Merge pull request #14381 from spurthicode/spurthi_sentinel

Adding a new query string parameter

Author: v-atulyadav

Solutions/QualysVM/Data Connectors/QualysVMHostLogs_ccp/QualysVMHostLogs_ConnectorDefinition.json

@@ -1,7 +1,7 @@
 {
-  "type": "Microsoft.SecurityInsights/dataConnectorDefinitions",
-  "apiVersion": "2025-03-01",
   "name": "QualysVMLogsCCPDefinition",
+  "apiVersion": "2025-03-01",
+  "type": "Microsoft.SecurityInsights/dataConnectorDefinitions",
   "location": "{{location}}",
   "kind": "Customizable",
   "properties": {
@@ -36,8 +36,8 @@
         }
       ],
       "availability": {
-        "status": 1,
-        "isPreview": false
+        "isPreview": false,
+        "status": 1
       },
       "permissions": {
         "resourceProvider": [
@@ -47,8 +47,8 @@
             "providerDisplayName": "Workspace",
             "scope": "Workspace",
             "requiredPermissions": {
-              "read": true,
               "write": true,
+              "read": true,
               "delete": true,
               "action": false
             }
@@ -57,7 +57,7 @@
         "customs": [
           {
             "name": "API access and roles",
-            "description": "Ensure the Qualys VM user has a role of Reader or higher. If the role is Reader, ensure that API access is enabled for the account. Auditor role is not supported to access the API. For more details, refer to the Qualys VM [Host Detection API](https://docs.qualys.com/en/vm/qweb-all-api/mergedProjects/qapi-assets/host_lists/host_detection.htm#v_5_0) and [User role Comparison](https://qualysguard.qualys.com/qwebhelp/fo_portal/user_accounts/user_roles_comparison_vm.htm) document."
+            "description": "Ensure the Qualys VM user has a role of Reader or higher. If the role is Reader, ensure that API access is enabled for the account. Auditor role is not supported to access the API. For more details, refer to the Qualys VM [Host Detection API](https://docs.qualys.com/en/vm/qweb-all-api/mergedProjects/qapi-assets/host_lists/host_detection.htm#v_5_0) and [User role Comparison](https://docs.qualys.com/en/vm/latest/user_accounts/user_roles_comparison_vm.htm) document."
           }
         ]
       },
@@ -96,7 +96,9 @@
                 "placeholder": "Enter UserName",
                 "type": "text",
                 "name": "username",
-                "required": true
+                "validations": {
+                  "required": true
+                }
               }
             },
             {
@@ -106,7 +108,9 @@
                 "placeholder": "Enter password",
                 "type": "password",
                 "name": "password",
-                "required": true
+                "validations": {
+                  "required": true
+                }
               }
             },
             {
@@ -116,16 +120,18 @@
                 "placeholder": "Enter API Server URL",
                 "type": "text",
                 "name": "apiServerUrl",
-                "required": true,
-                "description": "Ensure the API Server URL starts with https:// and paste the whole API Server URL without / at the ending"
+                "description": "Ensure the API Server URL starts with https:// and paste the whole API Server URL without / at the ending",
+                "validations": {
+                  "required": true
+                }
               }
             },
             {
               "type": "Markdown",
               "parameters": {
                 "content": "#### 3. Truncation Limit \n Configure the maximum number of host records to retrieve per API call (20-5000 range). Higher values may improve performance but could impact API response times."
               }
-            },            
+            },
             {
               "type": "Dropdown",
               "parameters": {
@@ -162,6 +168,26 @@
                 "required": true
               }
             },
+            {
+              "type": "Dropdown",
+              "parameters": {
+                "label": "Show QDS Value",
+                "name": "show_qds",
+                "options": [
+                  {
+                    "key": "0",
+                    "text": "False (default)"
+                  },
+                  {
+                    "key": "1",
+                    "text": "True"
+                  }
+                ],
+                "placeholder": "Select QDS value",
+                "isMultiSelect": false,
+                "required": true
+              }
+            },
             {
               "type": "ConnectionToggleButton",
               "parameters": {

Solutions/QualysVM/Data Connectors/QualysVMHostLogs_ccp/QualysVMHostLogs_DCR.json

@@ -1,81 +1,79 @@
-[
-  {
-    "name": "QualysVMDCR",
-    "apiVersion": "2023-03-11",
-    "type": "Microsoft.Insights/dataCollectionRules",
-    "location": "{{location}}",
-    "properties": {
-      "dataCollectionEndpointId": "{{dataCollectionEndpointId}}",
-      "streamDeclarations": {
-        "Custom-QualysVM": {
-          "columns": [
-            {
-              "name": "ID",
-              "type": "string"
-            },
-            {
-              "name": "IP",
-              "type": "string"
-            },
-            {
-              "name": "TRACKING_METHOD",
-              "type": "string"
-            },
-            {
-              "name": "OS",
-              "type": "dynamic"
-            },
-            {
-              "name": "DNS",
-              "type": "dynamic"
-            },
-            {
-              "name": "NETBIOS",
-              "type": "dynamic"
-            },
-            {
-              "name": "QG_HOSTID",
-              "type": "dynamic"
-            },
-            {
-              "name": "LAST_SCAN_DATETIME",
-              "type": "datetime"
-            },
-            {
-              "name": "LAST_VM_SCANNED_DATE",
-              "type": "datetime"
-            },
-            {
-              "name": "LAST_VM_AUTH_SCANNED_DATE",
-              "type": "datetime"
-            },
-            {
-              "name": "DETECTION_LIST",
-              "type": "dynamic"
-            }
-          ]
-        }
-      },
-      "destinations": {
-        "logAnalytics": [
+{
+  "name": "QualysVMDCR",
+  "apiVersion": "2023-03-11",
+  "type": "Microsoft.Insights/dataCollectionRules",
+  "location": "{{location}}",
+  "properties": {
+    "dataCollectionEndpointId": "{{dataCollectionEndpointId}}",
+    "streamDeclarations": {
+      "Custom-QualysVM": {
+        "columns": [
+          {
+            "name": "ID",
+            "type": "string"
+          },
+          {
+            "name": "IP",
+            "type": "string"
+          },
+          {
+            "name": "TRACKING_METHOD",
+            "type": "string"
+          },
+          {
+            "name": "OS",
+            "type": "dynamic"
+          },
+          {
+            "name": "DNS",
+            "type": "dynamic"
+          },
+          {
+            "name": "NETBIOS",
+            "type": "dynamic"
+          },
+          {
+            "name": "QG_HOSTID",
+            "type": "dynamic"
+          },
+          {
+            "name": "LAST_SCAN_DATETIME",
+            "type": "datetime"
+          },
+          {
+            "name": "LAST_VM_SCANNED_DATE",
+            "type": "datetime"
+          },
+          {
+            "name": "LAST_VM_AUTH_SCANNED_DATE",
+            "type": "datetime"
+          },
           {
-            "workspaceResourceId": "{{workspaceResourceId}}",
-            "name": "clv2ws1"
+            "name": "DETECTION_LIST",
+            "type": "dynamic"
           }
         ]
-      },
-      "dataFlows": [
+      }
+    },
+    "destinations": {
+      "logAnalytics": [
         {
-          "streams": [
-            "Custom-QualysVM"
-          ],
-          "destinations": [
-            "clv2ws1"
-          ],
-          "transformKql": "source | extend HostId = tostring(ID), IPAddress = tostring(IP), TrackingMethod = tostring(TRACKING_METHOD), OperatingSystem = tostring(OS['#cdata-section']), DnsName = tostring(DNS['#cdata-section']), NetBios = tostring(NETBIOS['#cdata-section']), QGHostId = tostring(QG_HOSTID['#cdata-section']), LastScanDateTime = todatetime(LAST_SCAN_DATETIME), LastVMScannedDateTime = todatetime(LAST_VM_SCANNED_DATE), LastVMAuthScannedDateTime = todatetime(LAST_VM_AUTH_SCANNED_DATE), DetectionList = DETECTION_LIST, TimeGenerated = now() | project  HostId, IPAddress, TrackingMethod, OperatingSystem, DnsName, NetBios, QGHostId, LastScanDateTime, LastVMScannedDateTime, LastVMAuthScannedDateTime, DetectionList, TimeGenerated",
-          "outputStream": "Custom-QualysHostDetectionV3_CL"
+          "workspaceResourceId": "{{workspaceResourceId}}",
+          "name": "clv2ws1"
         }
       ]
-    }
+    },
+    "dataFlows": [
+      {
+        "streams": [
+          "Custom-QualysVM"
+        ],
+        "destinations": [
+          "clv2ws1"
+        ],
+        "outputStream": "Custom-QualysHostDetectionV3_CL",
+        "transformKql": "source | extend HostId = tostring(ID), IPAddress = tostring(IP), TrackingMethod = tostring(TRACKING_METHOD), OperatingSystem = tostring(OS['#cdata-section']), DnsName = tostring(DNS['#cdata-section']), NetBios = tostring(NETBIOS['#cdata-section']), QGHostId = tostring(QG_HOSTID['#cdata-section']), LastScanDateTime = todatetime(LAST_SCAN_DATETIME), LastVMScannedDateTime = todatetime(LAST_VM_SCANNED_DATE), LastVMAuthScannedDateTime = todatetime(LAST_VM_AUTH_SCANNED_DATE), DetectionList = DETECTION_LIST, TimeGenerated = now() | project  HostId, IPAddress, TrackingMethod, OperatingSystem, DnsName, NetBios, QGHostId, LastScanDateTime, LastVMScannedDateTime, LastVMAuthScannedDateTime, DetectionList, TimeGenerated"
+      }
+    ]
   }
-]
+}

Solutions/QualysVM/Data Connectors/QualysVMHostLogs_ccp/QualysVMHostLogs_PollingConfig.json

@@ -1,50 +1,52 @@
-[
-    {
-        "type": "Microsoft.SecurityInsights/dataConnectors",
-        "apiVersion": "2025-03-01",
-        "name": "QualysVMLogsCCP",
-        "kind": "RestApiPoller",
-        "properties": {
-            "connectorDefinitionName": "QualysVMLogsCCPDefinition",
-            "dataType": "QualysHostDetectionV3_CL",        
-            "auth": {
-            "type": "Basic",
-            "userName": "[[parameters('username')]",
-            "password": "[[parameters('password')]"
-            },
-            "request": {
-            "apiEndpoint": "{{apiServerUrl}}/api/5.0/fo/asset/host/vm/detection/",
-                "httpMethod": "GET",
-                "QueryWindowInMin": 10,
-                "rateLimitQPS": 1,
-                "queryTimeFormat": "yyyy-MM-ddTHH:mm:ssZ",
-                "headers": {
-                    "X-Requested-With": "XMLHttpRequest",
-                    "User-Agent": "Scuba"
-                },
-                "queryParameters": {
-                    "action": "list",
-                    "truncation_limit": "[[parameters('truncationLimit')[0]]",
-                    "status": "New,Fixed,Active,Re-Opened",
-                    "vm_processed_before": "{_QueryWindowEndTime}",
-                    "vm_processed_after": "{_QueryWindowStartTime}"
-            }
-            },
-            "response": {
-                "eventsJsonPaths": [
-                    "$.HOST_LIST_VM_DETECTION_OUTPUT.RESPONSE.HOST_LIST.HOST"
-                ],
-                "format": "xml"
-            },
-            "dcrConfig": {
-                "streamName": "Custom-QualysVM",
-                "dataCollectionEndpoint": "{{dataCollectionEndpoint}}",
-                "dataCollectionRuleImmutableId": "{{dataCollectionRuleImmutableId}}"
-            },
-            "paging": {
-                "pagingType": "LinkHeader",
-                "linkHeaderTokenJsonPath": "$.HOST_LIST_VM_DETECTION_OUTPUT.RESPONSE.WARNING.URL.#cdata-section"
-            }        
-        }
+{
+  "type": "Microsoft.SecurityInsights/dataConnectors",
+  "apiVersion": "2025-03-01",
+  "name": "QualysVMLogsCCP",
+  "location": "{{location}}",
+  "kind": "RestApiPoller",
+  "properties": {
+    "auth": {
+      "type": "Basic",
+      "UserName": "[[parameters('username')]",
+      "Password": "[[parameters('password')]"
+    },
+    "request": {
+      "apiEndpoint": "[[concat(parameters('apiServerUrl'),'/api/5.0/fo/asset/host/vm/detection/')]",
+      "httpMethod": "GET",
+      "rateLimitQPS": 1,
+      "queryWindowInMin": 10,
+      "queryTimeFormat": "yyyy-MM-ddTHH:mm:ssZ",
+      "retryCount": 3,
+      "timeoutInSeconds": 20,
+      "headers": {
+        "X-Requested-With": "XMLHttpRequest",
+        "User-Agent": "Scuba"
+      },
+      "queryParameters": {
+        "action": "list",
+        "truncation_limit": "[[parameters('truncationLimit')[0]]",
+        "status": "New,Fixed,Active,Re-Opened",
+        "vm_processed_before": "{_QueryWindowEndTime}",
+        "vm_processed_after": "{_QueryWindowStartTime}",
+        "show_qds": "[[parameters('show_qds')[0]]"
+      }
+    },
+    "response": {
+      "eventsJsonPaths": [
+        "$.HOST_LIST_VM_DETECTION_OUTPUT.RESPONSE.HOST_LIST.HOST"
+      ],
+      "format": "xml"
+    },
+    "paging": {
+      "pagingType": "LinkHeader",
+      "linkHeaderTokenJsonPath": "$.HOST_LIST_VM_DETECTION_OUTPUT.RESPONSE.WARNING.URL.#cdata-section"
+    },
+    "connectorDefinitionName": "QualysVMLogsCCPDefinition",
+    "dataType": "QualysHostDetectionV3_CL",
+    "dcrConfig": {
+      "streamName": "Custom-QualysVM",
+      "dataCollectionEndpoint": "{{dataCollectionEndpoint}}",
+      "dataCollectionRuleImmutableId": "{{dataCollectionRuleImmutableId}}"
     }
-]
+  }
+}