fuqing04
diff --git a/‎Solutions/TheHive/Data Connectors/CCF/PollingConfig.json‎
Lines changed: 45 additions & 47 deletions b/‎Solutions/TheHive/Data Connectors/CCF/PollingConfig.json‎
Lines changed: 45 additions & 47 deletions
diff --git a/‎Solutions/TheHive/Package/3.0.1.zip‎
581 Bytes b/‎Solutions/TheHive/Package/3.0.1.zip‎
581 Bytes
diff --git a/‎Solutions/TheHive/Package/createUiDefinition.json‎
Lines changed: 113 additions & 113 deletions b/‎Solutions/TheHive/Package/createUiDefinition.json‎
Lines changed: 113 additions & 113 deletions
@@ -1,47 +1,45 @@
-{
-  "type": "Microsoft.SecurityInsights/dataConnectors",
-  "apiVersion": "2022-10-01-preview",
-  "name": "dataPoller",
-  "location": "{{location}}",
-  "kind": "RestApiPoller",
-  "properties": {
-    "auth": {
-      "type": "APIKey",
-      "ApiKey": "[[parameters('apiKey')]",
-      "ApiKeyName": "Authorization",
-      "ApiKeyIdentifier": "Bearer"
-    },
-    "request": {
-      "apiEndpoint": "[[concat(parameters('theHiveBaseUrl'),'/api/v1/query')]",
-      "httpMethod": "POST",
-      "queryWindowInMin": 5,
-      "queryTimeFormat": "UnixTimestampInMills",
-      "retryCount": 4,
-      "timeoutInSeconds": 30,
-      "isPostPayloadJson": true,
-      "headers": {
-        "Content-Type": "application/json"
-      },
-      "queryParametersTemplate": "{\r\n    \"query\": [\r\n        {\"_name\": \"listAny\"},\r\n        {\r\n            \"_name\": \"filter\",\r\n            \"_or\": [\r\n                {\r\n                    \"_and\": [\r\n                        {\"_gte\": {\"_field\": \"_updatedAt\", \"_value\": {_QueryWindowStartTime} } },\r\n                        {\"_lt\": {\"_field\": \"_updatedAt\", \"_value\": {_QueryWindowEndTime} } }\r\n                    ]\r\n                },\r\n                {\r\n                    \"_and\": [\r\n                        {\"_gte\": {\"_field\": \"_createdAt\", \"_value\": {_QueryWindowStartTime} } },\r\n                        {\"_lt\": {\"_field\": \"_createdAt\", \"_value\": {_QueryWindowEndTime} } }\r\n                    ]\r\n                }\r\n            ]\r\n        },\r\n        {\"from\": 0, \"to\": 100, \"_name\": \"page\"}\r\n    ],\r\n    \"excludeFields\": []\r\n}"
-    },
-    "response": {
-      "eventsJsonPaths": [
-        "$[*]"
-      ],
-      "format": "json"
-    },
-    "paging": {
-      "pagingType": "Offset",
-      "offsetParaName": "$.query[2].from",
-      "offsetEndParaName": "$.query[2].to",
-      "pageSize": 100
-    },
-    "connectorDefinitionName": "TheHiveConnector",
-    "dataType": "TheHiveData",
-    "dcrConfig": {
-      "streamName": "Custom-TheHiveData_CL",
-      "dataCollectionEndpoint": "{{dataCollectionEndpoint}}",
-      "dataCollectionRuleImmutableId": "{{dataCollectionRuleImmutableId}}"
-    }
-  }
-}
+{
+  "type": "Microsoft.SecurityInsights/dataConnectors",
+  "apiVersion": "2022-10-01-preview",
+  "name": "dataPoller",
+  "location": "{{location}}",
+  "kind": "RestApiPoller",
+  "properties": {
+    "auth": {
+      "type": "APIKey",
+      "ApiKey": "[[parameters('apiKey')]",
+      "ApiKeyName": "Authorization",
+      "ApiKeyIdentifier": "Bearer"
+    },
+    "request": {
+      "apiEndpoint": "[[concat(parameters('theHiveBaseUrl'),'/api/v1/query')]",
+      "httpMethod": "POST",
+      "queryWindowInMin": 5,
+      "queryTimeFormat": "UnixTimestampInMills",
+      "retryCount": 4,
+      "timeoutInSeconds": 30,
+      "isPostPayloadJson": true,
+      "headers": {
+        "Content-Type": "application/json"
+      },
+      "queryParametersTemplate": "{\r\n    \"query\": [\r\n        {\"_name\": \"listAny\"},\r\n        {\r\n            \"_name\": \"filter\",\r\n            \"_or\": [\r\n                {\r\n                    \"_and\": [\r\n                        {\"_gte\": {\"_field\": \"_updatedAt\", \"_value\": {_QueryWindowStartTime} } },\r\n                        {\"_lt\": {\"_field\": \"_updatedAt\", \"_value\": {_QueryWindowEndTime} } }\r\n                    ]\r\n                },\r\n                {\r\n                    \"_and\": [\r\n                        {\"_gte\": {\"_field\": \"_createdAt\", \"_value\": {_QueryWindowStartTime} } },\r\n                        {\"_lt\": {\"_field\": \"_createdAt\", \"_value\": {_QueryWindowEndTime} } }\r\n                    ]\r\n                }\r\n            ]\r\n        },\r\n        {\"from\": 0, \"to\": 100, \"_name\": \"page\"}\r\n    ]}"
+    },
+    "response": {
+      "eventsJsonPaths": ["$[*]"],
+      "format": "json"
+    },
+    "paging": {
+      "pagingType": "Offset",
+      "offsetParaName": "$.query[2].from",
+      "offsetEndParaName": "$.query[2].to",
+      "pageSize": 100
+    },
+    "connectorDefinitionName": "TheHiveConnector",
+    "dataType": "TheHiveData",
+    "dcrConfig": {
+      "streamName": "Custom-TheHiveData_CL",
+      "dataCollectionEndpoint": "{{dataCollectionEndpoint}}",
+      "dataCollectionRuleImmutableId": "{{dataCollectionRuleImmutableId}}"
+    }
+  }
+}
@@ -1,113 +1,113 @@
-{
-  "$schema": "https://schema.management.azure.com/schemas/0.1.2-preview/CreateUIDefinition.MultiVm.json#",
-  "handler": "Microsoft.Azure.CreateUIDef",
-  "version": "0.1.2-preview",
-  "parameters": {
-    "config": {
-      "isWizard": false,
-      "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/TheHive/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\n[TheHive](http://thehive-project.org/) solution provides the capability to ingest common The Hive events into Microsoft Sentinel through Webhooks. The Hive can notify external system of modification events (case creation, alert update, task assignment) in real time. When a change occurs in The Hive, an HTTPS POST request with event information is sent to a callback data connector URL.  Refer to [Webhooks documentation](https://docs.thehive-project.org/thehive/legacy/thehive3/admin/webhooks/) for more information.\r\n \r\n**Underlying Microsoft Technologies used:**\n\nThis solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs: \r\n \r\n a. [Azure Monitor HTTP Data Collector API](https://docs.microsoft.com/azure/azure-monitor/logs/data-collector-api) b. [Azure Functions ](https://azure.microsoft.com/services/functions/#overview)\n\n**Data Connectors:** 1, **Parsers:** 1, **Custom Azure Logic Apps Connectors:** 1, **Playbooks:** 3\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
-        "subscription": {
-          "resourceProviders": [
-            "Microsoft.OperationsManagement/solutions",
-            "Microsoft.OperationalInsights/workspaces/providers/alertRules",
-            "Microsoft.Insights/workbooks",
-            "Microsoft.Logic/workflows"
-          ]
-        },
-        "location": {
-          "metadata": {
-            "hidden": "Hiding location, we get it from the log analytics workspace"
-          },
-          "visible": false
-        },
-        "resourceGroup": {
-          "allowExisting": true
-        }
-      }
-    },
-    "basics": [
-      {
-        "name": "getLAWorkspace",
-        "type": "Microsoft.Solutions.ArmApiControl",
-        "toolTip": "This filters by workspaces that exist in the Resource Group selected",
-        "condition": "[greater(length(resourceGroup().name),0)]",
-        "request": {
-          "method": "GET",
-          "path": "[concat(subscription().id,'/providers/Microsoft.OperationalInsights/workspaces?api-version=2020-08-01')]"
-        }
-      },
-      {
-        "name": "workspace",
-        "type": "Microsoft.Common.DropDown",
-        "label": "Workspace",
-        "placeholder": "Select a workspace",
-        "toolTip": "This dropdown will list only workspace that exists in the Resource Group selected",
-        "constraints": {
-          "allowedValues": "[map(filter(basics('getLAWorkspace').value, (filter) => contains(toLower(filter.id), toLower(resourceGroup().name))), (item) => parse(concat('{\"label\":\"', item.name, '\",\"value\":\"', item.name, '\"}')))]",
-          "required": true
-        },
-        "visible": true
-      }
-    ],
-    "steps": [
-      {
-        "name": "dataconnectors",
-        "label": "Data Connectors",
-        "bladeTitle": "Data Connectors",
-        "elements": [
-          {
-            "name": "dataconnectors1-text",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
-              "text": "This Solution installs the data connector for TheHive (via Codeless Connector Framework). You can get TheHive (via Codeless Connector Framework) data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
-            }
-          },
-          {
-            "name": "dataconnectors-link1",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
-              "link": {
-                "label": "Learn more about connecting data sources",
-                "uri": "https://docs.microsoft.com/azure/sentinel/connect-data-sources"
-              }
-            }
-          }
-        ]
-      },
-      {
-        "name": "playbooks",
-        "label": "Playbooks",
-        "subLabel": {
-          "preValidation": "Configure the playbooks",
-          "postValidation": "Done"
-        },
-        "bladeTitle": "Playbooks",
-        "elements": [
-          {
-            "name": "playbooks-text",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
-              "text": "This solution installs the Playbook templates to help implement your Security Orchestration, Automation and Response (SOAR) operations. After installing the solution, these will be deployed under Playbook Templates in the Automation blade in Microsoft Sentinel. They can be configured and managed from the Manage solution view in Content Hub."
-            }
-          },
-          {
-            "name": "playbooks-link",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
-              "link": {
-                "label": "Learn more",
-                "uri": "https://docs.microsoft.com/azure/sentinel/tutorial-respond-threats-playbook?WT.mc_id=Portal-Microsoft_Azure_CreateUIDef"
-              }
-            }
-          }
-        ]
-      }
-    ],
-    "outputs": {
-      "workspace-location": "[first(map(filter(basics('getLAWorkspace').value, (filter) => and(contains(toLower(filter.id), toLower(resourceGroup().name)),equals(filter.name,basics('workspace')))), (item) => item.location))]",
-      "location": "[location()]",
-      "workspace": "[basics('workspace')]"
-    }
-  }
-}
+{
+  "$schema": "https://schema.management.azure.com/schemas/0.1.2-preview/CreateUIDefinition.MultiVm.json#",
+  "handler": "Microsoft.Azure.CreateUIDef",
+  "version": "0.1.2-preview",
+  "parameters": {
+    "config": {
+      "isWizard": false,
+      "basics": {
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/TheHive/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\n[TheHive](http://thehive-project.org/) solution provides the capability to ingest common The Hive events into Microsoft Sentinel through Webhooks. The Hive can notify external system of modification events (case creation, alert update, task assignment) in real time. When a change occurs in The Hive, an HTTPS POST request with event information is sent to a callback data connector URL.  Refer to [Webhooks documentation](https://docs.thehive-project.org/thehive/legacy/thehive3/admin/webhooks/) for more information.\r\n \r\n**Underlying Microsoft Technologies used:**\n\nThis solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs: \r\n \r\n a. [Azure Monitor HTTP Data Collector API](https://docs.microsoft.com/azure/azure-monitor/logs/data-collector-api) b. [Azure Functions ](https://azure.microsoft.com/services/functions/#overview)\n\n**Data Connectors:** 1, **Parsers:** 1, **Custom Azure Logic Apps Connectors:** 1, **Playbooks:** 3\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "subscription": {
+          "resourceProviders": [
+            "Microsoft.OperationsManagement/solutions",
+            "Microsoft.OperationalInsights/workspaces/providers/alertRules",
+            "Microsoft.Insights/workbooks",
+            "Microsoft.Logic/workflows"
+          ]
+        },
+        "location": {
+          "metadata": {
+            "hidden": "Hiding location, we get it from the log analytics workspace"
+          },
+          "visible": false
+        },
+        "resourceGroup": {
+          "allowExisting": true
+        }
+      }
+    },
+    "basics": [
+      {
+        "name": "getLAWorkspace",
+        "type": "Microsoft.Solutions.ArmApiControl",
+        "toolTip": "This filters by workspaces that exist in the Resource Group selected",
+        "condition": "[greater(length(resourceGroup().name),0)]",
+        "request": {
+          "method": "GET",
+          "path": "[concat(subscription().id,'/providers/Microsoft.OperationalInsights/workspaces?api-version=2020-08-01')]"
+        }
+      },
+      {
+        "name": "workspace",
+        "type": "Microsoft.Common.DropDown",
+        "label": "Workspace",
+        "placeholder": "Select a workspace",
+        "toolTip": "This dropdown will list only workspace that exists in the Resource Group selected",
+        "constraints": {
+          "allowedValues": "[map(filter(basics('getLAWorkspace').value, (filter) => contains(toLower(filter.id), toLower(resourceGroup().name))), (item) => parse(concat('{\"label\":\"', item.name, '\",\"value\":\"', item.name, '\"}')))]",
+          "required": true
+        },
+        "visible": true
+      }
+    ],
+    "steps": [
+      {
+        "name": "dataconnectors",
+        "label": "Data Connectors",
+        "bladeTitle": "Data Connectors",
+        "elements": [
+          {
+            "name": "dataconnectors1-text",
+            "type": "Microsoft.Common.TextBlock",
+            "options": {
+              "text": "This Solution installs the data connector for TheHive (via Codeless Connector Framework). You can get TheHive (via Codeless Connector Framework) data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
+            }
+          },
+          {
+            "name": "dataconnectors-link1",
+            "type": "Microsoft.Common.TextBlock",
+            "options": {
+              "link": {
+                "label": "Learn more about connecting data sources",
+                "uri": "https://docs.microsoft.com/azure/sentinel/connect-data-sources"
+              }
+            }
+          }
+        ]
+      },
+      {
+        "name": "playbooks",
+        "label": "Playbooks",
+        "subLabel": {
+          "preValidation": "Configure the playbooks",
+          "postValidation": "Done"
+        },
+        "bladeTitle": "Playbooks",
+        "elements": [
+          {
+            "name": "playbooks-text",
+            "type": "Microsoft.Common.TextBlock",
+            "options": {
+              "text": "This solution installs the Playbook templates to help implement your Security Orchestration, Automation and Response (SOAR) operations. After installing the solution, these will be deployed under Playbook Templates in the Automation blade in Microsoft Sentinel. They can be configured and managed from the Manage solution view in Content Hub."
+            }
+          },
+          {
+            "name": "playbooks-link",
+            "type": "Microsoft.Common.TextBlock",
+            "options": {
+              "link": {
+                "label": "Learn more",
+                "uri": "https://docs.microsoft.com/azure/sentinel/tutorial-respond-threats-playbook?WT.mc_id=Portal-Microsoft_Azure_CreateUIDef"
+              }
+            }
+          }
+        ]
+      }
+    ],
+    "outputs": {
+      "workspace-location": "[first(map(filter(basics('getLAWorkspace').value, (filter) => and(contains(toLower(filter.id), toLower(resourceGroup().name)),equals(filter.name,basics('workspace')))), (item) => item.location))]",
+      "location": "[location()]",
+      "workspace": "[basics('workspace')]"
+    }
+  }
+}