diff --git a/Connector/connector.json b/Connector/connector.json index ffa13a5..eceb475 100644 --- a/Connector/connector.json +++ b/Connector/connector.json @@ -30,7 +30,7 @@ } }, "variables": { - "STATConnectorVersion": "2.1.0" + "STATConnectorVersion": "2.2.0" }, "resources": [ { @@ -760,6 +760,162 @@ } } }, + "/api/modules/deviceexposure": { + "post": { + "summary": "Device Exposure Module", + "description": "Sentinel Triage AssistanT Module for reviewing Device Exposure Risks", + "operationId": "DeviceExposureModule", + "parameters": [ + { + "name": "body", + "in": "body", + "schema": { + "type": "object", + "properties": { + "AddIncidentComments": { + "type": "boolean", + "description": "Add Comments to Microsoft Sentinel Incident", + "title": "", + "enum": [ + true, + false + ], + "x-ms-visibility": "advanced" + }, + "AddIncidentTags": { + "type": "boolean", + "description": "Add Tags to Microsoft Sentinel Incident", + "title": "", + "enum": [ + true, + false + ], + "x-ms-visibility": "advanced" + }, + "AddIncidentTask": { + "type": "boolean", + "description": "Add a task to Microsoft Sentinel Incident", + "title": "", + "enum": [ + true, + false + ], + "x-ms-visibility": "advanced" + }, + "IncidentTaskInstructions": { + "type": "string", + "description": "Instructions to include in the Microsoft Sentinel Task", + "x-ms-visibility": "advanced" + }, + "BaseModuleBody": { + "type": "object", + "description": "Body from STAT Base Module", + "title": "", + "x-ms-visibility": "important" + } + }, + "default": { + "AddIncidentComments": true, + "Entities": "" + }, + "required": [ + "BaseModuleBody" + ] + }, + "required": true + } + ], + "responses": { + "default": { + "description": "default", + "schema": { + "type": "object", + "description": "Device Exposure Module", + "properties": { + } + } + } + } + } + }, + "/api/modules/userexposure": { + "post": { + "summary": "User Exposure Module", + "description": "Sentinel Triage AssistanT Module for evaulating User exposure.", + "operationId": "UserExposureModule", + "parameters": [ + { + "name": "body", + "in": "body", + "schema": { + "type": "object", + "properties": { + "AddIncidentComments": { + "type": "boolean", + "description": "Add Comments to Microsoft Sentinel Incident", + "title": "", + "enum": [ + true, + false + ], + "x-ms-visibility": "advanced" + }, + "AddIncidentTags": { + "type": "boolean", + "description": "Add Tags to Microsoft Sentinel Incident", + "title": "", + "enum": [ + true, + false + ], + "x-ms-visibility": "advanced" + }, + "AddIncidentTask": { + "type": "boolean", + "description": "Add a task to Microsoft Sentinel Incident", + "title": "", + "enum": [ + true, + false + ], + "x-ms-visibility": "advanced" + }, + "IncidentTaskInstructions": { + "type": "string", + "description": "Instructions to include in the Microsoft Sentinel Task", + "x-ms-visibility": "advanced" + }, + "BaseModuleBody": { + "type": "object", + "description": "Body from STAT Base Module", + "title": "", + "x-ms-visibility": "important" + } + }, + "default": { + "AddIncidentComments": true, + "Entities": "" + }, + "required": [ + "BaseModuleBody" + ] + }, + "required": true + } + ], + "responses": { + "default": { + "description": "default", + "schema": { + "type": "object", + "description": "User Exposure Module Body", + "properties": { + } + } + } + } + } + }, "/api/modules/threatintel": { "post": { "summary": "Threat Intel Module", diff --git a/Deploy/deployui.json b/Deploy/deployui.json index 8ce2667..da65714 100644 --- a/Deploy/deployui.json +++ b/Deploy/deployui.json @@ -462,36 +462,6 @@ } ], "visible": "[if(equals(steps('apiStep').api, 'custom'), true, false)]" - }, - { - "name": "apiTextBlock5", - "type": "Microsoft.Common.TextBlock", - "visible": true, - "options": { - "text": "Microsoft Defender for Cloud Apps API uses a tenant specific endpoint which must be entered to use that module.", - "link": { - "label": "Learn more", - "uri": "https://learn.microsoft.com/defender-cloud-apps/api-introduction#api-url-structure" - } - } - }, - { - "name": "mdcaApi", - "type": "Microsoft.Common.TextBox", - "label": "Microsoft Defender for Cloud Apps API", - "placeholder": "*.*.portal.cloudappsecurity.com", - "defaultValue": "", - "toolTip": "Microsoft Defender for Cloud Apps API Endpoint", - "constraints": { - "required": true, - "validations": [ - { - "regex": "(^(?![hH][tT][tT][pP][sS]?:\/\/)).*", - "message": "Enter only the hostname, such as org.region.cloudappsecurity.com, do not include the https:// prefix." - } - ] - }, - "visible": true } ] }, @@ -546,7 +516,7 @@ "type": "Microsoft.Common.TextBox", "label": "STAT Function ZIP Package", "placeholder": "", - "defaultValue": "https://github.com/briandelmsft/STAT-Function/releases/download/v2.1.0/stat.zip", + "defaultValue": "https://github.com/briandelmsft/STAT-Function/releases/download/v2.2.0/stat.zip", "toolTip": "Full path to the STAT Function ZIP deployment package", "constraints": { "required": true, @@ -580,11 +550,10 @@ "STATConnectorName": "[coalesce(steps('namingStep').customNaming.statConnectorName, 'SentinelTriageAssistantv2')]", "STATConnectorDisplayName": "[coalesce(steps('namingStep').customNaming.statConnectorDisplayName, 'STAT v2')]", "storageAccountType": "Standard_LRS", - "FunctionPackage": "[coalesce(steps('additionalStep').advanced.functionPackage, 'https://github.com/briandelmsft/STAT-Function/releases/download/v2.1.0/stat.zip')]", + "FunctionPackage": "[coalesce(steps('additionalStep').advanced.functionPackage, 'https://github.com/briandelmsft/STAT-Function/releases/download/v2.2.0/stat.zip')]", "MSGraphEndpoint": "[coalesce(steps('apiStep').customApi.graphApi,'graph.microsoft.com')]", "M365Endpoint": "[coalesce(steps('apiStep').customApi.m365Api,'api.security.microsoft.com')]", "MDEEndpoint": "[coalesce(steps('apiStep').customApi.mdeApi,'api.securitycenter.microsoft.com')]", - "MDCAEndpoint": "[steps('apiStep').mdcaApi]", "LogAnalyticsEndpoint": "[coalesce(steps('apiStep').customApi.laApi,'api.loganalytics.io')]", "AzureResourceManagerEndpoint": "[coalesce(steps('apiStep').customApi.armApi,'management.azure.com')]", "ServicePrincipalClientId": "[coalesce(steps('identityStep').spId.clientId,steps('identityStep').userId.clientId, 'none')]", diff --git a/Deploy/statdeploy.json b/Deploy/statdeploy.json index ccd9afe..48f4bbe 100644 --- a/Deploy/statdeploy.json +++ b/Deploy/statdeploy.json @@ -66,13 +66,6 @@ "description": "Microsoft Defender for Endpoint API endpoint" } }, - "MDCAEndpoint": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Organization Specific Microsoft Defender for Cloud Apps Endpoint" - } - }, "LogAnalyticsEndpoint": { "type": "string", "defaultValue": "api.loganalytics.io", @@ -137,7 +130,10 @@ "sku": { "name": "[parameters('storageAccountType')]" }, - "kind": "Storage" + "kind": "Storage", + "properties": { + "allowBlobPublicAccess": false + } }, { "type": "Microsoft.Web/serverfarms", @@ -191,9 +187,6 @@ "MDEEndpoint": { "value": "[parameters('MDEEndpoint')]" }, - "MDCAEndpoint": { - "value": "[parameters('MDCAEndpoint')]" - }, "LogAnalyticsEndpoint": { "value": "[parameters('LogAnalyticsEndpoint')]" }, @@ -267,9 +260,6 @@ "MDEEndpoint": { "value": "[parameters('MDEEndpoint')]" }, - "MDCAEndpoint": { - "value": "[parameters('MDCAEndpoint')]" - }, "LogAnalyticsEndpoint": { "value": "[parameters('LogAnalyticsEndpoint')]" }, @@ -337,9 +327,6 @@ "MDEEndpoint": { "value": "[parameters('MDEEndpoint')]" }, - "MDCAEndpoint": { - "value": "[parameters('MDCAEndpoint')]" - }, "LogAnalyticsEndpoint": { "value": "[parameters('LogAnalyticsEndpoint')]" }, @@ -379,4 +366,4 @@ ], "outputs": { } -} \ No newline at end of file +} diff --git a/Function/ServicePrincipalIdentity.json b/Function/ServicePrincipalIdentity.json index a911318..71ef7a2 100644 --- a/Function/ServicePrincipalIdentity.json +++ b/Function/ServicePrincipalIdentity.json @@ -47,13 +47,6 @@ "description": "Microsoft Defender for Endpoint API endpoint" } }, - "MDCAEndpoint": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Organization Specific Microsoft Defender for Cloud Apps Endpoint" - } - }, "LogAnalyticsEndpoint": { "type": "string", "defaultValue": "api.loganalytics.io", @@ -162,10 +155,6 @@ "name": "MDE_ENDPOINT", "value": "[parameters('MDEEndpoint')]" }, - { - "name": "MDCA_ENDPOINT", - "value": "[parameters('MDCAEndpoint')]" - }, { "name": "AZURE_CLIENT_ID", "value": "[parameters('ServicePrincipalClientId')]" diff --git a/Function/SystemIdentity.json b/Function/SystemIdentity.json index 703052c..3554a67 100644 --- a/Function/SystemIdentity.json +++ b/Function/SystemIdentity.json @@ -47,13 +47,6 @@ "description": "Microsoft Defender for Endpoint API endpoint" } }, - "MDCAEndpoint": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Organization Specific Microsoft Defender for Cloud Apps Endpoint" - } - }, "LogAnalyticsEndpoint": { "type": "string", "defaultValue": "api.loganalytics.io", @@ -150,10 +143,6 @@ "name": "MDE_ENDPOINT", "value": "[parameters('MDEEndpoint')]" }, - { - "name": "MDCA_ENDPOINT", - "value": "[parameters('MDCAEndpoint')]" - }, { "name": "AZURE_TENANT_ID", "value": "[parameters('AADTenantId')]" diff --git a/Function/UserAssignedIdentity.json b/Function/UserAssignedIdentity.json index facb252..a3c7d1b 100644 --- a/Function/UserAssignedIdentity.json +++ b/Function/UserAssignedIdentity.json @@ -47,13 +47,6 @@ "description": "Microsoft Defender for Endpoint API endpoint" } }, - "MDCAEndpoint": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Organization Specific Microsoft Defender for Cloud Apps Endpoint" - } - }, "LogAnalyticsEndpoint": { "type": "string", "defaultValue": "api.loganalytics.io", @@ -162,10 +155,6 @@ "name": "MDE_ENDPOINT", "value": "[parameters('MDEEndpoint')]" }, - { - "name": "MDCA_ENDPOINT", - "value": "[parameters('MDCAEndpoint')]" - }, { "name": "AZURE_CLIENT_ID", "value": "[parameters('ServicePrincipalClientId')]" diff --git a/Modules/versions.json b/Modules/versions.json index 6d08ddc..63dc63a 100644 --- a/Modules/versions.json +++ b/Modules/versions.json @@ -9,8 +9,8 @@ "RelatedAlerts": "0.3.0", "RunPlaybook": "0.0.1", "ScoringModule": "0.1.0", - "STATConnector": "2.1.0", - "STATFunction": "2.1.0", + "STATConnector": "2.2.0", + "STATFunction": "2.2.0", "TIModule": "0.2.0", "UEBAModule": "0.1.1", "WatchlistModule": "0.1.0"