From 5de70f1d2e54ecda639b4ad43a292708849715ad Mon Sep 17 00:00:00 2001
From: v-amolpatil <v-amolpatil@microsoft.com>
Date: Mon, 13 Jan 2025 20:23:01 +0530
Subject: [PATCH] GCP Audit logs new package 3.0.0

---
 .../data_connector_definition.json            |  97 ++
 .../data_connector_poller.json                |  24 +
 .../Data Connectors/GCPAuditLogs_ccp/dcr.json |  24 +
 .../Data/Solution_GCPAuditLogs.json           |   9 +-
 .../Package/3.0.0.zip                         | Bin 0 -> 6300 bytes
 .../Package/createUiDefinition.json           |   6 +-
 .../Package/mainTemplate.json                 | 839 +++++++++---------
 .../Package/testParameters.json               |  38 +
 .../ReleaseNotes.md                           |   3 +
 9 files changed, 610 insertions(+), 430 deletions(-)
 create mode 100644 Solutions/Google Cloud Platform Audit Logs/Data Connectors/GCPAuditLogs_ccp/data_connector_definition.json
 create mode 100644 Solutions/Google Cloud Platform Audit Logs/Data Connectors/GCPAuditLogs_ccp/data_connector_poller.json
 create mode 100644 Solutions/Google Cloud Platform Audit Logs/Data Connectors/GCPAuditLogs_ccp/dcr.json
 create mode 100644 Solutions/Google Cloud Platform Audit Logs/Package/3.0.0.zip
 create mode 100644 Solutions/Google Cloud Platform Audit Logs/Package/testParameters.json
 create mode 100644 Solutions/Google Cloud Platform Audit Logs/ReleaseNotes.md

diff --git a/Solutions/Google Cloud Platform Audit Logs/Data Connectors/GCPAuditLogs_ccp/data_connector_definition.json b/Solutions/Google Cloud Platform Audit Logs/Data Connectors/GCPAuditLogs_ccp/data_connector_definition.json
new file mode 100644
index 00000000000..583cbd3ab38
--- /dev/null
+++ b/Solutions/Google Cloud Platform Audit Logs/Data Connectors/GCPAuditLogs_ccp/data_connector_definition.json	
@@ -0,0 +1,97 @@
+{
+	"type": "Microsoft.SecurityInsights/dataConnectorDefinitions",
+	"apiVersion": "2022-09-01-preview",
+	"name": "{{workspace}}/Microsoft.SecurityInsights/GCPAuditLogsDefinition",
+	"kind": "Customizable",
+	"properties": {
+		"connectorUiConfig": {
+			"id": "GCPAuditLogsDefinition",
+			"title": "GCP Pub/Sub Audit Logs",
+			"publisher": "Microsoft",
+			"descriptionMarkdown": "The Google Cloud Platform (GCP) audit logs, ingested from Sentinel's connector, enable you to capture three types of audit logs: admin activity logs, data access logs, and access transparency logs. Google cloud audit logs record a trail that practitioners can use to monitor access and detect potential threats across Google Cloud Platform (GCP) resources.",
+			"graphQueriesTableName": "GCPAuditLogs",
+			"graphQueries": [
+				{
+					"metricName": "Total events received",
+					"legend": "GCP Audit Logs",
+					"baseQuery": "{{graphQueriesTableName}}"
+				}
+			],
+			"sampleQueries": [
+				{
+					"description": "Get Sample of GCP Audit Logs",
+					"query": "{{graphQueriesTableName}}\n | take 10"
+				}
+			],
+			"dataTypes": [
+				{
+					"name": "{{graphQueriesTableName}}",
+					"lastDataReceivedQuery": "{{graphQueriesTableName}}\n | where TimeGenerated > ago(12h) | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)"
+				}
+			],
+			"connectivityCriteria": [
+				{
+					"type": "HasDataConnectors"
+				}
+			],
+			"availability": {
+				"status": 1,
+				"isPreview": false
+			},
+			"permissions": {
+				"resourceProvider": [
+					{
+						"provider": "Microsoft.OperationalInsights/workspaces",
+						"permissionsDisplayText": "Read and Write permissions are required.",
+						"providerDisplayName": "Workspace",
+						"scope": "Workspace",
+						"requiredPermissions": {
+							"read": true,
+							"write": true,
+							"delete": true,
+							"action": false
+						}
+					}
+				]
+			},
+			"instructionSteps": [
+				{
+					"instructions": [
+						{
+							"type": "MarkdownControlEnvBased",
+							"parameters": {
+								"prodScript":
+										"#### 1. Set up your GCP environment \n You must have the following GCP resources defined and configured: topic, subscription for the topic, workload identity pool, workload identity provider and service account with permissions to get and consume from subscription. \n Terraform provides API for the IAM that creates the resources. [Link to Terraform scripts](https://github.com/Azure/Azure-Sentinel/tree/master/DataConnectors/GCP/Terraform/sentinel_resources_creation).",
+								"govScript":
+										"#### 1. Set up your GCP environment \n You must have the following GCP resources defined and configured: topic, subscription for the topic, workload identity pool, workload identity provider and service account with permissions to get and consume from subscription. \n Terraform provides API for the IAM that creates the resources. [Link to Gov Terraform scripts](https://github.com/Azure/Azure-Sentinel/tree/master/DataConnectors/GCP/Terraform/sentinel_resources_creation_gov)."
+						}
+						},
+						{
+							"type": "CopyableLabel",
+							"parameters": {
+								"label": "Tenant ID: A unique identifier that is used as an input in the Terraform configuration within a GCP environment.",
+								"fillWith": ["TenantId"],
+								"name": "TenantId",
+								"disabled": true
+							}
+						},
+						{
+							"type": "Markdown",
+							"parameters": {
+								"content": "#### 2. Connect new collectors \n To enable GCP Audit Logs for Microsoft Sentinel, click the Add new collector button, fill the required information in the context pane and click on Connect."
+							}
+						},
+						{
+							"type": "GCPGrid",
+							"parameters":{}
+						},
+						{
+							"type": "GCPContextPane",
+							"parameters":{}
+						}
+					]
+				}
+			]
+		}
+	}
+}
\ No newline at end of file
diff --git a/Solutions/Google Cloud Platform Audit Logs/Data Connectors/GCPAuditLogs_ccp/data_connector_poller.json b/Solutions/Google Cloud Platform Audit Logs/Data Connectors/GCPAuditLogs_ccp/data_connector_poller.json
new file mode 100644
index 00000000000..75a7340e57f
--- /dev/null
+++ b/Solutions/Google Cloud Platform Audit Logs/Data Connectors/GCPAuditLogs_ccp/data_connector_poller.json	
@@ -0,0 +1,24 @@
+[{
+	"type": "Microsoft.SecurityInsights/dataConnectors",
+	"apiVersion": "2022-10-01-preview",
+	"name": "{{workspace}}/Microsoft.SecurityInsights/GCPAuditLogs",
+	"kind": "GCP",
+	"properties": {
+		"connectorDefinitionName": "GCPAuditLogsDefinition",
+		"dataType": "GCPAuditLogs",
+		"dcrConfig": {
+			"streamName": "SENTINEL_GCP_AUDIT_LOGS"
+		},
+		"auth": {
+			"serviceAccountEmail": "{{GCPServiceAccountEmail}}",
+			"projectNumber": "{{GCPProjectNumber}}",
+			"workloadIdentityProviderId": "{{GCPWorkloadIdentityProviderId}}"
+		},
+		"request": {
+			"projectId": "{{GCPProjectId}}",
+			"subscriptionNames": [
+				"{{GCPSubscriptionName}}"
+			]
+		}
+	}
+}]
\ No newline at end of file
diff --git a/Solutions/Google Cloud Platform Audit Logs/Data Connectors/GCPAuditLogs_ccp/dcr.json b/Solutions/Google Cloud Platform Audit Logs/Data Connectors/GCPAuditLogs_ccp/dcr.json
new file mode 100644
index 00000000000..35e868ffe22
--- /dev/null
+++ b/Solutions/Google Cloud Platform Audit Logs/Data Connectors/GCPAuditLogs_ccp/dcr.json	
@@ -0,0 +1,24 @@
+[{
+	"name": "GCPAuditLogs",
+	"apiVersion": "2021-09-01-preview",
+	"type": "Microsoft.Insights/dataCollectionRules",
+	"properties": {
+		"destinations": {
+			"logAnalytics": [
+				{
+					"name": "clv2ws1"
+				}
+			]
+		},
+		"dataFlows": [
+			{
+				"streams": [
+					"Microsoft-GCPAuditLogs"
+				],
+				"destinations": [
+					"clv2ws1"
+				]
+			}
+		]
+	}
+}]
\ No newline at end of file
diff --git a/Solutions/Google Cloud Platform Audit Logs/Data/Solution_GCPAuditLogs.json b/Solutions/Google Cloud Platform Audit Logs/Data/Solution_GCPAuditLogs.json
index a0ed28ce543..6ca231ab098 100644
--- a/Solutions/Google Cloud Platform Audit Logs/Data/Solution_GCPAuditLogs.json	
+++ b/Solutions/Google Cloud Platform Audit Logs/Data/Solution_GCPAuditLogs.json	
@@ -2,13 +2,12 @@
   "Name": "Google Cloud Platform Audit Logs",
   "Author": "Microsoft - support@microsoft.com",
   "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/Google%20Cloud%20Platform%20Audit%20Logs/logo/Google-Cloud-Branding.png\" width=\"75px\" height=\"75px\">",
-  "Description": "The Google Cloud Platform (GCP) audit logs, ingested from Sentinel's connector, enable you to capture and track all activity that occurs in your GCP environment. These audit logs provide valuable insights for monitoring user activity, troubleshooting issues, and ensuring compliance with security regulations. They serve as a record of events that practitioners can utilize to monitor access and identify potential threats across GCP resources.",
+  "Description": "The Google Cloud Platform (GCP) audit logs, ingested from Microsoft Sentinel's connector, enables you to capture and track all activity that occurs in your GCP environment. These audit logs provide valuable insights for monitoring user activity, troubleshooting issues, and ensuring compliance with security regulations. They serve as a record of events that practitioners can utilize to monitor access and identify potential threats across GCP resources.",
   "Data Connectors": [
-    "Data Connectors/GCPAuditLogs.json"
+    "Data Connectors/GCPAuditLogs_ccp/data_connector_definition.json"
   ],
   "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\Google Cloud Platform Audit Logs",
-  "Version": "2.0.2",
+  "Version": "3.0.0",
   "Metadata": "SolutionMetadata.json",
-  "TemplateSpec": true,
-  "Is1Pconnector": false
+  "TemplateSpec": true
 }
\ No newline at end of file
diff --git a/Solutions/Google Cloud Platform Audit Logs/Package/3.0.0.zip b/Solutions/Google Cloud Platform Audit Logs/Package/3.0.0.zip
new file mode 100644
index 0000000000000000000000000000000000000000..c34de1fef0e91d778cf95c2f55ba01c5a113d39b
GIT binary patch
literal 6300
zcma)=Wl$VYvtV&|Coo}vL4sTG;O-WD2r#%O5G+V=cNm<&V8I6`NN^wAU4u&q7Bnx}
zt=;|JkFDL?b)~Di`u4w5b+lAb(a4an{zgv$r!mrhEMg=elCy=qi=MT!o0ElyHJ5|C
ztIJ1kTqI<)e^vkEc&mqxgxSCxX8Uh%7=N}p1wXmaHWUBpl-dYtX%NPqTvPrq%@FRW
zmt?9K$x#6%DNIDqY*t<4T{dxnwz06s2T7>XRcTIdEvyG5J`|^%4z!}xxunyM<3;fI
zZn+wq|M`s>iV?WIp2P8TllKK81+<;OLi*9Vy^B6C2^~9y_xW|)@FE1)KS9&8+3P#N
zIq=Q$dggBs&SI6FmjZ?MXHvfB%=(`d-B8*thy}`R00VC+2ieX^Y;%9${c|vAaWHCg
zv!ewm-7O1Y#F6zq-wYw#rZS0jArNht^XP9;jU7%#EP{}Mcgff2QWRn1g_DdCwOaD}
zjxTZm?Ig|15;QjXOilAUW=pX}E%_ygQYBbR7-%8pc;4f+<UE8dDj5FQT+GeH#E@U0
zk}U+BaTm5ljBPtidv;dI^{|UmD*cO;KxgS(oH?hsRxxjoBTi6o&?YrTyec|gfb*<h
zU|JkM-Y8f{<B?N9os^7Zo0N_TPd>vvbf=$Hxmub@T-r6^3RpNJqKX=b23Fiinz|Lf
zd4sXG9#8D6PK56x1Lyt<v(lJcp`mzpiS^0KYSAyoWp6f{aU@C8vNe>x#<D4KEa66L
z-opI%bAG^`Idip2U2ec=^hss4J6w&*4e~o0QB=!Qq(=Q7B5C6y{37Uy*n+$#Bh)Y4
zsD+kD^HFfs*l28Ea+S`-#Y|w-jOd#JUvpz4$z3BgVOZB!Q*!e=JMO-2XPGwy?#h<I
z`W0tnP%?aFU`cukC@u#^hWJhO^)|bI<O5Nx=R2HmoGffUmF4HU3y-YQb;U}gOREq?
z<ghOy4nSbowP=nK{~?=o9tkXf5Zj&0H3|}4iah*D-0fOGi*fF5eYA4TN5LAx%1vNk
ziO)6GI=#nhcQurj_l@<J9l2~D*&#;6_ZF5N@`dS&gV%iT6iW{6_T&v?$-A@|X{V0d
zqK(bI&gHgSEr|vcpK5r;*4NPVrX86nfS})zF(c?p>wS7ymPU4aIa6;LsSn%3@IswW
z>Uq#6dbgjRQa*Tqqja3gEH4VafJJ}?0!6`@01?Iq7M&-VhYFJ$3-t!d`a_tlU!^Rp
zYHR3Lp|?t)sIy3}3Ko~sB<4nVG@NbhtY|mk*f-Yb!0Ds#%Zv$HNXGQ`6crGX7Z%X>
z^*}q)Ev3D5GsUuKWP=n>1Ba_+wRL;nI-S)<73boMCf_;#xYNqGWhQ)WvJ{!1=9`&X
zzDI%+UMXB|maxKW3VUA}@i@zF&(OV4lz;Z<yMAwDf|zh~911CTL@%=!eLGWRFWfd-
z&3vne=CH!B0`5re2OalGKkRc*BKwS|A?Bp6VDrOPY<u6ZXO8#;$K18C{4B?7Ph8F=
zbYA^ojUG-;&NiLVYP(XnoS+_hbupd6+)N!PpXTvFP-=O}>j#~xwqUv&!FUyIg1-H#
zJbk+&=<06N?KS1Edl4VZRx-valx_tHtcKh#SwJM4cZD*L$HlhrF&ZzbOrCC2W8d0j
zyb}~ERXYj%L?Q8==n>-Dl!WnD+Fz4o6hd9=J<R{0<rd8h+lw}WkbSrU@(Xr%fRY{s
z^t&$$YBOOVI*SPt8=>aN@fE5=`6#vbLiYvU^@+`CXGVVEckSE(;0=;9z;{)hl{b@T
zb`K^Mm?N#L-Q*ODVBSH_!mEz}>L5qwo`+YOi^0!qdN%fZ#tA;8x{uFFLD%e}_01vB
zS=aHOBdwvkEkC9ampK}!BNp5`85oK?tI$34_!@st#*e;&Eb+l(7(eTxthVFj_P&P!
z1!bA7aR}#5ClU+QR81m7r$whYRr{eEz1k?a0H(`~E=``7@r!TcpCO@7==j9pC)U^{
z)tKZ>C<|SmTfPU&ZkQ@r(gqXvfv)r(YKaF@dMdvbW_WXiv%?7SKjY`*vr>d$r+rpN
zjwoR3;%PAF0mJPVdLxPb;bMfXJhe@%1VupMplliZcKxW#PgG*ewiG*d&l9PA=7F{{
z&LRf6M%ppo-`+wb^mWsoETsEq`BC#~(X1F%wYNz{8DY~_bVfG>L$RR)n>6bBo|%>!
zXr0Zlg@;@HB}qT3#fLyR_&eM&9D+r?OHlqQ4LOe#{!v-i(8bXw&_4BAJu*O+!CFCV
z#WB%@Ba^?j>wd@ymh#EcAr|>kt_Y{5VNGD7F4Z(mcl;n&oTUJZe$z6KK^#IO)^@3G
z*EQ3R0$ZyoC%&gK-t?jgyU7-jNsUk=D@rk0vT?_MG3TOwU+f>*3&c1pG$rNl9Bfb2
zxp@6EGJSL5XDUWlA-iCde9|W9N0_ls8Tt<v(E~{Z1L4iS`Lhs4P?EQ_NP73`Sja^L
zizuU8MV&$>n_c#E)eKSd9mSHQmdGXbi2&N20Zg2GyUUUHiFJWU`Zu!XovI3CTa4B(
zY9qu_B5$t9LCift9*{*7ud$3!n#aU7$m@GmM$dWVCWBpNd=CP0W?O2C8JA9#C4AJL
zU2Qoq@7xA5YcMgEVn_M<Owz_>JvRz~ayh!^53`1jAr#`c=^N5$RoEkS&8JplYr;0q
zWq2PgyJ|K=JO>gNm{{ZFP$)<36nmKBj95J(SdXWjz*-Y2{kT2vviPcMLn1hh5~=m&
zTtPhduXnKd1eO%rAvAwDHifn;F8RpucBS0p^le`cK2_x#L!m@3X=5s03d5S?ekR2&
zkeN<GBwBoN*BQS0UYI<t@;YAM46XF%sX=ugvjLeAev(1My$`-f@i!U-{DOqHW?xOG
zNtb}DWRwPXFGVF`Ta8rC@`_XYlr%P);;4JmWveLXQDg9X5kC8CP*AK73JoL!q0H-~
zCN+@~`>QW?otqzni^&8yYExyKtiS^q#iVI5pz$7uepx2qvVe9|9I165z5|=-`Y(&r
z`%|n%U!7xVD#JA>DU^aOF;QtWGfsO$2JJK#(i($IwMi<XV5ToO898n|;WcqOEfga@
zCSwV;Iv*c7Diu#OMl14tz~CvMw>pzV0W-zHK=gxbr)RjSh<SXx@(#bRI>2wFzdhsk
zpJ6-@yGG@dpob67rDGeUXn_D{7+<YHoImIzh*E5(IA)qalk3)D3WDo{d|h39dU6+#
zl#dh%;#igG!DukivZv0-=Hat8S-t{gpOcVnC9>9lUdf`4owArV=f~{xo<coVg=8O8
z-m&CYH(vZ`wN_^U(=;6QtF%pr)k&OHIXG#s;a(K_Da>CA2oF|O<+Z!JUhm@dPZd_P
zS48Z!{79i=|HiiCl?fbuT%8cnRd{GUTx50p*1i%IR{~=mGD_r@k~ban&>y+`XnXv1
z{0A5u_X45a*#BweaT5n>PdVr|t9Q{H9LB}pprvXfz)<!^h^W%?AjmOZY`HsECD$Ck
zS@Zx4xWttsT+Tbt&ugqwLy)h0AOeUqRPp+XRc(z-C2`MbkMCJl=)|$q(r<ZPr+e{B
z0s?umk9y7egdVI@VZJN1)UJYRqW<20AA0Ab2Lyb27?8qj(^oRAeWkjjE@EDfSLB;M
zgUW4qw(b^VQxD~0eWzinO4_zV@@0PB2E4~p`Uh(<PS?ikHQ;70W|?neBwPXg!Gnw)
z{Pu48>RSYV`MC~Wm081uc0y2vca4MC%1IjKr)S6brN;*8ab|5H$<&>S;y6?iov<MA
zqA#5n-gC%vhHz@owqK19YxO3yVyJ~H6O1mhAMWeCoVLKU#TPA>Mg*k1H*7k2$*aCk
zvg#Lh^bkuV0!S3Tjp;fhT&_@Don_cKA{GQBzFs4GU6m+6h?O-#Bt3&EGV?j3tR%gI
zh!2p+`$WXsuVj=8N50b`ztB)hZ=*Lo+WjhB*W!f?NM!#*7nvrC-zZz6mo`Tcr6c6|
zX1gy=piD6%HNUYjGFe}V#Bt75eJJUZOzf3Rbc0-^hjh3AgG^Qukdp`)H<VC<(=8wO
zB)}+I9#cr&ZLy%w-KS7dScw@rKp8vfEoI}kHH4??KcGKQ?xn(+NO@{HWgF387Y4VJ
z(HF*bbxtC4CL(jp9P$m7YZH0&XJnX%?HTvU^272MKF39dQ|v&w)7ZX`qZ|*GC$Dj%
z6rlbx?}$Y80w3ebQmu}XR>nmJw*iVoiO@O{QQr`uepCwT>5c$UPljUIC7`k5?FrwV
zf7sqQEb2TA?YtZgkj`pNdCVexJlb=^XSq3+EIap<*^tEWi#nH_G!FDW@818tj=GZE
z^6)@FTfw@q<Mp^5q7yfF|EnRbden9E!(!T)eVW<v+YdTF%6Zjx%GhX6%38bm0j61*
zz8J>IZ%J^GdCaHEliD0Y9<wn!U2L8~Hj=$+w52hxYGDtnPL!?H5nH)7;qQ*w#tXQ%
zGZ@-T3jr-&Gk1%v=OaGzr-i(}Sru++8)pj$*KfDJivhD;O$O?lCiUw#VU)+OT{dFY
zxGz{Q?a*h8h&6&GeU{Ixo3%V^sI{2jp%F3iSy;DKC>EK<c<MxBjju?npa8zH+A{c$
zRz3JxoDdU!li!6&f|ObBWU2Sq_}VCW!!N#XwCRL|DwPGXQ)S*3C6KBF`B{sv**7*#
zT!a(yhJ8NXTs_7T-_Q3M*yu|nT5fLpzK)Z}ENE%`%IA83_UNlDJ_&R4wJi)HN&S-0
zSjo-$=q+u8(aYvlFH}8RWrd5LCFGYQAtoUv9^mPLoyvV1ATBK4ChmLpIBU^=)_2^V
zzY!a=wYRuF_#^j)dtDQ1T5Hn{N6*-|kG5;b>E3m&9%}?5Y^Q1!yErsjLIv5a07zQ-
zC&*$qam=M`&sx0ji1SlU@SMD;*|Of8cz{J_gpTb3Du;hw%!jw{FRjZrZVO2+0C{O}
zTL^$Ii>Gmm`@kZqjSe|u`+X<r=XLpywue4OrQIrZ%dQL~Oovd{U4z){Qc@K=Et)GB
z?;1k3qf?WD&sRJuPa-HE(X%uIfhG=WGT+m{6?iDA;@FW7ESPAQQju1UYSK4>L<W8S
zkY*`n-+N}X?LSYqfs^ba31Juq*b45zr)HrL2`P4dMn71?-Ts<$nda{WJF<W@(XhZU
zeU_TYR7I@eLEJxMn`PgFcZ*p_9~-)^GDB^-e{x1TY*D=1xd^t+=VGMnBv?{c5{YO*
zlO1wZ@+W7+Dl!SC-ypdsVJoJkHZm78o%;<dKX^Z|rx^Gs*X5Q>1?54}*PqBzYM{IX
z+V7)uKth<}!z84eR{5Ehg@#0n<*2kzr9e$el5z}WX&-_BvmwsNs2t>oF>2L5=VI`+
z6)v_9+rwvadF1{AMY5j6V@`BdFDS;5w#x8Kl^lo!TZcd48=U<zHsV-1Jro0F(=~8W
zerMCg@uk;r2#>*~Jq0XM#jde=sA@R(tx38(#WNRX#wKz1dn~8u!|XbNT0}<!Vq;ao
z447%uIw4MT=VV{4uebKzB-fR553}jFp^ITW^ojud=EuaB$$q?x#nCdR0U^kbs!)3e
z8JEGi4cl%}i`HwUCV)R>NEkK?QCPhYD%@Ez6V*2GiP;zP-M$=0{>j4(bdlDpNt^Yt
z@p$|5%xwR(X>Pu%o720251=8!#H@#)S)NR?@=mU1FF!4b<};)g`#ZtRPe^lD6M2nI
z%O{i7c8C<xv~2(@PmsoEx;W2H&T6?7<@C9dbTyaXF+Js&b^H`7CBwETL*`4<1O!9B
zto8h85jf<n22Sw+Z3avO5(40=oW12F{O6xPNLs3xSWc-bsFg%WNUraZ{^tKnh0Nyt
zcNIeUSA{@6SpStEZ|&u*ZR}m_J?vdw{;xuWl_AWQ7W6-bNTY$X>xv-JvxNDdt$b%V
zVCVyh`65vzVA^8{r^qDHhBI84&hC)Iy+AIm=%f|=`3d^e@RYo!%?)*8In~F*N{$p?
ze{=hD{rB_b1X3`!b9<K>8VeCe4*SWll}?ph=8$|e^&S_=xk`w3Wxel&20>xrfww7@
zsfwxkI37+!XS;X2d!{PO$Cn)(X(=`J2SOE>+`*G8#*yOMc8l|>)HKf5tMa90UW&4u
z?Q#%hV%*!<xs@;;23bWJ&_!Ol9q;^|X-PJ^aq>-^AB&nyjC%n``02QsA@xc%4=1x7
zgb~-k<XOY!l_9BQX445(ZM4oI#gEDcyCE1PJcH(3`TEmiG=+7%gNzmN&@g+IioOHO
zzHuo|r>KOuZmZhCc`=DgwYtKeJZO~1)vZjaC(NVV@vt@>AjvP6kC^#7G-Hp%p4oy<
z|FCzw&FRmjRf4+^Aep;2^SHUma{6<36N!r)C&t_@9wP^%St`S^_$r#L2M-%L7*R#4
za)EQc^5O~`UfucU5x4r0{7P_Z4~KotX=I&%2F8~B(q@3VPcy%?=_pRYh|e;zi>iiF
zsoKg?-K={ITx}qt<T%PD_+IhCnWbr9`nP3=2a|X(N*pQK1OkJUnNvVmmeunP;b|XB
zMUEUi!ueA}dWQsWVuDK%xX77*+(ZvhPoh#bck#e*hD!A=ccFxt#@Eg;qapg$3c?z>
zsAV~D6v<HKv4t78#eif$OP2KMDr}fr{!WVk^yDW!D%$4;j^e3r6CO4RtIJZsJqN{V
zL{OPDr?`$Csd_RA3_kU{YJB&;!^s!8*q^zmS7jUrSI8?0FeAQkK2hVu%P1!eDoveG
zm?us0>WA1Xb6n(lt2r+7siN3OPuf(fqxcfEfF_%MRq{CHBxq>^xjy7q===iky?(9H
zLs{7P5=}%tXM91+PQ&6A+2IzS+=^P;^)6LIA1NTZ+|QRQ=X3oY4oB%c@%gH0K99(f
z#j|az$0sgVmS;b(bFdp)U{^I%kpHFRs)8GAN1Mo#EsN83EqVTxXTy@Wml3#*yF>_#
zeE>cB@`|xs%xCE)T-ouP<8?uZOvl$k+q&t!af;xKT(Y?9sQjDFY89Mp#fED=M8o$_
zY8eh;u^qcP4!QWP!OhtT4_wwNgO=RjSvNTuWOzq+hdMKv<|=<cs%c??Hc1Z-y*y^B
zmPFY%Zyg(LJe)?)+2H(QSj5@)eLZ-pzK+Ce{}becv9LVd8*;JV=nD^Y>nfwv%5CGR
zVEM7mYst86^-?F<!WBOEquvvtJMZ`RB_E4pMyha6yq*Lr3w2X+DU$i3al((jOdEq$
zZx~wkw#Cw;AKoD5X$Fo~6>p+qUZi|_>yDI%#zq_cfjlM8g$)+v)cUA?R7%LNmr?4%
zdy*tfD}S=ZDo(qG;a?tD8oYOdJ}h(DPMq_{Z7o49%XqcN1oS}mve)H9GJR%fh=!n_
z6N*1Kj!5->G0R}YV8l+Z>tKW;DoXpgXYZiP`|Bi1?-Ks<vMKk%nEhG)Ptz(0t=iwu
zcC2Jo91SYv+CS4e>DZ15GuESnLphjNXAF|FvbR4id^-x2V_`Vy#KTqv>*~lZeG$%R
zFL@a`|IVB_+JZc>m+eh>NB|0+0&%k%UICP*JEe5B-KPXDTgt6eSay4`r#Q=Z+}Lp;
z#1K^Ak>T@3;MtgVUR%IhvP$?12Fr}OlrCD-oi06IiL@}jc=A)*Evk-x8+j@1%Cvc%
z31e%lvx<(vSAvF>65mN-T|c<D+goQ$nl{O-CSzAkyArwJg=rsw1eNJI_l@O4j}>%(
z$-2VY-e#B54e<=R1<+HharfFdF<1}mUYZ6MZJI*!(`C!9oxYE>G0fJUoUnYbRg)Az
zO+XMos<<-{Dy+s!fWSs}dwpvbHYskzIpeRw>3rXWYP}iF8g6)DT;bz8id%k?Eu?Hb
z(x(|7T973q=t>X}CMW%+`QgmA(<fkcEgt)R?c$Grvy;_^g3z>AN!JU|%=W7a+iB-s
zGhF=1wFPnf&?^at+DmtYX8h@ntqwa~{oeaRACrqGh?T2^3tc(NuDtdQ`*F!atQe_*
z8-Myh>sBBKoXnzEleLbXT;fGd7U_2t!94?-QIokvgV})yv)A~(d9Ueu^M*>!YY{IU
z)oE^Xrn&F$F#lnUD(2|DB?b~w2k}3QA)}C?{vW6RpNJzyqWa&4zbWY7^Z#x5(UFk<
v+5P`)`;U+R`6cClYm57Li2q+&{%!t`mRhRlf2T)6LirmFfA49^f7yQlOii;-

literal 0
HcmV?d00001

diff --git a/Solutions/Google Cloud Platform Audit Logs/Package/createUiDefinition.json b/Solutions/Google Cloud Platform Audit Logs/Package/createUiDefinition.json
index d76fb822f9e..d033ee73d62 100644
--- a/Solutions/Google Cloud Platform Audit Logs/Package/createUiDefinition.json	
+++ b/Solutions/Google Cloud Platform Audit Logs/Package/createUiDefinition.json	
@@ -6,7 +6,7 @@
     "config": {
       "isWizard": false,
       "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/Google%20Cloud%20Platform%20Audit%20Logs/logo/Google-Cloud-Branding.png\" width=\"75px\" height=\"75px\">\n\n**Note:** _There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing._\n\nThe [Google Cloud Platform (GCP) audit logs](https://cloud.google.com/pubsub/docs/audit-logging) solution for Microsoft Sentinel enable you to capture three types of audit logs: admin activity logs, data access logs, and access transparency logs. Google cloud audit logs record a trail that practitioners can use to monitor access and detect potential threats across Google Cloud Platform (GCP) resources.\n\n**Underlying Microsoft Technologies used:**\n\nThis solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\n\na. [Codeless Connector Platform (CCP)](https://learn.microsoft.com/en-us/azure/sentinel/create-custom-connector#connect-with-the-codeless-connector-platform)\n\n**Data Connectors:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/Google%20Cloud%20Platform%20Audit%20Logs/logo/Google-Cloud-Branding.png\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Google%20Cloud%20Platform%20Audit%20Logs/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe Google Cloud Platform (GCP) audit logs, ingested from Microsoft Sentinel's connector, enables you to capture and track all activity that occurs in your GCP environment. These audit logs provide valuable insights for monitoring user activity, troubleshooting issues, and ensuring compliance with security regulations. They serve as a record of events that practitioners can utilize to monitor access and identify potential threats across GCP resources.\n\n**Data Connectors:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
         "subscription": {
           "resourceProviders": [
             "Microsoft.OperationsManagement/solutions",
@@ -60,7 +60,7 @@
             "name": "dataconnectors1-text",
             "type": "Microsoft.Common.TextBlock",
             "options": {
-              "text": "The GCP Pub/Sub Audit Logs data connector ingested from Sentinel's connector, enable you to capture three types of audit logs: admin activity logs, data access logs, and access transparency logs. Google cloud audit logs record a trail that practitioners can use to monitor access and detect potential threats across Google Cloud Platform (GCP) resources."
+              "text": "This Solution installs the data connector for Google Cloud Platform Audit Logs. You can get Google Cloud Platform Audit Logs data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
             }
           },
           {
@@ -82,4 +82,4 @@
       "workspace": "[basics('workspace')]"
     }
   }
-}
\ No newline at end of file
+}
diff --git a/Solutions/Google Cloud Platform Audit Logs/Package/mainTemplate.json b/Solutions/Google Cloud Platform Audit Logs/Package/mainTemplate.json
index 3b708e39444..499d4b859b5 100644
--- a/Solutions/Google Cloud Platform Audit Logs/Package/mainTemplate.json	
+++ b/Solutions/Google Cloud Platform Audit Logs/Package/mainTemplate.json	
@@ -1,237 +1,199 @@
 {
   "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
   "contentVersion": "1.0.0.0",
+  "metadata": {
+    "author": "Microsoft - support@microsoft.com",
+    "comments": "Solution template for Google Cloud Platform Audit Logs"
+  },
   "parameters": {
-	"location": {
-      "defaultValue": "[resourceGroup().location]",
-      "minLength": 1,
+    "location": {
       "type": "string",
+      "minLength": 1,
+      "defaultValue": "[resourceGroup().location]",
       "metadata": {
         "description": "Not used, but needed to pass arm-ttk test `Location-Should-Not-Be-Hardcoded`.  We instead use the `workspace-location` which is derived from the LA workspace"
       }
     },
     "workspace-location": {
-      "defaultValue": "",
       "type": "string",
+      "defaultValue": "",
       "metadata": {
         "description": "[concat('Region to deploy solution resources -- separate from location selection',parameters('location'))]"
       }
     },
     "workspace": {
-      "type": "String"
+      "defaultValue": "",
+      "type": "string",
+      "metadata": {
+        "description": "Workspace name for Log Analytics where Microsoft Sentinel is setup"
+      }
+    },
+    "resourceGroupName": {
+      "type": "string",
+      "defaultValue": "[resourceGroup().name]",
+      "metadata": {
+        "description": "resource group name where Microsoft Sentinel is setup"
+      }
+    },
+    "subscription": {
+      "type": "string",
+      "defaultValue": "[last(split(subscription().id, '/'))]",
+      "metadata": {
+        "description": "subscription id where Microsoft Sentinel is setup"
+      }
     }
   },
   "variables": {
+    "email": "support@microsoft.com",
+    "_email": "[variables('email')]",
+    "_solutionName": "Google Cloud Platform Audit Logs",
+    "_solutionVersion": "3.0.0",
     "solutionId": "azuresentinel.azure-sentinel-solution-gcpauditlogs-api",
     "_solutionId": "[variables('solutionId')]",
-	"dataCollectionRuleImmutableId": "data collection rule immutableId",
-    "_dataCollectionRuleImmutableId": "[variables('dataCollectionRuleImmutableId')]",
-	"dataCollectionEndpointId": "[concat('/subscriptions/',variables('subscription'),'/resourceGroups/',variables('resourceGroupName'),'/providers/Microsoft.Insights/dataCollectionEndpoints/',parameters('workspace'))]",
-    "_dataCollectionEndpointId": "[variables('dataCollectionEndpointId')]",
     "workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]",
-    "uiConfigId1": "GCPAuditLogsDefinition",
-    "_uiConfigId1": "[variables('uiConfigId1')]",
-    "dataConnectorContentId1": "GCPAuditLogsDefinition",
-    "_dataConnectorContentId1": "[variables('dataConnectorContentId1')]",
-    "dataConnectorId1": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectorDefinitions', variables('_dataConnectorContentId1'))]",
-    "_dataConnectorId1": "[variables('dataConnectorId1')]",
-    "dataConnectorTemplateSpecName1": "[concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId1')))]",
-    "dataConnectorVersion1": "1.0.0",
-    "dataConnectorContentId2": "GCPAuditLogsConnector",
-    "_dataConnectorContentId2": "[variables('dataConnectorContentId2')]",
-    "dataConnectorId2": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId2'))]",
-    "_dataConnectorId2": "[variables('dataConnectorId2')]",
-    "dataConnectorTemplateSpecName2": "[concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId2')))]",
-    "dataConnectorVersion2": "1.0.0",
-    "resourceGroupName": "[resourceGroup().name]",
-    "subscription": "[last(split(subscription().id, '/'))]",
-	"dataCollectionRuleId": "GCPAuditLogs",
-	"streamName": "SENTINEL_GCP_AUDIT_LOGS",
-	"logAnalyticsTableId": "Microsoft-GCPAuditLogs",
-	"dataType": "GCPAuditLogs",
-	"destinationName": "clv2ws1"
+    "dataConnectorCCPVersion": "1.0.0",
+    "_dataConnectorContentIdConnectorDefinition1": "GCPAuditLogsDefinition",
+    "dataConnectorTemplateNameConnectorDefinition1": "[concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentIdConnectorDefinition1')))]",
+    "_dataConnectorContentIdConnections1": "GCPAuditLogsDefinitionConnections",
+    "dataConnectorTemplateNameConnections1": "[concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentIdConnections1')))]",
+    "dataCollectionEndpointId": "[concat('/subscriptions/',parameters('subscription'),'/resourceGroups/',parameters('resourceGroupName'),'/providers/Microsoft.Insights/dataCollectionEndpoints/',parameters('workspace'))]",
+    "blanks": "[replace('b', 'b', '')]",
+    "_solutioncontentProductId": "[concat(take(variables('_solutionId'),50),'-','sl','-', uniqueString(concat(variables('_solutionId'),'-','Solution','-',variables('_solutionId'),'-', variables('_solutionVersion'))))]"
   },
   "resources": [
     {
-      "type": "Microsoft.Resources/templateSpecs",
-      "apiVersion": "2022-02-01",
-      "name": "[variables('dataConnectorTemplateSpecName1')]",
-      "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "DataConnector"
-      },
-      "properties": {
-        "description": "GCPAuditLogs data connector with template",
-        "displayName": "GCPAuditLogs template"
-      }
-    },
-    {
-      "type": "Microsoft.Resources/templateSpecs/versions",
-      "apiVersion": "2022-02-01",
-      "name": "[concat(variables('dataConnectorTemplateSpecName1'),'/',variables('dataConnectorVersion1'))]",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/', variables('dataConnectorTemplateNameConnectorDefinition1'), variables('dataConnectorCCPVersion'))]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
-        "[resourceId('Microsoft.Resources/templateSpecs', variables('dataConnectorTemplateSpecName1'))]"
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "DataConnector"
-      },
       "properties": {
-        "description": "GCPAuditLogs data connector with template version 1.0.0",
+        "contentId": "[variables('_dataConnectorContentIdConnectorDefinition1')]",
+        "displayName": "GCP Pub/Sub Audit Logs",
+        "contentKind": "DataConnector",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('dataConnectorVersion1')]",
+          "contentVersion": "[variables('dataConnectorCCPVersion')]",
           "parameters": {},
           "variables": {},
           "resources": [
             {
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId1'))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentIdConnectorDefinition1'))]",
               "apiVersion": "2022-09-01-preview",
               "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectorDefinitions",
               "location": "[parameters('workspace-location')]",
               "kind": "Customizable",
               "properties": {
-				"connectorUiConfig": {
-					"id": "[variables('_uiConfigId1')]",
-					"title": "GCP Pub/Sub Audit Logs",
-					"publisher": "Microsoft",
-					"descriptionMarkdown": "The Google Cloud Platform (GCP) audit logs, ingested from Sentinel's connector, enable you to capture three types of audit logs: admin activity logs, data access logs, and access transparency logs. Google cloud audit logs record a trail that practitioners can use to monitor access and detect potential threats across Google Cloud Platform (GCP) resources.",
-					"graphQueriesTableName": "GCPAuditLogs",
-					"graphQueries": [
-						{
-							"metricName": "Total events received",
-							"legend": "GCP Audit Logs",
-							"baseQuery": "{{graphQueriesTableName}}"
-						}
-					],
-					"sampleQueries": [
-						{
-							"description": "Get Sample of GCP Audit Logs",
-							"query": "{{graphQueriesTableName}}\n | take 10"
-						}
-					],
-					"dataTypes": [
-						{
-							"name": "{{graphQueriesTableName}}",
-							"lastDataReceivedQuery": "{{graphQueriesTableName}}\n            | where TimeGenerated > ago(12h) | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
-						}
-					],
-					"connectivityCriteria": [
-						{
-							"type": "HasDataConnectors"
-						}
-					],
-					"availability": {
-						"status": 1,
-						"isPreview": false
-					},
-					"permissions": {
-						"resourceProvider": [
-							{
-								"provider": "Microsoft.OperationalInsights/workspaces",
-								"permissionsDisplayText": "Read and Write permissions are required.",
-								"providerDisplayName": "Workspace",
-								"scope": "Workspace",
-								"requiredPermissions": {
-									"read": true,
-									"write": true,
-									"delete": true,
-									"action": false
-								}
-							}
-						]
-					},
-					"instructionSteps": [
-						{
-							"instructions": [
-								{
-									"type": "MarkdownControlEnvBased",
-									"parameters": {
-                    "prodScript":
-                        "#### 1. Set up your GCP environment \n You must have the following GCP resources defined and configured: topic, subscription for the topic, workload identity pool, workload identity provider and service account with permissions to get and consume from subscription. \n Terraform provides API for the IAM that creates the resources. [Link to Terraform scripts](https://github.com/Azure/Azure-Sentinel/tree/master/DataConnectors/GCP/Terraform/sentinel_resources_creation).",
-                    "govScript":
-                        "#### 1. Set up your GCP environment \n You must have the following GCP resources defined and configured: topic, subscription for the topic, workload identity pool, workload identity provider and service account with permissions to get and consume from subscription. \n Terraform provides API for the IAM that creates the resources. [Link to Gov Terraform scripts](https://github.com/Azure/Azure-Sentinel/tree/master/DataConnectors/GCP/Terraform/sentinel_resources_creation_gov)."
-                }
-								},
-								{
-									"type": "CopyableLabel",
-									"parameters": {
-										"label": "Tenant ID: A unique identifier that is used as an input in the Terraform configuration within a GCP environment.",
-										"fillWith": ["TenantId"],
-										"name": "PoolId",
-										"disabled": true
-									}
-								},
-								{
-									"type": "Markdown",
-									"parameters": {
-										"content": "#### 2. Connect new collectors \n To enable GCP Audit Logs for Microsoft Sentinel, click the Add new collector button, fill the required information in the context pane and click on Connect."
-									}
-								},
-								{
-									"type": "GCPGrid",
-									"parameters":{}
-								},
-								{
-									"type": "GCPContextPane",
-									"parameters":{}
-								}
-							]
-						}
-					],
-					"isConnectivityCriteriasMatchSome": false
-				},
-                "connectionsConfig": {
-                  "templateSpecName": "[concat('/subscriptions/',variables('subscription'),'/resourceGroups/',variables('resourceGroupName'),'/providers/Microsoft.Resources/templateSpecs/',variables('dataConnectorTemplateSpecName2'))]",
-                  "templateSpecVersion": "[variables('dataConnectorVersion2')]"
-                }
-              }
-            },
-			{
-              "name": "[variables('dataCollectionRuleId')]",
-              "apiVersion": "2021-09-01-preview",
-              "type": "Microsoft.Insights/dataCollectionRules",
-              "location": "[parameters('workspace-location')]",
-              "properties": {
-                "dataCollectionEndpointId": "[variables('_dataCollectionEndpointId')]",
-                "destinations": {
-                    "logAnalytics": [
-                        {
-                            "workspaceResourceId": "[variables('workspaceResourceId')]",
-                            "name": "[variables('destinationName')]"
+                "connectorUiConfig": {
+                  "id": "GCPAuditLogsDefinition",
+                  "title": "GCP Pub/Sub Audit Logs",
+                  "publisher": "Microsoft",
+                  "descriptionMarkdown": "The Google Cloud Platform (GCP) audit logs, ingested from Microsoft Sentinel's connector, enables you to capture three types of audit logs: admin activity logs, data access logs, and access transparency logs. Google cloud audit logs record a trail that practitioners can use to monitor access and detect potential threats across Google Cloud Platform (GCP) resources.",
+                  "graphQueriesTableName": "GCPAuditLogs",
+                  "graphQueries": [
+                    {
+                      "metricName": "Total events received",
+                      "legend": "GCP Audit Logs",
+                      "baseQuery": "{{graphQueriesTableName}}"
+                    }
+                  ],
+                  "sampleQueries": [
+                    {
+                      "description": "Get Sample of GCP Audit Logs",
+                      "query": "{{graphQueriesTableName}}\n | take 10"
+                    }
+                  ],
+                  "dataTypes": [
+                    {
+                      "name": "{{graphQueriesTableName}}",
+                      "lastDataReceivedQuery": "{{graphQueriesTableName}}\n | where TimeGenerated > ago(12h) | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)"
+                    }
+                  ],
+                  "connectivityCriteria": [
+                    {
+                      "type": "HasDataConnectors"
+                    }
+                  ],
+                  "availability": {
+                    "status": 1,
+                    "isPreview": false
+                  },
+                  "permissions": {
+                    "resourceProvider": [
+                      {
+                        "provider": "Microsoft.OperationalInsights/workspaces",
+                        "permissionsDisplayText": "Read and Write permissions are required.",
+                        "providerDisplayName": "Workspace",
+                        "scope": "Workspace",
+                        "requiredPermissions": {
+                          "read": true,
+                          "write": true,
+                          "delete": true,
+                          "action": false
                         }
+                      }
                     ]
-                },
-                "dataFlows": [
+                  },
+                  "instructionSteps": [
                     {
-                        "streams": [
-                            "[variables('logAnalyticsTableId')]"
-                        ],
-                        "destinations": [
-                            "[variables('destinationName')]"
-                        ]
+                      "instructions": [
+                        {
+                          "type": "MarkdownControlEnvBased",
+                          "parameters": {
+                            "prodScript": "#### 1. Set up your GCP environment \n You must have the following GCP resources defined and configured: topic, subscription for the topic, workload identity pool, workload identity provider and service account with permissions to get and consume from subscription. \n Terraform provides API for the IAM that creates the resources. [Link to Terraform scripts](https://github.com/Azure/Azure-Sentinel/tree/master/DataConnectors/GCP/Terraform/sentinel_resources_creation).",
+                            "govScript": "#### 1. Set up your GCP environment \n You must have the following GCP resources defined and configured: topic, subscription for the topic, workload identity pool, workload identity provider and service account with permissions to get and consume from subscription. \n Terraform provides API for the IAM that creates the resources. [Link to Gov Terraform scripts](https://github.com/Azure/Azure-Sentinel/tree/master/DataConnectors/GCP/Terraform/sentinel_resources_creation_gov)."
+                          }
+                        },
+                        {
+                          "type": "CopyableLabel",
+                          "parameters": {
+                            "label": "Tenant ID: A unique identifier that is used as an input in the Terraform configuration within a GCP environment.",
+                            "fillWith": [
+                              "TenantId"
+                            ],
+                            "name": "TenantId",
+                            "disabled": true
+                          }
+                        },
+                        {
+                          "type": "Markdown",
+                          "parameters": {
+                            "content": "#### 2. Connect new collectors \n To enable GCP Audit Logs for Microsoft Sentinel, click the Add new collector button, fill the required information in the context pane and click on Connect."
+                          }
+                        },
+                        {
+                          "type": "GCPGrid",
+                          "parameters": {}
+                        },
+                        {
+                          "type": "GCPContextPane",
+                          "parameters": {}
+                        }
+                      ]
                     }
-                ]
+                  ]
+                }
               }
             },
             {
-              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', variables('_dataConnectorContentIdConnectorDefinition1')))]",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]",
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "properties": {
-                "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectorDefinitions', variables('_dataConnectorContentId1'))]",
-                "contentId": "[variables('_dataConnectorContentId1')]",
+                "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectorDefinitions', variables('_dataConnectorContentIdConnectorDefinition1'))]",
+                "contentId": "[variables('_dataConnectorContentIdConnectorDefinition1')]",
                 "kind": "DataConnector",
-                "version": "[variables('dataConnectorVersion1')]",
+                "version": "[variables('dataConnectorCCPVersion')]",
                 "source": {
-                  "kind": "Solution",
-                  "name": "Google Cloud Platform Audit Logs",
-                  "sourceId": "[variables('_solutionId')]"
+                  "sourceId": "[variables('_solutionId')]",
+                  "name": "[variables('_solutionName')]",
+                  "kind": "Solution"
                 },
                 "author": {
-                  "name": "Microsoft"
+                  "name": "Microsoft",
+                  "email": "[variables('_email')]"
                 },
                 "support": {
                   "name": "Microsoft Corporation",
@@ -239,37 +201,171 @@
                   "tier": "Microsoft",
                   "link": "https://support.microsoft.com"
                 },
-				"dependencies": {
-					"criteria": [
-						{
-							"kind": "DataConnector",
-							"contentId": "[variables('_dataConnectorContentId2')]",
-							"version": "[variables('dataConnectorVersion2')]"
-						}
-					]
-				}
+                "dependencies": {
+                  "criteria": [
+                    {
+                      "version": "[variables('dataConnectorCCPVersion')]",
+                      "contentId": "[variables('_dataConnectorContentIdConnections1')]",
+                      "kind": "ResourcesDataConnector"
+                    }
+                  ]
+                }
+              }
+            },
+            {
+              "name": "GCPAuditLogs",
+              "apiVersion": "2022-06-01",
+              "type": "Microsoft.Insights/dataCollectionRules",
+              "location": "[parameters('workspace-location')]",
+              "kind": "[variables('blanks')]",
+              "properties": {
+                "destinations": {
+                  "logAnalytics": [
+                    {
+                      "name": "clv2ws1",
+                      "workspaceResourceId": "[variables('workspaceResourceId')]"
+                    }
+                  ]
+                },
+                "dataFlows": [
+                  {
+                    "streams": [
+                      "Microsoft-GCPAuditLogs"
+                    ],
+                    "destinations": [
+                      "clv2ws1"
+                    ]
+                  }
+                ],
+                "dataCollectionEndpointId": "[variables('dataCollectionEndpointId')]"
               }
             }
           ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "contentProductId": "[concat(take(variables('_solutionId'), 50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentIdConnectorDefinition1'),'-', variables('dataConnectorCCPVersion'))))]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "version": "[variables('dataConnectorCCPVersion')]"
+      }
+    },
+    {
+      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentIdConnectorDefinition1'))]",
+      "apiVersion": "2022-09-01-preview",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectorDefinitions",
+      "location": "[parameters('workspace-location')]",
+      "kind": "Customizable",
+      "properties": {
+        "connectorUiConfig": {
+          "id": "GCPAuditLogsDefinition",
+          "title": "GCP Pub/Sub Audit Logs",
+          "publisher": "Microsoft",
+          "descriptionMarkdown": "The Google Cloud Platform (GCP) audit logs, ingested from Microsoft Sentinel's connector, enables you to capture three types of audit logs: admin activity logs, data access logs, and access transparency logs. Google cloud audit logs record a trail that practitioners can use to monitor access and detect potential threats across Google Cloud Platform (GCP) resources.",
+          "graphQueriesTableName": "GCPAuditLogs",
+          "graphQueries": [
+            {
+              "metricName": "Total events received",
+              "legend": "GCP Audit Logs",
+              "baseQuery": "{{graphQueriesTableName}}"
+            }
+          ],
+          "sampleQueries": [
+            {
+              "description": "Get Sample of GCP Audit Logs",
+              "query": "{{graphQueriesTableName}}\n | take 10"
+            }
+          ],
+          "dataTypes": [
+            {
+              "name": "{{graphQueriesTableName}}",
+              "lastDataReceivedQuery": "{{graphQueriesTableName}}\n | where TimeGenerated > ago(12h) | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)"
+            }
+          ],
+          "connectivityCriteria": [
+            {
+              "type": "HasDataConnectors"
+            }
+          ],
+          "availability": {
+            "status": 1,
+            "isPreview": false
+          },
+          "permissions": {
+            "resourceProvider": [
+              {
+                "provider": "Microsoft.OperationalInsights/workspaces",
+                "permissionsDisplayText": "Read and Write permissions are required.",
+                "providerDisplayName": "Workspace",
+                "scope": "Workspace",
+                "requiredPermissions": {
+                  "read": true,
+                  "write": true,
+                  "delete": true,
+                  "action": false
+                }
+              }
+            ]
+          },
+          "instructionSteps": [
+            {
+              "instructions": [
+                {
+                  "type": "MarkdownControlEnvBased",
+                  "parameters": {
+                    "prodScript": "#### 1. Set up your GCP environment \n You must have the following GCP resources defined and configured: topic, subscription for the topic, workload identity pool, workload identity provider and service account with permissions to get and consume from subscription. \n Terraform provides API for the IAM that creates the resources. [Link to Terraform scripts](https://github.com/Azure/Azure-Sentinel/tree/master/DataConnectors/GCP/Terraform/sentinel_resources_creation).",
+                    "govScript": "#### 1. Set up your GCP environment \n You must have the following GCP resources defined and configured: topic, subscription for the topic, workload identity pool, workload identity provider and service account with permissions to get and consume from subscription. \n Terraform provides API for the IAM that creates the resources. [Link to Gov Terraform scripts](https://github.com/Azure/Azure-Sentinel/tree/master/DataConnectors/GCP/Terraform/sentinel_resources_creation_gov)."
+                  }
+                },
+                {
+                  "type": "CopyableLabel",
+                  "parameters": {
+                    "label": "Tenant ID: A unique identifier that is used as an input in the Terraform configuration within a GCP environment.",
+                    "fillWith": [
+                      "TenantId"
+                    ],
+                    "name": "TenantId",
+                    "disabled": true
+                  }
+                },
+                {
+                  "type": "Markdown",
+                  "parameters": {
+                    "content": "#### 2. Connect new collectors \n To enable GCP Audit Logs for Microsoft Sentinel, click the Add new collector button, fill the required information in the context pane and click on Connect."
+                  }
+                },
+                {
+                  "type": "GCPGrid",
+                  "parameters": {}
+                },
+                {
+                  "type": "GCPContextPane",
+                  "parameters": {}
+                }
+              ]
+            }
+          ]
         }
       }
     },
     {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', variables('_dataConnectorContentIdConnectorDefinition1')))]",
       "apiVersion": "2022-01-01-preview",
-      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
       "properties": {
-        "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectorDefinitions', variables('_dataConnectorContentId1'))]",
-        "contentId": "[variables('_dataConnectorContentId1')]",
+        "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectorDefinitions', variables('_dataConnectorContentIdConnectorDefinition1'))]",
+        "contentId": "[variables('_dataConnectorContentIdConnectorDefinition1')]",
         "kind": "DataConnector",
-        "version": "[variables('dataConnectorVersion1')]",
+        "version": "[variables('dataConnectorCCPVersion')]",
         "source": {
-          "kind": "Solution",
-          "name": "Google Cloud Platform Audit Logs",
-          "sourceId": "[variables('_solutionId')]"
+          "sourceId": "[variables('_solutionId')]",
+          "name": "[variables('_solutionName')]",
+          "kind": "Solution"
         },
         "author": {
-          "name": "Microsoft"
+          "name": "Microsoft",
+          "email": "[variables('_email')]"
         },
         "support": {
           "name": "Microsoft Corporation",
@@ -277,264 +373,158 @@
           "tier": "Microsoft",
           "link": "https://support.microsoft.com"
         },
-		"dependencies": {
-			"criteria": [
-				{
-					"kind": "DataConnector",
-					"contentId": "[variables('_dataConnectorContentId2')]",
-					"version": "[variables('dataConnectorVersion2')]"
-				}
-			]
-		}
-      }
-    },
-	{
-	  "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId1'))]",
-	  "apiVersion": "2022-09-01-preview",
-	  "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectorDefinitions",
-	  "location": "[parameters('workspace-location')]",
-	  "kind": "Customizable",
-	  "properties": {
-		"connectorUiConfig": {
-            "id": "[variables('_uiConfigId1')]",
-			"title": "GCP Pub/Sub Audit Logs",
-			"publisher": "Microsoft",
-			"descriptionMarkdown": "The Google Cloud Platform (GCP) audit logs, ingested from Sentinel's connector, enable you to capture three types of audit logs: admin activity logs, data access logs, and access transparency logs. Google cloud audit logs record a trail that practitioners can use to monitor access and detect potential threats across Google Cloud Platform (GCP) resources.",
-			"graphQueriesTableName": "GCPAuditLogs",
-			"graphQueries": [
-				{
-					"metricName": "Total events received",
-					"legend": "GCP Audit Logs",
-					"baseQuery": "{{graphQueriesTableName}}"
-				}
-			],
-			"sampleQueries": [
-				{
-					"description": "Get Sample of GCP Audit Logs",
-					"query": "{{graphQueriesTableName}}\n | take 10"
-				}
-			],
-			"dataTypes": [
-				{
-					"name": "{{graphQueriesTableName}}",
-					"lastDataReceivedQuery": "{{graphQueriesTableName}}\n            | where TimeGenerated > ago(12h) | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
-				}
-			],
-			"connectivityCriteria": [
-				{
-					"type": "HasDataConnectors"
-				}
-			],
-			"availability": {
-				"status": 1,
-				"isPreview": false
-			},
-			"permissions": {
-				"resourceProvider": [
-					{
-						"provider": "Microsoft.OperationalInsights/workspaces",
-						"permissionsDisplayText": "Read and Write permissions are required.",
-						"providerDisplayName": "Workspace",
-						"scope": "Workspace",
-						"requiredPermissions": {
-							"read": true,
-							"write": true,
-							"delete": true,
-							"action": false
-						}
-					}
-				]
-			},
-			"instructionSteps": [
-				{
-					"instructions": [
-						{
-              "type": "MarkdownControlEnvBased",
-              "parameters": {
-                "prodScript":
-                    "#### 1. Set up your GCP environment \n You must have the following GCP resources defined and configured: topic, subscription for the topic, workload identity pool, workload identity provider and service account with permissions to get and consume from subscription. \n Terraform provides API for the IAM that creates the resources. [Link to Terraform scripts](https://github.com/Azure/Azure-Sentinel/tree/master/DataConnectors/GCP/Terraform/sentinel_resources_creation).",
-                "govScript":
-                    "#### 1. Set up your GCP environment \n You must have the following GCP resources defined and configured: topic, subscription for the topic, workload identity pool, workload identity provider and service account with permissions to get and consume from subscription. \n Terraform provides API for the IAM that creates the resources. [Link to Gov Terraform scripts](https://github.com/Azure/Azure-Sentinel/tree/master/DataConnectors/GCP/Terraform/sentinel_resources_creation_gov)."
+        "dependencies": {
+          "criteria": [
+            {
+              "version": "[variables('dataConnectorCCPVersion')]",
+              "contentId": "[variables('_dataConnectorContentIdConnections1')]",
+              "kind": "ResourcesDataConnector"
             }
-            },
-						{
-							"type": "CopyableLabel",
-							"parameters": {
-								"label": "Tenant ID: A unique identifier that is used as an input in the Terraform configuration within a GCP environment.",
-								"fillWith": ["TenantId"],
-								"name": "PoolId",
-								"disabled": true
-							}
-						},
-						{
-							"type": "Markdown",
-							"parameters": {
-								"content": "#### 2. Connect new collectors \n To enable GCP Audit Logs for Microsoft Sentinel, click the Add new collector button, fill the required information in the context pane and click on Connect."
-							}
-						},
-						{
-							"type": "GCPGrid",
-							"parameters":{}
-						},
-						{
-							"type": "GCPContextPane",
-							"parameters":{}
-						}
-					]
-				}
-			],
-			"isConnectivityCriteriasMatchSome": false
-		},
-		"connectionsConfig": {
-		  "templateSpecName": "[concat('/subscriptions/',variables('subscription'),'/resourceGroups/',variables('resourceGroupName'),'/providers/Microsoft.Resources/templateSpecs/',variables('dataConnectorTemplateSpecName2'))]",
-		  "templateSpecVersion": "[variables('dataConnectorVersion2')]"
-		}
-	  }
-	},
-    {
-      "type": "Microsoft.Resources/templateSpecs",
-      "apiVersion": "2022-02-01",
-      "name": "[variables('dataConnectorTemplateSpecName2')]",
-      "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "LogicAppsCustomConnector"
-      },
-      "properties": {
-        "description": "GCPAuditLogs data connector with template",
-        "displayName": "GCPAuditLogs template"
+          ]
+        }
       }
     },
-	{
-      "type": "Microsoft.Resources/templateSpecs/versions",
-      "apiVersion": "2022-02-01",
-      "name": "[concat(variables('dataConnectorTemplateSpecName2'),'/',variables('dataConnectorVersion2'))]",
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/', variables('dataConnectorTemplateNameConnections1'), variables('dataConnectorCCPVersion'))]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
-        "[resourceId('Microsoft.Resources/templateSpecs', variables('dataConnectorTemplateSpecName2'))]"
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "LogicAppsCustomConnector"
-      },
       "properties": {
-        "description": "GCPAuditLogs data connector with template version 2.0.3",
+        "contentId": "[variables('_dataConnectorContentIdConnections1')]",
+        "displayName": "GCP Pub/Sub Audit Logs",
+        "contentKind": "ResourcesDataConnector",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('dataConnectorVersion2')]",
+          "contentVersion": "[variables('dataConnectorCCPVersion')]",
           "parameters": {
-			"GCPProjectId": {
-				"type": "String",
-				"minLength": 4
-			},
-			"GCPProjectNumber": {
-				"type": "String",
-				"minLength": 1
-			},
-			"GCPWorkloadIdentityProviderId": {
-				"type": "String"
-			},
-			"GCPServiceAccountEmail": {
-				"type": "String",
-				"minLength": 1
-			},
-			"GCPSubscriptionName": {
-				"type": "String",
-				"minLength": 3
-			},
-            "connectorDefinitionName": {
-              "defaultValue": "connectorDefinitionName",
-              "type": "string",
-              "minLength": 1,
-              "metadata": {
-                "description": "connectorDefinitionName"
-              }
-            },
             "workspace": {
               "defaultValue": "[parameters('workspace')]",
               "type": "string"
             },
+            "GCPServiceAccountEmail": {
+              "defaultValue": "Enter GCPServiceAccountEmail value",
+              "type": "string",
+              "minLength": 4
+            },
+            "GCPProjectNumber": {
+              "defaultValue": "Enter GCPProjectNumber value",
+              "type": "string",
+              "minLength": 1
+            },
+            "GCPWorkloadIdentityProviderId": {
+              "defaultValue": "Enter GCPWorkloadIdentityProviderId value",
+              "type": "string",
+              "minLength": 4
+            },
+            "GCPProjectId": {
+              "defaultValue": "Enter GCPProjectId value",
+              "type": "string",
+              "minLength": 4
+            },
+            "GCPSubscriptionName": {
+              "defaultValue": "Enter GCPSubscriptionName value",
+              "type": "string",
+              "minLength": 3
+            },
+            "connectorDefinitionName": {
+              "defaultValue": "GCP Pub/Sub Audit Logs",
+              "type": "string",
+              "minLength": 1
+            },
             "dcrConfig": {
-              "type": "object",
               "defaultValue": {
                 "dataCollectionEndpoint": "data collection Endpoint",
-                "dataCollectionRuleImmutableId": "[variables('_dataCollectionRuleImmutableId')]"
-              }
-            },
-			"guidValue": {
-			  "type": "string",
-			  "defaultValue": "[[newGuid()]"
-			}
+                "dataCollectionRuleImmutableId": "data collection rule immutableId"
+              },
+              "type": "object"
+            }
           },
           "variables": {
-			"_dataConnectorContentId2": "[variables('_dataConnectorContentId2')]",
-			"connectorName": "[[concat('GCPAuditLogs', parameters('guidValue'))]"
+            "_dataConnectorContentIdConnections1": "[variables('_dataConnectorContentIdConnections1')]"
           },
           "resources": [
             {
-              "name": "[[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('connectorName'))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', variables('_dataConnectorContentIdConnections1')))]",
+              "apiVersion": "2022-01-01-preview",
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "properties": {
+                "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentIdConnections1'))]",
+                "contentId": "[variables('_dataConnectorContentIdConnections1')]",
+                "kind": "ResourcesDataConnector",
+                "version": "[variables('dataConnectorCCPVersion')]",
+                "source": {
+                  "sourceId": "[variables('_solutionId')]",
+                  "name": "[variables('_solutionName')]",
+                  "kind": "Solution"
+                },
+                "author": {
+                  "name": "Microsoft",
+                  "email": "[variables('_email')]"
+                },
+                "support": {
+                  "name": "Microsoft Corporation",
+                  "email": "support@microsoft.com",
+                  "tier": "Microsoft",
+                  "link": "https://support.microsoft.com"
+                }
+              }
+            },
+            {
+              "name": "[concat(parameters('workspace'), '/Microsoft.SecurityInsights', '/GCPAuditLogs')]",
               "apiVersion": "2023-02-01-preview",
               "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
               "location": "[parameters('workspace-location')]",
               "kind": "GCP",
               "properties": {
-                "connectorDefinitionName": "[[parameters('connectorDefinitionName')]",
+                "connectorDefinitionName": "GCPAuditLogsDefinition",
+                "dataType": "GCPAuditLogs",
                 "dcrConfig": {
-                  "streamName": "[variables('streamName')]",
+                  "streamName": "SENTINEL_GCP_AUDIT_LOGS",
                   "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]",
                   "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]"
                 },
-                "dataType": "[variables('dataType')]",
                 "auth": {
-                    "serviceAccountEmail": "[[parameters('GCPServiceAccountEmail')]",
-                    "projectNumber": "[[parameters('GCPProjectNumber')]",
-                    "workloadIdentityProviderId": "[[parameters('GCPWorkloadIdentityProviderId')]"
+                  "serviceAccountEmail": "[[parameters('GCPServiceAccountEmail')]",
+                  "projectNumber": "[[parameters('GCPProjectNumber')]",
+                  "workloadIdentityProviderId": "[[parameters('GCPWorkloadIdentityProviderId')]"
                 },
                 "request": {
-                    "projectId": "[[parameters('GCPProjectId')]",
-                    "subscriptionNames": [
-                        "[[parameters('GCPSubscriptionName')]"
-                    ]
-                }
-              }
-            },
-			{
-              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId2'),'/'))))]",
-              "properties": {
-                "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectorDefinitions', variables('_dataConnectorContentId2'))]",
-                "contentId": "[variables('_dataConnectorContentId2')]",
-                "kind": "LogicAppsCustomConnector",
-                "version": "[variables('dataConnectorVersion2')]",
-                "source": {
-                  "kind": "Solution",
-                  "name": "Google Cloud Platform Audit Logs",
-                  "sourceId": "[variables('_solutionId')]"
-                },
-                "author": {
-                  "name": "Microsoft"
-                },
-                "support": {
-                  "name": "Microsoft Corporation",
-                  "email": "support@microsoft.com",
-                  "tier": "Microsoft",
-                  "link": "https://support.microsoft.com"
+                  "projectId": "[[parameters('GCPProjectId')]",
+                  "subscriptionNames": [
+                    "[[parameters('GCPSubscriptionName')]"
+                  ]
                 }
               }
             }
           ]
-        }
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "contentProductId": "[concat(take(variables('_solutionId'), 50),'-','rdc','-', uniqueString(concat(variables('_solutionId'),'-','ResourcesDataConnector','-',variables('_dataConnectorContentIdConnections1'),'-', variables('dataConnectorCCPVersion'))))]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "version": "[variables('dataConnectorCCPVersion')]"
       }
     },
-	{
-      "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-      "apiVersion": "2022-01-01-preview",
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentPackages",
+      "apiVersion": "2023-04-01-preview",
       "location": "[parameters('workspace-location')]",
       "properties": {
-        "version": "2.0.3",
+        "version": "3.0.0",
         "kind": "Solution",
-        "contentSchemaVersion": "2.0.0",
+        "contentSchemaVersion": "3.0.0",
+        "displayName": "Google Cloud Platform Audit Logs",
+        "publisherDisplayName": "Microsoft Sentinel, Microsoft Corporation",
+        "descriptionHtml": "<p><strong>Note:</strong> Please refer to the following before installing the solution:</p>\n<p>• Review the solution <a href=\"https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Google%20Cloud%20Platform%20Audit%20Logs/ReleaseNotes.md\">Release Notes</a></p>\n<p>• There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</p>\n<p>The Google Cloud Platform (GCP) audit logs, ingested from Microsoft Sentinel's connector, enables you to capture and track all activity that occurs in your GCP environment. These audit logs provide valuable insights for monitoring user activity, troubleshooting issues, and ensuring compliance with security regulations. They serve as a record of events that practitioners can utilize to monitor access and identify potential threats across GCP resources.</p>\n<p><strong>Data Connectors:</strong> 1</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
+        "contentKind": "Solution",
+        "contentProductId": "[variables('_solutioncontentProductId')]",
+        "id": "[variables('_solutioncontentProductId')]",
+        "icon": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/Google%20Cloud%20Platform%20Audit%20Logs/logo/Google-Cloud-Branding.png\" width=\"75px\" height=\"75px\">",
         "contentId": "[variables('_solutionId')]",
         "parentId": "[variables('_solutionId')]",
         "source": {
@@ -543,32 +533,37 @@
           "sourceId": "[variables('_solutionId')]"
         },
         "author": {
-          "name": "Microsoft"
+          "name": "Microsoft",
+          "email": "[variables('_email')]"
         },
         "support": {
           "name": "Microsoft Corporation",
           "email": "support@microsoft.com",
           "tier": "Microsoft",
-          "link": "https://support.microsoft.com/"
+          "link": "https://support.microsoft.com"
         },
         "dependencies": {
           "operator": "AND",
           "criteria": [
             {
               "kind": "DataConnector",
-              "contentId": "[variables('_dataConnectorContentId1')]",
-              "version": "[variables('dataConnectorVersion1')]"
+              "contentId": "[variables('_dataConnectorContentIdConnections1')]",
+              "version": "[variables('dataConnectorCCPVersion')]"
             }
           ]
         },
-        "firstPublishDate": "2022-06-24",
-        "providers": ["Microsoft"],
+        "firstPublishDate": "2023-03-29",
+        "providers": [
+          "Google"
+        ],
         "categories": {
-          "domains": ["Cloud Provider"]
+          "domains": [
+            "DevOps"
+          ]
         }
       },
       "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/', variables('_solutionId'))]"
     }
   ],
   "outputs": {}
-}
\ No newline at end of file
+}
diff --git a/Solutions/Google Cloud Platform Audit Logs/Package/testParameters.json b/Solutions/Google Cloud Platform Audit Logs/Package/testParameters.json
new file mode 100644
index 00000000000..554801e41b7
--- /dev/null
+++ b/Solutions/Google Cloud Platform Audit Logs/Package/testParameters.json	
@@ -0,0 +1,38 @@
+{
+  "location": {
+    "type": "string",
+    "minLength": 1,
+    "defaultValue": "[resourceGroup().location]",
+    "metadata": {
+      "description": "Not used, but needed to pass arm-ttk test `Location-Should-Not-Be-Hardcoded`.  We instead use the `workspace-location` which is derived from the LA workspace"
+    }
+  },
+  "workspace-location": {
+    "type": "string",
+    "defaultValue": "",
+    "metadata": {
+      "description": "[concat('Region to deploy solution resources -- separate from location selection',parameters('location'))]"
+    }
+  },
+  "workspace": {
+    "defaultValue": "",
+    "type": "string",
+    "metadata": {
+      "description": "Workspace name for Log Analytics where Microsoft Sentinel is setup"
+    }
+  },
+  "resourceGroupName": {
+    "type": "string",
+    "defaultValue": "[resourceGroup().name]",
+    "metadata": {
+      "description": "resource group name where Microsoft Sentinel is setup"
+    }
+  },
+  "subscription": {
+    "type": "string",
+    "defaultValue": "[last(split(subscription().id, '/'))]",
+    "metadata": {
+      "description": "subscription id where Microsoft Sentinel is setup"
+    }
+  }
+}
diff --git a/Solutions/Google Cloud Platform Audit Logs/ReleaseNotes.md b/Solutions/Google Cloud Platform Audit Logs/ReleaseNotes.md
new file mode 100644
index 00000000000..3b7f885b196
--- /dev/null
+++ b/Solutions/Google Cloud Platform Audit Logs/ReleaseNotes.md	
@@ -0,0 +1,3 @@
+| **Version** | **Date Modified (DD-MM-YYYY)** | **Change History**                                                 |
+|-------------|--------------------------------|--------------------------------------------------------------------| 
+| 3.0.0       | 15-01-2024                     |	Created CCP Package   |
\ No newline at end of file