diff --git a/Solutions/VersasecCMS/Data Connectors/VersasecCMS_ccp/DCE.json b/Solutions/VersasecCMS/Data Connectors/VersasecCMS_ccp/DCE.json new file mode 100644 index 00000000000..0f79fb37727 --- /dev/null +++ b/Solutions/VersasecCMS/Data Connectors/VersasecCMS_ccp/DCE.json @@ -0,0 +1,11 @@ +{ + "type": "Microsoft.Insights/dataCollectionEndpoints", + "apiVersion": "2022-06-01", + "name": "[parameters('dceName')]", + "location": "[parameters('location')]", + "properties": { + "networkAcls": { + "publicNetworkAccess": "Enabled" + } + } +} diff --git a/Solutions/VersasecCMS/Data Connectors/VersasecCMS_ccp/DCR.json b/Solutions/VersasecCMS/Data Connectors/VersasecCMS_ccp/DCR.json new file mode 100644 index 00000000000..cca9cea7250 --- /dev/null +++ b/Solutions/VersasecCMS/Data Connectors/VersasecCMS_ccp/DCR.json @@ -0,0 +1,53 @@ +{ + "type": "Microsoft.Insights/dataCollectionRules", + "apiVersion": "2022-06-01", + "name": "VersasecCms-DCR", + "location": "[parameters('location')]", + "dependsOn": [ + "[resourceId(parameters('subscription'), parameters('resourceGroupName'), 'Microsoft.Insights/dataCollectionEndpoints', parameters('dceName'))]", + "[resourceId('Microsoft.OperationalInsights/workspaces/tables', parameters('workspaceName'), 'VersasecCmsSysLogs_CL')]", + "[resourceId('Microsoft.OperationalInsights/workspaces/tables', parameters('workspaceName'), 'VersasecCmsErrorLogs_CL')]", + "[resourceId('Microsoft.OperationsManagement/solutions', concat('SecurityInsights(', parameters('workspaceName'), ')'))]" + ], + "properties": { + "dataCollectionEndpointId": "[resourceId(parameters('subscription'), parameters('resourceGroupName'), 'Microsoft.Insights/dataCollectionEndpoints', parameters('dceName'))]", + "streamDeclarations": { + "Custom-VersasecCmsSysLogs_API": { + "columns": [ + { "name": "rowData", "type": "dynamic" } + ] + }, + "Custom-VersasecCmsErrorLogs_API": { + "columns": [ + { "name": "rowData", "type": "dynamic" } + ] + } + }, + "destinations": { + "logAnalytics": [ + { + "workspaceResourceId": "[resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspaceName'))]", + "name": "ws" + } + ] + }, + "dataFlows": [ + { + "streams": [ "Custom-VersasecCmsSysLogs_API" ], + "destinations": [ "ws" ], + "transformKql": "source | project SyslogID = toreal(rowData[0]), SyslogIDCode = tostring(rowData[1]), SyslogIDStrg = tostring(rowData[2]), TimeGenerated = todatetime(rowData[3]), ID = toreal(rowData[4]), ComputerName = tostring(rowData[5]), CLID = tostring(rowData[6]), Param1 = tostring(rowData[7]), UserID = toreal(rowData[8]), TicketRef = tostring(rowData[9])", + "outputStream": "[concat('Custom-', variables('syslogTableName'))]" + }, + { + "streams": [ "Custom-VersasecCmsErrorLogs_API" ], + "destinations": [ "ws" ], + "transformKql": "source | project CmsErrorID = toreal(rowData[0]), CmsErrorIDCode = tostring(rowData[1]), CmsErrorIDStrg = tostring(rowData[2]), TimeGenerated = todatetime(rowData[3]), ID = toreal(rowData[4]), ComputerName = tostring(rowData[5]), CLID = tostring(rowData[6]), ErrorStrg = tostring(rowData[7]), UserID = toreal(rowData[8]), SupportTicket = tostring(rowData[9]), TicketRef = tostring(rowData[10])", + "outputStream": "[concat('Custom-', variables('errorlogTableName'))]" + } + ] + }, + "variables": { + "syslogTableName": "VersasecCmsSysLogs_CL", + "errorlogTableName": "VersasecCmsErrorLogs_CL" + } +} diff --git a/Solutions/VersasecCMS/Data Connectors/VersasecCMS_ccp/PollerConfig.json b/Solutions/VersasecCMS/Data Connectors/VersasecCMS_ccp/PollerConfig.json new file mode 100644 index 00000000000..1121a157fab --- /dev/null +++ b/Solutions/VersasecCMS/Data Connectors/VersasecCMS_ccp/PollerConfig.json @@ -0,0 +1,96 @@ +[{ + "name": "VersasecCmsPoller_syslogs_created_events", + "apiVersion": "2022-10-01-preview", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "RestApiPoller", + "dependsOn": [ + "[resourceId('Microsoft.Insights/dataCollectionRules', 'VersasecCms-DCR')]" + ], + "properties": { + "connectorDefinitionName": "VersasecCmsCCP", + "dataType": "VersasecCms API", + "dcrConfig": { + "streamName": "Custom-VersasecCmsSysLogs_API", + "dataCollectionEndpoint": "[reference(resourceId('Microsoft.Insights/dataCollectionEndpoints', parameters('dceName')), '2022-06-01').logsIngestion.endpoint]", + "dataCollectionRuleImmutableId": "[reference(resourceId('Microsoft.Insights/dataCollectionRules', 'VersasecCms-DCR'), '2022-06-01').immutableId]" + }, + "auth": { + "type": "APIKey", + "ApiKey": "[parameters('apiToken')]", + "ApiKeyName": "X-VSECCMS-AUTHTICKET" + }, + + "request": { + "apiEndpoint": "[concat(parameters('managementUrl'), parameters('apiBasePath'), 'QueryCmsPersistenceData')]", + "rateLimitQPS": 10, + "queryWindowInMin": "[parameters('pollingInterval')]", + "httpMethod": "POST", + "contentType": "application/json", + "queryTimeFormat": "yyyy-MM-ddTHH:mm:ss", + "headers": { + "Content-Type": "application/json", + "Accept": "application/json" + }, + "isPostPayloadJson": true, + "queryParametersTemplate": "[format('{{\"tableName\": \"CvSysLog\", \"queryStatement\": \"StartOperationAnd false AddOperationGreaterEqual false TimeStamp false \\\"T{0}\\\" FinishLogicalOperation\", \"flags\": 0, \"resultPosition\": 0, \"resultAmount\": 100}}', '{_QueryWindowStartTime}')]" + }, + "paging": { + "pagingType": "NextPageToken", + "NextPageTokenJsonPath": "$.pagination.nextCursor", + "NextPageParaName": "cursor" + }, + "response": { + "eventsJsonPaths": [ + "$.rows" + ] + } + } + }, { + "name": "VersasecCmsPoller_errorlogs_created_events", + "apiVersion": "2022-10-01-preview", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "RestApiPoller", + "dependsOn": [ + "[resourceId('Microsoft.Insights/dataCollectionRules', 'VersasecCms-DCR')]" + ], + "properties": { + "connectorDefinitionName": "VersasecCmsCCP", + "dataType": "VersasecCms API", + "dcrConfig": { + "streamName": "Custom-VersasecCmsErrorLogs_API", + "dataCollectionEndpoint": "[reference(resourceId('Microsoft.Insights/dataCollectionEndpoints', parameters('dceName')), '2022-06-01').logsIngestion.endpoint]", + "dataCollectionRuleImmutableId": "[reference(resourceId('Microsoft.Insights/dataCollectionRules', 'VersasecCms-DCR'), '2022-06-01').immutableId]" + }, + "auth": { + "type": "APIKey", + "ApiKey": "[parameters('apiToken')]", + "ApiKeyName": "X-VSECCMS-AUTHTICKET" + }, + + "request": { + "apiEndpoint": "[concat(parameters('managementUrl'), parameters('apiBasePath'), 'QueryCmsPersistenceData')]", + "rateLimitQPS": 10, + "queryWindowInMin": "[parameters('pollingInterval')]", + "httpMethod": "POST", + "contentType": "application/json", + "queryTimeFormat": "yyyy-MM-ddTHH:mm:ss", + "headers": { + "Content-Type": "application/json", + "Accept": "application/json" + }, + "isPostPayloadJson": true, + "queryParametersTemplate": "[format('{{\"tableName\": \"CvErrorLog\", \"queryStatement\": \"StartOperationAnd false AddOperationGreaterEqual false TimeStamp false \\\"T{0}\\\" FinishLogicalOperation\", \"flags\": 0, \"resultPosition\": 0, \"resultAmount\": 100}}', '{_QueryWindowStartTime}')]" + }, + "paging": { + "pagingType": "NextPageToken", + "NextPageTokenJsonPath": "$.pagination.nextCursor", + "NextPageParaName": "cursor" + }, + "response": { + "eventsJsonPaths": [ + "$.rows" + ] + } + } + } +] diff --git a/Solutions/VersasecCMS/Data Connectors/VersasecCMS_ccp/connectorDefinition.json b/Solutions/VersasecCMS/Data Connectors/VersasecCMS_ccp/connectorDefinition.json new file mode 100644 index 00000000000..f09c5765a29 --- /dev/null +++ b/Solutions/VersasecCMS/Data Connectors/VersasecCMS_ccp/connectorDefinition.json @@ -0,0 +1,103 @@ +{ + "name": "[concat(workspaceRef(), '/Microsoft.SecurityInsights/', variables('connectorName'))]", + "type": "Microsoft.SecurityInsights/dataConnectorDefinitions", + "apiVersion": "2022-09-01-preview", + "kind": "Customizable", + "properties": { + "connectorUiConfig": { + "id": "VersasecCmsCCP", + "title": "VersasecCms", + "publisher": "Versasec AB", + "descriptionMarkdown": "The VersasecCms data connector allows ingesting logs into Microsoft Sentinel.", + "graphQueries": [{ + "metricName": "Total System Logs", + "legend": "Versasec Cms SysLog", + "baseQuery": "VersasecCmsSysLogs_CL" + }, { + "metricName": "Total Error Logs", + "legend": "Versasec Cms ErrorLog", + "baseQuery": "VersasecCmsErrorLogs_CL" + } + ], + "sampleQueries": [{ + "description": "View last 50 System Logs", + "query": "VersasecCmsSysLogs_CL | take 50" + }, { + "description": "View last 50 Error Logs", + "query": "VersasecCmsErrorLogs_CL | take 50" + } + ], + "dataTypes": [{ + "name": "VersasecCmsSysLogs_CL", + "lastDataReceivedQuery": "VersasecCmsSysLogs_CL | summarize Time = max(TimeGenerated)" + }, { + "name": "VersasecCmsErrorLogs_CL", + "lastDataReceivedQuery": "VersasecCmsErrorLogs_CL | summarize Time = max(TimeGenerated)" + } + ], + "connectivityCriteria": [{ + "type": "IsConnectedQuery", + "value": [ + "VersasecCmsSysLogs_CL | summarize count() by TimeGenerated" + ] + } + ], + "permissions": { + "resourceProvider": [{ + "provider": "Microsoft.OperationalInsights/workspaces", + "permissionsDisplayText": "Read and Write permissions are required.", + "providerDisplayName": "Workspace", + "scope": "Workspace", + "requiredPermissions": { + "read": true, + "write": true, + "delete": true + } + } + ] + }, + "instructionSteps": [{ + "title": "Configuration", + "description": "Enter credentials for VersasecCms.", + "instructions": [{ + "parameters": { + "label": "Management URL", + "type": "text", + "name": "managementUrl" + }, + "type": "Textbox" + }, { + "parameters": { + "label": "API Base Path", + "type": "text", + "name": "apiBasePath" + }, + "type": "Textbox" + }, { + "parameters": { + "label": "API Token", + "type": "securestring", + "name": "apiToken" + }, + "type": "Textbox" + }, { + "parameters": { + "label": "Polling Interval (Minutes)", + "type": "int", + "name": "pollingInterval", + "defaultValue": 5 + }, + "type": "Textbox" + }, { + "parameters": { + "label": "connect", + "name": "connectButton" + }, + "type": "ConnectionToggleButton" + } + ] + } + ] + } + } +} diff --git a/Solutions/VersasecCMS/Data Connectors/VersasecCMS_ccp/table - ErrorLogs.json b/Solutions/VersasecCMS/Data Connectors/VersasecCMS_ccp/table - ErrorLogs.json new file mode 100644 index 00000000000..73d61f5a071 --- /dev/null +++ b/Solutions/VersasecCMS/Data Connectors/VersasecCMS_ccp/table - ErrorLogs.json @@ -0,0 +1,46 @@ +{ + "name": "VersasecCmsErrorLogs_CL", + "type": "Microsoft.OperationalInsights/workspaces/tables", + "apiVersion": "2022-10-01", + "tags": {}, + "properties": { + "schema": { + "name": "VersasecCmsErrorLogs_CL", + "columns": [{ + "name": "TimeGenerated", + "type": "datetime" + }, { + "name": "CmsErrorID", + "type": "real" + }, { + "name": "CmsErrorIDCode", + "type": "string" + }, { + "name": "CmsErrorIDStrg", + "type": "string" + }, { + "name": "ID", + "type": "real" + }, { + "name": "ComputerName", + "type": "string" + }, { + "name": "CLID", + "type": "string" + }, { + "name": "ErrorStrg", + "type": "string" + }, { + "name": "UserID", + "type": "real" + },{ + "name": "SupportTicket", + "type": "string" + }, { + "name": "TicketRef", + "type": "string" + } + ] + } + } +} diff --git a/Solutions/VersasecCMS/Data Connectors/VersasecCMS_ccp/table - SysLogs.json b/Solutions/VersasecCMS/Data Connectors/VersasecCMS_ccp/table - SysLogs.json new file mode 100644 index 00000000000..95ca186112f --- /dev/null +++ b/Solutions/VersasecCMS/Data Connectors/VersasecCMS_ccp/table - SysLogs.json @@ -0,0 +1,43 @@ +{ + "name": "VersasecCmsSysLogs_CL", + "type": "Microsoft.OperationalInsights/workspaces/tables", + "apiVersion": "2022-10-01", + "tags": {}, + "properties": { + "schema": { + "name": "VersasecCmsSysLogs_CL", + "columns": [{ + "name": "TimeGenerated", + "type": "datetime" + }, { + "name": "SyslogID", + "type": "real" + }, { + "name": "SyslogIDCode", + "type": "string" + }, { + "name": "SyslogIDStrg", + "type": "string" + }, { + "name": "ID", + "type": "real" + }, { + "name": "ComputerName", + "type": "string" + }, { + "name": "CLID", + "type": "string" + }, { + "name": "Param1", + "type": "string" + }, { + "name": "UserID", + "type": "real" + }, { + "name": "TicketRef", + "type": "string" + } + ] + } + } +} diff --git a/Solutions/VersasecCMS/Data/Solution_VersasecCMS.json b/Solutions/VersasecCMS/Data/Solution_VersasecCMS.json new file mode 100644 index 00000000000..6f9c8af96ad --- /dev/null +++ b/Solutions/VersasecCMS/Data/Solution_VersasecCMS.json @@ -0,0 +1,18 @@ +{ + "Name": "VersasecCMS", + "Author": "Versasec AB - info@versasec.com", + "Logo": "", + "Description": "Ingests Versasec Cms system logs into Microsoft Sentinel using a REST API poller (CCF).", + "Data Connectors": [ + "Data Connectors/VersasecCMS_ccp/connectorDefinition.json" + ], + "Workbooks": [], + "Parsers": [], + "Analytic Rules": [], + "Hunting Queries": [], + "BasePath": "C:/Github/Azure-Sentinel/Solutions/VersasecCMS", + "Version": "1.0.0", + "Metadata": "SolutionMetadata.json", + "TemplateSpec": true, + "Is1PConnector": false +} diff --git a/Solutions/VersasecCMS/Package/3.0.0.zip b/Solutions/VersasecCMS/Package/3.0.0.zip new file mode 100644 index 00000000000..7d77854637f Binary files /dev/null and b/Solutions/VersasecCMS/Package/3.0.0.zip differ diff --git a/Solutions/VersasecCMS/Package/createUiDefinition.json b/Solutions/VersasecCMS/Package/createUiDefinition.json new file mode 100644 index 00000000000..37d98e0aff8 --- /dev/null +++ b/Solutions/VersasecCMS/Package/createUiDefinition.json @@ -0,0 +1,85 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/0.1.2-preview/CreateUIDefinition.MultiVm.json#", + "handler": "Microsoft.Azure.CreateUIDef", + "version": "0.1.2-preview", + "parameters": { + "config": { + "isWizard": false, + "basics": { + "description": "\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/VersasecCMS/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nIngests Versasec Cms system logs into Microsoft Sentinel using a REST API poller (CCF).\n\n**Data Connectors:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)", + "subscription": { + "resourceProviders": [ + "Microsoft.OperationsManagement/solutions", + "Microsoft.OperationalInsights/workspaces/providers/alertRules", + "Microsoft.Insights/workbooks", + "Microsoft.Logic/workflows" + ] + }, + "location": { + "metadata": { + "hidden": "Hiding location, we get it from the log analytics workspace" + }, + "visible": false + }, + "resourceGroup": { + "allowExisting": true + } + } + }, + "basics": [ + { + "name": "getLAWorkspace", + "type": "Microsoft.Solutions.ArmApiControl", + "toolTip": "This filters by workspaces that exist in the Resource Group selected", + "condition": "[greater(length(resourceGroup().name),0)]", + "request": { + "method": "GET", + "path": "[concat(subscription().id,'/providers/Microsoft.OperationalInsights/workspaces?api-version=2020-08-01')]" + } + }, + { + "name": "workspace", + "type": "Microsoft.Common.DropDown", + "label": "Workspace", + "placeholder": "Select a workspace", + "toolTip": "This dropdown will list only workspace that exists in the Resource Group selected", + "constraints": { + "allowedValues": "[map(filter(basics('getLAWorkspace').value, (filter) => contains(toLower(filter.id), toLower(resourceGroup().name))), (item) => parse(concat('{\"label\":\"', item.name, '\",\"value\":\"', item.name, '\"}')))]", + "required": true + }, + "visible": true + } + ], + "steps": [ + { + "name": "dataconnectors", + "label": "Data Connectors", + "bladeTitle": "Data Connectors", + "elements": [ + { + "name": "dataconnectors1-text", + "type": "Microsoft.Common.TextBlock", + "options": { + "text": "This Solution installs the data connector for VersasecCms. You can get VersasecCms data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view." + } + }, + { + "name": "dataconnectors-link1", + "type": "Microsoft.Common.TextBlock", + "options": { + "link": { + "label": "Learn more about connecting data sources", + "uri": "https://docs.microsoft.com/azure/sentinel/connect-data-sources" + } + } + } + ] + } + ], + "outputs": { + "workspace-location": "[first(map(filter(basics('getLAWorkspace').value, (filter) => and(contains(toLower(filter.id), toLower(resourceGroup().name)),equals(filter.name,basics('workspace')))), (item) => item.location))]", + "location": "[location()]", + "workspace": "[basics('workspace')]" + } + } +} diff --git a/Solutions/VersasecCMS/Package/mainTemplate.json b/Solutions/VersasecCMS/Package/mainTemplate.json new file mode 100644 index 00000000000..21a0b2b90e6 --- /dev/null +++ b/Solutions/VersasecCMS/Package/mainTemplate.json @@ -0,0 +1,804 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "author": "Versasec AB - info@versasec.com", + "comments": "Solution template for VersasecCMS" + }, + "parameters": { + "location": { + "type": "string", + "minLength": 1, + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Not used, but needed to pass arm-ttk test `Location-Should-Not-Be-Hardcoded`. We instead use the `workspace-location` which is derived from the LA workspace" + } + }, + "workspace-location": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "[concat('Region to deploy solution resources -- separate from location selection',parameters('location'))]" + } + }, + "workspace": { + "defaultValue": "", + "type": "string", + "metadata": { + "description": "Workspace name for Log Analytics where Microsoft Sentinel is setup" + } + }, + "resourceGroupName": { + "type": "string", + "defaultValue": "[resourceGroup().name]", + "metadata": { + "description": "resource group name where Microsoft Sentinel is setup" + } + }, + "subscription": { + "type": "string", + "defaultValue": "[last(split(subscription().id, '/'))]", + "metadata": { + "description": "subscription id where Microsoft Sentinel is setup" + } + } + }, + "variables": { + "email": "info@versasec.com", + "_email": "[variables('email')]", + "_solutionName": "VersasecCMS", + "_solutionVersion": "3.0.0", + "solutionId": ".", + "_solutionId": "[variables('solutionId')]", + "workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]", + "dataConnectorCCPVersion": "1.0.0", + "_dataConnectorContentIdConnectorDefinition1": "VersasecCmsCCP", + "dataConnectorTemplateNameConnectorDefinition1": "[concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentIdConnectorDefinition1')))]", + "_dataConnectorContentIdConnections1": "VersasecCmsCCPConnections", + "dataConnectorTemplateNameConnections1": "[concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentIdConnections1')))]", + "blanks": "[replace('b', 'b', '')]", + "_solutioncontentProductId": "[concat(take(variables('_solutionId'),50),'-','sl','-', uniqueString(concat(variables('_solutionId'),'-','Solution','-',variables('_solutionId'),'-', variables('_solutionVersion'))))]" + }, + "resources": [ + { + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", + "apiVersion": "2023-04-01-preview", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/', variables('dataConnectorTemplateNameConnectorDefinition1'), variables('dataConnectorCCPVersion'))]", + "location": "[parameters('workspace-location')]", + "dependsOn": [ + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" + ], + "properties": { + "contentId": "[variables('_dataConnectorContentIdConnectorDefinition1')]", + "displayName": "VersasecCms", + "contentKind": "DataConnector", + "mainTemplate": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "[variables('dataConnectorCCPVersion')]", + "parameters": {}, + "variables": {}, + "resources": [ + { + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentIdConnectorDefinition1'))]", + "apiVersion": "2022-09-01-preview", + "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectorDefinitions", + "location": "[parameters('workspace-location')]", + "kind": "Customizable", + "properties": { + "connectorUiConfig": { + "id": "VersasecCmsCCP", + "title": "VersasecCms", + "publisher": "Versasec AB", + "descriptionMarkdown": "The VersasecCms data connector allows ingesting logs into Microsoft Sentinel.", + "graphQueries": [ + { + "metricName": "Total System Logs", + "legend": "Versasec Cms SysLog", + "baseQuery": "VersasecCmsSysLogs_CL" + }, + { + "metricName": "Total Error Logs", + "legend": "Versasec Cms ErrorLog", + "baseQuery": "VersasecCmsErrorLogs_CL" + } + ], + "sampleQueries": [ + { + "description": "View last 50 System Logs", + "query": "VersasecCmsSysLogs_CL | take 50" + }, + { + "description": "View last 50 Error Logs", + "query": "VersasecCmsErrorLogs_CL | take 50" + } + ], + "dataTypes": [ + { + "name": "VersasecCmsSysLogs_CL", + "lastDataReceivedQuery": "VersasecCmsSysLogs_CL | summarize Time = max(TimeGenerated)" + }, + { + "name": "VersasecCmsErrorLogs_CL", + "lastDataReceivedQuery": "VersasecCmsErrorLogs_CL | summarize Time = max(TimeGenerated)" + } + ], + "connectivityCriteria": [ + { + "type": "IsConnectedQuery", + "value": [ + "VersasecCmsSysLogs_CL | summarize count() by TimeGenerated" + ] + } + ], + "permissions": { + "resourceProvider": [ + { + "provider": "Microsoft.OperationalInsights/workspaces", + "permissionsDisplayText": "Read and Write permissions are required.", + "providerDisplayName": "Workspace", + "scope": "Workspace", + "requiredPermissions": { + "read": true, + "write": true, + "delete": true + } + } + ] + }, + "instructionSteps": [ + { + "title": "Configuration", + "description": "Enter credentials for VersasecCms.", + "instructions": [ + { + "parameters": { + "label": "Management URL", + "type": "text", + "name": "managementUrl" + }, + "type": "Textbox" + }, + { + "parameters": { + "label": "API Base Path", + "type": "text", + "name": "apiBasePath" + }, + "type": "Textbox" + }, + { + "parameters": { + "label": "API Token", + "type": "securestring", + "name": "apiToken" + }, + "type": "Textbox" + }, + { + "parameters": { + "label": "Polling Interval (Minutes)", + "type": "int", + "name": "pollingInterval", + "defaultValue": 5 + }, + "type": "Textbox" + }, + { + "parameters": { + "label": "connect", + "name": "connectButton" + }, + "type": "ConnectionToggleButton" + } + ] + } + ] + } + } + }, + { + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', variables('_dataConnectorContentIdConnectorDefinition1')))]", + "apiVersion": "2022-01-01-preview", + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "properties": { + "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectorDefinitions', variables('_dataConnectorContentIdConnectorDefinition1'))]", + "contentId": "[variables('_dataConnectorContentIdConnectorDefinition1')]", + "kind": "DataConnector", + "version": "[variables('dataConnectorCCPVersion')]", + "source": { + "sourceId": "[variables('_solutionId')]", + "name": "[variables('_solutionName')]", + "kind": "Solution" + }, + "author": { + "name": "Versasec AB", + "email": "[variables('_email')]" + }, + "support": { + "Tier": "Partner", + "Name": "Versasec Support", + "Email": "support@example.com" + }, + "dependencies": { + "criteria": [ + { + "version": "[variables('dataConnectorCCPVersion')]", + "contentId": "[variables('_dataConnectorContentIdConnections1')]", + "kind": "ResourcesDataConnector" + } + ] + } + } + }, + { + "name": "VersasecCms-DCR", + "apiVersion": "2022-06-01", + "type": "Microsoft.Insights/dataCollectionRules", + "location": "[parameters('workspace-location')]", + "kind": "[variables('blanks')]", + "properties": { + "dataCollectionEndpointId": "[resourceId(parameters('subscription'), parameters('resourceGroupName'), 'Microsoft.Insights/dataCollectionEndpoints', parameters('dceName'))]", + "streamDeclarations": { + "Custom-VersasecCmsSysLogs_API": { + "columns": [ + { + "name": "rowData", + "type": "dynamic" + } + ] + }, + "Custom-VersasecCmsErrorLogs_API": { + "columns": [ + { + "name": "rowData", + "type": "dynamic" + } + ] + } + }, + "destinations": { + "logAnalytics": [ + { + "workspaceResourceId": "[variables('workspaceResourceId')]", + "name": "ws" + } + ] + }, + "dataFlows": [ + { + "streams": [ + "Custom-VersasecCmsSysLogs_API" + ], + "destinations": [ + "ws" + ], + "transformKql": "source | project SyslogID = toreal(rowData[0]), SyslogIDCode = tostring(rowData[1]), SyslogIDStrg = tostring(rowData[2]), TimeGenerated = todatetime(rowData[3]), ID = toreal(rowData[4]), ComputerName = tostring(rowData[5]), CLID = tostring(rowData[6]), Param1 = tostring(rowData[7]), UserID = toreal(rowData[8]), TicketRef = tostring(rowData[9])", + "outputStream": "[concat('Custom-', variables('syslogTableName'))]" + }, + { + "streams": [ + "Custom-VersasecCmsErrorLogs_API" + ], + "destinations": [ + "ws" + ], + "transformKql": "source | project CmsErrorID = toreal(rowData[0]), CmsErrorIDCode = tostring(rowData[1]), CmsErrorIDStrg = tostring(rowData[2]), TimeGenerated = todatetime(rowData[3]), ID = toreal(rowData[4]), ComputerName = tostring(rowData[5]), CLID = tostring(rowData[6]), ErrorStrg = tostring(rowData[7]), UserID = toreal(rowData[8]), SupportTicket = tostring(rowData[9]), TicketRef = tostring(rowData[10])", + "outputStream": "[concat('Custom-', variables('errorlogTableName'))]" + } + ] + } + }, + { + "name": "VersasecCmsErrorLogs_CL", + "apiVersion": "2022-10-01", + "type": "Microsoft.OperationalInsights/workspaces/tables", + "location": "[parameters('workspace-location')]", + "kind": null, + "properties": { + "schema": { + "name": "VersasecCmsErrorLogs_CL", + "columns": [ + { + "name": "TimeGenerated", + "type": "datetime" + }, + { + "name": "CmsErrorID", + "type": "real" + }, + { + "name": "CmsErrorIDCode", + "type": "string" + }, + { + "name": "CmsErrorIDStrg", + "type": "string" + }, + { + "name": "ID", + "type": "real" + }, + { + "name": "ComputerName", + "type": "string" + }, + { + "name": "CLID", + "type": "string" + }, + { + "name": "ErrorStrg", + "type": "string" + }, + { + "name": "UserID", + "type": "real" + }, + { + "name": "SupportTicket", + "type": "string" + }, + { + "name": "TicketRef", + "type": "string" + } + ] + } + } + }, + { + "name": "VersasecCmsSysLogs_CL", + "apiVersion": "2022-10-01", + "type": "Microsoft.OperationalInsights/workspaces/tables", + "location": "[parameters('workspace-location')]", + "kind": null, + "properties": { + "schema": { + "name": "VersasecCmsSysLogs_CL", + "columns": [ + { + "name": "TimeGenerated", + "type": "datetime" + }, + { + "name": "SyslogID", + "type": "real" + }, + { + "name": "SyslogIDCode", + "type": "string" + }, + { + "name": "SyslogIDStrg", + "type": "string" + }, + { + "name": "ID", + "type": "real" + }, + { + "name": "ComputerName", + "type": "string" + }, + { + "name": "CLID", + "type": "string" + }, + { + "name": "Param1", + "type": "string" + }, + { + "name": "UserID", + "type": "real" + }, + { + "name": "TicketRef", + "type": "string" + } + ] + } + } + } + ] + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "contentProductId": "[concat(take(variables('_solutionId'), 50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentIdConnectorDefinition1'),'-', variables('dataConnectorCCPVersion'))))]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "version": "[variables('dataConnectorCCPVersion')]" + } + }, + { + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentIdConnectorDefinition1'))]", + "apiVersion": "2022-09-01-preview", + "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectorDefinitions", + "location": "[parameters('workspace-location')]", + "kind": "Customizable", + "properties": { + "connectorUiConfig": { + "id": "VersasecCmsCCP", + "title": "VersasecCms", + "publisher": "Versasec AB", + "descriptionMarkdown": "The VersasecCms data connector allows ingesting logs into Microsoft Sentinel.", + "graphQueries": [ + { + "metricName": "Total System Logs", + "legend": "Versasec Cms SysLog", + "baseQuery": "VersasecCmsSysLogs_CL" + }, + { + "metricName": "Total Error Logs", + "legend": "Versasec Cms ErrorLog", + "baseQuery": "VersasecCmsErrorLogs_CL" + } + ], + "sampleQueries": [ + { + "description": "View last 50 System Logs", + "query": "VersasecCmsSysLogs_CL | take 50" + }, + { + "description": "View last 50 Error Logs", + "query": "VersasecCmsErrorLogs_CL | take 50" + } + ], + "dataTypes": [ + { + "name": "VersasecCmsSysLogs_CL", + "lastDataReceivedQuery": "VersasecCmsSysLogs_CL | summarize Time = max(TimeGenerated)" + }, + { + "name": "VersasecCmsErrorLogs_CL", + "lastDataReceivedQuery": "VersasecCmsErrorLogs_CL | summarize Time = max(TimeGenerated)" + } + ], + "connectivityCriteria": [ + { + "type": "IsConnectedQuery", + "value": [ + "VersasecCmsSysLogs_CL | summarize count() by TimeGenerated" + ] + } + ], + "permissions": { + "resourceProvider": [ + { + "provider": "Microsoft.OperationalInsights/workspaces", + "permissionsDisplayText": "Read and Write permissions are required.", + "providerDisplayName": "Workspace", + "scope": "Workspace", + "requiredPermissions": { + "read": true, + "write": true, + "delete": true + } + } + ] + }, + "instructionSteps": [ + { + "title": "Configuration", + "description": "Enter credentials for VersasecCms.", + "instructions": [ + { + "parameters": { + "label": "Management URL", + "type": "text", + "name": "managementUrl" + }, + "type": "Textbox" + }, + { + "parameters": { + "label": "API Base Path", + "type": "text", + "name": "apiBasePath" + }, + "type": "Textbox" + }, + { + "parameters": { + "label": "API Token", + "type": "securestring", + "name": "apiToken" + }, + "type": "Textbox" + }, + { + "parameters": { + "label": "Polling Interval (Minutes)", + "type": "int", + "name": "pollingInterval", + "defaultValue": 5 + }, + "type": "Textbox" + }, + { + "parameters": { + "label": "connect", + "name": "connectButton" + }, + "type": "ConnectionToggleButton" + } + ] + } + ] + } + } + }, + { + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', variables('_dataConnectorContentIdConnectorDefinition1')))]", + "apiVersion": "2022-01-01-preview", + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "properties": { + "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectorDefinitions', variables('_dataConnectorContentIdConnectorDefinition1'))]", + "contentId": "[variables('_dataConnectorContentIdConnectorDefinition1')]", + "kind": "DataConnector", + "version": "[variables('dataConnectorCCPVersion')]", + "source": { + "sourceId": "[variables('_solutionId')]", + "name": "[variables('_solutionName')]", + "kind": "Solution" + }, + "author": { + "name": "Versasec AB", + "email": "[variables('_email')]" + }, + "support": { + "Tier": "Partner", + "Name": "Versasec Support", + "Email": "support@example.com" + }, + "dependencies": { + "criteria": [ + { + "version": "[variables('dataConnectorCCPVersion')]", + "contentId": "[variables('_dataConnectorContentIdConnections1')]", + "kind": "ResourcesDataConnector" + } + ] + } + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", + "apiVersion": "2023-04-01-preview", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/', variables('dataConnectorTemplateNameConnections1'), variables('dataConnectorCCPVersion'))]", + "location": "[parameters('workspace-location')]", + "dependsOn": [ + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" + ], + "properties": { + "contentId": "[variables('_dataConnectorContentIdConnections1')]", + "displayName": "VersasecCms", + "contentKind": "ResourcesDataConnector", + "mainTemplate": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "[variables('dataConnectorCCPVersion')]", + "parameters": { + "guidValue": { + "defaultValue": "[[newGuid()]", + "type": "securestring" + }, + "innerWorkspace": { + "defaultValue": "[parameters('workspace')]", + "type": "securestring" + }, + "connectorDefinitionName": { + "defaultValue": "VersasecCms", + "type": "securestring", + "minLength": 1 + }, + "workspace": { + "defaultValue": "[parameters('workspace')]", + "type": "securestring" + }, + "dcrConfig": { + "defaultValue": { + "dataCollectionEndpoint": "data collection Endpoint", + "dataCollectionRuleImmutableId": "data collection rule immutableId" + }, + "type": "object" + }, + "managementUrl": { + "defaultValue": "managementUrl", + "type": "securestring", + "minLength": 1 + }, + "apiBasePath": { + "defaultValue": "apiBasePath", + "type": "securestring", + "minLength": 1 + }, + "apiToken": { + "defaultValue": "apiToken", + "type": "securestring", + "minLength": 1 + }, + "pollingInterval": { + "defaultValue": "pollingInterval", + "type": "securestring", + "minLength": 1 + } + }, + "variables": { + "_dataConnectorContentIdConnections1": "[variables('_dataConnectorContentIdConnections1')]" + }, + "resources": [ + { + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', variables('_dataConnectorContentIdConnections1')))]", + "apiVersion": "2022-01-01-preview", + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "properties": { + "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentIdConnections1'))]", + "contentId": "[variables('_dataConnectorContentIdConnections1')]", + "kind": "ResourcesDataConnector", + "version": "[variables('dataConnectorCCPVersion')]", + "source": { + "sourceId": "[variables('_solutionId')]", + "name": "[variables('_solutionName')]", + "kind": "Solution" + }, + "author": { + "name": "Versasec AB", + "email": "[variables('_email')]" + }, + "support": { + "Tier": "Partner", + "Name": "Versasec Support", + "Email": "support@example.com" + } + } + }, + { + "name": "[[concat(parameters('innerWorkspace'),'/Microsoft.SecurityInsights/', 'VersasecCmsPoller_syslogs_created_events', parameters('guidValue'))]", + "apiVersion": "2023-02-01-preview", + "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors", + "location": "[parameters('workspace-location')]", + "kind": "RestApiPoller", + "properties": { + "connectorDefinitionName": "VersasecCmsCCP", + "dataType": "VersasecCms API", + "dcrConfig": { + "streamName": "Custom-VersasecCmsSysLogs_API", + "dataCollectionEndpoint": "[reference(resourceId('Microsoft.Insights/dataCollectionEndpoints', parameters('dceName')), '2022-06-01').logsIngestion.endpoint]", + "dataCollectionRuleImmutableId": "[reference(resourceId('Microsoft.Insights/dataCollectionRules', 'VersasecCms-DCR'), '2022-06-01').immutableId]" + }, + "auth": { + "type": "APIKey", + "ApiKey": "[parameters('apiToken')]", + "ApiKeyName": "X-VSECCMS-AUTHTICKET" + }, + "request": { + "apiEndpoint": "[concat(parameters('managementUrl'), parameters('apiBasePath'), 'QueryCmsPersistenceData')]", + "rateLimitQPS": 10, + "queryWindowInMin": "[parameters('pollingInterval')]", + "httpMethod": "POST", + "contentType": "application/json", + "queryTimeFormat": "yyyy-MM-ddTHH:mm:ss", + "headers": { + "Content-Type": "application/json", + "Accept": "application/json" + }, + "isPostPayloadJson": true, + "queryParametersTemplate": "[format('{{\"tableName\": \"CvSysLog\", \"queryStatement\": \"StartOperationAnd false AddOperationGreaterEqual false TimeStamp false \\\"T{0}\\\" FinishLogicalOperation\", \"flags\": 0, \"resultPosition\": 0, \"resultAmount\": 100}}', '{_QueryWindowStartTime}')]" + }, + "paging": { + "pagingType": "NextPageToken", + "NextPageTokenJsonPath": "$.pagination.nextCursor", + "NextPageParaName": "cursor" + }, + "response": { + "eventsJsonPaths": [ + "$.rows" + ] + } + } + }, + { + "name": "[[concat(parameters('innerWorkspace'),'/Microsoft.SecurityInsights/', 'VersasecCmsPoller_errorlogs_created_events', parameters('guidValue'))]", + "apiVersion": "2023-02-01-preview", + "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors", + "location": "[parameters('workspace-location')]", + "kind": "RestApiPoller", + "properties": { + "connectorDefinitionName": "VersasecCmsCCP", + "dataType": "VersasecCms API", + "dcrConfig": { + "streamName": "Custom-VersasecCmsErrorLogs_API", + "dataCollectionEndpoint": "[reference(resourceId('Microsoft.Insights/dataCollectionEndpoints', parameters('dceName')), '2022-06-01').logsIngestion.endpoint]", + "dataCollectionRuleImmutableId": "[reference(resourceId('Microsoft.Insights/dataCollectionRules', 'VersasecCms-DCR'), '2022-06-01').immutableId]" + }, + "auth": { + "type": "APIKey", + "ApiKey": "[parameters('apiToken')]", + "ApiKeyName": "X-VSECCMS-AUTHTICKET" + }, + "request": { + "apiEndpoint": "[concat(parameters('managementUrl'), parameters('apiBasePath'), 'QueryCmsPersistenceData')]", + "rateLimitQPS": 10, + "queryWindowInMin": "[parameters('pollingInterval')]", + "httpMethod": "POST", + "contentType": "application/json", + "queryTimeFormat": "yyyy-MM-ddTHH:mm:ss", + "headers": { + "Content-Type": "application/json", + "Accept": "application/json" + }, + "isPostPayloadJson": true, + "queryParametersTemplate": "[format('{{\"tableName\": \"CvErrorLog\", \"queryStatement\": \"StartOperationAnd false AddOperationGreaterEqual false TimeStamp false \\\"T{0}\\\" FinishLogicalOperation\", \"flags\": 0, \"resultPosition\": 0, \"resultAmount\": 100}}', '{_QueryWindowStartTime}')]" + }, + "paging": { + "pagingType": "NextPageToken", + "NextPageTokenJsonPath": "$.pagination.nextCursor", + "NextPageParaName": "cursor" + }, + "response": { + "eventsJsonPaths": [ + "$.rows" + ] + } + } + } + ] + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "contentProductId": "[concat(take(variables('_solutionId'), 50),'-','rdc','-', uniqueString(concat(variables('_solutionId'),'-','ResourcesDataConnector','-',variables('_dataConnectorContentIdConnections1'),'-', variables('dataConnectorCCPVersion'))))]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "version": "[variables('dataConnectorCCPVersion')]" + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/contentPackages", + "apiVersion": "2023-04-01-preview", + "location": "[parameters('workspace-location')]", + "properties": { + "version": "3.0.0", + "kind": "Solution", + "contentSchemaVersion": "3.0.0", + "displayName": "VersasecCMS", + "publisherDisplayName": "Versasec Support", + "descriptionHtml": "

Note: Please refer to the following before installing the solution:

\n

• Review the solution Release Notes

\n

• There may be known issues pertaining to this Solution, please refer to them before installing.

\n

Ingests Versasec Cms system logs into Microsoft Sentinel using a REST API poller (CCF).

\n

Data Connectors: 1

\n

Learn more about Microsoft Sentinel | Learn more about Solutions

\n", + "contentKind": "Solution", + "contentProductId": "[variables('_solutioncontentProductId')]", + "id": "[variables('_solutioncontentProductId')]", + "icon": "", + "contentId": "[variables('_solutionId')]", + "parentId": "[variables('_solutionId')]", + "source": { + "kind": "Solution", + "name": "VersasecCMS", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "Versasec AB", + "email": "[variables('_email')]" + }, + "support": { + "name": "Versasec Support", + "email": "support@example.com", + "tier": "Partner" + }, + "dependencies": { + "operator": "AND", + "criteria": [ + { + "kind": "DataConnector", + "contentId": "[variables('_dataConnectorContentIdConnections1')]", + "version": "[variables('dataConnectorCCPVersion')]" + } + ] + }, + "categories": {} + }, + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/', variables('_solutionId'))]" + } + ], + "outputs": {} +} diff --git a/Solutions/VersasecCMS/Package/testParameters.json b/Solutions/VersasecCMS/Package/testParameters.json new file mode 100644 index 00000000000..554801e41b7 --- /dev/null +++ b/Solutions/VersasecCMS/Package/testParameters.json @@ -0,0 +1,38 @@ +{ + "location": { + "type": "string", + "minLength": 1, + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Not used, but needed to pass arm-ttk test `Location-Should-Not-Be-Hardcoded`. We instead use the `workspace-location` which is derived from the LA workspace" + } + }, + "workspace-location": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "[concat('Region to deploy solution resources -- separate from location selection',parameters('location'))]" + } + }, + "workspace": { + "defaultValue": "", + "type": "string", + "metadata": { + "description": "Workspace name for Log Analytics where Microsoft Sentinel is setup" + } + }, + "resourceGroupName": { + "type": "string", + "defaultValue": "[resourceGroup().name]", + "metadata": { + "description": "resource group name where Microsoft Sentinel is setup" + } + }, + "subscription": { + "type": "string", + "defaultValue": "[last(split(subscription().id, '/'))]", + "metadata": { + "description": "subscription id where Microsoft Sentinel is setup" + } + } +} diff --git a/Solutions/VersasecCMS/Readme.md b/Solutions/VersasecCMS/Readme.md new file mode 100644 index 00000000000..5f306781afd --- /dev/null +++ b/Solutions/VersasecCMS/Readme.md @@ -0,0 +1,20 @@ +# Versasec CMS Data Connector + +drawing
+ +This solution ingests Versasec CMS system logs into Microsoft Sentinel using a REST API poller (CCF). + +### Authentication methods this connector supports + +* Api Key authentication (X-VSECCMS-AUTHTICKET) + +### Configurations steps +Users will be required to provide the **Management URL**, **API Base Path** and **API Token** when configuring the connector. + + +## Actions supported by the connector + +The connector supports ingesting the following log types from Versasec CMS: +* **System Logs** (Stored in table `VersasecCmsSysLogs_CL`) +* **Error Logs** (Stored in table `VersasecCmsErrorLogs_CL`) + diff --git a/Solutions/VersasecCMS/ReleaseNotes.md b/Solutions/VersasecCMS/ReleaseNotes.md new file mode 100644 index 00000000000..85748f5037e --- /dev/null +++ b/Solutions/VersasecCMS/ReleaseNotes.md @@ -0,0 +1,3 @@ +| **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** | +|-------------|--------------------------------|------------------------------------------------------------------| +| 3.0.0 | 11-12-2025 | Initial version | diff --git a/Solutions/VersasecCMS/SolutionMetadata.json b/Solutions/VersasecCMS/SolutionMetadata.json new file mode 100644 index 00000000000..30e4d3112a6 --- /dev/null +++ b/Solutions/VersasecCMS/SolutionMetadata.json @@ -0,0 +1,16 @@ +{ + "Name": "VersasecCMS", + "DisplayName": "Versasec CMS Connector", + "PublisherName": "Versasec AB", + "Description": "Ingests Versasec CMS system logs into Microsoft Sentinel using a REST API poller (CCF).", + "SolutionVersion": "1.0.0", + "Categories": [ + "Security", + "DataConnectors" + ], + "Support": { + "Tier": "Partner", + "Name": "Versasec Support", + "Email": "support@example.com" + } +}