Repackaged : AzureDevOpsAuditing

Solutions/AzureDevOpsAuditing/Data/Solution_AzureDevOpsAuditing.json

@@ -2,53 +2,51 @@
   "Name": "AzureDevOpsAuditing",
   "Author": "Microsoft - support@microsoft.com",
   "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/AzureDevOps.svg\" width=\"75px\" height=\"75px\">",
-  "Description": "The [Azure DevOps](https://azure.microsoft.com/products/devops/) Auditing solution for Microsoft Sentinel allows monitoring Azure DevOps [audit events](https://docs.microsoft.com/azure/devops/organizations/audit/azure-devops-auditing?view=azure-devops&tabs=preview-page#review-audit-log) to enable detection of malicious and/or unauthorized access and modification in the repository or pipelines.  The streaming of [Azure DevOps Audit logs to Azure Monitor](https://docs.microsoft.com/azure/devops/organizations/audit/auditing-streaming?view=azure-devops) must be configured to start ingesting audit events. <p><span style='color:red; font-weight:bold;'>NOTE</span>: Microsoft recommends installation of Azure DevOps Audit Logs (Preview) (via Codeless Connector Platform). This connector is build on the Codeless Connector Platform (CCP), which uses the Log Ingestion API, which replaces ingestion via the <a href='https://learn.microsoft.com/en-us/azure/azure-monitor/logs/custom-logs-migrate' style='color:#1890F1;'>deprecated HTTP Data Collector API</a>. CCP-based data connectors also support <a href='https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/data-collection-rule-overview' style='color:#1890F1;'>Data Collection Rules</a> (DCRs) offering transformations and enrichment.</p> ",
+  "Description": "The [Azure DevOps](https://azure.microsoft.com/products/devops/) Auditing solution for Microsoft Sentinel allows monitoring Azure DevOps [audit events](https://docs.microsoft.com/azure/devops/organizations/audit/azure-devops-auditing?view=azure-devops&tabs=preview-page#review-audit-log) to enable detection of malicious and/or unauthorized access and modification in the repository or pipelines. <p><span style='color:red; font-weight:bold;'>NOTE</span>: Microsoft recommends installation of Azure DevOps Audit Logs (Preview) (via Codeless Connector Platform). This connector is build on the Codeless Connector Platform (CCP), which uses the Log Ingestion API, which replaces ingestion via the <a href='https://learn.microsoft.com/en-us/azure/azure-monitor/logs/custom-logs-migrate' style='color:#1890F1;'>deprecated HTTP Data Collector API</a>. CCP-based data connectors also support <a href='https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/data-collection-rule-overview' style='color:#1890F1;'>Data Collection Rules</a> (DCRs) offering transformations and enrichment.</p> ",
   "Data Connectors": [
-	"Data Connectors/AzureDevOpsAuditLogs_CCP/AzureDevOpsAuditLogs_DataConnectorDefinition.json"
+    "Data Connectors/AzureDevOpsAuditLogs_CCP/AzureDevOpsAuditLogs_DataConnectorDefinition.json"
   ],
   "Analytic Rules": [
     "Analytic Rules/ADOAgentPoolCreatedDeleted.yaml",
-	"Analytic Rules/ADOAuditStreamDisabled.yaml",
-	"Analytic Rules/ADOMaliciousToolingDetections1.yaml",
-	"Analytic Rules/ADONewExtensionAdded.yaml",
-	"Analytic Rules/ADOPATUsedWithBrowser.yaml",
-	"Analytic Rules/ADOPipelineModifiedbyNewUser.yaml",
-	"Analytic Rules/ADORetentionReduced.yaml",
-	"Analytic Rules/ADOSecretNotSecured.yaml",
-	"Analytic Rules/ADOVariableModifiedByNewUser.yaml",
-	"Analytic Rules/AzDOAdminGroupAdditions.yaml",
-	"Analytic Rules/AzDOHistoricPrPolicyBypassing.yaml",
-	"Analytic Rules/AzDOHistoricServiceConnectionAdds.yaml",
-	"Analytic Rules/AzDOPatSessionMisuse.yaml",
-	"Analytic Rules/AzDOPipelineCreatedDeletedOneDay.yaml",
-	"Analytic Rules/AzDOServiceConnectionUsage.yaml",
-	"Analytic Rules/ExternalUpstreamSourceAddedtoAzureDevOpsFeed.yaml",
-	"Analytic Rules/NewAgentAddedToPoolbyNewUserorofNewOS.yaml",
-	"Analytic Rules/NewPAPCAPCASaddedtoADO.yaml",
-	"Analytic Rules/NRT_ADOAuditStreamDisabled.yaml"
+    "Analytic Rules/ADOAuditStreamDisabled.yaml",
+    "Analytic Rules/ADOMaliciousToolingDetections1.yaml",
+    "Analytic Rules/ADONewExtensionAdded.yaml",
+    "Analytic Rules/ADOPATUsedWithBrowser.yaml",
+    "Analytic Rules/ADOPipelineModifiedbyNewUser.yaml",
+    "Analytic Rules/ADORetentionReduced.yaml",
+    "Analytic Rules/ADOSecretNotSecured.yaml",
+    "Analytic Rules/ADOVariableModifiedByNewUser.yaml",
+    "Analytic Rules/AzDOAdminGroupAdditions.yaml",
+    "Analytic Rules/AzDOHistoricPrPolicyBypassing.yaml",
+    "Analytic Rules/AzDOHistoricServiceConnectionAdds.yaml",
+    "Analytic Rules/AzDOPatSessionMisuse.yaml",
+    "Analytic Rules/AzDOPipelineCreatedDeletedOneDay.yaml",
+    "Analytic Rules/AzDOServiceConnectionUsage.yaml",
+    "Analytic Rules/ExternalUpstreamSourceAddedtoAzureDevOpsFeed.yaml",
+    "Analytic Rules/NewAgentAddedToPoolbyNewUserorofNewOS.yaml",
+    "Analytic Rules/NewPAPCAPCASaddedtoADO.yaml",
+    "Analytic Rules/NRT_ADOAuditStreamDisabled.yaml"
   ],
   "Hunting Queries": [
-	"Hunting Queries/EntraID Conditional Access Disabled.yaml",
-	"Hunting Queries/Addtional Org Admin Added.yaml",
-	"Hunting Queries/ADOBuildCheckDeleted.yaml",
-	"Hunting Queries/ADOBuildDeletedAfterPipelineMod.yaml",
-	"Hunting Queries/ADOInternalUpstreamPacakgeFeedAdded.yaml",
-	"Hunting Queries/ADONewAgentPoolCreated.yaml",
-	"Hunting Queries/ADONewPackageFeedCreated.yaml",
-	"Hunting Queries/ADONewPATOperation.yaml",
-	"Hunting Queries/ADONewReleaseApprover.yaml",
-	"Hunting Queries/ADOReleasePipelineCreated.yaml",
-	"Hunting Queries/ADOVariableCreatedDeleted.yaml",
-	"Hunting Queries/AzDODisplayNameSwapping.yaml",
-	"Hunting Queries/AzDOPrPolicyBypassers.yaml",
-	"Hunting Queries/Guest users access enabled.yaml",
-	"Hunting Queries/Project visibility changed to public.yaml",
-	"Hunting Queries/Public project created.yaml",
-	"Hunting Queries/Public Projects enabled.yaml"
-  ],
-  "Parsers": [
-	"Parsers/ADOAuditLogs.yaml"
+    "Hunting Queries/EntraID Conditional Access Disabled.yaml",
+    "Hunting Queries/Addtional Org Admin Added.yaml",
+    "Hunting Queries/ADOBuildCheckDeleted.yaml",
+    "Hunting Queries/ADOBuildDeletedAfterPipelineMod.yaml",
+    "Hunting Queries/ADOInternalUpstreamPacakgeFeedAdded.yaml",
+    "Hunting Queries/ADONewAgentPoolCreated.yaml",
+    "Hunting Queries/ADONewPackageFeedCreated.yaml",
+    "Hunting Queries/ADONewPATOperation.yaml",
+    "Hunting Queries/ADONewReleaseApprover.yaml",
+    "Hunting Queries/ADOReleasePipelineCreated.yaml",
+    "Hunting Queries/ADOVariableCreatedDeleted.yaml",
+    "Hunting Queries/AzDODisplayNameSwapping.yaml",
+    "Hunting Queries/AzDOPrPolicyBypassers.yaml",
+    "Hunting Queries/Guest users access enabled.yaml",
+    "Hunting Queries/Project visibility changed to public.yaml",
+    "Hunting Queries/Public project created.yaml",
+    "Hunting Queries/Public Projects enabled.yaml"
   ],
+  "Parsers": ["Parsers/ADOAuditLogs.yaml"],
   "Metadata": "SolutionMetadata.json",
   "BasePath": "C:\\Users\\rahkuma\\Downloads\\Github\\Azure-Sentinel\\Solutions\\AzureDevOpsAuditing",
   "Version": "3.0.4",

Solutions/AzureDevOpsAuditing/Package/createUiDefinition.json

@@ -6,7 +6,7 @@
     "config": {
       "isWizard": false,
       "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/AzureDevOps.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/AzureDevOpsAuditing/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Azure DevOps](https://azure.microsoft.com/products/devops/) Auditing solution for Microsoft Sentinel allows monitoring Azure DevOps [audit events](https://docs.microsoft.com/azure/devops/organizations/audit/azure-devops-auditing?view=azure-devops&tabs=preview-page#review-audit-log) to enable detection of malicious and/or unauthorized access and modification in the repository or pipelines.  The streaming of [Azure DevOps Audit logs to Azure Monitor](https://docs.microsoft.com/azure/devops/organizations/audit/auditing-streaming?view=azure-devops) must be configured to start ingesting audit events. <p><span style='color:red; font-weight:bold;'>NOTE</span>: Microsoft recommends installation of Azure DevOps Audit Logs (Preview) (via Codeless Connector Platform). This connector is build on the Codeless Connector Platform (CCP), which uses the Log Ingestion API, which replaces ingestion via the <a href='https://learn.microsoft.com/en-us/azure/azure-monitor/logs/custom-logs-migrate' style='color:#1890F1;'>deprecated HTTP Data Collector API</a>. CCP-based data connectors also support <a href='https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/data-collection-rule-overview' style='color:#1890F1;'>Data Collection Rules</a> (DCRs) offering transformations and enrichment.</p> \n\n**Data Connectors:** 1, **Parsers:** 1, **Analytic Rules:** 19, **Hunting Queries:** 17\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/AzureDevOps.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/AzureDevOpsAuditing/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Azure DevOps](https://azure.microsoft.com/products/devops/) Auditing solution for Microsoft Sentinel allows monitoring Azure DevOps [audit events](https://docs.microsoft.com/azure/devops/organizations/audit/azure-devops-auditing?view=azure-devops&tabs=preview-page#review-audit-log) to enable detection of malicious and/or unauthorized access and modification in the repository or pipelines. <p><span style='color:red; font-weight:bold;'>NOTE</span>: Microsoft recommends installation of Azure DevOps Audit Logs (Preview) (via Codeless Connector Platform). This connector is build on the Codeless Connector Platform (CCP), which uses the Log Ingestion API, which replaces ingestion via the <a href='https://learn.microsoft.com/en-us/azure/azure-monitor/logs/custom-logs-migrate' style='color:#1890F1;'>deprecated HTTP Data Collector API</a>. CCP-based data connectors also support <a href='https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/data-collection-rule-overview' style='color:#1890F1;'>Data Collection Rules</a> (DCRs) offering transformations and enrichment.</p> \n\n**Data Connectors:** 1, **Parsers:** 1, **Analytic Rules:** 19, **Hunting Queries:** 17\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
         "subscription": {
           "resourceProviders": [
             "Microsoft.OperationsManagement/solutions",
@@ -60,7 +60,7 @@
             "name": "dataconnectors1-text",
             "type": "Microsoft.Common.TextBlock",
             "options": {
-              "text": "This Solution installs the data connector for AzureDevOpsAuditing. You can get AzureDevOpsAuditing data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
+              "text": "This Solution installs the data connector for Azure DevOps Audit Logs (via Codeless Connector Platform). You can get Azure DevOps Audit Logs (via Codeless Connector Platform) data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
             }
           },
           {