Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Initial commit for Druva Sentinel Solutions #11604

Merged
merged 16 commits into from
Jan 9, 2025
Merged

Initial commit for Druva Sentinel Solutions #11604

Show file tree
Hide file tree
Changes from 10 commits
Commits
Show all changes
16 commits
Select commit Hold shift + click to select a range
8df3fbc
Initial commit for Druva Sentinel Solutions
Nidhi-druva Dec 26, 2024
40bb8c5
Changed the Logo with svg file
Nidhi-druva Dec 26, 2024
c665491
Modified the Druva Logo
Nidhi-druva Dec 26, 2024
1ebc9aa
Update Druva_Logo.svg
shubham-deshmukh-druva Dec 26, 2024
b1cdd3a
Update Druva_Logo.svg
shubham-deshmukh-druva Dec 26, 2024
79237de
Update SolutionMetadata.json with support details
shubham-deshmukh-druva Dec 27, 2024
5c17e49
Made changes for Publisher ID
Nidhi-druva Dec 27, 2024
e6d78fb
Update Druva_PollingConfig.json
v-prasadboke Dec 30, 2024
63fa37c
Updated the keyvaultConnectionName in variables section
Nidhi-druva Dec 30, 2024
c7002ad
Made changes in readme.md files for playbook
Nidhi-druva Jan 3, 2025
e374aeb
Create ReleaseNotes.md
v-prasadboke Jan 8, 2025
0d24d2f
Added different titles for the playbooks
Nidhi-druva Jan 8, 2025
804e4c8
Merge branch 'Azure:master' into druva-sentinel
Nidhi-druva Jan 8, 2025
65b2f5a
Merge branch 'druva-sentinel' of https://github.com/Nidhi-druva/Azure…
v-prasadboke Jan 8, 2025
886ce94
Update ReleaseNotes.md
v-prasadboke Jan 9, 2025
792c8d3
Update ReleaseNotes.md
v-prasadboke Jan 9, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 12 additions & 0 deletions Logos/Druva_Logo.svg
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
219 changes: 219 additions & 0 deletions Solutions/DruvaDataSecurityCloud/Data Connectors/Druva_ccp/Druva_DCR.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,219 @@
[
{
"name": "DruvaDCR",
"apiVersion": "2021-09-01-preview",
"type": "Microsoft.Insights/dataCollectionRules",
"location": "{{location}}",
"properties": {
"dataCollectionEndpointId": "{{dataCollectionEndpointId}}",
"streamDeclarations": {
"Custom-DruvaSecurityEvents_CL": {
"columns": [
{
"name": "TimeGenerated",
"type": "datetime"
},
{
"name": "id",
"type": "int"
},
{
"name": "globalCustomerId",
"type": "string"
},
{
"name": "occurenceTime",
"type": "int"
},
{
"name": "area",
"type": "string"
},
{
"name": "category",
"type": "string"
},
{
"name": "type",
"type": "string"
},
{
"name": "syslogSeverity",
"type": "int"
},
{
"name": "syslogFacility",
"type": "int"
},
{
"name": "details",
"type": "string"
}
]
},
"Custom-DruvaPlatformEvents_CL": {
"columns": [
{
"name": "TimeGenerated",
"type": "datetime"
},
{
"name": "category",
"type": "string"
},
{
"name": "details",
"type": "dynamic"
},
{
"name": "feature",
"type": "string"
},
{
"name": "globalID",
"type": "string"
},
{
"name": "timeStamp",
"type": "int"
},
{
"name": "productID",
"type": "int"
},
{
"name": "syslogFacility",
"type": "int"
},
{
"name": "syslogSeverity",
"type": "int"
},
{
"name": "type",
"type": "string"
}
]
},
"Custom-DruvaInsyncEvents_CL": {
"columns": [
{
"name": "eventType",
"type": "string"
},
{
"name": "eventState",
"type": "string"
},
{
"name": "eventID",
"type": "int"
},
{
"name": "eventDetails",
"type": "string"
},
{
"name": "timestamp",
"type": "datetime"
},
{
"name": "initiator",
"type": "string"
},
{
"name": "ip",
"type": "string"
},
{
"name": "profileID",
"type": "string"
},
{
"name": "profileName",
"type": "string"
},
{
"name": "inSyncUserID",
"type": "string"
},
{
"name": "inSyncUserName",
"type": "string"
},
{
"name": "inSyncUserEmail",
"type": "string"
},
{
"name": "inSyncDataSourceID",
"type": "string"
},
{
"name": "inSyncDataSourceName",
"type": "string"
},
{
"name": "clientOS",
"type": "string"
},
{
"name": "clientVersion",
"type": "string"
},
{
"name": "severity",
"type": "int"
},
{
"name": "facility",
"type": "int"
}
]
}
},
"destinations": {
"logAnalytics": [
{
"workspaceResourceId": "{{workspaceResourceId}}",
"name": "clv2ws1"
}
]
},
"dataFlows": [
{
"streams": [
"Custom-DruvaSecurityEvents_CL"
],
"destinations": [
"clv2ws1"
],
"transformKql": "source\n| extend TimeGenerated = datetime_add('second',occurenceTime,make_datetime(1970,1,1)) \n| extend event_type = type\n| project-away occurenceTime, type\n| extend id = tostring(id) // Convert 'id' to string and rename to EventUid\n| project-rename EventUid = id\n\n",
"outputStream": "Custom-DruvaSecurityEvents_CL"
},

{
"streams": [
"Custom-DruvaPlatformEvents_CL"
],
"destinations": [
"clv2ws1"
],
"transformKql": "source\n| extend TimeGenerated = datetime_add('second',timeStamp,make_datetime(1970,1,1))\n| extend event_type = type\n| project-away timeStamp, type\n",
"outputStream": "Custom-DruvaPlatformEvents_CL"
},

{
"streams": [
"Custom-DruvaInsyncEvents_CL"
],
"destinations": [
"clv2ws1"
],
"transformKql": "source\n| extend TimeGenerated = timestamp\n| extend eventID = tostring(eventID)\n| project-rename EventUid = eventID\n| project-away timestamp\n",
"outputStream": "Custom-DruvaInsyncEvents_CL"
}
]
}
}
]
131 changes: 131 additions & 0 deletions ...tions/DruvaDataSecurityCloud/Data Connectors/Druva_ccp/Druva_DataConnectorDefinition.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,131 @@
{
"name": "DruvaEventCCPDefinition",
"apiVersion": "2022-09-01-preview",
"type": "Microsoft.SecurityInsights/dataConnectorDefinitions",
"location": "{{location}}",
"kind": "Customizable",
"properties":
{

"connectorUiConfig": {
"id": "DruvaEventCCPDefinition",
"title": "Druva Events Connector",
"publisher" : "Microsoft",
"descriptionMarkdown" : "Provides capability to ingest the druva events from druva apis",
"graphQueriesTableName" : "DruvaSecurityEvents_CL",
"graphQueries": [
{
"metricName":"Total Security Events",
"legend":"Druva Security events received",
"baseQuery": "{{graphQueriesTableName}}"
},

{
"metricName":"Total platform events",
"legend":"Druva platform events received",
"baseQuery": "DruvaPlatformEvents_CL"
},
{
"metricName":"Total insync events",
"legend":"Druva insync events received",
"baseQuery": "DruvaInsyncEvents_CL"
}
],
"sampleQueries":[
{
"description": "Sample of Druva security events",
"query": "{{graphQueriesTableName}}\n| take 10"
},
{
"description": "Sample of Druva platform events",
"query": "DruvaPlatformEvents_CL\n| take 10"
},
{
"description": "Sample of Druva insync events",
"query": "DruvaInsyncEvents_CL\n| take 10"
}
],
"dataTypes":[
{
"name": "{{graphQueriesTableName}}",
"lastDataReceivedQuery": "{{graphQueriesTableName}}\n | summarize Time=max(TimeGenerated) \n | where isnotempty(Time)"
},
{
"name": "DruvaPlatformEvents_CL",
"lastDataReceivedQuery": "DruvaPlatformEvents_CL\n | summarize Time=max(TimeGenerated) \n | where isnotempty(Time)"
},
{
"name": "DruvaInsyncEvents_CL",
"lastDataReceivedQuery": "DruvaInsyncEvents_CL\n | summarize Time=max(TimeGenerated) \n | where isnotempty(Time)"
}
],
"connectivityCriteria":[
{
"type": "HasDataConnectors"
}
],
"permissions":{
"resourceProvider":[
{
"provider": "Microsoft.OperationalInsights/workspaces",
"permissionsDisplayText":"Read and Write permission are required",
"providerDisplayName":"Workspace",
"scope":"Workspace",
"requiredPermissions":{
"write": true,
"read":true,
"delete": true
}
}
],
"customs":[
{
"name": "Druva API Access",
"description":"Druva api requires a client id and client secret to authenticate"
}
]
},
"instructionSteps":[
{
"description": ">Note: Configurations to connect to Druva Rest API\n"
},
{
"description": "Step 1: Create Crdentials from Druva Console: https://help.druva.com/en/articles/8580838-create-and-manage-api-credentials\n"
},
{
"description": "Step 2: Enter the hostname public cloud its apis.druva.com\n"
},
{
"description": "Step 3: Get client id and client secret key\n"
},
{
"description": "Provide required values:\n",
"instructions":[

{
"type": "Textbox",
"parameters": {
"label": "hostname",
"placeholder": "Example: apis.druva.com",
"type": "text",
"name": "hostname"
}
},

{
"type": "OAuthForm",
"parameters":{
"clientIdLabel":"Client ID",
"clientSecretLabel" : "Client Secret",
"connectButtonLabel":"Connect",
"disconnectButtonLabel": "Diconnect"

}
}
],
"tittle": "Connect to Druva API to start collecting logs in microft sentinel"
}
]
}
}
}
Loading
Loading