Skip to content

Commit

Permalink
updatecpackage
Browse files Browse the repository at this point in the history
  • Loading branch information
@v-atulyadav
v-atulyadav committed Feb 12, 2025
1 parent f126e5d commit fc88608
Show file tree
Hide file tree
Showing 4 changed files with 25 additions and 25 deletions.
Binary file modified Solutions/ProofPointTap/Package/3.0.5.zip
View file
Binary file not shown.
2 changes: 1 addition & 1 deletion Solutions/ProofPointTap/Package/createUiDefinition.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,7 @@
}
},
{
"name": "dataconnectors-link2",
"name": "dataconnectors-link1",
"type": "Microsoft.Common.TextBlock",
"options": {
"link": {
Expand Down
42 changes: 21 additions & 21 deletions Solutions/ProofPointTap/Package/mainTemplate.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,11 +68,11 @@
"_analyticRulecontentProductId1": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','0558155e-4556-447e-9a22-828f2a7de06b','-', '1.0.4')))]"
},
"analyticRuleObject2": {
"analyticRuleVersion2": "1.0.4",
"analyticRuleVersion2": "1.0.5",
"_analyticRulecontentId2": "8675dd7a-795e-4d56-a79c-fc848c5ee61c",
"analyticRuleId2": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '8675dd7a-795e-4d56-a79c-fc848c5ee61c')]",
"analyticRuleTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('8675dd7a-795e-4d56-a79c-fc848c5ee61c')))]",
"_analyticRulecontentProductId2": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','8675dd7a-795e-4d56-a79c-fc848c5ee61c','-', '1.0.4')))]"
"_analyticRulecontentProductId2": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','8675dd7a-795e-4d56-a79c-fc848c5ee61c','-', '1.0.5')))]"
},
"workbookVersion1": "1.0.0",
"workbookContentId1": "ProofPointTAPWorkbook",
Expand Down Expand Up @@ -756,10 +756,10 @@
"status": "Available",
"requiredDataConnectors": [
{
"connectorId": "ProofpointTAP",
"dataTypes": [
"ProofPointTAPMessagesDelivered_CL"
],
"connectorId": "ProofpointTAP"
]
}
],
"tactics": [
Expand All @@ -773,7 +773,6 @@
],
"entityMappings": [
{
"entityType": "Account",
"fieldMappings": [
{
"columnName": "Recipient",
Expand All @@ -787,10 +786,10 @@
"columnName": "RecipientUPNSuffix",
"identifier": "UPNSuffix"
}
]
],
"entityType": "Account"
},
{
"entityType": "Account",
"fieldMappings": [
{
"columnName": "Sender",
Expand All @@ -804,16 +803,17 @@
"columnName": "SenderUPNSuffix",
"identifier": "UPNSuffix"
}
]
],
"entityType": "Account"
},
{
"entityType": "IP",
"fieldMappings": [
{
"columnName": "SenderIPAddress",
"identifier": "Address"
}
]
],
"entityType": "IP"
}
]
}
Expand Down Expand Up @@ -886,7 +886,7 @@
"description": "This query identifies a user clicking on an email link whose threat category is classified as a malware",
"displayName": "Malware Link Clicked",
"enabled": false,
"query": "ProofPointTAPClicksPermitted_CL\n| where classification_s =~ \"malware\"\n| summarize StartTime = min(TimeGenerated), EndTime = max(TimeGenerated), count() by TimeGenerated, Sender = sender_s, SenderIPAddress = senderIP_s, Recipient = recipient_s, TimeClicked = clickTime_t, URLClicked = url_s\n| extend RecipientName = tostring(split(Recipient, \"@\")[0]), RecipientUPNSuffix = tostring(split(Recipient, \"@\")[1])\n| extend SenderName = tostring(split(Sender, \"@\")[0]), SenderUPNSuffix = tostring(split(Sender, \"@\")[1])\n",
"query": "ProofPointTAPClicksPermitted_CL\n| where classification_s =~ \"malware\"\n| where threatStatus_s != \"cleared\"\n| summarize StartTime = min(TimeGenerated), EndTime = max(TimeGenerated), count() by TimeGenerated, Sender = sender_s, SenderIPAddress = senderIP_s, Recipient = recipient_s, TimeClicked = clickTime_t, URLClicked = url_s\n| extend RecipientName = tostring(split(Recipient, \"@\")[0]), RecipientUPNSuffix = tostring(split(Recipient, \"@\")[1])\n| extend SenderName = tostring(split(Sender, \"@\")[0]), SenderUPNSuffix = tostring(split(Sender, \"@\")[1])\n",
"queryFrequency": "PT1H",
"queryPeriod": "PT1H",
"severity": "Medium",
Expand All @@ -897,10 +897,10 @@
"status": "Available",
"requiredDataConnectors": [
{
"connectorId": "ProofpointTAP",
"dataTypes": [
"ProofPointTAPClicksPermitted_CL"
],
"connectorId": "ProofpointTAP"
]
}
],
"tactics": [
Expand All @@ -914,7 +914,6 @@
],
"entityMappings": [
{
"entityType": "Account",
"fieldMappings": [
{
"columnName": "Recipient",
Expand All @@ -928,10 +927,10 @@
"columnName": "RecipientUPNSuffix",
"identifier": "UPNSuffix"
}
]
],
"entityType": "Account"
},
{
"entityType": "Account",
"fieldMappings": [
{
"columnName": "Sender",
Expand All @@ -945,25 +944,26 @@
"columnName": "SenderUPNSuffix",
"identifier": "UPNSuffix"
}
]
],
"entityType": "Account"
},
{
"entityType": "IP",
"fieldMappings": [
{
"columnName": "SenderIPAddress",
"identifier": "Address"
}
]
],
"entityType": "IP"
},
{
"entityType": "URL",
"fieldMappings": [
{
"columnName": "URLClicked",
"identifier": "Url"
}
]
],
"entityType": "URL"
}
]
}
Expand Down
6 changes: 3 additions & 3 deletions Solutions/ProofPointTap/ReleaseNotes.md
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
| **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** |
|-------------|--------------------------------|--------------------------------------------------------------|
| 3.0.5 | 05-07-2024 | Updated **Analytic Rules** MalwareAttachmentDelivered.yaml and MalwareLinkClicked.yaml |
| 3.0.4 | 26-04-2024 | Repackaged for fix on parser in maintemplate to have old parsername and parentid |
| 3.0.3 | 16-04-2024 | Repackaged for parser issue in maintemplate |
| 3.0.5 | 12-01-2025 | Updated **Analytic Rule** MalwareLinkClicked.yaml |
| 3.0.4 | 26-04-2024 | Repackaged for fix on parser in maintemplate to have old parsername and parentid |
| 3.0.3 | 16-04-2024 | Repackaged for parser issue in maintemplate |
| 3.0.2 | 10-04-2024 | Added Azure Deploy button for government portal deployments |
| 3.0.1 | 10-10-2023 | Manual deployment instructions updated for **Data Connector**|
| 3.0.0 | 01-08-2023 | Updated solution logo with Microsoft Sentinel logo |

0 comments on commit fc88608

Please sign in to comment.