Fixed typo error in analytical rule in Claroty Solution

Solutions/Claroty/Analytic Rules/ClarotyTreat.yaml → Solutions/Claroty/Analytic Rules/ClarotyThreat.yaml

@@ -1,36 +1,36 @@
-id: 731e5ac4-7fe1-4b06-9941-532f2e008bb3
-name: Claroty - Treat detected
-description: |
-  'Detects Collection of known malware commands and control servers.'
-severity: High
-status: Available
-requiredDataConnectors:
-  - connectorId: Claroty
-    dataTypes:
-      - ClarotyEvent
-  - connectorId: ClarotyAma
-    dataTypes:
-      - ClarotyEvent
-  - connectorId: CefAma
-    dataTypes:
-      - CommonSecurityLog
-queryFrequency: 1h
-queryPeriod: 1h
-triggerOperator: gt
-triggerThreshold: 0
-tactics:
-  - Discovery
-relevantTechniques:
-  - T1018
-query: |
-  ClarotyEvent
-  | where EventOriginalType has 'Treat' or EventType has 'Treat'
-  | project TimeGenerated, DstIpAddr
-  | extend IPCustomEntity = DstIpAddr
-entityMappings:
-  - entityType: IP
-    fieldMappings:
-      - identifier: Address
-        columnName: IPCustomEntity
-version: 1.0.3
-kind: Scheduled
+id: 731e5ac4-7fe1-4b06-9941-532f2e008bb3
+name: Claroty - Threat detected
+description: |
+  'Detects Collection of known malware commands and control servers.'
+severity: High
+status: Available
+requiredDataConnectors:
+  - connectorId: Claroty
+    dataTypes:
+      - ClarotyEvent
+  - connectorId: ClarotyAma
+    dataTypes:
+      - ClarotyEvent
+  - connectorId: CefAma
+    dataTypes:
+      - CommonSecurityLog
+queryFrequency: 1h
+queryPeriod: 1h
+triggerOperator: gt
+triggerThreshold: 0
+tactics:
+  - Discovery
+relevantTechniques:
+  - T1018
+query: |
+  ClarotyEvent
+  | where EventOriginalType has 'Threat' or EventType has 'Threat'
+  | project TimeGenerated, DstIpAddr
+  | extend IPCustomEntity = DstIpAddr
+entityMappings:
+  - entityType: IP
+    fieldMappings:
+      - identifier: Address
+        columnName: IPCustomEntity
+version: 1.0.4
+kind: Scheduled

Solutions/Claroty/Data/Solution_Claroty.json

@@ -3,12 +3,8 @@
   "Author": "Microsoft - support@microsoft.com",
   "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">",
   "Description": "The [Claroty](https://claroty.com/) solution for Microsoft Sentinel enables ingestion of  [Continuous Threat Detection](https://claroty.com/resources/datasheets/continuous-threat-detection) and [Secure Remote Access](https://claroty.com/industrial-cybersecurity/sra) events into Microsoft Sentinel. \n\nThis solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.\n\n**NOTE:** Microsoft recommends installation of CEF via AMA Connector. The existing connectors were deprecated on **Aug 31, 2024**.",
-  "Workbooks": [
-    "Workbooks/ClarotyOverview.json"
-  ],
-  "Parsers": [
-    "Parsers/ClarotyEvent.yaml"
-  ],
+  "Workbooks": ["Workbooks/ClarotyOverview.json"],
+  "Parsers": ["Parsers/ClarotyEvent.yaml"],
   "Hunting Queries": [
     "Hunting Queries/ClarotyBaselineDeviation.yaml",
     "Hunting Queries/ClarotyConflictAssets.yaml",
@@ -31,11 +27,11 @@
     "Analytic Rules/ClarotyPolicyViolation.yaml",
     "Analytic Rules/ClarotySuspiciousActivity.yaml",
     "Analytic Rules/ClarotySuspiciousFileTransfer.yaml",
-    "Analytic Rules/ClarotyTreat.yaml"
+    "Analytic Rules/ClarotyThreat.yaml"
   ],
   "dependentDomainSolutionIds": [
-   "azuresentinel.azure-sentinel-solution-commoneventformat"
-   ],
+    "azuresentinel.azure-sentinel-solution-commoneventformat"
+  ],
   "Metadata": "SolutionMetadata.json",
   "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\Claroty",
   "Version": "3.0.3",

Solutions/Claroty/Package/createUiDefinition.json

@@ -6,7 +6,7 @@
     "config": {
       "isWizard": false,
       "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Claroty/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Claroty](https://claroty.com/) solution for Microsoft Sentinel enables ingestion of  [Continuous Threat Detection](https://claroty.com/resources/datasheets/continuous-threat-detection) and [Secure Remote Access](https://claroty.com/industrial-cybersecurity/sra) events into Microsoft Sentinel. \n\nThis solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.\n\n**NOTE:** Microsoft recommends installation of CEF via AMA Connector. The existing connectors were deprecated on **Aug 31, 2024**. \n\n**Parsers:** 1, **Workbooks:** 1, **Analytic Rules:** 10, **Hunting Queries:** 10\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Claroty/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Claroty](https://claroty.com/) solution for Microsoft Sentinel enables ingestion of  [Continuous Threat Detection](https://claroty.com/resources/datasheets/continuous-threat-detection) and [Secure Remote Access](https://claroty.com/industrial-cybersecurity/sra) events into Microsoft Sentinel. \n\nThis solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.\n\n**NOTE:** Microsoft recommends installation of CEF via AMA Connector. The existing connectors were deprecated on **Aug 31, 2024**.\n\n**Parsers:** 1, **Workbooks:** 1, **Analytic Rules:** 10, **Hunting Queries:** 10\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
         "subscription": {
           "resourceProviders": [
             "Microsoft.OperationsManagement/solutions",
@@ -248,7 +248,7 @@
           {
             "name": "analytic10",
             "type": "Microsoft.Common.Section",
-            "label": "Claroty - Treat detected",
+            "label": "Claroty - Threat detected",
             "elements": [
               {
                 "name": "analytic10-text",