Merge pull request #3 from Samsung/feature-fix-validations

Corrected validations and re-packaged the solution.

Solutions/Samsung Knox Asset Intelligence/Analytic Rules/SamsungKnoxPeripheralAccessDetectionWithCamera.yaml

@@ -10,7 +10,7 @@ requiredDataConnectors:
     dataTypes:
       - Samsung_Knox_Audit_CL
 tactics: []
-techniques: []
+relevantTechniques: []
 query: |
   Samsung_Knox_System_CL| where Name == "PERIPHERAL_ACCESS_THROUGH_POLICY_DETECTED_CAMERA" and MitreTtp has "KNOX.2"
 suppressionEnabled: false

Solutions/Samsung Knox Asset Intelligence/Analytic Rules/SamsungKnoxPeripheralAccessDetectionWithMic.yaml

@@ -10,7 +10,7 @@ requiredDataConnectors:
     dataTypes:
       - Samsung_Knox_Audit_CL
 tactics: []
-techniques: []
+relevantTechniques: []
 query: |
   Samsung_Knox_System_CL | where Name == "PERIPHERAL_ACCESS_THROUGH_POLICY_DETECTED_MIC" and MitreTtp has "KNOX.2"
 alertDetailsOverride:

Solutions/Samsung Knox Asset Intelligence/Analytic Rules/SamsungKnoxSecurityLogFull.yaml

@@ -10,7 +10,7 @@ requiredDataConnectors:
     dataTypes:
       - Samsung_Knox_Audit_CL
 tactics: []
-techniques: []
+relevantTechniques: []
 query: Samsung_Knox_Audit_CL| where Name == "LOG_IS_FULL" and MitreTtp has "KNOX.1"
 suppressionEnabled: false
 suppressionDuration: 5h

Solutions/Samsung Knox Asset Intelligence/Data Connectors/SamsungDCDefinition.json

@@ -71,7 +71,7 @@
         "customs": [
             {
                 "name": "Entra App",
-                "description": "An Entra Application needs to be registered and provisioned with 'Sentinel Contributor'/ 'Microsoft Metrics Publisher' role to setup client secret-based authentication for data transfer. [See the documentation](https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-register-app?tabs=client-secret) to learn more about Entra App creation/registration and creating Client Secret credentials"
+                "description": "An Entra Application needs to be registered and provisioned with 'Microsoft Sentinel Contributor'/ 'Microsoft Metrics Publisher' role to setup client secret-based authentication for data transfer. [See the documentation](https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-register-app?tabs=client-secret) to learn more about Entra App creation/registration and creating Client Secret credentials"
             }
         ]
     },
@@ -108,12 +108,29 @@
             "description": ">**Note**: : Since this Data Connector is designed to support Client Secret-based authentication to securely transfer data, the user must create the Client Secret as credentials during the Entra application creation and registration. Ensure you copy the Client Secret value as soon as it is generated.\n\n>**IMPORTANT**: Save the Tenant (Directory) ID, Client (Application) ID and Client Secret (Secret Value) values"
         },
         {
-            "title": "STEP 2 - Obtain Sentinel Data collection Details",
-            "description": ">**Note**: Once you have installed Samsung Knox Asset Intelligence for Microsoft Sentinel Solution in Sentinel, a Data Collection Rule (DCR) associated with a Data Collection Endpoint (DCE), is auto-generated. To view this information, navigate to [Data Collection Rules](https://portal.azure.com/#browse/microsoft.insights%2Fdatacollectionrules?) and look for DCR with its Name starting with **'samsung-knox-dcr-....'** and click on the DCR to view associated details.\n\n>**IMPORTANT**: Save the values for Immutable ID (DCR) and Data Collection Endpoint"
+            "title": "STEP 2 - Obtain Microsoft Sentinel Data collection Details",
+            "description": ">**Note**: Once you have installed Samsung Knox Asset Intelligence for Microsoft Sentinel Solution, a Data Collection Rule (DCR) associated with a Data Collection Endpoint (DCE), is auto-generated. To view this information, navigate to [Data Collection Rules](https://portal.azure.com/#browse/microsoft.insights%2Fdatacollectionrules?) and look for DCR with its Name starting with **'samsung-knox-dcr-....'** and click on the DCR to view associated details.\n\n>**IMPORTANT**: Save the values for Immutable ID (DCR) and Data Collection Endpoint"
         },
         {
             "title": "STEP 3 - Connect to Samsung Knox Asset Intelligence solution to configure Microsoft Sentinel to push select Knox Security Events as Alerts -",
-            "description": "1. Login to [Knox Asset Intelligence administration portal](https://central.samsungknox.com/kaiadmin/dai/home) and navigate to **Dashboard Settings**; this is available at the top-right corner of the Portal\n>  **Note**: Ensure the login user has access to 'Security' and 'Manage dashboard view and data collection' permissions\n\n2. Click on Security tab to view settings for Security Operations Integration and for Knox Security Logs.\n\n3. In the Security Operations Integration page, toggle on the **'Enable Microsoft Sentinel Integration'** and enter appropriate values in the required fields - \n\n a. For Tenant ID, Client ID and Client Secret, refer to the information saved from Step 1 while registering the Entra application \n\n b. For Sentinel DCE and DCR, refer to the information saved from Step 2  \n\n4. Click on the **'Test Connection'** and ensure the connection is successful.\n\n5. Before you can Save, configure Knox Security Logs by selecting wither Essential or Advanced configuration **(default: Essential)**\n\n6. To complete the Sentinel integration, click **'Save'**"
+            "description": "1. Login to [Knox Asset Intelligence administration portal](https://central.samsungknox.com/kaiadmin/dai/home) and navigate to **Dashboard Settings**; this is available at the top-right corner of the Portal\n>  **Note**: Ensure the login user has access to 'Security' and 'Manage dashboard view and data collection' permissions\n\n2. Click on Security tab to view settings for Security Operations Integration and for Knox Security Logs.\n\n3. In the Security Operations Integration page, toggle on the **'Enable Microsoft Sentinel Integration'** and enter appropriate values in the required fields - \n\n a. For Tenant ID, Client ID and Client Secret, refer to the information saved from Step 1 while registering the Entra application \n\n b. For Microsoft Sentinel DCE and DCR, refer to the information saved from Step 2  \n\n4. Click on the **'Test Connection'** and ensure the connection is successful.\n\n5. Before you can Save, configure Knox Security Logs by selecting wither Essential or Advanced configuration **(default: Essential)**\n\n6. To complete the Microsoft Sentinel integration, click **'Save'**"
         }
-    ]
+    ],
+    "metadata": {
+        "id": "790935a7-f8ec-4207-a48f-42a7e4ee0ab7",
+        "version": "1.0.0",
+        "kind": "dataConnector",
+        "source": {
+            "kind": "solution"
+        },
+        "author": {
+            "name": "Samsung Knox Asset Intelligence"
+        },
+        "support": {
+            "name": "Samsung Electronics Co., Ltd.",
+            "email": "[email protected]",
+            "tier": "Partner",
+            "link": "https://www2.samsungknox.com/en/support"
+        }
+    }
 }