Azure · v-atulyadav · Aug 12, 2024 · Aug 9, 2024
@@ -8,7 +8,7 @@
     "Playbooks/AWSAthenaPlaybooks/AWSAthena-GetQueryResults/azuredeploy.json"
   ],
   "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\AWSAthena",
-  "Version": "3.0.0",
+  "Version": "3.0.1",
   "Metadata": "SolutionMetadata.json",
   "TemplateSpec": true
 }
@@ -6,7 +6,7 @@
     "config": {
       "isWizard": false,
       "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/AWSAthena/Playbooks/aws-logo.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \r \n • Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/AWSAthena/ReleaseNotes.md)\r \n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing._\n\n[Amazon Athena](https://aws.amazon.com/athena/?whats-new-cards.sort-by=item.additionalFields.postDateTime&whats-new-cards.sort-order=desc) is an interactive query service that makes it easy to analyze data in Amazon S3 using standard SQL. Athena is serverless, so there is no infrastructure to manage, and you pay only for the queries that you run. \n\n **Underlying Microsoft Technologies used:**\n\nThis solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\n\n a. [Azure Functions](https://azure.microsoft.com/products/functions/#overview)\n\n**Function Apps:** 1, **Playbooks:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/AWSAthena/Playbooks/aws-logo.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/AWSAthena/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\n[Amazon Athena](https://aws.amazon.com/athena/?whats-new-cards.sort-by=item.additionalFields.postDateTime&whats-new-cards.sort-order=desc) is an interactive query service that makes it easy to analyze data in Amazon S3 using standard SQL. Athena is serverless, so there is no infrastructure to manage, and you pay only for the queries that you run. \n\n **Underlying Microsoft Technologies used:**\n\nThis solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\n\n a. [Azure Functions](https://azure.microsoft.com/products/functions/#overview)\n\n**Function Apps:** 1, **Playbooks:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
         "subscription": {
           "resourceProviders": [
             "Microsoft.OperationsManagement/solutions",

@@ -33,7 +33,7 @@
     "email": "support@microsoft.com",
     "_email": "[variables('email')]",
     "_solutionName": "AWSAthena",
-    "_solutionVersion": "3.0.0",
+    "_solutionVersion": "3.0.1",
     "solutionId": "azuresentinel.azure-sentinel-solution-awsathena",
     "_solutionId": "[variables('solutionId')]",
     "AWSAthena_FunctionAppConnector": "AWSAthena_FunctionAppConnector",
@@ -66,7 +66,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "AWSAthena_FunctionAppConnector Playbook with template version 3.0.0",
+        "description": "AWSAthena_FunctionAppConnector Playbook with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('playbookVersion1')]",
@@ -106,7 +106,7 @@
           "resources": [
             {
               "type": "Microsoft.Storage/storageAccounts",
-              "apiVersion": "2021-02-01",
+              "apiVersion": "2023-04-01",
               "name": "[[variables('storageAccountName')]",
               "location": "[[variables('workspace-location-inline')]",
               "sku": {
@@ -191,7 +191,7 @@
                     },
                     {
                       "name": "AzureWebJobsStorage",
-                      "value": "[[concat('DefaultEndpointsProtocol=https;AccountName=', variables('storageAccountName'), ';EndpointSuffix=', environment().suffixes.storage, ';AccountKey=',listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName')), '2022-05-01').keys[0].value)]"
+                      "value": "[[concat('DefaultEndpointsProtocol=https;AccountName=', variables('storageAccountName'), ';EndpointSuffix=', environment().suffixes.storage, ';AccountKey=',listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName')), '2023-04-01').keys[0].value)]"
                     },
                     {
                       "name": "FUNCTIONS_EXTENSION_VERSION",
@@ -271,7 +271,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "AWSAthena-GetQueryResults Playbook with template version 3.0.0",
+        "description": "AWSAthena-GetQueryResults Playbook with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('playbookVersion2')]",
@@ -728,7 +728,7 @@
               "Obtain AWS Access Key ID, Secret Access Key and Region."
             ],
             "postDeployment": [
-              "Follow Post deployment steps from playbook readme file."
+              "a. Once deployment is complete, authorize each connection.\n 1. Click the Microsoft Sentinel connection resource.\n 2. Click edit API connection.\n 3. Click Authorize\n 4. Sign in\n 5. Click Save\n 6. Repeat steps for other connections. \n\n b. Assign Playbook Microsoft Sentinel Responder Role\n 1. Select the Playbook (Logic App) resource\n 2. Click on Identity Blade\n 3. Choose System assigned tab\n 4. Click on Azure role assignments\n 5. Click on Add role assignments\n 6. Select Scope - Resource group\n 7. Select Subscription - where Playbook has been created\n 8. Select Resource group - where Playbook has been created\n 9. Select Role - Microsoft Sentinel Responder\n 10. Click Save (It takes 3-5 minutes to show the added role."
             ],
             "lastUpdateTime": "2022-11-14T12:00:00Z",
             "tags": [
@@ -762,12 +762,12 @@
       "apiVersion": "2023-04-01-preview",
       "location": "[parameters('workspace-location')]",
       "properties": {
-        "version": "3.0.0",
+        "version": "3.0.1",
         "kind": "Solution",
         "contentSchemaVersion": "3.0.0",
         "displayName": "AWSAthena",
         "publisherDisplayName": "Microsoft Sentinel, Microsoft Corporation",
-        "descriptionHtml": "<p><strong>Note:</strong> <em>There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</em></p>\n<p><a href=\"https://aws.amazon.com/athena/?whats-new-cards.sort-by=item.additionalFields.postDateTime&amp;whats-new-cards.sort-order=desc\">Amazon Athena</a> is an interactive query service that makes it easy to analyze data in Amazon S3 using standard SQL. Athena is serverless, so there is no infrastructure to manage, and you pay only for the queries that you run.</p>\n<p><strong>Underlying Microsoft Technologies used:</strong></p>\n<p>This solution takes a dependency on the following technologies, and some of these dependencies either may be in <a href=\"https://azure.microsoft.com/support/legal/preview-supplemental-terms/\">Preview</a> state or might result in additional ingestion or operational costs:</p>\n<ol type=\"a\">\n<li><a href=\"https://azure.microsoft.com/products/functions/#overview\">Azure Functions</a></li>\n</ol>\n<p><strong>Function Apps:</strong> 1, <strong>Playbooks:</strong> 1</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
+        "descriptionHtml": "<p><strong>Note:</strong> Please refer to the following before installing the solution:</p>\n<p>• Review the solution <a href=\"https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/AWSAthena/ReleaseNotes.md\">Release Notes</a></p>\n<p>• There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</p>\n<p><a href=\"https://aws.amazon.com/athena/?whats-new-cards.sort-by=item.additionalFields.postDateTime&amp;whats-new-cards.sort-order=desc\">Amazon Athena</a> is an interactive query service that makes it easy to analyze data in Amazon S3 using standard SQL. Athena is serverless, so there is no infrastructure to manage, and you pay only for the queries that you run.</p>\n<p><strong>Underlying Microsoft Technologies used:</strong></p>\n<p>This solution takes a dependency on the following technologies, and some of these dependencies either may be in <a href=\"https://azure.microsoft.com/support/legal/preview-supplemental-terms/\">Preview</a> state or might result in additional ingestion or operational costs:</p>\n<ol type=\"a\">\n<li><a href=\"https://azure.microsoft.com/products/functions/#overview\">Azure Functions</a></li>\n</ol>\n<p><strong>Function Apps:</strong> 1, <strong>Playbooks:</strong> 1</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
         "contentKind": "Solution",
         "contentProductId": "[variables('_solutioncontentProductId')]",
         "id": "[variables('_solutioncontentProductId')]",

@@ -5,8 +5,7 @@
         "title": "AWS Athena - Execute Query and Get Results",
         "description": "When a new sentinel incident is created, this playbook gets triggered and performs the following actions:\n 1. It executes the query specified during playbook setup on given database.\n 2. Downloads the query result and adds as a comment to the incident.",
         "prerequisites": ["Obtain AWS Access Key ID, Secret Access Key and Region."],
-        "postDeployment": [
-            "Follow Post deployment steps from playbook readme file."
+        "postDeployment": ["a. Once deployment is complete, authorize each connection.\n 1. Click the Microsoft Sentinel connection resource.\n 2. Click edit API connection.\n 3. Click Authorize\n 4. Sign in\n 5. Click Save\n 6. Repeat steps for other connections. \n\n b. Assign Playbook Microsoft Sentinel Responder Role\n 1. Select the Playbook (Logic App) resource\n 2. Click on Identity Blade\n 3. Choose System assigned tab\n 4. Click on Azure role assignments\n 5. Click on Add role assignments\n 6. Select Scope - Resource group\n 7. Select Subscription - where Playbook has been created\n 8. Select Resource group - where Playbook has been created\n 9. Select Role - Microsoft Sentinel Responder\n 10. Click Save (It takes 3-5 minutes to show the added role."
         ],
         "prerequisitesDeployTemplateFile": "../../CustomConnector/AWSAthena_FunctionAppConnector/azuredeploy.json",
         "lastUpdateTime": "2022-11-14T12:00:00.000Z",

@@ -32,7 +32,7 @@
     "resources": [
         {
             "type": "Microsoft.Storage/storageAccounts",
-            "apiVersion": "2021-02-01",
+            "apiVersion": "2023-04-01",
             "name": "[variables('storageAccountName')]",
             "location": "[resourceGroup().location]",
             "sku": {
@@ -117,7 +117,7 @@
                         },
                         {
                             "name": "AzureWebJobsStorage",
-                            "value": "[concat('DefaultEndpointsProtocol=https;AccountName=', variables('storageAccountName'), ';EndpointSuffix=', environment().suffixes.storage, ';AccountKey=',listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName')), '2022-05-01').keys[0].value)]"
+                            "value": "[concat('DefaultEndpointsProtocol=https;AccountName=', variables('storageAccountName'), ';EndpointSuffix=', environment().suffixes.storage, ';AccountKey=',listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName')), '2023-04-01').keys[0].value)]"
                         },
                         {
                             "name": "FUNCTIONS_EXTENSION_VERSION",

@@ -1,4 +1,5 @@
 | **Version** | **Date Modified (DD-MM-YYYY)** | **Change History**                                                        |
 |-------------|--------------------------------|---------------------------------------------------------------------------|
+| 3.0.1       | 09-08-2024                     | Updated **Playbook** post deployement steps			                   | 
 | 3.0.0       | 29-01-2024                     | App insights to LA change in data connector and repackage                 |