![](\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/AWSAthena/Playbooks/aws-logo.svg\"){kind=logo}
\n\n**Note:** Please refer to the following before installing the solution: \r \n • Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/AWSAthena/ReleaseNotes.md)\r \n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing._\n\n[Amazon Athena](https://aws.amazon.com/athena/?whats-new-cards.sort-by=item.additionalFields.postDateTime&whats-new-cards.sort-order=desc) is an interactive query service that makes it easy to analyze data in Amazon S3 using standard SQL. Athena is serverless, so there is no infrastructure to manage, and you pay only for the queries that you run. \n\n **Underlying Microsoft Technologies used:**\n\nThis solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\n\n a. [Azure Functions](https://azure.microsoft.com/products/functions/#overview)\n\n**Function Apps:** 1, **Playbooks:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+ "description": "\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/AWSAthena/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\n[Amazon Athena](https://aws.amazon.com/athena/?whats-new-cards.sort-by=item.additionalFields.postDateTime&whats-new-cards.sort-order=desc) is an interactive query service that makes it easy to analyze data in Amazon S3 using standard SQL. Athena is serverless, so there is no infrastructure to manage, and you pay only for the queries that you run. \n\n **Underlying Microsoft Technologies used:**\n\nThis solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\n\n a. [Azure Functions](https://azure.microsoft.com/products/functions/#overview)\n\n**Function Apps:** 1, **Playbooks:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
"subscription": {
"resourceProviders": [
"Microsoft.OperationsManagement/solutions",
diff --git a/Solutions/AWSAthena/Package/mainTemplate.json b/Solutions/AWSAthena/Package/mainTemplate.json
index 2eefe702c3f..fad63963642 100644
--- a/Solutions/AWSAthena/Package/mainTemplate.json
+++ b/Solutions/AWSAthena/Package/mainTemplate.json
@@ -33,7 +33,7 @@
"email": "support@microsoft.com",
"_email": "[variables('email')]",
"_solutionName": "AWSAthena",
- "_solutionVersion": "3.0.0",
+ "_solutionVersion": "3.0.1",
"solutionId": "azuresentinel.azure-sentinel-solution-awsathena",
"_solutionId": "[variables('solutionId')]",
"AWSAthena_FunctionAppConnector": "AWSAthena_FunctionAppConnector",
@@ -66,7 +66,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
- "description": "AWSAthena_FunctionAppConnector Playbook with template version 3.0.0",
+ "description": "AWSAthena_FunctionAppConnector Playbook with template version 3.0.1",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('playbookVersion1')]",
@@ -106,7 +106,7 @@
"resources": [
{
"type": "Microsoft.Storage/storageAccounts",
- "apiVersion": "2021-02-01",
+ "apiVersion": "2023-04-01",
"name": "[[variables('storageAccountName')]",
"location": "[[variables('workspace-location-inline')]",
"sku": {
@@ -191,7 +191,7 @@
},
{
"name": "AzureWebJobsStorage",
- "value": "[[concat('DefaultEndpointsProtocol=https;AccountName=', variables('storageAccountName'), ';EndpointSuffix=', environment().suffixes.storage, ';AccountKey=',listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName')), '2022-05-01').keys[0].value)]"
+ "value": "[[concat('DefaultEndpointsProtocol=https;AccountName=', variables('storageAccountName'), ';EndpointSuffix=', environment().suffixes.storage, ';AccountKey=',listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName')), '2023-04-01').keys[0].value)]"
},
{
"name": "FUNCTIONS_EXTENSION_VERSION",
@@ -271,7 +271,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
- "description": "AWSAthena-GetQueryResults Playbook with template version 3.0.0",
+ "description": "AWSAthena-GetQueryResults Playbook with template version 3.0.1",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('playbookVersion2')]",
@@ -728,7 +728,7 @@
"Obtain AWS Access Key ID, Secret Access Key and Region."
],
"postDeployment": [
- "Follow Post deployment steps from playbook readme file."
+ "a. Once deployment is complete, authorize each connection.\n 1. Click the Microsoft Sentinel connection resource.\n 2. Click edit API connection.\n 3. Click Authorize\n 4. Sign in\n 5. Click Save\n 6. Repeat steps for other connections. \n\n b. Assign Playbook Microsoft Sentinel Responder Role\n 1. Select the Playbook (Logic App) resource\n 2. Click on Identity Blade\n 3. Choose System assigned tab\n 4. Click on Azure role assignments\n 5. Click on Add role assignments\n 6. Select Scope - Resource group\n 7. Select Subscription - where Playbook has been created\n 8. Select Resource group - where Playbook has been created\n 9. Select Role - Microsoft Sentinel Responder\n 10. Click Save (It takes 3-5 minutes to show the added role."
],
"lastUpdateTime": "2022-11-14T12:00:00Z",
"tags": [
@@ -762,12 +762,12 @@
"apiVersion": "2023-04-01-preview",
"location": "[parameters('workspace-location')]",
"properties": {
- "version": "3.0.0",
+ "version": "3.0.1",
"kind": "Solution",
"contentSchemaVersion": "3.0.0",
"displayName": "AWSAthena",
"publisherDisplayName": "Microsoft Sentinel, Microsoft Corporation",
- "descriptionHtml": "Note: There may be known issues pertaining to this Solution, please refer to them before installing.
\nAmazon Athena is an interactive query service that makes it easy to analyze data in Amazon S3 using standard SQL. Athena is serverless, so there is no infrastructure to manage, and you pay only for the queries that you run.
\nUnderlying Microsoft Technologies used:
\nThis solution takes a dependency on the following technologies, and some of these dependencies either may be in Preview state or might result in additional ingestion or operational costs:
\nFunction Apps: 1, Playbooks: 1
\nLearn more about Microsoft Sentinel | Learn more about Solutions
\n", + "descriptionHtml": "Note: Please refer to the following before installing the solution:
\n• Review the solution Release Notes
\n• There may be known issues pertaining to this Solution, please refer to them before installing.
\nAmazon Athena is an interactive query service that makes it easy to analyze data in Amazon S3 using standard SQL. Athena is serverless, so there is no infrastructure to manage, and you pay only for the queries that you run.
\nUnderlying Microsoft Technologies used:
\nThis solution takes a dependency on the following technologies, and some of these dependencies either may be in Preview state or might result in additional ingestion or operational costs:
\nFunction Apps: 1, Playbooks: 1
\nLearn more about Microsoft Sentinel | Learn more about Solutions
\n", "contentKind": "Solution", "contentProductId": "[variables('_solutioncontentProductId')]", "id": "[variables('_solutioncontentProductId')]", diff --git a/Solutions/AWSAthena/Playbooks/AWSAthenaPlaybooks/AWSAthena-GetQueryResults/azuredeploy.json b/Solutions/AWSAthena/Playbooks/AWSAthenaPlaybooks/AWSAthena-GetQueryResults/azuredeploy.json index f5c46ce0cf8..e92a1c87ea7 100644 --- a/Solutions/AWSAthena/Playbooks/AWSAthenaPlaybooks/AWSAthena-GetQueryResults/azuredeploy.json +++ b/Solutions/AWSAthena/Playbooks/AWSAthenaPlaybooks/AWSAthena-GetQueryResults/azuredeploy.json @@ -5,8 +5,7 @@ "title": "AWS Athena - Execute Query and Get Results", "description": "When a new sentinel incident is created, this playbook gets triggered and performs the following actions:\n 1. It executes the query specified during playbook setup on given database.\n 2. Downloads the query result and adds as a comment to the incident.", "prerequisites": ["Obtain AWS Access Key ID, Secret Access Key and Region."], - "postDeployment": [ - "Follow Post deployment steps from playbook readme file." + "postDeployment": ["a. Once deployment is complete, authorize each connection.\n 1. Click the Microsoft Sentinel connection resource.\n 2. Click edit API connection.\n 3. Click Authorize\n 4. Sign in\n 5. Click Save\n 6. Repeat steps for other connections. \n\n b. Assign Playbook Microsoft Sentinel Responder Role\n 1. Select the Playbook (Logic App) resource\n 2. Click on Identity Blade\n 3. Choose System assigned tab\n 4. Click on Azure role assignments\n 5. Click on Add role assignments\n 6. Select Scope - Resource group\n 7. Select Subscription - where Playbook has been created\n 8. Select Resource group - where Playbook has been created\n 9. Select Role - Microsoft Sentinel Responder\n 10. Click Save (It takes 3-5 minutes to show the added role." ], "prerequisitesDeployTemplateFile": "../../CustomConnector/AWSAthena_FunctionAppConnector/azuredeploy.json", "lastUpdateTime": "2022-11-14T12:00:00.000Z", diff --git a/Solutions/AWSAthena/Playbooks/CustomConnector/AWSAthena_FunctionAppConnector/azuredeploy.json b/Solutions/AWSAthena/Playbooks/CustomConnector/AWSAthena_FunctionAppConnector/azuredeploy.json index 14d868bf24a..2222115966d 100644 --- a/Solutions/AWSAthena/Playbooks/CustomConnector/AWSAthena_FunctionAppConnector/azuredeploy.json +++ b/Solutions/AWSAthena/Playbooks/CustomConnector/AWSAthena_FunctionAppConnector/azuredeploy.json @@ -32,7 +32,7 @@ "resources": [ { "type": "Microsoft.Storage/storageAccounts", - "apiVersion": "2021-02-01", + "apiVersion": "2023-04-01", "name": "[variables('storageAccountName')]", "location": "[resourceGroup().location]", "sku": { @@ -117,7 +117,7 @@ }, { "name": "AzureWebJobsStorage", - "value": "[concat('DefaultEndpointsProtocol=https;AccountName=', variables('storageAccountName'), ';EndpointSuffix=', environment().suffixes.storage, ';AccountKey=',listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName')), '2022-05-01').keys[0].value)]" + "value": "[concat('DefaultEndpointsProtocol=https;AccountName=', variables('storageAccountName'), ';EndpointSuffix=', environment().suffixes.storage, ';AccountKey=',listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName')), '2023-04-01').keys[0].value)]" }, { "name": "FUNCTIONS_EXTENSION_VERSION", diff --git a/Solutions/AWSAthena/ReleaseNotes.md b/Solutions/AWSAthena/ReleaseNotes.md index 159feed4a72..95c1eb66d57 100644 --- a/Solutions/AWSAthena/ReleaseNotes.md +++ b/Solutions/AWSAthena/ReleaseNotes.md @@ -1,4 +1,5 @@ | **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** | |-------------|--------------------------------|---------------------------------------------------------------------------| +| 3.0.1 | 09-08-2024 | Updated **Playbook** post deployement steps | | 3.0.0 | 29-01-2024 | App insights to LA change in data connector and repackage |