|
1 | 1 | { |
2 | 2 | "name": "OCI-Connector-CCP-Definition", |
3 | | - "apiVersion": "2024-09-01", |
| 3 | + "apiVersion": "2022-09-01-preview", |
4 | 4 | "type": "Microsoft.SecurityInsights/dataConnectorDefinitions", |
5 | 5 | "location": "{{location}}", |
6 | 6 | "kind": "Customizable", |
|
21 | 21 | "sampleQueries": [ |
22 | 22 | { |
23 | 23 | "description": "All OCI Events", |
24 | | - "query": "{{graphQueriesTableName}} \n| sort by TimeGenerated desc" |
| 24 | + "query": "{{graphQueriesTableName}}\n| sort by TimeGenerated desc" |
25 | 25 | }, |
26 | 26 | { |
27 | 27 | "description": "Get Sample of OCI Events", |
28 | | - "query": "{{graphQueriesTableName}} \n | take 10" |
| 28 | + "query": "{{graphQueriesTableName}}\n| take 10" |
29 | 29 | } |
30 | 30 | ], |
31 | 31 | "dataTypes": [ |
32 | 32 | { |
33 | | - "name": "{{graphQueriesTableName}}", |
34 | | - "lastDataReceivedQuery": "{{graphQueriesTableName}} \n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" |
| 33 | + "name": "OCI_LogsV2_CL", |
| 34 | + "lastDataReceivedQuery": "OCI_LogsV2_CL\n| where TimeGenerated > ago(12h)\n| summarize Time = max(TimeGenerated)\n| where isnotempty(Time)" |
35 | 35 | } |
36 | 36 | ], |
37 | 37 | "connectivityCriteria": [ |
38 | 38 | { |
39 | 39 | "type": "HasDataConnectors" |
40 | 40 | } |
41 | 41 | ], |
| 42 | + "availability": { |
| 43 | + "isPreview": false, |
| 44 | + "status": 1 |
| 45 | + }, |
42 | 46 | "permissions": { |
43 | 47 | "resourceProvider": [ |
44 | 48 | { |
|
49 | 53 | "requiredPermissions": { |
50 | 54 | "write": true, |
51 | 55 | "read": true, |
52 | | - "delete": true |
| 56 | + "delete": true, |
| 57 | + "action": false |
53 | 58 | } |
54 | 59 | } |
55 | 60 | ], |
|
63 | 68 | "instructionSteps": [ |
64 | 69 | { |
65 | 70 | "title": "Connect to OCI Streaming API to start collecting Event logs in Microsoft Sentinel", |
66 | | - "description": "1) Log in to the OCI console and access the navigation menu.\n2) In the navigation menu, go to \"Analytics & AI\" → \"Streaming\".\n3) Click \"Create Stream\".\n4) Select an existing \"Stream Pool\" or create a new one.\n5) Enter the following details:\n - \"Stream Name\"\n - \"Retention\"\n - \"Number of Partitions\"\n - \"Total Write Rate\"\n - \"Total Read Rate\" (based on your data volume)\n6) In the navigation menu, go to \"Logging\" → \"Service Connectors\".\n7) Click \"Create Service Connector\".\n8) Enter the following details:\n - \"Connector Name\"\n - \"Description\"\n - \"Resource Compartment\"\n9) Select the \"Source\": \"Logging\".\n10) Select the \"Target\": \"Streaming\".\n11) (Optional) Configure \"Log Group\", \"Filters\", or use a \"custom search query\" to stream only the required logs.\n12) Configure the \"Target\" by selecting the previously created stream.\n13) Click \"Create\".\n14) Follow the documentation to create a [Private Key and API Key Configuration File](https://docs.oracle.com/en-us/iaas/Content/API/Concepts/apisigningkey.htm).\n\r Note : The connector only supports ingesting data from one partition ID at a time, and that ID must be a single-digit number (e.g., 0, 1, or 2).\n ", |
| 71 | + "description": "1) Log in to the OCI console and access the navigation menu.\n2) In the navigation menu, go to \"Analytics & AI\" -> \"Streaming\".\n3) Click \"Create Stream\".\n4) Select an existing \"Stream Pool\" or create a new one.\n5) Enter the following details:\n - \"Stream Name\"\n - \"Retention\"\n - \"Number of Partitions\"\n - \"Total Write Rate\"\n - \"Total Read Rate\" (based on your data volume)\n6) In the navigation menu, go to \"Logging\" -> \"Service Connectors\".\n7) Click \"Create Service Connector\".\n8) Enter the following details:\n - \"Connector Name\"\n - \"Description\"\n - \"Resource Compartment\"\n9) Select the \"Source\": \"Logging\".\n10) Select the \"Target\": \"Streaming\".\n11) (Optional) Configure \"Log Group\", \"Filters\", or use a \"custom search query\" to stream only the required logs.\n12) Configure the \"Target\" by selecting the previously created stream.\n13) Click \"Create\".\n14) Follow the documentation to create a [Private Key and API Key Configuration File](https://docs.oracle.com/en-us/iaas/Content/API/Concepts/apisigningkey.htm).\n\r", |
67 | 72 | "instructions": [ |
68 | 73 | { |
69 | | - "type": "Textbox", |
70 | | - "parameters": { |
71 | | - "label": "Stream OCID", |
72 | | - "required": true, |
73 | | - "placeholder": "Provide the OCI Stream OCID (E.g. ocid1.stream.oc1..xxxxxxEXAMPLExxxxxx)", |
74 | | - "type": "text", |
75 | | - "name": "streamId" |
76 | | - } |
77 | | - }, |
78 | | - { |
79 | | - "type": "Textbox", |
| 74 | + "type": "DataConnectorsGrid", |
80 | 75 | "parameters": { |
81 | | - "label": "Service Endpoint Base URL", |
82 | | - "required": true, |
83 | | - "placeholder": "Provide the Service Endpoint Base URL: (https://cell-1.streaming.ap-hyderabad-1.oci.oraclecloud.com)", |
84 | | - "type": "text", |
85 | | - "name": "serviceEndpointBaseUrl" |
86 | | - } |
87 | | - }, |
88 | | - { |
89 | | - "type": "Dropdown", |
90 | | - "parameters": { |
91 | | - "label": "Cursor Type", |
92 | | - "name": "cursorType", |
93 | | - "required": true, |
94 | | - "type": "text", |
95 | | - "placeholder": "Select Cursor Type", |
96 | | - "options": [ |
| 76 | + "mapping": [ |
| 77 | + { |
| 78 | + "columnName": "Tenant Id", |
| 79 | + "columnValue": "properties.auth.tenantId" |
| 80 | + }, |
97 | 81 | { |
98 | | - "key": "IndividualCursor", |
99 | | - "text": "Individual Cursor" |
| 82 | + "columnName": "Stream", |
| 83 | + "columnValue": "properties.request.streamId" |
| 84 | + }, |
| 85 | + { |
| 86 | + "columnName": "Partition", |
| 87 | + "columnValue": "properties.request.partitions" |
100 | 88 | } |
| 89 | + ], |
| 90 | + "menuItems": [ |
| 91 | + "DeleteConnector" |
101 | 92 | ] |
102 | 93 | } |
103 | 94 | }, |
104 | 95 | { |
105 | | - "type": "Textbox", |
106 | | - "parameters": { |
107 | | - "label": "Partition Id", |
108 | | - "required": true, |
109 | | - "placeholder": "Provide the Partition Id. (E.g. 0 or 1 or 2)", |
110 | | - "type": "text", |
111 | | - "name": "partitions", |
112 | | - "description": "The partition ID uses zero-based indexing. For example, if a stream has 3 partitions, the valid partition IDs are 0, 1, or 2." |
113 | | - } |
114 | | - }, |
115 | | - { |
116 | | - "type": "Textbox", |
117 | | - "parameters": { |
118 | | - "label": "Tenant ID", |
119 | | - "required": true, |
120 | | - "placeholder": "OCI Tenant ID (E.g. ocid1.tenancy.oc1..xxxxxxEXAMPLExxxxxx)", |
121 | | - "type": "text", |
122 | | - "name": "tenantId" |
123 | | - } |
124 | | - }, |
125 | | - { |
126 | | - "type": "Textbox", |
| 96 | + "type": "ContextPane", |
127 | 97 | "parameters": { |
128 | | - "label": "User ID", |
129 | | - "required": true, |
130 | | - "placeholder": "Provide the User Id. (E.g. ocid1.user.oc1..xxxxxxEXAMPLExxxxxx)", |
131 | | - "type": "text", |
132 | | - "name": "userId" |
133 | | - } |
134 | | - }, |
135 | | - { |
136 | | - "type": "Textbox", |
137 | | - "parameters": { |
138 | | - "label": "Pem File Content", |
139 | | - "required": true, |
140 | | - "placeholder": "Provide the Pem File content.", |
141 | | - "type": "password", |
142 | | - "name": "pemFile" |
143 | | - } |
144 | | - }, |
145 | | - { |
146 | | - "type": "Textbox", |
147 | | - "parameters": { |
148 | | - "label": "Pass Phrase", |
149 | | - "required": false, |
150 | | - "placeholder": "Provide the pass phrase for the Pem File Content. (Optional)", |
151 | | - "type": "password", |
152 | | - "name": "passPhrase" |
153 | | - } |
154 | | - }, |
155 | | - { |
156 | | - "type": "Textbox", |
157 | | - "parameters": { |
158 | | - "label": "Fingerprint", |
159 | | - "required": true, |
160 | | - "placeholder": "Provide the fingerprint for the Pem File Content. (E.g. 12:34:56:78:90:AB:CD:EF:GH:IJ:KL:MN:OP)", |
161 | | - "type": "password", |
162 | | - "name": "publicFingerprint" |
163 | | - } |
164 | | - }, |
165 | | - { |
166 | | - "type": "ConnectionToggleButton", |
167 | | - "parameters": { |
168 | | - "connectLabel": "Connect", |
169 | | - "name": "Connect" |
| 98 | + "label": "Add stream", |
| 99 | + "title": "Add Oracle Cloud Infrastructure Data Stream", |
| 100 | + "subtitle": "Connect to Oracle Cloud Infrastructure Data", |
| 101 | + "contextPaneType": "DataConnectorsContextPane", |
| 102 | + "instructionSteps": [ |
| 103 | + { |
| 104 | + "instructions": [ |
| 105 | + { |
| 106 | + "type": "Textbox", |
| 107 | + "parameters": { |
| 108 | + "label": "Stream OCID", |
| 109 | + "placeholder": "Provide the OCI Stream OCID (E.g. ocid1.stream.oc1..xxxxxxEXAMPLExxxxxx)", |
| 110 | + "type": "text", |
| 111 | + "name": "streamId", |
| 112 | + "validations": { |
| 113 | + "required": true |
| 114 | + } |
| 115 | + } |
| 116 | + }, |
| 117 | + { |
| 118 | + "type": "Textbox", |
| 119 | + "parameters": { |
| 120 | + "label": "Public Message Endpoint of the stream (Service Endpoint Base URL)", |
| 121 | + "placeholder": "Provide the Service Endpoint Base URL: (https://cell-1.streaming.ap-hyderabad-1.oci.oraclecloud.com)", |
| 122 | + "type": "text", |
| 123 | + "name": "serviceEndpointBaseUrl", |
| 124 | + "validations": { |
| 125 | + "required": true |
| 126 | + } |
| 127 | + } |
| 128 | + }, |
| 129 | + { |
| 130 | + "type": "Dropdown", |
| 131 | + "parameters": { |
| 132 | + "label": "Cursor Type", |
| 133 | + "name": "cursorType", |
| 134 | + "options": [ |
| 135 | + { |
| 136 | + "key": "IndividualCursor", |
| 137 | + "text": "Individual Cursor" |
| 138 | + } |
| 139 | + ], |
| 140 | + "required": true |
| 141 | + } |
| 142 | + }, |
| 143 | + { |
| 144 | + "type": "InfoMessage", |
| 145 | + "parameters": { |
| 146 | + "text": "The partition ID uses zero-based indexing. For example, if a stream has 3 partitions, the valid partition IDs are 0, 1, or 2." |
| 147 | + } |
| 148 | + }, |
| 149 | + { |
| 150 | + "type": "Textbox", |
| 151 | + "parameters": { |
| 152 | + "label": "Partition Id", |
| 153 | + "placeholder": "Provide the Partition Id. (E.g. 0 or 1 or 2)", |
| 154 | + "type": "text", |
| 155 | + "name": "partitions", |
| 156 | + "validations": { |
| 157 | + "required": true |
| 158 | + } |
| 159 | + } |
| 160 | + }, |
| 161 | + { |
| 162 | + "type": "Textbox", |
| 163 | + "parameters": { |
| 164 | + "label": "Tenant ID", |
| 165 | + "placeholder": "OCI Tenant ID (E.g. ocid1.tenancy.oc1..xxxxxxEXAMPLExxxxxx)", |
| 166 | + "type": "text", |
| 167 | + "name": "tenantId", |
| 168 | + "validations": { |
| 169 | + "required": true |
| 170 | + } |
| 171 | + } |
| 172 | + }, |
| 173 | + { |
| 174 | + "type": "Textbox", |
| 175 | + "parameters": { |
| 176 | + "label": "User ID", |
| 177 | + "placeholder": "Provide the User Id. (E.g. ocid1.user.oc1..xxxxxxEXAMPLExxxxxx)", |
| 178 | + "type": "text", |
| 179 | + "name": "userId", |
| 180 | + "validations": { |
| 181 | + "required": true |
| 182 | + } |
| 183 | + } |
| 184 | + }, |
| 185 | + { |
| 186 | + "type": "Textbox", |
| 187 | + "parameters": { |
| 188 | + "label": "Pem File Content", |
| 189 | + "placeholder": "Provide the Pem File content.", |
| 190 | + "type": "password", |
| 191 | + "name": "pemFile", |
| 192 | + "validations": { |
| 193 | + "required": true |
| 194 | + } |
| 195 | + } |
| 196 | + }, |
| 197 | + { |
| 198 | + "type": "Textbox", |
| 199 | + "parameters": { |
| 200 | + "label": "Fingerprint", |
| 201 | + "placeholder": "Provide the fingerprint for the Pem File Content. (E.g. 12:34:56:78:90:AB:CD:EF:GH:IJ:KL:MN:OP)", |
| 202 | + "type": "password", |
| 203 | + "name": "publicFingerprint", |
| 204 | + "validations": { |
| 205 | + "required": true |
| 206 | + } |
| 207 | + } |
| 208 | + }, |
| 209 | + { |
| 210 | + "type": "InfoMessage", |
| 211 | + "parameters": { |
| 212 | + "text": "If your PEM file is not encrypted, leave Pass Phrase as blank." |
| 213 | + } |
| 214 | + }, |
| 215 | + { |
| 216 | + "type": "Textbox", |
| 217 | + "parameters": { |
| 218 | + "label": "Pem File Pass Phrase", |
| 219 | + "placeholder": "Just Leave blank If not encrypted)", |
| 220 | + "type": "password", |
| 221 | + "name": "passPhrase" |
| 222 | + } |
| 223 | + } |
| 224 | + ] |
| 225 | + } |
| 226 | + ] |
170 | 227 | } |
171 | 228 | } |
172 | 229 | ] |
|
0 commit comments