-
Notifications
You must be signed in to change notification settings - Fork 3.1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
9513a94
commit 72f65ff
Showing
4 changed files
with
6,697 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,188 @@ | ||
| { | ||
| "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", | ||
| "contentVersion": "1.0.0.0", | ||
| "parameters": { | ||
| "workspace-location": { | ||
| "type": "string" | ||
| }, | ||
| "workspace": { | ||
| "type": "string" | ||
| } | ||
| }, | ||
| "resources": [ | ||
| { | ||
| "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectorDefinitions", | ||
| "apiVersion": "2022-09-01-preview", | ||
| "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/NetskopeCCP')]", | ||
| "kind": "Customizable", | ||
| "location": "[parameters('workspace-location')]", | ||
| "properties": { | ||
| "connectorUiConfig": { | ||
| "id": "NetskopeCCP", | ||
| "title": "Netskope CCP Connector", | ||
| "publisher": "Netskope", | ||
| "descriptionMarkdown": "The Netskope CCP connector allows you to easly ingest your Netskope logging into Microsoft Sentinel and write detections based on them. To onboard Netskope into Microsoft Sentinel and get the maximum value out of both products, simply provide your Organisation name, a valid API key and press the connect button.", | ||
| "graphQueriesTableName": "NetskopeAlerts_CL", | ||
| "graphQueries": [ | ||
| { | ||
| "metricName": "Total Netskope Alerts received", | ||
| "legend": "Netskope Alerts", | ||
| "baseQuery": "NetskopeAlerts_CL" | ||
| }, | ||
| { | ||
| "metricName": "Total Netskope Application Events", | ||
| "legend": "Netskope Application Events", | ||
| "baseQuery": "NetskopeEventsApplication_CL" | ||
| }, | ||
| { | ||
| "metricName": "Total Netskope Audit Events", | ||
| "legend": "Netskope Audit Events", | ||
| "baseQuery": "NetskopeEventsAudit_CL" | ||
| }, | ||
| { | ||
| "metricName": "Total Netskope Connection Events", | ||
| "legend": "Netskope Connection Events", | ||
| "baseQuery": "NetskopeEventsConnection_CL" | ||
| }, | ||
| { | ||
| "metricName": "Total Netskope DLP Events", | ||
| "legend": "Netskope DLP Events", | ||
| "baseQuery": "NetskopeEventsDLP_CL" | ||
| }, | ||
| { | ||
| "metricName": "Total Netskope Endpoint Events", | ||
| "legend": "Netskope Endpoint Events", | ||
| "baseQuery": "NetskopeEventsEndpoint_CL" | ||
| }, | ||
| { | ||
| "metricName": "Total Netskope Infrastructure Events", | ||
| "legend": "Netskope Infrastructure Events", | ||
| "baseQuery": "NetskopeEventsInfrastructure_CL" | ||
| }, | ||
| { | ||
| "metricName": "Total Netskope Network Events", | ||
| "legend": "Netskope Network Events", | ||
| "baseQuery": "NetskopeEventsNetwork_CL" | ||
| }, | ||
| { | ||
| "metricName": "Total Netskope Page Events", | ||
| "legend": "Netskope Page Events", | ||
| "baseQuery": "NetskopeEventsPage_CL" | ||
| } | ||
| ], | ||
| "sampleQueries": [ | ||
| { | ||
| "description": "Get Sample of Netskope events", | ||
| "query": "NetskopeAlerts_CL\n | take 10" | ||
| } | ||
| ], | ||
| "dataTypes": [ | ||
| { | ||
| "name": "NetskopeAlerts_CL", | ||
| "lastDataReceivedQuery": "NetskopeAlerts_CL \n | where TimeGenerated > ago(7d) | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" | ||
| }, | ||
| { | ||
| "name": "NetskopeEventsApplication_CL", | ||
| "lastDataReceivedQuery": "NetskopeEventsApplication_CL \n | where TimeGenerated > ago(7d) | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" | ||
| }, | ||
| { | ||
| "name": "NetskopeEventsAudit_CL", | ||
| "lastDataReceivedQuery": "NetskopeEventsAudit_CL \n | where TimeGenerated > ago(7d) | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" | ||
| }, | ||
| { | ||
| "name": "NetskopeEventsConnection_CL", | ||
| "lastDataReceivedQuery": "NetskopeEventsConnection_CL \n | where TimeGenerated > ago(7d) | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" | ||
| }, | ||
| { | ||
| "name": "NetskopeEventsDLP_CL", | ||
| "lastDataReceivedQuery": "NetskopeEventsDLP_CL \n | where TimeGenerated > ago(7d) | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" | ||
| }, | ||
| { | ||
| "name": "NetskopeEventsEndpoint_CL", | ||
| "lastDataReceivedQuery": "NetskopeEventsEndpoint_CL \n | where TimeGenerated > ago(7d) | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" | ||
| }, | ||
| { | ||
| "name": "NetskopeEventsInfrastructure_CL", | ||
| "lastDataReceivedQuery": "NetskopeEventsInfrastructure_CL \n | where TimeGenerated > ago(7d) | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" | ||
| }, | ||
| { | ||
| "name": "NetskopeEventsNetwork_CL", | ||
| "lastDataReceivedQuery": "NetskopeEventsNetwork_CL \n | where TimeGenerated > ago(7d) | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" | ||
| }, | ||
| { | ||
| "name": "NetskopeEventsPage_CL", | ||
| "lastDataReceivedQuery": "NetskopeEventsPage_CL \n | where TimeGenerated > ago(7d) | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" | ||
| } | ||
| ], | ||
| "connectivityCriteria": [ | ||
| { | ||
| "type": "HasDataConnectors" | ||
| } | ||
| ], | ||
| "availability": { | ||
| "isPreview": false | ||
| }, | ||
| "permissions": { | ||
| "resourceProvider": [ | ||
| { | ||
| "provider": "Microsoft.OperationalInsights/workspaces", | ||
| "permissionsDisplayText": "Read and Write permissions are required.", | ||
| "providerDisplayName": "Workspace", | ||
| "scope": "Workspace", | ||
| "requiredPermissions": { | ||
| "write": true, | ||
| "read": true, | ||
| "delete": true | ||
| } | ||
| } | ||
| ], | ||
| "customs": [ | ||
| { | ||
| "name": "Netskope organisation name", | ||
| "description": "The Netskope data connector requires you to provide your organisation name. You can find your organisation name by signing into the Netskope portal and checking your settings." | ||
| }, | ||
| { | ||
| "name": "Netskope API key", | ||
| "description": "The Netskope data connector requires you to provide a valid API key. You can create one by following the [Netskope documentation](https://docs.netskope.com/en/rest-api-v2-overview-312207/)." | ||
| } | ||
| ] | ||
| }, | ||
| "instructionSteps": [ | ||
| { | ||
| "title": "STEP 1 - Create a Netskope API key.", | ||
| "description": "Follow the [Netskope documentation](https://docs.netskope.com/en/rest-api-v2-overview-312207/) for guidance on this step." | ||
| }, | ||
| { | ||
| "title": "STEP 2 - Enter your Netskope product Details", | ||
| "description": "Enter your Netskope organisation name & API Token below:", | ||
| "instructions": [ | ||
| { | ||
| "type": "Textbox", | ||
| "parameters": { | ||
| "label": "Organisation Name", | ||
| "placeholder": "Enter your organisation name", | ||
| "type": "text", | ||
| "name": "Organisation" | ||
| } | ||
| }, | ||
| { | ||
| "type": "Textbox", | ||
| "parameters": { | ||
| "label": "API Key", | ||
| "placeholder": "Enter your API Key", | ||
| "type": "password", | ||
| "name": "ApiKey" | ||
| } | ||
| } | ||
| ] | ||
| }, | ||
| { | ||
| "title": "STEP 3 - Click Connect", | ||
| "description": "Verify all fields above were filled in correctly. Press the Connect to connect Netskope to Sentinel." | ||
| } | ||
| ] | ||
| } | ||
| } | ||
| } | ||
| ] | ||
| } |
Oops, something went wrong.