From 1d818d637c4267c813e5a9076d897a2ef2320f87 Mon Sep 17 00:00:00 2001 From: Taz Jack Date: Wed, 11 Mar 2026 15:50:41 -0400 Subject: [PATCH 01/21] Solution: Cyren CrowdStrike IOC Automation v3.0.0 with User-Agent MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Initial release of Cyren → CrowdStrike Falcon IOC automation connector - Logic App: polls Cyren CCF feed (NDJSON), pushes IOCs to CrowdStrike /iocs/entities/indicators/v1 - OAuth2 Bearer token auth with CrowdStrike API - User-Agent: data443-cyren-crowdstrike/1.0 on OAuth2 token + IOC POST calls - 6-hour recurrence, PersistentToken pagination, cost safety parameters - Hidden Sentinel tags for Content Hub visibility - Zip contains only mainTemplate.json + createUiDefinition.json (cert rule 300.4.1.1) --- .../Data/Solution_CyrenCrowdStrike.json | 14 + .../Package/3.0.0.zip | Bin 0 -> 6311 bytes .../Package/createUiDefinition.json | 89 +++ .../Package/mainTemplate.json | 507 ++++++++++++++++++ .../Package/testParameters.json | 24 + .../CyrenToCrowdStrike_Playbook.json | 348 ++++++++++++ .../ReleaseNotes.md | 3 + .../SolutionMetadata.json | 21 + 8 files changed, 1006 insertions(+) create mode 100644 Solutions/Cyren-CrowdStrike-ThreatIntelligence/Data/Solution_CyrenCrowdStrike.json create mode 100644 Solutions/Cyren-CrowdStrike-ThreatIntelligence/Package/3.0.0.zip create mode 100644 Solutions/Cyren-CrowdStrike-ThreatIntelligence/Package/createUiDefinition.json create mode 100644 Solutions/Cyren-CrowdStrike-ThreatIntelligence/Package/mainTemplate.json create mode 100644 Solutions/Cyren-CrowdStrike-ThreatIntelligence/Package/testParameters.json create mode 100644 Solutions/Cyren-CrowdStrike-ThreatIntelligence/Playbooks/CyrenToCrowdStrike_Playbook.json create mode 100644 Solutions/Cyren-CrowdStrike-ThreatIntelligence/ReleaseNotes.md create mode 100644 Solutions/Cyren-CrowdStrike-ThreatIntelligence/SolutionMetadata.json diff --git a/Solutions/Cyren-CrowdStrike-ThreatIntelligence/Data/Solution_CyrenCrowdStrike.json b/Solutions/Cyren-CrowdStrike-ThreatIntelligence/Data/Solution_CyrenCrowdStrike.json new file mode 100644 index 00000000000..974c36835ef --- /dev/null +++ b/Solutions/Cyren-CrowdStrike-ThreatIntelligence/Data/Solution_CyrenCrowdStrike.json @@ -0,0 +1,14 @@ +{ + "Name": "Cyren-CrowdStrike-ThreatIntelligence", + "Author": "Data443 Risk Mitigation, Inc. - support@data443.com", + "Logo": "", + "Description": "The Cyren CrowdStrike Threat Intelligence solution polls Cyren CCF threat intelligence feeds (IP reputation, malware URLs) and pushes IOCs to CrowdStrike Falcon's Custom IOC API for detection and response.", + "Playbooks": [ + "Playbooks/CyrenToCrowdStrike_Playbook.json" + ], + "Metadata": "SolutionMetadata.json", + "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\Cyren-CrowdStrike-ThreatIntelligence", + "Version": "3.0.0", + "TemplateSpec": true, + "Is1Pconnector": false +} diff --git a/Solutions/Cyren-CrowdStrike-ThreatIntelligence/Package/3.0.0.zip b/Solutions/Cyren-CrowdStrike-ThreatIntelligence/Package/3.0.0.zip new file mode 100644 index 0000000000000000000000000000000000000000..d164858b4c4326c090c3879f3bfb5b0814a58c1a GIT binary patch literal 6311 zcmZ|TRZtwFrA+Oc4Mn|sT_RWHH(V(>8QwIP#<_ctpP&8omP%=&tiD!C5u^Es{IZ60juFf6 z9{z5vE6}%>T)wuaF19#Ig|w7bVqqCFF_2TG#fA@r<~*lc2`MGMiherby23SX#3ME$xQxCz>-2$|tdS^6(b}AfNS0lFl}Vr z2l^=7mq->O-RK-_{?KfV^PZBc>p(NoX#KMvmACGGMa#}~VK18{x`ctwFqe!x44 z`L?1FIyEwLKvp6M$mFNd%c^U#D-(l`5-xCq?x0?|-%Lt#Jr_=TYMp^D8j&_hWK}Mf z&#oN#>jBd3nS8{$e3d!dkF3YXCV1DQ@UxW zvaGtd3Y@-_wYiyCIq^MK<{nQ2=?(X@91iT;;mNSHkapm9R=FIT+d zps#QVyM~pgF?WS^3_%0C)J9gd`JTviC?(a_STKgU+x(}QKM)c1?84G*t?0sT{*$lE zez~&j7&u*`Hz>v&tfcobHYJ#wyiffza@{dJd{~hPXJkZtyZi_2ey#+b9-SV9iFLsw zC=P;@QRRHBx!#E1ZM_WWh>)3>fh}^XobGCZf_3Jfb4w4f&oxD0Fj`R2uLpQ}u*jDc zoPHJxuITr@@qjdUu51N*a-FT~34KpnRA*^s2aSq^wkxl_C%E-G-f-SvR`EItmXZS# zT(hm~&~+B2_a-AN*cXD9+bE>N38`ZWkg4e#?LL=t4WDyG-iB@D3$kAQmTuxe)I7>j z2e;MS*vq({a^G4)A1g|dUB$)=_y8gQ)3TpsA@5?SNgHxAoB6PA6rK3tg<0qt*T~fp z({$(CEwhkWlaRSMp@sW&a%>>kXgY-~6q?@8dM3p|fTYlH!s2o73^&RezL9oY#H2x_ zd=r_|wBqHZ)SBN3kGrbOfllNpgxP{hx1^f21^qB+{`oLa+g)=u&-1@8HoyLbA0 zs>jnFiO1XsgR3M`GzbDi@d z$}r^8qUo7a1S>P2MDuy?v3_+~7A}G8&(l1w-^4#U?|oh@@^eJ3sCYMm1wxjorU(@% zQZT#6X8Sw1rC^cz@+*l1ewV z$(N9>*|g@pxQVxLUjH8cP=~E$Kj(=T&!6d%(VU1gJqVxOlQHe-C@lSIws?dC>dmF~&9o3hpBpA>wTZLFPe- zYqYIp`UKJ~Ob=}w4#yJqyLpId-L(V0+Z%|bb@7OKir5LogT*a!{{6xxaF+~Sy!`k) zj(h_4?>b1Nu(!@>$wTmM+|87ai)ngj_9o$pBzReTsny5;g(FdKz1m1`ci`@JlnVoO zj34*aY&_*6Xu7&)SpGk)#SXAV#J6X$ai?!q{kH@sHZ6mHuq%yNz57nZ=m_>$F85=$ z(5;fH%r%^38|0UtnCf z%{eIn?ET|drLTBa$k{an%AX}MWgoo9{7kvY0|GtwwzE~n6yrD5yaFnUY~th^ZoiBy zn`4DUcx5E0fS$TPaO6GYwx7$k4_Gq4?cN?5rG~L$;84Gw=pG8qpORe1>~vVI&eYvz z%rqTGH?smRN4a-6Y+DbXHC{?XUSYjKgV;u#*3kE4f5?lXFNRzUS_cuJ~& zX=lB&MfQ|fou;*P4-sX*tq>(QFnW}eLJA1#Rsvk_?lgWE#4=QQCH%(hsv*4#VP(&_ z-`XrE+_{-v%2Am-T?P$lR@4F`sbK)Tw&16PzwYI7DHYWGy)vP8D0|iDzbnO4BTe)| ztE4fS-B{B6R|QxHis})W?dCsxZ1f=zZK^Zlb@ZrI8LL8)!cMjtMr+(JF-rZSjHq@r z_0A_)E&Ie6g@+Bp{FkBUfW+<3Fek0I;kFgwkQC7m*&!_>PwTkFZ`NX2YG*H0eOr5! zSKv;un-GPK)DCPWutYZYm2r-WHDdKaH*Jy<`B|*tmdYNAj}MKLpd^~B`tQ=Dklrx4 z>Ahs23%*NJ>=8kN!D@Bk0b)y*274i=7pNsbj0+T*{J2{V(hQ1Wt#E zN7zj#^gC0zeJE;86_i{#Xs>+hBwfW8S$}%L0r+FR++P=zhPGgQkaP&GsnHY9Ix3 zzqoYTg)nx@>_eH%4W!L1hZN_HYx}G2eyOYqB9ZgWIKw6+koxmX8t7W{qEMMM(e4|B zmEw73x<729@ZFEkrY_`Y02B{osdX3-%~#3nJ)db6TdhNgi>t%(%w_Fj>hA3bnDO_| z{5EBXk|Uuq47rie0PZ#%k331+Pn>*v+~${&<5s1RpO?2cN=+A;9@7T4TePk+`4_`t zrhlONKl9)_9X5^Sd)9Gj_o@ial!mlBJ}zuNUUs_jAuEljSwFzymr$j#Mr+O*h?_IY znW4M+LBo)U6msHqgqG1I&K3wOeay>oASL?eY&l9xzdKaz1FWA(bUACEMI&V1ik(pP z@s(Z`m09`Ch}M@R5X|IW_k;^ZqlD1LHx?Y5Wv1ptfPgCl_ zPOU|0;PtIVs`ujzx1Q(kh1VCnl{>7P8@<|n69$RyPtq(ymu~dRh#(l;nzYV-13Ks} zI|2dd6|}lrHUJJR%^;_vOH%69+)VV{IO&>ge`&~*UgnAG~qdG3z;X?M%#JhQ`V4CKeE6s~ciScy-={cbLdb2-6PY{G1M zzqHq473}m}UyARoHzPpcV>czPr4Id-R_WYejM#aqEVGuUp|^!sL9o-|{CFJ?+*DlK zje0a7PrTVK-bJfWKh2q}{$;1P$^WBPDI`DPXu%gJkCOT&=;_HYuj|oK!x%qtJ&csk z7bmB2KzDXR)Y4@rx+nT&u(%b7r|id3Omg$a3w6qO@FL(Q&JB7UM;b3s5NSs4H%8m< ze#CuVDu&A9`4wT%{$}HtJT|X_*OJsulvUfdVB4g?c~2nuA%26v{$Rfwyjm&vVKWJD zk!<$So4Bk?=$-|a@-efz&ooxmdToZ^I*-u%wyaZ7*H>ZZ$#!y%osi6w4)lyPF?Ro0 z^=#&}k=)iX&V9?>xhy4Yww?}E0b=R1Mto4lK~>(J6eMmNE~6W2v&1nLI5x{29Z6ai zai~k4UX*72WIZ}YWTdsaN}MijM$0WWPYnN^Z?FBd`GM8`s9I%k4UTaLBCWU>|4{0+ zSS_dr^qmYSWq(aut3eCWNndBXQkm;$z%tR7Z7$2R{n4V!j4<@K?3X}PPL+xCr(SRb zOP8-D(t=f}0mTsCQkB^sNZX>L;QOhKrBlK{{8R2nbJ@m#i63zu^xbJrB`3yO>hvEQ z6zzl(2E|#Y(zWt^abUtssh=#h}X5;IK&I1vNC8wSX-wg$#Jm^_!K{6vZD)` z&MC*3*N*4{^S?{Rl5H>u8iE??uIUsZKQz|J6i*#-(h2w4YH895Uu=W5r%^u2ZLVJT zt0LoO2vL=8FE*cy&X?4EXFqwgdONg|g+JlUr?Nt$mZTak=!t{(zYGUVDZ~+Lzw=C_ zM6OF}1$;~DW@8w0&$iUne&MP?gx`@0KIh#!m!mq25VnNs2KQLu^IYv~Zm`e)lJ+7s z`yA+b{}44a`^J_`G7so$7?02=N%$+9>`vH{xG61zRgs)v@*I5b@Pdi+QIaZ0vr(iV zu06Tdzdv@7#>p&;{#$~Lpu7rE+ttOG+^0`T^+p5CIKjKA0Io`=D}-SYU0h&F8tuik zgzt4V6{{NQXPR2dR2GUN(XX9*?b8`aVcxx@WZsISQ-AQRctj+C*+=}H6o^n@xgETe zwT?>9_Hl4ugZiI~Ij_w28>kv>(aPUoc^PywM&&#)BI$?+*4u10)}%2*=2DOLGyNvI zKV0B84lrtBA*o-_UkL$jcV)pc>A|rVqs|f5B*!vm@L>=8s0q40BC|p71%Y^ZadFTh zOve<(!1{@b-WRBB&S*%KS*2Y%LK`lFQD<0T<-M1KU|BO9!*$QHL*LmmF&(RJ6a$l_ zTaLe%td|usg+Qq`?xi4KRY&sDo?e>FdbG)Y6EIf%rB}Ub`QdL&>~FLqp+>xtv1?QV zNnG_$!|H`dRMKNq?aL5e=Rf%;CO&ib-F z;}&u^&Kn-cxZLWsJ-`$3IxZVa=cA@d=Jp@I{1{vIdY2maD87nWqlY2T$6#y39l|r< z@Ace&`UcSYH$w>;o|08Y0ss#FaTMZz48_XB<{v%LcaXQSb#QU;a&UF|cS-q|ru>Jb z)O=WTSyRLbzW;!+0#}R?=LJW=nIIO<∈fAp~X&smHKVNF1p7X5!=PprC?z1A20R zrA%>g8=K~qej^5%OikTRWNlYShHZiJtTP+8a3Ur$b*P8jgYo`Wn|n?)@ZdfhvL@hV z37>lf;Yh~kW2;7CQxIP&)AB!@-5}U?ZbgsN1%OcdH}_}jjEOc8;GNj46xg(kbY1<6 zOEdWKDa9A_BaH8W=}dwKK9hQ|7VFP{?Ukbu-p!)sF+wsg{qNP7O+H?KRV(unvXb2? z4Cb}TW?scFYb5Y4_H!UBk-7@PGGLIzSu84SBv>QB#%Bk11nZb!+-`0YQeMF+ zs2R~A?>JSSRp@LSKL}KK9X+T`l_jQ@_5IP9IaijNUB~7?$a$Sc%-V~8TqqkH2jN)>J-o_H4&L-h-B<@u4xtoM@km*SWir+1yU5dbK?YWhDrC7)Z6`};zz zB%Kn5DbgzWA}&@blEv6|9Pr_mgT?Jc{(3I0F5<3Gh){ZZc&$+p=e@xzrA(8;LH~Ju zO_|)_KDRHSn#~+GQWetT;==ii{_&i6I~RNUR#XbMM2*At5I&&5eF_zeYxv1|*v;K; ziT`myl1T&Ic};g1{m8`>^69A^>^z*HJY`}4CshJgk7VzehYXNNxJU3Gxl#Igw632k zaqG)6fj?x&@)?a`tckQPOw1EdUUqF)o~9ZM0*FvN83xEQS!FY9(2F_y@bFdT1kg;e zf`+MJ_7TXnk9y{+1LAouP7jSK`fZ1zjlb`X;Fmw)j$bP3=VwU1g_d|KTyf$^K)CG# zR?J!J8+VSULZ`_aIoyM_ydSW7$I;bH<92Ui(c2QxwYkqwMlq{KdoyNr@b6A~`+6 zzKqPA^vE-v#$tqo2%7cNs2inR@^+_>;n`4C_Dt#j^OlL-hNx|5a<3lY=k9q6* zm$3?KuI6jU-Y9^D6DRt1Z;xE~s~yjb;w%S$fL*-#Q$8wNBRgnntUlV@P*`pSgd9{y zEopcO6z~WZ2>|*u(xQtATqOwn*rQzRkP5p4Gw(hz;CMu~&C97~57qZ-oX?j|-7|>f zB6I-_d3~J#T`D}82ve!+uGE30Pd=2nL{laf?FvX{Ee1_HaSJQ$&V~_08CU2G+AZ`R z%syN`U1b`gP6$hm@~Rw*F%_KR$n>pEa}Sl6NEg>Viy*d=0JH;EP z6uo1Kos*<(ytpmJ)MPK_LNN=eFd?Sx0{htCt{X`!O_U4HT9a7irqQcm zVHYy_q+U5%(ZvWF$Xq;zczh1}Dr|$3cvFPIkd^YvVW_*pGw$(H(YP&T#KqCe0|Xla z!lDz&$2}=9E&m}LJo-xDCs!3%pK+#i?%-??ii?yMS5y32$K!_7G7T#S zaegBY$Rk-?f6FaXNcqJsHhsdJuqM*+HF`x$g}~0zkbC&Beq-*o{>#(fTamF;@q8*% z<)<{9ey$nudrGhU&~6uzn+LCrj?Gr_wzwACCyEQtCb9rI*I{%QTN4NTSJhw4@=#O&kb{k^zBi!i;OBD!5 z1^?f8pX49*2LS%jdq7zDzh3_b_9Om(?EjB?`p?*ZZ@m8\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Cyren-CrowdStrike-ThreatIntelligence/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe Cyren CrowdStrike Threat Intelligence solution polls Cyren CCF threat intelligence feeds (IP reputation, malware URLs) and pushes IOCs to CrowdStrike Falcon's Custom IOC API for detection and response.\n\n**Playbooks:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)", + "subscription": { + "resourceProviders": [ + "Microsoft.OperationsManagement/solutions", + "Microsoft.OperationalInsights/workspaces/providers/alertRules", + "Microsoft.Insights/workbooks", + "Microsoft.Logic/workflows" + ] + }, + "location": { + "metadata": { + "hidden": "Hiding location, we get it from the log analytics workspace" + }, + "visible": false + }, + "resourceGroup": { + "allowExisting": true + } + } + }, + "basics": [ + { + "name": "getLAWorkspace", + "type": "Microsoft.Solutions.ArmApiControl", + "toolTip": "This filters by workspaces that exist in the Resource Group selected", + "condition": "[greater(length(resourceGroup().name),0)]", + "request": { + "method": "GET", + "path": "[concat(subscription().id,'/providers/Microsoft.OperationalInsights/workspaces?api-version=2020-08-01')]" + } + }, + { + "name": "workspace", + "type": "Microsoft.Common.DropDown", + "label": "Workspace", + "placeholder": "Select a workspace", + "toolTip": "This dropdown will list only workspace that exists in the Resource Group selected", + "constraints": { + "allowedValues": "[map(filter(basics('getLAWorkspace').value, (filter) => contains(toLower(filter.id), toLower(resourceGroup().name))), (item) => parse(concat('{\"label\":\"', item.name, '\",\"value\":\"', item.name, '\"}')))]", + "required": true + }, + "visible": true + } + ], + "steps": [ + { + "name": "playbooks", + "label": "Playbooks", + "subLabel": { + "preValidation": "Configure the playbooks", + "postValidation": "Done" + }, + "bladeTitle": "Playbooks", + "elements": [ + { + "name": "playbooks-text", + "type": "Microsoft.Common.TextBlock", + "options": { + "text": "This solution installs the Playbook templates to help implement your Security Orchestration, Automation and Response (SOAR) operations. After installing the solution, these will be deployed under Playbook Templates in the Automation blade in Microsoft Sentinel. They can be configured and managed from the Manage solution view in Content Hub." + } + }, + { + "name": "playbooks-link", + "type": "Microsoft.Common.TextBlock", + "options": { + "link": { + "label": "Learn more", + "uri": "https://docs.microsoft.com/azure/sentinel/tutorial-respond-threats-playbook?WT.mc_id=Portal-Microsoft_Azure_CreateUIDef" + } + } + } + ] + } + ], + "outputs": { + "workspace-location": "[first(map(filter(basics('getLAWorkspace').value, (filter) => and(contains(toLower(filter.id), toLower(resourceGroup().name)),equals(filter.name,basics('workspace')))), (item) => item.location))]", + "location": "[location()]", + "workspace": "[basics('workspace')]" + } + } +} diff --git a/Solutions/Cyren-CrowdStrike-ThreatIntelligence/Package/mainTemplate.json b/Solutions/Cyren-CrowdStrike-ThreatIntelligence/Package/mainTemplate.json new file mode 100644 index 00000000000..8e9be872fb1 --- /dev/null +++ b/Solutions/Cyren-CrowdStrike-ThreatIntelligence/Package/mainTemplate.json @@ -0,0 +1,507 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "author": "Data443 Risk Mitigation, Inc. - support@data443.com", + "comments": "Solution template for Cyren-CrowdStrike-ThreatIntelligence" + }, + "parameters": { + "location": { + "type": "string", + "minLength": 1, + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Not used, but needed to pass arm-ttk test `Location-Should-Not-Be-Hardcoded`. We instead use the `workspace-location` which is derived from the LA workspace" + } + }, + "workspace-location": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "[concat('Region to deploy solution resources -- separate from location selection',parameters('location'))]" + } + }, + "workspace": { + "defaultValue": "", + "type": "string", + "metadata": { + "description": "Workspace name for Log Analytics where Microsoft Sentinel is setup" + } + } + }, + "variables": { + "email": "support@data443.com", + "_email": "[variables('email')]", + "_solutionName": "Cyren-CrowdStrike-ThreatIntelligence", + "_solutionVersion": "3.0.0", + "solutionId": "data443riskmitigationinc1761580347231.azure-sentinel-solution-cyren-cs-ioc-automation", + "_solutionId": "[variables('solutionId')]", + "Playbooks": "Playbooks", + "_Playbooks": "[variables('Playbooks')]", + "blanks": "[replace('b', 'b', '')]", + "playbookVersion1": "1.0", + "playbookContentId1": "Playbooks", + "_playbookContentId1": "[variables('playbookContentId1')]", + "playbookId1": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId1'))]", + "playbookTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId1'))))]", + "workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]", + "_playbookcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId1'),'-', variables('playbookVersion1'))))]", + "_solutioncontentProductId": "[concat(take(variables('_solutionId'),50),'-','sl','-', uniqueString(concat(variables('_solutionId'),'-','Solution','-',variables('_solutionId'),'-', variables('_solutionVersion'))))]" + }, + "resources": [ + { + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", + "apiVersion": "2023-04-01-preview", + "name": "[variables('playbookTemplateSpecName1')]", + "location": "[parameters('workspace-location')]", + "dependsOn": [ + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" + ], + "properties": { + "description": "Playbooks Playbook with template version 3.0.0", + "mainTemplate": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "[variables('playbookVersion1')]", + "parameters": { + "logicAppName": { + "type": "string", + "defaultValue": "pb-cyren-to-crowdstrike" + }, + "Cyren_JwtToken": { + "type": "securestring", + "defaultValue": "", + "metadata": { + "description": "Cyren CCF JWT Bearer token for authentication" + } + }, + "Cyren_FeedId": { + "type": "string", + "defaultValue": "ip_reputation", + "metadata": { + "description": "Cyren CCF Feed ID (e.g. ip_reputation, malware_urls)" + } + }, + "CrowdStrike_ClientId": { + "type": "securestring", + "defaultValue": "", + "metadata": { + "description": "CrowdStrike OAuth2 Client ID" + } + }, + "CrowdStrike_ClientSecret": { + "type": "securestring", + "defaultValue": "", + "metadata": { + "description": "CrowdStrike OAuth2 Client Secret" + } + }, + "CrowdStrike_BaseUrl": { + "type": "string", + "defaultValue": "https://api.crowdstrike.com", + "metadata": { + "description": "CrowdStrike API Base URL (e.g. https://api.crowdstrike.com or https://api.us-2.crowdstrike.com)" + } + } + }, + "variables": { + "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]", + "workspace-name": "[parameters('workspace')]", + "workspaceResourceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]" + }, + "resources": [ + { + "type": "Microsoft.Logic/workflows", + "apiVersion": "2019-05-01", + "name": "[[parameters('logicAppName')]", + "location": "[[variables('workspace-location-inline')]", + "properties": { + "state": "Enabled", + "parameters": { + "Cyren_JwtToken": { + "value": "[[parameters('Cyren_JwtToken')]" + }, + "Cyren_FeedId": { + "value": "[[parameters('Cyren_FeedId')]" + }, + "CrowdStrike_ClientId": { + "value": "[[parameters('CrowdStrike_ClientId')]" + }, + "CrowdStrike_ClientSecret": { + "value": "[[parameters('CrowdStrike_ClientSecret')]" + }, + "CrowdStrike_BaseUrl": { + "value": "[[parameters('CrowdStrike_BaseUrl')]" + } + }, + "definition": { + "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "Cyren_BaseUrl": { + "type": "string", + "defaultValue": "https://api-feeds.cyren.com/v1/feed/data" + }, + "Cyren_JwtToken": { + "type": "string", + "defaultValue": "[variables('blanks')]" + }, + "Cyren_FeedId": { + "type": "string", + "defaultValue": "ip_reputation" + }, + "CrowdStrike_BaseUrl": { + "type": "string", + "defaultValue": "https://api.crowdstrike.com" + }, + "CrowdStrike_ClientId": { + "type": "string", + "defaultValue": "[variables('blanks')]" + }, + "CrowdStrike_ClientSecret": { + "type": "string", + "defaultValue": "[variables('blanks')]" + } + }, + "triggers": { + "Recurrence": { + "type": "Recurrence", + "recurrence": { + "frequency": "Minute", + "interval": 360, + "timeZone": "UTC" + } + } + }, + "actions": { + "Initialize_PersistentToken": { + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "persistentToken", + "type": "string", + "value": "[variables('blanks')]" + } + ] + } + }, + "Initialize_ContinuePolling": { + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "continuePolling", + "type": "boolean", + "value": true + } + ] + }, + "runAfter": { + "Initialize_PersistentToken": [ + "Succeeded" + ] + } + }, + "Get_CrowdStrike_Token": { + "type": "Http", + "inputs": { + "method": "POST", + "uri": "@{parameters('CrowdStrike_BaseUrl')}/oauth2/token", + "headers": { + "Content-Type": "application/x-www-form-urlencoded", + "User-Agent": "data443-cyren-crowdstrike/1.0" + }, + "body": "client_id=@{parameters('CrowdStrike_ClientId')}&client_secret=@{parameters('CrowdStrike_ClientSecret')}" + }, + "runAfter": { + "Initialize_ContinuePolling": [ + "Succeeded" + ] + } + }, + "Poll_Cyren_Feed": { + "type": "Until", + "expression": "@equals(variables('continuePolling'), false)", + "limit": { + "count": 10, + "timeout": "PT1H" + }, + "runAfter": { + "Get_CrowdStrike_Token": [ + "Succeeded" + ] + }, + "actions": { + "Build_Cyren_Api_Url": { + "type": "Compose", + "inputs": "@{concat(parameters('Cyren_BaseUrl'), '?feedId=', parameters('Cyren_FeedId'), '&count=1000&queryWindowInMin=360', if(equals(variables('persistentToken'), ''), '', concat('&token=', variables('persistentToken'))))}" + }, + "Get_Cyren_Indicators": { + "type": "Http", + "runAfter": { + "Build_Cyren_Api_Url": [ + "Succeeded" + ] + }, + "inputs": { + "method": "GET", + "uri": "@{outputs('Build_Cyren_Api_Url')}", + "headers": { + "Authorization": "@{concat('Bearer ', parameters('Cyren_JwtToken'))}", + "Accept": "application/json" + } + } + }, + "Check_Response_Has_Data": { + "type": "If", + "expression": { + "and": [ + { + "greater": [ + "@length(body('Filter_Empty_Lines'))", + 0 + ] + } + ] + }, + "runAfter": { + "Filter_Empty_Lines": [ + "Succeeded" + ] + }, + "actions": { + "For_Each_Indicator": { + "type": "Foreach", + "foreach": "@body('Filter_Empty_Lines')", + "runtimeConfiguration": { + "concurrency": { + "repetitions": 1 + } + }, + "actions": { + "Post_IOC_to_CrowdStrike": { + "type": "Http", + "inputs": { + "method": "POST", + "uri": "@{parameters('CrowdStrike_BaseUrl')}/iocs/entities/indicators/v1?ignore_warnings=true", + "headers": { + "Content-Type": "application/json", + "Authorization": "@{concat('Bearer ', body('Get_CrowdStrike_Token')?['access_token'])}", + "User-Agent": "data443-cyren-crowdstrike/1.0" + }, + "body": { + "indicators": [ + { + "type": "ipv4", + "value": "@{item()?['identifier']}", + "action": "detect", + "severity": "medium", + "source": "Cyren Threat Intelligence", + "description": "Cyren @{parameters('Cyren_FeedId')} | Risk: @{coalesce(item()?['detection']?['risk'], 'N/A')} | Last Seen: @{coalesce(item()?['last_seen'], 'N/A')}", + "expiration": "@{addDays(utcNow(), 30)}", + "platforms": [ + "windows", + "mac", + "linux" + ], + "tags": [ + "cyren", + "@{parameters('Cyren_FeedId')}" + ], + "applied_globally": true + } + ] + } + } + } + } + } + }, + "else": { + "actions": { + "No_Data_Stop_Polling": { + "type": "SetVariable", + "inputs": { + "name": "continuePolling", + "value": false + } + } + } + } + }, + "Check_Pagination_Token": { + "type": "If", + "expression": { + "and": [ + { + "less": [ + "@length(body('Filter_Empty_Lines'))", + 1000 + ] + } + ] + }, + "runAfter": { + "Check_Response_Has_Data": [ + "Succeeded" + ] + }, + "actions": { + "Update_PersistentToken": { + "type": "SetVariable", + "inputs": { + "name": "persistentToken", + "value": "@{outputs('Extract_Last_Offset')}" + }, + "runAfter": { + "Extract_Last_Offset": [ + "Succeeded" + ] + } + }, + "Extract_Last_Offset": { + "type": "Compose", + "inputs": "@string(json(last(body('Filter_Empty_Lines')))?['offset'])" + } + }, + "else": { + "actions": { + "Stop_Polling": { + "type": "SetVariable", + "inputs": { + "name": "continuePolling", + "value": false + } + } + } + } + }, + "Split_NDJSON_Lines": { + "type": "Compose", + "inputs": "@split(trim(string(body('Get_Cyren_Indicators'))), decodeUriComponent('%0A'))", + "runAfter": { + "Get_Cyren_Indicators": [ + "Succeeded" + ] + } + }, + "Filter_Empty_Lines": { + "type": "Query", + "inputs": { + "from": "@outputs('Split_NDJSON_Lines')", + "where": "@not(equals(trim(item()), ''))" + }, + "runAfter": { + "Split_NDJSON_Lines": [ + "Succeeded" + ] + } + } + } + } + } + } + }, + "tags": { + "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]" + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId1'),'/'))))]", + "properties": { + "parentId": "[variables('playbookId1')]", + "contentId": "[variables('_playbookContentId1')]", + "kind": "Playbook", + "version": "[variables('playbookVersion1')]", + "source": { + "kind": "Solution", + "name": "Cyren-CrowdStrike-ThreatIntelligence", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "Data443 Risk Mitigation, Inc.", + "email": "[variables('_email')]" + }, + "support": { + "name": "Data443 Risk Mitigation, Inc.", + "email": "support@data443.com", + "tier": "Partner", + "link": "https://www.data443.com" + } + } + } + ] + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "contentId": "[variables('_playbookContentId1')]", + "contentKind": "Playbook", + "displayName": "Playbooks", + "contentProductId": "[variables('_playbookcontentProductId1')]", + "id": "[variables('_playbookcontentProductId1')]", + "version": "[variables('playbookVersion1')]" + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/contentPackages", + "apiVersion": "2023-04-01-preview", + "location": "[parameters('workspace-location')]", + "properties": { + "version": "3.0.0", + "kind": "Solution", + "contentSchemaVersion": "3.0.0", + "displayName": "Cyren-CrowdStrike-ThreatIntelligence", + "publisherDisplayName": "Data443 Risk Mitigation, Inc.", + "descriptionHtml": "

Note: Please refer to the following before installing the solution:

\n

\u2022 Review the solution Release Notes

\n

\u2022 There may be known issues pertaining to this Solution, please refer to them before installing.

\n

The Cyren CrowdStrike Threat Intelligence solution polls Cyren CCF threat intelligence feeds (IP reputation, malware URLs) and pushes IOCs to CrowdStrike Falcon's Custom IOC API for detection and response.

\n

Playbooks: 1

\n

Learn more about Microsoft Sentinel | Learn more about Solutions

\n", + "contentKind": "Solution", + "contentProductId": "[variables('_solutioncontentProductId')]", + "id": "[variables('_solutioncontentProductId')]", + "icon": "", + "contentId": "[variables('_solutionId')]", + "parentId": "[variables('_solutionId')]", + "source": { + "kind": "Solution", + "name": "Cyren-CrowdStrike-ThreatIntelligence", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "Data443 Risk Mitigation, Inc.", + "email": "[variables('_email')]" + }, + "support": { + "name": "Data443 Risk Mitigation, Inc.", + "email": "support@data443.com", + "tier": "Partner", + "link": "https://www.data443.com" + }, + "dependencies": { + "operator": "AND", + "criteria": [ + { + "kind": "Playbook", + "contentId": "[variables('_Playbooks')]", + "version": "[variables('playbookVersion1')]" + } + ] + }, + "firstPublishDate": "2026-02-17", + "providers": [ + "Data443 Risk Mitigation, Inc.", + "Cyren" + ], + "categories": { + "domains": [ + "Security - Threat Intelligence" + ] + } + }, + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/', variables('_solutionId'))]" + } + ], + "outputs": {} +} \ No newline at end of file diff --git a/Solutions/Cyren-CrowdStrike-ThreatIntelligence/Package/testParameters.json b/Solutions/Cyren-CrowdStrike-ThreatIntelligence/Package/testParameters.json new file mode 100644 index 00000000000..e55ec41a9ac --- /dev/null +++ b/Solutions/Cyren-CrowdStrike-ThreatIntelligence/Package/testParameters.json @@ -0,0 +1,24 @@ +{ + "location": { + "type": "string", + "minLength": 1, + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Not used, but needed to pass arm-ttk test `Location-Should-Not-Be-Hardcoded`. We instead use the `workspace-location` which is derived from the LA workspace" + } + }, + "workspace-location": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "[concat('Region to deploy solution resources -- separate from location selection',parameters('location'))]" + } + }, + "workspace": { + "defaultValue": "", + "type": "string", + "metadata": { + "description": "Workspace name for Log Analytics where Microsoft Sentinel is setup" + } + } +} diff --git a/Solutions/Cyren-CrowdStrike-ThreatIntelligence/Playbooks/CyrenToCrowdStrike_Playbook.json b/Solutions/Cyren-CrowdStrike-ThreatIntelligence/Playbooks/CyrenToCrowdStrike_Playbook.json new file mode 100644 index 00000000000..7dc48c4d5f1 --- /dev/null +++ b/Solutions/Cyren-CrowdStrike-ThreatIntelligence/Playbooks/CyrenToCrowdStrike_Playbook.json @@ -0,0 +1,348 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "logicAppName": { + "type": "string", + "defaultValue": "pb-cyren-to-crowdstrike" + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]" + }, + "Cyren_JwtToken": { + "type": "securestring", + "defaultValue": "", + "metadata": { + "description": "Cyren CCF JWT Bearer token for authentication" + } + }, + "Cyren_FeedId": { + "type": "string", + "defaultValue": "ip_reputation", + "metadata": { + "description": "Cyren CCF Feed ID (e.g. ip_reputation, malware_urls)" + } + }, + "CrowdStrike_ClientId": { + "type": "securestring", + "defaultValue": "", + "metadata": { + "description": "CrowdStrike OAuth2 Client ID" + } + }, + "CrowdStrike_ClientSecret": { + "type": "securestring", + "defaultValue": "", + "metadata": { + "description": "CrowdStrike OAuth2 Client Secret" + } + }, + "CrowdStrike_BaseUrl": { + "type": "string", + "defaultValue": "https://api.crowdstrike.com", + "metadata": { + "description": "CrowdStrike API Base URL (e.g. https://api.crowdstrike.com or https://api.us-2.crowdstrike.com)" + } + } + }, + "resources": [ + { + "type": "Microsoft.Logic/workflows", + "apiVersion": "2019-05-01", + "name": "[parameters('logicAppName')]", + "location": "[parameters('location')]", + "properties": { + "state": "Enabled", + "parameters": { + "Cyren_JwtToken": { + "value": "[parameters('Cyren_JwtToken')]" + }, + "Cyren_FeedId": { + "value": "[parameters('Cyren_FeedId')]" + }, + "CrowdStrike_ClientId": { + "value": "[parameters('CrowdStrike_ClientId')]" + }, + "CrowdStrike_ClientSecret": { + "value": "[parameters('CrowdStrike_ClientSecret')]" + }, + "CrowdStrike_BaseUrl": { + "value": "[parameters('CrowdStrike_BaseUrl')]" + } + }, + "definition": { + "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "Cyren_BaseUrl": { + "type": "string", + "defaultValue": "https://api-feeds.cyren.com/v1/feed/data" + }, + "Cyren_JwtToken": { + "type": "string", + "defaultValue": "" + }, + "Cyren_FeedId": { + "type": "string", + "defaultValue": "ip_reputation" + }, + "CrowdStrike_BaseUrl": { + "type": "string", + "defaultValue": "https://api.crowdstrike.com" + }, + "CrowdStrike_ClientId": { + "type": "string", + "defaultValue": "" + }, + "CrowdStrike_ClientSecret": { + "type": "string", + "defaultValue": "" + } + }, + "triggers": { + "Recurrence": { + "type": "Recurrence", + "recurrence": { + "frequency": "Minute", + "interval": 360, + "timeZone": "UTC" + } + } + }, + "actions": { + "Initialize_PersistentToken": { + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "persistentToken", + "type": "string", + "value": "" + } + ] + }, + "runAfter": {} + }, + "Initialize_ContinuePolling": { + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "continuePolling", + "type": "boolean", + "value": true + } + ] + }, + "runAfter": { + "Initialize_PersistentToken": [ + "Succeeded" + ] + } + }, + "Get_CrowdStrike_Token": { + "type": "Http", + "inputs": { + "method": "POST", + "uri": "@{parameters('CrowdStrike_BaseUrl')}/oauth2/token", + "headers": { + "Content-Type": "application/x-www-form-urlencoded", + "User-Agent": "data443-cyren-crowdstrike/1.0" + }, + "body": "client_id=@{parameters('CrowdStrike_ClientId')}&client_secret=@{parameters('CrowdStrike_ClientSecret')}" + }, + "runAfter": { + "Initialize_ContinuePolling": [ + "Succeeded" + ] + } + }, + "Poll_Cyren_Feed": { + "type": "Until", + "expression": "@equals(variables('continuePolling'), false)", + "limit": { + "count": 10, + "timeout": "PT1H" + }, + "runAfter": { + "Get_CrowdStrike_Token": [ + "Succeeded" + ] + }, + "actions": { + "Build_Cyren_Api_Url": { + "type": "Compose", + "inputs": "@{concat(parameters('Cyren_BaseUrl'), '?feedId=', parameters('Cyren_FeedId'), '&count=1000&queryWindowInMin=360', if(equals(variables('persistentToken'), ''), '', concat('&token=', variables('persistentToken'))))}" + }, + "Get_Cyren_Indicators": { + "type": "Http", + "runAfter": { + "Build_Cyren_Api_Url": [ + "Succeeded" + ] + }, + "inputs": { + "method": "GET", + "uri": "@{outputs('Build_Cyren_Api_Url')}", + "headers": { + "Authorization": "@{concat('Bearer ', parameters('Cyren_JwtToken'))}", + "Accept": "application/json" + } + } + }, + "Check_Response_Has_Data": { + "type": "If", + "expression": { + "and": [ + { + "greater": [ + "@length(body('Filter_Empty_Lines'))", + 0 + ] + } + ] + }, + "runAfter": { + "Filter_Empty_Lines": [ + "Succeeded" + ] + }, + "actions": { + "For_Each_Indicator": { + "type": "Foreach", + "foreach": "@body('Filter_Empty_Lines')", + "runtimeConfiguration": { + "concurrency": { + "repetitions": 1 + } + }, + "actions": { + "Post_IOC_to_CrowdStrike": { + "type": "Http", + "inputs": { + "method": "POST", + "uri": "@{parameters('CrowdStrike_BaseUrl')}/iocs/entities/indicators/v1?ignore_warnings=true", + "headers": { + "Content-Type": "application/json", + "Authorization": "@{concat('Bearer ', body('Get_CrowdStrike_Token')?['access_token'])}", + "User-Agent": "data443-cyren-crowdstrike/1.0" + }, + "body": { + "indicators": [ + { + "type": "ipv4", + "value": "@{item()?['identifier']}", + "action": "detect", + "severity": "medium", + "source": "Cyren Threat Intelligence", + "description": "Cyren @{parameters('Cyren_FeedId')} | Risk: @{coalesce(item()?['detection']?['risk'], 'N/A')} | Last Seen: @{coalesce(item()?['last_seen'], 'N/A')}", + "expiration": "@{addDays(utcNow(), 30)}", + "platforms": [ + "windows", + "mac", + "linux" + ], + "tags": [ + "cyren", + "@{parameters('Cyren_FeedId')}" + ], + "applied_globally": true + } + ] + } + } + } + } + } + }, + "else": { + "actions": { + "No_Data_Stop_Polling": { + "type": "SetVariable", + "inputs": { + "name": "continuePolling", + "value": false + } + } + } + } + }, + "Check_Pagination_Token": { + "type": "If", + "expression": { + "and": [ + { + "less": [ + "@length(body('Filter_Empty_Lines'))", + 1000 + ] + } + ] + }, + "runAfter": { + "Check_Response_Has_Data": [ + "Succeeded" + ] + }, + "actions": { + "Update_PersistentToken": { + "type": "SetVariable", + "inputs": { + "name": "persistentToken", + "value": "@{outputs('Extract_Last_Offset')}" + }, + "runAfter": { + "Extract_Last_Offset": [ + "Succeeded" + ] + } + }, + "Extract_Last_Offset": { + "type": "Compose", + "inputs": "@string(json(last(body('Filter_Empty_Lines')))?['offset'])", + "runAfter": {} + } + }, + "else": { + "actions": { + "Stop_Polling": { + "type": "SetVariable", + "inputs": { + "name": "continuePolling", + "value": false + } + } + } + } + }, + "Split_NDJSON_Lines": { + "type": "Compose", + "inputs": "@split(trim(string(body('Get_Cyren_Indicators'))), decodeUriComponent('%0A'))", + "runAfter": { + "Get_Cyren_Indicators": [ + "Succeeded" + ] + } + }, + "Filter_Empty_Lines": { + "type": "Query", + "inputs": { + "from": "@outputs('Split_NDJSON_Lines')", + "where": "@not(equals(trim(item()), ''))" + }, + "runAfter": { + "Split_NDJSON_Lines": [ + "Succeeded" + ] + } + } + } + } + }, + "outputs": {} + } + } + } + ] +} \ No newline at end of file diff --git a/Solutions/Cyren-CrowdStrike-ThreatIntelligence/ReleaseNotes.md b/Solutions/Cyren-CrowdStrike-ThreatIntelligence/ReleaseNotes.md new file mode 100644 index 00000000000..fc23c5118f5 --- /dev/null +++ b/Solutions/Cyren-CrowdStrike-ThreatIntelligence/ReleaseNotes.md @@ -0,0 +1,3 @@ +| **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** | +|-------------|--------------------------------|--------------------| +| 3.0.0 | 23-02-2026 | Initial release — Cyren CCF feed polling with NDJSON parsing, CrowdStrike Falcon Custom IOC push via /iocs/entities/indicators/v1 endpoint with OAuth2 Bearer token, PersistentToken pagination, 6-hour recurrence, cost safety parameters enforced. Hidden Sentinel tags applied for Content Hub visibility. | diff --git a/Solutions/Cyren-CrowdStrike-ThreatIntelligence/SolutionMetadata.json b/Solutions/Cyren-CrowdStrike-ThreatIntelligence/SolutionMetadata.json new file mode 100644 index 00000000000..4a166b57716 --- /dev/null +++ b/Solutions/Cyren-CrowdStrike-ThreatIntelligence/SolutionMetadata.json @@ -0,0 +1,21 @@ +{ + "publisherId": "data443riskmitigationinc1761580347231", + "offerId": "azure-sentinel-solution-cyren-cs-ioc-automation", + "firstPublishDate": "2026-02-17", + "providers": [ + "Data443 Risk Mitigation, Inc.", + "Cyren" + ], + "categories": { + "domains": [ + "Security - Threat Intelligence" + ], + "verticals": [] + }, + "support": { + "name": "Data443 Risk Mitigation, Inc.", + "email": "support@data443.com", + "tier": "Partner", + "link": "https://www.data443.com" + } +} From 3e1306e62e4aa9611e483adaa6885d58effaffbf Mon Sep 17 00:00:00 2001 From: Taz Jack Date: Mon, 16 Mar 2026 05:39:13 -0400 Subject: [PATCH 02/21] fix: correct playbook visibility in Content Hub for Cyren CrowdStrike - playbookContentId1: 'Playbooks' -> 'CyrenToCrowdStrike' - Removed spurious Playbooks/_Playbooks variables - displayName: 'Playbooks' -> 'CyrenToCrowdStrike' - Added missing hidden-SentinelTemplateName tag ('CyrenToCrowdStrike') - Added missing hidden-SentinelTemplateVersion tag ('1.0') - parentId in inner metadata: single bracket -> double bracket (ARM escape) - Rebuilt 3.0.0.zip with fixed mainTemplate.json --- .../Package/3.0.0.zip | Bin 6311 -> 6120 bytes .../Package/mainTemplate.json | 962 +++++++++--------- 2 files changed, 481 insertions(+), 481 deletions(-) diff --git a/Solutions/Cyren-CrowdStrike-ThreatIntelligence/Package/3.0.0.zip b/Solutions/Cyren-CrowdStrike-ThreatIntelligence/Package/3.0.0.zip index d164858b4c4326c090c3879f3bfb5b0814a58c1a..6d5237a27af4bda66499b51cbb301b68077c7362 100644 GIT binary patch delta 4415 zcmZA5Wl$7qxBy_fb3q!UrKMZC8)1p1Te@M%g+s>@(%s!%0s>14$Rb_Rogyu8J#&BD zxo5t4=bLxl`u|k$9KI*hQbk4~MnFKoK-lJRGiIV@QWqsaKzIfvlTkrBzjxSM{|#?2 zHUc8b4I%;p%HK|eGb%^VRl#2Y5L5+U(s90Wn&}g+lv4N8QumV;iB)^sX*df%rn0aO zifV}7+T80i2`y$QqmoRsr@CuGo-!w(XX%bB->grz@>+j?>T2*zTsBYSfG|Litkm@p zTgb}}94fov3sJR%tlb^bKaHS?4Z$UIw;1e%Dei@_4xyiX6G*i;J=R`@O18{ISCRS^ zW$_Av2Y49xiPz&FWv|R0{X)A=dW?U+q6QC93T=5(#6><`zQ9YO4pST1fAeiw?|Xc0 zg5t?EBvQdXvlR0{_A1U$f&f*g-gFq2NK@pv0K_P;0!=n#mh5aDChT=<+5P)FSgpR% zQzEhH8-BaAd=D}i3G?pPl1*mySc$9GN zl}I2}Rfj}=xAIqrdzhSz2`m%NczcP@qh7qBCwXC6Yr%%iF$DXPDMv1n$1tHi*w_!{ zB1({n4?2Y~XlU>9My`Rk+=5ZJ&8dP!C%fII_xUjc(WUYhm;4S!`V0@?lO-p) zpFSe7Z+pf|aM}kB(=QHbXzadg%_VY8z>t+l7#HvofgZ^SO0LOc6{aKyvA;rc>}zAc zE7aRy*0WY%H)kp8DBR|`ySuK8zv-IQFV zAqR5d;tVy)T=1(qs9NZD0zW6+MaUFtJ$|LjD_WnybrHTI`-DGA_GdDVwL~Xj`fI3C zG;)zvq#qy+tTpX^HUjI#Y22qIU{In}uDgTBICvFt|L*=}m2XO2?I zd_XTIGbyz-E@wJZJ@C7cxBA2DHpHGDff{W@bMF1VXO-ny(GlaP3m0qe1enT(r~QxL zdt4a$i<0tHu7jnnS2m)Te+?(j?yg%GGW9*Ax1P6NB9rC{ZSbW6(S+B$3Kh~8Ccc_0 zzeF^`Gy4H_C%b2}UUznGEIk!dHw+DA62C1SaFMM|qrNVUS$Dv>} z9>$`Qey2v778@^!&P z=XR%Pv!@3abTlEUHSuCN5gb`UV*F3OwRI`R3S;`MWnqn;!{0D3KIh{OWyCnfPkpjWe&+05bM=DNZSpcOWDIrb~x0g)XxqrmbsW zP(U6V!BG_#C$TYLznb;;%?&zIb-{7SS8FMD{kNn8xM`h_B+;eKl=6mET7N(gGf8`- z_j;yqoAfymZ*e-GblVA}HD^Ng>hkeK)nJVVwq*FiMQ_p5R;WpSK-|x90|VCqhc&&gpBU`f^=9TnXi}z zQyA-+>x*1N7dx90YGR4CNj6U)Ie4V}-N4KFI3hr<c7%IcN(0CR`ikf}|~5vI97=(o(M8&wA3eOMm_FG`Gw8L_NJvPr~6nE3$!fHY%dlkYJ#F`VCeG82e zD~@n1pjmB%%K-4Xlx0((Sz@bz_*HPKS=FFmd51vu%K*qs2(tTdY_K*p~z z?8cCO{Ys){U*||3=gckBV;>JuFI-j!#YJE?C}K@v!oHCKFk6G~t(Rt!Qczz=)!Dc2 z4gzcmvm-haKACiZ=V_OblTp?}{zSfeM?b+Q;`fPiM{lOz+DH4nJ3wZ)vO=yMK1xj5 zHdQ_EfvIk~0a0K|IKI)|tR7}1t~+^>d(2E@%fIrs)gmI`&x;-Rev$bCx5&e+;Nq4 z_f=U7a>0M^No7+0xefL+3N+Tl&NrI zJHFA(8;-4z7WL`UZ#UZe`F4Z9%xu}9%p3y=DX78G+>9}tMBK+-UvNE5Omp1T;TH4& zkrFa`F93RQxa~-zfMc>SZ0}8S*)C?!>zJtt208Mc^orcpGgoBF6Zl;2=6z#+@~%;* z$fQ72%Q@>#G6r!B;Ra!=y6Di-X2;}(%x0`4jqf)gb+LB5i_J8>VX&ii9FEmKHz9$5)4{I7vY?N<+L*@zU#ZauFW zEs^x%b2;i_G+Oa2?uARapA7*SzT!esv6-pUD(eP_V}7+5o}aNj=CEd+pqy+eA6BZ> z1tp5&HSrSem~)SZGdX=1y7Z(CY&qsP{C5pPKz78+m7{2u$O#6QR0KdfoO(sb&lE!p z1tG(3cMN&q0J?H&C;LWC2v(^*3fpz6$znUEfH%Dr^~U<+OYwRVTC+BpIRz%2ss@C`ZT4& zWk!axUi@<}rrb^m9EKhC2LCSATqi3U+F*6hq(SdB%Do~&aax`f#YIG!?e+-`fAc!r zVv7~a;X`nt6GPK}WBtWNk5Fxf+eI{20QYZyVPn#YC2Tg^x&=O0%O{%JAoJY*VSlU3BK% z6qg>a8khW7=1Ue?(8&h@Of;@`)6*CA9cc?QGOZf;y2`rowA@Q_V>J|{J`mv!|5Vg+ zYG?sUNxJ}?7BB@UxgJ%u>hSbDKf6j?lfifiZI*YzqBhVt-G?6%f$f51%PUe5bx(#A zQ1JP_IH&mHrMWY=U=1Ze%4lm0&n=e6S(A8Lokxjyk$?W8vl&9(2RrIWxp^%(>u+;{ zpb796P@TPkeF95u4f`h^sfj+^e1(zrPR_JtrO!H~b6+~|S~V4I2B}%=)4@he?_7u0 z+i|`q_|zCGKQ)xLL+5OAi90?nN)FRklr@7&nYnV3*nsvG4)S$6)6{;wVRA$t^BY=K zu9fWYXVd0KmLNW6@(FOv7juTnhvt!miHV+HIkES@lo5xH(nYRFI+#Sm^dWRKZ{s&O*!oGZtdXpC*HDRRRS+$m8VAmIHTy zxC+GjjB1N2ya+luCsPR!yBP- zW7-;yJ5U2#dT7R}+8n2t9?T}=K2ZJm_yUtnI%NLaw*if{%&5zXCPLj5ed@EqQID?E zlgw4w8;GxWzuu923NbkM%fnWM|F>^Bb87)wy=c}>2-6I0gw6i6eCUn>+PI9@uY7(i zwfifKy<2FZ^ytr35*l8CgD4a=b8|eVe=LhDJ#aN*xSK@|DG<-Z)~k8hyGK<`ei>9x=)`Y*G$I^v^5eAt6_eYNkrXGERT-?hKis$i0`0 z4EbY4A4}@R2Gsu)mfwT1l-GA(N&hqc($9l6QQ$nbrSPb~+Mn{0Y-a$enve?LL%uN- zN(Mo%Flc4~TR%se;ET*VlayUksf;O+PY~E#caoY#l%W-%Vl&cP^?Is?X)=tEjrnn z90l-7<{@;CTxU*9SUS>C5%vMs3A?K(5mJm&n_LvO^MSc?-X45{wn<`g$ZCqFDQ$~ia3!nw(d z8x^iX-R#>cJDCO!Pa9p_hf=!2xr*p+RoDt&IA>`_WaEJ~k1WS6e=_X6xj@um5aO1* zRdu&KX)>Itb?o8RNN^SGresIl9Fl8>xp^VclOJ?i$aM8UoYU{FeM^HgS{ z(NIT2WU}@>@QdsFmxwG ze4y6Z^C9&v@c!J5s~7Q1>$!Thl*hH9{a=9aCnQ~Wx*$0_ zg)ZKk6x?k>2FDQ)@-%_{uapy5j_4exYl-gFDzQ$K1Sj-ELj-@AfzTR) zb~UWd7|5VZ_)55d`DbUeB;)wlWL{^w9uHe4Uc#DC&6+-#1k*jPsTYtKQD*0cB~XjC zIk0^mFAQN1J14V>q5|M#i<7ui*sEMPX<@Dg0pAzYc`n~j={sc#yxm^FWpt5^?&lS) z;UA3(rUM_6U~Q5U>Sm}wya~FasY$A0URz8i@BpClhjpnSa+_Yzi+bo5*jMeMKrR>e z^x5`mnSOJu&$vo;8=<*g^RKNZ$$?S*x%apNk$o@8oC(>U;RC;wDQtwGQC45Rs(RvT zQY_4qG+bI^)-ASigRcSs$E|!CuVYzgL943g?%`%u9~K-zkr$`|2cOGMx8x0S=rGuT z(&H_`kKlUUP$R2NrD!7jFtJl2XWi1RMtZiBA7S+S_Nhcq!c)d*?24tcc{L-xUDkDa zCH{fVAE!dX@;c~M~82TTVK2I!B{QYNX$A3Z`WD`A@z1NLmN>Y`RN6qsjTaxg=L~( zZv&GqroA9ZLkrc?p9c%d_2+I=(uX4&Pav`CYLH zG}8wHd~xtL<)FcP#0_pz(dK`vBQ9QT^FFh1oAf|m3WH&{%=>nUt?DNAVS%idhe;sn zX?Gkb<*fixjg#@&+R3Pimji*jBDb?%38LlL8-0znTrC_X91NAIX5uN>wjzhEodC-` z8c(eT7f27qZP)SX2N21_YIWlir-nTq2YSB1fx2+*I^H2ew@FhcZ6HAw^N{nK#mtza z*sfx~Dr#RlX1Y!F`a|ph3IF|~uSFs9(X8~fnQ4t8B&X`GqS%r=9Q8|#I`Jt+)2+7Y zc+dnq0e)2O7Kh4XOXVmIwRC*8?)S!4`9YurAdEVH#3%I)bEU{&s{(tZk% zKR=gT`4e%qsm&ee%9uor6xTST*RRUy#h|he2Ec}I^``>u+|qZmJ{V(0q%!jsYT$!v zs)MtaN>nXlA+RaYAjnCnitrz+_b)}UhOb`}SBXy=Df8oF-P{OvPaKSQc{$+< z*_h*V>fx-&cA}?Vx*1A@ce-~^edYs_sRSI$^Fwdx zZ11|sz82TpGUdDrQ}J!;S@ww+Uh+$bp}b=)^wp(-cMRBj)2hx0>j5khBF$8a*TC3t zS|5M?NsHFnQWvV}kGB4Bc&%X%k$qAC|CjNFHa|~%sg||I zlfG9*9;V1S>e7%%>jaNRjjjG@ook`-JjH-CGxv@#&j{-8ZjKhVj`-anM#HONdYt zkOjrw)-@#qWT%6cC1+V6j1?F&HQ~&W5VpVO4PEIQow3`H zj;WMJbnNJTn6Q7BDB!#{4|gBE_4@irE{Y#A*@g4|ZQ=tb4klZ8$I5#N$ITW^IKnm6jsMUveZct`QP)KRQ!7-t+0-`I)p_jg5e*r;Gk;;-jm!!DYM}gLd*?SRT5#dCnKZxnCNU zE0iLwJa8`QVRN6AAa$Q&wUt``4vs&x^m+Mt-_~;2xEK7eFdN9>w28vawi#Hz#R!}= zW+Vmh_KuJg-ci`$AuFjg-^)EvzVsP}zYt^$2=qd)BejOr<5qRN14{B<#j4bveHfg# zAqffhPDN;0UUxp{%eu^LJy34#v*o_uJlio(4uukvvEJ<&?MO`T)15?bwAn3AR-dI# zHta?b615y6GK$BSe(6gAnE{CdmA>j4-x!%v57_M?}#LovEmGtK!P~Oyw zwbf$kjnj#_46U*KdCPwNk}7ZnD+WZ-5`2yL{kB*o2`FI|?N$OD@zE7TKTBnjBdm;p zaz*0CH#{l+i(=5eyc!6%5c z^1i`3$UO^up~u8F-^{%FWY4~ax*FUMv@A%5Bt3bK3~3s?UMA1Kx0g=W`FqRKvxa6q zc59bD1wzzTlG{ihxyd3)k1aB^>>(A~o$Lu3jDKUy*0j+0zP@a(;&Ozqb$=Engmj0h zOrR6N9+VypF@LBKri&H1+mNPoJ>Fb?Z_B0tX#vZKProa53oC3YIMF#UF@iK|Hfkx+ zfvzcrQ}MVyl~Nk7h6icXxpGHyJl85&B8C#h0BcU@tVQBk?0ZvhRUV<2C(aTsTN5rB zan_jAcGQYv7NAks;tzP38Qi1 zyJU>)scTYE0|%jFK7YWIMKPROb3`lUbi4@;5S3A8;nI0v;S%PSJZFG3hoO*Ay%T>R z!{XMX-7(~0r_vVck&US$%(h>B+M=qr{QR5NqBt(2$fP@FR2H{4%c_>6IqMz4BYnb) zT1kyKp~=qYtN0=pBU8yU8G0b~ZDrPHTo9W@1}Co@cJ*fa5Ze5T&@3Be$LQ({M=Ea0 zt-tV9C7Q$tloD5F1S&wVh0HTc&LI-u7eNc!97T-S71n({Iy=>9I85`LFm+gCf31{# zI3WGv7s}*o7IwSys)cITGC4cCoa(PezhRs8%<9!q`)d(AjX@pzOHAAxfg;IJ<=rnp-yU-85r6<%1%rXAdG|AID&~C4|3gpm*3urmf72) z5Bu3uYPgi2S+vTdnPxxTL<)>Dir|;}Af88Lv4538t?b=a!tcDjWgOIW>nSouUR7H* zB74Lu-NXG7XhZhKH@KF*r_QA! zpH$=K+MJi-w!AjW@^pmj%a)AU z`<@XsZHNUBm9QJFy#n!(=m)v}IihD>%uFNNj8&{$_g91*+=ylnGw|L16?k@qAa%Rk zi9MKbD{F|)Mo}rqWA4_9!3oXZ+<%-4UT?1X9;CH-4_m^a8ew{S>ZO!yg7QB?`R5U@ zrAJ{CTZP>(7u{TMYJfsYALB_eDqqKO83SF^x0F)%S_??~zNXSrmY(q%MG4hLoBP#C z9C%fIY4hEcDP#QUdj2M1iSB;JSj9I-<5khJDvgkA#Ge^IvMgrS+o0=fv#gFQ7d;Eg z_~lS~5kInw`aYwn(I>VZ{ZU;}x8L)d!4#TszI?jVdtsDoHsI_{B}khYbT@)KlA|Wo zh}UaDxYc<@elwSkQl^0C5wrh%%r~}cQ;uyQXBe-nv;Ok&DihgLD!J!zD^yO~Tb*u; zrQ*+56DVdGrmlQwi#jAOc*vQr(kgmh#Aw?uO^VuQQTv<~wTm11scl?4jQ!xHW_ZD2 zd4oGTd~sEN0|Q)F5?k6v1kVK9=M^Mj%b!qMU=kB(_;XD%0?o}aaoU!FB98tRTQUo= zU0CMOV8XnVb9LgxtRghherTA+++cB$_LCxvT~KRM)9#Gj6@%k(mqY5anG;zk1ScY$C2=S04CSfOgs74WCTzyYy7H5NPwb93wf2 zsfhaXG+uy6;>8cmXq&1*BXIT?xfq5OE^#x<+UgSy^|~^>B?k3<7qU;(=$0zBPt>;# z!G;s~)+(!uC%xKujSO!EDj@*&hC=Xx@Y;b2%TBnYEy^gk%Z^g$ zcuRkUclw*6H$Ciqpx4FayZ)*B$BA^)pq|>1a1%PjZ{@_d)J^fLib^CUi3qEk-~;E| z2V~ZAEE)RsQaQ1$iB)7(nrTQ z15$tyIXEeW{qRKA@1%kSszd*tt%^CBhbiyL$98nrq#8+8{AW?`|I$BcUtQyN{2mf;dijA5)tg7W|lOKV)!NW4EY$E zFl@$M=-K+$q=Dm?fLjZn8$o<7J-q9;tQa8pR#Uu4@%!+tdHWzV!KKLEZKsQO$co4W z!fo1pNF`I8pC2@fdG-R|)c%@<(+{j^^U#bYt=zD1kUdO^xZ145&Ig@=V_P{8EpWlJ z!P(w5IuWC59*vRXn2)=Vt5KGCQHNq#xlpM4s6CjKa(&wX>oR2cN%gSgH>dV-QyJiI zLF;e6A*(~Xkh*DJSr@$<7EAzY^UyUe|t-^6zyY$ z|2O#0Wel{zSS;B8M`(fu#+5a3L7?q_N<#~x`Note: Please refer to the following before installing the solution:

\n

\u2022 Review the solution Release Notes

\n

\u2022 There may be known issues pertaining to this Solution, please refer to them before installing.

\n

The Cyren CrowdStrike Threat Intelligence solution polls Cyren CCF threat intelligence feeds (IP reputation, malware URLs) and pushes IOCs to CrowdStrike Falcon's Custom IOC API for detection and response.

\n

Playbooks: 1

\n

Learn more about Microsoft Sentinel | Learn more about Solutions

\n", - "contentKind": "Solution", - "contentProductId": "[variables('_solutioncontentProductId')]", - "id": "[variables('_solutioncontentProductId')]", - "icon": "", - "contentId": "[variables('_solutionId')]", - "parentId": "[variables('_solutionId')]", + "kind": "Playbook", + "version": "[variables('playbookVersion1')]", "source": { - "kind": "Solution", - "name": "Cyren-CrowdStrike-ThreatIntelligence", - "sourceId": "[variables('_solutionId')]" + "kind": "Solution", + "name": "Cyren-CrowdStrike-ThreatIntelligence", + "sourceId": "[variables('_solutionId')]" }, "author": { - "name": "Data443 Risk Mitigation, Inc.", - "email": "[variables('_email')]" + "name": "Data443 Risk Mitigation, Inc.", + "email": "[variables('_email')]" }, "support": { - "name": "Data443 Risk Mitigation, Inc.", - "email": "support@data443.com", - "tier": "Partner", - "link": "https://www.data443.com" - }, - "dependencies": { - "operator": "AND", - "criteria": [ - { - "kind": "Playbook", - "contentId": "[variables('_Playbooks')]", - "version": "[variables('playbookVersion1')]" - } - ] - }, - "firstPublishDate": "2026-02-17", - "providers": [ - "Data443 Risk Mitigation, Inc.", - "Cyren" - ], - "categories": { - "domains": [ - "Security - Threat Intelligence" - ] + "name": "Data443 Risk Mitigation, Inc.", + "email": "support@data443.com", + "tier": "Partner", + "link": "https://www.data443.com" } - }, - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/', variables('_solutionId'))]" + } + } + ] + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "contentId": "[variables('_playbookContentId1')]", + "contentKind": "Playbook", + "displayName": "CyrenToCrowdStrike", + "contentProductId": "[variables('_playbookcontentProductId1')]", + "id": "[variables('_playbookcontentProductId1')]", + "version": "[variables('playbookVersion1')]" + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/contentPackages", + "apiVersion": "2023-04-01-preview", + "location": "[parameters('workspace-location')]", + "properties": { + "version": "3.0.0", + "kind": "Solution", + "contentSchemaVersion": "3.0.0", + "displayName": "Cyren-CrowdStrike-ThreatIntelligence", + "publisherDisplayName": "Data443 Risk Mitigation, Inc.", + "descriptionHtml": "

Note: Please refer to the following before installing the solution:

\n

\u2022 Review the solution Release Notes

\n

\u2022 There may be known issues pertaining to this Solution, please refer to them before installing.

\n

The Cyren CrowdStrike Threat Intelligence solution polls Cyren CCF threat intelligence feeds (IP reputation, malware URLs) and pushes IOCs to CrowdStrike Falcon's Custom IOC API for detection and response.

\n

Playbooks: 1

\n

Learn more about Microsoft Sentinel | Learn more about Solutions

\n", + "contentKind": "Solution", + "contentProductId": "[variables('_solutioncontentProductId')]", + "id": "[variables('_solutioncontentProductId')]", + "icon": "", + "contentId": "[variables('_solutionId')]", + "parentId": "[variables('_solutionId')]", + "source": { + "kind": "Solution", + "name": "Cyren-CrowdStrike-ThreatIntelligence", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "Data443 Risk Mitigation, Inc.", + "email": "[variables('_email')]" + }, + "support": { + "name": "Data443 Risk Mitigation, Inc.", + "email": "support@data443.com", + "tier": "Partner", + "link": "https://www.data443.com" + }, + "dependencies": { + "operator": "AND", + "criteria": [ + { + "kind": "Playbook", + "contentId": "[variables('_Playbooks')]", + "version": "[variables('playbookVersion1')]" + } + ] + }, + "firstPublishDate": "2026-02-17", + "providers": [ + "Data443 Risk Mitigation, Inc.", + "Cyren" + ], + "categories": { + "domains": [ + "Security - Threat Intelligence" + ] } - ], - "outputs": {} + }, + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/', variables('_solutionId'))]" + } + ], + "outputs": {} } \ No newline at end of file From 9ce5e6d3b94c71707f624f03a6537ec9871a197e Mon Sep 17 00:00:00 2001 From: Taz Jack Date: Mon, 16 Mar 2026 05:50:25 -0400 Subject: [PATCH 03/21] =?UTF-8?q?fix:=20dependency=20contentId=20=5FPlaybo?= =?UTF-8?q?oks=20=E2=86=92=20=5FplaybookContentId1=20=E2=80=94=20fixes=20p?= =?UTF-8?q?laybook=20not=20visible=20in=20Content=20Hub=20(Mahesh=20#13658?= =?UTF-8?q?)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../Package/3.0.0.zip | Bin 6120 -> 6013 bytes .../Package/mainTemplate.json | 4 ++-- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Solutions/Cyren-CrowdStrike-ThreatIntelligence/Package/3.0.0.zip b/Solutions/Cyren-CrowdStrike-ThreatIntelligence/Package/3.0.0.zip index 6d5237a27af4bda66499b51cbb301b68077c7362..7417e274d51bdef3ee78991f1dc25379a29ef02d 100644 GIT binary patch delta 4371 zcmZ{ocQ71`)5nz{>Z2t%qDKo(J0*JW{TzuBC88V`POqm&&xz>u5L^)D^iD+2#p%7b zAX*S4c=NpPKksked3R^_JG(PGyMOJ>es+O3!X`$#g!kz2@bK>Ai3)pIX*IHqNm1kB zkyzs4(fqBt+quBNj_w|AcHWM{u3oQUKUkn%3zDZnp+p*f3`63jtk`|w)Dq8w63_j4 zg$0*aSX_Auj0?faK6&-z=eGZvZ+czZX;QCrtz(Ze9`ln{r= zytQ36>~XC)3uQ11(V0fQ>_7sahs@z!4(=G3=N`UN%<;xhaU+uk5D(M1L0tlG+PfFe zt%a}e2)fpia*kz^)IW##-(8+?dF#wRxQ_D>^O9Me)j*J-W;Chnwdrx0T^AF+5ejkO zi&pA;qT$<##BpJ&a$NuDyChz~>{*@$iCSMf$?=%a$`lODZjmU#sF6%m@{9N{o8FBM zCRwvT$h4pV7#WTiFL%p^(%Ip73E!^?7HiaK_o}jBFIg0lCoS0wm$+9I+mty`!uF%i zv_Y4@GZ8$-uPX}tM5jg4h|=xsZS;x~bFnmAe0H-d8X2UT9Q_IxG-Z5nCRJFwhjbT# zr$}Z~(znBSQ&)2GAi?S%S(%is z!mV6?FEz$fPrXm55f?p%x~nx|6TG~{1Iw$s1%#f1S+FErNY_JO#yZSL#i`?vKVO?1 z#nKEaQ;NjRrj%7h` zGY3j4@WT6S^XRkY+kzi*fDb)mc3IxJEYTai>sdot8tb~!;CVnQx2o_?zU0yZ+j znQdwX1(g<0J*tD|mNdRAK3Bc;_0s-shUnkmOQ_xY7UaUNaIC2lzXPT#E}EbyoUnAa zW9NM{@@TjF$S2M7yyq-diuyv4a`zp+uFz%0qs_T(!QOn4@t(VTno{-OiWpqF0y!Oh*pBYobRuhFFJt<jP|mVuy;z69SCfE>#>X3Fd9$a#Ra>cKc#?hAZhnuTP4&RUokrq_%E$oBCwG4e+P^<4m5a#-*>S{%5 zqZ=^EJs!g6E!WNWVdZ^OO-kHpOMJsR(d#qU*V=UcwWsmIm=Y{{gR~YSVft_tmf&mx z(hs#b^$LvstRWV~WM^srQ7F-|fcQlNYkku%s+;2zmX01+qC>e~xY{$ac;k$6XR!f6 zR9nO9<)cKgm!ln+S#61ML_F_W;FY&uBT>k%E!(*VVp=m=p%K?hna-Y~O-tei)ju@9 zm7XJy)w5qoo^G)9Y$t!ZtjwRp9@kb!YAn+K$FSQ~W4HgH)063zn&g+=e89_S!G#&l zcuB$5e=htCsgUe|5NY|*gASC#y~ApRK_7aU!KxZF3q9qn76-XT2 z-&X5m=VQs3P{pqjFmintDDRAxTd7x=IenfY&_Pu`T>1QT%dqNZimLJ>#7y{D?K+g; zd)vIp&{2_eMXgSq8B=;i8+kE>4w+OD8XZ6B*FV8o`csnr@`fyC+nxi8%dW!s&bTIj zVo&7sZz`Yq(^6%En9c{eU+ag@>`w_>Hk`qf;F145BH+{bcia58IzJ(0U@WdQ@#0?P z2u7Gj*3^S*IwP%WfQPTvV}A39o@G??D)MM9gf^*gYn zYAxq1jeOOb85;zu1iuVZ7z3*RHf@WpPotzc!I0n5||4a zpq#B&c*h4S!6%6`;*r^5h2Oz?osqb8I>5b%GQ}=~4qDChryV5{-LMMMO`R>zh$HjJ z^AtW(zcOl2_J`TsGJX3WxsUUCn@A^fHg7VQeq|aW&a7TOQeRdb@61V3#>tey)e!Jt z-(~v3)Xdmd)m`=JmraBMr3QY)?T>xEw`b3D#?7Y%E$@3_#T%FS$m*WW^*A}TSUoib z0CTyi*jHjH0ZIMySKS^52Uxt~#_l|zS+!0#1^CZ87?PkQoVTGt%} zX%9hUHaOMYcZnX-^l56~KfaYK15kERexo_lgM4XA`WB355D{3`Q&7x^2_CxuxH3xF zUW+;LC;B!u;^?zis{(WJpCL<&Op+PsT#}0$$KUXbyBcCOkGj&A_j_^XrU617?&_It zXFMF?1x!6KHJ-18+@$XodReX2-h-w-1TrF`XPsurjTzI)p}V0{X&ZwXA3jX1|DmrB z;!C@QOR!L}si0X_g1J$K86+Iw5g_V5vA@_4Goc!AuC~>8#Ra|s&QLywqml9aa4~kd z23)aBpEh#}#iOXs*e~_+iI$E+bK}DXj=GrB96_^)XBHLydx8)-%JJHfj=Cj*yHLbk zBmd2CzW|XcHT7GS)zei3aH8 zE7~?)nSX6x_uVq}+0oZpKak89!HAkj-Xm+txoS)I@$Sj{w)1W?(VOG;Ot4)`3wRCz zK2Go8-uuqU7(GeEqe1-^dE>sb)+2-#UQKFKLhOnjm3FLMETrK3nbYii=}=qWM9Fg7 zWod{v8h)pLk0GZ%bKEf8e_zei0G?p@-=@PoeoE5%@lu+r=MFjO`LENg$dUxE$fSave%%3 zjW%SLL>Jm7OHvaQKtG80B(~=408fmCwMNZ(@ihc~)oZ)^@J85BLSD0%*^05!zq#yQ z&aj$W@T1Q_Pg<003=WI4m5P@0&YB&IQWf{dE8wLdH#9cdKOuBPFvo%3_=F%Y>Y&q4fz4OV;@*}AWgOPVM11~t&w3-Lr!hdNQI4tm)%Qq#0Mj` z4Z^%h)4$H8-vxz9@qvE#DV5<>!wtbMkG#G5D6 z^bIpjbO|c*fW<2pHJ7482hzSCKQ`#ftGv5&yQ^~iEnc2-wds8K2D8Bh8o4%`KFZuh zlkjxzI>vnZTK^t`i3)$s#g;%x#AeUgM#dp|(TZR`Y;;@&)meVknMXWsa4!+wC}~b> zz2$!>Ba}9U-~@TjMS;;evSv?Q^WcYr`;WM@k*C2Q%(69~1|dIHO7=JY7Jw%j9Fs6B zf6V|jLLkd&E8xBiLo!B#rqQ^gjj^GlRilCUQ#$QZ2T+BnZYd$itmKM+srM_ORF=aH zN$+=8?K6vA2dAF*`1-v1biO!&O_rX5NzZ=z`+6YCf?7;ftRvWk@sL{@02Jk$0*oa! zadZ%sMDKjE20rQva#n<r=gW8$o$mF$Hg&HPg!AuoLW|2u$fRx;FKWh}vr5eosrM@|a?) z(yh2$;HSFTWQaOHGPX`vwVwF_1!AP{30kvIB?cmubX+frV;&JNE%)GaL_)+;=qM7Zpl&6XEJI{`m^Z~CaW!86g9cEYRj>Hvx>y>y~LO4 zqU~M@@sLg-6kDssvG?mqTds{IkiH)Pq3&PrXmMU?w|LQ}HB<4_ z!MIbo1!^6&pO=$xD0{w)fV`A?ICG(X?#`hY|71Z)XsXBc&2TSI$G+b$=Pqx3#>67g z!H;6%;4C5MN3i7py*6df4DBMHRguS{8@w(L>I$r#3DBo#@kLLKZ)C~oGXam|Dji72 zLm=GAJ~MByP7;#kLuKpp&3p9LyaoG8$)3z44 z{D@p2xx@cY%n&?)Rna2G!`uCf8W`|WQ4CC&X=**KLz delta 4498 zcmZ|TRZtw-mImO)JwQWn5A$SNk zXQrlRYVNtUYu8@u<*$FgeoveSZ=sqhD5%5$000xP#qMgvNX@7wLI40ffdK$Q02RQ= z+|F6Y+R4??+|!!V-owQiq=N-O>G;}iXZ7cLL2v*_sMkmU0P3Fvz$ul3$BMuYe<+%~ z59t_h*{i8z&g2relM=V%W$_g|n<)e{AC{7kHmXXn?&|FG6A2AgNRlNG+AC9WrMEYE zIdCc_lPkPW=r2H4;_`qa=xGZHky-bFs#vVv9?(4wql*qAByu+CZG|ZAgs=}_AAI6T zwKm*Wp9PCIO+{9a`xInel!@76B@tZ2d~o5@KX78po}^*W+qW~OR{n`((x7Kl_>Ot`21oT zDAGV@9yE}LnI(rs3gui12T)bEi|2JIeTKS)%1Rr&zwW4)hiF1n@b5v@= zzZ!EiA=G9Xzvk9V$d&7}q36y{FvE;_-`f4k`7TGuQ{rv7bb;o>XWHDtwP`$Op-Zw4 z_#ciwDQ}t*CUFV{f73nT6!(SIvRDv*X%{LVed$$5SVs@#+$N z;CDHaF^^d#8niW3Y$Zo-k!YBE<{kJ}X4iVH_Vmn5Zjk)uW5z{xXkyY*PP3FxH{NnI za(Q=d*vV(shO+63T?s(zL{FPjWZ;fy*3lppDH)1e&D-$(300N4CPaD$djW}%5wKGC1x+t z5P{C5p^m94t5F~N-EBLrxHztIn1>fo-|BG;veRVK$qWhVArwmo= zd=cnP#cD9RKzhf^MXzYm3HnOqorN~L@t(k)5?R67x6TKRk+&MrF#TKwBx7rn`scC|99D925E}vapj9kCudgwXtMZS6KU+z%>AfcH$4l*a zAc-nzqLeeJ)cgfDm9Rs8t80R=PMa0>5~KA_vl&NTbs|)&DjQ2s2~w|jT~v(VqIXnL zZ4GZc`LPskWEF=-Ey})fcW65!dNMA{x!4 z3B6=6dYgYX)mDH{eNz1D?CV3t^oRhsqaVn?qqG(5R6F)G{`!qSQj*fi3ZjdIJ>ExZ zM3lLdkikt)fEIf=;~7hT5_2tMZGm&}e0xJ&RWzX{(fScAi-?fB?f-o?h6I!?zAcZ; z>=E>g`}}nM70bhW+-W&L`Vo{^V(wTW4h1Fm$P566b;6T;*K(rBP{X&~{g?|tXv%8u z>oGV|_p|5s!6t0)OBawpnIM(kUzM$W%ORk-s&TYD#qSBUfqI6l_r}Dw{JKhQtb^`e zKISP>N}KY0{Gg%gtqK zeJmG#Ji4nuIvm<`~(mYgNd^+po6~O4wuo6Bz@P|g5o?eQ_ zRLgMPF$uQ_4Ozzg$b^?KBa}_FX2ga}?beS{#)X$t5P88~zVnP0w%E?_ho+hIqOMnX z@am9>9{DhN(WV3@p8~^#@`rQvU z72NrqKH3^TBRS|ePsXP{%=A9Z5IbsD_Bwk$A)9oD_~Dz!M~6J zv08%etQMyelhJ;YsXjvM$dUe{`+2Q8mOuTzmW|`;d{!ns@1Eqe(=- zmm4$Y!vzkI4wbz4xxY}Uw>A2{JUs<{(TP9As8US*;>o^29LTtNMqDJ{OicOIqEwUH z48PhD2=Pn)^t$;G=_(qU7h6+2Dyq2b)6C5*vab_=pb`IdDjV4oNQ5|cmdrJ<@ z9!>?f!{eu@x`VVI#=4Y&TuQleiDe4erY{_Wu?YV`#aXJvUWJ89Ut0sqe?8_o7)OS!8J$G18O)LQ1%L=P($@Z*aVvZMc47&=Ybn9&yL zR$aqr2wtjmw9^erE>-5jad@ebI}}qcCF0$w*Jil;{WWx*uheu&ztjv989A`t!OWB) zj6}@aPETMhRa9fl#r_6-FDYpFmLGg?f76~yfxu#>-`btvv{}fS(>7HV2z1~%?h(GJ zV=B*(Bk;c1$^F9g=vA#okwJl^ntj@pXar^-#0$hxan`1x$%@Vmo=IO$9NVi$?qq3y z6O&k~=yv!b>#p1?A9P#G<#x-2w^G%0j&H9smZ%N<;o%Ka;SR|8ZKd=y- z`(1$&+b-`{vydoIT)Usun?vd^7;2`-llj#$=>SDX-}xjr!JL zdVIujpT(YWgmJJYzgwXsn^#Y zeit1}2b(+6Iea=>q#LR_JGVZmmZ-JK_sW4q*D|XAY?@(mD^1`CT2eS;VCV|6;*iFw zEQ4~H2GUZ!^^<0SleUR43Z2ED^3x$olcelXjRv-lrFa8iL-Q&~eV@gZsvd2!Hg~6D z;+M(O@~9;v22s*5VULr_oTg;BYenC8qswd+A)z>-FY#|v%(OG3VD*-FjOuirBV5bE z6enegk(@-7S*{<@@i(r*%r{xE?cW6zI6~ z=9_rl3Bz;das>o>JphBwpZ~ zJMU;B?}Z<>CtpA3pZ2vnLecqo@~KXrA>IKcHU@p;57b2Ou0O*`dnTq^Gt*}5)3`32 zb}SnUHv(0y^l0J3CbuqwYi+on_k?O zUAetnt@aePZ%?Q!(fhpm7Ue5NTl|^Sx#2}`Q@MBq)^9WViuqzq~|PzKn;l@-j^18S44gN4Y|U0FDM|T2-WP*}U-Z#u+GZ{Td>#zk*<<;rkwA z!j~$IVOb1=+{@wS&Xj?+L3r}SdJL)y$~*w=?BmIJsO_{p$pVCj>0F{OsXqXh(Q~0! zV^}d<>iy88QI%W&=cKOd@lh>xhi#a?4IM1~M0J)!R2OcYeixtyJvutaVwDP>`|_n< zeKjNUqP&q%Cs~jBv|z-&^W->VMdsSat55e(E}0mT^XY!G-0#bm?AcX+%^q|sN5B+) zD`Ar#4KIcRzZM?D)ibXzbIsl|L(e992pz^#rMS9hzyK;m_3SLS$uEnd3U@s9Xs#yV z0}7;5(X}cbwyqHssPPX&MS;$5*59%Xj_SBNow*7kxSU+VnM51$_i~v#aWO;3A$?IJ z0x5@Ipyzke5l#DuFZ*0uMVlwPgu8c3S5h}Pxv2U%;|Z5K>piqC!`TCi>73?}2+qbu zLpqmbk6nm<&{yi0)3R?RB7%Qe(#4Q^vV!zJgywZ)F6Q>$K`ZFK$6ffkvn24J#WWWj z_Eq^&UXX3~BUcep;k(N5cgCl(Q@fgeUd{2Q1G7LKcYQ2>@ORq^QQ=KgjSKHAF!C`aLQ8pehcmBmE)jPVQ>=&{Ita?I4U;FGs&t@t?NaRG!o^}8jSs- zkuvfFt<{0aK*g-9L&5CC`L!}nlK*9&^&T?Z6LS|a#ge?ZVJvZ#o9O*@6HQ6DPX+3 zr}FcE5PHCs*w-&1xPB}(RW&*$?INCtoppPW4AD7-SCDP^#4N}|wY}qjN_0;Gkm zmOm^JFft{rhz|9RaSK3j z$ludHFbCRyGspiU4owv# Date: Mon, 16 Mar 2026 06:47:50 -0400 Subject: [PATCH 04/21] =?UTF-8?q?fix:=20optional=20Cyren=20JWT=20token=20+?= =?UTF-8?q?=20marketplace=20trial=20link=20=E2=80=94=20single-feed=20custo?= =?UTF-8?q?mers=20can=20now=20install=20without=20both=20tokens=20(Cyren-C?= =?UTF-8?q?rowdStrike=20(PR=20#13658))?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../Package/3.0.1.zip | Bin 0 -> 6407 bytes .../Package/createUiDefinition.json | 13 ++++++++++++- .../Package/mainTemplate.json | 14 ++++++++------ .../ReleaseNotes.md | 1 + 4 files changed, 21 insertions(+), 7 deletions(-) create mode 100644 Solutions/Cyren-CrowdStrike-ThreatIntelligence/Package/3.0.1.zip diff --git a/Solutions/Cyren-CrowdStrike-ThreatIntelligence/Package/3.0.1.zip b/Solutions/Cyren-CrowdStrike-ThreatIntelligence/Package/3.0.1.zip new file mode 100644 index 0000000000000000000000000000000000000000..a6b4d92e8dc3c109abf57be0523c95fd2173992a GIT binary patch literal 6407 zcmZ{pRZtw7HAs z`=P75x@*7es#WzZH6=KBd>9xQWSED~E=E~xUj3WcFffWnFfcg(Or6Z^oVBc+TpZ0j ztT^o5fzH3lp53=vAMalX1e{_Hg*CAlRoaZQM?E)3a~%9zmv(0sDmYOTGMJO-#aW$y zz6Vl@>-O=G10*tLBtr=E z8I}@}#<51<^Eq+}f;%@Qdkx6O*fU}q8onok@$6-o6(;j{Mm810!g-3K`pBtT&*&!; zpfEpo#@TCz;}w-m`^aPPsiI3dg*svQjxZv7Y)_F-?29;RetJRRr}yAIh3efr43jFd zZ7@JLKZkQYKUkGeLrOBmp2xgn@sP%B{6ieABu*G2%AlL{UJJnJS~s{&Ek#1?eHXfs z>4jahw5hCFBA-?#3>{pzgN0tL)NBpA@$U3KK;|Pu;vO&`Y?(q`$t0(X97KUvAO<7 z`C#u1q{oB}0Bh~-Gjj(h4do>x5-e%+zV@1vt@83aYNfjmRnBRWsd zjJQfhi&6(Kd1)H7sLxsPQwh-0KId1E0OHjM!{_$rm5k^YV-4bg@=@rh^c2V~XBb~Per98(%t_^EYb4%=U@kS2Q zk~|l<$H^Kec$OWTT(FO(E4;0=%*!HkG(|V%=&si7@_ndHOcE2sW5qi-t3VsSn|aDd ziu;dR1>%iv>;2)Fc^ts?;NV0QWdeOFLh%?)_7DiH&yH2mcI`am#wroITM8>ZrK@H1+IZMco5Sgd7(SLxH=9q-&41U~#^2T}r>-dv; ztq?026q{oy%?xKDY#&A#kIy_Lqzj)y;lci|_LINZRDZ5)zRPp+*YL_`A++XBdq?Ut zAc&KMn4+4L7b0Ph<{~<_rNf7CfDm+Y@>@yY=8uxaT}gKQ?0knG{ZZHtr{M6{&+;B= z!(Wt0-@v^Rmvad`u5V!R9wb5L6kEwn+`k;kyqT*HJF^ReI5U`mEJgP=MHijvBBJsS zZdfG(u-=r44DIh3S7I;~B!z~_&!25ap4WrX-6vjQi;1LWQtkizumA_Uc!j|)YMdci zwi6eofx?eY^6-w&wYSbaTmaA7`^5!JI(eu1@ltS<(G!a)(o2@$^0!dC&m3u;+L`)N zd`svC6-uq_%FQ8PM->4fry^B9J0F+IgX0LSjH@a$YsL+GL%K_LHLfo!MRGJPi99KE zmNr>wu~=aFy_Ue3m6x$)8-|xz;&+!TeztQ-jf6RNimMkoDynH2>WG)=B@nR|pPIOB z;wYz46%aq^3WtGbtn+TKY%+hnng4Gy_My za(o%!imomFG@8weWC~};GgCch3MXpv-8}Avg`VH^Pel6R6gLqPJ?D77 z&1yiGkKWSfTmCMF44E&S^3KY1;7o;Mp%pf-#)XaWiAr|)DhDa#Zx};j5Kw>@_z=yj zbS`*Y+t>4v_7dtc)|)xbnMkM!1w`N0dY_?s#BHTEyh)A**);D>(b{Hkibv4F{_Ftt zgp#Mn_E-R;-<{WjX6xkhh_*$OU#rnC1^}=KRc7XfNqxl(A9ZcUi6(Gbl3>n*=d-N~ zGDLZ#5{`*o5G~MT{%$P2!mwamqjb&e1aG?nwnNP~8$6b3+Qg_B`c2R$&WodU(~i{8 zpD5~V@)c)>^ZoLK9p&%lpzbQ0;Rg>6o<>*vN8Xw=Im($!f2JgEG>D@@6E-nLUV2&DeD&+@NVbfn&h0w!J z7vkDNaLZ9iCn*BdW*uIGWh$KSt`9OLIEp7zh^wSeqb)1yxsxuUJd?H zhuOIKLN@>d`1!39Q74IKL-%QpW3ntVPZ8Q>vcaZ~5LUL}-`pioL7S9c)Q{IIaPD=W zqpsB2yr{Xc$o9ggl4?r0$&$+uM*u+cJ~yv()E$Oi_S&KKH8!9Q{D7Cf|JDl%z`+)J zYC!91`~})}Qwr8@TAM_C+K_BepNiRlsyYr+QN>2;(spGSI}icfxi|jSsMKJk5BFr| z;1PnhsGGbqW_I~%`0Pw8VKds!Jek`)Y!NX<&{QsPsXUso4XH}lJv|w+`mT>EAI0go zzP+_ABdu@no0kN8DZ|0i8@LxQ<+<8q@txrUvV17bv;OXusJ`0l895G`M+YO1TX^dW z*pX(Q@M}!U!f1;HbLG zstQSLwlqjtx=9;0OpMx4A2by$4Uu5|v7Am5I@7D7Vxvv72O0~e#;SKyG`UcJrg>IR}? zMl@tjUq5NaU{^&1r)=s53$1)16{w1;5mf!tyvX2ElHm027P~EP>+!q|3CGn?G3$Md zb8GyFT%ZOxIn7RL7i&q6Jm>g>u0dmp%K=4)BpTBE%|?A7xVF`R@-Jb2^47Uqc5b?x zhv&|Q)Su6{f3GpWDKS5xcr~Or@{0=lY|5l##H|*q;!E?lLuD^rAao&5vc;WSNS-=@ z3y%~cZ;E)ocN>di#*Avu<45IG)L>n|e!IIb%qQROk6VkR<|j%D+$>v%XSJ^3(*&Y) zrdgQ>k}4ssqjqJ5KJdza*?a`uWjYVT#SuznqzCYTjy4@?} z;I^1XHr;j@;AY`cvLP>`GEX7gFX*3asdk)yMn{G{RadznE4KDtEGW8gH9d%_h4TX@ zUqFi2_c(N0S&js1;4OhH6{DH7m^WOlsc$RUhy0Yj=#H6D&5m9|c}=S_l`p?I@@fcV zTlq}Q9D>pmX>-4m0FY)dc=cFgXHFyF=XC@cldB3#$s>n5W{{!|g_MtkYn&qL)Se!t zU*F}P=h!z*#N(%J7=e9#0;1|o)p?e$@llD0`TJE8r6-%pN>-nhm>xK8BG=WfzLdI^ z!vq}Uzo%bI=)&((b$+fce$|!S(%I)$jW&!rqcl%k($FI}!fSJsPpquhTq~Sq{+Zjo zCh3J2CSqcjdYU*(QOsIZ)BC$2iL40cWma+i%IaH9YK!*@{~!0PjpC3!kEtX-3Y6@Z z8ywGSCb2|IAsx+Z18(y23U3G{fWw&Cyc2z>H2LP@{ergY$Fryb8D5eQbMUYDM-p*r zZS*|$nUEzyK_zWOaK#m82!ofYi5w=D%P-c=!MeJtzWKRhA{2CjB@ zD-5mR{K?WPMf|b-la%^QPT0L(m0(4j`?(K1HpRjZh{M2WbHNupfo8o*&lM?qSP&fg zjdr;!6R$YqR#M5fA?@@Rh%U6SEEURi6EXIUTV*-8w)Sk7{vymUH1F`Sb-TG)VR{aq4WOC5AG1_7 zcQwxIo`9`9alr_u=wvWYkM6FmdVRnEkZSfch}1+Q%Gs0)SarncjEFKi zBJK4{sl#rL&oBI<##=uX2#5*fjQJ9q!bwppP3mhC*3K!zEaWl6f~pX#|85*XEUX%h9^FursBRjJzhSkCOa*40d5i zb#K6f|F|;|rJt>eXm8j;?+eWnvRJxw81|p%7Gq`LG?8LU1VI>=FA%WV23X}+UHnr$ zn~?%cyf9$gd-`!){47!AO}|ky(GsW;XcC>UzbcHa)T8%1oV!7xPU(w)uVIHBMx`xm zcjXM%iZzxtBCxa^W!2k}Lh69>AzRZeZ#&z~5>TlZ-FLN4F#8uV1JPQ& v4W zK3*VH7d9X|@1-|s>O~sq72I4Ers%vt!uv>5g9*_Uv?p(+Lm9M*XjUi7!!ZEcE4v7( z=c2aX*1+cxmG*5vAU3AzhzPrTsI?<3CXrUpajb(zF=8F6E=~g_AhRZ}pR&WFcq1+F z%GEMv4kgfN$BEeZ1REzkUXySovn98$ALq+wHEfxfX1||87YI0_$t=UvCE<-Vq@0t(uKY zG;orG-UUv12$r`gdINu5QlUbJ#-ve@Ed`Om&7vcvS@KzSBB@*0++(de!0YOqB&$8& z`MfC$MQbgY&wUH{QWp@sZC3T+V_n_plrk@aoSa3C&P3|UKBnwaN>X6Np434acno{x zW6mI_5~3w_l}dJL$gE{RTu?(+mr;!yLo9RP(gXS6igYPoiR*~KFGZhz)cG`85oQW} zZZkcLV=zG%&WslvNs^f@w)NFkuGi64}T1kTzknJ+x0SxI<4i>9*49 z246Q)T|4$|hdw2{dwf8PBq&iBsBc=ckcxQXd+DbiZ2S&Uw9uC2K0mxcFDTFtJ;D{X zIKjmz?SBy0+dI{`X@O$~oq<=KXF+G#R)=DFRf~{v#hkXYjZL4=_=c)~n`z-9-y~s=duGdq>nM;I-WEQ6 zQDwm}!C(InkA+12tdh!hEXZ?|y@^TFRco&NUaS)A#8PA8AyBTnP}k8|!J0hu6GNWW zh!)jtnlBps+<&l4ZtkF!b>lCNU7(NrK!+Y-j8$D@2QghEcg1oqy23WH_xzMpdAsWa zI}JRoYgo-jIxZxqQP0u@99jHq7n#EF6vwNn2SH%roSCXqFCq`f8j>{z#f(~Aze(L6 zG_I$}oWm2XORM~t*lF#f>{e4CxD7NLtQcnAGCbpbl}-xDVi$`JgQ&TWfNMh7adsld z!bclR0uC(uC6C;kTs0c_5PQwAdig)>`EnFwdiuvXyFDmYHLka2FFp7?wn~aP8yNew ziCn+eU7jD?!odS`j|K84^gYgB4m(?*O{2AF>xZyT?#KWSFO5j9S-qOWQR>pH91ZC zR?*XC<)g)KpzpA^uAH1YwCeTNz$oz>*7OYP^wwCS zSJcqgO5&#;mHvCgJ<%vEeRh7+F{pYl1B>~SPR>DG=k8DdR{hSJgFiLDIH~Mr2|1P9 zXRW1+-ULErBrAPE(3zH(vq}Tu}bXckRDm?4_dq{0>aFR0XJz5 zs`j-LPr7vg2DnlKH|)k_gu%Cl^k|DOKC=V@8pZIa6|3?VlVrlOHYd%Wn`_7!)5CAI2TBl4i-9nM2N&u zImJO5!~zIiXF&^|(}8DS86$k}-_1kVb{wzG05Hq4^PXjOwp2P1E_fHyMtUs zF`6FYGf=d5--!iRddpz`yz&w#$GA)n$ zbHVeY6~z61SNa?BTJcUvJdDi~0th<}D}sr8(k}Cju@~r^fB2ypZaUO(Ty&}A5fCr^ z_oUL7S>|?cVko)qgPPI@SbVtuZa4fRwEvC}(7($6Gavr*{69tde~)2cLO>}0m>2&= WvelFj5dXCZ`%i}b>lNaEb^il-=S}$l literal 0 HcmV?d00001 diff --git a/Solutions/Cyren-CrowdStrike-ThreatIntelligence/Package/createUiDefinition.json b/Solutions/Cyren-CrowdStrike-ThreatIntelligence/Package/createUiDefinition.json index d7486dafacf..f89bde5d176 100644 --- a/Solutions/Cyren-CrowdStrike-ThreatIntelligence/Package/createUiDefinition.json +++ b/Solutions/Cyren-CrowdStrike-ThreatIntelligence/Package/createUiDefinition.json @@ -6,7 +6,7 @@ "config": { "isWizard": false, "basics": { - "description": "\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Cyren-CrowdStrike-ThreatIntelligence/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe Cyren CrowdStrike Threat Intelligence solution polls Cyren CCF threat intelligence feeds (IP reputation, malware URLs) and pushes IOCs to CrowdStrike Falcon's Custom IOC API for detection and response.\n\n**Playbooks:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)", + "description": "\n\n**Note:** Please refer to the following before installing the solution: \n\n\u2022 Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Cyren-CrowdStrike-ThreatIntelligence/ReleaseNotes.md)\n\n \u2022 There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe Cyren CrowdStrike Threat Intelligence solution polls Cyren CCF threat intelligence feeds (IP reputation, malware URLs) and pushes IOCs to CrowdStrike Falcon's Custom IOC API for detection and response.\n\n**Playbooks:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)\n\n**Get a trial token:** To request a free trial JWT token for the Cyren CCF feed, visit the [Data443 Azure Marketplace listing](https://marketplace.microsoft.com/en-us/search/products?search=data443&page=1). You can subscribe to the IP Reputation feed, the Malware URL feed, or both \u2014 install this connector for each feed you have purchased.", "subscription": { "resourceProviders": [ "Microsoft.OperationsManagement/solutions", @@ -76,6 +76,17 @@ "uri": "https://docs.microsoft.com/azure/sentinel/tutorial-respond-threats-playbook?WT.mc_id=Portal-Microsoft_Azure_CreateUIDef" } } + }, + { + "name": "cyren-marketplace-link", + "type": "Microsoft.Common.TextBlock", + "options": { + "text": "To obtain a JWT token for the Cyren CCF feed, visit the Data443 Azure Marketplace listing to request a free trial. You can subscribe to the IP Reputation feed, the Malware URL feed, or both.", + "link": { + "label": "Request a trial token on Azure Marketplace", + "uri": "https://marketplace.microsoft.com/en-us/search/products?search=data443&page=1" + } + } } ] } diff --git a/Solutions/Cyren-CrowdStrike-ThreatIntelligence/Package/mainTemplate.json b/Solutions/Cyren-CrowdStrike-ThreatIntelligence/Package/mainTemplate.json index bbb81cae52d..59c18c683a6 100644 --- a/Solutions/Cyren-CrowdStrike-ThreatIntelligence/Package/mainTemplate.json +++ b/Solutions/Cyren-CrowdStrike-ThreatIntelligence/Package/mainTemplate.json @@ -33,7 +33,7 @@ "email": "support@data443.com", "_email": "[variables('email')]", "_solutionName": "Cyren-CrowdStrike-ThreatIntelligence", - "_solutionVersion": "3.0.0", + "_solutionVersion": "3.0.1", "solutionId": "data443riskmitigationinc1761580347231.azure-sentinel-solution-cyren-cs-ioc-automation", "_solutionId": "[variables('solutionId')]", "blanks": "[replace('b', 'b', '')]", @@ -69,14 +69,15 @@ "type": "securestring", "defaultValue": "", "metadata": { - "description": "Cyren CCF JWT Bearer token for authentication" - } + "description": "Optional. JWT Bearer Token for the Cyren CCF feed. Leave empty if not purchased. Get a trial token at: https://marketplace.microsoft.com/en-us/search/products?search=data443&page=1" + }, + "minLength": 0 }, "Cyren_FeedId": { "type": "string", "defaultValue": "ip_reputation", "metadata": { - "description": "Cyren CCF Feed ID (e.g. ip_reputation, malware_urls)" + "description": "Cyren CCF Feed ID: use 'ip_reputation' for IP Reputation feed or 'malware_urls' for Malware URL feed. Must match the feed you purchased." } }, "CrowdStrike_ClientId": { @@ -404,7 +405,8 @@ "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]", "hidden-SentinelTemplateName": "CyrenToCrowdStrike", "hidden-SentinelTemplateVersion": "1.0" - } + }, + "condition": "[[not(empty(parameters('Cyren_JwtToken')))]" }, { "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", @@ -452,7 +454,7 @@ "apiVersion": "2023-04-01-preview", "location": "[parameters('workspace-location')]", "properties": { - "version": "3.0.0", + "version": "3.0.1", "kind": "Solution", "contentSchemaVersion": "3.0.0", "displayName": "Cyren-CrowdStrike-ThreatIntelligence", diff --git a/Solutions/Cyren-CrowdStrike-ThreatIntelligence/ReleaseNotes.md b/Solutions/Cyren-CrowdStrike-ThreatIntelligence/ReleaseNotes.md index fc23c5118f5..480b1df3091 100644 --- a/Solutions/Cyren-CrowdStrike-ThreatIntelligence/ReleaseNotes.md +++ b/Solutions/Cyren-CrowdStrike-ThreatIntelligence/ReleaseNotes.md @@ -1,3 +1,4 @@ | **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** | |-------------|--------------------------------|--------------------| +| 3.0.1 | 16-03-2026 | **Optional JWT token + Marketplace link:** Made Cyren JWT token optional (minLength:0) with conditional Logic App deployment — connector only deploys when a token is provided. Added Azure Marketplace trial link to connector UI. Customers purchasing only one Cyren feed (IP Reputation or Malware URL) can now install without providing both tokens. | | 3.0.0 | 23-02-2026 | Initial release — Cyren CCF feed polling with NDJSON parsing, CrowdStrike Falcon Custom IOC push via /iocs/entities/indicators/v1 endpoint with OAuth2 Bearer token, PersistentToken pagination, 6-hour recurrence, cost safety parameters enforced. Hidden Sentinel tags applied for Content Hub visibility. | From 68e02d03902bf0957941b47fedd6cb0096030d08 Mon Sep 17 00:00:00 2001 From: Taz Jack Date: Mon, 16 Mar 2026 06:52:33 -0400 Subject: [PATCH 05/21] =?UTF-8?q?fix:=20explicit=20FeedId=20=E2=80=94=20no?= =?UTF-8?q?=20default,=20must=20specify=20ip=5Freputation=20or=20malware?= =?UTF-8?q?=5Furls=20per=20purchased=20feed?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../Package/3.0.2.zip | Bin 0 -> 6425 bytes .../Package/mainTemplate.json | 8 ++++---- .../ReleaseNotes.md | 1 + 3 files changed, 5 insertions(+), 4 deletions(-) create mode 100644 Solutions/Cyren-CrowdStrike-ThreatIntelligence/Package/3.0.2.zip diff --git a/Solutions/Cyren-CrowdStrike-ThreatIntelligence/Package/3.0.2.zip b/Solutions/Cyren-CrowdStrike-ThreatIntelligence/Package/3.0.2.zip new file mode 100644 index 0000000000000000000000000000000000000000..9998d91547a40013add8a3938e45d8b5a43478f6 GIT binary patch literal 6425 zcmZ{pWmFWpWlgbJp+CRzpE01ONaSfD~a*bG178iDM7|U}Fvd;QgDrSv$Gw+qrqV zT0`u(oqasqPb6G?R)pKuuQ+&@gBb$9&JC%|_T-8t9aSWmEnF{aiu+I{VWp=;2`PAD zPA9C~_njdrNAjdZ**fH}bsVcZr;7FmN}u09VaoQr{60;Cd7d#Haz$g@P0X+c3Yc#K zc*YV?ZQ{Zb8TcVf>`z~ng0~PaqFZ}Y0sNQB`_1A@|0J?B*!+(y4g>2!T}@%xXvk7e z>hzi>w6VFbMlbueuM#kht?5QzsNN4zP$n`Z+77j!Ki^$B>=#^8{2?HMM4B(-1c#ga| zModU2@=4SH@X4o1n|x5aY%^-Z~NU)2gXa8$ilVA!?5e0ljQ|hXFv&jht2p3rHu8@A zuyr)hjj~;|>~@(2Z3RH{HZj7I#qK%qB!RNm zoGmogOA~mhmtc$fY+t#GgYyfqz{70y6#964w-EfDIbHw~FiypCH0VWS!|l)NLv?QB znhEtH%C?2kPu^uCZ!So^b`Llt?)T`ho$fn5E88xXmAm!xpIp>X-D3RPIR8C1oiwCc*&2f>hvGju-!uYR?tqOdS};@Q10P5jE17D8*cBYXf0(d zZhY%=b+=|zxBSV|l&eA4LJ7+WOcUhOoTOSY+T_vS>32u!iJesI`b8?_6?JI*`^eQg zAG&BWd+$-0wyhYqKZgoNa!fZ9CRKdkPG%}6{X;i<&ad}3z<|EJB-KL;oMk`f1Z!2O zg0p$Cxh;1b-lEKzvqieRz4&aHG?Or(WIgQ8Hf%4YYLb}?`VPi??KEI=nsigd%m0OrU|~IkO#k&DuLjY$RsPjy{PLK>>rgb=dslv3xse z<8JxfLzpK-E=tubCQv>-0pI;dP z@}*#cS)lSC!yEd59aF!@_Hat1nKY(jueS8ZrAM@ZvNc$l6oOjVU}zm&sCOuja#^fU z9J*AhWuX6J^Q~lGQVZ9n@s}KC^8Wsb93rX#gm*zgE2IE%@$N(Oy$9WWvR2IP3vU4% zdp1VDx!@a<78RGpcdEQb;WvM!GtvJeE1?*CdTg+A4Dp1Y*AA=5HNvFln`vT!QiQpc z)d^K9^d>~WS?6v}-&%pT7|zdRExK@5vj#%sP_kMZ8~r^KN%W~A#U~e-;E}1pWPqL2 z716f9->keaqaCLri6iJ$L*A(+S)exFm&W`UL7lKYdcnu&NoPipQzT zOw!53Mv<)BD$DtL?stIo_E!uy0e9r?C8*y_4HzQFf;(Ksm*bkC@?+-bqToYNu>23H zJWptkz&j=sbR0)J%P(^_L&(fLF}1yA+RNRZUwLeu(mOs;V#_&|^Ep{vL50o)Roy5p z2KQh0E4&v*vr%G>34yB8jMS_klzYjm7hR60p-R_l+eiTGP>e zS0y6viSt&OI*dVyyPBn9nL@m%_>ND#aC|^XRq9rdF!M$*wR@^&`}w^a+S9 z)rKX4k%0lqZbfktvy+yjx}L;E-}&Bn`^*r^)`y}v6Fy>-;M5yX3r!U`1;U+Mv;SR_ zhkJz*LaDQKJb6~g_WTrwpppn?nAsE$Qj6?qJI@qWGXfS)WVlksNNLpU%&<80Sc>}) z*A<9f(yfhAany}3KlH0?Q*xG!4km=P`4xYbV(5rmThuByrFY^lN(ibSXS1JM@z^!B zf(+UktcHRyLL?@tgNJyAycwmMB?8+Ub8%(j*Ifm-^+@rGh}=AAV+W*o z>K_b$IfglqOqOCUIi1da=2*_suLHbZK+BDVq$&0?aH;A>|tnukz(o?KJ$&g3yzT#)&Y@RCRQIA?DwtKEG-wZR zmr*Uw_@=sQf&>kOrC{XodH=xtQJ+Lbug9>Qpdlm$Hvg8aiR%zal+I^%2m{x}G<-Df z?D5?(j$E!tsQ9+S&@pPt9gqy25>RYU_t>WgROZ)t5z63C-R!h{;Cg+%sr8}7poCp> z3CE2>n}C6Tck`*xqyC4IPQ9V7;W z@HnNd``%o?fY#=+>=PaZgf*6}sD|}YsnY^`O-@KPX{S;cl);iGwFUTUBtZ?B*NCaL zZTW@mF-=L}UJvT0sfdob&A00kkq_R1&D$T=$t={U!#uzT05fZUJy0?5f<;_9MPfE7fcD%5`!ch6IU~*R z(xAh_;>}qn%h-gL(T~!`rmK14y3Q2{v+T-(>&Zy^_paGuoHW=PrryZv zv226q&z>p0@NdYYXn2Kcl4uP{x-hN(KY}NZ|O1Uws@al&2Fb zw#4@6h`J6nTOjcTz2P~a(AoM4Y({=K@uG97v@76&{M+DF%y3u4+8xT#D{71eP=7i4g z<$m>+zr#L0y_Hhx5q6q;Jc+0ttHSoWdSt zT~*nX$3zrD5-9J^dJEDK(g*ZrKcewYoz*p_ zGEZ;!U`;)2&|4^*V%sa~Jd^b$;7zS-VgIXakDHb`Z@7MKtdcx~@odZFc-u7ab9}k$ zF#kSq3ZmQZ*=eUD`3Y6ik1bxxFr!eJpQ;w2#g+SdZccnMnJc@VoX;Z7dR8UyChSJX z@cfB-@)IUoVTPgoqKCHeyE^w=*dG@!sqyfSY&iG|1~Spz96%LI4M;bqo{f<=hD08b>6?))#EwZkRX2{Nl7H zwo+=u^Wrf}5cN(IMJ?@uz*;qU5b8IijmFn0xet7OqM}o)%M~>I;N666+1A1Bu%hOX z=N{X^^p#_BuANxK4Ia%b+33I9!`pk!7EAfy)?*{-;jcD0D0iJt?@Rtb!$yIRBr4wJ;D{i-lX_y( zypw^T=o`5^wh4=tah^Au;uz@ESm0^JOIWP@2A`ebm6`JOxe72W-fOIOZX4o`+N z4hIJKa;>PvqZsBouUb89{BX#vZ?yAU$K!Dy1uraC23MA7F4d*6@v|q>XYsOY2 zx~M*jcXf)~F||ZrR{mAtI9X}#`gD1U2_D#E)}-4Sz{A#c!S*3km{-lYDBz*{@GIu= zyRIB*Eo@C-=4}9}6a^9aDH^P-5$L{|-K=LEXKq}2d0v)b_?Q>nN0Avu{7S`O{7OEO z*?@%p=QuPPN9))88d~PDq~nK$l;fBh=k|>}hj%(aw6#sF`Vn@kIJ<`=jzRN8=?+a# zw}HwC>t?<^#o@06Bdw_FFa>Lu%Jl?S#K+`M4sOPRR?%wKv)-2E)6gkhM^@IU*u(W1 zBJKoA+bA7blyaBKvt8BI+D!|SCTR#V7r`0*M#D+^Xc9v1>= zjp}X>Pph28J6grhFiuLz&~a`iPZaebWWnZyCBj8nm1;wJt0pnd3?Q>NxFe%Q_CXPm z)-7%WS%8K3ogb6se<^W4ZqCQlUq~1BS@C#;hlKsIu0Xb>7S$*+OS;sRrletAs1P zM*e*%1NyP1vlt}Us0sP4jlsJqL|u53ekf#V){Y<_OTO^P!Im4Sxl1+ZMqz3^i{(_m9OZ6N#qW`ICvi)r>g%}#(48k_p%j*E#fHUr~6dIQGwmIbaCyErZ!uX^ozpV zF5wwQ>;7k(uJ)Gx+r1$-AOR6BJB3w*T|sHNdD*&uN_w4Mbp2z*L1hmbas%=0L69k? z*t%Ob-zzD!ps~|vyq_n(3cM$ZrC-v-B$~17&-#hez?v1jj#Ev|LPx?wuoG*2e2mL9 z(3o$5Vzi+Onb}p@y_6<9juqh|QZg<&-GfFZ=dPH*PQmhP`mTB#^_L2bFgNx(D~Kr6 zXa?TVRLzk-w1=b2Va|Z%{Y^L_<)MFTj>^VGKmRgV22^T-am)BB#sU{s=alzufyxWl zr~Djb?(EBxR&%u$fc(wl5Z?H+0DZTNie4vQPiqIf_eEj?$5)1+t|1~18O5CymU$Yt zMcJ6HJ1A}5=Ji4DW~*s2L*W>eWKmvY1F_oHN7JpXLUa{sJy<==wqkZ9_#~eep3fzn z5S6FxGm=sl&V{!cHyZu5sWN2CwqJI~+s#Y2Q5e{3joT}Nv>C`$s02c+?*YGc{LCmvDt(in)If%A8s6t2Syt!0uq%0!JR8}kzfKw#?F;#{@dPFzf{ zRRmOlai}Qv9+xYFq#IP8_m*l4BuPpYBJf7^xU{v4j7qAgYd*Hp4c7FEY`xlWgl)>q z%J@=DIc+Twu%M*Jl%7Cn*-`P1VIA(zafMl<7WWE<+9r88r@r&!Lqsg{l@~9sA%jkX zy+^#vB}aCSeRkVNk|(UlryA1x9*zDR;HG3et_hdOyU}%>FlKg}d&9!5q|UXW5Zs2< z1(#qt5t)eIhLn!r6m*LHg~fxOe1nT3G^OSe5nIMxO&k*s;#Uq4&9*P6a=7r`RaBM% z6Gvsgya;=uvEYlk*ID3DpvJRW$-wq zxT3>;i%?6w_jf=xr|EhnoKBMKXL8Kuju%S$Fqwtq`*e3&Bl)Vt++dN-o~=WwvG>ED zbsF$a(a&7KhJ7SJ()hxP_qwE_XkAC|XMDef9$B))1m3*ZgmbRCURW#bt&o`5@-Yp6 zQ<|S(AT!XS6>#o;?WyAAdIleD$t@hFYwO7`cx`1fhiZ-!4xFE1A! z6WV-2pH;%;&cH>SXQ7SSh|^%w(D7`gFDM^z2j(kU$AiZ=x7Ysepm^S>6oF|Xs;>R7 zSQiT*xBVl4d$Kduxv^kAR1xgbq>~r5>+q-Q7aG!GkU+Rr)NWKcAnD%Vb6}#gXy^3p zhF