-
Notifications
You must be signed in to change notification settings - Fork 3.1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Loading status checks…
adding solution for Jamf Push connector
1 parent
925290f
commit 126ea95
Showing
14 changed files
with
3,915 additions
and
986 deletions.
There are no files selected for viewing
277 changes: 277 additions & 0 deletions
277
Solutions/Jamf Protect/Data Connectors/JamfProtect_ccp/DCR.json
Large diffs are not rendered by default.
Oops, something went wrong.
208 changes: 208 additions & 0 deletions
208
Solutions/Jamf Protect/Data Connectors/JamfProtect_ccp/connectorDefinition.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,208 @@ | ||
{ | ||
"name": "JamfProtectPush", | ||
"apiVersion": "2022-09-01-preview", | ||
"type": "Microsoft.SecurityInsights/dataConnectorDefinitions", | ||
"location": "[parameters('workspace-location')]", | ||
"kind": "Customizable", | ||
"properties": { | ||
"connectorUiConfig": { | ||
"id": "JamfProtectPush", | ||
"title": "Jamf Protect Push Connector", | ||
"publisher": "Jamf", | ||
"descriptionMarkdown": "The [Jamf Protect](https://www.jamf.com/products/jamf-protect/) connector provides the capability to read raw event data from Jamf Protect in Microsoft Sentinel.", | ||
"graphQueries": [ | ||
{ | ||
"metricName": "Telemetry", | ||
"legend": "jamfprotecttelemetryv2_CL", | ||
"baseQuery": "jamfprotecttelemetryv2_CL" | ||
}, | ||
{ | ||
"metricName": "Unified Logs", | ||
"legend": "jamfprotectunifiedlogs_CL", | ||
"baseQuery": "jamfprotectunifiedlogs_CL" | ||
}, | ||
{ | ||
"metricName": "Telemetry (Legacy)", | ||
"legend": "jamfprotecttelemetryv1_CL", | ||
"baseQuery": "jamfprotecttelemetryv1_CL" | ||
}, | ||
{ | ||
"metricName": "Alerts", | ||
"legend": "jamfprotectalerts_CL", | ||
"baseQuery": "jamfprotectalerts_CL" | ||
} | ||
], | ||
"sampleQueries": [ | ||
{ | ||
"description": "Jamf Protect - All Alerts", | ||
"query": "jamfprotectalerts_CL\n | sort by TimeGenerated desc" | ||
}, | ||
{ | ||
"description": "Jamf Protect - All Telemetry events", | ||
"query": "jamfprotecttelemetry_CL\n | sort by TimeGenerated desc" | ||
} | ||
], | ||
"dataTypes": [ | ||
{ | ||
"name": "jamfprotecttelemetryv2_CL", | ||
"lastDataReceivedQuery": "jamfprotecttelemetryv2_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" | ||
}, | ||
{ | ||
"name": "jamfprotectunifiedlogs_CL", | ||
"lastDataReceivedQuery": "jamfprotectunifiedlogs_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" | ||
}, | ||
{ | ||
"name": "jamfprotecttelemetryv1_CL", | ||
"lastDataReceivedQuery": "jamfprotecttelemetryv1_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" | ||
}, | ||
{ | ||
"name": "jamfprotectalerts_CL", | ||
"lastDataReceivedQuery": "jamfprotectalerts_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" | ||
} | ||
], | ||
"connectivityCriteria": [ | ||
{ | ||
"type": "IsConnectedQuery", | ||
"value": [ | ||
"jamfprotecttelemetryv2_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(7d)", | ||
"jamfprotectunifiedlogs_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(7d)", | ||
"jamfprotecttelemetryv1_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(7d)", | ||
"jamfprotectalerts_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(7d)" | ||
] | ||
} | ||
], | ||
"availability": { | ||
"status": 1 | ||
}, | ||
"permissions": { | ||
"resourceProvider": [ | ||
{ | ||
"provider": "Microsoft.OperationalInsights/workspaces", | ||
"permissionsDisplayText": "read and write permissions are required.", | ||
"providerDisplayName": "Workspace", | ||
"scope": "Workspace", | ||
"requiredPermissions": { | ||
"write": true, | ||
"read": true, | ||
"delete": true | ||
} | ||
} | ||
], | ||
"customs": [ | ||
{ | ||
"name": "Microsoft Entra", | ||
"description": "Permission to create an app registration in Microsoft Entra ID. Typically requires Entra ID Application Developer role or higher." | ||
}, | ||
{ | ||
"name": "Microsoft Azure", | ||
"description": "Permission to assign Monitoring Metrics Publisher role on data collection rule (DCR). Typically requires Azure RBAC Owner or User Access Administrator role" | ||
} | ||
] | ||
}, | ||
"instructionSteps": [ | ||
{ | ||
"title": "1. Create ARM Resources and Provide the Required Permissions", | ||
"description": "This connector reads data from the tables that Jamf Protect uses in a Microsoft Analytics Workspace, if the [data forwarding](https://docs.jamf.com/jamf-protect/documentation/Data_Forwarding_to_a_Third_Party_Storage_Solution.html?hl=sentinel#task-4227) option is enabled in Jamf Protect then raw event data is sent to the Microsoft Sentinel Ingestion API.", | ||
"instructions": [ | ||
{ | ||
"type": "Markdown", | ||
"parameters": { | ||
"content": "#### Automated Configuration and Secure Data Ingestion with Entra Application \nClicking on \"Connect\" will trigger the creation of Log Analytics tables and a Data Collection Rule (DCR). \nIt will then create an Entra application, link the DCR to it, and set the entered secret in the application. This setup enables data to be sent securely to the DCR using an Entra token." | ||
} | ||
}, | ||
{ | ||
"parameters": { | ||
"label": "Deploy Jamf Protect connector resources", | ||
"applicationDisplayName": "Jamf Protect Connector Application" | ||
}, | ||
"type": "DeployPushConnectorButton" | ||
} | ||
] | ||
}, | ||
{ | ||
"title": "2. Push your logs into the workspace", | ||
"description": "Use the following parameters to configure the your machine to send the logs to the workspace.", | ||
"instructions": [ | ||
{ | ||
"parameters": { | ||
"label": "Tenant ID (Directory ID)", | ||
"fillWith": [ | ||
"TenantId" | ||
] | ||
}, | ||
"type": "CopyableLabel" | ||
}, | ||
{ | ||
"parameters": { | ||
"label": "Entra Application ID", | ||
"fillWith": [ | ||
"ApplicationId" | ||
], | ||
"placeholder": "Deploy push connector to get the Application ID" | ||
}, | ||
"type": "CopyableLabel" | ||
}, | ||
{ | ||
"parameters": { | ||
"label": "Entra Application Secret", | ||
"fillWith": [ | ||
"ApplicationSecret" | ||
], | ||
"placeholder": "Deploy push connector to get the Application Secret" | ||
}, | ||
"type": "CopyableLabel" | ||
}, | ||
{ | ||
"parameters": { | ||
"label": "DCE Uri", | ||
"fillWith": [ | ||
"DataCollectionEndpoint" | ||
], | ||
"placeholder": "Deploy push connector to get the DCR Uri" | ||
}, | ||
"type": "CopyableLabel" | ||
}, | ||
{ | ||
"parameters": { | ||
"label": "DCR Immutable ID", | ||
"fillWith": [ | ||
"DataCollectionRuleId" | ||
], | ||
"placeholder": "Deploy push connector to get the DCR ID" | ||
}, | ||
"type": "CopyableLabel" | ||
}, | ||
{ | ||
"parameters": { | ||
"label": "Telemetry Stream ID", | ||
"value": "Custom-jamfprotecttelemetryv1_CL" | ||
}, | ||
"type": "CopyableLabel" | ||
}, | ||
{ | ||
"parameters": { | ||
"label": "Unified Logs Stream ID", | ||
"value": "Custom-jamfprotectunifiedlogs_CL" | ||
}, | ||
"type": "CopyableLabel" | ||
}, | ||
{ | ||
"parameters": { | ||
"label": "Telemetry (Legacy) Stream ID", | ||
"value": "Custom-jamfprotecttelemetryv2_CL" | ||
}, | ||
"type": "CopyableLabel" | ||
}, | ||
{ | ||
"parameters": { | ||
"label": "Alerts Stream ID", | ||
"value": "Custom-jamfprotectalerts_CL" | ||
}, | ||
"type": "CopyableLabel" | ||
} | ||
] | ||
} | ||
] | ||
} | ||
} | ||
} |
25 changes: 25 additions & 0 deletions
25
Solutions/Jamf Protect/Data Connectors/JamfProtect_ccp/dataConnector.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
{ | ||
"name": "JamfProtectPushConnectorPolling", | ||
"apiVersion": "2023-02-01-preview", | ||
"type": "Microsoft.SecurityInsights/dataConnectors", | ||
"kind": "Push", | ||
"properties": { | ||
"connectorDefinitionName": "JamfProtectPush", | ||
"dcrConfig": { | ||
"streamName": "Custom-jamfprotecttelemetryv2", | ||
"dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]", | ||
"dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]" | ||
}, | ||
"auth": { | ||
"type": "Push", | ||
"AppId": "[[parameters('auth').appId]", | ||
"ServicePrincipalId": "[[parameters('auth').servicePrincipalId]" | ||
}, | ||
"request": {}, | ||
"response": { | ||
"eventsJsonPaths": [ | ||
"$.messages" | ||
] | ||
} | ||
} | ||
} |
11 changes: 11 additions & 0 deletions
11
Solutions/Jamf Protect/Data Connectors/JamfProtect_ccp/solutionMetadata.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
{ | ||
"SolutionName":"Jamf Protect for Microsoft Sentinel", | ||
"SolutionAuthor": "Thijs Xhaflaire", | ||
"SolutionVersion":"3.2.0", | ||
"PackageId": "azuresentinel.azure-sentinel-solution-JamfProtectPushV1", | ||
"TemplateName": "JamfProtectPushV1", | ||
"ConnectorDefinitionTemplateVersion": "1.0.0", | ||
"DataConnectorsTemplateVersion": "1.0.0", | ||
"PackageIcon":"JamfProtect", | ||
"SolutionTier": "Partner" | ||
} |
236 changes: 236 additions & 0 deletions
236
Solutions/Jamf Protect/Data Connectors/JamfProtect_ccp/table.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,236 @@ | ||
{ | ||
"name": "jamfprotectalerts_CL", | ||
"type": "Microsoft.OperationalInsights/workspaces/tables", | ||
"apiVersion": "2021-03-01-privatepreview", | ||
"tags": {}, | ||
"properties": { | ||
"plan": "Analytics", | ||
"schema": { | ||
"name": "jamfprotectalerts_CL", | ||
"columns": [ | ||
{ | ||
"name": "input", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "TimeGenerated", | ||
"type": "datetime" | ||
}, | ||
{ | ||
"name": "EventVendor", | ||
"type": "string" | ||
}, | ||
{ | ||
"name": "EventProduct", | ||
"type": "string" | ||
}, | ||
{ | ||
"name": "EventProductVersion", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "EventSeverity", | ||
"type": "string" | ||
}, | ||
{ | ||
"name": "EventOriginalType", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "EventOriginalUid", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "EventType", | ||
"type": "string" | ||
}, | ||
{ | ||
"name": "EventResult", | ||
"type": "string" | ||
}, | ||
{ | ||
"name": "EventMessage", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "EventResultMessage", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "TargetHostname", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "DvcHostname", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "DvcSerial", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "DvcIpAddr", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "DvcId", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "DvcOs", | ||
"type": "string" | ||
}, | ||
{ | ||
"name": "DvcOsVersion", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "SrcDeviceType", | ||
"type": "string" | ||
}, | ||
{ | ||
"name": "ProcessEventType", | ||
"type": "string" | ||
}, | ||
{ | ||
"name": "ProcessEventSubType", | ||
"type": "string" | ||
}, | ||
{ | ||
"name": "ActingProcessName", | ||
"type": "string" | ||
}, | ||
{ | ||
"name": "ActingProcessId", | ||
"type": "real" | ||
}, | ||
{ | ||
"name": "ActingProcessGuid", | ||
"type": "string" | ||
}, | ||
{ | ||
"name": "ParentProcessName", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "ParentProcessId", | ||
"type": "real" | ||
}, | ||
{ | ||
"name": "ParentProcessGuid", | ||
"type": "string" | ||
}, | ||
{ | ||
"name": "TargetProcessName", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "TargetProcessId", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "TargetProcessGuid", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "TargetProcessSHA1", | ||
"type": "string" | ||
}, | ||
{ | ||
"name": "TargetProcessSHA256", | ||
"type": "string" | ||
}, | ||
{ | ||
"name": "TargetProcessCommandLine", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "TargetProcessCurrentDirectory", | ||
"type": "string" | ||
}, | ||
{ | ||
"name": "TargetProcessStatusCode", | ||
"type": "real" | ||
}, | ||
{ | ||
"name": "TargetFilePath", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "TargetFileSHA1", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "TargetFileSHA256", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "TargetFileSize", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "TargetFileSigningInfoMessage", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "TargetFileSignerType", | ||
"type": "string" | ||
}, | ||
{ | ||
"name": "TargetFileSigningTeamID", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "TargetFileIsDownload", | ||
"type": "boolean" | ||
}, | ||
{ | ||
"name": "TargetFileIsAppBundle", | ||
"type": "boolean" | ||
}, | ||
{ | ||
"name": "TargetFileIsDirectory", | ||
"type": "boolean" | ||
}, | ||
{ | ||
"name": "TargetFileIsScreenshot", | ||
"type": "boolean" | ||
}, | ||
{ | ||
"name": "TargetFileExtendedAttributes", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "TargetBinaryFilePath", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "TargetBinarySHA1", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "TargetBinarySHA256", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "TargetBinarySigningInfoMessage", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "TargetbinarySignerType", | ||
"type": "string" | ||
}, | ||
{ | ||
"name": "TargetBinarySigningTeamID", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "TargetBinarySigningAppID", | ||
"type": "dynamic" | ||
} | ||
] | ||
}, | ||
"totalRetentionInDays": 30 | ||
} | ||
} | ||
|
263 changes: 263 additions & 0 deletions
263
Solutions/Jamf Protect/Data Connectors/JamfProtect_ccp/table2.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,263 @@ | ||
{ | ||
"name": "jamfprotecttelemetryv1_CL", | ||
"type": "Microsoft.OperationalInsights/workspaces/tables", | ||
"apiVersion": "2021-03-01-privatepreview", | ||
"tags": {}, | ||
"properties": { | ||
"plan": "Analytics", | ||
"schema": { | ||
"name": "jamfprotecttelemetryv1_CL", | ||
"columns": [ | ||
{ | ||
"name": "architecture", | ||
"type": "string" | ||
}, | ||
{ | ||
"name": "arguments", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "attributes", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "bios_firmware_versions", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "contents", | ||
"type": "string" | ||
}, | ||
{ | ||
"name": "exec_args", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "exec_chain", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "exec_chain_child", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "exec_chain_parent", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "exec_env", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "exit", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "file", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "header", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "host_info", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "identity", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "key", | ||
"type": "string" | ||
}, | ||
{ | ||
"name": "metrics", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "page_info", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "path", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "process", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "rateLimitingSeconds", | ||
"type": "int" | ||
}, | ||
{ | ||
"name": "return", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "socket_inet", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "subject", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "texts", | ||
"type": "string" | ||
}, | ||
{ | ||
"name": "TimeGenerated", | ||
"type": "datetime" | ||
}, | ||
{ | ||
"name": "EventVendor", | ||
"type": "string" | ||
}, | ||
{ | ||
"name": "EventProduct", | ||
"type": "string" | ||
}, | ||
{ | ||
"name": "EventSeverity", | ||
"type": "string" | ||
}, | ||
{ | ||
"name": "TargetModel", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "DvcOsVersion", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "TargetHostname", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "DvcHostname", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "DvcId", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "EventType", | ||
"type": "string" | ||
}, | ||
{ | ||
"name": "ActingProcessId", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "ActingProcessName", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "ParentProcessName", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "ParentProcessId", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "ParentProcessGuid", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "TargetProcessName", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "TargetProcessId", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "TargetProcessGuid", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "TargetProcessSHA256", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "TargetUserId", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "TargetUsername", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "TargetProcessCommandLine", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "ActorUsername", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "ActorUserId", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "GroupName", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "GroupID", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "EffectiveGroupName", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "EffectiveGroupID", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "DstIpAddr", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "DstPortNumber", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "NetworkProtocolVersion", | ||
"type": "string" | ||
}, | ||
{ | ||
"name": "SrcIpAddr", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "TargetBinarySHA256", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "TargetbinarySignerType", | ||
"type": "string" | ||
}, | ||
{ | ||
"name": "TargetBinarySigningTeamID", | ||
"type": "string" | ||
}, | ||
{ | ||
"name": "TargetBinarySigningAppID", | ||
"type": "string" | ||
}, | ||
{ | ||
"name": "TargetFilePath", | ||
"type": "dynamic" | ||
} | ||
] | ||
}, | ||
"totalRetentionInDays": 30 | ||
} | ||
} |
99 changes: 99 additions & 0 deletions
99
Solutions/Jamf Protect/Data Connectors/JamfProtect_ccp/table3.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,99 @@ | ||
{ | ||
"name": "jamfprotecttelemetryv2_CL", | ||
"type": "Microsoft.OperationalInsights/workspaces/tables", | ||
"apiVersion": "2021-03-01-privatepreview", | ||
"tags": {}, | ||
"properties": { | ||
"plan": "Analytics", | ||
"schema": { | ||
"name": "jamfprotecttelemetryv2_CL", | ||
"columns": [ | ||
{ | ||
"name": "action", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "event", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "EventOriginalType", | ||
"type": "int" | ||
}, | ||
{ | ||
"name": "EventCount", | ||
"type": "int" | ||
}, | ||
{ | ||
"name": "process", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "thread", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "TimeGenerated", | ||
"type": "datetime" | ||
}, | ||
{ | ||
"name": "EventOriginalUid", | ||
"type": "string" | ||
}, | ||
{ | ||
"name": "EventVendor", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "EventProduct", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "EventSchemaVersion", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "EventProductVersion", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "EventSeverity", | ||
"type": "string" | ||
}, | ||
{ | ||
"name": "TargetHostname", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "DvcHostname", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "DvcSerial", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "DvcIpAddr", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "DvcId", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "DvcOs", | ||
"type": "string" | ||
}, | ||
{ | ||
"name": "DvcOsVersion", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "SrcDeviceType", | ||
"type": "string" | ||
} | ||
] | ||
}, | ||
"totalRetentionInDays": 30 | ||
} | ||
} |
115 changes: 115 additions & 0 deletions
115
Solutions/Jamf Protect/Data Connectors/JamfProtect_ccp/table4.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,115 @@ | ||
{ | ||
"name": "jamfprotectunifiedlogs_CL", | ||
"type": "Microsoft.OperationalInsights/workspaces/tables", | ||
"apiVersion": "2021-03-01-privatepreview", | ||
"tags": {}, | ||
"properties": { | ||
"plan": "Analytics", | ||
"schema": { | ||
"name": "jamfprotectunifiedlogs_CL", | ||
"columns": [ | ||
{ | ||
"name": "input", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "TimeGenerated", | ||
"type": "datetime" | ||
}, | ||
{ | ||
"name": "EventProductVersion", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "EventSeverity", | ||
"type": "string" | ||
}, | ||
{ | ||
"name": "EventOriginalType", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "EventOriginalUid", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "EventType", | ||
"type": "string" | ||
}, | ||
{ | ||
"name": "EventResult", | ||
"type": "string" | ||
}, | ||
{ | ||
"name": "EventMessage", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "EventResultMessage", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "TargetHostname", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "DvcHostname", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "DvcSerial", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "DvcIpAddr", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "DvcId", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "DvcOs", | ||
"type": "string" | ||
}, | ||
{ | ||
"name": "DvcOsVersion", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "SrcDeviceType", | ||
"type": "string" | ||
}, | ||
{ | ||
"name": "ProcessEventType", | ||
"type": "string" | ||
}, | ||
{ | ||
"name": "ProcessEventSubType", | ||
"type": "string" | ||
}, | ||
{ | ||
"name": "TargetProcessName", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "TargetProcessId", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "TargetProcessGuid", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "TargetProcessCommandLine", | ||
"type": "dynamic" | ||
}, | ||
{ | ||
"name": "TargetProcessCurrentDirectory", | ||
"type": "dynamic" | ||
} | ||
] | ||
}, | ||
"totalRetentionInDays": 30 | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
1,988 changes: 1,816 additions & 172 deletions
1,988
Solutions/Jamf Protect/Package/mainTemplate.json
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Large diffs are not rendered by default.
Oops, something went wrong.