Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Recorded Future: fix param name, minor renames #11744

Merged
merged 4 commits into from
Feb 6, 2025
Merged

Recorded Future: fix param name, minor renames #11744

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
18b260b
fix: rename intelligencecloud param
ErikMangstenRecFut Jan 24, 2025
a9d0480
chore: rename logic app blocks to reduce confusion
aommm Jan 27, 2025
d5808a4
chore: update versions and release notes
aommm Jan 30, 2025
5acbca2
chore: package solution
aommm Jan 30, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion Solutions/Recorded Future/Data/Solution_RecordedFuture.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@
"Workbooks/RecordedFutureMalwareThreatHunting.json"
],
"BasePath": "Users\\emangsten\\git\\github\\Azure-Sentinel\\Solutions\\Recorded Future",
"Version": "3.2.13",
"Version": "3.2.14",
"Metadata": "SolutionMetadata.json",
"TemplateSpec": true,
"Is1Pconnector": false
Expand Down
Binary file added Solutions/Recorded Future/Package/3.2.14.zip
View file
Open in desktop
Binary file not shown.
140 changes: 84 additions & 56 deletions Solutions/Recorded Future/Package/mainTemplate.json
View file
Open in desktop

Large diffs are not rendered by default.

16 changes: 8 additions & 8 deletions ...ions/Recorded Future/Playbooks/Connectors/RecordedFuture-CustomConnector/azuredeploy.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"contentVersion": "1.1.0.0",
"parameters": {
"ConnectorName": {
"defaultValue": "RecordedFuture-CustomConnector",
Expand Down Expand Up @@ -48,7 +48,7 @@
"url": "https://support.recordedfuture.com",
"email": "[email protected]"
},
"version": "1.0"
"version": "1.1"
},
"host": "api.recordedfuture.com",
"basePath": "/gw/azure",
Expand Down Expand Up @@ -194,7 +194,7 @@
"x-ms-visibility": "internal"
},
{
"name": "IntelligenceCloudTracking",
"name": "IntelligenceCloud",
"in": "query",
"required": false,
"type": "boolean",
Expand Down Expand Up @@ -481,7 +481,7 @@
"x-ms-visibility": "internal"
},
{
"name": "IntelligenceCloudTracking",
"name": "IntelligenceCloud",
"in": "query",
"required": false,
"type": "boolean",
Expand Down Expand Up @@ -624,7 +624,7 @@
"x-ms-visibility": "internal"
},
{
"name": "IntelligenceCloudTracking",
"name": "IntelligenceCloud",
"in": "query",
"required": false,
"type": "boolean",
Expand Down Expand Up @@ -773,7 +773,7 @@
"x-ms-visibility": "internal"
},
{
"name": "IntelligenceCloudTracking",
"name": "IntelligenceCloud",
"in": "query",
"required": false,
"type": "boolean",
Expand Down Expand Up @@ -920,7 +920,7 @@
"x-ms-visibility": "internal"
},
{
"name": "IntelligenceCloudTracking",
"name": "IntelligenceCloud",
"in": "query",
"required": false,
"type": "boolean",
Expand Down Expand Up @@ -1537,7 +1537,7 @@
}
},
{
"name": "IntelligenceCloudTracking",
"name": "IntelligenceCloud",
"in": "query",
"required": false,
"type": "boolean",
Expand Down
2 changes: 1 addition & 1 deletion Solutions/Recorded Future/Playbooks/Enrichment/readme.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ This will trigger the Recorded Future playbook to run when any incident is creat
The Recorded Future Collective Insights aggregates data related to Sigma Rules and other indicators, driving collective insights to better identify threats. Anonymized, unattributable data is collected for analytical purposes to identify trends and insights with the Collective Insights. The **RecordedFuture-IOC_Enrichment** playbook gives end users the ability to contribute collective insights to the Collective Insights.
<a href="https://support.recordedfuture.com/hc/en-us/articles/19308547864339" target="_blank">Click here to learn more</a> (requires Recorded Future Login)

To opt-out from Collective insights by setting the CollectiveInsights parameter to [false]
To opt-out from Collective insights by setting the IntelligenceCloud parameter to [false]

<img src="./RecordedFuture-IOC_Enrichment/images/IntelligenceCloudParameter.png" width="500"><br/>

15 changes: 10 additions & 5 deletions ...d Future/Playbooks/IndicatorImport/RecordedFuture-Domain-IndicatorImport/azuredeploy.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"contentVersion": "1.2.0.0",
"metadata": {
"title": "RecordedFuture-Domain-IndicatorImport",
"description": "This playbook imports Domain risk lists from Recorded Future and stores them as Threat Intelligence Indicators in Microsoft Sentinel, for detection purposes.\n\nThis playbook depends on RecordedFuture-ThreatIntelligenceImport that need to be installed **manually** before installing this playbook.",
Expand All @@ -12,7 +12,7 @@
"After deployment, open the playbook to configure all connections and press save."
],
"prerequisitesDeployTemplateFile": "../RecordedFuture-ThreatIntelligenceImport/azuredeploy.json",
"lastUpdateTime": "2024-01-12T00:00:00.000Z",
"lastUpdateTime": "2025-01-29T00:00:00.000Z",
"entities": [],
"tags": [ "Threat Intelligence" ],
"support": {
Expand All @@ -28,10 +28,15 @@
"title": "RecordedFuture-Domain-IndicatorImport",
"notes": [ "Initial version" ]
},
{
{
"version": "1.1",
"title": "API Connectors",
"notes": [ "API connection rename." ]
},
{
"version": "1.2",
"title": "Minor rename",
"notes": [ "Rename logic app block for consistency." ]
}
]
},
Expand Down Expand Up @@ -135,7 +140,7 @@
}
}
},
"RecordedFuture-ImportToSentinel": {
"RecordedFuture-ThreatIntelligenceImport": {
"runAfter": {
"Parse_JSON": [
"Succeeded"
Expand Down Expand Up @@ -220,7 +225,7 @@
"apiVersion": "2017-07-01",
"tags": {
"hidden-SentinelTemplateName": "RecordedFuture-Domain-IndicatorImport",
"hidden-SentinelTemplateVersion": "1.0"
"hidden-SentinelTemplateVersion": "1.2"
},
"dependsOn": [
"[resourceId('Microsoft.Web/connections', variables('RecordedfutureConnectionName'))]"
Expand Down
15 changes: 10 additions & 5 deletions ...ded Future/Playbooks/IndicatorImport/RecordedFuture-Hash-IndicatorImport/azuredeploy.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"contentVersion": "1.2.0.0",
"metadata": {
"title": "RecordedFuture-Hash-IndicatorImport",
"description": "This playbook imports Hash risk lists from Recorded Future and stores them as Threat Intelligence Indicators in Microsoft Sentinel, for detection purposes.\n\nThis playbook depends on RecordedFuture-ThreatIntelligenceImport that need to be installed **manually** before installing this playbook.",
Expand All @@ -12,7 +12,7 @@
"After deployment, open the playbook to configure all connections and press save."
],
"prerequisitesDeployTemplateFile": "../RecordedFuture-ThreatIntelligenceImport/azuredeploy.json",
"lastUpdateTime": "2024-01-12T00:00:00.000Z",
"lastUpdateTime": "2025-01-30T00:00:00.000Z",
"entities": [],
"tags": [ "Threat Intelligence" ],
"support": {
Expand All @@ -28,10 +28,15 @@
"title": "RecordedFuture-Hash-IndicatorImport",
"notes": [ "Initial version" ]
},
{
{
"version": "1.1",
"title": "API Connectors",
"notes": [ "API connection rename." ]
},
{
"version": "1.2",
"title": "Minor rename",
"notes": [ "Rename logic app block for consistency." ]
}
]
},
Expand Down Expand Up @@ -136,7 +141,7 @@
}
}
},
"RecordedFuture-ImportToSentinel": {
"RecordedFuture-ThreatIntelligenceImport": {
"runAfter": {
"Parse_JSON": [
"Succeeded"
Expand Down Expand Up @@ -221,7 +226,7 @@
"apiVersion": "2017-07-01",
"tags": {
"hidden-SentinelTemplateName": "RecordedFuture-Hash-IndicatorImport",
"hidden-SentinelTemplateVersion": "1.0"
"hidden-SentinelTemplateVersion": "1.2"
},
"dependsOn": [
"[resourceId('Microsoft.Web/connections', variables('RecordedfutureConnectionName'))]"
Expand Down
13 changes: 9 additions & 4 deletions ...orded Future/Playbooks/IndicatorImport/RecordedFuture-IP-IndicatorImport/azuredeploy.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"contentVersion": "1.2.0.0",
"metadata": {
"title": "RecordedFuture-IP-IndicatorImport",
"description": "This playbook imports IP risk lists from Recorded Future and stores them as Threat Intelligence Indicators in Microsoft Sentinel, for detection purposes.\n\nThis playbook depends on RecordedFuture-ThreatIntelligenceImport that need to be installed **manually** before installing this playbook.",
Expand All @@ -13,7 +13,7 @@
"After deployment, open the playbook to configure all connections and press save."
],
"prerequisitesDeployTemplateFile": "../RecordedFuture-ThreatIntelligenceImport/azuredeploy.json",
"lastUpdateTime": "2024-01-12T17:00:00.000Z",
"lastUpdateTime": "2025-01-30T17:00:00.000Z",
"entities": [],
"tags": [ "Threat Intelligence" ],
"support": {
Expand All @@ -28,10 +28,15 @@
"title": "RecordedFuture-IP-IndicatorImport",
"notes": [ "Initial version" ]
},
{
{
"version": "1.1",
"title": "API Connectors",
"notes": [ "API connection rename." ]
},
{
"version": "1.2",
"title": "Minor rename",
"notes": [ "Rename logic app block for consistency." ]
}
]
},
Expand Down Expand Up @@ -221,7 +226,7 @@
"apiVersion": "2017-07-01",
"tags": {
"hidden-SentinelTemplateName": "RecordedFuture-IP-IndicatorImport",
"hidden-SentinelTemplateVersion": "1.0"
"hidden-SentinelTemplateVersion": "1.2"
},
"dependsOn": [
"[resourceId('Microsoft.Web/connections', variables('RecordedfutureConnectionName'))]"
Expand Down
13 changes: 9 additions & 4 deletions ...rded Future/Playbooks/IndicatorImport/RecordedFuture-URL-IndicatorImport/azuredeploy.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"contentVersion": "1.2.0.0",
"metadata": {
"title": "RecordedFuture-URL-IndicatorImport",
"description": "This playbook imports URL risk lists from Recorded Future and stores them as Threat Intelligence Indicators in Microsoft Sentinel, for detection purposes.\n\nThis playbook depends on RecordedFuture-ThreatIntelligenceImport that need to be installed **manually** before installing this playbook.",
Expand All @@ -12,7 +12,7 @@
"After deployment, open the playbook to configure all connections and press save."
],
"prerequisitesDeployTemplateFile": "../RecordedFuture-ThreatIntelligenceImport/azuredeploy.json",
"lastUpdateTime": "2024-01-12T00:00:00.000Z",
"lastUpdateTime": "2025-01-30T00:00:00.000Z",
"entities": [],
"tags": [ "Threat Intelligence" ],
"support": {
Expand All @@ -32,6 +32,11 @@
"version": "1.1",
"title": "API Connectors",
"notes": [ "API connection rename." ]
},
{
"version": "1.2",
"title": "Minor rename",
"notes": [ "Rename logic app block for consistency." ]
}
]
},
Expand Down Expand Up @@ -135,7 +140,7 @@
}
}
},
"RecordedFuture-ImportToSentinel": {
"RecordedFuture-ThreatIntelligenceImport": {
"runAfter": {
"Parse_JSON": [
"Succeeded"
Expand Down Expand Up @@ -220,7 +225,7 @@
"apiVersion": "2017-07-01",
"tags": {
"hidden-SentinelTemplateName": "RecordedFuture-URL-IndicatorImport",
"hidden-SentinelTemplateVersion": "1.0"
"hidden-SentinelTemplateVersion": "1.2"
},
"dependsOn": [
"[resourceId('Microsoft.Web/connections', variables('RecordedfutureConnectionName'))]"
Expand Down
1 change: 1 addition & 0 deletions Solutions/Recorded Future/ReleaseNotes.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
| **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** |
|-------------|--------------------------------|---------------------------------------------|
| 3.2.14 | 30-01-2025 | Fix the name of `IntelligenceCloud` parameter in `RecordedFuture-CustomConnector` + other minor renames |
| 3.2.13 | 08-01-2025 | Removed Custom Entity mappings from **Analytic rules** |
| 3.2.12 | 28-11-2024 | Fix API connection bug in RecordedFuture-AlertImporter |
| 3.2.11 | 31-10-2024 | Fix API connection bug in RecordedFuture-ThreatMap-Importer, documentation improvements |
Expand Down
Loading