Update configuration and templates for SINEC Security Guard solution

Azure · Nov 21, 2024 · 8f5efb5 · 8f5efb5
1 parent 1aa8c2e
commit 8f5efb5
Show file tree

Hide file tree

Showing 4 changed files with 724 additions and 746 deletions.
diff --git a/Solutions/SINEC Security Guard/Data Connectors/data_connector_GenericUI.json b/Solutions/SINEC Security Guard/Data Connectors/data_connector_GenericUI.json
@@ -1,84 +1,84 @@
-{
-    "id": "SSG",
-    "title": "SINEC Security Guard",
-    "publisher": "Siemens AG",
-    "descriptionMarkdown": "The SINEC Security Guard solution for Microsoft Sentinel allows you to ingest security events of your industrial networks from the [SINEC Security Guard](https://siemens.com/sinec-security-guard) into Microsoft Sentinel",
-    "graphQueriesTableName": "SINECSecurityGuard_CL",
-    "logo": "SSG.svg",
-    "graphQueries": [
-        {
-            "metricName": "Total events received",
-            "legend": "SINECSecurityGuard_CL",
-            "baseQuery": "SINECSecurityGuard_CL\n | summarize count()"
-        }
-    ],
-    "sampleQueries": [
-        {
-            "description": "List of Attacks",
-            "query": "SINECSecurityGuard_CL\n | summarize count()"
-        }
-    ],
-    "connectivityCriterias": [
-        {
-            "type": "IsConnectedQuery",
-            "value": ["SINECSecurityGuard_CL\n | summarize lastLogGenerated = max(TimeGenerated) | project IsConnected = lastLogGenerated > ago(30d)"]
-        }
-    ],
-    "dataTypes": [
-        {
-            "name": "SINECSecurityGuard_CL",
-            "lastDataReceivedQuery": "SINECSecurityGuard_CL\n | summarize Time = max(TimeGenerated) | where isnotempty(Time)"
-        }
-    ],
-    "availability": {
-        "isPreview": true,
-        "status": 1
-    },
-    "permissions": {
-        "resourceProvider": [
-            {
-                "provider": "Microsoft.OperationalInsights/workspaces",
-                "permissionsDisplayText": "read and write permissions are required.",
-                "providerDisplayName": "Workspace",
-                "scope": "Workspace",
-                "requiredPermissions": {
-                    "write": true,
-                    "read": true,
-                    "delete": true
-                }
-            },
-            {
-                "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
-                "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
-                "providerDisplayName": "Keys",
-                "scope": "Workspace",
-                "requiredPermissions": {
-                    "action": true
-            }
-        }
-        ]
-    },
-    "instructionSteps": [
-        {
-            "description": "This Data Connector relies on the SINEC Security Guard Sensor Package to be able to receive Sensor events in Microsoft Sentinel. The Sensor Package can be purchased in the Siemens Xcelerator Marketplace.",
-            "instructions": [
-                {
-                    "parameters": {
-                        "title": "1. Please follow the steps to configure the data connector",
-                        "instructionSteps": [
-                            {
-                                "title": "Set up the SINEC Security Guard Sensor",
-                                "description": "Detailed step for setting up the sensor."
-                            },
-                            {
-                                "title": "Create the Data Connector and configure it in the SINEC Security Guard web interface",
-                                "description": "Instructions on configuring the data connector."
-                            }
-                        ]
-                    },
-                    "type": "InstructionStepsGroup"
-                }
-            ]
-        }
-    ]
-}
+{
+    "id": "SSG",
+    "title": "SINEC Security Guard",
+    "publisher": "Siemens AG",
+    "descriptionMarkdown": "The SINEC Security Guard solution for Microsoft Sentinel allows you to ingest security events of your industrial networks from the [SINEC Security Guard](https://siemens.com/sinec-security-guard) into Microsoft Sentinel",
+    "graphQueriesTableName": "SINECSecurityGuard_CL",
+    "logo": "SSG.svg",
+    "graphQueries": [
+        {
+            "metricName": "Total events received",
+            "legend": "SINECSecurityGuard_CL",
+            "baseQuery": "SINECSecurityGuard_CL\n | summarize count()"
+        }
+    ],
+    "sampleQueries": [
+        {
+            "description": "List of Attacks",
+            "query": "SINECSecurityGuard_CL\n | summarize count()"
+        }
+    ],
+    "connectivityCriterias": [
+        {
+            "type": "IsConnectedQuery",
+            "value": ["SINECSecurityGuard_CL\n | summarize lastLogGenerated = max(TimeGenerated) | project IsConnected = lastLogGenerated > ago(30d)"]
+        }
+    ],
+    "dataTypes": [
+        {
+            "name": "SINECSecurityGuard_CL",
+            "lastDataReceivedQuery": "SINECSecurityGuard_CL\n | summarize Time = max(TimeGenerated) | where isnotempty(Time)"
+        }
+    ],
+    "availability": {
+        "isPreview": true,
+        "status": 1
+    },
+    "permissions": {
+        "resourceProvider": [
+            {
+                "provider": "Microsoft.OperationalInsights/workspaces",
+                "permissionsDisplayText": "read and write permissions are required.",
+                "providerDisplayName": "Workspace",
+                "scope": "Workspace",
+                "requiredPermissions": {
+                    "write": true,
+                    "read": true,
+                    "delete": true
+                }
+            },
+            {
+                "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
+                "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
+                "providerDisplayName": "Keys",
+                "scope": "Workspace",
+                "requiredPermissions": {
+                    "action": true
+            }
+        }
+        ]
+    },
+    "instructionSteps": [
+        {
+            "description": "This Data Connector relies on the SINEC Security Guard Sensor Package to be able to receive Sensor events in Microsoft Sentinel. The Sensor Package can be purchased in the Siemens Xcelerator Marketplace.",
+            "instructions": [
+                {
+                    "parameters": {
+                        "title": "1. Please follow the steps to configure the data connector",
+                        "instructionSteps": [
+                            {
+                                "title": "Set up the SINEC Security Guard Sensor",
+                                "description": "Detailed step for setting up the sensor."
+                            },
+                            {
+                                "title": "Create the Data Connector and configure it in the SINEC Security Guard web interface",
+                                "description": "Instructions on configuring the data connector."
+                            }
+                        ]
+                    },
+                    "type": "InstructionStepsGroup"
+                }
+            ]
+        }
+    ]
+}
diff --git a/Solutions/SINEC Security Guard/Data/Solution_Sinec Security Guard.json b/Solutions/SINEC Security Guard/Data/Solution_Sinec Security Guard.json
@@ -1,17 +1,17 @@
-{
-  "Name": "SINEC Security Guard",
-  "Author": "Siemens AG",
-  "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/SSG.svg\" width=\"75px\" height=\"75px\">",
-  "Description": "The SINEC Security Guard solution for Microsoft Sentinel allows you to ingest security events of your industrial networks from the (SINEC Security Guard)[https://siemens.com/sinec-security-guard] into Microsoft Sentinel",
-  "Analytic Rules": [
-    "Analytic Rules/SSG_Azure_Sentinel_analytic_rule.yaml"
-  ],
-  "Data Connectors": [
-    "Data Connectors/data_connector_GenericUI.json"
-  ],
-  "Metadata": "SolutionMetadata.json",
-  "BasePath": "D:\\Sentinel_GIT\\Azure-Sentinel\\Solutions\\SINEC Security Guard",
-  "Version": "3.0.3",
-  "TemplateSpec": true,
-  "Is1PConnector": false
+{
+  "Name": "SINEC Security Guard",
+  "Author": "Siemens AG",
+  "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/SSG.svg\" width=\"75px\" height=\"75px\">",
+  "Description": "The SINEC Security Guard solution for Microsoft Sentinel allows you to ingest security events of your industrial networks from the [SINEC Security Guard](https://siemens.com/sinec-security-guard) into Microsoft Sentinel",
+  "Analytic Rules": [
+    "Analytic Rules/SSG_Azure_Sentinel_analytic_rule.yaml"
+  ],
+  "Data Connectors": [
+    "Data Connectors/data_connector_GenericUI.json"
+  ],
+  "Metadata": "SolutionMetadata.json",
+  "BasePath": "D:\\Sentinel_GIT\\Azure-Sentinel\\Solutions\\SINEC Security Guard",
+  "Version": "3.0.3",
+  "TemplateSpec": true,
+  "Is1PConnector": false
 }