diff --git a/Solutions/AtlassianConfluenceAudit/Data Connectors/AtlassianConfluenceAuditLogs_CCP/AtlassianConfluenceAudit_DCR.json b/Solutions/AtlassianConfluenceAudit/Data Connectors/AtlassianConfluenceAuditLogs_CCP/AtlassianConfluenceAudit_DCR.json index d67ce808961..e6a737c608a 100644 --- a/Solutions/AtlassianConfluenceAudit/Data Connectors/AtlassianConfluenceAuditLogs_CCP/AtlassianConfluenceAudit_DCR.json +++ b/Solutions/AtlassianConfluenceAudit/Data Connectors/AtlassianConfluenceAuditLogs_CCP/AtlassianConfluenceAudit_DCR.json @@ -1,83 +1,79 @@ { - "name": "AtlassianConfluenceDCR", - "apiVersion": "2023-03-11", - "type": "Microsoft.Insights/dataCollectionRules", - "location": "{{location}}", - "kind": null, - "properties": { - "streamDeclarations": { - "Custom-ConfluenceAuditLogs": { - "columns": [ - { - "name": "author", - "type": "dynamic" - }, - { - "name": "remoteAddress", - "type": "string" - }, - { - "name": "creationDate", - "type": "long" - }, - { - "name": "summary", - "type": "string" - }, - { - "name": "description", - "type": "string" - }, - { - "name": "category", - "type": "string" - }, - { - "name": "sysAdmin", - "type": "boolean" - }, - { - "name": "superAdmin", - "type": "boolean" - }, - { - "name": "affectedObject", - "type": "dynamic" - }, - { - "name": "changedValues", - "type": "dynamic" - }, - { - "name": "associatedObjects", - "type": "dynamic" - } - ] - } - }, - "dataSources": { - - }, - "destinations": { - "logAnalytics": [ - { - "workspaceResourceId": "[variables('workspaceResourceId')]", - "name": "clv2ws1" - } - ] - }, - "dataFlows": [ - { - "streams": [ - "Custom-ConfluenceAuditLogs" - ], - "destinations": [ - "clv2ws1" - ], - "transformKql": "source\r| extend\r TimeGenerated = now(),\r EventVendor=\"Atlassian\",\r EventProduct=\"Confluence Audit\",\r AuthorUsername=tostring(author.username), \r AuthorDisplayName=tostring(author.displayName),\r AuthorType=tostring(author.type),\r AuthorAccountId=tostring(author.accountId),\r AuthorUserKey=tostring(author.userKey),\r AuthorPublicName=tostring(author.publicName),\r AuthorAccountType=tostring(author.accountType),\r AuthorIsExternalCollaborator=tobool(author.isExternalCollaborator),\r AuthorExternalCollaborator=tobool(author.externalCollaborator),\r AffectedObjectName=tostring(affectedObject.name),\r AffectedObjectObjectType=tostring(affectedObject.type),\r UserIdentity=tostring(author.accountId),\r SrcUserName=tostring(author.displayName),\r DstUserSid=tostring(author.userKey)\r| project\r TimeGenerated,\r EventVendor,\r EventProduct,\r AuthorUsername,\r AuthorAccountId,\r AuthorType,\r AuthorDisplayName,\r AuthorIsExternalCollaborator,\r AuthorUserKey,\r AuthorAccountType,\r AuthorPublicName,\r AuthorExternalCollaborator,\r RemoteAddress=remoteAddress,\r CreationDate=creationDate,\r Summary=summary,\r Description=description,\r Category=category,\r SysAdmin=sysAdmin,\r SuperAdmin=superAdmin,\r AffectedObjectName,\r AffectedObjectObjectType,\r ChangedValues=changedValues,\r AssociatedObjects=associatedObjects,\r UserIdentity,\r SrcUserName,\r DstUserSid,\r SrcIpAddr=remoteAddress,\r EventCreationTime=creationDate,\r EventMessage=summary,\r EventCategoryType=category", - "outputStream": "Custom-ConfluenceAuditLogs_CL" - } + "name": "AtlassianConfluenceDCR", + "apiVersion": "2023-03-11", + "type": "Microsoft.Insights/dataCollectionRules", + "location": "{{location}}", + "properties": { + "dataCollectionEndpointId": "{{dataCollectionEndpointId}}", + "streamDeclarations": { + "Custom-ConfluenceAuditLogs_CL": { + "columns": [ + { + "name": "remoteAddress", + "type": "string" + }, + { + "name": "creationDate", + "type": "long" + }, + { + "name": "summary", + "type": "string" + }, + { + "name": "description", + "type": "string" + }, + { + "name": "category", + "type": "string" + }, + { + "name": "sysAdmin", + "type": "boolean" + }, + { + "name": "superAdmin", + "type": "boolean" + }, + { + "name": "changedValues", + "type": "dynamic" + }, + { + "name": "associatedObjects", + "type": "dynamic" + }, + { + "name": "author", + "type": "dynamic" + }, + { + "name": "affectedObject", + "type": "dynamic" + } + ] + } + }, + "destinations": { + "logAnalytics": [ + { + "workspaceResourceId": "{{workspaceResourceId}}", + "name": "clv2ws1" + } + ] + }, + "dataFlows": [ + { + "streams": [ + "Custom-ConfluenceAuditLogs_CL" ], - "dataCollectionEndpointId": "[concat('/subscriptions/',parameters('subscription'),'/resourceGroups/',parameters('resourceGroupName'),'/providers/Microsoft.Insights/dataCollectionEndpoints/',parameters('workspace'))]" - } -} + "destinations": [ + "clv2ws1" + ], + "outputStream": "Custom-ConfluenceAuditLogs_CL", + "transformKql": "source | extend TimeGenerated = iff(isnull(creationDate), now(), datetime(1970-01-01) + (creationDate * 1ms)) , EventVendor = \"Atlassian\" , EventProduct = \"Confluence Audit\" , AuthorUsername = tostring(author.username) , AuthorAccountId = tostring(author.accountId) , AuthorType = tostring(author.type) , AuthorDisplayName = tostring(author.displayName) , AuthorIsExternalCollaborator = tobool(author.isExternalCollaborator) , AuthorUserKey = tostring(author.userKey) , AuthorAccountType = tostring(author.accountType) , AuthorPublicName = tostring(author.publicName) , AuthorExternalCollaborator = tobool(author.externalCollaborator) , RemoteAddress = ['remoteAddress'] , CreationDate = ['creationDate'] , Summary = ['summary'] , Description = ['description'] , Category = ['category'] , SysAdmin = ['sysAdmin'] , SuperAdmin = ['superAdmin'] , AffectedObjectName = tostring(affectedObject.name) , AffectedObjectObjectType = tostring(affectedObject.objectType) , ChangedValues = ['changedValues'] , AssociatedObjects = ['associatedObjects'] , UserIdentity = tostring(author.accountId) , SrcUserName = tostring(author.displayName) , DstUserSid = tostring(author.userKey) , SrcIpAddr = tostring(remoteAddress) , EventCreationTime = tolong(creationDate) , EventMessage = tostring(summary) , EventCategoryType = tostring(affectedObject.objectType) | project TimeGenerated , EventVendor , EventProduct , AuthorUsername , AuthorAccountId , AuthorType , AuthorDisplayName , AuthorIsExternalCollaborator , AuthorUserKey , AuthorAccountType , AuthorPublicName , AuthorExternalCollaborator , RemoteAddress , CreationDate , Summary , Description , Category , SysAdmin , SuperAdmin , AffectedObjectName , AffectedObjectObjectType , ChangedValues , AssociatedObjects , UserIdentity , SrcUserName , DstUserSid , SrcIpAddr , EventCreationTime , EventMessage , EventCategoryType" + } + ] + } +} \ No newline at end of file diff --git a/Solutions/AtlassianConfluenceAudit/Data Connectors/AtlassianConfluenceAuditLogs_CCP/AtlassianConfluenceAudit_DataConnectorDefinition.json b/Solutions/AtlassianConfluenceAudit/Data Connectors/AtlassianConfluenceAuditLogs_CCP/AtlassianConfluenceAudit_DataConnectorDefinition.json index 4fe131b7b8c..170098bc75a 100644 --- a/Solutions/AtlassianConfluenceAudit/Data Connectors/AtlassianConfluenceAuditLogs_CCP/AtlassianConfluenceAudit_DataConnectorDefinition.json +++ b/Solutions/AtlassianConfluenceAudit/Data Connectors/AtlassianConfluenceAuditLogs_CCP/AtlassianConfluenceAudit_DataConnectorDefinition.json @@ -1,133 +1,144 @@ { - "name": "ConfluenceAuditCCPDefinition", - "apiVersion": "2025-03-01", - "type": "Microsoft.SecurityInsights/dataConnectorDefinitions", - "location": "{{location}}", - "kind": "Customizable", - "properties": { - "connectorUiConfig": { - "id": "ConfluenceAuditCCPDefinition", - "title": " Atlassian Confluence Audit (via Codeless Connector Framework)", - "publisher": "Microsoft", - "descriptionMarkdown": "The [Atlassian Confluence](https://www.atlassian.com/software/confluence) Audit data connector provides the capability to ingest [Confluence Audit Records](https://support.atlassian.com/confluence-cloud/docs/view-the-audit-log/) events into Microsoft Sentinel through the REST API. Refer to [API documentation](https://support.atlassian.com/confluence-cloud/docs/view-the-audit-log/) for more information. The connector provides ability to get events which helps to examine potential security risks, analyze your team's use of collaboration, diagnose configuration problems and more.", - "graphQueriesTableName": "ConfluenceAuditLogs_CL", - "graphQueries": [ - { - "metricName": "Total data received", - "legend": "Confluence Audit Events", - "baseQuery": "{{graphQueriesTableName}}" - } - ], - "sampleQueries": [ - { - "description": "All Atlassian Confluence Audit logs", - "query": "{{graphQueriesTableName}}\n| sort by TimeGenerated desc" - }, - { - "description": "Total Events", - "query": "{{graphQueriesTableName}}\n | summarize count() by OriginalEventUid" - } - ], - "dataTypes": [ - { - "name": "{{graphQueriesTableName}}", - "lastDataReceivedQuery": "{{graphQueriesTableName}}|summarize Time = max (TimeGenerated)\n|where isnotempty(Time)" - } - ], - "connectivityCriteria": [ - { - "type": "HasDataConnectors" - } - ], - "availability": { - "isPreview": false - }, - "permissions": { - "resourceProvider": [ - { - "provider": "Microsoft.OperationalInsights/workspaces", - "permissionsDisplayText": "Read and Write permissions are required.", - "providerDisplayName": "Workspace", - "scope": "Workspace", - "requiredPermissions": { - "write": true, - "read": true, - "delete": true - } - } + "name": "AtlassianConfluenceConnector", + "apiVersion": "2025-03-01", + "type": "Microsoft.SecurityInsights/dataConnectorDefinitions", + "location": "{{location}}", + "kind": "Customizable", + "properties": { + "connectorUiConfig": { + "id": "AtlassianConfluenceConnector", + "title": "Atlassian Confluence Audit (via Codeless Connector Framework)", + "publisher": "Microsoft", + "descriptionMarkdown": "The [Atlassian Confluence](https://www.atlassian.com/software/confluence) Audit data connector provides the capability to ingest [Confluence Audit Records](https://support.atlassian.com/confluence-cloud/docs/view-the-audit-log/) events into Microsoft Sentinel through the REST API. Refer to [API documentation](https://support.atlassian.com/confluence-cloud/docs/view-the-audit-log/) for more information. The connector provides ability to get events which helps to examine potential security risks, analyze your team's use of collaboration, diagnose configuration problems and more.", + "graphQueriesTableName": "ConfluenceAuditLogs_CL", + "graphQueries": [ + { + "metricName": "Total data received", + "legend": "Confluence Audit Events", + "baseQuery": "{{graphQueriesTableName}}" + } + ], + "sampleQueries": [ + { + "description": "All Atlassian Confluence Audit logs", + "query": "{{graphQueriesTableName}}\n| sort by TimeGenerated desc" + }, + { + "description": "Events by Category", + "query": "{{graphQueriesTableName}}\n | summarize count() by Category" + } + ], + "dataTypes": [ + { + "name": "{{graphQueriesTableName}}", + "lastDataReceivedQuery": "{{graphQueriesTableName}} | summarize Time = max (TimeGenerated)\n|where isnotempty(Time)" + } + ], + "connectivityCriteria": [ + { + "type": "HasDataConnectors" + } + ], + "availability": { + "isPreview": false, + "status": 1 + }, + "permissions": { + "resourceProvider": [ + { + "provider": "Microsoft.OperationalInsights/workspaces", + "permissionsDisplayText": "Read and Write permissions are required.", + "providerDisplayName": "Workspace", + "scope": "Workspace", + "requiredPermissions": { + "write": true, + "read": true, + "delete": true, + "action": false + } + } + ], + "customs": [ + { + "name": "Atlassian Confluence API access", + "description": "Permission of [Administer Confluence](https://developer.atlassian.com/cloud/confluence/rest/v1/intro/#auth) is required to get access to the Confluence Audit logs API. See [Confluence API documentation](https://developer.atlassian.com/cloud/confluence/rest/v1/api-group-audit/#api-wiki-rest-api-audit-get) to learn more about the audit API." + } + ] + }, + "instructionSteps": [ + { + "title": "Connect to Atlassian Confluence API to start collecting audit logs in Microsoft Sentinel", + "description": "To enable the Atlassian Confluence connector for Microsoft Sentinel, click to add an organization, fill the form with the Confluence environment credentials and click to Connect. \n Follow [these steps](https://support.atlassian.com/atlassian-account/docs/manage-api-tokens-for-your-atlassian-account/) to create an API token.\n ", + "instructions": [ + { + "type": "DataConnectorsGrid", + "parameters": { + "mapping": [ + { + "columnName": "Atlassian Confluence organization URL", + "columnValue": "properties.request.apiEndpoint" + } ], - "customs": [ - { - "name": "Atlassian Confluence API access", - "description": "Permission of [Administer Confluence](https://developer.atlassian.com/cloud/confluence/rest/v1/intro/#auth) is required to get access to the Confluence Audit logs API. See [Confluence API documentation](https://developer.atlassian.com/cloud/confluence/rest/v1/api-group-audit/#api-wiki-rest-api-audit-get) to learn more about the audit API." - } + "menuItems": [ + "DeleteConnector" ] + } }, - "instructionSteps": [ - { - "description": "To enable the Atlassian Confluence connector for Microsoft Sentinel, click to add an organization, fill the form with the Confluence environment credentials and click to Connect. \n Follow [these steps](https://support.atlassian.com/atlassian-account/docs/manage-api-tokens-for-your-atlassian-account/) to create an API token.\n ", + { + "type": "ContextPane", + "parameters": { + "isPrimary": true, + "label": "Add organization", + "title": "Add organization", + "subtitle": "Add Atlassian Confluence organization", + "contextPaneType": "DataConnectorsContextPane", + "instructionSteps": [ + { "instructions": [ - { - "type": "DataConnectorsGrid", - "parameters": { - "mapping": [ - { - "columnName": "Atlassian Confluence organization URL", - "columnValue": "properties.request.apiEndpoint" - } - - ], - "menuItems": [ - "DeleteConnector" - ] - } - }, - { - "type": "ContextPane", - "parameters": { - "isPrimary": true, - "label": "Add organization", - "title": "Add organization", - "subtitle": "Add Atlassian Confluence organization", - "contextPaneType": "DataConnectorsContextPane", - "instructionSteps": [ - { - "instructions": [ - { - "type": "Textbox", - "parameters": { - "label": "Atlassian Confluence organization URL", - "placeholder": ".atlassian.net", - "type": "string", - "name": "confluenceorganizationurl" - } - }, - { - "type": "Textbox", - "parameters": { - "label": "User Name", - "placeholder": "User Name (e.g., user@example.com)", - "type": "securestring", - "name": "userid" - } - }, - { - "type": "Textbox", - "parameters": { - "label": "API Token", - "placeholder": "API Token", - "type": "password", - "name": "apikey" - } - } - ] - } - ] - } + { + "type": "Textbox", + "parameters": { + "label": "Atlassian Confluence organization URL", + "placeholder": ".atlassian.net", + "type": "text", + "name": "confluenceorganizationurl", + "validations": { + "required": true + } + } + }, + { + "type": "Textbox", + "parameters": { + "label": "User Name", + "placeholder": "User Name (e.g., user@example.com)", + "type": "text", + "name": "userid", + "validations": { + "required": true + } } + }, + { + "type": "Textbox", + "parameters": { + "label": "API Token", + "placeholder": "API Token", + "type": "password", + "name": "apikey", + "validations": { + "required": true + } + } + } ] - } - ] + } + ] + } + } + ] } + ] } -} + } +} \ No newline at end of file diff --git a/Solutions/AtlassianConfluenceAudit/Data Connectors/AtlassianConfluenceAuditLogs_CCP/AtlassianConfluenceAudit_PollingConfig.json b/Solutions/AtlassianConfluenceAudit/Data Connectors/AtlassianConfluenceAuditLogs_CCP/AtlassianConfluenceAudit_PollingConfig.json index 0ed582bcd5c..62324e4e79e 100644 --- a/Solutions/AtlassianConfluenceAudit/Data Connectors/AtlassianConfluenceAuditLogs_CCP/AtlassianConfluenceAudit_PollingConfig.json +++ b/Solutions/AtlassianConfluenceAudit/Data Connectors/AtlassianConfluenceAuditLogs_CCP/AtlassianConfluenceAudit_PollingConfig.json @@ -1,46 +1,48 @@ { - "name": "ConfluenceAuditCCPPolling", - "apiVersion": "2025-03-01", - "type": "Microsoft.SecurityInsights/dataConnectors", - "location": "{{location}}", - "kind": "RestApiPoller", - "properties": { - "connectorDefinitionName": "ConfluenceAuditCCPDefinition", - "dataType": "ConfluenceAuditLogs_CL", - "dcrConfig": { - "dataCollectionEndpoint": "{{dataCollectionEndpoint}}", - "dataCollectionRuleImmutableId": "{{dataCollectionRuleImmutableId}}", - "streamName": "Custom-ConfluenceAuditLogs" - }, - "auth": { - "type": "Basic", - "UserName": "{{userid}}", - "Password": "{{apikey}}" - }, - "request": { - "apiEndpoint": "[[concat('https://',parameters('confluenceorganizationurl'),'/wiki/rest/api/audit')]", - "httpMethod": "GET", - "retryCount": 3, - "timeoutInSeconds": 60, - "queryTimeFormat": "UnixTimestampInMills", - "startTimeAttributeName": "startDate", - "endTimeAttributeName": "endDate", - "headers": { - "Accept": "application/json", - "User-Agent": "Scuba" - } - }, - "paging": { - "pagingType": "Offset", - "offsetParaName": "start", - "pageSizeParaName": "limit", - "pageSize": 1000 - }, - "response": { - "eventsJsonPaths": [ - "$.results" - ], - "format": "json" - } + "type": "Microsoft.SecurityInsights/dataConnectors", + "apiVersion": "2025-03-01", + "name": "ConfluenceAuditLogsPoller", + "location": "{{location}}", + "kind": "RestApiPoller", + "properties": { + "auth": { + "type": "Basic", + "UserName": "[[parameters('userid')]", + "Password": "[[parameters('apikey')]" + }, + "request": { + "apiEndpoint": "[[concat('https://',parameters('confluenceorganizationurl'),'/wiki/rest/api/audit')]", + "httpMethod": "GET", + "queryWindowInMin": 5, + "queryTimeFormat": "UnixTimestampInMills", + "retryCount": 3, + "timeoutInSeconds": 60, + "headers": { + "Content-Type": "application/json", + "Accept": "application/json", + "User-Agent": "Scuba" + }, + "startTimeAttributeName": "startDate", + "endTimeAttributeName": "endDate" + }, + "response": { + "eventsJsonPaths": [ + "$.results" + ], + "format": "json" + }, + "paging": { + "pagingType": "Offset", + "offsetParaName": "start", + "pageSize": 1000, + "pageSizeParameterName": "limit" + }, + "connectorDefinitionName": "AtlassianConfluenceConnector", + "dataType": "ConfluenceAuditLogs", + "dcrConfig": { + "streamName": "Custom-ConfluenceAuditLogs_CL", + "dataCollectionEndpoint": "{{dataCollectionEndpoint}}", + "dataCollectionRuleImmutableId": "{{dataCollectionRuleImmutableId}}" } + } } \ No newline at end of file diff --git a/Solutions/AtlassianConfluenceAudit/Data Connectors/AtlassianConfluenceAuditLogs_CCP/AtlassianConfluenceAudit_table.json b/Solutions/AtlassianConfluenceAudit/Data Connectors/AtlassianConfluenceAuditLogs_CCP/AtlassianConfluenceAudit_table.json index 2cb69fd7bf4..6eb0dfca393 100644 --- a/Solutions/AtlassianConfluenceAudit/Data Connectors/AtlassianConfluenceAuditLogs_CCP/AtlassianConfluenceAudit_table.json +++ b/Solutions/AtlassianConfluenceAudit/Data Connectors/AtlassianConfluenceAuditLogs_CCP/AtlassianConfluenceAudit_table.json @@ -1,197 +1,169 @@ { - "name": "ConfluenceAuditLogs_CL", - "apiVersion": "2023-09-01", - "type": "Microsoft.OperationalInsights/workspaces/tables", - "location": "{{location}}", - "kind": null, - "properties": { - "schema": { - "tableSubType": "DataCollectionRuleBased", - "name": "ConfluenceAuditLogs_CL", - "tableType": "CustomLog", - "columns": [ - { - "name": "TimeGenerated", - "type": "datetime", - "isDefaultDisplay": false, - "isHidden": false - }, - { - "name": "EventVendor", - "type": "string", - "isDefaultDisplay": false, - "isHidden": false - }, - { - "name": "EventProduct", - "type": "string", - "isDefaultDisplay": false, - "isHidden": false - }, - { - "name": "AuthorUsername", - "type": "string", - "isDefaultDisplay": false, - "isHidden": false - }, - { - "name": "AuthorAccountId", - "type": "string", - "isDefaultDisplay": false, - "isHidden": false - }, - { - "name": "AuthorType", - "type": "string", - "isDefaultDisplay": false, - "isHidden": false - }, - { - "name": "AuthorDisplayName", - "type": "string", - "isDefaultDisplay": false, - "isHidden": false - }, - { - "name": "AuthorIsExternalCollaborator", - "type": "boolean", - "isDefaultDisplay": false, - "isHidden": false - }, - { - "name": "AuthorUserKey", - "type": "string", - "isDefaultDisplay": false, - "isHidden": false - }, - { - "name": "AuthorAccountType", - "type": "string", - "isDefaultDisplay": false, - "isHidden": false - }, - { - "name": "AuthorPublicName", - "type": "string", - "isDefaultDisplay": false, - "isHidden": false - }, - { - "name": "AuthorExternalCollaborator", - "type": "boolean", - "isDefaultDisplay": false, - "isHidden": false - }, - { - "name": "RemoteAddress", - "type": "string", - "isDefaultDisplay": false, - "isHidden": false - }, - { - "name": "CreationDate", - "type": "long", - "isDefaultDisplay": false, - "isHidden": false - }, - { - "name": "Summary", - "type": "string", - "isDefaultDisplay": false, - "isHidden": false - }, - { - "name": "Description", - "type": "string", - "isDefaultDisplay": false, - "isHidden": false - }, - { - "name": "Category", - "type": "string", - "isDefaultDisplay": false, - "isHidden": false - }, - { - "name": "SysAdmin", - "type": "boolean", - "isDefaultDisplay": false, - "isHidden": false - }, - { - "name": "SuperAdmin", - "type": "boolean", - "isDefaultDisplay": false, - "isHidden": false - }, - { - "name": "AffectedObjectName", - "type": "string", - "isDefaultDisplay": false, - "isHidden": false - }, - { - "name": "AffectedObjectObjectType", - "type": "string", - "isDefaultDisplay": false, - "isHidden": false - }, - { - "name": "ChangedValues", - "type": "dynamic", - "isDefaultDisplay": false, - "isHidden": false - }, - { - "name": "AssociatedObjects", - "type": "dynamic", - "isDefaultDisplay": false, - "isHidden": false - }, - { - "name": "UserIdentity", - "type": "string", - "isDefaultDisplay": false, - "isHidden": false - }, - { - "name": "SrcUserName", - "type": "string", - "isDefaultDisplay": false, - "isHidden": false - }, - { - "name": "DstUserSid", - "type": "string", - "isDefaultDisplay": false, - "isHidden": false - }, - { - "name": "SrcIpAddr", - "type": "string", - "isDefaultDisplay": false, - "isHidden": false - }, - { - "name": "EventCreationTime", - "type": "long", - "isDefaultDisplay": false, - "isHidden": false - }, - { - "name": "EventMessage", - "type": "string", - "isDefaultDisplay": false, - "isHidden": false - }, - { - "name": "EventCategoryType", - "type": "string", - "isDefaultDisplay": false, - "isHidden": false - } - ], - "isTroubleshootingAllowed": true + "name": "ConfluenceAuditLogs_CL", + "type": "Microsoft.OperationalInsights/workspaces/tables", + "apiVersion": "2025-02-01", + "tags": { + "StreamName": "Custom-ConfluenceAuditLogs_CL", + "Category": "Security", + "DataSource": "Atlassian Confluence" + }, + "properties": { + "schema": { + "name": "ConfluenceAuditLogs_CL", + "description": "The Atlassian Confluence Audit Logs table contains audit logs from Atlassian Confluence that have been ingested into Microsoft Sentinel.", + "columns": [ + { + "name": "TimeGenerated", + "type": "datetime", + "description": "The timestamp (in UTC) when the log entry was generated.", + "isDefaultDisplay": true + }, + { + "name": "EventVendor", + "type": "string", + "description": "The vendor of the event." + }, + { + "name": "EventProduct", + "type": "string", + "description": "The product of the event." + }, + { + "name": "AuthorUsername", + "type": "string", + "description": "The username of the author." + }, + { + "name": "AuthorAccountId", + "type": "string", + "description": "The account ID of the author." + }, + { + "name": "AuthorType", + "type": "string", + "description": "The type of the author." + }, + { + "name": "AuthorDisplayName", + "type": "string", + "description": "The display name of the author." + }, + { + "name": "AuthorIsExternalCollaborator", + "type": "boolean", + "description": "Indicates whether the author is an external collaborator." + }, + { + "name": "AuthorUserKey", + "type": "string", + "description": "The user key of the author." + }, + { + "name": "AuthorAccountType", + "type": "string", + "description": "The account type of the author." + }, + { + "name": "AuthorPublicName", + "type": "string", + "description": "The public name of the author." + }, + { + "name": "AuthorExternalCollaborator", + "type": "boolean", + "description": "Indicates whether the author is an external collaborator." + }, + { + "name": "RemoteAddress", + "type": "string", + "description": "The remote address of the author." + }, + { + "name": "CreationDate", + "type": "long", + "description": "The creation date of the audit log entry." + }, + { + "name": "Summary", + "type": "string", + "description": "The summary of the audit log entry." + }, + { + "name": "Description", + "type": "string", + "description": "The description of the audit log entry." + }, + { + "name": "Category", + "type": "string", + "description": "The category of the audit log entry." + }, + { + "name": "SysAdmin", + "type": "boolean", + "description": "Indicates whether the author is a system administrator." + }, + { + "name": "SuperAdmin", + "type": "boolean", + "description": "Indicates whether the author is a super administrator." + }, + { + "name": "AffectedObjectName", + "type": "string", + "description": "The name of the affected object." + }, + { + "name": "AffectedObjectObjectType", + "type": "string", + "description": "The type of the affected object." + }, + { + "name": "ChangedValues", + "type": "dynamic", + "description": "The changed values of the audit log entry." + }, + { + "name": "AssociatedObjects", + "type": "dynamic", + "description": "The associated objects of the audit log entry." + }, + { + "name": "UserIdentity", + "type": "string", + "description": "The identity of the user." + }, + { + "name": "SrcUserName", + "type": "string", + "description": "The source username." + }, + { + "name": "DstUserSid", + "type": "string", + "description": "The destination user SID." + }, + { + "name": "SrcIpAddr", + "type": "string", + "description": "The source IP address." + }, + { + "name": "EventCreationTime", + "type": "long", + "description": "The creation time of the event." + }, + { + "name": "EventMessage", + "type": "string", + "description": "The message of the event." + }, + { + "name": "EventCategoryType", + "type": "string", + "description": "The category type of the event." } + ] } + } } \ No newline at end of file diff --git a/Solutions/AtlassianConfluenceAudit/Data/Solution_AtlassianConfluenceAudit.json b/Solutions/AtlassianConfluenceAudit/Data/Solution_AtlassianConfluenceAudit.json index a160598d18f..c6fb313aa76 100644 --- a/Solutions/AtlassianConfluenceAudit/Data/Solution_AtlassianConfluenceAudit.json +++ b/Solutions/AtlassianConfluenceAudit/Data/Solution_AtlassianConfluenceAudit.json @@ -11,7 +11,7 @@ ], "Metadata": "SolutionMetadata.json", "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\AtlassianConfluenceAudit", - "Version": "3.0.3", - "TemplateSpec": true, + "Version": "3.0.7", + "TemplateSpec": false, "Is1PConnector": false -} \ No newline at end of file +} diff --git a/Solutions/AtlassianConfluenceAudit/Package/3.0.7.zip b/Solutions/AtlassianConfluenceAudit/Package/3.0.7.zip new file mode 100644 index 00000000000..962d4b66aab Binary files /dev/null and b/Solutions/AtlassianConfluenceAudit/Package/3.0.7.zip differ diff --git a/Solutions/AtlassianConfluenceAudit/Package/createUiDefinition.json b/Solutions/AtlassianConfluenceAudit/Package/createUiDefinition.json index 27808573aa0..bc623d4136d 100644 --- a/Solutions/AtlassianConfluenceAudit/Package/createUiDefinition.json +++ b/Solutions/AtlassianConfluenceAudit/Package/createUiDefinition.json @@ -60,7 +60,7 @@ "name": "dataconnectors1-text", "type": "Microsoft.Common.TextBlock", "options": { - "text": "This Solution installs the data connector for AtlassianConfluenceAudit. You can get AtlassianConfluenceAudit data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view." + "text": "This Solution installs the data connector for Atlassian Confluence Audit (via Codeless Connector Framework). You can get Atlassian Confluence Audit (via Codeless Connector Framework) data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view." } }, { diff --git a/Solutions/AtlassianConfluenceAudit/Package/mainTemplate.json b/Solutions/AtlassianConfluenceAudit/Package/mainTemplate.json index bc4f7db4a2d..7ca022bc5d0 100644 --- a/Solutions/AtlassianConfluenceAudit/Package/mainTemplate.json +++ b/Solutions/AtlassianConfluenceAudit/Package/mainTemplate.json @@ -47,17 +47,17 @@ "email": "support@microsoft.com", "_email": "[variables('email')]", "_solutionName": "AtlassianConfluenceAudit", - "_solutionVersion": "3.0.6", + "_solutionVersion": "3.0.7", "solutionId": "azuresentinel.azure-sentinel-solution-atlassianconfluenceaudit", "_solutionId": "[variables('solutionId')]", "workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]", - "dataConnectorCCPVersion": "1.0.0", - "_dataConnectorContentIdConnectorDefinition1": "ConfluenceAuditCCPDefinition", + "dataConnectorCCPVersion": "3.0.7", + "_dataConnectorContentIdConnectorDefinition1": "AtlassianConfluenceConnector", "dataConnectorTemplateNameConnectorDefinition1": "[concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentIdConnectorDefinition1')))]", - "_dataConnectorContentIdConnections1": "ConfluenceAuditCCPDefinitionConnections", + "_dataConnectorContentIdConnections1": "AtlassianConfluenceConnectorConnections", "dataConnectorTemplateNameConnections1": "[concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentIdConnections1')))]", + "dataCollectionEndpointId1": "[concat('/subscriptions/',parameters('subscription'),'/resourceGroups/',parameters('resourceGroupName'),'/providers/Microsoft.Insights/dataCollectionEndpoints/',parameters('workspace'))]", "blanks": "[replace('b', 'b', '')]", - "TemplateEmptyObject": "[json('{}')]", "parserObject1": { "_parserName1": "[concat(parameters('workspace'),'/','ConfluenceAudit')]", "_parserId1": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'ConfluenceAudit')]", @@ -78,7 +78,7 @@ ], "properties": { "contentId": "[variables('_dataConnectorContentIdConnectorDefinition1')]", - "displayName": " Atlassian Confluence Audit (via Codeless Connector Framework)", + "displayName": "Atlassian Confluence Audit (via Codeless Connector Framework)", "contentKind": "DataConnector", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", @@ -94,8 +94,8 @@ "kind": "Customizable", "properties": { "connectorUiConfig": { - "id": "ConfluenceAuditCCPDefinition", - "title": " Atlassian Confluence Audit (via Codeless Connector Framework)", + "id": "AtlassianConfluenceConnector", + "title": "Atlassian Confluence Audit (via Codeless Connector Framework)", "publisher": "Microsoft", "descriptionMarkdown": "The [Atlassian Confluence](https://www.atlassian.com/software/confluence) Audit data connector provides the capability to ingest [Confluence Audit Records](https://support.atlassian.com/confluence-cloud/docs/view-the-audit-log/) events into Microsoft Sentinel through the REST API. Refer to [API documentation](https://support.atlassian.com/confluence-cloud/docs/view-the-audit-log/) for more information. The connector provides ability to get events which helps to examine potential security risks, analyze your team's use of collaboration, diagnose configuration problems and more.", "graphQueriesTableName": "ConfluenceAuditLogs_CL", @@ -112,14 +112,14 @@ "query": "{{graphQueriesTableName}}\n| sort by TimeGenerated desc" }, { - "description": "Total Events", - "query": "{{graphQueriesTableName}}\n | summarize count() by OriginalEventUid" + "description": "Events by Category", + "query": "{{graphQueriesTableName}}\n | summarize count() by Category" } ], "dataTypes": [ { "name": "{{graphQueriesTableName}}", - "lastDataReceivedQuery": "{{graphQueriesTableName}}|summarize Time = max (TimeGenerated)\n|where isnotempty(Time)" + "lastDataReceivedQuery": "{{graphQueriesTableName}} | summarize Time = max (TimeGenerated)\n|where isnotempty(Time)" } ], "connectivityCriteria": [ @@ -128,7 +128,8 @@ } ], "availability": { - "isPreview": false + "isPreview": false, + "status": 1 }, "permissions": { "resourceProvider": [ @@ -140,7 +141,8 @@ "requiredPermissions": { "write": true, "read": true, - "delete": true + "delete": true, + "action": false } } ], @@ -153,6 +155,7 @@ }, "instructionSteps": [ { + "title": "Connect to Atlassian Confluence API to start collecting audit logs in Microsoft Sentinel", "description": "To enable the Atlassian Confluence connector for Microsoft Sentinel, click to add an organization, fill the form with the Confluence environment credentials and click to Connect. \n Follow [these steps](https://support.atlassian.com/atlassian-account/docs/manage-api-tokens-for-your-atlassian-account/) to create an API token.\n ", "instructions": [ { @@ -185,8 +188,11 @@ "parameters": { "label": "Atlassian Confluence organization URL", "placeholder": ".atlassian.net", - "type": "string", - "name": "confluenceorganizationurl" + "type": "text", + "name": "confluenceorganizationurl", + "validations": { + "required": true + } } }, { @@ -194,8 +200,11 @@ "parameters": { "label": "User Name", "placeholder": "User Name (e.g., user@example.com)", - "type": "securestring", - "name": "userid" + "type": "text", + "name": "userid", + "validations": { + "required": true + } } }, { @@ -204,7 +213,10 @@ "label": "API Token", "placeholder": "API Token", "type": "password", - "name": "apikey" + "name": "apikey", + "validations": { + "required": true + } } } ] @@ -260,13 +272,10 @@ "location": "[parameters('workspace-location')]", "kind": "[variables('blanks')]", "properties": { + "dataCollectionEndpointId": "[variables('dataCollectionEndpointId1')]", "streamDeclarations": { - "Custom-ConfluenceAuditLogs": { + "Custom-ConfluenceAuditLogs_CL": { "columns": [ - { - "name": "author", - "type": "dynamic" - }, { "name": "remoteAddress", "type": "string" @@ -296,21 +305,24 @@ "type": "boolean" }, { - "name": "affectedObject", + "name": "changedValues", "type": "dynamic" }, { - "name": "changedValues", + "name": "associatedObjects", "type": "dynamic" }, { - "name": "associatedObjects", + "name": "author", + "type": "dynamic" + }, + { + "name": "affectedObject", "type": "dynamic" } ] } }, - "dataSources": "[variables('TemplateEmptyObject')]", "destinations": { "logAnalytics": [ { @@ -322,16 +334,15 @@ "dataFlows": [ { "streams": [ - "Custom-ConfluenceAuditLogs" + "Custom-ConfluenceAuditLogs_CL" ], "destinations": [ "clv2ws1" ], - "transformKql": "source\r| extend\r TimeGenerated = now(),\r EventVendor=\"Atlassian\",\r EventProduct=\"Confluence Audit\",\r AuthorUsername=tostring(author.username), \r AuthorDisplayName=tostring(author.displayName),\r AuthorType=tostring(author.type),\r AuthorAccountId=tostring(author.accountId),\r AuthorUserKey=tostring(author.userKey),\r AuthorPublicName=tostring(author.publicName),\r AuthorAccountType=tostring(author.accountType),\r AuthorIsExternalCollaborator=tobool(author.isExternalCollaborator),\r AuthorExternalCollaborator=tobool(author.externalCollaborator),\r AffectedObjectName=tostring(affectedObject.name),\r AffectedObjectObjectType=tostring(affectedObject.type),\r UserIdentity=tostring(author.accountId),\r SrcUserName=tostring(author.displayName),\r DstUserSid=tostring(author.userKey)\r| project\r TimeGenerated,\r EventVendor,\r EventProduct,\r AuthorUsername,\r AuthorAccountId,\r AuthorType,\r AuthorDisplayName,\r AuthorIsExternalCollaborator,\r AuthorUserKey,\r AuthorAccountType,\r AuthorPublicName,\r AuthorExternalCollaborator,\r RemoteAddress=remoteAddress,\r CreationDate=creationDate,\r Summary=summary,\r Description=description,\r Category=category,\r SysAdmin=sysAdmin,\r SuperAdmin=superAdmin,\r AffectedObjectName,\r AffectedObjectObjectType,\r ChangedValues=changedValues,\r AssociatedObjects=associatedObjects,\r UserIdentity,\r SrcUserName,\r DstUserSid,\r SrcIpAddr=remoteAddress,\r EventCreationTime=creationDate,\r EventMessage=summary,\r EventCategoryType=category", - "outputStream": "Custom-ConfluenceAuditLogs_CL" + "outputStream": "Custom-ConfluenceAuditLogs_CL", + "transformKql": "source | extend TimeGenerated = iff(isnull(creationDate), now(), datetime(1970-01-01) + (creationDate * 1ms)) , EventVendor = \"Atlassian\" , EventProduct = \"Confluence Audit\" , AuthorUsername = tostring(author.username) , AuthorAccountId = tostring(author.accountId) , AuthorType = tostring(author.type) , AuthorDisplayName = tostring(author.displayName) , AuthorIsExternalCollaborator = tobool(author.isExternalCollaborator) , AuthorUserKey = tostring(author.userKey) , AuthorAccountType = tostring(author.accountType) , AuthorPublicName = tostring(author.publicName) , AuthorExternalCollaborator = tobool(author.externalCollaborator) , RemoteAddress = ['remoteAddress'] , CreationDate = ['creationDate'] , Summary = ['summary'] , Description = ['description'] , Category = ['category'] , SysAdmin = ['sysAdmin'] , SuperAdmin = ['superAdmin'] , AffectedObjectName = tostring(affectedObject.name) , AffectedObjectObjectType = tostring(affectedObject.objectType) , ChangedValues = ['changedValues'] , AssociatedObjects = ['associatedObjects'] , UserIdentity = tostring(author.accountId) , SrcUserName = tostring(author.displayName) , DstUserSid = tostring(author.userKey) , SrcIpAddr = tostring(remoteAddress) , EventCreationTime = tolong(creationDate) , EventMessage = tostring(summary) , EventCategoryType = tostring(affectedObject.objectType) | project TimeGenerated , EventVendor , EventProduct , AuthorUsername , AuthorAccountId , AuthorType , AuthorDisplayName , AuthorIsExternalCollaborator , AuthorUserKey , AuthorAccountType , AuthorPublicName , AuthorExternalCollaborator , RemoteAddress , CreationDate , Summary , Description , Category , SysAdmin , SuperAdmin , AffectedObjectName , AffectedObjectObjectType , ChangedValues , AssociatedObjects , UserIdentity , SrcUserName , DstUserSid , SrcIpAddr , EventCreationTime , EventMessage , EventCategoryType" } - ], - "dataCollectionEndpointId": "[concat('/subscriptions/',parameters('subscription'),'/resourceGroups/',parameters('resourceGroupName'),'/providers/Microsoft.Insights/dataCollectionEndpoints/',parameters('workspace'))]" + ] } }, { @@ -342,192 +353,161 @@ "kind": null, "properties": { "schema": { - "tableSubType": "DataCollectionRuleBased", "name": "ConfluenceAuditLogs_CL", - "tableType": "CustomLog", + "description": "The Atlassian Confluence Audit Logs table contains audit logs from Atlassian Confluence that have been ingested into Microsoft Sentinel.", "columns": [ { "name": "TimeGenerated", "type": "datetime", - "isDefaultDisplay": false, - "isHidden": false + "description": "The timestamp (in UTC) when the log entry was generated.", + "isDefaultDisplay": true }, { "name": "EventVendor", "type": "string", - "isDefaultDisplay": false, - "isHidden": false + "description": "The vendor of the event." }, { "name": "EventProduct", "type": "string", - "isDefaultDisplay": false, - "isHidden": false + "description": "The product of the event." }, { "name": "AuthorUsername", "type": "string", - "isDefaultDisplay": false, - "isHidden": false + "description": "The username of the author." }, { "name": "AuthorAccountId", "type": "string", - "isDefaultDisplay": false, - "isHidden": false + "description": "The account ID of the author." }, { "name": "AuthorType", "type": "string", - "isDefaultDisplay": false, - "isHidden": false + "description": "The type of the author." }, { "name": "AuthorDisplayName", "type": "string", - "isDefaultDisplay": false, - "isHidden": false + "description": "The display name of the author." }, { "name": "AuthorIsExternalCollaborator", "type": "boolean", - "isDefaultDisplay": false, - "isHidden": false + "description": "Indicates whether the author is an external collaborator." }, { "name": "AuthorUserKey", "type": "string", - "isDefaultDisplay": false, - "isHidden": false + "description": "The user key of the author." }, { "name": "AuthorAccountType", "type": "string", - "isDefaultDisplay": false, - "isHidden": false + "description": "The account type of the author." }, { "name": "AuthorPublicName", "type": "string", - "isDefaultDisplay": false, - "isHidden": false + "description": "The public name of the author." }, { "name": "AuthorExternalCollaborator", "type": "boolean", - "isDefaultDisplay": false, - "isHidden": false + "description": "Indicates whether the author is an external collaborator." }, { "name": "RemoteAddress", "type": "string", - "isDefaultDisplay": false, - "isHidden": false + "description": "The remote address of the author." }, { "name": "CreationDate", "type": "long", - "isDefaultDisplay": false, - "isHidden": false + "description": "The creation date of the audit log entry." }, { "name": "Summary", "type": "string", - "isDefaultDisplay": false, - "isHidden": false + "description": "The summary of the audit log entry." }, { "name": "Description", "type": "string", - "isDefaultDisplay": false, - "isHidden": false + "description": "The description of the audit log entry." }, { "name": "Category", "type": "string", - "isDefaultDisplay": false, - "isHidden": false + "description": "The category of the audit log entry." }, { "name": "SysAdmin", "type": "boolean", - "isDefaultDisplay": false, - "isHidden": false + "description": "Indicates whether the author is a system administrator." }, { "name": "SuperAdmin", "type": "boolean", - "isDefaultDisplay": false, - "isHidden": false + "description": "Indicates whether the author is a super administrator." }, { "name": "AffectedObjectName", "type": "string", - "isDefaultDisplay": false, - "isHidden": false + "description": "The name of the affected object." }, { "name": "AffectedObjectObjectType", "type": "string", - "isDefaultDisplay": false, - "isHidden": false + "description": "The type of the affected object." }, { "name": "ChangedValues", "type": "dynamic", - "isDefaultDisplay": false, - "isHidden": false + "description": "The changed values of the audit log entry." }, { "name": "AssociatedObjects", "type": "dynamic", - "isDefaultDisplay": false, - "isHidden": false + "description": "The associated objects of the audit log entry." }, { "name": "UserIdentity", "type": "string", - "isDefaultDisplay": false, - "isHidden": false + "description": "The identity of the user." }, { "name": "SrcUserName", "type": "string", - "isDefaultDisplay": false, - "isHidden": false + "description": "The source username." }, { "name": "DstUserSid", "type": "string", - "isDefaultDisplay": false, - "isHidden": false + "description": "The destination user SID." }, { "name": "SrcIpAddr", "type": "string", - "isDefaultDisplay": false, - "isHidden": false + "description": "The source IP address." }, { "name": "EventCreationTime", "type": "long", - "isDefaultDisplay": false, - "isHidden": false + "description": "The creation time of the event." }, { "name": "EventMessage", "type": "string", - "isDefaultDisplay": false, - "isHidden": false + "description": "The message of the event." }, { "name": "EventCategoryType", "type": "string", - "isDefaultDisplay": false, - "isHidden": false + "description": "The category type of the event." } - ], - "isTroubleshootingAllowed": true + ] } } } @@ -550,8 +530,8 @@ "kind": "Customizable", "properties": { "connectorUiConfig": { - "id": "ConfluenceAuditCCPDefinition", - "title": " Atlassian Confluence Audit (via Codeless Connector Framework)", + "id": "AtlassianConfluenceConnector", + "title": "Atlassian Confluence Audit (via Codeless Connector Framework)", "publisher": "Microsoft", "descriptionMarkdown": "The [Atlassian Confluence](https://www.atlassian.com/software/confluence) Audit data connector provides the capability to ingest [Confluence Audit Records](https://support.atlassian.com/confluence-cloud/docs/view-the-audit-log/) events into Microsoft Sentinel through the REST API. Refer to [API documentation](https://support.atlassian.com/confluence-cloud/docs/view-the-audit-log/) for more information. The connector provides ability to get events which helps to examine potential security risks, analyze your team's use of collaboration, diagnose configuration problems and more.", "graphQueriesTableName": "ConfluenceAuditLogs_CL", @@ -568,14 +548,14 @@ "query": "{{graphQueriesTableName}}\n| sort by TimeGenerated desc" }, { - "description": "Total Events", - "query": "{{graphQueriesTableName}}\n | summarize count() by OriginalEventUid" + "description": "Events by Category", + "query": "{{graphQueriesTableName}}\n | summarize count() by Category" } ], "dataTypes": [ { "name": "{{graphQueriesTableName}}", - "lastDataReceivedQuery": "{{graphQueriesTableName}}|summarize Time = max (TimeGenerated)\n|where isnotempty(Time)" + "lastDataReceivedQuery": "{{graphQueriesTableName}} | summarize Time = max (TimeGenerated)\n|where isnotempty(Time)" } ], "connectivityCriteria": [ @@ -584,7 +564,8 @@ } ], "availability": { - "isPreview": false + "isPreview": false, + "status": 1 }, "permissions": { "resourceProvider": [ @@ -596,7 +577,8 @@ "requiredPermissions": { "write": true, "read": true, - "delete": true + "delete": true, + "action": false } } ], @@ -609,6 +591,7 @@ }, "instructionSteps": [ { + "title": "Connect to Atlassian Confluence API to start collecting audit logs in Microsoft Sentinel", "description": "To enable the Atlassian Confluence connector for Microsoft Sentinel, click to add an organization, fill the form with the Confluence environment credentials and click to Connect. \n Follow [these steps](https://support.atlassian.com/atlassian-account/docs/manage-api-tokens-for-your-atlassian-account/) to create an API token.\n ", "instructions": [ { @@ -641,8 +624,11 @@ "parameters": { "label": "Atlassian Confluence organization URL", "placeholder": ".atlassian.net", - "type": "string", - "name": "confluenceorganizationurl" + "type": "text", + "name": "confluenceorganizationurl", + "validations": { + "required": true + } } }, { @@ -650,8 +636,11 @@ "parameters": { "label": "User Name", "placeholder": "User Name (e.g., user@example.com)", - "type": "securestring", - "name": "userid" + "type": "text", + "name": "userid", + "validations": { + "required": true + } } }, { @@ -660,7 +649,10 @@ "label": "API Token", "placeholder": "API Token", "type": "password", - "name": "apikey" + "name": "apikey", + "validations": { + "required": true + } } } ] @@ -719,7 +711,7 @@ ], "properties": { "contentId": "[variables('_dataConnectorContentIdConnections1')]", - "displayName": " Atlassian Confluence Audit (via Codeless Connector Framework)", + "displayName": "Atlassian Confluence Audit (via Codeless Connector Framework)", "contentKind": "ResourcesDataConnector", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", @@ -734,7 +726,7 @@ "type": "securestring" }, "connectorDefinitionName": { - "defaultValue": " Atlassian Confluence Audit (via Codeless Connector Framework)", + "defaultValue": "Atlassian Confluence Audit (via Codeless Connector Framework)", "type": "securestring", "minLength": 1 }, @@ -796,19 +788,12 @@ } }, { - "name": "[[concat(parameters('innerWorkspace'),'/Microsoft.SecurityInsights/', 'ConfluenceAuditCCPPolling', parameters('guidValue'))]", + "name": "[[concat(parameters('innerWorkspace'),'/Microsoft.SecurityInsights/', 'ConfluenceAuditLogsPoller', parameters('guidValue'))]", "apiVersion": "2023-02-01-preview", "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors", "location": "[parameters('workspace-location')]", "kind": "RestApiPoller", "properties": { - "connectorDefinitionName": "ConfluenceAuditCCPDefinition", - "dataType": "ConfluenceAuditLogs_CL", - "dcrConfig": { - "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]", - "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]", - "streamName": "Custom-ConfluenceAuditLogs" - }, "auth": { "type": "Basic", "UserName": "[[parameters('userid')]", @@ -817,27 +802,36 @@ "request": { "apiEndpoint": "[[concat('https://',parameters('confluenceorganizationurl'),'/wiki/rest/api/audit')]", "httpMethod": "GET", + "queryWindowInMin": 5, + "queryTimeFormat": "UnixTimestampInMills", "retryCount": 3, "timeoutInSeconds": 60, - "queryTimeFormat": "UnixTimestampInMills", - "startTimeAttributeName": "startDate", - "endTimeAttributeName": "endDate", "headers": { + "Content-Type": "application/json", "Accept": "application/json", "User-Agent": "Scuba" - } - }, - "paging": { - "pagingType": "Offset", - "offsetParaName": "start", - "pageSizeParaName": "limit", - "pageSize": 1000 + }, + "startTimeAttributeName": "startDate", + "endTimeAttributeName": "endDate" }, "response": { "eventsJsonPaths": [ "$.results" ], "format": "json" + }, + "paging": { + "pagingType": "Offset", + "offsetParaName": "start", + "pageSize": 1000, + "pageSizeParameterName": "limit" + }, + "connectorDefinitionName": "AtlassianConfluenceConnector", + "dataType": "ConfluenceAuditLogs", + "dcrConfig": { + "streamName": "Custom-ConfluenceAuditLogs_CL", + "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]", + "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]" } } } @@ -861,7 +855,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "ConfluenceAudit Data Parser with template version 3.0.6", + "description": "ConfluenceAudit Data Parser with template version 3.0.7", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('parserObject1').parserVersion1]", @@ -870,7 +864,7 @@ "resources": [ { "name": "[variables('parserObject1')._parserName1]", - "apiVersion": "2022-10-01", + "apiVersion": "2025-07-01", "type": "Microsoft.OperationalInsights/workspaces/savedSearches", "location": "[parameters('workspace-location')]", "properties": { @@ -935,7 +929,7 @@ }, { "type": "Microsoft.OperationalInsights/workspaces/savedSearches", - "apiVersion": "2022-10-01", + "apiVersion": "2025-07-01", "name": "[variables('parserObject1')._parserName1]", "location": "[parameters('workspace-location')]", "properties": { @@ -989,7 +983,7 @@ "apiVersion": "2023-04-01-preview", "location": "[parameters('workspace-location')]", "properties": { - "version": "3.0.6", + "version": "3.0.7", "kind": "Solution", "contentSchemaVersion": "3.0.0", "displayName": "AtlassianConfluenceAudit", diff --git a/Solutions/AtlassianConfluenceAudit/ReleaseNotes.md b/Solutions/AtlassianConfluenceAudit/ReleaseNotes.md index c902a132d63..b35a8b174b7 100644 --- a/Solutions/AtlassianConfluenceAudit/ReleaseNotes.md +++ b/Solutions/AtlassianConfluenceAudit/ReleaseNotes.md @@ -1,5 +1,6 @@ | **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** | |-------------|--------------------------------|-------------------------------------------------------| +| 3.0.7 | 07-04-2026 | Updated **Data Connector** - *Atlassian Confluence Audit* to change DCR data flows. | | 3.0.6 | 28-07-2025 | Removed Deprecated **Data Connector**. | | 3.0.5 | 06-05-2025 | Launching CCP **Data Connector** - *Atlassian Confluence Audit* from Public Preview to Global Availability. | | 3.0.4 | 16-04-2025 | Updated **Parser** to support new and old table.
Updated table name in **CCP Connector**. |