![](\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/onapsis_logo.svg\"){kind=logo}
",
- "Description": "Onapsis Integration provides the Onapsis RISE logs to Microsoft Sentinel, allowing SOC teams to ingest, monitor, and hunt across Onapsis data. This integration enhances security by enabling faster detection, investigation, and mitigation of risks within Onapsis RISE environments.",
+ "Description": "Empower security teams with deep visibility into unique exploit, zero-day, and threat actor activity; suspicious user or insider behavior; sensitive data downloads; security control violations; and more - all enriched by the SAP experts at Onapsis.",
"Data Connectors": [
"Data Connectors/Onapsis_PUSH_CCP/Onapsis_connectorDefinition.json"
],
- "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\Onapsis Integration",
+ "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\Onapsis Defend",
"Version": "3.0.0",
"Metadata": "SolutionMetadata.json",
"TemplateSpec": true,
diff --git a/Solutions/Onapsis Defend/Package/3.0.0.zip b/Solutions/Onapsis Defend/Package/3.0.0.zip
new file mode 100644
index 00000000000..f7766356579
Binary files /dev/null and b/Solutions/Onapsis Defend/Package/3.0.0.zip differ
diff --git a/Solutions/Onapsis Integration/Package/createUiDefinition.json b/Solutions/Onapsis Defend/Package/createUiDefinition.json
similarity index 78%
rename from Solutions/Onapsis Integration/Package/createUiDefinition.json
rename to Solutions/Onapsis Defend/Package/createUiDefinition.json
index 983529aef12..6faf9c5b645 100644
--- a/Solutions/Onapsis Integration/Package/createUiDefinition.json
+++ b/Solutions/Onapsis Defend/Package/createUiDefinition.json
@@ -6,7 +6,7 @@
"config": {
"isWizard": false,
"basics": {
- "description": "\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Onapsis%20Integration/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nOnapsis Integration provides the Onapsis RISE logs to Microsoft Sentinel, allowing SOC teams to ingest, monitor, and hunt across Onapsis data. This integration enhances security by enabling faster detection, investigation, and mitigation of risks within Onapsis RISE environments.\n\n**Data Connectors:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+ "description": "\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Onapsis%20Defend/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nEmpower security teams with deep visibility into unique exploit, zero-day, and threat actor activity; suspicious user or insider behavior; sensitive data downloads; security control violations; and more - all enriched by the SAP experts at Onapsis.\n\n**Data Connectors:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
"subscription": {
"resourceProviders": [
"Microsoft.OperationsManagement/solutions",
@@ -60,7 +60,7 @@
"name": "dataconnectors1-text",
"type": "Microsoft.Common.TextBlock",
"options": {
- "text": "This Solution installs the data connector for Onapsis Integration. You can get Onapsis Integration data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
+ "text": "This Solution installs the data connector for Onapsis Defend. You can get Onapsis Defend data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
}
},
{
diff --git a/Solutions/Onapsis Integration/Package/mainTemplate.json b/Solutions/Onapsis Defend/Package/mainTemplate.json
similarity index 92%
rename from Solutions/Onapsis Integration/Package/mainTemplate.json
rename to Solutions/Onapsis Defend/Package/mainTemplate.json
index 8a81f33ecdf..13e7c00ea3f 100644
--- a/Solutions/Onapsis Integration/Package/mainTemplate.json
+++ b/Solutions/Onapsis Defend/Package/mainTemplate.json
@@ -3,7 +3,7 @@
"contentVersion": "1.0.0.0",
"metadata": {
"author": "Onapsis",
- "comments": "Solution template for Onapsis Integration"
+ "comments": "Solution template for Onapsis Defend"
},
"parameters": {
"location": {
@@ -44,7 +44,7 @@
}
},
"variables": {
- "_solutionName": "Onapsis Integration",
+ "_solutionName": "Onapsis Defend",
"_solutionVersion": "3.0.0",
"solutionId": "onapsis1753213196681. azure-sentinel-solution-onapsis-defend",
"_solutionId": "[variables('solutionId')]",
@@ -69,7 +69,7 @@
],
"properties": {
"contentId": "[variables('_dataConnectorContentIdConnectorDefinition1')]",
- "displayName": "Onapsis Integration",
+ "displayName": "Onapsis Defend: Integrate Unmatched SAP Threat Detection & Intel with Microsoft Sentinel",
"contentKind": "DataConnector",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
@@ -86,16 +86,16 @@
"properties": {
"connectorUiConfig": {
"id": "Onapsis",
- "title": "Onapsis Integration",
+ "title": "Onapsis Defend: Integrate Unmatched SAP Threat Detection & Intel with Microsoft Sentinel",
"publisher": "Onapsis SE",
"logo": "OnapsisLogo.svg",
- "descriptionMarkdown": "Onapsis Integration is created to consolidate alerts, logging, and information gathered by Onapsis into Microsoft Sentinel. This solution enables security teams to ingest, monitor, and analyze Onapsis data within Sentinel, supporting faster detection, investigation, and response to risks in your environment.",
- "graphQueriesTableName": "Onapsis_CL",
+ "descriptionMarkdown": "Empower security teams with deep visibility into unique exploit, zero-day, and threat actor activity; suspicious user or insider behavior; sensitive data downloads; security control violations; and more - all enriched by the SAP experts at Onapsis.",
+ "graphQueriesTableName": "Onapsis_Defend_CL",
"graphQueries": [
{
"metricName": "Total events received",
"legend": "Onapsis_SID",
- "baseQuery": "{{graphQueriesTableName}} | project TimeGenerated, Onapsis_SID= SystemUniqueId"
+ "baseQuery": "{{graphQueriesTableName}} | project TimeGenerated, Onapsis_SID= sid"
}
],
"sampleQueries": [
@@ -166,15 +166,15 @@
{
"parameters": {
"label": "Deploy push connector resources",
- "applicationDisplayName": "Onapsis Integration push to Microsoft Sentinel"
+ "applicationDisplayName": "Onapsis Defend Integration push to Microsoft Sentinel"
},
"type": "DeployPushConnectorButton_test"
}
]
},
{
- "title": "2. Maintain the data collection endpoint details and authentication info in Onapsis Integration",
- "description": "Share the data collection endpoint URL and authentication info with the Onapsis Integration administrator to configure the Onapsis Integration to send data to the data collection endpoint.\n\nLearn more from [this blog series](https://community.Onapsis.com/t5/enterprise-resource-planning-blog-posts-by-members/ultimate-blog-series-Onapsis-logserv-integration-with-microsoft-sentinel/ba-p/14126401).",
+ "title": "2. Maintain the data collection endpoint details and authentication info in Onapsis Defend Integration",
+ "description": "Share the data collection endpoint URL and authentication info with the Onapsis Defend Integration administrator to configure the Onapsis Defend Integration to send data to the data collection endpoint.\n\nLearn more from [this blog series](https://community.Onapsis.com/t5/enterprise-resource-planning-blog-posts-by-members/ultimate-blog-series-Onapsis-logserv-integration-with-microsoft-sentinel/ba-p/14126401).",
"instructions": [
{
"parameters": {
@@ -274,7 +274,7 @@
"properties": {
"dataCollectionEndpointId": "[variables('dataCollectionEndpointId1')]",
"streamDeclarations": {
- "Custom-Onapsis_CL": {
+ "Custom-Onapsis_Defend_CL": {
"columns": [
{
"name": "incident_type",
@@ -554,12 +554,12 @@
"dataFlows": [
{
"streams": [
- "Custom-Onapsis_CL"
+ "Custom-Onapsis_Defend_CL"
],
"destinations": [
"clv2ws1"
],
- "outputStream": "Custom-Onapsis_CL"
+ "outputStream": "Custom-Onapsis_Defend_CL"
},
{
"streams": [
@@ -575,14 +575,14 @@
}
},
{
- "name": "Onapsis_CL",
+ "name": "Onapsis_Defend_CL",
"apiVersion": "2022-10-01",
"type": "Microsoft.OperationalInsights/workspaces/tables",
"location": "[parameters('workspace-location')]",
"kind": null,
"properties": {
"schema": {
- "name": "Onapsis_CL",
+ "name": "Onapsis_Defend_CL",
"columns": [
{
"name": "incident_type",
@@ -872,16 +872,16 @@
"properties": {
"connectorUiConfig": {
"id": "Onapsis",
- "title": "Onapsis Integration",
+ "title": "Onapsis Defend: Integrate Unmatched SAP Threat Detection & Intel with Microsoft Sentinel",
"publisher": "Onapsis SE",
"logo": "OnapsisLogo.svg",
- "descriptionMarkdown": "Onapsis Integration is created to consolidate alerts, logging, and information gathered by Onapsis into Microsoft Sentinel. This solution enables security teams to ingest, monitor, and analyze Onapsis data within Sentinel, supporting faster detection, investigation, and response to risks in your environment.",
- "graphQueriesTableName": "Onapsis_CL",
+ "descriptionMarkdown": "Empower security teams with deep visibility into unique exploit, zero-day, and threat actor activity; suspicious user or insider behavior; sensitive data downloads; security control violations; and more - all enriched by the SAP experts at Onapsis.",
+ "graphQueriesTableName": "Onapsis_Defend_CL",
"graphQueries": [
{
"metricName": "Total events received",
"legend": "Onapsis_SID",
- "baseQuery": "{{graphQueriesTableName}} | project TimeGenerated, Onapsis_SID= SystemUniqueId"
+ "baseQuery": "{{graphQueriesTableName}} | project TimeGenerated, Onapsis_SID= sid"
}
],
"sampleQueries": [
@@ -952,15 +952,15 @@
{
"parameters": {
"label": "Deploy push connector resources",
- "applicationDisplayName": "Onapsis Integration push to Microsoft Sentinel"
+ "applicationDisplayName": "Onapsis Defend Integration push to Microsoft Sentinel"
},
"type": "DeployPushConnectorButton_test"
}
]
},
{
- "title": "2. Maintain the data collection endpoint details and authentication info in Onapsis Integration",
- "description": "Share the data collection endpoint URL and authentication info with the Onapsis Integration administrator to configure the Onapsis Integration to send data to the data collection endpoint.\n\nLearn more from [this blog series](https://community.Onapsis.com/t5/enterprise-resource-planning-blog-posts-by-members/ultimate-blog-series-Onapsis-logserv-integration-with-microsoft-sentinel/ba-p/14126401).",
+ "title": "2. Maintain the data collection endpoint details and authentication info in Onapsis Defend Integration",
+ "description": "Share the data collection endpoint URL and authentication info with the Onapsis Defend Integration administrator to configure the Onapsis Defend Integration to send data to the data collection endpoint.\n\nLearn more from [this blog series](https://community.Onapsis.com/t5/enterprise-resource-planning-blog-posts-by-members/ultimate-blog-series-Onapsis-logserv-integration-with-microsoft-sentinel/ba-p/14126401).",
"instructions": [
{
"parameters": {
@@ -1061,7 +1061,7 @@
],
"properties": {
"contentId": "[variables('_dataConnectorContentIdConnections1')]",
- "displayName": "Onapsis Integration",
+ "displayName": "Onapsis Defend: Integrate Unmatched SAP Threat Detection & Intel with Microsoft Sentinel",
"contentKind": "ResourcesDataConnector",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
@@ -1083,7 +1083,7 @@
}
},
"connectorDefinitionName": {
- "defaultValue": "Onapsis Integration",
+ "defaultValue": "Onapsis Defend: Integrate Unmatched SAP Threat Detection & Intel with Microsoft Sentinel",
"type": "securestring",
"minLength": 1
},
@@ -1140,7 +1140,7 @@
"dataCollectionRuleId": "{{dataCollectionRuleId}}",
"dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]",
"dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]",
- "streamName": "Custom-Onapsis_CL"
+ "streamName": "Custom-Onapsis_Defend_CL"
},
"auth": {
"type": "Push",
@@ -1176,9 +1176,9 @@
"version": "3.0.0",
"kind": "Solution",
"contentSchemaVersion": "3.0.0",
- "displayName": "Onapsis Integration",
+ "displayName": "Onapsis Defend",
"publisherDisplayName": "Onapsis",
- "descriptionHtml": "Note: Please refer to the following before installing the solution:
\n• Review the solution Release Notes
\n• There may be known issues pertaining to this Solution, please refer to them before installing.
\nOnapsis Integration provides the Onapsis RISE logs to Microsoft Sentinel, allowing SOC teams to ingest, monitor, and hunt across Onapsis data. This integration enhances security by enabling faster detection, investigation, and mitigation of risks within Onapsis RISE environments.
\nData Connectors: 1
\nLearn more about Microsoft Sentinel | Learn more about Solutions
\n", + "descriptionHtml": "Note: Please refer to the following before installing the solution:
\n• Review the solution Release Notes
\n• There may be known issues pertaining to this Solution, please refer to them before installing.
\nEmpower security teams with deep visibility into unique exploit, zero-day, and threat actor activity; suspicious user or insider behavior; sensitive data downloads; security control violations; and more - all enriched by the SAP experts at Onapsis.
\nData Connectors: 1
\nLearn more about Microsoft Sentinel | Learn more about Solutions
\n", "contentKind": "Solution", "contentProductId": "[variables('_solutioncontentProductId')]", "id": "[variables('_solutioncontentProductId')]", @@ -1187,7 +1187,7 @@ "parentId": "[variables('_solutionId')]", "source": { "kind": "Solution", - "name": "Onapsis Integration", + "name": "Onapsis Defend", "sourceId": "[variables('_solutionId')]" }, "author": { diff --git a/Solutions/Onapsis Integration/Package/testParameters.json b/Solutions/Onapsis Defend/Package/testParameters.json similarity index 100% rename from Solutions/Onapsis Integration/Package/testParameters.json rename to Solutions/Onapsis Defend/Package/testParameters.json diff --git a/Solutions/Onapsis Integration/ReleaseNotes.md b/Solutions/Onapsis Defend/ReleaseNotes.md similarity index 100% rename from Solutions/Onapsis Integration/ReleaseNotes.md rename to Solutions/Onapsis Defend/ReleaseNotes.md diff --git a/Solutions/Onapsis Integration/SolutionMetadata.json b/Solutions/Onapsis Defend/SolutionMetadata.json similarity index 100% rename from Solutions/Onapsis Integration/SolutionMetadata.json rename to Solutions/Onapsis Defend/SolutionMetadata.json diff --git a/Solutions/Onapsis Integration/Package/3.0.0.zip b/Solutions/Onapsis Integration/Package/3.0.0.zip deleted file mode 100644 index dc477de5eb1..00000000000 Binary files a/Solutions/Onapsis Integration/Package/3.0.0.zip and /dev/null differ