Skip to content

Commit c77e38b

Browse files
authored
Merge pull request Azure#12886 from varunsaiillumio-ux/feature/illumio-connector-changes
Description changes for illumio-connector
2 parents 4db73a8 + 70c3137 commit c77e38b

File tree

10 files changed

+68
-69
lines changed

10 files changed

+68
-69
lines changed

Solutions/Illumio Insight/Data Connectors/IllumioInsight_CCP/IllumioInsight_Definition.json

Lines changed: 9 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -8,25 +8,25 @@
88
"connectorUiConfig": {
99
"id": "IllumioInsightsDefinition",
1010
"title": "Illumio Insights",
11-
"descriptionMarkdown": "The Illumio Insights data connector allows ingesting logs from the Illumio API into Microsoft Sentinel. The data connector is built on Microsoft Sentinel Codeless Connector Platform. It uses the Illumio API to fetch logs and it supports DCR-based ingestion time transformations that parses the received security data into a custom table so that queries don't need to parse it again, thus resulting in better performance.",
11+
"descriptionMarkdown": "Illumio Insights Connector sends workload and security graph data from Illumio Insights into the Azure Microsoft Sentinel Data Lake, providing deep context for threat detection, lateral movement analysis, and real-time investigation.",
1212
"publisher": "Microsoft",
1313
"graphQueries": [
1414
{
1515
"metricName": "Total incident logs received",
1616
"legend": "Illumio Insights incident Logs",
17-
"baseQuery": "IlumioInsights"
17+
"baseQuery": "IllumioInsights_CL"
1818
}
1919
],
2020
"sampleQueries": [
2121
{
2222
"description": "Get Sample of Illumio Insights logs",
23-
"query": "IlumioInsights| take 10"
23+
"query": "IllumioInsights_CL| take 10"
2424
}
2525
],
2626
"dataTypes": [
2727
{
28-
"name": "IlumioInsights",
29-
"lastDataReceivedQuery": "IlumioInsights\n | where TimeGenerated > ago(12h) | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)"
28+
"name": "IllumioInsights_CL",
29+
"lastDataReceivedQuery": "IllumioInsights_CL\n | where TimeGenerated > ago(12h) | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)"
3030
}
3131
],
3232
"connectivityCriteria": [
@@ -40,8 +40,6 @@
4040
"isPreview": false
4141
},
4242
"permissions": {
43-
"tenant": null,
44-
"licenses": null,
4543
"resourceProvider": [
4644
{
4745
"provider": "Microsoft.OperationalInsights/workspaces",
@@ -63,7 +61,7 @@
6361
{
6462
"type": "Markdown",
6563
"parameters": {
66-
"content": "#### Configuration steps for the Illumio Insights API\n\n**Prerequisites**\n- Register and Login to Illumio Console with valid credentials\n- Client Credentials need to be stored in Microsoft Sentinel account for the tenant\n\n**Step 1: Register the Service Account**\n1. Go to **Illumio Console → Access → Service Accounts**\n2. Create a service account for the tenant\n3. Once you create a service account, you will receive the client credentials\n4. Copy the **Username** (API Key) and the **Secret**\n\n**Step 2: Add Client Credentials to Sentinel Account**\n- Add the API key and secret to Sentinel Account for tenant authentication\n- These credentials will be used to authenticate calls to the Illumio SaaS API\n\n**Step 3: API Usage**\nThe connector will use these credentials to call the Illumio SaaS API:\n- **Endpoint**: `GET https://gw.console.illum.io/api/v1/resource-insights`\n- **Required Headers**: \n - `x-illumio-tenant-id`: Your Illumio tenant ID\n - `x-auth-key`: The API key obtained from step 1\n - `x-auth-X-api-secret`: The secret key obtained from step 1\n\n**Authentication Validation**\nIllumio validates the request against:\n- Signature against Entra ID's public keys\n- Audience (aud) matches your API's App ID URI\n- Issuer validation\n\nPlease fill in the required fields below with the credentials obtained from the Illumio Console:"
64+
"content": "#### Configuration steps for the Illumio Insights Connector\n\n**Prerequisites**\n- Register and Login to Illumio Console with valid credentials\n- Purchase Illumio Insights or Start a free Trial for Illumio Insights\n\n**Step 1: Register the Service Account**\n1. Go to **Illumio Console → Access → Service Accounts**\n2. Create a service account for the tenant\n3. Once you create a service account, you will receive the client credentials\n4. Copy the **auth_username** (Illumio Insights API Key) and the **Secret** (API Secret)\n\n**Step 2: Add Client Credentials to Sentinel Account**\n- Add the API key and secret to Sentinel Account for tenant authentication\n- These credentials will be used to authenticate calls to the Illumio SaaS API\n\nPlease fill in the required fields below with the credentials obtained from the Illumio Console:"
6765
}
6866
},
6967
{
@@ -87,7 +85,7 @@
8785
{
8886
"parameters": {
8987
"label": "Illumio Tenant Id",
90-
"placeholder": "{illumioTenantId}",
88+
"placeholder": "{IllumioTenantId - Optional}",
9189
"type": "text",
9290
"name": "illumioTenantId"
9391
},
@@ -100,11 +98,10 @@
10098
},
10199
"type": "ConnectionToggleButton"
102100
}
103-
],
104-
"innerSteps": null
101+
]
105102
}
106103
],
107104
"isConnectivityCriteriasMatchSome": false
108105
}
109106
}
110-
}
107+
}

Solutions/Illumio Insight/Data Connectors/IllumioInsightsSummaryConnector_CCP/IllumioInsightsSummary_ConnectorDefinition.json

Lines changed: 10 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@
1212
"id": "IllumioInsightsSummaryCCP",
1313
"title": "Illumio Insights Summary",
1414
"publisher": "Illumio",
15-
"descriptionMarkdown": "The Illumio Insights Summary data connector provides the capability to ingest [Illumio](https://www.illumio.com/) security insights and threat analysis reports into Microsoft Sentinel through the REST API. Refer to [Illumio API documentation](https://docs.illumio.com/) for more information. The connector provides the ability to get daily and weekly summary reports from Illumio and visualize them in Azure Sentinel.",
15+
"descriptionMarkdown": "The Illumio Insights Summary connector Publishes AI-powered threat discovery and anomaly reports generated by the Illumio Insights Agent. Leveraging the MITRE ATT&CK framework, these reports surface high-fidelity insights into emerging threats and risky behaviors, directly into the Data Lake.",
1616
"graphQueriesTableName": "IllumioInsightsSummary_CL",
1717
"graphQueries": [
1818
{
@@ -69,25 +69,26 @@
6969
"delete": true
7070
}
7171
}
72-
],
73-
"customs": [
74-
{
75-
"name": "Illumio API access",
76-
"description": "**Illumio API** access is required for the Illumio Insights Summary API."
77-
}
7872
]
7973
},
8074
"instructionSteps": [
8175
{
8276
"title": "1. Configuration",
8377
"description": "Configure the Illumio Insights Summary connector.",
8478
"instructions": [
79+
8580
{
8681
"type": "Markdown",
8782
"parameters": {
88-
"content": "> [!NOTE]\n> This data connector depends on a parser based on a Kusto Function to work as expected which is deployed as part of the solution."
83+
"content": "> This data connector may take 24 hrs for the latest report after onboarding"
8984
}
9085
},
86+
{
87+
"type": "Markdown",
88+
"parameters": {
89+
"content": "#### Configuration steps for the Illumio Insights Summary Connector\n\n**Prerequisites**\n- Register and Login to Illumio Console with valid credentials\n- Purchase Illumio Insights or Start a free Trial for Illumio Insights\n- Enable The Illumio Insights Agent\n\n**Step 1: Register the Service Account**\n1. Go to **Illumio Console → Access → Service Accounts**\n2. Create a service account for the tenant\n3. Once you create a service account, you will receive the client credentials\n4. Copy the **auth_username** (Illumio Insights API Key) and the **Secret** (API Secret)\n\n**Step 2: Add Client Credentials to Sentinel Account**\n- Add the API key and secret to Sentinel Account for tenant authentication\n- These credentials will be used to authenticate calls to the Illumio SaaS API \n\nPlease fill in the required fields below with the credentials obtained from the Illumio Console:"
90+
}
91+
},
9192
{
9293
"type": "Textbox",
9394
"parameters": {
@@ -110,7 +111,7 @@
110111
"type": "Textbox",
111112
"parameters": {
112113
"label": "Illumio Tenant ID",
113-
"placeholder": "{illumioTenantId}",
114+
"placeholder": "{IllumioTenantId - Optional}",
114115
"type": "text",
115116
"name": "illumioTenantId"
116117
}

Solutions/Illumio Insight/Data Connectors/IllumioInsightsSummaryConnector_CCP/IllumioInsightsSummary_PollingConfig.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@
1616
"apiEndpoint": "https://gw.console.illum.io/api/v1/insights-summary",
1717
"httpMethod": "GET",
1818
"rateLimitQPS": 10,
19-
"queryWindowInMin": 120,
19+
"queryWindowInMin": 360,
2020
"retryCount": 3,
2121
"timeoutInSeconds": 60,
2222
"headers": {

Solutions/Illumio Insight/Data/Solution_IllumioInsights.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88
"Solutions/Illumio Insight/Data Connectors/IllumioInsightsSummaryConnector_CCP/IllumioInsightsSummary_ConnectorDefinition.json"
99
],
1010
"BasePath": "C:\\GitHub\\Azure-Sentinel",
11-
"Version": "3.3.1",
11+
"Version": "3.3.2",
1212
"Metadata": "SolutionMetadata.json",
1313
"TemplateSpec": true,
1414
"Is1PConnector": false
7.94 KB
Binary file not shown.

Solutions/Illumio Insight/Package/createUiDefinition.json

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -60,7 +60,7 @@
6060
"name": "dataconnectors1-text",
6161
"type": "Microsoft.Common.TextBlock",
6262
"options": {
63-
"text": "This Solution installs the data connector for Illumio Insight. You can get Illumio Insights data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
63+
"text": "This Solution installs the data connector for Illumio Insights. You can get Illumio Insights data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
6464
}
6565
},
6666
{
@@ -77,7 +77,7 @@
7777
"name": "dataconnectors2-text",
7878
"type": "Microsoft.Common.TextBlock",
7979
"options": {
80-
"text": "This Solution installs the data connector for Illumio Insight. You can get Illumio Insights Summary data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
80+
"text": "This Solution installs the data connector for Illumio Insights Summary. You can get Illumio Insights Summary data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
8181
}
8282
},
8383
{

0 commit comments

Comments
 (0)