Azure · mazamizo21 · Mar 11, 2026 · Mar 16, 2026 · Mar 16, 2026 · Mar 16, 2026
@@ -0,0 +1,14 @@
+{
+  "Name": "Cyren-CrowdStrike-ThreatIntelligence",
+  "Author": "Data443 Risk Mitigation, Inc. - support@data443.com",
+  "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Workbooks/Images/Logos/cyren_logo.svg\" width=\"75px\" height=\"75px\">",
+  "Description": "The Cyren CrowdStrike Threat Intelligence solution polls Cyren CCF threat intelligence feeds (IP reputation, malware URLs) and pushes IOCs to CrowdStrike Falcon's Custom IOC API for detection and response.",
+  "Playbooks": [
+    "Playbooks/CyrenToCrowdStrike_Playbook.json"
+  ],
+  "Metadata": "SolutionMetadata.json",
+  "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\Cyren-CrowdStrike-ThreatIntelligence",
+  "Version": "3.0.0",
+  "TemplateSpec": true,
+  "Is1Pconnector": false
+}
@@ -0,0 +1,100 @@
+{
+  "$schema": "https://schema.management.azure.com/schemas/0.1.2-preview/CreateUIDefinition.MultiVm.json#",
+  "handler": "Microsoft.Azure.CreateUIDef",
+  "version": "0.1.2-preview",
+  "parameters": {
+    "config": {
+      "isWizard": false,
+      "basics": {
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Workbooks/Images/Logos/cyren_logo.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n\u2022 Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Cyren-CrowdStrike-ThreatIntelligence/ReleaseNotes.md)\n\n \u2022 There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe Cyren CrowdStrike Threat Intelligence solution polls Cyren CCF threat intelligence feeds (IP reputation, malware URLs) and pushes IOCs to CrowdStrike Falcon's Custom IOC API for detection and response.\n\n**Playbooks:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)\n\n**Get a trial token:** To request a free trial JWT token for the Cyren CCF feed, visit the [Data443 Azure Marketplace listing](https://marketplace.microsoft.com/en-us/search/products?search=data443&page=1). You can subscribe to the IP Reputation feed, the Malware URL feed, or both \u2014 install this connector for each feed you have purchased.",
+        "subscription": {
+          "resourceProviders": [
+            "Microsoft.OperationsManagement/solutions",
+            "Microsoft.OperationalInsights/workspaces/providers/alertRules",
+            "Microsoft.Insights/workbooks",
+            "Microsoft.Logic/workflows"
+          ]
+        },
+        "location": {
+          "metadata": {
+            "hidden": "Hiding location, we get it from the log analytics workspace"
+          },
+          "visible": false
+        },
+        "resourceGroup": {
+          "allowExisting": true
+        }
+      }
+    },
+    "basics": [
+      {
+        "name": "getLAWorkspace",
+        "type": "Microsoft.Solutions.ArmApiControl",
+        "toolTip": "This filters by workspaces that exist in the Resource Group selected",
+        "condition": "[greater(length(resourceGroup().name),0)]",
+        "request": {
+          "method": "GET",
+          "path": "[concat(subscription().id,'/providers/Microsoft.OperationalInsights/workspaces?api-version=2020-08-01')]"
+        }
+      },
+      {
+        "name": "workspace",
+        "type": "Microsoft.Common.DropDown",
+        "label": "Workspace",
+        "placeholder": "Select a workspace",
+        "toolTip": "This dropdown will list only workspace that exists in the Resource Group selected",
+        "constraints": {
+          "allowedValues": "[map(filter(basics('getLAWorkspace').value, (filter) => contains(toLower(filter.id), toLower(resourceGroup().name))), (item) => parse(concat('{\"label\":\"', item.name, '\",\"value\":\"', item.name, '\"}')))]",
+          "required": true
+        },
+        "visible": true
+      }
+    ],
+    "steps": [
+      {
+        "name": "playbooks",
+        "label": "Playbooks",
+        "subLabel": {
+          "preValidation": "Configure the playbooks",
+          "postValidation": "Done"
+        },
+        "bladeTitle": "Playbooks",
+        "elements": [
+          {
+            "name": "playbooks-text",
+            "type": "Microsoft.Common.TextBlock",
+            "options": {
+              "text": "This solution installs the Playbook templates to help implement your Security Orchestration, Automation and Response (SOAR) operations. After installing the solution, these will be deployed under Playbook Templates in the Automation blade in Microsoft Sentinel. They can be configured and managed from the Manage solution view in Content Hub."
+            }
+          },
+          {
+            "name": "playbooks-link",
+            "type": "Microsoft.Common.TextBlock",
+            "options": {
+              "link": {
+                "label": "Learn more",
+                "uri": "https://docs.microsoft.com/azure/sentinel/tutorial-respond-threats-playbook?WT.mc_id=Portal-Microsoft_Azure_CreateUIDef"
+              }
+            }
+          },
+          {
+            "name": "cyren-marketplace-link",
+            "type": "Microsoft.Common.TextBlock",
+            "options": {
+              "text": "To obtain a JWT token for the Cyren CCF feed, visit the Data443 Azure Marketplace listing to request a free trial. You can subscribe to the IP Reputation feed, the Malware URL feed, or both.",
+              "link": {
+                "label": "Request a trial token on Azure Marketplace",
+                "uri": "https://marketplace.microsoft.com/en-us/search/products?search=data443&page=1"
+              }
+            }
+          }
+        ]
+      }
+    ],
+    "outputs": {
+      "workspace-location": "[first(map(filter(basics('getLAWorkspace').value, (filter) => and(contains(toLower(filter.id), toLower(resourceGroup().name)),equals(filter.name,basics('workspace')))), (item) => item.location))]",
+      "location": "[location()]",
+      "workspace": "[basics('workspace')]"
+    }
+  }
+}
@@ -0,0 +1,111 @@
+{
+  "$schema": "https://schema.management.azure.com/schemas/0.1.2-preview/CreateUIDefinition.MultiVm.json#",
+  "handler": "Microsoft.Azure.CreateUIDef",
+  "version": "0.1.2-preview",
+  "parameters": {
+    "config": {
+      "isWizard": false,
+      "basics": {
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Workbooks/Images/Logos/cyren_logo.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n\u2022 Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Cyren-CrowdStrike-ThreatIntelligence/ReleaseNotes.md)\n\n \u2022 There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe Cyren CrowdStrike Threat Intelligence solution polls Cyren CCF threat intelligence feeds (IP reputation, malware URLs) and pushes IOCs to CrowdStrike Falcon's Custom IOC API for detection and response.\n\n**Playbooks:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)\n\n**Get a trial token:** To request a free trial JWT token for the Cyren CCF feed, visit the [Data443 Azure Marketplace listing](https://marketplace.microsoft.com/en-us/product/data443riskmitigationinc1761580347231.cyren-ip-reputation-feed?tab=Overview). You can subscribe to the IP Reputation feed, the Malware URL feed, or both \u2014 install this connector for each feed you have purchased.",
+        "subscription": {
+          "resourceProviders": [
+            "Microsoft.OperationsManagement/solutions",
+            "Microsoft.OperationalInsights/workspaces/providers/alertRules",
+            "Microsoft.Insights/workbooks",
+            "Microsoft.Logic/workflows"
+          ]
+        },
+        "location": {
+          "metadata": {
+            "hidden": "Hiding location, we get it from the log analytics workspace"
+          },
+          "visible": false
+        },
+        "resourceGroup": {
+          "allowExisting": true
+        }
+      }
+    },
+    "basics": [
+      {
+        "name": "getLAWorkspace",
+        "type": "Microsoft.Solutions.ArmApiControl",
+        "toolTip": "This filters by workspaces that exist in the Resource Group selected",
+        "condition": "[greater(length(resourceGroup().name),0)]",
+        "request": {
+          "method": "GET",
+          "path": "[concat(subscription().id,'/providers/Microsoft.OperationalInsights/workspaces?api-version=2020-08-01')]"
+        }
+      },
+      {
+        "name": "workspace",
+        "type": "Microsoft.Common.DropDown",
+        "label": "Workspace",
+        "placeholder": "Select a workspace",
+        "toolTip": "This dropdown will list only workspace that exists in the Resource Group selected",
+        "constraints": {
+          "allowedValues": "[map(filter(basics('getLAWorkspace').value, (filter) => contains(toLower(filter.id), toLower(resourceGroup().name))), (item) => parse(concat('{\"label\":\"', item.name, '\",\"value\":\"', item.name, '\"}')))]",
+          "required": true
+        },
+        "visible": true
+      }
+    ],
+    "steps": [
+      {
+        "name": "playbooks",
+        "label": "Playbooks",
+        "subLabel": {
+          "preValidation": "Configure the playbooks",
+          "postValidation": "Done"
+        },
+        "bladeTitle": "Playbooks",
+        "elements": [
+          {
+            "name": "playbooks-text",
+            "type": "Microsoft.Common.TextBlock",
+            "options": {
+              "text": "This solution installs the Playbook templates to help implement your Security Orchestration, Automation and Response (SOAR) operations. After installing the solution, these will be deployed under Playbook Templates in the Automation blade in Microsoft Sentinel. They can be configured and managed from the Manage solution view in Content Hub."
+            }
+          },
+          {
+            "name": "playbooks-link",
+            "type": "Microsoft.Common.TextBlock",
+            "options": {
+              "link": {
+                "label": "Learn more",
+                "uri": "https://docs.microsoft.com/azure/sentinel/tutorial-respond-threats-playbook?WT.mc_id=Portal-Microsoft_Azure_CreateUIDef"
+              }
+            }
+          },
+          {
+            "name": "cyren-marketplace-link-ip",
+            "type": "Microsoft.Common.TextBlock",
+            "options": {
+              "text": "Get a free trial token for the IP Reputation feed:",
+              "link": {
+                "label": "Cyren IP Reputation Feed \u2014 Azure Marketplace",
+                "uri": "https://marketplace.microsoft.com/en-us/product/data443riskmitigationinc1761580347231.cyren-ip-reputation-feed?tab=Overview"
+              }
+            }
+          },
+          {
+            "name": "cyren-marketplace-link-mu",
+            "type": "Microsoft.Common.TextBlock",
+            "options": {
+              "text": "Get a free trial token for the Malware URL feed:",
+              "link": {
+                "label": "Cyren Malware URL Feed \u2014 Azure Marketplace",
+                "uri": "https://marketplace.microsoft.com/en-us/product/data443riskmitigationinc1761580347231.cyren-malware-urls-feed?tab=Overview"
+              }
+            }
+          }
+        ]
+      }
+    ],
+    "outputs": {
+      "workspace-location": "[first(map(filter(basics('getLAWorkspace').value, (filter) => and(contains(toLower(filter.id), toLower(resourceGroup().name)),equals(filter.name,basics('workspace')))), (item) => item.location))]",
+      "location": "[location()]",
+      "workspace": "[basics('workspace')]"
+    }
+  }
+}