|
31 | 31 | }, |
32 | 32 | "variables": { |
33 | 33 | "_solutionName": "JoeSandbox", |
34 | | - "_solutionVersion": "3.0.1", |
| 34 | + "_solutionVersion": "3.0.2", |
35 | 35 | "solutionId": "joesecurity.azure-sentinel-solution-joesandbox", |
36 | 36 | "_solutionId": "[variables('solutionId')]", |
37 | 37 | "JoeSandboxEnrichment_FunctionAppConnector": "JoeSandboxEnrichment_FunctionAppConnector", |
|
1677 | 1677 | "graphQueries": [ |
1678 | 1678 | { |
1679 | 1679 | "metricName": "JoeSandbox Threat Indicators data received", |
1680 | | - "legend": "ThreatIntelligenceIndicator | where SourceSystem contains 'JoeSandbox'", |
1681 | | - "baseQuery": "ThreatIntelligenceIndicator | where SourceSystem contains 'JoeSandbox'" |
| 1680 | + "legend": "ThreatIntelIndicators | where SourceSystem contains 'JoeSandbox'", |
| 1681 | + "baseQuery": "ThreatIntelIndicators | where SourceSystem contains 'JoeSandbox'" |
1682 | 1682 | }, |
1683 | 1683 | { |
1684 | 1684 | "metricName": "Non-JoeSandbox Threat Indicators data received", |
1685 | | - "legend": "ThreatIntelligenceIndicator | where SourceSystem !contains 'JoeSandbox'", |
1686 | | - "baseQuery": "ThreatIntelligenceIndicator | where SourceSystem !contains 'JoeSandbox'" |
| 1685 | + "legend": "ThreatIntelIndicators | where SourceSystem !contains 'JoeSandbox'", |
| 1686 | + "baseQuery": "ThreatIntelIndicators | where SourceSystem !contains 'JoeSandbox'" |
1687 | 1687 | } |
1688 | 1688 | ], |
1689 | 1689 | "sampleQueries": [ |
1690 | 1690 | { |
1691 | 1691 | "description": "JoeSandbox Based Indicators Events - All JoeSandbox threat indicators in Microsoft Sentinel Threat Intelligence.", |
1692 | | - "query": "ThreatIntelligenceIndicator\n | where SourceSystem contains 'JoeSandbox'\n | sort by TimeGenerated desc" |
| 1692 | + "query": "ThreatIntelIndicators\n | where SourceSystem contains 'JoeSandbox'\n | sort by TimeGenerated desc" |
1693 | 1693 | }, |
1694 | 1694 | { |
1695 | 1695 | "description": "Non-JoeSandbox Based Indicators Events - All Non-JoeSandbox threat indicators in Microsoft Sentinel Threat Intelligence.", |
1696 | | - "query": "ThreatIntelligenceIndicator\n | where SourceSystem !contains 'JoeSandbox'\n | sort by TimeGenerated desc" |
| 1696 | + "query": "ThreatIntelIndicators\n | where SourceSystem !contains 'JoeSandbox'\n | sort by TimeGenerated desc" |
1697 | 1697 | } |
1698 | 1698 | ], |
1699 | 1699 | "dataTypes": [ |
1700 | 1700 | { |
1701 | | - "name": "ThreatIntelligenceIndicator", |
1702 | | - "lastDataReceivedQuery": "ThreatIntelligenceIndicator\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" |
| 1701 | + "name": "ThreatIntelIndicators", |
| 1702 | + "lastDataReceivedQuery": "ThreatIntelIndicators\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" |
1703 | 1703 | } |
1704 | 1704 | ], |
1705 | 1705 | "connectivityCriterias": [ |
1706 | 1706 | { |
1707 | 1707 | "type": "IsConnectedQuery", |
1708 | 1708 | "value": [ |
1709 | | - "ThreatIntelligenceIndicator\n | where SourceSystem contains 'JoeSandbox'\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" |
| 1709 | + "ThreatIntelIndicators\n | where SourceSystem contains 'JoeSandbox'\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" |
1710 | 1710 | ] |
1711 | 1711 | }, |
1712 | 1712 | { |
|
1718 | 1718 | { |
1719 | 1719 | "type": "IsConnectedQuery", |
1720 | 1720 | "value": [ |
1721 | | - "ThreatIntelligenceIndicator\n | where SourceSystem !contains 'JoeSandbox'\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" |
| 1721 | + "ThreatIntelIndicators\n | where SourceSystem !contains 'JoeSandbox'\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" |
1722 | 1722 | ] |
1723 | 1723 | } |
1724 | 1724 | ], |
|
1888 | 1888 | "graphQueries": [ |
1889 | 1889 | { |
1890 | 1890 | "metricName": "JoeSandbox Threat Indicators data received", |
1891 | | - "legend": "ThreatIntelligenceIndicator | where SourceSystem contains 'JoeSandbox'", |
1892 | | - "baseQuery": "ThreatIntelligenceIndicator | where SourceSystem contains 'JoeSandbox'" |
| 1891 | + "legend": "ThreatIntelIndicators | where SourceSystem contains 'JoeSandbox'", |
| 1892 | + "baseQuery": "ThreatIntelIndicators | where SourceSystem contains 'JoeSandbox'" |
1893 | 1893 | }, |
1894 | 1894 | { |
1895 | 1895 | "metricName": "Non-JoeSandbox Threat Indicators data received", |
1896 | | - "legend": "ThreatIntelligenceIndicator | where SourceSystem !contains 'JoeSandbox'", |
1897 | | - "baseQuery": "ThreatIntelligenceIndicator | where SourceSystem !contains 'JoeSandbox'" |
| 1896 | + "legend": "ThreatIntelIndicators | where SourceSystem !contains 'JoeSandbox'", |
| 1897 | + "baseQuery": "ThreatIntelIndicators | where SourceSystem !contains 'JoeSandbox'" |
1898 | 1898 | } |
1899 | 1899 | ], |
1900 | 1900 | "dataTypes": [ |
1901 | 1901 | { |
1902 | | - "name": "ThreatIntelligenceIndicator", |
1903 | | - "lastDataReceivedQuery": "ThreatIntelligenceIndicator\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" |
| 1902 | + "name": "ThreatIntelIndicators", |
| 1903 | + "lastDataReceivedQuery": "ThreatIntelIndicators\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" |
1904 | 1904 | } |
1905 | 1905 | ], |
1906 | 1906 | "connectivityCriterias": [ |
1907 | 1907 | { |
1908 | 1908 | "type": "IsConnectedQuery", |
1909 | 1909 | "value": [ |
1910 | | - "ThreatIntelligenceIndicator\n | where SourceSystem contains 'JoeSandbox'\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" |
| 1910 | + "ThreatIntelIndicators\n | where SourceSystem contains 'JoeSandbox'\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" |
1911 | 1911 | ] |
1912 | 1912 | }, |
1913 | 1913 | { |
|
1919 | 1919 | { |
1920 | 1920 | "type": "IsConnectedQuery", |
1921 | 1921 | "value": [ |
1922 | | - "ThreatIntelligenceIndicator\n | where SourceSystem !contains 'JoeSandbox'\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" |
| 1922 | + "ThreatIntelIndicators\n | where SourceSystem !contains 'JoeSandbox'\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" |
1923 | 1923 | ] |
1924 | 1924 | } |
1925 | 1925 | ], |
1926 | 1926 | "sampleQueries": [ |
1927 | 1927 | { |
1928 | 1928 | "description": "JoeSandbox Based Indicators Events - All JoeSandbox threat indicators in Microsoft Sentinel Threat Intelligence.", |
1929 | | - "query": "ThreatIntelligenceIndicator\n | where SourceSystem contains 'JoeSandbox'\n | sort by TimeGenerated desc" |
| 1929 | + "query": "ThreatIntelIndicators\n | where SourceSystem contains 'JoeSandbox'\n | sort by TimeGenerated desc" |
1930 | 1930 | }, |
1931 | 1931 | { |
1932 | 1932 | "description": "Non-JoeSandbox Based Indicators Events - All Non-JoeSandbox threat indicators in Microsoft Sentinel Threat Intelligence.", |
1933 | | - "query": "ThreatIntelligenceIndicator\n | where SourceSystem !contains 'JoeSandbox'\n | sort by TimeGenerated desc" |
| 1933 | + "query": "ThreatIntelIndicators\n | where SourceSystem !contains 'JoeSandbox'\n | sort by TimeGenerated desc" |
1934 | 1934 | } |
1935 | 1935 | ], |
1936 | 1936 | "availability": { |
|
2022 | 2022 | "apiVersion": "2023-04-01-preview", |
2023 | 2023 | "location": "[parameters('workspace-location')]", |
2024 | 2024 | "properties": { |
2025 | | - "version": "3.0.1", |
| 2025 | + "version": "3.0.2", |
2026 | 2026 | "kind": "Solution", |
2027 | 2027 | "contentSchemaVersion": "3.0.0", |
2028 | 2028 | "displayName": "JoeSandbox", |
|
0 commit comments