Azure-Sentinel-NetClean/Solutions/NetClean ProActive/Data Connectors/Connector_NetClean.json at e0061ccfd2efb6ea34859d6ec6c937b57909b370 · NCstevenB/Azure-Sentinel-NetClean · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
{
    "id": "Netclean_ProActive_Incidents",
    "title": "Netclean ProActive Incidents",
    "publisher": "NetClean Technologies",
    "descriptionMarkdown": "This connector uses the Netclean Webhook (required) and Logic Apps to push data into Microsoft Sentinel Log Analytics",
    "graphQueries": [
        {
            "metricName": "Total data received",
            "legend": "Netclean_Incidents_CL",
            "baseQuery": "Netclean_Incidents_CL"
        }
    ],
    "sampleQueries": [
        {
            "description" : "Netclean - All Activities.",
            "query": "Netclean_Incidents_CL | sort by TimeGenerated desc"
        }
    ],
    "dataTypes": [
        {
            "name": "Netclean_Incidents_CL",
            "lastDataReceivedQuery": "Netclean_Incidents_CL\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
        }
    ],
    "connectivityCriterias": [
        {
            "type": "IsConnectedQuery",
            "value": [
                "Netclean_Incidents_CL\n            | summarize LastLogReceived = max(TimeGenerated)\n            | project IsConnected = LastLogReceived > ago(30d)"
            ]
        }
    ],
    "availability": {
        "status": 1,
        "isPreview": true
    },
    "permissions": {
        "resourceProvider": [
            {
                "provider": "Microsoft.OperationalInsights/workspaces",
                "permissionsDisplayText": "read and write permissions are required.",
                "providerDisplayName": "Workspace",
                "scope": "Workspace",
                "requiredPermissions": {
                    "write": true,
                    "read": true,
                    "delete": true
                }
            },
            {
                "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
                "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
                "providerDisplayName": "Keys",
                "scope": "Workspace",
                "requiredPermissions": {
                    "action": true
                }
            }
        ]

    },
    "instructionSteps": [
        {
            "title": "",
            "description": ">**NOTE:** NetClean ProActive uses a Webhook to expose incident data, Azure Logic Apps is used to receive and push data to Log Analytics This might result in additional data ingestion costs.\n It's possible to test this without Logic Apps or NetClean Proactive see option 2",
            "instructions": [
                {
                    "parameters": {
                        "fillWith": [
                            "WorkspaceId"
                        ],
                        "label": "Workspace ID"
                    },
                    "type": "CopyableLabel"
                },
                {
                    "parameters": {
                        "fillWith": [
                            "PrimaryKey"
                        ],
                        "label": "Primary Key"
                    },
                    "type": "CopyableLabel"
                }
                ]

            },
        {
            "description" : "1. Create a new logic app\n Use When a HTTP request is recived as the Trigger and save it. It will now have generated a URL that can be used in the ProActive webconsole configuration.\n Add an action:\n Select the Azure Log Analytics Data Collector and choose Send Data\n Enter Connection Name, Workspace ID and Workspace Key, you will find the information needed in your Log Analytics workspace under Settings-->Agents-->Log Analytics agent instructions.\n In JSON Request body add @triggerBody(). in Custom Log Name add Netclean_Incidents.",
            "title":" Option 1: Logic app"
        },
        {
            "description":"Ingest data using a api function. please use the script found on\n https://learn.microsoft.com/en-us/azure/azure-monitor/logs/data-collector-api?tabs=powershell \nReplace the CustomerId and SharedKey values with your values\nReplace the content in $json variable to the sample data found here: https://github.com/Azure/Azure-Sentinel/blob/master/Sample%20Data/Custom/Netclean_Incidents_CL.json .\nSet the LogType varible to **Netclean_Incidents_CL**\nRun the script",
            "title":" Option 2 (Testing only)"
        }
    ],
    "metadata": {
        "id": "d6a16a5e-19c0-4599-bbbc-04d6c38b00d4",
        "version": "1.0.0",
        "kind": "dataConnector",
        "source": {
            "kind": "solution",
            "name": "Netclean ProActive Incidents"
        },
        "author": {
            "name": "NetClean"
        },
        "support": {
            "tier": "developer",
            "name": "NetClean support",
            "email": "Support@netclean.com",
            "link":"www.netclean.com"
        }
    }
}