![](\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/SecurityBridgeLogo-Vector-TM_75x75.svg\")
",
"Description": "The [SecurityBridge App](https://securitybridge.com/) solution provides the capability to ingest SecurityBridge Threat Detection events from all on-premise and cloud based SAP instances into Microsoft Sentinel.\n\nThis solution is dependent on the Custom logs via AMA connector to collect the logs. The Custom logs solution will be installed as part of this solution installation. \n\n **NOTE**: Microsoft recommends installation of Custom logs via AMA Connector. Legacy connector uses the Log Analytics agent which were deprecated on **Aug 31, 2024.** Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/azure/sentinel/ama-migrate?WT.mc_id=Portal-fx).",
"Workbooks": [
@@ -15,8 +15,8 @@
"dependentDomainSolutionIds": [
"azuresentinel.azure-sentinel-solution-customlogsviaama"
],
- "BasePath": "https://raw.githubusercontent.com/frozenstrawberries/Azure-Sentinel/master/Solutions/SecurityBridge/",
- "Version": "3.0.1",
+ "BasePath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/SecurityBridge%20App/",
+ "Version": "3.1.0",
"Metadata": "SolutionMetadata.json",
"TemplateSpec": true
-}
\ No newline at end of file
+}
diff --git a/Solutions/SecurityBridge App/Package/3.1.0.zip b/Solutions/SecurityBridge App/Package/3.1.0.zip
new file mode 100644
index 00000000000..cd73478e319
Binary files /dev/null and b/Solutions/SecurityBridge App/Package/3.1.0.zip differ
diff --git a/Solutions/SecurityBridge App/Package/mainTemplate.json b/Solutions/SecurityBridge App/Package/mainTemplate.json
index 97477f24849..2e0e86b0449 100644
--- a/Solutions/SecurityBridge App/Package/mainTemplate.json
+++ b/Solutions/SecurityBridge App/Package/mainTemplate.json
@@ -2,7 +2,7 @@
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"metadata": {
- "author": "Christoph Nagy - christoph.nagy@securitybridge.com",
+ "author": "SecurityBridge - support@securitybridge.com",
"comments": "Solution template for SecurityBridge App"
},
"parameters": {
@@ -38,10 +38,10 @@
}
},
"variables": {
- "email": "christoph.nagy@securitybridge.com",
+ "email": "support@securitybridge.com",
"_email": "[variables('email')]",
"_solutionName": "SecurityBridge App",
- "_solutionVersion": "3.0.1",
+ "_solutionVersion": "3.1.0",
"solutionId": "securitybridge1647511278080.securitybridge-sentinel-app-1",
"_solutionId": "[variables('solutionId')]",
"workbookVersion1": "1.0.0",
@@ -77,7 +77,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
- "description": "SecurityBridgeThreatDetectionforSAP Workbook with template version 3.0.1",
+ "description": "SecurityBridgeThreatDetectionforSAP Workbook with template version 3.1.0",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('workbookVersion1')]",
@@ -117,13 +117,13 @@
"sourceId": "[variables('_solutionId')]"
},
"author": {
- "name": "Christoph Nagy",
+ "name": "SecurityBridge",
"email": "[variables('_email')]"
},
"support": {
- "name": "Christoph Nagy",
- "email": "christoph.nagy@securitybridge.com",
"tier": "Partner",
+ "name": "SecurityBridge",
+ "email": "support@securitybridge.com",
"link": "https://securitybridge.com/contact/"
},
"dependencies": {
@@ -134,7 +134,7 @@
"kind": "DataType"
},
{
- "contentId": "SecurityBridgeSAP",
+ "contentId": "CustomLogsAma",
"kind": "DataConnector"
}
]
@@ -165,7 +165,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
- "description": "CriticalEventTriggered_AnalyticalRules Analytics Rule with template version 3.0.1",
+ "description": "CriticalEventTriggered_AnalyticalRules Analytics Rule with template version 3.1.0",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('analyticRuleObject1').analyticRuleVersion1]",
@@ -193,10 +193,10 @@
"status": "Available",
"requiredDataConnectors": [
{
+ "connectorId": "CustomLogsAma",
"datatypes": [
"SecurityBridgeLogs_CL"
- ],
- "connectorId": "CustomLogsAma"
+ ]
}
],
"tactics": [
@@ -207,31 +207,31 @@
],
"entityMappings": [
{
+ "entityType": "Account",
"fieldMappings": [
{
- "columnName": "maincontact",
- "identifier": "Name"
+ "identifier": "Name",
+ "columnName": "maincontact"
}
- ],
- "entityType": "Account"
+ ]
},
{
+ "entityType": "Host",
"fieldMappings": [
{
- "columnName": "dhost",
- "identifier": "HostName"
+ "identifier": "HostName",
+ "columnName": "dhost"
}
- ],
- "entityType": "Host"
+ ]
},
{
+ "entityType": "Host",
"fieldMappings": [
{
- "columnName": "Computer",
- "identifier": "HostName"
+ "identifier": "HostName",
+ "columnName": "dvchost"
}
- ],
- "entityType": "Host"
+ ]
}
]
}
@@ -252,13 +252,13 @@
"sourceId": "[variables('_solutionId')]"
},
"author": {
- "name": "Christoph Nagy",
+ "name": "SecurityBridge",
"email": "[variables('_email')]"
},
"support": {
- "name": "Christoph Nagy",
- "email": "christoph.nagy@securitybridge.com",
"tier": "Partner",
+ "name": "SecurityBridge",
+ "email": "support@securitybridge.com",
"link": "https://securitybridge.com/contact/"
}
}
@@ -287,7 +287,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
- "description": "SecurityBridgeLogs Data Parser with template version 3.0.1",
+ "description": "SecurityBridgeLogs Data Parser with template version 3.1.0",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('parserObject1').parserVersion1]",
@@ -333,13 +333,13 @@
"sourceId": "[variables('_solutionId')]"
},
"author": {
- "name": "Christoph Nagy",
+ "name": "SecurityBridge",
"email": "[variables('_email')]"
},
"support": {
- "name": "Christoph Nagy",
- "email": "christoph.nagy@securitybridge.com",
"tier": "Partner",
+ "name": "SecurityBridge",
+ "email": "support@securitybridge.com",
"link": "https://securitybridge.com/contact/"
}
}
@@ -399,13 +399,13 @@
"sourceId": "[variables('_solutionId')]"
},
"author": {
- "name": "Christoph Nagy",
+ "name": "SecurityBridge",
"email": "[variables('_email')]"
},
"support": {
- "name": "Christoph Nagy",
- "email": "christoph.nagy@securitybridge.com",
"tier": "Partner",
+ "name": "SecurityBridge",
+ "email": "support@securitybridge.com",
"link": "https://securitybridge.com/contact/"
}
}
@@ -415,11 +415,11 @@
"apiVersion": "2023-04-01-preview",
"location": "[parameters('workspace-location')]",
"properties": {
- "version": "3.0.1",
+ "version": "3.1.0",
"kind": "Solution",
"contentSchemaVersion": "3.0.0",
"displayName": "SecurityBridge App",
- "publisherDisplayName": "Christoph Nagy",
+ "publisherDisplayName": "SecurityBridge",
"descriptionHtml": "Note: Please refer to the following before installing the solution:
\n• Review the solution Release Notes
\n• There may be known issues pertaining to this Solution, please refer to them before installing.
\nThe SecurityBridge App solution provides the capability to ingest SecurityBridge Threat Detection events from all on-premise and cloud based SAP instances into Microsoft Sentinel.
\nThis solution is dependent on the Custom logs via AMA connector to collect the logs. The Custom logs solution will be installed as part of this solution installation.
\nNOTE: Microsoft recommends installation of Custom logs via AMA Connector. Legacy connector uses the Log Analytics agent which were deprecated on Aug 31, 2024. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost more details.
\nParsers: 1, Workbooks: 1, Analytic Rules: 1
\nLearn more about Microsoft Sentinel | Learn more about Solutions
\n", "contentKind": "Solution", "contentProductId": "[variables('_solutioncontentProductId')]", @@ -433,12 +433,12 @@ "sourceId": "[variables('_solutionId')]" }, "author": { - "name": "Christoph Nagy", + "name": "SecurityBridge", "email": "[variables('_email')]" }, "support": { - "name": "Christoph Nagy", - "email": "christoph.nagy@securitybridge.com", + "name": "SecurityBridge", + "email": "support@securitybridge.com", "tier": "Partner", "link": "https://securitybridge.com/contact/" }, @@ -466,7 +466,6 @@ ] }, "firstPublishDate": "2022-02-17", - "lastPublishDate": "2022-02-17", "providers": [ "SecurityBridge" ], diff --git a/Solutions/SecurityBridge App/Parsers/SecurityBridgeLogs.yaml b/Solutions/SecurityBridge App/Parsers/SecurityBridgeLogs.yaml index acf687292a9..77c73d5940a 100644 --- a/Solutions/SecurityBridge App/Parsers/SecurityBridgeLogs.yaml +++ b/Solutions/SecurityBridge App/Parsers/SecurityBridgeLogs.yaml @@ -30,4 +30,4 @@ FunctionQuery: | SAPinstallationnumber = tostring(replace_string(tostring(split(split(RawData, "SAPinstallationnumber=")[1], "=")[0]), tostring(split(split(split(RawData, "SAPinstallationnumber=")[1], "=")[0], " ")[-1]), "")), SAPhost = tostring(replace_string(tostring(split(split(RawData, "SAPhost=")[1], "=")[0]), tostring(split(split(split(RawData, "SAPhost=")[1], "=")[0], " ")[-1]), "")), Severity = case(toint(Severity) < 3, "Low", toint(Severity) < 7, "Medium", toint(Severity) < 9, "High", toint(Severity) >= 9, "Critical", "None"), - maincontact = split(split(["Main contact area of responsibility"], ',')[-1], ' ')[2] \ No newline at end of file + maincontact = split(split(["Main contact area of responsibility"], ',')[-1], ' ')[2] diff --git a/Solutions/SecurityBridge App/ReleaseNotes.md b/Solutions/SecurityBridge App/ReleaseNotes.md index 1c8f09758e7..304501fde9b 100644 --- a/Solutions/SecurityBridge App/ReleaseNotes.md +++ b/Solutions/SecurityBridge App/ReleaseNotes.md @@ -1,4 +1,5 @@ | **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** | |-------------|--------------------------------|-----------------------------------------| +| 3.1.0 | 12-02-2025 | Adjusted contact and support | | 3.0.1 | 07-01-2025 | Removed Deprecated **Data connector** | | 3.0.0 | 08-08-2024 | Deprecating data connectors | \ No newline at end of file diff --git a/Solutions/SecurityBridge App/SolutionMetadata.json b/Solutions/SecurityBridge App/SolutionMetadata.json index 30aa51b8498..1022fbcb8fe 100644 --- a/Solutions/SecurityBridge App/SolutionMetadata.json +++ b/Solutions/SecurityBridge App/SolutionMetadata.json @@ -1,17 +1,22 @@ { - "publisherId": "securitybridge1647511278080", - "offerId": "securitybridge-sentinel-app-1", - "firstPublishDate": "2022-02-17", - "lastPublishDate": "2022-02-17", - "providers": ["SecurityBridge"], - "categories": { - "domains" : ["Security - Network"], - "verticals": ["Finance"] - }, - "support": { - "name": "Christoph Nagy", - "email": "christoph.nagy@securitybridge.com", - "tier": "Partner", - "link": "https://securitybridge.com/contact/" - } -} \ No newline at end of file + "publisherId": "securitybridge1647511278080", + "offerId": "securitybridge-sentinel-app-1", + "firstPublishDate": "2022-02-17", + "providers": [ + "SecurityBridge" + ], + "categories": { + "domains": [ + "Security - Network" + ], + "verticals": [ + "Finance" + ] + }, + "support": { + "tier": "Partner", + "name": "SecurityBridge", + "email": "support@securitybridge.com", + "link": "https://securitybridge.com/contact/" + } +} diff --git a/Solutions/SecurityBridge App/Workbooks/SecurityBridgeThreatDetectionforSAP.json b/Solutions/SecurityBridge App/Workbooks/SecurityBridgeThreatDetectionforSAP.json index cb8cac5a2ef..296c4b8d663 100644 --- a/Solutions/SecurityBridge App/Workbooks/SecurityBridgeThreatDetectionforSAP.json +++ b/Solutions/SecurityBridge App/Workbooks/SecurityBridgeThreatDetectionforSAP.json @@ -796,4 +796,4 @@ ], "fromTemplateId": "sentinel-SecurityBridge", "$schema": "https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json" -} \ No newline at end of file +}