Merge pull request #11435 from Azure/v-rusraut/Claroty,ForcepointCSG,…

…ForcepointNGFWRemovedDC

Repackage - Claroty

Solutions/Claroty/Analytic Rules/ClarotyAssetDown.yaml

@@ -5,12 +5,6 @@ description: |
 severity: High
 status: Available
 requiredDataConnectors:
-  - connectorId: Claroty
-    dataTypes:
-      - ClarotyEvent
-  - connectorId: ClarotyAma
-    dataTypes:
-      - ClarotyEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
@@ -32,5 +26,5 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: IPCustomEntity
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled

Solutions/Claroty/Analytic Rules/ClarotyCriticalBaselineDeviation.yaml

@@ -5,12 +5,6 @@ description: |
 severity: High
 status: Available
 requiredDataConnectors:
-  - connectorId: Claroty
-    dataTypes:
-      - ClarotyEvent
-  - connectorId: ClarotyAma
-    dataTypes:
-      - ClarotyEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
@@ -33,5 +27,5 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: IPCustomEntity
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled

Solutions/Claroty/Analytic Rules/ClarotyLoginToUncommonSite.yaml

@@ -5,12 +5,6 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: Claroty
-    dataTypes:
-      - ClarotyEvent
-  - connectorId: ClarotyAma
-    dataTypes:
-      - ClarotyEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
@@ -46,5 +40,5 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: SrcIpAddr
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled

Solutions/Claroty/Analytic Rules/ClarotyMultipleFailedLogin.yaml

@@ -5,12 +5,6 @@ description: |
 severity: High
 status: Available
 requiredDataConnectors:
-  - connectorId: Claroty
-    dataTypes:
-      - ClarotyEvent
-  - connectorId: ClarotyAma
-    dataTypes:
-      - ClarotyEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
@@ -37,5 +31,5 @@ entityMappings:
     fieldMappings:
       - identifier: Name
         columnName: AccountCustomEntity
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled

Solutions/Claroty/Analytic Rules/ClarotyMultipleFailedLoginsSameDst.yaml

@@ -5,12 +5,6 @@ description: |
 severity: High
 status: Available
 requiredDataConnectors:
-  - connectorId: Claroty
-    dataTypes:
-      - ClarotyEvent
-  - connectorId: ClarotyAma
-    dataTypes:
-      - ClarotyEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
@@ -39,5 +33,5 @@ entityMappings:
     fieldMappings:
       - identifier: DistinguishedName
         columnName: SGCustomEntity
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled

Solutions/Claroty/Analytic Rules/ClarotyNewAsset.yaml

@@ -5,12 +5,6 @@ description: |
 severity: High
 status: Available
 requiredDataConnectors:
-  - connectorId: Claroty
-    dataTypes:
-      - ClarotyEvent
-  - connectorId: ClarotyAma
-    dataTypes:
-      - ClarotyEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
@@ -32,5 +26,5 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: IPCustomEntity
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled

Solutions/Claroty/Analytic Rules/ClarotyPolicyViolation.yaml

@@ -5,12 +5,6 @@ description: |
 severity: High
 status: Available
 requiredDataConnectors:
-  - connectorId: Claroty
-    dataTypes:
-      - ClarotyEvent
-  - connectorId: ClarotyAma
-    dataTypes:
-      - ClarotyEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
@@ -32,5 +26,5 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: IPCustomEntity
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled

Solutions/Claroty/Analytic Rules/ClarotySuspiciousActivity.yaml

@@ -5,12 +5,6 @@ description: |
 severity: High
 status: Available
 requiredDataConnectors:
-  - connectorId: Claroty
-    dataTypes:
-      - ClarotyEvent
-  - connectorId: ClarotyAma
-    dataTypes:
-      - ClarotyEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
@@ -32,5 +26,5 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: IPCustomEntity
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled

Solutions/Claroty/Analytic Rules/ClarotySuspiciousFileTransfer.yaml

@@ -5,12 +5,6 @@ description: |
 severity: High
 status: Available
 requiredDataConnectors:
-  - connectorId: Claroty
-    dataTypes:
-      - ClarotyEvent
-  - connectorId: ClarotyAma
-    dataTypes:
-      - ClarotyEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
@@ -32,5 +26,5 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: IPCustomEntity
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled

Solutions/Claroty/Analytic Rules/ClarotyTreat.yaml

@@ -32,5 +32,5 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: IPCustomEntity
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled

Solutions/Claroty/Data/Solution_Claroty.json

@@ -2,7 +2,7 @@
   "Name": "Claroty",
   "Author": "Microsoft - support@microsoft.com",
   "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">",
-  "Description": "The [Claroty](https://claroty.com/) solution for Microsoft Sentinel enables ingestion of  [Continuous Threat Detection](https://claroty.com/resources/datasheets/continuous-threat-detection) and [Secure Remote Access](https://claroty.com/industrial-cybersecurity/sra) events into Microsoft Sentinel. \n\nThis solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.\n\n**NOTE:** Microsoft recommends installation of CEF via AMA Connector. The existing connectors are about to be deprecated by Aug 31, 2024.",
+  "Description": "The [Claroty](https://claroty.com/) solution for Microsoft Sentinel enables ingestion of  [Continuous Threat Detection](https://claroty.com/resources/datasheets/continuous-threat-detection) and [Secure Remote Access](https://claroty.com/industrial-cybersecurity/sra) events into Microsoft Sentinel. \n\nThis solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.\n\n**NOTE:** Microsoft recommends installation of CEF via AMA Connector. The existing connectors were deprecated on **Aug 31, 2024**.",
   "Workbooks": [
     "Workbooks/ClarotyOverview.json"
   ],
@@ -21,10 +21,6 @@
     "Hunting Queries/ClarotyUnresolvedAlerts.yaml",
     "Hunting Queries/ClarotyWriteExecuteOperations.yaml"
   ],
-  "Data Connectors": [
-    "Data Connectors/Connector_Claroty_CEF.json",
-	"Data Connectors/template_ClarotyAMA.json"
-  ],
   "Analytic Rules": [
     "Analytic Rules/ClarotyAssetDown.yaml",
     "Analytic Rules/ClarotyCriticalBaselineDeviation.yaml",
@@ -42,7 +38,7 @@
    ],
   "Metadata": "SolutionMetadata.json",
   "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\Claroty",
-  "Version": "3.0.2",
+  "Version": "3.0.3",
   "TemplateSpec": true,
   "Is1PConnector": false
 }

Solutions/Claroty/Hunting Queries/ClarotyBaselineDeviation.yaml

@@ -4,12 +4,6 @@ description: |
   'Query searches for baseline deviation events.'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: Claroty
-    dataTypes:
-      - ClarotyEvent
-  - connectorId: ClarotyAma
-    dataTypes:
-      - ClarotyEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog

Solutions/Claroty/Hunting Queries/ClarotyConflictAssets.yaml

@@ -4,12 +4,6 @@ description: |
   'Query searches for conflicting assets.'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: Claroty
-    dataTypes:
-      - ClarotyEvent
-  - connectorId: ClarotyAma
-    dataTypes:
-      - ClarotyEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog

Solutions/Claroty/Hunting Queries/ClarotyCriticalEvents.yaml

@@ -4,12 +4,6 @@ description: |
   'Query searches for critical severity events.'
 severity: High
 requiredDataConnectors:
-  - connectorId: Claroty
-    dataTypes:
-      - ClarotyEvent
-  - connectorId: ClarotyAma
-    dataTypes:
-      - ClarotyEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog

Solutions/Claroty/Hunting Queries/ClarotyPLCLogins.yaml

@@ -4,12 +4,6 @@ description: |
   'Query searches for PLC login security alerts.'
 severity: High
 requiredDataConnectors:
-  - connectorId: Claroty
-    dataTypes:
-      - ClarotyEvent
-  - connectorId: ClarotyAma
-    dataTypes:
-      - ClarotyEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog

Solutions/Claroty/Hunting Queries/ClarotySRAFailedLogins.yaml

@@ -4,12 +4,6 @@ description: |
   'Query searches for login failure events.'
 severity: High
 requiredDataConnectors:
-  - connectorId: Claroty
-    dataTypes:
-      - ClarotyEvent
-  - connectorId: ClarotyAma
-    dataTypes:
-      - ClarotyEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog

Solutions/Claroty/Hunting Queries/ClarotyScanSources.yaml

@@ -4,12 +4,6 @@ description: |
   'Query searches for sources of network scans.'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: Claroty
-    dataTypes:
-      - ClarotyEvent
-  - connectorId: ClarotyAma
-    dataTypes:
-      - ClarotyEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog

Solutions/Claroty/Hunting Queries/ClarotyScantargets.yaml

@@ -4,12 +4,6 @@ description: |
   'Query searches for targets of network scans.'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: Claroty
-    dataTypes:
-      - ClarotyEvent
-  - connectorId: ClarotyAma
-    dataTypes:
-      - ClarotyEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog

Solutions/Claroty/Hunting Queries/ClarotyUnapprovedAccess.yaml

@@ -4,12 +4,6 @@ description: |
   'Query searches for unapproved access events.'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: Claroty
-    dataTypes:
-      - ClarotyEvent
-  - connectorId: ClarotyAma
-    dataTypes:
-      - ClarotyEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog

Solutions/Claroty/Hunting Queries/ClarotyUnresolvedAlerts.yaml

@@ -4,12 +4,6 @@ description: |
   'Query searches for alerts with unresolved status.'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: Claroty
-    dataTypes:
-      - ClarotyEvent
-  - connectorId: ClarotyAma
-    dataTypes:
-      - ClarotyEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog

Solutions/Claroty/Hunting Queries/ClarotyWriteExecuteOperations.yaml

@@ -4,12 +4,6 @@ description: |
   'Query searches for operations with Write and Execute accesses.'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: Claroty
-    dataTypes:
-      - ClarotyEvent
-  - connectorId: ClarotyAma
-    dataTypes:
-      - ClarotyEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog