Azure
diff --git a/‎Solutions/Panorays/Data Connectors/Panorays_ccp/DCR.json‎
Lines changed: 694 additions & 0 deletions b/‎Solutions/Panorays/Data Connectors/Panorays_ccp/DCR.json‎
Lines changed: 694 additions & 0 deletions
diff --git a/‎Solutions/Panorays/Data Connectors/Panorays_ccp/DeployInstance.json‎
Lines changed: 169 additions & 0 deletions b/‎Solutions/Panorays/Data Connectors/Panorays_ccp/DeployInstance.json‎
Lines changed: 169 additions & 0 deletions
diff --git a/‎Solutions/Panorays/Data Connectors/Panorays_ccp/connectorDefinition.json‎
Lines changed: 112 additions & 0 deletions b/‎Solutions/Panorays/Data Connectors/Panorays_ccp/connectorDefinition.json‎
Lines changed: 112 additions & 0 deletions
diff --git a/‎Solutions/Panorays/Data Connectors/Panorays_ccp/createUiDefinition.json‎
Lines changed: 110 additions & 0 deletions b/‎Solutions/Panorays/Data Connectors/Panorays_ccp/createUiDefinition.json‎
Lines changed: 110 additions & 0 deletions
@@ -0,0 +1,169 @@
+{
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+  "contentVersion": "1.0.0.0",
+  "parameters": {
+    "workspaceName": { "type": "string", "metadata": { "description": "Log Analytics Workspace Name (Not ID)" } },
+    "location": { "type": "string", "defaultValue": "eastus" },
+    "panoraysAPIBaseUrl": { "type": "string", "defaultValue": "https://api.panoraysapp.com" },
+    "apitoken": { "type": "securestring" }
+  },
+  "variables": {
+    "dceName": "Panorays-Manual-DCE",
+    "dcrName": "Panorays-Manual-DCR",
+    "tableName": "PanoraysCompanyFindingPOC_CL",
+    "connectorDefinitionName": "ccpPanoraysCompanyFindingPOC",
+    "connectorInstanceName": "Panorays-Manual-Instance"
+  },
+  "resources": [
+    {
+      "type": "Microsoft.Insights/dataCollectionEndpoints",
+      "apiVersion": "2021-09-01-preview",
+      "name": "[variables('dceName')]",
+      "location": "[parameters('location')]",
+      "properties": {
+        "networkAcls": { "publicNetworkAccess": "Enabled" }
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/tables",
+      "apiVersion": "2022-10-01",
+      "name": "[concat(parameters('workspaceName'), '/', variables('tableName'))]",
+      "location": "[parameters('location')]",
+      "properties": {
+        "schema": {
+          "name": "[variables('tableName')]",
+          "columns": [
+            { "name": "TimeGenerated", "type": "datetime" },
+            { "name": "FindingKey", "type": "string" },
+            { "name": "status", "type": "string" },
+            { "name": "severity", "type": "string" },
+            { "name": "asset_name", "type": "string" },
+            { "name": "cves", "type": "dynamic" },
+            { "name": "finding_text", "type": "string" },
+            { "name": "description", "type": "string" }
+          ]
+        }
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectorDefinitions",
+      "apiVersion": "2022-09-01-preview",
+      "name": "[concat(parameters('workspaceName'), '/Microsoft.SecurityInsights/', variables('connectorDefinitionName'))]",
+      "location": "[parameters('location')]",
+      "kind": "Customizable",
+      "properties": {
+        "connectorUiConfig": {
+          "id": "[variables('connectorDefinitionName')]",
+          "title": "Panorays (Manual)",
+          "publisher": "Microsoft",
+          "descriptionMarkdown": "Manually deployed Panorays Connector for testing.",
+          "graphQueriesTableName": "[variables('tableName')]",
+          "graphQueries": [
+            { "metricName": "Total findings", "legend": "Findings", "baseQuery": "{{graphQueriesTableName}}" }
+          ],
+          "sampleQueries": [
+            { "description": "Get Sample Data", "query": "{{graphQueriesTableName}} | take 10" }
+          ],
+          "dataTypes": [
+            { "name": "{{graphQueriesTableName}}", "lastDataReceivedQuery": "{{graphQueriesTableName}} | summarize Time = max(TimeGenerated) | where isnotempty(Time)" }
+          ],
+          "connectivityCriteria": [ { "type": "HasDataConnectors" } ],
+          "permissions": { "resourceProvider": [ { "provider": "Microsoft.OperationalInsights/workspaces", "permissionsDisplayText": "Read and Write", "providerDisplayName": "Workspace", "scope": "Workspace", "requiredPermissions": { "read": true, "write": true, "delete": true } } ] },
+          "instructionSteps": [
+            {
+              "instructions": [
+                { "type": "Markdown", "parameters": { "content": "Manual Deployment Test" } }
+              ]
+            }
+          ]
+        }
+      }
+    },
+    {
+      "type": "Microsoft.Insights/dataCollectionRules",
+      "apiVersion": "2021-09-01-preview",
+      "name": "[variables('dcrName')]",
+      "location": "[parameters('location')]",
+      "dependsOn": [
+        "[resourceId('Microsoft.Insights/dataCollectionEndpoints', variables('dceName'))]",
+        "[resourceId('Microsoft.OperationalInsights/workspaces/tables', parameters('workspaceName'), variables('tableName'))]"
+      ],
+      "properties": {
+        "dataCollectionEndpointId": "[resourceId('Microsoft.Insights/dataCollectionEndpoints', variables('dceName'))]",
+        "streamDeclarations": {
+          "Custom-PanoraysStream": {
+            "columns": [
+              { "name": "id", "type": "string" },
+              { "name": "status", "type": "string" },
+              { "name": "severity", "type": "string" },
+              { "name": "asset_name", "type": "string" },
+              { "name": "cves", "type": "string" },
+              { "name": "finding_text", "type": "string" },
+              { "name": "description", "type": "string" }
+            ]
+          }
+        },
+        "destinations": {
+          "logAnalytics": [
+            {
+              "workspaceResourceId": "[resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspaceName'))]",
+              "name": "law"
+            }
+          ]
+        },
+        "dataFlows": [
+          {
+            "streams": [ "Custom-PanoraysStream" ],
+            "destinations": [ "law" ],
+            "transformKql": "source | project TimeGenerated = now(), FindingKey = id, status, severity, asset_name, cves, finding_text, description",
+            "outputStream": "[concat('Custom-', variables('tableName'))]"
+          }
+        ]
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
+      "apiVersion": "2022-09-01-preview",
+      "name": "[concat(parameters('workspaceName'), '/Microsoft.SecurityInsights/', variables('connectorInstanceName'))]",
+      "location": "[parameters('location')]",
+      "dependsOn": [
+        "[resourceId('Microsoft.Insights/dataCollectionRules', variables('dcrName'))]",
+        "[resourceId('Microsoft.OperationalInsights/workspaces/providers/dataConnectorDefinitions', parameters('workspaceName'), 'Microsoft.SecurityInsights', variables('connectorDefinitionName'))]"
+      ],
+      "kind": "RestApiPoller",
+      "properties": {
+        "connectorDefinitionName": "[variables('connectorDefinitionName')]",
+        "dataType": "[variables('tableName')]",
+        "dcrConfig": {
+          "streamName": "Custom-PanoraysStream",
+          "dataCollectionEndpoint": "[reference(resourceId('Microsoft.Insights/dataCollectionEndpoints', variables('dceName')), '2021-09-01-preview').logsIngestion.endpoint]",
+          "dataCollectionRuleImmutableId": "[reference(resourceId('Microsoft.Insights/dataCollectionRules', variables('dcrName')), '2021-09-01-preview').immutableId]" 
+        },
+        "auth": {
+          "type": "APIKey",
+          "ApiKey": "[parameters('apitoken')]",
+          "ApiKeyName": "Authorization",
+          "ApiKeyIdentifier": "Bearer"
+        },
+        "request": {
+          "apiEndpoint": "[concat(parameters('panoraysAPIBaseUrl'), '/v2/findings')]",
+          "rateLimitQPS": 10,
+          "queryWindowInMin": 1,
+          "httpMethod": "GET",
+          "headers": { 
+            "Accept": "application/json",
+            "User-Agent": "PanoraysIntegration/1.0"
+          }
+        },
+        "paging": {
+          "pagingType": "NextPageToken",
+          "PageSize": 100,
+          "PageSizeParameterName": "limit",
+          "NextPageTokenJsonPath": "$.pagination.nextCursor",
+          "NextPageParaName": "cursor"
+        },
+        "response": { "eventsJsonPaths": [ "$.data" ] }
+      }
+    }
+  ]
+}
@@ -0,0 +1,112 @@
+{
+  "name": "ccpPanoraysCompanyFindingPOC",
+  "apiVersion": "2024-01-01-preview",
+  "type": "Microsoft.SecurityInsights/dataConnectorDefinitions",
+  "kind": "Customizable",
+  "properties": {
+    "connectorUiConfig": {
+      "id": "ccpPanoraysCompanyFindingPOC",
+      "title": "Panorays",
+      "publisher": "Microsoft",
+      "descriptionMarkdown": "The [Panorays](https://panorays-papi-v2-documentation.redocly.app/#api-access) data connector allows ingesting company findings from the Panorays API into Microsoft Sentinel. The data connector is built on Microsoft Sentinel Codeless Connector Platform. It uses the Panorays API to fetch data and it supports DCR-based [ingestion time transformations](https://docs.microsoft.com/azure/azure-monitor/logs/custom-logs-overview) that parses the received security data into a custom table so that queries don't need to parse it again, thus resulting in better performance.",
+      "graphQueriesTableName": "PanoraysCompanyFindingPOC_CL",
+      "graphQueries": [
+        {
+          "metricName": "Total findings found",
+          "legend": "Comnapny Findings",
+          "baseQuery": "{{graphQueriesTableName}}"
+        }
+      ],
+      "sampleQueries": [
+        {
+          "description": "Get Sample of Panorays Company Findings",
+          "query": "{{graphQueriesTableName}}\n | take 10"
+        }
+      ],
+      "dataTypes": [
+        {
+          "name": "{{graphQueriesTableName}}",
+          "lastDataReceivedQuery": "{{graphQueriesTableName}}\n   | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
+        }
+      ],
+      "connectivityCriteria": [
+        {
+          "type": "HasDataConnectors",
+          "value": null
+        }
+      ],
+      "availability": {
+        "status": 1,
+        "isPreview": false
+      },
+      "permissions": {
+        "tenant": null,
+        "licenses": null,
+        "resourceProvider": [
+          {
+            "provider": "Microsoft.OperationalInsights/workspaces",
+            "permissionsDisplayText": "Read and Write permissions are required.",
+            "providerDisplayName": "Workspace",
+            "scope": "Workspace",
+            "requiredPermissions": {
+              "read": true,
+              "write": true,
+              "delete": true,
+              "action": false
+            }
+          }
+        ]
+      },
+      "instructionSteps": [
+        {
+          "instructions": [
+            {
+              "type": "Markdown",
+              "parameters": {
+                "content": "#### Configuration steps for the Panorays API \n Follow the instructions to obtain the credentials. "
+              }
+            },
+            {
+              "type": "Markdown",
+              "parameters": {
+                "content": "#### 1. Retrieve Panorays API Token from here: https://www.panoraysapp.com/profile/api_tokens"
+              }
+            },
+            {
+              "type": "Markdown",
+              "parameters": {
+                "content": "#### 2. Retrieve API Token\n   2.1. Log in to the Panorays App\n 2.2. In the Panorays App, click [**Company Settings**] -> [**API Tokens**]\n  2.3. Click on [**Generate Token**] button.\n   2.4. Enter a token name and select the permissions.\n   2.5. Click on [**Generate Token**] and [**Copy API Token**]\n   2.6. Paste the Token here"
+              }
+            },
+            {
+              "parameters": {
+                "label": "Panorays API Base URL",
+                "placeholder": "https://api.panoraysapp.com",
+                "type": "text",
+                "name": "panoraysAPIBaseUrl"
+              },
+              "type": "Textbox"
+            },
+            {
+              "parameters": {
+                "label": "API Token",
+                "placeholder": "API Token",
+                "type": "securestring",
+                "name": "apitoken"
+              },
+              "type": "Textbox"
+            },
+            {
+              "parameters": {
+                "label": "toggle",
+                "name": "toggle"
+              },
+              "type": "ConnectionToggleButton"
+            }
+          ]
+        }
+      ],
+      "isConnectivityCriteriasMatchSome": false
+    }
+  }
+}
@@ -0,0 +1,110 @@
+{
+  "$schema": "https://schema.management.azure.com/schemas/0.1.2-preview/CreateUIDefinition.MultiVm.json#",
+  "handler": "Microsoft.Azure.CreateUIDef",
+  "version": "0.1.2-preview",
+  "parameters": {
+    "config": {
+      "isWizard": false,
+      "basics": {
+        "description": "<img src=\"https://panorays.com/wp-content/uploads/2022/07/panorays-logo.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Panorays/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Panorays](https://www.panorays.com/) solution provides ability to bring Panorays company findings to your Microsoft Sentinel Workspace to inform and to examine potential security risks\n\n**Data Connectors:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "subscription": {
+          "resourceProviders": [
+            "Microsoft.OperationsManagement/solutions",
+            "Microsoft.OperationalInsights/workspaces/providers/alertRules",
+            "Microsoft.Insights/workbooks",
+            "Microsoft.Logic/workflows"
+          ]
+        },
+        "location": {
+          "metadata": {
+            "hidden": "Hiding location, we get it from the log analytics workspace"
+          },
+          "visible": false
+        },
+        "resourceGroup": {
+          "allowExisting": true
+        }
+      }
+    },
+	"basics": [
+      {
+        "name": "getLAWorkspace",
+        "type": "Microsoft.Solutions.ArmApiControl",
+        "toolTip": "This filters by workspaces that exist in the Resource Group selected",
+        "condition": "[greater(length(resourceGroup().name),0)]",
+        "request": {
+          "method": "GET",
+          "path": "[concat(subscription().id,'/providers/Microsoft.OperationalInsights/workspaces?api-version=2020-08-01')]"
+        }
+      },
+      {
+        "name": "workspace",
+        "type": "Microsoft.Common.DropDown",
+        "label": "Workspace",
+        "placeholder": "Select a workspace",
+        "toolTip": "This dropdown will list only workspace that exists in the Resource Group selected",
+        "constraints": {
+          "allowedValues": "[map(filter(basics('getLAWorkspace').value, (filter) => contains(toLower(filter.id), toLower(resourceGroup().name))), (item) => parse(concat('{\"label\":\"', item.name, '\",\"value\":\"', item.name, '\"}')))]",
+          "required": true
+        },
+        "visible": true
+      }
+    ],
+    "steps": [
+      {
+        "name": "configuration",
+        "label": "Configuration",
+        "subLabel": {
+          "preValidation": "API Details",
+          "postValidation": "Done"
+        },
+        "bladeTitle": "Panorays Configuration",
+        "elements": [
+          {
+            "name": "instructions",
+            "type": "Microsoft.Common.TextBlock",
+            "options": {
+              "text": "Please provide your Panorays API details. These will be used to configure the Data Connector automatically."
+            }
+          },
+          {
+            "name": "panoraysAPIBaseUrl",
+            "type": "Microsoft.Common.TextBox",
+            "label": "Panorays API Base URL",
+            "toolTip": "The base URL for the Panorays API.",
+            "defaultValue": "https://api.panoraysapp.com",
+            "constraints": {
+              "required": true,
+              "regex": "^https://.+",
+              "validationMessage": "Please enter a valid URL starting with https://"
+            }
+          },
+          {
+            "name": "apitoken",
+            "type": "Microsoft.Common.TextBox",
+            "label": "API Token",
+            "toolTip": "Your Panorays API Token.",
+            "placeholder": "Paste your API Token here",
+            "constraints": {
+              "required": true,
+              "regex": "^\\S+$",
+              "validationMessage": "The API Token must not contain spaces."
+            },
+            "osPlatform": "Linux",
+            "visible": true,
+            "password": true
+          }
+        ]
+      }
+    ],
+    "outputs": {
+      "workspace-location": "[first(map(filter(basics('getLAWorkspace').value, (filter) => and(contains(toLower(filter.id), toLower(resourceGroup().name)),equals(filter.name,basics('workspace')))), (item) => item.location))]",
+      "location": "[location()]",
+      "workspace": "[basics('workspace')]",
+      "resourceGroupName": "[resourceGroup().name]",
+      "subscription": "[subscription().subscriptionId]",
+      "panoraysAPIBaseUrl": "[steps('configuration').panoraysAPIBaseUrl]",
+      "apitoken": "[steps('configuration').apitoken]"
+    }
+  }
+}