Merge pull request Azure#11992 from Azure/v-prasadboke-crowdstrike

v-prasadboke · web-flow · commit 76dfbd3854fc · 2025-04-03T12:24:52.000+05:30
Typo error corrected
diff --git a/Solutions/CrowdStrike Falcon Endpoint Protection/Data/Solution_CrowdStrike.json b/Solutions/CrowdStrike Falcon Endpoint Protection/Data/Solution_CrowdStrike.json
@@ -2,7 +2,7 @@
   "Name": "CrowdStrike Falcon Endpoint Protection",
   "Author": "Microsoft - support@microsoft.com",
   "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/CrowdStrike%20Falcon%20Endpoint%20Protection/Data%20Connectors/Logo/crowdstrike.svg\" width=\"75px\" height=\"75px\">",
-  "Description": "The [CrowdStrike Falcon Endpoint Protection](https://www.crowdstrike.com/products/) solution allows you to easily connect your CrowdStrike Falcon Event Stream with Microsoft Sentinel, to create custom dashboards, alerts, and improve investigation. This gives you more insight into your organization's endpoints and improves your security operation capabilities. \n\nThis solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.\n\n<p><span style='color:red; font-weight:bold;'>NOTE:</span>For ingestion of CEF-formatted logs from CrowdStrike, Microsoft recommends installing the CEF via AMA Connector.</p> <p><span style='color:red; font-weight:bold;'>NOTE:</span> Microsoft recommends ingesting via Codeless Connector Platform based data connectors wherever possible. The CCP connector(s) included in this solution use the Log Ingestion API, which uses the Log Ingestion API, which replaces ingestion via the <a href='https://learn.microsoft.com/en-us/azure/azure-monitor/logs/custom-logs-migrate' style='color:#1890F1;'>deprecated HTTP Data Collector API</a>. CCP-based data connectors also support <a href='https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/data-collection-rule-overview' style='color:#1890F1;'>Data Collection Rules</a> (DCRs) offering transformations and enrichment.</p> <p><span style='color:red; font-weight:bold;'>Important:</span> While the updated connector(s) can coexist with their previous versions, running them together will result in duplicated data ingestion. You can disable the legacy versions of these connectors to avoid duplication of data.</p>",
+  "Description": "The [CrowdStrike Falcon Endpoint Protection](https://www.crowdstrike.com/products/) solution allows you to easily connect your CrowdStrike Falcon Event Stream with Microsoft Sentinel, to create custom dashboards, alerts, and improve investigation. This gives you more insight into your organization's endpoints and improves your security operation capabilities. \n\nThis solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.\n\n<p><span style='color:red; font-weight:bold;'>NOTE:</span>For ingestion of CEF-formatted logs from CrowdStrike, Microsoft recommends installing the CEF via AMA Connector.</p> <p><span style='color:red; font-weight:bold;'>NOTE:</span> Microsoft recommends ingesting via Codeless Connector Platform based data connectors wherever possible. The CCP connector(s) included in this solution use the Log Ingestion API, which uses the Log Ingestion API, which replaces ingestion via the <a href='https://learn.microsoft.com/en-us/azure/azure-monitor/logs/custom-logs-migrate' style='color:#1890F1;'>deprecated HTTP Data Collector API</a>. CCP-based data connectors also support <a href='https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/data-collection-rule-overview' style='color:#1890F1;'>Data Collection Rules</a> (DCRs) offering transformations and enrichment.</p> <p><span style='color:red; font-weight:bold;'>Important:</span> While the updated connector(s) can coexist with their legacy versions, running them together will result in duplicated data ingestion. You can disable the legacy versions of these connectors to avoid duplication of data.</p>",
   "Data Connectors": [
     "Data Connectors/CrowdstrikeReplicator/CrowdstrikeReplicator_API_FunctionApp.json",
     "Data Connectors/CrowdstrikeReplicatorCLv2/CrowdstrikeReplicatorV2_ConnectorUI.json",
diff --git a/Solutions/CrowdStrike Falcon Endpoint Protection/Package/3.1.0.zip b/Solutions/CrowdStrike Falcon Endpoint Protection/Package/3.1.0.zip
diff --git a/Solutions/CrowdStrike Falcon Endpoint Protection/Package/createUiDefinition.json b/Solutions/CrowdStrike Falcon Endpoint Protection/Package/createUiDefinition.json
@@ -6,7 +6,7 @@
     "config": {
       "isWizard": false,
       "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/CrowdStrike%20Falcon%20Endpoint%20Protection/Data%20Connectors/Logo/crowdstrike.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/CrowdStrike%20Falcon%20Endpoint%20Protection/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [CrowdStrike Falcon Endpoint Protection](https://www.crowdstrike.com/products/) solution allows you to easily connect your CrowdStrike Falcon Event Stream with Microsoft Sentinel, to create custom dashboards, alerts, and improve investigation. This gives you more insight into your organization's endpoints and improves your security operation capabilities. \n\nThis solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.\n\n<p><span style='color:red; font-weight:bold;'>NOTE:</span>For ingestion of CEF-formatted logs from CrowdStrike, Microsoft recommends installing the CEF via AMA Connector.</p> <p><span style='color:red; font-weight:bold;'>NOTE:</span> Microsoft recommends ingesting via Codeless Connector Platform based data connectors wherever possible. The CCP connector(s) included in this solution use the Log Ingestion API, which uses the Log Ingestion API, which replaces ingestion via the <a href='https://learn.microsoft.com/en-us/azure/azure-monitor/logs/custom-logs-migrate' style='color:#1890F1;'>deprecated HTTP Data Collector API</a>. CCP-based data connectors also support <a href='https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/data-collection-rule-overview' style='color:#1890F1;'>Data Collection Rules</a> (DCRs) offering transformations and enrichment.</p> <p><span style='color:red; font-weight:bold;'>Important:</span> While the updated connector(s) can coexist with their previous versions, running them together will result in duplicated data ingestion. You can disable the legacy versions of these connectors to avoid duplication of data.</p>\n\n**Data Connectors:** 4, **Parsers:** 3, **Workbooks:** 1, **Analytic Rules:** 2, **Playbooks:** 3\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/CrowdStrike%20Falcon%20Endpoint%20Protection/Data%20Connectors/Logo/crowdstrike.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/CrowdStrike%20Falcon%20Endpoint%20Protection/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [CrowdStrike Falcon Endpoint Protection](https://www.crowdstrike.com/products/) solution allows you to easily connect your CrowdStrike Falcon Event Stream with Microsoft Sentinel, to create custom dashboards, alerts, and improve investigation. This gives you more insight into your organization's endpoints and improves your security operation capabilities. \n\nThis solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.\n\n<p><span style='color:red; font-weight:bold;'>NOTE:</span>For ingestion of CEF-formatted logs from CrowdStrike, Microsoft recommends installing the CEF via AMA Connector.</p> <p><span style='color:red; font-weight:bold;'>NOTE:</span> Microsoft recommends ingesting via Codeless Connector Platform based data connectors wherever possible. The CCP connector(s) included in this solution use the Log Ingestion API, which uses the Log Ingestion API, which replaces ingestion via the <a href='https://learn.microsoft.com/en-us/azure/azure-monitor/logs/custom-logs-migrate' style='color:#1890F1;'>deprecated HTTP Data Collector API</a>. CCP-based data connectors also support <a href='https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/data-collection-rule-overview' style='color:#1890F1;'>Data Collection Rules</a> (DCRs) offering transformations and enrichment.</p> <p><span style='color:red; font-weight:bold;'>Important:</span> While the updated connector(s) can coexist with their legacy versions, running them together will result in duplicated data ingestion. You can disable the legacy versions of these connectors to avoid duplication of data.</p>\n\n**Data Connectors:** 4, **Parsers:** 3, **Workbooks:** 1, **Analytic Rules:** 2, **Playbooks:** 3\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
         "subscription": {
           "resourceProviders": [
             "Microsoft.OperationsManagement/solutions",
diff --git a/Solutions/CrowdStrike Falcon Endpoint Protection/Package/mainTemplate.json b/Solutions/CrowdStrike Falcon Endpoint Protection/Package/mainTemplate.json
@@ -12612,7 +12612,7 @@
         "contentSchemaVersion": "3.0.0",
         "displayName": "CrowdStrike Falcon Endpoint Protection",
         "publisherDisplayName": "Microsoft Sentinel, Microsoft Corporation",
-        "descriptionHtml": "<p><strong>Note:</strong> Please refer to the following before installing the solution:</p>\n<p>• Review the solution <a href=\"https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/CrowdStrike%20Falcon%20Endpoint%20Protection/ReleaseNotes.md\">Release Notes</a></p>\n<p>• There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</p>\n<p>The <a href=\"https://www.crowdstrike.com/products/\">CrowdStrike Falcon Endpoint Protection</a> solution allows you to easily connect your CrowdStrike Falcon Event Stream with Microsoft Sentinel, to create custom dashboards, alerts, and improve investigation. This gives you more insight into your organization's endpoints and improves your security operation capabilities.</p>\n<p>This solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.</p>\n<p><span style='color:red; font-weight:bold;'>NOTE:</span>For ingestion of CEF-formatted logs from CrowdStrike, Microsoft recommends installing the CEF via AMA Connector.</p> <p><span style='color:red; font-weight:bold;'>NOTE:</span> Microsoft recommends ingesting via Codeless Connector Platform based data connectors wherever possible. The CCP connector(s) included in this solution use the Log Ingestion API, which uses the Log Ingestion API, which replaces ingestion via the <a href='https://learn.microsoft.com/en-us/azure/azure-monitor/logs/custom-logs-migrate' style='color:#1890F1;'>deprecated HTTP Data Collector API</a>. CCP-based data connectors also support <a href='https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/data-collection-rule-overview' style='color:#1890F1;'>Data Collection Rules</a> (DCRs) offering transformations and enrichment.</p> <p><span style='color:red; font-weight:bold;'>Important:</span> While the updated connector(s) can coexist with their previous versions, running them together will result in duplicated data ingestion. You can disable the legacy versions of these connectors to avoid duplication of data.</p>\n<p><strong>Data Connectors:</strong> 4, <strong>Parsers:</strong> 3, <strong>Workbooks:</strong> 1, <strong>Analytic Rules:</strong> 2, <strong>Playbooks:</strong> 3</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
+        "descriptionHtml": "<p><strong>Note:</strong> Please refer to the following before installing the solution:</p>\n<p>• Review the solution <a href=\"https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/CrowdStrike%20Falcon%20Endpoint%20Protection/ReleaseNotes.md\">Release Notes</a></p>\n<p>• There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</p>\n<p>The <a href=\"https://www.crowdstrike.com/products/\">CrowdStrike Falcon Endpoint Protection</a> solution allows you to easily connect your CrowdStrike Falcon Event Stream with Microsoft Sentinel, to create custom dashboards, alerts, and improve investigation. This gives you more insight into your organization's endpoints and improves your security operation capabilities.</p>\n<p>This solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.</p>\n<p><span style='color:red; font-weight:bold;'>NOTE:</span>For ingestion of CEF-formatted logs from CrowdStrike, Microsoft recommends installing the CEF via AMA Connector.</p> <p><span style='color:red; font-weight:bold;'>NOTE:</span> Microsoft recommends ingesting via Codeless Connector Platform based data connectors wherever possible. The CCP connector(s) included in this solution use the Log Ingestion API, which uses the Log Ingestion API, which replaces ingestion via the <a href='https://learn.microsoft.com/en-us/azure/azure-monitor/logs/custom-logs-migrate' style='color:#1890F1;'>deprecated HTTP Data Collector API</a>. CCP-based data connectors also support <a href='https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/data-collection-rule-overview' style='color:#1890F1;'>Data Collection Rules</a> (DCRs) offering transformations and enrichment.</p> <p><span style='color:red; font-weight:bold;'>Important:</span> While the updated connector(s) can coexist with their legacy versions, running them together will result in duplicated data ingestion. You can disable the legacy versions of these connectors to avoid duplication of data.</p>\n<p><strong>Data Connectors:</strong> 4, <strong>Parsers:</strong> 3, <strong>Workbooks:</strong> 1, <strong>Analytic Rules:</strong> 2, <strong>Playbooks:</strong> 3</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
         "contentKind": "Solution",
         "contentProductId": "[variables('_solutioncontentProductId')]",
         "id": "[variables('_solutioncontentProductId')]",
