`4dr!msHeR{`;68HP>m;lc*I#7OFH$sE3SUo zIlMDR)g7gwV92)9Dp&}{SHSC*rYLqoZAoevf&WJ|<;C{f<0YsDm9qOq&!*0ubHWu;eOh_Kr{wk6$Hm5T4aMZM;XN$%s zFH?zJoOaI4a(Zs3Be^h2uojrjM5>Z}9m#Sgkc}R}gVg=?^!#FR)5h=PjM}K)x%l(7-L|w^15i7o(Os$bw6g6q{SsfFHSS1|`R0p3MmcON+AQ z++?I;CqV=%%+#Ksc#}T$gj@A5jTkBAvv${;D>@=20X(d1~+C; zWJtU5JhNJDL2mTj%#BX+^+!^o+qC_BE43%lfU8&;9<@d06d|4AAp9SEPPnZRHpfuc z4AabZ({9bw$J;`~2x__7j!?L9N>pVeb2T@W3HA7In9QRuq$Uvh;DAHt7?Ljd?Po;C zP!!{dn>F9__NAo^;l;56XT?H&jCGV=xAPn&{cxTYuBCWeT=`gNiq~`clClD{S7bZH z$&Xj=2ca9yuGpI%Sg(Ip zR}R!s8@AoGaYqP!#!E(*dGfa}!tl$>d*yJ+1Z!1GgbWq2E#a26aQhJkG~lZQ5_L`E z*jC$xLZlLg+P;va@>mBFA+IGdyL>Y1FF!Vfq}i)mJ@;#fcg;ljod4j8aBXdy|0J(f zyt{70L0qp>OQ;hXs|4RYw?Bs5ct}>y)4SS+N0_&;dNr;U64d6k@Z?q{n}*K4m>=Fx zF$MMuKcq#>(Gz3idRo?V%M2oNVq+5t1D4QkJVDBgKDKG17TE|nvsw0D^V~PL;zGYT z&ywfTCCPORl2fIG!}5n2Z(XpE32iVL(adP95yP}$a_!j_34CJg3+H4((VX8}zJy5% zY{T4{+U%-l28rh2Dn?C9oJIqqbvVap_SbxI1Z0uiKOqX3+LGZ(N|92tBG!uT11Z^; z0b5Lwp*;)lzAsc3Ln)(LrD)o+jOR3|lVMcf$XGhEv;=9254`%Vn{>~am=~`P`WGz6 z`%x&-pDJW~4lJn1(4bqXV{+JHUuC&`&|tzY(8}ppjhXfRQN&xcD#SmksSpPYE1LdS zJp3Zpf7FKbk|`zcu0MJ}&r#LRlC{R4?0R#b(MH(}pWaVgUHKT>FmRg}7wUe|az1qN zb;Vws_DHNoO7MtA62RYH=AVg}bH%3$5g#B}Yrj^yUhN3vCAtnltOd?>`))T;o5GZ8 zUe0dtJY(L@&9tx~)jo`%T=~7T;NQzUvQ)i$D>h9WRH0R6A<_7tf;RBh!n!OZ|8?U$@j=X+8o(5vh5-buY1q10ci!+ag~G#^&_*H{B@ z?r(-aOW@rH2Cki~HN&JsrePP5w^vtJC;v{bJ_jb=CDH_+4@r0~nK2nxGhU~vQe$Jx z3;I=BPM{qKrEUiham7$>2@s^;LJ+jvp9-+pXh_8>c5kqTu}1D*Uev3wvr zt7yPn0P`L_PP>!mBh115xoJuB4u>cGk%cjjMa*tX@roU1W1K@~xmAe@+bE@dZ&O)D) zU^d12=XF`+xCm`Q)X(V|V zfD<=CjCx?rua~py9N!l<0CPur(IX?j-?&#U90GZvC(fqDFSe;W#DGa21G}D4u{SpQ z9ez?5*#&QOCvH-Jv7R%;yI>CC(QA(m8!?(nw(SxsGGc%IR`Mi#6JueMge*EVxoW%^ zhDl{qhZk~8Ao96t#LP^^$3g#4w*Qo9E}XE=IL+T~p881#5!r{Y4x9TTC@!q@*CVOL zvCO;AQdC+tG4*D~{3(Sk4$E*=m(b$_c3HA$oxU@?A|8X5(q`Y8$N?fOvV2EB8KEt$kWN|Z!SM118%JA>HYvHgsUbho5*KPyUN$>0p}&MI z?79qDzP60P3_fmmlKvcwS2KF6L$valedP-@Ak`32rb5ZYYp!z#W$X>`za1Qkyl z<+aw48^C&iSi%jY-#_P#oyW@#?9F8C)=lmyn5912B+N1F&D!h&= z2Mk@lgNUdqVWXM*E#mukSppP#_p`azIwLDtE}PZaRrGo3n^d@l2qtnKaZRrjRJ+%z zmUiZo?IstKeFnp(Hc$hrIgbcGC3;=Tt(*#9E?Cc0A0FaQl*OB$dIFG1D(dcyMaJwv z9+;Mq6E5!|fi*jNT*O<)lx@;?1sO)1)32igH|?gB z$oon6N~YokpIb}C^Sg+hTs`fVF9d#8sH-tPu){KvxigxQ-uLx2u4kMUAxovelDVdF#}RMM&LD*SN&F&O>ZExmsvaKof*IFOy|$_(lpzg5qE zJ^EEbjNe+0>YLMaf^9CfuG@jKyzBmU)68%TW39k`2Vj8*#7tP?P*-o zpY3=u%w{E7>`K!f@%+Apv}DD zbF@xk_`H`5h>9Lc4_1orm2;E1x!$TjU3Y`{jqoAA#(zIkI(i!wRfCBU%kMQ1U~P;8 z)BoG#LxCQkQyuPohxm4+Ojfg{_5LwN=$HbhX?mWNIea;=wI7C1I5;TzJb4KYl2#mb|n+>g5o_HgzB&M9>{{=i#I^*emR} z5U75&9hCD7u?vY*tY0Db%t3Fj3;>eoTL))UN+JeOAMzHJd!lSjO-93Yl$M4 z3Ks~X%KrMtF8KFOSaP^`T7zf$T|F#d^ZMv%Qd(+8`OAIH-kMlxkE`JBX!Bnxf9|K{ z$%ZI1j$HAIq<{~G{wus3_&eQ{J8+Qw@=d2D zjf$aRn-A)u;iSGzJIpg)yCT9_!Vy!li~U z87JSdu=E`v50?AdaCS)x8^9=(@+yR14YpRQd?gtWEO1Vp_OW7p_Se-v_-p2O{>&m& zI<*AhFKr6RmYuVT6#>-nG7>SDGIc4Wb{E=am#w)-6e2{Va14Pk+^NoxgPnL*#Af57 zV&ef?s#{5!#Efa~O#Q73kzioaSZByR@ zbq(s$qR?1-z_FX2jQvTf(zjpKU8qbEaC*z&Br0_&LZl+kD{aB#Y7}`MCe3fY%@|zv zDRHB{U>@0{`AgK+w)5hA&s-I^Gn{vpXIz@eig|!SpTJ zSZEX4Pws%LKfj%;)(2qHs0+=gK4{zdvjP}$ofJ~MMaH6IMHpl7R~-94U`lQ}*bV~u z+q#muNt&s(TwgPmj3Qh8N*$H-t9g(A*E|N2*dIkF|A54uuFrWrY=D({FHS-z4 z!3p8n$Qth|K&^hzV(tApDu^LXU25f(c(;45?8QK+*)JCJ!laGW%0z&d4EZCMx z9M1hSQcx-^Pb7jTd-qCb*?f!@~2sgFU^zJ!BQJv zeBbvPWpmJQuxhtQk(T+6Z^(eqKH97jWSn-8#F*5~G&#sr)!bOdu2P%57ei?_8*q4m z33DwtD};_R!`2NuLy%g1t^6~4eqsAG`_lL})BcwnMXSTdyCY^quvPF;;T1AZhe^y6 z&)FKH2BG1+_8mX;g-(5#ISb)k7U^u}*PoZ8e?L5t(R4JXT7GFq^HZD0u6uWwAxv^; zzV_GLj1y%Vlj_~*reSVBvMRN}Ix=M-^SQbG0L9u9?D^WvsAXgOq|p=g>`VW8kHldK znLZLjSr!tf@Z+}86Z>-WSL}HOJE4thuB$RSyx%9AA(te61GJx}j+;Y22N1_kGpP;S zn92OZG^+`!qWS$@%3Zhlf|DaxLxh)WDnxgmKJoM*VB{8VmYg1F(zqd~%p^{Q!Qp&S zvdN*s3xfn(y7dp>7v4T_H~U!pYMm;yQbP4aJ}SX~){<>>h0NNt{UG)2x?E)BcI!3= zx$CsmC6Nh^6CsG>UfQ&#S1k2+8xw=@dt^9immzwS#py>+1L_dhCXNCPPWu^&)_Ma} zM6vIm`ammw3)?Q)+JXvQ3h_RI>i2>RYDMB>6R?|sn{1XBaIGI+Y;EYTiheL8&96Yy zXq*gpY*1d7|2Q@bM{pGp^w%mK!@MA{UfwMI%fheS+VZ)whGX`dv^PQ=pRioJE#6k{ zzgTk@S?=?|4`F$p82IC2A~Y^mOr?(>w`20l^V$}N(*&jM+24NO?#x9gJ}d}%I5ia4 zXidOcZc5zP8Pgr-WUJE*L~Sqr)cF17{b-{iVUBondDo02G2y=QHL=y;EzalQ0HHkBQIoEA8^~@5UpbMR zVvY6&Ls44JKu;{$*iA!&-P_J9Zj(FZzFHPo@g2OW@?lF~b+mDEk|)@+3=`3w;>uKW zMOj%UbxR+v@~fu87bjtc*={DpOfKq}LcrxLov!P#Fj0{~$_}OEWeAWzUngNkS2IBnPVjL;>!3oF)D0EWa+TNRJ@_Y&EXpgFE-bNL}Y(w(Gs-KGX5v6rh4^K&{ z5;4r|N&SXH7%!Q-CGnCkHu|s-h4ij%BnV}wOduxTU%KK8nPD#eXFItf3jB#3O}G%a zLqOQL%;^1)i9lhOTBPQ37}7*gl#jGBy3Rk8U96VYGS+ojDDrwr?Vl)ng1Pnjb%`EpP% Kq)$jlNdE&7tnkMG delta 6440 zcmZA524;bYq~k&r)#>qndvdzY`VKAcjM^heLlY*u7Bd1 z+j&4r+Im0=0`LFtz*pc5T!1TZ1Ma{Bcmglr4Sawv z@B{uJ00aUk2m-+%1cU+r!az8P0FfXHM1vR*3*taLNC4kJB1i(sAO)m?G>{H5KxR|c z_+OmF;%I%{gFk%QByezJdg-fwvs9obl*VqWd>8B7FStwx8tPH3tMbWwSyfbv@&+yP zSuwf)t{f7=iQh%lOCO_g#qU0JZwA7>71wA;R{Z*ddl=Oa$&(~z(7e7K4)VJ(EV5XV z__t)VMg7=CU)L?tOWa;ZZM>AEO&a%a80ytlG312qq5ChN-356a*GI655G-(^@x^`^%X}eYmhk zwf(cC`n7yUE;e5+i@-B$+c)%;W50Ud^G|Fg_=}|}I+f4S#k$+NU17aPB1 zy~Rr={X{=l+Urfrs4mEHQ|BrMP1m9r7fEsRxyLbkP>6TaUmC(Wn&&LX+eV$TrRz2Rg78U_mcGGy zQA5JeSK3=!K+2|I(#8x@D2TSH$BGOJX;8Yhd|?0G*d&%Jvs8Hc!Y~;KotT(=m!K4p z&0PYG{NpGUXA zyuj1XmZzIFsopo4QEfVtXix+DXN%BIp0j=jR97L-P>1@rcQv6+-)4pTdY2ydXy9S`_#7OzzP-*Xo39$@_Z1@( zmUb~#T+x>CN!=@Jcrc`jv8nr-;?Ytp6xtw2KI0eK?zm+7L))HC2(t&v$o>%T%@JFy z2dmkC2X^jhgX!8V(r*oq`8@qpKG=(-d`2!tIF^IC9kd;6PixVBgBtDlr=r@jZc6p4 ze^$UHZW2!a2!y)(M6MKa>Y8lMWf~l;hA)MBeT2TcU3bJ`L2j7;6b~N1pkVyh9EMKI zn`Vo}p#RS=0Y0!t(5=I*O<}*6D~oG}2#sBLaFo@`v7Ff_!@p;-#<;{Qk5$=&qSIIZ zIbi(niX(yK=--tH?eo{hnEZq(h`*@Y=BrryON3SWs^VLtu}{!w-7A9f$(!}|Rj*Kc zMA=c;zAP)FIXt^wYpZlV3r!ua7w9%=L|q~>+)PyEG#&dOU^i`~#V(~9#M0}5uJ%Q8 zi?7O@FdYSx<|Otu**z&Nw>Xo|T8tzLAB_#}0rO@%Yf5!<)CE0$QLCek)k?ogJw`ZF zWxLyD_mN1{of1k&PL*XOWWu=0xVnA*d+_(dQRgYTuQ6l%sz=fD517EpLtV@DWU{FE zb4~vMu{tF0-G}A!{KB#gf~t}JtoFqd16yFL!|Cdk`j(+r0>cjX$6H^E0tQ~YMTwTa zv0`cY^Eqj3Gnnw`L}LRfn$%w(J|bdcxWLUVlKayB{w1g^##GG>9<4h$wPq|_fzt?H zg9(N|E@QBZbFF{Gb=zbjDkgubXKGWf} zOzB$h0XoSDjTY6R!NJ}ihFyrxgNb7z87y0V97R0g=(wRBRBXwn^loni+7%q9m7EKN z6CQT&X7Zr7E_kVfu}694icm5Cix_csmK7CiaaO>WQ<{za#e|p=V@#l${?g zDO<_RzT>Jf{5>mQma&n14%Cm$o#tqGV~HM)FeC_dN5673BK4#~!gA-8#c7~0VTxdCwyDvOK~Vj8T(FNX#r@1>~a%&Y$x0~hzo@Z0uvB8Q#b@uw{^*+Uz9 zW|Gj~79r6mF@3hf!|?BPZ8mvjbaqMdU8AITCqMZ6zx2aTnR4PR3lCje6PNCE^$eX9 z%n6(|V<-9KoX$`A>j~aU-_^{X%Os_R4TwK)AABoj;P=1VB-o?GVp6;)oEm?%?K6@- zlOy;YbALK9p%Sxf8G((>u)Ho`H{0G|vltIOx}nn$UWQu**8l+lkuLd}AGG4vkN#im8f-z#-vmQuVCAkuX>-)tA( za$W@Ox5jgOA38B*c7JK}NFv|P;6#eW-t80Kud(Mm3hk>7riS zTz^J<-5BmppxN4#OL$#+wu5c;EMof={AMUem0zhOx2vC-S3Sk&`hGjV7mqq^OETm-ZnXl+?#8p& zyWZ|4GSz<9)SEu)gTnr;d9B4c+;?cVt;O$sH^VQEn>58lpFAfyJ~&PkkVy~8lbekQ@7(nxxWQysk(HM$^OP@b%z_P%d59U#b5DZ; zsWZBylcOj@tztPt!w@)f_i+`Qm4?s<@U=fCOcRrN^Z&+ZB57-gM{ z2?mtq?dg0`7cN=GKffPOf@-{zL$G?phn!q}NSK{X2dS4jy;@)YYHjeR@|@*FqpG>^ zNHuR6#VTm2(Qm*^R61b-MWt;?vXgrihS>Ndaj{N%Sd$DHF8I(^=o_}EzAR@)5$t!+ zks$IY0z(g!?;9Ct^^mkKiE~*~w|*Lq2u4}18bpolSRrp@G!TziHf58!wB|fCLz{)I z$g0GkjMH0#wytg$A4|a}Xi)=y=Et3B_TjC46Ed}xvZ0eQd3kF&d083xy#?39+e@tQ zF4EGegKzk9h;n5x=wxQeXS0AI>bj07BownxzpPh&(AjMlwqsG0Lc+dXEri)@TvzaR zB~M>4W#x_B%23C}ys27aO4qy>wXlI1Xz}ccUaQT2NLV_wR$Zh2o=6MzBrFU!f8HM= zA0MV6EHfYWP!#FMB;pbrBs09at8>ok;c}SyZ5KyBOSdj)28}lTk?C1CNff^*(>E7u zkI?pclzPO*he0P&AeHeDMOQkz&&8)mVU?ytU$R0bu(ecgddH+jb}@T|oTP)xiP*Ys zxPu$-iNKIY-Z!IU9NvR2X7`<-Lg)vAJtvfnc)B^Nr@M>AMb+C|ocxFLf_FiGgwky* zHXmn&S<;#RTYz4Z(y-a$@~o9si0Eg*sU!OI>m3Pl%oW?PyT$7Kmqo!oH`h3e%}XyW z5qXNxrSdrE9<~o5X(87bvP7a(R4#>hcCFylyVx^qdC{a*2w-*P62;tm;W-9E2o2lm z{L5WetFL1t4Yc%9+4Uw7s&}F|`Sfa{htU_C+VhroMZIdmG2%pljUGV)3H=S%!tT!|{ z40p9fd`jBP4#UD?KOQiXf*zv=#fLHl-d2ltxg9@R=^4(zSed7H3f%sj*{K%ex(C3HzMn@NprNATzG6fCKtRd-a1ei}+=u4Td+bF+r zNY^=Ca3JtQ0?ahx#WYrRR4?frrOoVOUMF*ASLfnC2+<4u@-I z+u`C|%@^c&;=m>8mM3#z%~3pYwz_~;I$M^AdBXsJC5(Y~dmhR+FU1&Pcl0Bb}xyiOl6#J1}o8_PdDL4O>YSwn+ z%R%Qbf-OGllg{w2ah@js`A-6|g%Cc>QM(G?+PG=)sa<9azN6~dvUg@3d2)j-EECW+ zd)~QR*`cQv=J!_OaPl??`32TfbK)I7&mGLuCpbV{F#fjwwTSiw14( z{gfwx*@Nu7om;={N}R-zG2_h@8Ix2&X@wU+x>LKx<9(GFUFfq$wy1MD@!|Wj6C}+&g)%*Zd~J57rviQS z{VNruKGEco2I94yLOGDD8G#;o()*XRU%4vM;|%t=ZbOTHWW~jpNk*Y|GcCT?uUY z6ATro3LUbtr2dxOY!lB>?6ic4*eS$2Q#bJqFME|z_=UOybF5~^(ZTFJ#IupL8@a31eD8~Fi#9|AS zb|bRz>%aD0oxz?*b%~Q%q**v0`t-Q*k+RisYUnD<8fm3GYP=4$$A#MHSM*n$813X@ z`FSOo$<}`|<=aC|1=$~lkFU_ zm->1Pzoh)wYD`l5fv{kT)m^=*4t^rCQ%AnCAeaiXR+sI7pEK8BGw8b-OyAyge3qwa zzc8-T>Kr4$9wBR3ztx~^df?vzxd%fDKZ;|y=1YjA?Z2UN%+kFp=(vd*16${vdty@# z`vYclNhwJ_ds5o0CR8G^>1ts&Xh1Vw;YV5@hrC zQR)7?u|bdYxd`sFG0QgNd@+oXN(_dlR`sM+$BviARm#4&0Xn{tWxH5n@2OENAhEPGB3?8XFG5tq)>7*kw(e>98p|@_V=!B^CmYXkLa7FA1DeeoeGT65WTY3f z?m9=x#nx=w-+CUNE8P73Im5Qp(`WXl`X=WBr9EQ2zcvyVgG$JbSNgIE3 ze;E7TqNCmKRl?}em4F!iDe1R9&PT7JJn>5?!|9U~3HlArBB@0=y3oMO zcaV18K^(m@a5ThKu(0S*Cv}!q)=D0nO>N&u7S=8B!{kac6RBhA!0+25G4R3|vhs#n z-%djpCUgyj+8v8I(Kk8*<9$s&n)vgdZuOQI-)~C32!(2|AN}{s4QcCpic!JAa?0st z@Wb)dec{AE>ZgFF*EQu3?S0}cDt+z&5Bruei{4Z0r&Hc$TH2bPUQes1=tcqYN;v}W zk>t)apIWXjHJi}Lv%@c(E5zr3B!04;K_{dND;MF!uQT1*2 zwrA6*n`~xGA0EXNh$yUDYd(+Iu@w(L3P&#Fj{#d{>&S(h1iwSgk^pVfw_3Mj9FR=` zrPBAr;w0HpA$JMNj?$)aRv(?%knB+HoF1Z?T*NvTnxyiggLfj_^8qY1kEP@%w$>z{ zGU})Z{bB8r70)56IgQ6Kzj95)YlHgijpZ-`>_flWDT~`(*Ltl&8RvpyMRM|fj2|96 zi;6{}V;gs6-kLE~rcCA^{~8a_&YHi0e){K$s8HKfeeo_-?AHLrzPLx4e3|FH>jyUS41yyPs5>l?7i82uvR&RO{|e7qi;MN zzk_kJ2oZ?AC^ya{b3`c;v^UXJcVWMz*^NEN2u1}-XmBYlOYn<7j-)PNB*ccsoc^1n5lY!iM^RECCk0cf_cVYG)5?LiPYwIr{RelYkTPb4zkONm;0i10Os zd`DY>IxI`qRPLK2`mBXt80amni`C2DE*3ooOYir-3d-=6*}r*<)1`4GanSs@o$A&y zA~#l@R!qv7YICFI_3r8GM6ovapire*#DR`n%G3Q7;~0LzRoraX=y;_=SWbmsnlf&Yc$q8ZLsu<@}g z6!|fp=#Y!D9O$3q;aCUucGS5)+gA#(wxn9MUQ6?Qcz33X*nw;Mj9=Q- Date: Thu, 9 Jan 2025 18:57:52 +0530 Subject: [PATCH 02/17] update update --- .../AzureFunctionCommvaultSecurityIQ/main.py | 6 ++++-- .../CommvaultSecurityIQDataConnector.zip | Bin 10400084 -> 10400096 bytes 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/Solutions/Commvault Security IQ/Data Connectors/AzureFunctionCommvaultSecurityIQ/main.py b/Solutions/Commvault Security IQ/Data Connectors/AzureFunctionCommvaultSecurityIQ/main.py index 66bafd596e7..b7bb364e1e7 100644 --- a/Solutions/Commvault Security IQ/Data Connectors/AzureFunctionCommvaultSecurityIQ/main.py +++ b/Solutions/Commvault Security IQ/Data Connectors/AzureFunctionCommvaultSecurityIQ/main.py @@ -120,8 +120,10 @@ def main(mytimer: func.TimerRequest) -> None: companyId_url = f"{url}/v2/WhoAmI" company_response = requests.get(companyId_url, headers=headers, verify=verify) if company_response.status_code == 200: - company_data = company_response.json().get("company", {}) - companyId = company_data.get("companyId") + company_data_json = company_response.json() + logging.info(f"Company Response : {company_data_json}") + company_data = company_data_json.get("company", {}) + companyId = company_data.get("id") audit_url = f"{url}/V4/Company/{companyId}/SecurityPartners/Register/6" logging.info(f"Company Id : {companyId}") audit_response = requests.put(audit_url, headers=headers, verify=verify) diff --git a/Solutions/Commvault Security IQ/Data Connectors/CommvaultSecurityIQDataConnector.zip b/Solutions/Commvault Security IQ/Data Connectors/CommvaultSecurityIQDataConnector.zip index d2108b354375449727855f1bfdb7bc90c5374dd4..77376d894c2890044a1505330663b791c63edb8d 100644 GIT binary patch delta 6710 zcmZA6Ra+En!-Zi=dT4M+32BfHY3UfcJ0+z%2bf#BYiLA7lrE(iTDn0*8l)Qq^dY`? z``b8=^$V`8HNW)_YvX?+0Xo0{m;ehr0oVWs-~v2=4+sDufB+&u3`hVeAOqxp0#E`f z@DxA+HJ|~sfDX_D2Jj3p0w%x=Sip0@3fKTU-~gO}3vdG-zzbdgKEMwIfFKY8!axLw z0x=*CUIGaq38a8DkO8tl4!i>LKmjNMC7=vcfGSV}>Ocd)fF{ra+CT^B0zIG)41ggp z0>;1um;y6k4lIBrumaY=2G{~SU=JL?Yv2f+fHQCbuD}hv0q(#9cmglr4Sawv@B{uJ z00e>{5DY>g>whDefKZs42tw(YNP01+@5wQo}pjvAcW1!ylXWJMW~4m3LLR9!-aNreM81d9e3E zcIdg^H|*0#*IMILg0lwla0R1eVfX*>#EXdyafl-vgEO$ne@K?F?zQ7-Z{DkZM9!!( zjKi6!_vpE1&v4WVaddg~Uw92Clijk&ChbK3MzJtLEen8eP!ng~4enqx!Czw{@9ZoKx&IqN=OS!X7H_b>C2r~8)yOk0A#a?K%XxqmX0D4b>-@GUDLUTgBp zj1y_q3RNiPTpYc-m_K!;%SS;tBVll@^VNQFWTtS>+Udh(0ZsE}_)BTqq94!2IX*Uvx(c!aOHJy){lp&ibe>)k2RHJF^5?ASdG`)c9jk6Ugk-Yp~MYUFG%;0^LEKWX~};LsLW8AQMvoE`YPn{yR`PRZ>PQZoe7=cdX!;B9z`C1*(;1IR-156^po1PYU+;+1}z`drte$V?@@CM za`&Ez@e_zJVI{prmAdZtYow;d|FXU6Rz;W3x1T%hTyrTUb@fBX8RTCj4fnvf=5wq% z24Dz|%&j)7oZGdr=WVJ9oqWRS$Pq=TANs9ya!JMa972{RiYQ08NS$t2;zb-46PjzC zT3Cw4tJB`4IrP(H+WHrvoz1qthR7^h219ka&BlYM9dc;7mW%Aq@f5t$dn!u_U|nPg zOmix-vMr{}b6)imhL=xiaSA+kt{Ev*1c_~`<&LF^w@9$1{4R~^<2tkZo{$_nnj)2> zpZrpsFJVI_bZU3P-wjv5ZU|rAZ}0!$!zkx*L8=;QvtB8Y^nZA{gPqbv8)WKXdFpX5 zqj|j-YXu3w?Y+dna8jeHrOIjj>gDX;?11?P#S*kCv;jB5iT-7**8fjxIPr}*#v>ax zWmJ0n2Fp#U&xZ#&OR;vj26SH`ye!5Y zzf1SZ1)Ld+!|jINLQUohGt{?UV}Y2!2YE1Mh&YD!ZhNw|>$+M~?0oe4vws(u=_3fc1e zNww>(ozd@Y!&d33)gO08(q?lDEgSKE!?s2}&2e+%^`V?gmn6QH54eQOn#uk^ExN6C zazla9{)swdN0(8Bd4@N$N@jNeTPvn|)rv__W^(D=%0_~8TQtgc{SqeUOg6|8*I-bn zmx<8=(}dg)qkoBQ*=G||-HzKZ2C6+yWQh{+R%?0@Ign(@ep zXzRTXM_GkK%GyjA5$AP>6k!j8DY`b(vLieL&_J32J7Y$-In!(-zkCU8StEUJXTzJl zPuG$fcvl=ReBwuXRIKGI5>_^5P}!Az!|D zPg2A+7+~+&;cGvglN0Jk>6N8`l@`yq7n4U-9gw(jJ}2)K?lKg-FQ=qr@)sdeJ{wpF%x**d!lWZAL#BTAv^Tai;gvHW!-{^T@+wx^~f|_L# zTpL%xq5&4>H6XN$K9vi#-p;6X>1!_cWsB_iCM@+uFY}aUx)DR@g3xZnmGA&f@B|;= zJGD&?)L+3qB4I7+dQ62R*eA8;<`lk$!nMTsVYms@)7*zwacsW0qUb;V`-tjjx?+D= z9YkqgpPy~B!%wA-&rZVoAG`0bE;1kBW$ZdlEiJKUsV$Eyq4V(H`vod%d1Ha;4sAq> z+FbtAtR{0CpIuK}B7519zAFO#l(gc|<=Ht}s_H#*zN{Y{$CJ}Tlcid{>{kW&+@%rSQlhxP9m^~oYMKA2G7dAUnRPcbWfJ6T1+;p^yK zsoLaW4Y{l&{M64PVy8csZ8zaawv1NYa1B1#F^OXuAVZbrYx6H9NE^@~zh;p% z+^xAY1+s1#eV}>oe%9+=jJU}hyMvs%){UnH%hEqXi6r7@l=GdwX4or?V>=0&j3!() zCcKm5S4!@3ptvT5mW5bu{P?p3C#J;Z(c?!SJpSHaEnWc;!yM_o6LFsvaL!O>42r~S zXL6Dxt676o5H*y6{H^Y>BxK&Bt zy<=4HENPMw^TL$4|3t>gIWsLhdC2Hs$rdL{N zSN0c7%B2RoXLoC?rvc{K9qk!IMTQMHl;8A)2`29xb$7E}BJPlS+;s8Il`p=`G_blN ziw2Yw+-b45~Aq{LTS}%+9(|*2|OP-Ins3EEnB$p9{+n=~mRN#n;tvob3 z*gc=1PxGl-XX27$B&6fF)t(#Jjafiq>pn~E>2tO~lJw!PpO%MAEfH`eR(o$qJ3SZT z;hk{pWbCUp87orTCJBToe9w}8mK^)+b-vv9y?*HOv3`EL=K;loDPo?pI%P>=Q7paZ z7gX=md97R-A|;H3+akn23_ibi?GIT``9#^BEgQ&jm@`ZqOp|oUl)u8CP5!sn$vMuf z(WcM+@ZIORTBVvIdhe3@80x{Mel%W+BQdc>6PfPmXiC~zasOr>gW(;)wP$^C#02c5 zu>O!MF7xdX3bjz!J~PxUpZIIrfOo!XuDX|!+yeJ1CUyA~e3*kY_7d8^k>PCl@+-{1 zWf>t%VB)7s=fRQFd|NYfAc1MRDQ__J#v4nr&z!!uZdlh7uaB`N@Kd?zG4V*1FjVlB z>)B0SF=+39W{nEIxwCoPZz~{~$C?gu61-kGTYIjVptRdk6_AuV+l+a5HvLc9Z2!r7 z44?LfX5ZpZ@Yr71$5t}|-&)xzwv>|EJWeKj`DXTW|3##xkqLu_cg2g>7Ro){1_rL- zd-*45d9-5aXVSUv<=6l7$e(gr?{~ebirPO-yQ~@ItyuJC{t@j`EIb{;$Z%6IT-a8* z@ucggsR(+>D?e4y4teE^05(i09f@4(3q`~yRxx98yTFNABc-U6VE|;|P9h#GJ<&7Q^6zi4LN+9JOn<=4Y(o}Nj-A~Sk z%eVfiKibLTO^hMGZ3>G_qjxczao!3sA0p_vLT!-xYwfyMiqXN^Zlnn&U#xPt&h;Lv zHB)fb7U4~RGxyJ{ek0oIgZqnwa8VdFq|)7WGL&=MV_ejGZhSFqQr(*$U1`G50eHqoqxRraaG+C~qA|a&Sj;0ojfsF+3JCcR3+b!z6i(L*SFoYqsVAvvf!K z6>`2rnNf~zarQ)y4^bpXE=ew9QB$;q#UWicY83yOHCug+eDWcc@+31N(8+L7BRv|` z+G@$G1x4@O$k)SkQ%$cqz@njQ%`8Rt4yRNcDU5@r+^z`zSJP+`%x6I$63q8@uzSp= z#v5)S`YYn^k(O2xAi;4nSx!%CvOjdEcNyj_>I|SU^~N${3(tmo)5mWM@xb51Ds`;& zJ2f+(0AkYr5(<8q{^#%?jJ@!)W${l>)&2xauWbYyG}Gy|@iOU`7h{P}pwIxP*p)|9 z-r@$TqE1qU&1;T0TYv7QA)(^@KIVmVu{}7mjBkif=;MB72x^VNJ4s0*J^^EPV2Ig% zdgH57{a+Sd_O0>&BTJDW1rNpkfG>ynnN3;;KPC$Ku(_kr3W~zLc53^lhYgu*@nR-T zw0WvZD{B_DFkfkp8rExB7cJ1^ZTr)4)mk^~TH2Rh^Ut25W}pI?7^?E5w}g_IM&a;_ zqYmWj_^qE$4?91;Xk9(!5GXe`lttRrsKzp?BWP!xkdZx$ki;$v@*gX!7yOVfgLBZ{ z4Rj4Y?Ms_$t&|Mm@rcw*7rh&R)czPDToT>R0it=>657m;-OTwDFO`O1T>;V1Jj z+3tDrnJWG2oZ)L6{GZnkO88~)vcjUOdF1^ZIV$im_WB@CnQIj;{WvKA5iJw2?snfB zcKf>*lOuAhw>hu-c3!e`^e93%nd5Qw6HY_}45w&fREn`l#My|a%xsxt^q8(IgD9|fCH`i^8KBK6L`3}MGmcHm$@W+G&UU>>`L1bY-BE1unrn5|^5}mb z`3j9h3fFu5T>UW{6?>g(5DVI?Gl#LF*N21L$2CNsp1EzgIxExHS=zcnR4a({wJPo) z*|YOWQ^xB32L-57EgG|nzg#ZjmcPXe)D*a7tXUxy6%R37F3y8{@Tvhwm6yyk`%q%o z2V(y#fv~6Z5^|?LuHstVF)c*39>1#5Q6$#+=>{-6!&gq*!omnV(QdRjbIJ91wN4kV zZwM-XSAvL^{T3Be*CM{lv5;4|q>ZuMsTyx4<9yZ36?6XEexCduLW>U>T6clJ*#^DX zw$)??`|?!*RXJH3O*@E`_zzIqKvH>SkICcur1|X1a%nkThztmoH1| zpye!KmQ;{|HOQs6hx^j|#(YY#C5Xq=+J7K0=+ERc*&QELC$3sAIW@;jCn1LMZP0`< zUygCNQtNiY5~;0lR5}r9uiPrxBBo47Dnm=C#dgbP@)Mmmt5$t;o&VNYO-6rv<_wjZ ziE;VU*;1A+!vjAkB0bs2EbpY|?3$~O4PIvdN)z5Y4PS#-Y~LP#a$`xJywvBC)YgH@ zK%z?a>!|Hizrv2T`P{Oy#=X*dWMSc#PtjY55u@>v5r)bH0T0&`GYyyaDc|kk1kb2w-?AYlu#dImoxfz6uZiX8~V{xJ}*c)sVz9YB!H;@tYtS8*)78jh;B_ zn5Z&Wk~4}ba!V#0h1+vT_`vK|PYJ&waCL?wB@tq@R}!ZuChVk?e`$ zt&N89%wnPZk((2G;R$*Yug1__P^+C$A7tLZOUDTQPz4RO{Mn)9IecJ5#o!Mg0pCA}kHwO3I{+(~KLR-r`u0w`AY7r$#%*5<0s z_$@!39KkJ`f;+J{w!Iu~yQdthOa~c%(weDEw&7^^1G{iOWBEdFukt(m$)|L;hS@sBE-bnGx$i57F~%{j@aEWj z+~!CfB`#RtJKlqTzx?Z?12IGj)7!OMz8SeD7l!{6F0vXki|DY&+FhGAs1z%k`s78b z>#DiEp@88SHszjYR%aQZffOcmlc)@|=-`r-DgR0si{0%vqDwg+D6*<*bs}b@8+xgL zm052saz;Z}p`pGQVX2^eN+alg3D0Ki4xdqBNiU|saJbb{iBgGz9^-q?(Qb%%6TMX@ zv^#z){dCUZEDkV53Pk7P{>qeLdYi2^Zk>|gp!i*&r}96xvMCkhwUgCi7kdeR0xeNQ zPfvM+*;?;;$xBz`WQ{$GxPxLz`ZynzGiz}+OZ$h%%~3FXK+WLzb!lss3jVUK%p?QD zH0*8Rx&GzY6^Yt2na+0%G+Q6tN>d!rnk&%ehy>M%v&PAMb%=5lD6WRhkL1w8;-E`} z&7G;$tmKCs2DbzBxEte6&U*;PUwk&*kp+n%I}8paXfN;*J)D&RM6Q$$H$_r5I`h3m zM%N)e=ikqR8xBui9R99ff>4+zymjF1y(5-<@26OyAAGvy;&xO>%D)E6_LZz3D&i%rpkkOU3I3fPfo1!!n!{|Aq$ B+KB)F delta 6698 zcmZA6`a^P?vCl2>pto{8x`;>S#P4bwTzGzZf$ZPRTI(;f5Nub&s+ z&-F)K>zj9w+5ZFsWbh2200?*vpx^~S1!w>rU;s>j1+W1QcnNR;9>50#fDjM?Vn6~& z0U00%6o3*?0ct=4XaOCd2MmA_Fac)30$2eXUXZ z08tN&zKoz_JYCs)m08O9;w1EzI3v_`V&<6&< z5Eubt@D7*&Q(y+nfd#MxR=^tA09#-O?12M#4;;Y<-~^n33vdM=fg5lK9>5cL0dL>~ ze1RYE2LT`u1OXTb1|c96gaH7;K?L{&BEe@61)@O=hy`&V9wdN7kOY!J3P=TMART0Y z%*L$oZS2JaR-9<67%Vu)Ng|?0rwh~MQBo?*$ z9-%&9?Qr1STv_3bj$=Ldq_RFcl|2{6s^8}j<^HZ$mX_z63nJBmw zOOmMkFgDsJMNv8XGY$TYIbzLDxuca=VSto>G?_nRX!VvuWWmG-{aTT)Ge+Ue97Z%O ze5{$+^;&6DJkm1LEkxEi1s?yvlZ4@HrWL^4P^6@I=9$#36eS#xTcV7hQJ_tTI&+LY zeG?aEnRaZoBh6MWm?6SKe0GOt;g?BK%qJ8}IaO$@PRK;lHIBtOvPwr{BGuernm8eK z;@`>;bETXN|`u67}+6o1eVs9Zl#rn0OQ0 z+!~@SfK&!Cq#7fp!X3)v8201qikW6OQnNm4E^F@|J^z|~ei*4(@_al8rFqLhQZN}ut}-1MavREhBvLEkDKbLd<1E5j##9z- zykU>=h4;G{Jdss&#(5`@F)S1G64hhf=#8J9 z7 zMF%{Yu#c4R#(T4a%>#T7%o^_H>nEcHSc2#8PDt-A_QOcg2cU85BH7zNS1!Zr?ESoY$)_IeJEy}V);*yprhc8Y$re`?3w9yt{ z7{y!j&txE0PP`6hI^)Yk4dX)UE<*Q2@0een?$iWAmB$U*1A=#C6&H=JiwtM&ik9M1U1UrW&>jxJ{lVja-5O?f40TR3PH#8v)<}N5&DRg3 zl&S3qh8reDRE9HFb5a;lj{lZ=^oG>=P>llilKXI|-dD*_SlqR@1 zmglIDuZy<+tk>l{OHntJYlUMe)*4$j8k*$sk``7}miJtqWQQ>E@yhiec%#`FbJGpu z4H5xkcSI}gr@4>cFV)p)Heaau9=6J{M^s0mtz#W_6#Z#(Dq`x&g4%0scWvC^Ltk){ z(4?RI?F-W{etoYLDjsL4VvdlaAhgEcvJ`ATLWBC1iXl&bxUC4ziqN(l+h%1eC zAmPKf%?Vj$6PbVcupq=uOIep4P`QP0%78CSwAdW$iW1es?P>@QeK{aV}MyR9i1GSwb)* zcbNXx2?H753Z4GB36&*cm^wtJJ+mT?M}&3ZoFpKU{aZ_Mh&bQ2D?^)2^~@l_99-F; zX^GunV6+bF__^&hPYfPOIOk7@9J-cxXo6z6#H^5|g6lw1=B3{jLwIn{!iVn*m4#3k zc|@xORa=JPoCakgjN%&!Q%8m-KULv@N55s0&N&0);`KrQg86v=Gji0Y3hAB$GYXRD z(5>V#8BCE1g$t_5D%A`{z}Ne-u+ec4!t<{qkJALf3y(hu$WVi{D*; zc7vXysGcQijz8J-X1}10uo^zSpSZe$c^O*Kahew9>lAA`9y)nDV=hj+#aAQ6xkV!J z;chSU&VTn8c6{O7v8x0@)96>DD4Zg9O|+|Eunvm(|y z3?pCpy|duk%Q&)By?ZM%O&H-E?%u5X<*P1jLG&q_MdWDOXPh{n0r7QG{63R+Fbe^- z3_36Uy-0{kxa5}eS!plx4R@wLW`;5EKn%jUw$|kVLzw(QidJXF_(ok$++=ARd z-&A8HH{Tk+8~euB9!BkNm_aSysd^j}3%0I~*1C^_R|hN6x(vqfP%~n1x?!?^W~WYn zhvgXG&KZBQgw?&wPAEU`qJ+ z-xa=`&@W@`_w%& zLy;7!-y=vDbhT)pp%X%d9b0W|BdD7hx>XdeCWMU1!W%maeGdGYWb3f6>(a#Sq;!1p&5Y?& z5=#t*{;CeX+b7JjMBzGJM|edn8a27qz9WGhL{Mn?wBE;(VMP>1voqf!`!-mLMA-aa zcFE^)EJqHk0?Df2@TrywT0qz(p>mm6N32O?xCQr*V|>NIIsV>B8W>Kci6txGd%u-k zNTH{W{X}h(1)tpOBe^@&nQw6!Ciure?}=VX≷aqLe62Cfjy#)vy~>c8+Evw&c^^Lc>F;PJknbf+ zJ(B6d>cnU|yw#{>evJM!h1;a0v<0m3yqH{{=fkbe6J26ck~joPaSm_#D47_X?h8x=}?ab!M65&)f|-9JR9>R-yl zgbULIQ<+3U^+xC4Idk?t3S6*NT33BE$~Z{HC=|ekDcWhJ-BZLR%WSyo7V^l*+E>iF zOK1d>4A*FJQ0{F#yEwt#AZg+{L84Gc{IF1iRg^xdchGbM6iyuFwAPX8^#GB$8%V!z z);k-w*BzLfiI}aMtf>;6P$INli7I&(%Q-j03b^W{;TH;=jw(Ae9iD@*h$=yYnfoom z`wtl~KC-v>v)R|$BP$tBo7I_Bv^lAp6xjL*22w6j4UZ%gn>Q-vHl~y9Mi-NPdc($6 zP(6z|w=f??S{?GOtO{?Ao~b?@#GeSWcR%0qK_)3EyEhi;GyS<>ng$No+=qCUtf(EDoB0$Y1))96uMCm+VA0 z-aMWyf0QNDI}9bK=I_Z6XK$a5E5kB0<&f%e6&Bn6_w)T}Ow*t3SQ7MRMQO}R;~vr6 z(^&$d^0*EW;?vBTWU)KNul#qH|01n8reVr&trM68ZArtR&D^1L)D9xJ+?NfAiXL(| zX0q>|`cLR70a3R0Of4@*XdLI!{gN_!>>oMSGX^5r!x5%P%QzUG zj-T$O`|x~}2WkO-3vHkm8tR7?o~2QN#PJnMoEc4H@mO5UT~OX4#AQH5aT6{G0ew>G9P$=-i#)L+;0a`J#+ z7r!(3{iUq&;7B#Vfoqupy+V>>S*H+oKN7Id|3-I5dTv_DbR_11t>AN?9Y3mv1~X|G zhpGauZM`o$qh=<~ju381scw}ex!%kbSxT<1r3Pj2ECkUOZ#?BClRsijAJ4d>UKo4f zEP$8G-aNtjM~m;rlJvmXq<@Q_fR7$PK=57{OYjSw` zH?}Ia&H7IrEeFQqJiShm@whJ=sSCx1lkpyjnqdYu2%@!kp-Z_71VLqg{bLvWdnYV0 z)H9{QJ@u|0=C^r$^fW0cF{1=4zOUI^6DjF&=HDG{{!8J@`LsOQ5MjcWEn1P__etM( zg_{j`r<;5SE|iAIYcR}wv2BZ$ML1fPD<~)Q$KK~ISX8>iF~=n)8Yn&(2z}-+4SzY@CW-T z?BM)<4f|^F!MVlA#i*^gO+3FE#gCmz?;tims&me5y*gU3ME^DYGR2$C7O56DpdGU z!pn$6oXXTBklLN7o1L~`bK%bj5aEJRc!F?;I(;@)!dW4!jf;wn2WW{-C3ylPx~U`O zw=P7So>^m^KDTMUi>FkeA-=w>5W?rLN@1F`sMVy0=#C3ZN{MqomnNC|+5?u&^kno; zV&%U5g6@1JGQZPXItO8iOCbVfS#C))24{ot^AJg1({1{|vM=$ljrP2GWVhzxh^=kM z#rdAODo#f@_bk`A5*t%pg?a5qvaB8mxf#-rs<7i946FR9Thh_crsqF7{jUD}cC1<- zkVIK%M)7*Sojc2iCeukK!Chb|JXU}<2A5~s{{d5U(Z;mn%iY!y&rZ-tuH`5VM$%ur zK+8AE-DSnwA+$$^MLJw0rcL$o_nAK!8-Aig2^7!$P$g{QHG+i|#I=zz-j#<^{h-O* zTRO^*CP`Uh;Sqngd#>ccR0mma7x;ud@AXS%J%A)_t=J*(&qM>4C&lXu{H(4@D+XV_ zA2nLY4A*GhcIsB0tXt@%CVGpMT&klHYKcbzLViIxVP-5#up+xPn__xvag`JDXDBs8 zgDWl)_$!-r){i^1|BCdEA5LYtu1AmYSbgYF7~43*;DnMvo|VL->}zz(9}N#9d9s3w zW#xD@ssAFR#oFVkn*HBxHE+a`YL2%Rf>Pg0y99IAnQlX}PwxZQ%eHtbQRi0a8QUK6 zX{P!YUR6b;!BTVBO6&QR-H%rH9=%25e#W)gI(Vdg)&A`pI(FiK8ekO^`JL`!_9##@ z-ti3S;oC-BG4l6DE|tXtHUVjiR)|)QG-x-T>Fk2{7Sn% z#FPmic9%gsn_l|!a`f+~ClacT#$@y2_UAsT^O$uX4$}mQ4o%nonwqdbn?|SjFuJLq z-H)t7$+wP7?$3B`YCAx-_VjXXX4Jf~ebV5Ga`v@vy<7aSm{cE;zBCh&L+Eka=!tE) zsXS{=-cE4in)9lZHuv|*X2>Ox&j9t8spID0uP{Ht*l7mUfg2O4f9NJP0aaALze~94 zG+(f@WvdHub4&&4?9;}d9{7#i!c7uW{f!zoWRw_0DbUy)FN!wVl(`{+<}UpMxcRpa zoXuWlzgnmAEfi7Qk&lXSU$kTzTp=?zZ9hnSyDk?Rx!tm?qz;yx0Yb=MM8t5mG<2-8A)oumZ4dN*$a8any+Mp{)$r|X1CK-m>cn3TFC;rUz&r ztYogbUUlzXBx$Y~Wu#lxHFu-3ex^QYe$`I}+pv;4iif9!WU(kl)`WijA+*sgZITwwvZfed`A;D1a9XSGA=cGKV-z0-=!L^ zu^fUl5fI@eiK_kY*)B#)YZ>#pG!%I~srFBVt=umpf|1+hmUDVx)(ZOHmDLGJUyU%; z_0|j2aiUjhiw%_K@y4ENw+c`RP?21}!1o@CpM4sA%=*ul|716hKITB{|9@Ak)#OH? sz#p^H_aC#^(t}@o!A#Gs&80$~OYf}BHAMc9PF$BO3-v(yf`o+hKTzh-Q2+n{ From 7935c68fa0f1ba93482802ddfd797034339fb29f Mon Sep 17 00:00:00 2001 From: Cv-securityIQ <135146895+Cv-securityIQ@users.noreply.github.com> Date: Thu, 16 Jan 2025 16:18:32 +0530 Subject: [PATCH 03/17] Update ReleaseNotes.md --- Solutions/Commvault Security IQ/ReleaseNotes.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Solutions/Commvault Security IQ/ReleaseNotes.md b/Solutions/Commvault Security IQ/ReleaseNotes.md index f1fd8a1e752..02f40d8e591 100644 --- a/Solutions/Commvault Security IQ/ReleaseNotes.md +++ b/Solutions/Commvault Security IQ/ReleaseNotes.md @@ -1,4 +1,5 @@ | **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** | |-------------|--------------------------------|---------------------------------------------| +| 3.0.2 | 09-01-2025 | Changing Analytics rule name from CommvaultSecurityIQ Alert to Commvault Cloud Alert| | 3.0.1 | 28-03-2024 | Adding **Data Connector** for Commvault Sentinel Integration| -| 3.0.0 | 21-08-2023 | Initial Solution Release| \ No newline at end of file +| 3.0.0 | 21-08-2023 | Initial Solution Release| From f97c531e3ffcaaf9a83f916a6762ec369e59825e Mon Sep 17 00:00:00 2001 From: Cv-securityIQ <135146895+Cv-securityIQ@users.noreply.github.com> Date: Thu, 16 Jan 2025 16:19:06 +0530 Subject: [PATCH 04/17] Update Solution_Commvault Security IQ.json --- .../Data/Solution_Commvault Security IQ.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Solutions/Commvault Security IQ/Data/Solution_Commvault Security IQ.json b/Solutions/Commvault Security IQ/Data/Solution_Commvault Security IQ.json index 5a927343e88..11b2c888ff3 100644 --- a/Solutions/Commvault Security IQ/Data/Solution_Commvault Security IQ.json +++ b/Solutions/Commvault Security IQ/Data/Solution_Commvault Security IQ.json @@ -19,7 +19,7 @@ ], "Metadata": "SolutionMetadata.json", "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\Commvault Security IQ", - "Version": "3.0.1", + "Version": "3.0.2", "TemplateSpec": true, "Is1Pconnector": false -} \ No newline at end of file +} From 4759759ae28b734c8ac417a4b1fc6b2b982453f6 Mon Sep 17 00:00:00 2001 From: Cv-securityIQ <135146895+Cv-securityIQ@users.noreply.github.com> Date: Thu, 23 Jan 2025 16:36:37 +0530 Subject: [PATCH 05/17] Update CommvaultSecurityIQ_Alert.yaml --- .../Analytic Rules/CommvaultSecurityIQ_Alert.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Solutions/Commvault Security IQ/Analytic Rules/CommvaultSecurityIQ_Alert.yaml b/Solutions/Commvault Security IQ/Analytic Rules/CommvaultSecurityIQ_Alert.yaml index e288fc8e926..16b2ad42544 100644 --- a/Solutions/Commvault Security IQ/Analytic Rules/CommvaultSecurityIQ_Alert.yaml +++ b/Solutions/Commvault Security IQ/Analytic Rules/CommvaultSecurityIQ_Alert.yaml @@ -25,5 +25,5 @@ query: | CommvaultSecurityIQ_CL | take 1000 entityMappings: null -version: 1.0.0 +version: 1.0.1 kind: Scheduled From 529e43eeb77fc0ced218eec5f78a0a4d5067148c Mon Sep 17 00:00:00 2001 From: v-prasadboke <117061676+v-prasadboke@users.noreply.github.com> Date: Thu, 30 Jan 2025 14:48:19 +0530 Subject: [PATCH 06/17] Update ReleaseNotes.md --- Solutions/Commvault Security IQ/ReleaseNotes.md | 1 - 1 file changed, 1 deletion(-) diff --git a/Solutions/Commvault Security IQ/ReleaseNotes.md b/Solutions/Commvault Security IQ/ReleaseNotes.md index 02f40d8e591..c650173f57f 100644 --- a/Solutions/Commvault Security IQ/ReleaseNotes.md +++ b/Solutions/Commvault Security IQ/ReleaseNotes.md @@ -1,5 +1,4 @@ | **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** | |-------------|--------------------------------|---------------------------------------------| -| 3.0.2 | 09-01-2025 | Changing Analytics rule name from CommvaultSecurityIQ Alert to Commvault Cloud Alert| | 3.0.1 | 28-03-2024 | Adding **Data Connector** for Commvault Sentinel Integration| | 3.0.0 | 21-08-2023 | Initial Solution Release| From 4f0a4ea0b12b092f7e5f001ed438f477b243dd89 Mon Sep 17 00:00:00 2001 From: Cv-securityIQ <135146895+Cv-securityIQ@users.noreply.github.com> Date: Thu, 30 Jan 2025 15:17:59 +0530 Subject: [PATCH 07/17] removing verify = false --- .../AzureFunctionCommvaultSecurityIQ/main.py | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/Solutions/Commvault Security IQ/Data Connectors/AzureFunctionCommvaultSecurityIQ/main.py b/Solutions/Commvault Security IQ/Data Connectors/AzureFunctionCommvaultSecurityIQ/main.py index b7bb364e1e7..5cce0b211c6 100644 --- a/Solutions/Commvault Security IQ/Data Connectors/AzureFunctionCommvaultSecurityIQ/main.py +++ b/Solutions/Commvault Security IQ/Data Connectors/AzureFunctionCommvaultSecurityIQ/main.py @@ -25,7 +25,6 @@ customer_id = os.environ.get('AzureSentinelWorkspaceId','') shared_key = os.environ.get('AzureSentinelSharedKey') -verify = False logAnalyticsUri = 'https://' + customer_id + '.ods.opinsights.azure.com' key_vault_name = os.environ.get("KeyVaultName","Commvault-Integration-KV") @@ -118,7 +117,7 @@ def main(mytimer: func.TimerRequest) -> None: headers["authtoken"] = "QSDK " + qsdk_token companyId_url = f"{url}/v2/WhoAmI" - company_response = requests.get(companyId_url, headers=headers, verify=verify) + company_response = requests.get(companyId_url, headers=headers) if company_response.status_code == 200: company_data_json = company_response.json() logging.info(f"Company Response : {company_data_json}") @@ -126,7 +125,7 @@ def main(mytimer: func.TimerRequest) -> None: companyId = company_data.get("id") audit_url = f"{url}/V4/Company/{companyId}/SecurityPartners/Register/6" logging.info(f"Company Id : {companyId}") - audit_response = requests.put(audit_url, headers=headers, verify=verify) + audit_response = requests.put(audit_url, headers=headers) if audit_response.status_code == 200: logging.info(f"Audit Log request sent Successfully. Audit Response : {audit_response.json()}" ) else: @@ -157,7 +156,7 @@ def main(mytimer: func.TimerRequest) -> None: logging.info("Starts at: [{}]".format(datetime.now(timezone.utc).strftime("%Y-%m-%d %H:%M:%S"))) event_endpoint = f"{f_url}&fromTime={fromtime}&toTime={to_time}" logging.info("Event endpoint : [{}]".format(event_endpoint)) - response = requests.get(event_endpoint, headers=headers, verify=verify) + response = requests.get(event_endpoint, headers=headers) logging.info("Response Status Code : " + str(response.status_code)) if response.status_code == 200: @@ -312,7 +311,7 @@ def get_files_list(job_id) -> list: "advConfig": {"browseAdvancedConfigBrowseByJob": {"jobId": int(job_id)}} } f_url = url+"/DoBrowse" - response = requests.post(f_url, headers=headers, json=job_details_body, verify=verify) + response = requests.post(f_url, headers=headers, json=job_details_body) resp = response.json() browse_responses = resp.get("browseResponses", []) file_list = [] @@ -342,7 +341,7 @@ def get_subclient_content_list(subclient_id) -> dict: """ f_url = url + "/Subclient/" + str(subclient_id) - resp = requests.get(f_url, headers=headers, verify=verify).json() + resp = requests.get(f_url, headers=headers).json() resp = resp.get("subClientProperties", [{}])[0].get("content") return resp @@ -384,7 +383,7 @@ def get_job_details(job_id, url, headers): """ f_url = f"{url}/Job/{job_id}" - response = requests.get(f_url, headers=headers, verify=verify) + response = requests.get(f_url, headers=headers) data = response.json() if ("totalRecordsWithoutPaging" in data) and ( int(data["totalRecordsWithoutPaging"]) > 0 @@ -410,7 +409,7 @@ def get_user_details(client_name): """ f_url = f"{url}/Client/byName(clientName='{client_name}')" - response = requests.get(f_url, headers=headers, verify=False).json() + response = requests.get(f_url, headers=headers).json() user_id = response['clientProperties'][0]['clientProps']['securityAssociations']['associations'][0]['userOrGroup'][0]['userId'] user_name = response['clientProperties'][0]['clientProps']['securityAssociations']['associations'][0]['userOrGroup'][0]['userName'] return user_id, user_name @@ -690,4 +689,4 @@ def read_blob(connection_string, container_name, blob_name): except Exception as e: logging.error(f"An error occurred: {str(e)}") - raise e \ No newline at end of file + raise e From b39e2a67ca1c47cd1899e932ae9941b105e91e08 Mon Sep 17 00:00:00 2001 From: Cv-securityIQ Date: Thu, 20 Feb 2025 17:19:48 +0530 Subject: [PATCH 08/17] Update main.py --- .../AzureFunctionCommvaultSecurityIQ/main.py | 215 +++++++++--------- 1 file changed, 110 insertions(+), 105 deletions(-) diff --git a/Solutions/Commvault Security IQ/Data Connectors/AzureFunctionCommvaultSecurityIQ/main.py b/Solutions/Commvault Security IQ/Data Connectors/AzureFunctionCommvaultSecurityIQ/main.py index 5cce0b211c6..994dc582a57 100644 --- a/Solutions/Commvault Security IQ/Data Connectors/AzureFunctionCommvaultSecurityIQ/main.py +++ b/Solutions/Commvault Security IQ/Data Connectors/AzureFunctionCommvaultSecurityIQ/main.py @@ -170,7 +170,8 @@ def main(mytimer: func.TimerRequest) -> None: if data: for event in data: temp = get_incident_details(event["description"]) - post_data.append(temp) + if temp: + post_data.append(temp) logging.info("Trying Post Data") gen_chunks(post_data) logging.info("Job Succeeded") @@ -410,8 +411,8 @@ def get_user_details(client_name): f_url = f"{url}/Client/byName(clientName='{client_name}')" response = requests.get(f_url, headers=headers).json() - user_id = response['clientProperties'][0]['clientProps']['securityAssociations']['associations'][0]['userOrGroup'][0]['userId'] - user_name = response['clientProperties'][0]['clientProps']['securityAssociations']['associations'][0]['userOrGroup'][0]['userName'] + user_id = response.get('clientProperties', [{}])[0].get('clientProps', {}).get('securityAssociations', {}).get('associations', [{}])[0].get('userOrGroup', [{}])[0].get('userId') + user_name = response.get('clientProperties', [{}])[0].get('clientProps', {}).get('securityAssociations', {}).get('associations', [{}])[0].get('userOrGroup', [{}])[0].get('userName') return user_id, user_name @@ -425,108 +426,112 @@ def get_incident_details(message: str) -> dict | None: Returns: dict | None: Incident details or None if not found """ - anomaly_sub_type = extract_from_regex( - message, - "0", - rf"{Constants.anomaly_sub_type}:\[(.*?)\]", - ) - if anomaly_sub_type is None or anomaly_sub_type == "0": - return None - anomaly_sub_type = get_backup_anomaly(int(anomaly_sub_type)) - job_id = extract_from_regex( - message, - "0", - rf"{Constants.job_id}:\[(.*?)\]", - ) - - description = format_alert_description(message) - - job_details = get_job_details(job_id,url,headers) - if job_details is None: - print(f"Invalid job [{job_id}]") + try: + anomaly_sub_type = extract_from_regex( + message, + "0", + rf"{Constants.anomaly_sub_type}:\[(.*?)\]", + ) + if anomaly_sub_type is None or anomaly_sub_type == "0": + return None + anomaly_sub_type = get_backup_anomaly(int(anomaly_sub_type)) + job_id = extract_from_regex( + message, + "0", + rf"{Constants.job_id}:\[(.*?)\]", + ) + + description = format_alert_description(message) + + job_details = get_job_details(job_id,url,headers) + if job_details is None: + print(f"Invalid job [{job_id}]") + return None + job_start_time = int( + job_details.get("jobs", [{}])[0].get("jobSummary", {}).get("jobStartTime") + ) + job_end_time = int( + job_details.get("jobs", [{}])[0].get("jobSummary", {}).get("jobEndTime") + ) + subclient_id = ( + job_details.get("jobs", [{}])[0] + .get("jobSummary", {}) + .get("subclient", {}) + .get("subclientId") + ) + files_list, scanned_folder_list = fetch_file_details(job_id, subclient_id) + originating_client = extract_from_regex(message, "", r"{}:\[(.*?)\]".format(Constants.originating_client)) + user_id, username = get_user_details(originating_client) + details = { + "subclient_id": subclient_id, + "files_list": files_list, + "scanned_folder_list": scanned_folder_list, + "anomaly_sub_type": anomaly_sub_type, + "severity": define_severity(anomaly_sub_type), + "originating_client": originating_client, + "user_id": user_id, + "username": username, + "affected_files_count": if_zero_set_none( + extract_from_regex( + message, + None, + r"{}:\[(.*?)\]".format( + Constants.affected_files_count + ), + ) + ), + "modified_files_count": if_zero_set_none( + extract_from_regex( + message, + None, + r"{}:\[(.*?)\]".format( + Constants.modified_files_count + ), + ) + ), + "deleted_files_count": if_zero_set_none( + extract_from_regex( + message, + None, + r"{}:\[(.*?)\]".format( + Constants.deleted_files_count + ), + ) + ), + "renamed_files_count": if_zero_set_none( + extract_from_regex( + message, + None, + r"{}:\[(.*?)\]".format( + Constants.renamed_files_count + ), + ) + ), + "created_files_count": if_zero_set_none( + extract_from_regex( + message, + None, + r"{}:\[(.*?)\]".format( + Constants.created_files_count + ), + ) + ), + "job_start_time": datetime.utcfromtimestamp(job_start_time).strftime( + "%Y-%m-%d %H:%M:%S" + ), + "job_end_time": datetime.utcfromtimestamp(job_end_time).strftime( + "%Y-%m-%d %H:%M:%S" + ), + "job_id": job_id, + "external_link": extract_from_regex( + message, "", "href='(.*?)'", 'href="(.*?)"' + ), + "description": description, + } + return details + except: + logging.error(f"An error occurred") return None - job_start_time = int( - job_details.get("jobs", [{}])[0].get("jobSummary", {}).get("jobStartTime") - ) - job_end_time = int( - job_details.get("jobs", [{}])[0].get("jobSummary", {}).get("jobEndTime") - ) - subclient_id = ( - job_details.get("jobs", [{}])[0] - .get("jobSummary", {}) - .get("subclient", {}) - .get("subclientId") - ) - files_list, scanned_folder_list = fetch_file_details(job_id, subclient_id) - originating_client = extract_from_regex(message, "", r"{}:\[(.*?)\]".format(Constants.originating_client)) - user_id, username = get_user_details(originating_client) - details = { - "subclient_id": subclient_id, - "files_list": files_list, - "scanned_folder_list": scanned_folder_list, - "anomaly_sub_type": anomaly_sub_type, - "severity": define_severity(anomaly_sub_type), - "originating_client": originating_client, - "user_id": user_id, - "username": username, - "affected_files_count": if_zero_set_none( - extract_from_regex( - message, - None, - r"{}:\[(.*?)\]".format( - Constants.affected_files_count - ), - ) - ), - "modified_files_count": if_zero_set_none( - extract_from_regex( - message, - None, - r"{}:\[(.*?)\]".format( - Constants.modified_files_count - ), - ) - ), - "deleted_files_count": if_zero_set_none( - extract_from_regex( - message, - None, - r"{}:\[(.*?)\]".format( - Constants.deleted_files_count - ), - ) - ), - "renamed_files_count": if_zero_set_none( - extract_from_regex( - message, - None, - r"{}:\[(.*?)\]".format( - Constants.renamed_files_count - ), - ) - ), - "created_files_count": if_zero_set_none( - extract_from_regex( - message, - None, - r"{}:\[(.*?)\]".format( - Constants.created_files_count - ), - ) - ), - "job_start_time": datetime.utcfromtimestamp(job_start_time).strftime( - "%Y-%m-%d %H:%M:%S" - ), - "job_end_time": datetime.utcfromtimestamp(job_end_time).strftime( - "%Y-%m-%d %H:%M:%S" - ), - "job_id": job_id, - "external_link": extract_from_regex( - message, "", "href='(.*?)'", 'href="(.*?)"' - ), - "description": description, - } - return details def build_signature(date, content_length, method, content_type, resource): @@ -689,4 +694,4 @@ def read_blob(connection_string, container_name, blob_name): except Exception as e: logging.error(f"An error occurred: {str(e)}") - raise e + raise e \ No newline at end of file From 1e69b968cc9bf4daddb7b6c2e96af6fb4ae9dc61 Mon Sep 17 00:00:00 2001 From: v-prasadboke Date: Tue, 25 Feb 2025 17:30:30 +0530 Subject: [PATCH 09/17] analytic rules updated --- .../Analytic Rules/CommvaultSecurityIQ_Alert.yaml | 6 ++++-- .../Commvault Security IQ/Analytic Rules/Data_Alert.yaml | 6 ++++-- .../Commvault Security IQ/Analytic Rules/IDP_Alert.yaml | 6 ++++-- .../Commvault Security IQ/Analytic Rules/User_Alert.yaml | 6 ++++-- 4 files changed, 16 insertions(+), 8 deletions(-) diff --git a/Solutions/Commvault Security IQ/Analytic Rules/CommvaultSecurityIQ_Alert.yaml b/Solutions/Commvault Security IQ/Analytic Rules/CommvaultSecurityIQ_Alert.yaml index 16b2ad42544..3a033306ef7 100644 --- a/Solutions/Commvault Security IQ/Analytic Rules/CommvaultSecurityIQ_Alert.yaml +++ b/Solutions/Commvault Security IQ/Analytic Rules/CommvaultSecurityIQ_Alert.yaml @@ -4,7 +4,9 @@ description: | 'This query identifies Alerts from Commvault Cloud.' severity: Medium status: Available -requiredDataConnectors: [] +requiredDataConnectors: [ + "CommvaultSecurityIQ" +] queryFrequency: 5m queryPeriod: 5m triggerOperator: gt @@ -25,5 +27,5 @@ query: | CommvaultSecurityIQ_CL | take 1000 entityMappings: null -version: 1.0.1 +version: 1.0.2 kind: Scheduled diff --git a/Solutions/Commvault Security IQ/Analytic Rules/Data_Alert.yaml b/Solutions/Commvault Security IQ/Analytic Rules/Data_Alert.yaml index d60c63c3b9a..272f964530a 100644 --- a/Solutions/Commvault Security IQ/Analytic Rules/Data_Alert.yaml +++ b/Solutions/Commvault Security IQ/Analytic Rules/Data_Alert.yaml @@ -4,7 +4,9 @@ description: | 'This query identifies clients or servers whose data has been compromised.' severity: Medium status: Available -requiredDataConnectors: [] +requiredDataConnectors: [ + "CommvaultSecurityIQ" +] queryFrequency: 5m queryPeriod: 5m triggerOperator: gt @@ -27,5 +29,5 @@ query: | | extend extracted_word = extract("Client\\s(.*?)\\sCompromised", 1, Description) | project TimeGenerated, Title, Description, Status entityMappings: null -version: 1.0.0 +version: 1.0.1 kind: Scheduled diff --git a/Solutions/Commvault Security IQ/Analytic Rules/IDP_Alert.yaml b/Solutions/Commvault Security IQ/Analytic Rules/IDP_Alert.yaml index 9731f6f85ae..561fcd49a01 100644 --- a/Solutions/Commvault Security IQ/Analytic Rules/IDP_Alert.yaml +++ b/Solutions/Commvault Security IQ/Analytic Rules/IDP_Alert.yaml @@ -4,7 +4,9 @@ description: | 'This query identifies indications of a potential security breach or unauthorized access to the systems and data of the Identity Provider.' severity: Medium status: Available -requiredDataConnectors: [] +requiredDataConnectors: [ + "CommvaultSecurityIQ" +] queryFrequency: 5m queryPeriod: 5m triggerOperator: gt @@ -24,5 +26,5 @@ query: | SecurityIncident | where Title has "Cvlt Alert" and Description == "IDP Compromised" and Status has "New" entityMappings: null -version: 1.0.0 +version: 1.0.1 kind: Scheduled diff --git a/Solutions/Commvault Security IQ/Analytic Rules/User_Alert.yaml b/Solutions/Commvault Security IQ/Analytic Rules/User_Alert.yaml index 0b360719c7a..4b58cadce72 100644 --- a/Solutions/Commvault Security IQ/Analytic Rules/User_Alert.yaml +++ b/Solutions/Commvault Security IQ/Analytic Rules/User_Alert.yaml @@ -4,7 +4,9 @@ description: | 'This query identifies users whose user account or credentials have been compromised.' severity: Medium status: Available -requiredDataConnectors: [] +requiredDataConnectors: [ + "CommvaultSecurityIQ" +] queryFrequency: 5m queryPeriod: 5m triggerOperator: gt @@ -26,5 +28,5 @@ query: | | extend extracted_word = extract("User\\s(.*?)\\sCompromised", 1, Description) | project TimeGenerated, Title, Description, Status entityMappings: null -version: 1.0.0 +version: 1.0.1 kind: Scheduled From 4b548fb18c60fc5a4d3526ab6b273fbae7181f98 Mon Sep 17 00:00:00 2001 From: v-prasadboke Date: Tue, 25 Feb 2025 17:30:46 +0530 Subject: [PATCH 10/17] Data connector updated --- ...mvaultSecurityIQ_API_AzureFunctionApp.json | 2 +- ...eploy_CommvaultSecurityIQ_FunctionApp.json | 36 +++++++++---------- 2 files changed, 19 insertions(+), 19 deletions(-) diff --git a/Solutions/Commvault Security IQ/Data Connectors/CommvaultSecurityIQ_API_AzureFunctionApp.json b/Solutions/Commvault Security IQ/Data Connectors/CommvaultSecurityIQ_API_AzureFunctionApp.json index 815867ed2e3..c9ff0f1cd3e 100644 --- a/Solutions/Commvault Security IQ/Data Connectors/CommvaultSecurityIQ_API_AzureFunctionApp.json +++ b/Solutions/Commvault Security IQ/Data Connectors/CommvaultSecurityIQ_API_AzureFunctionApp.json @@ -111,7 +111,7 @@ }, { "title": "", - "description": "**Option 1 - Azure Resource Manager (ARM) Template**\n\nUse this method for automated deployment of the Commvault Security IQ data connector.\n\n1. Click the **Deploy to Azure** button below. \n\n\t[![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://aka.ms/sentinel-CommvaultSecurityIQ-azuredeploy)\n2. Select the preferred **Subscription**, **Resource Group** and **Location**. \n3. Enter the **Workspace ID**, **Workspace Key**, **API Username**, **API Password**, 'and/or Other required fields'. \n>Note: If using Azure Key Vault secrets for any of the values above, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details. \n4. Mark the checkbox labeled **I agree to the terms and conditions stated above**. \n5. Click **Purchase** to deploy." + "description": "**Option 1 - Azure Resource Manager (ARM) Template**\n\nUse this method for automated deployment of the Commvault Security IQ data connector.\n\n1. Click the **Deploy to Azure** button below. \n\n\t[![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://aka.ms/sentinel-CommvaultSecurityIQ-azuredeploy)\n2. Select the preferred **Subscription**, **Resource Group** and **Location**. \n3. Enter the **Workspace ID**, **Workspace Key** 'and/or Other required fields'. \n>Note: If using Azure Key Vault secrets for any of the values above, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details. \n4. Mark the checkbox labeled **I agree to the terms and conditions stated above**. \n5. Click **Purchase** to deploy." }, { "title": "", diff --git a/Solutions/Commvault Security IQ/Data Connectors/azuredeploy_CommvaultSecurityIQ_FunctionApp.json b/Solutions/Commvault Security IQ/Data Connectors/azuredeploy_CommvaultSecurityIQ_FunctionApp.json index d5b60243218..f55052bb112 100644 --- a/Solutions/Commvault Security IQ/Data Connectors/azuredeploy_CommvaultSecurityIQ_FunctionApp.json +++ b/Solutions/Commvault Security IQ/Data Connectors/azuredeploy_CommvaultSecurityIQ_FunctionApp.json @@ -3,7 +3,7 @@ "contentVersion": "1.0.0.0", "parameters": { "FunctionName": { - "defaultValue": "CommvaultSecurityIQ", + "defaultValue": "CommvaultCloud", "minLength": 1, "type": "string" }, @@ -28,6 +28,7 @@ }, "variables": { "FunctionName": "[concat(toLower(parameters('FunctionName')), uniqueString(resourceGroup().id))]", + "StorageAccountName":"[substring(variables('FunctionName'), 0, 22)]", "StorageSuffix": "[environment().suffixes.storage]", "LogAnaltyicsUri": "[replace(environment().portal, 'https://portal', concat('https://', toLower(parameters('AzureSentinelWorkspaceId')), '.ods.opinsights'))]" }, @@ -47,7 +48,7 @@ { "type": "Microsoft.Storage/storageAccounts", "apiVersion": "2019-06-01", - "name": "[tolower(variables('FunctionName'))]", + "name": "[tolower(variables('StorageAccountName'))]", "location": "[resourceGroup().location]", "sku": { "name": "Standard_LRS", @@ -80,9 +81,9 @@ { "type": "Microsoft.Storage/storageAccounts/blobServices", "apiVersion": "2019-06-01", - "name": "[concat(variables('FunctionName'), '/default')]", + "name": "[concat(variables('StorageAccountName'), '/default')]", "dependsOn": [ - "[resourceId('Microsoft.Storage/storageAccounts', tolower(variables('FunctionName')))]" + "[resourceId('Microsoft.Storage/storageAccounts', tolower(variables('StorageAccountName')))]" ], "sku": { "name": "Standard_LRS", @@ -100,9 +101,9 @@ { "type": "Microsoft.Storage/storageAccounts/fileServices", "apiVersion": "2019-06-01", - "name": "[concat(variables('FunctionName'), '/default')]", + "name": "[concat(variables('StorageAccountName'), '/default')]", "dependsOn": [ - "[resourceId('Microsoft.Storage/storageAccounts', tolower(variables('FunctionName')))]" + "[resourceId('Microsoft.Storage/storageAccounts', tolower(variables('StorageAccountName')))]" ], "sku": { "name": "Standard_LRS", @@ -120,7 +121,7 @@ "name": "[variables('FunctionName')]", "location": "[resourceGroup().location]", "dependsOn": [ - "[resourceId('Microsoft.Storage/storageAccounts', tolower(variables('FunctionName')))]", + "[resourceId('Microsoft.Storage/storageAccounts', tolower(variables('StorageAccountName')))]", "[resourceId('Microsoft.Insights/components', variables('FunctionName'))]" ], "kind": "functionapp,linux", @@ -147,14 +148,13 @@ "[concat('Microsoft.Web/sites/', variables('FunctionName'))]" ], "properties": { - "FUNCTIONS_EXTENSION_VERSION": "~4", "FUNCTIONS_WORKER_RUNTIME": "python", "APPINSIGHTS_INSTRUMENTATIONKEY": "[reference(resourceId('Microsoft.insights/components', variables('FunctionName')), '2015-05-01').InstrumentationKey]", "APPLICATIONINSIGHTS_CONNECTION_STRING": "[reference(resourceId('microsoft.insights/components', variables('FunctionName')), '2015-05-01').ConnectionString]", "AzureSentinelWorkspaceId": "[parameters('AzureSentinelWorkspaceId')]", "AzureSentinelSharedKey": "[parameters('AzureSentinelSharedKey')]", - "AzureWebJobsStorage": "[concat('DefaultEndpointsProtocol=https;AccountName=', toLower(variables('FunctionName')),';AccountKey=',listKeys(resourceId('Microsoft.Storage/storageAccounts', toLower(variables('FunctionName'))), '2019-06-01').keys[0].value, ';EndpointSuffix=',toLower(variables('StorageSuffix')))]", + "AzureWebJobsStorage": "[concat('DefaultEndpointsProtocol=https;AccountName=', toLower(variables('StorageAccountName')),';AccountKey=',listKeys(resourceId('Microsoft.Storage/storageAccounts', toLower(variables('StorageAccountName'))), '2019-06-01').keys[0].value, ';EndpointSuffix=',toLower(variables('StorageSuffix')))]", "KeyVaultName": "[parameters('KeyVaultName')]", "WEBSITE_RUN_FROM_PACKAGE": "https://aka.ms/sentinel-CommvaultSecurityIQ-functionapp" } @@ -164,10 +164,10 @@ { "type": "Microsoft.Storage/storageAccounts/blobServices/containers", "apiVersion": "2019-06-01", - "name": "[concat(variables('FunctionName'), '/default/azure-webjobs-hosts')]", + "name": "[concat(variables('StorageAccountName'), '/default/azure-webjobs-hosts')]", "dependsOn": [ - "[resourceId('Microsoft.Storage/storageAccounts/blobServices', variables('FunctionName'), 'default')]", - "[resourceId('Microsoft.Storage/storageAccounts', variables('FunctionName'))]" + "[resourceId('Microsoft.Storage/storageAccounts/blobServices', variables('StorageAccountName'), 'default')]", + "[resourceId('Microsoft.Storage/storageAccounts', variables('StorageAccountName'))]" ], "properties": { "publicAccess": "None" @@ -176,10 +176,10 @@ { "type": "Microsoft.Storage/storageAccounts/blobServices/containers", "apiVersion": "2019-06-01", - "name": "[concat(variables('FunctionName'), '/default/azure-webjobs-secrets')]", + "name": "[concat(variables('StorageAccountName'), '/default/azure-webjobs-secrets')]", "dependsOn": [ - "[resourceId('Microsoft.Storage/storageAccounts/blobServices', variables('FunctionName'), 'default')]", - "[resourceId('Microsoft.Storage/storageAccounts', variables('FunctionName'))]" + "[resourceId('Microsoft.Storage/storageAccounts/blobServices', variables('StorageAccountName'), 'default')]", + "[resourceId('Microsoft.Storage/storageAccounts', variables('StorageAccountName'))]" ], "properties": { "publicAccess": "None" @@ -188,10 +188,10 @@ { "type": "Microsoft.Storage/storageAccounts/fileServices/shares", "apiVersion": "2019-06-01", - "name": "[concat(variables('FunctionName'), '/default/', tolower(variables('FunctionName')))]", + "name": "[concat(variables('StorageAccountName'), '/default/', tolower(variables('StorageAccountName')))]", "dependsOn": [ - "[resourceId('Microsoft.Storage/storageAccounts/fileServices', variables('FunctionName'), 'default')]", - "[resourceId('Microsoft.Storage/storageAccounts', variables('FunctionName'))]" + "[resourceId('Microsoft.Storage/storageAccounts/fileServices', variables('StorageAccountName'), 'default')]", + "[resourceId('Microsoft.Storage/storageAccounts', variables('StorageAccountName'))]" ], "properties": { "shareQuota": 5120 From dcc510cef1b7c1096bf656e6caf8bc978f6715fc Mon Sep 17 00:00:00 2001 From: v-prasadboke Date: Tue, 25 Feb 2025 17:31:02 +0530 Subject: [PATCH 11/17] Solution packaged --- .../Commvault Security IQ/Package/3.0.2.zip | Bin 0 -> 13379 bytes .../Package/createUiDefinition.json | 4 +- .../Package/mainTemplate.json | 58 +++++++++++------- 3 files changed, 37 insertions(+), 25 deletions(-) create mode 100644 Solutions/Commvault Security IQ/Package/3.0.2.zip diff --git a/Solutions/Commvault Security IQ/Package/3.0.2.zip b/Solutions/Commvault Security IQ/Package/3.0.2.zip new file mode 100644 index 0000000000000000000000000000000000000000..4abad853eaae36829edd47e26a8adbbef2d1f9de GIT binary patch literal 13379 zcmZ|0bBrfI(=Ix;ZQHhO+rKe(Z0*>#ZEMH2ZF9%A=j{8QliYj1n^XNqS68|#Pj^zu zljSL>`-gLB3gkibT1?e1!I_JMfv(mSWRf~d; zp}87Ui&D^{e+(w)EUPRS(ml4|;mB`em@vYj+Qh4UavTRy_kqB|<6MFVmC9JT4e|G+ zHd^mNIgt@8^t73)cjeks0EaDt(ZTRBQ+m>G_AD8!HUpYz&2DgpV9sX;KAE}zq4|VR zDNcjLgP&8lFcx%cIJ1E9yM|mFUV%Ajr@?{@WPZqJ^WWJJOwWrRoO@D z7Qq+2z29LuUg9kVjZvz~dlV|qm4*?z;a;6SGf>LVo*E=JQ14~kIjqRX5*_5f3BI@( z#yx0+QQ*TVCFF8OLAoe?pqbZ(T`MuElU9!9&0pEK7GiCsyNq|dPC-2SSO9ooxQVaD z#8%qFYw>1TFmfDE7)Y8YE=|v>8q#n~l*ggoH4({*DfQK?P-s}%k3@; zqHm45lQ%cRhUNkkRFQdX>Dt$?<8AF*#~1Eoc?6VwxR>8I^16u7Fh>KklF5rj1(w?{ z@;d;cc`7ub2y2YLP-U+a+zo5Hi5B+r#}LezHhngtk0r7X$&pUCf)9pHaZd+N5~3); zY|JY-Z)xnEJ~|Yl4l|vS&TTQW?*N>$!h{m$+j0=TYf@6OqDn!i>k$gJr>v7MrjZ zq2@Uz=aS;UtTt9_h(~o&$g05xvP{~s-3UKpq4=zhsTbiw6{^t)N4087S=GY*yc%3H%*id&SlkUwzsO8A(x(i zu(G5;PvPOvuVo9RLv;ZX_`*g8mrZI)Pr)B+2P) z+f_04Ly8X$+Mn603>gUbBVF!bpp0No+1Pp6&1vOF1>YRbB{?1Bf1ln1BgTer#hG{5 z1$s}la8hf5se5*Nc9Y=s!@s(;3)pA4K)7i^xeScvyN7S_b2h0HK|f24KS5Ua#Uebx|fc3i?Udgmrxx8}9@cl=#1v6lq}w>=6k z9nqk!fL7z#P*35XLpRHlCrDNw?D%x^Uet-P1C~dR8)|pS&Eh2ncvb4+rr7ZpxI4G- zIvsRxmUFg_jB@Ay#Hu)SJBokg?>aPt;Ln%i^~j{C+elC=qT#DeW4;?Mp7vJSCE$=GIP^H9R>ka^SzL)Y$fN*5=JKA3~g;isT&K174)SV(nNw~zg z7C)%J2+W#^=@Z^5v0+zTXTLw?tCQer+ir8;*vuho_3n6E2caa?V#>elSboV+NYfjb ziL0zxy76JGHF9?s!VVcJKPUu6*<)T*0Q5)*k&l%_Jn`?!I+MG-+ByuaDsXeJZ*yIG zBtrNYh&QOQlb9BmyGkk#Ae#phNZnA1Y&JTcyG3(2aO)IX%TnwR2s4$eXL^3qG~`s6 zqWhxTOyz@HP@z&Svlag4Sc&4ULO!LJdxkFZERiQPnWc#(q*TF|&>?Nd5np>GGS-*d zXelDG@%wn@lNxYm@p3I>zOPcIKjZB!_E^=U;iu{$EdJj9upvkp4cmDS(Fv#`am{xj zXn=+f!QE>O(T8l^#&Zwd#pIbj!LwjRW9CgKf8d4UPJ%*aETNYeVu!B|lMXxMK&b86 zO7)Jjl--Tsj{$zk%>Wi9m&OZCg}7kE8C@e;S!;Sbz;}kL6)7%1hohTtCcZbUN6Y+WQm-QjacvN4E>x;tXf^V2( zKuPcjxS?EhZ#SGW{1eiBSG&3K`nu;L=DEmaH)rU#$;ipMQoEteZaeD{{5pv$+$GQOC}PUrXF5>h;?& zPLH5CiKkLi}$C3Ua z$bN}9v(*u#Pu$1V;@|}C_e~k(;WkO-Xqe1n87@(W%F>1%l1(g~{f(|B?y2%2uiT9> zMU3kgqh9C0u%-5UN!2RxO2OFQW%yp+nz7Z(1%l@0q9^Yanb4Kk=C_avcV+%ZU7{*m zu6`G#s?-mIve&TQA7G{b54|9N@7%zp1p;y(1qMR?M=xvvR(5J;whq7kk&OQmiz|I^ z=S_*kAHS+=-YG}>s6-7ia+TjhX|L6<2~-zh#^ch<<1{#Ap(GkaeL(r9AKN87mHMj zoO$f0!rG?~lKkxk!KmGk?(dmv&YYa?nHjs;Qs>p)0jE(H4)>aHw;$~H9YfvC>Y#=j z@!M-moZ#3SfMDk~{wL#a!J-5+U1XJ8NCAJz6_U(%U<`Q1k?lKi%Hl)uJu%H0`&s|+ z^^j%$|15o`OTc@h$W5{_o+qoj89&>7c7|>;ly>=Fg5nH zNYf^4%&9!yFnGjJmSpXD4fPg~K<5y@ii4>fj1D{1fTzHw^9i}8@sb=`NDyDyIPhF1R94cSJh^N7U@}|O$c-{4xi$iwCofbjH zSz7R&-ncwJ6D-agjs{8QjKA*JK3Q6b5MKL`Hj{CpwZ>bffO;3@$XRICfA+!VG+CiN zKkMU&X(?J>)OX8o@O;VAjVBOg@?4Qb7RSHHaSG3J(xl;ogo97EdH4I_*b5S>CbJ70&t+;=G77rswdC0*I-1j+gM8(~ zy0d)|O_wE5ykg3bnKc77qQe5ZXjiz?ku96U?)i z`aVyLP_Nx>{MB%=oLJ+DR9}^FlXpV*H1KhP4cdKXxl}Wjj44}QUfpu7J<5-E5^-U8 z08)J>G(T8_b>qz0du$q@p~A43%l0e)kPVO>zpMYSQ`kpCbhd4Wju~&q%FqxgTLOqI z@F+kzyPt*lVkPzCmLFo@h!dlTJUjowZ%=h67|9N9H0hWRwT-#`89&h0Ly-KiH$V)a z$3)-?IcF2r-iI+$n*ZG_Kvkhtfb!lTV-IlevdwBt<+f!F>R^2TBj!u`ecn$ZOab- zM`Ljhp|&*O+8SqTeVMJ?Q2tGs0k53japvCKVBj_{Y}T-hZyY_%Ox}we7Q5qgKLj$2 zUy!PST9&7(oW@;Gr8*gE9_$N_Jb|(Txw*gqga-6nWz-*}sz4-^RqZc^#`<29MuwA~ zS#`z1cnwznbDMQQDyxvWaH-n&J+XT8`pODmXydR%^AR>9^`Maf-veMv3z?^BQuyrCHG-+s+vmvs#bYMC*7xMv&D` zs=xB&{tik2GnWDRI8czLqTJ;&#V9lEs^i_H>zPOPp-xDw&yNWMCuEs3i4q%w=J z>q%X<_OPiLEW%cE#~rM9#9ly0v@m^d#lw=$PDJN)dPclECWQ!o<%bw0aN)T*fWYyen zcaLPJ`8L&3YcyxqtJ9XjW#~@yKHIvLP5W)w{+L8_5uZW^QCPF5LnTP_{%;;L*CcK#Ft+s%_?6k08+uKN&jQm1U(t_;2TT*Ev zsdeHDF(~bcn!cfej;OZm*E9OSOg$u_o_LP0P!PI`rZ3Xkb#xrYqlo1Da;_}i3e+lc z^ju^-1#@G3zaKE3bkfy6HG+tuTDVS(E!(1_zk2d`=`R{3&*|^%udS^6EaEDpdUNe; zw_9qlNOYivFBxIeDN&J4zR-zSKTUbI zQ(cnugr+^#onf;pEiG+Zt~(bi*m%knNA+7>rH-Y}h`iBcSdfNHDw&!&BdTmpRoxZ< zL0xq)ndsGANVyt;$)c0QN{h+bQAE?O;7YvlDVft^`3t)x`8uK`Tw$9>dn3oj(iwiD zo=oL^hnxAGT_L*1(YSgzqW_Q~dXIq5Y)`tX?6 zW$Vb@ey!bZ%Q30FQ+vR%2y1X6Hp`s%>5U7Wc5NoqRN=wnJ;fv8W|5 z?RF(uITNCS<7I`-))^k>R`zZM&bo^o^sq)ds`YqpxWI7*ZCGBc=r{Zf4xYF4!qw_Y zHLwiv1k9xWpt%Sg%S!@g?BBo#ik2lwq)DdSLP3lDy9>4xcWYD|xJ6tNOK6gsU`=8$ z(~zmjemwp;905TiUtwAjMDfXW(86XolyL`(`UdN`9AY(qNksv2o0yKTshCh(vRyqv(Le!*e)3U#= zg{(G?anSbC4usaL9P=-+At!Y3sOa9-gFDfV4YUoIQTBtGVj%5eD;3p3c54f{MRK05*6!Fo4){JNteYFZ@zlRZ?A$s~c6&7c&W z(tp4djm1@6s*ieuRfYi}!|5M7GS9vOL2b>w;h)$)G&2J3B$o5Z=^6Oqpj8Vl3UykW zC3ux~3g68WZz&h-deJETu}|+2pTA6+vglRnVRVVuG#Y*X(nh5XTYpeBY7C5G$&xBy z9ov$R#{N>~^BA+E(rz(LZ!4}6zr#^~8dDtK+SyE;EpeAZS>n`TD>E*LE+S zyP@J%ksXy3+98zrXy-eT&n8q)(W8EA|8*)_xf(bEZS`C8pIe-2bNb`|D)tGKvtdXS z3GG2yLYS+7HyaT{%bqVO$|^-ZjyI>t5>Mdfws&I}c$bw}z!Hz5V%_sg>qsXAkQ~d1 z{t#)Lh}{>*0CR~%{u|1>oPtqetdfLbe_!cWq$p+2+FT(zn@|UKph(65LYX;6)v?C| z_(!RU)ufW;(Wd6IxI-n~D!%sN!#;`8EB)-ZLk^P{f#4TX8*Y|gYJGjSiQ}dNGWs%V zJX~jOxl5`y#RaxD(?%AhEp1a?cCOSrau*U!8-W#{EP|_DgS~Exm+=a(!~Vz(*rfGW zdxw#ZYgIw>EJ;z==r{LMChS2aiia!+5dsV++l$ahvI%JJJc>_oSF(_hw-5l<`x)}- z7Pp9Shj356`_rox_gTUGDlW&4fCeAr8! z_9548OpBTkl?+^gl=nlg!iHS25&!8E_zp*{R4@Uu@7Ou{qMdIOdX;>Y&~oCEhCmFu z(xAQ+&kp;d_=S;BWtvg{()6F=ES4~mlF&%_!W(4>hZWSQkG`zeD^(AtWNz+eMd2v3 zSWH>YPXoJ!sSM5;Ou(HS<&ck_sV-WJ*V$!*eix+zzE%PndSv{h4P;VZ+Ozko<(6VOwi)`82E}J!bqIc}47eNZm&{MN|P7b6RUWd!2f{c}L`kU#W;EqMzTxOqmPBqA2C- z?k;9}E@Z7)&twOO_WJLLb9eUbGdGWEYn~02-by`ghPD>raf;fSGBsC9*o^fMW}U@- z%M<(%@k_u&$v1oAJnTP7`y z7mna35}=&&JlVX5ne+TNr@5ZDak24pyBMieo`u9__x=^g8v;Ls^S%a#_b%efI$?R$ zk7FvU5*h=KwUt^ac>_<}M+ZjGEz$VlA=~BMz}Dmm1gj3M!v|AO*MD#>9lSI#oIqx6 z6OpQpHpvRky6DxxU%YQ~JzHq+aoMWqS$}O8G_4F9xQ0pHTRwIlhH;9eC@}Lcpn|l$ zwJ-q3=yun#t8~^Z=>lR#d?B|xI}pM*`5U_<5#h*3k(Unz*#!X_gysdP^#}(J=LwcaZ7s`5<}f zp4XDLqjV-N zVvRDg8k$bCnjMRTnlaTkm||CPR?44psxPaaduh*&EEtsHbj#^QZn5i77*pD$J)c5K z#EG7orpD;>3X?%om*9I0=oaI4wn<}pd&VrALRD62LKGcQ_D?om>8Aq2;Y&v@hG%pS zbWRjMmO-jrNX3JUGNx&C_!HJ0cS2XUy}AR`Mf$9neL2D&+IHq%VVfrj_{e73Zy(IE zD!*iY$w&yXoU#7Oz%kwFTf;02q&eQ+ONJ1wWbh5GH?|}KLT#`22B=Dx{Rqfuy>jIM z|DTdF`3C06U6UD${d20X4WDs*qT!6Aa=ymDeRBP6(TTX!(ig1Q-?9HliXkiF z1QgP*mT+hbVKHFqBTtfAQ9ywrUZD_F#`qqNwiqRShRkEUfem=>r@jR?nxyqYnK7N) z9*9{PVnCm`T*~=}a47wYC<=kWCb)=$m8lp<`q+h@uQCp~ z9gxR4G|v_Rnhs86(2CynMi6?KPzfZl=veDDzx9(YFGYe$1L}vwW5wt_uhi%f^UV@1 zok`#{4m<#+o^#2A*v5b%|RrcPnX;|G*m%X5(`~7gx)9jp->1x5!f5U>t2tCM&2e)XWbtwVJ4!?J@LRh4GL^YB zD`*3{CddH~+5{=6V6eO4z=l!ww`zlJviyuY0D?>m0q<7oetk?F?^pL>P7dYejUQ(J zVw+6^mkD$$T5#lWm4_>zxDi5N6EOJ<6&;y)#Y-yYdy{OsARb8uqrm}d{L*Yn5#<}0R683*`4wZ@`23u(p=va_Xu&2X1X=$HTk5Rv*g1R{c zAjgsBDn)v9BU#9mBB8B+eF`ArG9h9E zA_Sz!5DBaX2T`yW@ANsa9kNe{56zw+{J|eOvMxA~{^xvm5)?Cg|R4kgD!Z zg!Q)85JzTn75te-U%*R!MD(d_k<7$?GAk^Q2u%ct)SLv(J7H-ot;EhaYJib6 z99={Jxw17UsI0M(v|2v#mrWQs^|227?BnGw5S_FY;eStV0c#}|eR0-}7mO{ijgdiQ z3=t)T%a0KyVVNdsVZgCObmjfibcHF-3}IQMD}H=D9TLA`_Q*my;4l9@ZFX?~6pjN* zOUDYlLL*c!idz=@1I%6^a~<(&k~CB2>m zA#yQR0JT40odUmG#(AE{!4UI< znUGH5a?1juG%mpoPC`dkFnH^a*D>K^z!F34PiATir20g!g}nhOh2AWMFCUK#v=fqt zD<5YM%1rhYA;Z_b2JdGayJI;3^05Rb#{YJCytZ8i=q&m=i4_%aRjy|Cko<uwRfR2a_OijPP2bXN=wnAa z=AxQ=%ds9`>=xHS{UtN1+l%(twHz_}%gn#UgPz$Q&kOu~B>^i59c)ECNWIK{8w~9* z<1&p|e6p_po?2JmAneOks@jVf3!qS~g@I6vtdrpT@XHTX#`)SxCs00b`+fX!DHEptyC>vx!@$ z5JYEvkN@SD=Fqr}y0w5-H*iyGNV6AZ_}%{|2SRZp__?t*VlLD0iLOw9tpnF;fAkx? zVfT_|227y**NKo@9btq z3Tcw$9hB(_|F!L~Ca^P=(WZ01NkSZ}u~wlVMnY^azOc=dz$kt4mf0W2kFbU`yfV`Wj0bx$Bb$&>U{a8 zo?baG@o#-3N>18ee+x&MkUw83bQB~MS8yMYi)~b=R2!K#Hya_wqZ#L8m_$m#3hJfY zd3izqlE_z9=hL(N32`NmA!kKFG;6lGhdiI}!}jCS8mUTz`i6uo&*8Fg%{9;XiE2YQ z^sEr9cbJnif3j$7fFfQ?svkqYx88T$b(E&_w&}rYSKu4=EY`8G)Ix{Yh+i z_c#x3|Au;Ha}*;}M`}Y2CA)`Kk{k@zVsK!-oQI9CM|(w` zk@KYZAfnMsV5PXhoEvQ^99X*#mwJ;lYNcgCpt2@3J2Z)BBr`^NW&K>vBZf4Ypqr(r zuM68oDa{67@p*R+^in~2)5(njW`QZx=o2Dl)P6zdMquC%lDc!E|HKKeEf;7Mi8M7# zfm*nIyJ(!^T{dxL`bGOkXn6sBEosxiK$nQ8llSiEu?;C967a3TFLpowf!PlBR(79znf*(NK(t{Tz|-354Mc8!$CKUP;f6xQ7xk5@5q>c^5P=5e?3r} z@gA3}_hE=M&z2RC`JU4h;Uj6jauNeK%JHDirI|DL;CK^Pt93Wc&ZMLlp%2tB8(hccOn5aU^zY#j>ms5eP#=w?H$ z8u!uqm+aIb9sL__L;fi-6=@mp@JBbb`#3nPVf!{%j*hc$}Jwh9PZ?te7?oTsr=#hmJIJJm7iSf!`# zc7S2E8gzY@5h0C&(bDWvc0#C0gvOhs5ev)4Q=WiX`}PQsq>!L%IZ&a!9h(X}SQ#@E zQ$bz3KMUo`5uUE+m6eDNV{zj<{JEL(nFYpe4})aRhcF0aM|EZB2YF!}?0qkSQV7af za&W&ypbJEJY-mq5U1fQI2+jlrR1*c9W14wN)!dPQp|-I^^~$(})Fi-5K?4Axjla|z zsV#cC88yv`blX{B1tO>2X!*4-XHSgO=qRh&5&lI7iS?t<>q-?N300=j#1ZW{O!OGxGN(E3eUDd}ItEj{L_LOpy4s&qd2-MZ> zqtgnBcpAh6eH|bt|I_?5|8Yt`-rR7(*rx!NYXP8gO z>2iWN!)|s6Z+iJ9nxFW^$r{?ES8Q3(wH3{uaR6Cz^zpWI*;^jY zr1fsO7^pIMPaMLaTXipekD7AQS{t;f&_-IcBnudMt10XuK1043qKC{v36Xd#aM^Qz z0G#m)%B?Le`_co-p%ri@LcXodPdq(zn;Qd;a2@%m0M{YVv{g=fa$gV;=$JnRDFpRj z_-aszptu=aOU;8E9B+^Guc3MILC^_|H7bk5-#k!xd^a*v=&iQ5a_+*d8PmXug8Z_x z6$351T*mM|P}w)%Qe`Q=cp&9a-&>zUHxcs)pzFXBhXh>4GR9)vlE?dadBuN9QWc-) z8r+&-AO*F-q9X>Tz;~`(g}*@=LYczv-o}39(!Gq5;6_fg{UJ@GuShEd2YpH9h$yQ{W6<*r$7lf+w+e_~M2%av2ill3*qJd@ z5skz-6I_ngS{5zQa=bm-zxTvY*#TQ6`gGR$w(PQ{dgC;BfyY-v)_~vYX z+QaD-BxC!M1)enc?~Unhi?Y3gE$Z6?gDMu}mS}hLQ#U$~Njf`YFxrHlXWNQJpmTSX^hpndt?A)U*L$S9?r{DlKYAOFJlT;mSDWRR+ZRs47 zcSO)IM8;gx=x+_hn7>J&tD0Jgo&+AswQAb_?xjrClKJVOSGEUo;iG-GEeS>*sH~UV zO+N)6FrCcp$D{O;e<3?1kfX6L=O>S@w`Lx@;rYxuCs$JcP^sebrmEAy%X;*yD{AO; z+*33+hhQ22b016PUfMPuYMJhHJ0xYP02v_FFFQDK7ucVfy(eBVeIDdSvWkAT8)3l` zfC>XPka+zg!4am6B=~`PLtBBQHD{7s3eQ;H4xI>hd&A9uO&|cNkndZq)Nj066acb^ zk&-=)3|)f117R(gFL9>X*;;Qdhq}pAgxOFSOnM^T`8QwHjA*^0w=PMpykQrDd^ICH zf~uFQ^|u`l4lk$$`QI7z4@~;Kl6@5NfM9Cg^ny%caO*ll0#dQw|j2 z=~s~8Px4Bzb0N`&Jb#ID4U~`+wmWwUD~*P7B&}=)F?x(tu@2T|!6bNlX50Y2kEH3A zO614xb%#3JCSOQ7Tto&ID4BORJn>NyQz1i9GSX5ab9i*V+fcMA=(+n>HUzmx*P zs%-CA0iqyH%JID8ph($BU7Bw9{`k&s_Gge>21f+`^h0@l-{XEjF9qS#(EX<*xLYAc z?M88S{zdV)j&kl4qzaE$r@~FyT1b!1crAu$NWSDe50=VMZYi4%Dk-2r5Sq&G7on0tYyyG0;`RLAEc$xefSiq>J>J(aZHn{`F(SX~89c!e&nz&Y|4hr& zmp3u{b<2q_5u0@gl$~cdKM@T7$trNd@x5xW76&+rr?8T9VIz z8ziEzpZ^I*)Qd>wptNT6F0j*M$;G;dth3cS|}%7DVzv|-aC78JJgIy2B)qL{vA^8 zeu%B<6-kumrd|no->xY;GO$W%YIZu4#t>f@erCTSq}uG3^QJv4?^DrL&D&-*i0q6Y zVe>jOX|Sg@rN^fk`K!Y0L1ALCx`$5|;5w{igI#TmoU8>RT}Ja&180$F7w2R)9K2k< zo%j_TmWXzW3Koocc>PKO&Fk>nTcf4PLI)nx+2t=Y0kK;3~5qk3dBEg`V}xw^F&L+gK$kvlwG}H#ZZlFiVlxnvd2{ta7fg zh=W>~GYh3S0j8KE%SA=?kBSPLim%M#_>-!)%mTnQNnUNaE{n05n&;_Ph3vR?3ax8x z^s!7|@k;tqCNC;GNK;@} zh8kwlxv`4AT;(LcysI|DaLIXX2LXMjwEx<b@5HR7dnkM4v?eM78V19TFX)#C^( zpFjA(aVt@Ka%))t7`r*tUkKjgLO(0J$Z~;%h`+D9%YFfI(I`1TkFG4fLIdJ@uCx_d z)d-rP;xk-B;w8lIouG(~iT2x1480s!q04Mf1HU9*>()SbbV(K{Opxx86o3LfpfDL4 zJv5GfaS|s14^b1ZkirOC#l-KgM`RKb80)qFMLrnsAUaqqfGHTlVonS-mbq{5lous;y%PpovQCKh7}Z1iYavsMJr9e=T%wdFm&Qcs2YTbU^*?;57O@@6w`uG zcMqY$OfE``5<7W|in!TIBCpyNvWvkZ(Eh z4J%lBaM&iY{IIW9#(Tq#2oo_^5%A!z_@j^_3RNxNl6#u_;f9?~TNMcCCWnVEP$>;W)zIm%T|(#e+tsFYAeqQ6%{l;urcA{=He7;Q5tmP3?@80TdEw45J3!Fb{jE7NMYzqlbA(g?;7Z;+?^-mG z9yO3(CpB9F<(D^lw^TH(18B$tvdh8Y5!mH qe`(zLpHBW~LGJ(K!SG)f(EqPIS4kEe;y+tJ{*B;&a|P>vR{sk-(9TK# literal 0 HcmV?d00001 diff --git a/Solutions/Commvault Security IQ/Package/createUiDefinition.json b/Solutions/Commvault Security IQ/Package/createUiDefinition.json index 32d409dbeff..42685901138 100644 --- a/Solutions/Commvault Security IQ/Package/createUiDefinition.json +++ b/Solutions/Commvault Security IQ/Package/createUiDefinition.json @@ -104,13 +104,13 @@ { "name": "analytic1", "type": "Microsoft.Common.Section", - "label": "CommvaultSecurityIQ Alert", + "label": "Commvault Cloud Alert", "elements": [ { "name": "analytic1-text", "type": "Microsoft.Common.TextBlock", "options": { - "text": "This query identifies CommvaultSecurityIQ Alerts." + "text": "This query identifies Alerts from Commvault Cloud." } } ] diff --git a/Solutions/Commvault Security IQ/Package/mainTemplate.json b/Solutions/Commvault Security IQ/Package/mainTemplate.json index 1be781d80a9..00bdf66f67d 100644 --- a/Solutions/Commvault Security IQ/Package/mainTemplate.json +++ b/Solutions/Commvault Security IQ/Package/mainTemplate.json @@ -31,36 +31,36 @@ }, "variables": { "_solutionName": "Commvault Security IQ", - "_solutionVersion": "3.0.1", + "_solutionVersion": "3.0.2", "solutionId": "commvault.microsoft-sentinel-solution-commvaultsecurityiq", "_solutionId": "[variables('solutionId')]", "analyticRuleObject1": { - "analyticRuleVersion1": "1.0.0", + "analyticRuleVersion1": "1.0.2", "_analyticRulecontentId1": "317e757e-c320-448e-8837-fc61a70fe609", "analyticRuleId1": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '317e757e-c320-448e-8837-fc61a70fe609')]", "analyticRuleTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('317e757e-c320-448e-8837-fc61a70fe609')))]", - "_analyticRulecontentProductId1": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','317e757e-c320-448e-8837-fc61a70fe609','-', '1.0.0')))]" + "_analyticRulecontentProductId1": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','317e757e-c320-448e-8837-fc61a70fe609','-', '1.0.2')))]" }, "analyticRuleObject2": { - "analyticRuleVersion2": "1.0.0", + "analyticRuleVersion2": "1.0.1", "_analyticRulecontentId2": "1d2c3da7-60ec-40be-9c14-bade6eaf3c49", "analyticRuleId2": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '1d2c3da7-60ec-40be-9c14-bade6eaf3c49')]", "analyticRuleTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('1d2c3da7-60ec-40be-9c14-bade6eaf3c49')))]", - "_analyticRulecontentProductId2": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','1d2c3da7-60ec-40be-9c14-bade6eaf3c49','-', '1.0.0')))]" + "_analyticRulecontentProductId2": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','1d2c3da7-60ec-40be-9c14-bade6eaf3c49','-', '1.0.1')))]" }, "analyticRuleObject3": { - "analyticRuleVersion3": "1.0.0", + "analyticRuleVersion3": "1.0.1", "_analyticRulecontentId3": "c982bcc1-ef73-485b-80d5-2a637ce4ab2b", "analyticRuleId3": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'c982bcc1-ef73-485b-80d5-2a637ce4ab2b')]", "analyticRuleTemplateSpecName3": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('c982bcc1-ef73-485b-80d5-2a637ce4ab2b')))]", - "_analyticRulecontentProductId3": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','c982bcc1-ef73-485b-80d5-2a637ce4ab2b','-', '1.0.0')))]" + "_analyticRulecontentProductId3": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','c982bcc1-ef73-485b-80d5-2a637ce4ab2b','-', '1.0.1')))]" }, "analyticRuleObject4": { - "analyticRuleVersion4": "1.0.0", + "analyticRuleVersion4": "1.0.1", "_analyticRulecontentId4": "29e0767c-80ac-4689-9a2e-b25b9fc88fce", "analyticRuleId4": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '29e0767c-80ac-4689-9a2e-b25b9fc88fce')]", "analyticRuleTemplateSpecName4": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('29e0767c-80ac-4689-9a2e-b25b9fc88fce')))]", - "_analyticRulecontentProductId4": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','29e0767c-80ac-4689-9a2e-b25b9fc88fce','-', '1.0.0')))]" + "_analyticRulecontentProductId4": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','29e0767c-80ac-4689-9a2e-b25b9fc88fce','-', '1.0.1')))]" }, "Commvault_Disable_Data_Aging_Logic_App": "Commvault_Disable_Data_Aging_Logic_App", "_Commvault_Disable_Data_Aging_Logic_App": "[variables('Commvault_Disable_Data_Aging_Logic_App')]", @@ -109,7 +109,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "CommvaultSecurityIQ_Alert_AnalyticalRules Analytics Rule with template version 3.0.1", + "description": "CommvaultSecurityIQ_Alert_AnalyticalRules Analytics Rule with template version 3.0.2", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject1').analyticRuleVersion1]", @@ -123,8 +123,8 @@ "kind": "Scheduled", "location": "[parameters('workspace-location')]", "properties": { - "description": "This query identifies CommvaultSecurityIQ Alerts.", - "displayName": "CommvaultSecurityIQ Alert", + "description": "This query identifies Alerts from Commvault Cloud.", + "displayName": "Commvault Cloud Alert", "enabled": false, "query": "CommvaultSecurityIQ_CL\n| take 1000\n", "queryFrequency": "PT5M", @@ -135,6 +135,9 @@ "triggerOperator": "GreaterThan", "triggerThreshold": 0, "status": "Available", + "requiredDataConnectors": [ + "CommvaultSecurityIQ" + ], "tactics": [ "DefenseEvasion", "Impact" @@ -180,7 +183,7 @@ "contentSchemaVersion": "3.0.0", "contentId": "[variables('analyticRuleObject1')._analyticRulecontentId1]", "contentKind": "AnalyticsRule", - "displayName": "CommvaultSecurityIQ Alert", + "displayName": "Commvault Cloud Alert", "contentProductId": "[variables('analyticRuleObject1')._analyticRulecontentProductId1]", "id": "[variables('analyticRuleObject1')._analyticRulecontentProductId1]", "version": "[variables('analyticRuleObject1').analyticRuleVersion1]" @@ -195,7 +198,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "Data_Alert_AnalyticalRules Analytics Rule with template version 3.0.1", + "description": "Data_Alert_AnalyticalRules Analytics Rule with template version 3.0.2", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject2').analyticRuleVersion2]", @@ -221,6 +224,9 @@ "triggerOperator": "GreaterThan", "triggerThreshold": 0, "status": "Available", + "requiredDataConnectors": [ + "CommvaultSecurityIQ" + ], "tactics": [ "DefenseEvasion", "Impact" @@ -281,7 +287,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "IDP_Alert_AnalyticalRules Analytics Rule with template version 3.0.1", + "description": "IDP_Alert_AnalyticalRules Analytics Rule with template version 3.0.2", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject3').analyticRuleVersion3]", @@ -307,6 +313,9 @@ "triggerOperator": "GreaterThan", "triggerThreshold": 0, "status": "Available", + "requiredDataConnectors": [ + "CommvaultSecurityIQ" + ], "tactics": [ "DefenseEvasion", "Impact" @@ -367,7 +376,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "User_Alert_AnalyticalRules Analytics Rule with template version 3.0.1", + "description": "User_Alert_AnalyticalRules Analytics Rule with template version 3.0.2", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject4').analyticRuleVersion4]", @@ -393,6 +402,9 @@ "triggerOperator": "GreaterThan", "triggerThreshold": 0, "status": "Available", + "requiredDataConnectors": [ + "CommvaultSecurityIQ" + ], "tactics": [ "DefenseEvasion", "Impact" @@ -453,7 +465,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "logic-app-disable-data-aging Playbook with template version 3.0.1", + "description": "logic-app-disable-data-aging Playbook with template version 3.0.2", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('playbookVersion1')]", @@ -903,7 +915,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "logic-app-disable-saml-provider Playbook with template version 3.0.1", + "description": "logic-app-disable-saml-provider Playbook with template version 3.0.2", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('playbookVersion2')]", @@ -1245,7 +1257,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "logic-app-disable-user Playbook with template version 3.0.1", + "description": "logic-app-disable-user Playbook with template version 3.0.2", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('playbookVersion3')]", @@ -1691,7 +1703,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "Commvault Security IQ data connector with template version 3.0.1", + "description": "Commvault Security IQ data connector with template version 3.0.2", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('dataConnectorVersion1')]", @@ -1813,7 +1825,7 @@ ] }, { - "description": "**Option 1 - Azure Resource Manager (ARM) Template**\n\nUse this method for automated deployment of the Commvault Security IQ data connector.\n\n1. Click the **Deploy to Azure** button below. \n\n\t[![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://aka.ms/sentinel-CommvaultSecurityIQ-azuredeploy)\n2. Select the preferred **Subscription**, **Resource Group** and **Location**. \n3. Enter the **Workspace ID**, **Workspace Key**, **API Username**, **API Password**, 'and/or Other required fields'. \n>Note: If using Azure Key Vault secrets for any of the values above, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details. \n4. Mark the checkbox labeled **I agree to the terms and conditions stated above**. \n5. Click **Purchase** to deploy." + "description": "**Option 1 - Azure Resource Manager (ARM) Template**\n\nUse this method for automated deployment of the Commvault Security IQ data connector.\n\n1. Click the **Deploy to Azure** button below. \n\n\t[![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://aka.ms/sentinel-CommvaultSecurityIQ-azuredeploy)\n2. Select the preferred **Subscription**, **Resource Group** and **Location**. \n3. Enter the **Workspace ID**, **Workspace Key** 'and/or Other required fields'. \n>Note: If using Azure Key Vault secrets for any of the values above, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details. \n4. Mark the checkbox labeled **I agree to the terms and conditions stated above**. \n5. Click **Purchase** to deploy." }, { "description": "**Option 2 - Manual Deployment of Azure Functions**\n\n Use the following step-by-step instructions to deploy the CommvaultSecurityIQ data connector manually with Azure Functions." @@ -2017,7 +2029,7 @@ ] }, { - "description": "**Option 1 - Azure Resource Manager (ARM) Template**\n\nUse this method for automated deployment of the Commvault Security IQ data connector.\n\n1. Click the **Deploy to Azure** button below. \n\n\t[![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://aka.ms/sentinel-CommvaultSecurityIQ-azuredeploy)\n2. Select the preferred **Subscription**, **Resource Group** and **Location**. \n3. Enter the **Workspace ID**, **Workspace Key**, **API Username**, **API Password**, 'and/or Other required fields'. \n>Note: If using Azure Key Vault secrets for any of the values above, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details. \n4. Mark the checkbox labeled **I agree to the terms and conditions stated above**. \n5. Click **Purchase** to deploy." + "description": "**Option 1 - Azure Resource Manager (ARM) Template**\n\nUse this method for automated deployment of the Commvault Security IQ data connector.\n\n1. Click the **Deploy to Azure** button below. \n\n\t[![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://aka.ms/sentinel-CommvaultSecurityIQ-azuredeploy)\n2. Select the preferred **Subscription**, **Resource Group** and **Location**. \n3. Enter the **Workspace ID**, **Workspace Key** 'and/or Other required fields'. \n>Note: If using Azure Key Vault secrets for any of the values above, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details. \n4. Mark the checkbox labeled **I agree to the terms and conditions stated above**. \n5. Click **Purchase** to deploy." }, { "description": "**Option 2 - Manual Deployment of Azure Functions**\n\n Use the following step-by-step instructions to deploy the CommvaultSecurityIQ data connector manually with Azure Functions." @@ -2044,7 +2056,7 @@ "apiVersion": "2023-04-01-preview", "location": "[parameters('workspace-location')]", "properties": { - "version": "3.0.1", + "version": "3.0.2", "kind": "Solution", "contentSchemaVersion": "3.0.0", "displayName": "Commvault Security IQ", From 9845b05f6da52b24698741df96db1f8780b8ad97 Mon Sep 17 00:00:00 2001 From: v-prasadboke <117061676+v-prasadboke@users.noreply.github.com> Date: Tue, 25 Feb 2025 17:47:35 +0530 Subject: [PATCH 12/17] Update CommvaultSecurityIQ_Alert.yaml --- .../Analytic Rules/CommvaultSecurityIQ_Alert.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Solutions/Commvault Security IQ/Analytic Rules/CommvaultSecurityIQ_Alert.yaml b/Solutions/Commvault Security IQ/Analytic Rules/CommvaultSecurityIQ_Alert.yaml index 3a033306ef7..26222feb9c3 100644 --- a/Solutions/Commvault Security IQ/Analytic Rules/CommvaultSecurityIQ_Alert.yaml +++ b/Solutions/Commvault Security IQ/Analytic Rules/CommvaultSecurityIQ_Alert.yaml @@ -5,7 +5,7 @@ description: | severity: Medium status: Available requiredDataConnectors: [ - "CommvaultSecurityIQ" + "CommvaultSecurityIQ_CL" ] queryFrequency: 5m queryPeriod: 5m From b80b023f34c6e9c376f5086bcff43fb548a87dbe Mon Sep 17 00:00:00 2001 From: v-prasadboke <117061676+v-prasadboke@users.noreply.github.com> Date: Tue, 25 Feb 2025 17:48:11 +0530 Subject: [PATCH 13/17] Update Data_Alert.yaml --- Solutions/Commvault Security IQ/Analytic Rules/Data_Alert.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Solutions/Commvault Security IQ/Analytic Rules/Data_Alert.yaml b/Solutions/Commvault Security IQ/Analytic Rules/Data_Alert.yaml index 272f964530a..10fab70fdd4 100644 --- a/Solutions/Commvault Security IQ/Analytic Rules/Data_Alert.yaml +++ b/Solutions/Commvault Security IQ/Analytic Rules/Data_Alert.yaml @@ -5,7 +5,7 @@ description: | severity: Medium status: Available requiredDataConnectors: [ - "CommvaultSecurityIQ" + "CommvaultSecurityIQ_CL" ] queryFrequency: 5m queryPeriod: 5m From d0ab5e8e40d9635d04edb0a1d9eb86c54c7386c2 Mon Sep 17 00:00:00 2001 From: v-prasadboke <117061676+v-prasadboke@users.noreply.github.com> Date: Tue, 25 Feb 2025 17:48:22 +0530 Subject: [PATCH 14/17] Update IDP_Alert.yaml --- Solutions/Commvault Security IQ/Analytic Rules/IDP_Alert.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Solutions/Commvault Security IQ/Analytic Rules/IDP_Alert.yaml b/Solutions/Commvault Security IQ/Analytic Rules/IDP_Alert.yaml index 561fcd49a01..0c0300d4767 100644 --- a/Solutions/Commvault Security IQ/Analytic Rules/IDP_Alert.yaml +++ b/Solutions/Commvault Security IQ/Analytic Rules/IDP_Alert.yaml @@ -5,7 +5,7 @@ description: | severity: Medium status: Available requiredDataConnectors: [ - "CommvaultSecurityIQ" + "CommvaultSecurityIQ_CL" ] queryFrequency: 5m queryPeriod: 5m From 5212821123f7eb21f7f150b6dd0afd97a558a59d Mon Sep 17 00:00:00 2001 From: v-prasadboke <117061676+v-prasadboke@users.noreply.github.com> Date: Tue, 25 Feb 2025 17:48:33 +0530 Subject: [PATCH 15/17] Update User_Alert.yaml --- Solutions/Commvault Security IQ/Analytic Rules/User_Alert.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Solutions/Commvault Security IQ/Analytic Rules/User_Alert.yaml b/Solutions/Commvault Security IQ/Analytic Rules/User_Alert.yaml index 4b58cadce72..52076f65b3b 100644 --- a/Solutions/Commvault Security IQ/Analytic Rules/User_Alert.yaml +++ b/Solutions/Commvault Security IQ/Analytic Rules/User_Alert.yaml @@ -5,7 +5,7 @@ description: | severity: Medium status: Available requiredDataConnectors: [ - "CommvaultSecurityIQ" + "CommvaultSecurityIQ_CL" ] queryFrequency: 5m queryPeriod: 5m From d54e14b2a50cd19da84aeb739bd738cd2f39b47c Mon Sep 17 00:00:00 2001 From: v-prasadboke Date: Thu, 6 Mar 2025 13:50:30 +0530 Subject: [PATCH 16/17] string corrected --- .../CommvaultSecurityIQ_Alert.yaml | 7 +++-- .../Analytic Rules/Data_Alert.yaml | 7 +++-- .../Analytic Rules/IDP_Alert.yaml | 7 +++-- .../Analytic Rules/User_Alert.yaml | 7 +++-- .../Commvault Security IQ/Package/3.0.2.zip | Bin 13379 -> 13418 bytes .../Package/createUiDefinition.json | 2 +- .../Package/mainTemplate.json | 28 +++++++++++++++--- 7 files changed, 41 insertions(+), 17 deletions(-) diff --git a/Solutions/Commvault Security IQ/Analytic Rules/CommvaultSecurityIQ_Alert.yaml b/Solutions/Commvault Security IQ/Analytic Rules/CommvaultSecurityIQ_Alert.yaml index 26222feb9c3..fb87168e387 100644 --- a/Solutions/Commvault Security IQ/Analytic Rules/CommvaultSecurityIQ_Alert.yaml +++ b/Solutions/Commvault Security IQ/Analytic Rules/CommvaultSecurityIQ_Alert.yaml @@ -4,9 +4,10 @@ description: | 'This query identifies Alerts from Commvault Cloud.' severity: Medium status: Available -requiredDataConnectors: [ - "CommvaultSecurityIQ_CL" -] +requiredDataConnectors: + - connectorId: CommvaultSecurityIQ_CL + datatypes: + - CommvaultSecurityIQ_CL queryFrequency: 5m queryPeriod: 5m triggerOperator: gt diff --git a/Solutions/Commvault Security IQ/Analytic Rules/Data_Alert.yaml b/Solutions/Commvault Security IQ/Analytic Rules/Data_Alert.yaml index 10fab70fdd4..07888b99343 100644 --- a/Solutions/Commvault Security IQ/Analytic Rules/Data_Alert.yaml +++ b/Solutions/Commvault Security IQ/Analytic Rules/Data_Alert.yaml @@ -4,9 +4,10 @@ description: | 'This query identifies clients or servers whose data has been compromised.' severity: Medium status: Available -requiredDataConnectors: [ - "CommvaultSecurityIQ_CL" -] +requiredDataConnectors: + - connectorId: CommvaultSecurityIQ_CL + datatypes: + - CommvaultSecurityIQ_CL queryFrequency: 5m queryPeriod: 5m triggerOperator: gt diff --git a/Solutions/Commvault Security IQ/Analytic Rules/IDP_Alert.yaml b/Solutions/Commvault Security IQ/Analytic Rules/IDP_Alert.yaml index 0c0300d4767..2847a62675c 100644 --- a/Solutions/Commvault Security IQ/Analytic Rules/IDP_Alert.yaml +++ b/Solutions/Commvault Security IQ/Analytic Rules/IDP_Alert.yaml @@ -4,9 +4,10 @@ description: | 'This query identifies indications of a potential security breach or unauthorized access to the systems and data of the Identity Provider.' severity: Medium status: Available -requiredDataConnectors: [ - "CommvaultSecurityIQ_CL" -] +requiredDataConnectors: + - connectorId: CommvaultSecurityIQ_CL + datatypes: + - CommvaultSecurityIQ_CL queryFrequency: 5m queryPeriod: 5m triggerOperator: gt diff --git a/Solutions/Commvault Security IQ/Analytic Rules/User_Alert.yaml b/Solutions/Commvault Security IQ/Analytic Rules/User_Alert.yaml index 52076f65b3b..17dfef00e0e 100644 --- a/Solutions/Commvault Security IQ/Analytic Rules/User_Alert.yaml +++ b/Solutions/Commvault Security IQ/Analytic Rules/User_Alert.yaml @@ -4,9 +4,10 @@ description: | 'This query identifies users whose user account or credentials have been compromised.' severity: Medium status: Available -requiredDataConnectors: [ - "CommvaultSecurityIQ_CL" -] +requiredDataConnectors: + - connectorId: CommvaultSecurityIQ_CL + datatypes: + - CommvaultSecurityIQ_CL queryFrequency: 5m queryPeriod: 5m triggerOperator: gt diff --git a/Solutions/Commvault Security IQ/Package/3.0.2.zip b/Solutions/Commvault Security IQ/Package/3.0.2.zip index 4abad853eaae36829edd47e26a8adbbef2d1f9de..7adfd308d0b7f06f2cf6369ba1659a36281a714b 100644 GIT binary patch delta 13083 zcmZ9zQ*fY77d4tpY}>YNTNB&1jVHD>nV1vXwryJz+nMBlzf-5`uXFmMYuCEy>a{Oc z@7k;Ppw+n*+D|z!aC8t55NHs32MZl?FFy>LBs2=ZadQOc8|dp96xlQyPo&-)pBu2! zvGSP5b;4Zrz(a3A$sSAbdPo}GCa9*i4h%^5Z}Lz6mwOl^9p!Pbgcu7NPC}UHyR-ZD zH4B(jy=dZ%knVT;uf*g`UVeG$WrM>gz3GvYx`P70@K8c|X?EA|6zlLV<5WPd_(m3)VEnb9S%abX0&$Frc0DRl@byWRfc>i(UAn5-zDL;MzZQ=wL)0% z?8NSv*-RCTq29^{iyz8VNz8+_Ll~%p6fQuz?IjcaUBrezp;pF{3PCwK>Qi&|Doizw z5Md$th`*NgW}d)cc4UJ5dVaI6n~35<*!h09Ir+%Cz4KM-VFLJO-c)Pwj5p3guL8g~65ms_UAGxlXwrz!J7c#rSytwQWtZf#-u`7 zJ)JdmYui>ru$k;N-1RgEaT{npz>Ua7ekUWg&=6fuGRcXNVRz0zTr+cKaaCHCjBTVi zh47+-Mw3Tttj)kgR$3Q|V-@Ni3k>e(nBV&S5t*us_E9sz1uniw+l-&9v3D0xxFTav)}JS)7pv@RREUrhtzFD%cXIfWOK(M zrR4C`&9Cs)rQ)es$Xk+{F&=`8Mov1yuflaz#COhZ&BV=bDR{CBssHUYSy<-BaH=dN$9&9OXEsT;61KaZlBW zw&ydja z(|-L9CwsvfETr7=sVs@^0bnGP=t6U1#mkIZNKy$NQVU42qt}>gS4U%dDx{a8OVgoP zsKfS#Jx$~bVdq%leUec>9(=Se3|N+la;I>is0&RJVH~I@mFX90GpM8zC*!daDjBR6 zvbVcTPK8uWsdTzCvy79cKnqwl+3YUp{fJ)L_?hQ5f2VW0+c`qkmWP`)KA-1QYv zZE2gkiF$+_eJNpEVgw}SB77gS`e8&_aUD1c_f^6E^5u>zuhVv|ZLV+PT=@xXtZ)Aq z)L$XkF&`eL!c9yT0C=;-iWSkz_fej68I5y9=G|KOoWvjDG@0AEj0PG5_7ne+^1tg|fvn+zbAbz* zQEUZvzosi!f}^(FJhCun-V@LZVK;|m;I8V3y)x&^*-jqa^iK|;uO!@Q7N>lw=SToh1-TS8o z!o~gOm4Yot2L!u1KkDg%x5IU4=vldgy;{dp=+5-|^;lG^L($F_F41Y=7nE%O(+I{@ zNWkDStebd|3-C&-u2GFs!msT1lf&>YpiuN((V^h+sM;5>-0m1x2I(GL$K3ii(@&We zkF6yX%;QPHJr%-^HRNz-#S%%IB|Kl^&fajI3^VR8?uGPe<+XqAWMqfnL4g&k#x~E> zg-E41XTwH^Ye0pFl+iz*mwE(Q@eTv_ZQr6Ny5Ho@UO*a#jB(NWotDw$$zwDla)`t< z9|B{KepP9>bCjQWh7`t$`w-E!%JcdD`J$}c_N`mQOYs8-?U6IgyyAF9Xj1$>gF1## z89_XLeG0bz;!5)k!FkiVmw%f;wVSKgZm5du^Ra5wl{`h|-%2f0NCs}P-@@g8P@anF z4W_i?gaJq6h6LEsv>VZE{C>JIREd&_aADyeGBB(t{^D$^~ zNrrJYGP|!7!&xUPX9jovOi#OHA%*v^bGp4h>73My5mRT#I137#z&=~*F7{fo4rgvZ z1^PpONz?T->E{XL>n9*85sp{Q=4NP9U_uO2 zLjB1xmY=R`9+s;yI%$Z=B^?cC(H2yy4~k8y-HnR8Lsm%J4S9EIA0kgh*Zp~e+9!D` zl?!0jsmZl5U1H7>%`pUop9&=#@&hIT%9m|1(51U(_Bo|%lGx`F{KS~<(4TmB&`H3} zHD9I1%J#Nr_k2L&b!W;N(Pd93PnYA1zU#AE$Bk^2dZz*m878eMDwIKo34X2AvnC`F zv9+eU+iuEz78J9pLw^k&m{9Q3tbu|e6d=E<`;qW`=QSYEt2OviDs3jqlr(yeu5CU1 z*L&KkUEh{@PvK| zJ^20a(WpyT{OR>))Rz~SxMsA@CW6Uy((#r5g${#0>&&G&Cx%{FWXIYlAQ zC*C1m^!Bcfea}*iw@m$wq85*)fLWdKxs7_xUgjspiiiL>vt|UU3`Cn{m)#5W@7oul z|8Fs&M~yruMh5~yG?C&7Z3J<7c6N51vJGtw#P1>bfh1H(us?y(;~Kyq2kH+*x z)nxDH_7huRtqjCDad*M2jKf1Ao8*w~>Wj}|L>=rWMiC{R783GArLwbs4o`Qf|L z)fv$<%UhGz2({EzKceu*)|{jwFv8;B$j5?~9(dK3dtxf=Upc(5{Xx5Y#hTQw^PvI- z5dKLp{}BTJGU=&b$LP+Uu*VofZN-QOvm{I?e_BZxBQ1XB#9<&kP_|Lc5*PffYb;%5 zv=UY5nlFZ(q*QyT$Sb7^>~9d1ZM@}r1T_8dy%cL!(iaUV8M+&Y)ZuKAEu^8yWBj+r zpRH@Ufin0h&R9C*C7YeN#_q(JKPj^Z%xc}Oevp^CJrk~~AIWE(Zx?PTr4!J9{ z0&K_8ztdc^R#N}dO%x=^iIxG|@7PPdseL9Kol{kk+_3-~dXpao+zwIGzDS7MXmMEz@;$@si zL$dj5}W)n?+aWDvma%zjXDuQJ3b-z`tc}tx~`r^LiH*?qa$S6z;__FRb~5 zy#BU^5)SEH%PW6&pz1I1nl<`w-m7b~AVn%GTIMS29%@;HV}(Z^O_IK*E{& zAaSnq`q#pZw7C!Wzx;BQKPu%Yb=m_a8%An0-^3vNKX$ggmX{TfOI%08>Q^VuFPM^pQrl| zt27EO!{!Dl2IKPKj6PobLG`Cl6ujm#mKf^C@p92=h@$KwLSiz-G8N+XWvzj-K^;rV z`NDv0+1~zCnG0T}-Mx0TJWnm_g4+C%MyipoUbDy~3~>svDlPDq7`TZGW zJ&Zs7poKBV%h-{QDi6!F@cXm)SB7g_7dl$&!tfd9ghh+UwFiA}wj0DRJ*@#h#nuBtyu42+?IcRXp zOKhLHL9ZB~-bOmSIa-MNW6eJdVd$6K{>S{^H2o-A%rAlogwRZK0t_+5%=)}Ua?}SW zR!cxs{A;RbN-ykmhvvELHHAcZJa^ft+d^u?=^|}Q?(~mg$J56|b)FiJCqJcaf{}pz z-#(30Z4aeVIn@TR36Ft0^Z`8KP$*6CAp&tE`FvVqHw5n{Dct7UttTvx)-{@z^UyLw zOfmv3f}Pw3(kCa0L`Jkpgz^e#JpJ~}*LmOrtKT%{^7``9?@^~jp$nG!^CC`LH)0fN zClyN|)QNDnh8|00?H@DbNWqc^CYyWxFg`b_xTJUe9%%|!=ZC5O+pnkMAlH}6SV%qG z2kCmEAFv<9+_^e7Dnsh=rE`-@p7n18$HJs^I?PyWUtz~>-00@M(rQ%s9+JP5FCBp| zss5y@H0O$}6+G~;jk2%&ChDv7G+Jvl{V%mAZp6>=RMmyG;IcC3Gbwe3urklH*JDf*7x!yk7c?Mk#XoJNs)YYCntcVH)oBm7;BJ4P=adg}<6N zw5ohkj`r!q{=S?>rLC;Nki;W~$cY6Y^?7ig zhKQBcygC7yrKB9OOg?n1&_PdI5$w;b)mlbFxc54<93*z>Nk0R}N5l#Jkg8 zm1AgN;KBCfV}csZvnnJ1rYX}k(G;9B2A>b8IVDo77H(l(9jmI_7u3;I9!w_tG*?lr zMscy8ceBx9ZFdyWwktZ5YG9noUOL$ zzK?7-V0ywOAhUd>@%Ki>Oarz3y}_vcjNW>um(Ee%}hSWlx8U(*SJ-zv08sl<=3Kc<(8hWAl zc#MFW0}%arKXzi_I`r649NIe%TlXcL(+(}tB6N13i(2D%X|?nQn3Y## zz@!cgf$7vQZvE`mvn*QK zc45}XMulgyg`#CiS}d2WrjkKwf!=_UqFinqExKf6>JCc2_|qRreW9TzZNd#Nr--k% zjkbTBj9bEo+ok=-nbez0UPAbkpzlPg0bW-4iZSLglEEE)$`GShUf4@@Wg{i^PB-L+ z!y^6XBw=uq7sbj=1-B~H7a56d{M@gGz<1fq!#dU%<5$Zx+YFsnxI-lVuYC~FJno{2 z`5z{NcVbaCKoB*h(O4=Mq}zd)VwGO`z8-Fc2(98t-(qs`V_hQ{;E6_m?uJbZK+xdG zPGfP$s8#-qU3e?8GfibC zzWjbDotUwh>0B1mTC0?tZn!AfZchbcu$+1O^%!m*5*Db~jrViJMdsdtK_S$D- zXy`F|%w{-UV_5*mc+*9+Y|9oKpgl7dJHNwkt^51o=utd5VK3}w5Qofzwo8R;jDJY; zGFs(MP^CzKueQd;>@v<`#U?_vKc>AP|MP75YBq}Iai6XUh%xon+{PgDAN;}l*z|nU z<971mK0>EZfsYWMSB5R58>Cys<(EL$zV89dYP9{rX0Go`eddP>8lp6KpjiDg^CyMr z(!G{U(O}-E^3?{{5wHEsVmhEx`mS=SUIPm?jchT~2w(h~Sd}XUm>V=)p+7wPxnl&UJ|De`5I8+iTaiRvV@h06} zyJ3e#+Mmr7&0$KWpi8&tK=M?lMS~Rqxb!iqT}DS*x|!+-wTf(+7RfuIH;AUdd>c|% z)UIF{l@!ioxj(E5y{Q5H_N{L_#tB$oi~5A!dC+;uB=Se$1i53{H!Q`S&_87@IT`qo z`BaK(qkS30-U-K^<(uV|l4IgYss7*7KdW^!eRybB6oS_hRd=IJj&~v zRMNui5Aj}$Dr9mUfNM-=b9Qy*l(dbhYN+g2w9q6Sf#3rki^r66DR4F~tYmAENY+fd zbM|z*#Y#tmm=hvXSs|e zOLZ?q`(caRBFC!7KvXs3e2ltztA&t2!S|i(tSPBYf0`dPYh;_@D`&_8OAV>8 z&SbiwRxX{1XwK|+HSsZHaaErz#f}U6o9)u}EZGF5z@~f2)-JY|xJyetV6WtQO^gou z?6$PX(^0(zz|i^HGHq$NaE3UQ1mjZR&EY%DoNxAYvnTv48YF*g4Li2cVK0s)V&)Lt zJpCr?n7xq8tr?TOxJ~(wzPr5{kNizVwE7#3UY-~uV!F}hT9DRS+y-902I`qJf~PM1 zjNXl6Wj{=*r#T7L?bZphNs?cdm{o^^oO=HQVV5P4dlmf&Ic+m3uj_eU=SQHKq0JCOI&tEXwX;kn9?@SE1V;QLNW{Yqx2<(lJT|m1FEl^B6#fQU zs#Q+l#=D*LWxw*o3}w_CO}CUN@=q9>eJ(+D7q9Iq753?>ObYi3@{V znq@w-)HQMo0Rvx)vj0syfhg5q*U}t^MRgPiAN~uy&wy$->|vcgtg~alxhh_2kt|4F z9B%V&?U8)WHXFU{3VvE%p7ff6bNwOcg*wY0W>aIuop;ysQTCsZVh~|FuDc;}`oGp3 zjeJ5jFXO3GuQ0wo=pRiLf0CZ%KOct|1{ssP)K%2QXsCX!QbK?~&Mx^SYoC{mDcV_i6Q0GB@m}esoP^V&w?&#o zR6g>w(AD9~h%WBnX@RbW1xcff!m{6J^w!8&bRzFd6Vp2 zT$g0bq@C3J+876o@rXR%eMkBDl-72?8G}om zS52IUQEg}-X*p{TmhaGmc%XqA$W-p4x+L_H9bJRJvy8^W7))r;$MIc;obfwXy|v~N zk*OubT|4i3;ust=F}P9|wBP0u=0`d^-eoPJU2RNhbj*n7SaUJWj7)EuXIR=vkp7N- zh}k6h>JUIHy18sVI@;3Ot3M$xXHAY4QAGu8mi$tub;gE|IR}zdB`-(g17~^7X%}V| zCyqgnk#VX7yw1N41olfNI91M=X-j7F)hHS~9ky07%$Lf*w5whID!cHp6eU6ez@}Ox zz1lqHH4T$7TqHfM%p}qLhPmOgKW30abVAe?QjSv$2kf8D3}>t`ak$Wnq!?lp3 zl)7pXUWhfzhE3QEx2N-2f?P+hSUYM2of*+7csGJPMnjh7?ffikx0H_rhXL{jO)y7N z#CY2wuA~`CFsI~XDumFLeciM7qu-Z$pGa>X1zA*pJ>3h!`(jGVCyq^A$N)%o@%$>( z&X8pW+(9MBWf2E`
    R837WZ4i^;oYSjZ$+<=uU+&OfbI zlwCz!SA%=W>wiU=k3DPF8!OfHNl0(lu>1zNuNgv(R&WIyueieo^w$;8E}Wlu(~x!7 zh6G_-?l8jD^L&BdMOH?)a|f^hGQ^?kPY@z>Q4LiqY8it01s+Q!q$gR;90KYH*lMRH zBnq-!IWva}K72V`x_2`rtW}MeM+(;N@kXq5XeP);{OoKel2M=E9J?6=Ki*tX^?tCIx{?af}ND86qtn8lqk+RfXjEdZPeip8qD#i2Py^VQ=m@ zYnYb;ud$m!E^+D;bsZXDQ}e-w&2npPWc%r`P&@& zhy*q1rH(rCz1L?&HKUzVs{QAiv}VxC;2en_J9E6^OP&*x1l$)Dvt87Hf&ZG1G0NO= z8jEZdrj#Co*uJK?uIX)8tH1rqkX409DTjHL2sDp!CbIa)52XPhQCu)+ex8{$9Zn72 z_wffeeQ1Opna7W0CrA`5{9DdgdPn(AaMj##!MX|cquB8eh{yWsGUgV3Qk5^1wX5h@ zu;>M;^;hgyI4BmFPn@sw*~H+xG5T3br<#au)WU3t6~A}aU>_CKH=W!VP=44djXq%# zChZpt9z;fg5a~O>h2|3%QeWBMEDSxuUwuG&@U(W4^+qjWxxcP@?uW9RCb80WpSL~e z#pU%-%;KTEIPIS|-6!;MsT;#1)YrUZQ%lM9kl3_=90c_qJir z7tEjzyRVtKGk0VAH^FW!LAWzBcC2JvySvIVWe)(d8%{ahsEcD&KQ=HNQ?tb?&3;&D zLtG@LkjZL;ZW1xgnVEzPYv|cP5dMDqxrO@{BW?3TS8yA71!oDqv(aqCDwX9S_Pdwu zK>*6_h!EF=8P^MDLw>0p9AT>${`)+Ev<{N5{NQ?xU=5t$uc<4|Obx{e0y78HfL0LL zGSdWbpQv*v0Zr>kgF>C`x-J%1-80y!U;w%d(bu0KcBk( zq)k6u)`QxZ;zi-`>GQitLxKp4mlj472T?!<&$JRgrjH%afNZ3l3jM{lX|v+JnYM^ao+lUNE@JkZ~6Y%WX&9$df( zMSm33X)xY%F~K-u*Zsk%xo?sen`~pc zY8aS1Ks~G=M4YuK!r7-Vq@R#=-+sa(Xe?mJ#qlm3SAH`Xy3_4Ho}(`f!3YRA<4OJ! zl<7ViI)zc-*857uP=Y|b#}}+0m?PqwvQ5@ERg_!fg>ppP?H1Yrd}B>6e50jJoKvbc z&1f2Or!F}LIDhN(ZEA7P&yDrN4TL8N^1$OWSJq;G+vnpsg^K0!F}EGWalmFj4QQUzyLfUPJex!f|Q9;VT3}J=69{9?k3UwsKbtq*TnJ(xR)fl zlP)lhvMl8yVQ_MXE23wHQ|IuGlpvqC zH(pklsBu+{JNkXYpv}ESpW)igfV|$H*M8yC%Y4ZXB1JG70(VViO-xUcXW?35>DySi7sUI(O?C1In z#g~utvrel(yjvA{J@D2vscv%!;oOGUw%~>0|My7WtQzLf>pX<}ip;(HFNu-vgBv`S z^wsqNt(Qtt0Nx8qlJKPuMHQ9eTmThm^_84Jx8lt#F21=^9pHW&Cp8jBw_%)fsD=9^ za^eh?iJg`DvK$x!(>41kIQxS=cD)%_uNR6f;1|T!6vi{M#W*Ke5t-p3RB(H13t|w- zA15hrxZl(ut7U~lo%m_!Yb$Vb4TfgVRx@sUS@?%GuDtLzUODsXP~X$k4m=!x4E8~o z_~XG8z5n!|Kmtzo#UO8@1~3X?o<4t}l8znFW;>i_e%gyGred6>o}N^dp+n!TCfTkx zy^vkL{mR?tB+6mvz5%O@-)6M;ea% zjxo~Ba-j@T;nXqra%kW`P$cF5bN-zvhfIyUHo1+w(9kY<7QYKVV7pn`Pe#e4j-fgw zF=Jsa=Yh$i>#do`ZUlDo(#e(dCK^=&z7utN1YNIw38i%1j(d{k<}fS+P@WU%+)I0x z11+|i2B8_0Zt!4U8kKZ^(h z4F`2WO6gW*8mu~EzqxluUzkjE`?7<6A4dtk*aNa(h?z3j<4w*qZR#iKQald@*TetF zaHyy>1h-!?c^;ssf)U_<%@L0I3SGbr-yrjEn{ChRzav#IYn@m|`@>=ycoJR*kfIL> zEt(Vl`FMdID;|%nGlOD7XDepjxHuh^|MfGxkY%J?-z%p|a-a;yFmSI|JXM&$iuxIC z4jLGiC9O-Q{F>pOrp3g7kC_ZB8x~EGR{Ha7*|5)GLAGZJG^}fI1ov>^T{qi%TnE}5 z_DevDDDK7={nZMEAG3`#8$utdDh!5nlorVWp-FJ$I)u~;I6zaAC`v%#CTGTjC{N)B z8G-5dHK#(#_&o{83H9BPzJR!qe1Xp>eF0!?ND_96(6U(TdyL?d5dLmp_+ffcrVVVr zok<;~G{ZPTZKUcyp3&UyX`Xi^ztHZ_bnTD`?=6*tw&mPeg$8uhX+`qRnd4}CW0_Tm z6_5k5k|&wI;s0V`86nbxDiM8{*dN*Qi_R0RP}J^`{F@>TYSD(lbmu&&ZKWWY{`Fro zCFYZgZtUzK1i0Ie{1u*?yos`wUWbqkbDA|&pSSJq)oLZ76q&!kN(x12&JAf9jrI#5zgsc*kB7EwnIbyLTFWcc! zXOT=*io&6TyU~3utr@iTC>l?G^ zG@z4cS!(d6I=0p@%>7f>VN|vZuQ3lT%N|s$n)ay?&L-0;)!tyzZ!_dD?mZwT1AB-D z2F*0GeJ6qHvG@60b!j%+gbOg9{GFg-hoc`S)j+By4n}_L&_3N6#M!Ttn`nF6(rO5s zFQ>44(*K{|d+ckHxPWgHwqsv1!XX{i8L!rMETJrMuG^kbq2R77R*|U@ohhU65#u4N zGe6~+8QfxazK%*`sV>cr;jMOD-q7K#>d9eP5lx)wt$gf|`_5lh0eqHzB)zy*D9vVW z4U-c5no{pN!5^-m(I|CDE45QEwK;a#pi^yZQfWw?Y2qj`+EzPXR-w_%)TU8rP(D|! zv{9`%S1D&VT3T%`y0=;9aJX;o=Fx2VOMs8=lG~o8O~l7;KVt)Bs-_l}HD{u(G=fKa_IO$(fB}@NGNU zL`m929s30tg?U+-dFdw_1*%o0D;k-IWd%-U^2>5mAag1gAdIVNvTe6vIsy(TEtPw14=tg}fQ;bVTQ0oW<9jdrk8u%8wx`tlVq zGVUzpj4$lV=I!XeDmu@7nl33pO)7!ry~I&vrnmXvr_os1`2-2Oe-+##kn`K-EUV_m z3D&n7*E7mEqZCBpLXvDJYHuE2kGgfjemAj}FaDb`0N8SBFv4)0gmFwsmhq5sIJQgM z1#AWhiVe&(FqIeZn1A>Ek@pR8g@Z+<8t7-6M8p1Xdz75{4qiTEIC4F6Dslh&2HLC1 z0G!j-$v##g$@YFNSr=H2@3~-tM3RNt`%AiQz_|k^N$APDw+Jq~@LD z%s9f?s3ro1$f+yPIJw$OTV9dQ$LUg$R2RXKN~N?JsHQ{GxY0Csr`Mb)VGV;x6PG3C zLoen>t07ID4Nn%qdi1>Xw-=uh&d$7c+ust8newmDdW;n(Xo^a2&9pg1vR|pCMv)>% za5m(Cp_OLX5BVK#w%b5((vuedTEk9N3 znB{)>tN|aS-z8bxl4?|H!hexu47g=k!&WqbiCR)a{EKcpV|c1EyX}Hc?()vci5do( z>z}Q3LKrwirE&HTwi#}{ZVUg?D7Q70Isht40qUGbqY@dUrT-)+O6Dd_(Z{hw=BAvg zyY;hpvbR^y`IEfC85=nCh|HXG`i4(!BguB3@q#|dd1sUJG0dC%?bga#TJ(>rHi8sj z^%ht>-wm=R0h#i#VAC?^Bc{o{oMq&2&-J3w(bbR7zdYjTp z?sV2TK^n$F=xvp&;0>l0_5(yQ@jhY1{nr)K?aMdlPdU&Z=pg^UnU<6uHh!Z2O}PBu aPpP0FDF4m9{NH7eg2PS@Imh-t0!JF229vO6!V zhOAJPWI@5ufPjFYfSRMVbp|32sc8~X$pMN-Tsy># z`Uvg1>H!+4z9@>=zT2718&|tBui76AAJQMbql}HHLxTi0O5`Dj_pEcDU4lP9o-xlq zRzq53-EDI|jjowHgz?eIL3@MefavS3BOKrA2fN~-uSn6pr*X+r4q#7T!3dV%M$4=`>zdN#I zvf2)6rnh*&8G^Zwmw^nEPZpIR1+AHum+*D5UIbFp*jeGL>gWgJ)Zp zK8cjMa-g%?gC$qG>rwL*zG_tG9B){LT=w<-gy;H*w;D7>t19nPsJv7eMgnvre7gK* zp_HM$HArlsKFWJ?S&>g9I?4YKd~-2Oc+m)>z(-I@$mNcKbW{34Gp~=hS7A~oub#+T zys>XD#@S1Eo9z0Wfq3<^7~_TGCcTvqTWgQ3Czxl$$ZcmfRTdWaSe3dRx4 znYR2kV@@P;j>wVDwnGkw&v4I%P7|Xkz-%olIqzs3T|PS%qK~p%k}vErJ9uR1M_Tb2 z|8}%uBZlHzqCYo!qSasUHnb>t(QX6B;E{?Va*GBv^ib@tTpXyXn#+WDtLl%pR zgO|Ev59Cwn{}7SFbOB%{66nFQVaG~LS&LEgom28iabVV(YBa>7yC`JUU`kSA{AWgty$5T4mDrf0+ zn4bu1SXA!tWMr5nNr&XI>a;jo*UpklFFaaXQJ|;taOl^ug#qYLUB|#CLJD3c`RU#J zyHPU4o8WUJblR1hNDPaiKS#Dtp_epCa=Y61R7?O!2_eA;v-?${gAoAIl}-lANcPmt z-PgU`Hhxs_t&u#EvmySEnSC%~Z1^^u1*birk2FgcwN{w=7mpVY30?sH^_4^50mCK2 zZPVdl9z=;*JOJTz{_G0Ly&SyuO^piV_9aa2fNT|p1!X?74e=sX%nx!3F|3B?@~ICP=wmT*_(=HF5+L69R8$+E9y-hD`F(D`qp)KL}`-2OPCY*d4~5?YOCQ$3Y`9^E`&o*+eisPoIi zcS$GK0azYAez?OeFPoRx*r!StH`Rf^(9^Y**X6KhtAev_bd0;;H%`T=$65TdV9%)q z1b?9d56~-nFQg;9B_8LY!0u%5}hx4Ypp*+j+StXbuW2Te-)TB7t<%aS7O7izRCG`E>I`I z)wbW^zO|i4*6Q2!wFyQ^tizOl-L?9bp^&CG0GNxbtXp~TVXQZC_Y}bn8!1031V=k! zURE0Gkq{!ED2ICE-YUd4}y_^30s# zS+b%r^Jb7g@AKesi-)(nXchX zZNh5l4P3xk)A^s!xH)1b9=xOA&0_q%g~ejRt*X8VmeZ%mDGE#0gM89~ICumf0Dl8Y zbq4*-+q~W*9PUy1ej~pQ|FJ$sn~dp;aeY(RUh<7_3@Qm812cIS}o-&1ybf^w%`0-L#j%YE;5b=DJ%%Kl0*l>SKNblJ2T1 z`piq&;|s`if%VYGenYMSyjZyK0E{|!Hvz5jW2iUpBRIW+;v}j*k$h?8<1(}obG8yw z*E+$#jx2jOj#mgEADt~v)lfwBYoLjioo}-^wH(L#M<55K;>^~^kbd!>*Gof_xIee$ zkViWtRb$~YPvy8oohr+l4oJ3fbdI;Wnz(1mN4#>kCKR#m-;8=)gCkbjsvo7*Ys9OC z@|*RB=`T3U*qeOG0|R^wXULn}R%`JZ%&s_nT3+?1-*J`Kv>!ux)K|G(1& z`A63#E-es{=NK>$GElNG8)|Yalr+TI`Trt$3(6XxatA38Ah}AC^#P0l&p5hsFHTu< zB)%`EIqNtV5U~;3;zUXo&N;x7NeoQ9%Kfk-4yK<-MG-Fd6~Kr2Jg&Tr#r@V1y7GJM zHeK5fq7xt&iLyqhyRPv8MIfQ+IvEiSGRBL_wy%VD%lC(0*MPA5}dJ87>QS1=d#p0gM8o`gSR$!AJGK9w~nVS#cng?Ns9Xyd^j+ z)}WzC-P#xaD9&YsyoJazLWj;rbU;g&i;6_41fql-p$-q4rpMivzj)BFa5v9=Fg5nINYf{6EvUTSF?hsKmSr7z4fPh0K<5#^OG2oejE=h0fTzJ`3JAGo z@Rk22r^u*FHcIa9OS448dVG|@yHe3;F*olr>U}soDQ0}`OkYjh9w}eJh^NDW@}|L# z`rP+hh(mV8pA|#KTUqj*-MYQJ5G(;^kH&%}b0^*o>YlAEMF?;FNL$D_(b^KMQbB!- zbLA{G8@~EsbDOQvUS9NZ#IzKxE*pB}H+jBg=_V41vUswVm}fugy4R1%lcWH?u3bCT z1x-Ernq8*gxi2q+u77ludO0}QBm<|KeN+%Y_Y7i2wj%s7zcGs zlf=9R=esG73c0ce z5f1yb6xu>kz?k)F7tFVu{<%nsRIl4>vTM9tNvicmYN$@U%|E4k9{fDT2JJbwTCN>W z!IZ72sA;{?9^*$ljl48G1gSX}S{SOux^?C3J24B?P+?fgV|x)WmJO7hxNrD$P&hzC zbhYn*j-BYh$^>YLlrI~LEb=Hoxq6<5`eP*z;8q-A--;8Xh`hMk;di8Y5{%}AG?{iT zgxSa5{Z1Te>mf*fIvOAb(qkfUgi&@KMt>X&?fh-VR+D_;qOJOgMMG|Nm1(RHg03^yLor)-qE zY9MB;G}r3&V@;Y;UZvRT#>@D>L9#@H@{wSQrf6<%iE1 zmh(-Zr<=?Bki%kko*jfjhVu(jHB!s+R9Db=>Z#PEKrMiM!;vRaRwB0)8i3G%UZ{)( zfK(TXgaKI9{$Xfr>^EyW1zMzjvQc2TBHfzc+e5#xPhnZX$^WQyk$gd zR(8sEaK^{3HDET=I^T>FWOtD2uReQzfD*vWXD0U`zyKI!M%;CLn{~bO$v(A9c#l>i zU7X3+CbcC|^`2Gc5ca&O%hw;bG($w#YVWy2^p4pJ>4+9*9;|s-GT4deT#kLUR?Hi0 zhKwD$3!SjE86E^vZo=<9UCzap*zyj86a^;qmYRMn(vBi0rjlGh3n`=}M-q}P4k_6p z$@p?+G66`5g3XMqng<=8QS3B7W?E`Z7VLWU+A_EdJxRXj+jp|*e+)aGl4(xk#@w!v zr_15-*P~db>dxJ4WHf{}WVrG~yg)1N_M-wigUVUz%-HaA@ zudjW1?*&n))BEd57vj(rL^dYq($?mT%4qr%B4lEi$!KuR%l#8zRnGr-Z)#6Q3T=_N~{q?ig>p<}s zdG0{hKwVY+S20%+)w_FFhr@EKWs(y$eCa5gPN|A)%B4;m)W#=49@z3(Hjx=|JB!0T`T$j2e=_yS|oF~IpcY1pIj$BV3R*1>8JC5p)x=KAuJ-~>( z$#g`JhD<7jnmIGNd|p-E-WYr&J?@c+T07eN_a&LP14sI7;GZas6;?3cm7-xWHEJ_c^MPO!d9gcgvzifMYFopfJ zKrqDph2B?_yC#;)kncrBs%7XF*hQysom@yTaq#$=tmm9@T0`x1H>d z6gsb>jmV1?|AC*y!Sj_~1YED3)&R>8Pr^(E3|WZKvAiZ?#{CO=q-b51M4DpCD-yIk zxW8mO^|V2?g z$P%FGyEp!Y6t~u4I1r*HWt)+;yAiV9Ji$TRPd^mesCF*6!iJpG!K0#k-w5eKJC@%k z^@k@w!}EncSz0?4)()`_f&Gd3gA6zjKV!s(OhE@@1b>5KICDv4Y(Kt<;|#$R&T=5S z33WFuGLY*`lGbE72gqE$ZX9zuulGA_TQ;{9%}M-6&!1z4W{n_ zn4s&v3%TnOuD&}!4d$I8~ zdgDNS)$!Iw1G7$Os%Jstd6%dSHzvF=+^MHj~)+5jNa(y zew=cddb|F|j$5yV@Yj0nBd)vHRy89k8Ms0z-^V_MO}P>y{BVs$MQB0B-IUMd4`kI80g2F9V0rcc2FQROW1-0-tlX;ob_C z8Qp( zZ%_ExNoshQ2dG9q44TT`a?S_zx60m8hiq<>{{-~vUnt}!+SurjXI^l+Q$W*#%* z0-f~+XA;`c_5@!XU^1Wb&2l228d-9#6c${s@4dHC!>{oWAt74m8s<;0t0G6DR=egC zi+Ds!#i)_$=vB%4G7lrd^L2iSaWI{Ih=mJ`HOSqU)>x-Aem_ z%T`U#YPVC^ygFjw9xnA@_0)3|&MB6vz|6mh3ex`G$^aY-(Cw*XSLv!<)-{eD^@rT) z>O_dx;&1ASLWCn9LtZ%&WEV8nAhamNM$5pOL^o#GxctbfOmuvRHm=^7H{xa>LM_+9 z-m8bPXCx+$&0TZs?!4w&yV`}AO=r4L@(niIyBH!*+xJ=4c9zb!_0D~8Fctl z)?H6RcaQ!0L)0bu?AZf3!d}`A=00KDX9@VI7TO;_%<^hL3cq9&gjnwQKvmGV?#!KG zHU`o>Z{HO|s8$O2rq(-KG6A8s&qpIvmD@oi*&Z|&T8n66zHywO0nYN7)#2zTJjoC6IE%*87kR0g0I;J#+mt(GAc4B3ECkmOF zm-fJBpeSe-=AWvPzi=ao&Fba_aVX3Nk2V`!9V-v!e!3!f$yK<704fmXV+yT+mJ9)B z_uzL+rr#`E!uK^alW1tQBEF~qF{e(q<_QzB*?OX{SdJxr)Xk~nm%joLr@$yZk*A*6u~!{Tvb z^xoHM^oRxKNmi~Ta2khR#%A90DMQ#M#?u5zkk|cql^?3?fWGhl-w1rzVHBq zJTA+53N$F`O~vi5>v+t!1Wgm5T}2)}hy1&-KOhj4x;z9Qs z6xfo;|4BC4fH#J>sr9pjwSgeqQLq#sI8wNkL30GIG5miMvBAbRhU2BDVYF0bho ziT;%^#96Ch!L+gBYiI+yX2?M=+C(X+5U~4^pvE!w_Zov8vVzQeV+5I40^aSkgNE36 z-tV5H++515TL9+3QoC&M zCq4bE`YGB@D!7MJ0CECpzDlH5H;RQ^DGJ)g?n?j>A9qbbfv~D7iZ!#sbBU?tdDMm= zPNRk0@^r4GGw)HyZZo9YZvZ4!98TxE6Q1sh5muEWdd8B;d@Yh1SBJHYl;X8IAoY5W zuf{HHBH5b&A7D`{oK}k-{g#Ts5GI_K+HR6ye#_K!H4r_-E;1=%3n9xfgbn(w!@v#Z`B#s8#l9nX1CbIT?A?QXXB+(BGelK?FT#3PXNV)SwFdq| zqc311(t8-DuQ^TByE+~x?8k06)L}8KxndeDZNelCCqW^-vsme8&LrIn7XbNxu$#PUb;E)-0m(;M zhZqf(&1yu}1|bo2rMN%Z2suG%tSjmU(=cb&hR$?;v60Wqw|9p%qC}ztm=&2u>WouN zug}h7h?NuXXc(kn>>p3IF<@pGj^_ z{e<{Fm)8A(YZ;X=22xl&y99MSWSs`TU%`1KIEmb&`b;?`wsYc}??qn&V3&A;aYY$ld^#C1^ZWX5#+ z(4M+iBFF5^16sZ4nH}+bz%N!4v69ijR@H;m%N=*X(2g>%(wW7l>IWXEb@dIxzul#3 ze2B4(^~(=2L2#=`Y8?#HST;X-z#^niuA`7}j}(#O+pDsok1!w8!9=vx4UzsPQBB#% zhHil3SV-#AnDlA`beB|DgoNA~FcwROx6b(tO4^pZo4Iw0Ky)_t`CsichbL^+Z3MJ> zfSc1oTYM-Z?*H#=TPS`MKQGQ!%xwlf$sNjg`_R260R0wk#Iv-80aGZ@y3RvB&5EW@ zqPn}&?x$;}TCSG@fv+t(of|6+3#Dod;$*o$2Pb3c1Hf)>q>wI2-btB}_NC(yI9QhzKr)nJEBzj_1SPHG7$TqRXd8yg|{y1K3K|*mA_Yt|oR&`pniD_%A31T9KaUqsTq%^#+LCTYt7xW*Ad{s>WJN+S(?t*wil~Ify=xS$l8@Wv~=Wm6lT``H>vT%>msD%2kMQ@S&U2_ zsU0

    ;YOyawtNJ!HM~50XCrliNGa#9a@S6TTIWXe~YQ9oB0|=&YR+sh(Rr;Pjg|$0%7)M!aAcamNM?fa#`?9APYh`~NjFE)P#?a7QkDb0>i6Lq ze_I`-T=0OwaY;_f>8J%OHm`D6X48PaQf;dcW^UUm-!K&r}t@yw7`}f znDvp{9O)-%v3eQ{H^%X(&ZU_<|LA-hU#E3H!_K6n7pV`_I2UM=KyOQJL4loO++7RR zn$oOXf~Nu2&Ur#L$wsFEU}n{s4%LS;os1OYS)OVe4)tmgXBL#>|h)A~=K)FB=F z7hy~OB{3ak75Mm9H?8L+B)oCwE<}!wvt+WNHYqj+f|XKCwS;7ig1LS;ysXNiiN>Ao zT}~WSwu}W%gM`p;)C+;PEMMCO=Sr7jD}+ILIZ`d5Um#kcqy!cO@X9S_W}I@R*#SJ9 z8+m=Ixu7P0ftw-pF#;|g&ZCO9W*odS@MQ9}Kx3tfIX%#RreoT4_TjW$d` zJk!7{D-jdU;=y+W_`RL>n*+w}2!~`YfG`MRM|Ecy0C{B`>iZ~$QV7mncJjPJpbJ8H zYV1fcTVr{I2+0C9t|1D%z%=)ks=X%xLv3e??vrr~txbfNf;Kh|YqC>sqPFbqVbruB z((Pb{6^NSgpyk)TnmaX8qob_uK=`jmNNk>j-d3v#VIc4Ui2)Q5Kv_gkYzqN%jy0|@ z7!Yt6>rD6hYkg`BP?RJk$i72?UeL{s`*31LJzs-yL2LZm`SAu{!A@2yyd3>WE35rf z1Fp6}1X>0EsEQul@dEN3?0ft@zaA!5F^o@dmS-R!uar7Myr91pl4g$}?=x}o=P(&^ zf)9v7A@%1r7s0V}rN}RJu};bRtI>ymI6=@~E=3_6Xw)%>AK*w%wmY!` zxT7v?d`0>>XiGa?OMlaNqFtxSUL#!Qbl3f#iE1&E6L56>TODG%vzC(q3wUEO{?L95e(_=b`0R(?6J~B>enU>qkMY>b z+o6En9{-74{c-R*erIfnbOGs}xqUS-f>&$as-B6+tL*Uz z7g!0rDJ}aLr-0q zj*EdRllRmq9J)>S%Kx}IH@&S+eRi5gP2T}p`v;8%E8@Yf0x&b_SM8IVtV7GmvoAZE`zkj*ui zKSa4{r2lRF^eqtSrnXiTDS{fXjXWSm0nyK%MRiXjNeZ6!3{rE2naQ5T%X23l=iI`L z3qjvKdsY?vYXR4mgRSc56o5%^9-yD6-M|e}7mHqCI8JL^d8dH*P1Lk)f2fT)i=7oq z71>0bJGq^Mo(l5crd{Z>U;c!!|30v8pA z4`#ev&OkDEu2|qnL;l^G?X@a9I@zPXKQgFdL2irov^@8q^O$C^qi7e~x8qw#zP`e0 zML1=Hxj@wh)LB@%6GpWaa%;Iaj(XX9Tf)vi*)x>*s&oksVxyMvuQ5s0!`INX)Z zGxcoqO9oxj)JpOu@KUZ*(+=<~W2%uX$OyZ(Ka`6Y>%VJFH1a}a zz2a{EE&PP(V(vH@qnG>#*(HG-gMGCyb$qiu`_u!^XWlinn)a7U6_+wD0I6Zc$%VVn@!TBnk#x=Ub(j~$D*Dx7 zgau0gDr~%o#2XL=jxcQ`!4K3I)&?Z4Ih*WObk6dAHQp>IN9*0~NH=AgFb4{QNl(PL;P$(Q5v@=3&Mn!UH~dnN zuXdD2Q1wc+;jR<#==6$OSn!ic|H!1@C)rOSZyZ9+n^BlW3~p0zNWiKuf*lpkJbOKO zX~uyfJo5$;@(cfp@9;b%69KbVXe_vfuxngAV!aoCf3Q?BA5*C$c!7v z_nAD?T7~@7v*A>4-|P=5hl|L-0wwd|fhRsjVkTrLN=6DOBeH-;=er9-n}(i$c=KR& z2>3@SAgs#vffXnU(yW}oI{}K6gVe3*@eqLT`tEoR$z^a%5I{ei-~TfK0D3Kqn1LQR zBf;GcHR>>mcL*p>z;%}Mq##vzx<0F73Rk+O^4R+mq#!V|yEP6F5%7<`9uWPxIxqLN zRyd*VRxbviTvZ}8S3E31rGVH50d*(n0p2b9``UqAji9|g)-i31^^P#2ei|6O!4c0b zF`)m>$TU1d;Mn_M(%K(6}x)zJq9?@_WDOPmP9hvZs!5K2(ZdMDw&)%U@%ZpLHsbDZ_cjv zFgT)C0u&aBkun*&+Wc{vixR@PRpouvBUCQGo~Nq<2ta3mz{`~4eH?NcO% zni8g;|81!l$HKCH_3t8uaeb|?{^M3M9E1-Et1^=0$l-|QT%ki~XIUuvTY6ElKaIvd z0k;Z>o{!sNIv=3mZ|~Sm0i-_F)hHU*#?Kv$(=>(09h#M;70F3g2`2%e_syN&4Y#0@ z!Ktf*|Aba}9${NgbZE+s4z5v}nV-$3GbGeUoI9=xskV6JzH5)j`&D+= z@U~kIA-f_-*uKq98SJY~>+xwu*;Sf9Dog^FYI^x(jon9-Y_V%hkW;ikq|0f(YvC-D z9O7NfM?zLAc9OnB!jsU>P{Belk8a*bpn0AC_-eE^Tk61Ly1M;C%K}d{L#__jKoW-X z*{N{7HI8>$CpX{ri%YXJcC(q#_WwWcyzhBLDmbFGi~mWh?GV(?Yl$#z-85BF{s3A{ z)s{*JTPgJ=8D-W=YruknG%dknc3A;^rcbNbq&7N=qBw!NcU6tU?y~+&dX-6pg@IZ} zcDVpz70vJYpJV>qi^paP&&KgFa#!?vZplWQh?Pp+f7H4wl{y_cFO$o3wJCI^toHKM zTAZmqEozgg78)|ib}1jrRhubQod7i&c¨87uj!6zN1AV)hH3ka`O6s@dnX`1l$b zXO+lx7;1S#QJUmk9({WAa|l-NG<*ejnMHX7BFb;{Y&-ud<=P$-mFTPzjFr8-EVQC* zMPeI1T0^m_`KDqHYGKZ7l#)c45{_&)71h5gDr_qLGD{QBs=hLd#_q}TYJipcY{nL9 zo@cvC*$M4bTKBq`6Pf;!)r{pVUQ}3b$s(d#DVv#x>i6BUc{YM3>D2d0Rdby3aXL~H z3iQ#ELAq>^=AiCOHO%A-6BT{AswsYXcWs7|(u=xI0{SlLfb|PQdah&VW!XP}jlP+S zRh~?db^B=I8in0FwWr;+*8!$D-Kkx!YNO5**$43pG2H6Cxq{yq3Pio0qs^ba*CTy_ z)-nfhBZ$$5bZHD>$dcG5;|F!LMqy$VjT-&?>BW{qV|jvVkqt$5k|lP6(v z|1c}pAf3cj%>)9=*DpSB{A%>R+AD8?HW3<%*fpM4Pq$&q-0 zQ{pRrBnK|3`n_+;Do0_H&q6gI zL5Ed{K@#_&aSGf&7@-l_pS%k#Czw>H@iRZ!8hp$oqdZ1pBKWfx5EXHrNIO> zY-fQ!^TE8#XMmnX;oDlaGydm-*EB-6_t$jV)_gHegd@jogas6woBTjz&XAs2Y{Ubv z@}KFX-L+E}$xdDDrG=mDHBscu?mXk?+x`Y5APfFt>>8G=EWBU#Kp47QTQuRyJdD|9EZ_oZn)d~j!(ogio&{?#6v zA>3u&J3}fM<4WGX>{&LG9ygNTB)3>TTDVA>2eTRTUFO7hfm6o3gQz6jiF*IOV7`6+ rD#-$apaK2=tSia?SosM5XJq;Rem(uq-}3*4VX_b#8AK)P|A7AsA}L9Q diff --git a/Solutions/Commvault Security IQ/Package/createUiDefinition.json b/Solutions/Commvault Security IQ/Package/createUiDefinition.json index 42685901138..e099a065819 100644 --- a/Solutions/Commvault Security IQ/Package/createUiDefinition.json +++ b/Solutions/Commvault Security IQ/Package/createUiDefinition.json @@ -64,7 +64,7 @@ } }, { - "name": "dataconnectors-link2", + "name": "dataconnectors-link1", "type": "Microsoft.Common.TextBlock", "options": { "link": { diff --git a/Solutions/Commvault Security IQ/Package/mainTemplate.json b/Solutions/Commvault Security IQ/Package/mainTemplate.json index 00bdf66f67d..cf69ebbcd23 100644 --- a/Solutions/Commvault Security IQ/Package/mainTemplate.json +++ b/Solutions/Commvault Security IQ/Package/mainTemplate.json @@ -136,7 +136,12 @@ "triggerThreshold": 0, "status": "Available", "requiredDataConnectors": [ - "CommvaultSecurityIQ" + { + "connectorId": "CommvaultSecurityIQ_CL", + "datatypes": [ + "CommvaultSecurityIQ_CL" + ] + } ], "tactics": [ "DefenseEvasion", @@ -225,7 +230,12 @@ "triggerThreshold": 0, "status": "Available", "requiredDataConnectors": [ - "CommvaultSecurityIQ" + { + "connectorId": "CommvaultSecurityIQ_CL", + "datatypes": [ + "CommvaultSecurityIQ_CL" + ] + } ], "tactics": [ "DefenseEvasion", @@ -314,7 +324,12 @@ "triggerThreshold": 0, "status": "Available", "requiredDataConnectors": [ - "CommvaultSecurityIQ" + { + "connectorId": "CommvaultSecurityIQ_CL", + "datatypes": [ + "CommvaultSecurityIQ_CL" + ] + } ], "tactics": [ "DefenseEvasion", @@ -403,7 +418,12 @@ "triggerThreshold": 0, "status": "Available", "requiredDataConnectors": [ - "CommvaultSecurityIQ" + { + "connectorId": "CommvaultSecurityIQ_CL", + "datatypes": [ + "CommvaultSecurityIQ_CL" + ] + } ], "tactics": [ "DefenseEvasion", From 3cb481fb7fbe9831d0881ae9d15c80f65d4b27ef Mon Sep 17 00:00:00 2001 From: v-prasadboke <117061676+v-prasadboke@users.noreply.github.com> Date: Thu, 6 Mar 2025 14:16:51 +0530 Subject: [PATCH 17/17] Update ValidConnectorIds.json --- .../detectionTemplateSchemaValidation/ValidConnectorIds.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.script/tests/detectionTemplateSchemaValidation/ValidConnectorIds.json b/.script/tests/detectionTemplateSchemaValidation/ValidConnectorIds.json index a34c36430cc..c9aaddd16ec 100644 --- a/.script/tests/detectionTemplateSchemaValidation/ValidConnectorIds.json +++ b/.script/tests/detectionTemplateSchemaValidation/ValidConnectorIds.json @@ -261,5 +261,6 @@ "IllumioSaaSDataConnector", "CTERA", "Workday", - "SamsungDCDefinition" + "SamsungDCDefinition", + "CommvaultSecurityIQ_CL" ]