Repackage - Nasuni

Azure · Jan 3, 2025 · b0e0ed2 · b0e0ed2
1 parent e898783
commit b0e0ed2
Show file tree

Hide file tree

Showing 8 changed files with 44 additions and 438 deletions.
diff --git a/Solutions/Nasuni/Analytic Rules/RansomwareAttackDetected.yaml b/Solutions/Nasuni/Analytic Rules/RansomwareAttackDetected.yaml
@@ -4,9 +4,6 @@ description: 'Identifies ransomware attacks detected by the Ransomware Protectio
 kind: Scheduled
 severity: High
 requiredDataConnectors:
-  - connectorId: NasuniEdgeAppliance
-    datatypes: 
-      - Syslog
   - connectorId: SyslogAma
     datatypes:
       - Syslog
@@ -50,4 +47,4 @@ entityMappings:
     columnName: pattern
 suppressionDuration: 5h
 suppressionEnabled: false
-version: 1.0.2
+version: 1.0.3
diff --git a/Solutions/Nasuni/Analytic Rules/RansomwareClientBlocked.yaml b/Solutions/Nasuni/Analytic Rules/RansomwareClientBlocked.yaml
@@ -4,9 +4,6 @@ description: 'Identifies malicious clients blocked by the Ransomware Protection
 kind: Scheduled
 severity: High
 requiredDataConnectors:
-  - connectorId: NasuniEdgeAppliance
-    datatypes: 
-      - Syslog
   - connectorId: SyslogAma
     datatypes:
       - Syslog
@@ -47,4 +44,4 @@ entityMappings:
     columnName: SrcIpAddr
 suppressionDuration: 5h
 suppressionEnabled: false
-version: 1.0.2
+version: 1.0.3
diff --git a/Solutions/Nasuni/Data/Solution_Nasuni.json b/Solutions/Nasuni/Data/Solution_Nasuni.json
@@ -2,22 +2,19 @@
     "Name": "Nasuni",
     "Author": "Nasuni - [email protected]",
     "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/Nasuni/Data%20Connectors/Logo/Nasuni.svg\" width=\"75px\" height=\"75px\">",
-    "Description": "The [Nasuni](https://www.nasuni.com) solution for Microsoft Sentinel allows you to analyze Nasuni audit events and Notifications collected via Syslog. It includes analytics rules to automatically generate Incidents when a ransomware attack is detected and perform appropriate entity mapping. \n\n This solution is dependent on the Syslog solution containing the Syslog via AMA connector to collect the logs. The Syslog  solution will be installed as part of this solution installation. \n\n **NOTE**: Microsoft recommends installation of Syslog via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by **Aug 31, 2024**. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).",
+    "Description": "The [Nasuni](https://www.nasuni.com) solution for Microsoft Sentinel allows you to analyze Nasuni audit events and Notifications collected via Syslog. It includes analytics rules to automatically generate Incidents when a ransomware attack is detected and perform appropriate entity mapping. \n\n This solution is dependent on the Syslog solution containing the Syslog via AMA connector to collect the logs. The Syslog  solution will be installed as part of this solution installation. \n\n **NOTE**: Microsoft recommends installation of Syslog via AMA Connector. Legacy connector uses the Log Analytics agent which were deprecated on **Aug 31, 2024.** Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).",
     "Analytic Rules": [
       "/Nasuni/Analytic Rules/RansomwareClientBlocked.yaml",
       "/Nasuni/Analytic Rules/RansomwareAttackDetected.yaml"
     ],
     "Hunting Queries": [
       "/Nasuni/Hunting Queries/FileDeleteEvents.yaml"
     ],
-    "Data Connectors": [
-      "/Nasuni/Data Connectors/Nasuni Data Connector.json"
-    ],
     "dependentDomainSolutionIds": [
       "azuresentinel.azure-sentinel-solution-syslog"
     ],
     "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions",
-    "Version": "3.0.2",
+    "Version": "3.0.3",
     "Metadata": "SolutionMetadata.json",
     "TemplateSpec": true,
     "Is1PConnector": false

diff --git a/Solutions/Nasuni/Hunting Queries/FileDeleteEvents.yaml b/Solutions/Nasuni/Hunting Queries/FileDeleteEvents.yaml
@@ -3,9 +3,6 @@ name: Nasuni File Delete Activity
 description: |
   'This query looks for file delete audit events generated by a Nasuni Edge Appliance.'
 requiredDataConnectors:
-  - connectorId: NasuniEdgeAppliance
-    dataTypes:
-      - Syslog
   - connectorId: SyslogAma
     datatypes:
       - Syslog
@@ -71,4 +68,4 @@ entityMappings:
         columnName: filename
       - identifier: Directory
         columnName: directorypath
-version: 1.0.1
+version: 1.0.2
diff --git a/Solutions/Nasuni/Package/3.0.3.zip b/Solutions/Nasuni/Package/3.0.3.zip
diff --git a/Solutions/Nasuni/Package/createUiDefinition.json b/Solutions/Nasuni/Package/createUiDefinition.json
@@ -6,7 +6,7 @@
     "config": {
       "isWizard": false,
       "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/Nasuni/Data%20Connectors/Logo/Nasuni.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Nasuni/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Nasuni](https://www.nasuni.com) solution for Microsoft Sentinel allows you to analyze Nasuni audit events and Notifications collected via Syslog. It includes analytics rules to automatically generate Incidents when a ransomware attack is detected and perform appropriate entity mapping. \n\n This solution is dependent on the Syslog solution containing the Syslog via AMA connector to collect the logs. The Syslog  solution will be installed as part of this solution installation. \n\n **NOTE**: Microsoft recommends installation of Syslog via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by **Aug 31, 2024**. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).\n\n**Data Connectors:** 1, **Analytic Rules:** 2, **Hunting Queries:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/Nasuni/Data%20Connectors/Logo/Nasuni.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Nasuni/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Nasuni](https://www.nasuni.com) solution for Microsoft Sentinel allows you to analyze Nasuni audit events and Notifications collected via Syslog. It includes analytics rules to automatically generate Incidents when a ransomware attack is detected and perform appropriate entity mapping. \n\n This solution is dependent on the Syslog solution containing the Syslog via AMA connector to collect the logs. The Syslog  solution will be installed as part of this solution installation. \n\n **NOTE**: Microsoft recommends installation of Syslog via AMA Connector. Legacy connector uses the Log Analytics agent which were deprecated on **Aug 31, 2024.** Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).\n\n**Analytic Rules:** 2, **Hunting Queries:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
         "subscription": {
           "resourceProviders": [
             "Microsoft.OperationsManagement/solutions",
@@ -51,30 +51,6 @@
       }
     ],
     "steps": [
-      {
-        "name": "dataconnectors",
-        "label": "Data Connectors",
-        "bladeTitle": "Data Connectors",
-        "elements": [
-          {
-            "name": "dataconnectors1-text",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
-              "text": "This Solution installs the data connector for Nasuni. You can get Nasuni Syslog data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
-            }
-          },
-          {
-            "name": "dataconnectors-link2",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
-              "link": {
-                "label": "Learn more about connecting data sources",
-                "uri": "https://docs.microsoft.com/azure/sentinel/connect-data-sources"
-              }
-            }
-          }
-        ]
-      },
       {
         "name": "analytics",
         "label": "Analytics",
@@ -162,7 +138,7 @@
                 "name": "huntingquery1-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "This query looks for file delete audit events generated by a Nasuni Edge Appliance. This hunting query depends on NasuniEdgeAppliance SyslogAma data connector (Syslog Syslog Parser or Table)"
+                  "text": "This query looks for file delete audit events generated by a Nasuni Edge Appliance. This hunting query depends on SyslogAma data connector (Syslog Parser or Table)"
                 }
               }
             ]