Azure · v-atulyadav · Nov 21, 2024 · Nov 15, 2024 · Nov 15, 2024 · Nov 19, 2024
@@ -5,12 +5,6 @@ description: |
 severity: High
 status: Available
 requiredDataConnectors:
-  - connectorId: Claroty
-    dataTypes:
-      - ClarotyEvent
-  - connectorId: ClarotyAma
-    dataTypes:
-      - ClarotyEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
@@ -32,5 +26,5 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: IPCustomEntity
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled
@@ -5,12 +5,6 @@ description: |
 severity: High
 status: Available
 requiredDataConnectors:
-  - connectorId: Claroty
-    dataTypes:
-      - ClarotyEvent
-  - connectorId: ClarotyAma
-    dataTypes:
-      - ClarotyEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
@@ -33,5 +27,5 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: IPCustomEntity
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled
@@ -5,12 +5,6 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: Claroty
-    dataTypes:
-      - ClarotyEvent
-  - connectorId: ClarotyAma
-    dataTypes:
-      - ClarotyEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
@@ -46,5 +40,5 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: SrcIpAddr
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled
@@ -5,12 +5,6 @@ description: |
 severity: High
 status: Available
 requiredDataConnectors:
-  - connectorId: Claroty
-    dataTypes:
-      - ClarotyEvent
-  - connectorId: ClarotyAma
-    dataTypes:
-      - ClarotyEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
@@ -37,5 +31,5 @@ entityMappings:
     fieldMappings:
       - identifier: Name
         columnName: AccountCustomEntity
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled
@@ -5,12 +5,6 @@ description: |
 severity: High
 status: Available
 requiredDataConnectors:
-  - connectorId: Claroty
-    dataTypes:
-      - ClarotyEvent
-  - connectorId: ClarotyAma
-    dataTypes:
-      - ClarotyEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
@@ -39,5 +33,5 @@ entityMappings:
     fieldMappings:
       - identifier: DistinguishedName
         columnName: SGCustomEntity
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled
@@ -5,12 +5,6 @@ description: |
 severity: High
 status: Available
 requiredDataConnectors:
-  - connectorId: Claroty
-    dataTypes:
-      - ClarotyEvent
-  - connectorId: ClarotyAma
-    dataTypes:
-      - ClarotyEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
@@ -32,5 +26,5 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: IPCustomEntity
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled
@@ -5,12 +5,6 @@ description: |
 severity: High
 status: Available
 requiredDataConnectors:
-  - connectorId: Claroty
-    dataTypes:
-      - ClarotyEvent
-  - connectorId: ClarotyAma
-    dataTypes:
-      - ClarotyEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
@@ -32,5 +26,5 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: IPCustomEntity
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled
@@ -5,12 +5,6 @@ description: |
 severity: High
 status: Available
 requiredDataConnectors:
-  - connectorId: Claroty
-    dataTypes:
-      - ClarotyEvent
-  - connectorId: ClarotyAma
-    dataTypes:
-      - ClarotyEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
@@ -32,5 +26,5 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: IPCustomEntity
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled
@@ -5,12 +5,6 @@ description: |
 severity: High
 status: Available
 requiredDataConnectors:
-  - connectorId: Claroty
-    dataTypes:
-      - ClarotyEvent
-  - connectorId: ClarotyAma
-    dataTypes:
-      - ClarotyEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
@@ -32,5 +26,5 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: IPCustomEntity
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled
@@ -32,5 +32,5 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: IPCustomEntity
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled
@@ -2,7 +2,7 @@
   "Name": "Claroty",
   "Author": "Microsoft - support@microsoft.com",
   "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">",
-  "Description": "The [Claroty](https://claroty.com/) solution for Microsoft Sentinel enables ingestion of  [Continuous Threat Detection](https://claroty.com/resources/datasheets/continuous-threat-detection) and [Secure Remote Access](https://claroty.com/industrial-cybersecurity/sra) events into Microsoft Sentinel. \n\nThis solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.\n\n**NOTE:** Microsoft recommends installation of CEF via AMA Connector. The existing connectors are about to be deprecated by Aug 31, 2024.",
+  "Description": "The [Claroty](https://claroty.com/) solution for Microsoft Sentinel enables ingestion of  [Continuous Threat Detection](https://claroty.com/resources/datasheets/continuous-threat-detection) and [Secure Remote Access](https://claroty.com/industrial-cybersecurity/sra) events into Microsoft Sentinel. \n\nThis solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.\n\n**NOTE:** Microsoft recommends installation of CEF via AMA Connector. The existing connectors were deprecated on **Aug 31, 2024**.",
   "Workbooks": [
     "Workbooks/ClarotyOverview.json"
   ],
@@ -21,10 +21,6 @@
     "Hunting Queries/ClarotyUnresolvedAlerts.yaml",
     "Hunting Queries/ClarotyWriteExecuteOperations.yaml"
   ],
-  "Data Connectors": [
-    "Data Connectors/Connector_Claroty_CEF.json",
-	"Data Connectors/template_ClarotyAMA.json"
-  ],
   "Analytic Rules": [
     "Analytic Rules/ClarotyAssetDown.yaml",
     "Analytic Rules/ClarotyCriticalBaselineDeviation.yaml",
@@ -42,7 +38,7 @@
    ],
   "Metadata": "SolutionMetadata.json",
   "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\Claroty",
-  "Version": "3.0.2",
+  "Version": "3.0.3",
   "TemplateSpec": true,
   "Is1PConnector": false
 }
@@ -4,12 +4,6 @@ description: |
   'Query searches for baseline deviation events.'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: Claroty
-    dataTypes:
-      - ClarotyEvent
-  - connectorId: ClarotyAma
-    dataTypes:
-      - ClarotyEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog

@@ -4,12 +4,6 @@ description: |
   'Query searches for conflicting assets.'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: Claroty
-    dataTypes:
-      - ClarotyEvent
-  - connectorId: ClarotyAma
-    dataTypes:
-      - ClarotyEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog

@@ -4,12 +4,6 @@ description: |
   'Query searches for critical severity events.'
 severity: High
 requiredDataConnectors:
-  - connectorId: Claroty
-    dataTypes:
-      - ClarotyEvent
-  - connectorId: ClarotyAma
-    dataTypes:
-      - ClarotyEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog

@@ -4,12 +4,6 @@ description: |
   'Query searches for PLC login security alerts.'
 severity: High
 requiredDataConnectors:
-  - connectorId: Claroty
-    dataTypes:
-      - ClarotyEvent
-  - connectorId: ClarotyAma
-    dataTypes:
-      - ClarotyEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog

@@ -4,12 +4,6 @@ description: |
   'Query searches for login failure events.'
 severity: High
 requiredDataConnectors:
-  - connectorId: Claroty
-    dataTypes:
-      - ClarotyEvent
-  - connectorId: ClarotyAma
-    dataTypes:
-      - ClarotyEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog

@@ -4,12 +4,6 @@ description: |
   'Query searches for sources of network scans.'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: Claroty
-    dataTypes:
-      - ClarotyEvent
-  - connectorId: ClarotyAma
-    dataTypes:
-      - ClarotyEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog

@@ -4,12 +4,6 @@ description: |
   'Query searches for targets of network scans.'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: Claroty
-    dataTypes:
-      - ClarotyEvent
-  - connectorId: ClarotyAma
-    dataTypes:
-      - ClarotyEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog

@@ -4,12 +4,6 @@ description: |
   'Query searches for unapproved access events.'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: Claroty
-    dataTypes:
-      - ClarotyEvent
-  - connectorId: ClarotyAma
-    dataTypes:
-      - ClarotyEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog

@@ -4,12 +4,6 @@ description: |
   'Query searches for alerts with unresolved status.'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: Claroty
-    dataTypes:
-      - ClarotyEvent
-  - connectorId: ClarotyAma
-    dataTypes:
-      - ClarotyEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog

@@ -4,12 +4,6 @@ description: |
   'Query searches for operations with Write and Execute accesses.'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: Claroty
-    dataTypes:
-      - ClarotyEvent
-  - connectorId: ClarotyAma
-    dataTypes:
-      - ClarotyEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog