diff --git a/Solutions/Sophos Endpoint Protection/Package/3.0.6.zip b/Solutions/Sophos Endpoint Protection/Package/3.0.6.zip new file mode 100644 index 00000000000..2986b1ab3d0 Binary files /dev/null and b/Solutions/Sophos Endpoint Protection/Package/3.0.6.zip differ diff --git a/Solutions/Sophos Endpoint Protection/Package/createUiDefinition.json b/Solutions/Sophos Endpoint Protection/Package/createUiDefinition.json index e00d805481d..07ef3359b4e 100644 --- a/Solutions/Sophos Endpoint Protection/Package/createUiDefinition.json +++ b/Solutions/Sophos Endpoint Protection/Package/createUiDefinition.json @@ -67,7 +67,7 @@ "name": "dataconnectors2-text", "type": "Microsoft.Common.TextBlock", "options": { - "text": "This Solution installs the data connector for Sophos Endpoint Protection. You can get Sophos Endpoint Protection data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view." + "text": "This Solution installs the data connector for Sophos Endpoint Protection (using REST API). You can get Sophos Endpoint Protection (using REST API) data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view." } }, { diff --git a/Solutions/Sophos Endpoint Protection/Package/mainTemplate.json b/Solutions/Sophos Endpoint Protection/Package/mainTemplate.json index 03a7709cdf1..1783afaf3cf 100644 --- a/Solutions/Sophos Endpoint Protection/Package/mainTemplate.json +++ b/Solutions/Sophos Endpoint Protection/Package/mainTemplate.json @@ -47,7 +47,7 @@ "email": "support@microsoft.com", "_email": "[variables('email')]", "_solutionName": "Sophos Endpoint Protection", - "_solutionVersion": "3.0.5", + "_solutionVersion": "3.0.6", "solutionId": "azuresentinel.azure-sentinel-solution-sophosep", "_solutionId": "[variables('solutionId')]", "parserObject1": { @@ -86,7 +86,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "SophosEPEvent Data Parser with template version 3.0.5", + "description": "SophosEPEvent Data Parser with template version 3.0.6", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('parserObject1').parserVersion1]", @@ -218,7 +218,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "Sophos Endpoint Protection data connector with template version 3.0.5", + "description": "Sophos Endpoint Protection data connector with template version 3.0.6", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('dataConnectorVersion1')]", @@ -984,6 +984,7 @@ "apiVersion": "2022-10-01", "type": "Microsoft.OperationalInsights/workspaces/tables", "location": "[parameters('workspace-location')]", + "kind": null, "properties": { "schema": { "name": "SophosEPAlerts_CL", @@ -1067,6 +1068,7 @@ "apiVersion": "2022-10-01", "type": "Microsoft.OperationalInsights/workspaces/tables", "location": "[parameters('workspace-location')]", + "kind": null, "properties": { "schema": { "name": "SophosEPEvents_CL", @@ -1379,29 +1381,22 @@ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('dataConnectorCCPVersion')]", "parameters": { - "ClientId": { - "defaultValue": "-NA-", - "type": "securestring", - "minLength": 1 - }, - "ClientSecret": { - "defaultValue": "-NA-", - "type": "securestring", - "minLength": 1 + "guidValue": { + "defaultValue": "[[newGuid()]", + "type": "securestring" }, - "sophosRegion": { - "defaultValue": "Enter sophosRegion value", - "type": "string", - "minLength": 1 + "innerWorkspace": { + "defaultValue": "[parameters('workspace')]", + "type": "securestring" }, "connectorDefinitionName": { "defaultValue": "Sophos Endpoint Protection (using REST API)", - "type": "string", + "type": "securestring", "minLength": 1 }, "workspace": { "defaultValue": "[parameters('workspace')]", - "type": "string" + "type": "securestring" }, "dcrConfig": { "defaultValue": { @@ -1412,7 +1407,22 @@ }, "sophosTenantId": { "defaultValue": "sophosTenantId", - "type": "string", + "type": "securestring", + "minLength": 1 + }, + "sophosRegion": { + "defaultValue": "sophosRegion", + "type": "securestring", + "minLength": 1 + }, + "ClientId": { + "defaultValue": "-NA-", + "type": "securestring", + "minLength": 1 + }, + "ClientSecret": { + "defaultValue": "-NA-", + "type": "securestring", "minLength": 1 }, "AuthorizationCode": { @@ -1452,7 +1462,7 @@ } }, { - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/', 'SophosEndpointProtectionCCPAlertsPolling')]", + "name": "[[concat(parameters('innerWorkspace'),'/Microsoft.SecurityInsights/', 'SophosEndpointProtectionCCPAlertsPolling', parameters('guidValue'))]", "apiVersion": "2023-02-01-preview", "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors", "location": "[parameters('workspace-location')]", @@ -1467,8 +1477,8 @@ }, "auth": { "type": "OAuth2", - "ClientSecret": "[[parameters('ClientSecret')]", - "ClientId": "[[parameters('ClientId')]", + "ClientSecret": "[[parameters('clientSecret')]", + "ClientId": "[[parameters('clientId')]", "TokenEndpoint": "https://id.sophos.com/api/v2/oauth2/token", "tokenEndpointHeaders": { "Accept": "application/json", @@ -1479,7 +1489,7 @@ "grantType": "client_credentials" }, "request": { - "apiEndpoint": "[[concat('https://api-', parameters('sophosRegion'), '.central.sophos.com/siem/v1/alerts')]", + "apiEndpoint": "[[concat('https://api-',parameters('sophosRegion'),'.central.sophos.com/siem/v1/alerts')]", "rateLimitQPS": 10, "queryWindowInMin": 5, "httpMethod": "GET", @@ -1506,7 +1516,7 @@ } }, { - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/', 'SophosEndpointProtectionCCPEventsPolling')]", + "name": "[[concat(parameters('innerWorkspace'),'/Microsoft.SecurityInsights/', 'SophosEndpointProtectionCCPEventsPolling', parameters('guidValue'))]", "apiVersion": "2023-02-01-preview", "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors", "location": "[parameters('workspace-location')]", @@ -1521,8 +1531,8 @@ }, "auth": { "type": "OAuth2", - "ClientSecret": "[[parameters('ClientSecret')]", - "ClientId": "[[parameters('ClientId')]", + "ClientSecret": "[[parameters('clientSecret')]", + "ClientId": "[[parameters('clientId')]", "TokenEndpoint": "https://id.sophos.com/api/v2/oauth2/token", "tokenEndpointHeaders": { "Accept": "application/json", @@ -1533,7 +1543,7 @@ "grantType": "client_credentials" }, "request": { - "apiEndpoint": "[[concat('https://api-', parameters('sophosRegion'), '.central.sophos.com/siem/v1/events')]", + "apiEndpoint": "[[concat('https://api-',parameters('sophosRegion'),'.central.sophos.com/siem/v1/events')]", "rateLimitQPS": 10, "queryWindowInMin": 5, "httpMethod": "GET", @@ -1575,7 +1585,7 @@ "apiVersion": "2023-04-01-preview", "location": "[parameters('workspace-location')]", "properties": { - "version": "3.0.5", + "version": "3.0.6", "kind": "Solution", "contentSchemaVersion": "3.0.0", "displayName": "Sophos Endpoint Protection", diff --git a/Solutions/Sophos Endpoint Protection/ReleaseNotes.md b/Solutions/Sophos Endpoint Protection/ReleaseNotes.md index fb2da44ab1e..8648143f8cb 100644 --- a/Solutions/Sophos Endpoint Protection/ReleaseNotes.md +++ b/Solutions/Sophos Endpoint Protection/ReleaseNotes.md @@ -1,5 +1,6 @@ | **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** | |-------------|--------------------------------|--------------------------------------------------------------------| +| 3.0.6 | 23-10-2025 | Updated the solution to be compatible with tool changes for the connection name. | | 3.0.5 | 21-08-2024 | **Data Connector** [Sophos Endpoint Protection (using REST API)] Globally Available| | 3.0.4 | 01-07-2024 | Update files for CCP Connector to fix the connectivity| | 3.0.3 | 25-04-2024 | Repackaged for parser issue with old names |