Update Sophos Endpoint Protection to version 3.0.6

Solutions/Sophos Endpoint Protection/Package/createUiDefinition.json

@@ -67,7 +67,7 @@
             "name": "dataconnectors2-text",
             "type": "Microsoft.Common.TextBlock",
             "options": {
-              "text": "This Solution installs the data connector for Sophos Endpoint Protection. You can get Sophos Endpoint Protection data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
+              "text": "This Solution installs the data connector for Sophos Endpoint Protection (using REST API). You can get Sophos Endpoint Protection (using REST API) data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
             }
           },
           {

Solutions/Sophos Endpoint Protection/Package/mainTemplate.json

@@ -47,7 +47,7 @@
     "email": "[email protected]",
     "_email": "[variables('email')]",
     "_solutionName": "Sophos Endpoint Protection",
-    "_solutionVersion": "3.0.5",
+    "_solutionVersion": "3.0.6",
     "solutionId": "azuresentinel.azure-sentinel-solution-sophosep",
     "_solutionId": "[variables('solutionId')]",
     "parserObject1": {
@@ -86,7 +86,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "SophosEPEvent Data Parser with template version 3.0.5",
+        "description": "SophosEPEvent Data Parser with template version 3.0.6",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('parserObject1').parserVersion1]",
@@ -218,7 +218,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "Sophos Endpoint Protection data connector with template version 3.0.5",
+        "description": "Sophos Endpoint Protection data connector with template version 3.0.6",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('dataConnectorVersion1')]",
@@ -984,6 +984,7 @@
               "apiVersion": "2022-10-01",
               "type": "Microsoft.OperationalInsights/workspaces/tables",
               "location": "[parameters('workspace-location')]",
+              "kind": null,
               "properties": {
                 "schema": {
                   "name": "SophosEPAlerts_CL",
@@ -1067,6 +1068,7 @@
               "apiVersion": "2022-10-01",
               "type": "Microsoft.OperationalInsights/workspaces/tables",
               "location": "[parameters('workspace-location')]",
+              "kind": null,
               "properties": {
                 "schema": {
                   "name": "SophosEPEvents_CL",
@@ -1379,29 +1381,22 @@
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('dataConnectorCCPVersion')]",
           "parameters": {
-            "ClientId": {
-              "defaultValue": "-NA-",
-              "type": "securestring",
-              "minLength": 1
-            },
-            "ClientSecret": {
-              "defaultValue": "-NA-",
-              "type": "securestring",
-              "minLength": 1
+            "guidValue": {
+              "defaultValue": "[[newGuid()]",
+              "type": "securestring"
             },
-            "sophosRegion": {
-              "defaultValue": "Enter sophosRegion value",
-              "type": "string",
-              "minLength": 1
+            "innerWorkspace": {
+              "defaultValue": "[parameters('workspace')]",
+              "type": "securestring"
             },
             "connectorDefinitionName": {
               "defaultValue": "Sophos Endpoint Protection (using REST API)",
-              "type": "string",
+              "type": "securestring",
               "minLength": 1
             },
             "workspace": {
               "defaultValue": "[parameters('workspace')]",
-              "type": "string"
+              "type": "securestring"
             },
             "dcrConfig": {
               "defaultValue": {
@@ -1412,7 +1407,22 @@
             },
             "sophosTenantId": {
               "defaultValue": "sophosTenantId",
-              "type": "string",
+              "type": "securestring",
+              "minLength": 1
+            },
+            "sophosRegion": {
+              "defaultValue": "sophosRegion",
+              "type": "securestring",
+              "minLength": 1
+            },
+            "ClientId": {
+              "defaultValue": "-NA-",
+              "type": "securestring",
+              "minLength": 1
+            },
+            "ClientSecret": {
+              "defaultValue": "-NA-",
+              "type": "securestring",
               "minLength": 1
             },
             "AuthorizationCode": {
@@ -1452,7 +1462,7 @@
               }
             },
             {
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/', 'SophosEndpointProtectionCCPAlertsPolling')]",
+              "name": "[[concat(parameters('innerWorkspace'),'/Microsoft.SecurityInsights/', 'SophosEndpointProtectionCCPAlertsPolling', parameters('guidValue'))]",
               "apiVersion": "2023-02-01-preview",
               "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
               "location": "[parameters('workspace-location')]",
@@ -1467,8 +1477,8 @@
                 },
                 "auth": {
                   "type": "OAuth2",
-                  "ClientSecret": "[[parameters('ClientSecret')]",
-                  "ClientId": "[[parameters('ClientId')]",
+                  "ClientSecret": "[[parameters('clientSecret')]",
+                  "ClientId": "[[parameters('clientId')]",
                   "TokenEndpoint": "https://id.sophos.com/api/v2/oauth2/token",
                   "tokenEndpointHeaders": {
                     "Accept": "application/json",
@@ -1479,7 +1489,7 @@
                   "grantType": "client_credentials"
                 },
                 "request": {
-                  "apiEndpoint": "[[concat('https://api-', parameters('sophosRegion'), '.central.sophos.com/siem/v1/alerts')]",
+                  "apiEndpoint": "[[concat('https://api-',parameters('sophosRegion'),'.central.sophos.com/siem/v1/alerts')]",
                   "rateLimitQPS": 10,
                   "queryWindowInMin": 5,
                   "httpMethod": "GET",
@@ -1506,7 +1516,7 @@
               }
             },
             {
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/', 'SophosEndpointProtectionCCPEventsPolling')]",
+              "name": "[[concat(parameters('innerWorkspace'),'/Microsoft.SecurityInsights/', 'SophosEndpointProtectionCCPEventsPolling', parameters('guidValue'))]",
               "apiVersion": "2023-02-01-preview",
               "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
               "location": "[parameters('workspace-location')]",
@@ -1521,8 +1531,8 @@
                 },
                 "auth": {
                   "type": "OAuth2",
-                  "ClientSecret": "[[parameters('ClientSecret')]",
-                  "ClientId": "[[parameters('ClientId')]",
+                  "ClientSecret": "[[parameters('clientSecret')]",
+                  "ClientId": "[[parameters('clientId')]",
                   "TokenEndpoint": "https://id.sophos.com/api/v2/oauth2/token",
                   "tokenEndpointHeaders": {
                     "Accept": "application/json",
@@ -1533,7 +1543,7 @@
                   "grantType": "client_credentials"
                 },
                 "request": {
-                  "apiEndpoint": "[[concat('https://api-', parameters('sophosRegion'), '.central.sophos.com/siem/v1/events')]",
+                  "apiEndpoint": "[[concat('https://api-',parameters('sophosRegion'),'.central.sophos.com/siem/v1/events')]",
                   "rateLimitQPS": 10,
                   "queryWindowInMin": 5,
                   "httpMethod": "GET",
@@ -1575,7 +1585,7 @@
       "apiVersion": "2023-04-01-preview",
       "location": "[parameters('workspace-location')]",
       "properties": {
-        "version": "3.0.5",
+        "version": "3.0.6",
         "kind": "Solution",
         "contentSchemaVersion": "3.0.0",
         "displayName": "Sophos Endpoint Protection",

Solutions/Sophos Endpoint Protection/ReleaseNotes.md

@@ -1,5 +1,6 @@
 | **Version** | **Date Modified (DD-MM-YYYY)** | **Change History**                                                 |
 |-------------|--------------------------------|--------------------------------------------------------------------|
+| 3.0.6       | 23-10-2025                     | Updated the solution to be compatible with tool changes for the connection name.            |
 | 3.0.5       | 21-08-2024                     | **Data Connector** [Sophos Endpoint Protection (using REST API)] Globally Available|
 | 3.0.4       | 01-07-2024                     | Update files for CCP Connector to fix the connectivity|
 | 3.0.3       | 25-04-2024                     | Repackaged for parser issue with old names       |