diff --git a/Solutions/Votiro/Analytic Rules/VotiroFileBlockedFromConnector.yaml b/Solutions/Votiro/Analytic Rules/VotiroFileBlockedFromConnector.yaml
index 3ecc3720775..fa402001289 100644
--- a/Solutions/Votiro/Analytic Rules/VotiroFileBlockedFromConnector.yaml
+++ b/Solutions/Votiro/Analytic Rules/VotiroFileBlockedFromConnector.yaml
@@ -41,9 +41,9 @@ incidentConfiguration:
eventGroupingSettings:
aggregationKind: AlertPerResult
alertDetailsOverride:
- alertDisplayNameFormat: File {{fileName}} with hash {{SrcFileSHA256}} was blocked
- alertDescriptionFormat: The {{FileWithConnectorDetails}} was blocked by Votiro due to Policy {{policyName}}, see more detail in the following link {{incidentURL}}
+ alertDisplayNameFormat: File with hash {{SrcFileSHA256}} was blocked
+ alertDescriptionFormat: The {{FileWithConnectorDetails}} was blocked by Votiro due to Policy rules, see more detail in the following link {{incidentURL}}
alertTacticsColumnName: sanitizationResult
alertSeverityColumnName: LogSeverity
-version: 1.0.0
+version: 1.1.0
kind: Scheduled
diff --git a/Solutions/Votiro/Analytic Rules/VotiroFileBlockedInEmail.yaml b/Solutions/Votiro/Analytic Rules/VotiroFileBlockedInEmail.yaml
index ede08b15c5c..910d04b21a1 100644
--- a/Solutions/Votiro/Analytic Rules/VotiroFileBlockedInEmail.yaml
+++ b/Solutions/Votiro/Analytic Rules/VotiroFileBlockedInEmail.yaml
@@ -40,9 +40,9 @@ incidentConfiguration:
eventGroupingSettings:
aggregationKind: AlertPerResult
alertDetailsOverride:
- alertDisplayNameFormat: File {{fileName}} with hash {{SrcFileSHA256}} was blocked
- alertDescriptionFormat: Attachment {{FileWithEmailDetails}} by Votiro due to Policy {{policyName}}, see more detail in the following link {{incidentURL}}
+ alertDisplayNameFormat: File with hash {{SrcFileSHA256}} was blocked
+ alertDescriptionFormat: Attachment {{FileWithEmailDetails}} by Votiro due to Policy rules, see more detail in the following link {{incidentURL}}
alertTacticsColumnName: sanitizationResult
alertSeverityColumnName: LogSeverity
-version: 1.0.0
+version: 1.1.0
kind: Scheduled
diff --git a/Solutions/Votiro/Data Connectors/VotiroEvents.json b/Solutions/Votiro/Data Connectors/VotiroEvents.json
index 7b537cfd46b..73fadc81a49 100644
--- a/Solutions/Votiro/Data Connectors/VotiroEvents.json
+++ b/Solutions/Votiro/Data Connectors/VotiroEvents.json
@@ -26,7 +26,7 @@
{
"type": "IsConnectedQuery",
"value": [
- "CommonSecurityLog\n| where DeviceVendor == \"Votiro\" and DeviceProduct == \"Votiro cloud\"\n| summarize LastLogReceived = max(TimeGenerated)\n| project IsConnected = LastLogReceived > ago(30d)"
+ "CommonSecurityLog\n| where DeviceVendor == \"Votiro\" and DeviceProduct == \"Votiro cloud\"\n| summarize LastLogReceived = max(TimeGenerated)\n| project IsConnected = LastLogReceived > ago(3d)"
]
}
],
diff --git a/Solutions/Votiro/Data/Solution_Votiro.json b/Solutions/Votiro/Data/Solution_Votiro.json
index 24f91952ce1..36373b3af60 100644
--- a/Solutions/Votiro/Data/Solution_Votiro.json
+++ b/Solutions/Votiro/Data/Solution_Votiro.json
@@ -17,7 +17,7 @@
"Analytic Rules/VotiroFileBlockedInEmail.yaml"
],
"BasePath": "C:\\Github\\Azure-Sentinel\\Solutions\\Votiro",
- "Version": "2.0.0",
+ "Version": "3.0.0",
"Metadata": "SolutionMetadata.json",
"TemplateSpec": true,
"Is1Pconnector": false
diff --git a/Solutions/Votiro/Package/3.0.0.zip b/Solutions/Votiro/Package/3.0.0.zip
new file mode 100644
index 00000000000..7bb93042010
Binary files /dev/null and b/Solutions/Votiro/Package/3.0.0.zip differ
diff --git a/Solutions/Votiro/Package/mainTemplate.json b/Solutions/Votiro/Package/mainTemplate.json
index 7878d1be2e9..1fd59e23e1b 100644
--- a/Solutions/Votiro/Package/mainTemplate.json
+++ b/Solutions/Votiro/Package/mainTemplate.json
@@ -38,62 +38,50 @@
}
},
"variables": {
- "solutionId": "votirocybersecltd1670174946024.votiro_data_connector",
- "_solutionId": "[variables('solutionId')]",
"email": "support@votiro.com",
"_email": "[variables('email')]",
- "workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]",
+ "_solutionName": "Votiro",
+ "_solutionVersion": "3.0.0",
+ "solutionId": "votirocybersecltd1670174946024.votiro_data_connector",
+ "_solutionId": "[variables('solutionId')]",
"uiConfigId1": "Votiro",
"_uiConfigId1": "[variables('uiConfigId1')]",
"dataConnectorContentId1": "Votiro",
"_dataConnectorContentId1": "[variables('dataConnectorContentId1')]",
"dataConnectorId1": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
"_dataConnectorId1": "[variables('dataConnectorId1')]",
- "dataConnectorTemplateSpecName1": "[concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId1')))]",
+ "dataConnectorTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId1'))))]",
"dataConnectorVersion1": "1.0.0",
- "parserVersion1": "1.0.0",
- "parserContentId1": "VotiroEvents-Parser",
- "_parserContentId1": "[variables('parserContentId1')]",
+ "_dataConnectorcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentId1'),'-', variables('dataConnectorVersion1'))))]",
"parserName1": "VotiroEvents",
"_parserName1": "[concat(parameters('workspace'),'/',variables('parserName1'))]",
"parserId1": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), variables('parserName1'))]",
"_parserId1": "[variables('parserId1')]",
- "parserTemplateSpecName1": "[concat(parameters('workspace'),'-pr-',uniquestring(variables('_parserContentId1')))]",
+ "parserTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring(variables('_parserContentId1'))))]",
+ "parserVersion1": "1.0.0",
+ "parserContentId1": "VotiroEvents-Parser",
+ "_parserContentId1": "[variables('parserContentId1')]",
+ "_parsercontentProductId1": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('_parserContentId1'),'-', variables('parserVersion1'))))]",
"workbookVersion1": "1.0.0",
"workbookContentId1": "VotiroWorkbook",
"workbookId1": "[resourceId('Microsoft.Insights/workbooks', variables('workbookContentId1'))]",
- "workbookTemplateSpecName1": "[concat(parameters('workspace'),'-wb-',uniquestring(variables('_workbookContentId1')))]",
- "_workbookContentId1": "[variables('workbookContentId1')]"
+ "workbookTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-wb-',uniquestring(variables('_workbookContentId1'))))]",
+ "_workbookContentId1": "[variables('workbookContentId1')]",
+ "workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]",
+ "_workbookcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','wb','-', uniqueString(concat(variables('_solutionId'),'-','Workbook','-',variables('_workbookContentId1'),'-', variables('workbookVersion1'))))]",
+ "_solutioncontentProductId": "[concat(take(variables('_solutionId'),50),'-','sl','-', uniqueString(concat(variables('_solutionId'),'-','Solution','-',variables('_solutionId'),'-', variables('_solutionVersion'))))]"
},
"resources": [
{
- "type": "Microsoft.Resources/templateSpecs",
- "apiVersion": "2022-02-01",
+ "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+ "apiVersion": "2023-04-01-preview",
"name": "[variables('dataConnectorTemplateSpecName1')]",
"location": "[parameters('workspace-location')]",
- "tags": {
- "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
- "hidden-sentinelContentType": "DataConnector"
- },
- "properties": {
- "description": "Votiro data connector with template",
- "displayName": "Votiro template"
- }
- },
- {
- "type": "Microsoft.Resources/templateSpecs/versions",
- "apiVersion": "2022-02-01",
- "name": "[concat(variables('dataConnectorTemplateSpecName1'),'/',variables('dataConnectorVersion1'))]",
- "location": "[parameters('workspace-location')]",
- "tags": {
- "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
- "hidden-sentinelContentType": "DataConnector"
- },
"dependsOn": [
- "[resourceId('Microsoft.Resources/templateSpecs', variables('dataConnectorTemplateSpecName1'))]"
+ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
- "description": "Votiro data connector with template version 2.0.0",
+ "description": "Votiro data connector with template version 3.0.0",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('dataConnectorVersion1')]",
@@ -102,7 +90,7 @@
"resources": [
{
"name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId1'))]",
- "apiVersion": "2023-05-01-preview",
+ "apiVersion": "2021-03-01-preview",
"type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
"location": "[parameters('workspace-location')]",
"kind": "GenericUI",
@@ -135,7 +123,7 @@
{
"type": "IsConnectedQuery",
"value": [
- "CommonSecurityLog\n| where DeviceVendor == \"Votiro\" and DeviceProduct == \"Votiro cloud\"\n| summarize LastLogReceived = max(TimeGenerated)\n| project IsConnected = LastLogReceived > ago(30d)"
+ "CommonSecurityLog\n| where DeviceVendor == \"Votiro\" and DeviceProduct == \"Votiro cloud\"\n| summarize LastLogReceived = max(TimeGenerated)\n| project IsConnected = LastLogReceived > ago(3d)"
]
}
],
@@ -243,7 +231,7 @@
},
{
"type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
- "apiVersion": "2023-05-01-preview",
+ "apiVersion": "2023-04-01-preview",
"name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]",
"properties": {
"parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
@@ -268,12 +256,23 @@
}
}
]
- }
+ },
+ "packageKind": "Solution",
+ "packageVersion": "[variables('_solutionVersion')]",
+ "packageName": "[variables('_solutionName')]",
+ "packageId": "[variables('_solutionId')]",
+ "contentSchemaVersion": "3.0.0",
+ "contentId": "[variables('_dataConnectorContentId1')]",
+ "contentKind": "DataConnector",
+ "displayName": "Votiro Sanitization Engine Logs",
+ "contentProductId": "[variables('_dataConnectorcontentProductId1')]",
+ "id": "[variables('_dataConnectorcontentProductId1')]",
+ "version": "[variables('dataConnectorVersion1')]"
}
},
{
"type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
- "apiVersion": "2023-05-01-preview",
+ "apiVersion": "2023-04-01-preview",
"name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]",
"dependsOn": [
"[variables('_dataConnectorId1')]"
@@ -303,7 +302,7 @@
},
{
"name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId1'))]",
- "apiVersion": "2023-05-01-preview",
+ "apiVersion": "2021-03-01-preview",
"type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
"location": "[parameters('workspace-location')]",
"kind": "GenericUI",
@@ -329,7 +328,7 @@
{
"type": "IsConnectedQuery",
"value": [
- "CommonSecurityLog\n| where DeviceVendor == \"Votiro\" and DeviceProduct == \"Votiro cloud\"\n| summarize LastLogReceived = max(TimeGenerated)\n| project IsConnected = LastLogReceived > ago(30d)"
+ "CommonSecurityLog\n| where DeviceVendor == \"Votiro\" and DeviceProduct == \"Votiro cloud\"\n| summarize LastLogReceived = max(TimeGenerated)\n| project IsConnected = LastLogReceived > ago(3d)"
]
}
],
@@ -425,33 +424,15 @@
}
},
{
- "type": "Microsoft.Resources/templateSpecs",
- "apiVersion": "2022-02-01",
+ "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+ "apiVersion": "2023-04-01-preview",
"name": "[variables('parserTemplateSpecName1')]",
"location": "[parameters('workspace-location')]",
- "tags": {
- "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
- "hidden-sentinelContentType": "Parser"
- },
- "properties": {
- "description": "VotiroEvents Data Parser with template",
- "displayName": "VotiroEvents Data Parser template"
- }
- },
- {
- "type": "Microsoft.Resources/templateSpecs/versions",
- "apiVersion": "2022-02-01",
- "name": "[concat(variables('parserTemplateSpecName1'),'/',variables('parserVersion1'))]",
- "location": "[parameters('workspace-location')]",
- "tags": {
- "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
- "hidden-sentinelContentType": "Parser"
- },
"dependsOn": [
- "[resourceId('Microsoft.Resources/templateSpecs', variables('parserTemplateSpecName1'))]"
+ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
- "description": "VotiroEvents Data Parser with template version 2.0.0",
+ "description": "VotiroEvents Data Parser with template version 3.0.0",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('parserVersion1')]",
@@ -460,7 +441,7 @@
"resources": [
{
"name": "[variables('_parserName1')]",
- "apiVersion": "2023-05-01",
+ "apiVersion": "2022-10-01",
"type": "Microsoft.OperationalInsights/workspaces/savedSearches",
"location": "[parameters('workspace-location')]",
"properties": {
@@ -469,6 +450,7 @@
"category": "Samples",
"functionAlias": "VotiroEvents",
"query": "\nCommonSecurityLog\r\n| where DeviceVendor == \"Votiro\" and DeviceProduct == \"Votiro cloud\"\r\n| parse-kv AdditionalExtensions as (companyName: string, correlationId:guid, itemId: guid, fileName: string, fileSize: int, passwordProtected: bool, AVResult: string, threatCount: int, blockedCount: int, threats: string, fileModification: string, sanitizationResult: string, sanitizationTime: int, connectorType: string, connectorName: string, connectorId: dynamic, policyName: string, exceptionId: dynamic, incidentURL: dynamic, messageId: dynamic, subject: string, from: string, recipients: string) with (pair_delimiter=\";\", kv_delimiter=\"=\")\r\n| project-rename\r\n SrcFileSHA256=FileHash\r\n| project-away AdditionalExtensions",
+ "functionParameters": "",
"version": 1,
"tags": [
{
@@ -480,7 +462,7 @@
},
{
"type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
- "apiVersion": "2023-05-01-preview",
+ "apiVersion": "2022-01-01-preview",
"name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('_parserId1'),'/'))))]",
"dependsOn": [
"[variables('_parserName1')]"
@@ -508,12 +490,23 @@
}
}
]
- }
+ },
+ "packageKind": "Solution",
+ "packageVersion": "[variables('_solutionVersion')]",
+ "packageName": "[variables('_solutionName')]",
+ "packageId": "[variables('_solutionId')]",
+ "contentSchemaVersion": "3.0.0",
+ "contentId": "[variables('_parserContentId1')]",
+ "contentKind": "Parser",
+ "displayName": "VotiroEvents",
+ "contentProductId": "[variables('_parsercontentProductId1')]",
+ "id": "[variables('_parsercontentProductId1')]",
+ "version": "[variables('parserVersion1')]"
}
},
{
"type": "Microsoft.OperationalInsights/workspaces/savedSearches",
- "apiVersion": "2023-05-01",
+ "apiVersion": "2022-10-01",
"name": "[variables('_parserName1')]",
"location": "[parameters('workspace-location')]",
"properties": {
@@ -522,12 +515,19 @@
"category": "Samples",
"functionAlias": "VotiroEvents",
"query": "\nCommonSecurityLog\r\n| where DeviceVendor == \"Votiro\" and DeviceProduct == \"Votiro cloud\"\r\n| parse-kv AdditionalExtensions as (companyName: string, correlationId:guid, itemId: guid, fileName: string, fileSize: int, passwordProtected: bool, AVResult: string, threatCount: int, blockedCount: int, threats: string, fileModification: string, sanitizationResult: string, sanitizationTime: int, connectorType: string, connectorName: string, connectorId: dynamic, policyName: string, exceptionId: dynamic, incidentURL: dynamic, messageId: dynamic, subject: string, from: string, recipients: string) with (pair_delimiter=\";\", kv_delimiter=\"=\")\r\n| project-rename\r\n SrcFileSHA256=FileHash\r\n| project-away AdditionalExtensions",
- "version": 1
+ "functionParameters": "",
+ "version": 1,
+ "tags": [
+ {
+ "name": "description",
+ "value": "VotiroEvents"
+ }
+ ]
}
},
{
"type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
- "apiVersion": "2023-05-01-preview",
+ "apiVersion": "2022-01-01-preview",
"location": "[parameters('workspace-location')]",
"name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('_parserId1'),'/'))))]",
"dependsOn": [
@@ -556,33 +556,15 @@
}
},
{
- "type": "Microsoft.Resources/templateSpecs",
- "apiVersion": "2022-02-01",
+ "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+ "apiVersion": "2023-04-01-preview",
"name": "[variables('workbookTemplateSpecName1')]",
"location": "[parameters('workspace-location')]",
- "tags": {
- "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
- "hidden-sentinelContentType": "Workbook"
- },
- "properties": {
- "description": "Votiro Workbook with template",
- "displayName": "Votiro workbook template"
- }
- },
- {
- "type": "Microsoft.Resources/templateSpecs/versions",
- "apiVersion": "2022-02-01",
- "name": "[concat(variables('workbookTemplateSpecName1'),'/',variables('workbookVersion1'))]",
- "location": "[parameters('workspace-location')]",
- "tags": {
- "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
- "hidden-sentinelContentType": "Workbook"
- },
"dependsOn": [
- "[resourceId('Microsoft.Resources/templateSpecs', variables('workbookTemplateSpecName1'))]"
+ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
- "description": "Votiro Monitoring DashboardWorkbook with template version 2.0.0",
+ "description": "Votiro Monitoring DashboardWorkbook Workbook with template version 3.0.0",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('workbookVersion1')]",
@@ -594,13 +576,13 @@
"name": "[variables('workbookContentId1')]",
"location": "[parameters('workspace-location')]",
"kind": "shared",
- "apiVersion": "2023-05-01",
+ "apiVersion": "2021-08-01",
"metadata": {
"description": "Votiro Workbook Description"
},
"properties": {
"displayName": "[parameters('workbook1-name')]",
- "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## This Workbook is used to analyse file sanitization data from Votiro's endpoints.\"},\"customWidth\":\"90\",\"name\":\"text - 5\",\"styleSettings\":{\"maxWidth\":\"90\"}},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"8b8cd15e-bd0d-4cb9-aef6-07e117e2cf5a\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"TimeRange\",\"type\":4,\"isRequired\":true,\"value\":{\"durationMs\":604800000},\"typeSettings\":{\"selectableValues\":[{\"durationMs\":300000},{\"durationMs\":900000},{\"durationMs\":1800000},{\"durationMs\":3600000},{\"durationMs\":14400000},{\"durationMs\":43200000},{\"durationMs\":86400000},{\"durationMs\":172800000},{\"durationMs\":259200000},{\"durationMs\":604800000},{\"durationMs\":1209600000},{\"durationMs\":2419200000},{\"durationMs\":2592000000}],\"allowCustom\":true},\"timeContext\":{\"durationMs\":86400000},\"label\":\"Select TimeRange\"}],\"style\":\"above\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"10\",\"name\":\"parameters - 4\",\"styleSettings\":{\"maxWidth\":\"10\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"VotiroEvents\\n| where TimeGenerated {TimeRange}\\n| summarize Count = count() by connectorType\\n| where connectorType =~ \\\"File connector\\\" or connectorType =~ \\\"Email connector\\\"\",\"size\":3,\"title\":\"Incoming Traffic(Data Source)\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"connectorType\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Count\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\",\"maximumSignificantDigits\":2}}},\"showBorder\":true}},\"customWidth\":\"40\",\"name\":\"query - 3\",\"styleSettings\":{\"showBorder\":true}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"VotiroEvents\\n| where TimeGenerated {TimeRange}\\n| summarize Count=count() by sanitizationResult\\n| where sanitizationResult in (\\\"Blocked\\\", \\\"Sanitized\\\", \\\"Partially sanitized\\\", \\\"Skipped\\\")\\n\",\"size\":3,\"title\":\"Scanned Files(Threats)\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"sanitizationResult\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Count\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\",\"maximumSignificantDigits\":2}}},\"showBorder\":true,\"rowLimit\":10}},\"customWidth\":\"60\",\"name\":\"query - 2\",\"styleSettings\":{\"maxWidth\":\"60\",\"showBorder\":true}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"VotiroEvents\\n| where TimeGenerated {TimeRange}\\n| extend total = threatCount, timestamp = TimeGenerated\\n| extend dayOfMonth = format_datetime(TimeGenerated, \\\"dd/MM\\\")\\n| summarize sum(total) by dayOfMonth\\n| order by dayOfMonth asc\\n| render barchart\",\"size\":0,\"title\":\"Threats Disarmed(Threat Count Per Day)\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"chartSettings\":{\"xAxis\":\"dayOfMonth\",\"group\":\"dayOfMonth\",\"createOtherGroup\":100,\"showLegend\":true,\"ySettings\":{\"min\":0}}},\"name\":\"query - 3\",\"styleSettings\":{\"showBorder\":true}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"VotiroEvents\\n| where TimeGenerated {TimeRange}\\n| summarize Count=count() by FileType\\n| order by Count desc\\n| limit 8\\n| render barchart\",\"size\":0,\"title\":\"Incoming Files\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"chartSettings\":{\"showLegend\":true}},\"customWidth\":\"100\",\"name\":\"query - 1\",\"styleSettings\":{\"showBorder\":true}}],\"fromTemplateId\":\"sentinel-Votiro\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\n",
+ "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## This Workbook is used to analyse file sanitization data from Votiro's endpoints.\"},\"customWidth\":\"90\",\"name\":\"text - 5\",\"styleSettings\":{\"maxWidth\":\"90\"}},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"8b8cd15e-bd0d-4cb9-aef6-07e117e2cf5a\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"TimeRange\",\"type\":4,\"isRequired\":true,\"value\":{\"durationMs\":604800000},\"typeSettings\":{\"selectableValues\":[{\"durationMs\":300000},{\"durationMs\":900000},{\"durationMs\":1800000},{\"durationMs\":3600000},{\"durationMs\":14400000},{\"durationMs\":43200000},{\"durationMs\":86400000},{\"durationMs\":172800000},{\"durationMs\":259200000},{\"durationMs\":604800000},{\"durationMs\":1209600000},{\"durationMs\":2419200000},{\"durationMs\":2592000000}],\"allowCustom\":true},\"timeContext\":{\"durationMs\":86400000},\"label\":\"Select TimeRange\"}],\"style\":\"above\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"10\",\"name\":\"parameters - 4\",\"styleSettings\":{\"maxWidth\":\"10\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"VotiroEvents\\n| where TimeGenerated {TimeRange}\\n| where ConnectorType == \\\"File connector\\\" or ConnectorType == \\\"Email connector\\\"\\n | summarize Count = count() by ConnectorType\\n\",\"size\":3,\"title\":\"Incoming Traffic(Data Source)\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"connectorType\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Count\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\",\"maximumSignificantDigits\":2}}},\"showBorder\":true}},\"customWidth\":\"40\",\"name\":\"query - 3\",\"styleSettings\":{\"showBorder\":true}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"VotiroEvents\\n| where TimeGenerated {TimeRange}\\n| where SanitizationResult != \\\"\\\"\\n| where SanitizationResult in (\\\"Blocked\\\", \\\"Sanitized\\\", \\\"Partially sanitized\\\", \\\"Skipped\\\")\\n | summarize Count=count() by SanitizationResult\\n\",\"size\":3,\"title\":\"Scanned Files(Threats)\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"sanitizationResult\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Count\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\",\"maximumSignificantDigits\":2}}},\"showBorder\":true,\"rowLimit\":10}},\"customWidth\":\"60\",\"name\":\"query - 2\",\"styleSettings\":{\"maxWidth\":\"60\",\"showBorder\":true}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"VotiroEvents\\n| where TimeGenerated {TimeRange}\\n| extend total = threatCount, timestamp = TimeGenerated\\n| extend dayOfMonth = format_datetime(TimeGenerated, \\\"dd/MM\\\")\\n| summarize sum(total) by dayOfMonth\\n| order by dayOfMonth asc\\n| render barchart\",\"size\":0,\"title\":\"Threats Disarmed(Threat Count Per Day)\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"chartSettings\":{\"xAxis\":\"dayOfMonth\",\"group\":\"dayOfMonth\",\"createOtherGroup\":100,\"showLegend\":true,\"ySettings\":{\"min\":0}}},\"name\":\"query - 3\",\"styleSettings\":{\"showBorder\":true}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"VotiroEvents\\n| where TimeGenerated {TimeRange}\\n| summarize Count=count() by FileType\\n| order by Count desc\\n| limit 8\\n| render barchart\",\"size\":0,\"title\":\"Incoming Files\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"chartSettings\":{\"showLegend\":true}},\"customWidth\":\"100\",\"name\":\"query - 1\",\"styleSettings\":{\"showBorder\":true}}],\"fromTemplateId\":\"sentinel-Votiro\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\n",
"version": "1.0",
"sourceId": "[variables('workspaceResourceId')]",
"category": "sentinel"
@@ -608,7 +590,7 @@
},
{
"type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
- "apiVersion": "2023-05-01-preview",
+ "apiVersion": "2022-01-01-preview",
"name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Workbook-', last(split(variables('workbookId1'),'/'))))]",
"properties": {
"description": "@{workbookKey=VotiroWorkbook; logoFileName=; description=Votiro Workbook Description; dataTypesDependencies=System.Object[]; dataConnectorsDependencies=System.Object[]; previewImagesFileNames=System.Object[]; version=1.0.0; title=Votiro; templateRelativePath=Votiro Monitoring Dashboard.json; subtitle=; provider=Votiro}.description",
@@ -647,17 +629,35 @@
}
}
]
- }
+ },
+ "packageKind": "Solution",
+ "packageVersion": "[variables('_solutionVersion')]",
+ "packageName": "[variables('_solutionName')]",
+ "packageId": "[variables('_solutionId')]",
+ "contentSchemaVersion": "3.0.0",
+ "contentId": "[variables('_workbookContentId1')]",
+ "contentKind": "Workbook",
+ "displayName": "[parameters('workbook1-name')]",
+ "contentProductId": "[variables('_workbookcontentProductId1')]",
+ "id": "[variables('_workbookcontentProductId1')]",
+ "version": "[variables('workbookVersion1')]"
}
},
{
- "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
- "apiVersion": "2023-05-01-preview",
+ "type": "Microsoft.OperationalInsights/workspaces/providers/contentPackages",
+ "apiVersion": "2023-04-01-preview",
"location": "[parameters('workspace-location')]",
"properties": {
- "version": "2.0.0",
+ "version": "3.0.0",
"kind": "Solution",
- "contentSchemaVersion": "2.0.0",
+ "contentSchemaVersion": "3.0.0",
+ "displayName": "Votiro",
+ "publisherDisplayName": "Votiro",
+ "descriptionHtml": "Note: There may be known issues pertaining to this Solution, please refer to them before installing.
\nThreat related information will be sent from Votiro Sanitization Engine to Microsoft Sentinel, allowing customers to better mitigate cyber attack, do effective threat hunting and enrich cyber security alerts.
\nData Connectors: 1, Parsers: 1, Workbooks: 1
\nLearn more about Microsoft Sentinel | Learn more about Solutions
\n",
+ "contentKind": "Solution",
+ "contentProductId": "[variables('_solutioncontentProductId')]",
+ "id": "[variables('_solutioncontentProductId')]",
+ "icon": "![](\"https://github.com/metron-labs/Azure-Sentinel/master/VotiroSentinelSolutions/Logos/votiro.svg\")
",
"contentId": "[variables('_solutionId')]",
"parentId": "[variables('_solutionId')]",
"source": {
diff --git a/Solutions/Votiro/Workbooks/Votiro Monitoring Dashboard.json b/Solutions/Votiro/Workbooks/Votiro Monitoring Dashboard.json
index 06c3675a2c0..5a4a7de941a 100644
--- a/Solutions/Votiro/Workbooks/Votiro Monitoring Dashboard.json
+++ b/Solutions/Votiro/Workbooks/Votiro Monitoring Dashboard.json
@@ -90,7 +90,7 @@
"type": 3,
"content": {
"version": "KqlItem/1.0",
- "query": "VotiroEvents\n| where TimeGenerated {TimeRange}\n| summarize Count = count() by connectorType\n| where connectorType =~ \"File connector\" or connectorType =~ \"Email connector\"",
+ "query": "VotiroEvents\n| where TimeGenerated {TimeRange}\n| where ConnectorType == \"File connector\" or ConnectorType == \"Email connector\"\n | summarize Count = count() by ConnectorType\n",
"size": 3,
"title": "Incoming Traffic(Data Source)",
"queryType": 0,
@@ -128,7 +128,7 @@
"type": 3,
"content": {
"version": "KqlItem/1.0",
- "query": "VotiroEvents\n| where TimeGenerated {TimeRange}\n| summarize Count=count() by sanitizationResult\n| where sanitizationResult in (\"Blocked\", \"Sanitized\", \"Partially sanitized\", \"Skipped\")\n",
+ "query": "VotiroEvents\n| where TimeGenerated {TimeRange}\n| where SanitizationResult != \"\"\n| where SanitizationResult in (\"Blocked\", \"Sanitized\", \"Partially sanitized\", \"Skipped\")\n | summarize Count=count() by SanitizationResult\n",
"size": 3,
"title": "Scanned Files(Threats)",
"queryType": 0,