Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Binary file modified Solutions/Fortinet FortiNDR Cloud/Package/3.0.3.zip
Binary file not shown.
6 changes: 3 additions & 3 deletions Solutions/Fortinet FortiNDR Cloud/Package/mainTemplate.json

Large diffs are not rendered by default.

1 change: 1 addition & 0 deletions Solutions/Fortinet FortiNDR Cloud/ReleaseNotes.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
| **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** |
|-------------|--------------------------------|-------------------------------------------------------|
| 3.0.4 | 12-06-2026 | Updated **Workbook** |
| 3.0.3 | 05-05-2025 | Use Flex Consumption plan to hold Data Connector |
Comment on lines 1 to 4
| 3.0.2 | 30-09-2024 | Show mitre attack ids and link to detection rule page |
| 3.0.1 | 31-05-2024 | Replace Metastream with FortiNDR Cloud API |
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,74 @@
{
"type": 1,
"content": {
"json": "## FortiNDR Cloud workbook\n---\n>**NOTE:** This workbook uses a parser based on a Kusto Function to normalize fields. [Follow these steps](https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/Fortinet%20FortiNDR%20Cloud/Parsers/Fortinet_FortiNDR_Cloud.md) to create the Kusto function alias **Fortinet_FortiNDR_Cloud**."
"json": "## FortiNDR Cloud workbook\n\nUse this workbook to review Suricata, observation, and detection activity from the Fortinet FortiNDR Cloud parser. Ensure the Kusto function alias **Fortinet_FortiNDR_Cloud** is deployed first, then use the time range and filters to focus on specific sensors, categories, severities, and confidence values.\n\n**Prerequisite:** the Fortinet FortiNDR Cloud Kusto function must exist in the workspace."
},
"name": "text - 2"
},
{
"type": 11,
"content": {
"parameters": [
{
"id": "time_range_param",
"version": "KqlParameterItem/1.0",
"name": "TimeRange",
"type": 4,
"isRequired": true,
"isGlobal": true,
"value": {
"durationMs": 86400000
},
"typeSettings": {
"selectableValues": [
{
"durationMs": 3600000
},
{
"durationMs": 14400000
},
{
"durationMs": 43200000
},
{
"durationMs": 86400000
},
{
"durationMs": 172800000
},
{
"durationMs": 604800000
},
{
"durationMs": 2592000000
}
]
}
},
{
"id": "subscription_param",
"version": "KqlParameterItem/1.0",
"name": "Subscription",
"type": 6,
"isRequired": true,
"multiSelect": true,
"quote": "'",
"delimiter": ","
},
{
"id": "workspace_param",
"version": "KqlParameterItem/1.0",
"name": "Workspace",
"type": 5,
"isRequired": true,
"multiSelect": true,
"quote": "'",
"delimiter": ","
}
]
},
"name": "parameters"
},
Comment on lines +11 to +74
{
"type": 11,
"content": {
Expand Down Expand Up @@ -144,10 +208,12 @@
"showExportToExcel": true,
"queryType": 0,
"resourceType": "microsoft.operationalinsights/workspaces",
"visualization": "piechart"
"visualization": "piechart",
"exportParameterName": "SelectedRow_0",
"noDataMessage": "No data matched the selected filters and time range."
},
"customWidth": "50",
"name": "main-Suricata"
"name": "Suricata Counts by Category"
Comment on lines 208 to +216
},
{
"type": 3,
Expand All @@ -161,10 +227,12 @@
"showExportToExcel": true,
"queryType": 0,
"resourceType": "microsoft.operationalinsights/workspaces",
"visualization": "piechart"
"visualization": "piechart",
"exportParameterName": "SelectedRow_1",
"noDataMessage": "No data matched the selected filters and time range."
},
"customWidth": "50",
"name": "main-observation"
"name": "Observation Counts by Title"
},
{
"type": 3,
Expand All @@ -178,10 +246,12 @@
"showExportToExcel": true,
"queryType": 0,
"resourceType": "microsoft.operationalinsights/workspaces",
"visualization": "piechart"
"visualization": "piechart",
"exportParameterName": "SelectedRow_2",
"noDataMessage": "No data matched the selected filters and time range."
},
"customWidth": "50",
"name": "main-detections-s"
"name": "Detection Counts by Severity"
},
{
"type": 3,
Expand All @@ -195,10 +265,12 @@
"showExportToExcel": true,
"queryType": 0,
"resourceType": "microsoft.operationalinsights/workspaces",
"visualization": "piechart"
"visualization": "piechart",
"exportParameterName": "SelectedRow_0",
"noDataMessage": "No data matched the selected filters and time range."
},
"customWidth": "50",
"name": "main-detections-s - Copy"
"name": "Detection Counts by Confidence"
Comment on lines 265 to +273
}
]
},
Expand All @@ -218,7 +290,7 @@
{
"type": 1,
"content": {
"json": "**FortiDNR Cloud Suricata Chart:**"
"json": "## FortiNDR Cloud workbook\n\nUse this workbook to review Suricata, observation, and detection activity from the Fortinet FortiNDR Cloud parser. Ensure the Kusto function alias **Fortinet_FortiNDR_Cloud** is deployed first, then use the time range and filters to focus on specific sensors, categories, severities, and confidence values.\n\n**Prerequisites:** the Fortinet FortiNDR Cloud Kusto function must exist in the target workspace, and the workbook should be connected to a workspace that contains FortiNDR Cloud data. [Deployment steps](https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/Fortinet%20FortiNDR%20Cloud/Package/Content%20Hub/Workbooks/FortiNDR%20Cloud%20Workbook.json)"
},
"name": "text - 4"
},
Comment on lines 290 to 296
Expand Down Expand Up @@ -326,9 +398,11 @@
"visualization": "barchart",
"chartSettings": {
"showLegend": true
}
},
"exportParameterName": "SelectedRow_1",
"noDataMessage": "No data matched the selected filters and time range."
},
"name": "query - 2"
"name": "Suricata Events Over Time by Category"
},
{
"type": 1,
Expand Down Expand Up @@ -860,9 +934,12 @@
"nodeColorField": "http_hostname_enrichments_ip_enrichments_asn_asn_d",
"heatmapPalette": "greenRed"
}
}
},
"noDataMessage": "No Suricata records matched the selected filters and time range.",
"noDataMessageStyle": "warning",
"exportParameterName": "SelectedRow_2"
},
"name": "FNC Suricata List"
"name": "Suricata Event List"
}
]
},
Expand Down Expand Up @@ -1006,9 +1083,10 @@
"nodeColorField": "High",
"heatmapPalette": "greenRed"
}
}
},
"noDataMessage": "No data matched the selected filters and time range."
},
"name": "query - 5"
"name": "Observation Events Over Time by Title"
},
{
"type": 1,
Expand Down Expand Up @@ -1422,9 +1500,11 @@
"label": "customer_id"
}
]
}
},
"noDataMessage": "No observation records matched the selected filters and time range.",
"noDataMessageStyle": "warning"
},
"name": "FNC Observation List"
"name": "Observation Event List"
}
]
},
Expand Down Expand Up @@ -1613,10 +1693,12 @@
"color": "redBright"
}
]
}
},
"visualization": "barchart",
"noDataMessage": "No data matched the selected filters and time range."
},
"customWidth": "50",
"name": "query - 8 - Copy",
"name": "Detection Severity Over Time",
"styleSettings": {
"showBorder": true
}
Expand Down Expand Up @@ -1650,10 +1732,12 @@
"color": "redBright"
}
]
}
},
"visualization": "barchart",
"noDataMessage": "No data matched the selected filters and time range."
},
"customWidth": "50",
"name": "query - 8 - Copy - Copy",
"name": "Detection Confidence Over Time",
"styleSettings": {
"showBorder": true
}
Expand Down Expand Up @@ -2110,9 +2194,11 @@
},
"tileSettings": {
"showBorder": false
}
},
"noDataMessage": "No detection records matched the selected filters and time range.",
"noDataMessageStyle": "warning"
},
"name": "query - 6"
"name": "Detection Event List"
}
]
},
Expand Down
Loading