Azure · v-atulyadav · Aug 14, 2025 · Aug 8, 2025 · Aug 8, 2025 · Aug 8, 2025
@@ -1,15 +1,15 @@
 {
     "id": "Onapsis",
-    "title": "Onapsis Integration",
+    "title": "Onapsis Defend Integration",
     "publisher": "Onapsis Platform",
     "logo": "Onapsis.svg",
-    "descriptionMarkdown": "Onapsis Integration is aimed at forwarding alerts and logs collected and detected by Onapsis Platform into Microsoft Sentinel SIEM",
-    "graphQueriesTableName": "Onapsis_CL",
+    "descriptionMarkdown": "Onapsis Defend Integration is aimed at forwarding alerts and logs collected and detected by Onapsis Platform into Microsoft Sentinel SIEM",
+    "graphQueriesTableName": "Onapsis_Defend_CL",
     "graphQueries": [
         {
             "metricName": "Total events received",
             "legend": "Onapsis_SID",
-            "baseQuery": "{{graphQueriesTableName}} | project TimeGenerated, Onapsis_SID= SystemUniqueId"
+            "baseQuery": "{{graphQueriesTableName}} | project TimeGenerated, Onapsis_SID= sid"
         }
     ],
     "sampleQueries": [
@@ -80,15 +80,15 @@
                 {
                     "parameters": {
                         "label": "Deploy push connector resources",
-                        "applicationDisplayName": "Onapsis Integration push to Microsoft Sentinel"
+                        "applicationDisplayName": "Onapsis Defend Integration push to Microsoft Sentinel"
                     },
                     "type": "DeployPushConnectorButton_test"
                 }
             ]
         },
         {
-            "title": "2. Maintain the data collection endpoint details and authentication info in Onapsis Integration",
-            "description": "Share the data collection endpoint URL and authentication info with the Onapsis Integration administrator to configure the Onapsis Integration to send data to the data collection endpoint.\n\nLearn more from [this blog series](https://community.Onapsis.com/t5/enterprise-resource-planning-blog-posts-by-members/ultimate-blog-series-Onapsis-logserv-integration-with-microsoft-sentinel/ba-p/14126401).",
+            "title": "2. Maintain the data collection endpoint details and authentication info in Onapsis Defend Integration",
+            "description": "Share the data collection endpoint URL and authentication info with the Onapsis Defend Integration administrator to configure the Onapsis Defend Integration to send data to the data collection endpoint.",
             "instructions": [
                 {
                     "parameters": {
@@ -148,7 +148,7 @@
         "kind": "dataConnector",
         "source": {
             "kind": "solution",
-            "name": "Onapsis Integration for Microsoft Sentinel"
+            "name": "Onapsis Defend Integration for Microsoft Sentinel"
         },
         "author": {
             "name": "Onapsis Platform",

@@ -1,12 +1,12 @@
 {
-    "name": "Onapsis_CL",
+    "name": "Onapsis_Defend_CL",
     "apiVersion": "2025-02-01",
     "type": "Microsoft.OperationalInsights/workspaces/tables",
     "location": "{{location}}",
     "tags": {},
     "properties": {
         "schema": {
-            "name": "Onapsis_CL",
+            "name": "Onapsis_Defend_CL",
             "columns": [
                 {
                     "name": "incident_type",

@@ -6,7 +6,7 @@
     "properties": {
         "dataCollectionEndpointId": "{{dataCollectionEndpointId}}",
         "streamDeclarations": {
-            "Custom-Onapsis_CL": {
+            "Custom-Onapsis_Defend_CL": {
                 "columns": [
                     {
                         "name": "incident_type",
@@ -286,12 +286,12 @@
         "dataFlows": [
             {
                 "streams": [
-                    "Custom-Onapsis_CL"
+                    "Custom-Onapsis_Defend_CL"
                 ],
                 "destinations": [
                     "clv2ws1"
                 ],
-                "outputStream": "Custom-Onapsis_CL"
+                "outputStream": "Custom-Onapsis_Defend_CL"
             },
             {
                 "streams": [

@@ -10,7 +10,7 @@
             "dataCollectionRuleId": "{{dataCollectionRuleId}}",
             "dataCollectionEndpoint": "{{dataCollectionEndpoint}}",
             "dataCollectionRuleImmutableId": "{{dataCollectionRuleImmutableId}}",
-            "streamName": "Custom-Onapsis_CL"
+            "streamName": "Custom-Onapsis_Defend_CL"
         },
         "auth": {
             "type": "Push",

@@ -7,16 +7,16 @@
     "properties": {
         "connectorUiConfig": {
             "id": "Onapsis",
-            "title": "Onapsis Integration",
+            "title": "Onapsis Defend: Integrate Unmatched SAP Threat Detection & Intel with Microsoft Sentinel",
             "publisher": "Onapsis SE",
             "logo": "OnapsisLogo.svg",
-            "descriptionMarkdown": "Onapsis Integration is created to consolidate alerts, logging, and information gathered by Onapsis into Microsoft Sentinel. This solution enables security teams to ingest, monitor, and analyze Onapsis data within Sentinel, supporting faster detection, investigation, and response to risks in your environment.",
-            "graphQueriesTableName": "Onapsis_CL",
+            "descriptionMarkdown": "Empower security teams with deep visibility into unique exploit, zero-day, and threat actor activity; suspicious user or insider behavior; sensitive data downloads; security control violations; and more - all enriched by the SAP experts at Onapsis.",
+            "graphQueriesTableName": "Onapsis_Defend_CL",
             "graphQueries": [
                 {
                     "metricName": "Total events received",
                     "legend": "Onapsis_SID",
-                    "baseQuery": "{{graphQueriesTableName}} | project TimeGenerated, Onapsis_SID= SystemUniqueId"
+                    "baseQuery": "{{graphQueriesTableName}} | project TimeGenerated, Onapsis_SID= sid"
                 }
             ],
             "sampleQueries": [
@@ -87,15 +87,15 @@
                         {
                             "parameters": {
                                 "label": "Deploy push connector resources",
-                                "applicationDisplayName": "Onapsis Integration push to Microsoft Sentinel"
+                                "applicationDisplayName": "Onapsis Defend Integration push to Microsoft Sentinel"
                             },
                             "type": "DeployPushConnectorButton_test"
                         }
                     ]
                 },
                 {
-                    "title": "2. Maintain the data collection endpoint details and authentication info in Onapsis Integration",
-                    "description": "Share the data collection endpoint URL and authentication info with the Onapsis Integration administrator to configure the Onapsis Integration to send data to the data collection endpoint.\n\nLearn more from [this blog series](https://community.Onapsis.com/t5/enterprise-resource-planning-blog-posts-by-members/ultimate-blog-series-Onapsis-logserv-integration-with-microsoft-sentinel/ba-p/14126401).",
+                    "title": "2. Maintain the data collection endpoint details and authentication info in Onapsis Defend Integration",
+                    "description": "Share the data collection endpoint URL and authentication info with the Onapsis Defend Integration administrator to configure the Onapsis Defend Integration to send data to the data collection endpoint.\n\nLearn more from [this blog series](https://community.Onapsis.com/t5/enterprise-resource-planning-blog-posts-by-members/ultimate-blog-series-Onapsis-logserv-integration-with-microsoft-sentinel/ba-p/14126401).",
                     "instructions": [
                         {
                             "parameters": {

@@ -1,12 +1,12 @@
 {
-    "Name": "Onapsis Integration",
+    "Name": "Onapsis Defend",
     "Author": "Onapsis",
     "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/onapsis_logo.svg\" width=\"75px\" height=\"75px\">",
-    "Description": "Onapsis Integration provides the Onapsis RISE logs to Microsoft Sentinel, allowing SOC teams to ingest, monitor, and hunt across Onapsis data. This integration enhances security by enabling faster detection, investigation, and mitigation of risks within Onapsis RISE environments.",
+    "Description": "Empower security teams with deep visibility into unique exploit, zero-day, and threat actor activity; suspicious user or insider behavior; sensitive data downloads; security control violations; and more - all enriched by the SAP experts at Onapsis.",
     "Data Connectors": [
         "Data Connectors/Onapsis_PUSH_CCP/Onapsis_connectorDefinition.json"
     ],
-    "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\Onapsis Integration",
+    "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\Onapsis Defend",
     "Version": "3.0.0",
     "Metadata": "SolutionMetadata.json",
     "TemplateSpec": true,

@@ -6,7 +6,7 @@
     "config": {
       "isWizard": false,
       "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/onapsis_logo.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Onapsis%20Integration/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nOnapsis Integration provides the Onapsis RISE logs to Microsoft Sentinel, allowing SOC teams to ingest, monitor, and hunt across Onapsis data. This integration enhances security by enabling faster detection, investigation, and mitigation of risks within Onapsis RISE environments.\n\n**Data Connectors:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/onapsis_logo.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Onapsis%20Defend/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nEmpower security teams with deep visibility into unique exploit, zero-day, and threat actor activity; suspicious user or insider behavior; sensitive data downloads; security control violations; and more - all enriched by the SAP experts at Onapsis.\n\n**Data Connectors:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
         "subscription": {
           "resourceProviders": [
             "Microsoft.OperationsManagement/solutions",
@@ -60,7 +60,7 @@
             "name": "dataconnectors1-text",
             "type": "Microsoft.Common.TextBlock",
             "options": {
-              "text": "This Solution installs the data connector for Onapsis Integration. You can get Onapsis Integration data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
+              "text": "This Solution installs the data connector for Onapsis Defend. You can get Onapsis Defend data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
             }
           },
           {