From b4e94f134802a34b32058134399aea2ffea9ad90 Mon Sep 17 00:00:00 2001 From: Diego Ramirez Date: Thu, 26 Sep 2024 10:11:22 -0300 Subject: [PATCH] change query param for alerts connector to fetch modified alerts instead of created alerts --- .../Alerts/alerts_connector.json | 7 ++- Solutions/ZeroFox/Data/Solution_ZeroFox.json | 2 +- Solutions/ZeroFox/Package/3.2.0.zip | Bin 0 -> 10656 bytes Solutions/ZeroFox/Package/mainTemplate.json | 46 ++++++++++-------- Solutions/ZeroFox/ReleaseNotes.md | 11 +++-- 5 files changed, 38 insertions(+), 28 deletions(-) create mode 100644 Solutions/ZeroFox/Package/3.2.0.zip diff --git a/Solutions/ZeroFox/Data Connectors/Alerts/alerts_connector.json b/Solutions/ZeroFox/Data Connectors/Alerts/alerts_connector.json index 861e945c1e3..1d38f557d8e 100644 --- a/Solutions/ZeroFox/Data Connectors/Alerts/alerts_connector.json +++ b/Solutions/ZeroFox/Data Connectors/Alerts/alerts_connector.json @@ -104,10 +104,13 @@ "apiEndpoint": "https://api.zerofox.com/1.0/alerts/", "httpMethod": "Get", "queryTimeFormat": "yyyy-MM-ddTHH:mm:ssZ", - "startTimeAttributeName": "min_timestamp", - "endTimeAttributeName": "max_timestamp", + "startTimeAttributeName": "last_modified_min_date", + "endTimeAttributeName": "last_modified_max_date", "queryParameters": { "sort_direction": "asc" + }, + "headers": { + "zf-source": "Microsoft-Sentinel" } }, "response": { diff --git a/Solutions/ZeroFox/Data/Solution_ZeroFox.json b/Solutions/ZeroFox/Data/Solution_ZeroFox.json index 0eac1e75af9..0d061f1a7f8 100644 --- a/Solutions/ZeroFox/Data/Solution_ZeroFox.json +++ b/Solutions/ZeroFox/Data/Solution_ZeroFox.json @@ -14,7 +14,7 @@ "Analytic Rules/ZF_Alerts_MediumSeverityRule.yaml" ], "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\ZeroFox", - "Version": "3.0.1", + "Version": "3.2.0", "Metadata": "SolutionMetadata.json", "TemplateSpec": true, "Is1Pconnector": false diff --git a/Solutions/ZeroFox/Package/3.2.0.zip b/Solutions/ZeroFox/Package/3.2.0.zip new file mode 100644 index 0000000000000000000000000000000000000000..85555703cc3d257b6d1b125aeb541ca3890a7fa7 GIT binary patch literal 10656 zcmZ{KWl$VImo4s2aDomVG`I$5aCd?Y?!hGx9D)xP+y-}dhv0652Y1(?FT3CS^S0i0 zch&9gI(_T@IMscs>!>QgBYc2?fkA-@QWexQcFdLDM}~o!qkw@S`nPNT&BD~pLd!ZncD+t#c zFyS+7Y83`fp8t|l7}umS>l#Ls@L`YNVcjzDl{VwE)#RN}YTAPe@y(lAJ|bXE$ZVr; zWt=?Jv=$E_yyq%M)d(AqYKKCToa9R{jFOEM?q6ieWI~W_{fDqiNGLQ-E|h>7lkJ<$ z-~;fIvS4w znw)(k?w|F$q~Ctl=RMvT@8rvghaJ*satQ0VTJ)v089k#e@dfHlGEf*qLfPUUjJt;& zuUuixx@ztobQ0ab=NIpidi*P!R;hR`utlaw>3V~wa8N~HsWwekJ=1s+61}>4Yf^*6 zv&=}Qy@1)kNw?VR_*a4VM&9KG7Dlf`Mpuy%Mb_~(hl~Z7pO|{FglH) z&vM(;Ha&8oS8%FxA=PR&9`1={TB9MH-WuH9;=5_nN%_oLF$HW9;h*3g1ZZNS=>kyt znR#SBt$OIxofZCQkO+lpmEOyQF4z)u^h;x;yY@QoaDe)3PwPf0G1NtqO`!UF0Nmx^ zS{^Hp=#pm3<{ygRqB4PaMZ^1RBahL&c%f^qi)@VUeu36f?fdaEKkP3x?wHau(5M<6 zQ>|cGF7J&Y&ykI~N6|NEGDrgyjx|Evslxz}M7W`;4UNUfk=Vr!V+)(;un9p! z`)0%4*oSr$JVsfq7_5b)8p6JAFjABcyWM&;edzXAzeJtUppQ<7qtx>A%SKIAp3^^$ z5{@wp^6TNuO{IaWkRtg0n5I8VQxPWpsE|B2AIYWZjU{Uz@J@{R)d06vN5CvIC1)nE z-1U#31!^HdPTAW19|xAoEL$x{?BzK73Vb1_3Aq}%;zG6%HQk>UyYE~cxN@FA@# z+Ln1+rtSRihCC>`^`Bqse>S(42$||eIYg|v$Bxy{coMe4Ytruc^%Fd?Q-E0+sRU>pDPQ8 zjYc|R#Uzr@!Lt_zw=EGhMa6)$yT85NN0gXznz>b5_c3$Wb`UQ zC-LgvKFN7cCC{YAbC1;=`Ro9KDRxs}mnF0!U;dVHX9=vP!Iq)n@agU7s%x^F`SW<1 zCsWAD9e8kBw>olQ40miDns}WxzC6R<>#hbzhUTk{KHq1!pa=8EEQjKU_u*m&TO#Fu zz>T{nEeWvB_ls$qWFP7|2uBV_e(Ozr>zxys_Ylf2Sg$n@`DD+)+}lT%X`7t24VeL? z_@RMId~ttF2nB_LT{xG!Jj8poq3q50e~AYNxsfVEk`&b|w3x{_taE$($T6Z9_-XX! zGH7rDrs%?!Ls_?$bASBFl?&_rN_OenZvxz<)t<#%zNscw>S64~s1THmZCmU2!j`Sj zKM7sKK}G75*na%O;bfv}W_9rjxqKK9O84@ml>wd4N1Q2j%nZ1u-(GB-QJ!APIxcyj#V z*uOA)`_|R2{UgYVD>~uvLU+rljX_iUw#PAm$`X(pF0#>fj9-Wxq<0h>M z*h2VtHQxxfm5TXhUR$8b=OW9A={$Y@ap0r_6?%oy+j64MZ8qqhK+l*i6$RVX0(6`2 z&+kYxJ!p*(h=oEVISK47O-Kvjs`ujBf9sUbi7@JizsD`Ut2X#)KJQ>zA91Qfp|3ck3z=@}1yQO?43WxP$<^OaH49_(?j5Z-FSO2gM!hQMC=Kxx zoq$k~ZXwZ}0385un*_Vx|MwJW&XTK{KTUQN8bfBp{GF@ysU1`>QHz1f_DcN8!s3bx z^pZ~%@M=j8m@&W=>()%)5VvL7Yzq%*o?w86A6&}vza9m@zLKutOQ&{u7(N@t{5_@n zN>Nk!$3YzG-nu5zNxRiVaG}%1es$h#Mr6BIx<1VGD+TCvEMWr;!r)F0?5J5?uU9a3 zlU&5qe|UbIOjWfh%U0$dtwT?yBR`f*?_0y`<3(F z+B=~92n@Mg-U+>gGfQBIBO9~|aQu+iHz13?dtb5Y^R)*kGG^e!li|tIeWiF}G!eq< zamkWn@4P|!5@wZw`x5VJQ-*)OUWnJdB6r?#(ZZKL8n*u&y~I`VM9j^^8)q#wOIz-T z0dU$7Y4yEESN(saK?$XiTn7~lOtK~{4DLT^;9zRwsA=KgZ2wOn{6`cR`MR$1gWm&0 z5hv@l{4<&K>TaBw69ucYP9J%(b1KtHR{?u@a&p`0G(3LLtMQ^^(XsCh&wwQuaWn`F z9s*s)=&%6~S;Cis_T_aL(jM#pzwqfrV+p&U;{8SR2A;@#y~q4jrEIsNBCFV|558(c zFCtjZL)XQpM$j|L+t`?3+MV2`#;ftW3t%g3_N3wGzN~<-u7}q}(LATWUlFSPe~TYJ zQrHwN2~fQ&d{uD)tyoH}yuB}4K8?8r;9A{n$b)#FM*Ou<{SEGK;hZccn<=_k9Gm%DyNyEI)=+n zZ8@eAywPw&Wc5g>@39YrzB|@%?7qtyWO3ur7=PaNUyDz~f2QN$(cf7wca|p|8637h z%a)d)$}ly+S^b7C`&`H}V%2uWg}HOgEdN3W^I-FvtsB-VmzRTLVNG-5onK2S?PjG7Pw ze?XW{j`)^D7~mUJhh`9cR(<>4T^Cm;ry^Y~jk!2KC(9vZZEy9A7gvh=$jGVjp~xe_ zAB;nSgvQBm}K@FFFCWH3tw%|saHSJ@y5n;uIj$bMyCzW5=Ey`rTQM=n5YwtJyh?b5|=~% z@Z9-!wN)RC!I5_>k+`p*|PGqg>~?Y7W>_|rgj8UX~y#qykVq(Gt0a+0Qq zzxR)ivOlX9`gg6$tb-qWvO>lW<0f%FEp2D(9w!W z7qT=y{vo6b&Sw=Yl+D%W)uu+J_dvY+YP@?AOdEH79;-uC0=nA7d(b9tvPgAytJuAO zQ@f~(3yzWTW0es0e24MFp8tCFtzBq}JhQfMV^VNZpP-L>_jvgjfku8pzRtty@xrTZ z_4(56@f)d^yYWmp`Z4En?je`QRrr=z9w?47@2c8@I-w+v-Dniialu}nuZ^13d zQnkTbn%cvgQ_2{k#%_VMa-WIWfy%x*E}|(VPr6q0J7qXEL*vtmV|Ski5xKE#d&BPB z%;%eBwTo$DQCdX`(KC{%I1Z%j984u);il{rS+3PHzGkE3{bYv+@$JSQkA)D`W}__K z4$!I=UTM=Ag*Nm&ukLIX{Mh4TN%5e#lV)=tU9fXdol$R%hnn3P|rI&TwXco03j<)zM7`(vZGB33h63wu{kS`s7H8Vztt`ti47+x zNbk22Y(B0|VV%z8jeEqUuU5(5j5hh+$~BeKhqRqhh;*GXNB%pnry>29djQ?Y;c6E2 zvVG{E_X)4l!hi7hwVpqh!d4JBWoZw(x5Wa9ohRXAb1deWTUr?x%o+j#Lz?u+426*56KSa#MuoF{A%^sEoj}J#?1;x(PC8zm zkL<6^t(Mx|aw(1VExPnPx!#M%uGupF(kFK3Mr?UG0gZl%fxLAP#Dppdk%iEyqb3JL)}kxAEXmV^|wOe zYYLF%5&C5^(46ggg;RSWoeE%ewZ!^J6dm*F88#6lkknC=HG_g|qIXDJaOch7e$d|D zj@9h95JL~kOB-DAt+nd&@9fa__Te_lZ5X->oOi4=kTn6=s>`IXl9tee{8#-*z~JRN zqGRe?WEY?kGYknyLzlB)MWEJ6$z)WHeznkf_1N%+d&wG94+JCWk~{CPin>_9vGD#??w zbu*^H3Y*n4n;4^ISgU)X_%Ip56dr3m2dT>TGTbAGddyZ*oN2YhKIVj5igm=+ht!xw zveR=20p@@oZLBKlvLSwF$qGll#GP@)9FgH6RumWyM-8ZI&GOil*l&wh*vLQ& zcLNhk#(MQ+{g&@_~Dg6|7r3EjCmY9t^17 zwZ=+yyy3n@Ai}|oV)J^^n_ttmR<>eWRF(vSFGt2VYmzPBx`7OrIl{N>AD+ZR!XB*u zC~{6DrsIw`1N+DR2{oE|GJ5nqUGhJoO{%u$jCmY4YVp}PquM~Oj^O9CSZN>c_XRo2 zHcR3JhsacD-)=|LH#7XCzSlti?W1{&%uUV(oF`bN33ed?i!;JPTUkjj6H?=ACMSo!0CZ(xxRPkF48ru*7c2lA1!IjNP3*F{7n}~-RE+?VwTfR^&GcQqZP3If)6Y0;>v(6c z(iEL2N>K(mpf2T*DVt3g94;*{D~*t7*BP^N75o}^@HIPg5ZFQ#LV1CUF|m(D91Qsz zR!M?o0#Z>XjEY;Cl{f+(p?k=*fUa3GtZ02o_$n*?KDCY;@-I$hI`5}Hz`y*X3Ow9} zoeysttvBodffNFXXV3vkSHvkA`lVAX{2ann-U8fnMWx#qC`{Twn@DEp^W7|y5E0sD zm{wkpL>^;AZ6=qzW`X)-7*(oT65$6D!S8GZouHe;F#JdV`^~HG_zGKRwAX49`0Frg zXsm{2?1wu9%CRP^T?F_Q!3feMB`r`4VeY%U7J=KH2wHK*sVP&*iJH$72=ubGOjQ!s z#^%SqSP18A;;Jx?fA)yeInT+b?l1Z-UQI!Q*_>iN7f>YKE?9@t<6o}H%sP%EMT7TF z$0XU8tsM8@4`$>tZ<^WMpBk6ADTSIBj4x}*f+)i}q?1dFYfSIdDVln6(OTel6Ql(_ zYN}6}1k)x^emABB5|XMmO{?h_pc6I^{7{wiDoBiSeH(DmQ5o^|W$Mh4Adlz0zrUY( zVftk&7e|w&i(?|eed$!w+?;yjOQ9g0HfB zW!3lH^zsQ&j`xQR7BU5XqS7Xfxq^IrfDEGjPffp{W0dV|-(G9UNoZ`G<;?^FA#p}< zp8^$EJ)qPaXzmHQy8o`p7Y;O`L${zxvX$E*8qfNk+F`vil7Zi?%k+ob-t882?Yv<% zsJsKqY_BD!t-C_JYw=iun}0dXCBRcH=qtq>oX}2LoS#94vhaaF4!K)D_Wc!cF^o77 z+G3+w$KzDIc2fPCj}x(eXcg4F$s{T_BOwt%K<$8|RLjFD!jL)37T2Vtk1_0x5sUD8Iy2H2?2k zy3A_sv+g$#!NbHQc=yCHjFN|%{U%Ab@NkIT(Kvx)tH1pLj^U4%owIy|qJ0XPQ>kR` zftmZ^7!uE2;b(?w>~C3ZSdaJ)Vf+gOu{|Qa4&g2z0&RgYwK+aQdi+wZs#Io;QoMba z)YEPG%`(&A0nn5(62sxd$&!^0BUgCRe8{asG;}(gut+Lvm&j%1yT=8B&);jjd7@4q z=?XzQ&+~*p6|;BA_c77D{v@lPJ3LIB1GgJEpf=HxU{Y0O1{NOj{6F=(PngWo8}?DU zq9a5ZM2eha(?UNR2|&7E*;UQ#ae$MXMt&{inH`kzIBz<_G+3Em919yBQL>y|D3!)n zLAo5>@;fil{w05dqj~~S??vwVKB8x0bE6fAg?D3ENX1a-udU01KAnA`GI!M{8XL;- z3()3$VJ4%b+S1~kt)m@s4{$lG}In+K4;SWCi;KA zGf|5Lz@@}fPA-w|23*Gq=5#QW&Z2GtO2gi=#)YU}g8J(1lI4R8!YDj(;}ufmgtLu1 zlcKpatfllA0P<99!YnDH?`*#|;EGJ)LwZiZMfqs+R}%H43PIYS#v2_L9A~Y%GaH7? zR%Jl9evnbx?8JIz&y_BsEQ+wktqk)}0c{*_2LmI69@46!v<3|Tl4vISlg)9Ipu+(M zVN?!Kmf~ha!oc*Unz*N)vSl#7q;lWY_kX2I)r z^gHl|KlZKI$EmJs4&fIqwa>I0B^;Kn9OW!XQs_7h=6*)=pQ7!uVP~vWdk^oqA#NyB ze}8A=gET}SEO_AV{;kjbmYzVc2w)#vV4g@Q@9TK}8T7EvmM%0*i^zuoZ}Zx%BNfOh zloP#g#j$W$Zo}d|;KWpq?pgG~i}1_PVwo`?`1{Z*Wqq^74_|h-MZw&Svy;ri;my4e z1l`rP=^d`=UYRK3NQ>*bf_D=H;cF zl>p942+rSu4f%0jr}e}un4~YO;?|5PYuj;83WwM9Bi8ig)}FW+#ZixG9ZqQN`EW`< z01e>94d4X~a(tO2JVZdJJ`vET)0BMPMcIz3IJe3vAD;Y1dT=9sP-7QhPi}z}Wr1{f zUa6&8DtA#jdr>-bk*EkwPaj=PA04P~9QJL%8WUoT8FGlUrb8=!Li6Q>M(hN=Amp+l z?zAHAFw-D-q!1s0{YWiZ9%B~obOvdpbSUt(G~=r+ zeCpXCab@DJ4Q%*HFjHBonhk9A$@bIPAl3py*VZL#E^%G^u=fHDtWIinDbbaRir8 z^6Fu^iiLY=dr+fDTI4BQ%Fv#RVCyj8tx0Q4CQZkzO}>x7{8B&G`K%b1c;{-u-A2XB zMO-b5JSl&*j;Gs6^NkQ2i4Kk+5%yB9F8S|QZW1Ag(Py(m-NTx>ss8JPB$p>GG+5sg zc53N6+8Br$t@mu&Y*o&R7Z)rwZR_rTehTr?k0!rUI~3fgT#j7ac=0JJ;gv|@2I+K1 ztm++lT;B{wL$}Mv-50RotH^cA*rn99hEhjuKT%pS(^ejp>AimNM3WgM;*bw!Y||}5 z<7!5WU}n)J{Ys>0Q`JQiOK_HB@(oji4n7MIp)3^r-Oa~`x+_gN!gg>5PX`QRlqF$D z<@yUwex{Z!6&_Dg{s5;CNeVf%zC)9k1{DiL)RS7EUKpURdHsUB9Y`tOJq|*FeoL>> z)A!zb;h5{{kU3wwqzpjWdw*&?dcE2k^Gp_GLbz^LCJt0yJM~Q`ka*K(`oo~o^adhK z&EYy4oG3+eIUf3&$(1L8kW?XZkkPtCAJNZ^ydbZdY5(xtli_87gZC zCta?nniCdB#aZ{%hiAEwqJ>nD3i+sso+=XUHDL*E%Cp|jh9W?!L;Mn0Mn%l@lg4>* z+>*)^-Mvt(F}x>;L2LFwTswyoQ|r81h0Y#h&8-5a9z?G0Jacq+%S+%vwXhTBu=SRi z=4f49{jJUh<2g4?voCZ^CUqpjgCDT2`WGRl0&O&y-&<(7Tz1=YWR-h2>(VY}PiykX zY%wCxSOZ&QiUeP!FYmN33bg;WQg79@BkjkANO3@3yd-c)A3RzWZJ>Vl5vi8g+7-Ye z7oG`SVU4XACu;2d$LtSW6@us_nAHQ!-@ZP`SD3xF zU7ZSTpz-OLX}Qk`>X_aAn;k`?k|GCMe2vtCbhhHL_;$47DR`dr`4~siLDO>s7_>WC zQIwh~=2yPeWL6?6H4$^SUCKMK1U?bMRaU~63vQLS(V4Uwz}lW0S2pgxt17%=TEu@k z5*t^4Q?ET)NIhI_=QhS>t<>i$Q#iNKwYjGASm=M>ystg4E4*Cz6xh6ji+@1v<^WLXE%RBST|5&lg4!e-D!O$NqQ|!Mi3;p_jSsG|0xjl=>V#(5WhMzKXT!8FsG;VS!}4`5Q45P(M@qd78D)aR&R6@ zR}b-2*^9t$@#%JJmP|u)8E@`Vuq&GV;euO$$w=e@$zLrTCjXm5EzIux}Rb7cdf}QBNfD#!egAb)8&en zR&5b}uDgC*KrNR7B}gGW=QQx5hxWHgrwHcy#$VPZ-xpY!a8!xWiW_wFZ>_na=mWXb zj6mv8?k4(dNu;;BMdVI~DeS?s1Ra&a>TFRhb7~-7*JrEGLEqFbo*CTh^%A8u;_I-n zg1wijtYtR{>9%(1HJ!|s3QZN)s47i+oz0I6dzH8BH7Z}XZPDlpe17V{1QlCz&CXAH zk^kY0;Xay-8hCVZ22y9+Uc{8jsf&%LNUZdW{z>VxAD8_NfBlNKAjwE9#SH~93dk4} zC)|fb%J{QO7^R$?q1*FAw!`EE8keBVB|=FSntbiZ{~45)54j#SjE;;+gFlP#lSU^( zj`2VMAA)CevP44(L&Nt9y>1%2#ZAyeN(#?TF1(UwqA31~ahucCs&dX<;a2;5Oz{-? z269Ta?3g!{mVVyn`E^LHbZ=mDcagWXQOVIE(O`9V@ol`dar+TXhL~llGLj?Kc6Sls z6W>JT0;y9apt*>5@?S;&7wlWHmTp#~tM91fKAWEaN{r+Z3o{TJ(N5gOgWG*#SjJ)j z+lOZWR%gNXPOt4swo2CS728|QS^7drG8g?$!i_R)FM1vlm>oyBbJpQ;2~zM0e5LhD z$M%VWtB^_F(t0u1;|hNNAl!jb4J(?5ssus&nl)~BZ9Cyc@O;_|e~Q}rf5ViHPixh! ze)gK#l-6G#MauLk(tnZJuJP!rpdXn-xFt@jmpWFuwoepZ1x)dd)GJ+|PGt(SU_ne6 zYp-{g)#`WCe(V*E)a%2SCj+MDks6|p>AjnP*$!ZiMJxaM)_(t6vcHT)hseAIPR`4P@0}_;{1YCPJ2JGiyJUp zXapd0)$8O4Q@sVe-*g{>{X-04Z)c@AzLURRGDShm8PW$NNu^ZewweDrg=s=#;G)|# zh()(@Gs?J6xtQ8hf7K~~P=qv|=N4J+5oToB+xN@KRp12=a?&5DB7czF{61CecN`|2 z`r_*({66X0heIzvjqn-@&VeApjgh6r$}Wg=?}sp2xKmCL5(pa2n=_c>>wa+7K6UyHmfj*i~ z^$B;*^$N)U0Wc{s(g$ftyZlNgi)+g%W#u`@5k?_B7hw`&;G()Q+`Jq5Gx7yx)iwCw z7AuE!&K$JyMGc?s$Ps)ezH2i{LKAx|x*&b1!g(zVA@{qkV6!0z&I*R*m~)k?iU&9r z>xDp=)<7Y%?xx!N9(pDPJA|p0zDi3lQ!p8bpE~y*&?;n6C2M$!mPwZU3&eYeO*Hg1jY#l2sm7)&jo4vO z7ubLqgQZoy7aJpD_e+M4s84E=q!<|AvC^Qx&yVbL2 z9TA5H4weEqE(C!@2&UAXjtU!OwXuhlV)wmaFYFJ$=P?`wx6U5t2-{pwt>GGSMAE(o z=HM$DvOmAd+xW3i3XNIrUXx}RMAeClmM4IY!M+ipN0uB%WX*ysvA4WTUz)4nh+F@}`QqDO;;ARS$;p<5~ zk(7=*EXPky8RO<722L~Iy=^e*oh<4ccM(k85)>z=z^vq-c&^3|#ira3ZNdt0%IcMw zeecsK1z;v>DN))GR~Zas2~(SzW<$|HHSPI07)dl9Gd*1mr$F+*BY))^T<^AaxjfNv z8T`^8^wuio?Kum-y<^#=m06-AmDTghH^urr+_k?Wt17_4eSrVpeUShB4*%UCu>TeQ q7gyx}O!7Y+6aPs80|S92L;3&sCsY*>k^Tz;_pgWii%3lWwfaA>UwSM6 literal 0 HcmV?d00001 diff --git a/Solutions/ZeroFox/Package/mainTemplate.json b/Solutions/ZeroFox/Package/mainTemplate.json index 4534e890f77..36fd832d2ad 100644 --- a/Solutions/ZeroFox/Package/mainTemplate.json +++ b/Solutions/ZeroFox/Package/mainTemplate.json @@ -33,7 +33,7 @@ "email": "integration-support@zerofox.com", "_email": "[variables('email')]", "_solutionName": "ZeroFox", - "_solutionVersion": "3.0.0", + "_solutionVersion": "3.2.0", "solutionId": "zerofoxinc1695922129370.zerofox-sentinel-connector", "_solutionId": "[variables('solutionId')]", "uiConfigId1": "ZeroFoxCTIDataConnector", @@ -94,7 +94,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "ZeroFox data connector with template version 3.0.0", + "description": "ZeroFox data connector with template version 3.2.0", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('dataConnectorVersion1')]", @@ -811,7 +811,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "ZeroFox data connector with template version 3.0.0", + "description": "ZeroFox data connector with template version 3.2.0", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('dataConnectorVersion2')]", @@ -914,10 +914,13 @@ "apiEndpoint": "https://api.zerofox.com/1.0/alerts/", "httpMethod": "Get", "queryTimeFormat": "yyyy-MM-ddTHH:mm:ssZ", - "startTimeAttributeName": "min_timestamp", - "endTimeAttributeName": "max_timestamp", + "startTimeAttributeName": "last_modified_min_date", + "endTimeAttributeName": "last_modified_max_date", "queryParameters": { "sort_direction": "asc" + }, + "headers": { + "zf-source": "Microsoft-Sentinel" } }, "response": { @@ -1101,10 +1104,13 @@ "apiEndpoint": "https://api.zerofox.com/1.0/alerts/", "httpMethod": "Get", "queryTimeFormat": "yyyy-MM-ddTHH:mm:ssZ", - "startTimeAttributeName": "min_timestamp", - "endTimeAttributeName": "max_timestamp", + "startTimeAttributeName": "last_modified_min_date", + "endTimeAttributeName": "last_modified_max_date", "queryParameters": { "sort_direction": "asc" + }, + "headers": { + "zf-source": "Microsoft-Sentinel" } }, "response": { @@ -1130,7 +1136,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "ZF_Alerts_HighSeverityRule_AnalyticalRules Analytics Rule with template version 3.0.0", + "description": "ZF_Alerts_HighSeverityRule_AnalyticalRules Analytics Rule with template version 3.2.0", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject1').analyticRuleVersion1]", @@ -1178,8 +1184,8 @@ "entityType": "Account", "fieldMappings": [ { - "columnName": "entity_name_s", - "identifier": "FullName" + "identifier": "FullName", + "columnName": "entity_name_s" } ] } @@ -1240,7 +1246,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "ZF_Alerts_InformationalSeverityRule_AnalyticalRules Analytics Rule with template version 3.0.0", + "description": "ZF_Alerts_InformationalSeverityRule_AnalyticalRules Analytics Rule with template version 3.2.0", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject2').analyticRuleVersion2]", @@ -1288,8 +1294,8 @@ "entityType": "Account", "fieldMappings": [ { - "columnName": "entity_name_s", - "identifier": "FullName" + "identifier": "FullName", + "columnName": "entity_name_s" } ] } @@ -1350,7 +1356,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "ZF_Alerts_LowSeverityRule_AnalyticalRules Analytics Rule with template version 3.0.0", + "description": "ZF_Alerts_LowSeverityRule_AnalyticalRules Analytics Rule with template version 3.2.0", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject3').analyticRuleVersion3]", @@ -1398,8 +1404,8 @@ "entityType": "Account", "fieldMappings": [ { - "columnName": "entity_name_s", - "identifier": "FullName" + "identifier": "FullName", + "columnName": "entity_name_s" } ] } @@ -1460,7 +1466,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "ZF_Alerts_MediumSeverityRule_AnalyticalRules Analytics Rule with template version 3.0.0", + "description": "ZF_Alerts_MediumSeverityRule_AnalyticalRules Analytics Rule with template version 3.2.0", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject4').analyticRuleVersion4]", @@ -1508,8 +1514,8 @@ "entityType": "Account", "fieldMappings": [ { - "columnName": "entity_name_s", - "identifier": "FullName" + "identifier": "FullName", + "columnName": "entity_name_s" } ] } @@ -1566,7 +1572,7 @@ "apiVersion": "2023-04-01-preview", "location": "[parameters('workspace-location')]", "properties": { - "version": "3.0.0", + "version": "3.2.0", "kind": "Solution", "contentSchemaVersion": "3.0.0", "displayName": "ZeroFox", diff --git a/Solutions/ZeroFox/ReleaseNotes.md b/Solutions/ZeroFox/ReleaseNotes.md index b1d8655bd13..406f8bcce9e 100644 --- a/Solutions/ZeroFox/ReleaseNotes.md +++ b/Solutions/ZeroFox/ReleaseNotes.md @@ -1,5 +1,6 @@ -| **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** | -|---------------|----------------------------------|---------------------------------------------------------------------------------------------------------------| -| 3.1.0 | 26-07-2024 | Updated ZeroFox connector to generate result batches and implemented async Sentinel connector logic | -| 3.0.1 | 30-04-2024 | Fixed Solution Metadata for deployment | -| 3.0.0 | 04-08-2023 | Added **Data Connectors** for ZeroFox's Alerts and CTI feeds | \ No newline at end of file +| **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** | +|---------------|----------------------------------|-----------------------------------------------------------------------------------------------------| +| 3.2.0 | 26-09-2024 | Changed query parameter in alerts connector for fetching updates | +| 3.1.0 | 26-07-2024 | Updated ZeroFox connector to generate result batches and implemented async Sentinel connector logic | +| 3.0.1 | 30-04-2024 | Fixed Solution Metadata for deployment | +| 3.0.0 | 04-08-2023 | Added **Data Connectors** for ZeroFox's Alerts and CTI feeds | \ No newline at end of file