Skip to content

Commit

Permalink
Merge pull request #10924 from mpmisha/patch-1
Browse files Browse the repository at this point in the history 
Create CarbonBlackViaAWSS3_ConnectorDefinition.json
  • Loading branch information
@v-prasadboke
v-prasadboke authored Oct 15, 2024
2 parents d64b0b7 + 7a68e18 commit 9513a94
Show file tree
Hide file tree
Showing 11 changed files with 7,081 additions and 107 deletions.
2,536 changes: 2,536 additions & 0 deletions ...ns/VMware Carbon Black Cloud/Data Connectors/CarbonBlackViaAWSS3_ConnectorDefinition.json
View file

Large diffs are not rendered by default.

1,215 changes: 1,215 additions & 0 deletions ...VMware Carbon Black Cloud/Data Connectors/VMwareCarbonBlackCloud_ccp/CarbonBlack_DCR.json
View file

Large diffs are not rendered by default.

284 changes: 284 additions & 0 deletions ...Cloud/Data Connectors/VMwareCarbonBlackCloud_ccp/CarbonBlack_DataConnectorDefination.json
View file

Large diffs are not rendered by default.

29 changes: 29 additions & 0 deletions ...bon Black Cloud/Data Connectors/VMwareCarbonBlackCloud_ccp/CarbonBlack_PollingConfig.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
{
"name": "carbonBlackViaAWSS3",
"apiVersion": "2022-10-01-preview",
"type": "Microsoft.SecurityInsights/dataConnectors",
"kind": "AmazonWebServicesS3",
"properties": {
"connectorDefinitionName": "carbonBlackAWSS3",
"dataType": {
"logs": {
"state": "enabled"
}
},
"dcrConfig": {
"streamName": "Custom-CarbonBlackAlertsStream",
"dataCollectionEndpoint": "{{dataCollectionEndpoint}}",
"dataCollectionRuleImmutableId": "{{dataCollectionRuleImmutableId}}"
},
"roleArn": "{{roleArn}}",
"sqsUrls": [
"{{queueUrl}}"
],
"destinationTable": "CarbonBlackAlertsStream_CL",
"dataFormat": {
"Format": "JsonLine",
"IsCompressed": true,
"compressType": "Gzip"
}
}
}
282 changes: 282 additions & 0 deletions ...ns/VMware Carbon Black Cloud/Data Connectors/VMwareCarbonBlackCloud_ccp/table_alerts.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,282 @@
{
"name": "CarbonBlack_Alerts_CL",
"type": "Microsoft.OperationalInsights/workspaces/tables",
"apiVersion": "2021-03-01-privatepreview",
"location": "{{location}}",
"tags": {},
"properties": {
"schema": {
"name": "CarbonBlack_Alerts_CL",
"columns": [
{
"name": "TimeGenerated",
"type": "datetime"
},
{
"name": "Version",
"type": "string"
},
{
"name": "AlertUrl",
"type": "string"
},
{
"name": "Id",
"type": "string"
},
{
"name": "AlertType",
"type": "string"
},
{
"name": "IsUpdated",
"type": "string"
},
{
"name": "DetectionTimestamp",
"type": "string"
},
{
"name": "BackendTimestamp",
"type": "string"
},
{
"name": "BackendUpdateTimestamp",
"type": "string"
},
{
"name": "FirstEventTimestamp",
"type": "string"
},
{
"name": "LastEventTimestamp",
"type": "string"
},
{
"name": "Severity",
"type": "string"
},
{
"name": "Reason",
"type": "string"
},
{
"name": "ThreatId",
"type": "string"
},
{
"name": "PrimaryEventId",
"type": "string"
},
{
"name": "Workflow",
"type": "string"
},
{
"name": "Determination",
"type": "string"
},
{
"name": "AlertNotesPresent",
"type": "string"
},
{
"name": "PolicyApplied",
"type": "string"
},
{
"name": "RunState",
"type": "string"
},
{
"name": "ReasonCode",
"type": "string"
},
{
"name": "SensorAction",
"type": "string"
},
{
"name": "DeviceTargetValue",
"type": "string"
},
{
"name": "DevicePolicyId",
"type": "string"
},
{
"name": "DevicePolicy",
"type": "string"
},
{
"name": "DeviceId",
"type": "string"
},
{
"name": "DeviceName",
"type": "string"
},
{
"name": "DeviceOs",
"type": "string"
},
{
"name": "DeviceOsVersion",
"type": "string"
},
{
"name": "DeviceUsername",
"type": "string"
},
{
"name": "DeviceLocation",
"type": "string"
},
{
"name": "DeviceExternalIp",
"type": "string"
},
{
"name": "DeviceInternalIp",
"type": "string"
},
{
"name": "ReportId",
"type": "string"
},
{
"name": "ReportName",
"type": "string"
},
{
"name": "ReportDescription",
"type": "string"
},
{
"name": "ReportTags",
"type": "string"
},
{
"name": "ReportLink",
"type": "string"
},
{
"name": "IocId",
"type": "string"
},
{
"name": "IocHit",
"type": "string"
},
{
"name": "Watchlists",
"type": "string"
},
{
"name": "ProcessGuid",
"type": "string"
},
{
"name": "ProcessPid",
"type": "string"
},
{
"name": "ProcessName",
"type": "string"
},
{
"name": "ProcessSha256",
"type": "string"
},
{
"name": "ProcessMd5",
"type": "string"
},
{
"name": "ProcessReputation",
"type": "string"
},
{
"name": "ProcessEffectiveReputation",
"type": "string"
},
{
"name": "ProcessCmdline",
"type": "string"
},
{
"name": "ProcessUsername",
"type": "string"
},
{
"name": "ProcessIssuer",
"type": "string"
},
{
"name": "ProcessPublisher",
"type": "string"
},
{
"name": "ParentGuid",
"type": "string"
},
{
"name": "ParentPid",
"type": "string"
},
{
"name": "ParentName",
"type": "string"
},
{
"name": "ParentSha256",
"type": "string"
},
{
"name": "ParentMd5",
"type": "string"
},
{
"name": "ParentReputation",
"type": "string"
},
{
"name": "ParentEffectiveReputation",
"type": "string"
},
{
"name": "ParentCmdline",
"type": "string"
},
{
"name": "ParentUsername",
"type": "string"
},
{
"name": "MdrAlertNotesPresent",
"type": "string"
},
{
"name": "MdrAlert",
"type": "string"
},
{
"name": "MlClassificationFinalVerdict",
"type": "string"
},
{
"name": "MlClassificationGlobalPrevalence",
"type": "string"
},
{
"name": "MlClassificationOrgPrevalence",
"type": "string"
},
{
"name": "ml_classification_org_prevalence",
"type": "string"
}
]
}
}
}
Loading

0 comments on commit 9513a94

Please sign in to comment.