diff --git a/Solutions/CrowdStrike Falcon Endpoint Protection/Data Connectors/CrowdStrikeAPI_ccp/CrowdStrikeAPI_Definition.json b/Solutions/CrowdStrike Falcon Endpoint Protection/Data Connectors/CrowdStrikeAPI_ccp/CrowdStrikeAPI_Definition.json index fdef1404311..9e850dc71f9 100644 --- a/Solutions/CrowdStrike Falcon Endpoint Protection/Data Connectors/CrowdStrikeAPI_ccp/CrowdStrikeAPI_Definition.json +++ b/Solutions/CrowdStrike Falcon Endpoint Protection/Data Connectors/CrowdStrikeAPI_ccp/CrowdStrikeAPI_Definition.json @@ -130,7 +130,10 @@ "label": "Base API URL", "placeholder": "https://api.us-2.crowdstrike.com", "type": "text", - "name": "apiUrl" + "name": "apiUrl", + "validations": { + "required": true + } } }, { @@ -139,7 +142,10 @@ "label": "Client ID", "placeholder": "Your Client ID", "type": "text", - "name": "clientId" + "name": "clientId", + "validations": { + "required": true + } } }, { @@ -148,7 +154,10 @@ "label": "Client Secret", "placeholder": "Your Client Secret", "type": "password", - "name": "clientSecret" + "name": "clientSecret", + "validations": { + "required": true + } } }, { diff --git a/Solutions/CrowdStrike Falcon Endpoint Protection/Data Connectors/CrowdStrikeAPI_ccp/CrowdStrikeAPI_PollingConfig.json b/Solutions/CrowdStrike Falcon Endpoint Protection/Data Connectors/CrowdStrikeAPI_ccp/CrowdStrikeAPI_PollingConfig.json index 00cb671d3e3..06a175ea4a2 100644 --- a/Solutions/CrowdStrike Falcon Endpoint Protection/Data Connectors/CrowdStrikeAPI_ccp/CrowdStrikeAPI_PollingConfig.json +++ b/Solutions/CrowdStrike Falcon Endpoint Protection/Data Connectors/CrowdStrikeAPI_ccp/CrowdStrikeAPI_PollingConfig.json @@ -21,6 +21,31 @@ "apiEndpoint": "[[concat(parameters('apiUrl'),'/spotlight/combined/vulnerabilities/v1')]", "httpMethod": "GET", "rateLimitQPS": 1, + "rateLimitConfig": { + "evaluation": { + "checkMode": "OnlyWhen429" + }, + "extraction": { + "source": "CustomHeaders", + "headers": { + "limit": { + "name": "X-RateLimit-Limit", + "format": "Integer" + }, + "remaining": { + "name": "X-RateLimit-Remaining", + "format": "Integer" + }, + "reset": { + "name": "X-RateLimit-RetryAfter", + "format": "UnixTimeSeconds" + } + } + }, + "retryStrategy": { + "useResetOrRetryAfterHeaders": true + } + }, "queryWindowInMin": 15, "queryTimeFormat": "yyyy-MM-ddTHH:mm:ssZ", "retryCount": 5, @@ -45,7 +70,7 @@ "pagingType": "NextPageToken", "nextPageTokenJsonPath": "$.meta.pagination.after", "NextPageParaName": "after", - "pageSize": 50, + "pageSize": 500, "pageSizeParameterName": "limit" }, "connectorDefinitionName": "CrowdStrikeAPICCPDefinition", @@ -79,6 +104,31 @@ "apiEndpoint": "[[concat(parameters('apiUrl'),'/alerts/combined/alerts/v1')]", "httpMethod": "POST", "rateLimitQPS": 1, + "rateLimitConfig": { + "evaluation": { + "checkMode": "OnlyWhen429" + }, + "extraction": { + "source": "CustomHeaders", + "headers": { + "limit": { + "name": "X-RateLimit-Limit", + "format": "Integer" + }, + "remaining": { + "name": "X-RateLimit-Remaining", + "format": "Integer" + }, + "reset": { + "name": "X-RateLimit-RetryAfter", + "format": "UnixTimeSeconds" + } + } + }, + "retryStrategy": { + "useResetOrRetryAfterHeaders": true + } + }, "queryWindowInMin": 15, "queryTimeFormat": "yyyy-MM-ddTHH:mm:ssZ", "retryCount": 5, @@ -101,7 +151,7 @@ "pagingType": "PersistentToken", "nextPageTokenJsonPath": "$.meta.pagination.after", "nextPageParaName": "after", - "pageSize": 50 + "pageSize": 500 }, "connectorDefinitionName": "CrowdStrikeAPICCPDefinition", "dataType": "CrowdStrikeAlerts", @@ -134,6 +184,31 @@ "apiEndpoint": "[[concat(parameters('apiUrl'),'/incidents/queries/incidents/v1')]", "httpMethod": "GET", "rateLimitQPS": 1, + "rateLimitConfig": { + "evaluation": { + "checkMode": "OnlyWhen429" + }, + "extraction": { + "source": "CustomHeaders", + "headers": { + "limit": { + "name": "X-RateLimit-Limit", + "format": "Integer" + }, + "remaining": { + "name": "X-RateLimit-Remaining", + "format": "Integer" + }, + "reset": { + "name": "X-RateLimit-RetryAfter", + "format": "UnixTimeSeconds" + } + } + }, + "retryStrategy": { + "useResetOrRetryAfterHeaders": true + } + }, "queryWindowInMin": 15, "queryTimeFormat": "yyyy-MM-ddTHH:mm:ssZ", "retryCount": 5, @@ -157,7 +232,7 @@ "paging": { "pagingType": "Offset", "offsetParaName": "offset", - "pageSize": 50, + "pageSize": 500, "pageSizeParameterName": "limit" }, "stepInfo": { @@ -227,6 +302,31 @@ "apiEndpoint": "[[concat(parameters('apiUrl'),'/alerts/combined/alerts/v1')]", "httpMethod": "POST", "rateLimitQPS": 1, + "rateLimitConfig": { + "evaluation": { + "checkMode": "OnlyWhen429" + }, + "extraction": { + "source": "CustomHeaders", + "headers": { + "limit": { + "name": "X-RateLimit-Limit", + "format": "Integer" + }, + "remaining": { + "name": "X-RateLimit-Remaining", + "format": "Integer" + }, + "reset": { + "name": "X-RateLimit-RetryAfter", + "format": "UnixTimeSeconds" + } + } + }, + "retryStrategy": { + "useResetOrRetryAfterHeaders": true + } + }, "queryWindowInMin": 15, "queryTimeFormat": "yyyy-MM-ddTHH:mm:ssZ", "retryCount": 5, @@ -249,7 +349,7 @@ "pagingType": "PersistentToken", "nextPageTokenJsonPath": "$.meta.pagination.after", "nextPageParaName": "after", - "pageSize": 50 + "pageSize": 500 }, "connectorDefinitionName": "CrowdStrikeAPICCPDefinition", "dataType": "CrowdStrikeDetections", @@ -282,6 +382,31 @@ "apiEndpoint": "[[concat(parameters('apiUrl'),'/devices/combined/devices/v1')]", "httpMethod": "GET", "rateLimitQPS": 1, + "rateLimitConfig": { + "evaluation": { + "checkMode": "OnlyWhen429" + }, + "extraction": { + "source": "CustomHeaders", + "headers": { + "limit": { + "name": "X-RateLimit-Limit", + "format": "Integer" + }, + "remaining": { + "name": "X-RateLimit-Remaining", + "format": "Integer" + }, + "reset": { + "name": "X-RateLimit-RetryAfter", + "format": "UnixTimeSeconds" + } + } + }, + "retryStrategy": { + "useResetOrRetryAfterHeaders": true + } + }, "queryWindowInMin": 15, "queryTimeFormat": "yyyy-MM-ddTHH:mm:ssZ", "retryCount": 5, @@ -306,7 +431,7 @@ "pagingType": "NextPageToken", "nextPageTokenJsonPath": "$.meta.pagination.next", "NextPageParaName": "offset", - "pageSize": 50, + "pageSize": 500, "pageSizeParameterName": "limit" }, "connectorDefinitionName": "CrowdStrikeAPICCPDefinition", diff --git a/Solutions/CrowdStrike Falcon Endpoint Protection/Data/Solution_CrowdStrike.json b/Solutions/CrowdStrike Falcon Endpoint Protection/Data/Solution_CrowdStrike.json index f3c734d5122..d94f9b14ca8 100644 --- a/Solutions/CrowdStrike Falcon Endpoint Protection/Data/Solution_CrowdStrike.json +++ b/Solutions/CrowdStrike Falcon Endpoint Protection/Data/Solution_CrowdStrike.json @@ -30,7 +30,7 @@ "azuresentinel.azure-sentinel-solution-commoneventformat" ], "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\CrowdStrike Falcon Endpoint Protection", - "Version": "3.1.7", + "Version": "3.1.8", "Metadata": "SolutionMetadata.json", "TemplateSpec": true, "Is1Pconnector": false diff --git a/Solutions/CrowdStrike Falcon Endpoint Protection/Package/3.1.8.zip b/Solutions/CrowdStrike Falcon Endpoint Protection/Package/3.1.8.zip new file mode 100644 index 00000000000..261f0c74177 Binary files /dev/null and b/Solutions/CrowdStrike Falcon Endpoint Protection/Package/3.1.8.zip differ diff --git a/Solutions/CrowdStrike Falcon Endpoint Protection/Package/mainTemplate.json b/Solutions/CrowdStrike Falcon Endpoint Protection/Package/mainTemplate.json index 58e6acab4e3..c7c431bb857 100644 --- a/Solutions/CrowdStrike Falcon Endpoint Protection/Package/mainTemplate.json +++ b/Solutions/CrowdStrike Falcon Endpoint Protection/Package/mainTemplate.json @@ -55,7 +55,7 @@ "email": "support@microsoft.com", "_email": "[variables('email')]", "_solutionName": "CrowdStrike Falcon Endpoint Protection", - "_solutionVersion": "3.1.7", + "_solutionVersion": "3.1.8", "solutionId": "azuresentinel.azure-sentinel-solution-crowdstrikefalconep", "_solutionId": "[variables('solutionId')]", "uiConfigId1": "CrowdstrikeReplicatorv2", @@ -168,7 +168,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "CrowdStrike Falcon Endpoint Protection data connector with template version 3.1.7", + "description": "CrowdStrike Falcon Endpoint Protection data connector with template version 3.1.8", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('dataConnectorVersion1')]", @@ -552,7 +552,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "CrowdStrike Falcon Endpoint Protection data connector with template version 3.1.7", + "description": "CrowdStrike Falcon Endpoint Protection data connector with template version 3.1.8", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('dataConnectorVersion2')]", @@ -8707,7 +8707,10 @@ "label": "Base API URL", "placeholder": "https://api.us-2.crowdstrike.com", "type": "text", - "name": "apiUrl" + "name": "apiUrl", + "validations": { + "required": true + } } }, { @@ -8716,7 +8719,10 @@ "label": "Client ID", "placeholder": "Your Client ID", "type": "text", - "name": "clientId" + "name": "clientId", + "validations": { + "required": true + } } }, { @@ -8725,7 +8731,10 @@ "label": "Client Secret", "placeholder": "Your Client Secret", "type": "password", - "name": "clientSecret" + "name": "clientSecret", + "validations": { + "required": true + } } }, { @@ -8981,7 +8990,10 @@ "label": "Base API URL", "placeholder": "https://api.us-2.crowdstrike.com", "type": "text", - "name": "apiUrl" + "name": "apiUrl", + "validations": { + "required": true + } } }, { @@ -8990,7 +9002,10 @@ "label": "Client ID", "placeholder": "Your Client ID", "type": "text", - "name": "clientId" + "name": "clientId", + "validations": { + "required": true + } } }, { @@ -8999,7 +9014,10 @@ "label": "Client Secret", "placeholder": "Your Client Secret", "type": "password", - "name": "clientSecret" + "name": "clientSecret", + "validations": { + "required": true + } } }, { @@ -9160,6 +9178,31 @@ "apiEndpoint": "[[concat(parameters('apiUrl'),'/spotlight/combined/vulnerabilities/v1')]", "httpMethod": "GET", "rateLimitQPS": 1, + "rateLimitConfig": { + "evaluation": { + "checkMode": "OnlyWhen429" + }, + "extraction": { + "source": "CustomHeaders", + "headers": { + "limit": { + "name": "X-RateLimit-Limit", + "format": "Integer" + }, + "remaining": { + "name": "X-RateLimit-Remaining", + "format": "Integer" + }, + "reset": { + "name": "X-RateLimit-RetryAfter", + "format": "UnixTimeSeconds" + } + } + }, + "retryStrategy": { + "useResetOrRetryAfterHeaders": true + } + }, "queryWindowInMin": 15, "queryTimeFormat": "yyyy-MM-ddTHH:mm:ssZ", "retryCount": 5, @@ -9184,7 +9227,7 @@ "pagingType": "NextPageToken", "nextPageTokenJsonPath": "$.meta.pagination.after", "NextPageParaName": "after", - "pageSize": 50, + "pageSize": 500, "pageSizeParameterName": "limit" }, "connectorDefinitionName": "CrowdStrikeAPICCPDefinition", @@ -9218,6 +9261,31 @@ "apiEndpoint": "[[concat(parameters('apiUrl'),'/alerts/combined/alerts/v1')]", "httpMethod": "POST", "rateLimitQPS": 1, + "rateLimitConfig": { + "evaluation": { + "checkMode": "OnlyWhen429" + }, + "extraction": { + "source": "CustomHeaders", + "headers": { + "limit": { + "name": "X-RateLimit-Limit", + "format": "Integer" + }, + "remaining": { + "name": "X-RateLimit-Remaining", + "format": "Integer" + }, + "reset": { + "name": "X-RateLimit-RetryAfter", + "format": "UnixTimeSeconds" + } + } + }, + "retryStrategy": { + "useResetOrRetryAfterHeaders": true + } + }, "queryWindowInMin": 15, "queryTimeFormat": "yyyy-MM-ddTHH:mm:ssZ", "retryCount": 5, @@ -9240,7 +9308,7 @@ "pagingType": "PersistentToken", "nextPageTokenJsonPath": "$.meta.pagination.after", "nextPageParaName": "after", - "pageSize": 50 + "pageSize": 500 }, "connectorDefinitionName": "CrowdStrikeAPICCPDefinition", "dataType": "CrowdStrikeAlerts", @@ -9273,6 +9341,31 @@ "apiEndpoint": "[[concat(parameters('apiUrl'),'/incidents/queries/incidents/v1')]", "httpMethod": "GET", "rateLimitQPS": 1, + "rateLimitConfig": { + "evaluation": { + "checkMode": "OnlyWhen429" + }, + "extraction": { + "source": "CustomHeaders", + "headers": { + "limit": { + "name": "X-RateLimit-Limit", + "format": "Integer" + }, + "remaining": { + "name": "X-RateLimit-Remaining", + "format": "Integer" + }, + "reset": { + "name": "X-RateLimit-RetryAfter", + "format": "UnixTimeSeconds" + } + } + }, + "retryStrategy": { + "useResetOrRetryAfterHeaders": true + } + }, "queryWindowInMin": 15, "queryTimeFormat": "yyyy-MM-ddTHH:mm:ssZ", "retryCount": 5, @@ -9296,7 +9389,7 @@ "paging": { "pagingType": "Offset", "offsetParaName": "offset", - "pageSize": 50, + "pageSize": 500, "pageSizeParameterName": "limit" }, "stepInfo": { @@ -9366,6 +9459,31 @@ "apiEndpoint": "[[concat(parameters('apiUrl'),'/alerts/combined/alerts/v1')]", "httpMethod": "POST", "rateLimitQPS": 1, + "rateLimitConfig": { + "evaluation": { + "checkMode": "OnlyWhen429" + }, + "extraction": { + "source": "CustomHeaders", + "headers": { + "limit": { + "name": "X-RateLimit-Limit", + "format": "Integer" + }, + "remaining": { + "name": "X-RateLimit-Remaining", + "format": "Integer" + }, + "reset": { + "name": "X-RateLimit-RetryAfter", + "format": "UnixTimeSeconds" + } + } + }, + "retryStrategy": { + "useResetOrRetryAfterHeaders": true + } + }, "queryWindowInMin": 15, "queryTimeFormat": "yyyy-MM-ddTHH:mm:ssZ", "retryCount": 5, @@ -9388,7 +9506,7 @@ "pagingType": "PersistentToken", "nextPageTokenJsonPath": "$.meta.pagination.after", "nextPageParaName": "after", - "pageSize": 50 + "pageSize": 500 }, "connectorDefinitionName": "CrowdStrikeAPICCPDefinition", "dataType": "CrowdStrikeDetections", @@ -9421,6 +9539,31 @@ "apiEndpoint": "[[concat(parameters('apiUrl'),'/devices/combined/devices/v1')]", "httpMethod": "GET", "rateLimitQPS": 1, + "rateLimitConfig": { + "evaluation": { + "checkMode": "OnlyWhen429" + }, + "extraction": { + "source": "CustomHeaders", + "headers": { + "limit": { + "name": "X-RateLimit-Limit", + "format": "Integer" + }, + "remaining": { + "name": "X-RateLimit-Remaining", + "format": "Integer" + }, + "reset": { + "name": "X-RateLimit-RetryAfter", + "format": "UnixTimeSeconds" + } + } + }, + "retryStrategy": { + "useResetOrRetryAfterHeaders": true + } + }, "queryWindowInMin": 15, "queryTimeFormat": "yyyy-MM-ddTHH:mm:ssZ", "retryCount": 5, @@ -9445,7 +9588,7 @@ "pagingType": "NextPageToken", "nextPageTokenJsonPath": "$.meta.pagination.next", "NextPageParaName": "offset", - "pageSize": 50, + "pageSize": 500, "pageSizeParameterName": "limit" }, "connectorDefinitionName": "CrowdStrikeAPICCPDefinition", @@ -9477,7 +9620,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "CrowdStrikeFalconEventStream Data Parser with template version 3.1.7", + "description": "CrowdStrikeFalconEventStream Data Parser with template version 3.1.8", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('parserObject1').parserVersion1]", @@ -9609,7 +9752,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "CrowdstrikeReplicator Data Parser with template version 3.1.7", + "description": "CrowdstrikeReplicator Data Parser with template version 3.1.8", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('parserObject2').parserVersion2]", @@ -9741,7 +9884,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "CrowdStrikeReplicatorV2 Data Parser with template version 3.1.7", + "description": "CrowdStrikeReplicatorV2 Data Parser with template version 3.1.8", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('parserObject3').parserVersion3]", @@ -9873,7 +10016,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "CrowdStrikeFalconEndpointProtection Workbook with template version 3.1.7", + "description": "CrowdStrikeFalconEndpointProtection Workbook with template version 3.1.8", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('workbookVersion1')]", @@ -9961,7 +10104,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "CriticalOrHighSeverityDetectionsByUser_AnalyticalRules Analytics Rule with template version 3.1.7", + "description": "CriticalOrHighSeverityDetectionsByUser_AnalyticalRules Analytics Rule with template version 3.1.8", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject1').analyticRuleVersion1]", @@ -9989,18 +10132,18 @@ "status": "Available", "requiredDataConnectors": [ { - "connectorId": "CefAma", "dataTypes": [ "CommonSecurityLog" - ] + ], + "connectorId": "CefAma" } ], "entityMappings": [ { "fieldMappings": [ { - "columnName": "AccountCustomEntity", - "identifier": "FullName" + "identifier": "FullName", + "columnName": "AccountCustomEntity" } ], "entityType": "Account" @@ -10008,8 +10151,8 @@ { "fieldMappings": [ { - "columnName": "HostCustomEntity", - "identifier": "FullName" + "identifier": "FullName", + "columnName": "HostCustomEntity" } ], "entityType": "Host" @@ -10017,8 +10160,8 @@ { "fieldMappings": [ { - "columnName": "IPCustomEntity", - "identifier": "Address" + "identifier": "Address", + "columnName": "IPCustomEntity" } ], "entityType": "IP" @@ -10026,12 +10169,12 @@ { "fieldMappings": [ { - "columnName": "FileHashAlgo", - "identifier": "Algorithm" + "identifier": "Algorithm", + "columnName": "FileHashAlgo" }, { - "columnName": "FileHashCustomEntity", - "identifier": "Value" + "identifier": "Value", + "columnName": "FileHashCustomEntity" } ], "entityType": "FileHash" @@ -10090,7 +10233,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "CriticalSeverityDetection_AnalyticalRules Analytics Rule with template version 3.1.7", + "description": "CriticalSeverityDetection_AnalyticalRules Analytics Rule with template version 3.1.8", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject2').analyticRuleVersion2]", @@ -10118,18 +10261,18 @@ "status": "Available", "requiredDataConnectors": [ { - "connectorId": "CefAma", "dataTypes": [ "CommonSecurityLog" - ] + ], + "connectorId": "CefAma" } ], "entityMappings": [ { "fieldMappings": [ { - "columnName": "AccountCustomEntity", - "identifier": "FullName" + "identifier": "FullName", + "columnName": "AccountCustomEntity" } ], "entityType": "Account" @@ -10137,8 +10280,8 @@ { "fieldMappings": [ { - "columnName": "HostCustomEntity", - "identifier": "FullName" + "identifier": "FullName", + "columnName": "HostCustomEntity" } ], "entityType": "Host" @@ -10146,8 +10289,8 @@ { "fieldMappings": [ { - "columnName": "IPCustomEntity", - "identifier": "Address" + "identifier": "Address", + "columnName": "IPCustomEntity" } ], "entityType": "IP" @@ -10155,12 +10298,12 @@ { "fieldMappings": [ { - "columnName": "FileHashAlgo", - "identifier": "Algorithm" + "identifier": "Algorithm", + "columnName": "FileHashAlgo" }, { - "columnName": "FileHashCustomEntity", - "identifier": "Value" + "identifier": "Value", + "columnName": "FileHashCustomEntity" } ], "entityType": "FileHash" @@ -10219,7 +10362,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "CrowdStrike_Base Playbook with template version 3.1.7", + "description": "CrowdStrike_Base Playbook with template version 3.1.8", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('playbookVersion1')]", @@ -10596,7 +10739,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "Crowdstrike-EndpointEnrichment Playbook with template version 3.1.7", + "description": "Crowdstrike-EndpointEnrichment Playbook with template version 3.1.8", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('playbookVersion2')]", @@ -12051,7 +12194,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "Crowdstrike-ContainHost Playbook with template version 3.1.7", + "description": "Crowdstrike-ContainHost Playbook with template version 3.1.8", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('playbookVersion3')]", @@ -13166,7 +13309,7 @@ "apiVersion": "2023-04-01-preview", "location": "[parameters('workspace-location')]", "properties": { - "version": "3.1.7", + "version": "3.1.8", "kind": "Solution", "contentSchemaVersion": "3.0.0", "displayName": "CrowdStrike Falcon Endpoint Protection", diff --git a/Solutions/CrowdStrike Falcon Endpoint Protection/ReleaseNotes.md b/Solutions/CrowdStrike Falcon Endpoint Protection/ReleaseNotes.md index 830f6288471..6cd0de4cd7e 100644 --- a/Solutions/CrowdStrike Falcon Endpoint Protection/ReleaseNotes.md +++ b/Solutions/CrowdStrike Falcon Endpoint Protection/ReleaseNotes.md @@ -1,5 +1,6 @@ | **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** | |-------------|--------------------------------|--------------------------------------------------------------------------------| +| 3.1.8 | 08-12-2025 | Updated *CrowdStrike API Data Connector* to fix rate limit exceptions by introducing retry logic. | | 3.1.7 | 12-11-2025 | Updated *CrowdStrike API Data Connector* to fix rate limit exceptions | | 3.1.6 | 23-10-2025 | Updated *CrowdStrike API Data Connector* to fix deprecated detections API issues | | 3.1.5 | 22-08-2025 | Updated *CrowdStrike API Data Connector* to fix duplicate logs issues |