Merge pull request Azure#12886 from varunsaiillumio-ux/feature/illumio-connector-changes

Description changes for illumio-connector

Author: v-atulyadav

Solutions/Illumio Insight/Data Connectors/IllumioInsight_CCP/IllumioInsight_Definition.json

@@ -8,25 +8,25 @@
         "connectorUiConfig": {
             "id": "IllumioInsightsDefinition",
             "title": "Illumio Insights",
-            "descriptionMarkdown": "The Illumio Insights data connector allows ingesting logs from the Illumio API into Microsoft Sentinel. The data connector is built on Microsoft Sentinel Codeless Connector Platform. It uses the Illumio API to fetch logs and it supports DCR-based ingestion time transformations that parses the received security data into a custom table so that queries don't need to parse it again, thus resulting in better performance.",
+            "descriptionMarkdown": "Illumio Insights Connector sends workload and security graph data from Illumio Insights into the Azure Microsoft Sentinel Data Lake, providing deep context for threat detection, lateral movement analysis, and real-time investigation.",
             "publisher": "Microsoft",
             "graphQueries": [
                 {
                     "metricName": "Total incident logs received",
                     "legend": "Illumio Insights incident Logs",
-                    "baseQuery": "IlumioInsights"
+                    "baseQuery": "IllumioInsights_CL"
                 }
             ],
             "sampleQueries": [
                 {
                     "description": "Get Sample of Illumio Insights logs",
-                    "query": "IlumioInsights| take 10"
+                    "query": "IllumioInsights_CL| take 10"
                 }
             ],
             "dataTypes": [
                 {
-                    "name": "IlumioInsights",
-                    "lastDataReceivedQuery": "IlumioInsights\n       | where TimeGenerated > ago(12h)                | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
+                    "name": "IllumioInsights_CL",
+                    "lastDataReceivedQuery": "IllumioInsights_CL\n       | where TimeGenerated > ago(12h)                | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
                 }
             ],
             "connectivityCriteria": [
@@ -40,8 +40,6 @@
                 "isPreview": false
             },
             "permissions": {
-                "tenant": null,
-                "licenses": null,
                 "resourceProvider": [
                     {
                         "provider": "Microsoft.OperationalInsights/workspaces",
@@ -63,7 +61,7 @@
                         {
                             "type": "Markdown",
                             "parameters": {
-                                "content": "#### Configuration steps for the Illumio Insights API\n\n**Prerequisites**\n- Register and Login to Illumio Console with valid credentials\n- Client Credentials need to be stored in Microsoft Sentinel account for the tenant\n\n**Step 1: Register the Service Account**\n1. Go to **Illumio Console → Access → Service Accounts**\n2. Create a service account for the tenant\n3. Once you create a service account, you will receive the client credentials\n4. Copy the **Username** (API Key) and the **Secret**\n\n**Step 2: Add Client Credentials to Sentinel Account**\n- Add the API key and secret to Sentinel Account for tenant authentication\n- These credentials will be used to authenticate calls to the Illumio SaaS API\n\n**Step 3: API Usage**\nThe connector will use these credentials to call the Illumio SaaS API:\n- **Endpoint**: `GET https://gw.console.illum.io/api/v1/resource-insights`\n- **Required Headers**:  \n  - `x-illumio-tenant-id`: Your Illumio tenant ID\n  - `x-auth-key`: The API key obtained from step 1\n  - `x-auth-X-api-secret`: The secret key obtained from step 1\n\n**Authentication Validation**\nIllumio validates the request against:\n- Signature against Entra ID's public keys\n- Audience (aud) matches your API's App ID URI\n- Issuer validation\n\nPlease fill in the required fields below with the credentials obtained from the Illumio Console:"
+                                "content": "#### Configuration steps for the Illumio Insights Connector\n\n**Prerequisites**\n- Register and Login to Illumio Console with valid credentials\n- Purchase Illumio Insights or Start a free Trial for Illumio Insights\n\n**Step 1: Register the Service Account**\n1. Go to **Illumio Console → Access → Service Accounts**\n2. Create a service account for the tenant\n3. Once you create a service account, you will receive the client credentials\n4. Copy the **auth_username** (Illumio Insights API Key) and the **Secret** (API Secret)\n\n**Step 2: Add Client Credentials to Sentinel Account**\n- Add the API key and secret to Sentinel Account for tenant authentication\n- These credentials will be used to authenticate calls to the Illumio SaaS API\n\nPlease fill in the required fields below with the credentials obtained from the Illumio Console:"
                             }
                         },
                         {
@@ -87,7 +85,7 @@
                      {
                             "parameters": {
                                 "label": "Illumio Tenant Id",
-                                "placeholder": "{illumioTenantId}",
+                                "placeholder": "{IllumioTenantId - Optional}",
                                 "type": "text",
                                 "name": "illumioTenantId"
                             },
@@ -100,11 +98,10 @@
                             },
                             "type": "ConnectionToggleButton"
                         }
-                    ],
-                    "innerSteps": null
+                    ]
                 }
             ],
             "isConnectivityCriteriasMatchSome": false
         }
     }
-}
+}

Solutions/Illumio Insight/Data Connectors/IllumioInsightsSummaryConnector_CCP/IllumioInsightsSummary_ConnectorDefinition.json

@@ -12,7 +12,7 @@
       "id": "IllumioInsightsSummaryCCP",
       "title": "Illumio Insights Summary",
       "publisher": "Illumio",
-      "descriptionMarkdown": "The Illumio Insights Summary data connector provides the capability to ingest [Illumio](https://www.illumio.com/) security insights and threat analysis reports into Microsoft Sentinel through the REST API. Refer to [Illumio API documentation](https://docs.illumio.com/) for more information. The connector provides the ability to get daily and weekly summary reports from Illumio and visualize them in Azure Sentinel.",
+      "descriptionMarkdown": "The Illumio Insights Summary connector Publishes AI-powered threat discovery and anomaly reports generated by the Illumio Insights Agent. Leveraging the MITRE ATT&CK framework, these reports surface high-fidelity insights into emerging threats and risky behaviors, directly into the Data Lake.",
       "graphQueriesTableName": "IllumioInsightsSummary_CL",
       "graphQueries": [
         {
@@ -69,25 +69,26 @@
               "delete": true
             }
           }
-        ],
-        "customs": [
-          {
-            "name": "Illumio API access",
-            "description": "**Illumio API** access is required for the Illumio Insights Summary API."
-          }
         ]
       },
       "instructionSteps": [
         {
           "title": "1. Configuration",
           "description": "Configure the Illumio Insights Summary connector.",
           "instructions": [
+
             {
               "type": "Markdown",
               "parameters": {
-                "content": "> [!NOTE]\n> This data connector depends on a parser based on a Kusto Function to work as expected which is deployed as part of the solution."
+                "content": "> This data connector may take 24 hrs for the latest report after onboarding"
               }
             },
+            {
+                "type": "Markdown",
+                "parameters": {
+                                "content": "#### Configuration steps for the Illumio Insights Summary Connector\n\n**Prerequisites**\n- Register and Login to Illumio Console with valid credentials\n- Purchase Illumio Insights or Start a free Trial for Illumio Insights\n- Enable The Illumio Insights Agent\n\n**Step 1: Register the Service Account**\n1. Go to **Illumio Console → Access → Service Accounts**\n2. Create a service account for the tenant\n3. Once you create a service account, you will receive the client credentials\n4. Copy the **auth_username** (Illumio Insights API Key) and the **Secret** (API Secret)\n\n**Step 2: Add Client Credentials to Sentinel Account**\n- Add the API key and secret to Sentinel Account for tenant authentication\n- These credentials will be used to authenticate calls to the Illumio SaaS API \n\nPlease fill in the required fields below with the credentials obtained from the Illumio Console:"
+                            }
+                        },
             {
               "type": "Textbox",
               "parameters": {
@@ -110,7 +111,7 @@
               "type": "Textbox",
               "parameters": {
                 "label": "Illumio Tenant ID",
-                "placeholder": "{illumioTenantId}",
+                "placeholder": "{IllumioTenantId - Optional}",
                 "type": "text",
                 "name": "illumioTenantId"
               }

Solutions/Illumio Insight/Data Connectors/IllumioInsightsSummaryConnector_CCP/IllumioInsightsSummary_PollingConfig.json

@@ -16,7 +16,7 @@
       "apiEndpoint": "https://gw.console.illum.io/api/v1/insights-summary",
       "httpMethod": "GET",
       "rateLimitQPS": 10,
-      "queryWindowInMin": 120,
+      "queryWindowInMin": 360,
       "retryCount": 3,
       "timeoutInSeconds": 60,
       "headers": {

Solutions/Illumio Insight/Data/Solution_IllumioInsights.json

@@ -8,7 +8,7 @@
     "Solutions/Illumio Insight/Data Connectors/IllumioInsightsSummaryConnector_CCP/IllumioInsightsSummary_ConnectorDefinition.json"
   ], 
   "BasePath": "C:\\GitHub\\Azure-Sentinel",
-  "Version": "3.3.1",
+  "Version": "3.3.2",
   "Metadata": "SolutionMetadata.json",
   "TemplateSpec": true,
   "Is1PConnector": false

Solutions/Illumio Insight/Package/3.3.2.zip

@@ -60,7 +60,7 @@
             "name": "dataconnectors1-text",
             "type": "Microsoft.Common.TextBlock",
             "options": {
-              "text": "This Solution installs the data connector for Illumio Insight. You can get Illumio Insights data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
+              "text": "This Solution installs the data connector for Illumio Insights. You can get Illumio Insights data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
             }
           },
           {
@@ -77,7 +77,7 @@
             "name": "dataconnectors2-text",
             "type": "Microsoft.Common.TextBlock",
             "options": {
-              "text": "This Solution installs the data connector for Illumio Insight. You can get Illumio Insights Summary data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
+              "text": "This Solution installs the data connector for Illumio Insights Summary. You can get Illumio Insights Summary data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
             }
           },
           {