Merge pull request Azure#13001 from Azure/v-sabiraj-sophosEPupdate

Update Sophos Endpoint Protection to version 3.0.6

Author: v-sabiraj

Solutions/Sophos Endpoint Protection/Package/3.0.6.zip

@@ -67,7 +67,7 @@
             "name": "dataconnectors2-text",
             "type": "Microsoft.Common.TextBlock",
             "options": {
-              "text": "This Solution installs the data connector for Sophos Endpoint Protection. You can get Sophos Endpoint Protection data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
+              "text": "This Solution installs the data connector for Sophos Endpoint Protection (using REST API). You can get Sophos Endpoint Protection (using REST API) data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
             }
           },
           {

Solutions/Sophos Endpoint Protection/Package/createUiDefinition.json

@@ -47,7 +47,7 @@
     "email": "support@microsoft.com",
     "_email": "[variables('email')]",
     "_solutionName": "Sophos Endpoint Protection",
-    "_solutionVersion": "3.0.5",
+    "_solutionVersion": "3.0.6",
     "solutionId": "azuresentinel.azure-sentinel-solution-sophosep",
     "_solutionId": "[variables('solutionId')]",
     "parserObject1": {
@@ -86,7 +86,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "SophosEPEvent Data Parser with template version 3.0.5",
+        "description": "SophosEPEvent Data Parser with template version 3.0.6",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('parserObject1').parserVersion1]",
@@ -218,7 +218,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "Sophos Endpoint Protection data connector with template version 3.0.5",
+        "description": "Sophos Endpoint Protection data connector with template version 3.0.6",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('dataConnectorVersion1')]",
@@ -984,6 +984,7 @@
               "apiVersion": "2022-10-01",
               "type": "Microsoft.OperationalInsights/workspaces/tables",
               "location": "[parameters('workspace-location')]",
+              "kind": null,
               "properties": {
                 "schema": {
                   "name": "SophosEPAlerts_CL",
@@ -1067,6 +1068,7 @@
               "apiVersion": "2022-10-01",
               "type": "Microsoft.OperationalInsights/workspaces/tables",
               "location": "[parameters('workspace-location')]",
+              "kind": null,
               "properties": {
                 "schema": {
                   "name": "SophosEPEvents_CL",
@@ -1379,29 +1381,22 @@
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('dataConnectorCCPVersion')]",
           "parameters": {
-            "ClientId": {
-              "defaultValue": "-NA-",
-              "type": "securestring",
-              "minLength": 1
-            },
-            "ClientSecret": {
-              "defaultValue": "-NA-",
-              "type": "securestring",
-              "minLength": 1
+            "guidValue": {
+              "defaultValue": "[[newGuid()]",
+              "type": "securestring"
             },
-            "sophosRegion": {
-              "defaultValue": "Enter sophosRegion value",
-              "type": "string",
-              "minLength": 1
+            "innerWorkspace": {
+              "defaultValue": "[parameters('workspace')]",
+              "type": "securestring"
             },
             "connectorDefinitionName": {
               "defaultValue": "Sophos Endpoint Protection (using REST API)",
-              "type": "string",
+              "type": "securestring",
               "minLength": 1
             },
             "workspace": {
               "defaultValue": "[parameters('workspace')]",
-              "type": "string"
+              "type": "securestring"
             },
             "dcrConfig": {
               "defaultValue": {
@@ -1412,7 +1407,22 @@
             },
             "sophosTenantId": {
               "defaultValue": "sophosTenantId",
-              "type": "string",
+              "type": "securestring",
+              "minLength": 1
+            },
+            "sophosRegion": {
+              "defaultValue": "sophosRegion",
+              "type": "securestring",
+              "minLength": 1
+            },
+            "ClientId": {
+              "defaultValue": "-NA-",
+              "type": "securestring",
+              "minLength": 1
+            },
+            "ClientSecret": {
+              "defaultValue": "-NA-",
+              "type": "securestring",
               "minLength": 1
             },
             "AuthorizationCode": {
@@ -1452,7 +1462,7 @@
               }
             },
             {
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/', 'SophosEndpointProtectionCCPAlertsPolling')]",
+              "name": "[[concat(parameters('innerWorkspace'),'/Microsoft.SecurityInsights/', 'SophosEndpointProtectionCCPAlertsPolling', parameters('guidValue'))]",
               "apiVersion": "2023-02-01-preview",
               "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
               "location": "[parameters('workspace-location')]",
@@ -1467,8 +1477,8 @@
                 },
                 "auth": {
                   "type": "OAuth2",
-                  "ClientSecret": "[[parameters('ClientSecret')]",
-                  "ClientId": "[[parameters('ClientId')]",
+                  "ClientSecret": "[[parameters('clientSecret')]",
+                  "ClientId": "[[parameters('clientId')]",
                   "TokenEndpoint": "https://id.sophos.com/api/v2/oauth2/token",
                   "tokenEndpointHeaders": {
                     "Accept": "application/json",
@@ -1479,7 +1489,7 @@
                   "grantType": "client_credentials"
                 },
                 "request": {
-                  "apiEndpoint": "[[concat('https://api-', parameters('sophosRegion'), '.central.sophos.com/siem/v1/alerts')]",
+                  "apiEndpoint": "[[concat('https://api-',parameters('sophosRegion'),'.central.sophos.com/siem/v1/alerts')]",
                   "rateLimitQPS": 10,
                   "queryWindowInMin": 5,
                   "httpMethod": "GET",
@@ -1506,7 +1516,7 @@
               }
             },
             {
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/', 'SophosEndpointProtectionCCPEventsPolling')]",
+              "name": "[[concat(parameters('innerWorkspace'),'/Microsoft.SecurityInsights/', 'SophosEndpointProtectionCCPEventsPolling', parameters('guidValue'))]",
               "apiVersion": "2023-02-01-preview",
               "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
               "location": "[parameters('workspace-location')]",
@@ -1521,8 +1531,8 @@
                 },
                 "auth": {
                   "type": "OAuth2",
-                  "ClientSecret": "[[parameters('ClientSecret')]",
-                  "ClientId": "[[parameters('ClientId')]",
+                  "ClientSecret": "[[parameters('clientSecret')]",
+                  "ClientId": "[[parameters('clientId')]",
                   "TokenEndpoint": "https://id.sophos.com/api/v2/oauth2/token",
                   "tokenEndpointHeaders": {
                     "Accept": "application/json",
@@ -1533,7 +1543,7 @@
                   "grantType": "client_credentials"
                 },
                 "request": {
-                  "apiEndpoint": "[[concat('https://api-', parameters('sophosRegion'), '.central.sophos.com/siem/v1/events')]",
+                  "apiEndpoint": "[[concat('https://api-',parameters('sophosRegion'),'.central.sophos.com/siem/v1/events')]",
                   "rateLimitQPS": 10,
                   "queryWindowInMin": 5,
                   "httpMethod": "GET",
@@ -1575,7 +1585,7 @@
       "apiVersion": "2023-04-01-preview",
       "location": "[parameters('workspace-location')]",
       "properties": {
-        "version": "3.0.5",
+        "version": "3.0.6",
         "kind": "Solution",
         "contentSchemaVersion": "3.0.0",
         "displayName": "Sophos Endpoint Protection",

Solutions/Sophos Endpoint Protection/Package/mainTemplate.json

@@ -1,5 +1,6 @@
 | **Version** | **Date Modified (DD-MM-YYYY)** | **Change History**                                                 |
 |-------------|--------------------------------|--------------------------------------------------------------------|
+| 3.0.6       | 23-10-2025                     | Updated the solution to be compatible with tool changes for the connection name.            |
 | 3.0.5       | 21-08-2024                     | **Data Connector** [Sophos Endpoint Protection (using REST API)] Globally Available|
 | 3.0.4       | 01-07-2024                     | Update files for CCP Connector to fix the connectivity|
 | 3.0.3       | 25-04-2024                     | Repackaged for parser issue with old names       |